yurisk.info » Solaris

Grab bag of IPF commands for FreeBSD and Solaris 10

Yuri — Sun, 14 Nov 2010 12:05:44 +0000

Nothing new here , just a round-up of the commands/configs I happen to need from time to time. Google probably has better references for that.I talk about Pf firewall used in FeeeBSD, OpenBSD and Solaris systems.
Enable and disable firewall:

#pfctl –e Enable packet filter real time
#pfctl –ef /etc/pf.conf Enable packet filter and load rules from /etc/pf.conf
#pfctl –d Disable packet filter

Enable/disable permanently to survive reboot
OpenBSD :

/etc/rc.conf.local:
pf=YES
pf_rules=/etc/pf.conf

FreeBSD:

/etc/default/rc.conf:
pf_enable=”YES”

pf_rules=”/etc/pf.conf”
pf_program=”/sbin/pfctl”
pflog_enable=”YES”
pflog_logfile=”/var/log/pflog”

Working with rules.

#pfctl –F all Flush (remove) all the active rules from the running packet filter , means PERMIT ANY ANY.
#pfctl –n –f /etc/pf.conf just parse rules from file , not actually loading them, to check syntax
#pfctl -f /etc/pf.conf Load rules from file

Order of rules in the file :
options, normalization, queuing, translation, and filtering rules.
Show commands.

#pfctl –s info Show filter information
#pfctl -s rules Show the currently loaded filter rules
#pfctl -s state Show the contents of the state table.
#pfctl -s all Show all of the above

Simplest set of rules – block all the incoming but ssh, allow all the outgoing from the server.

block in all
pass out all keep state
pass in proto tcp from any to any port 22

It is just a beginning, to be continued later…

Convert mb4 to mp3 files in one run with ffmpeg

Yuri — Sat, 23 Oct 2010 08:38:40 +0000

Folks at Defcon.org have been somewhat inconsistent in publishing their conference audio archives – once they do it in mb4 format, once in mp3 . As I listen to them on my mobile phone during my commuting to the work and it doesn’t accept anything but mp3 I had to first convert all audio files from mb4 to mp3 format. Not a problem though, the one-liner below will find all files ending with .mb4 in the current folder and convert them to .mp3 files preserving the filenames.

find . -iname "*.m4b" -exec ffmpeg -i {} -acodec libmp3lame {}.mp3 \;

MAC finder script

Yuri — Fri, 02 Jul 2010 05:35:37 +0000

While I don’t like going down to Layer 2 , recently I had to do it – I didn’t know IP address of the Cisco router I wanted to connect to but I had access to the Cisco router sitting in the same network. That would be pretty easy to do #show arp on this router and then search on Google to whom belongs each MAC if it wasn’t the subnet mask of /26. Copy pasting each entry of the ARP table into Google didn’t look like a lot of fun. So I wrote a python script that reads MAC addresses in bulk from command line and using downloaded beforehand database of MAC-vendor translations prints vendor for each MAC address. It works for #show arp on CIsco,#show mac-address-table on CIsco switches, #arp -en on Linux (means including Checkpoint), #arp -a on Freebsd ,#show arp of Junos from Juniper, #get sys arp on Fortigate.
Below is the script.
Here:
mac-database.txt – file containing MAC-vendor translation in format , I used standards.ieee.org/regauth/oui/oui.txt as the source with a bit of sed, but if you want ready to use file I recommend nmap-mac-prefixes from nmap source-code distribution http://nmap.org/svn/nmap-mac-prefixes
Download script (to make sure formatting is preserved, an important thing for Python)
http://yurisk.info/scripts/mac-finder.py
Script AND mac database from nmap project – http://yurisk.info/scripts/mac.tar.gz

#!/usr/bin/python
#This script accepts MAC addresses from the command line and
#prints vendor for each mac address
# Author:Yuri, yurisk@yurisk.info,06.2010
import sys
import re
#This function removes from MACs colon or dot and returns MAC as a sequence of HEX chars
def dotreplace(matchobj):
         if matchobj.group(0) == '.':
                return ''
         elif  matchobj.group(0) == ':':
                return ''
#open file with MAC addresses and vendors database,it has form xxxx 
macs=open('mac-database.txt','r')
macs_lines=macs.readlines()
#Read from stdinput
data = sys.stdin.readlines()
for ppp in data:
       popa=re.search('.*([a-f0-9]{4}\.[a-f0-9]{4}\.[a-f0-9]{4}).*',ppp,re.IGNORECASE)
       if popa:
             newpopa=re.sub('\.', dotreplace,popa.group(1))[0:6]
             newpopa_re=re.compile(newpopa,re.IGNORECASE)
             for mac_db in macs_lines:
                 vendor=re.search(newpopa_re,mac_db)
                 if vendor:
                    print ppp.strip(),mac_db[7:]
       popalinux = re.search('.*([a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}).*',ppp,re.IGNORECASE)
       if popalinux:
             newpopalinux=re.sub(':',dotreplace,popalinux.group(1))[0:6]
             newpopalinux_re=re.compile(newpopalinux,re.IGNORECASE)
             for mac_db in macs_lines:
                 vendor=re.search(newpopalinux_re,mac_db)
                 if vendor:
                    print ppp.strip(),mac_db[7:]

       popadash = re.search('.*([a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}).*',ppp,re.IGNORECASE)
       if popadash:
             newpopadash=re.sub('-',dotreplace,popadash.group(1))[0:6]
             newpopadash_re=re.compile(newpopadash,re.IGNORECASE)
             for mac_db in macs_lines:
                 vendor=re.search(newpopadash_re,mac_db)
                 if vendor:
                    print ppp.strip(),mac_db[7:]

Running it:

[root@darkstar ]# ./mac-finder.py

$ arp -a
(10.99.99.150) at 00:50:56:95:74:72 on em0 [ethernet]
(10.99.99.254) at 00:09:0f:31:c8:24 on em0 [ethernet]

(10.99.99.150) at 00:50:56:95:74:72 on em0 [ethernet] VMware, Inc.
(10.99.99.254) at 00:09:0f:31:c8:24 on em0 [ethernet] Fortinet Inc.

Solaris interfaces – create assign delete

Yuri — Wed, 16 Jun 2010 18:27:10 +0000

Working with interfaces in Solaris is pretty much the same as in Linux – you’ve got ifconfig, netstat,route. It looks in outputs a bit different but if you’re used to the *BSD way of things you’ll find yourself at home. So the most basic thing follows – bring interface up, assign ipv4 address, save the change to survive reboot.
Plumb. First step sounds a bit strange – plumbing, but is actually very simple (no need to call for Mario) . You just plumb the interface (I talk about Ethernet-type interfaces) to the IP stack.
- Interface before plumbing :

bash-3.00# ifconfig e1000g2

ifconfig: status: SIOCGLIFFLAGS: e1000g2: no such interface

Even an unplumbed interface can be seen with:

bash-3.00# dladm show-link

e1000g0 type: non-vlan mtu: 1500 device: e1000g0
e1000g1 type: non-vlan mtu: 1500 device: e1000g1
e1000g2 type: non-vlan mtu: 1500 device: e1000g2

- Now plumbing:

bash-3.00# ifconfig e1000g2 plumb
bash-3.00# ifconfig e1000g2

e1000g2: flags=1000842 mtu 1500 index 4
inet 0.0.0.0 netmask 0
ether 00:E0:9F:67:98:fb

Assing IP and bring it up. This one is well known.

bash-3.00# ifconfig e1000g2 inet 192.2.2.3/24 up
bash-3.00# ifconfig e1000g2

e1000g2: flags=1000843 mtu 1500 index 4
inet 192.2.2.3 netmask ffffff00 broadcast 192.2.2.255
ether 00:E0:9F:67:98:fb

Make this change permanent
So far so good. But if you do restart to the machine now it will lose its interface settings. To save them you create a text file named /etc/hostname. In my case it will be /etc/hostname.e1000g2 , this alone would plumb interface on start, and now put the IP address inside it in the form ’192.2.2.3/24′ . That is it.

To see if interface is up or down as a device and its duplex/speed parameters:

bash-3.00# dladm show-dev

e1000g0 link: up speed: 1000 Mbps duplex: full
e1000g1 link: up speed: 1000 Mbps duplex: full
e1000g2 link: up speed: 1000 Mbps duplex: full

Create/delete logical interface In Cisco world you would call it assigning secondary ip to the interface.

bash-3.00# ifconfig e1000g1 addif 193.92.13.3/24

Created new logical interface e1000g1:1

bash-3.00# ifconfig e1000g1:1 up

bash-3.00# ifconfig e1000g1:1
e1000g1:1: flags=1000843 mtu 1500 index 3
inet 193.92.13.3 netmask ffffff00 broadcast 193.92.13.255

Remove logical interface:

bash-3.00# ifconfig e1000g1 removeif 193.92.13.3
bash-3.00# ifconfig e1000g1:1

ifconfig: status: SIOCGLIFFLAGS: e1000g1:1: no such interface

Configure VLAN Solaris way

Yuri — Sun, 16 May 2010 17:28:58 +0000

To create VLAN in Solaris you have to first decide where the Physical Point of Attachment (PPA) will be. In other words you have to attach VLAN to some physical interface on the server , as of now interface types that support VLANs are:
ce
bge
xge
e1000g
After you decided on the PPA and the VLAN ID using this formula the whole name for the new VLAN interface is calculated:

VLAN int name = physical interface driver name + VLAN ID *1000 + physical device instance

In my case creating vlan 777 attached to the physical interface e1000g0 yields this:

Int name = e1000g + 777*1000 + 0 = e1000g777000

Usual plumbing and IP assigning to do:

Solaris_star# ifconfig e1000g777000 plumb
Solaris_star# ifconfig e1000g777000 inet 10.11.11.2/24
Solaris_star# ifconfig e1000g777000 up

Verify:

Solaris_star# dladm show-link

e1000g0 type: non-vlan mtu: 1500 device: e1000g0
e1000g777000 type: vlan 777 mtu: 1500 device: e1000g0
e1000g1 type: non-vlan mtu: 1500 device: e1000g1
e1000g2 type: non-vlan mtu: 1500 device: e1000g2

Solaris_star# ifconfig e1000g777000

e1000g777000: flags=201000843 mtu 1500 index 4
inet 10.11.11.2 netmask ffffff00 broadcast 10.11.11.255
ether 0:c:29:67:98:e7

md5 and sha1 hashing in Solaris

Yuri — Sat, 15 May 2010 10:57:38 +0000

How do you calculate md5 hash ? md5sum of course, I thought ,coming from the Linux world and was wrong. In Solaris , again, all that comes from open source projects is add-at-your-own-risk paradigm. Instead the native crypto provider supplies hash calculations with digest command:

# digest -l

sha1
md5
sha256
sha384
sha512

Solaris_star# digest -v -a md5 sntp.py

md5 (sntp.py) = 0e306d35ef7da1a47c51590fe70b3144

Encrypting local files in Solaris

Yuri — Sat, 15 May 2010 10:36:59 +0000

How do I encrypt local file in Solaris ? On Linux I use either OpenSSL or GPG but these are both open source projects not native in Solaris land. For this Solaris has encrypt/decrypt which do what their name say.
And of course we talk here about symmetric encryption. Options for encrypt/decrypt are succinct – list available algorithms, specify input/output file(s), and optional specify file containing the key or otherwise type it on terminal. Few examples are to follow.
– List algos

# encrypt –l

Algorithm Keysize: Min Max (bits)
——————————————
aes 128 256
arcfour 8 2048
des 64 64
3des 192 192

- Now let’s encrypt something (file smtp_send.py ) with AES algo .

# encrypt -a aes -i smtp_send.py -o smtp_send.py.enc
Enter key:

Solaris#

Solaris# file smtp_send.py.enc

smtp_send.py.enc: data

- And what about decrypting ?

# decrypt -a aes -i smtp_send.py.enc -o smtp_send.py.dec
Enter key:

- In case you wish to use key stored in a file (I personally don’t do it as it is too easy to forget to delete the key file).

# encrypt -a aes –k key_in_a_file.txt -i smtp_send.py -o smtp_send.py.enc

Solaris – configure ftp server

Yuri — Wed, 31 Mar 2010 09:58:32 +0000

SUN Solaris FTP
SUN Solaris comes with ftp daemon based on WU-FTPd Washington University project.
While not being very enthusiastic about its vulnerabilities discovered over the years and being rather
abandoned by its developers ,still it comes by default and as long as Sun ok with that it is ok with me too.
Below I will shortly introduce configuring it for local user access as well as anonymous one.

By default FTP daemon (in.ftpd) is disabled. Here is the initial state you have it :

root@Solaris# svcs ftp

STATE STIME FMRI
disabled 7:21:44 svc:/network/ftp:default

As ftpd is inet managed daemon more information can be queried from inetadm:

root@Solaris# inetadm -l svc:/network/ftp:default

SCOPE NAME=VALUE
name=”ftp”
endpoint_type=”stream”
proto=”tcp6″
isrpc=FALSE
wait=FALSE
exec=”/usr/sbin/in.ftpd -a”
user=”root”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
default connection_backlog=10

Insecure you say , well , you are right – let’s sharpen it a bit.
Enable more detailed logging.

root@Solaris# inetadm -m svc:/network/ftp:default tcp_trace=TRUE
root@Solaris# inetadm -l svc:/network/ftp

SCOPE NAME=VALUE
name=”ftp”
endpoint_type=”stream”
proto=”tcp6″
isrpc=FALSE
wait=FALSE
exec=”/usr/sbin/in.ftpd -a”
user=”root”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
tcp_trace=TRUE
default tcp_wrappers=FALSE
default connection_backlog=10

When execution option –a is given (and it is by default) then ftpd will consult /etc/ftpd/ftpaccess
file for additional restrictions and tweaks. Here are the few that are worth enabling.
Uncomment following lines to have more verbose logging available:

log transfers real,guest,anonymous inbound,outbound
xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc %Xs %Xr

Make sure these changes are applied

root@Solaris# svcadm refresh svc:/network/ftp:default

Configure anonymous access.
All the configs so far will allow only local valid users to connect by ftp and be automatically
placed in their respective home directories. To allow anonymous ftp access with dedicated chrooted for that folder there is a special set of tools to use. Actually it is just one script that does all the hard work behind the scenes – creates ftp user, creates directory tree , sets up needed permissions, sets up chrooted environment for the anonymous ftp user.

root@Solaris# ftpconfig /export/home/ftp_pub

Updating user ftp
Creating directory /export/home/ftp_pub
Updating directory /export/home/ftp_pub

That is all, now you can login anonymously and download anything from /export/home/ftp_pub/pub directory. To also allow upload there , change the upload option in “/etc/ftpd/ftpaccess” and set accordingly permissions on the Solaris level for the directory pub (777)

upload class=anonusers * /pub yes
#upload class=anonusers * * no nodirs

And finally enable it

root@Solaris# svcadm enable ftp

Ping – setting don’t fragment bit in Linux/FreeBSD/Solaris/Cisco/Juniper

Yuri — Tue, 01 Sep 2009 08:42:46 +0000

Ping.

Many times while debugging network problems of various kinds you need to send some packets
of desirable size and don’t fragment bit being set. Below I list how to do it for the different
equipment/OSes.
Let’s start with the most popular operating system among network folks – Linux:

Linux

By default ping in any Linux-based system (It also means any distribution – Slackware, Ubuntu, CentOS etc) is sent with
Don’t fragment (df) bit set . You don’t need to add any command line switches for that.
Here is what you get by default ping in Linux:
Defaults:
Don’t fragment bit (in echo request) – set
Ip packet size – 84 bytes
Sending interval – 1 second

Some examples.
- sending pings station:
[root@lonestar ~]# ping 191.91.21.41
- receiving station:
[root@darkstar ~]# tcpdump -s 1500 -n -vv icmp
21:23:51.598641 IP (tos 0×0, ttl 61, id 20, offset 0, flags [DF], proto: ICMP (1), length: 84) 112.225.125.100 > 10.99.99.150: ICMP echo request, id 5392, seq 20, length 64
21:23:51.598817 IP (tos 0×0, ttl 64, id 7135, offset 0, flags [none], proto: ICMP (1), length: 84) 10.99.99.150 > 112.225.125.100: ICMP echo reply, id 5392, seq 20, length 64
To change sent packet size:
-s , bytes (8 bytes of ICMP header will be added automatically).

Sending host:
[root@darkstar ~]# ping 10.99.99.158 -s 1300
PING 10.99.99.158 (10.99.99.158) 1300(1328) bytes of data.
1308 bytes from 10.99.99.158: icmp_seq=1 ttl=64 time=1.65 ms

Receiving host:
freeBSD# tcpdump -n -v -s 1500 icmp
16:15:11.901787 IP (tos 0×0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 1328) 10.99.99.150 > 10.99.99.158: ICMP echo request, id 44399, seq 63, length 1308
To change sending interval (mostly used together with large packet size) :
-i

Sending host:
[root@darkstar ~]# ping -s 1300 -i 0.2 10.99.99.158

Receiving host:
freeBSD# tcpdump -n -v -s 1500 icmp
16:20:11.223481 IP (tos 0×0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 1328) 10.99.99.150 > 10.99.99.158: ICMP echo request, id 1136, seq 396, length 1308
16:20:11.223496 IP (tos 0×0, ttl 64, id 805, offset 0, flags [DF], proto ICMP (1), length 1328) 10.99.99.158 > 10.99.99.150: ICMP echo reply, id 1136, seq 396, length 1308

To force Linux to send pings with DF bit cleared (i.e. not set):
ping –M don’t

Sending host:

[root@darkstar ~]# ping -s 1300 -M dont 10.99.99.158
PING 10.99.99.158 (10.99.99.158) 1300(1328) bytes of data.
1308 bytes from 10.99.99.158: icmp_seq=1 ttl=64 time=0.560 ms

Receiving host:

freeBSD# tcpdump -n -v -s 1500 icmp
16:28:33.111903 IP (tos 0×0, ttl 64, id 41857, offset 0, flags [none], proto ICMP (1), length 1328) 10.99.99.150 > 10.99.99.158: ICMP echo request, id 33136, seq 6, length 1308
16:28:33.111920 IP (tos 0×0, ttl 64, id 9425, offset 0, flags [none], proto ICMP (1), length 1328) 10.99.99.158 > 10.99.99.150: ICMP echo reply, id 33136, seq 6, length 1308

SideNote: FreeBSD ping has a nice add-on (see below) – sweeping size of the packets, while Linux doesn’t have such extra feature,
Below is script to emulate it on Linux:
awk ‘ BEGIN {for (size=100;size<1470;size++) {
cmd = (“ping –c 3 –I 0.5 –s ” size “ “ “10.99.99.158″)
print cmd | “/bin/bash”
close(“/bin/bash”) } } ‘

Here:
size – size of data in ICMP packet (bytes);
-I 0.5 – interval of 5 seconds (optional);
-c 3 – number of pings in each size session (NOT optional – or you will enter an endless loop which even Ctrl-C won’t be able
to stop )

See it in action:
[root@darkstar ~]# awk ‘ BEGIN {for (size=100;size<1470;size++) {
cmd = (“ping -c 3 -i 0.5 -s ” size “ “ “10.99.99.158″)
print cmd | “/bin/bash”
close(“/bin/bash”) } } ‘
PING 10.99.99.158 (10.99.99.158) 100(128) bytes of data.
108 bytes from 10.99.99.158: icmp_seq=1 ttl=64 time=1.75 ms
108 bytes from 10.99.99.158: icmp_seq=2 ttl=64 time=0.276 ms
108 bytes from 10.99.99.158: icmp_seq=3 ttl=64 time=0.201 ms

— 10.99.99.158 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.201/0.742/1.750/0.713 ms
PING 10.99.99.158 (10.99.99.158) 101(129) bytes of data.
109 bytes from 10.99.99.158: icmp_seq=1 ttl=64 time=0.185 ms
109 bytes from 10.99.99.158: icmp_seq=2 ttl=64 time=0.253 ms
109 bytes from 10.99.99.158: icmp_seq=3 ttl=64 time=0.230 ms

— 10.99.99.158 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.185/0.222/0.253/0.033 ms
PING 10.99.99.158 (10.99.99.158) 102(130) bytes of data.
110 bytes from 10.99.99.158: icmp_seq=1 ttl=64 time=0.118 ms
110 bytes from 10.99.99.158: icmp_seq=2 ttl=64 time=0.201 ms
110 bytes from 10.99.99.158: icmp_seq=3 ttl=64 time=0.343 ms

— 10.99.99.158 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.118/0.220/0.343/0.094 ms
PING 10.99.99.158 (10.99.99.158) 103(131) bytes of data.
111 bytes from 10.99.99.158: icmp_seq=1 ttl=64 time=0.565 ms
111 bytes from 10.99.99.158: icmp_seq=2 ttl=64 time=0.182 ms
111 bytes from 10.99.99.158: icmp_seq=3 ttl=64 time=0.329 ms
FreeBSD

Defaults:
Don’t fragment bit – not set ; use –D option to set
IP Packet size: 84 bytes ; use –s option to change
Sending interval: 1 sec ; use –I to change
e.g. Sending pings of data size 1300 bytes with interval 0.2 seconds with df bit set:

Sending host[10.99.99.158]:
freeBSD# ping -D -s 1300 -i 0.2 10.99.99.150

Receiving host[10.99.99.150]:
[root@darkstar ~]# tcpdump -n -v -s 1500 host 10.99.99.158
20:42:57.816697 IP (tos 0×0, ttl 64, id 11630, offset 0, flags [DF], proto: ICMP (1), length: 1328) 10.99.99.158 > 10.99.99.150: ICMP echo request, id 10770, seq 23, length 1308
20:42:57.816914 IP (tos 0×0, ttl 64, id 33327, offset 0, flags [none], proto: ICMP (1), length: 1328) 10.99.99.150 > 10.99.99.158: ICMP echo reply, id 10770, seq 23, length 1308

SideNote: *BSD family has a nice additional option not found in most other systems – you can order ping to sweep size of sent packets .
Example follows:

Here sweep range is from 20 bytes up to 1400 bytes, increase step is 300 bytes.

Sending host[10.99.99.158]:
freeBSD# ping -D -g 20 -G 1400 -h 300 10.99.99.150
PING 10.99.99.150 (10.99.99.150): (20 … 1400) data bytes
28 bytes from 10.99.99.150: icmp_seq=0 ttl=64 time=1.313 ms
328 bytes from 10.99.99.150: icmp_seq=1 ttl=64 time=0.531 ms
628 bytes from 10.99.99.150: icmp_seq=2 ttl=64 time=0.581 ms
928 bytes from 10.99.99.150: icmp_seq=3 ttl=64 time=0.362 ms
1228 bytes from 10.99.99.150: icmp_seq=4 ttl=64 time=0.223 ms

— 10.99.99.150 ping statistics —
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.223/0.602/1.313/0.377 ms
Receiving host[10.99.99.150]:
[root@darkstar ~]# tcpdump -n -v -s 1500 host 10.99.99.158
21:50:06.942165 IP (tos 0×0, ttl 10.99.99.150 64, id 12828, offset 0, flags [DF], proto: ICMP (1), length: 48) 10.99.99.158 > 10.99.99.150: ICMP echo request, id 50962, seq 0, length 28
21:50:06.944098 IP (tos 0×0, ttl 64, id 43255, offset 0, flags [none], proto: ICMP (1), length: 48) 10.99.99.150 > 10.99.99.158: ICMP echo reply, id 50962, seq 0, length 28
21:50:07.944761 IP (tos 0×0, ttl 64, id 12831, offset 0, flags [DF], proto: ICMP (1), length: 348) 10.99.99.158 > 10.99.99.150: ICMP echo request, id 50962, seq 1, length 328
21:50:07.944826 IP (tos 0×0, ttl 64, id 43256, offset 0, flags [none], proto: ICMP (1), length: 348) 10.99.99.150 > 10.99.99.158: ICMP echo reply, id 50962, seq 1, length 328
21:50:08.945815 IP (tos 0×0, ttl 64, id 12833, offset 0, flags [DF], proto: ICMP (1), length: 648) 10.99.99.158 > 10.99.99.150: ICMP echo request, id 50962, seq 2, length 628
21:50:08.945890 IP (tos 0×0, ttl 64, id 43257, offset 0, flags [none], proto: ICMP (1), length: 648) 10.99.99.150 > 10.99.99.158: ICMP echo reply, id 50962, seq 2, length 628
21:50:09.946724 IP (tos 0×0, ttl 64, id 12835, offset 0, flags [DF], proto: ICMP (1), length: 948) 10.99.99.158 > 10.99.99.150: ICMP echo request, id 50962, seq 3, length 928
21:50:09.946819 IP (tos 0×0, ttl 64, id 43258, offset 0, flags [none], proto: ICMP (1), length: 948) 10.99.99.150 > 10.99.99.158: ICMP echo reply, id 50962, seq 3, length 928

SOLARIS
Defaults:
Don’t fragment bit - not set , and not changeable , yes , it sounds strange but Solaris doesn’t
support df bit in its ping utility. You may set df bit in their traceroute program , but it has no provision for changing size of the packet and therefore is of no value for our case.

Non-verbose ; use –s to override
IP packet size: 84 bytes

Pinging with defaults:
root@solaris:~# ping -s 10.99.99.150
PING 10.99.99.150: 56 data bytes
64 bytes from 10.99.99.150: icmp_seq=0. time=0.759 ms

Receiving host:
[root@darkstar ~]# tcpdump -n -v -s 1500 host 10.99.99.159
20:50:08.084364 IP (tos 0×0, ttl 255, id 8020, offset 0, flags [none], proto: ICMP (1), length: 84) 10.99.99.159 > 10.99.99.150: ICMP echo request, id 9096, seq 7, length 64
20:50:08.084538 IP (tos 0×0, ttl 64, id 52389, offset 0, flags [none], proto: ICMP (1), length: 84) 10.99.99.150 > 10.99.99.159: ICMP echo reply, id 9096, seq 7, length 64

To change size of sent packet, to say 1300 bytes of data:

root@solaris:~# ping -s 10.99.99.150 1320
PING 10.99.99.150: 1320 data bytes
1328 bytes from 10.99.99.150: icmp_seq=0. time=1.610 ms
1328 bytes from 10.99.99.150: icmp_seq=1. time=0.335 ms
SideNote: There is no size sweeping capability built-in , so I wrote this script to emulate this feature in Solaris as well:
root@solaris:~# awk ‘ BEGIN {for (size=100;size<1470;size=size+10) {
cmd = (“ping -s “ “10.99.99.158 ” size ” 3″)
print cmd | “/bin/bash”
close(“/bin/bash”) } } ‘

Here :
size - size of date in ICMP packet , starts at 10 bytes ends at 170 bytes
size+10 – size incrementing by 10 bytes each series of pings
3 – number of pings in each size set.

Results:
root@solaris:~# awk ‘ BEGIN {for (size=100;size<1470;size=size+10) {
cmd = (“ping -s “ “10.99.99.158 ” size ” 3″)
print cmd | “/bin/bash”
close(“/bin/bash”) } } ‘
PING 10.99.99.158: 100 data bytes
108 bytes from 10.99.99.158: icmp_seq=0. time=0.319 ms
108 bytes from 10.99.99.158: icmp_seq=1. time=0.460 ms
108 bytes from 10.99.99.158: icmp_seq=2. time=0.328 ms

—-10.99.99.158 PING Statistics—-
3 packets transmitted, 3 packets received, 0% packet loss
round-trip (ms) min/avg/max/stddev = 0.319/0.369/0.460/0.079
PING 10.99.99.158: 110 data bytes
118 bytes from 10.99.99.158: icmp_seq=0. time=0.371 ms
118 bytes from 10.99.99.158: icmp_seq=1. time=0.370 ms
118 bytes from 10.99.99.158: icmp_seq=2. time=0.477 ms

—-10.99.99.158 PING Statistics—-
3 packets transmitted, 3 packets received, 0% packet loss
round-trip (ms) min/avg/max/stddev = 0.370/0.406/0.477/0.061
PING 10.99.99.158: 120 data bytes
128 bytes from 10.99.99.158: icmp_seq=0. time=0.395 ms
128 bytes from 10.99.99.158: icmp_seq=1. time=0.361 ms
128 bytes from 10.99.99.158: icmp_seq=2. time=0.264 ms

CISCO routers (IOS)

Defaults:
IP packet size : 100 bytes ; use size to change
Don’t fragment bit – not set ; use df-bit to set

Running with defaults:
Tokyo#ping 191.91.21.41
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 191.91.21.41, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Receiving host:
[root@darkstar ~]# tcpdump -n -v -s 1500 icmp
22:16:53.758056 IP (tos 0×0, ttl 253, id 11, offset 0, flags [none], proto: ICMP (1), length: 100) 174.93.31.134 > 10.99.99.150: ICMP echo request, id 4, seq 0, length 80
22:16:53.758246 IP (tos 0×0, ttl 64, id 10923, offset 0, flags [none], proto: ICMP (1), length: 100) 10.99.99.150 > 174.93.31.134 : ICMP echo reply, id 4, seq 0, length 80
< — Cut for brevity –>
Setting df bit and size of the packet size (Note – here when you set size of the ping you set IP packet size and not ICMP data size as in *Nix systems).
Repeat count is set to 3 .
Tokyo#ping 191.91.21.41 size 1300 df-bit rep 3
Type escape sequence to abort.
Sending 3, 1300-byte ICMP Echos to 191.91.21.41, timeout is 2 seconds:
Packet sent with the DF bit set
!!!
Success rate is 100 percent (3/3), round-trip min/avg/max = 4/4/4 ms

Receiving host:
[root@darkstar ~]# tcpdump -n -v -s 1500 icmp
22:18:16.657849 IP (tos 0×0, ttl 253, id 21, offset 0, flags [DF], proto: ICMP (1), length: 1300) 174.93.31.134 > 10.99.99.150: ICMP echo request, id 6, seq 0, length 1280
22:18:16.658028 IP (tos 0×0, ttl 64, id 10933, offset 0, flags [none], proto: ICMP (1), length: 1300) 10.99.99.150 > 174.93.31.134 : ICMP echo reply, id 6, seq 0, length 1280
Sweeping ping size.
This feature is available from extended ping menu:
Rio#ping
Protocol [ip]:
Target IP address: 191.91.21.41
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]: y
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]: y
Sweep min size [36]:
Sweep max size [18024]: 1700
Sweep interval [1]: 100
Type escape sequence to abort.
Sending 85, [36..1700]-byte ICMP Echos to 191.91.21.41, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!!!!!!!!!!
Receiving host:
10:35:22.563851 IP (tos 0×0, ttl 253, id 179, offset 0, flags [DF], proto: ICMP (1), length: 36) 174.93.31.134 > 10.99.99.150: ICMP echo request, id 9, seq 0, length 16
10:35:22.563891 IP (tos 0×0, ttl 64, id 46861, offset 0, flags [none], proto: ICMP (1), length: 36) 10.99.99.150 > 174.93.31.134 : ICMP echo reply, id 9, seq 0, length 16
10:35:22.566205 IP (tos 0×0, ttl 253, id 180, offset 0, flags [DF], proto: ICMP (1), length: 136) 174.93.31.134 > 10.99.99.150: ICMP echo request, id 9, seq 1, length 116
10:35:22.566223 IP (tos 0×0, ttl 64, id 46862, offset 0, flags [none], proto: ICMP (1), length: 136) 10.99.99.150 > 174.93.31.134 : ICMP echo reply, id 9, seq 1, length 116

Juniper routers (JunOS):
Defaults:
Ip packet size : 84 bytes
Don’t fragment bit – not set; use do-not-fragment to set
Interval – 1 sec; use interval to change
Sending pings with df bit set and size 1470 bytes
root@Juniper> ping 192.168.37.29 do-not-fragment size 1470
ping 192.168.37.29 do-not-fragment size 1470
PING 192.168.37.29 (192.168.37.29): 1470 data bytes
1478 bytes from 192.168.37.29: icmp_seq=0 ttl=64 time=1.434 ms
1478 bytes from 192.168.37.29: icmp_seq=1 ttl=64 time=0.210 ms

— 192.168.37.29 ping statistics —
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.203/0.513/1.434/0.532 ms

IF packet size too large and df is set you get this:

root@Juniper> ping 192.168.37.29 do-not-fragment size 13000
ping 192.168.37.29 do-not-fragment size 13000
PING 192.168.37.29 (192.168.37.29): 13000 data bytes
ping: sendto: Message too long