Tag Archives: tips

iCloud Photos, Meraki and Traffic Shaping

I turned iCloud Photo Library on this week. We have close to 250 GB of photos, videos in several different computers and mobile devices. You might have guessed it: it flooded our network since our outbound internet peaks around 6 Mbs (realistically). I needed to do something.

I have at home a Meraki MX65 and a MR42 (Thanks Dağhan 😉 ) They give great visibility and control over our home network. I can easily pinpoint where the problem is and take actions. Here is a great chart that shows how the nature of our traffic changed on Sep 24 after turning iCloud Photo Library on. (See the light blue? That’s increased upload!)

One of the easiest way to slow this traffic down is to shape it with Meraki Traffic Shaping rules. This document talks about in detail how to do this. However the iCloud settings in the canned traffic shaping rules is only related to backup and doesn’t work with iCloud Photo Library traffic.

Meraki allows you to do application layer or layer 3 traffic shaping. Since the traffic is encrypted, the application layer traffic shaping was not an option. For layer 3, I needed the IPs that the Photos app was talking to. Since Apple owns the entire 17.0.0.0/8, it’s always an option to craft your rule using the entire class A subnet. However that wouldn’t be “elegant” 🙂 So let’s do some tcpdump exercise.

iMac:~ user$ sudo tcpdump -i en1 -n -c 1000 ip and net 17.0.0.0/8 | grep '>'| cut -d '>' -f 2 | cut -d "." -f 1-4 | grep 17\. | sort | uniq -c 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 262144 bytes
1000 packets captured
2120 packets received by filter
0 packets dropped by kernel
 647  17.248.128.44

What this tells us is that we captured 1000 packets and looked for all the ones that has “17.” in it, and counted them. In total 647 packets were transmitted to 17.248.128.44. Also it’s on port 443 only.

I did a similar packet dump for 10K packets. Which revealed that the sync between Photos app and iCloud is always happening on subnets: 17.248.0.0/16 and 17.188.0.0/16 on port 443. (There might be a more specific subnet, but this was enough for me to start with)

Let’s apply this to Meraki MX65 traffic shaping rules. In this rule below my upload limit per client is 1.5 Mbps. Depending on how many clients you have and your upload speed, you can come up with something more suitable for your network.

In order to figure out how to define these in Meraki, please follow the instructions in the previous doc that I linked.

Et Voilà! You got your home network back 😉

Yaesu FTM-400XDR and Chirp

I use Chirp. I love it. It’s the only way to program my Baofeng UV-R(+) radios… Period.

Also I love that I can download repeater settings according to a zip code, county, state, etc…

I wanted to use Chirp for my Yaesu FTM-400XDR. However it looks like Chirp doesn’t support this model. So my initial reaction was to create the repeater list with Chirp, export on CSV, and import it to Yaesu.

But, that wasn’t possible either since Yaesu expects the data in a different order and format.

I wrote a small python script that rearranges and reformats the CSV file to the expected import file for the Yaesu’s own software. Check out the README to read how you can install and use the script.

By the way, Yaesu’s software to program the radio doesn’t work on Mac OS X natively, since it’s a Windows software. I managed to run it on Mac OS X using wine. But that’s another blog entry…

No timer in Mac OS X? No problem!

Mac OS X doesn’t come with a timer installed by default. There are bunch of timers in the App Store, you can definitely install one of those.

But here is how to make one from scratch. Open terminal screen and type:

sleep 5 ; say "Time is up"

Well that’s it 🙂 This command will sleep for 5 seconds and say “Time is up” at the end of 5 seconds.

We can make a little script out of it and save as /usr/local/bin/timer as below:

#!/bin/bash
sleep $1 ; say "Time is up"

You can invoke the command like this, it will sleep 5 seconds and tell you “Time is up”:

timer 5

As a bonus, if you want minutes instead of seconds, you can always do something like this which will run the timer for 5 minutes:

timer `echo "5*60" | bc`

Replacing Unity with XFCE in Ubuntu

Here is what I do as soon as I install a new Ubuntu instance: I remove unity desktop and replace it with XFCE. And if you want to do the same it’s pretty straightforward. 😉

Perform all of these as root in a terminal window, or prepend with sudo. (Look elsewhere for GUI steps 🙂 )

  1. Update your repos:
    apt-get update
  2. Uninstall Unity and ubuntu-desktop:
    apt-get purge ubuntu-desktop unity-*
  3. Install XFCE Desktop environment:
    apt-get install xubuntu-desktop
  4. Restart lightdm:
    /etc/init.d/lightdm restart

Voilà! You’re using XFCE desktop! 😉

OpenVPN client test, without a client.

If you need to test the connectivity of your openvpn server from a client’s perspective, you can use this command:

echo -e “\x38\x01\x00\x00\x00\x00\x00\x00\x00” |     timeout 10 nc -u your.openvpnserver.ip port | cat -v

 

This sends TLS negotiation header to the server and expects a reply in 10 seconds. If you get an empty line, things timed out. If you get a reply like the line below, you have connectivity.

@M-QM-^MTM-aM-^U^VM-Q^C^@^@^@^@^@@M-QM-^MTM-aM-^U^VM-Q^C^@^@^@^@^@

rarcrack with big files

If you are trying to crack a big rar file with rarcrack (Mine was 2.6G) and you’re receiving this error:

$ ./rarcrack --type rar ./file.rar
 RarCrack! 0.2 by David Zoltan Kedves (kedazo@gmail.com)

 ERROR: The specified file (./file.rar) is not exists or
 you don't have a right permissions!

You need to add these lines below in rarcrack.c and recompile. (Put them before #include rarcrack.h )

#define _FILE_OFFSET_BITS 64
#define __USE_LARGEFILE

While you’re there you can fix the error message’s English 😉 I leave it to you to find it. 😉

Stupid freepbx issue

For a long while I wasn’t able to pinpoint this really stupid issue where my extensions couldn’t call each other however my trunk calls were OK. It first surfaced by not being able to point my BV to my internal extension, but I brushed it out since I had a shitty Comcast router. I first thought that was the culprit.

Then when I was fixing my parents’ extensions in Turkey I realized that I cannot make any extension to extension calls but I still can use outbound routes. After hours of troubleshooting I realized that dialparties.agi script would always return: “Returned from dialparties with no extensions to call and DIALSTATUS:”

I manually ran the script and found out that it was spitting out this error message: “PHP Parse error:  syntax error, unexpected T_GOTO, expecting T_STRING in /var/lib/asterisk/agi-bin/phpagi.php on line 1234”

Then I found this bug in freepbx Trac. I ended up changing the name of the goto function in line 1234 of phpagi.agi to go_to and things started to work fine. 😛

Apparently this started to happen when I upgraded my ubuntu which upgraded the php to version 5.3.2.

Mac OS X pkg files

PKG FilesSometimes you need to see what’s inside of that pkg file. But you also don’t want to install it. You just want to take a look at the files in it before installing it. Well, here is how to do it:

PKG files usually come in a DMG image. First mount that file by double clicking on it. Then open a Terminal window and go to the folder where it’s mounted. (Look under /Volumes)

Once you are in that folder you will see a file with a .pkg extension. Let’s say it is called Foo.pkg. Copy that file in a folder, I’ll copy it to /tmp.
cp Foo.pkg /tmp
cd /tmp

Mac OS X has a utility called pkgutil. You can do a ton of stuff with it, so check the manual page. (man pkgutil) But for our exercise we will just use it to expand the pkg file.
pkgutil --expand Foo.pkg /tmp/foo_package
cd /tmp/foo_package

This will open the pkg file to a flat structure. You will see some files and folders like Distribution, Resources, Foo.pkg. Go ahead and cd in the directory Foo.pkg:
cd Foo.pkg

In there you will several files. The important ones are Bom, Payload and PackageInfo:

Bom:

This file is called Bill of Materials. It describes what is in this pkg file and where they will be written to. If you will not do file/binary analysis of the contents of the pkg file and you want only to see which files will be written where, this is your file. You can also use this file’s contents to remove the package completely. (I leave this exercise up to you)

Bom is a binary file and there is a tool to list its contents: lsbom. (man lsbom for usage) Basic usage would be:
lsbom Bom

This will print file/directory structure of the contents on the screen.

Payload:

This is the file that contains all the files and directories in this pkg file. It’s a gzipped archive file.
$ file Payload
Payload: gzip compressed data, from Unix
$ mv Payload foo.gz
$ gunzip foo.gz
$ ls
foo

This will give you a file called foo. Now you need to use cpio to extract that archive.
$ cpio -iv < foo
.
./System
./System/Library
./usr
./System/Library/LaunchAgents
./usr/bin
......files files files.......
50002 blocks
$ ls
System foo usr

In my case it unarchived two folders called System and usr.

No you can go and browse these directory to find files you are looking for. Have fun 😉

Some basic statistics on leaked Sony usernames and passwords data.

I spent some time on analyzing password usage using the data that leaked from couple of Sony hacks few days ago. The results are pretty scary.

The data size: 38698 users on 2 sites.

Top ten most used passwords are:

  1. seinfeld
  2. password
  3. winner
  4. 123456
  5. purple
  6. sweeps
  7. contest
  8. princess
  9. maggie
  10. peanut

So if you have a password that is listed above, you better change it pretty soon.

I also compared how many people were using the same password on two different hacked Sony sites. There were 2421 users who used the same email to register and out of those only 168 users were using different passwords (about 6.5%).

And who wins the email war? Based on the same data, most of the users were using emails from the following providers:

# of users Provider
11281 yahoo.com
7250 other email providers
5077 hotmail.com
4876 aol.com
4837 gmail.com
1600 comcast.net
1263 msn.com
920 sbcglobal.net
676 verizon.net
478 bellsouth.net
440 cox.net