Difference between pages "How to intercept ATA commands using AoE" and "ForensicsWiki:Terms of Service"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Client configuration)
 
m (Created page with 'ForensicsWiki is a Creative Commons wiki for information about digital forensics. By adding content to this wiki you agree to the following: * You will not add links to content …')
 
Line 1: Line 1:
ATA over Ethernet (''AoE'') is a network protocol designed for accessing ATA storage devices over Ethernet networks.
+
ForensicsWiki is a Creative Commons wiki for information about digital forensics.
  
This "How To" explains the process of using ATA over Ethernet protocol to intercept ATA commands from a Linux system (called Linux client) using [[Wireshark]] for diagnostic and testing purposes.
+
By adding content to this wiki you agree to the following:
 
+
* You will not add links to content that is off-topic, such as advertisements for pharmaceuticals.  
== Linux server - Linux client configuration ==
+
* You will not deface pages.
 
+
* You will be nice---for example, you will not attack users, people, companies, or what have you.
First, make sure that Linux server and Linux client are connected to the same network and can exchange packets with each other.
+
 
+
=== Server configuration ===
+
 
+
Make sure that your server has [http://packages.debian.org/en/lenny/vblade ''vblade''] tool installed. Then run the following command:
+
 
+
# vblade 0 0 eth0 /dev/sda
+
 
+
Where:
+
* eth0 - your network interface;
+
* /dev/sda - a block device you want to be accessible through a network.
+
 
+
=== Client configuration ===
+
 
+
Make sure that your Linux client has [http://packages.debian.org/en/lenny/aoetools ''aoe tools''] installed. Then run the following command:
+
 
+
# modprobe aoe
+
 
+
Make sure your vblade device is available on the client by running:
+
 
+
# aoe-stat
+
 
+
The following block devices would be available:
+
 
+
* /dev/etherd/e0.0 - the whole disk (corresponds to /dev/sda on the server);
+
* /dev/etherd/e0.0p1 - first partition on the disk (corresponds to /dev/sda1 on the server);
+
* /dev/etherd/e0.0p2 - second partition on the disk (corresponds to /dev/sda2 on the server);
+
* etc.
+
 
+
== Intercepting ATA commands ==
+
 
+
Launch [[Wireshark]] on a client and start a capture on ''eth0''. You can apply the following display filter to analyse AoE packets only:
+
 
+
eth.type == 0x88a2
+
 
+
Here is a screenshot of [[grml]] client running in VirtualBox:
+
 
+
[[Image:Ataoe.png|thumb|none|Using [[grml]] to capture ATA commands]]
+
 
+
== External Links ==
+
 
+
* [http://buffalo.nas-central.org/index.php/Vblade_-_ATA_over_Ethernet Vblade - ATA over Ethernet]
+
 
+
[[Category:Howtos]]
+

Revision as of 22:58, 4 January 2010

ForensicsWiki is a Creative Commons wiki for information about digital forensics.

By adding content to this wiki you agree to the following:

  • You will not add links to content that is off-topic, such as advertisements for pharmaceuticals.
  • You will not deface pages.
  • You will be nice---for example, you will not attack users, people, companies, or what have you.