Check

Chapter 1: The Meeting

The official records stated his name as Sheikh Abdul Rashid but people knew him as Sheikh sahib. People often found it intriguing that he chose to spend a major portion of his life in a Pashtun concentration area despite the fact that he was from Punjab. To this, he often made reference to the old tradition of Pakhtunwali (The Pashtun code of life) and said vehemently, “I have more Pashto in me than there is in fifty of you combined”. Legend has it that his parents were killed while migrating from the Indian side of Punjab to Pakistani Punjab during partition of the Indian subcontinent in 1947. Sheikh sahib miraculously survived the massacre and made it to Lahore at the tender age of fifteen. Despite extremely meagre resources, he managed to do B.A. in Geography and started teaching the same subject at secondary school level. He was transferred to schools in Sukhar, Khanewal and Kohat before he came down to Landi Kotal where he taught at a local school while living in a small teachers’ colony close by. He felt more at home in Landi Kotal than he had ever felt anywhere else during his 40 years old existence. He liked the perfect equilibrium that his life had achieved here; no poignant agonies of his traumatic childhood bothered him, nor did he feel obliged to sketch elaborate future plans in this vacuum of a place unsoiled by the ways of the ‘advanced’ world.

Sheikh sahib’s routine was quite predictable. He taught in the school until 1 pm after which he came home for lunch and took a nap. In the evenings, he would take a stroll in the local bazaar and indulge in a casual chit chat with the merchants over several cups of hot, fragrant qahwa (green tea). Then he would carry his last qahwa cup of the day to a small mound right next to the bazaar and sip it away while gazing at the mysterious mountains. The soft evening breeze whispered tales of foreign warriors marching in the historic valley, tales of splendour and forfeit. As the evening grew darker, Sheikh sahib felt the monotony of his life extend to that of the mountain ranges that crawled yonder. He had no desire to disturb this perfect harmony.

One day, Sheikh sahib’s monotonous life was jolted  by a little boy who served him tea one evening. This was one of the best teas he had consumed in a long time. When it was time to pay, he  found to his embarassment that he had forgotten his wallet at home. He looked aplogetically at the boy and told him his dilemma. Unlike other waiters, the boy very politely asked him to talk to the owner of the small tea shop. The shop-owner knew Sheikh sahib and agreed to let him pay the next day. Sheikh sahib, still impressed by the boy’s manners, called him out and engaged him in small talk.

“What’s your name, boy?” asked Sheikh sahib.

“Nadir Gul”, he replied.

“Ah, rare flower! so what do you do, beside serving tea of course”, asked Sheikh sahib.

“When I am not picking my nose, I like to pick people’s brains”, he said plainly.

It was a startling response from a 10 years old. Sheikh sahib stared at him in silence not knowing what to say.

“And what is it that you have picked about my brain?”, he muttered slowly.

“That it makes you uncomfortable to think that someone picked your brain, but that’s understandable. You see, people’s reponse to such situations is a start, which is quickly replaced by anger–a camofaluge for their discomfort about suddenly becoming vulnerable, about layers and layers of hidden emotions becoming exposed to the scrutiny of an external eye. But that’s fine, you have no reason to feel threatened by me”, Nadir’s words poured out.

“Little boy, you are not *capable* of hurting me”, Sheikh sahib quickly retaliated.

“That’s subjective. There is something they say about judging things by their size”.

At this point, Nadir grew aware of other clients’ agitation and quickly left to take orders.  Farooqi sahib could not get the boy out of his mind for the next week or so. He knew he had to meet Nadir again.

———————————————

(Continued…)

Image courtesy

Self Appraisal and Intellectual Arrogance

In my mind, I maintain a dynamic list of things I don’t want to be in my life. After stepping into academia, one recent addition has been ‘intellectual arrogance’. When one is in a seat of power, there is a natural urge to flex one’s muscles every once in a while. I bet Spiderman derives some evil pleasure in watching fellow human beings feverishly drag along roads below him when he is weaving his way up the tallest buildings. Superman’s ego must soar hand in hand with his flight, as the objects below him shrink to the size of dots. Similarly, when one is in the academia for some time, there is a predisposition to fall prey to what is called ‘intellectual arrogance’ (IA)–thinking low of others because of one’s superior mental/intellectual capabilities, or the reverse; thinking high of oneself because of others’ lack of mental/intellectual capabilities.

I came across an interesting/related proverb a while back:
“He who knows not and knows not he knows not: he is a fool – shun him. He who knows not and knows he knows not: he is simple – teach him. He who knows and knows not he knows: he is asleep – wake him. He who knows and knows he knows: he is wise – follow him.”

To summarize:
State————–Aware of state?———Verdict/Action
====================================================
Knows not———-Unaware—————Fool/Shun him
Knows not———-Aware—————–Simple/Teach him
Knows————–Unaware—————Asleep/Wake him
Knows————–Aware—————–Wise/Follow him

This is closesly related to the concept of self appraisal; the ability to correctly and fairly assess one’s own capabilities. It is through the process of self appraisal that one identifies his weaknesses (with a view to improve them) and strengths (to channelize them judiciously). However, this last case of realization of one’s strengths can transform into IA if not handled carefully. Intellectual development should be a proactive process that reinforces itself by achieving targets and overcoming challenges. IA manifests itself when belittlement of others’ work begins to feed one’s self-esteem/ego. IA is when someone asks you a ridiculously simple question and you find it amusing to reiterate the question in your head, or make it the butt of your jokes among friends/colleagues.

To wind up, one’s spirit should be like Ghalib:
“Rutbe me mehr-o-mah se kamtar nahii hoon ma”
(I am no less significant than the moon and the sun)
and mindset like Socrates:
“The only true wisdom is in knowing you know nothing.”

برصغیر کا عاشق اور مستقل مزاجی

The Cocaine Effect

It’s a sensational title, I know, but this post does not talk about anything illegal . In fact, it is in the same vein as one of my previous posts, except that that was related to poetry and this one is on the musical side. The idea is that creative inspiration transcends all borders; geographical and temporal.

The main guitar riff in Eric Clapton’s ‘cocaine’ (which I have named ‘the cocaine riff’) always gave me deja vu. One fine day, I found the missing pieces of the puzzle; two Pakistani songs from the 90s clearly borrow something from the cocaine riff. Comments on YouTube pages, Wikipedia and my Pakistani connection led me to make the following video. Please note that I do not own any of these videos. I just extracted and merged portions of interest from YouTube videos and narrated my story through the black&white images in the video. Enjoy

Ali Khayam

My favorite dialogue from Wuthering Heights is by Caterine Earnshaw: ‘I’ve dreamt in my life dreams that have stayed with me ever after, and changed my ideas; they’ve gone through and through me, like wine through water, and altered the colour of my mind’. I think that in addition to dreams, some people too are capable of achieving similar results; altering the color of one’s mind and all. With this thought, I am starting a new category in my blog titled ‘People’, in which I shall talk about people who have inspired me in some way.

My first entry is about my MS supervisor Dr. Syed Ali Khayam. I have been meaning to write this post for a while, but it did not seem right to write about him when he was still in a position to influence my grades. Now that I have formally finished my MS, there is no harm in doing this post, so here it is.

When I joined the MS program at NUST after graduating from IIUI, it did not take me long to realize that I had a disadvantage in that I was not a NUST graduate. This was somewhat justified in that NUST graduates were clearly more knowledgable, or lets say, ‘trained’. That should not come as a surprise considering that NUST is one of Pakistan’s best schools. What I found disheartening was that majority of the faculty seemed rather reluctant to suprvise students who were non-NUST graduates. In one course, I asked a question from the instructor which did not satisfy his criteria of intelligence. He asked me which university I had graduated from. When I replied “IIUI”, he said “That explains”. It almost seemed to me that teachers were looking for ready-made packages who could generate research papers with the minimum effort. The following is a real example from an anonymized teacher’s web page:

I am biased towards NUST graduates in my signings and prior publications/CGPA/hands-on experience are big turn ons.

In this background, I found out about WiSNet lab and its director, Dr. Syed Ali Khayam. It would not be an exaggeration to say that WiSNet was the university’s elite lab in that it churned out an enviable number of publications in top venues every year without fail. In many cases, it was the first research lab from Pakistan (in others, the first from South Asia) to do so. Keeping in mind the disappointing attitude of the average faculty, I thought that Dr. Khayam would be a supersnob, aging professor.

In our first semester, Dr. Khayam took some of our classes as a guest lecturer. When a flamboyant guy in his early thirties arrived in the class with his backpack on, I thought it was one of the senior students seeking our participation in some random event. Turned out that the guy was Dr. Ali Khayam. He delivered some excellent lectures. However, I kept thinking one thing during all his lectures: ‘This guy has got to be one hell of an actor to pull off his lectures with such enthusiasm and energy, when he must have used the same slides at least 25 (50?) times in the past’.

In the second semester of MS, I started thinking about my thesis. I wrote to a couple of teachers to guide me about how to proceed with things. Some did not reply, others I did not want to work with. Where Dr. Ali was concerned, I was in a dilemma; I was not a NUST graduate, Dr. Ali had never formally taught me a course, and he was not even in Pakistan at that time! I decided to go with one of the fundamental principles I live by: It’s better to have tried and failed than never to try at all.

I wrote to him. He replied very warmly asking me to wait till he comes back to Pakistan or write my queries to him, whichever I preferred. I chose the latter and the rest is history; he gave me a prove-thy-capabilities kind of task which I completed successfully and thus formally became his supervisee. I worked with him for more than one year. During this period, we worked on some very exciting projects and published to two top venues. Though significant in its own right, I don’t put too much value on the academic outcomes of our association. I learnt lessons of a lifetime by watching Dr. Ali work, and that, I believe, is true education! There is a reason why Einstein said: “Education is what remains after one has forgotten what one has learned in school”.

What really inspired me about Dr. Ali was how utterly devoted he was to his students. He was generally kind to all students regardless of whether or not he taught them; but he really went out of his way to help students whom he supervised. He selected his supervisees on merit and potential only. He did not care one bit about their previous backgrounds. Some students in WiSNet came from areas generally inferred as quite ‘backward’. In his full swing, he supervised about 15 students at any given time and each one of them thought that his attention was exclusively devoted to their work. His work required him to travel abroad frequently, yet distance never came between him and his students. He found time to have discussions with students from the most incovenient timezones. We never needed to update him about our work. He kept mental tabs on all of us and each weekly meeting was a natural continuation of the previous one. For his meetings he had a simple agenda: ‘Do task#1 and lets discuss after one week if it was done or not; in the latter case we will try to find out why it didn’t work out and devise an alternate strategy’. He never said ‘You do this’; it was always ‘*Lets* try this’. He didn’t care whether students worked from lab, home or Timbuktu. He was goal-oriented and did not fuss over other things.

He never gave up on his students once he decided to supervise them. He embraced them with all their weaknesses and advised them on every aspect of their lives when needed. He put so much trust in his students that they felt obliged to deliver. If a student felt stressed out or overworked, he happily let them take a week or two off. If someone felt demoralized or in low spirits, he made time for a counselling session on priority basis. Generally after each meeting, he used to ask questions like ‘Are you happy?’, ‘Do you find your work exciting?’, ‘Is there anything I can do for you?’. He used to cheer for the smallest milestone achieved and took disappointing results in good spirit by saying something like ‘This is all good work, but we could improve this if we …’.

Dr. Ali’s students are distributed all over the world; USA, UK, Germany, Australia, Hong Kong to name a few. He always speaks very affectionately of his ex-students and stays up to date about their lives; academic and otherwise. He has a rule that if he is geographically within 20 miles radius of his students, he meets them (often that entails a lunch/dinner paid by him). I have seen him put important commitments on hold to stick to this rule. The same goes for Dr. Ali’s ex-students; deadlines no longer exist and lectures can be missed if Dr. Ali is in town. The Dr.Ali-student meeting must take place no matter what.

He is an amazingly sharp person, yet he always attributed his achievements to hard work. He has published in very diverse areas concurrently. It is amazing how one person can simultaneously keep so many disparate threads of thought open in their mind. He is never afraid of taking risks and inculcated the same attitude in his students. Whenever he stumbled upon a new idea (which was a frequent occurence), his face flushed red with excitement like a child. Five days before my inhouse defense, he had one such episode. It was a regular meeting once, when he suddenly jumped out of his chair, his eyes started shining 5x more and he went: ‘Why don’t we publish this to ACSAC?’. I was not moved one bit and said, ‘You do realize that I have my inhouse defense in five days and the deadline is one week from now and I don’t have a word written?’. He did not agree and got me to write it eventually by saying ‘You can do it’ a dozen times.

Dr. Ali believes that everything can be achieved with hard work and persistence. He used to say that when he first came to Pakistan after completing his PhD, he was told that the predominantly western academia is biased against publications from ‘small’ countries like Pakistan and that he should forget about it. His counter-argument was simple: ‘In that case we have to work harder than folks from internationally hot-shot universities so that saying no to our work is not an option’. Dr. Ali’s speaking skills are extraordinary. When he speaks, people listen. Once he mentioned that his speaking power was barely strong when he was a student, but he made a conscious effort to improve this shortcoming. He said that one has to be a good actor to be a good speaker, thus confirming my first impression of him.

Dr. Ali has credentials and contacts that will help him land a lucrative, foreign career with minimal effort, something that most people in Pakistan will sell an arm and a leg for. It always intrigued me what forced him to stay in Pakistan when everybody else was dreaming of a foreign yatra, especially when he had had a taste of ‘luxury’ by living in USA for more than 5 years. I once put forth the question to him to which he replied: ‘We cannot do our bit in changing the system unless we are *in* the system. *We* are the system’.

Though this is exactly what my previous discussion implies, Dr. Ali is not an angel. There might be some shortcomings, but they tend to fade into the background when put in the context of his larger person.

I was perhaps the last student Dr. Ali directly supervised. He did not renew his job contract with NUST when it expired in 2011. This was his official remark, but to us students it meant that he had resigned from NUST. Though it was in the air for a while, I was very sad the day the news became official. His resignation did not affect me in any way as we continued to work together, and I was not taking any course from him any way. Yet, I was so very sad. It seemed to me as if Ghani Khan’s Reidi Gul had traded his cherished desert for the gardens of Iran. Dr. Ali had started his own company which was keeping him too busy to conitnue to teach. The last time we met, I categorically asked him why he had stopped teaching, to which he replied: ‘I did not find the kind of research I was pursuing exciting any more; if you do not find something exciting, you should not do it. It was too monotonous, the same cycle of fighting for funds, publishing papers year after year’. I told him that I was not apprehensive about the publication aspect of his decision, my main concern was the opportunity for personal development that students would miss if he leaves. He said that he also misses interacting with students and intends to teach a course as private faculty at some point (when his schedule permits). After that, he went quiet for some time. When he spoke again, he had that familiar shine in his eyes: ‘But you do know that all my plans converge to one final goal. We are getting there, aren’t we?’.

He was right. I know his ‘big goal’ and so do some of his students, but we are not supposed to say so I won’t reveal much about it except that it is related to education. Robert H. Schuller said: ‘You can often measure a person by the size of his dream’. Going by that definition, Dr. Ali is nothing short of a giant for me and all his students. God bless you, Sir, and many thanks.

Let me think!

( The following is my modest attempt to translate some of Faiz Ahmed Faiz’s epic writing and poetry)

You say that our philosophy is flawed in that ill-meaning people can twist it to suit their agenda, thus leading to turmoil. You are quite right. If such people were capable of reasoning, they would not behave unreasonably in the first place. In that case, there would also be no point in trying to make them understand and see things either. But the fact is that they lack reason. Does this mean that we should give up on them? Does this mean that if in their blindness they chose to step into fire, we should let them? Though I agree with you that most sane men, for their peace of mind and comfort, would say yes to these questions. This is what most intelligent people do. But there is a minuscule percentage of people who feel obliged to interfere–for the benefit of other humans. Usually, this attitude gains nothing–which begs the question; why do they go out of their way then to help people who don’t want to be helped? Well, I can only speak for myself. I believe that there are very few people who are born evil. (Remember, we are talking about individuals, not political parties!). Good and evil exist in different proportions in all of us humans. The composition of these elements undergoes several changes during one’s formative years. Eventually, when maturity dawns, a nearly stable composition is achieved which is rather difficult to alter. Yet, I believe one can cause *some* alteration in this ratio, even if it’s temporary. I believe this can only be achieved through love and friendship–not by force and compulsion. But again, does taking these pains guarantee any gains? Usually not, but sometimes yes…sometimes!

There is a point to ponder,
Let me think for a while!
In this garden (which is worse than a desert now)
Which branch was the first to beget flowers?
And which one lost its color even before woe struck?
And when did the blood draught hit this place last,
causing the flowers to lose their color?

There is a point to ponder,
Let me think for a while
In this city full of life (which is worse than wilderness now)
When did the fire break first?
Through which of its now closed windows
did the sun rays shimmer?
And where did the candles lit up?

There is a point to ponder,
You ask me about a land
of which I remember neither history nor geography,
And what’s left to remember,
I try to avoid, like forsaken love.
If by any chance I do indulge in its memories,
It’s nothing more than a mindless love affair.

I have reached a state of mind where
I treat my own heart with such aloofness;
My heart and I, but rarely, run into each other.
And yet you ask me about my heart!
There is a point to ponder,
Let me think for a while!

(Faiz Ahmed Faiz)

How healthy is your Internet?

Three Easy Steps:

1) Visit this website  and Click ‘Start Analysis’ (in red)

2) Now a window will prompt you if you want to allow it to run. Please click RUN.

Note: If you see a java problem, you might need to install Java Runtime Environment (JRE) from here.

3)   Let the program do its analysis stuff. In the end, you’ll see the results. Please copy the link in the address bar and fill the form below with the following information in your ‘Message’ .  Remember, you can always use dummy name and email. (If you still don’t get it, please take a look at the extended version of this post below with screenshots)

————————————————————-

Location: <sublocality> <city> <country> e.g. Pishtakhara, Peshawar, Pakistan

Link: <link to your test results>

—————————————————————-

We are done. Thanks for your time. Below is the original/extended version of this post, and completely optional!

I am doing some research work for which i need your help. If you can share this with your friends, that’s super awesome. In particular, folks from Peshawar University, Islamic University, FAST and NUST, it’s your moral obligation to pass this on to as many people as you can. If you choose to ignore this post, I will do this to you (except that the saw will be in my hands )

So what’s the test about? We want to test the basic health of different networks by doing some basic tests. Rest assured that any private information will not be stolen from you (come on ). The information that we will get from this experiment is already in public domain. It’s just scattered and we are trying to capture it and impose some order on it. The test itself is very simple and should not take more than 5 minutes.

1) Visit this website  and Click ‘Start Analysis’ (in red)

2) Now a window will prompt you if you want to allow it to run. Please click RUN.

Note: If you see a java problem, you might need to install Java Runtime Environment (JRE) from here.

3)   Let the program do its analysis stuff. In the end, you’ll see results. Please copy the link in the address bar and send it to me by filling the form below with the following information in your ‘Message’.

————————————————————-

Name: <optional if you want to be anonymous>

Age: <your age>

Location: <sublocality> <city> <country> e.g. Pishtakhara, Peshawar, Pakistan

Link: <link to your test results>

—————————————————————-

Congratulations! You just did your bit in our *modest effort* to make the Internet a better place. Don’t we all just love the Internet?

The PhD Hunter

Bounty hunting might be the in thing in the Wild West, but what i am warming up to is the idea of PhD hunting. Background first. There are two modes of doing a PhD — one is to send applications to a bunch of universities and dive right in if you get admission. The other mode is when you already have a clear idea about the kind of stuff that you want to work on during the PhD. The latter can be tricky because the pool of potential advisers shrinks proportionally with how well-defined your research interests are. Moreover, the ones you choose may not be interested in working with you. Also, because PhD is a long term commitment and other issues are involved such as funding and research reputation, potential advisers need some kind of *reassurance* that a student will not waste their time, or worse still, chicken out. Now reassurance can come in various forms. Published work, reference letters, work experience can all serve to strengthen an adviser’s faith in you. Yet, an adviser cannot read your mind and you have to speak up to express your interest in a PhDship

Now this last part is where things get interesting. How do you walk up to a person and tell them that you are good at things without sounding prententious? And if you decide to keep a low profile, how will the other person know that you are good (or interested)? I believe this is a fairly common dilemma and i have heard similar rants from my friends.

Dilemma or no dilemma, the clock is ticking, the deadline is coming closer and closer and the research proposal is not ready! “The thread is ripping, the knot is splitting” [1], and it’s getting more and more ridiculous with every passing day. You walk into a room full of people, and start hunting for potential advisers. It’s like Barney Stintson with his predator vision , except that the object being scanned is an adviser! And your brain is in this full on PhD mode and you’re like: Research, Yeah, bring it on!

It is this awkward position that motivated me to write two research papers (except that there is hardly anything researchy about them . The first one is the part of me that wants to address the issue head-on. The other one relates to “Well, maybe next time” part of me. As of now, i am still trying to find the sweet spot Enjoy!

The awesome PhD candidate

The not-so-awesome PhD candidate

————————————————————————————-

[1] “Love is Blindness” (U2)

Pickup Lines–Info Sec edition

I went with my friend to a coffee shop the other day and while we were waiting for our french fries (yes, we went to a coffee shop to buy fries  ), a wall with a big black board caught my attention. The board said ‘Your favorite pickup lines’ and people had scribbled away some interesting stuff. My pick of the lot was ‘Are you a magnet?’. I thought a magnet would translate to ‘honeypot’ in our information security jargon. On our way back home, i came up with a number of info sec pickup lines. Before posting the stuff, i thought of doing a “literature survey” and turned out that they have corny stuff for Math (Your name is Leslie? Look, I can spell your name on my calculator!), Physics (You make me want to be a better Physicist) , Programming (“Are you an exception? Let me catch you.” ) but nothing for info sec! I get it that it’s a specialized area and all, but hey, why not? So here’s a quick list If you have something to share, let me know, and i’ll add it to the list ( with credit, of course! )

• I was wondering if we could go out this evening and discuss Elliptic Curve Cryptography over drinks?
• You will always be my loopback address
• You have encrypted my heart with your public key
• You have DoSd my brain (credit: Mobin Javed)
• Lets spend the weekend together breaking CAPTCHAs
• I think we have met before at BlackHat (or was it Defcon?)
• Are you my botmaster because i feel like a zombie
• Wanna exchange PGP keys?
• You had me at pcap_open_live(eth_heart, 65535, promisc, -1, no_errbuf)
• All my certificates lead to your CA
• You have cache poisoned my brain
  
• For you, I am an unpatched Windows 95
• I’ve been scanning you around and i find you very vulnerable
  
• Are you the one who installed a rootkit in my head?
• I can even switch to Windows for you!
• You a Virus, or what?
• Can i have your IP address to PING you sometime? (credit: Muhammad Qasim Ali)
• The moment i saw you, i got a feeling that we are on the same subnet. (credit: Muhammad Qasim Ali)

and my favorite…

• Are you a honeypot?

Virtual Instinct- Reloaded

I did a previous post “Virtual Instinct” on virtual machine (VM) basics. In this post, i am going to implement an IPv6 test network using virtual machines. The motivation was that i am writing (or looking into writing, whichever you prefer ) detection scripts for some IPv6 attack tools. I needed to design and create an IPv6 network that would help test both local and global scope attacks, while ensuring that the attack doesn’t get outside my machine and i don’t end up serving in Berkeley ghetto. As can be seen in the figure below, this is the design i came up with. Simple enough. But the fun starts when we start implementing it . Lets go through the implementation step by step.

Creating VM1
In the de facto state, my laptop already had connection to the Internet via wlan0. That’s the right part of this figure and usually connection to a wireless channel takes place automatically. Lets turn our attention to the left part. I installed VirtualBox, and created VM1 with Ubuntu 11.10. By default, it comes with the NAT configuration. I don’t want NAT because i don’t want to go anywhere close to wlan0. That’s prohibited territory for my VMs. I want my host to connect to VM1 over a separate interface. So i open the VB manager, click on VM1, click Settings in the top menu and select Network. Now you can see that there are 4 network adapters available to you. The first one is open by default. Check ‘Enable Network Adapter’, attach to ‘Host-only adapter’ (http://www.vmware.com/support/ws55/doc/ws_net_configurations_hostonly.html), it will be automatically assigned the name vboxnet0, click OK and we are good. Whenever i mention network settings again, you should follow the same steps i just described. Next i installed guest additions, enabled clipboard sharing and created a shared folder with my host OS (all explained in my previous VM post). This part is not mandatory, but it will make your life very easy.

Creating VM2
The next task is to create VM2. Now VM1 was up and running in about 15 minutes. Do i really want to wait that long and create another machine from scratch when i know that all i need is to replicate VM1, same OS and all? So what i do is that i right click VM1 in VB manager, select clone and further specify that i want a linked clone. Do i hear ‘linked clone, WHAT’? If it helps, take comfort in the fact that i don’t know much either . But i know what’s important to know, and here is a summary of it (http://www.vmware.com/support/ws55/doc/ws_clone_overview.html):
(1) “Changes made to a clone do not affect the parent virtual machine. Changes made to the parent virtual machine do not appear in a clone.”
(2) “A clone’s MAC address and UUID are different from those of the parent virtual machine.”
Also note that, “A linked clone must have access to the parent. Without access to the parent, a linked clone is disabled”. Now this is not a point that bothers me, so Yay to linked clone.

Now that VM2 is born, lets turn our attention to its network settings. We need to connect VM2 to VM1. Now VM1 already has a host-only connection with the host OS over vboxnet0. We could join this network but that would make VM1, VM2 and Host OS on the same LAN, which is not in accordance with our design. We need a separate connection between VM1 and VM2. This means that we need to create another adapter on VM1 specifically meant for connecting to VM2. Lets do that now. Go to network settings and enable adapter2 with ‘internal network’ (http://www.virtualbox.org/manual/ch06.html#network_internal). Also create an internal network on VM2 by following the same settings but remember that you need to enable adapter 3 (adapter 1,2 and 4 should not be enabled). So what’s the deal with adapter 3? We already enabled adapter 1 and 2 for VM1 and they have been assigned MAC addresses X and Y respectively. If you enable adapter 1 on VM2, it will get MAC address X (or Y for adapter 2). Because IP addresses are assigned based on MAC addresses, VM1 and VM2 will end up having the same IP address for their interfaces. Again, this will clash with our design.

Initial Testing
Do ifconfig on VM1 and note that it has two IP addresses, one for host OS and the other for VM2. Also note that the interface names are eth0 and eth1. Eth0 pairs with vboxnet0 on host OS, and eth1 joins with eth1 on VM2. Figure out IP addresses (do ifconfig) for interfaces of interest on host, VM1 and VM2 and go crazy pinging. In its current form, the following pings should take place.
Host<–>VM1
VM1<–>VM2

Some babble about interface naming
The names are prefixed by eth because VM doesn’t know what’s the underlying network card. All it sees is that it is connected to a (virtual) ethernet NIC. I have also noticed that the number after eth occurs in increasing order of the virtual network adapter number. For example, if adapter 2 got eth1, then adapter 3 will get the name eth2 and so on. It’s not that big a problem but it’s weird. I still can’t get over why my network adapter 3 on VM2 got the name eth1 when it was the first one and deserved to earn the title ‘eth0′. And if VM somehow wants me to believe that naming is in accordance with network adapter numbers, pray tell me how does network adapter 3 get the name eth1? By this logic, if we were to enable adapter 1 on VM2, it would have been named eth-1 (minus 1).

Bye bye Ipv4
On most modern OS (including Ubuntu), IPv6 is enabled by default. You can check by doing ifconfig and looking out for IPv6 addresses. Alternately, open terminal and  type in cat /proc/net/if_inet6. You should get something like:

————————————————————————————————-
fe8000000000000072f1a1fffe9710c1 03 40 20 80    wlan0
00000000000000000000000000000001 01 80 10 80       lo

————————————————————————————————-
If you don’t, then you need to manually enable it (http://www.cyberciti.biz/faq/check-for-ipv6-support-in-linux-kernel/).

You’ll notice on doing ifconfig that each interface is also allocated an IPv6 address alongwith IPv4 address. I want this to be a pure IPv6 network. The reason for my partiality to IPv6 is that i am going to have to analyze attack traffic and i want minimum noise. I don’t need IPv4, so how do i get rid of it? The answer is simple. Just turn it off in VB manager. Go to File->Preferences->Network. You’ll see your adapter(s) listed, now click on vboxnet0 and then click on what looks like a screwdriver (if you hover over it long enough, it says ‘Edit host-only network’). In the window that pops up, click on the tab DHCP server and uncheck Enable. Sweeeeeet! .

Do ifconfig and you’ll see only IPv6 addresses. But wait, we just turned off the DHCP server, who assigned these addresses? Welcome to IPv6. IPv6 is capable of what is called address auto-configuration. A more detailed discussion on Ipv6 is beyond the scope of this post which, by the way, is already getting too long for my taste So i’ll cover only some very basic info about IPv6 which we’ll need during our setup.

Welcome IPv6
Wikipedia has a nice page on IPv6 (http://en.wikipedia.org/wiki/IPv6). There are actually two points of interest here.

1. IPv6 has an in-built mechanism to configure addresses for its interfaces (Stateless address autoconfiguration (SLAAC)).

2. You’ll notice that the addresses start with fe80. That’s because fe80::/10 is the link-local scope. Also, note that the link-local IPv6 assigned to an interface will typically remain unchanged across reboots. This is because the link-local address is derived from MAC address, unless specifically specified otherwise. So what is link-local scope? This brings us to our second point. In IPv6, a single interface can have multiple IP addresses associated with it. These addresses differ from each other in their scopes. Now there are a bunch of scopes which you can read in detail in this very nice IPv6 cheat sheet (www.roesen.org/files/ipv6_cheat_sheet.pdf). The scopes we need to be familiar with are link-local and global. As the name implies, link-local addresses are valid only on the local link. On the other hand, a global scope address is globally identifiable. What does this mean to us? Well, SLAAC only takes care of link-local addresses, the global scope addresses have to be configured manually or through DHCP. Lets do it then, the manual global-scope IP address configuration, that is.

Manually assigning IPv6 global-scope addresses
The IPv6 global scope is 2000::/3. Keeping in mind our design, lets assign the addresses, as specified in figure 1, in this manner:
ifconfig [interface name] inet6 add [the global scope IPv6 address]
I’ll do the one for host, and the rest can be configured in a similar way:
———————————————————————————————–
ifconfig vboxnet0 inet6 add 2000:1000::/32
ifconfig
vboxnet0  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
inet6 addr: 2000:1000::/32 Scope:Global
inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:413 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B)  TX bytes:77497 (77.4 KB)

—————————————————————————————————–

It’s test time
I assume that all the interfaces have been assigned IPv6 addresses according to figure <x> by now. These pings for the global IPv6 addresses should be successful:
Host <–> VM1
VM1 <–> VM2
Note that the traditional ping won’t work for IPv6 addresses. You need to use ping6 like this:
ping6 -I vboxnet0 2000:1300::2

Sometimes the greatest journey is the distance between two hosts on different networks
Nice title, which by the way is a twist on the tagline of “The Painted Veil”. What we did so far was the easier part (at least for me). The nasty part is getting host OS to talk to VM2. lets just do a simple exercise. On your host OS, do:
—————————————————————-
ip -6 route show
fe80::/64 dev vboxnet0  proto kernel  metric 256
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
—————————————————————-
What does this information mean? Lets look at the first line. It tells the Kernel that packets that have their destination field set to be an address in the range fe80::/64 should be forwarded on interface vboxnet0. This command provides you a nice way to look at kernel’s routing table. This table is consulted to help Kernel decide which interface to forward a packet to based on its destination address. If the destination address does not match with any of the interfaces, the packet is dropped. Now do this on the host OS:
ping6 -I vboxnet0 2000:1200::1

As expected, this won’t succeed. Why? Because the Kernel looks at the interface in its routing table and notices that the interface is configured to accept packets addressed to 2000:1300::/32 only. Naturally, we want to tell the Kernel somehow that we *know* that 2000:1200::/32 can be reached through 2000:1300::2 on interface vboxnet0, so just pass it on. Lets state these steps systematically:

1. Tell host OS to pass on packets for 2000:1200::/32 to 2000:1300::2 on vboxnet0 t. The following command does exactly this:
sudo ip -6 route add 2000:1200::/32 via 2000:1300::2 dev vboxnet0

2. Tell VM1 that if it receives a packet on eth0 from 2000:1300::/32 and whose destination is 2000:1200::/32, then it should be forwarded to eth1. Now this isn’t default behavior for a host. In typical operation, hosts are information sinks. Information passing/forwarding is the routers’ job. Here we are making a host behave like router by defining a static path between two interfaces. So we need to do some extra work. The first one is to enable IPv6 forwarding. Note that in most Linux distros, IP forwarding is turned off by default.
sudo sysctl -w net.ipv6.conf.all.forwarding=1
Next, Linux has what’s called iptables, which is a fancy name for a firewall to be used by Kernel. Lets tell this firewall that we are ok with packets with certain destination address being forwarded to eth1. For more details on iptables, look at its manpage. The following commands di what we just discussed. The first command is to let host OS and VM2 talk over the path eth0->eth1 over VM1. The next command is the reverse of the first command to enable bidirectional communication, i.e., VM2 to host OS.

sudo ip6tables -A FORWARD -i eth0 -o eth1 -s 2000:1300::/32 -d 2000:1200::/32 -j ACCEPT
sudo ip6tables -A FORWARD -i eth1 -o eth0 -s 2000:1200::/32 -d 2000:1300::/32 -j ACCEPT   

Testing makes a network perfect
It’s ping time again. All possible ping combinations involving host OS (vboxnet0), VM1 and VM2 should work now.

Making life easier
There are two things i want to talk about.
1.  The IPv6 addresses are kind of difficult to remember so you can give a human readable name to each of your addresses. Just edit the file /etc/hosts. You’ll figure out the format by looking at the file. It’s something like this : <IP address>    <Name>

2-. Manually assigned IP addresses and forwarding information is not persistent across reboots. So it’s a good idea to write commands in bash scripts to run at boot up. Next make entry for the bash script in crontab.

“Cron job are used to schedule commands to be executed periodically. You can setup commands or scripts, which will repeatedly run at a set time.
Each user can have their own crontab file, and though these are files in /var/spool/cron/crontabs, they are not intended to be edited directly. You need to use crontab command for editing or setting up your own cron jobs that will be performed upon login.” (http://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/). Execute ‘crontab -e‘ and add a line like:
@reboot path/to/myscript.sh

If there are permission issues, you might want to ‘chmod 777 myscript.sh‘ which is generally a bad idea but my last resort when i get into linux permissions mess Remember that while it’s a good idea to include these bash scripts in your crontab on the VMs, you’ll have to manually run the bash file in case of host OS. That’s because until you’ve run the VM, the host OS does’t recognize the interface vboxnet0 because it’s virtual. As crontab scripts are run at login time, nothing will happen if you include .sh file in crontab on host OS because the host OS simply doesn’t know what vboxnet0 is. So here is a typical sequence of events: start VM1, start VM2, manually run .sh file on host OS. For reference, i am including my .sh files here and yes, congratulations, we have reached the end of this post at last

—————————————————–
Host OS
—————————————————–
#!/bin/bash

sudo ifconfig vboxnet0 down
sudo ifconfig vboxnet0 inet6 add 2000:1300::1/32
sudo ifconfig vboxnet0 up

sudo ip -6 route add 2000:1200::/32 via 2000:1300::2 dev vboxnet0

—————————————————–
VM1
—————————————————–
#!/bin/bash

sudo ifconfig eth0 down
sudo ifconfig eth0 inet6 add 2000:1300::2/32
sudo ifconfig eth0 up

sudo ifconfig eth1 down
sudo ifconfig eth1 inet6 add 2000:1200::2/32
sudo ifconfig eth1 up

sudo sysctl -w net.ipv6.conf.all.forwarding=1

sudo ip6tables -A FORWARD -i eth0 -o eth1 -s 2000:1300::/32 -d 2000:1200::/32 -j ACCEPT
sudo ip6tables -A FORWARD -i eth1 -o eth0 -s 2000:1200::/32 -d 2000:1300::/32 -j ACCEPT

——————————————————-
VM2
——————————————————-
#!/bin/bash

sudo ifconfig eth1 down
sudo ifconfig eth1 inet6 add 2000:1200::1/32
sudo ifconfig eth1 up

sudo ip -6 route add 2000:1300::/32 via 2000:1200::2 dev eth1