Difference between revisions of "Packettracer"
m (rollback unauthorized mass edits) Tag: Rollback |
(Add section on subverting netacad login by preventing internet access e.g. via Firejail (with example module)) |
||
| Line 10: | Line 10: | ||
$nix-prefetch-url --type sha256 file:///path/to/CiscoPacketTracer_"version"_Ubuntu_64bit.deb | $nix-prefetch-url --type sha256 file:///path/to/CiscoPacketTracer_"version"_Ubuntu_64bit.deb | ||
</syntaxHighlight> | </syntaxHighlight> | ||
| + | |||
| + | == Miscellaneous == | ||
| + | |||
| + | === Skipping Login === | ||
| + | |||
| + | By default Packettracer requires logging in via a [https://www.netacad.com/ Cisco Network Academy] account. This login can be subverted by preventing Packettracer from accessing the internet. | ||
| + | |||
| + | One method of preventing internet access is via [[Firejail]]. This can be achieved via CLI by first enabling Firejail via the NixOS option, and running Packettracer via <code>firejail --noprofile --net=none packettracer8</code>. | ||
| + | |||
| + | If you want this to be the default behavior, the following is an example module which enables Firejail and wraps the <code>packettracer8</code> binary so that it runs in its own ephemeral network namespace: | ||
| + | |||
| + | <syntaxHighlight lang=nix> | ||
| + | { pkgs, lib, ... }: | ||
| + | { | ||
| + | # Packet tracer log in can be subverted if there is no internet connection | ||
| + | # so use firejail to isolate packet tracer into its own network namespace | ||
| + | # when running | ||
| + | programs.firejail = { | ||
| + | enable = true; | ||
| + | wrappedBinaries = { | ||
| + | packettracer8 = { | ||
| + | executable = lib.getExe pkgs.ciscoPacketTracer8; | ||
| + | |||
| + | # Will still want a .desktop entry as the package is not directly added | ||
| + | desktop = "${pkgs.ciscoPacketTracer8}/share/applications/cisco-pt8.desktop.desktop"; | ||
| + | |||
| + | extraArgs = [ | ||
| + | # This should make it run in isolated netns, preventing internet access | ||
| + | "--net=none" | ||
| + | |||
| + | # firejail is only needed for network isolation so no futher profile is needed | ||
| + | "--noprofile" | ||
| + | |||
| + | # Packet tracer doesn't play nice with dark QT themes so this | ||
| + | # should unset the theme. Uncomment if you have this issue. | ||
| + | # ''--env=QT_STYLE_OVERRIDE=""'' | ||
| + | ]; | ||
| + | }; | ||
| + | }; | ||
| + | }; | ||
| + | } | ||
| + | </syntaxHighlight> | ||
| + | |||
| + | Simply running <code>packettracer8</code> or launching it via the wrapped <code>.desktop</code> entry via your desktop environment / application launcher should now skip logging in. | ||
Revision as of 10:17, 21 April 2025
Packettracer is a network simulation software. The tool from Cisco is suitable, for example, for training as an IT specialist to learn how to deal with networks and, in particular, how to behave in the event of problems. A free and open source alternative would be GNS3
Installation
You need to enable unfree and prefetch the .deb file from Packettracer before you are able to installing it. The Package is allready available for Nix. Other Unix/Linux Distros with Nix installed can installing it on their system aswell.
$nix-store --add-fixed sha256 CiscoPacketTracer_"version"_Ubuntu_64bit.deb
# or with
$nix-prefetch-url --type sha256 file:///path/to/CiscoPacketTracer_"version"_Ubuntu_64bit.deb
Miscellaneous
Skipping Login
By default Packettracer requires logging in via a Cisco Network Academy account. This login can be subverted by preventing Packettracer from accessing the internet.
One method of preventing internet access is via Firejail. This can be achieved via CLI by first enabling Firejail via the NixOS option, and running Packettracer via firejail --noprofile --net=none packettracer8.
If you want this to be the default behavior, the following is an example module which enables Firejail and wraps the packettracer8 binary so that it runs in its own ephemeral network namespace:
{ pkgs, lib, ... }:
{
# Packet tracer log in can be subverted if there is no internet connection
# so use firejail to isolate packet tracer into its own network namespace
# when running
programs.firejail = {
enable = true;
wrappedBinaries = {
packettracer8 = {
executable = lib.getExe pkgs.ciscoPacketTracer8;
# Will still want a .desktop entry as the package is not directly added
desktop = "${pkgs.ciscoPacketTracer8}/share/applications/cisco-pt8.desktop.desktop";
extraArgs = [
# This should make it run in isolated netns, preventing internet access
"--net=none"
# firejail is only needed for network isolation so no futher profile is needed
"--noprofile"
# Packet tracer doesn't play nice with dark QT themes so this
# should unset the theme. Uncomment if you have this issue.
# ''--env=QT_STYLE_OVERRIDE=""''
];
};
};
};
}
Simply running packettracer8 or launching it via the wrapped .desktop entry via your desktop environment / application launcher should now skip logging in.