AAA – What is the difference between Authentication, Authorization, and Accounting?

Authentication, Authorization, and Accounting or AAA is an framework that allows access to a computer network/resource,


Authentication identifies the user. It’s from the Greek authentikos “real, genuine”. We can think of it as proving the identity of the user. Bob sits down at the computer and types in his password (Something he knows) and confirms that he is in fact Bob.


Authorization is the privileges that the user has to the system. For instance, Bob is now authenticated to the computer, but he may only be authorized to access email and a web browser.

Authorization and Authentication can get confusing. In simple terms

  • Authentication – Who are you?
  • Authorization – What you have access to.


Accounting is the auditing or logging arm of AAA. It is for answering the 5 Ws Who did what, when, where, and how. For instance, accounting could log that Bob checked his email at 9:30AM, Improved his mind by reading posts on for a couple hours, then checked email again before shutting the computer down.

Hopefully that is a short helpful explanation of AAA. For more information, check out the following links.

Change VLAN ID Ubiquiti Radio from SSH

First we’ll need to ssh into the device

ssh ubnt@

Next lets open up the config file

vi /tmp/system.cfg

Now search for vlan and replace the vlan id with the appropriate number

In VI you can search by hitting / and then type in vlan

After you have changed all the vlan ids, save the file with esc, wq, enter.

Now we can save the config with

cfgmtd -f /tmp/system.cfg -w && reboot

Add Custom OID to device in LibreNMS

In the post, we’ll be adding a custom OID for a Ubiquiti Solar Charge Controller.

  • Find the device OID
  • Add the Custom OID in LibreNMS
  • Check the graph

Find the custom OID

Check out the following post if you are trying to add a Ubiquiti Solar Charge controller graph to LibreNMS. Otherwise you may need to do some googling around looking for the OID.

Add Custom OID in LibreNMS

Go to your device -> Settings(Little Gear) -> Custom OID -> +Add New OID

Adding Custom OID in LibreNMS for Ubiquiti UI Charge Controller

Couple notes about the information.
– There needs to be a 0 after the end of the OID.
– Data Type needs to be Gauge, Not Counter. A gauge can go up and down. A counter just counts up.

Hit “Test OID” and you should get a little notification saying it got a value for the OID. In this case 25572.

Test Custom OID in LibreNMS for Ubiquiti UI Charge Controller

Now Hit “Save OID”

Check the Graph

Now LibreNMS should start graphing our Custom OID. You may need to give it a minute to start showing data.

The graphs show up under Graphs -> Custom OID

Where are Custom OID Graphs?
LibreNMS Custom OID Graph

OIDs for UI / Ubiquiti Solar Charge Controller

Here is a list of OIDs for Ubiquiti’s solar charge controller. You can download the

Top interesting ones are

  • Battery Voltage
  • Panel Voltage
snmptranslate -Pu -Tz -m ./UBNT-MIB:./UBNT-SUNMAX-MIB
"org"                   "1.3"
"dod"                   "1.3.6"
"internet"                      ""
"directory"                     ""
"mgmt"                  ""
"mib-2"                 ""
"transmission"                  ""
"experimental"                  ""
"private"                       ""
"enterprises"                   ""
"ubnt"                  ""
"ubntMIB"                       ""
"ubntORTable"                   ""
"ubntOREntry"                   ""
"ubntORIndex"                   ""
"ubntORID"                      ""
"ubntORDescr"                   ""
"ubntSnmpInfo"                  ""
"ubntSnmpGroups"                        ""
"ubntORInfoGroup"                       ""
"ubntORCompliance"                      ""
"ubntAirosGroups"                       ""
"ubntAirFiberGroups"                    ""
"ubntEdgeMaxGroups"                     ""
"ubntUniFiGroups"                       ""
"ubntAirVisionGroups"                   ""
"ubntMFiGroups"                 ""
"ubntUniTelGroups"                      ""
"ubntAFLTUGroups"                       ""
"ubntSunMaxGroups"                      ""
"sunMaxCompliances"                     ""
"sunMaxGroups"                  ""
"ubntAirFIBER"                  ""
"ubntEdgeMax"                   ""
"ubntUniFi"                     ""
"ubntAirVision"                 ""
"ubntMFi"                       ""
"ubntUniTel"                    ""
"ubntAFLTU"                     ""
"ubntSunMax"                    ""
"sunMaxMIB"                     ""
"sunMaxBatteryStats"                    ""
"sunMaxBatCurrent"                      ""
"sunMaxBatVoltage"                      ""
"sunMaxBatPower"                        ""
"sunMaxBatTemp"                 ""
"sunMaxPvPanelStats"                    ""
"sunMaxPVCurrent"                       ""
"sunMaxPVVoltage"                       ""
"sunMaxPVPower"                 ""
"sunMaxOutPutStats"                     ""
"sunMaxOutCurrent"                      ""
"sunMaxOutVoltage"                      ""
"sunMaxOutPower"                        ""
"security"                      ""
"snmpV2"                        ""
"snmpDomains"                   ""
"snmpProxys"                    ""
"snmpModules"                   ""
"zeroDotZero"                   "0.0"

Get battery voltage

We can get the battery voltage from the controller with the following SNMP walk command. Change the community “ubnt” to your SNMP community.

snmpwalk -c ubnt -v2c

Return value is

SNMPv2-SMI::enterprises.41112. = INTEGER: 24990

You may need to add a zero if you are trying to add the OID in LibreNMS for a custom OID.

Install NetworkMiner on Kali Linux

The Network Miner tool is a handy little utility that works great on Windows. It sorta works on Linux. Doesn’t appear to be able to read the traffic coming off the interface, but you can drag and drop a pcap file on it. You can export a pcap file from wireshark, but it needs to be a pcap, not the newer default pcap Wireshark defaults to. Can change it in the “Save as:”

Install Prerequisites

sudo apt install mono-devel

Download and Configure

wget -O /tmp/
sudo unzip /tmp/ -d /opt/
cd /opt/NetworkMiner*
sudo chmod +x NetworkMiner.exe
sudo chmod -R go+w AssembledFiles/
sudo chmod -R go+w Captures/

Should be ready to launch.

Launch Network Miner

mono /opt/NetworkMiner*/NetworkMiner.exe
Network Miner on Kali Linux

Further Thoughts and Reading

You could potentially get a live view of what is going on by using the “Receive Pcap over IP”

Maybe use something like

tcpdump -i wlan0 | nc localhost 57014

The following links should help and provide more information.

List of Default IPv4, IPv6, and MAC Multicast Addresses

Here is a list of common Multicast addresses.

Mac Addresses

CDP (Sends messages to)01:00:0C:CC:CC:CCMore info
MAC address Multicast Addresses


OSPF – Neighbor Discovery (All Routers)
OSPF – DR/BDR224.0.0.6More info
IPv4 Multicast Addresses


All IPv6 DevicesFF02::1
All IPv6 RoutersFF02::2
Router Solicitation?FF01::1?
IPv4 Multicast Addresses

How to Verify Signal APK

These steps are for Windows, but they should be very similar on macOS or Linux.


  1. Android Studio installed
  2. Install the latest SDK

Locate apksigner

Apksigner is part of the Android build tools should be in the SDK directory.


Lets open up a terminal and navigate to the build-tools. Replace 30.0.0 with the actual SDK version you have installed.

cd .\AppData\Local\Android\Sdk\build-tools\30.0.0

Alternatively use the full path (Replace username and 30.0.0 with actual username and SDK number)

cd C:\User\username\AppData\Local\Android\Sdk\build-tools\30.0.0\

Verify Signal APK

We can now verify the Signal APK with the following. Replace username with your username.

.\apksigner.bat verify --print-certs C:\User\username\Downloads\Signal-Android-website-prod-universal-release-6.0.6.apk

Scroll up to the top part and look for the part that says

Signer #1 certificate SHA-256 digest:

Check the signature against the signature on Signal’s website/

You may see a bunch of

WARNING: META-INF/xxx.version not protected by signature...

Sounds like this can be expected and is a common thing. The certificate is stored in META-INF which means that other files stored in META-INF are not protected. Most of the files in that directory are only version numbers of libraries the app depends on. There shouldn’t be anything important so shouldn’t be a security concern.

Restart UniFi services on UDM

Mark manages the Ubiquiti UniFi applications at Incredigeek Inc. and is unable to access the UniFi controller. It starts loading and then stops. The URL bar shows that it is trying to load a null network site.

Thankfully the WiFi is still working, Mark thinks to himself, but how am I supposed to manage the network? I am able to access the UniFi Core application, so maybe I can login using a secure shell and check on the application.

ssh root@

Once logged in, and after using the google, he finds that unifi-os restart will restart the UniFi applications. But I just need to restart the Network application. Running “unifi-os” –help reveals the following options.

# unifi-os --help
Usage: /usr/sbin/unifi-os [stop start restart shell 'update url']

Oh shell!

unifi-os shell

Alternatively, we know that on the UDM’s the UniFi Applications are run inside a Docker container. We could run “docker ps” to show the containers and then “docker exec -it unifi-os bash”

Now we can restart just the UniFi Network application.

systemctl restart unifi

It can take a little bit to restart.

Wireshark Filtering

Filter to show DHCP packets

You can find detailed info here.

But you should be able to filter out the DHCP request with either



Filter DHCP request

Filter by IP Address

ip.addr ==

Filter by Mac Address

eth.dst == 01:00:5e:7f:ff:fa

Better way to Filter

Wireshark has a robust set of options for filtering items.

From the Packet Details pane you can select any piece of information you want to filter, right click -> Apply As Filter -> Selected

You can also copy it and then past it in the filter bar. Right click -> Copy -> As Filter

Copy As Filter