2013, let’s get to it.

Leave a reply

I’ve now had a full two months away from the gym and any form of physical fitness and my goodness I can feel it. My waist line is bigger, I have a lack of energy and I’m constantly find myself procrastinating rather than doing. To top it off, I’m also having trouble sleeping.

In March I’m planning on doing a good amount of off-piste Skiing and in May I’ll be doing the tough mudder challenge for charity. These are both things that I have to be fit for. I’ve went through three stages of fitness in 2012 that was centralised around body-building exercises but with large amounts of cardiovascular exercise so I wouldn’t get ‘big’ as bodybuilders like to get. It turns out that I was doing too much cardio, later while reducing my cardio when I became aware of this problem I then reduced it too much and my metabolism slowed and following this I began to lose focus. It was around this time that I decided December is about to begin; I’ll simply stop till 2013. And so here we are.

I’ll try and keep this short. Gone are the days of running and doing weight training alone, from now until the end of January I’ll be completing lots of body weight exercises coupled with explosive compound movements. I’ll also be adding in high intensity cardo exercises. Cardio has always been a problem for me as my left knee can cause me great pain due to sustained impact damage, luckily I’m a great fan of rowing and it will become a core component in getting to a base level of fitness over the coming month.

I’ve had my first gym session this evening and it consisted almost entirely of cardio; rowing, running and the cross trainer. The main goal today was simply not to be sick over someone, it was touch and go for a few moments but I left with my pride intact.

I’ve ordered my usual set-up of supplements that I take, after taking them for years you get to figure what ones work best for you. Arriving tomorrow will be my Optimum Nutrition whey protein for muscle growth and recovery. For the next two months I’ll have to eat six meals a day, I don’t have time to cook during the week and this protein works as a great meal replacement along with my pre and post workout shake and my highly important shake before bed. Along with this I’ve got my PhD Nutrition BCAA’s, literary the building blocks of muscle. After your workout these will be broken down in your body and create amino acids for muscle repair. Finally some Reflex Zinc Matrix or ZMA as it’s known. This works as a natural testosterone booster if you believe the hype but I think it’s a lot of rubbish. What they defiantly do however is support your natural circadian body clock and assist with a great nights sleep. What I already have is the usual line up of creatine, fish oils and a multivitamin. Of course all of this is secondary to a top notch diet, I had my last drop of semi-skimmed milk at 6.20pm. So let’s see how we get on.

Project Sputnik

1 Reply

Now I’ve got rid of windows 8, I’ve went back to what I know and that’s ubuntu. Now there have always been problems running ubuntu on my notebook, problems I’ve documented in previous posts but for a quick example after installing the OS I’ve had no keyboard or mouse functionality whatsoever, and that wasn’t the end of it. This means when loading my notebook it’s taken considerable amount of my time to get it working.

Luckily for me it would seem that enough people cried to dell about their not being a truly supported notebook and off the back of this noise project Sputnik arisen.

The idea was pretty simple, take high powered mobile notebook and ensure that every component is supported and tested on ubuntu creating an ultra desirable and extremely functional notebook for developers. Lucky for me that the notebook they chosen is the XPS 13, almost identical in components to my the XPS 15z.
I’m now running the Sputnik Kernel and some additional software from Dell;
Linux elf 3.5.0-21-generic #32+kamal11~DellXPS-Ubuntu SMP Wed Dec 12 18:27:38 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

The good news is that every problem I’ve ever had with linux on this notebook is now resolved; wifi, occasional sleep issues, display brightness and ACPI functioning as it should be.

Wonderful. In addition to this Project Sputnik is no longer a project, it’s now a fully operational program within Dell and you can buy the XPS 13 Developer Edition notebook from their website. I should highlight I used to work for Dell many long years ago – this isn’t a plug I’m just happy my notebooks preforming better than ever.

Check out the Project page at the following URL;

http://content.dell.com/us/en/gen/d/campaigns/xps-linux-laptop

Goodbye Windows 8.

2 Replies

This OS doesn’t know what it is.

It has some strong areas such as speed and some significant weak areas, in fact it has too many weak areas. Its default file association with metro is extremely annoying. Take PDFs for example, I wouldn’t be too bothered opening these in metro if I was able to complete some other tasks while having the pdf open, however once a pdf is open its locked into full screen so the end result a reduction in functionality and in turn productivity.

This however isn’t the reason why I’m dumping windows 8. The reason is I can’t afford another notebook. When you close your notebook the OS detects that it’s to do one of the following things, place the notebook into sleep or place the machine into hibernate mode. Unfortunately when closing my dell 15z notebook, 4/5 times it will send the computer to sleep as designed. It’s this 1/5 that’s the problem, when I close my notebook I place it in my bag and if that device is still running there is a big problem. This is now the fourth time I’ve opened my bag to find the notebook still on when it should be asleep with the single fan running at 100%. The computer is red hot and I have to be honest I have no idea how this 15z has survived. Looking around the net it would seem a number of others are experiencing the same problem.
I decided to test the notebook with a linux live cd and 20/20 the notebook goes to sleep as expected and looking back I never experienced this problem when I used windows 7.

This is just the final nail in the coffin for my sordid relationship with this confused OS. I’m no longer returning its calls, hopefully Mark Shuttleworth will take me back.

 

Beginning the quest for MCSA.

Leave a reply

With the cold winter beginning to blanket the island the thought of venturing outside is becoming less and less appealing. With this in mind it’s now well and truly certification season and after and already successful year with certifications in respect to Cisco I’ve decided this year to begin my quest for MCSA status.
I’ve never been a fan of Microsoft exams. I’ve found them to be expensive exercises in knowledge retention and the exams are not particularly fare; one answer will read very similar to another almost as if they are trying to trick you. In the IT community it accepted that Microsoft exams are designed this way; authors for Microsoft press are specifically told to create questions in this fashion. With this in mind I’ve never been pushed to dedicate time to these exams – Once I completed all the Server 2003 course work there has never been not enough significant change in the server curriculum to bother – until now.
Server 2012 is a completely different animal to the past server versions. HyperV-3 has finally matured to hypervisor worth its salt (on paper at least) and although I have my reservations that large scale enterprise organisations will be breaking down Microsoft door to replace VMWare with hyper-v3 in any immediate space of time, I believe hyper-v3 has the ability dominate the small to medium sized enterprise space. With Server 2012′s matured hyper-v, focus on private cloud and SLA driven architecture not to mention the significant licence savings in comparison to other top tier virtualisation alternatives I believe we will see significant adoption of server 2012 towards late 2013.

So what does it take to become a Microsoft Certified Solutions Associate these days? Well I’m going to have to pass three exams.
Exam 70-410
Installing and Configuring Windows Server 2012 (M20410)

Exam 70-411
Administering Windows Server 2012 (M20411)

Exam 70-412
Configuring Advanced Windows Server 2012 Services (M20412)

Once you pass these three exams you will achieve MCSA status. The general consensus is that the certification takes around 12-14 months of study to complete however this is a gross generalisation– it all depends on the student. I’ve already began learning about server 2012 through the Microsoft virtual academy and I’ve pre-ordered the Microsoft press books required for the certifications however they are not published till the 31st of December. In addition to this I’ve about finished constructing my student platform consisting of three servers that I’ll be using for all three modules.

Exam 70-410 is my first challenge to overcome, so with all that said – let’s get involved.

 

Streaming videos speeding up. Ubuntu 12.04

Leave a reply

So strange things have been happening as of late on my notebook. Online videos, be that HTML5 or flash video have been playing at inconsistent speeds. Some vidoes will play 3x faster or on occasion slow down at different rates. Interestingly enough this seem related to the pulseaudio audio server. Odd thing is that this is used for all sounds on the system but it was only causing a problem with data available from online streaming.. i.e. youtube or netflix (through a vm).

 

Killing the pulse audio server resolves the issue ‘killall pulseaudio’ Then start the server again ‘pulseaudio’. I have no idea why this is happening yet, I’ve not experienced it on my workstation but at least this resolves the problem in the short time.

 

Dell z15 (or 15z even), Slow network connectivity on ubuntu precise pangolin.

1 Reply

I’ve noticed some horrific latency issues and extremely high transmit errors from my notebook wireless connection, upon checking iwconfig the excessive retries were in the tens of thousands…

The Dell 15z is Dells attempt at building a MacBook Pro, the majority of ‘cool kids’ in my company have one but as it stands I’m the only person running linux so I can’t check if this is a common problem wit h this specific chipset.

Checking a simple ping test to my default gateway I was shocked to see responses measured in the hundreds of milliseconds!

:~$ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=79.4 ms
64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=82.5 ms
64 bytes from 192.168.0.1: icmp_req=3 ttl=64 time=105 ms
64 bytes from 192.168.0.1: icmp_req=4 ttl=64 time=25.7 ms
64 bytes from 192.168.0.1: icmp_req=5 ttl=64 time=48.7 ms

My dell z15 has the following wireless chipset and intel driver;

lshw -c Network
*-network
description: Wireless interface
product: Centrino Advanced-N 6230
vendor: Intel Corporation
physical id: 0
bus info: pci@0000:03:00.0
logical name: wlan0
version: 34
serial: 88:53:2e:35:95:67
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress bus_master cap_list ethernet physical wireless
configuration: broadcast=yes driver=iwlwifi driverversion=3.2.0-29-generic         firmware=18.168.6.1

After further investigation it would seem the problem is with the power acpi power control.

With Power Management:on the response time is extremely height however with the notebook powered by AC and power management:off we start to see response times much more in keeping to a host within the same LAN;

 

64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=1.77 ms
64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=1.05 ms
64 bytes from 192.168.0.1: icmp_req=3 ttl=64 time=1.06 ms
64 bytes from 192.168.0.1: icmp_req=4 ttl=64 time=1.29 ms
64 bytes from 192.168.0.1: icmp_req=5 ttl=64 time=0.934 ms

 

I had a quick google and it turns out this is quite a common problem going by the number of posts I found. It’s not a root cause fix but clearly disabling the power management for the wireless will solve the issue.

touch a file in /etc/pm/power.d/ and populate it with the following script;

#!/bin/bash

/sbin/iwconfig wlan0 power off

Restart your network configuration and this will change your wireless power management to off when your notebook is on battery. Just over 1ms to my default gateway. Tequila time.

**Thanks for correcting the mistake Mr W**

Network monitoring with MRTG – RRDTool and Routers2.cgi

1 Reply

I’ve recently built a system for monitoring network traffic using the MRTG, RRDTool and Routers2 systems. While learning how to do this I’ve read a fair amount of text however the majority of the information online is either all about MRTG or RRDtool or Routers2.cgi so I couldn’t find a guide going over all three. The following is a guide I’ve created in the process so another sysadmin can save perhaps a spot of time. Please let me know of any corrections, this has worked for me but please remember as with anything you find online, your mileage may vary.

You can see a working example of what the finished system will look like…  http://www.steveshipway.org/cgi-bin/routers2.pl

So to kick off build default centos 6.3 server and install the following features;

Apache with PHP support, MySQL Server and ntp, if you have done a minimal install install perl-cgi.

yum install apache2 php mysql-server ntpd perl-CGI.x86_64 -y

 

The time is very important on a monitoring server so this host will be synchronized with some regional NTP servers as follows;

chkconfig ntpd on

Edit your /etc/ntp.conf and add whatever servers you wish to use. Im in the UK so these are fine. I’ve added iburst after each server to speed up synchronisation between the hosts so it’s faster getting the most accurate time.

 

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

server 0.uk.pool.ntp.org iburst

server 1.uk.pool.ntp.org iburst

server 2.uk.pool.ntp.org iburst

 

Start your ntp service /etc/init.d/ntpd start, check for errors.

 

Configure your system with a static IP and switch off selinux if using it. You can leave this on if you wish however this is an internal host so I never bother. You can disable iptables if you wish, I like to keep it running. Remember the server monitors the hosts by querying them so as long as your outbound connections are not impeded and you have inbound port 80 for the routers2 web page allowed (restricted to some subnets) then that is all the firewall rules you will require.

The next step is to create a user for MRTG.

 

useradd -c “MRTG Service account” mrtg

passwd ****

 

Now to start the install of MRTG, for this we need MRTG and also RRDTool and RRDTools perl module. We will also need Perl_GD for drawing all the pretty pictures.

yum install mrtg rrdtool rrdtool-perl perl-GD -y

MRTG can work completely independently of RRDTool. MRTG makes lots of nice graphs for you to view with an accompanying web page for whatever metric you choose to measure. RRDTool acts as a storage repository that makes MRTG so much more efficient with the data it would normally save in lots of .log files. This means once you’re saving in .rrd format MRTG will no longer populate .log files or create web pages for you, at all. Later we’ll install routers2.cgi, this takes care of the web page in a very user friendly format.

Once yum has installed MRTG the default path for the MRTG site files /var/www/mrtg/

This is now the point when you can test MRTG functionality. Ensure that apache is running /etc/init.d/httpd [status][start]

For this test you will need a device that is running snmp version 1,2 or 3. We will use a program included with MRTG called cfgmaker. You could write your MRTG config files by hand however this would be madness and cfgmaker is a great tool that will take care of the grunt work. cfgmaker has a large number of options that can be set with it and I wont go into them all as there are pages dedicated to this on the internet, so I’ve included the ones that I feel are most suited to the network graphing platform I’m building. See http://oss.oetiker.ch/mrtg/doc/cfgmaker.en.html for more information.

 

If you notice the final section of the cfgmaker command public@$hostname, this is the snmp community string and the host you wish to monitor. I’ve included a global config that looks for the hostname via dns however you can add the IP address alone if you wish, simply remove this line. This final option in cfgmaker is to specify the location and name of the new config file you will create.

Normal MRTG appends to one central config file the mrtg.cfg and just about everything you read on the internet doesn’t deviate from this. When you use routers2.cgi it prefers your cfg files separate for each host so a new .cfg will be required for each device.

*With DNS lookup*

cfgmaker –global “workdir: /var/www/mrtg/” –dns-domain=somedomain.co.uk –global “Options[_]: growright,bits” –no-down –ifref=name –ifdesc=descr public@$hostname –output /etc/mrtg/$hostname.cfg

 

Once you have created your MRTG config file you need to have the MRTG executable parse the file. Load the mrtg config into the location of your mrtg executable.

/usr/bin/mrtg /etc/mrtg/$host.cfg

 

When you run this for the first time you will get the following warning;

———————————————————————–

 

ERROR: Mrtg will most likely not work properly when the environment

variable LANG is set to UTF-8. Please run mrtg in an environment

where this is not the case. Try the following command to start:

 

env LANG=C /usr/bin/mrtg /etc/mrtg/$hostname.cfg

———————————————————————–

 

 

Re-invoke the same command as it says with the environment variable set to LANG=C. We’ll script this into our cron job later but for now this is fine.

 

Run it once;

env LANG=C /usr/bin/mrtg /etc/mrtg/BHOST.cfg

Then again (you only need to do this for the first time);

env LANG=C /usr/bin/mrtg /etc/mrtg/BHOST.cfg

 

 

You can then view your MRTG output by creating an overall html page for each device.

indexmaker –output mainindex.htm /etc/mrtg/$host.cfg

 

At this point I’ll save you a bit of time. Chances are you will be doing this on a remote test server like myself. Rightly so the /mrtg config file has been restricted to localhost, to fix this edit /etc/httpd/conf.d/mrtg.cfg

 

This is on my internal network with no access to the outside so I’ve set the defaults to;

Alias /mrtg /var/www/mrtg

 

<Location /mrtg>

Order allow,deny

Allow from all

Allow from 127.0.0.1

Allow from ::1

# Allow from .example.com

</Location>

 

Check your web browser and you will see your chosen hosts traffic metrics $server/mrtg/mainindex.htm

 

That is now the base MRTG up and running.

 

 

Adding RRDTool.

 

We’ll move on to using RRDTool to get all that data placed into rrd files. There are two bits of information you need to include in your cfgmaker command as noted http://oss.oetiker.ch/mrtg/doc/mrtg-rrd.en.html

 

The path to your rrdtool executable [PathAdd:], and the path to your rrd perl module [LibAdd:]. These will be different depending on how you installed rrd.

 

Include these as global options in your cfg maker command. I’ve also included the fork option will create multiple child instances of mrtg while polling for snmp data and return the answer to the parent process. 10 seems as good a number as any on a dedicated box.

 

cfgmaker –global “workdir: /var/www/mrtg/” –dns-domain=somedomain.co.uk –global “Options[_]: growright,bits” –global “LogFormat: rrdtool” –global “PathAdd: /usr/bin” –global “LibAdd: /usr/lib64/perl5″ –no-down –ifref=name –ifdesc=descr –global “Forks: 10″ public@$hostname –output /etc/mrtg/$hostname.cfg

 

Run your configmaker command and follow by running; env LANG=C /usr/bin/mrtg /etc/mrtg/$host.cfg.

 

Eh volia, you will know it’s working due to your lack of log files and lack of html pages in your workdir and or course the presence of some .rrd files.

 

 

Viewing our MRTG and RRD data with Routers2.cgi

 

Now for our web interface. We’ll be using Routers2.cgi.

First of all you’ll need to wget the latest version from http://www.steveshipway.org/software/index2.html

Untar it and proceed to run through the ./install script making sure the locations of files requested are correct.

Once the script has finished have a quick check in your httpd.conf to see if mod_expires is loaded, if it’s commented out uncomment it and restart httpd/apache service.

 

If you head over to $server/cgi-bin/routers2.cgi you’ll see a nice web interface. What we now need to do is generate a config file for each device that you wish to monitor. It can be hard work knocking up a cfgmaker command each time for people that don’t know what it does so the best way I found is to generate a bash script and add the devices that way. The following… or thereabout will do just fine…

 

#!/bin/bash

 

echo -n “What is the name of the device you wish to monitor, i.e. core-switch-a1 followed by [enter]? ”

read device

echo “You have selected “$device

echo -n “What is the snmp community string? [enter]? ”

read community

echo “The snmp community is “$community

 

cfgmaker –global “workdir: /var/www/mrtg/” –dns-domain=somedomain.co.uk –global “Options[_]: growright,bits” –global “LogFormat: rrdtool” –global “PathAdd: /usr/bin” –global “LibAdd: /usr/lib64/perl5″ –no-down –ifref=name –ifdesc=descr –global “Forks: 10″ $community@$device –output /etc/mrtg/$device.cfg

 

 

Remember that this version of this script will look up the hosts DNS name, you might not want to do this but I do because if it fails it bombs out and that means whoever has ran the command has more than likely entered the host name wrong, where as if you add the IP alone it will add the incorrect device and collect no data.

 

Once you’ve added all of your devices the last thing is to get them checked at regular intervals. The default is five minutes however I think a one minute check is suitable in the on-demand world of today. There are two ways to have mrtg processing your devices, you can run the service as a deamon or you can set up a cron job. I was instantly attracted to configuring it as a deamon however if the deamon fails I don’t fancy getting up in the middle of the night to start it or worse checking systems monitor in the morning and finding I’ve collected no data for eight hours. I decided crontab was the way to go, however I’ll show you how to do both.

 

 

Deamon;

To configure the look up as a deamon you have to ensure you add an extra global config command to each .cfg file so this will have to be added into your script. The extra command is;

 

–global ‘RunAsDaemon: Yes’

 

After that ensure the MRTG deamon is running on init with chkconfig mrtg on. For Debian people I’m guessing you will add it to /etc/rd.local or thereabouts.

 

Crontab;

The seconds option is to use crontab, edit crontab with ‘crontab -e’ and add;

*/1 * * * * env LANG=C /usr/bin/mrtg /etc/mrtg/*.cfg –logging /var/log/mrtg.log

 

This includes the C language environment variable and it’ll check it every minute. I’m afraid there are no prizes here for figuring how to increase or decrease the interval of checks.

 

…and that’s that. One thing I’ve not really went into is security, I’d set up my MRTG user to run this for other users as you wouldn’t want to run it as root. You could set the mrtg user to start with a bash -r shell and only allow access to this script, that should lock it down quite significantly.

 

That’s all you need. All devices you add should be monitored every minute for network traffic. Any questions, corrections or comments please let me know.

Microsoft 2008 DISM, product key not recognised.

Leave a reply

Sometimes you will need to upgrade an edition of windows, be that
from standard to enterprise or enterprise to datacentre. When this
requirement crops up it’s best to use the windows DISM and update
the server right from the CLI without the need for media or a
reinstallation of the machine.

You can only upgrade with DISM, so ensure you’re upgrading to the
correct version as there is no downgrade i.e. no way back!

Anyway in usual Microsoft style you might find, as I did that your
product key is not recognised even though it’s the correct version
or a standard/enterprise volume licence key – yet another epic part
of the flawless windows licencing system.

To get around this you can phone Microsoft an spend thirty minutes
on the phone to ms clearing and they will give you a temporary
licence key that will allow you up upgrade from the CLI…

…Or you can read this post and use this one;
Temp License key: 489J6-VHDMP-X63PK-3K798-CPX3Y.

So to upgrade simply follow these steps;
1.
C:\Windows\system32>DISM /online /Get-TargetEditions

2. Select your edition;
C:\Windows\system32>Dism /online /Set-Edition:ServerEnterprise
/ProductKey:489J6-VHDMP-X63PK-3K798-CPX3Y
Restart.

Next just use your correct retail or SPLA key and activate windows as
usual.

Simples.

Cloud Computing? Ermm… ..

Leave a reply

This morning Microsoft’s online ‘cloud‘ services, encompassing hotmail, skydrive and there much coveted Office365 suffered a major service failure resulting in four hours of downtime for there users, not just some users but all there users, everywhere.

Welcome to the cloud, where fluffy imagery of cumulus painted over a green ocean of pine trees supposedly representing something to do with energy efficiency is all the rage. If you buy into this Waltz Disney marketing then you’re in for a treat because you’ll be promised 100% service uptime on all of your critical systems and applications, significantly reduced costs and the ability to downgrade your IT department to just two staff with the mental aptitude of the boy from deliverance.

You probably already use one of these services and don’t know it. Spotify for instance and using spotify as an example we can point out the obvious problem with cloud computing. When I listen to spotify on my iPhone it’s great, almost every song I could ever want at my fingertips but when I get on the subway I lose my phone signal and I then have an eight minute outage till I can get up to ground level.  All the worlds music at my fingertips, gone.

Now spotify was a good example to use because everyone knows how great it is, so I need to be clear that I’m not attempting to detract from the fact that cloud computing isn’t a good idea, it’s a fantastic idea but it does have it’s downsides. Most companies will not be too pleased with having there business data stored in a datacentre in England then replicated to somewhere in Germany; there’s some documents you really don’t want to be kept offsite. However the key problem is this, when you lose your net connection you lose your ability to carry out any of your fundamental business tasks, be this using your cloud ERP system, productivity suite or Farmville. You can mitigate some of the dangers by having a second internet tail installed on a different carrier but who’s to say the internet problem will be with your tier three provider and not a level up at Tier two? Not to mention an additional 12Mb circuit from cable and wireless is about thirteen grand a year, small business owners rejoice.

Better still, what happened with Microsofts outage wasn’t anything to do with these scenarios; they had an error with there DNS system. No end to end system is ever fully redundant and by there design most never will be and anyone who tells you we have a 100% uptime with a end2end n+2 is platform is pretty much lying.

There is still a lot to be said for locally installed applications and locally housed data, onsite outages occur and there’s no getting past that but you don’t need to place your companies entire future in the hands of a third party. To do so is simply…well, daft.

Microsoft is not the first high roller to suffer such a high media outage, Amazon has recently suffered an outage thats duration was measured in days and not hours. Google has been blasted with multiple outages since the launch of its services the longest lasting thirty hours. Looking to the future when every house doesn’t just get there applications but there entire computer from the cloud (VDI is just the stepping stone to this) I will get pretty angry if I’ve just upgraded my streamed personal computer  £17.99 a month contract to get the latest graphics card and some clown in Microsoft accidentally blasts a zone record. Going on simple guesstimation here I might not be able to play battlefield 3 for at least a few days…

 

Analysing network traffic on Linux

Leave a reply

Sometimes when you think something will be easy to fix it turns out to be a while different ball game and things get nasty. What I’ve realised over the years is that getting wireshark out is always linked with having a bad day.
However most of the time you won’t need a full blown traffic analyser such as wireshark what you will require is something that can analyse tcp traffic to interfaces. In steps tcpdump.

I had an issue that my server was listening on the correct port, and no previous sockets were built however each time I attempted to connect it would fail. Now first of all you would check the basics such as firewall exception in place and ensure the port’s not being used by another somewhat cheeky application. Once this is checked and networking everywhere else is functioning as normal its usually time to get out a network traffic analyser. In this case I didn’t have to install wireshark as Linux has tcpdump built into the OS.

This will only show you network and the TCP segment of the transport layer so if you are sniffing for encrypted passwords etc you would need to use wireshark or some other layer 7PDU analyser. If you want to give it a try here’s some basic commands to get you started.

First of all tcpdump is invoked from the command line simply as you would expect

HOSTNAME:$ tcpdump

Chances are you are going to be running this from an SSH connection so we need to ensure that any data going from your client to the server is removed on port 20 as it will fill up your logs in no time at all. The way we remove ports is to use, you guessed it ‘not port

So for example;

HOSTNAME:$ tcpdump not port 22

Ok so that’s fine, if you were to run this it would analyse traffic on all network interfaces ( including the loopback interface ) and essentially spam your screen so much so that it would be useless. What we need is a way to narrow our scope and a way to search through these thousands of lines of data.

The -i switch stands for interface and yes using it you can select the interface that you want to collect your data on, in my case this was eth0. On top of this we want to stop scrolling all this unusable data to our screen and save it so the -w switch allows us to write out the contents to a file. Combining these two we would get;

HOSTNAME:$ tcpdump -i eth0 -w filename.cab not port 22

Excellent. To stop running the program you simply ctl-c as you would with the majority of other linuxs applications.

It’s not as simple as being able to grep the .cab file I’m afraid, or at least I couldn’t do it. It’s a TCP dump propitiatory file so we need to have tcpdump read the file back in to see it’s contents;

HOSTNAME:$ tcpdump -r filename.cab

This would output it once again to your screen… not quite so manageable eh?

HOSTNAME:$ tcpdump -r filename.cab > filename.txt

So this converts it to a txt file that you can grep the incoming IP address. In my case I had a quick grep for ‘syn’ to look for a TCP connection establishment segment from the clients IP and no virtual circuits were being created.

In the end I set the application up on a separate interface that has a TCP stack that doesn’t seem damaged and it worked it should have done.

So while it didn’t help me find the route cause of the problem it let me identify what part of the system was failing and in turn a resolution.