totalnetsolutions.net

I see the Ubuntu battery life topic has gotten a litle more attention than normal lately, and we’re happy to have new visitors. I have several new posts in draft right now, work is just keeping them from being published immediately, so come back soon!

I drafted something on November 2nd about problems with Fedora 7 and SELinux. This still exists on Fedora 9, by the way. Just a quick “FYI” that there’s a big new technical fix posted, and your RSS reader probably didn’t pick it up (Google reader and Akregator didn’t).

I ran into a problem today where I couldn’t remember the native packet capture tool for Solaris and couldn’t install tcpdump, so i thought I’d put down as many as many native packet capture commands as I knew, by OS, in a single place.  I’ll update this as I find more, since there’s hundreds of Operating systems out there.

• AIX: iptrace: /usr/sbin/iptrace [ -a ] [ -b ][ -e ] [ -u ] [ -PProtocol_list ] [ -iInterface ] [ -pPort_list ] [ -sHost [ -b ] ] [ -dHost ] [ -L Log_size ] [ -B ] [ -T ] [ -S snap_length] LogFile
• FreeBSD: tcpdump (I think): tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -m module ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -E algo:secret ] [ expression ]
• HP-UX: nettl: nettl requires a daemon start, and other setup: /usr/sbin/nettl -traceon kind… -entity subsystem… [-card dev_name…] [-file tracename] [-m bytes] [-size portsize] [-tracemax maxsize] [-n num_files] [-mem init_mem [max_mem]] [-bind cpu_id] [-timer timer_value]
• Linux 2.4 and higher:
  • tcpdump (some distros): tcpdump [ -AdDefKlLnNOpqRStuUvxX ] [ -c count ] [ -C file_size ] [ -G rotate_seconds ] [ -F file ] [ -i interface ] [ -m module ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -E spi@ipaddr algo:secret,… ] [ -y datalinktype ] [ -z postrotate-command ] [ -Z user ] [ expression ]
  • wireshark (some distros, used to be called “ethereal”): GUI-config, no command-line, use tethereal for that
• Mac OSX: tcpdump (among others): tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -m module ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -E algo:secret ] [ expression ]
• Solaris: snoop: snoop [ -aPDSvVNC ] [ -d device ] [ -s snaplen ] [ -c maxcount ] [ -i filename ] [ -o filename ] [ -n filename ] [ -t [ r | a | d ] ] [ -p first [ , last ] ] [ -x offset [ , length ] ] [ expression ]
• Windows 2000, XP, 2003, Vista, 2008 and beyond: netmon (not installed by default): GUI config, filter creation info here

Any others anyone wants added (or corrected), just comment or email and I’ll update this.
(Edit 7/29/08 - change tcpdump link)

I’ve been working on something completely new for the past 2 months which has involved a lot of travel. 95% travel, which leaves precious little time to write new articles, especially as I’ve been spending my off-hours learning HP-UX 11 and Solaris 8 and 10. And I still have AIX 5 to learn too.

Apperantly Solaris 10 and OpenSolaris have a little quirk around how they work with DHCP and setting the system’s DNS name. In our test lab, all our systems are assigned addresses via Microsoft DHCP, which then registers (and un-registers) non-Windows systems in DNS properly. However, the x86 Solaris systems we built for a customer test came up with name “unknown”, every single reboot. Changing /etc/hosts and /etc/hostname.pcn0 or /etc/hostname.vmxnet0 (physical or VMWare) to reflect the new proper hostname, however, didn’t affect the server on reboot - the settings would still be there, but not reflected in the OS, in /etc/hosts, or in DNS.

A bit of searching turns out a bunch of posts talking about editing /etc/nodename to put in the system name, but that file doesn’t exist out of the box on a “complete” or “minimal” install, and I’m always hesitant to create new files by hand in /etc/ unless I’m 100% sure that’s what’s needed. According to this post on Sun.com, some logic, and some testing, I think what’s going on is:

1. Solaris expects DHCP to set the hostname of a system based on MAC address
2. In case DHCP does not set a hostname via MAC address, or if that hostname is wrong, Solaris provides an override mechanism called /etc/nodename
3. Because it’s an override, /etc/nodename is not created as a blank file, since that could be construed as “override DHCP with nothing”
4. Therefore, every new box I build needs touching after final login

I’m not a huge fan of this, but I’m also not a fan of the number of times I need to click a mouse on an OS Install using software from the last year. The short version of all this is:

If you have a Solaris 10 box on DHCP named “unknown”, best practices is to set the hostname on the DHCP server. Otherwise echo newservername > tee /etc/nodename and reboot. (with “tee” in the pipeline, you can “sudo” this command as well).

Here’s a couple of quick extra helpers for administering Windows Server 2008 Server Core.

1. Guy Teverovsky (Microsoft MVP) has created the CoreConfigurator which gives a small GUI to many of the initial setup pieces of Server Core, so you don’t have to follow my detailed (cryptic) instructions.
2. Create Shadow Copies on your Server Core file server with
   vssadmin add shadowstorage /for=C: /on=D: /maxsize=900MB
vssadmin create shadow
at 7:00am /every:M,T,W,Th,F,S,Su "vssadmin create shadow /for=c:"

   MaxSize can be bytes (/maxsize=10240), KB, MB, GB, TB, PB, or EB (/MaxSize=1EB), assuming your disk is that big.

I haven’t used CoreConfigurator myself, but I did create my shadow copies again finally on our main server today. There’s a backup that’s amazingly great to have.

Edit on July 8, 2008:  I forgot the”/for=c:” in my paste back to here -I was configuring another Windows Server 2008 Server Core file server and couldn’t figure out why the scheduled task wasn’t creating shadow copies properly.  Sorry to anyone who used this note and had issues.