totalnetsolutions.net

I ran into a problem today where I couldn’t remember the native packet capture tool for Solaris and couldn’t install tcpdump, so i thought I’d put down as many as many native packet capture commands as I knew, by OS, in a single place.  I’ll update this as I find more, since there’s hundreds of Operating systems out there.

• AIX: iptrace: /usr/sbin/iptrace [ -a ] [ -b ][ -e ] [ -u ] [ -PProtocol_list ] [ -iInterface ] [ -pPort_list ] [ -sHost [ -b ] ] [ -dHost ] [ -L Log_size ] [ -B ] [ -T ] [ -S snap_length] LogFile
• FreeBSD: tcpdump (I think): tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -m module ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -E algo:secret ] [ expression ]
• HP-UX: nettl: nettl requires a daemon start, and other setup: /usr/sbin/nettl -traceon kind… -entity subsystem… [-card dev_name…] [-file tracename] [-m bytes] [-size portsize] [-tracemax maxsize] [-n num_files] [-mem init_mem [max_mem]] [-bind cpu_id] [-timer timer_value]
• Linux 2.4 and higher:
  • tcpdump (some distros): tcpdump [ -AdDefKlLnNOpqRStuUvxX ] [ -c count ] [ -C file_size ] [ -G rotate_seconds ] [ -F file ] [ -i interface ] [ -m module ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -E spi@ipaddr algo:secret,… ] [ -y datalinktype ] [ -z postrotate-command ] [ -Z user ] [ expression ]
  • wireshark (some distros, used to be called “ethereal”): GUI-config, no command-line, use tethereal for that
• Mac OSX: tcpdump (among others): tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -m module ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -E algo:secret ] [ expression ]
• Solaris: snoop: snoop [ -aPDSvVNC ] [ -d device ] [ -s snaplen ] [ -c maxcount ] [ -i filename ] [ -o filename ] [ -n filename ] [ -t [ r | a | d ] ] [ -p first [ , last ] ] [ -x offset [ , length ] ] [ expression ]
• Windows 2000, XP, 2003, Vista, 2008 and beyond: netmon (not installed by default): GUI config, filter creation info here

Any others anyone wants added (or corrected), just comment or email and I’ll update this.
(Edit 7/29/08 - change tcpdump link)

(Originally drafted November 2nd, 2007, finally finished and posted much later)
As I posted last night, we built a new Fedora Core 7 box last night for PHP testing. Whenever at all possible, I leave SELinux enabled on new systems in Enforcing mode. Oracle 10g hasn’t had any issues with it, Oracle 11i EBusiness Suite hasn’t had any issues with it, and my NFS and FTP servers run without at hitch. The Oracle systems are RHEL4 (Red Hat Enterprise Linux 4), and the NFS and FTP servers are RHEL5.

However, this new PHP webserver caused a few glitches. I feel a little silly for not catching this as being an SELinux problem earlier, but since it’s caused 0 issues in 9 months of use in production, I didn’t even consider it initially.

What we initially saw was 0 errors from PHP - all the pages would run without error. PHP.ini has the following lines:

sendmail_from = from@domain.com
sendmail_path = /usr/sbin/sendmail -t -i

and testing cat mail.txt | /usr/sbin/sendmail -t -i as a non-root user delivered mail properly as well. Combine that with /var/log/maillog being completely empty for every test page loaded, and it was sure that the mail wasn’t getting TO postfix (our preferred localhost MTA).

So, I looked at the /var/log/httpd/error_log for apache and found:

sh: /usr/sbin/sendmail: Permission denied
sh: /usr/sbin/sendmail: Permission denied
sh: /usr/sbin/sendmail: Permission denied
sh: /usr/sbin/sendmail: Permission denied
sh: /usr/sbin/sendmail: Permission denied

But I knew that non-root users could access sendmail as defined in php.ini, so I finally decided to tail /var/log/messages and saw:

Nov 2 11:05:41 $(servername) setroubleshoot: SELinux is preventing the sh from using potentially mislabeled files sendmail.postfix (sendmail_exec_t). For complete SELinux messages. run sealert -l c9001c48-5d48-4b7c-9fd7-8400544daa8f

So now to fix it…
This is surprisingly simple, actually. The sad part is, we had this problem, fixed it, forgot about it, had it again, and I blogged it… and lost the post. so this has been sitting in my “drafts” folder for about 10 months now:
setsebool httpd_can_sendmail=true
service httpd restart
service postfix restart
And retry sending mail. There’s a few posts about sendmail and having to change permissions on home directories or on “main.cf”, but I use postfix, and not sendmail, so I don’t know how effective or necessary those changes are.

I’m hunting down an issue on Fedora Core 7 where PHP5 can’t send mail using sendmail or postfix. In /var/log/httpd/access_log we are getting sh: /usr/sbin/sendmail: Permission denied every time the mail() function is accessed, and postfix never sees any connection. This is being caused by SELinux blocking Apache from transitioning from the “httpd” role to the “mta” role - I’m just not sure what the *best* way to fix it is yet. I haven’t seen many posts about this, so stay tuned - I expect to have a fix tomorrow afternoon.

Previously I mentioned some issues I had been having on Kubuntu Feisty Fawn with disk utilization seemingly caused by unflushed disk buffers. I alluded to believing that my “laptop-mode.conf” parameters were at fault.

With my recent upgrade of that same laptop to Kubuntu Gutsy Gibbon, I kept the laptop-mode.conf file a bit closer to the maintaner’s version. There are some changes to the “dirty-writeback-centiseconds” and the “dirty-background-ratio” values from what I posted, and my issue seems to have gone away. I’ve been able to go back to running my Windows 2003 SBS server with a Centrify DirectControl lab environment and a RHEL 4 Oracle 10g server attached at the same time.

The configuration files that work MUCH better are attached here:

laptop-mode.conf

cpufreqd.conf

I upgraded my Dell D620 from Feisty to Gutsy this weekend, which included an upgrade to kernel 2.6.22. Every time there’s a kernel upgrade, VMWare Workstation needs to be reconfigured with “vmware-config.pl”. This isn’t an issue normally, but today it was. Thanks to Chris Hope with Electric Toolbox I was able to fix the problem quick and easy.

For completeness the error I was getting was the same:
/tmp/vmware-config1/vmnet-only/userif.c:630: error: ‘const struct sk_buff’ has no member named ‘h’
when trying to build the VMNet module - VMMon built and inserted perfectly. Downloaded 6.0.1 and installed it, and I’m back and in the game.