Technology

Archived Posts from this Category

2012-02-23

Network packet capture on different OSes

Posted by Robert Auch under HowTo, Linux, Unix | Tags: , , , , , , , , , , , , , |
Leave a Comment 

I ran into a problem 2 years ago where I couldn’t remember the native packet capture tool for Solaris and couldn’t install tcpdump, so i thought I’d put down as many as many native packet capture commands as I knew, by OS, in a single place.  I’ll update this as I find more, since there’s hundreds of Operating systems out there.

  • AIX: iptrace: /usr/sbin/iptrace [ -a ] [ -b ][ -e ] [ -u ] [ -PProtocol_list ] [ -iInterface ] [ -pPort_list ] [ -sHost [ -b ] ] [ -dHost ] [ -L Log_size ] [ -B ] [ -T ] [ -S snap_length] LogFile
  • FreeBSD: tcpdump (I think): tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -m module ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -E algo:secret ] [ expression ]
  • HP-UX: nettl: nettl requires a daemon start, and other setup: /usr/sbin/nettl -traceon kind… -entity subsystem… [-card dev_name…] [-file tracename] [-m bytes] [-size portsize] [-tracemax maxsize] [-n num_files] [-mem init_mem [max_mem]] [-bind cpu_id] [-timer timer_value]
  • Linux 2.4 and higher:
    • tcpdump (some distros): tcpdump [ -AdDefKlLnNOpqRStuUvxX ] [ -c count ] [ -C file_size ] [ -G rotate_seconds ] [ -F file ] [ -i interface ] [ -m module ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -E spi@ipaddr algo:secret,… ] [ -y datalinktype ] [ -z postrotate-command ] [ -Z user ] [ expression ]
    • wireshark (some distros, used to be called “ethereal”): GUI-config, no command-line, use tethereal (now tshark) for that
    • tshark: tshark [ -a <capture autostop condition> ] … [ -b <capture ring buffer option>] … [ -B <capture buffer size (Win32 only)> ]  [ -c <capture packet count> ] [ -C <configuration profile> ] [ -d <layer type>==<selector>,<decode-as protocol> ] [ -D ] [ -e <field> ] [ -E <field print option> ] [ -f <capture filter> ] [ -F <file format> ] [ -h ] [ -i <capture interface>|- ] [ -l ] [ -L ] [ -n ] [ -N <name resolving flags> ] [ -o <preference setting> ] … [ -p ] [ -q ] [ -r <infile> ] [ -R <read (display) filter> ] [ -s <capture snaplen> ] [ -S ] [ -t ad|a|r|d|e ] [ -T pdml|psml|ps|text|fields ] [ -v ] [ -V ] [ -w <outfile>|- ] [ -x ] [ -X <eXtension option>] [ -y <capture link type> ] [ -z <statistics> ] [ <capture filter> ]
  • Mac OSX: tcpdump (among others): tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -m module ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -E algo:secret ] [ expression ]
  • Solaris: snoop: snoop [ -aPDSvVNC ] [ -d device ] [ -s snaplen ] [ -c maxcount ] [ -i filename ] [ -o filename ] [ -n filename ] [ -t [ r | a | d ] ] [ -p first [ , last ] ] [ -x offset [ , length ] ] [ expression ]
  • Windows 2000, XP, 2003, Vista, 2008 and beyond:

Any others anyone wants added (or corrected), just comment or email and I’ll update this.
(Edit 7/29/08 – change tcpdump link)
(Edit 10/13/08 – add tshark info, thanks Jefferson!, and wireshark on Windows)
(Edit 2/23/2012 – repost since a DB problem lost this post.  Thanks wayback machine!)

 

2012-01-25

What date is XX days from today?

Posted by Robert Auch under HowTo, Open Source Software, Unix | Tags: , |
Leave a Comment 

A quick CLI reference for perl people…

perl -e ' my @t=localtime(time() + $ARGV[0]*24*60*60); $t[4]++; $t[5]+=1900; print "$t[4]/$t[3]/$t[5]\n";' XX

I’ve needed this 2x today already, and hope it helps you!

Edit:
Someone made a comment, as people on the internet are prone to do, so here’s the long-form non-one-liner version:


#!/usr/bin/perl
my $addDays = shift;
my ($second, $minute, $hour, $day, $month, $year, $dayOfWeek, $dayOfYear, $daylightSavings) = localtime(time());
my ($fsecond, $fminute, $fhour, $fday, $fmonth, $fyear, $fdayOfWeek, $fdayOfYear, $fdaylightSavings) = localtime(time() + $addDays*24*60*60);

#fix 0 = 1 values, and "0 = 1900" problem:
$month++;
$fmonth++;
$year+=1900;
$fyear+=1900;

print "today is: $month/$day/$year\n";
print "$addDays days from today is: $fmonth/$fday/$fyear\n";

Run it as:

rob@laptop:~$ fdate.pl 50
today is: 1/25/2012
50 days from today is: 3/15/2012

 

2011-10-05

Dynamic MTU in Debian/Ubuntu

Posted by Robert Auch under HowTo, Linux, Networking
1 Comment 

I know it’s probably an unusual situation, but in the lab we have Jumbo frames turned on for all the servers and test boxes. It makes a huge difference copying ISOs between hosts, and doing network backups. However, my Kubuntu laptop isn’t always in the lab network. This means that I almost never remember to change the MTU when I’m back in the office, OR I remember in the middle of a transfer, when it’s already too late to gain the benefits.

So I wrote a little script, and put it in /etc/network/if-up.d/ [edit: under NetworkManager, use /etc/NetworkManager/dispatcher.d isntead] named “jumbo-frames.sh”. The if-*.d/ structure is designed for exactly this purpose: run a script when an interface comes up. The basic premise is: If I’m plugged into a wired network (eth0) in the lab (domain or IP address match certain parameters), then set the MTU to 9000 (jumbo frame support), otherwise assume the network has a normal MTU (1500). This allows the system to reconfigure on the fly if I put it to sleep and go visit a customer.

Here’s the code:

#!/bin/sh
# Set support for jumbo frames when at home on wired network, else do not.
# Determine home network based on IP address and DNS-determined name.
# $IFACE should be set by the caller.

PATH=/sbin:/bin:/usr/sbin:/usr/bin

IFC=/sbin/ifconfig
INT=”eth0″
MTU=9000
DEFMTU=1500
#name of the DNS domain to assume as “home”
HOMED=”totalnetsolutions.net”
#IP Subnet to assume as “home” if DNS test fails
HOMEN=”10.0.0.”

test -x $IFC || exit 0

# Don’t make changes to the wireless (wlan) or loopback (lo) interfaces
if [ “$IFACE” != “$INT” ]; then
exit 0
fi

# if dhcpd is still working on writing our resolv.conf, just wait a while (it’s a hack, but it works).
test -f /etc/resolv.conf || sleep 15

DOM=`awk ‘/search/ { print $2 }’ /etc/resolv.conf`
NET=`ip addr show dev $IFACE | awk ‘/inet / { print $2 }’ | awk -F. ‘{ print $1 “.” $2 “.” $3 “.” }’`

if [ “$DOM” = “$HOMED” ]; then
$IFC $IFACE mtu $MTU
elif [ “$NET” = “$HOMEN” ]; then
$IFC $IFACE mtu $MTU
else
$IFC $IFACE mtu $DEFMTU
fi

 

2011-07-07

HowTo: Create a dummy / empty / blank krb5.keytab file

Posted by Robert Auch under HowTo, Linux, Unix | Tags: |
Leave a Comment 

We had an issue recently where we needed a dummy krb5.keytab file for an operation prior to creating the real keytab:
echo -e "\0005\0002\c" >/etc/krb5.keytab

 

2011-06-21

How To: Test SMTP by hand

Posted by Robert Auch under Exchange, HowTo
[2] Comments 

I recently had a co-worker trying to figure out a “lost email” problem we were possibly experiencing. He was blind to everything after hitting “send” because the intermediate servers weren’t sending delivery recipets, even though they were requested in the MIME header (Does any mail admin allow those to be sent out of the organization these days?) So, to help him out, I wrote up the following “how to test SMTP by hand” HOWTO.

First step is to determine which servers are responsible for mail delivery inbound for the domain you’re sending to. You do this by looking in DNS for the “MX” type records. These are provided in the format “priority servername.domain.” Priority is reverse-ordered. The easiest way to remember priority order is that it’s the order in which servers are attempted.

rob@rob-kubuntu3:~$ dig MX totalnetsolutions.net +short
10 docsmooth.isa-geek.net.
rob@rob-kubuntu3:~$ dig MX likewise.com +short
10 server1.inboundmx.com.
20 server2.inboundmx.com.

This tells you the servers, in order, that *all* mail will be sent to for the domain listed. So, anything to my likewise.com address will go to server1.inboundmx.com. The higher priorities are only used if the lower priorities fail to answer. If no server answers, the mail is held by the sender and retried, generally every 1 or 4 hours for up to 4 days, but this retry is configured on the *sending* server. That means, your own email admin (or you, if you’re the mail admin).

Next thing to check is: does the server work, and is it your sender, or their receiver? Check with telnet!
Stuff I type is in red:

rob@rob-kubuntu3:~$ telnet docsmooth.isa-geek.net 25
Trying 99.29.179.119...
Connected to docsmooth.isa-geek.net.
Escape character is '^]'.
220 totalnetsolutions.net Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Tue, 31 May 2011 08:43:08 -0500
HELO
250 totalnetsolutions.net Hello [12.130.116.175]
MAIL FROM: me@me.com
250 2.1.0 me@me.com....Sender OK
RCPT TO:you@you.net
250 2.1.5 you@you.net
DATA
354 Start mail input; end with .
from:me@me.com
to:you@you.net
subject:test manually
test
test
.
250 2.6.0 Queued mail for delivery
quit
221 2.0.0 totalnetsolutions.net Service closing transmission channel
Connection closed by foreign host.

The last “.” is SUPER important – it tells the mail server when you’re done sending that email. You could use that channel to send other messages, rather than sending “QUIT” if you’d like. You might notice that I entered the “From” and “To” lines twice. The first entries are for the SMTP header (analogy would be the message envelope), and the second entries are for the MIME headings (analogy would be the return address header in a formal postal letter, if anyone sends those). The MIME headings are what most mail programs display, and actually don’t technically need to match the SMTP header (but if MIME and SMTP don’t match many anti-spam programs will throw out the message).

The MIME header is pretty complex, but not order-dependant, although I prefer to enter it in order, so that I can be sure I don’t miss anything.
If you want to add an attachment, just base64 encode it first with:
perl -e 'use MIME::Base64; qw(encode_base64); print encode_base64("@ARGV");' cat attachment-to-send.zip
Then you can just paste it into the email. In the MIME heading (right after the subject), just add (with the appropriate mime coding, probably application/octet-string:

------=_NextPart_000_000D_01CC1C41.21F38080
Content-Type: application/zip;
name="attachment-to-send.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="attachment-to-send.zip"
<paste your base64 encoded attachment/ >
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_000D_01CC1C41.21F38080"
------=_NextPart_000_000D_01CC1C41.21F38080
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

Type your message here, ending with a “.” Standalone on a line.
.

Now that you know *how* to send an email message by hand, you can use the returned error codes to troubleshoot where the message may be disappearing. Remember, that this just gives you transport troubleshooting between yourself and the initial destination mail server. Many large (and even medium-sized) organizations will have a perimeter mail server which then forwards the message to one or more internal servers. If the mail is being dropped at that point, you’ll have to contact the reciever with the proof that their server is accepting your messages.

 

« Previous PageNext Page »