Pages

Thursday, November 28, 2013

Resource Management : Tcp Dump

Analyzing network details is very important for a system admin. As a application server admin there are cases where I need to analyze the network details in order find the reasons for the slow performance.

Tcp Dump in Linux machines is a very use full network packet analyzer. It comes in many flavors of Linux systems.

The tcpdump command should be issued as a root user or we need to make sure to have sufficient privilileges on a network device or a socket. The tcpdump command allows to save packet information to a file and can also read file likes these. The data saved using the tcp-dump command can also be read by tools like wire-shark.

In this article we will see some of the basic uses of tcpdump and how to use the command. Since the output of the command cane be large some time I will just give the commands.

1. Basic usage
[root@vx111a ~]# tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:46:17.437843 IP 172.16.100.154.53950 > 224.0.0.252.hostmon: UDP, length 22
17:46:17.438254 IP 172.16.101.68.33970 > dns1.dwl.co.in.domain: 22161+ PTR? 252.0.0.224.in-addr.arpa. (42)
17:46:17.448783 IP 172.16.101.36.netbios-dgm > 172.16.101.255.netbios-dgm: NBT UDP PACKET(138)
17:46:17.457622 IP dns1.dwl.co.in.domain > 172.16.101.68.33970: 22161 NXDomain 0/1/0 (99)
17:46:17.457781 IP 172.16.101.68.37179 > dns1.dwl.co.in.domain: 34469+ PTR? 154.100.16.172.in-addr.arpa. (45)
17:46:17.538052 IP 172.16.100.154.53950 > 224.0.0.252.hostmon: UDP, length 22
17:46:17.624315 IP 172.16.101.16.51319 > 224.0.0.252.hostmon: UDP, length 22

7 packets captured
48 packets received by filter
11 packets dropped by kernel

We need to kill the process for the capturing to stop.

2. Find out the Interface
[root@vx111a ~]# tcpdump -D
1.eth0
2.eth1
3.usbmon1 (USB bus number 1)
4.usbmon2 (USB bus number 2)
5.any (Pseudo-device that captures on all interfaces)
6.lo

3. Capture packet Data for a Interface
[root@vx111a ~]# tcpdump -i eth0

4. Capture N number of packets on a Interface
[root@vx111a ~]# tcpdump -c 2 -i eth0

5. Capture Packets for host www.google.com
[root@vx111a ~]# tcpdump host www.google.com
6. Capture packets for a Specific Protocol
[root@vx111a ~]# tcpdump udp

7. Capture packets for a Specific Port
[root@vx111a ~]# tcpdump port http

8. Write packet Information to a File
[root@vx111a ~]# tcpdump -w hello.pcap -i eth0

9. Read packet Information From a File
[root@vx111a ~]# tcpdump -tttt -r hello.pcap

10.Read Packets greater than specific Bytes
tcpdump -w hello.pcap greater 1024

11.Read Packets lesser than specific Bytes
tcpdump -w hello.pcap less 1024

12. Receive packets flows on a particular port using tcpdump port
tcpdump -i eth0 port 22

13. Capture packets for particular destination IP and Port
tcpdump -w hello.pcap -i eth0 dst 192.171.10.4 and port 22

14. Capture TCP communication packets between two hosts
tcpdump -w hello.pcap -i eth0 dst 192.171.10.4 and port 22

15.packet capture by tcpdump with file rotation
tcpdump -w /var/log/capture -C 10
First, tcpdump write to 1st file /var/log/capture file until file size become 10,000,000 bytes.
When tcpdump capture a packet and find size of /var/log/capture file has reached 10,000,000 bytes, tcpdump create next generation file var/log/capture1 file and continue writing.

More To Come , Happy Learning J
Read More

Wednesday, November 27, 2013

Wire Shark : Packet Capturing Tool

Wire-shark is a network analysis tool which captures network packets in real time. They are captured in human readable format. The tool is formally called as Ethereal.

Wire-shark includes filters, color indicators and many other features that lets admin to dig into the network traffic and see what’s going on

This article is a brief introduction of how wire-shark is installed and how one can use to dig the network details.

1. Install the package.
In order to install the Wire-shark package, go to http://www.wireshark.org/download.html  

Select the Correct packages for the installation. I will be explaining how to build the wire-shark in Red hat Linux 6.

Download the Source Code and unzip it a location and execute
yum install bison flex gtk2-devel libpcap-devel c-ares-devel libsmi-devel gnutls-devel libgcrypt-devel krb5-devel GeoIP-devel ortp-devel portaudio-devel*

Linux then tries to install the packages which are dependent for wire-shark

2.Once the packages are installed ,run the following commands
cd wireshark-1.8.11
./autogen.sh
 ./configure --enable-setcap-install
 make
 make install
 wireshark &

If everything goes fine, we can now see the Wire-shark console on the screen.


3. Start Using Wire-Shark

 We can see the Interfaces that are available in our system under the Interface list. Under the Start
Click on the Interface, in this case consider “eth0”.Once we click the interface it starts capturing packets on that interface.

As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system. It captures all sorts of packets on tcp,udp,http and many more.


Click the stop capture button near the top left corner of the window when you want to stop capturing traffic.

Wire-shark follows colors to represent different information from the above screen. We can see packets highlighted in green, blue and black. Wire-shark uses colors to help you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic and black identifies TCP packets with problems — for example, they could have been delivered out-of-order.

Wire-shark can also allow us to filter packet information based on criteria. We can use the filter option available on the top to select the packet information like



Wire-shark also provides options to select filter. Click on the Analyze menu and select Display Filters to create a new filter.Select the Filter you want to analyze packet information for.

















Another important feature with wire-shark is that it allows you to follow the Packet Stream.
Just right click on a packet and select “Follow TCP Stream” or “Follow UDP Stream”. We can get more information like the full conversation between Client and Server in this request.


Close the window and you’ll find a filter has been applied automatically — Wire shark is showing you the packets that make up the conversation.

We can also inspect packet information by just right clicking on the packet and selecting “view its Details”.

This article is basically an introduction for wire shark.I will be providing more details on the usage of this tool

Happy learning, more To Come J
Read More

Thursday, November 14, 2013

Vi and CTRL + S

As a System administrator I use Putty almost every day. There are cases where I try to save the file opened in a vi editor using CTRL+S and I do this when I open the file in Putty.

When I press the CTRL+S , putty seems to be hang without accepting any of the key board commands. I have to kill the Putty and start it again.

So what exactly happens here is when we press CTRL + S , it actually does a XOFF which means terminal will accept key strokes but won’t show the output of anything.We cant see any of the key strokes going on but actually the key strokes are being sent to the terminal.

In Order to disable the XOFF , we can then press CTRL+Q to turn flow-control on (XON) to see the key strokes again.

In Order to disable this we can add .bashrc file like
stty ixany
stty ixoff -ixon

and for using CTRL + S to actually save the file in vi. Add the below as they are
 in  .bashrc

# turn off Ctrl + s XOFF (XON is Ctrl + q)
stty ixany
stty ixoff -ixon
stty stop undef
stty start undef

.vimrc :
” Ctrl+s to save
map <C-s> :w<cr>
imap <C-s> <ESC>:w<cr>a

” Ctrl+q to quit, hold shift to discard changes
map <C-q> :q<cr>
imap <C-q> <ESC>:q<cr>
map <C-S-q> :q!<cr>
imap <C-S-q> <ESC>:q!<cr>


More to Come, Happy learning J
Read More

Tuesday, November 12, 2013

JON CLI Basics

JON ( JBoss Operations Network) is a very use full tool in monitoring , managing redhat Products. It can be use full in monitoring various resources like operating system metrics, JBboss , tomcat and also apache web servers. Many details regarding the under lying components can be obtained using the JON console.

JON can be exposed using its remote api provided. Clients can be coded to access the jon using the api. These APIs allow clients to access the server functionality — alerting, monitoring, managing inventory and resources, even agents.

EJB play a major role in defining JON system. They expose the services in different interfaces
1.web Interface
2.JON CLI ( Command Line Interface )

JBoss ON CLI can be downloaded and installed locally which uses Java and the remote API to support scripting and command line services for JON.

JON cli is stand alone java application which is based on java Scripting interface.

The JBoss Operations Network CLI itself is a Java shell the allows administrators to connect to the JBoss ON server over the command line. Essentially, the CLI is a script execution engine. It treats the JBoss ON API as if it was written in a scripting language, which makes it more convenient to manage the JBoss ON server.

The JBoss ON CLI is opened through a script, rhq-cli.sh|bat

Install the Command Line Tool
The Command line tool can be obtained in a zip form. here are the Steps to do that

Open the JBoss ON GUI - http://server.example.com:7080
Click the Administration link in the main menu.
Select the Downloads menu item.
Scroll to the Command Line Client Download section, and click Download Client Installer.
Save the .zip file into the directory where the CLI should be installed.
Unzip the packages.
unzip rhq-client-version.zip

This is downloaded from the JON GUI since Only the corresponding version of the CLI can be used to manage the JBoss ON server.

Running the JON CLI

:) [xk477@vx18d /upapps/wam/remote-scripts/rhq-remoting-cli-4.4.0.JON312GA/bin]$ ./rhq-cli.sh

RHQ Enterprise Remote CLI 4.4.0.JON312GA
unconnected$ login cliadmin password vx1324 7080
Remote server version is: 3.1.2.GA (2852293:bbe1c9b)
Login successful

Single Command Line

A single command can be passed to the CLI by using the -c. In this example, the server searches for and prints all supported resource types
[dwls999@vx181d bin]$ ./rhq-cli.sh -s vx1324 -u cliadmin -t 7080 -p password -c "pretty.print(ResourceTypeManager.findResourceTypesByCriteria(new ResourceTypeCriteria()))" > resource_types.txt

Executing a File
external files can also be executed by using the rhq-cli.sh Command. Open a File and Write a jon Cli script like,

println("Scanning All Tomcat Instances");
var criteria = ResourceCriteria();
criteria.addFilterResourceCategories([ResourceCategory.valueOf("SERVER")]);
criteria.addFilterPluginName("Tomcat");
var resources = ResourceManager.findResourcesByCriteria(criteria);
pretty.print(resources);


Save the Script , run the script using
./rhq-cli.sh -s vx1324 -u cliadmin -t 7080 -p devJasAdmin0 -f <Script Location>/<Script Name>

Variables
JON Cli provides various variables that help in our development of code.As 'java.lang.*” package is by default imported , JON cli also imports some of the packages.

Everything under the org.rhq.core.domain class is automatically imported, which makes it easier to use the CLI for managing resources, alerts, and other aspects of JBoss ON

Some of the variable include ,
criteria - provides a flexible framework for fine-tuned query operations.
Pretty - Provides for tabular-formatted printed and handles converting objects into a format suitable for display in the console.
ProxyFactory - Resource proxies are custom objects generated in the CLI that simplify interacting with the remote and domain APIs. Proxies are obtained through the ProxyFactory by calling getResource() and providing a resource identifier

Samples
Now we will write some of the basic snippets for starting the JON Cli,

Criteria-Based Searching
Criteria provides a flexible framework for fine-tuned query operations.If we need to search for some this ,we can use the Criteria.If we need to find out the available JBoss AS5 resources we can write all the commands in a file and execute or we can execute one by one like this

cliadmin@vx1324:7080$ var criteria = ResourceCriteria();

cliadmin@vx1324:7080$ criteria.addFilterResourceCategories([ResourceCategory.valueOf("SERVER")]);

cliadmin@vx1324:7080$ criteria.addFilterPluginName("JBossAS5");

cliadmin@vx1324:7080$ var resources = ResourceManager.findResourcesByCriteria(criteria);
cliadmin@vx1324:7080$ pretty.print(resources);

This will print the below details like,
id name version currentAvailabil resourceType
-------------------------------------------------------------------------------
26923 ESA-A1 EWP 5.0.0.GA UP JBossAS Server
71507 DSA-A1 EWP 5.0.0.GA UP JBossAS Server
26078 PSA-A1 EWP 5.0.0.GA UP JBossAS Server

Once we get the Id and various types of JBoss AS 5 resources we can use the ProxyFactory to get information about that specific resource

cliadmin@vx1324:7080$var rhelServerOne = ProxyFactory.getResource(81441)

ProxyFactory can return a complete summary of information about the specified resource, such as its current monitoring data and traits, resource name, available metrics, available operations, content information, and child inventory, all dependent on the resource type.

cliadmin@vx1324:7080$ pretty.print(rhelServerOne);
ResourceClientProxy_$$_javassist_0:
availability: ?
children:
contentTypes: {}
createdDate: Fri Jul 05 01:11:07 CDT 2013
description: JVM of the JBossAS
handler:
id: 81441
measurements: [Availability]
modifiedDate: Fri Jul 05 01:11:07 CDT 2013
name: JVM
operations: []
pluginConfiguration:
pluginConfigurationDefinition: ConfigurationDefinition[id=10248, name=JBoss AS JVM]
resourceType: JBoss AS JVM
version: 1.6.0_16


We can even fine tune this like,
cliadmin@vx1324:7080$ pretty.print(rhelServerOne.id)
81441.0

cliadmin@vx1324:7080$ pretty.print(rhelServerOne.version);
1.6.0_16

We can see all the supported Operations on a Resource using ,

cliadmin@vx1324:7080$var rhelServerOne = ProxyFactory.getResource(81441)
cliadmin@vx1324:7080$ Operations

cliadmin@vx1324:7080$ pretty.print(rhelServerOne.operations);
Array of org.rhq.bindings.client.ResourceClientProxy$Operation
name description
-------------------------------------------------------------------------------
setDebugMode Turns on or off debug mode, which causes the agent to
getInfoOnAllPlugins Retrieves information on all deployed plugins.
getCurrentDateTime Obtains the agent's current date/time.
executePromptCommand Executes an agent prompt command, just as if you invok
shutdownAgent Shuts down the agent's comm layer and plugin container
executeAvailabilityScan Runs an availability scan and returns a report of its
updateAllPlugins Tells the agent to update its plugins. This pulls new/
switchToServer Tell the agent to immediately switch to another server
downloadLatestFailoverList Tells the agent to download an updated server failover
getPluginInfo Retrieves information on a specific plugin.
restartAgent Shuts down the agent's comm layer and plugin container
restartPluginContainer Recycles the plugin container.
12 rows

Once the available Operations are obtained we can perform operations like,

cliadmin@vx1324:7080$var rhelServerOne = ProxyFactory.getResource(81441)
cliadmin@vx1324:7080$rhelServerOne.getInfoOnAllPlugins();
Invoking operation getInfoOnAllPlugins
.

cliadmin@vx1324:7080$ rhelServerOne.restartAgent();
Invoking operation restartAgent

cliadmin@vx1324:7080$ rhelServerOne.getPluginConfiguration();
Configuration [47084] - null
snapshotLogEnabled = true
snapshotDataEnabled = true
snapshotConfigEnabled = true
type = org.mc4j.ems.connection.support.metadata.InternalVMTypeDescriptor
connectorAddress = Local Connection
logEventSources [0] {
}

Write To a External Files
The Output of the script or the commands can be written to a external file using the exporter like

cliadmin@vx1324:7080$ var criteria = ResourceCriteria();
cliadmin@vx1324:7080$ criteria.addFilterResourceCategories([ResourceCategory.valueOf("SERVER")]);
cliadmin@vx1324:7080$ criteria.addFilterPluginName("JBossAS5");
cliadmin@vx1324:7080$ var resources = ResourceManager.findResourcesByCriteria(criteria);
cliadmin@vx1324:7080$ exporter.setTarget('raw', 'output.txt')
cliadmin@vx1324:7080$ exporter.write(resources)

or To CSV Files
exporter.setTarget('csv', 'output.csv')


More To Come , Happy Learning 
Read More