Skip to content

tshark dump and analyze network traffic

01-Nov-09

tshark – Dump and analyze network traffic

# tshark -n -i ppp0 port 80
Running as user "root" and group "root". This could be dangerous.
Capturing on ppp0

-n Disable network object name resolution (such as hostname, TCP and UDP port names), the -N flag might override this one.

-i [capture interface]

TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark’s native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.

Without any options set, TShark will work much like tcpdump. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet.

Filed in networking | Tagged , , , , | Comments (0) »

Changing MTU

01-Nov-09

Changing MTU

$ sudo ifconfig ppp0 mtu 1492

In computer networking, the maximum transmission unit (MTU) of a layer of a communications protocol is the size (in bytes) of the largest protocol data unit that it can pass onwards. MTU parameters usually appear in association with a communications interface (NIC, serial port, etc.). The MTU may be fixed by standards (as is the case with Ethernet) or decided at connect time (as is usually the case with point-to-point serial links). A higher MTU brings greater efficiency because each packet carries more user data while protocol overheads, such as headers or underlying per-packet delays remain fixed, and higher efficiency means a slight improvement in bulk protocol throughput. However, large packets can occupy a slow link for some time, causing greater delays to following packets and increasing lag and minimum latency. For example, a 1500 byte packet, the largest allowed by Ethernet at the network layer (and hence most of the Internet), would tie up a 14.4k modem for about one second.

Filed in Tips | Tagged | Comments (0) »

RSYNC to backup your home DIR from your OLD server

31-Oct-09

RSYNC to backup your home DIR from your OLD server

#!/bin/bash
#admin@serversignature.com
rsync -vrplogDtH --exclude=virtfs/ --progress -e ssh root@192.168.0.1:/home/ home/

IF USING SSH Port = 2222

rsync -ave 'ssh -p 2222' username@192.168.0.1:/home/ /home/

Filed in Rsync | Tagged , , , | Comments (0) »

Quick rsync to backup your home dir and mysql databases

31-Oct-09

Quick rsync to backup your home dir and mysql databases.

#!/bin/bash
#RUN the below script using "nohup - run a command immune to hangups, with output to a non-tty"
#admin@serversignature.com
IP=192.168.0.1
rsync -vrplogDtH --exclude=virtfs/ --progress -e ssh root@$IP:/home/ /home/

rsync -vrplogDtH --progress -e ssh root@$IP:/var/lib/mysql/ /var/lib/mysql/

#Backup one large DB
rsync -vrplogDtH --progress -e ssh root@$IP:/var/lib/mysql/server_support /var/lib/mysql/

#END

OPTIONS SUMMARY

Here is a short summary of the options available in rsync. Please refer to the detailed description below for a complete description.

-v, --verbose increase verbosity
-r, --recursive recurse into directories
-l, --links copy symlinks as symlinks
-L, --copy-links transform symlink into referent file/dir
-H, --hard-links preserve hard links
-p, --perms preserve permissions
-o, --owner preserve owner (super-user only)
-D same as --devices --specials
-t, --times preserve modification times
-n, --dry-run perform a trial run with no changes made
-e, --rsh=COMMAND specify the remote shell to use

Filed in Rsync | Tagged , , | Comments (0) »

mail alert on root login

31-Oct-09

put in root user .bashrc file

echo 'ALERT- Root Access on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" admin@serversignature.com

or

echo 'ALERT- Root Access on:' `date` `who` | mail -s "Alert: Root Access from `who --i|grep root`" admin@serversignature.com

Filed in Security | Tagged , , | Comments (0) »

rsync backup to a central backup server

31-Oct-09

rsync backup to a central backup server with 7 day incremental

We can use – `date +%A-%D` in the script.

$ echo `date +%A-%D`
Saturday-10/31/09

#!/bin/sh

# This script does personal backups to a rsync backup server. You will end up
# with a 7 day rotating incremental backup. The incrementals will go
# into subdirectories named after the day of the week, and the current
# full backup goes into a directory called “current”
# tridge@linuxcare.com

# directory to backup
BDIR=/home/$USER

# excludes file – this contains a wildcard pattern per line of files to exclude
EXCLUDES=$HOME/cron/excludes

# the name of the backup machine
BSERVER=owl

# your password on the backup server
export RSYNC_PASSWORD=XXXXXX

############################

BACKUPDIR=`date +%A`
OPTS=”–force –ignore-errors –delete-excluded –exclude-from=$EXCLUDES
–delete –backup –backup-dir=/$BACKUPDIR -a”

export PATH=$PATH:/bin:/usr/bin:/usr/local/bin

# the following line clears the last weeks incremental directory
[ -d $HOME/emptydir ] || mkdir $HOME/emptydir
rsync --delete -a $HOME/emptydir/ $BSERVER::$USER/$BACKUPDIR/
rmdir $HOME/emptydir

# now the actual transfer
rsync $OPTS $BDIR $BSERVER::$USER/current

backup to a spare disk

I do local backups on several of my machines using rsync. I have an
extra disk installed that can hold all the contents of the main
disk. I then have a nightly cron job that backs up the main disk to
the backup. This is the script I use on one of those machines.

#!/bin/sh

export PATH=/usr/local/bin:/usr/bin:/bin

LIST=”rootfs usr data data2″

for d in $LIST; do
mount /backup/$d
rsync -ax –exclude fstab –delete /$d/ /backup/$d/
umount /backup/$d
done

DAY=`date “+%A”`

rsync -a –delete /usr/local/apache /data2/backups/$DAY
rsync -a –delete /data/solid /data2/backups/$DAY

The first part does the backup on the spare disk. The second part backs up the critical parts to daily directories. I also backup the critical parts using a rsync over ssh to a remote machine

Filed in Rsync | Tagged , , | Comments (0) »

How to check DMA mode on SATA

31-Oct-09

How to check DMA mode on SATA

dmesg |grep DMA

$ sudo dmesg |grep DMA
[ 0.000000] DMA 0x00000010 -> 0x00001000
[ 0.000000] DMA zone: 32 pages used for memmap
[ 0.000000] DMA zone: 0 pages reserved
[ 0.000000] DMA zone: 3951 pages, LIFO batch:0
[ 4.338031] ata1: SATA max UDMA/133 cmd 0x1f0 ctl 0x3f6 bmdma 0xffa0 irq 14
[ 4.338041] ata2: PATA max UDMA/100 cmd 0x170 ctl 0x376 bmdma 0xffa8 irq 15
[ 4.664422] ata2.00: CFA: SILICONMOTION SM223AC, , max UDMA/66
[ 4.680417] ata2.00: configured for UDMA/66

DMA mode is activated by all SATA devices

Filed in Performance | Tagged , , | Comments (0) »

hdparm get/set SATA/ATA device parameters

31-Oct-09

hdparm – get/set SATA/ATA device parameters

Hdparm is a tool that allows you to set IDE device settings. This includes things such as DMA modes, transfer settings and various other settings that can help improve the speed of your hard disks and CDROMs. These settings are not enabled by default, so you will probably want to enable them.

Getting information about your different drives

Different drives have different capabilities, so in order to configure them you must know what they are capable of doing. # hdparm -i /dev/hdX should give you the information you need (replace hdX with your drive)

hdparm -i /dev/hdd

-i Display the identification info that was obtained from the drive at boot time, if available. This is a feature of modern IDE drives, and may not be supported by older devices.

Benchmarking devices

hdparm -tT

hdparm includes a handy benchmark mode, which should allow you to see how much of a speed. When running a benchmark it is recommended that you close all programs that could interfere with the results.

# hdparm -tT /dev/hdX

You can use the following command to check what your IDE chipset

# lspci |grep -i ide

To enable DMA on a device type the following:

# hdparm -d1 /dev/hda

Now run a benchmark and see how much of an improvement you have received.

Filed in Performance | Tagged , , | Comments (0) »

OpenVZ Operating system-level virtualization

31-Oct-09

Installing OpenVZ

OpenVZ is operating system-level virtualization based on a modified Linux kernel that allows a physical server to run multiple isolated instances known as containers, virtual private servers (VPS), or virtual environments (VE).

Installing OpenVZ on a CentOS 4 or CentOS 5

Download – http://download.openvz.org/openvz.repo

Import the OpenVZ key

rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ

Install the OpenVZ kernel

Depending on which kernel arch you want, simply do:

yum install ovzkernel.i386

or

yum install ovzkernel.x86_64

Reference – http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf

1) Examine /etc/grub.conf to ensure the desired kernel is set to be the default,

2) Edit the /etc/sysctl.conf to enable some kernel features that are needed for OpenVZ and

3) Make sure SELINUX is disabled.

Filed in LAMP | Tagged , , , | Comments (0) »

Optimizing the EXT3 file system on Linux

31-Oct-09

Optimizing the EXT3 file system on Linux

There are some things you can do to give ext3 a boost when you just want speed.

Mount Options noatime,nodiratime

noatime
Do not update inode access times on this file system (e.g, for faster access on the news spool to speed up news servers).

nodiratime
Do not update directory inode access times on this filesystem.

This is one of the quickest and easiest performance gains. This mount option tells the system not to update inode access times. This is a good option for web servers, news servers or other uses with high access file systems

Also from the man pages.

commit=nrsec
Sync all data and metadata every nrsec seconds. The default value is 5 seconds. Zero means default.

# / was on /dev/sda1 during installation
UUID=164be035-6571-43b4-820e-cef57b74f1dc / ext3 relatime,noatime,nodiratime,errors=remount-ro 0 1

Filed in Performance | Tagged , | Comments (0) »