Monthly Archives: March 2024

How to capture network traffic using tcpdump on a Linux machine

Posted on by
Reply

To capture network traffic using tcpdump on a Linux machine and analyze it in Wireshark, follow these steps:

  1. Install Wireshark: If Wireshark is not already installed on your Linux machine, you can install it using your package manager. For example, on Debian-based systems (like Ubuntu), you can use:sudo apt-get update sudo apt-get install wireshark Make sure you have appropriate permissions to run Wireshark or use it with sudo.
  2. Capture network traffic with tcpdump: Run tcpdump to capture the network traffic. For example, to capture all traffic on interface eth0 and save it to a file named capture.pcap:sudo tcpdump -i eth0 -w capture.pcap Replace eth0 with the name of your network interface, which you can find using the ifconfig command.
  3. Stop tcpdump: Once you’ve captured enough traffic, stop tcpdump by pressing Ctrl+C.
  4. Transfer the capture file to your local machine (optional): If you’re running Wireshark on a different machine, you’ll need to transfer the capture file (capture.pcap) from the Linux machine to your local machine. You can use utilities like scp (secure copy) or rsync for this purpose.
  5. Open the capture file in Wireshark: Launch Wireshark on your local machine and open the capture file (capture.pcap) that you created using tcpdump.wireshark capture.pcap Alternatively, you can open Wireshark first and then use the GUI to open the capture file.
  6. Analyze the captured traffic: In Wireshark, you can analyze the captured packets, apply filters, view packet details, and perform various other network analysis tasks.

By following these steps, you can capture network traffic using tcpdump on a Linux machine and analyze it in Wireshark for troubleshooting, security analysis, or network debugging purposes. Remember to use tcpdump with appropriate permissions (e.g., sudo) to capture traffic on privileged ports or interfaces.

Linux: traceroute command

Posted on by
Reply

The traceroute command in Linux is a network diagnostic tool used to trace the path that an Internet Protocol (IP) packet takes from the local machine to a specified destination host. It does this by sending a series of packets with increasing Time-To-Live (TTL) values, starting from 1.

Here’s how the traceroute command works and what information it provides:

  1. Sending packets with TTL: The traceroute command sends UDP packets (by default) or ICMP Echo Request packets towards the destination IP address with TTL set to 1. When a router receives a packet with TTL of 1, it decrements the TTL by 1 and if it reaches zero, it sends back an ICMP “Time Exceeded” message to the sender. This message indicates that the packet has expired.
  2. Analyzing ICMP Time Exceeded messages: traceroute captures these ICMP Time Exceeded messages and uses them to determine the route the packet took to reach the destination. Each router along the path responds with an ICMP Time Exceeded message, indicating its presence.
  3. Incrementing TTL: traceroute then sends another set of packets with TTL set to 2, and so on, until the packets finally reach the destination. Each time, it records the IP address and round-trip time (RTT) of the intermediate routers.
  4. Displaying the route: Once traceroute receives a response from the destination or reaches its maximum number of hops, it displays the route taken by the packets along with the round-trip time for each hop.
  5. Identifying delays: By analyzing the round-trip times, traceroute can identify network delays at each hop, helping to diagnose network performance issues.
  6. Options: The traceroute command supports various options to customize its behavior. For example, you can specify the maximum number of hops (-m option), the type of packets to send (-I for ICMP or -U for UDP), and the interval between packets (-i option).

Example usage:

traceroute google.com

This command would trace the route to google.com, showing the IP addresses of each hop along the way and the round-trip time for each hop.

traceroute is a valuable tool for network troubleshooting, allowing administrators to identify network routing issues, locate bottlenecks, and analyze network performance between two hosts.

Linux: ip route information

Posted on by
Reply

n Linux, the ip route command is used to display and manipulate the kernel’s IP routing table. This table contains information about how packets should be forwarded to their destinations. Here’s a breakdown of the information provided by the ip route command:

  1. Destination: This field represents the destination network or host to which the route applies. It can be specified as an IP address or network address.
  2. Gateway: This field specifies the IP address of the next-hop router to which packets should be forwarded to reach the destination network or host. If the destination is directly reachable (e.g., on the same subnet), this field may be blank.
  3. Genmask/Mask: This field indicates the network mask associated with the destination address. It’s used to determine which portion of the IP address represents the network portion and which portion represents the host portion.
  4. Flags: Flags provide additional information about the route. Common flags include:
    • U (Up): Indicates that the route is up and available.
    • G (Gateway): Indicates that a gateway is required to reach the destination.
    • H (Host): Indicates that the destination is a host (single IP address).
    • D (Dynamic): Indicates that the route was dynamically added by a routing protocol.
    • C (Cache): Indicates that the route was dynamically added and is stored in the routing cache.
    • M (Modified): Indicates that the route has been modified since it was last used.
  5. Metric: This field represents the routing metric associated with the route. The metric is used by the routing algorithm to determine the best path to a destination when multiple routes are available. Lower metric values typically indicate better paths.
  6. Ref: This field shows the number of references to the route. It indicates how many routes are using this particular route entry.
  7. Use: This field displays the number of lookups performed on this route. It indicates how many times this route has been used.
  8. Iface/Interface: This field specifies the network interface through which packets should be sent to reach the destination. It indicates the outgoing interface for the route.
  9. Scope: This field defines the scope of the route, which determines where the route is valid. Common values include:
    • global: The route is valid globally.
    • link: The route is only valid on the local network segment.
    • host: The route is valid only for the specified host.

The ip route command provides a comprehensive view of the system’s routing table, allowing administrators to understand how packets are being routed and to configure routing behavior as needed.

Linux: ifconfig command

Posted on by
Reply

The ifconfig command in Linux (and other Unix-like operating systems) is used to display and configure network interfaces. When you execute the ifconfig command without any arguments, it typically shows information about all active network interfaces on your system. Here’s a breakdown of the data you typically see:

  1. Interface Name (eth0, wlan0, etc.): This is the name of the network interface. It could be a physical interface like Ethernet (eth0, eth1, etc.) or a wireless interface (wlan0, wlan1, etc.).
  2. Link encap: This indicates the type of encapsulation method used on the interface, such as Ethernet, Loopback, or Point-to-Point.
  3. HWaddr (Hardware Address): This is the MAC (Media Access Control) address of the network interface, which uniquely identifies it on the network.
  4. inet: This shows the IPv4 address assigned to the interface. If the interface is configured with an IPv4 address, you’ll see it listed here.
  5. inet6: If IPv6 is enabled on the interface, this field will display the IPv6 address assigned to the interface.
  6. Netmask: This indicates the subnet mask associated with the IPv4 address. It determines the size of the network segment the device is on.
  7. broadcast: This displays the broadcast address for the network segment the interface is connected to. It’s used for broadcasting messages to all devices on the same network.
  8. inet6 addr: Similar to the inet field, but for IPv6 addresses.
  9. Scope: This indicates the scope of the IP address, whether it’s global, link-local, site-local, etc.
  10. RX packets/TX packets: These show the number of packets received (RX) and transmitted (TX) by the interface since it was activated or the statistics were last cleared.
  11. RX bytes/TX bytes: These display the number of bytes received (RX) and transmitted (TX) by the interface.
  12. MTU: This stands for Maximum Transmission Unit, which is the largest packet size allowed on the interface without fragmentation.
  13. RX errors/TX errors: These indicate the number of errors encountered while receiving (RX) or transmitting (TX) packets.
  14. Collisions: This shows the number of collisions detected on the interface. Collisions occur when two devices attempt to transmit data simultaneously on a shared network segment.

The output of ifconfig may vary slightly depending on the version of the tool and the Linux distribution you’re using. Some distributions are moving towards using the ip command instead of ifconfig, as it provides more features and is more powerful.

AIX: How to replace a hot-swappable Host Bus Adapter (HBA) on an AIX system

Posted on by
Reply

Replacing a hot-swappable Host Bus Adapter (HBA) on an AIX system involves several steps to ensure a smooth transition without causing disruptions to the system’s connectivity to storage devices. Here’s a general procedure to replace a hot-swappable HBA on AIX:

  1. Prepare for Downtime:Plan for a maintenance window during which you can safely perform the HBA replacement without impacting critical operations. Ensure you have a proper backup of important data and configurations before proceeding.
  2. Identify the Failed HBA:Use the AIX lsdev command to identify the failed HBA. Look for the appropriate device name associated with the HBA you intend to replace.lsdev -Cc adapter | grep <HBA_name>
  3. Identify Available Slots:If the system has multiple slots for HBAs, identify an available slot where you will insert the replacement HBA.
  4. Remove the Failed HBA:Use the rmdev command to remove the failed HBA from the system. This step ensures that AIX stops using the failed HBA.rmdev -l <failed_HBA_device_name>
  5. Insert the Replacement HBA:Insert the replacement HBA into the identified slot. Ensure that it is properly seated and securely fastened.
  6. Scan for New Devices:Use the cfgmgr command to scan for new devices and configure the replacement HBA.cfgmgr This command will automatically detect and configure the replacement HBA and any attached devices.
  7. Verify Connectivity:Test the connectivity to storage devices connected to the replacement HBA to ensure that the system can access them properly.
  8. Monitor for Errors:Monitor system logs and performance after the replacement to ensure there are no errors or issues related to the replacement HBA.
  9. Update Documentation:Update system documentation to reflect the replacement of the HBA for future reference.
  10. Perform Post-Maintenance Checks:Perform any necessary post-maintenance checks and tests to ensure that the system is functioning correctly and that there are no lingering issues.

By following this procedure, you can safely replace a hot-swappable Host Bus Adapter (HBA) on an AIX system without causing disruptions to the system’s connectivity to storage devices. Always ensure to follow manufacturer’s guidelines and best practices specific to your hardware and software environment.

Linux: display World Wide Port Names (WWPNs)

Posted on by
Reply

To display World Wide Port Names (WWPNs) and other information about Fibre Channel (FC) adapters on a Linux system, you can use various commands depending on the tools available on your system. Here are a few common methods:

  1. Using lsscsi and sg_map commands:This method requires the lsscsi and sg_map utilities, which are commonly available on many Linux distributions.sudo lsscsi -g This command lists SCSI devices, including Fibre Channel adapters. Note down the device corresponding to your Fibre Channel adapter.Then, use sg_map to map SCSI generic (sg) device names to WWPNs:sudo sg_map -i This command will show the mapping of SCSI generic devices to WWPNs and other information.
  2. Using systool:On systems with sysfs support, you can use the systool command to display information about Fibre Channel adapters:sudo systool -c fc_host -v This command lists information about Fibre Channel host adapters, including WWPNs and other details.
  3. Using fcinfo (For systems with Emulex HBAs):If you’re using Emulex HBAs, you can use the fcinfo command:sudo fcinfo <adapter_name> Replace <adapter_name> with the name of your Fibre Channel adapter (e.g., lpfc0). This command will display detailed information about the adapter, including WWPNs.
  4. Using scli (For systems with QLogic HBAs):If you’re using QLogic HBAs, you can use the scli command:sudo scli -p <port_number> -g Replace <port_number> with the port number of your Fibre Channel adapter (e.g., 0). This command will display detailed information about the HBA, including WWPNs.

Choose the method that best fits your system configuration and the tools available. These commands should provide you with the necessary information about WWPNs and other details of your Fibre Channel adapters on Linux.

Linux: How to use nmcli to display current network configuraton and reconfigure a network adapter

Posted on by
Reply

nmcli is a command-line tool used to interact with NetworkManager, a network management daemon used in many Linux distributions. It allows you to view and configure network settings. Here’s how you can use nmcli to display the current network configuration and reconfigure a network adapter:

  1. Display Current Network Configuration:You can use nmcli to display the current network configuration:nmcli connection show This command will list all network connections along with their configuration details.
  2. Display Detailed Information about a Specific Connection:To view detailed information about a specific connection, such as the IP address, gateway, DNS servers, etc., use:nmcli connection show <connection_name> Replace <connection_name> with the name of the connection you want to inspect.
  3. Reconfigure a Network Adapter:To reconfigure a network adapter, you can modify its settings directly using nmcli. Here’s a basic example to set a static IP address:nmcli connection modify <connection_name> ipv4.addresses <ip_address>/<subnet_mask> ipv4.gateway <gateway_address> ipv4.dns <dns_server> Replace <connection_name>, <ip_address>, <subnet_mask>, <gateway_address>, and <dns_server> with appropriate values.For example:nmcli connection modify "Wired Connection 1" ipv4.addresses 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.dns 8.8.8.8 This command modifies the “Wired Connection 1” connection to use the specified static IP address, subnet mask, gateway, and DNS server.
  4. Apply Changes:After modifying the connection settings, apply the changes:nmcli connection up <connection_name> Replace <connection_name> with the name of the connection you modified.
  5. Verify Changes:Use nmcli connection show <connection_name> to verify that the changes have been applied successfully.

Remember to replace placeholders such as <connection_name>, <ip_address>, <subnet_mask>, <gateway_address>, and <dns_server> with actual values relevant to your network configuration. Additionally, ensure that you have appropriate permissions (usually root or sudo) to modify network settings.

Linux: Using lsblk and smartctl to display hard disk overall-health self-assessment

Posted on by
Reply

root@debian01:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1 259:0 0 476.9G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part /boot/efi
├─nvme0n1p2 259:2 0 488M 0 part /boot
└─nvme0n1p3 259:3 0 476G 0 part
└─nvme0n1p3_crypt 254:0 0 475.9G 0 crypt
├─debian01–vg-root 254:1 0 23.3G 0 lvm /
├─debian01–vg-var 254:2 0 9.3G 0 lvm /var
├─debian01–vg-swap_1 254:3 0 976M 0 lvm
├─debian01–vg-tmp 254:4 0 1.9G 0 lvm /tmp
└─debian01–vg-home 254:5 0 440.5G 0 lvm /home

root@debian01:~# smartctl -a –test=long /dev/nvme0n1
smartctl 7.3 2022-02-28 r5338 [x86_64-linux-6.1.0-18-amd64] (local build)
Copyright (C) 2002-22, Bruce Allen, Christian Franke, http://www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Number: SAMSUNG MZ9LQ512HBLU-00B00
Serial Number: S7DANXMW102944
Firmware Version: FXM7601Q
PCI Vendor/Subsystem ID: 0x144d
IEEE OUI Identifier: 0x002538
Total NVM Capacity: 512,110,190,592 [512 GB]
Unallocated NVM Capacity: 0
Controller ID: 5
NVMe Version: 1.4
Number of Namespaces: 1
Namespace 1 Size/Capacity: 512,110,190,592 [512 GB]
Namespace 1 Utilization: 61,558,759,424 [61.5 GB]
Namespace 1 Formatted LBA Size: 512
Namespace 1 IEEE EUI-64: 002538 d130ba314d
Local Time is: Mon Mar 18 11:42:24 2024 CST
Firmware Updates (0x16): 3 Slots, no Reset required
Optional Admin Commands (0x0017): Security Format Frmw_DL Self_Test
Optional NVM Commands (0x005f): Comp Wr_Unc DS_Mngmt Wr_Zero Sav/Sel_Feat Timestmp
Log Page Attributes (0x1e): Cmd_Eff_Lg Ext_Get_Lg Telmtry_Lg Pers_Ev_Lg
Maximum Data Transfer Size: 512 Pages
Warning Comp. Temp. Threshold: 83 Celsius
Critical Comp. Temp. Threshold: 85 Celsius
Namespace 1 Features (0x10): NP_Fields

Supported Power States
St Op Max Active Idle RL RT WL WT Ent_Lat Ex_Lat
0 + 5.12W – – 0 0 0 0 0 0
1 + 3.59W – – 1 1 1 1 0 0
2 + 2.92W – – 2 2 2 2 0 500
3 – 0.0500W – – 3 3 3 3 210 1200
4 – 0.0050W – – 4 4 4 4 1000 9000

Supported LBA Sizes (NSID 0x1)
Id Fmt Data Metadt Rel_Perf
0 + 512 0 0

=== START OF SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

SMART/Health Information (NVMe Log 0x02)
Critical Warning: 0x00
Temperature: 51 Celsius
Available Spare: 100%
Available Spare Threshold: 50%
Percentage Used: 0%
Data Units Read: 181,599 [92.9 GB]
Data Units Written: 1,857,619 [951 GB]
Host Read Commands: 1,898,681
Host Write Commands: 48,222,637
Controller Busy Time: 238
Power Cycles: 75
Power On Hours: 52
Unsafe Shutdowns: 61
Media and Data Integrity Errors: 0
Error Information Log Entries: 0
Warning Comp. Temperature Time: 153
Critical Comp. Temperature Time: 3
Temperature Sensor 1: 51 Celsius
Thermal Temp. 1 Transition Count: 1236
Thermal Temp. 2 Transition Count: 1014
Thermal Temp. 1 Total Time: 2672
Thermal Temp. 2 Total Time: 12386

Error Information (NVMe Log 0x01, 16 of 64 entries)
No Errors Logged

root@debian01:~#

Site Reliability Engineering (SRE) principles

Posted on by
Reply

Site Reliability Engineering (SRE) principles, as defined by Google, focus on creating scalable and reliable software systems through a combination of engineering and operations practices. SRE aims to balance the need for rapid innovation with the requirement for reliability, availability, and scalability. Here are some key principles of SRE:

  1. Service Level Objectives (SLOs):
    • SLOs define the level of reliability or performance that a service should achieve, typically expressed as a percentage of uptime or response time.
    • SLOs provide a clear target for reliability and help align engineering efforts with business goals.
    • SRE teams monitor and measure SLOs, using them to make informed decisions about service improvements and investments.
  2. Error Budgets:
    • Error budgets are a concept closely related to SLOs. They represent the permissible amount of downtime or errors that a service can experience within a given time period.
    • SRE teams manage error budgets to strike a balance between reliability and innovation. They allow for a certain level of risk-taking and experimentation, as long as it doesn’t exceed the error budget.
  3. Automation:
    • SRE emphasizes automation to reduce manual toil and improve efficiency. Automation helps standardize processes, eliminate human error, and scale operations.
    • Automation is applied to various areas, including deployment, monitoring, incident response, and capacity management.
  4. Monitoring and Alerting:
    • Effective monitoring and alerting are crucial for detecting and responding to issues proactively.
    • SRE teams use monitoring tools to collect and analyze metrics, track the health and performance of systems, and identify potential problems.
    • Alerting systems notify teams about incidents or deviations from expected behavior, allowing for timely responses.
  5. Incident Management:
    • SRE follows a structured approach to incident management, aiming to minimize the impact of incidents on service reliability and user experience.
    • Incident response processes include escalation paths, on-call rotations, incident retrospectives, and postmortems to learn from failures and prevent recurrence.
  6. Capacity Planning:
    • SRE teams perform capacity planning to ensure that systems have sufficient resources to handle current and future workloads.
    • Capacity planning involves forecasting demand, monitoring resource utilization, and scaling infrastructure as needed to maintain performance and reliability.
  7. Blameless Culture:
    • SRE promotes a blameless culture where individuals are encouraged to take risks, learn from failures, and collaborate to improve systems.
    • Postmortems focus on identifying root causes and systemic issues rather than assigning blame to individuals.
  8. Continuous Improvement:
    • SRE emphasizes continuous improvement through iterative processes, experimentation, and feedback loops.
    • Teams regularly review performance, reliability, and user feedback to identify opportunities for optimization and enhancement.

By embracing these principles, SRE teams strive to build and operate resilient and scalable systems that meet user expectations for reliability and performance.