Quick how to on capturing HTTP headers using tcpdump on a web server (running Linux).
[bash] tcpdump -s 1024 -C 1024000 -w /tmp/httpcapture dst port 80 [/bash]
For my notes.. If you ever wanted to check the status of a bonded interface configure in Linux (esp RHEL), you can check the status by running the following command
[root@serverxyz bin]# cat /proc/net/bonding/bond0
i.e. assuming the name of your bond interface is bond0.
Output from the command
Ethernet Channel Bonding Driver: v3.4.0 (October 7, 2008) Bonding Mode: fault-tolerance (active-backup) Primary Slave: eth3 (primary_reselect always) Currently Active Slave: eth3 MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth3 MII Status: up Link Failure Count: 0 Permanent HW addr: 00:10:18:6e:b8:1a Slave Interface: eth0 MII Status: up Link Failure Count: 0 Permanent HW addr: 00:21:5e:11:34:32
The configuration files involved are
/etc/sysconfig/network-scripts/ifcfg-bond0 (Bond Interface)
DEVICE=bond0 IPADDR=10.10.40.26 NETMASK=255.255.255.0 ONBOOT=yes BOOTPROTO=none USERCTL=no GATEWAY=10.10.40.1 NETWORK=10.10.40.0 BROADCAST=10.10.40.255 TYPE=Ethernet
/etc/sysconfig/network-scripts/ifcfg-eth3 (Primary Interface)
DEVICE=eth3 BOOTPROTO=none ONBOOT=yes HWADDR=00:10:18:6e:b8:1a MASTER=bond0 SLAVE=yes TYPE=Ethernet USERCTL=no
/etc/sysconfig/network-scripts/ifcfg-eth0 (Secondary Interface)
DEVICE=eth0 HWADDR=00:21:5e:11:34:32 USERCTL=no ONBOOT=yes MASTER=bond0 SLAVE=yes BOOTPROTO=none TYPE=Ethernet
I am sure a lot of people shop on express.com , but I probably get the credits for being the first blogger to post that express.com has not been responding to DNS queries since ~7:00 PM CST (4/26). Looks like Qwest is hosting DNS for Express. The name servers (most probably global load balancers) are not responding to DNS requests.
Here’s what I get, when I queried for www.express.com
I feel for the poor ops team scrambling around to bring up the service :). Another reason, you want diversity in your DNS hosting.
We ran into an issue at work recently, which prompted us to do some performance testing on some of our Linux servers. The requirement was to stress test the key components of the server (CPU, RAM, HDD, Network) and prove that different servers with the same configuration were capable of performing identically. Pretty simple right :).. The challenge was to find tools that could be run to stress test each of the components. There were a lot of tools for CPU and memory (RAM) testing, but not a lot for network and hard drive (HDD) testing. After searching high and low, we found a couple of tools, that I wanted to document here for future reference.
I found a pretty interesting tool called Iozone written by William Norcott (Oracle) and Don Capps. You can get the source code and builds for major OSs at http://iozone.org . Despite installing the program using RPM, we were not able to run the program without specifying the complete path.
There are a ton of options for the program, but the easiest method to run it was in automated mode with the output going to an Excel spreadsheet (more like a glorified CSV file 🙂 ). Here is the command we used
/opt/iozone/bin/iozone -a -Rb output_excel_file.xls
The “-a” is to tell the program in automated mode and the “-Rb” is to tell the program to format the output in Excel format. And you can then go ahead and open the spreadsheet in Excel and create 3D graphs to check and compare the output.
Most of the information out there in terms of testing the network stack of a machine is either to copy large files over a network share or via FTP. We didn’t find that was enough to really max out a Gigport since there were protocol limitations that didn’t allow us to saturate the network port. After some searching, we stumbled across a tool called “ettcp” on Sourceforge. ettcp itself is an offshoot of ttcp. ttcp (stands for test tcp) was created to test network performance between two nodes. I couldn’t find any place to download ttcp itself, but you can download ettcp at http://ettcp.sourceforge.net/.
We used a server, to act as a common receiver for all the servers we intended to do a performance test on. Here are the commands we used to run the test
RECEIVER (Common Server)
./ettcp -r -s -f M
The options are
TRANSMITTER (Test Servers)
./ettcp -t -s receiver_hostname -n 10000000 -f M
the options are
[UPDATE] Wireshark works without any issues as of version 1.2.3. This release includes WinPcap 4.1.1, which has support for Windows 7 and 2008. Looks like the issue was with the drivers not being signed digitally.
I recently upgraded my laptop to Windows 7 RC from the beta version I was testing earlier. As part of installing my standard set of tools, I tried to install Wireshark (open source network capture tool), and ran into an error due to the UAC security settings. Essentially, Windows was blocking the install of WinPcap (network capture driver). I solved it by enabling compatibility mode on the install executable. Here are the steps to install Wireshark on Windows 7.
P.S : WinPCap is apparently going to come out with a new version soon that is compatible with Windows 7.
I ran into a challenge recently, when I tried to connect to my IM services (Yahoo, MSN, AOL, GTalk) using Pidgin in a secured network. For some reason, the network administrator thought that he/she should make life hell for people trying to log into IM. I will have a whole new rant about companies trying to lock down networks thinking they are making the employees productive..
Here’s what I did to connect to my IM services.
If you are the proud owner of an iPod touch, you would have noticed that the Google maps application on it identifies your current location with scary preciseness. Every wonder, how the touch manages to do that without a GPS or cellular receiver? Apparently, Apple uses a service from a company called Skyhook Wireless to do this. And how does Skyhook achieve this? They drive around in vehicles scanning for wi-fi signals and create a database that matches the SSID and MAC Address with the physical address. Put on your tin hats folks!! 🙂
Some interesting links
Apple’s use of Skyhook : http://www.skyhookwireless.com/inaction/apple.php
How Skyhook does it : http://www.skyhookwireless.com/howitworks/wps.php
Simple how to for installing Wireshark, open source network capture/analysis tool on default install of Fedora 9.
Enjoy :)..
I discovered IBM Page Detailer, a tool to analyze web traffic between a client and a server in a graphical format, while listening to the brilliant Steve Sounder’s lecture on “Even Faster Web Sites” from the Google I/O 2008 conference. And credit goes to Ray for posting the list of videos from the Google I/O conference.
Am still playing around with this tool, but it looks like there is a lot of potential here. Rather than acting as a proxy, like most of the HTTP analyzers do, this tool actually places a probe in the clients network stack. And not to mention that it is free to use :).
I wrote ~2 years ago, about accessing the Internet, while I was flying at 35,000 feet in the air. Since then, the company that provided this service, Connexion, has declared bankruptcy and everyone pretty much wrote off the market for in-air Internet access. Looks like enough people want it 🙂 and several companies are reentering this market. This article at news.com claims that most of the US air-carriers will have some kind of broadband service available in the next 2 years. Say goodbye to the last “Internet free” place on earth 🙂
