Archive for the ‘Documentation’ Category

Wireshark notes

The following works to perform a network trace for 1 hour (-a duration:3600) and to create multiple files of 10MB in size (-b filesize:10240). Files will have a “test” (-w test) prefix. The “-p” is to capture in promiscus mode. This uses less system resources than trying to achieve the same thing using the wireshark gui.

dumpcap -a duration:3600 -b filesize:10240 -w test -p

To merge all the captures in one file:

mergecap -w bigfile littlefiles

For example:

mergecap -w all.cap one.cap two.cap etc.cap

Or:

mergecap -w all.cap small*.cap

To use tshark (installed with wireshark) to filter a capture without using the GUI (much more efficient):

tshark -R “anydisplayfilters” -r inputfilename -w outputfilename

For example, here are two display filter examples. They are similar to the ones used in wireshark GUI. I kept trying to tcpdump filters, which work fine for capturing.:
tshark -R “ip.addr == 192.168.34.51” -r in.cap -w out-filtered.cap
tshark -R “ip.addr == 192.168.34.0/24” -r in.cap -w out-filtered.cap

Filter notes:
How to filter a time range:
(frame.time >= “mmm dd, yyyy hh:mm:ss”) && (frame.time <= "mmm dd, yyyy hh:mm:ss")

MacOSX Leopard – enable network services.

I found the following from the Apple forums (http://discussions.apple.com/thread.jspa?threadID=1203870):

To enable telnet and other Inet services, you edit the files in /System/Library/LaunchDaemons . For telnet, you edit the file /*System/Library/LaunchDaemon/telnet.plist*. Change line 5 from Disabled to Enabled. Then restart your mac. I’m sure there’s a way to avoid having to restart the computer, but I haven’t found it (admittedly, I didn’t spend much time on it) and simply restarting launchd with a killall -HUP launchd didn’t do it.

Extract files from an msi installation package on Vista.

msiexec /a pathToMsi /qb TAGETDIR=pathToTarget

Worked well with Citrix ICA client package.

Acid2 Browser Test

Acid2 is a test page, written to help browser vendors ensure proper support for web standards in their products.

http://www.webstandards.org/action/acid2/

Fedora System Recovery information

Much of this information would be applicable to RedHat and CentOS as well. Information about single user mode, reinstalling grub, lvm in rescure mode, RAID device recovery and dealing with disk images.

Source: http://dailypackage.fedorabook.com/index.php?/categories/11-System-Recovery-Week

Fedora System Recovery information

Protected: How to setup ssh – Tru64 to linux too.

This content is password protected. To view it please enter your password below:

How to resize ext3 on DL360 running RH 7.2

´╗┐With the system up:
Get current disk configuration using df, df -h, fdisk -l /dev/ida/c0d0, and fdisk -s /dev/ida/c0d0p7 (for any partitions you want to resize).

Replace the left drive with a 36GB drive, and allow mirror to re-create.

Once completed, replace the right drive with a 36GB drive and allow mirror to re-create.

Boot system off the Smart Start 5.50 CD.

Select Array Configuration Utility.

Click cancel on the message regarding unallocated space.

Select the Logical drive and click Expand. This process takes between 2 and 3 hours to complete.

Boot the system in single user mode.

Make sure all the drives are mounted.

Get current disk configuration using df, df -h, fdisk -l /dev/ida/c0d0, and fdisk -s /dev/ida/c0d0p7 (for any partitions you want to resize). Fdisk should show more available cylinders than before.

Umount /opt.

Umount /dev/ida/c0d0p7.

Fsck -n /dev/ida/c0d0p7.

Tune2fs -O ^has_journal /dev/ida/c0d0p7.

Fdisk /dev/ida/c0d0.

Select p.

# df
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/ida/c0d0p2 4031872 3481192 345864 91% /
/dev/ida/c0d0p7 6694568 6151136 203368 97% /opt
none 579996 0 579996 0% /dev/shm
/dev/ida/c0d0p6 2602280 2259876 210216 92% /var

# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/ida/c0d0p2 3.8G 3.4G 337M 91% /
/dev/ida/c0d0p7 6.4G 5.9G 198M 97% /opt
none 566M 0 566M 0% /dev/shm
/dev/ida/c0d0p6 2.5G 2.2G 205M 92% /var

# fdisk -l /dev/ida/c0d0

Disk /dev/ida/c0d0: 255 heads, 32 sectors, 8716 cylinders
Units = cylinders of 8160 * 512 bytes

Device Boot Start End Blocks Id System
/dev/ida/c0d0p1 1 9 36704 12 Compaq diagnostics
/dev/ida/c0d0p2 * 10 1013 4096320 83 Linux
/dev/ida/c0d0p3 1014 4357 13643520 5 Extended
/dev/ida/c0d0p5 1014 2042 4198304 82 Linux swap
/dev/ida/c0d0p6 2043 2690 2643824 83 Linux
/dev/ida/c0d0p7 2691 4357 6801344 83 Linux

# lsof /opt

# umount /opt

# fsck -n /dev/ida/c0d0p7
fsck 1.26 (3-Feb-2002)
e2fsck 1.26 (3-Feb-2002)
/opt: clean, 33466/850304 files, 1564478/1700336 blocks

# tune2fs -O ^has_journal /dev/ida/c0d0p7
tune2fs 1.26 (3-Feb-2002)

# fdisk /dev/ida/c0d0

The number of cylinders for this disk is set to 8716.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): p

Disk /dev/ida/c0d0: 255 heads, 32 sectors, 8716 cylinders
Units = cylinders of 8160 * 512 bytes

Device Boot Start End Blocks Id System
/dev/ida/c0d0p1 1 9 36704 12 Compaq diagnostics
/dev/ida/c0d0p2 * 10 1013 4096320 83 Linux
/dev/ida/c0d0p3 1014 4357 13643520 5 Extended
/dev/ida/c0d0p5 1014 2042 4198304 82 Linux swap
/dev/ida/c0d0p6 2043 2690 2643824 83 Linux
/dev/ida/c0d0p7 2691 4357 6801344 83 Linux

Command (m for help): d
Partition number (1-7): 3

Command (m for help): p

Disk /dev/ida/c0d0: 255 heads, 32 sectors, 8716 cylinders
Units = cylinders of 8160 * 512 bytes

Device Boot Start End Blocks Id System
/dev/ida/c0d0p1 1 9 36704 12 Compaq diagnostics
/dev/ida/c0d0p2 * 10 1013 4096320 83 Linux

Command (m for help): n
Command action
e extended
p primary partition (1-4)
e
Partition number (1-4): 3
First cylinder (1014-8716, default 1014):
Using default value 1014
Last cylinder or +size or +sizeM or +sizeK (1014-8716, default 8716):
Using default value 8716

Command (m for help): n
Command action
l logical (5 or over)
p primary partition (1-4)
l
First cylinder (1014-8716, default 1014):
Using default value 1014
Last cylinder or +size or +sizeM or +sizeK (1014-8716, default 8716): 2042

Command (m for help): n
Command action
l logical (5 or over)
p primary partition (1-4)
l
First cylinder (2043-8716, default 2043):
Using default value 2043
Last cylinder or +size or +sizeM or +sizeK (2043-8716, default 8716): 2690

Command (m for help): n
Command action
l logical (5 or over)
p primary partition (1-4)
l
First cylinder (2691-8716, default 2691):
Using default value 2691
Last cylinder or +size or +sizeM or +sizeK (2691-8716, default 8716):
Using default value 8716

Command (m for help): p

Disk /dev/ida/c0d0: 255 heads, 32 sectors, 8716 cylinders
Units = cylinders of 8160 * 512 bytes

Device Boot Start End Blocks Id System
/dev/ida/c0d0p1 1 9 36704 12 Compaq diagnostics
/dev/ida/c0d0p2 * 10 1013 4096320 83 Linux
/dev/ida/c0d0p3 1014 8716 31428240 5 Extended
/dev/ida/c0d0p5 1014 2042 4198304 83 Linux
/dev/ida/c0d0p6 2043 2690 2643824 83 Linux
/dev/ida/c0d0p7 2691 8716 24586064 83 Linux

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Re-read table failed with error 16: Device or resource busy.
Reboot your system to ensure the partition table is updated.

WARNING: If you have created or modified any DOS 6.x
partitions, please see the fdisk manual page for additional
information.
Syncing disks.

# shutdown -r now

Boot in single user mode

# resize2fs /dev/ida/c0d0p7
resize2fs 1.26 (3-Feb-2002)
The filesystem on /dev/ida/c0d0p7 is now 6146516 blocks long.

# fsck -n /dev/ida/c0d0p7
fsck 1.26 (3-Feb-2002)
e2fsck 1.26 (3-Feb-2002)
/opt: clean, 33466/3074176 files, 1626059/6146516 blocks

# tune2fs -j /dev/ida/c0d0p7
tune2fs 1.26 (3-Feb-2002)
Creating journal inode: done
This filesystem will be automatically checked every -1 mounts or
0 days, whichever comes first. Use tune2fs -c or -i to override.

# shutdown -r now

Fedora 7 mount usb drive

This is the command I used to mount a cruzer usb stick drive, so that user with uid 502 could write to the drive:

mount -rw -t vfat -o exec,uid=502,umask=0000 /dev/sdb1 /mnt/cardreader

Note: Found the device by doing a fdisk -l after connecting the drive.

Dhcp version 3.05 configuration example

Here is what I think is a pretty good example of some different things I was able to do with MAC addresses and assignments with a configuration for dhcp version 3.05. This is the version I tested and implemented this config with:

authoritative;
ddns-update-style none;

option domain-name “domain.name”;
option domain-name-servers xxx.xxx.xxx.xxx;
option subnet-mask 255.xxx.xxx.xxx;
option routers xxx.xxx.xxx.xxx;
option netbios-name-servers xxx.xxx.xxx.xxx;
option netbios-node-type 8;
deny bootp;
default-lease-time 864000; # 10 days
server-name “dhcp.server.name”;

# To assign a particular range to certain NICs
group {
subnet xxx.xxx.xxx.xxx netmask 255.xxx.xxx.xxx {
class “TERMINALS” {
match substring (hardware,1,3);
}
subclass “TERMINALS” 00:80:64;
pool {
allow members of “TERMINALS”;
range xxx.xxx.xxx.1 xxx.xxx.xxx.254;
}
pool {
range xxx.xxx.yyy.1 xxx.xxx.yyy.254;
}

# To statically assign the an address to a particular MAC address
host hostname1 {
hardware ethernet XX:XX:XX:XX:XX:XX;
fixed-address xxx.xxx.zzz.1;
}
host hostname2 {
# hardware ethernet YY:YY:YY:YY:YY:YY;
fixed-address xxx.xxx.zzz.2;
}
}
}

# To offer addresses to remote subnets.
group {
# This is a generic example that will provide only one address.
# The range can be changed to provide more addresses.
subnet zzz.zzz.zzz.0 netmask 255.xxx.xxx.xxx {
range zzz.zzz.zzz.200 zzz.zzz.zzz.200;
}

# This example will only assign one address to a particular MAC address.
# This is the only NIC that will get an address. All others will not be
# offered an address on this subnet.
subnet aaa.aaa.aaa.0 netmask 255.xxx.xxx.xxx {
class “PC” {
match substring (hardware,1,6);
}
subclass “PC” ZZ:ZZ:ZZ:ZZ:ZZ:ZZ;
pool {
allow members of “PC”;
range aaa.aaa.aaa.203 aaa.aaa.aaa.203;
}
}

# This example will open up a range of addresses, and offer the same address
# each time to the NIC with MAC address described as hostname3
subnet bbb.bbb.bbb.0 netmask 255.xxx.xxx.xxx {
range bbb.bbb.bbb.200 bbb.bbb.bbb.210;
group {
host hostname3 {
hardware ethernet AA:AA:AA:AA:AA:AA;
fixed-address bbb.bbb.bbb.222;
}
}

}
}

vmstat and paging vs swapping

Good explaination from the Linux Journal website:

Monitoring Virtual Memory with vmstat
By Brian Tanaka
Created 2005-10-31 02:00

Just using a lot of swap space doesn’t necessarily mean that you need more memory. Here’s how to tell when Linux is happy with the available memory and when it needs more.

Linux novices often find virtual memory mysterious, but with a grasp of the fundamental concepts, it’s easy to understand. With this knowledge, you can monitor your system’s memory utilization using vmstat and detect problems that can adversely affect system performance.
How Virtual Memory Works

Physical memory-the actual RAM installed-is a finite resource on any system. The Linux memory handler manages the allocation of that limited resource by freeing portions of physical memory when possible.

All processes use memory, of course, but each process doesn’t need all its allocated memory all the time. Taking advantage of this fact, the kernel frees up physical memory by writing some or all of a process’ memory to disk until it’s needed again.

The kernel uses paging and swapping to perform this memory management. Paging refers to writing portions, termed pages, of a process’ memory to disk. Swapping, strictly speaking, refers to writing the entire process, not just part, to disk. In Linux, true swapping is exceedingly rare, but the terms paging and swapping often are used interchangeably.

When pages are written to disk, the event is called a page-out, and when pages are returned to physical memory, the event is called a page-in. A page fault occurs when the kernel needs a page, finds it doesn’t exist in physical memory because it has been paged-out, and re-reads it in from disk.

Page-ins are common, normal and are not a cause for concern. For example, when an application first starts up, its executable image and data are paged-in. This is normal behavior.

Page-outs, however, can be a sign of trouble. When the kernel detects that memory is running low, it attempts to free up memory by paging out. Though this may happen briefly from time to time, if page-outs are plentiful and constant, the kernel can reach a point where it’s actually spending more time managing paging activity than running the applications, and system performance suffers. This woeful state is referred to as thrashing.

Using swap space is not inherently bad. Rather, it’s intense paging activity that’s problematic. For instance, if your most-memory-intensive application is idle, it’s fine for portions of it to be set aside when another large job is active. Memory pages belonging to an idle application are better set aside so the kernel can use physical memory for disk buffering.
Using vmstat

vmstat, as its name suggests, reports virtual memory statistics. It shows how much virtual memory there is, how much is free and paging activity. Most important, you can observe page-ins and page-outs as they happen. This is extremely useful.

To monitor the virtual memory activity on your system, it’s best to use vmstat with a delay. A delay is the number of seconds between updates. If you don’t supply a delay, vmstat reports the averages since the last boot and quit. Five seconds is the recommended delay interval.

To run vmstat with a five-second delay, type:

vmstat 5

You also can specify a count, which indicates how many updates you want to see before vmstat quits. If you don’t specify a count, the count defaults to infinity, but you can stop output with Ctrl-C.

To run vmstat with ten updates, five seconds apart, type:

vmstat 5 10

Here’s an example of a system free of paging activity:

procs memory swap io system cpu
r b w swpd free buff cache si so bi bo in cs us sy id
0 0 0 29232 116972 4524 244900 0 0 0 0 0 0 0 0 0
0 0 0 29232 116972 4524 244900 0 0 0 0 2560 6 0 1 99
0 0 0 29232 116972 4524 244900 0 0 0 0 2574 10 0 2 98

All fields are explained in the vmstat man page, but the most important columns for this article are free, si and so. The free column shows the amount of free memory, si shows page-ins and so shows page-outs. In this example, the so column is zero consistently, indicating there are no page-outs.

The abbreviations so and si are used instead of the more accurate po and pi for historical reasons.

Here’s an example of a system with paging activity:

procs memory swap io system cpu
r b w swpd free buff cache si so bi bo in cs us sy id
. . .
1 0 0 13344 1444 1308 19692 0 168 129 42 1505 713 20 11 69
1 0 0 13856 1640 1308 18524 64 516 379 129 4341 646 24 34 42
3 0 0 13856 1084 1308 18316 56 64 14 0 320 1022 84 9 8

Notice the nonzero so values indicating there is not enough physical memory and the kernel is paging out. You can use top and ps to identify the processes that are using the most memory.

You also can use top to show memory and swap statistics. Here is an example of the uppermost portion of a typical top report:

14:23:19 up 348 days, 3:02, 1 user, load average: 0.00, 0.00, 0.00
55 processes: 54 sleeping, 1 running, 0 zombie, 0 stopped
CPU states: 0.0% user, 2.4% system, 0.0% nice, 97.6% idle
Mem: 481076K total, 367508K used, 113568K free, 4712K buffers
Swap: 1004052K total, 29852K used, 974200K free, 244396K cached

For more information about top, see the top man page.
Conclusion

It isn’t necessarily bad for your system to be using some of its swap space. But if you discover your system is often running low on physical memory and paging is causing performance to suffer, add more memory. If you can’t add more memory, run memory-intensive jobs at different times of the day, avoid running nonessential jobs when memory demand is high or distribute jobs across multiple systems if possible.

Return top

INFORMATION