Monitoring your website on a shared host is vital to the well being of your existence on the internet. There are several online services that will do this for you in exchange for a small price. While they may be a bit more accurate, I would like to share with you how to use RRDTool to monitor your website’s response time yourself.
image via rrdwiki (didn’t use mine because it hasn’t completed a full cycle yet.)
NOTE: I am using Ubuntu based Linux Mint. This process should be the same on other Debian based distributions. If you are not running a Debian based distribution, you may have to modify some paths to the rrdtool executable. Some of this procedure has been taken from the rrdwiki.
The first step is to install RRDTool:
sudo apt-get install rrdtool
-
sudo apt-get install rrdtool
Read the rest of this entry …
Not the official ntop logo – icon courtesy of Tango Desktop Project
Forget about tools like lsof and netstat for trouble shooting and analyzing network traffic. Ntop blows everything else away. It comes jam packed with a web interface and outputs more data than you can shake a stick at. Ntop analyzes everything about how, where, when, and what your PC is connecting to on the internet.
I am running Linux Mint — installation is a cinch. This procedure should be the same on Ubuntu and other Debian based distributions. Make sure you have the universe repositories enabled.
sudo apt-get install ntop
The above will install ntop, now set a password:
sudo ntop --set-admin-password
Start ntop with the following command:
sudo ntop -u ntop -d -i eth0
Read the rest of this entry …
Dear Vyatta,
During the past couple of months I have been attempting to replace my Cisco 7500 with your routing software. The Vyatta product looked very promising and supported all the protocols and features that I needed including BGP, Bandwidth Management (through the kernel), VRRP, in addition to standard routing with TCP/IP.
I have run into many issues with the Vyatta software. Just to name a few — VRRP limitations, BGP Routing Policy limitations, static routing bugs, not being able to delete static routes and policy configurations, and more.
“I am sad to say, good bye Vyatta”
I am sad to say, good bye Vyatta. I have enjoyed the past two months getting to know you. You have what seems a wonderful team of individuals working towards the better. I would like to send a thanks to the support group and everyone on the mailing list, they were wonderful.
I will continue to support what the Vyatta team is trying to do. Unfortunately, the software is still premature. I, however, am looking forward to the next release so I can give it another try.
I am sure I could force the software to work, but I would hardly be confident with that procedure. That being said — Vyatta cannot replace my Cisco 7500 core router.
Farewell,
Shane
![[Slashdot]](http://slashdot.org/favicon.ico)
![[Digg]](http://digg.com/favicon.ico)
![[Reddit]](http://reddit.com/favicon.ico)
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif)
![[Facebook]](http://www.facebook.com/favicon.ico)
![[Technorati]](http://technorati.com/favicon.ico)
![[Google]](http://www.google.com/favicon.ico)
![[StumbleUpon]](http://www.stumbleupon.com/favicon.ico)
OK, I admit it, I am a BIG geek and proud of it. How do I know this? A good sign is when I start to get the urge to craft my own TCP/IP packets.
Whether you want to test your custom built app, or wreak havoc on the network — packETH allows you to create the perfect Ethernet packets with limitless possiblities through a GUI interface.
By specifying a custom payload, source MAC, destination MAC, source IP, destination IP, you can appear as sending from and to anyone on the network. packETH also allows you to specify how many packets to send up to and infinite amount and speed.
packETH is Linux only and included in Debian based Distributions, and possibly others. Sectools.org has a list of the top 4 packet crafting utilities if packETH doesn’t float your boat or find your lost remote.
You wouldn’t dare to send 4 million broadcast pings originating from an enemy coworker at wire speed, would you?
image by recursion_see_recursion
Port Knocking is a way to open ports on a firewall by attempting to connect to a predefined sequence of closed ports. Once the correct connection attempts are made, the firewall opens the ports to let the source of the connection attempts in through the firewall.
In other words, it is like a combination lock for your firewall/Linux machine.
How is this useful?
There could be several reasons that you would implement port knocking. The best example I can think of is that the system administrator is working on the road, never knowing where he/she would be connecting from.
Usually, I block all ports, except for only network ranges that should connect. Port 80 is a good example, for a web server, where all hosts would be accepted. Port 22, for SSH, would be a good example that I would only allow access from a few, specific addresses. This would be a problem if I worked on the road.
Port knocking would avoid the hassle and allow me to open the firewall from where ever I might be, as long as I knew the sequence of ports to make a connection attempt to.
Ducea.com has written a tutorial if you are interested in implementing port knocking.
What happens when you plug a network switch into itself? Disaster.
image by rob_oter0
Switching loops can be a major problem on a network today. Years ago there were only hubs and routers and this was not an issue. Today, switching loops are detrimental to a TCP/IP network causing slow response times and at worst DoS for every node connected.
But why does something as simple as plugging a switch into itself cause major issues?
Broadcast radiation is an accumulation of broadcast and multicast packets on a network. The final stage of broadcast radiation results in a broadcast storm; any broadcast and possibly unicast packets on the network are repeated and multiplied infinitely, new connections are not accepted, and existing connections are dropped until the problem is rectified.
Read the rest of this entry …
NOTE: See the previous posts about Vyatta.
The Vyatta open source routing platform is built upon XORP, the eXtensible Open Router Platform, and uses templates to execute commands that are entered into the xorpsh, also know as the Vyatta CLI, much like other routing platforms.
For example, when entering show system memory in the Vyatta CLI (xorpsh), the system actually executes free -ot. The Linux free command displays the system memory information and the -ot switch enables the ‘totals’ and ‘buffer adjusted’ lines. The output is displayed in kilobytes by default. There is so much RAM in computers today, that it makes more sense to display the output in megabytes with the -m switch; free -m.
Changing How ’show system memory’ executes:
NOTE: Don’t forget to backup before making changes to these important files!
- Login as root.
- Go to the template directory:
cd /opt/vyatta/share/xorp/templates
- Find the free command:
# grep free *.cmds
rl_misc.cmds: %command: "free -ot" %help: "Show system memory usage";
- See that it’s in the file rl_misc.cmds. Change it from “-ot” to “-m” with sed:
cp rl_misc.cmds rl_misc.cmds.bak
sed -i 's/free -ot/free -m/' rl_misc.cmds
- Try it:
xorpsh
Welcome to Vyatta on vDUT
> show system memory
total used free shared buffers cached
Mem: 250 190 59 0 23 96
-/+ buffers/cache: 70 179
Swap: 0 0 0
This not only applies to the show system memory command, but for all other Vyatta CLI commands as well. Thanks to Stig on the Vyatta-Users mailing list for the hacking tips. If you have any more Vyatta hacks, please email them to me, or leave a comment.
