Archive

Archive for the ‘Unix’ Category

u2wcap: circular trace, stop when event detected

July 5th, 2017 Comments off

This script is part of a series of scripts that perform packet capture between two endpoints.  In this case, the endpoints are a Unix machine and a windows machine. This script was tested with the “source endpoint” as a Redhat Linux and the “target endpoint” a Windows 2016 Server machine.   The circular traces are started on each machine and stopped whenever an event is detected on the Unix side.  In this case the event is to monitor a file for a particular string.

Requirements: Wireshark installed on Windows.  OpenSSH installed on windows.


#Author: Garland R. Joseph, garland.joseph@gmail.com
# Date: May 2017
#
# This script is offered as is. It is designed to
# run a circular trace using tcpdump on UNIX system
# and wireshark on Windows systems.
#
# You will either have to manually enter the password
# for the root account on the remote system or setup
# ssh keys from promptless access.
#
# The traces will stop once a key string SEARCH_STRING is
# found in LOG_FILE.
#
# Note: Some UNIX systems like LINUX Fedora will
# result in permsission denied when using
# tcpdump -W and -C options and writing to / or /root.
#
# Modify the REM_INTERFACE parameter below to fix the interface number
# on the windows system. Do a tshark -D to determine the interface number.
#
#
# -----

#
# Defaults
#

USAGE="u2wcap [-v] [ -c capture_file ] [ -w secs ] -h remote_host -l log_file -s search_string"
DEBUG=false
SLEEP_TIME="5" #seconds
LOCAL_CAPTURE_FILE="/tmp/capture"
TCPDUMPCMD="tcpdump -C 1 -W 2 -w ${LOCAL_CAPTURE_FILE}"

#
# Options for remote tracing
#

REM_CAP_FILE="capture.windows"
REM_USER="wireshark"
REM_INTERFACE="4"
FILESIZE=1000 #units or kB, so this means 1 Meg
#FILESIZE=500000 #512 Meg
#$FILESIZE=1000000 #units or kB, so this means 1 Gig
FILECOUNT="2" #creates a count of FILECOUNT of trace files at most of size FILESIZE
TSHARK_LOCATION="c:\progra~1\wireshark\tshark"
#TRACECMD="$TSHARK_LOCATION -b filesize:$FILESIZE -b files:$FILECOUNT -w ${REM_CAP_FILE}"
TRACECMD="$TSHARK_LOCATION -b filesize:$FILESIZE -b files:$FILECOUNT -w ${REM_CAP_FILE} -i ${REM_INTERFACE}"


#
# Process command line arguments
#

while getopts ":vc:w:l:s:h:" opts
do
case ${opts} in
v) DEBUG=true ;;
c) CAPTURE_FILE=${OPTARG} ;;
w) SLEEP_TIME=${OPTARG} ;;
s) SEARCH_STRING=${OPTARG} ;;
l) LOG_FILE=${OPTARG} ;;
h) REMOTE_HOST=${OPTARG} ;;
":") echo "Please specify a value for ${OPTARG}" ; exit ;;
\?) echo "${OPTARG} is not a valid switch" ; echo "${USAGE}" ; exit;;
esac
done

#
# Insure required values have been specified, check for existence of
# log file, getops should handle case of no values for -l and -s.
# A sanity check in the event getopts varies per unix
#

if [[ -z ${SEARCH_STRING} || -z ${LOG_FILE} || -z ${REMOTE_HOST} ]]
then
echo ${USAGE}
exit
fi
if ! [[ -f ${LOG_FILE} ]]
then
echo "File ${LOG_FILE} does not exist"
exit
fi

#
# Start trace on remote host
#
$(ssh ${REM_USER}@${REMOTE_HOST} ${TRACECMD})& 2>&1 > /dev/null

#
# Start trace on this host
#

${TCPDUMPCMD} 2>/dev/null 1>/dev/null &
LOCAL_PID=$!
${DEBUG} && echo "${0}-I-LOCAL_PID, local pid is ${LOCAL_PID}."

#
# Monitor log file
#

old_count=`grep -c ${SEARCH_STRING} ${LOG_FILE}`
(( new_count=old_count ))
(( i = 0 ))
while (( old_count == new_count ))
do
(( i++ ))
${DEBUG} && echo "${0}-F-SLEEP, sleeping ${SLEEP_TIME}, iternation ${i}."
sleep ${SLEEP_TIME}
new_count=`grep -c ${SEARCH_STRING} ${LOG_FILE}`
done

#
# At this point, search string has been found, stop traces
#

kill ${LOCAL_PID}
ssh ${REM_USER}@${REMOTE_HOST} taskkill /f /fi \"imagename eq tshark*\"

#
# Reminders
#

echo "Consult files ${REM_CAP_FILE} on remote host ${REMOTE_HOST} and ${LOC_CAP_FILE} on local host."

exit

 

Categories: Unix Tags:

AIX Power Diagrams for Trouble-Shooting

June 26th, 2017 Comments off

Draw a Picture

Drawing a diagram is one of the best ways to reduce the complexity of a problem. This is especially true in the case of trouble-shooting issues with IBM Power Systems.  The following set of diagrams are templates–of a sort–that can be used to aid in resolving LPM and Network issues.  I  go to extreme detail when working with clients where I engage multiple support teams (such as system and network administrators).  The diagrams serve as a big picture among groups that may not have shared information.

General Overview of Power Frames: Components

The following diagram shows a likely scenario: multiple frames, redundant VIOS servers, multiple SEAs (NIB setup not shown), and redundant HMCs.

Physical Adapters, SEAs and VLANs

The following diagram drills deeper into the VIOs, showing the relationship between physical adapters that make up an Etherchannel,  SEAs, and VLANs.

Big Picture

Finally, we add the LPARS and IP address spaces belonging to the VLANs.   Useful commands like lsdev -Ccadapter and entstat -d <SEA>  reveal the information contained in the diagram.

Summary

I encourage system administrators to draw these types of diagrams and include the necessary details to engage other department teams: other administrators,  network administrators, and application developers.

Categories: Unix Tags: , ,

u2ucap: circular trace, stop when event detected

May 1st, 2017 Comments off

This script is part of a series of scripts that perform packet capture between two endpoints.  In this case the endpoints are two UNIX/LINUX machines.  The script was tested with the “source endpoint” as a Redhat machine and a “target endpoint” as an Ubuntu machine.  The circular traces are started on each machine and stopped whenever an event is detected.  In this case the event is to monitor a file for a particular string.

Requirements: tcpdump

# Author: Garland R. Joseph, garland.joseph@gmail.com
#   Date: May 2017
#
# This script is offered as is.  It is designed to
# run a circular trace using tcpdump on UNIX systems.
#
# You will either have to manually enter the password
# for the root account on the remote system or setup
# ssh keys from prompt-less access.
#
# Default file size is 2 x 1 GB per endpoint.
#
# The traces will stop once a key string SEARCH_STRING is
# found in LOG_FILE.
#
# Note:   Some UNIX systems line LINUX Fedora will
#         result in permsission denied when using
#         tcpdump  -W and -C options and writing to / or /root.
#
#         Tested on Source endpoint Redhat and Target endpoint Ubuntu.
# -----

#
# Defaults
#

USAGE="u2ucap [-v]  [ -c capture_file ] [ -w secs ] -h remote_host -l log_file -s search_string"
DEBUG=false
CAPTURE_FILE="/tmp/capture"
SLEEP_TIME="5"   #seconds
SEARCH_STRING=""
LOG_FILE=""
REMOTE_HOST=""
TCPDUMPCMD="tcpdump -C 1 -W 2 -w ${CAPTURE_FILE}"

#
# Process command line arguments
#

while getopts ":vc:w:l:s:h:" opts
do
 case ${opts} in
   v) DEBUG=true ;;
   c) CAPTURE_FILE=${OPTARG} ;;
   w) SLEEP_TIME=${OPTARG} ;;
   s) SEARCH_STRING=${OPTARG}  ;;
   l) LOG_FILE=${OPTARG} ;;
   h) REMOTE_HOST=${OPTARG} ;;
   ":") echo "Please specify a value for ${OPTARG}" ; exit ;;
  \?) echo "${OPTARG} is not a valid switch" ; echo "${USAGE}" ; exit;;
 esac
done

#
# Insure required values have been specified, check for existence of
# log file, getops should handle case of no values for -l and -s.
# A sanity check in the event getopts varies per unix
#

if [[ -z ${SEARCH_STRING} || -z ${LOG_FILE} || -z ${REMOTE_HOST} ]]
then
 echo ${USAGE}
 exit
fi

if ! [[ -f ${LOG_FILE} ]]
then
 echo "File ${LOG_FILE} does not exist"
 exit
fi

#
# Start trace on remote host
#

ssh root@${REMOTE_HOST} ${TCPDUMPCMD} 2>/dev/null 1>/dev/null &
REMOTE_PID=`ssh root@${REMOTE_HOST} ps -aef | egrep tcpdump | egrep -v grep | awk '{print $2}'`
${DEBUG} && echo "${0}-I-REMOTE_PID, remote pid is ${REMOTE_PID}."
#
# Start trace on this host
#
#${TCPDUMPCMD} 2>/dev/null 1>/dev/null &
exec ${TCPDUMPCMD} 2>/dev/null 1>/dev/null &
LOCAL_PID=$!
${DEBUG} && echo "${0}-I-LOCAL_PID, local pid is ${LOCAL_PID}."

#
# Monitor log file
#

old_count=`grep -c ${SEARCH_STRING} ${LOG_FILE}`
(( new_count=old_count ))
(( i = 0 ))
while (( old_count == new_count ))
do
   (( i++ ))
   ${DEBUG} && echo "${0}-F-SLEEP, sleeping ${SLEEP_TIME}, iteration ${i}."
   sleep ${SLEEP_TIME}
   new_count=`grep -c ${SEARCH_STRING} ${LOG_FILE}`
done

#
#  At this point, search string has been found, stop traces
#

###${DEBUG} && set -x
kill ${LOCAL_PID}
ssh root@${REMOTE_HOST} kill ${REMOTE_PID}
####${DEBUG} && set +x

#
# Verbose only reminders
#

####${DEBUG} && echo "Consult files ${CAPTURE_FILE} on local and remote host."

exit