Saturday, April 16, 2011

NFS Server files

Files that make up NFS server 


Server1:/root# svcs -a | grep /network/nfs/server
online         Mar_20   svc:/network/nfs/server:default
Server1:/root#


1. /etc/dfs/dfstab Lists the local resources to share at boot time.


Server1:/root# cat /etc/dfs/dfstab


#       Place share(1M) commands here for automatic execution
#       on entering init state 3.
#
#       Issue the command 'svcadm enable network/nfs/server' to
#       run the NFS daemon processes and the share commands, after adding
#       the very first entry to this file.
#
#       share [-F fstype] [ -o options] [-d ""] [resource]
#       .e.g,
#       share  -F nfs  -o rw=engineering  -d "home dirs"  /export/home2
Server1:/root#




2. /etc/dfs/sharetab Lists the local resources currently being shared by the NFS server. 


Server1:/root# cat /etc/dfs/sharetab
/zones/zone21/root/data1/archive   -       nfs     rw
/zones/zone22/root/opt/boms     -       nfs     rw
/zones/zone22/root/opt/cd1/interface/audittool/output      -       nfs     rw
/zones/zone22/root/opt/risk/data/ebl/p2p/output     -       nfs     rw
/zones/zone21/root/data1/archive   -       nfs     rw
Server1:/root#


3. /etc/dfs/fstypes Lists the default file system types for remote file systems.


Server1:/root# cat /etc/dfs/fstypes
nfs NFS Utilities
autofs AUTOFS Utilities
cachefs CACHEFS Utilities
Server1:/root#


4. /etc/rmtab Lists file systems remotely mounted by NFS clients. 


Server1:/root# cat  /etc/rmtab
ip-zone29.domain.network.com:/zones/zone21/root/data1/archive/EXPORT/SMSC
Server1:/root#


5. /etc/nfs/nfslog.conf Lists information defining the location of configuration logs used for NFS server logging.


Server1:/root# cat /etc/nfs/nfslog.conf
#ident  "@(#)nfslog.conf        1.5     99/02/21 SMI"
#
# Copyright (c) 1999 by Sun Microsystems, Inc.
# All rights reserved.
#
# NFS server log configuration file.
#
# [ defaultdir= ] \
#       [ log= ] [ fhtable= ] \
#       [ buffer= ] [ logformat=basic|extended ]
#


global  defaultdir=/var/nfs \
        log=nfslog fhtable=fhtable buffer=nfslog_workbuffer
Server1:/root#


6. /etc/default/nfslogd Lists configuration information describing the behavior of the nfslogd daemon for NFSv2/3.


Server1:/root# cat /etc/default/nfslogd
#
#ident  "@(#)nfslogd.dfl        1.8     99/02/27 SMI"
#
# Copyright (c) 1999 by Sun Microsystems, Inc.
# All rights reserved.
#


# Specify the maximum number of logs to preserve.
#
# MAX_LOGS_PRESERVE=10


# Minimum size buffer should reach before processing.
#
# MIN_PROCESSING_SIZE=524288


# Number of seconds the daemon should sleep waiting for more work.
#
# IDLE_TIME=300


# CYCLE_FREQUENCY specifies the frequency (in hours) with which the
# log buffers should be cycled.
#
# CYCLE_FREQUENCY=24


# Use UMASK for the creation of logs and file handle mapping tables.
#
# UMASK=0137
Server1:/root#


7. /etc/default/nfs Contains parameter values for NFS protocols and NFS daemons.


Server1:/root# cat /etc/default/nfs
# ident "@(#)nfs        1.10    04/09/01 SMI"
#
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#


# Sets the maximum number of concurrent connection oriented connections.
# Default is unlimited and is obtained by not setting NFSD_MAX_CONNECTIONS.
# Equivalent to -c.
#NFSD_MAX_CONNECTIONS=


# Set connection queue length for the NFS over a connection-oriented
# transport. The default value is 32 entries.
# Equivalent to -l.
NFSD_LISTEN_BACKLOG=32


# Start NFS daemon over the specified protocol only.
# Equivalent to -p, ALL is equivalent to -a on the nfsd command line.
# Mutually exclusive with NFSD_DEVICE.
NFSD_PROTOCOL=ALL


# Start NFS daemon for the transport specified by the given device only.
# Equivalent to -t.
# Mutually exclusive with setting NFSD_PROTOCOL.
#NFSD_DEVICE=


# Maximum number of concurrent NFS requests.
# Equivalent to last numeric argument on nfsd command line.
NFSD_SERVERS=16


# Set connection queue length for lockd over a connection-oriented transport.
# Default and minimum value is 32.
LOCKD_LISTEN_BACKLOG=32


# Maximum number of concurrent lockd requests.
# Default is 20.
LOCKD_SERVERS=20


# Retransmit Timeout before lockd tries again.
# Default is 5.
LOCKD_RETRANSMIT_TIMEOUT=5


# Grace period in seconds that all clients (both NLM & NFSv4) have to
# reclaim locks after a server reboot. Also controls the NFSv4 lease
# interval.
# Overrides the deprecated setting LOCKD_GRACE_PERIOD.
# Default is 90 seconds.
GRACE_PERIOD=90


# Deprecated.
# As for GRACE_PERIOD, above.
# Default is 90 seconds.
#LOCKD_GRACE_PERIOD=90


# Sets the minimum version of the NFS protocol that will be registered
# and offered by the server.  The default is 2.
#NFS_SERVER_VERSMIN=2


# Sets the maximum version of the NFS protocol that will be registered
# and offered by the server.  The default is 4.
#NFS_SERVER_VERSMAX=4


# Sets the minimum version of the NFS protocol that will be used by
# the NFS client.  Can be overridden by the "vers=" NFS mount option.
# The default is 2.
#NFS_CLIENT_VERSMIN=2


# Sets the maximum version of the NFS protocol that will be used by
# the NFS client.  Can be overridden by the "vers=" NFS mount option.
# If "vers=" is not specified for an NFS mount, this is the version
# that will be attempted first.  The default is 4.
#NFS_CLIENT_VERSMAX=4


# Determines if the NFS version 4 delegation feature will be enabled
# for the server.  If it is enabled, the server will attempt to
# provide delegations to the NFS version 4 client. The default is on.
#NFS_SERVER_DELEGATION=on


# Specifies to nfsmapid daemon that it is to override its default
# behavior of using the DNS domain, and that it is to use 'domain' as
# the domain to append to outbound attribute strings, and that it is to
# use 'domain' to compare against inbound attribute strings.
#NFSMAPID_DOMAIN=domain
Server1:/root#
Posted by at No comments:

Saturday, April 9, 2011

Multipath for SAN disks

When multipathing is enabled, each disk should have more than one path enabled and online.


//One of the path is not online.


root@server1 # luxadm display /dev/rdsk/c6t60060480000290102959533030313139d0s2
DEVICE PROPERTIES for disk: /dev/rdsk/c6t60060480000290102959533030313139d0s2
Vendor: EMC
Product ID: SYMMETRIX
Revision: 5772
Serial Num: 102959119000
Unformatted capacity: 4316.250 MBytes
Read Cache: Enabled
Minimum prefetch: 0x0
Maximum prefetch: 0xffff
Device Type: Disk device
Path(s):


/dev/rdsk/c6t60060480000290102959533030313139d0s2
/devices/scsi_vhci/ssd@g60060480000290102959533030313139:c,raw
Controller /devices/pci@1e,600000/SUNW,qlc@2/fp@0,0
Device Address 5006048c52a7abcc,8
Host controller port WWN 210000e08b0ffe6b
Class primary
State OFFLINE
Controller /devices/pci@1e,600000/SUNW,qlc@3/fp@0,0
Device Address 5006048c52a7abc3,8
Host controller port WWN 210000e08b0f6a6a
Class primary
State ONLINE
root@server1 #
root@server1 #


//Check the number of HBA's connnected to the system. Should bemore than 1 to have multipath enabled.


root@server1 # luxadm -e port


Found path to 4 HBA ports


/devices/pci@1e,600000/SUNW,qlc@2/fp@0,0:devctl CONNECTED
/devices/pci@1e,600000/SUNW,qlc@2,1/fp@0,0:devctl NOT CONNECTED
/devices/pci@1e,600000/SUNW,qlc@3/fp@0,0:devctl CONNECTED
/devices/pci@1e,600000/SUNW,qlc@3,1/fp@0,0:devctl NOT CONNECTED
root@server1 #
root@server1 #


//Check the controllers that are connected to SAN


root@server1 # cfgadm -al | grep fabr
c2 fc-fabric connected configured unknown
c4 fc-fabric connected configured unknown
root@server1 #


//Rescan and Configure each controllers


root@server1 # cfgadm -c configure c2 c4
root@server1 #
root@server1 #


//Recreate device create and clean unwanted devices.


root@server1 # devfsadm -C
root@server1 #
root@server1 #


//Check again if both links are online


root@server1 # luxadm display /dev/rdsk/c6t60060480000290102959533030313139d0s2
DEVICE PROPERTIES for disk: /dev/rdsk/c6t60060480000290102959533030313139d0s2
Vendor: EMC
Product ID: SYMMETRIX
Revision: 5772
Serial Num: 102959119000
Unformatted capacity: 4316.250 MBytes
Read Cache: Enabled
Minimum prefetch: 0x0
Maximum prefetch: 0xffff
Device Type: Disk device
Path(s):


/dev/rdsk/c6t60060480000290102959533030313139d0s2
/devices/scsi_vhci/ssd@g60060480000290102959533030313139:c,raw
Controller /devices/pci@1e,600000/SUNW,qlc@2/fp@0,0
Device Address 5006048c52a7abcc,8
Host controller port WWN 210000e08b0ffe6b
Class primary
State ONLINE
Controller /devices/pci@1e,600000/SUNW,qlc@3/fp@0,0
Device Address 5006048c52a7abc3,8
Host controller port WWN 210000e08b0f6a6a
Class primary
State ONLINE


root@server1 #
root@server1 # for disk in /dev/rdsk/c[0-9]*t600*s2; do echo $disk; luxadm display $disk | grep State; done
/dev/rdsk/c6t60060480000290102959533030313139d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030354638d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030354642d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030354645d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030363031d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030363034d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030363037d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030363041d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030363044d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030363130d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030363133d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030363136d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030363139d0s2
State ONLINE
State ONLINE
/dev/rdsk/c6t60060480000290102959533030363143d0s2
State ONLINE
State ONLINE
root@server1 #
root@server1 #
Posted by at No comments:

Check the network traffic using snoop

snoop -V Summary verbose output
snoop -v Detailed verbose output
snoop -o         filename Redirects the snoop utility output to filename in summary mode
snoop -i filename Displays packets that were previously captured in filename
snoop -C List the code generated from the filter expression for either the kernel packet filter, or snoop's own filter.
snoop -D Display number of packets dropped during capture on the summary line
snoop -P Capture packets in non-promiscuous mode. Only broadcast,multicast, or packets addressed to the host machine will be seen
snoop -S Display size of the entire link layer frame in bytes in the summary line
snoop -c Quit after capturing maxcount  packets. Else contnue till ^c
snoop -d Receive packets from the network using the interface specified. Normally, snoop will automatically choose the first non-loopback interface it finds.
snoop -n Use filename as an  IP  address-to-name  mapping  table. This  file  must  have the same format as the /etc/hosts file (IP address followed by the hostname).
snoop -r Do not resolve the IP address to the symbolic name.
snoop to
snoop from
snoop -i -p Select one or more packets to be displayed from a capture file


============================EXAMPLES============================

bash-3.00# snoop -v
Using device bge0 (promiscuous mode)
ETHER:  ----- Ether Header -----
ETHER:
ETHER:  Packet 1 arrived at 12:05:27.66592
ETHER:  Packet size = 146 bytes
ETHER:  Destination = 0:1c:b0:88:48:0,
ETHER:  Source      = 0:3:ba:d8:98:48,
ETHER:  Ethertype = 0800 (IP)
ETHER:
IP:   ----- IP Header -----
IP:
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:         .... ..0. = not ECN capable transport
IP:         .... ...0 = no ECN congestion experienced
IP:   Total length = 132 bytes
IP:   Identification = 22651
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 60 seconds/hops
IP:   Protocol = 6 (TCP)
IP:   Header checksum = 0000
IP:   Source address = 10.2.185.203, Thishost
IP:   Destination address = 10.1.64.174, Server1.network.com
IP:   No options
IP:
TCP:  ----- TCP Header -----
TCP:
TCP:  Source port = 22
TCP:  Destination port = 60266
TCP:  Sequence number = 1051504699
TCP:  Acknowledgement number = 2429404628
TCP:  Data offset = 32 bytes
TCP:  Flags = 0x18
TCP:        0... .... = No ECN congestion window reduced
TCP:        .0.. .... = No ECN echo
TCP:        ..0. .... = No urgent pointer
TCP:        ...1 .... = Acknowledgement
TCP:        .... 1... = Push
TCP:        .... .0.. = No reset
TCP:        .... ..0. = No Syn
TCP:        .... ...0 = No Fin
TCP:  Window = 49232
TCP:  Checksum = 0x0000
TCP:  Urgent pointer = 0
TCP:  Options: (12 bytes)
TCP:    - No operation
TCP:    - No operation
TCP:    - TS Val = 103734689, TS Echo = 386530019
TCP:



bash-3.00# snoop -V
Using device bge0 (promiscuous mode)
________________________________
      Thishost -> Server1.network.com ETHER Type=0800 (IP), size = 146 bytes
      Thishost -> Server1.network.com IP  D=10.1.64.174 S=10.2.185.203 LEN=132, ID=22921, TOS=0x0, TTL=60
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429408900 Seq=1051522363 Len=80 Win=49232 Options=
op,tstamp 103750042 386545372>


bash-3.00# snoop -o /var/tmp/snoop-op
Using device bge0 (promiscuous mode)
55 ^C
bash-3.00#


bash-3.00#
bash-3.00# file /var/tmp/snoop-op
/var/tmp/snoop-op:      Snoop capture file - version 2
bash-3.00#


bash-3.00# snoop -i /var/tmp/snoop-op
  1   0.00000       Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429410484 Seq=1051528203 Len=80 Win=49232 Options=
  2   0.00177 Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051528283 Seq=2429410484 Len=0 Win=33304 Options=
  3   0.94920   10.2.185.2 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
  4   0.03904 Server1.network.com -> Thishost       ICMP Echo request (ID: 1754 Sequence number: 439)
  5   0.00007       Thishost -> Server1.network.com ICMP Echo reply (ID: 1754 Sequence number: 439)
  6   0.00588       Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429410484 Seq=1051528283 Len=64 Win=49232 Options=
  7   0.09375 Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051528347 Seq=2429410484 Len=0 Win=33304 Options=
  8   0.66092            ? -> (multicast)  ETHER Type=023C (LLC/802.3), size = 53 bytes
  9   0.23910 Server1.network.com -> Thishost       ICMP Echo request (ID: 1754 Sequence number: 440)
 10   0.00006       Thishost -> Server1.network.com ICMP Echo reply (ID: 1754 Sequence number: 440)
 11   0.00598       Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429410484 Seq=1051528347 Len=64 Win=49232 Options=



bash-3.00# snoop -C
Using device bge0 (promiscuous mode)
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429425812 Seq=1051569195 Len=80 Win=49232 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051569275 Seq=2429425812 Len=0 Win=33304 Options=
  10.2.185.1 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
 10.2.185.22 -> BROADCAST    DHCP/BOOTP DHCPINFORM
 10.2.185.22 -> 10.2.185.255 NBT NS Query Request for WPAD[0], Success
sunws7.network.com -> 10.2.185.255 NBT NS Query Request for BELGACOM_MOBILE[1d], Success
 10.2.185.25 -> (broadcast)  ARP C Who is 10.2.185.202, sunws7.network.com ?
sunws14.network.com -> 10.2.185.255 NBT NS Query Request for BELGACOM_MOBILE[1d], Success
 10.2.185.25 -> (broadcast)  ARP C Who is 10.2.185.206, sunws14.network.com ?
  10.2.185.2 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
           ? -> (multicast)  ETHER Type=023C (LLC/802.3), size = 53 bytes
 10.2.185.22 -> 10.2.185.255 NBT NS Query Request for WPAD[0], Success
      Thishost -> Server2.network.com DNS C 1.185.2.10.in-addr.arpa. Internet PTR ?
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429425812 Seq=1051569275 Len=352 Win=49232 Options=
Server2.network.com -> Thishost       DNS R  Error: 3(Name Error)
      Thishost -> Server2.network.com DNS C 22.185.2.10.in-addr.arpa. Internet PTR ?
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429425812 Seq=1051569627 Len=112 Win=49232 Options=
Server2.network.com -> Thishost       DNS R  Error: 3(Name Error)
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051569739 Seq=2429425812 Len=0 Win=33304 Options=
      Thishost -> Server2.network.com DNS C 255.185.2.10.in-addr.arpa. Internet PTR ?
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429425812 Seq=1051569739 Len=96 Win=49232 Options=
Server2.network.com -> Thishost       DNS R  Error: 3(Name Error)
      Thishost -> Server2.network.com DNS C 202.185.2.10.in-addr.arpa. Internet PTR ?
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429425812 Seq=1051569835 Len=112 Win=49232 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051569947 Seq=2429425812 Len=0 Win=33304 Options=
Server2.network.com -> Thishost       DNS R 202.185.2.10.in-addr.arpa. Internet PTR sunws7.network.com.
      Thishost -> Server2.network.com DNS C 25.185.2.10.in-addr.arpa. Internet PTR ?
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429425812 Seq=1051569947 Len=144 Win=49232 Options=
Server2.network.com -> Thishost       DNS R  Error: 3(Name Error)
      Thishost -> Server2.network.com DNS C 2.185.2.10.in-addr.arpa. Internet PTR ?
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429425812 Seq=1051570091 Len=304 Win=49232 Options=
Server2.network.com -> Thishost       DNS R  Error: 3(Name Error)
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051570395 Seq=2429425812 Len=0 Win=33304 Options=
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429425812 Seq=1051570395 Len=256 Win=49232 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051570651 Seq=2429425812 Len=0 Win=33304 Options=
 10.2.185.22 -> 10.2.185.255 NBT NS Query Request for WPAD[0], Success




bash-3.00# snoop -D
Using device bge0 (promiscuous mode)
      Thishost -> Server1.network.com drops: 0 TCP D=60266 S=22 Push Ack=2429427396 Seq=1051577611 Len=80 Win=49232 Options=
Server1.network.com -> Thishost       drops: 0 TCP D=22 S=60266 Ack=1051577691 Seq=2429427396 Len=0 Win=33304 Options=
  10.2.185.1 -> ALL-ROUTERS.MCAST.NET drops: 0 UDP D=1985 S=1985 LEN=28
           ? -> (multicast)  drops: 0 ETHER Type=023C (LLC/802.3), size = 53 bytes
      Thishost -> Server2.network.com drops: 0 DNS C 1.185.2.10.in-addr.arpa. Internet PTR ?
      Thishost -> Server1.network.com drops: 0 TCP D=60266 S=22 Push Ack=2429427396 Seq=1051577691 Len=368 Win=49232 Options=
Server2.network.com -> Thishost       drops: 0 DNS R  Error: 3(Name Error)
      Thishost -> Server1.network.com drops: 0 TCP D=60266 S=22 Push Ack=2429427396 Seq=1051578059 Len=192 Win=49232 Options=
Server1.network.com -> Thishost       drops: 0 TCP D=22 S=60266 Ack=1051578251 Seq=2429427396 Len=0 Win=33304 Options=
  10.2.185.2 -> ALL-ROUTERS.MCAST.NET drops: 0 UDP D=1985 S=1985 LEN=28
      Thishost -> Server2.network.com drops: 0 DNS C 2.185.2.10.in-addr.arpa. Internet PTR ?
      Thishost -> Server1.network.com drops: 0 TCP D=60266 S=22 Push Ack=2429427396 Seq=1051578251 Len=560 Win=49232 Options=
      Thishost -> Server1.network.com drops: 0 TCP D=60266 S=22 Push Ack=2429427396 Seq=1051578811 Len=208 Win=49232 Options=
Server2.network.com -> Thishost       drops: 0 DNS R  Error: 3(Name Error)
Server1.network.com -> Thishost       drops: 0 TCP D=22 S=60266 Ack=1051579019 Seq=2429427396 Len=0 Win=33304 Options=
      Thishost -> Server1.network.com drops: 0 TCP D=60266 S=22 Push Ack=2429427396 Seq=1051579019 Len=112 Win=49232 Options=
Server1.network.com -> Thishost       drops: 0 TCP D=22 S=60266 Ack=1051579131 Seq=2429427396 Len=0 Win=33304 Options=
           ? -> (multicast)  drops: 0 ETHER Type=023C (LLC/802.3), size = 53 bytes
      Thishost -> Server1.network.com drops: 0 TCP D=60266 S=22 Push Ack=2429427396 Seq=1051579131 Len=560 Win=49232 Options=
      Thishost -> Server1.network.com drops: 0 TCP D=60266 S=22 Push Ack=2429427396 Seq=1051579691 Len=608 Win=49232 Options=
Server1.network.com -> Thishost       drops: 0 TCP D=22 S=60266 Ack=1051580299 Seq=2429427396 Len=0 Win=33304 Options=
  10.2.185.1 -> ALL-ROUTERS.MCAST.NET drops: 0 UDP D=1985 S=1985 LEN=28
^Cbash-3.00#
bash-3.00#





bash-3.00# snoop -P
Using device bge0 (non promiscuous)
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051587227 Seq=2429429172 Len=0 Win=33304 Options=
           ? -> (multicast)  ETHER Type=023C (LLC/802.3), size = 53 bytes
  10.2.185.1 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
Server2.network.com -> Thishost       DNS R  Error: 3(Name Error)
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051587611 Seq=2429429172 Len=0 Win=33304 Options=
  10.2.185.2 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
Server2.network.com -> Thishost       DNS R  Error: 3(Name Error)
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051587995 Seq=2429429172 Len=0 Win=33304 Options=
           ? -> (multicast)  ETHER Type=023C (LLC/802.3), size = 53 bytes
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051588331 Seq=2429429172 Len=0 Win=33304 Options=
  10.2.185.1 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28



bash-3.00# snoop -S
Using device bge0 (promiscuous mode)
      Thishost -> Server1.network.com length:  146  TCP D=60266 S=22 Push Ack=2429430324 Seq=1051599819 Len=80 Win=49232 Options=
Server1.network.com -> Thishost       length:   66  TCP D=22 S=60266 Ack=1051599899 Seq=2429430324 Len=0 Win=33304 Options=
  10.2.185.2 -> ALL-ROUTERS.MCAST.NET length:   62  UDP D=1985 S=1985 LEN=28
      Thishost -> Server2.network.com length:   83  DNS C 2.185.2.10.in-addr.arpa. Internet PTR ?
      Thishost -> Server1.network.com length:  450  TCP D=60266 S=22 Push Ack=2429430324 Seq=1051599899 Len=384 Win=49232 Options=
Server2.network.com -> Thishost       length:  146  DNS R  Error: 3(Name Error)
Server1.network.com -> Thishost       length:  114  TCP D=22 S=60266 Push Ack=1051600283 Seq=2429430324 Len=48 Win=33304 Options=
      Thishost -> Server1.network.com length:  178  TCP D=60266 S=22 Push Ack=2429430372 Seq=1051600283 Len=112 Win=49232 Options=
Server1.network.com -> Thishost       length:   66  TCP D=22 S=60266 Ack=1051600395 Seq=2429430372 Len=0 Win=33304 Options=
           ? -> (multicast)  length:   53  ETHER Type=023C (LLC/802.3), size = 53 bytes
10.120.130.21 -> 10.2.185.11  length:  749  TCP D=58056 S=5060 Ack=177877911 Seq=3556256683 Len=695 Win=32768
  10.2.185.1 -> ALL-ROUTERS.MCAST.NET length:   62  UDP D=1985 S=1985 LEN=28




bash-3.00# snoop -c 2
Using device bge0 (promiscuous mode)
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429432724 Seq=1051609275 Len=80 Win=49232 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051609355 Seq=2429432724 Len=0 Win=33304 Options=
2 packets captured



bash-3.00# snoop -d bge0
Using device bge0 (promiscuous mode)
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429434500 Seq=1051617819 Len=80 Win=49232 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051617899 Seq=2429434500 Len=0 Win=33304 Options=
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429434500 Seq=1051617899 Len=352 Win=49232 Options=
  10.2.185.2 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051618251 Seq=2429434500 Len=0 Win=33304 Options=
           ? -> (multicast)  ETHER Type=023C (LLC/802.3), size = 53 bytes



bash-3.00# cp /etc/hosts /var/tmp/hosts-snoop
bash-3.00#
bash-3.00# snoop -n /var/tmp/hosts-snoop
Loading name file /var/tmp/hosts-snoop
Using device bge0 (promiscuous mode)
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429437204 Seq=1051621739 Len=112 Win=49232 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051621851 Seq=2429437204 Len=0 Win=33304 Options=
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429437204 Seq=1051621851 Len=352 Win=49232 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051622203 Seq=2429437204 Len=0 Win=33304 Options=
           ? -> (multicast)  ETHER Type=023C (LLC/802.3), size = 53 bytes
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429437204 Seq=1051622203 Len=432 Win=49232 Options=
  10.2.185.1 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051622635 Seq=2429437204 Len=0 Win=33304 Options=
  10.2.185.2 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28



bash-3.00# snoop -r
Using device bge0 (promiscuous mode)
10.2.185.203 -> 10.1.64.174  TCP D=60266 S=22 Push Ack=2429442532 Seq=1051642203 Len=80 Win=49232 Options=
 10.1.64.174 -> 10.2.185.203 TCP D=22 S=60266 Ack=1051642283 Seq=2429442532 Len=0 Win=33304 Options=
10.2.185.203 -> 10.1.64.174  TCP D=60266 S=22 Push Ack=2429442532 Seq=1051642283 Len=320 Win=49232 Options=
 10.1.64.174 -> 10.2.185.203 TCP D=22 S=60266 Ack=1051642603 Seq=2429442532 Len=0 Win=33304 Options=
10.52.242.42 -> 10.2.185.15  TCP D=1996 S=902 Push Ack=977365903 Seq=3075574324 Len=1173 Win=4163 Options=
  10.2.185.1 -> 224.0.0.2    UDP D=1985 S=1985 LEN=28
           ? -> (multicast)  ETHER Type=023C (LLC/802.3), size = 53 bytes


bash-3.00# snoop -d bge0 ip to Server1
Using device bge0 (promiscuous mode)
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429445556 Seq=1051663435 Len=80 Win=49232 Options=
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429445556 Seq=1051663515 Len=192 Win=49232 Options=
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429445556 Seq=1051663707 Len=208 Win=49232 Options=
^Cbash-3.00#
bash-3.00#
bash-3.00#
bash-3.00# snoop -d bge0 ip from Server1
Using device bge0 (promiscuous mode)
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051666683 Seq=2429447812 Len=0 Win=33304 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051666875 Seq=2429447812 Len=0 Win=33304 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051667067 Seq=2429447812 Len=0 Win=33304 Options=
^Cbash-3.00#
bash-3.00#
bash-3.00# snoop to Server1
Using device bge0 (promiscuous mode)
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429448292 Seq=1051667787 Len=80 Win=49232 Options=
      Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429448292 Seq=1051667867 Len=192 Win=49232 Options=
^Cbash-3.00#
bash-3.00# snoop ip from Server1
Using device bge0 (promiscuous mode)
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051668987 Seq=2429448932 Len=0 Win=33304 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051669179 Seq=2429448932 Len=0 Win=33304 Options=
Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051669371 Seq=2429448932 Len=0 Win=33304 Options=
^Cbash-3.00#



bash-3.00# snoop -i /var/tmp/snoop-op -p 1,5
  1   0.00000       Thishost -> Server1.network.com TCP D=60266 S=22 Push Ack=2429410484 Seq=1051528203 Len=80 Win=49232 Options=
  2   0.00177 Server1.network.com -> Thishost       TCP D=22 S=60266 Ack=1051528283 Seq=2429410484 Len=0 Win=33304 Options=
  3   0.94920   10.2.185.2 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
  4   0.03904 Server1.network.com -> Thishost       ICMP Echo request (ID: 1754 Sequence number: 439)
  5   0.00007       Thishost -> Server1.network.com ICMP Echo reply (ID: 1754 Sequence number: 439)
bash-3.00#

//Detailed view of the first packet

bash-3.00# snoop -i /var/tmp/snoop-op -v -p 1
ETHER:  ----- Ether Header -----
ETHER:
ETHER:  Packet 1 arrived at 12:09:42.07489
ETHER:  Packet size = 146 bytes
ETHER:  Destination = 0:1c:b0:88:48:0,
ETHER:  Source      = 0:3:ba:d8:98:48,
ETHER:  Ethertype = 0800 (IP)
ETHER:
IP:   ----- IP Header -----
IP:
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:         .... ..0. = not ECN capable transport
IP:         .... ...0 = no ECN congestion experienced
IP:   Total length = 132 bytes
IP:   Identification = 23065
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 60 seconds/hops
IP:   Protocol = 6 (TCP)
IP:   Header checksum = 0000
IP:   Source address = 10.2.185.203, Thishost
IP:   Destination address = 10.1.64.174, Server1.network.com
IP:   No options
IP:
TCP:  ----- TCP Header -----
TCP:
TCP:  Source port = 22
TCP:  Destination port = 60266
TCP:  Sequence number = 1051528203
TCP:  Acknowledgement number = 2429410484
TCP:  Data offset = 32 bytes
TCP:  Flags = 0x18
TCP:        0... .... = No ECN congestion window reduced
TCP:        .0.. .... = No ECN echo
TCP:        ..0. .... = No urgent pointer
TCP:        ...1 .... = Acknowledgement
TCP:        .... 1... = Push
TCP:        .... .0.. = No reset
TCP:        .... ..0. = No Syn
TCP:        .... ...0 = No Fin
TCP:  Window = 49232
TCP:  Checksum = 0x0000
TCP:  Urgent pointer = 0
TCP:  Options: (12 bytes)
TCP:    - No operation
TCP:    - No operation
TCP:    - TS Val = 103760130, TS Echo = 386555461
TCP:


An effective filter 

bash-3.00# snoop Server1 and Thishost and port 80 and tcp or udp
Using device bge0 (promiscuous mode)
  10.2.185.2 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
      Thishost -> Server2.network.com DNS C 2.185.2.10.in-addr.arpa. Internet PTR ?
Server2.network.com -> Thishost       DNS R  Error: 3(Name Error)
  10.2.185.1 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
      Thishost -> Server2.network.com DNS C 1.185.2.10.in-addr.arpa. Internet PTR ?
Server2.network.com -> Thishost       DNS R  Error: 3(Name Error)
  10.2.185.2 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
  10.2.185.1 -> ALL-ROUTERS.MCAST.NET UDP D=1985 S=1985 LEN=28
^Cbash-3.00#

Posted by at No comments:
Subscribe to: Posts (Atom)