postIt

        Post-It sticky notes with PasteBin sense

  • 12:10 am on March 21, 2010 | 0 | # |
    Tags: , ,

    clrg status -v 

    Cluster Resource Groups ===
 
Group Name            Node Name            Suspended            Status
----------            ---------            ---------            ------
cache1rg              lb1                  No                   Online
 
cache2rg              server1              No                   Online
 
prirg                 lb1                  No                   Online
                      server1              No                   Offline
 
mngrg                 testing2             No                   Online
                      server1              No                   Offline
                      lb1                  No                   Offline

    In our specific case of resource groups:

    clrg status -v – gives the status of cluster
    clrg offline mngrg – takes down the management gui.
    clrg offline prirg – takes down the 3 lb’s (ucip, scap1, scap2).
    clrg offline cache2rg cache1rg – takes down the terracotta instances.

     

  • 12:03 am on March 21, 2010 | 0 | # |
    Tags: , ,

    Filter out initial SYN (flags 0x02) of TCP connection from specific source and destination:
    tcp.flags == 0x02 and ip.src == 10.201.62.78 and ip.dst == 10.201.62.249

    A series of sync packets will appear as:

    1
2
3
4
5
6
7

    No.     Time        Source                Destination           Protocol Info
      1 0.000000    10.201.62.78          10.201.62.249         TCP      53161 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
      4 0.001124    10.201.62.78          10.201.62.249         TCP      53162 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
      7 0.001556    10.201.62.78          10.201.62.249         TCP      53163 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
     16 0.006334    10.201.62.78          10.201.62.249         TCP      53164 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
     20 0.009590    10.201.62.78          10.201.62.249         TCP      53165 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
     24 0.011687    10.201.62.78          10.201.62.249         TCP      53166 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0

    In the above specific case, multiple ports i.e. 53163, 53162, etc. is starting conversation with port 10010 by sending out sync packets.

     

  • 10:34 am on March 17, 2010 | 0 | # |
    Tags: ,

    $ sleep 120 && touch 120 & sleep 4 && touch 4

    So, how are those file touch comes up in sequence (watch the creation time)

    $ ls -l
total 160
-rw-r--r-- 1 arif arif     0 2010-03-17 17:28 120
-rw-r--r-- 1 arif arif     0 2010-03-17 17:27 4
...
     

  • 8:59 am on March 1, 2010 | 0 | # |
    Tags: ,

    WIth php5-snmp installed, tried snmpwalk through php:

    1
2
3
4
5
6
7

    <?php
$a = snmpwalk("127.0.0.1", "public", "");
 
foreach ($a as $val) {
    echo "$val\n";
}
?>
     

  • 8:56 am on March 1, 2010 | 0 | # |
    Tags: , ,

    Network map using nmap

    $ nmap -O -sS -p 20-23,3300,80,443
...
Interesting ports on localhost (127.0.0.1):
PORT    STATE  SERVICE
20/tcp  closed ftp-data
21/tcp  closed ftp
22/tcp  closed ssh
23/tcp  closed telnet
80/tcp  open   http
443/tcp closed https
3300/tcp  open   unknown
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.25
Network Distance: 0 hops
...

    I configured sshd to listen on port 3300, but nmap can’t resolve the type of service in the above sample. (It is found to be open but unknown service)

     

  • 3:52 am on March 1, 2010 | 0 | # |
    Tags: , ,

    After installation in Ubuntu, snmp will run as follow:

    $ ps -ef | grep snmp
snmp      9879     1  0 09:58 ?        00:00:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1

    Omitting 127.0.0.1 from /etc/default/snmpd:

    8

    SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid'

    will allow other host to listen to ours.

     

  • 3:30 am on March 1, 2010 | 0 | # |
    Tags: , 

    1
2

    $first_ip=$_SERVER['REMOTE_ADDR'];
$hostname=gethostbyaddr($first_ip);

    For example

    1
2
3
4
5

    <?php
$first_ip="192.168.1.17";
$hostname=gethostbyaddr($first_ip);
echo $hostname;
?>

    which in my current LAN will gives the output:
    gungz-3c2d7c341.local

     

  • 3:11 am on March 1, 2010 | 0 | # |
    Tags: , , , , ,

    Angry IP Scan. Multi platform IP scanner in Java, and binaries in deb and rpm package for Linux. Windows version also available.

    Basic theory on scanning is also presented there. Where there exist two scan:

    1. port scanners
    2. IP scanner

    How?

    1. whether the host is up (alive, responding) or down (dead, not responding)
    2. average roundtrip time (of IP packets to the destination address and back) – the same value as shown by the ping program
    3. TTL (time to live) field value from the IP packet header, which can be used to find out the rough distance to the destination address (in number of routers the packet has traveled)
    4. host and domain name (by using a DNS reverse lookup)
    5. versions of particular services running on the host (e.g., “Apache 2.0.32 (Linux 2.6.9)” in case of a web server)
    6. open (responding) and filtered TCP and UDP port numbers
       

    • 2:39 am on March 1, 2010 | 0 | # |
      Tags: , , , ,

      Port scanner class. An example of usage is as follow where my IP is 192.168.1.10. The upper range for scanning isn’t alive: 192.168.1.11. I hide warnings due to open socket failure which will happen because the IP isn’t alive.

      1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

      <?php
	ini_set( "display_errors", 0);
	require_once("scanner.class.php");
	$ip_address1 = "192.168.1.10";
	$ip_address2 = "192.168.1.11";
	$my_scanner = new PortScanner($ip_address1, $ip_address2);
 
	$my_scanner->set_ports("80");
 
	$results = $my_scanner->do_scan();
 
	foreach($results as $ip=>$ip_results) {
		echo gethostbyaddr($ip)."\n<blockquote>\n";
 
 
		foreach($ip_results as $port=>$port_results) {
			echo "\t".$port." : ".$port_results['pname']." : ";
			if ($port_results['status']==1){echo "open";}
			else {echo "closed";}echo "<br />\n";
		}
		echo "</blockquote>\n\n";
	  }
 
?>

      Results are as follow (it includes developerfusion.com port scan by default (?)):

      developerfusion.com

      15 : netstat : closed
      16 : N/A : closed
      17 : qotd : closed
      18 : msp : closed
      19 : chargen : closed
      20 : ftp-data : closed
      21 : ftp : closed
      22 : ssh : closed
      23 : telnet : closed
      24 : N/A : closed
      25 : smtp : open
      80 : www : open
      110 : pop3 : closed
      3306 : mysql : closed
      1337 : N/A : closed
      666 : N/A : closed

      xp-racy.local

      80 : www : open

      192.168.1.11

      80 : www : closed

       

      • « Previous Page