Difference Between Esx and Esxi
Saturday, November 21, 2015
Tags
# VMware
Continue Reading
Thursday, November 19, 2015
How to Ignore the Local Disks when Generating Multipath Devices in Linux Server
Unknown
Thursday, November 19, 2015
Some machines have local SCSI cards for their internal disks. DM-Multipath is not recommended for these devices.
The following procedure shows how to modify the multipath configuration file to ignore the local disks when configuring multipath.
1. Determine which disks are the internal disks and mark them as the ones to blacklist.
In this example, /dev/sda is the internal disk. Note that as originally configured in the default multipath configuration file, executing the multipath -v2 shows the local disk, /dev/sda, in the multipath map.
[root@test ~]# multipath -v2
create: SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1
[size=33 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 0:0:0:0 sda 8:0 [---------
device-mapper ioctl cmd 9 failed: Invalid argument
device-mapper ioctl cmd 14 failed: No such device or address
create: 3600a0b80001327d80000006d43621677
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:0 sdb 8:16
\_ 3:0:0:0 sdf 8:80
create: 3600a0b80001327510000009a436215ec
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:1 sdc 8:32
\_ 3:0:0:1 sdg 8:96
create: 3600a0b80001327d800000070436216b3
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:2 sdd 8:48
\_ 3:0:0:2 sdh 8:112
2. In order to prevent the device mapper from mapping /dev/sda in its multipath maps, edit the blacklist section of the /etc/multipath.conf file to include this device. Although you could blacklist the sda device using a devnode type, that would not be safe procedure since /dev/sda is not guaranteed to be the same on reboot. To blacklist individual devices, you can blacklist using the WWID of that device.
ote that in the output to the multipath -v2 command, the WWID of the /dev/sda device is SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1.
To blacklist this device, include the following in the /etc/multipath.conf file.
blacklist {
wwid SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1
}
3. After you have updated the /etc/multipath.conf file, you must manually tell the multipathd daemon to reload the file.
The following command reloads the updated /etc/multipath.conf file.
service multipathd reload
4. Run the following commands:
multipath -F
multipath -v2
[root@test~]# multipath -F
[root@test ~]# multipath -v2
create: 3600a0b80001327d80000006d43621677
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:0 sdb 8:16
\_ 3:0:0:0 sdf 8:80
create: 3600a0b80001327510000009a436215ec
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:1 sdc 8:32
\_ 3:0:0:1 sdg 8:96
create: 3600a0b80001327d800000070436216b3
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:2 sdd 8:48
\_ 3:0:0:2 sdh 8:112
The following procedure shows how to modify the multipath configuration file to ignore the local disks when configuring multipath.
1. Determine which disks are the internal disks and mark them as the ones to blacklist.
In this example, /dev/sda is the internal disk. Note that as originally configured in the default multipath configuration file, executing the multipath -v2 shows the local disk, /dev/sda, in the multipath map.
[root@test ~]# multipath -v2
create: SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1
[size=33 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 0:0:0:0 sda 8:0 [---------
device-mapper ioctl cmd 9 failed: Invalid argument
device-mapper ioctl cmd 14 failed: No such device or address
create: 3600a0b80001327d80000006d43621677
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:0 sdb 8:16
\_ 3:0:0:0 sdf 8:80
create: 3600a0b80001327510000009a436215ec
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:1 sdc 8:32
\_ 3:0:0:1 sdg 8:96
create: 3600a0b80001327d800000070436216b3
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:2 sdd 8:48
\_ 3:0:0:2 sdh 8:112
2. In order to prevent the device mapper from mapping /dev/sda in its multipath maps, edit the blacklist section of the /etc/multipath.conf file to include this device. Although you could blacklist the sda device using a devnode type, that would not be safe procedure since /dev/sda is not guaranteed to be the same on reboot. To blacklist individual devices, you can blacklist using the WWID of that device.
ote that in the output to the multipath -v2 command, the WWID of the /dev/sda device is SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1.
To blacklist this device, include the following in the /etc/multipath.conf file.
blacklist {
wwid SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1
}
3. After you have updated the /etc/multipath.conf file, you must manually tell the multipathd daemon to reload the file.
The following command reloads the updated /etc/multipath.conf file.
service multipathd reload
4. Run the following commands:
multipath -F
multipath -v2
[root@test~]# multipath -F
[root@test ~]# multipath -v2
create: 3600a0b80001327d80000006d43621677
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:0 sdb 8:16
\_ 3:0:0:0 sdf 8:80
create: 3600a0b80001327510000009a436215ec
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:1 sdc 8:32
\_ 3:0:0:1 sdg 8:96
create: 3600a0b80001327d800000070436216b3
[size=12 GB][features="0"][hwhandler="0"]
\_ round-robin 0
\_ 2:0:0:2 sdd 8:48
\_ 3:0:0:2 sdh 8:112
Tuesday, November 17, 2015
Explain Multipath command output in Linux Server
Unknown
Tuesday, November 17, 2015
When you create, modify, or list a multipath device, you get a printout of the current device setup. The format is as follows.
For each multipath device:
action_if_any: alias (wwid_if_different_from_alias) [size][features][hardware_handler]
For each path group:
\_ scheduling_policy [path_group_priority_if_known] [path_group_status_if_known]
For each path:
\_ host:channel:id:lun devnode major:minor [path_status] [dm_status_if_known]
For example, the output of a multipath command might appear as follows:
mpath1 (3600d0230003228bc000339414edb8101) [size=10 GB][features="0"][hwhandler="0"]
\_ round-robin 0 [prio=1][active]
\_ 2:0:0:6 sdb 8:16 [active][ready]
\_ round-robin 0 [prio=1][enabled]
\_ 3:0:0:6 sdc 8:64 [active][ready]
If the path is up and ready for I/O, the status of the path is ready or active. If the path is down, the status is faulty or failed.
The path status is updated periodically by the multipathd daemon based on the polling interval defined in the /etc/multipath.conf file.
The dm status is similar to the path status, but from the kernel's point of view. The dm tatus has two states: failed, which is analogous to faulty, and active which covers all other path states. Occasionally, the path state and the dm state of a device will temporarily not agree.
For each multipath device:
action_if_any: alias (wwid_if_different_from_alias) [size][features][hardware_handler]
For each path group:
\_ scheduling_policy [path_group_priority_if_known] [path_group_status_if_known]
For each path:
\_ host:channel:id:lun devnode major:minor [path_status] [dm_status_if_known]
For example, the output of a multipath command might appear as follows:
mpath1 (3600d0230003228bc000339414edb8101) [size=10 GB][features="0"][hwhandler="0"]
\_ round-robin 0 [prio=1][active]
\_ 2:0:0:6 sdb 8:16 [active][ready]
\_ round-robin 0 [prio=1][enabled]
\_ 3:0:0:6 sdc 8:64 [active][ready]
If the path is up and ready for I/O, the status of the path is ready or active. If the path is down, the status is faulty or failed.
The path status is updated periodically by the multipathd daemon based on the polling interval defined in the /etc/multipath.conf file.
The dm status is similar to the path status, but from the kernel's point of view. The dm tatus has two states: failed, which is analogous to faulty, and active which covers all other path states. Occasionally, the path state and the dm state of a device will temporarily not agree.
Friday, November 13, 2015
DM-Multipath includes compiled-in default settings that are suitable for common multipath configurations.
Setting up DM-multipath is often a simple procedure.
The basic procedure for configuring your system with DM-Multipath is as follows:
1. Install device-mapper-multipath rpm.
Before setting up DM-Multipath on your system, ensure that your system has been updated and includes the device-mapper-multipath package.
2. Edit the multipath.conf configuration file:
Edit the /etc/multipath.conf file by commenting out the following lines at the top of the file. This section of the configuration file, in its initial state, blacklists all devices. You must comment it out to enable multipathing.
blacklist {
devnode "*"
}
The default settings for DM-Multipath are compiled in to the system and do not need to be explicitly set in the /etc/multipath.conf file.
The default value of path_grouping_policy is set to failover, so in this example you do not need to change the default value.
The initial defaults section of the configuration file configures your system that the names of the multipath devices are of the form mpathn; without this setting, the names of the multipath devices would be aliased to the WWID of the device.
Save the configuration file and exit the editor.
3. Start the multipath daemons.
modprobe dm-multipath
service multipathd start
multipath -v2
The multipath -v2 command prints out multipathed paths that show which devices are multipathed. If the command does not print anything out, ensure that all SAN connections are set up properly and the system is multipathed.
4. Execute the following command to ensure sure that the multipath daemon starts on bootup:
chkconfig multipathd on
Since the value of user_friendly_name is set to yes in the configuration file the multipath devices will be created as /dev/mapper/mpathn
Setting up DM-multipath is often a simple procedure.
The basic procedure for configuring your system with DM-Multipath is as follows:
1. Install device-mapper-multipath rpm.
Before setting up DM-Multipath on your system, ensure that your system has been updated and includes the device-mapper-multipath package.
2. Edit the multipath.conf configuration file:
Edit the /etc/multipath.conf file by commenting out the following lines at the top of the file. This section of the configuration file, in its initial state, blacklists all devices. You must comment it out to enable multipathing.
blacklist {
devnode "*"
}
The default settings for DM-Multipath are compiled in to the system and do not need to be explicitly set in the /etc/multipath.conf file.
The default value of path_grouping_policy is set to failover, so in this example you do not need to change the default value.
The initial defaults section of the configuration file configures your system that the names of the multipath devices are of the form mpathn; without this setting, the names of the multipath devices would be aliased to the WWID of the device.
Save the configuration file and exit the editor.
3. Start the multipath daemons.
modprobe dm-multipath
service multipathd start
multipath -v2
The multipath -v2 command prints out multipathed paths that show which devices are multipathed. If the command does not print anything out, ensure that all SAN connections are set up properly and the system is multipathed.
4. Execute the following command to ensure sure that the multipath daemon starts on bootup:
chkconfig multipathd on
Since the value of user_friendly_name is set to yes in the configuration file the multipath devices will be created as /dev/mapper/mpathn
Monday, November 9, 2015
In most cases you will need root permission to be able to capture packets on an interface. Using tcpdump (with root) to capture the packets and saving them to a file to analyze.
See the list of interfaces on which tcpdump can listen:
tcpdump -D
[root@nsk-linux nsk]# tcpdump -D
1.usbmon1 (USB bus number 1)
2.eth4
3.any (Pseudo-device that captures on all interfaces)
4.lo
Listen on interface eth0:
tcpdump -i eth0
Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater)
tcpdump -i any
Capture only N number of packets using tcpdump -c
[root@nsk-linux nsk]# tcpdump -c 2 -i eth4
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
18:35:51.382706 IP 10.0.2.15.ssh > 10.0.2.2.51879: Flags [P.], seq 4037059562:4037059770, ack 3747030, win 36432, length 208
18:35:51.383008 IP 10.0.2.2.51879 > 10.0.2.15.ssh: Flags [.], ack 208, win 65535, length 0
2 packets captured
6 packets received by filter
0 packets dropped by kernel
Display Captured Packets in ASCII using tcpdump -A
# tcpdump -A -i eth0
Display Captured Packets in HEX and ASCII using tcpdump -XX
#tcpdump -XX -i eth0
Be verbose while capturing packets
#tcpdump –v
Be very verbose while capturing packets
#tcpdump -vvv
Be verbose and print the data of each packet in both hex and ASCII, excluding the link level header
tcpdump -v -X
Be verbose and print the data of each packet in both hex and ASCII, also including the link level header
tcpdump -v -XX
Be less verbose (than the default) while capturing packets
tcpdump -q
Limit the capture to 100 packets
tcpdump -c 100
Record the packet capture to a file called capture.cap
tcpdump -w capture.cap
Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time
tcpdump -v -w capture.cap
Display the packets of a file called capture.cap
tcpdump -r capture.cap
Display the packets using maximum detail of a file called capture.cap
tcpdump -vvv -r capture.cap
Display IP addresses and port numbers instead of domain and service names when capturing packets (note: on some systems you need to specify -nn to display port numbers)
tcpdump -n
Capture any packets where the destination host is 10.0.2.2. Display IP addresses and port numbers
tcpdump -n dst host 10.0.2.2
Capture any packets where the source host is 10.0.2.2. Display IP addresses and port numbers
tcpdump -n src host 10.0.2.2
Capture any packets where the source or destination host is 10.0.2.15. Display IP addresses and port numbers
tcpdump -n host 10.0.2.15
Capture any packets where the destination network is 10.0.2.0/24. Display IP addresses and port numbers
tcpdump -n dst net 10.0.2.0/24
Capture any packets where the source network is 10.0.2.0/24. Display IP addresses and port numbers
tcpdump -n src net 10.0.2.0/24
Capture any packets where the source or destination network is 10.0.2.0/24. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n net 10.0.2.0/24
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
18:56:07.471583 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 312243348:312243556, ack 3492510, win 65136, length 208
18:56:07.471790 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 208:384, ack 1, win 65136, length 176
18:56:07.471947 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 384:544, ack 1, win 65136, length 160
18:56:07.472093 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 544:704, ack 1, win 65136, length 160
18:56:07.472247 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 704:864, ack 1, win 65136, length 160
18:56:07.472370 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 864:1024, ack 1, win 65136, length 160
18:56:07.472576 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 1024:1184, ack 1, win 65136, length 160
18:56:07.472605 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 208, win 65535, length 0
18:56:07.472619 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 384, win 65535, length 0
18:56:07.472624 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 544, win 65535, length 0
18:56:07.472627 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 704, win 65535, length 0
18:56:07.472629 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 864, win 65535, length 0
18:56:07.472632 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 1024, win 65535, length 0
Capture any packets where the destination port is 22. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n dst port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
18:54:41.047546 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 312125892, win 65535, length 0
18:54:41.047856 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 161, win 65535, length 0
18:54:41.048086 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 305, win 65535, length 0
18:54:41.048309 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 449, win 65535, length 0
18:54:41.048535 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 593, win 65535, length 0
18:54:41.048744 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 737, win 65535, length 0
18:54:41.048969 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 881, win 65535, length 0
Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n dst portrange 1-1023
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
18:53:33.082176 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 311660756, win 65535, length 0
18:53:33.082872 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 161, win 65535, length 0
18:53:33.083288 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 305, win 65535, length 0
18:53:33.083668 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 449, win 65535, length 0
18:53:33.083860 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 593, win 65535, length 0
18:53:33.084131 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 737, win 65535, length 0
18:53:33.084410 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 881, win 65535, length 0
18:53:33.084655 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 1025, win 65535, length 0
Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n tcp dst portrange 1-1023
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
18:51:43.154211 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 311537732, win 65535, length 0
18:51:43.155095 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 161, win 65535, length 0
18:51:43.155509 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 305, win 65535, length 0
18:51:43.155805 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 449, win 65535, length 0
18:51:43.156082 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 593, win 65535, length 0
18:51:43.156352 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 737, win 65535, length 0
18:51:43.156619 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 881, win 65535, length 0
Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n udp dst portrange 1-1023
Capture any packets with destination IP 10.0.2.15 and destination port 23. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n "dst host 10.0.2.15 and dst port 23"
Capture any packets with destination IP 10.0.2.15 and destination port 80 or 443. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n "dst host 10.0.2.15 and (dst port 80 or dst port 443)"
Capture any ICMP packets
[root@nsk ~]# tcpdump -v icmp
Capture any ARP packets
[root@nsk ~]# tcpdump -v arp
Capture 500 bytes of data for each packet rather than the default of 68 bytes
[root@nsk-linux nsk]# tcpdump -s 500
Capture all bytes of data within the packet
[root@nsk-linux nsk]# tcpdump -s 0
Capture the particular interface traffic and save as .cap file
[root@nsk-linux nsk]# tcpdump -i enp0s3 -s 0 -vvv -w /home/nsk/file_18:03:54.pcap
tcpdump: listening on enp0s3, link-type EN10MB (Ethernet), capture size 65535 bytes
^C97390 packets captured
97855 packets received by filter
460 packets dropped by kernel
See the list of interfaces on which tcpdump can listen:
tcpdump -D
[root@nsk-linux nsk]# tcpdump -D
1.usbmon1 (USB bus number 1)
2.eth4
3.any (Pseudo-device that captures on all interfaces)
4.lo
Listen on interface eth0:
tcpdump -i eth0
Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater)
tcpdump -i any
Capture only N number of packets using tcpdump -c
[root@nsk-linux nsk]# tcpdump -c 2 -i eth4
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
18:35:51.382706 IP 10.0.2.15.ssh > 10.0.2.2.51879: Flags [P.], seq 4037059562:4037059770, ack 3747030, win 36432, length 208
18:35:51.383008 IP 10.0.2.2.51879 > 10.0.2.15.ssh: Flags [.], ack 208, win 65535, length 0
2 packets captured
6 packets received by filter
0 packets dropped by kernel
Display Captured Packets in ASCII using tcpdump -A
# tcpdump -A -i eth0
Display Captured Packets in HEX and ASCII using tcpdump -XX
#tcpdump -XX -i eth0
Be verbose while capturing packets
#tcpdump –v
Be very verbose while capturing packets
#tcpdump -vvv
Be verbose and print the data of each packet in both hex and ASCII, excluding the link level header
tcpdump -v -X
Be verbose and print the data of each packet in both hex and ASCII, also including the link level header
tcpdump -v -XX
Be less verbose (than the default) while capturing packets
tcpdump -q
Limit the capture to 100 packets
tcpdump -c 100
Record the packet capture to a file called capture.cap
tcpdump -w capture.cap
Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time
tcpdump -v -w capture.cap
Display the packets of a file called capture.cap
tcpdump -r capture.cap
Display the packets using maximum detail of a file called capture.cap
tcpdump -vvv -r capture.cap
Display IP addresses and port numbers instead of domain and service names when capturing packets (note: on some systems you need to specify -nn to display port numbers)
tcpdump -n
Capture any packets where the destination host is 10.0.2.2. Display IP addresses and port numbers
tcpdump -n dst host 10.0.2.2
Capture any packets where the source host is 10.0.2.2. Display IP addresses and port numbers
tcpdump -n src host 10.0.2.2
Capture any packets where the source or destination host is 10.0.2.15. Display IP addresses and port numbers
tcpdump -n host 10.0.2.15
Capture any packets where the destination network is 10.0.2.0/24. Display IP addresses and port numbers
tcpdump -n dst net 10.0.2.0/24
Capture any packets where the source network is 10.0.2.0/24. Display IP addresses and port numbers
tcpdump -n src net 10.0.2.0/24
Capture any packets where the source or destination network is 10.0.2.0/24. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n net 10.0.2.0/24
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
18:56:07.471583 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 312243348:312243556, ack 3492510, win 65136, length 208
18:56:07.471790 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 208:384, ack 1, win 65136, length 176
18:56:07.471947 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 384:544, ack 1, win 65136, length 160
18:56:07.472093 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 544:704, ack 1, win 65136, length 160
18:56:07.472247 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 704:864, ack 1, win 65136, length 160
18:56:07.472370 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 864:1024, ack 1, win 65136, length 160
18:56:07.472576 IP 10.0.2.15.ssh > 10.0.2.2.60038: Flags [P.], seq 1024:1184, ack 1, win 65136, length 160
18:56:07.472605 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 208, win 65535, length 0
18:56:07.472619 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 384, win 65535, length 0
18:56:07.472624 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 544, win 65535, length 0
18:56:07.472627 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 704, win 65535, length 0
18:56:07.472629 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 864, win 65535, length 0
18:56:07.472632 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 1024, win 65535, length 0
Capture any packets where the destination port is 22. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n dst port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
18:54:41.047546 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 312125892, win 65535, length 0
18:54:41.047856 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 161, win 65535, length 0
18:54:41.048086 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 305, win 65535, length 0
18:54:41.048309 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 449, win 65535, length 0
18:54:41.048535 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 593, win 65535, length 0
18:54:41.048744 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 737, win 65535, length 0
18:54:41.048969 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 881, win 65535, length 0
Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n dst portrange 1-1023
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
18:53:33.082176 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 311660756, win 65535, length 0
18:53:33.082872 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 161, win 65535, length 0
18:53:33.083288 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 305, win 65535, length 0
18:53:33.083668 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 449, win 65535, length 0
18:53:33.083860 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 593, win 65535, length 0
18:53:33.084131 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 737, win 65535, length 0
18:53:33.084410 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 881, win 65535, length 0
18:53:33.084655 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 1025, win 65535, length 0
Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n tcp dst portrange 1-1023
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
18:51:43.154211 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 311537732, win 65535, length 0
18:51:43.155095 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 161, win 65535, length 0
18:51:43.155509 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 305, win 65535, length 0
18:51:43.155805 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 449, win 65535, length 0
18:51:43.156082 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 593, win 65535, length 0
18:51:43.156352 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 737, win 65535, length 0
18:51:43.156619 IP 10.0.2.2.60038 > 10.0.2.15.ssh: Flags [.], ack 881, win 65535, length 0
Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n udp dst portrange 1-1023
Capture any packets with destination IP 10.0.2.15 and destination port 23. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n "dst host 10.0.2.15 and dst port 23"
Capture any packets with destination IP 10.0.2.15 and destination port 80 or 443. Display IP addresses and port numbers
[root@nsk ~]# tcpdump -n "dst host 10.0.2.15 and (dst port 80 or dst port 443)"
Capture any ICMP packets
[root@nsk ~]# tcpdump -v icmp
Capture any ARP packets
[root@nsk ~]# tcpdump -v arp
Capture 500 bytes of data for each packet rather than the default of 68 bytes
[root@nsk-linux nsk]# tcpdump -s 500
Capture all bytes of data within the packet
[root@nsk-linux nsk]# tcpdump -s 0
Capture the particular interface traffic and save as .cap file
[root@nsk-linux nsk]# tcpdump -i enp0s3 -s 0 -vvv -w /home/nsk/file_18:03:54.pcap
tcpdump: listening on enp0s3, link-type EN10MB (Ethernet), capture size 65535 bytes
^C97390 packets captured
97855 packets received by filter
460 packets dropped by kernel
Thursday, November 5, 2015
The lvm dumpconfig Command
You can display the current LVM configuration, or save the configuration to a file, with the dumpconfig option of the lvm command. There are a variety of features that the lvm dumpconfig command provides, including the following;
1. You can dump the current lvm configuration merged with any tag configuration files.
2. You can dump all current configuration settings for which the values differ from the defaults.
3. You can dump all new configuration settings introduced in the current LVM version, in a specific LVM version.
4. You can dump all profilable configuration settings, either in their entirety or separately for command and metadata profiles
5. You can dump only the configuration settings for a specific version of LVM.
6. You can validate the current configuration.
For a full list of supported features and information on specifying the lvm dumconfig options, see the lvm-dumpconfig man page.
You can display the current LVM configuration, or save the configuration to a file, with the dumpconfig option of the lvm command. There are a variety of features that the lvm dumpconfig command provides, including the following;
1. You can dump the current lvm configuration merged with any tag configuration files.
2. You can dump all current configuration settings for which the values differ from the defaults.
3. You can dump all new configuration settings introduced in the current LVM version, in a specific LVM version.
4. You can dump all profilable configuration settings, either in their entirety or separately for command and metadata profiles
5. You can dump only the configuration settings for a specific version of LVM.
6. You can validate the current configuration.
For a full list of supported features and information on specifying the lvm dumconfig options, see the lvm-dumpconfig man page.
Tags
# LVM
Continue Reading
The volume group metadata contains:
· Information about how and when it was created
· Information about the volume group:
The volume group information contains:
· Name and unique id
· A version number which is incremented whenever the metadata gets updated
· Any properties: Read/Write? Resizeable?
· Any administrative limit on the number of physical volumes and logical volumes it may contain
· The extent size (in units of sectors which are defined as 512 bytes)
An unordered list of physical volumes making up the volume group, each with:
· Its UUID, used to determine the block device containing it
· Any properties, such as whether the physical volume is allocatable
· The offset to the start of the first extent within the physical volume (in sectors)
· The number of extents
An unordered list of logical volumes. Each consisting of
An ordered list of logical volume segments. For each segment the metadata includes a mapping applied to an ordered list of physical volume segments or logical volume segments.
Sample Metadata Contents.
# Generated by LVM2 version 2.02.88(2)-RHEL5 (2012-01-20): Sat Mar 21 15:44:51 2015
contents = "Text Format Volume Group"
version = 1
description = "Created *before* executing '/usr/sbin/vgs --noheadings -o name'"
creation_host = "testserver.com" # Linux testserver.com 2.6.32-300.10.1.el5uek #1 SMP Wed Feb 22 17:37:40 EST 2012 x86_64
creation_time = 1426945491 # Sat Mar 21 15:44:51 2015
VolGroup00 {
id = "ZfQCQ1-suTc-ykV9-TwvN-ACpB-XcEM-NuWlnE"
seqno = 3
status = ["RESIZEABLE", "READ", "WRITE"]
flags = []
extent_size = 65536 # 32 Megabytes
max_lv = 0
max_pv = 0
metadata_copies = 0
physical_volumes {
pv0 {
id = "36bcud-E3uI-NPeG-BfTe-ePx0-FEpQ-un5N5F"
device = "/dev/xvda2" # Hint only
status = ["ALLOCATABLE"]
flags = []
dev_size = 104647410 # 49.8998 Gigabytes
pe_start = 384
pe_count = 1596 # 49.875 Gigabytes
}
}
logical_volumes {
LogVol00 {
id = "SWOjo1-qFZZ-CztY-CSXb-zQdX-pwRH-jDNI3o"
status = ["READ", "WRITE", "VISIBLE"]
flags = []
segment_count = 1
segment1 {
start_extent = 0
extent_count = 1024 # 32 Gigabytes
type = "striped"
stripe_count = 1 # linear
stripes = [
"pv0", 0
]
}
}
LogVol01 {
id = "LoJOLg-5TDC-5ity-l5a6-qLJ5-fuju-oRRzWb"
status = ["READ", "WRITE", "VISIBLE"]
flags = []
segment_count = 1
segment1 {
start_extent = 0
extent_count = 572 # 17.875 Gigabytes
type = "striped"
stripe_count = 1 # linear
stripes = [
"pv0", 1024
]
}
}
}
}
· Information about how and when it was created
· Information about the volume group:
The volume group information contains:
· Name and unique id
· A version number which is incremented whenever the metadata gets updated
· Any properties: Read/Write? Resizeable?
· Any administrative limit on the number of physical volumes and logical volumes it may contain
· The extent size (in units of sectors which are defined as 512 bytes)
An unordered list of physical volumes making up the volume group, each with:
· Its UUID, used to determine the block device containing it
· Any properties, such as whether the physical volume is allocatable
· The offset to the start of the first extent within the physical volume (in sectors)
· The number of extents
An unordered list of logical volumes. Each consisting of
An ordered list of logical volume segments. For each segment the metadata includes a mapping applied to an ordered list of physical volume segments or logical volume segments.
Sample Metadata Contents.
# Generated by LVM2 version 2.02.88(2)-RHEL5 (2012-01-20): Sat Mar 21 15:44:51 2015
contents = "Text Format Volume Group"
version = 1
description = "Created *before* executing '/usr/sbin/vgs --noheadings -o name'"
creation_host = "testserver.com" # Linux testserver.com 2.6.32-300.10.1.el5uek #1 SMP Wed Feb 22 17:37:40 EST 2012 x86_64
creation_time = 1426945491 # Sat Mar 21 15:44:51 2015
VolGroup00 {
id = "ZfQCQ1-suTc-ykV9-TwvN-ACpB-XcEM-NuWlnE"
seqno = 3
status = ["RESIZEABLE", "READ", "WRITE"]
flags = []
extent_size = 65536 # 32 Megabytes
max_lv = 0
max_pv = 0
metadata_copies = 0
physical_volumes {
pv0 {
id = "36bcud-E3uI-NPeG-BfTe-ePx0-FEpQ-un5N5F"
device = "/dev/xvda2" # Hint only
status = ["ALLOCATABLE"]
flags = []
dev_size = 104647410 # 49.8998 Gigabytes
pe_start = 384
pe_count = 1596 # 49.875 Gigabytes
}
}
logical_volumes {
LogVol00 {
id = "SWOjo1-qFZZ-CztY-CSXb-zQdX-pwRH-jDNI3o"
status = ["READ", "WRITE", "VISIBLE"]
flags = []
segment_count = 1
segment1 {
start_extent = 0
extent_count = 1024 # 32 Gigabytes
type = "striped"
stripe_count = 1 # linear
stripes = [
"pv0", 0
]
}
}
LogVol01 {
id = "LoJOLg-5TDC-5ity-l5a6-qLJ5-fuju-oRRzWb"
status = ["READ", "WRITE", "VISIBLE"]
flags = []
segment_count = 1
segment1 {
start_extent = 0
extent_count = 572 # 17.875 Gigabytes
type = "striped"
stripe_count = 1 # linear
stripes = [
"pv0", 1024
]
}
}
}
}
Tags
# LVM
Continue Reading