Tag: Linux Networking

Linux Networking

How to Test Network performance and Bandwidth

How to Test Network performance and Bandwidth

Introduction –

Network latency
and Bandwidth are the two metrics most likely to be of interest when you benchmark a network. Even though most service and product advertising focuses on bandwidth, at times the latency can be a more important metric.

** What is Bandwidth?

Bandwidth (BW) in computer networking refers to the data rate supported by a network connection or interface. BW is measured in terms of bits per second (bps).

** What is Network latency?

Latency is a measure of time delay experienced in a system. Network latency is simply defined as the time delay observed as data transmits from one point to another. There are a number of factors that contribute to network latency. These include transmission(medium of connectivity), Distance, Routers and computer hardware delays.

List of Projects used to test Network performance and Bandwidth –

1) bmon – Bandwidth monitor and rate estimator, it is console based,live BW
2) bwbar – Bandwidth usage in Text and Graphical format
3) bwm-ng – Bandwidth Monitor NG (Next Generation, live BW, console based
4) dstat – Dstat is a replacement for vmstat, iostat and ifstat.
5) iftop – Bandwidth usage on an interface, console based
6) iperf – Perform Network throughput tests bet two host
7) ifstat – Report InterFace STATistics
8) cbm – Color Bandwidth Meter ,console based
9) etherape – Graphical network traffic browser
10) iptraf – Interactive Colorful IP LAN Monitor, console and GUI based
11) netmrg – It is daemon based, mySQL support, Gathers data from devices.
12) nuttcp – Network performance measurement tool
13) nepim – network performance

NOTE ~ For some of them rpm or deb packages are not available!

Step 1] How to install on Redhat/RHCE,CentOS based system and Dibian based system –

root@me:~# yum install netperf iperf nuttcp nepim lmbench

** Ubuntu –

root@me:~# apt-get install  bmon bwbar bwm-ng dstat cbm etherape iftop iperf ifstat iptraf netmrg

Step 2] How to use – bmon, bwm-ng, dstat, ifstat –

root@me:~# bmon
interface: lo at me.arun.host
#   Interface                RX Rate         RX #     TX Rate         TX #
────────────────────────────────────────
me.arun.host (source: local)
0   lo                         0.00B            0       0.00B            0
1   eth0                       0.00B            0       0.00B            0
2   eth2                       0.00B            0       0.00B            0
3   vboxnet0                   0.00B            0       0.00B            0
4   pan0                       0.00B            0       0.00B            0
5   ppp0                      69.39KiB         61       7.49KiB         44

root@me:~# bwm-ng

bwm-ng v0.6 (probing every 0.500s), press ‘h’ for help
input: /proc/net/dev type: rate
\         iface                   Rx                   Tx                Total
==============================================================================
lo:           0.00 KB/s            0.00 KB/s            0.00 KB/s
eth0:           0.00 KB/s            0.00 KB/s            0.00 KB/s
eth2:           0.00 KB/s            0.00 KB/s            0.00 KB/s
ppp0:          64.39 KB/s            7.92 KB/s           72.31 KB/s
——————————————————————————
total:          64.39 KB/s            7.92 KB/s           72.31 KB/s

root@me:~# dstat
—-total-cpu-usage—- -dsk/total- -net/total- —paging– —system–
usr sys idl wai hiq siq| read  writ| recv  send|  in   out | int   csw
7   4  85   4   0   0| 281k  110k|   0     0 |   0     0 | 865  3013
8   4  88   0   0   0|   0     0 |7027B 1261B|   0     0 | 956  4505
8   5  86   0   0   0|   0     0 |  14k 1867B|   0     0 |1144  3332
9   5  86   0   1   0|   0     0 |  79k 2496B|   0     0 |1360  3366
18   8  74   0   0   0|   0     0 |  52k 6511B|   0     0 |1299  3618
8   6  85   0   1   0|   0     0 |  35k 5339B|   0     0 |1094  4231
6   4  90   0   0   0|   0     0 |   0  3164B|   0     0 | 953  2750 ^C
root@me:~#

root@me:~# ifstat
eth0                eth2                ppp0
KB/s in  KB/s out   KB/s in  KB/s out   KB/s in  KB/s out
0.00      0.00      0.00      0.00     95.73      4.31
0.00      0.00      0.00      0.00     67.93      8.17
0.00      0.00      0.00      0.00    106.77     13.70

** start “iperf” server on one host(A) and client on another host(B)- to measure Network throughput between two hosts.

* Host -A

root@me:~# iperf -s
————————————————————
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
————————————————————
[  4] local 192.168.0.1 port 5001 connected with 192.168.0.2 port 56171
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-10.0 sec  9.11 GBytes  7.82 Gbits/sec

* Host -B
test@hostB:~$ iperf -c 192.168.0.1
————————————————————
Client connecting to 192.168.0.1, TCP port 5001
TCP window size: 49.5 KByte (default)
————————————————————
[  3] local 192.168.0.2 port 56171 connected with 192.168.0.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  9.11 GBytes  7.82 Gbits/sec
test@hostB:~$

root@me:~# iftop
root@me:~# cbm

Thank you,
Arun Bagul

如何使用系统安全TCP会绕

如何使用系统安全TCP会绕

简介: –

访问控制与TCP封装编译支持服务是通过在/ etc / hosts.allow和/ etc / hosts.deny中的文件。当连接试图的hosts.allow文件检查。如果线路匹配,连接是允许的。然后hosts.deny文件的咨询,如果某行匹配,连接被拒绝。如果没有匹配任何文件有发生,该连接是允许的。

只有建立授权使用横幅
如果配置如下所述,TCP包装将显示一个警告旗帜,任何用户试图连接到一个服务进行监察。下面的命令设置生成目录/ etc /横幅,其中包含的文件为每个服务的警告横幅文本。在这个例子中,横幅文本是“这个系统的使用仅限于授权用户。”请注意,警告字眼的旗帜,是网站的特定,但是,它至少应该强调,该系统的使用仅限于授权的人,并同意通过监督活动在登录到系统的暗示。
[@本地主机根]#/斌/ mkdir磷的/ etc /横幅
[@本地主机根]#/斌/回声“这套系统的使用限制在授权用户”“的/ etc /横额/
原型
[@本地主机根]#光盘的/ etc /旗帜,/ usr /斌/化妆f / usr/share/doc/tcp_wrappers-7.6/Banners.Makefile

拒绝一切除明确允许的是什么
为了落实安全最佳否认除明确允许的是什么,发出以下命令一切做法的立场。
[@本地主机根]#回声’所有:所有:产卵(/斌/回声娥’/本/日’“\ ñ%荤试图连接到%s
和被剥夺“\
“| /斌/邮件- s”的连接尝试到%s“根)&”> / etc / hosts.deny中

没有任何连接尝试在hosts.allow文件中列出的将被拒绝,一条消息将被记录到syslog权威性设施,和电子邮件将被发送到根。
允许访问那些需要它

编辑hosts.allow文件,并添加为每个哪些应该允许访问服务项目。一些例子如下(见hosts.allow进行了更详细的手册页)。

所有:本地:横幅的/ etc /横幅#所有来自当地的客户服务(主机名没有“。”)
sshd的:10.1.1.0/255.255.254.0:横幅的/ etc /横幅#之间的主机的IP地址10.1.1.0和10.1.2.0 SSH连接

谢谢
Manoj•肖汉

How to use TCP Wrappers for system security

How to use TCP Wrappers for system security

Introduction:-

Access control to services compiled with TCP wrappers support is implemented by the /etc/hosts.allow and /etc/hosts.deny files. When a connection attempt is made, the hosts.allow file is checked. If a line is matched, the connection is allowed. Then the hosts.deny file is consulted, if a line is matched, the connection is denied. If no matches have occurred in either file, the connection is allowed.

Create Authorized Use Only Banners

If configured as described below, TCP wrappers will display a warning banner to any user attempting to connect to a service it monitors. The following set of commands generate the directory /etc/banners, and the files therein contain warning banner text for each service. In this example, the banner text is “Use of this system is restricted to authorized users.” Note that exact wording of a warning banner is site specific; however, it should at least emphasize that the use of the system is restricted to authorized persons and that consent to monitor activities is implied by logging in to the system.

[root@localhost]# /bin/mkdir -p /etc/banners
[root@localhost]# /bin/echo “Use of this system is restricted to authorized users” > /etc/banners/
prototype
[root@localhost]# cd /etc/banners ; /usr/bin/make -f /usr/share/doc/tcp_wrappers-7.6/Banners.Makefile

Deny Everything Except What is Explicitly Allowed

In order to implement the security best practice stance of deny everything except what is explicitly allowed, issue the following command.
[root@localhost]# echo ‘ALL: ALL: spawn (/bin/echo -e ‘/bin/date'”\n%c attempted connection to %s
and was denied” \
> | /bin/mail -s “Connection attempt to %s” root) &’ > /etc/hosts.deny

Any connection attempt not listed in the hosts.allow file will be denied, a message will be logged to the syslog auth facility, and an email will be sent to root.
Allow Access to Those Who Require It

Edit the hosts.allow file and add a line for each service to which access should be allowed. A few examples are shown below (See the man pages for hosts.allow for more detail).

ALL: LOCAL : banners /etc/banners            # All services from local clients (hostnames with no “.”)
sshd: 10.1.1.0/255.255.254.0 : banners /etc/banners # SSH connections from host IP addresses  between 10.1.1.0 and 10.1.2.0

Thanks
Manoj Chauhan

How to install Network Driver in Linux system

How to install Network Driver in Linux system

Introduction –

“Attansic Technology Corp. L1 Gigabit Ethernet Adapte” network (NIC) card or Adapter was not detected by RHEL4 (redhat) system. I tried running kudzu and other commands to detect device, but no use. So finally I have to install drivers for my network card…

Step 1] Device status (network card) –

* See below device status from hardware conf file ~ “/etc/sysconfig/hwconf”
* Attansic Technology Corp. L1 Gigabit Ethernet Adapter  not detected – Unknown device 8226

03:00.0 Ethernet controller: Attansic Technology Corp. L1 Gigabit Ethernet Adapter (rev b0)
Subsystem: ASUSTeK Computer Inc.: Unknown device 8226
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR+ <PERR-
Latency: 0, Cache Line Size 10
Interrupt: pin A routed to IRQ 201

…..

[root@desktop ~]# lspci

03:00.0 Ethernet controller: Attansic Technology Corp. L1 Gigabit Ethernet Adapter (rev b0)

…..
[root@desktop ~]# lspci -n

03:00.0 Class 0200: 1969:1048 (rev b0)

…..
[root@desktop ~]#

* Make sure to download drivers for above  venderID & deviceId “1969:1048″….

Step 2] download and extract the source  –

First, download vendor* driver from here

ftp://ftp.hogchain.net/pub/linux/attansic/vendor_driver/l1-linux-v1.2.40.3.tar.gz

OR
open-source (http://atl1.sourceforge.net/)

[root@desktop ~]# tar xvfz l1-linux-v1.2.40.3.tar.gz

[root@desktop ~]# cd  l1-linux-v1.2.40.3

[root@desktop src]# ls
at_ethtool.c  at.h  at_hw.c  at_hw.h  at_main.c  at_osdep.h  at_param.c  kcompat.c  kcompat_ethtool.c  kcompat.h  Makefile
[root@desktop src]#

* Now compile and install the drivers

[root@desktop src]# make
make -C /lib/modules/2.6.9-78.ELsmp/build SUBDIRS=/root/l1-linux-v1.2.40.3/src modules
make[1]: Entering directory `/usr/src/kernels/2.6.9-78.EL-smp-i686′

…..
make[1]: Leaving directory `/usr/src/kernels/2.6.9-78.EL-smp-i686′
[root@desktop src]# echo $?
0

[root@desktop src]# make install
make -C /lib/modules/2.6.9-78.ELsmp/build SUBDIRS=/root/l1-linux-v1.2.40.3/src modules

…..
man -c -P’cat > /dev/null’ atl1 || true
[root@desktop src]# echo $?
0

* Now load the kernel module….

[root@desktop src]# modprobe   atl1

Step 3] Now verify whether kernel driver is working or not  –

[root@desktop src]# modinfo   atl1
filename:       /lib/modules/2.6.9-78.ELsmp/kernel/drivers/net/atl1/atl1.ko
author:         Atheros Corporation, <xiong.huang@atheros.com>
description:    Atheros 1000M Ethernet Network Driver
license:        GPL
version:        1.2.40.3 1FC4E58EBDF31F49BFD33E8
parm:           TxDescriptors:Number of transmit descriptors
parm:           RxDescriptors:Number of receive descriptors
parm:           MediaType:MediaType Select
parm:           IntModTimer:Interrupt Moderator Timer
parm:           FlashVendor:SPI Flash Vendor
vermagic:       2.6.9-78.ELsmp SMP 686 REGPARM 4KSTACKS gcc-3.4
depends:
alias:          pci:v00001969d00001048sv*sd*bc*sc*i*
[root@desktop src]#

[root@desktop src]# netconfig
[root@desktop src]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:AD:54:0A:XX:WW
inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
inet6 addr: fe80::223:54ff:fe0a:616b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b)  TX bytes:498 (498.0 b)
Memory:feac0000-feb00000

…..

[root@desktop src]#

[root@desktop ~]# vi /etc/sysconfig/hwconf

class: NETWORK
bus: PCI
detached: 0
device: eth0
driver: atl1
desc: “Attansic Technology Corp. L1 Gigabit Ethernet Adapter”
network.hwaddr: 00:AD:54:0A:XX:WW
vendorId: 1969
deviceId: 1048

subVendorId: 1043
subDeviceId: 8226
pciType: 1
pcidom:    0
pcibus:  3
pcidev:  0
pcifn:  0
[root@desktop ~]#

Enjoy,
Arun Bagul

openLSM + Cherokee

openLSM + Cherokee

Dear All,

We are pleased to announce that tomorrow we are launching openslm-0.99 development platform. We are sure that  all contributor’s of openlsm and IndianGNU.org community will start coding for openlsm…

* Please don’t forget to test openlsm and give your valuable feedback/suggestion!

openlsm + Cherokee –

After all ups and  down finally openLSM community has decided to use Cherokee for openlsm admin server. We have customized Cherokee as per your requirement.

Thank you,
openLSM and IndianGNU.org