Blog‎ > ‎

Tech Blog

Recent announcements

  • Monitor USB Throughput Time to time, I need to see how much bandwidth an USB device is taking... for example, from an external hard drive or something like that. Wireshark can do the ...
    Posted 9 Sep 2013, 09:31 by Flip Pipe
  • VLAN QinQ with tcptrace This week I had a new problem... analyze traffic in VLAN QinQ with tcptrace. I have traffic capture with some hundreds of megabytes and traffic was encapsulated in QinQ. For ...
    Posted 31 May 2013, 02:38 by Flip Pipe
  • Logging SSH sessions During my work activities, I do a lot of ssh sessions to routers, switches, servers and so on, and I allways miss a simple way to record all activities I ...
    Posted 30 May 2013, 10:40 by Flip Pipe
  • How to check usb device speed Sometimes we need to see if a device is connect at USB 2.0 speeds or not. Unfortunately, lsusb do not give this information out of the box. We need ...
    Posted 26 Jun 2013, 13:39 by Flip Pipe
  • Simple MUA Each time I install a new machine I loose all configuration how the MUA was configured to send emails via google.Today I send a little time to find a ...
    Posted 24 Mar 2013, 08:05 by Flip Pipe
  • My first time... ... I build a Passive Network Tap.A RJ45 4 way splitter, and two custom made cables, a computer with Linux, a bond interface, and voilá, my set-up.The tower ...
    Posted 7 Mar 2011, 12:03 by Flip Pipe
  • 4.294.967.295 messages downloaded More than 4 bilions of messagens. Who can tell Thunderbird don't handle large volume of email :)Off course this is a bug, neither receiving abuse email from my company ...
    Posted 21 Feb 2011, 04:13 by Flip Pipe
  • Google Calendar and Thunderbird If you google for Thunder/Sunbird and google calendar integration, will lead you to a bunch of add-on and blogs, not this off course.But the best help is ...
    Posted 17 Feb 2011, 04:19 by Flip Pipe
Showing posts 1 - 8 of 8. View more »

Monitor USB Throughput

posted 9 Sep 2013, 09:23 by Flip Pipe   [ updated 9 Sep 2013, 09:31 ]

Time to time, I need to see how much bandwidth an USB device is taking... for example, from an external hard drive or something like that.

Wireshark can do the job, but it is not simple to use. So I create two small scripts to help me.

The first is getUsb.sh and needs to be run as root... because it uses usbmon, which need to run as root. This parses the output of usbmon and sums the data passing through the device.

The other is speedUsb.sh, to be run as normal user and see the results. This get the total amount of data passing in the device, and make the maths and updates every second.

So if you want to try out, as root run getUsb.sh

# ./getUsb.sh

and choose the device you want:



and leave it running.

Then as normal users, run the other

 
$
./speedUSB.sh IN OUT 0.053 0.160 Mbytes/s 0.426 1.286 Mbits/s 0.001 0.204 Mbytes/s 0.012 1.634 Mbits/s 0.048 0.508 Mbytes/s 0.387 4.071 Mbits/s 0.013 0.570 Mbytes/s 0.105 4.567 Mbits/s 0.036 0.714 Mbytes/s 0.293 5.713 Mbits/s
 

I hope this help you.

warning this was only tested in my machine, so used it at your own risk. warning

VLAN QinQ with tcptrace

posted 31 May 2013, 02:36 by Flip Pipe   [ updated 31 May 2013, 02:38 ]

This week I had a new problem... analyze traffic in VLAN QinQ with tcptrace. I have traffic capture with some hundreds of megabytes and traffic was encapsulated in QinQ.


For tcptrace, this traffic was not recognized, so I cannot analyze it as it was. And from a bunch of vlans I just need to analyze one of them, in my case 1901.


Googgling during some time I didn't find my answer, so I need to create a work around.

Since libpcap 1.2.1, it is possible to filter traffic in vlan QinQ. So I just need to replay the traffic and with tcpdump just capture the vlan I need.

But, if I replay the traffic for my NIC, the results shouldn't be good and I didn't try.

But fortunately, we can create a dummy interface. (Thank you Kenyan Geek for your post)

So I did it... a new dummy0 interface in my machine with problems to mess with real traffic.

In one side I replay the capture file I had:

# tcpreplay --intf1=dummy0 capture-001-20130529-125129-eth1_2.cap

And one the other side, I just need to capture with the right filter:

# tshark -i dummy0 -w /tmp/test_03_tshark.pcap "vlan 313 && vlan 1901"

In the end, I've a capture with just with the vlan I need


Of course, tcptrace still not recognize the QinQ, but now, we just need to remove vlan information with tcprwrite

# tcprewrite --enet-vlan=del -i test_03_tshark.pcap -o capture_clean_vlans.pcap

and voilá...


If you need tcpreplay and friends (tcprewrite), you can find it at http://tcpreplay.synfin.net/. And tcptrace it is at http://www.tcptrace.org/

Logging SSH sessions

posted 30 May 2013, 10:34 by Flip Pipe   [ updated 30 May 2013, 10:40 ]

During my work activities, I do a lot of ssh sessions to routers, switches, servers and so on, and I allways miss a simple way to record all activities I done.... some time to track problems I made, sometimes to recall a command done some time ago.

So, with a simple script and one alias I resolve my problem. The script is not very well done and not very robust, but I think for now do a go job.

If you want to use it, download the script and do an alias as this.

alias ssh='~/bin/ssh_log_wrapper.sh'

If for some reason you need to use the ssh binary, for example, do a tunnel, just invoke it with the full path.

One goody, to do the logging, I use script command, which can create a time file and with scriptreplay it shows almost the same when the sessions was record.

Show each time I do a ssh session to a machine, it is create one folder, one with the output of the session and other file with the timing information.

How to check usb device speed

posted 2 May 2013, 04:18 by Flip Pipe   [ updated 26 Jun 2013, 13:39 ]

Sometimes we need to see if a device is connect at USB 2.0 speeds or not.

Unfortunately, lsusb do not give this information out of the box. We need to check the /sys/bus/usb and find the right device.

So a create a simple script to do it in a simple way.

$ ./checkUsbSpeed.sh <string>

The string is just part of the output of lsusb.

For example. Check the output of lsusb.

$ lsusb
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 003 Device 003: ID 0fe6:9700 Kontron (Industrial Computer Source / ICS Advent) DM9601 Fast Ethernet Adapter
Bus 003 Device 002: ID 046d:c526 Logitech, Inc. Nano Receiver
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 138a:003c Validity Sensors, Inc.
Bus 001 Device 004: ID 0424:2514 Standard Microsystems Corp. USB 2.0 Hub
Bus 002 Device 003: ID 1bcf:0c31 Sunplus Innovation Technology Inc.
Bus 001 Device 005: ID 046d:c52e Logitech, Inc. 
Choose a device, for example Sunplus

and the run the script

$ ./checkUsbSpeed.sh Sunplus
/sys/bus/usb/devices/2-1.2
Sunplus Innovation Technology.: 480Mbps

It will tell you where in /sys/bus/usb the device is, the name of the manufacturer and the speed.

Simple MUA

posted 19 Mar 2013, 08:28 by Flip Pipe   [ updated 24 Mar 2013, 08:05 ]

Each time I install a new machine I loose all configuration how the MUA was configured to send emails via google.

Today I send a little time to find a way to have a simple configuration... and found a simple MUA: MSMTP

I've several goals in mind:
  1. System wide configuration, not per user;
  2. Scripts make by user and using command mail should work out of the shelf;
  3. I should receive email from cron jobs;
  4. No plain text passwords;

Googling a bit, I've find lots of howtos to configure msmtp, but it was in user land or to system, not combined, and with the touch of no plain text passwords.

Lets, begin.

First I remove all packages from previous MUA/MTA, in my case, sendmail.

# sudo dpkg --get-selections | grep sendmail

# sudo apt-get remove libmail-sendmail-perl sendmail-base sendmail-bin sendmail-cf


Then install MSMTP and certificates:

# sudo apt-get install msmtp ca-certificates

After, create the configurations files:

/etc/msmtprc

defaults
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
aliases /etc/msmtp_aliases
 
account default
host smtp.gmail.com
port 587
auth on
user <gmail email user>
password <gmail email password>
from <gmail email user>
logfile ~/.msmtp.log



Then create a aliases file (as configured before)

/etc/msmtp_aliase

root: <email address>

Now it should work, if you test it. But it isn't ready for system wide.

First, lets put the command mail working.In each user home directory it is needed to create this file

# cat .mailrc
set sendmail="/usr/bin/msmtp"


And for new accounts, you should also create this file inside /etc/skell, because each new user is created, the content of this directory is copied to the user home.

But at this time, cron still not send email to you, because it has hard coded the path to sendmail.

So, it is needed to create a sym link:

# ln -s /usr/bin/msmtp /usr/lib/sendmail

Probably it is not needed, but lets create a sym link to sendmail

# ln -s /usr/bin/msmtp /usr/sbin/sendmail


note:  before create this sym link, check if they already exist, and if yes, do a backup first.

The system wide logs should be in /var/log, but with this configuration, msmtp are in home directory of each user. Usually, cron and other jobs run as root, so, let's do a sym link:

# ln -s /root/.msmtp.log /var/log/msmtp.log

One last problem to solve.... a password in text plain.

To workaround this problem, I used the option passwordeval, but if is not a problem to you, you do not need to read more. But this workaround make cron jobs not send emails.

First, change in /etc/msmtorc from

password <gmail email password>

to

passwordeval /usr/local/bin/getPass.sh

and the content of that script is

#!/bin/bash
/usr/bin/gpg -q --batch -d ~/.msmtp.password.txt.gpg


note: don't forget to do chmod +x /usr/local/bin/getPass.sh to turn it executable

From now on, msmtp will use gpg to decrypt a file where the password is. The problem of this solution is the management, because each user must have in it his own home the encrypted file with it own key ring.

First, you need to create your key ring which the command "gpg --gen-key". It will ask some questions. Keep the information you provide in this questions: Real Name, Email address and comment. This information is needed to identify your key later. I've attached an example of the output in the files of this post.

After the key ring is created, just create a file with the password inside it, and encrypt it with:

$ gpg  --output ~/.msmtp.password.txt.gpg -e <file>
You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID.  End with an empty line:


At this time provide any part of the Real Name, Email address or comment, in order gpg find the key to encrypt the file.

After the key found, just press enter again to encrypt the file.

Remove the files with clear text password, and its done...

Now, just test your cron and mail program...

Lessons learned:
  • Trying solve the problem of manage the encrypted files, I've recall there is a way to create a script and make a normal user run it as root if the file is owned by root. This is done changing the file mode bits, and set user or group ID on execution (s) (in practice, doing chmod +s <file>). But in the end, it was the same effect of put the password in clear text in the config file.
  • You can ask me, why I didn't put in the msmtp configuration file the content of the script. For some reason, it work fine if the user send emails, but not when cron send emails, and this happens when using relative path and not full paths. Probably cron don't read environment variables or do not pass it to msmtp.

My first time...

posted 7 Mar 2011, 11:22 by Flip Pipe   [ updated 7 Mar 2011, 12:03 ]

... I build a Passive Network Tap.

A RJ45 4 way splitter, and two custom made cables, a computer with Linux, a bond interface, and voilá, my set-up.


The tower is running Linux and see the traffic pass-through and the Windows Desktop being sniffed.

This site was my inspiration.

But like kitchen recipes, I like to adapt to my way. In this case, the Surface Mount Box was replaced by the 4 way RJ45 Splitter and two 'special' cables.


 This cables will only send traffic to the network cards. One have the normal RX cables, and the other only have the TX cables but in RX place.


Yeap, the pics are crappy, but it is the best I can do with my mobile phone.

4.294.967.295 messages downloaded

posted 21 Feb 2011, 04:07 by Flip Pipe

More than 4 bilions of messagens. Who can tell Thunderbird don't handle large volume of email :)

Off course this is a bug, neither receiving abuse email from my company I have so much email...


Google Calendar and Thunderbird

posted 17 Feb 2011, 04:17 by Flip Pipe

If you google for Thunder/Sunbird and google calendar integration, will lead you to a bunch of add-on and blogs, not this off course.

But the best help is in the Google Calendar FAQ:

http://www.google.com/support/calendar/bin/answer.py?hl=en&answer=99358#sunbird

Neat and clean, with out add-ons, just I like.

1-8 of 8

Comments