This is just a very quick guide to sniff network packets in your HP-UX server.

1.- Clean up any raw data file from previous sessions.
rm /tmp/raw.TRC*

2.- Create a filter file (e.g., /tmp/packetfilter) containing the things you want to log. For example, if you’re waiting for snmp traps from ip 192.168.5.18, your filter file will look like this:
filter udp_dport 162
filter ip_saddr 192.168.5.18

3.- Activate nettl. This is the program that will track all the network packets passing through the network interface.
nettl -tn all -e all -tracemax 99999 -f /tmp/raw

Right at this point nettl will be saving everything in raw files, all named after /tmp/raw. If you open this files, you will see raw binary data, so you’ll need another program to process this information. This is when netfmt comes in.

4.- To process the raw files in real time (just like tail -f do to a log file), you will issue the following command:
netfmt -N -n -1 -l -f /tmp/raw.TRC000 -F -c /tmp/packetfilter

This is a resumed view, and will only show ip source, ip destination, ports and protocols used.
Ei 192.168.5.18.162 > 192.168.1.130.162: udp 20c snmp-trap
IP 192.168.5.18.162 > 192.168.1.130.162: udp 20c snmp-trap
UDP .162 > .162: udp 20c snmp-trap
Ei 192.168.5.18.162 > 192.168.1.130.162: udp 20e snmp-trap
IP 192.168.5.18.162 > 192.168.1.130.162: udp 20e snmp-trap
UDP .162 > .162: udp 20e snmp-trap

This is specially handy when you’re waiting for a packet, and need to check another log of the actual application processing the packet. In this case, you’ll use file raw.TRC000 in the beginning, but take into account that when the file reaches 99999KB (check the nettl command above) nettl will continue logging packets in raw.TRC001 and so on.

5.- To stop the packet logging, just need to run the following command:
nettl -tf -e all

6.- If you want a complete detail of all the packets logged by nettl, you can use netfmt like this:
netfmt -N -n -l -f /tmp/raw.TRC000 > /tmp/netpackets

This will give you much more information about the packets that the previous way, so it’s better to look at that in a file that in the shell. You can also use the “-c /tmp/packetfilter” switch to filter  out some packets.

7.- That’s it. You’re on your own

This post was inspired by an article published in faqs.org, but saddly, I can’t find it anymore.

There’s a chance you have experienced a problem in TeMIP, so bad, that you had to regenerate the director. In this case, if you didn’t had a backup (you should always have one, at least one!) all the events were lost forever, and probably all the elements you had created beneath the class hierarchy.

In other not-so-bad scenarios, there’s the possibility that anyone of the administrators make a mistake and delete or overwrite a class configuration, and doesn’t know how to undo the operation.

For those cases, I developed a simple program that uses the manage shell of TeMIP to extract the configuration of the classes you want to. Also, the program doesn’t write the information on a txt or a csv file for a human being to process it later, it processes by itself the information and creates the directive commands you are going to need when restoring the configuration. Sounds nice, uh?

For the processing it uses bash and awk. There are two files, on contains the program (config_generator.awk) and the other contains the configuration (config_generator.conf).

You will need to edit both of them. In the first you will only edit the following paths:

• CONFIG_RPT_PATH=(The output path of the program)
• CONFIG_PATH=(The path where the config file is)
• TEMIP_BIN_PATH=(The path to the TeMIP binaries, usually /usr/opt/temip/bin)
• AWK_PATH=(The path to the awk binary)

In the second you are going to specify which classes you will need to backup, and how. Look at the file for specific instructions.

Download the files here: TeMIP.config_generator v0.5

Please report any bugs you found using it. You can comment in this post or contact me directly.

It’s possible for temip to authenticate operators using their windows usernames. You just need to make a single change in the operator’s PC and edit a file in the TeMIP server.

Let’s begin with the file on the server. Usually located in /var/opt/temip/acloc/user_profiles, there’s a file named temip_acloc_tal_users that contains all the users authorized to use temip, as well as the profile assigned to each one. It’s an ascii file, and the entries look like this:

username:profile_filename:windows_domain:host

So, for example, if you want to add a user called temip_operator, in the windows domain corporate and a profile has been created for it and it’s called operator.profile you need to add the following line to the file:

temip_operator:operator.profile:corporate:

The windows_domain and the host fields are optionals, but it’s recommended to use them. Changes to this file are effective immediately, but, if you delete an entry or change the profile for a user already connected, he or she will only be affected on new sessions opened after the change.

Then, following the same procedure as if we were changing the address of the TeMIP server in the TeMIP client, we need to change the TAL_SECURITY_LOGIN variable and assign it the value WINDOWS. After these two steps the user will no longer need to enter a unix username and password to login.

As of version 5.3, this is the only way to use windows usernames for authentication.

As you know, when you start the Windows TeMIP Client (as of v5.3), it automatically tries to connect to the servers you specified on the installation. But, there’s no option to change this from the Client menu.

To do this, you simply need to go to My PC Properties (Windows key + pause), click on the Advanced tab, and then click on the Environment Variables button.

If you have an administrator profile, you can go directly to the System variables and change the Variable TAL_ORBIX_SERVER. You can put as many ip addresses or hostnames as you want, as long as you separate them with a comma.

If you don’t have an administrator profile, you can still change the addresses by just adding a user variable named TAL_ORBIX_SERVER with the ip addresses or hostnames that you want to use.

Go to the desired location (for example, the /home partition to find out who is consuming more space), and then run the following command:

du . | sort -nr | less

The numbers won’t be in human readable notation, but you will understand that the higher the number, the higher the consumption is. Also, they will be sorted from high to low consumption.

If you don’t have the standard american keyboard layout, you may want to change it on Xming configuration instead of guessing where the characters are.

This is done by modifying the shortcut of Xming on the Start Menu. Simply right click on the icon and select Properties. Locate the Target option, and add the following words:

-xkblayout [layout] -xkbmodel [model]

Now, you should take a look at the file C:\Program Files\Xming\xkb\rules\xorg.lst (You should change the path if you installed Xming on another location), and select a layout and a model from the lists shown there. Once you’re ready, simply substitute [layout] and [model] with your choices and you’re ready to go. For example, my choices were latam and latam, so I only needed to add:

-xkblayout latam -xkbmodel latam

If you don’t know what is Xming, then you could read
Using X-Window on Microsoft Windows… for Free.

When you’re on Linux, there are no C: or D: drives. Instead, all is organized in directories and files, but sometimes files are not just files as you know them.

There is one special directory named /dev, where all the devices are represented by a file or a group of them. That’s the case of hard drives. A convention is applied to name this files, depending on the technology that supports them.

In the case of IDE hard drives (the most common case), they are named /dev/hdX, where X is a letter based on the configuration of the hard drives on the system. The table below describe it with an example.

• /dev/hda => Master on the first controller
• /dev/hdb => Slave on the first controller
• /dev/hdc => Master on the second controller
• /dev/hdd => Slave on the second controller

When it comes to SCSI drives, the convention will be /dev/sdX(unless it’s a tape drive) and the X depends on the SCSI ID assigned by the user to each drive. Letters are assigned from the lower ID to the higher one. So, for example:

• /dev/sda => SCSI drive with ID=0
• /dev/sdb => SCSI drive with ID=1
• /dev/sdc => SCSI drive with ID=4
• /dev/sdd => SCSI drive with ID=6

If the drives have partitions, then each one of them will be represented with another file with the name of the disk followed by a number. This number depends on the partition type (primary or logical), and its position. Numbers 1 to 4 are used for primary partitions (or the representation of an extended one) and numbers from 5 up are used for logical partitions. For example:

• /dev/hda1 => Primary partition 1
• /dev/hda2 => Primary partition 2
• /dev/hda3 => Extended partition
• /dev/hda5 => Logical partition 3
• /dev/hda6 => Logical partition 4

Although it doesn’t make too much sense to access the extended partition directly, it’s represented as /dev/hda3. The logical partitions are represented with numbers 5 and 6 in this example.

Although what differences this two types of links is simple, somebody without full experience in Unix-like systems may become confuse trying to choose one to use.

Both types of links do the same in principle: create some kind of shortcut to a file located somewhere else.

Hard links do a sort of copy of the file, without really copying it. Let’s see it with an example. Let’s say you created a file name MyDoc.txt using a text editor. At the time the file was created, it was assigned a name on a path (MyDoc.txt) and also an inode (some kind of address inside the filesystem. After the file was created, you were able to open it using its path. Then, you went to another directory and created a hard link to the file using the ln command like this:

ln /original/path/MyDoc.txt /new/path/MyLink.txt

What happened there?. The new file (MyLink.txt) was associated with the MyDoc.txt’s inode. So, right now you can delete one of them (e.g., MyDoc.txt) and the file will still be present with the name of the non deleted one (MyLink.txt).

On the other side, symbolic links associate the original filename and path rather than the original file’s inode to the new file. So, let’s say you created the symbolic link like this:

ln -s /original/path/MyDoc.txt /new/path/MyLink.txt

Then, MyLink.txt will only be a pointer to MyDoc.txt, and if you delete MyDoc.txt the file will become inaccessible from MyLink.txt.

Hard links have a limitation, they can only be used between files in the same partition. Symbolic links don’t depend on this because they don’t use inodes like hard links do.

Let’s say you want a process to run every five minutes till half hour, only on even hours. Think on something like this:

...
8:00,
8:05,
8:10,
…
8:25,
8:30,
10:00,
10:05,
…

I’m not questioning why would you wanna do something like that, but if you want to, you would need to specify those intervals on your crontab.

If you do it the basic and hard way, you would need to add the following lines to your crontab file:

0,5,10,15,20,25,30 0,2,4,6,8,10,12,14,16,18,20,22 * * * /path/to/my/command

Pretty ugly, isn’t it?. Well, if you have a recent version of crontab, you can summarize the intervals with the slash (”/”) and dash (”-”) operators. The slash indicates the “step” and the dash defines the “range”. For example, 1-5 is the same as 1,2,3,4,5. Also, */20 is the same as 20,40,0. So, 1-5/2 would be 1,3,5.

Going back to our example, you could then summarize the ugly line into this elegant one:

0-30/5 */2 * * * /path/to/my/command

You just need to remember that this feature is available only on extended versions of crontab.

Yesterday I was in a search of a free (as in beer or as in freedom) X-Window Client to access a Solaris server on my workplace.

I had previously used WRQ Reflection to do this, so I though somebody on the open source community would have found out how to make a free version out of this, taking into account that X-Window belongs to that open community. I didn’t find it yesterday so I kind of give up on it.

The funny thing is that today, while I was reading Download Squad on Google Reader, I came accross this article, that shows an application named Xming that seem to do exactly what I was looking for. It’s kind of confusing that it’s called a server, when in fact what you are going to do is using it like a client, but there should be a reason for that.

So, I went to XMing Website and downloaded the core package and installed it on my PC. After installing it, it’s autolaunched and appear as an icon on the tray. I also installed the fonts package, just in case it’s needed.

Then, I started putty to the solaris machine with my user and password, and assign my IP to the DISPLAY environmental variable like this:

export DISPLAY=10.1.2.3:0.0

After that, I started xterm from the shell, but it failed printing out the following error:

Xlib: connection to "10.1.2.3:0.0" refused by server
Xlib: No protocol specified

application-specific initialization failed: couldn’t connect to display “10.1.2.3:0.0″

After searching through the web, it seemed like a problem of authorization, something to do with xauth and permissions of XMing that I’m not related with. I closed the XMing server, and started from the run prompt adding the -ac switch after the command. About this, there’s this note on the website: -ac is unsafe on public networks, but makes things easier for beginners on private ones, so be careful using it.

After that, I tried again and succeded. Right now I have an X-Window Server on my Windows system, without having to pay anything for it.

Thanks Xming team!