Saturday, 31 August 2013

unexpectedly shrunk window (repaired) in dmesg log - TCP Peer

Don't Panic,


This normally occurs when a client decides to reduce its TCP window size, without the server expecting it. This can be the case when fragmentation is an issue, or when the client is using an embedded device with very little NIC buffer memory. This is a completely normal behaviour, and you’re likely to see quite a few such packets in your log. The messages are informational only, and are used to debug networking issues.

I’d be worried if you saw hundreds of thousands of these packets, since there are attacks that involve packet fragmentation and small window sizes, but otherwise it’s just the normal sort of noise you should expect to see on any internet-facing network. In fact, the “repaired” part of your message is showing that your network driver fixed the issue, which is usually done by concatenating the payloads of two fragmented packets together. Shouldn’t be an issue at all.

… … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … 

Tuesday, 27 August 2013

Solved: ERROR: ld.so: object '/lib/libdevmapper-event.so.1.20.0' from /etc/ld.so.preload cannot be preloaded: ignored.

Error:

ERROR: ld.so: object '/lib/libdevmapper-event.so.1.20.0' from /etc/ld.so.preload cannot be preloaded: ignored.

Fix:

Use Your favorite editor, here i use vi to edit the file /etc/ld.so.preload and comment out the line: /lib/libdevmapper-event.so.1.20.0 then it will look so,

# cat /etc/ld.so.preload
#/lib/libdevmapper-event.so.1.20.0

For: ERROR: ld.so: object '/lib/libsafe.so.2' from /etc/ld.so.preload cannot be preloaded: ignored

Fix:

comment out the line: /lib/libsafe.so.2 in /etc/ld.so.preload

Thanks.

Saturday, 24 August 2013

VMware ESX vs ESXi

What is VMware ESX ?

ESX (Elastic Sky X) is the VMware’s enterprise server virtualization platform. In ESX, VMkernel is the virtualization kernel which is managed by a console operating system which is also called as Service console. Which is linux based and its main purpose is it to provide a Management interface for the host and lot of management agents and other thrid party software agents are installed on the service console to provide  the functionalists like hardware management and monitoring of ESX hypervisor.

What is VMware ESXi ?

ESXi (Elastic sky X Integrated) is also the VMware’s enterprise server virtualization platform. In ESXi, Service console is removed. All the VMware related agents and third party agents such as management and monitoring agents can also run directly on the VMkernel. ESXi is ultra-thin architecture which is highly reliable and its small code-base allows it to be more secure with less codes to patch. ESXi uses Direct Console User Interface (DCUI) instead of a service console to perform management of ESXi server. ESXi installation will happen very quickly as compared to ESX installation.


Wednesday, 21 August 2013

possible SYN flooding on port xxxx. Sending cookies.

This could be a form of DOS attack on the box and It is likely to be TCP backlog queue maximum size has been reached.

1). To Ascertain the current maximum size:

# cat /proc/sys/net/ipv4/tcp_max_syn_backlog
1024

Adjust the size, 4096 is recommended unless the box has a minute amount of memory in modern standards (<1Gb).

# echo "4096" >/proc/sys/net/ipv4/tcp_max_syn_backlog

2). To Enable fast recycling TIME-WAIT sockets. add the following to /etc/sysctl.conf, then run 'sysctl -p'

net.ipv4.tcp_tw_recycle = 1

Check dmesg to see if the problem persist.

!

Monday, 19 August 2013

No running copy - squid: ERROR

# squid -k reconfigure
squid: ERROR: No running copy

In /var/log/messages,

"Squid Parent: child process 1147 exited due to signal 6"

In syslog:

"Failed to verify one of the swap directories, Check cache.log#012#011for details.
Run 'squid -z' to create swap directories#012#011if needed, or if running Squid for the first time."

In syslog, A warning appears to make swap directory running the squid,

# squid -z
(-z : Create swap directories)
# squid start

Thursday, 8 August 2013

Dsniff - Network Monitoring:

Dsniff:

It is a suit of tools for auditing the network and penetration testing. We can use this tool for passive monitoring a network for some important data (passwords, e-mail, files, etc.).

Installation:

# wget http://www.monkey.org/~dugsong/dsniff/beta/dsniff-2.4b1.tar.gz

# tar zxf dsniff-2.4b1.tar.gz

# wget http://www.enzotech.net/files/dsniff-2.4.fixed.FC.patch

# patch -p0 < dsniff-2.4.fixed.FC.patch

# cd dsniff-2.4

# ./configure && make && make install


Thanks!