“Running” wireshark in remote machinne

Sometimes tcpdump is not that friendly to check network.

In this example we are running tcpdump in the remote machine and showing data in wireshark.

ssh root@HOST tcpdump -iany -U -s0 -w – ‘not port 22’ | wireshark -k -i –

Leave a comment

Unable to locally verify the issuer’s authority (Verisign) problem with Nginx

In some browsers like konqueror and old firefox verions we were getting this problem.

                          Unable to locally verify the issuer’s authority

To solve this you must use an intermediate certificate, to download this intermediate certificate you must contatct your provider, in our case was Verising https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1735 

Inspect your certificate to check the version you are using.

With this new cwertificate in hands create a “bundle” certificate; cat your_domain_certificate.crt intermediate_certifica.crt >> bundle.crt .

Configure your nginx with this new certificate

# SSL configuration
ssl on;
ssl_certificate /PATH/bundle.crt;
ssl_certificate_key /PATH/server_valid.key;
ssl_session_timeout 30m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
 

Leave a comment

Setting linux serial to display more columns and rows

stty cols 410 rows 52

 

Leave a comment

NodeJS socket problem FIN_WAIT1 FIN_WAIT2 CLOSE_WAIT

We were facing some problems with NodeJs when handling sockets and file descriptors.

Fortunately we applied this patch and the problem is gone

https://github.com/soplwang/node-ka-patch

/* Copyright (c) 2013 Wang Wenlin. See LICENSE for more information */
;(function () {
var TCP = process.binding('tcp_wrap').TCP
, _setKeepAlive = TCP.prototype.setKeepAlive
, _shutdown = TCP.prototype.shutdown;
TCP.prototype.setKeepAlive = function (enable) {
var r = _setKeepAlive.apply(this, arguments);
this._ka = enable;
return r;
};
TCP.prototype.shutdown = function () {
var r = _shutdown.apply(this, arguments);
if (r && !this._ka)
_setKeepAlive.call(this, true, 150); // 150 sec
return r;
};
})();

And this patch

https://github.com/kejyun/socket.io/commit/8d6c02a477d365f019530b4ec992420dfb90eb09

Leave a comment

Speed up mysql restoring

Increase key buffer size as much as you can

Add this header in your dump file

SET @OLD_AUTOCOMMIT=@@AUTOCOMMIT, AUTOCOMMIT = 0;
SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS = 0;
SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS = 0;

 

Add this in the end

 

SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS;
SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS;
SET AUTOCOMMIT = @OLD_AUTOCOMMIT;

Leave a comment

Amazon AWS xennet: skb rides the rocket

Saw some time ago this problem in one server

 

 xennet: skb rides the rocket

 

Seems like we had  some kernel driver or hardware interaction problem when dealing with lots of sockets or jumbo frames.

 

To solve that, I had configured MTU to 1500 and 

ethtool -K eth0 gso off

ethtool -K eth0 tso off

 

Leave a comment

Ubuntu+Shinken+NRPE

cd /usr/local/src/
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.15.tar.gz
tar -zxf nrpe-2.15.tar.gz
cd nrpe-2.15

./configure –with-nagios-user=shinken –with-nagios-group=shinken –libexecdir=/usr/local/shinken/libexec –enable-libtap –enable-extra-opts –enable-perl-MODULES –with-ssl=/usr/bin/openssl –with-ssl-lib=/usr/lib/x86_64-linux-gnu

make all
make install-plugin

Leave a comment

Shinken and Mongdb

The debian/ubuntu default mongo does not work on shinken default installation.

to solve this

apt-get install mongodb-10gen=2.2.3

apt-mark hold mongodb-10gen

Leave a comment

Bind error (network unreachable) resolving

This problem usually occurs when bind is unable to query using a IPV6 network.

 

Apr 3 12:01:58 localhost named[5457]: error (network unreachable) resolving ‘static.ak.facebook.com.edgesuite.net/A/IN’: 2600:1401:2::2#53
Apr 3 12:01:58 localhost named[5457]: error (network unreachable) resolving ‘w.soundcloud.com/A/IN’: 2001:500:90:1::20#53

To avoid this:

-use an IPv6 network

or

-disable IPv6 in Bind

 

Disabling IPV6 in Bind:

/etc/default/bind9

# run resolvconf?
RESOLVCONF=yes

# startup options for the server
OPTIONS=”-4 -u bind”

Leave a comment

Checking dd status

kill -USR1 PID

Example:

hamilton@gothan:/tmp$ dd if=/dev/urandom of=/tmp/aa &
[1] 6832
hamilton@gothan:/tmp$
hamilton@gothan:/tmp$ kill -USR1 6832
hamilton@gothan:/tmp$ 246665+0 records in
246664+0 records out
126291968 bytes (126 MB) copied, 8,05584 s, 15,7 MB/s

hamilton@gothan:/tmp$ kill -USR1 6832
321788+0 records in
321788+0 records out
164755456 bytes (165 MB) copied, 10,4801 s, 15,7 MB/s
hamilton@gothan:/tmp$ kill -USR1 6832
390472+0 records in
390471+0 records out
199921152 bytes (200 MB) copied, 12,7041 s, 15,7 MB/s

Leave a comment

Follow

Get every new post delivered to your Inbox.