Login
Menu

Blog Archives
linuxadmin

Home / Blog

Author Archives: linuxadmin

Network Traffic Analysis

Network Traffic Analysis

Linux Tools For Network Analysis

Network problems

Networks are funny places where all sort of things happen in a matter of microseconds. Domain Name System (DNS) lookups are answered, and data blocks traverse the network as part of file-sharing protocols (such as SMB and NFS) while packets make their way from the Internet to your web browser. At any moment a network printer could go haywire and start broadcasting an endless stream of address resolution requests, or an NFS client could send mangled data to its server wreaking havoc on your work.

If you’ve done any systems administration work, you have probably seen these problems and dozen of others. Debugging them requires experience, as well as the right tools to diagnose what has gone wrong and to help determine what to do about it.

 

Network analysis

One of the most valuable tools in diagnosing a network problem, besides the manuals that come with all of your networking gear, is a network protocol analyzer. A network protocol analyzer listens to the network, then displays the data in a way that lets you watch things such as

  • interactions of clients and servers,
  • broadcasts,
  • packet storms, and
  • routing updates.

Commercial network analysis software packages can cost more than $1,000 for the software alone. Add a dedicated top-of-the-line laptop and a high-speed network controller, and the cost can easily exceed $5,000.

Fortunately, there are open source, Linux-based solutions that can give you all of the benefits of a commercial product (along with the ability to extend the software) at a fraction of the price.

Two packages that make network diagnostics and troubleshooting easier are Ethereal and Netwatch.

  • Ethereal is a “network sniffer” package that allows you to look at all of the traffic on a network.
  • Netwatch monitors traffic flow between clients and servers (such as between a web browser and a web server) and determines what ports are being used in those communications.

Ethereal

Ethereal

Netwatch

Gordon MacKay’s Netwatch utility, which runs in a terminal window, is invaluable for watching network loads and for seeing, at a higher level than Ethereal, who is talking to whom on your network. As shown in Figure 2, Netwatch monitors network bandwidth in terms of which hosts are producing and consuming packets.

Click for full size image

Figure 2. Netwatch monitors network bandwidth. (Click on image for full-size view)

Another useful mode of Netwatch, seen in Figure 3, shows which ports are involved in the communications between hosts. This can be very useful in seeing if the client/server applications on your network are using the ports that you expect them to use.

It can also alert you to potential trouble if you see hosts using protocol slots that should never be seen on your network. For example, if you see a service (such as TCP or UDP port) that shouldn’t be running, it could mean someone is running an unauthorized service on a machine (for example, a Quake GAME server) or that someone has broken in.

, as shown in Figure 1, is a GUI-based program that displays packet traffic on a network. In this figure, Ethereal displays several packets on my home network, including DNS lookup packets, NFS transactions, and e-mail being delivered via the POP3 protocol. The packet highlighted in this example is a WHO packet that is part of a protocol that reports on machine uptimes, and records who is logged in to which machine.

Click for full size image

Figure 1. Ethereal displays packet traffic on a network. (Click on image for full-size view)

In this example, the middle panel of Ethereal shows the decomposition of the WHO packet that contains sub-fields which describe who is logged into the machine that broadcast the packet along with other relevant machine info such as load averages and uptimes.

The bottom panel of Ethereal shows the actual packet-data as a hexadecimal dump of bytes.

Taken as a whole, Ethereal is a complete network traffic analysis tool. A short list of features includes:

  • A session tracer that shows network sessions as collections of transactions, rather than just as network packets
  • A text-mode tool that uses the Ethereal packet engine, then can be run from either an X-window terminal or in a shell window with no windowing support
  • Colorization modes for the packet displays
  • The ability to read dump files from other (commercial) network analyzer packages

Linux Desktop

Linux Desktop

In computing, a desktop environment (DE) is an implementation of the desktop metaphor made of a bundle of programs running on top of a computer operating system, which share a common graphical user interface (GUI). The desktop environment was seen mostly on personal computers until the rise of mobile computing.[1][2] Desktop GUIs help the user to easily access and edit files, while they usually do not provide access to all of the features found in the underlying operating system. Instead, the traditional command-line interface (CLI) is still used when full control over the operating system is required.

Open Office,
Libra Office,
Evolution,
thunderbird Mail Client,
Mozilla,
Compatible with windows based software,
awesome looks and feel,
Virus Free,
Easy,
User friendly,
Fast,
Stable,
Relaible,
Error free,
Bundled with All Drivers,
Softwares,
tools,
Manual guides

LAMP

LAMP

LAMP

LAMP is an acronym for a web services solution stack consisting of Linux, the Apache HTTP Server, theMySQL or MariaDB database engines, and the PHPPerl or Python programming language. All components are free and open-source software, and the combination is suitable for building dynamic web pages.

Software components

High-level overview of LAMP components

Linux

Linux is a Unix-like and POSIX-compliant computer operating system assembled under the model of free and open source software development and distribution. The main form of distribution are Linux distributions, usually providing complete LAMP setups out of the box through their package management systems. Of the most widespread Linux distributions, as of 1 October 2013, 58.5% of web server market share is shared between Debian and Ubuntu, while RHEL, Fedora and CentOStogether share 37.3%.

Many options are available for customizing and securing Linux installations, for example by using SELinux, or by employingchroot environments.

Apache

The Apache HTTP Server is the most popular web server in use; as of June 2013, Apache was estimated to serve 54.2% of all active websites and 53.3% of the top servers across all domains. As of June 2014, Apache was estimated to serve 52.27% of all active websites followed by nginx with 14.36%, and 53.32% of the top servers followed by nginx with 18.16%.

Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation. Released under the Apache License, Apache is open-source software. A wide variety of features is supported, and many of them are implemented as compiled modules which extend the core functionality of Apache. These can range from server-side programming language support to authentication schemes.

MySQL, MariaDB, MongoDB

MySQL is a multithreaded, multi-user, SQL database management system (DBMS) now owned by Oracle Corporation. MySQL has been owned by Oracle Corporation since January 27, 2010 through the purchase of Sun Microsystems. Sun had originally acquired MySQL on February 26, 2008. The MySQL development project has made itssource code available under the terms of the GNU General Public License, as well as under a variety of proprietary agreements.

MariaDB is a fork of MySQL.

MongoDB is a widely used open-source NoSQL database. MongoDB eschews the traditional table-based relational database structure in favor of JSON-like documents with dynamic schemas (calling the format BSON), making the integration of data in certain types of applications easier and faster.

Other relational database management systems such as PostgreSQL are also viable.

PHP, Perl, Python

PHP is a server-side scripting language designed for web development but also used as a general-purpose programming language. PHP code is interpreted by a web server with a PHP processor module, which generates the resulting web page: PHP commands can be embedded directly into an HTML source document rather than calling an external file to process data. It has also evolved to include a command-line interface capability and can be used in standalone graphical applications.[8]

PHP is free software released under the PHP License, which is incompatible with the GNU General Public License (GPL) due to restrictions on the usage of the term PHP.

Perl is a family of high-level, general-purpose, interpreted, dynamic programming languages. The languages in this family include Perl 5 and Perl 6.The Perl languages borrow features from other programming languages including C, shell scripting (sh), AWK, and sed. They provide powerful text processing facilities without the arbitrary data-length limits of many contemporary Unix commandline tools, facilitating easy manipulation of text files. Perl 5 gained widespread popularity in the late 1990s as a CGI scriptinglanguage, in part due to its parsing abilities.

Python is a widely used general-purpose, high-level programming language. Python supports multiple programming paradigms, including object-oriented, imperative andfunctional programming or procedural styles. It features a dynamic type system and automatic memory management and has a large and comprehensive standard library. Like other dynamic languages, Python is often used as a scripting language, but is also used in a wide range of non-scripting contexts.

Linux-Apache-MySql-PHP
(software bundle)

Easy to code
Easy to deploy
Develop locally
Cheap and ubiquitous hosting
Free Open Source
Strong Community
Great Market Share
web scripting software

CMS

CMS

 

content management system (CMS) is a computer application that allows publishing, editing and modifying content, organizing, deleting as well as maintenance from a central interface. Such systems of content management provide procedures to manage workflow in a collaborative environment. These procedures can be manual steps or an automated cascade. CMS’s have been available since the late 1990s.

CMS’s are often used to run websites containing blogs, news, and shopping. Many corporate and marketing websites use CMS’s. CMS’s typically aim to avoid the need for hand coding, but may support it for specific elements or entire pages.

Web content management system

Main article: Web content management system

A content management system (Web CMS) is a bundled or stand-alone application to create, deploy, manage and store content on Web pages. Web content includes text and embedded graphics, photos, video, audio, and code (e.g., for applications) that displays content or interacts with the user. A Web CMS may catalog and index content, select or assemble content at runtime, or deliver content to specific visitors in a requested way, such as other languages. Web CMS’s usually allow client control over HTML-based content, files, documents, and Web hosting plans based on the system depth and the niche it serves.

Component content management system

Main article: Component content management system

A (CCMS) specializes in the creation of documents from component parts. For example, a CCMS that uses DITA XML enables users to assemble individual component topics into a map (document) structure. These components can be reused (rather than copied and pasted) within another document or across multiple documents. This ensures that content is consistent across the entire documentation set.

Content management system
Create a Dynamic Website within a day with all functions like
Payment gateway,
Add cart ,
e-commerce,
Picture gallery
Maintaining Security
Managing Objects
Managing Servers
Managing Auditing
Maintaining Report
and a lot more >>

SVN

SVN

 

machine learningsupport vector machines (SVMs, also support vector networks) are supervised learning models with associated learning algorithms that analyze data and recognize patterns, used for classification and regression analysis. Given a set of training examples, each marked as belonging to one of two categories, an SVM training algorithm builds a model that assigns new examples into one category or the other, making it a non-probabilistic binary linear classifier. An SVM model is a representation of the examples as points in space, mapped so that the examples of the separate categories are divided by a clear gap that is as wide as possible. New examples are then mapped into that same space and predicted to belong to a category based on which side of the gap they fall on.

Apache™ Subversion®
“Enterprise-class centralized version control for the masses”
Subversion is an open source version control system
Directories are versioned
Copying, deleting, and renaming are versioned.
File locking.
Interactive conflict resolution.
Write-through proxy over WebDAV.
Repository read-only mirroring.
Standalone server option (svnserve).
Executable flag is preserved.
Symbolic links can be versioned.

CRM

CRM

“Customer relationship management (CRM) is a widely-implemented strategy for managing a company’s interactions with customers, clients and sales prospects”

Adoption issues

In 2003, a Gartner report estimated that more than $2 billion had been spent on software that was not being used. According to CSO Insights, less than 40 percent of 1,275 participating companies had end-user adoption rates above 90 percent. Many corporations only use CRM systems on a partial or fragmented basis. In a 2007 survey from the UK, four-fifths of senior executives reported that their biggest challenge is getting their staff to use the systems they had installed. 43 percent of respondents said they use less than half the functionality of their existing system.. Recently, it is found in a study that market research regarding consumers preference may increase the adoption of CRM among the developing countries’ consumers.

Sales force automation
Customer support & service
Marketing automation
Inventory management
Activity management
Security management
Calendaring
E-mail integration

VoIP

VoIP

 

Voice-over-Internet Protocol (VoIP) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. Other terms commonly associated with VoIP are IP telephonyInternet telephonyvoice over broadband (VoBB), broadband telephonyIP communications, and broadband phone service.

The term Internet telephony specifically refers to the provisioning of communications services (voice, fax, SMS, voice-messaging) over the public Internet, rather than via the public switched telephone network (PSTN). The steps and principles involved in originating VoIP telephone calls are similar to traditional digital telephony and involve signaling, channel setup, digitization of the analog voice signals, and encoding. Instead of being transmitted over a circuit-switched network, however, the digital information is packetized, and transmission occurs as IP packets over a packet-switched network. Such transmission entails careful considerations about resource management different from time-division multiplexing (TDM) networks.

Protocols

Voice over IP has been implemented in various ways using both proprietary protocols and protocols based on open standards. Examples of the VoIP protocols are:

  • H.323
  • Media Gateway Control Protocol (MGCP)
  • Session Initiation Protocol (SIP)
  • H.248 (also known as Media Gateway Control (Megaco))
  • Real-time Transport Protocol (RTP)
  • Real-time Transport Control Protocol (RTCP)
  • Secure Real-time Transport Protocol (SRTP)
  • Session Description Protocol (SDP)
  • Inter-Asterisk eXchange (IAX)
  • Jingle XMPP VoIP extensions
  • Skype protocol
  • Teamspeak

The H.323 protocol was one of the first VoIP protocols that found widespread implementation for long-distance traffic, as well as local area network services. However, since the development of newer, less complex protocols such as MGCP and SIP, H.323 deployments are increasingly limited to carrying existing long-haul network traffic. In particular, the Session Initiation Protocol (SIP) has gained widespread VoIP market penetration.

These protocols can be used by special-purpose software, such as Jitsi, or integrated into a web page (web-based VoIP), like Google Talk.

VoIP stands for Voice over Internet Protocol
VoIP is a telephone connection that uses internet instead of the regular telephone network.
VoIP saves your money
Portability – Take It Where You Go
Compatible with legacy telephony network
VoIP includes all those features that the normal telephone company provides .

Firewall

Firewall

 

Build a complete, secure and stable firewall exclusively from Open Source software”
Open Source,
Free,
Community-Supported Security Solution
Unified Threat Management (UTM) functionality
Very easy to install
Use and manage, without losing its flexibility
Application-level proxies for various protocols (HTTP, FTP, POP3, SMTP)
Antivirus support
Virus and spam-filtering for email traffic (POP and SMTP),
Content filtering of Web traffic
A “hassle free” VPN solution (based on OpenVPN).

IM Chat server

IM Chat server

Open-Source Java XMPP (Jabber) server,
Open Source Real-Time Communication,
Chat Server,
IM Messanger,
Awesome Client, (Cross-platform real-time collaboration client optimized for business and organizations )
MySql,
Windows AD connectivity,
Online File Transfer,
Content filtering,
History,
Web based real-time collaboration client optimized for business and organizations

Virtualisation

Virtualisation

 

Linux virtualization refers to running one or more virtual machines on a physical computer that’s operated by the Linux open sourceoperating system. Linux virtualization can be used for isolating specific apps, programming code or even an operating system itself, as well as for security and performance testing purposes.

Today’s more powerful computers and hardware have made virtualization more practical and feasible for both desktop and server environments, helping to save power by consolidating several workspaces on one system as well as maximizing the workload that the compute can handle. Popular Linux virtualization solutions include Xen, KVM, QEMU, VirtualBox and VMware.

Hardware virtualization

Main article: Hardware virtualization

Hardware virtualization or platform virtualization refers to the creation of a virtual machine that acts like a real computer with an operating system. Software executed on these virtual machines is separated from the underlying hardware resources. For example, a computer that is running Microsoft Windows may host a virtual machine that looks like a computer with the Ubuntu Linux operating system; Ubuntu-based software can be run on the virtual machine.

In hardware virtualization, the host machine is the actual machine on which the virtualization takes place, and the guest machine is the virtual machine. The words host and guestare used to distinguish the software that runs on the physical machine from the software that runs on the virtual machine. The software or firmware that creates a virtual machine on the host hardware is called a hypervisor or Virtual Machine Manager.

Different types of hardware virtualization include:

  1. Full virtualization: Almost complete simulation of the actual hardware to allow software, which typically consists of a guest operating system, to run unmodified.
  2. Partial virtualization: Some but not all of the target environment is simulated. Some guest programs, therefore, may need modifications to run in this virtual environment.
  3. Paravirtualization: A hardware environment is not simulated; however, the guest programs are executed in their own isolated domains, as if they are running on a separate system. Guest programs need to be specifically modified to run in this environment.

Hardware-assisted virtualization is a way of improving the efficiency of hardware virtualization. It involves employing specially designed CPUs and hardware components that help improve the performance of a guest environment.

Video game console emulation

Main article: Video game console emulator

A video game console emulator is a program that allows a personal computer or video game console to emulate a different video game console’s behavior. Video game console emulators and hypervisors both perform hardware virtualization; words like “virtualization”, “virtual machine”, “host” and “guest” are not used in conjunction with console emulators.

Snapshotting

Main article: Snapshot (computer storage)

snapshot is the state of a virtual machine, and, generally, its storage devices, at an exact point in time. Snapshots are “taken” by simply giving an order to do so at a given time, and can be “reverted” to on demand, with the effect that the VM appears (ideally) exactly as it did when the snapshot was taken.

Teleportation

Main article: Teleportation (virtualization)

The snapshots described above can be moved to another host machine with its own hypervisor; when the VM is temporarily stopped, snapshotted, moved, and then resumed on the new host, this is known as teleportation (or migration). If the older snapshots are kept in sync regularly, this operation can be quite fast, and allow the VM to provide uninterrupted service while its prior physical host is, for example, taken down for physical maintenance.

Failover

Main article: Failover

Similar to teleportation above, failover allows the VM to continue operations if the host fails. However, in this case, the VM continues operation from the last-known coherent state, rather than the current state, based on whatever materials the backup server was last provided with.

Challenges

An issue with virtualization is the complexities of licensing. For example, a server running a Linux OS attempting to offer a virtualized Windows Server must still satisfy licensing requirements. Therefore the potential benefits and flexibility of on-demand virtualization must be balanced against the requirements of closed-source, proprietary systems. Some vendors of proprietary software have updated their licensing schemes to address virtualization.

Virtualized desktop results in dependence on centralized servers (for computing and SAN storage) and the network (and higher-bandwidth requirements). This leaves the end users vulnerable to server and network outages or capacity limits.

Desktop virtualization

Main article: Desktop virtualization

Desktop virtualization is the concept of separating the logical desktop from the physical machine.

One form of desktop virtualization, virtual desktop infrastructure (VDI), can be thought as a more advanced form of hardware virtualization. Rather than interacting with a host computer directly via a keyboard, mouse, and monitor, the user interacts with the host computer using another desktop computer or a mobile device by means of a network connection, such as a LAN, Wireless LAN or even the Internet. In addition, the host computer in this scenario becomes a server computer capable of hosting multiple virtual machines at the same time for multiple users.

Nested virtualization

Main article: Nested virtualization

Nested virtualization refers to virtualized virtualization, or simulation of a virtual machine within another. The general concept can be extended to an arbitrary depth. A nested guest virtual machine need not be homogenous with its host virtual machine (e.g., application virtualization within hardware virtualization).

OpenVZ
Virtualbox
VMWare
Xen
Citrix XenServer
Sun xVM
Oracle VM