Starting Out Small

ethernet cablesThere is an issue I have at work, something I’ve written about before in my logs that I’ve found a solution for that I feel I can blog about. I can’t really talk about the why behind all of this, but I can share a technical explanation of how I am addressing this problem. It’s a half-thing, bear with me.

At Western, I’m very interested in the number of open TCP connections that a workstation has open at any one time. I don’t care what state the connection is in, ACK_WAIT to any of the others, if there is a line, I want to know about it. Specifically I want to know how many lines there are. Mac OSX is based on Darwin, and Darwin is based on BSD – so you get a shell to work with when you start Terminal.app. There is a lot of power in the command line interface and once you get the hang of it, it’s really quite useful.

So remote stations, at least two of them I have turned on “Remote Login” in their Sharing applet in System Preferences which enables the machines SSH servers to answer incoming connections. I can use SSH to call up a command line window to those remote stations, feeding them commands. I have done this for a long while for our servers in the office but this is the first time I’ve seriously done this for workstations. So, with this connection established I want to collect the number of TCP connections that machine has established. On the command line there are lots of pieces to get this to work:

First, you need a loop structure so that the command happens regularly: 

while true; do [command]; sleep 60; done

This will run a command every 60 seconds and it will never end unless I send a Control-C character which represents “Break” to the shell.

At first I just needed to count how many connections. You get this number, or at least an approximation of it this way:

netstat -p tcp|wc -l

That calls netstat to list out all the TCP connections, which then I pipe, using the pipe character ‘|’ to another command called wc, which calculates word-counts. I make wc ignore words and just count lines by using the -l switch. I don’t really care what other stations my targets are communicating with, just a count of how many. And yes, technically the SSH connection inflates this by at least one connection, it’s not intended to be forensic.

But something was missing. I need a date stamp. In BSD, there is a command called date, and you can give it a format so you can make date write out the Hours, Minutes, and Seconds the way you want to see them, but date has an annoyance to it. The command date always inserts a ‘newline’ character at the end, so what you’d get is a date, a new line, and your count. It’s okay, but it’s annoying. It would be far better to get rid of that newline character altogether. Enter in the ‘tr’ command, which translates characters. In this case, we tell tr to just delete the newline character, so ask date for the right sort of date, have tr nail off that newline at the end because it’s annoying and…

while true; do date '+%H:%M:%S '|tr -d '\n'; netstat -p tcp|wc -l; sleep 60; done

This outputs a very nicely formatted report on a remote workstation. So now I have datestamps, connection count levels, and when the count gets to a certain number and things happen, I can be faux-psychic.

UPDATE: Apparently I just can’t leave well enough alone. Seeing a slow parade of numbers trot by is rather dull when all I really want to know is when these numbers say, get over 70. So…

while true; do test "$(netstat -p tcp|wc -l)" -gt 70 && (date '+%H:%M:%S '|tr -d '\n'; netstat -p tcp|wc -l;); sleep 60; done

 

photo by: Bull3t

I know why the caged bird is stark-raving insane…

Many moons ago I found an online web hosting company called Hosting4Less.com. They had good service and I established a domain with them on behalf of one of my family members. Everything was going swimmingly until a dust-up started me looking for other web hosting providers. The web hosting market is jammed packed with competitors. The people at Hosting4Less can’t compete with the service I found, called iPage. Moving this domain however was less than easy.

The domain was managed by a bulk-domain registrar “OpenSRS” something or other. In order to get the domain transferred to a new domain registrar I needed a password, a Domain Transfer Password. It took me 2 weeks to wheedle this sucker out from the previous domain registrar and then email it to everyone trying to help me. The domain transfer failed 3 times, and on the 4th it was half-way there, some sort of mutant half-life – living between domain registrars. After asking for help a 4th time the fine people at iPage did get it resolved for me, but the domain was evidently “Locked”, so I had to get a username and password, log into manage.opensrs.net and unlock the domain and change the domains nameservers.

Each step is predicated on a drug-addled pharmacy structure – we’ll get around to it either in 1 hour, or 7 days depending on how much crack we have to smoke. There is no rhyme or reason, I think they put these obnoxious time estimates down to avoid people from going completely apeshit when one change can take a week for someone to pay attention to.

The Domain Naming System is secure, I have no doubt about that. How is this security vouchsafed? It’s soaked in various username/password combinations (160 bits of security on that password!) but most of all it is a bureaucratic abyss. You stare into it and it stares right back into you, alternately claiming and then blasting your soul into teeny tiny little shreds. I can’t imagine anything being constructed this way. It is as if they placed a scapegoat at the village doors, hung the word efficiency on it’s neck and left it to wander off during a blizzard with a million ravenous wolves running around. It’s designed to be obtuse, the road is not so much a road as it is little strands of pavement showing you where the potholes are, as they are the majority of ‘road’ and each one is big enough to grab a tire and pop off an axle! It’s as if a paranoid schizophrenic was given the keys to the kingdom and let to go on a security rampage. Nothing about this makes any sense to me, so I must have faith that each wave of my feather-and-chicken-bone dreamcatcher gets me all that closer to my target, which is to have domain.com point to IP-Address-That’s-Right.

Nobody should worry about terrorists subverting the DNS system, even with virgins promised, nothing can be proper compensation for this bureaucratic nightmare! Damn!