A while back I was deploying a new high volume TCP application and I was interested in the number of connections from particular hosts I was seeing over a period of time. Who was connecting the most, that kind of thing. This one liner accomplishes that rather well. Replace 70.164.19.160 with your servers IP address and should get a list of top connecting hosts and the number of times each host as connected in ascending order. Alter -c 100 to specify the number of packets to capture. Basically what this does is capture the fist 100 SYN sent to the destination host, extract the send IP, sorts them and then counts the number of SYN packets from each host. Simple but effective. I love one liners like this.

time tcpdump -ieth0 -c 100 -nn dst 70.164.19.160 and 'tcp[13] & 2 == 2' | awk 'split($3,ip,".") {print ip[1] "." ip[2] "." ip[3] "." ip[4]}'| sort | uniq -c | sort -n

Here’s a quick and dirty shell script that will attempt get the correct IMDB link based on a files name. I use this to copy media into the appropriate places on my media server along with an NFO file that xbmc can use to download the appropriate movie info. This technique can be used to fetch links from google for a lot of different things from the command line. Be careful though, if you use this too many times (1000s?) in a short amount of time google will ban you for a while. I think the correct thing to do is use their API. I did say quick and dirty though Adjust path’s, etc. accordingly and try your luck.

#!/bin/bash

SEARCHSTRING=`echo $1|cut -d. -f1|sed 's/ /_/g'|sed 's/-/_/g'|sed 's/_/+/g'`
IMDBURL=`curl -iIs -A "Mozilla/5.0" "http://www.google.com/search?&q=site+www.imdb.com+$SEARCHSTRING&btnI" | grep Location | awk {'print $2'}`
echo $IMDBURL

I’m presenting at Defcon 18 this weekend. My talk is about how ARIN transitioned to IPv6 on its own networks. The talk also goes over IPv6 implementation details in a more general sense. I wrote up a short summary for the defcon speakers corner blog which is located here: ARIN AND IPV6 AT DEF CON

I’ve been using Linux as my *nix server of choice for about 15 years now. I’ve been using it as my primary desktop for about 10 years. On the desktop I’ve used just about everything from Slackware, to Rehdat, to Suse and Debian. I’ve been using Ubuntu on the desktop for about 4 years now and I am very happy with it. The work that canonical has put into Ubuntu has dramatically improved Linux as a desktop operating system and I find it hard to use anything else. When I use any other OS I miss using Linux and at least some of that credit goes to Canonical for doing such a good job with Ubuntu. My preference for Linux on the server side has always been different from what I use on the desktop.

(continue reading…)

The new trains are nice and all but I don’t get why they build all of this new security infrastructure only to keep it closed when they are busy.

Sent from my iPhone

Passed the SCJA recently. I actually thought the test was somewhat hard. Having to parse java source code in your head and making sure not to miss any “;” or other syntactical errors is kinda lame in my opinion. It is what it is though. I can recommend SCJA Certification Study Guide and Mock Exam Questions Book, by Cameron McKenzie. He does a good job of explaining some of the sneaky stuff SUn throws at you during this exam. His website is located here: http://freemockexamssunjava.scja.com/ExamScam/get.jsp

Here’s a script I wrote that will check the IP address of my FIOS connected firewall, update DNS and IPv6 tunnel settings and send me an email. This script assumes you have control of a DNS server somewhere that has resource records related to your firewall host. I use he.net’s tunnelbroker for my IPv6 tunnel and this script uses their facility to update the tunnel end point configuration and then restarts the tunnel on my side. Details and script are below.
(continue reading…)

Thanksgiving @ smith mountain lake.

Here’s how to import the appropriate key in ubuntu:

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $Key

Where $key == the gpg key id. The key id is shown in the error message you get when running apt-get update after adding a new repository. For example:

GPG error: http://download.virtualbox.org karmic Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY DCF9F87B6DFBCBAE

DCF9F87B6DFBCBAE is the key ID for the virtualbox karmic repository. So doing this:

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys DCF9F87B6DFBCBAE

imports the correct key.

Every now and then one of my machine looses a disk in such a way that I can no longer read the file system but the system is up and I can log in or get console access. This seems to happen when using software RAID1 when one of the disks fails on some of the hardware I use.

To reboot the box:

echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger

To shut it down:

 echo 1 > /proc/sys/kernel/sysrq
echo o > /proc/sysrq-trigger