I'm trying to find out the operating system of a server on which a website is located for my homework.
I figured I could do this by using the combination of tracert and ping commands.
However, when I use tracert I always get 1 less hop than I should (I think?).
When I ping www.google.com the TTL value I get is 119 but tracert only shows 8 hops. I'm assuming the sum of those two values should equal 128.
Similarly when I ping my virtual machine, it shows 1 hop and TTL of 64. Since I'm pinging the local host I would expect 0 hops.
I'm sure there is an easy explanation for this but I haven't been able to found it online or maybe I just worded it poorly.
Thanks for any help with this.
Paths across the internet tend to be asymmetrical. In other words, the path from your computer to Google can (and probably is) different from the path back.
The TTL you're seeing in the ping command suggests that there are 128-119=9 hops on the path from Google to you. Google the ICMP Echo Reply (ping reply) with a TTL of 128, and you got it with 119.
Traceroute however traces the path from your machine to google, and it's quite possible that there's one less hop on that path.
Related
im having some trouble with our mail server since yesterday.
First, the server was down for couple days, thanks to KVM, VMs were paused because storage was apparently full. So i managed to fix the issue. But since the mail server is back online, CPU usage was always at 100%, i checked logs, and there was "millions", of mails waiting in the postfix queue.
I tried to flush the queue, thanks to the PFDel script, it took some times, but all mails were gone, and we were finally able to receive new emails. I also forced a logrotate, because fail2ban was also using lots of CPU.
Unfortunately, after couple hours, postfix active queue is still growing, and i really dont understand why.
Another script i found is giving me that result right now:
Incoming: 1649
Active: 10760
Deferred: 0
Bounced: 2
Hold: 0
Corrupt: 0
is there a possibility to desactivate ""Undelivered Mail returned to Sender" ?
Any help would be very helpful.
Many thanks
You could firstly temporarily stop sending bounce mails completely or set more strict rules in order to analyze the reasons of the flood. See for example:http://domainhostseotool.com/how-to-configure-postfix-to-stop-sending-undelivered-mail-returned-to-sender-emails-thoroughly.html
Sometimes the spammers find some weakness (or even vulnerability) in your configuration or in SMTP server and using that to send the spam (also if it could reach the addressee via bounce only). Mostly in this case, you will find your IP/domain in some common blacklist services (or it will be blacklisted by large mail providers very fast), so this will participate additionally to the flood (the bounces will be rejected by recipient server, what then let grow you queue still more).
So also check your IP/domain using https://mxtoolbox.com/blacklists.aspx or similar service (sometimes they provide also the reason why it was blocked).
As for fail2ban, you can also analyze logs (find some pattern) to detect the evildoers (initial sender), and write custom RE for fail2ban to ban them for example after 10 attempts in 20 minutes (or add it to ignore list for bounce messages in postfix)... so you'd firstly send X bounces, but hereafter it'd ban the recidive IPs, what could also help to reduce the flood significantly.
An last but not least, check your config (follow best practices for it) and set up at least MX/SPF records, DKIM signing/verification and DMARC policies.
On Windows 10, on my command prompt, I go
> geth --rinkeby
Which start to sync my node with the network
On another command prompt, I go
> geth --rinkeby attach ipc:\\.\pipe\geth.ipc
And then
> eth.syncing
which gives
{
currentBlock: 3500871,
highestBlock: 3500955,
knownStates: 25708160,
pulledStates: 25680474,
startingBlock: 3500738
}
As you can see, I am always behind from the highest block by about 80. I've heard this is normal for the testnet. I created an account on Rinkeby and requested ether via the faucet: https://faucet.rinkeby.io/. I also tried https://faucet.ropsten.be/ but can't get ether.
On the geth console, I can show my account which gives
> eth.accounts
["0x7bf0a466e7087c4d40211c0fa8aaf3011176b6c6"]
and viewing the balance I get:
eth.getBalance(eth.accounts[0])
I don't know if this is due to my node being 80 blocks behind the highest node...?
Edit: It may be worth adding that I created a symbolic link from my AppData/Roaming/Ethereum on my C drive to another folder on my D drive as I was running out of space. (Don't know if that effects my sync)
I guess you faced with a problem known as "not sync last 65 blocks"
Q: I'm stuck at 64 blocks behind mainnet?!
A: As explained above, you are not stuck, just finished with the block
download phase, waiting for the state download phase to complete too.
This latter phase nowadays take a lot longer than just getting the
blocks.
For more information https://github.com/ethereum/mist/issues/3760#issuecomment-390892894
Stop the geth and start again. It’s pretty normal to be behind the highest block. For ether, check on etherscan once if you actually received the ether from the faucet or not. That way you will know on what block height you have received your either from faucet. Then wait till your geth sync till that block. Also the best option would be to use something like Quicknode where you don’t need to be concerned of always keeping your machine running or waiting for hours before continuing with Development work. Yes they have a small nominal fee, but for the service they provide it’s pretty worth it.
I recently purchased another NIC for my computer so I could separate LAN-traffic from internet-traffic.
Long story short: How do I set it up to selectively use a certain NIC?
I'm using Windows 7 64bit, but am also interested in finding it out for Linux.
So far I found something concerning regedit with RandomAdapter = 1.
However that doesn't seem to be working as Skype is confused which card to use and general traffic still goes through the same NIC.
I also use a Switch behind my PC and between my router, but I am willing to invest in a... I forgot the 4-letter-combination capable switch that lets me utilize that function.
Could you please share your wisdom with me?
Any help is appreciated!
edit 01: Accepted solution by Amit:
So do I have to delete ALL routes and then make 2 new ones, one for each NIC ?
route -f
route ADD 192.168.X.IP1 MASK 255.255.255.0 192.168.X.X METRIC 10
route ADD 192.168.X.IP2 MASK 255.255.255.0 192.168.X.X METRIC 10
Is this correct?
For windows, this can be set up with the command line utility "route".
Open a command prompt, type route /? and go from there...
Many applications allow you to bind to a specific IP address, see the settings pages.
I've got a weird situation. The first time I hit an embedded web server (uclinux/boa) at 10.1.10.29, I get a 10 second delay in the browser window before things start happening. "first time" means I haven't hit the machine in a few days. Browser type/OS doesn't matter (source is 10.1.10.20)
I've got a wireshark capture of it happening.
And here is the detail of frame 296:
Note packet 374 doesn't pop out for around 10 seconds after 296. The packets between those 2 aren't from the machine in question. It's just sitting there for 10 seconds and decides to retransmit. How's it supposed to work?
The main reason is most certainly because the code was swapped out from memory.
MS-Windows is really bad in that regard. If some program does not get used for "too long", it gets swapped out of memory. Period. When you come back at it, it has to re-read it back from the hard drive.
The one good thing (main reason) Windows does that is to defragment the kernel memory. For that, it is good.
You have similar problems under Linux, however, only if your server needs the memory. In other words, if you have tons of processes and they all fight for as much of memory as possible, then it is likely to swap out the least used software. Otherwise it will stay in place.
If you were to use the Cassandra database system, you would notice that on any computer that runs anything else than Cassandra. If you just run Cassandra, it remains fast all the time. If you run other software that use a lot of the memory, Cassandra is slow on first access. This is particularly noticeable.
I want to add the answer that solved our problem that had the problem with the 10 second delay, then working and after 5 minutes of inactivity adding another 10 seconds delay.
First of all, we wiresharked everything, and tried to find some kind of error in code, or in the way that the computer or server handled the network traffic. Found nothing out of the ordinary.
After much searching we found it was a DNS-"problem". In the DNS-server that the client computer used, there were dual entries for the domain name of the server. One was correct and one (the first one in the list) was wrong.
So removing the wrong dns pointer solved the problem.
This means the problem was that the computer tried the first address it got, waited 10seconds to get a reply, didnt get it and went to the second address in line. This creates no error messages as this is how DNS is supposed to work. And that is why all our wireshark logs showed up as just waiting 10 seconds with no error and no reason, and then just jump into life, work for as long as the DNS record is valid (5 minutes in our case) and then the procedure needs to be done again.
Hope this helps someone who has a similar problem.
I'm facing to this problem. I spent much time by searching some API or "something" with it's possible to obtain transferred data through Wi-Fi from other applications (how screenshot bellow shows).
Does someone know a way how to do it? Is here someone who tried (or has already done) for something similar? Or a little differently: Is this possible to do it?
Currently i think that this is not possible because i think that non-system application cannot retrieve data from other application(s) installed on device. But maybe i can "missing" something so i placed this question and will be glad for whatever suggestion.
Thanks in advance!
TrafficStats
Class that provides network traffic statistics. These statistics include bytes transmitted and received and network packets transmitted and received, over all interfaces, over the mobile interface, and on a per-UID basis.
This means you can use getUidTxBytes to get whole transmitted data and so far getUidRxBytes to get whole received data.
And you can get application's UID with:
getApplicationInfo().uid
or for other applications refer THIS
While Sercan's answer is correct, must warn you that TrafficStats is not always guaranteed to give you correct stats. Basically TrafficStats will check files in the directory /proc/uid_stat/1094/ and various files like tcp_snd, tcp_rcv etc under this directory. On some devices, these (pseudo)files are not updated. Hence you should always check for a return value of UNSUPPORTED (-1) http://developer.android.com/reference/android/net/TrafficStats.html#UNSUPPORTED
Also, typically these stats have not been including UDP data. So the numbers you report will be wrong for apps that use UDP (like VoIP apps). For more details, look at
https://code.google.com/p/android/issues/detail?id=32410
On latest Android versions, there is another /proc file that gives you a lot of details. This is at /proc/self/net/xt_qtaguid/stats. But this pseudo file will only show the stats of an app reading that. Any Android app tries to read this file, it will not get stats related to any other Android app.
Why not try reading config files containing network information?
try this:
adb shell
cd /proc/uid_stat/XXXX(Proc id)
cat tcp_rcv/tcp_snd