My website is hosted on my remote server REM1. I access this server through ssh.
My website, which is used by few persons, slows down sometimes and I think it comes from my nginx's configuration because when I restart it all works again normally.
I'd like to analyse communication/packets exchanged between http client-nginx and between nginx-my application.
When I run this:
sudo tcpdump -S -p -A
I get millions of packets of ssh, so it's impossible to read http packets among the sea of ssh packets.
When I try to run this:
sudo tcpdump -S -p -A port not 22
I get nothing even if I open a page of my website on my browser and I refresh many times.
I'm new to tcpdump, and it's really about tcpdump no matter what web server is used.
How do I capture only nginx communication?
Related
I am trying to figure out how to list ports forwarded by LXD through lxc network forward.
I have 2 NIC configured as :
ip a result
I configured network forward ports that way :
lxc network commands
My configuration works quite well and I can access my webserver from the outside :
curl success result
The problem is here : I want to know what ports are opened using this method without using lxd commande (I'm looking for a linux way to list them).
I already tried with netstat, lsof and iptables but nothing seem to let me see the port 8080 that is actually giving me the content I'm looking for :
netstat -ltnuop result
iptables -t nat -L -n result
lsof -i result
I've tried it for a while now, referring to resources on the net and man tcpdump. I just can't get it to work. I've tried sudo tcpdump -i any -A "dst port 62655 and src port 62665", then I tried sudo tcpdump -i any -A "(dst port 62655 and src port 62665)". I also tried sudo tcpdump -i any -A \(dst port 62655 and src port 62665\). I'm going nuts, what am I missing?? According to man tcpdump it's okay to use either and or &&
EDIT:
What do I mean by "it doesn't work"? If I only use sudo tcpdump -i any -A "dst port 62655" I can see the traffic from the server to the client. If I try to combine it in order to try to catch the incoming traffic as well (as described above) I see nothing (not even the outgoing traffic anymore - which worked before!).
By using "and", you're requiring each packet to meet both conditions. Your edit makes it sound like one condition is for incoming and one condition is for outgoing, so use "or" instead of "and".
As an aside, especially for common ports where there's likely more traffic, it's often useful to specify "host X.X.X.X" to filter for packets where the source or destination is the specified IP address.
Manpage for the filter expression
I've followed all the documentation here: https://cloud.google.com/container-optimized-os/docs/ to try to upgrade my existing configuration that used container-vm images that have now been deprecated, to a new configuration using container-optimized OS. But nothing works! I can't get the Docker container to bind to port 80 (ie. -p 80:80) and also my Docker container can't seem to write to /var/run/nginx.pid (yes I'm using nginx in my Docker container). I followed the instructions to disable AppArmour and I've also tried creating an AppArmour profile for nginx. Nothing works! Are they any examples out there using container-optimized OS that don't just use busybox image and print "Hello World" or sleep! How about an example that opens a port and writes to the file system?
I just installed Apache Guacamole on Container Optimized OS and it works like a charm. There are some constraints in place for security.
The root filesystem ("/") is mounted as read-only with some portions of it re-mounted as writable, as follows:
/tmp, /run, /media, /mnt/disks and /var/lib/cloud are all mounted
using tmpfs and, while they are writable, their contents are not
preserved between reboots.
Directories /mnt/stateful_partition, /var
and /home are mounted from a stateful disk partition, which means
these locations can be used to store data that persists across
reboots. For example, Docker's working directory /var/lib/docker is
stateful across reboots.
Among the writable locations, only
/var/lib/docker and /var/lib/cloud are mounted as "executable" (i.e.
without the noexec mount flag).
If you need to accept HTTP (port 80) connections from any source IP address, run the following commands on your Container-Optimzied OS instance:
sudo iptables -w -A INPUT -p tcp --dport 80 -j ACCEPT
In general, it is recommended you configure the host firewall as a systemd service through cloud-init.
PS: Container-Optimized OS is capable of auto updates. This mechanism can be used to update a fleet of Compute Engine instances.
I can't get the Docker container to bind to port 80 (ie. -p 80:80) and also my Docker container can't seem to write to /var/run/nginx.pid (yes I'm using nginx in my Docker container).
I think you might be hitting some GCE firewall problem. The best way would be to verify/debug it step by step:
Try running a stupidly simple nginx container:
"-d" asks Docker to run it in daemon mode, "-p 80:80" maps the HTTP port, and "--name nginx-hello" names to container to nginx-hello.
docker run -d --name nginx-hello -p 80:80 nginx
(optional) Verifies that the container is running correctly: You should see the "nginx-hello" container listed.
docker ps
Verifies that nginx is working locally: You should see a good HTTP response.
curl localhost:80
If you are able to verify all the above steps correctly, then you would likely be facing a GCE firewall problem:
How do I enable http traffic for GCE instance templates?
ubuntu#sdnhubvm:~$ sudo mn --topo single,3 --mac --switch ovsk,protocols=OpenFlow13 --controller remote
s1 ovs-ofctl add-flow tcp:127.0.0.1:6634 -OOpenFlow13 priority=1,action=output:controller
mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
what is the problem please ?
The L2Switch project provides Layer2 switch functionality.
Running the L2Switch project
Check out the project using git
git clone https://git.opendaylight.org/gerrit/p/l2switch.git
The above command creates a directory called "l2switch" with the project.
Run the distribution
To run the karaf distribution, you can use the following command:
./distribution/karaf/target/assembly/bin/karaf
NOTE: if karaf doesn't boot up to console,It is suggested to clear the contents of distribution/target/assembly/data/cache
To run the base distribution, you can use the following command
./distribution/base/target/distributions-l2switch-base-0.1.0-SNAPSHOT-osgipackage/opendaylight/run.sh
If you need additional resources, you can use these command line arguments:
-Xms1024m -Xmx2048m -XX:PermSize=512m -XX:MaxPermSize=1024m'
Creating a network using Mininet
sudo mn --controller=remote,ip=<Controller IP> --topo=linear,3 --switch ovsk,protocols=OpenFlow13
sudo mn --controller=remote,ip=127.0.0.1 --topo=linear,3 --switch ovsk,protocols=OpenFlow13
The above command will create a virtual network consisting of 3 switches. Each switch will connect to the controller located at the specified IP, that is to say, 127.0.0.1.
sudo mn --controller=remote,ip=127.0.0.1 --mac --topo=linear,3 --switch ovsk,protocols=OpenFlow13
The above command has the "mac" option, which makes it easier to distinguish between Host MAC addresses and Switch MAC addresses.
Generating network traffic using Mininet
h1 ping h2
The above command will cause host1 (h1) to ping host2 (h2)
pingall
'pingall' will cause every host to ping all other hosts.
I have a Fedora 21 server running on a local private LAN. I have setup a minecraft server. It is running on port 25565 and running the server produces no errors. My problem is that I cannot get the client to connect to it. The client connects fine to minecraft servers outside of the local private LAN and when I tested minecraft server on an Ubuntu desktop, the windows machine was able to connect to that server. So, it seems isolated to the Fedora 21 machine. It is running as a server, so no GUI! I have performed a netstat -a on it and see that it states that it is listening to port 25565. I have turned off firewalld ('sudo systemctl stop firewalld' and then 'sudo systemctl disable firewalld' just to be sure) to see if that was blocking it. I was still not able to connect. I can provide other information as needed. Oh, I am also using Java 1.8u25 and minecraft_server.1.8.1.
Thanks for your help.
I have found the problem. Apparently the change requires a server reboot. Perhaps just restarting the service may also take care of the issue but definitely rebooting the server cleared the problem.
EDIT: I have found that using iptables will open the firewall to allow the game to connect. I only stated that turning off firewalld allows the game to operate after saving iptables and restarting firewalld.
This should work (let me know if it doesn't):
Be sure to place this before any REJECT statements in the iptables.
You can use iptables -L --line-numbers | less to display the table. I pipe it out to "less" because the table can be quite long and this way one can easily scroll through the information.
iptables -I INPUT ## -p tcp --dport 25565 -j ACCEPT
iptables -I INPUT ## -p udp --dport 25565 -j ACCEPT
iptables-save
To do a restart of the firewalld type sudo systemctl restart firewalld.
Also keep in mind that this is for the default port in server.properties file. Obviously if the default port is changed in this file, then so would the iptables setting.
Hopefully this will help anyone who may run into this same problem.