Sunday, May 1, 2016

Rotating traffic captures using tcpdump

To avoid creating large traffic captures using tcpdump, there are couple of interesting switches in tcpdump command which enable one to create rotating traffic captures, compress it on the fly etc.

ni :specifies the network interface on which to capture traffic
-s :; indicates a capture of the full size of the packet
-vvv : verbose
-w  :  indicates the file name and location in which the capture will be saved
-C  :  indicates the size of each file, after reaching this size file will be rotated
-W  :  indicates the number of files that will be stored
-z  :  to compress the file

For example,

tcpdump -ni eth1 -C 20 -z gzip -w /tmp/trace.pcap

This would create a file named trace.pcap...diameter.pcapX. After 20MB of data, (-C 20) tcpdump would create a file named diameter.pcapX and so on. and compress the capture files after tcpdump finished writing to them.

tcpdump -pni eth0 -s0 -C 100 -W 10 -w /tmp/capture

In this example, tcpdump starts capturing into capture1 until it reaches capture10. When it filled up capture10 with 100MB of data, it starts again, overwriting capture1. This way, your captures
will never use more then 1000MB of disk space.

gdb all threads bt to file

Perform the following steps to collect a backtrace from a core dump for all threads.

Find the core file and the executable that created.

Start gdb in the directory where the log file should be created:

By default, gdb will create a logfile called gdb.txt in the current working directory when logging is enabled.  Optionally, specify a different logfile name with this command:

Enable logging by running the following commands:

(gdb) set height 0
(gdb) set logging file /tmp/thread_apply_all_bt.txt
(gdb) set logging on
Copying output to /tmp/thread_apply_all_bt.txt

Request a backtrace:

(gdb) thread apply all bt full

Exit gdb by running the quit command, or press Ctrl-D.
Collect the logfile.

Sunday, December 7, 2014

Docker and BusyBox

Ever heard of  Busybox or you are like me living in a cave. YAS today heard of it

BusyBox: The Swiss Army Knife of Embedded Linux

Its so tiny that the Docker image is only few mb in my case 2.433 MB

Dockerizing BusyBox

To Run BusyBox 
docker run --rm -it busybox

This will drop you into sh shell.

You can use Busybox to test your static binaries For example

1. Create a Dockerfile for a binary

From busybox
copy my-binary /my-binary
CMD ["/my-binary"]

2. Now build the image
docker build -t my-binary:v1 .

3. Finally run the container from the image to test your binary
docker run --rm -it my-binary:v1

Happy dockerizing

Oracle Linux Image for Docker

Everyone is talking about Docker these days, Oracle also took the notice and recently make Oracle Linux 6 and 7 images available for Docker.

Note: Oracle Linux is rebuild of RHEL same as Centos or Scientific Linux. ;)

Lets try to containerize the oracle linux OL7

1. Assuming Docker is already installed on your favorite Linux distro

2. Download the Oracle Linux image

3. Uncompress it , this will give oraclelinux-7.0.tar in the current directory
$ unxz oraclelinux-7.0.tar.xz

4. Load the image to your local Docker repository.
# docker load -i unxz oraclelinux-7.0.tar

5. check local image repo

# docker images

REPOSITORY           TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
oraclelinux          7.0                 5f1be1559ccf        3 weeks ago         265.2 MB
askhan/salt-minion   v1                  9b40143974c1        9 weeks ago         294.6 MB

6. Finally run container based on OL7 image
# docker run --rm -it --name oracle7 oraclelinux:7.0 bash

7. Now inside the container
[root@fcc43a277822 /]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.0 (Maipo)

Hey what this is RHEL...come on make your own Linux distro to better serve the community. (Oracle)

Sunday, November 30, 2014

Docker - Untagged images

sudo docker images --filter "dangling=true"

$ sudo docker images --filter "dangling=true"

none                       8c39e8847482        5 hours ago         4.799 GB
none                        1e422624b663        5 hours ago         4.799 GB
none                        889bb1e7a182        7 hours ago         361.7 MB

This will display untagged images, that are the leaves of the images tree (not intermediary layers). These images occur when a new build of an image takes the repo:tag away from the image ID, leaving it untagged. A warning will be issued if trying to remove an image when a container is presently using it. By having this flag it allows for batch cleanup.

To remove untagged images

$ sudo docker rmi $(sudo docker images -f "dangling=true" -q)

Deleted: 8c39e8847482dc326fe38a0ad081d6f07692cf960ad8a60b9dbcd23e8e5f8237
Deleted: 5352141119ef008c0f8b86c716fff56b193b51cd24275e6865155e82a68d90d1
Deleted: 1e422624b663f5bcc17942311ee0bf6c050a3c72287edb00b55b9b7150c84038
Deleted: 43b55a8043f57522807cb4fd2e3801730b0d1d5bfe06c56138cc724be31f9a3f
Deleted: 42cc277fae8850bc2d2238b09932bc158f82d85df6d14491628da13bc9f8f5d7
Deleted: 3770e4be4740d3826f3084d0edfa63376605804c37f0c1f8d3de540562cad3ad
Deleted: ecafe52bc8ecf1195dbbb4654e5f3627f9607dce5cc7015e2fe1d667083b3a19
Deleted: 0c2ed3587fa939e32af3a5330a8a93c19bd210dc0d1c6cbf3e2da4e04b1eec44
Deleted: 5b5278f9083cb4c05a673698c83890977ffd21e11f2047a6731361ffa5bac6dd
Deleted: 33d4b2ed6b3885493892e17a642f5535bccc68deebfab82e9f97aa4942b37c05
Deleted: bbf510a7340697608c24e61be82ca0e12ea7be746806f481f8da0dec4e1f33b1
Deleted: 39288867bab065f8bf297f0a9c1708615e42427435666380c510540abfc39589
Deleted: ac25dd76fbcfd9c9108669f020b1d5d4eff77030591a4ce2fb346d14677c9b02
Deleted: 66247125226f32376d3731e9294f069e87c94dbd97b5cb29fc4d3cfa78092f13
Deleted: 6109906a8f91f6c72dbc24e5b23ec981f4f6ea27b2cfe47bec6a4c1d0b7ec71b
Deleted: 883939159dd96fd6cf40b3bc0fa0ae1d71dc2cc4aebb187948bb3bc5b6013959
Deleted: 889bb1e7a182d2e6a146cf4fb72015171f8c4fcb58b2294650db02126d7287d3
Deleted: ab174de7a01d3c8a10fb003e2fbb296f7d2dca21c2485f88f0afaadcb82e4def
Deleted: f31fa04bf31d366f9b72d49dce13b15cb2aafcae232d872164beb56c4c3bd178
Deleted: 40a48a6b1f4b31498047e0f3b918071f6ca9597994266a45fce7b39d929971c3
Deleted: 809eb6bc51974ebc6d5949c31db89ff46f8b9ef8b7259b8c99019b62eff49b4b
Deleted: 006f1bd2da6d5f834ad6d2402d8c1155aace711e3434904be3483e6c6861e97d
Deleted: 0c92cae6419cb1d6982698baebc26006c48b06f66b1c31a2add81e1518093b0d
Deleted: c602b1c4d4cbe989db12e0e07b55315fc1f950f8982dc23b0aaac83b9d7322e0
Deleted: d4718839b6a8e008c6873ded5bd023e2952f583982ab4e0c6a69f4133c047785
Deleted: 55d2c09e4784bdd28972b3fe0f6900ba1f2dee323192e989648be0495417cba1
Deleted: 20afcdfe2ea7b5d6e4cc541c4a66f0cf7395b1520a14c36ad7b89bf703250586

This give me around 10GB free disk space.

Sunday, November 23, 2014

Upgrading Docker using the script

In my previous post we used the script available from Docker site to help with installing Docker.

Using the same script one can upgrade the Docker.

Before upgrading Docker

sudo docker version Client version: 1.2.0 Client API version: 1.14 Go version (client): go1.3.1 Git commit (client): fa7b24f OS/Arch (client): linux/amd64 Server version: 1.2.0 Server API version: 1.14 Go version (server): go1.3.1 Git commit (server): fa7b24f

Execute script to install newer version of Docker

$ curl | sudo sh 

Once the script finished, Docker 1.3.1 is installed and Docker daemon was automatically started.

$ sudo docker version Client version: 1.3.1 Client API version: 1.15 Go version (client): go1.3.3 Git commit (client): 4e9bbfa OS/Arch (client): linux/amd64 Server version: 1.3.1 Server API version: 1.15 Go version (server): go1.3.3 Git commit (server): 4e9bbfa


Saturday, September 27, 2014

Deleting a Docker container

If you are finished with a container, you can delete it using the docker rm command.

You must stop it first using the docker stop command or docker kill command.

Deleting a container
# docker rm ba1d58bfb1dc

Deleting a running container
# docker rm –f ba1d58bfb1dc

Deleting all containers
There is currently no command to delete all containers but you can combine docker ps –a and docker ps –q to delete all containers.

# docker rm $(docker ps -a -q)

ps –a list all the containers
ps -q list the ids of all containers