Saturday, October 30, 2010

Installing and configuring Cacti

Cacti is a comprehensive monitoring tool for network
equipment resource utilization. We can view utilization graphs of incoming and outgoing traffic on the ports of any networking equipment which supports SNMP ( any of the three versions).

In this post, I shall mention the steps involved in installing and getting Cacti run on a Debian based machine.


1. Prerequisite packages : Apache, Mysql, PHP, Basically if the LAMP package is installed it would suffice. Installing LAMP is very straightforward using tasksel. Run the command and select the LAMP server option as shown


root@fossphosis:~# tasksel 





2. Package dependecies to install Cacti: cacti, cacti-cacid, spine, rrdtool
The dependecies are taken care of by APT. So, just type in apt command as shown.

3. While the packages are being installed, certain essential configurations have to be performed.
 i) Configuring the MYSQL database entry for Cacti. This can be performed using dbconfig. To do this select the option as shown

 ii) Enter the adminsitrative password for MYSQL and also for the user 'cacti'


 iii)Select the webserver for running Cacti. Choose Apache2

4. If things have gone fine, without any errors,  check the following URL to reach the Cacti Screen

http://localhost/cacti
Congrats :)

5. Now, that we have installed Cacti, some simple basic configurations have to be performed




Finally, click on graphs to see if Cacti is working fine. 
After about 30 minutes the resource utilization of the local host can be observed 


Tuesday, October 19, 2010

Resetting mysql root password

As I had mentioned in my previous post, I was composing a post about installing and configuring Cacti. It so happened that I had forgotten my mysql root password on my system. And, as mysql is an essential back-end application for Cacti to run, I had to retrieve it. But, even after multiple attempts I didn't seem to be able to recollect it!

So, I had to reset the root password. After reading a couple of forums I was able to do it. As it seemed non-trivial, I decided to put it up here.

Follow these steps to reset the mysql root password in a GNU/Linux machine.

1. Log into the GNU/Linux machine where the mysql is running.

2. Stop the mysql daemon

raghu@fossphosis:~$ sudo service mysql stop 
mysql stop/waiting

3. After stopping the mysql daemon, create a text file with the following content

UPDATE mysql.user SET Password=PASSWORD('$new_password') WHERE User='root';
FLUSH PRIVILEGES;

The UPDATE statement resets the password for all root accounts, and the FLUSH statement tells the server to reload the grant tables into memory so that it notices the password change.

4. Save this text file which now has the new password, call it maybe mysql-reset.

5. Start mysql with --init-file option:

raghu@fossphosis:$ sudo mysqld_safe --init-file=/home/raghu/mysql-reset &

By doing this we are getting the mysql server to execute the contents of the mysql-reset text file, wherein the root passwords will be reset and assigned with the new value specified in the text file i.e., $new_password.

6. After the server starts successfully, delete the mysql-reset text file, for it has the new password in plain text.

7. You should be now able to log in to mysql as root with the new password.

raghu@fossphosis:~$ sudo mysql -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 82
Server version: 5.1.41-3ubuntu12.6 (Ubuntu)


Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


mysql> 


This is a very helpful procedure for someone like me, who keeps forgetting the paswwords ;-)

Saturday, October 9, 2010

SNMP based Network monitoring

This is an introductory post to the SNMP based network management series of posts. In this post I would want to elaborate on the Network monitoring tools, which use SNMP(Simple Network Management Protocol)  to poll and map network devices with statistics and graphs.

Before delving into tools such as net-snmp, mrtg, cacti and nagios, a brief insight into the concepts and terminologies of SNMP in this post would help us appreciate the tools better.

Simple Network Management Protocol (SNMP) is a UDP-based network protocol. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. (wiki)

Simple Network Management Protocol is highly useful in monitoring the health, statistics and graphing resource utilization of network devices like switches, routers, data-multiplexers,  Ethernet-access devices, modems, servers and most of the other electronic devices which are part of the network.

In GNU/Linux machines, by default the ports 161 and 162 are used for SNMP.



An SNMP-managed network consists of three key components:
  • Managed device, the device to be monitored/managed like a switch/router
  • Agent — software which runs on managed devices, like snmpd on Linux machines
  • Network management system (NMS) — software which runs on the manager, like nagios, cacti
To enhance the functionality of the snmp tools to incorporate additional features like configuration of specific devices, the concept of MIB is very helpful. MIB stands for Management Information Base, which increases the feature accessibility of devices being managed by SNMP.

SNMP protocol has had its growth with three versions until now.


SNMPv1: This is the first version of the protocol

SNMPv2c: This is the revised protocol, which includes enhancements of SNMPv1 in the areas of protocol packet types, transport mappings, MIB structure elements but using the existing SNMPv1 administration structure ("community based" and hence SNMPv2c).

SNMPv3: SNMPv3 defines the secure version of the SNMP. SNMPv3 also facilitates remote configuration of the SNMP entities.

In the posts to follow, we shall take a look at each of the important GNU/Linux utilities pertaining to SNMP

Monday, October 4, 2010

Mausezahn: The Versatile Packet Crafter

What do you resort to when you want to bombard a network interface with a Broadcast packet storm, in a controlled manner? Get to
Mausezahn!


Does it sound like a title of a monarch from the medievals? Actually it is one of the most versatile packet crafter available today.

Mausezahn, literally means Mause (mouse) Zahn( Tooth)! Well, if you get to use the tool and have observed mice, you might understand the peculiarity in the name :)

mausezahn (mz) is one of the most versatile and robust packet generator around. It is used in various special scenarios:

  • Versatile and fully customizable packet generation
  • Penetration testing of firewalls and IDS
  • Finding weaknesses in network software or appliances
  • Creation of malformed packets to verify whether a system processes a given protocol correctly, i.e, to create the "impossible packets"!
  • Didactical demonstrations as lab utility
  • Performing stress tests on the network equipments
Packets can be crafted with absolute flexibility, by simple options to customize
  • Type of packet
  • Source and destination ports
  • Source and Destination MAC addresses
  • Source and Destination IP addresses
  • Delay between packets
  • Number of packets
  • ASCII Payload for packets
  • Length of the payload
  • VLAN's, QOS (Quality of Service) and COS ( Cost of Service) of packets
  • Setting flags in the packets
  • And other advanced packets, like the CDP(Cisco Discovery Packets)
You can install mz in Debian machines from the Universe repositories, by apt'ing for the package.


raghu@fossphosis$ sudo apt-get install mz 
(It has a couple of library dependencies which will be satisfied automatically by APT)


Examples 
(All instances of mz must be run as root, or in a Debian based machine for a non-root user sudo'ed):

  1. Broadcast storm at maximum rate
raghu@fossphosis$ sudo mz eth0 -c 0 -b bcast
( It generates packets at a rate limited by the system clock!)

2. Send BPDU packets with $VLAN (2-4096)  every 2 second to announcing the Root Bridge status in a STP (Scanning Tree Protocol) scenario,

raghu@fossphosis$ sudo mz eth0 -c 0 -d 2s -t bpdu vlan=$VLAN

3. Send  IP  multicast  packets to the multicast group 230.1.1.1 using a UDP header with destination port 32000, at a rate of one frame every 10 msec:


raghu@fossphosis$ sudo mz eth0 -c 0 -d 10msec -B 230.1.1.1 -t udp dp=32000 -P "Multicast test packet"

Many more varieties of diverse packets, resulting from all the permutation and combination of all the fields in a packet can be easily created, in manners as shown above. 
Malformed Broadcast storm packet generated by mausezahn
Reference:  http://www.perihel.at/sec/mz/mzguide.html