Sunday 30 June 2013

TFTP gets Timed out, No error message.

We had a issue with Windows XP laptop, the TFTP server stops responding. We checked the ports were fine, and was not used by any other tftp server. The windows XP firewall was off. Tried with two TFTP servers Solarwinds and TFTPD , both were not responding.

No error message :-( , if we reboot it in safe mode, it was working. So first clue , some service was stopping the TFTP operation.

Identifying service was also very frustrating, but looks like it was Cisco VPN client, which has Stateful firewall, once we stop this service, the TFTP was working fine.

From Cisco :

================================

How can I disable the Stateful Firewall Feature during the installation of the Cisco VPN Client?

A. For VPN Client versions prior to 5.0:

Refer to the Documentation Changes section of the VPN Client Rel 4.7 Release Notes in order to learn about the two topics "Using MSI to Install the Windows VPN Client without Stateful Firewall" and "Using InstallShield to Install the Windows VPN client without Stateful Firewall".

For VPN client versions after 5.0:

Beginning with Cisco VPN Client release 5.0.3.0560, an MSI installation flag was added to avoid the installation of the guild in firewall files:

msiexec.exe /i vpnclient_setup.msi DONTINSTALLFIREWALL=1

Refer to Bypassing Installation of Firewall Files When Stateful Firewall Is Not Required section for more information regarding this.


Ref:http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_qanda_item09186a00801c2dbe.shtml


Solarwinds TFTP server documentation also states something similar:

Error message: " %Error opening tftp://IP_Address/filename (Timed out) ERROR: Failed to open archive file tftp://IP_Address/filename." when you try to transfer a file in TFTP Server

This error is typically caused by a firewall blocking access. We recommend disabling any firewalls on the machine running the TFTP Server.

FYI, Cisco's VPN client has a setting under options that states "Stateful Firewall Always On". If you have this client installed, you will want to uncheck this setting.


=====================================

Hope it helps someone !


Wednesday 26 June 2013

Answer these DHCP protocol related interview question !

Post your answers in comments.

1) DHCP is based on which protocol ?

2) Can DHCP Server, itself can be DHCP client ?

3) DHCP supports three types of IP allocation schemes. What are they?

4) In which allocation scheme the IP address reuse is allowed?

5) How many types of DHCP messages you know or have seen it, how many are their in standard?

6) "DHCP is not used for configuring routers" this statement is true or false and why?

7) On what parameter the DHCP server decides, to send its OFFER as unicast packet or broadcast packet?

8) How do you identify the DHCPREQUEST packet is sent at init time, T1 time or T2 time?


Later more, Keep learning , Keep sharing!


Thursday 13 June 2013

How to install and use ZAP wireless tool from Ruckus Wireless on Fedora or Linux PC


This tool is used for UDP performance testing mostly for Video or IPTV kind of traffic for wireless AP


How Zap Works from Ruckus website:

Zap works by sending controlled bursts of packets and measuring both packet loss and inter-arrival times. The primary results reported are number of packets lost, total packets

received and detailed throughput statistics. Because Zap provides a measure of both throughput and consistency over time and distance, it has particular importance to streaming

video, voice and other latency-sensitive applications. Conversely, knowing only average throughput levels will not help predict the performance of a wireless network.

By measuring the maximum throughput of batches of packets, Zap is able to determine the minimum throughput that can be expected at a given percentile. For example, if Zap reports

the 99.5 percentile to be 50Mbps, that means statistically, throughput is at or greater than 50Mbps 99.5 percent of the time. For video applications, the ability to determine

throughput within the 99.5 percentile gives IT managers and network designers the assurance of the maximum throughput that a given IP wireless network can deliver reliably to

ensure picture-perfect viewing.

Steps to install and use this tool in Fedora or Linux PC

Internet is connected to this machine.


1) Download and install SVN client on PC

 #yum install svn

2) once installed  run below command

#svn checkout http://zapwireless.googlecode.com/svn/trunk zaptool

3) Change directory

 #cd zaptool

4) Install the tool

# make

# make install

5) you will need gcc compiler to make the files if not installed in machine

#yum install gcc

run step 4

6) After step 4 the tool is installed in the pc , repeat the same on another linux PC for back to back tests


7) Connect both the PC, back to back and run below commands

PC1 ( 154.1.1.1)-----PC2 (154.1.1.2)


PC1#zapd &

PC2#zapd &

PC2#zap -s154.1.1.1 -d154.1.1.2 -X30


8) You should be seeing some results on PC2 after running above commands. Success-> try with your wireless devices

which is to be tested. Error-> go to step 9


9) If you get error -> could not Rx or similar try below commands on both PC, it will disable firewall.

PC1#service iptables stop

PC1#echo 0 > /selinux/enforce

PC2#service iptables stop

PC2#echo 0 > /selinux/enforce


10) Repeat step 7, should work fine.


Results : The result can be interpreted as below (taken from ZAP QSG)

 
Example zap output:

 192.168.0.2 192.168.0.177 408=rx 0=dr 0=oo 0=rp 20=rx in 57.6ms 4.1mbps  4.3|10.2  3.7  0.2  0.1  0.1  0.1

The details on all the fields are:

src    src address
dst    dst address
rx    cumulative received packets
dr    dropped packets
oo    out of order packets
rp    retried packets
rx in    received packets in this batch (sample)
b_time    batch (sample) time
b_thrput    batch thruput (for given batch or sample)
avg    cumulative aggregate thruput
0%    max thruput observed (peak thruput)
50%    median thruput
90%    thruput at 90 percentile (i.e. thruput was better than this 90% of the time)
95%    thruput at 95 percentile
99%    thruput at 99 percentile
99.9%    thruput at 99.9 percentile



Keep learning,Keep sharing!

Tuesday 11 June 2013

How to install Tomcat server in fedora core 14 PC ?

Following steps is to be done to install tomcat server on Fedora PC. I have used core 14, but the steps should be pretty much same for other Fedora versions.

1) Download latest Tomcat server from the website

wget http://mirror.nexcess.net/apache/tomcat/tomcat-7/v7.0.41/bin/apache-tomcat-7.0.41.tar.gz

2) tar -xvzf apache-tomcat-7.0.41.tar.gz

3) The JRE 7 or 6 is to be installed on the PC. Download and install the rpm. In my pc it was already installed. The path should be properly set

export JAVA_HOME=/usr/java/jdk1.6.0_23

4) Set the path

export CATALINA_HOME=/home/user1/apache-tomcat-7.0.41

5) Start the Server

$CATALINA_HOME/bin/startup.sh

6) The server will set some defaults and should start without any errors.

7) Browser the default page

http://localhost:8080/