Saturday 31 March 2007

I hate spammers

They are all fat, ugly, small-dick miserables who can't get laid. So they send their shit to us thiking we are all like them. They don't even know where sperm is produced.

From: Nola Delores
Subject: build more SPERM in yourPENIS, 500% more after taking this pill along break

Friday 30 March 2007

NTP offset graphs

I solved a NTP problem a few days ago. I didn't really solve it because instead of fixing Windows 2003 W32Time service we simply substituted it with the Meinberg NTP port.

Graphs created with gnuplot were crucial in convincing the network admin that his windows box was the problem. I was able to show that my machine agreed with the other chimers in the network while the Windows 2003 chimer was jumping back and forth.

The red line represents the time offset to the W2K3 chimer, while the others refer to the remaining NTP chimers. It is clear that the client is struggling to sync with the lower-strata Windows 2003 NTP server but it keeps travelling in time. You can also notice in the graph how the offset to the other servers remains close to zero, indicating they agree on the correct time.

To create these graphs I used the peerstats files the NTP daemon creates in /var/log/ntp (path may be different on your distro or not be enabled at all), a perl script, gnuplot and some patience.

The peerstats files are full of lines like this:
54188 331.225 a.b.c.d 9614 -0.001258450 0.002503000 0.014872032 0.001373005
I was interested in the first, second, third and fifth fields: date in modified Julian Day (MJD), seconds from midnight UTC, peer IP address and offset in seconds.

To convert the MJD to a time format accepted by gnuplot I created the script conv.pl:

#!/usr/bin/perl

use DateTime::Format::Epoch::MJD;
while (<STDIN>) {
chomp;
if ( /^(.*) (.*) (.*)$/) {
my $dt = substr(DateTime::Format::Epoch::MJD->parse_datetime( $1 ), 0,10);
print "$dt,";
print int(($2/(60*60))%24);
print ":";
print int(($2/60)%60);
print":";
print ($2%60);
print " $3\n";
}
}
The script doesn't deserve any style points and it doesn't consider time zones (although the MJD module might; go check yourself if you are worried). You will need the DateTime::Format::Epoch perl module (Debian users have it easy).

After that you can prepare you peerstats file(s) to be used with Gnuplot:
cat peerstats1 | grep 'a.b.c.d' | cut -d" " -f1,2,5 | ./conv.pl > stats1
Your grep parameters may vary but make sure you select only peer at a time because the gnuplot configuration I use below expects only 2 axes (date/time and offset).

The gnuplot configuration looks like this (stats.conf):
# feel free to change image size
set terminal png size 1600,1024
set xdata time
set timefmt "%Y-%m-%d,%H:%M:%S"
set output "ntp-offset.png"
# if you want to change the scale, uncomment
#set yrange [-0.1:0.1]
set grid
set xlabel "Time"
set ylabel "Offset"
set title "Description: Time Offsets"
set key left box
plot "stats1" using 1:2 index 0 title "NTP client 1" with lines, \
"stats2" using 1:2 index 0 title "NTP client 2" with lines, \
Adjust the file to your own needs and run gnuplot:
$ cat stats.conf | gnuplot 
The file ntp-offset.png will be created. Use your favourite program to view the results.

Wednesday 28 March 2007

Init script for tshark

I need to capture packets in a network for post-mortem analysis. I wanted tshark to start upon boot on a Debian etch-testing but couldn't find a start script for it. I used snort's as a basis to write my own. Just make sure you change the DAEMON_OPTIONS to suit your own needs.




#!/bin/sh -e

test $DEBIAN_SCRIPT_DEBUG && set -v -x

DAEMON=/usr/bin/tshark
DAEMON_OPTIONS="-q -i eth0 -b files:80 -b filesize:512000 -w rawcapture"
DAEMON_PATH="/root/capture/"
# tshark does not create pid file
#PIDFILE=/var/run/tshark.pid
NAME=tshark

DESC="WireShark packet capture program"

test -x $DAEMON || exit 0

check_log_dir() {
# TODO: get fussy with existing log files
return 0
}

case "$1" in
start)
echo -n "Starting $DESC: "

if ! check_log_dir; then
echo " will not start $DESC!"

exit 1
fi

fail="failed (check /var/log/daemon.log)"
/sbin/start-stop-daemon --stop --signal 18 --quiet --user root --group root \
--exec $DAEMON >/dev/null &&

fail="already running"

set +e
/sbin/start-stop-daemon --start --background --quiet --chdir $DAEMON_PATH \
--exec $DAEMON -- $DAEMON_OPTIONS >/dev/null
ret=$?

set -e
case "$ret" in
0)
echo "done."

;;
*)
echo "...$fail."
myret=$(expr "$myret" + 1)

;;
esac

exit $myret
;;
stop)

echo -n "Stopping $DESC: $NAME"

/sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \
--user root --group root --exec $DAEMON >/dev/null

echo "."

;;
restart)

$0 stop $interface || true
$0 start $interface || true

;;

status)
result="NOT running!"
exitval=1
/sbin/start-stop-daemon --stop --signal 18 --quiet --user root --group root \
--exec $DAEMON >/dev/null && result="running." &amp;& exitval=0

echo $DESC $result
exit $exitval
;;
*)

echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac

exit 0

Tuesday 27 March 2007

PERL CPAN packages on Debian

Man, I'm really starting to become a fan of the "debian way". What can be easier than running dh-make-perl --build --cpan perl_module to create Debian packages of CPAN's PERL packages? Example:

$ dh-make-perl --build --cpan DateTime::Format::Epoch

Of course you must first install Module::Build but that as available as a Debian package already: libmodule-build-perl. And while you're at it, check that you have package dh-make-perl installed.

And happy scripting!

Monday 26 March 2007

MUVPN and Cisco VPN Client

If you try to install the Cisco VPN Client on a Windows XP that already has the Watchguard Mobile User VPN client you are in for a treat.

The Cisco VPN client installer will keep telling you must first uninstall the previous version or uninstall a component called IRE (I think that was it). Of course you can't install it because you haven't installed the client yet. That can be quite misleading.

Well, just uninstall Watchguard's MUVPN client, install Cisco's and then reinstall MUVPN. Now you have both installed, MUVPN works but Cisco's client will complain: "IPC socket allocation failed with error -4h (...)".


To be able to use it you must kill MUVPN processes. Just right-click the taskbar, fire up the task manager and kill the following processes (you must be administrator): "SafeCfg.exe", "IreIKE.exe" and "IPSecMon.exe".

If you want to use MUVPN after that you will need to reboot or figure-out a way to re-start those processes. I didn't have patience to find out how; it might be as simple as running the executables. Good luck.

Thursday 22 March 2007

Microsoft.com Tagspace Beta

It means I have no chance of finding anything useful about the Windows 2003 W32Time service log messages.