Remote Network Traces on NAM with Linux
Novell Cool Solutions: Tip
By Bart Andries
Digg This -
Posted: 11 Jul 2007
Taking Remote Network Traces on Novell Access Manager Linux Servers using "rdump"
When installing and configuring a Novell Access Management implementation, you might need to take some network traces to see what is going on in the network. There are some very good tools to take the traces, and you can also take traces with a hardware sniffer. Most of the time it is very challenging to take the trace, and it can take some time before you're ready to analyze the trace. If you then need to take a lot of traces, you'll probably start to think about making this process as easy as possible.
I always use tcpdump to take the traces on Linux servers; it is a fast and easy tool that can be quickly installed on the server (if it is not already installed). So I need to create a ssh connection to the server and issue the tcpdump command to start the trace. Then I can perform the actions I want to trace and go back to the ssh shell to stop capturing.
I also want to analyze this in Wireshark after the trace is done. However, because most servers are not running X, and Wireshark is probably not installed, this is not possible on the server. So I first need to transfer this trace file to my local workstation and then open this with Wireshark. This is a lot of work when you regularly look at traces and want to know everything that happens in the system.
To make all of this much easier, I've created a script that will do all the work for me. This script runs only on the workstation; no scripts need to be installed on the servers. The script sets up a passwordless ssh connection to the server, using a public/private key - this needs to be done only once per server. It will then check if tcpdump is installed. When tcpdump is available it will execute tcpdump until you press Ctrl+C in the console. It will stop capturing, copy the trace file locally to the workstations home directory, and open this trace in Wireshark.
The script has only one parameter, and that is the server were you want the trace from. If you don't specify this parameter, it will use a default server defined in the script.
You can download the script here. Suggestions and comments are very welcome.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com