Technology and troubleshooting.

Thursday, May 19, 2016

Troubleshoot linux Filesystem Issues

In this tutorial I am going to show you how to troubleshoot Filesystem Issues

Troubleshooting linux Filesystem Issues

Overview

When an operating system crashes, due for example to a power failure, improper shutdown,or other unexpected event, filesystems mounted on it can become corrupted. Generally filesystem corruption means the super block (the part of the filesystem that contain information about file system type, size, data blocks, free blocks, and inodes) is not updated and has incorrect information.

Key ideas

fsck: The fsck utility checks filesystems for inconsistencies and can also repair them. It can be used manually, but may also be run automatically if detection is detected during system boot, or if a value is set in the mount options of an fstab entry for a particular filesystem.Unmount a filesystem before using the fsck utility on it.
dd: The dd command is used to copy and optionally convert data. Used incorrectly, it can cause data loss.

My Scenario

To simulate an unexpected power outage that corrupts a filesystem, use the dd command to write random data to an empty filesystem. Then use the fsck command to repair the filesystem.

Now Do It
1. Use the dd command to copy random data over top of the the empty filesystem that you are corrupting on purpose.
# dd if=/dev/zero count=1 bs=4096 seek=0 of=/dev/PARTITION
Where PARTITION contains the filesystem you are corrupting on purpose. Don’t do this on a filesystem that contains important data.
2. Interactively check and repair the corrupted filesystem using the fsck command:
# fsck /dev/PARTITION
3. Confirm that the filesystem has been repaired using the fsck command.
# fsck /dev/PARTITION
4. Force a check on the clean partition, just to be sure using the fsck command with the -f argument.
# fsck -f /dev/PARTITION
5. Use the dd command to corrupt the filesystem again.
# dd if=/dev/zero count=1 bs=4096 seek=0 of=/dev/PARTITION
 6. Check and automatically repair the corrupted filesystem using the fsck command with the -y argument.
# fsck -y /dev/PARTITION

Note:-  Do not use fsck on a mounted filesystem.

 I hope you  this information is useful for you. Please forgive any typos or incomplete sentences.
Share:

Tuesday, May 17, 2016

Tool to find which application is using which port.

How to find which application is using which port in cmd(netstat).

My Scenario:- I am collecting IP Address and application port details which application is using which port. This is used for easy troubleshooting.

Solution:- I know that netstat is command to shows IP Address and Ports which we are trying to connecting or connected. but don't know the exact syntax to collect continuous log from the host.

I read out netstat --help option to summarize the syntax which i am going to use.

Goto Run and type CMD, the black dialog box will be opened and type the below command on the command prompt
netstat -help

Result will be display like below 

C:\Users\Administrator>netstat -help

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

  -a            Displays all connections and listening ports.
  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.
  -e            Displays Ethernet statistics. This may be combined with the -s
                option.
  -f            Displays Fully Qualified Domain Names (FQDN) for foreign
                addresses.
  -n            Displays addresses and port numbers in numerical form.
  -o            Displays the owning process ID associated with each connection.
  -p proto      Shows connections for the protocol specified by proto; proto
                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
                option to display per-protocol statistics, proto may be any of:
                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  -r            Displays the routing table.
  -s            Displays per-protocol statistics.  By default, statistics are
                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
                the -p option may be used to specify a subset of the default.
  -t            Displays the current connection offload state.
  interval      Redisplays selected statistics, pausing interval seconds
                between each display.  Press CTRL+C to stop redisplaying
                statistics.  If omitted, netstat will print the current
                configuration information once.

After reading the help manual i got some idea how to get continuous log to monitor the Ports and IP details that i would like to share with you guys.

This is the command to find out the network transaction.
Numeric 1 is a tricky to get continuous log
C:\Users\Administrator>netstat -an 1
Tool to find out which port an application is using












This is the command to find ESTABLISHED connection is between source and application with port.
C:\Users\Administrator>netstat -an 1 | find "ES" 
Tool to find out which port an application is using









This is the command to find LISTENING connection is between source and application with port.

C:\Users\Administrator>netstat -an 1 | find "LISTENING"

Tool to find out which port an application is using














This is the command to find out TIME_WAIT connection is between source and application with port.
C:\Users\Administrator>netstat -an 1 | find "TIME_WAIT"
Tool to find out which port an application is using
  




This is the command to find SYN connection is between source and application with port.
 C:\Users\Administrator>netstat -an 1 | find "SYN_SENT"
 C:\Users\Administrator>netstat -an 1 | find "SYN_RECVIED"
This is the command to find TCP connection is between source and application with port.
 C:\Users\Administrator>netstat -p TCP
This is the command to find UDP connection is between source and application with port. 
 C:\Users\Administrator>netstat -p UDP
This is the command to find particular port  between source and application with port. 
Syntax:-netstat -aon | findstr [Your Port]
Example:- 
C:\Users\Administrator>netstat -aon | findstr 3389


This is the command to listen the network transaction between source and destination by using this command we find out the malicious activity such as data collection (keylogger) or something else.
C:\Users\Administrator>netstat -b -a 1

Tool to find out which port an application is using













This is the syntax to save the output into log file.

C:\Users\Administrator>netstat -an 1  >c:\port.txt

 More commands please read help option.:)

I hope this information is useful for you. Please forgive any typos or incomplete sentences.

Share: