I'm trying to use symmetric key when I sync the time and because it's for a product of my company, I can only use the command "ntpd", so no commands like "ntpq" for more information.
Here is what I've done:
1) sync time without authentication key, it works
2) then ntp-gen to generate MD5 key file at server side
/tmp/ntp.keys
2 MD5 N6\VRj&\t96tl]Xb#%$^ # MD5 key
3 MD5 M_4ga}||b_WM#te[\S33 # MD5 key
3) pick up one line and add to ntp.keys at client side
/tmp/ntp.keys
2 MD5 N6\VRj&\t96tl]Xb#%$^ # MD5 key
4) ntp.conf at server side
broadcast 10.66.208.26 key 2
keys /tmp/ntp.keys
trustedkey 2
requestkey 2
controlkey 2
5) ntp.conf at client side
server 10.66.208.122
6) command to syn time:
ntpd -a -k /tmp/ntp.keys -g -q -d -c /tmp/ntp.conf
because of the OS conception, we use only ** -a ** to active authentication check, without key number.
7) then the output:
the problem is at the end: no servers found. I cannot understand, since there is "transmit" and "receive"
ntpd 4.2.6p3#1.2290 Thu Sep 4 21:36:24 UTC 2014 (2)
5 Sep 16:10:42 ntpd[4958]: proto: precision = 3.875 usec
event at 0 0.0.0.0 c01d 0d kern kernel time sync enabled
Finished Parsing!!
5 Sep 16:10:42 ntpd[4958]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
5 Sep 16:10:42 ntpd[4958]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
5 Sep 16:10:42 ntpd[4958]: Listen and drop on 1 v6wildcard :: UDP 123
5 Sep 16:10:42 ntpd[4958]: Listen normally on 2 lo 127.0.0.1 UDP 123
restrict: op 1 addr 127.0.0.1 mask 255.255.255.255 mflags 00003000 flags 00000001
5 Sep 16:10:42 ntpd[4958]: Listen normally on 3 wan2 10.66.208.26 UDP 123
restrict: op 1 addr 10.66.208.26 mask 255.255.255.255 mflags 00003000 flags 0000001
5 Sep 16:10:42 ntpd[4958]: Listen normally on 4 iloc 192.168.0.1 UDP 123
restrict: op 1 addr 192.168.0.1 mask 255.255.255.255 mflags 00003000 flags 00000001
5 Sep 16:10:42 ntpd[4958]: Listen normally on 5 lo ::1 UDP 123
restrict: op 1 addr ::1 mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff mflags 00003000 flags 00000001
5 Sep 16:10:42 ntpd[4958]: Listen normally on 6 wan2 fe80::7e66:9dff:fe12:3fd UDP 123
restrict: op 1 addr fe80::7e66:9dff:fe12:3fd mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff mflags 00003000 flags 00000001
5 Sep 16:10:42 ntpd[4958]: Listen normally on 7 iloc fe80::7e66:9dff:fe12:3ff UDP 123
restrict: op 1 addr fe80::7e66:9dff:fe12:3ff mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff mflags 00003000 flags 00000001
5 Sep 16:10:42 ntpd[4958]: Listen normally on 8 plc0 fe80::1010:ff:fe00:0 UDP 123
restrict: op 1 addr fe80::1010:ff:fe00:0 mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff mflags 00003000 flags 00000001
5 Sep 16:10:42 ntpd[4958]: peers refreshed
5 Sep 16:10:42 ntpd[4958]: Listening on routing socket on fd #25 for interface updates
peer_clear: at 0 next 1 associd 53920 refid INIT
event at 0 10.66.208.122 8011 81 mobilize assoc 53920
newpeer: 10.66.208.26->10.66.208.122 mode 3 vers 4 poll 6 10 flags 0x101 0x1 ttl 0 key 00000000
event at 0 0.0.0.0 c016 06 restart
event at 0 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
event at 0 0.0.0.0 c011 01 freq_not_set
transmit: at 1 10.66.208.26->10.66.208.122 mode 3 len 48
receive: at 13 10.66.208.26<-10.66.208.122 mode 4 len 48
packet: flash header 1420
transmit: at 15 10.66.208.26->10.66.208.122 mode 3 len 48
receive: at 15 10.66.208.26<-10.66.208.122 mode 4 len 48
packet: flash header 1420
transmit: at 17 10.66.208.26->10.66.208.122 mode 3 len 48
receive: at 17 10.66.208.26<-10.66.208.122 mode 4 len 48
packet: flash header 1420
transmit: at 19 10.66.208.26->10.66.208.122 mode 3 len 48
receive: at 19 10.66.208.26<-10.66.208.122 mode 4 len 48
packet: flash header 1420
transmit: at 21 10.66.208.26->10.66.208.122 mode 3 len 48
receive: at 21 10.66.208.26<-10.66.208.122 mode 4 len 48
packet: flash header 1420
5 Sep 16:11:05 ntpd[4958]: ntpd: no servers found
ntpd: no servers found
I think your ntp.keys file might be off. Instead of MD5 for the key type, you want M.
/tmp/ntp.keys
2 M N6\VRj&\t96tl]Xb#%$^ # MD5 key
3 M M_4ga}||b_WM#te[\S33 # MD5 key
Check out ntp.org here.
Related
I would like to use a Raspberry Pi with an attached LTE Hat as an IoT device.
Currently I have managed to use ppp to get the LTE modem working. I've got IPv4 and IPv6 addresses and it is possible to ping from the device and to send data to an MQTT broker. At the end it would be fine to be able to log into the device using ssh. But currently I have trouble to ping the device or to get a working ssh connection to it over ppp.
I assume that something with the routing might be wrong. For this reason I post the current routing table of the IPv6:
route -6n
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: U 256 2 0 lo
2003:f5:cf00:1700::/64 :: U 202 3 0 eth0
2a02:3037:414:b1d4::/64 :: UA 256 1 0 ppp0
fe80::de6:3cd1:5bc0:1436/128 :: U 256 1 0 ppp0
fe80::xxxx:xxxx:xxxx:beb8/128 :: U 256 1 0 ppp0
fe80::/64 :: U 256 1 0 eth0
::/0 fe80::464e:6dff:fe5d:e7fc UG 202 2 0 eth0
::/0 fe80::de6:3cd1:5bc0:1436 UGDAe 1024 1 0 ppp0
::1/128 :: Un 0 6 0 lo
2003:f5:cf00:1700:xxxx:xxxx:xxxx:a761/128 :: Un 0 3 0 eth0
2003:f5:cf00:1700:xxxx:xxxx:xxxx:549f/128 :: Un 0 5 0 eth0
2a02:3037:414:b1d4:xxxx:xxxx:xxxx:beb8/128 :: Un 0 2 0 ppp0
fe80::xxxx:xxxx:xxxx:a761/128 :: Un 0 4 0 eth0
fe80::xxxx:xxxx:xxxx:beb8/128 :: Un 0 3 0 ppp0
ff00::/8 :: U 256 5 0 eth0
ff00::/8 :: U 256 3 0 ppp0
::/0 :: !n -1 1 0 lo
The following commands fail (if entered on a different device ...)
ping -6 2a02:3037:414:b1d4:xxxx:xxxx:xxxx:beb8
ssh 2a02:3037:414:b1d4:xxxx:xxxx:xxxx:beb8
Would be nice if someone could give me a hint.
Thanks
from 10.18.90.139 to 10.18.90.254, using normal icmp protocol with scapy via python gets no answer; but ping gets reply, what could be the reason
Tried to ping an IP via scapy
>>> ip = "10.18.90.254"
>>> from scapy.all import sr1, IP, ICMP
>>> sr1(IP(ip/ICMP()))
Begin emission:
.......Finished sending 1 packets.
..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Received 1073 packets, got 0 answers, remaining 1 packets
Checked there is no proxy
[root# run]# env | grep -i pro
[root# run]# env | grep -i ht
But ping works fine
PING 10.18.90.254 (10.18.90.254) 56(84) bytes of data.
64 bytes from 10.18.90.254: icmp_seq=1 ttl=64 time=0.315 ms
64 bytes from 10.18.90.254: icmp_seq=2 ttl=64 time=0.264 ms
^C
--- 10.18.90.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1462ms
rtt min/avg/max/mdev = 0.264/0.289/0.315/0.030 ms
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
10.18.90.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4
10.9.67.0 0.0.0.0 255.255.255.0 U 0 0 0 eth5
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth5
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth4
135.0.0.0 10.9.67.1 255.0.0.0 UG 0 0 0 eth5
0.0.0.0 10.18.90.254 0.0.0.0 UG 0 0 0 eth4
Try using something like this:
sr1(IP(dst="10.18.90.254") / ICMP())
I am new to SCTP protocol and trying to figure out how to interpret the SCTP stats captured by /proc/net/sctp
The output shows something like this.
2016-04-26 07:21:17
ASSOC SOCK STY SST ST HBKT ASSOC-ID TX_QUEUE RX_QUEUE UID INODE LPORT RPORT LADDRS <-> RADDRS HBINT INS OUTS MAXRT T1X T2X RTXC wmema wmemq sndbuf rcvbuf
ce0f1800 cd7ede00 2 1 3 11661 1783 423 0 77 292723 36422 36423 10.205.8.71 <-> *10.205.8.72 3000 10 10 10 0 0 0 873 704 163840 163840
ca625800 cd7ec000 2 1 3 65210 1 0 0 77 10344 3223 36412 10.205.8.71 <-> *10.205.0.135 3000 2 2 10 0 0 3 1 0 163840 163840
ENDPT SOCK STY SST HBKT LPORT UID INODE LADDRS
ca511d80 cd7ec3c0 2 10 40 36422 77 10345 10.205.8.71
ADDR ASSOC_ID HB_ACT RTO MAX_PATH_RTX REM_ADDR_RTX START
10.205.8.72 1783 1 200 5 0 0
10.205.0.135 1 1 200 15 0 0
SctpCurrEstab 2
SctpActiveEstabs 21
SctpPassiveEstabs 1855
SctpAborteds 272
SctpShutdowns 1808
SctpOutOfBlues 0
SctpChecksumErrors 0
SctpOutCtrlChunks 79214
SctpOutOrderChunks 327396
SctpOutUnorderChunks 0
SctpInCtrlChunks 268038
SctpInOrderChunks 174268
SctpInUnorderChunks 0
SctpFragUsrMsgs 0
SctpReasmUsrMsgs 0
SctpOutSCTPPacks 406626
SctpInSCTPPacks 385959
SctpT1InitExpireds 0
SctpT1CookieExpireds 0
SctpT2ShutdownExpireds 0
SctpT3RtxExpireds 5
SctpT4RtoExpireds 0
SctpT5ShutdownGuardExpireds 0
SctpDelaySackExpireds 9869
SctpAutocloseExpireds 0
SctpT3Retransmits 5
SctpPmtudRetransmits 0
SctpFastRetransmits 14
SctpInPktSoftirq 384346
SctpInPktBacklog 1613
SctpInPktDiscards 0
SctpInDataChunkDiscards 0
Can some one help me understand this or provide the link where i can get some information.
Thanks,
Vishal
The linux man page for SCTP (http://linux.die.net/man/7/sctp) has most of them covered - for example:
SctpChecksumErrors
The number of SCTP packets received with an invalid checksum.
SctpOutCtrlChunks
The number of SCTP control chunks sent (retransmissions are not included). Control chunks are those chunks different from DATA.
SctpOutOrderChunks
The number of SCTP ordered data chunks sent (retransmissions are not included).
SctpOutUnorderChunks
If there is a particular one you were wondering about, maybe let us know?
I accidentally unbound my downkey. Now my system wont recognize it.
Xev prints out
FocusOut event, serial 36, synthetic NO, window 0x0,
mode NotifyGrab, detail NotifyAncestor
FocusIn event, serial 36, synthetic NO, window 0x0,
mode NotifyUngrab, detail NotifyAncestor
KeymapNotify event, serial 36, synthetic NO, window 0x0,
keys: 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
showkey -a dumps nothing when i press down.
$ showkey -s
$ 0xe0 0x50 0xe0 0xd0
$ showkey
$ keycode 108
I know xev would tell me down's keycode is 116.
What I am to do with this information I dont know but this is possible to fix I swear.
Also when I run dumpkeys "keycode 108 = Down" and thats it.
while next says
keycode 109 = Next
shift keycode 109 = Scroll_Forward
Thanks for the help
Yeah so the problem is LXDE (my desktop environment) had a keyboard shortcut for down bound to nothing. Deleted it and all was fixed.
is there a way in Linux to simulate slow traffic inbound to my server at a specific port? I looked at NETEM but it only seems to WAN wide.
An example of limiting all traffic matching tcp (protocol 6) destination port of 54000 at 256Kbits inbound to eth0, using tc...
As root...
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 \
match ip protocol 6 0xff \
match ip dport 54000 0xffff police rate 256kbit burst 10k drop \
flowid :1
You can monitor it like this... notice the dropped number for ffff, below
[mpenning#Bucksnort ~]$ sudo tc -s qdisc show
qdisc pfifo_fast 0: dev eth0 root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 17796311917 bytes 5850423 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc ingress ffff: dev eth0 parent ffff:fff1 ----------------
Sent 140590 bytes 1613 pkt (dropped 214, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc pfifo_fast 0: dev eth1 root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
[mpenning#Bucksnort ~]$
To delete all ingress traffic filters:
tc qdisc del dev eth0 ingress
Have a look at JMeter. Depending on what type of traffic you need, it may already provide the functionality.