measuring TX retransmission amount per interface - linux

i'm trying to get the TX re-transmission amount for a specific network interface on a Linux 2.6.33.3 kernel.
is there any Linux raw data i can use in order to get/calculate this kind of information?
i've tried netstat, but i couldn't find a way to get the retransmissions value for a specific interface.
with no other "quick" choice, what would it require from me in order to build a small app especially for that? listen to all outgoing packets using any capturing library and count.. what? duplicate packets? by some kind of a packet id?
i'm not a network pro.. am i suppose to find troubles in this kind of mission? (btw, i'll probably try to do it with python. any reason why not to?)

You can check how your interface is configured with the following commands:
mii-tool eth0
ethtool eth0
mii-diag eth0
Not all of them are installed by default in any Linux system, but they are definitely in the distributive and installable.
When you want to measure, how fast is your interface really, you can use dd + netcat:
host1$ cat /dev/zero | nc -l -p 3000
host2$ nc host1 3000 | dd of=/dev/null
^C
dd will write you with which speed was the retransmission between host1 and host2.

If you want per interface, try ifconfig eth0, you probably have what you want there. Just parse it through python.

Related

Send Modbus RTU request via TCP with Netcat and catch the response

Let's say I have a Modbus RTU temperature controller connected to a device that reads TCP packets from a network and sends the payload from said packets to the temperature controller over RS485. If I wanted to test such a setup by sending a Modbus RTU [Read Input Registers] request over TCP/IP using netcat on a Linux command line, what would be the full command for that, assuming that it is possible?
nc 192.168.0.5 2000 # ...what now?
Suppose that the following details apply:
device address: 1
function code: 3 (read input register)
memory address: 1000H
no. of registers: 1
server IP address: 192.168.0.5
client IP address: 192.168.0.4
Port on server: 2000
I feel like I can listen for the response using netcat, also. Could I just do that with:
nc -l 3456
Would that be right? To send a request and log the response like this, I guess I would have to specify the port to send the request on as 3456 (or whatever). Is there a way to do that?
Especially, I'm confused as to how to turn a Modbus message like [01][03][1000H][01][CRC] into its bytes equivalent.
Many thanks in advance.
You can send raw bytes with:
echo -e '\x04\x03...' | nc host port
Especially, I'm confused as to how to turn a Modbus message like [01][03][1000H][CNC] into its bytes equivalent.
That would be:
echo -e '\x01\x03\x10\x00...' | nc host port
I'm not going to calculate if for you because I see no point in doing something like this other than for fun.
You'll have to put all parts of the Modbus frame together, just google it. The most difficult part is to calculate the CRC at the end of the frame. I guess that's what you mean by CNC?
If you struggle I would suggest you try something like QModMaster. Look at the raw data with menu view► Raw Data and use those bytes.
Note that other than building the frames, QModMaster would be able to send them too and even listen for and receive responses. That should be your one-stop-shop for Modbus. You can also find many other tools like pymodbus, libmodbus, minimalmodbus and even command line tools for Windows and Linux.
If you edit your question to present a fair reason why you need to use nc (obviously other than for fun) maybe I can try to offer some more help.
I could not find any references on using netcat to send and/or receive Modbus frames. I'm not sure if that's because I did not search long enough or because it is pointless... Maybe it's both.
Should it be of use to anyone, the answer to this question is:
sudo echo -e -n '\x01\x03\x10\x00\x00\x01\x80\xCA' | nc 192.168.0.5 2000
-e allows the conversion of escaped chars
-n prevents a newline character being appended
Listening for incoming messages using Netcat doesn't work, apparently because the individual Netcat process wants to make the TCP connection itself, otherwise it isn't interested in anything arriving at the specified port. Still, I am able to see the reply coming back from the slave using Wireshark, and have also written to registers and successfully controlled the device.

merging tcpdump from two different interfaces

Can you please help me to get an idea, how to do the following requirement?
I have two ethernet ports on a server. Eth0 and Eth1. Both interfaces are carrying traffic. I want to capture packet-dump both of the interfaces and merge into one file.
Thank you
Luke
As the answers to Tcpdump on multiple interfaces provide, which #Marged linked to above, you can run tcpdump (or tshark or dumpcap) specifying -i any as the interface if you don't mind capturing traffic on all interfaces. And if you only want traffic on those 2 specific interfaces, then you can simultaneously run 2 separate instances of the capture tool, one capturing on the eth0 interface, the other capturing on the eth1 interface and then merge the two capture files together using a tool such as mergecap.
Alternatively - and much simpler in my opinion - is to just use a single instance of either dumpcap or tshark to capture traffic on both interfaces to a single capture file with no merging of separate capture files needed at all. As the man pages for those tools indicate, "This option can occur multiple times. When capturing from multiple interfaces, the capture file will be saved in pcapng format."
For example:
tshark -i eth0 -i eth1 -w eth0_eth1.pcapng

Use of -m option in ping

What is the use of ping -m option? I read the ping man page but I am unable to understand. After googling, I saw that if -m option is used, then SO_MARK option is added to the socket. So, what is the use of this option and when should we use it?
Thanks in advance.
On Linux, the SO_MARK is used to mark outgoing packets:
SO_MARK (since Linux 2.6.25)
Set the mark for each packet sent through this socket (similar
to the netfilter MARK target but socket-based). Changing the
mark can be used for mark-based routing without netfilter or
for packet filtering. Setting this option requires the
CAP_NET_ADMIN capability.
So if you ping with that option :
$ping -m 10 <host>
It can then be filtered with iptables on <host>:
$iptables -A INPUT -m mark --mark 0xa -j ACCEPT
or directly in code with getsockopt().
It can be used for a variety of reasons, for example for routing decisions or network debug.
Option -m exists only on OSX machines.
It allows you to set the IP Time To Live for outgoing packets. If not specified, the kernel uses the value of the net.inet.ip.ttl MIB variable.
TTL value defines how many hops between routers can packet do.

tcpdump catching mac and rssi in linux

I'm trying to use a wlan adapter (TP-link TL-WN722N) in monitor mode to pick up RSS from signals in the environment (both beacons and clients). What I would like to do is to get the MAC address and RSS value into my own code somehow (preferably python). I'm planning to use these values for a rough estimate of locations of nearby devices.
I've looked into scapy, but it does not seem to provide RSS values.
tcpdump seems to be able to get both values, but I have been unable to catch client devices.
Is it possible?
If so can I filter MAC and RSS somehow?
I got it working with tcpdump!
To setup a monitor mode adapter, you first need to check which interface to use:
iw list
Select the correct phy (for me its phy1) and create an adapter (I called it moni0):
sudo iw phy phy1 interface add moni0 type monitor
Then add your adapter to the ifconfig:
sudo ifconfig moni0 up
See this guide for more details.
I used the following params for tcpdump to get the values that I needed. (you can pipe the output to your program, main.py in my case):
sudo tcpdump -n -e -tttt -vvvv -i moni0 | python main.py
You can find my project here.

Shell Script: How to calculate the number of bytes transmitted on a network from a single network intense application?

Shell Scripting: How to calculate the number of bytes uploaded to a remote node?
1) I have used IPTRAF command it can capture all the data but when I try to run the script from a local system using vxargs(python), it doesn't work.
2) I have also tried to use IFTOP command but it doesn't save the output to a file.
3) Also /proc/net/dev doesn't work because its captures some extra packets.
Does tcpdump command capture only the number of bytes/packets of the data load transmitted or does the data transmitted will have some headers attached to it?
I would like to capture only data packets from my running network intensive application.
I don't think this can be done trivially. See http://mutrics.iitis.pl/tracedump for a program that seems to accomplish this. However it has not been updated since 2012 and only works on 32 bit arch.
A crude solution could be to run the application through strace and then summarize the return values of the relevant syscalls like write and sendto.
Maybe not what you want, but if you run the process with specified user, let's say appuser, you can add a firewall rule which will count the traffic for you.
example:
iptables -I OUTPUT -m owner --uid-owner appuser -j ACCEPT
check how much packet and bytes sent out by the user:
iptables -vL OUTPUT |sed -n '2p;/appuser/p'

Resources