Jenkins - a build tool and more

Jenkins is a integration server and used to build software automatically.
Jenkins also monitors external tasks.
Jenkins can periodically build software from SVN.

Install Jenkins and access http://localhost:8080.

Create Jenkins Job!
The details about building a source code have to be stored in Jenkins. So you create a Jenkins Job.
Jenkins Job can be in Windows batch, Linux shell script, Ant or Maven script.

When a developer check-in his code, Jenkins  builds the code (either polling a SCM or periodically triggered).

Jenkins not only builds a project periodically, but has great capabilities. For example, with Jenkins plugins, use Jenkins as Android App development tool, or use it for file tracking, or use it for monitoring tool for cron jobs in Linux.

The Android Emulator plugin
Jenkins allow to build and run APK file on an Android Emulator. Tasks like SDK installation, build file generation, emulator creation and launching, APK installation/ uninstallation, monkey testing and analysis etc all can be done with Jenkins.
Install the Jenkins Android Emulator plugin.

JMeter

JMeter is a desktop application, designed to test and measure the performance and functional behavior of client/server applications. JMeter works by acting as the "client side" of a "client/server" application.


It measures response time and all other server resources such as CPU loads, memory usage, and resource usage. JMeter is used to load-test FTP servers, database servers, and Java Servlets and objects. Today, it has been widely accepted as a performance testing tool for web applications.

The Features—What JMeter Can Do for You

• Performance testing of HTTP and FTP servers, and database queries
• 100% Java-based
• Efficient GUI (Java Swing) design
• Caching of test results

The basic elements of a JMeter include: Thread Group, Listeners, and Samplers. 

The Thread Group element simulates a group of users, which contains at least one user. As a Sampler element makes requests to the target server, a Listener element captures the response data or page following each request.

The Look-How-Easy-to-Use GUI

• Thread Group—each thread simulates a single user. All elements of a test plan must be under a thread group.
• Listeners—Provide access to the information gathered by JMeter about the test cases while JMeter runs.
• Controllers—Samplers tell JMeter to send requests to a server, while Logical Controllers let you customize its logic.
• Timers—Allow JMeter to delay between each request that a thread makes.
• Assertions—Allow you to "test" that your application is returning the results you expect it to.
• Configuration Elements—Working closely with a Sampler, these can add to or modify requests.

Once JMeter runs, you will see two elements, Test Plan and WorkBench,

A Test Plan describes a series of steps JMeter will execute once the Test Plan runs, while a WorkBench functions as a temporary workspace to store test elements.

Automated Testing

Test automation is the use of software to control the execution of tests, the comparison of actual outcomes to predicted outcomes, the setting up of test preconditions, and other test control, and test reporting functions.

Why Automate Testing?

Manual Testing costs too much, takes too much time, does not help them build the product.

Can we do without automation? Yes, of course—if time is abundant and your client (or boss) is NOT on your tail for the application's next release.

Automated testing IS NOT a total replacement for manual testing.

To Automate or Not to Automate.

• Pick a good time to start automating.
• Not all testing approaches are suitable to automate.

1. Suitable: Acceptance, Compatibility, Load, Volume or Capacity, Performance and Reliability, Structural testing, Regression, Exception or Negative testing.
2. Not suitable: Installation and setup, Configuration and Compatibility, Documentation and help, Error handling and Recovery, Localization, Usability, and any other that relies heavily on human judgment.

• Make automation only a supplement to a testing project.
• Do some comparison of Automated vs. Manual Testing.

How Much Does it Cost?

The total cost needs to consider the costs of numerous resources undertaking a testing project.

Person hours to test

Bugs found by the customers are much more expensive than if the same bugs are found during development.

Rex Black's cost of testing—no testing, manual testing and automated testing. 

Automation gives the client higher return on investment (ROI) than manual testing, while no testing at all brings no benefit in the long haul.

Capacity Planning in Performance Testing

Capacity Planning is divided as - Server side and Network side.

Server Capacity Planning means to determine server hardware resources required to provide the desired levels of service for a given workload mix for the least cost.

Types Capacity Planning:

• Capacity benchmarking.
• Capacity trending.
• Capacity modeling.

Benchmarking, or load testing, is perhaps the most common, but also the most expensive. The idea is, you set up a configuration and then throw traffic at it to see how it performs. To do this right, you need access to a fully-configured version of the target system.


Linear trend analysis and statistical approaches to trending can provide quick and dirty ways to predict when you will need to do something about performance, but they don’t tell you what you should do to optimally respond.


That leaves modeling, which comes in a couple flavors: simulation and analytic modeling. Simulation modeling can be very versatile and accurate, but requires a great deal of set up effort and time. Analytic modeling is fast and is potentially very accurate as well. The beauty of modeling is that you can “test” various proposed solutions to a problem without actually implementing them. This can save a lot of time and money.

QPST - Qualcomm Product Support Tools

QPST is software package used for phones based on Qualcomm chips:
UMTS-based phones EF81, SXG75, SFG75, E81 and other (EF82, SL91, etc.).

QPST software includes:
QPST Configuration - COM-port selection to work with phone.
EFS Explorer - file manager for phone file system.
Display Capture - screen capture utility for Java-games and video playing.
FTM Application - front end testing.
RF Calibration - front end calibration.
RF NV Item Manager - NV-memory manager (EEPROM).
RL Editor - roaming list settings.
Service Programming - different phone settings.
Software Download - phone flasher.
QCNView - .QCN files viewer, generated by Software Download (Backup menu).
DMProxyWin - QPST ports translation server. Allows to connect to the current phone from another device, which connected to Internet using QPST and DMProxyWin.
Gang Flash Image Application - creates firmware and file system image to use in programmer such as Data I/O ProLINE RoadRunner or Data I/O FlashPAK.

Mobile Application Testing

Testing is regarded as last priority while developing an App. Not for all Apps. Testing takes time. Comprehensive testing takes more time if we use conventional methods. Many orgs use Testing Matrix for Mobile Apps. However, testing methods for mobile apps is still the same. Traditional testing methods are outdated, inefficient and  ineffective for mobile apps. So what we do? We test less and hope for the best.

The challenges of Mobile App Testing: Of course,Users, Bugs, and Money.
Users does download Apps from Stores, but if they come out buggy, then they throw it away and never use it. Only non-buggy Apps stay on their Handsets. So developers need to test their App on Handset, OS, Browser, Carrier, Location, etc. So what companies do: They do following:

• In-House Testing.
• Outsource Testing.
• Simulators / Emulators.
• Beta Testers.

Testing is very important for Mobile Apps. 

Linux SSH Tricks

To see debug lines of ssh session login, use below command:
#ssh -v <IP>


SSH session toggle between remotehost and localhost:
Localhost$ ssh remotehost
Remotehost$ ~^Z [suspend ssh]
[1]+ Stopped ssh <IP>
Localhost$ fg %1
Remotehost$

Linux Commands

Create directory and give permisson in a go.
# mkdir /tmp/test1 -v -m 1777

Environment variable $CDPATH
It lets you define some path to look for when moving with cd command.
# export CDPATH = . : / : ~/
# cd usr
/usr
# cd Desktop
/home/viku/Desktop

Hardware info:
# dmidecode --type memory
# dmidecode --type bios
# dmidecode --type cache
# dmidecode --type processor
so on....

Find all files with extension .txt or .jpg
#find . -type f -inode "*.txt." -or -inode "*.jpg"

Find all files except hidden files
#find . -type f -inode "*.txt." ! ".*"


Append text at end of file, use >> operator.
Append text at beginning of file.
#echo "text" |cat - file.txt > /tmp/out && mv /tmp/out file.txt

Check whether an alias is assigned to a command
#type ls

Revert alias to original
#unalias ls

Restrict alias effect and see the native command.
# command ls
# \ls
# "ls"

Diff and Patch
#diff -c oldfile newfile  > temp.patch
#patch < temp.patch

Using screen program in Linux

On terminal1, enter:
#screen

To detach the terminal, press CTRL + A + D

Open another session, login and issue the command:
#screen -x

And you are done. You can see things done in terminal_one at the other terminal.

ICMP

Internet Control Message Protocol

IP relies on several protocols to performs control and routing functions:

- Control functions (ICMP)

- Multicast Signalling (IGMP)

- Setup routing tables (RIP, OSPF, BGP, PIM...)

ICMP is a helper protocol, that supports IP with facilities for:

==Error Reporting

==Simple Queries

ICMP messages are encapsulated as IP datagrams.

----------------------------------------

|  IP Header  |  ICMP payload message  |

----------------------------------------

4-byte header:

*Type (1 byte).

*Code (1 byte).

*Checksum (2 bytes).

If there is no additional data, 4-bytes are set as zero.

So Each ICMP is at least 8 bytes long.

ICMP query:

Request sent by host to a router or host.

Reply sent back to querying host.

Type/Code: 8/0: Echo Request

Type/Code: 0/0: Echo Reply

The ping command uses Echo Request / Echo Reply.

Ping's are handled directly by the kernel.

Each Ping is translated into an ICMP Echo Request.

The Ping'ed host responds with an ICMP Echo Reply.

Putty - Auto login a machine

How do I auto-login to putty on MS Windows?

1. Create shortcut to putty.

2.    Right-click -> Properties.

3. Modify target : “D:/vikas/software/putty.exe” user@server.com -pw password

Linux Interview Questions

1. How to find out the execution details of a cronjob ?

#crontab –l –u <usename>

2. How to modify the kernel parameters on the fly ?

Usually its done by sysctl and also by echo <value> redirect to /proc/some-files.

3. How to make the modification of the kernel parameters permanent across reboot ?

I think you can add your parameters and values into sysctl.conf. after reboot, it will be read by the run level scripts. Need to check again yar. Another way to do is to write a shell script and add that to init run level scripts.

4. How does a server resolve DNS queries? What are the configuration files which assist in resolving a DNS query of a server ?

Don’t know how does the server resolves DNS query. But this is the concept:

When a client host requests information from a nameserver, it usually connects to port 53. The nameserver then attempts to resolve the name requested. If it does not have an authoritative answer, or does not already have the answer cached from an earlier query, it queries other nameservers, called root nameservers, to determine which nameservers are authoritative for the name in question, and then queries them to get the requested name.

In RHEL, you edit the named.conf, add FQDN of a host into it. This FQDN is called resource record. And is stored in tree structure e.g. in. is top level domain (root), then hcl is sub-domain, like that.

On server, named.conf resolves DNS queries. On client side, resolv.conf is used to find the nameserver.

5 What is the port by which default traffic of NFS is allowed to pass ?

Port 2049 I guess. I tried this:

#grep nfs /etc/services

6. How does the NFS communication between NFS server and client happen ?

#Make entries of dir into /etc/exports

#service nfsd start

On client, mount the nfs share of the server.

#mount -t nfs -o options host:/remote/export /local/directory

The communication happens over TCP/UDP. Client connects to mountd on server via RPC. RPC connects to nfsd on server.

There is also autofs, using which you do not need to mount the server FS every time.do it in /etc/auto.master

7. How can a NFS exported filesystem be mounted manually on a NFS client ?

Described above

8. How can a file system be exported at boot time ?

Make an entry into /etc/fstab like this

server:/remote/export /local/directory nfs options 0 0

Test Data and Performance Testing

Performance Testing finds scalability issues. It simulates production workload.

Sets of input data is important. Need real set of test data.

Right type of data and volume.

Performance Test Data:

1.       Transactional data
2.       Volume data

Test Data maintenance:

-          Ensure data setup, and proper version control,
-          access restriction and backup mechanism.

Test Data Mgmt process helps:

-          better time to market
-          minimize risk

Formulate the test strategy, decide test approach, and make TDM part of it.

Identify the nature and volume of test data. Make Traceability of test data with transactions.

Collaborate with dev, DBA, functional QA teams and procure test data.

Use automated tools, shell scripts, SQL for data mining and creation.

Take a lead time for test setup.

Ensure data conflict with other teams.

Check for test data exhaustion during test cycle and play proactively.

Data profiling exercise helps to purge and clean-up the redundant and unused test data during test execution.

Use automated clean-up scripts or rollback jobs after test execution and restore the previous state.

Probability - Bday Problem

What is the probability of two persons, amongst N people in a room, of sharing same birthday.
There are 365 days in a year.

No of People: 1, 2, 3 .... N
bi = birthday of person i.
bj = birthday of person j.

Probability of a person to have birthday = 1/365
Birthday of two people is independent event.
So P(bi and bj) = 1/365 x 1/365
Probability of bday of i and j on same day = P(bi == bj) = SUM (1/365 x 1/365 over all days.
P (bi == bj) = 1/365.

This is not the solution, but rather than finding the event where two people have same bday is cumbersome.

=========================
Another Solution:
=========================
Sample space of this problem = Event (people sharing bdays) + Event (people not sharing bdays).
Lets take E = no one shares bday.
So, 1 - E = shares bday.

E(1) = 365
E(2) = 364 //bcoz person2 cannot have same bday as first.
E(3) = 363 //bcoz person3 cannot have same bday as first.and second
E(4) = 362
.
.
E(n) = 365 - (n-1)

No of ways = 365 x 364 x 363 x .. x (365 - (n-1))
This is a factorial.
No of ways = 365! / (365 - n)!
This is Permutation of 365 with n.
No of ways = 365-P-n

Total Events = 365 x 365 x 365 x .... n times
Total Events = 365^n

P(no one shares bday) = ( 365-P-n ) / ( 365^n )

NIC card fails to start

When NIC card fails to start try this

#echo "STARTMODE  auto" >> /etc/sysconfig/network/ifcfg-eth0

To manually start it up:
#ifup
#ifdown

How to split the files

#split -b 200m image.iso
#cat xa* > new-image.iso

It will generate three files - xaa, xab, xac, of 200MB each.
Then, use cat to combine the files:

SWAP File

Increase size of swap without reinstalling OS. Add a new partition or create a swap file.


#dd if=/dev/zero of=/swapfile bs=1024 count=(1024MB * 1024)
#mkswap /swapfile
#swapon /swapfile
#vi /etc/fstab
Add following:
/swapfile  swap  swap  defaults  0  0


Check swap size:
#free
#cat /proc/swap

3-SUM implementation - Java code

.
/*
 * 3-SUM problem
 * Are there 3 numbers a, b, c among N numbers whose sum is ZERO?
 * */


public class test{

public static void main(String[] args) {
int[] al = {1, 5, 7, 0, -1, -5, -8, 2, 4};
if(is3sum(al))
System.out.println("Above three numbers in the array have sum ZERO!");
else
System.out.println("There are no three numbers whose sum is ZERO");
}
static boolean is3sum(int[] al){
int j, k = 0;
int iterations = 0;
for (int i = 0; i <= al.length - 2; i++) {
j = i + 1;
k = al.length - 1;
while(k > j){
iterations++;
if(al[i] + al[j] + al[k] == 0){
System.out.println("Iterations: " + iterations);
System.out.print("Numbers: ");
System.out.println(al[i] + ", " + al[j] + ", " + al[k]);
return true;
}else if (al[i] + al[j] + al[k] > 0){
k = k - 1;
}else {
j = j + 1;
}
}
}
return false;
}

}

Lets try Networking

Lets ping


Script to ping the network:

#/bin/bash
for i in 10.112.1.1..255}
do
ping $i > /dev/null
[$? -eq 0] && echo $i is up
trap "exit" SIGINT
done

Run the script.

Configure Network:

ifconfig = for static IP.
dhclient == for dynamic IP using DHCP.

#ifconfig -a
This shows the interface devices available.
Output as:
+ eth0 is ethernet card.
+ lo is loopback device.
+ wlan0 is wireless LAN card.

Assign Static IP:
#ifconfig eth0 10.112.1.15

The see the information on eth0:
#ifconfig eth0

Setting the subnet mask:
#ifconfig eth0 10.112.1.15 netmask 255.255.255.0

Now get your ethernet up (or down)
#ifup eth0
#ifdown eth0

Wireless Networking
Use following commands:
#iwconfig
#iwconfig wlan0 essid <name of wireless network>
#iwconfig wlan0 essid <name of wireless network> key <KEY>

Scan and check availability of wireless networks:
#iwlist
#iwlist wlan0 scan
#ifconfig wlan0 <IP>
#dhclient wlan0

The IP settings assigned above for LAN or WLAN, is not persistent after system reboot. For that:

#vi /etc/networks/interfaces
 Add below lineto configure eth0 as DHCP:
 auto eth0
iface eth0 inet dhcp

For static:
auto eth0
iface eth0 inet static
 address <IP>
netmask <netmask>
gateway <gw ip>

If its a wireless network, add below also:
wireless-essid <network-name>
wireless-key <key>

Now, restart network daemon:
#/etc/init.d/network restart

Spoofing a MAC ID:
#ifconfig eth0 hw ether <new hw address>
Use this command to change the MAC address of your network card.

DNS:
It provides name resolution. Look at below file for name server's IP.
#cat /etc/resolv.conf
nameserver <IP>

Search more at www.opendns.org

SSH
Make remote logins to other machines.
[MachineA]#ssh test@<IP>
[MachineB]$

sftp is extension of SSH to transfer files.
#sftp  test@<IP>
sftp>get abc

To download files, use get command. To upload files, use put command.

sshfs is another extension of SSH to mount directories ona remote machine.
#sshfs test@<IP>:/home/test /mnt/test

Crazy Commands

1. When commands on CLI get longer and you need to edit it try this:
CTRL+E -- move to end
CTRL+A -- move to start
CTRL+W --delete word.

2. Use !$ that points to the last string in the last command.Many times we need last word of command in next command.

3. What ls or date does internally? Know the basic block of a command:
#strace -c /usr/bin/ls

strace is a system call monitor command and provice info about system calls made by an app.

4. Create a chain of dir:
#mkdir -p /tmp/dir1/dir2

5. Combine related commands:
#cd dir1 && ls && cd ..

6. fork-bomb
$ :(){:|:&};:

This is an unnamed function :() and body inside {}
Statement :|: makes a call to the function itself, and pipes the output to another function call.
& put all processes in bg.
; finishes the function.
: initiates a call to this unnamed function.

7. Edit /etc/inittab and modify line id:5:initdefault: to id:6:initdefault:
User mode 6 is for reboot. So the system keeps on rebooting.
As rescue, modify GRUB config and login to single user mode. Revert the changes.

cron - Scheduling jobs

cron makes tasks automatically run in the background at regular intervals. crontab file contains the schedule of cron entries to be run. Use below command to edit it.
#crobtab -e

Syntax:
*  *  *  *  *  command

first = day of week (0 - 6)
second = month (1-12)
third = day of month (1-31)
fourth = hour (0-23)
fifth = minute (0 - 59)

E.g. 15  5  *  *  *  script.sh

nginx - clustering reverse proxy

A Cluster is a group of closely linked computers that appear as single entity.
Types of Clusters:
- HA
- LB
- HPC
- grids

HA is also called failover cluster. It improves service availability rather than performance, by using redundant nodes.
Models of HA cluster config:
+ active-passive
+ active-active
+ N+1
+ N+M
+ N to 1
+ N to N

LB clusters distribute the workload evenly among redundant nodes.

HPC clusters are used for highly CPU-intensive compute jobs.Nodes are tightly couped.

Grid is a special class of compute clusters with heterogeneous nodes that are not tightly coupled.

Heartbeat is a piece of software from "The HA Linux" project.

The architecture: active -passive HA cluster.
Active-Passive: Primary node is active and serves the requests. When it fails, the services are transferred to secondary node.
Active-Active: Both nodes remain active and server their requests. When one fails, the services are transferred to the other.

A service that is served by the HA cluster depends on the IP address. Each interface on the cluster should have an administrative address and can have service addresses. OS controls the administrative address. whereas Heartbeat software controls service address and assigns it to the cluster nodes. Active node has the service address. When failover happens, passive node takes over the service address.

Install and Configure Heartbeat.
#apt-get install heartbeat

ha.cf file
The main config file for Heartbeat is ha.cf, which list the nodes of the cluster, communication topology, and al the features that are enabled.

haresources file
We need to tell Heartbeat about the resources the cluster will be managing.

authkeys file
The authkeys file authenticates the cluster nodes and maintains the cluster security.
File owner root and permissions 600, otherwise heartbeat will not start.
Heartbeat supports three authentication methods: crc, md5, sha1.

nginx

engine x is a HTTP/Web Server / reverse proxy and IMAP/POP3 reverse proxy.
A reverse proxy is a front end to to Web servers. Connections from Internet come via reverse proxy to the web server. So reverse proxy can act as a load balancer.

Architecture: Layer approach.
Layer 1: High Availability nginx reverse proxy for load balance the Web servers located in Layer 2.
Layer 2: nginx that server web sites.We can add more web servers to the cluster as per need (scalability depends on load)
Layer 3: Database servers

Install nginx:
#apt-get install nginx

Configure nginx on Web servers (Layer 2).
Copy original nginx.conf file.And modify nginx.conf.as per needs. Put a Hello World HTML file in root dir.
Then test the nginx configuration and start it.
#nginx -t
#invoke-rc.d nginx start

Configure the reverse proxy (Layer 1).
Open /etc/sites-available/rev-proxy-lb file.
The upstream directive is in the nginx_http_upstream module that balances load. It uses RR load-balance algo.

Bottleneck:
Active-passive clustering between two nginx reverse proxy servers is needed.

Networking Tools

Nmap - Network mapper.
It uses RAW raw IP packets to determine what hosts are available on network, the services those hosts are offering, the OS they are running, the firewalls in use, etc.


RRDtool - Round Robin Database Tool.
Used for data-logging, and graphical system.


Nagios - Network Monitoring Tool


Snort - Network Intrusion Prevention System.
Perform real-time traffic analysis, and packet logging.
It can perform protocol analysis, content searching, and attacks (buffer overflow, stealth port scan), CGI attack, SMB probes, OS fingerprinting etc.


Tor - network of virtual tunnels.
Improves security by sending your data through proxies.


Wireshark - a protocol analyzer.

Cacti - Network Graphing Solution.


OpenVAS - Oen Vulnerability Assessment System.

Disk Space Availability

du - disk usage
#du -ch

df - disk free
#df -h

Other tools:
KDirStat
Baobab on Gnome

Performance and Load Testing

We use software applications and we think of functional testing. But when that application's response time is very slow, then we think of performance testing.

Purpose of Performance Test:
No. 1 reason is to do performance test before deploying the application to production environment.
Most software performs good with limited users. But what happens when large amount of traffic hits a web application (in other words your software?).
Also a multi-user software doesnt make all the functions available to all its users.
It can also find realistic check of configuration between systems.
Lastly, performance tests can detect bottlenecks in the system.
Load and Performance Test is Non-Functional testing.

Topics of concern to Performance Test:
1. Resources.
2. Response time.
3. Multiple Users.

Some challenges:
1. The high scale system applications are distributed in nature.
2. The interaction between components and services is more abstract and complex.

Types of Non-Functional Tests (in this context):
1. Performance Test
2. Load Test
3. Volume Test
4. Stress Test

Such test find faults in following areas:
- Memory problems
- Performance issues
- Concurrency problems
- Excessive use of system resources
- Lack of storage space


 Lifecycle of Performance Testing means a cycle of tuning the system and doing testing.

Test Procedure: 
Define your objectives before taking any action!
1. Define Goals and specify metrics (benchmarks).
 2. Test Data
3. Reporting test results

Define benchmarks before running tests. Benchmarks are basis for selection of test techniques.
Benchmark should fir application requirement.
- Max Users.
- Max logged in users
- Avg user think time per page.
- Avg of max response time per page.
- Throughput ie No. of transactions per time unit.
- Test data based on realistic data.
- Reproducible baseline.
- Realistic test environment.

Performance requirements must be defined during specification phase.
Performance requirements should be checked for consistency and validity. SMART criteia:
- Specific.
- Measurable.
- Attainable.
- Relevant.
- Traceable.

Test data - Performance testing should be done with realistic data volumes.

Reporting test results:
- Response time on client side compared to system load.
- Throughput compared to system load.
- Faults occuring suring test.
- Utilization of processor and disk volume.
- Network utilization and network latency.

Diagnose Network Problems

1. PING.
#ping host

Try to ping the host. Ping shows RTT. RTT means how close a host is to you.
Ping also shows if the connection is unreliable. E.g. 50% packet loss.
ping works on ICMP.

#ping -f -i 1 host


#ping -f -c 500 -s 1400 host (Flood ping (dont use it))

2. TRACEROUTE
#tracerote host

Sometimes, ICMP, or UDP are not open on remote server. Then use below:
#traceroute -T (this uses TCP and not UDP)

3. MTR
Instead of above two, use MTR. It is a network diagnostic tool. And MTR = traceroute + ping.
It also shows you jitter, ie inconsistency in response time. In other words its the congestion in network.
Press j or d during mtr.

#mtr

Alternatively, use following tools. It gives more info than traceroute like firewalls, gateways, routers etc.
#lft
#conky on host
#gkrellm
#netstat
#iftop -nNPB
#iptraf

Cryptography

Cryptography: means to encrypt data transmission.

PKI: Public Key Cryptography is used to encrypt TCP/IP.
PKI use encryption algos for data security.
When a message is encryped using 8-bit key: 256 combinations of key needed to decrypt data.
If it is 32 bit: 65536 combinations needed.
So key length is important.
Also Algo used is important.
Algorithms: SHA1, 3DES, etc
Keys == symmetric & Asymmetric.
Symmetric use 1 key for encryption and decryption.
Asymmetric use two different keys.
Cryptography functionality is designed with objective of data confidentiality, integrity and authentication.


Internet use SSL and TLS for encrypt and decrypt the data sent.
SSL and TLS = asymmetric.
Two things: data is encrypted, and website is authentic.
Web server has SSL certificate, which nable traffic via HTTPS (TCP port 443).
SSL cert is signed by a certification authority (e.g. Verisign, Thawte).
SSL cert is tied to domain name.

Digital certificates using asymmetric PKI have two keys: public key and private key.
Private key is on Web server (website URL is secured by SSL)
Public key is on all browsers that support SSL.
Browsers support multiple CA vendors.
Public keys have expiration date and need to be updated.


Example:
Client hits website (SSL enabled).
Browser challenges Server by sending its own cipher strength.
Server does the same and responds by sending his SSL certificate.
Browser checks the validity and authenticity of certificate using public key.
Browser sends back a digitally signed response to server. In case server certificate cannot be verified for authenticity, browser alerts the user.
SSL introduces overhead. Addition of encryption layer to TCP/IP. Bigger TCP packets.

SQLlite

RDBMS are old. NoSQL or NewSQL is new. But this shift is sloq, coz RDBMS is mature.

SQLite is a Cross-platform, relational database management system contained in a small (~350 KB) C programming library that implements a self-contained, embedded, zero-configuration SQL database engine.

It was started as a embedded db project for US Navy.
It requires no Installation, No Administration.
It is used in mobile or desktop web apps. SQL92 standard compliant.
No configuration to setup.
Data is stored in a flat file on disk.
Db Max size == max file size on disk.
Serverless - requires no process for its running.
Embedded in Apps.
Can also be used as in-memory db.
Supports ACID.
Android, iOS, Firefox, Chrome, Opera use it.

sqlite3 is a command-line tool. Goto to the prompt and use .help for possible commands.

There are few limitations of SQLite - in terms of ALTER, JOIN, triggers, Views.

Alternatives: HSQLDB, Firebird, Ultralite.

Basic Linux Commands

#cat /etc/issue

#uname -a

#fdisk -l

#free -m

#df -h

#uptime

#last sn

#lastlog

#last reboot

#who

#w
(w = who + uptime + ps -a)

#lspci

#dmesg

#cat /proc/version

#cat /proc/cpuinfo

#cat /proc/interrupts

#cat /proc/filesystems

#cat /proc/partitions

#cat /proc/meminfo

#

SMTP

SMTP is used to transfer email across IP network. Here is how the email is transferred.

1.       Email is submitted by a mail client to a mail server using SMTP on TCP port 587 or 25.

2.       MSA delivers the mail to its mail transfer agent.

3.       The boundary MTA has to locate the target host. It uses the DNS to look up the mail exchanger record (MX record) for the recipient's domain.

4.       The MTA next connects to the exchange server as an SMTP client.

5.       MX target accepts the incoming message, and hands it to a mail delivery agent (MDA) for local mail delivery.

6.       MDA deliver messages to storage, or forward them over a network.

7.       On local mail server, the mail is stored for retrieval by mail clients (MUAs).

8.       Mail is retrieved by email clients, using IMAP or POP.

View who is accessing your services on Linux server

On Linux server, you want to see who is accessing your services?
#netstat
#lsof


To see Active Internet connections:
#netstat --inet


To see particular type of Active connections
#lsof -iTCP:https
#lsof -iUDP:rtp

ARP cache and ARP flush

When you contact another machine using IP or FQDN, its MAC address is mapped in your machine using ARP cache.

To I view current ARP cache on linux ubuntu:
#arp -a
#cat /proc/net/arp


To Flush the ARP cache:
#ip neigh flush dev eth0