FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 01-14-2009, 05:32 PM
"Ted Hilts - Thunderbird Acct."
 
Default Security and Intrusions

This email not about Thunderbird but I use Thunderbird as an example. I
noticed that when using Thunderbird mailer some of the "cc" alternatives
in the prompt field were not mine nor anyone I contacted. I currently
operate with no firewall active for the machines in my LAN because I am
trying to address some issues that the firewall complicates. So I am
***not*** asking about how to set up a firewall. I am asking the
following: "How do I establish if I have an intruder using my LAN
resources"???. Recently I have seen the operation of one of my LAN
machines get slower and slower while there is little or no change in the
performance of other LAN machines.

Also, a related issue: How do I establish if a slow down of processing
on my LAN computers is due to:

1. A problem within the LAN itself.

2. or a problem on the Internet:
due to congestion of the route available

3. or the slowness of a certain server passing data to my LAN(down for
maintenance or simply overloaded and dropping clients)

4. or one of the ISPs throttling (restricting) bandwidth (I know that
Bell Canada sells bandwidth to my ISP (I am in Canada) and Bell has been
identified in the news as doing this and has been before the CRTC to
justify it's behavior. Also, a British ISP has engaged in this behavior
according to the news. My ISP says that Bell's behavior does not affect
them and therefore does not affect me. However, in a recent news
article one of Bell's associated ISPs (who buys bandwidth from Bell) was
restricted by Bell in the use of that bandwidth during certain times.

I ask these above questions because I encounter numerous slowdowns and
drop offs affecting my LAN (some requiring reboot) as well as certain
LAN machines going almost dead at one time and then booming along at
some other time or one machine in particular doing very little while
another machine is doing a lot. Based on the list's discussion on SSH I
know there are people on the list that can answer these questions. My
LAN has both Windows and Linux machines. I really need to get some kind
of handle on all of this. Is there an application somewhere that can
track all of this so that it is obvious to ***me*** (retired -- old and
getting older -- forgetful and getting more forgetful -- dumb and
getting dumber -- with one foot already in the grave).

Thanks -- Ted



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-14-2009, 05:41 PM
Chris Mohler
 
Default Security and Intrusions

On Thu, Jan 15, 2009 at 12:32 PM, Ted Hilts - Thunderbird Acct.
<thilts@mcsnet.ca> wrote:
[...]
> I ask these above questions because I encounter numerous slowdowns and
> drop offs affecting my LAN (some requiring reboot) as well as certain
> LAN machines going almost dead at one time and then booming along at
> some other time or one machine in particular doing very little while
> another machine is doing a lot. Based on the list's discussion on SSH I
> know there are people on the list that can answer these questions. My
> LAN has both Windows and Linux machines. I really need to get some kind
> of handle on all of this. Is there an application somewhere that can
> track all of this so that it is obvious to ***me*** (retired -- old and
> getting older -- forgetful and getting more forgetful -- dumb and
> getting dumber -- with one foot already in the grave).
>
> Thanks -- Ted

The 'etherape' program will show you a graphic real-time display of
LAN usage. Also, the 'mtr' command can help determine a bottleneck
outside of your LAN.

I think there's a bug int he etherape package - if you run it from the
menu it cannot open any interaces. You have to either run it via sudo
in a terminal (sudo etherape), or edit the menu item and make the
command 'gksudo etherape' instead of just 'etherape'.

HTH,
Chris

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-14-2009, 05:53 PM
"Mark Haney"
 
Default Security and Intrusions

Ted Hilts - Thunderbird Acct. wrote:
> This email not about Thunderbird but I use Thunderbird as an example. I
> noticed that when using Thunderbird mailer some of the "cc" alternatives
> in the prompt field were not mine nor anyone I contacted.

What? You need to explain that a little more. It's possible that
T'bird is adding all emails you've received and their contact info to
the address book. That would potentially explain that.


I currently
> operate with no firewall active for the machines in my LAN because I am
> trying to address some issues that the firewall complicates. So I am
> ***not*** asking about how to set up a firewall. I am asking the
> following: "How do I establish if I have an intruder using my LAN
> resources"???. Recently I have seen the operation of one of my LAN
> machines get slower and slower while there is little or no change in the
> performance of other LAN machines.

This gets messy. However, the best options are to look for processes
that take up a lot of CPU time and determine if they are legitimate
processes (that may be acting up) or processes that are not legitimate.
That might be hard to do, but baselining a systems running processes
should be a pretty standard thing to do.

In this case on linux systems 'top' is your friend. (Or insert your DE
system monitor here). That will show you the processes that are taking
up the mst CPU time.



>
> Also, a related issue: How do I establish if a slow down of processing
> on my LAN computers is due to:
>
> 1. A problem within the LAN itself.

The best way to test to see if it's the LAN is to shut down the internet
connection and try to copy files between the systems on the LAN. You
can also look at the network monitor (I use a sysmon on Plasma in KDE4)
that will tell you network usage.) for high bandwidth usage.

You can also determine, if the LAN is the problem, which system it is by
shutting down systems one at a time and seeing if the problem goes away.
(That's the quick and easy way)

>
> 2. or a problem on the Internet:
> due to congestion of the route available

Speed testing is a good thing for your internet connection, but beware
of the ones you normally see. I recommend trying an FTP connection if
you can, or use a tool like iperf or something similar to test the link.



>
> 3. or the slowness of a certain server passing data to my LAN(down for
> maintenance or simply overloaded and dropping clients)

You can test that by doing flood pings to the server, but that doesn't
always mean the system is slow, it might also be a slow link between you
and the internet. This is the hardest to troubleshoot since there are
dozens of possible ways connection speed could be affected between you
and a server on the intarwebs.

>
> 4. or one of the ISPs throttling (restricting) bandwidth (I know that
> Bell Canada sells bandwidth to my ISP (I am in Canada) and Bell has been
> identified in the news as doing this and has been before the CRTC to
> justify it's behavior. Also, a British ISP has engaged in this behavior
> according to the news. My ISP says that Bell's behavior does not affect
> them and therefore does not affect me. However, in a recent news
> article one of Bell's associated ISPs (who buys bandwidth from Bell) was
> restricted by Bell in the use of that bandwidth during certain times.

What other ISPs do doesn't always mean your ISP is doing it. You can
look at their fine print on their service contracts to see if they are
doing it. Or calling and asking, but I rather doubt you'll get a
straight answer on that.

>
> I ask these above questions because I encounter numerous slowdowns and
> drop offs affecting my LAN (some requiring reboot) as well as certain
> LAN machines going almost dead at one time and then booming along at
> some other time or one machine in particular doing very little while
> another machine is doing a lot. Based on the list's discussion on SSH I
> know there are people on the list that can answer these questions. My
> LAN has both Windows and Linux machines. I really need to get some kind
> of handle on all of this. Is there an application somewhere that can
> track all of this so that it is obvious to ***me*** (retired -- old and
> getting older -- forgetful and getting more forgetful -- dumb and
> getting dumber -- with one foot already in the grave).

These are good questions, but not ones easily answered. What OS are
these systems running? Personally if you aren't behind a firewall, I'd
be very very worried. Especially if there are any windows systems on
that LAN. The things I"ve offered are only the tip of the iceberg to at
least get you started on troublehsooting the issues. I suggest starting
with one system and going from there rather than trying to debug
connection issues on the internet.

Internet connection speeds won't typically slow a system down,
processing wise. I typically transfer 6-7Mbps from my system to to the
network without causing KDE or GNOME to be sluggish. I would look at a
system being unresponsive as a SYSTEM only issue and start from there.




>
> Thanks -- Ted
>
>
>


--
Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-14-2009, 06:12 PM
NoOp
 
Default Security and Intrusions

On 01/14/2009 10:41 AM, Chris Mohler wrote:
> On Thu, Jan 15, 2009 at 12:32 PM, Ted Hilts - Thunderbird Acct.
> <thilts@mcsnet.ca> wrote:
> [...]
>> I ask these above questions because I encounter numerous slowdowns and
>> drop offs affecting my LAN (some requiring reboot) as well as certain
>> LAN machines going almost dead at one time and then booming along at
>> some other time or one machine in particular doing very little while
>> another machine is doing a lot. Based on the list's discussion on SSH I
>> know there are people on the list that can answer these questions. My
>> LAN has both Windows and Linux machines. I really need to get some kind
>> of handle on all of this. Is there an application somewhere that can
>> track all of this so that it is obvious to ***me*** (retired -- old and
>> getting older -- forgetful and getting more forgetful -- dumb and
>> getting dumber -- with one foot already in the grave).
>>
>> Thanks -- Ted
>
> The 'etherape' program will show you a graphic real-time display of
> LAN usage. Also, the 'mtr' command can help determine a bottleneck
> outside of your LAN.
>
> I think there's a bug int he etherape package - if you run it from the
> menu it cannot open any interaces. You have to either run it via sudo
> in a terminal (sudo etherape), or edit the menu item and make the
> command 'gksudo etherape' instead of just 'etherape'.

Use Applications|Internet|EtherApe (as root) instead. I don't know why
they have multiple entries (System Tools and another non-root in
Internet). Of course if it's not there, then you'd need to edit the menu
as you pointed out. I just edit out the non-root menu entries so they
don't show.










--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-15-2009, 03:59 AM
Ray Parrish
 
Default Security and Intrusions

Chris Mohler wrote:
> On Thu, Jan 15, 2009 at 12:32 PM, Ted Hilts - Thunderbird Acct.
> <thilts@mcsnet.ca> wrote:
> [...]
>
>> I ask these above questions because I encounter numerous slowdowns and
>> drop offs affecting my LAN (some requiring reboot) as well as certain
>> LAN machines going almost dead at one time and then booming along at
>> some other time or one machine in particular doing very little while
>> another machine is doing a lot. Based on the list's discussion on SSH I
>> know there are people on the list that can answer these questions. My
>> LAN has both Windows and Linux machines. I really need to get some kind
>> of handle on all of this. Is there an application somewhere that can
>> track all of this so that it is obvious to ***me*** (retired -- old and
>> getting older -- forgetful and getting more forgetful -- dumb and
>> getting dumber -- with one foot already in the grave).
>>
>> Thanks -- Ted
>>
>
> The 'etherape' program will show you a graphic real-time display of
> LAN usage. Also, the 'mtr' command can help determine a bottleneck
> outside of your LAN.
>
> I think there's a bug int he etherape package - if you run it from the
> menu it cannot open any interaces. You have to either run it via sudo
> in a terminal (sudo etherape), or edit the menu item and make the
> command 'gksudo etherape' instead of just 'etherape'.
>
> HTH,
> Chris
>
>
You guys rock! I'm now using etherape, and it has gone a long way
towards relieving my mind on what is connected to my computer. I am also
surprised at the number of servers one web page will use to serve up a
page sometimes.

Thanks for the tip!

Later, Ray Parrish

--
http://www.rayslinks.com/ Web index of human reviewed links.
<http://www.rayslinks.com/Troubleshooting%20and%20fixing%20Windows.html>
Trouble shooting and Fixing Windows
http://www.writingsoftheschizophrenic.com My poetry in web pages


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-15-2009, 04:59 AM
NoOp
 
Default Security and Intrusions

On 01/14/2009 08:59 PM, Ray Parrish wrote:
> Chris Mohler wrote:

>>
>> The 'etherape' program will show you a graphic real-time display of
>> LAN usage. Also, the 'mtr' command can help determine a bottleneck
>> outside of your LAN.
>>
>> I think there's a bug int he etherape package - if you run it from the
>> menu it cannot open any interaces. You have to either run it via sudo
>> in a terminal (sudo etherape), or edit the menu item and make the
>> command 'gksudo etherape' instead of just 'etherape'.
>>
>> HTH,
>> Chris
>>
>>
> You guys rock! I'm now using etherape, and it has gone a long way
> towards relieving my mind on what is connected to my computer. I am also
> surprised at the number of servers one web page will use to serve up a
> page sometimes.
>

Keep in mind that etherape captures to memory, so the longer you run it
the more memory it consumes. However, you can use tcpdump to dump the
data to a file for a brief while, then replay the data in etherape. See:

http://articles.techrepublic.com.com/5100-10878_11-5031581.html
[Reading from files and remote networks]

and

http://openmaniak.com/tcpdump.php

So, for example:

sudo tcpdump -n -w test

will write the dump file to 'test'. You can then open up etherape and
File|Open and select the 'test' file & etherape will replay the events
from that file.

Side note: If you ssh into your kid's computer, run tcpdump (assuming
you have an account there with sudo capability), copy the file & play it
back for him/her in etherape and you can show them 'graphically' what
they connected to over a period of time. Obviously more fun than just
showing them router logs...





--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-15-2009, 06:37 PM
Ray Parrish
 
Default Security and Intrusions

NoOp wrote:
> On 01/14/2009 08:59 PM, Ray Parrish wrote:
>
>> Chris Mohler wrote:
>>
>
>
>>> The 'etherape' program will show you a graphic real-time display of
>>> LAN usage. Also, the 'mtr' command can help determine a bottleneck
>>> outside of your LAN.
>>>
>>> I think there's a bug int he etherape package - if you run it from the
>>> menu it cannot open any interaces. You have to either run it via sudo
>>> in a terminal (sudo etherape), or edit the menu item and make the
>>> command 'gksudo etherape' instead of just 'etherape'.
>>>
>>> HTH,
>>> Chris
>>>
>>>
>>>
>> You guys rock! I'm now using etherape, and it has gone a long way
>> towards relieving my mind on what is connected to my computer. I am also
>> surprised at the number of servers one web page will use to serve up a
>> page sometimes.
>>
>>
>
> Keep in mind that etherape captures to memory, so the longer you run it
> the more memory it consumes. However, you can use tcpdump to dump the
> data to a file for a brief while, then replay the data in etherape. See:
>
> http://articles.techrepublic.com.com/5100-10878_11-5031581.html
> [Reading from files and remote networks]
>
> and
>
> http://openmaniak.com/tcpdump.php
>
> So, for example:
>
> sudo tcpdump -n -w test
>
> will write the dump file to 'test'. You can then open up etherape and
> File|Open and select the 'test' file & etherape will replay the events
> from that file.
>
> Side note: If you ssh into your kid's computer, run tcpdump (assuming
> you have an account there with sudo capability), copy the file & play it
> back for him/her in etherape and you can show them 'graphically' what
> they connected to over a period of time. Obviously more fun than just
> showing them router logs...
>
>
>
>
>
>
Thanks again for the information. I've been monitoring with EtherApe for
a couple of hours today and it doesn't seem to be causing any problems
with memory so far. I've just installed tcpdump however.

One connection I saw today is the only one which worried me a bit. It
resolved to simply "en" as a domain name. I doubl clicked it and got the
ip address and saw that my machine had sent 239 kilobytes to this
connection. A whois search on the ip address returned no data available,
so I plugged the ip into my browser location bar and it took me to the
following url -

<http://www.mozilla.com/en-US/>

This is the download page for the Linux version of Firefox. Why the heck
is Mozilla grabbing over a quarter meg of data from me? I could see a
few kb to check for upgrades, but 239K? That's quite a bit.

Later, Ray Parrish

--
http://www.rayslinks.com/ Web index of human reviewed links.
<http://www.rayslinks.com/Troubleshooting%20and%20fixing%20Windows.html>
Trouble shooting and Fixing Windows
http://www.writingsoftheschizophrenic.com My poetry in web pages


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-15-2009, 08:56 PM
John Hubbard
 
Default Security and Intrusions

Ray Parrish wrote:
>
> Why the heck
> is Mozilla grabbing over a quarter meg of data from me? I could see a
> few kb to check for upgrades, but 239K? That's quite a bit.
>
>
>
What version of Firefox? Is it updating its list of bad websites. I seem
to remember that one of the betas for Firefox 3 did something like this.
It slowed my machine way down every few minutes. I thought that they
fixed it before the final release though.


--
-john

To be or not to be, that is the question
2b || !2b
(0b10)*(0b1100010) || !(0b10)*(0b1100010)
0b11000100 || !0b11000100
0b11000100 || 0b00111011
0b11111111
255, that is the answer.



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-15-2009, 09:21 PM
Ray Parrish
 
Default Security and Intrusions

John Hubbard wrote:
> Ray Parrish wrote:
>
>> Why the heck
>> is Mozilla grabbing over a quarter meg of data from me? I could see a
>> few kb to check for upgrades, but 239K? That's quite a bit.
>>
>>
>>
>>
> What version of Firefox? Is it updating its list of bad websites. I seem
> to remember that one of the betas for Firefox 3 did something like this.
> It slowed my machine way down every few minutes. I thought that they
> fixed it before the final release though.
>
>
>
Version 3.05... I don't think it's updating a bad web site list, as it
is downloading the 239 K *from* my machine, not to it. It only sent
around 36 K to my machine.

Later, Ray Parrish

--
http://www.rayslinks.com/ Web index of human reviewed links.
<http://www.rayslinks.com/Troubleshooting%20and%20fixing%20Windows.html>
Trouble shooting and Fixing Windows
http://www.writingsoftheschizophrenic.com My poetry in web pages


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-17-2009, 03:18 AM
"Mark H. Nichols"
 
Default Security and Intrusions

On Jan 15, 2009, at 4:21 PM, Ray Parrish wrote:

> Version 3.05... I don't think it's updating a bad web site list, as it
> is downloading the 239 K *from* my machine, not to it. It only sent
> around 36 K to my machine.

It wouldn't be one of those anonymous "usage tracking" deals, would
it. "Please let us periodically upload information about your usage
of our software?"

Just my $0.02.
Mark


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 09:55 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org