davil

Hi All, just wondering if anybody has any advice for a quick uptime test tool that I'm writing, that I want to integrate into our company Intranet here - We have Windows systems primarily, but I will setup Ubuntu in a VM if I really have to. The most important thing here is speed, as there's at least 100 switches and about 20 servers and I need the monitor to continue, and run once a minute or so. I've used some examples from the PHP.net pages and tried to cobble something together as I'm definitely no PHP pro Anyway, I have tried the following PHP code: <html> <head> <meta http-equiv="refresh" content="30"> </head> <body> <?php $time1=date('H:i:s'); echo "Last Refresh Time = $time1<br/><hr/>"; error_reporting(0); /*-----------------------------------------------------------------------------------------*/ // Checksum calculation function function icmpChecksum($data) { if (strlen($data)%2) $data .= "\x00"; $bit = unpack('n*', $data); $sum = array_sum($bit); while ($sum >> 16) $sum = ($sum >> 16) + ($sum & 0xffff); return pack('n*', ~$sum); } /*-----------------------------------------------------------------------------------------*/ function PingTry1($pingaddress){ // Making the package $type= "\x08"; $code= "\x00"; $checksum= "\x00\x00"; $identifier = "\x00\x00"; $seqNumber = "\x00\x00"; $data= "testing123"; $package = $type.$code.$checksum.$identifier.$seqNumber.$data; $checksum = icmpChecksum($package); // Calculate the checksum $package = $type.$code.$checksum.$identifier.$seqNumber.$data; // And off to the sockets $socket = socket_create(AF_INET, SOCK_RAW, 1); socket_set_option ( $socket, SOL_SOCKET, SO_RCVTIMEO, array("sec"=>1, "usec"=>0) ); socket_connect($socket, $pingaddress, null); $startTime = microtime(true); socket_send($socket, $package, strLen($package), 0); if (socket_read($socket, 255)) { return true; } else{ return false; } socket_close($socket); } /*-----------------------------------------------------------------------------------------*/ function DoTheCheck($name,$ip){ global $errors; global $j; if (PingTry1($ip)==1){ //do nothing }else{ $j++; $errors[$j] = "$name --> $ip"; } } /*-----------------------------------------------------------------------------------------*/ //READ IN THE INI FILE INTO $filedata Array $myFile1="hosts.ini"; $filehandle1 = fopen($myFile1, 'r') or die("Couldn't open file [$myFile1]"); $number1=count(file($myFile1));; $filedata = fread($filehandle1, filesize($myFile1)); fclose($filehandle1); // Create an array with each line of the file $array1 = explode("\r\n", $filedata); unset($filedata); //free up a bit of memory foreach ($array1 as &$line) { // step through the array, line by line if (!empty($line)){ list ($name,$ip)=split(",",$line); DoTheCheck($name,$ip); } } if ($errors){ echo 'The Following Hosts are down - <br/><br/><table>'; foreach ($errors as &$value) { $k++; echo '<tr><td><img class="light" src="red.png" /></td><td>'.$errors[$k].'</td></tr>'; } echo '</tr></table>'; } else{echo '<img class="light" src="green.png" /><h1>ALL IPS ARE UP!</h1>';} ?> </body> </html> and that code above works great for monitoring Windows servers - it's very fast at checking through 20 anyway - the page 'refreshes' in about 2 seconds, even if hosts are down etc. but the way it works doesn't suit Cisco switches, so I had to try to figure out something else for those. I re-wrote the code using the PEAR NET_PING class to look like this: <?php $time1=date('H:i:s'); echo "Last Refresh Time = $time1<br/><hr/>"; require_once "Net/Ping.php"; $ping = Net_Ping::factory(); $ping->setArgs(array('count' => 2, 'ttl' => 50, 'timeout' => 1)); /*-----------------------------------------------------------------------------------------*/ function DoPing($ip) { global $ping; $results = $ping->ping($ip); if ($results->_loss==0) {return true;}else{return false;} } /*-----------------------------------------------------------------------------------------*/ function DoTheCheck($name,$ip){ global $errors; global $j; if (DoPing($ip)==1){ //do nothing }else{ $j++; $errors[$j] = "$name --> $ip"; } } /*-----------------------------------------------------------------------------------------*/ //READ IN THE INI FILE INTO $filedata Array $myFile1="hosts.ini"; $filehandle1 = fopen($myFile1, 'r') or die("Couldn't open file [$myFile1]"); $number1=count(file($myFile1));; $filedata = fread($filehandle1, filesize($myFile1)); fclose($filehandle1); // Create an array with each line of the file $array1 = explode("\r\n", $filedata); unset($filedata); //free up a bit of memory foreach ($array1 as &$line) { // step through the array, line by line if ( (!empty($line)) && (!strstr($line,'##')) ) { list ($name,$ip)=split(",",$line); DoTheCheck($name,$ip); } } if ($errors){ echo 'The Following Hosts are down - <br/><br/><table>'; foreach ($errors as &$value) { $k++; echo '<tr><td><img class="light" src="red.png" /></td><td>'.$errors[$k].'</td></tr>'; } echo '</tr></table>'; } else{echo '<img class="light" src="green.png" /><h1>ALL IPS ARE UP!</h1>';} ?> but unfortunately when I add in ten Cisco switches into the list to be checked, it works, but can take a minute or two to run the script. This just isn't fast enough for a monitoring system, especially if I want to store the data in a MySQL table and graph it later on. Is there any way to streamline this so that it can quickly do an uptime check on these servers & switches - I'm trying to do the same in Ruby with 'net/ping' but getting nowhere as well. the switches themselves do respond to normal pings. And I know most people will just think "use SNMP you fool!!!" but the SNMP public and private settings here are all over the place and I'm not allowed to change them on any switches. also I don't fully understand SNMP but if there's a way to do an SNMP scan on a list of hosts, no matter what their settings are, I'll gladly go that route. So basically I'm looking for overall advice on this sort of thing - Should I use: Sockets ? ICMP ? Some sort of Layer 2 scanning for the mac addresses ? echo (port 7) ? Something else (but not SNMP unless it's the ONLY option)? Should I use PHP or Ruby or is there a command line EXE out there already that I can use ? can nmap be used to scan a text file full of hosts and return just the hosts that are down (or some similar info that I can parse in PHP) I'm not looking for a full software to do this sort of monitoring - it needs to be something I can utilise in our own site , so preferably PHP / JS / Ruby (preferably something I can read, but I'll take advice on any language at this stage), or an EXE that just works, that I can parse the data from. There must be some way to do this fast, otherwise how would IPmonitor exist? Anyhow thanks for taking the time to read through my long rant. If anybody has any advice, I'd really appreciate it.

I am an IT person here lol!!! It's just all of our network traffic goes through national proxy / router etc, and I just know the basics of TCP/IP to get me by. I have no qualifications at all and am self taught in most of the stuff I know. I suppose I'll need to learn a bit about routing or forget it. To be honest I'm not that bothered about facebook but it would be nice to be able to get to http://www.nirsoft.net/ for example, which is blocked here under the Category "Hacking", which is strange besause the site has very little to do with 'hacking' and here I am on Hak5 forums no problem lol. Thanks [edit]Actually, that "route" command looks easy. Nice. Thanks again![/edit]

Howdy all, as usual I failed with my google searching on this and I've come to the experts to ask for help. They've blocked facebook as well as my own domain here where I work and I may have a solution: We have a wired network setup here on Active Directory etc - 10.175.x.x 255.255.0.0 and I just hooked up a Wireless AP which is on a DSL setup - 192.168.1.x 255.255.255.0 and I can connect to the AP over wifi with my iPod touch and know it's working but I also would like to be able to route some stuff from my Win7 PC here over wifi (I have a USB 802.11g adapter) and I'm not sure how to do it. We use a proxy on our AD network and most of the time I want to use that, in google chrome for example where I do most of my work, the proxy settings are pulled in from IE. So I thought if I use firefox, turn off proxy in there, and change the 'binding order' of my network adapters and put the wireless one first, I could use firefox for the DSL stuff and stick to google chrome for Lan stuff. However, this didn't work and my non-network head makes me guess it's something to do with subnet / gateways - I know that the two networks are on different subnet classes for example but I don't know if that's causing a problem. also I'm not sure if setting the wireless network as Home or Work or Public will make a difference ?? I had considered setting up a smoothwall / squid proxy as I have done this before, but it's far easier to hide a Wireless AP than a whole PC at the back of our network cabinet. So if anybody can tell me how to route certain data over wifi without using a proxy I'd be really grateful. P.S. it was working there for a second, at least, I can ping the 192.168.1.254 DSL router but it's not routing my net traffic properly. it's something simple (DNS or something) I can almost taste it....

nice! I'm only seeing these replies now. Thanks v much. will try that proxifier tomorrow when I'm back at work

Just to go back to an earlier point about using Qemu to create your VMs and then use VMware player, there's also VMX builder ( http://vmxbuilder.com/ ), which is a quick and handy way to create VMs also, And Virtualbox has all the main features of VMware workstation too but I'm not too sure if it's as quick as VMware so that was my main question, I presume that Virtual PC is the slowest of the three anyhow ?

Hi all, Seems I'm always in here asking questions, but somebody may have tried this already and have an idea which one is fastest. So what I'm asking is this: I don't have a BIOS that supports hardware virtualisation, even though my CPU does support it. So for a while I thought I was SOL with regards XP mode, but then I realised that I could install my old copy of XP in Virtualbox and run it seamlessly, which is great, but it's not as if I can have an "Internet Explorer 6" shortcut that runs just that program, so I'd like to get a proper XP mode going. Then I found out a few weeks ago that you no longer need hardware assisted virtualisation to have XP Mode through Virtual PC, but I also found out today that you can have a kind of XP mode in both Vmware Player and Virtualbox. So does anybody know which is fastest? Virtual PC (official) http://windowsteamblog.com/blogs/windows7/...o-more-pcs.aspx Virtualbox + VMlite plugin http://www.howtogeek.com/howto/12309/insta...-vmlite-plugin/ Vmware Player version http://www.howtogeek.com/howto/10911/run-x...virtualization/ Thanks guys

Hi all, I work in Windows Admin and unfortunately we have a proxy server (with authentication) here for internet. I was wondering if there's a way that I can force applications that need web access to use this proxy - as you know most apps have configuration / settings that you can edit in order to use the proxy - but some don't and here's my problem. Does anybody know a way to create like a virtual router that routes all internet traffic from one or all applications over a proxy?? I hope I make sense.

Thanks

Hi BlueWyvern, I understand the benefits of VM technology, I really do. However, we just can't afford a server good enough. We have about 20 or so physical servers ranging from Dual PIII servers to the latest Xeons but the more beefy servers that we have are already seriously overworked with 50 Citrix users a piece. Also there's just a general lack of I.T. Knowledge across my department nationally. They tend to stick with what they know... and buy a new server for every new app that comes in (I know!! - it's crazy!!!!) - I just can't change the way they do things. I'm almost like an intern here but I'm one of the few who keep up to date with emerging technologies - I'm just fighting a losing battle here. Thanks for all your help though. It should give me enough to get the job done

ahah! Modifying existing DHCP to work with FOG http://www.fogproject.org/wiki/index.php?t...erGuide#Windows This might do the trick!

Thanks BlueWyvern! There's a lot of great info there for me. I know a bit about VMs myself but to be honest I'm in an I.T. office with 5 other people and their knowledge is, lets just say "limited" so I'll be keeping all our servers physical for the moment. (they're not great spec servers anyhow and have trouble coping with the amount of Citrix users we have). That FOG project sounds interesting (taking a look now) - but if it uses DHCP that's not good as we already have many DHCP servers on our network / WAN that synchronise and I don't want to interfere with their operation. (if it can be setup without interfering that's great.) Somehow I have a feeling that DHCP will definitely be a no-no so PXE would be a no-no but if I'm wrong, please let me know. I've heard of gParted before but didn't know if I could use it on a windows server with RAID. Thanks again for your help

Good plan - Will do. It would be nice to find a network version of this though, it would save a lot of hassle over the next couple of years.

Hmmmm... I half remember that now but I'm not sure if my boss will go for the VM option (she doesn't understand VMs lol)

I have done on several occasions over the last 5 years. At the moment, with a global recession (and me living in the most corrupt country in the world ) - it's just not an option. :-(

Hi all, I'm back asking questions again. I'll keep this simple. We have a load of Windows Server 2003 installations here on HP Servers. Some fool setup the C drive partitions with only 10GB!!!!!! so as you can guess they're running out of space. My Plan is to re-partition on the fly using one of the following as we don't have time for a full reinstall (we're not allowed enough downtime by our managers): EASEUS Partition Master Server Edition http://www.partition-tool.com/ or Acronis Disk Director Suite http://www.acronis.com/homecomputing/produ...rtitioning.html or similar But obviously I want to 'ghost' / take an image of the entire Drive just in case something goes horribly wrong (which it usually does) So I've been looking at a few different options for this: 1. Universal Network Bootdisk + the OLDer DOS based Ghost that we have (This is what we use for PCs but I have a feeling it won't work well on server 2003 with RAID) [not sure of version of ghost] http://netbootdisk.com/ 2. Acronis® Backup & Recovery™ 10 Advanced Server - doesn't work over the network http://www.acronis.com/backup-recovery/advanced-server/ We have no external drives so we'd have to store the image of the drive somewhere on the network (so I think #2 is out) There's probably a linux way to do this but I'm not great with linux command line stuff. maybe there's a live CD I can download which is already setup to do this?? So I'm wondering what's the easiest / most efficient way to do this job ? Any help would be much appreciated.

can any of these be used on remote sites through a firewall? I have teamviewer setup with multiple people and I can remote control their systems, transfer files etc. (even through work firewall here!!) but I'd love to be able to monitor remote machines. Even up/down test would be a great start. maybe teamviewer VPN but I don't want to have too complicated a network setup if I don't need one. I'm thinking of running a PHP/MySQL based solution with my hosting. or maybe just something that e-mails me when one of their systems goes down. but that means writing my own app. and there's probably something out there than can do all this for me ?

No I am on windows here. so that's quite useful. especially seeing as PHP isn't always an option and I know nothing of perl. Still very slow though but at least I'm not getting any timeouts. speed issue could be a DNS thing but I'm not sure. our active directory was made by monkeys and microsoft aren't much help either. WSUS is only half working here as is our EPO agent for Mcafee Enterprise. Massive company and I'm probably the only one in I.T. who ever even heard of linux lol. I really should get my ass into a software engineering degree or something so I can finally write my own multi-threaded apps to do this sort of thing. Thanks again for everyones help. one last thing though. The whole reason I'm doing this is so I can use Conficker detection tool by mcafee. That way we can narrow down infections and run the bitdefender removal tool on said machines. Now unfortunately the detection tool will only work by IP address and it takes too long to scan entire scopes so I was using "net view" command to get list of hostnames and then converting them to IPs using scripts above. However I know this isn't 100% as I'm sure "net view" won't give all active IPs and furthermore I need to keep running the scripts over the following weeks to get any new IPs that come on stream (laptops etc.).. So I suppose I'm wondering is there a way to query the Active Directory for a list of active IP addresses or hostnames with VBS, PHP, AutoIT,AutoHotKey or Kixtart (using WMI) as I am most familiar with these languages... or more to the point a tool that will just do all of the steps above for me to find the conficker infection where it hides. Not that it will make a difference because even though I have the tools to kill conficker + script patches etc. and our building has its own logon script that I created so we're 100% patched + ok, there's still hundreds of computers on our companies wan and at least 50 of them out of the 2307 that I have scanned have the virus. When I tried to run scripts to kill conficker + patch against it I got a talking to from bureaucratville for rebooting computers I'm not supposed to. So to cut a very long story short, red tape will probably mean that the conficker virus here will spread even further. Microsoft's only short-term answer was to rollout a registry permission block thing which although it stops conficker spreading it also stops the other I.T. people around my WAN installing service pack 3 for XP (we're primarily XP network) but like I said, my building is fine so why should I care? I'm doing programming work for typist wages. Sorry about long rant. I tend to do this.

Perl ain't my forté but I'll give it a go. Thanks again.

Hi scraphead [edit]scrapheap even (I can't read today)[/edit]. Thanks for that. I thought we were still having DNS issues but they seem to have been resolved. It was to do with our lookup zones rather than speed though. DNS lookups seem fine speed-wise. It's just there are so many and I'm using PHP and shell_exec. Some clever coder may have done this properly in C# or something which is why I'm googling around to find said app... but still to no avail. Thanks for your comments though

Nah it's still taking more than 10 minutes with nslookup, but it got 2100 done. I'll increase the max execution time a bit more than 600seconds, but I'd imagine there's still a much faster way.

Thanks for that suggestion but unfortunately we're having DNS issues related to conficker. Still, I shall give it a go and see how I get on. Sorry I didn't notice your post earlier

Ok i've tried that but it's still very slow. Originally I was having trouble, i.e. Maximum execution time of 300 seconds exceeded - so I split it up into smaller chunks of about 300 ips at a time. But I'm using the following script now: <?php function DavPing($host){ $output=gethostbyname($host); return $output; } $handle = fopen("ips_all.txt", "w"); /THIS IS THE OUTPUT FILE $fh = fopen("hosts.txt", 'r') or die("Couldn't open file"); // THIS IS THE INPUT FILE $numberofhosts = count(file($myFile)); //get the data into a large string $data = fread($fh, filesize($myFile)); fclose($fh); $array1 = explode("\r\n", $data); for ( $bo = 0; $bo <= $numberofhosts; $bo += 1 ) { $hostname=$array1[$bo]; $theip=DavPing($hostname)."\r\n"; if ($theip!=''){fwrite($handle,$theip);} } fclose($handle); echo "COMPLETE" ?> but it stopped after writing 700 lines with the 'Maximum execution time of 300 seconds exceeded' I could increase to 1000 seconds and above but that's over 16 minutes!!!!!!! There must be a quicker way to get current IP addresses for a list of 2307 hosts ??

Thanks a bunch for that. will try that now.

Hi all, I'm trying to convert a big list of hostnames to IPs as quick as I possibly can. At the moment I just have a PHP script pinging each machine and cutting out the garbage and writing just the ips into a text file. But this takes quite a long time especially when it hits non-pinging machines. Does anyone have a ping exe that will move on straight away if it doesn't get a reply?? or does anyone have a faster way / tool ? I could probably learn perl or python if necessary but maybe there's a PEAR class or something ? I'll find it eventually with google but I've had no luck so far. Any help is much appreciated.

You have a very valid point about the drivers alright. I took a look at that but wasn't too sure. since it does print perfectly now and again. However, I will get the vista drivers for the vista machine. All the other machines on the network are indeed XP Pro. I have a few things to try next time I make it into the building. I'll keep you posted asap