Search Results

Search found 3710 results on 149 pages for 'protocol analyzer'.

Page 78/149 | < Previous Page | 74 75 76 77 78 79 80 81 82 83 84 85 | Next Page >

traffic shaping for certain (local) users

- by JMW

Hello, i'm using ubuntu 10.10 i've a local backup user called "backup". :) i would like to give this user just a bandwidth of 1Mbit. No matter which software wants to connect to the network. this solution doesn't work: iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner 1001 -j MARK --set-mark 12 iptables -t mangle -A POSTROUTING -p tcp -m owner --uid-owner 1001 -j MARK --set-mark 12 tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 2 htb default 1 tc filter add dev eth0 parent 2: protocol ip pref 2 handle 50 fw classid 2:6 tc class add dev eth0 parent 2: classid 2:6 htb rate 10Kbit ceil 1Mbit tc qdisc show dev eth0 tc class show dev eth0 tc filter show dev eth0 does anyone know how to do it? thanks a lot in advance

Read the article
How can I limit the upload/download bandwidth on my CentOS server?

- by Dan Nestor

How can I limit the upload and download bandwidth on my CentOS server? This is a box with a single interface, eth0. Ideally, I would like a command-line solution (I've been trying to use tc), something that I could easily switch on and off in a script. So far I've been trying to do something like tc filter add dev eth0 protocol ip prio 50 u32 police rate 100kbit burst 10240 drop but I'm obviously missing a lot of knowledge and information. Can somebody help with a quick one-liner? Many thanks, Dan

Read the article
MS SQL 2000 and SSL Certificate

- by smoak

I'm trying to set up a MS SQL 2000 server to use an already existing SSL certificate installed on the server. I verified that the certificate shows up in the Personal/Certificate folder of the account that is running the MSSQLSERVER service using the Certificate MMC snap-in. I also verified that the certificate for the CA is installed under the Trusted Root Certificate Authorities. Additionally, to make sure that it is using this specific certificate I created a Certificate registry value of type REG_BINARY in: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\SuperSocketNetLib and I set it to the certificates thumbprint like it mentions in: http://support.microsoft.com/kb/276553 Finally, I opened up the Server Network Utility, checked Force protocol encryption, clicked OK, and restarted the MSSQLSERVER service. Unfortunately, it fails to start and looking at the event log it's failing with: 19015: Encryption requested but no valid certificate was found. SQL Server terminating. I'm at a loss. Any ideas? Where did I go wrong?

Read the article
Allow HTTPS cookies but not HTTP?

- by Ken

I want to allow cookies for a domain but only over HTTPS -- not cookies from the same domain that come from HTTP. For example, I don't want any http://www.google.com cookies, but I do want to allow https://www.google.com cookies (because Calendars are there). Is there a way to do this? Does the goal even make sense? In Chrome, it only allows domain names, not URLs, to be added to the cookie exception list. In Firefox, it allows a protocol, but it only records the domain name, and if you click "Allow" or "Deny", it changes the same entry in the list.

Read the article
PCI scan findings and problems with week ciphers on ports 993,443,995,465

- by user64991

From PCI scan results: Synops is : The remote service encrypts traffic using a protocol with known weaknesses . Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients . See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) I have tried to change SSLProtocol all -SSLv2 to SSLProtocol -ALL +SSLv3 +TLSv1 And SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW To SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT But using SSLdigger, it shows the same result. Is this the right way to do something like this?

Read the article
Ubuntu and mysql server. Something isnt allowing me to connect

- by acidzombie24

I have a question about mysql settings http://serverfault.com/questions/94054/remote-connections-and-mysql-on-ubuntu/94088#94088 now i want to figure out why i cannot connect. I made sure bind-address was commented out. I can ping the server within the VM but i cannot ping it from within the VM using mysqladmin --protocol=tcp --host=self_ip ping. I also followed along and check if my ports were open and they look like they are. I setup samba on that VM and can access that with no problem as well. It looks like ubuntu does not have a firewall either (i figured this out before) so i am stumped why the server isnt allowing my connection. Apparently the config file works on another person side http://www.pastie.org/742545 I am using Ubuntu 6.06 LTS just because of 'support' reasons. So hopefully this will be 'easy'?

Read the article
cannot access my own computer through My Network Places

- by vgv8

My home Windows XP Pro SP3 machine is DHCP client receiving configurations from ISP. Trying to access in WindowsExplorer -My Network Places - Microsoft Windows Network shows Workgroup with a delay of 3 min and then popups messagebox: Microsoft Windows Network Workgroup is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.The list of servers for this workgroup is not currently available OK I am logged-in as local machine Administrator. The internet is accessible (I am writing this post through it) The Firewall is disabled The "Computer Bowser" and all networking services, I could find, are running Control Panel -- Network Connections -- Properties (of connection) --- Internet Protocol (TCP/IP), btn Properties --- --- tab General, btn "Advanced..." -- tab WINS-- rbtn "Enable NetBIOS over TCP/IP" checked Why cannot I access my own PC (and shares on it) through My Network Places What is the possible problem? How to daignose the problem?

Read the article
Difference between tcp recv buffer and tcp receive window size?

- by pradeepchhetri

The command shows the tcp receive buffer size in bytes. $ cat /proc/sys/net/ipv4/tcp_rmem 4096 87380 4001344 where the three values signifies the min, default and max values respectively. Then I tried to find the tcp window size using tcpdump command. $ sudo tcpdump -n -i eth0 'tcp[tcpflags] & (tcp-syn|tcp-ack) == tcp-syn and port 80 and host google.com' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:15:41.465037 IP 172.16.31.141.51614 > 74.125.236.73.80: Flags [S], seq 3661804272, win 14600, options [mss 1460,sackOK,TS val 4452053 ecr 0,nop,wscale 6], length 0 I got the window size to be 14600 which is 10 times the size of MSS. Can anyone please tell me the relationship between the two.

Read the article
Monit can't detect MySQL, but I can

- by Matchu

Monit is configured to watch MySQL on localhost at port 3306. check process mysqld with pidfile /var/lib/mysql/li175-241.pid start program = "/etc/init.d/mysql start" stop program = "/etc/init.d/mysql stop" if failed port 3306 protocol mysql then restart if 5 restarts within 5 cycles then timeout My application, which is configured to connect to MySQL via localhost:3306, is running just fine and can access the database. I can even use MySQL Query Browser to connect to the database remotely via port 3306. The port is totally open and possible to connect to. Therefore, I'm pretty darn certain that it's running. However, running monit -v reveals that Monit cannot detect MySQL on that port. 'mysqld' failed, cannot open a connection to INET[localhost:3306] via TCP This happens consistently, until Monit decides not to track MySQL anymore, as configured. How can I begin to troubleshoot this issue?

Read the article
Automatically updating routing table on server

- by bramp

I have a LAN with three routers on it, one connected to the Internet, one VPN router connected to a few remote sites, and a final route connected to a private network (using BGP to get prefix advertisements). On the same LAN I have multiple Linux servers which needs access to the networks behind each router. I have achieved this by configuring static routes on the server, pointing the different network prefixes to the correct router. This has worked well, but every time we connect to a new remote VPN, we have to change all the servers to be aware that the network is now accessible via the VPN, and not via the default Internet route. What I want is a way to automatically update the routes on all of the servers, when the route is added to a routers. Now, I could install Quagga or something similar on all the servers to receive router advertisements, but that seems like overkill. So my question is what is the easiest/simpliest way to update the routing tables on the server automatically, and what protocol is best suited for this purpose. thanks

Read the article
keepalived questions (requirements, abilities, limitations)

- by Poni

1) What are keepalived's (physical/network) requirements? Does the two (or more) keepalived' nodes need to be connected to the same switch? (something related to broadcasting maybe). 2) Can keepalived nodes run on different networks, "internet" networks? 3) Is keepalived depend on the router? (as far as I understand, the virtual IP should point to the real router/switch that connects both nodes). 4) Is keepalived "service-independent"? - What is keepalived's involvement domain? IPs only? Or is it service/protocol oriented? - Does it deal ONLY with IP, or is it designed for HTTP for example? - In other words, can I use it for custom (network-based) app? 5) Have more than one failover server? If the answer for question #4 is "yes", i.e it depends on the service type, then is there any general alternative? Preferably easy to install/configure :)

Read the article
Accept incoming L2TP connections on Windows 7

- by Greg

Windows 2003 can be configured as a VPN server that uses L2TP with a preshared key. Windows 7 can be configured to accept incoming VPN connections, presumably using PPTP. Is there a way to configure Windows 7 to accept incoming L2TP connections? The configuration settings for incoming connections is extremely sparse; I don't see any place to enter a preshared key or specify the protocol to use. Perhaps it is beyond the capabilities of Win 7, but I hold out hope that I'm overlooking some Group Policy settings or registry edits that allow it.

Read the article
How to supply parameters in URI schema?

- by abhishekgarg

I just started working with URI schema and successfully created one in Windows and Linux as well, but I am not able to parse any parameters to it. In Linux I am trying to open a file "test.py" in gedit, so for schema part I used these commands: gconftool -2 -t string /desktop/gnome/url-handlers/geditapp/command "gedit %s" gconftool -2 -t bool/desktop/gnome/url-handlers/geditapp/enabled true This is creating the URI protocol and I'm able to open the application with the Web-browser, but its not taking the parameters for the file I want to open, so I'm using the following command: <a href="geditapp:/opt/test/myfile.py">open</a> Which opens the gedit but without the file. Can someone please help me with this?

Read the article
Network monitoring solution

- by Hellfrost

Hello Serverfault ! I have a big distributed system I need to monitor. Background: My system is comprised of two servers, concentrating and controlling the system. Each server is connected to a set of devices (some custom kind of RF controllers, doesnt matter to my question), each device connects to a network switch, and eventually all devices talk to the servers, the protocol between the servers and the devices is UDP, usually the packets are very small, but there are really a LOT of packets. the network is also somewhat complex, and is deployed on a large area physically. i'll have 150-300 of these devices, each generating up to 100+ packets per second, and several network switches, perhaps on 2 different subnets. Question I'm looking for some solution that will allow me to monitor all this mess, how many packets are sent, where, how do they move through the network, bandwidth utilization, throughput, stuff like that. what would you recommend to achieve this? BTW Playing nice with windows is a requirement.

Read the article
Using both domain users and local users for Squid authentication?

- by Massimo

I'm working on a Squid proxy which needs to authenticate users against an Active Directory domain; this works fine, Samba was correctly set up and Squid authenticates users via ntlm_auth. Relevant lines in squid.conf: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on acl Authenticated proxy_auth REQUIRED http_access allow Authenticated http_access deny all Now, I need a way to allow access to users which don't have a domain account. I know I could create an "internet user" account in the domain, but this would allow access, although limited, to domain resources (file shares, etc.); I need something that will allow only Internet access. The ideal solution would be using a local account on the proxy server, either a Linux account or a Squid one; I know Squid supports this, but I'm unable to have it use both domain authentication and Squid/local authentication if domain auth is unsuccesful. Can this be done? How?

Read the article
Does an SMTP request contain host header information (or just the IP of the targeted SMTP server)?

- by Olaf

We are using an external commercial smtp server for our newsletters (sending them through .NET components), and they offer two smtp URLs - smtp.critsend.com and fast.critsend.com -, and the second one is reserved for sending singular emails, the first one for bulk. Using nslookup shows that both resolve to the same 4 IP addresses (fast.critsend.com being an Alias). Question: (how) is it possible for the smtp relay to distinguish between different names? Is there something in the headers that can be compared to host headers in http protocol (I didn't find any intelligible information for a non-sysadmins)? The reason I'm asking is because we would like to use one of the IPs in our newsletter script (which works) rather than a name (in order to save DNS requests), and we are wondering about potential problems.

Read the article
Netboot Intel Macs without BSDP

- by notpeter

I have a netboot setup with DeployStudio that works great in my lab, but doesn't work on our main network. After some digging, I believe it's because our network admins are filtering BSDP (Boot Service Discovery Protocol) on our subnet at the switch level. Is it possible to hard code which server my clients (early 2007 iMac Core2Duos) should boot from without relying on BSDP? Perhaps relevant details: I do not have control over switch configs or DHCP settings. Client and server are running 10.6 Snow Leopard. The clients see the netboot server advertising itself in the 'Startup Disk' system preferences pane, but when I go to netboot it just leaves me with a flashing globe.

Read the article
How can I share a Windows 7 library with anonymous access without using a Homegroup?

- by Triynko

The "homegroup" feature is useless, because it requires a password, and therefore doesn't support anonymous, no-hassle access to shares from devices such as my Sony Bravia TV and non-Windows7 machines. So I turned off homegroup and reverted to the standard shared folders protocol. I'd like to share my Music "Library", so I can play files from my TV through the Surround Sound System, but there seems to be no option to share a library folder other than through a homegroup. I don't want to have to individually share the folders that belong to the library, because that would defeat the purposes of the library, which is to manage which folders are included in the library while also providing an easily accessible view of them all at once. Does anyone know how to share a Windows 7 library without that useless homegroup feature?

Read the article
GDM login screen is not displayed with VNC

- by niboshi

Hi, I set up VNC server with xinetd. Also configured GDM so that XDMCP is enabled. VNC connection seems okay, but GDM login screen is not shown. Instead I can only see old bare X screen (gray meshed background and X-shaped mouse pointer), which I can't do any interaction with it. What can I do to fix the problem? No log is written below /var/log/. Server distribution: Ubuntu marverick /etc/xinetd.d/vnc is like below: service vnc1024 { disable = no socket_type = stream protocol = tcp wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -geometry 1024x768 -depth 24 -once securitytypes=none port = 12345 } /etc/gdm/custom.conf: [daemon] [security] DisallowTCP=false [xdmcp] Enable=true [gui] [greeter] [chooser] [debug] [servers] /etc/services is also configured. Thanks

Read the article
How do I access an Ubuntu VirtualBox guest at a static IP from an OS X host?

- by David Siegel

How does one configure an Ubuntu guest to use a static IP that's visible to an OS X host, and ensure that the static IP is independent of the host's network configuration? I previously used bridged networking for my guest, but I'm constantly moving my host between networks so the guest IP is always different. First, I tried setting the guest network configuration to NAT and forwarding host port 1022 to guest port 22, so I could at least ssh to a fixed address (localhost:1022): $ VBoxManage setextradata "Ubuntu Server" "VBoxInternal/Devices/e1000/0/LUN#0/Config/SSH/Protocol" "TCP" $ VBoxManage setextradata "Ubuntu Server" "VBoxInternal/Devices/e1000/0/LUN#0/Config/SSH/GuestPort" 22 $ VBoxManage setextradata "Ubuntu Server" "VBoxInternal/Devices/e1000/0/LUN#0/Config/SSH/HostPort" 1022 Then, $ ssh localhost -p 1022 ssh: connect to host localhost port 1022: Connection refused But this didn't work (guest has no network access with NAT and OS X refused the connection, as you can see). I'd love a general solution that would let me communicate with my guest at a fixed IP.

Read the article
How can i get SSO for alfresco on windows-7 to work?

- by Maarten

domain AD on windows 2008 R2, linux server alfresco 3.4c, windows-7 client. I'm trying to get automatically logged into alfresco from the windows-7 client. I've looked with wireshark to see what happens: 1. Client goes to /alfresco 2. Server sends Redirect to page 3. Client goes to Redirected page 4. Server sends a WWW-Authenticate: Negotiate header 5. Client DOES NOT respond to this how can i configure the windows-7 client (or the AD domain) so that the client will in fact engage with the SPNEGO protocol? instead of just asking for user credentials? (the user is logged in through kerberos in the domain.)

Read the article
OpenBSD ftp-proxy behind NAT itself

- by Manuel Faux

Is it possible to change the PASV IP ftp-proxy of OpenBSD sends to clients, without changing the listen address of redirection control (-b <address>)? I have the following setup: FTP client --> 1:1 NAT router --> OpenBSD router --> FTP server The 1:1 NAT router has a NAT rule to forward everything to the OpenBSD router, the OpenBSD router runs the ftp-proxy -R <FTP server IP>. When the FTP client sends the PASV command, the proxy answers with the Entering Passive Mode (227) message with his own source IP on the interface to the 1:1 NAT router (obviously). Since the 1:1 NAT router is not protocol aware, it forwards this message and the client receives the message with the PASV IP of the OpenBSD router, which it does not have a route to. Is there a way, that I can tell ftp-proxy to send the Entering Passive Mode message with a different source IP?

Read the article
PTR record not valid for all domains

- by charnley

We have an issue sending emails to certain domains, namely Time Warner and Cox. Last week, we decommissioned our Exchange 2003 server and now our Exchange 2010 server is doing all of the transport for our domain. We run our own authoritative name servers, so we are in charge of the DNS and have modified our PTR record to reflect the new server. All mailflow is working except for these 2 domains. When I telnet on port 25 to the mail servers for Cox and Time Warner I am receiving errors. For Cox the error is: 554... rejected - no rDNS And when I telnet to port 25 to the Time Warner mail server we get this: 554 5.7.1 - Connection refused. IP name lookup failed for x.x.x.x I have run through the outbound SMTP test on Microsoft Remote Connectivity Analyzer and get 100% completely successful results. MXToolbox comes up with all successful tests on SMTP as well, showing correct reverse banner check, and no blacklisting. DNSQueries.com shows a valid reverse DNS entry as well for us. Outbound emails to these 2 domains continue to sit in the queue. Any ideas or advice would be greatly appreciated. Thanks!

Read the article
Sftp via shell - how it is possible

- by Tomasz Zielinski

(Moved from StackOverflow: http://stackoverflow.com/questions/4589725/sftp-via-shell-how-it-is-possible) How is it possible for tools like http://mysecureshell.sourceforge.net/ to provide SFTP access by merely specifying them as shell by typing: usermod -s /bin/MySecureShell myuser ? I'm on Debian Lenny, with default sshd/OpenSSH. Is this e.g. a feature of SSH protocol that allows user shell to handle sftp commands? I can't wrap my head around this because usually OpenSSH needs sftp-server module (or the internal one in newer versions) - and this makes me think that sftp commands don't even hit the shell and are handled earlier or by different code path..

Read the article
Sftp via shell - how is it possible?

- by Tomasz Zielinski

(Moved from StackOverflow: http://stackoverflow.com/questions/4589725/sftp-via-shell-how-it-is-possible) How is it possible for tools like http://mysecureshell.sourceforge.net/ to provide SFTP access by merely specifying them as shell by typing: usermod -s /bin/MySecureShell myuser ? I'm on Debian Lenny, with default sshd/OpenSSH. Is this e.g. a feature of SSH protocol that allows user shell to handle sftp commands? I can't wrap my head around this because usually OpenSSH needs sftp-server module (or the internal one in newer versions) - and this makes me think that sftp commands don't even hit the shell and are handled earlier or by different code path..

Read the article

< Previous Page | 74 75 76 77 78 79 80 81 82 83 84 85 | Next Page >