Ferramentas de Monitoramento

Redirect Host(New nexthop: …)

Neste link temos um texto que explica a mensagem ICMP de redirect.

Trecho que interessa, traduzido:
====
É hora de um exemplo mais complexo. Vamos adicionar um gateway para um destino o qual na verdade está diretamente conectado:

netadm@alisa:~ # ip route add 193.233.7.98 via 193.233.7.254
netadm@alisa:~ # ip route get 193.233.7.98
193.233.7.98 via 193.233.7.254 dev eth0 src 193.233.7.90
cache mtu 1500 rtt 3072
netadm@alisa:~ #

e testamos com o ping:

netadm@alisa:~ # ping -n 193.233.7.98
PING 193.233.7.98 (193.233.7.98) from 193.233.7.90 : 56 data bytes
>From 193.233.7.254: Redirect Host(New nexthop: 193.233.7.98)
64 bytes from 193.233.7.98: icmp_seq=0 ttl=255 time=3.5 ms
>From 193.233.7.254: Redirect Host(New nexthop: 193.233.7.98)
64 bytes from 193.233.7.98: icmp_seq=1 ttl=255 time=2.2 ms
64 bytes from 193.233.7.98: icmp_seq=2 ttl=255 time=0.4 ms
64 bytes from 193.233.7.98: icmp_seq=3 ttl=255 time=0.4 ms
64 bytes from 193.233.7.98: icmp_seq=4 ttl=255 time=0.4 ms
^C
--- 193.233.7.98 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.4/1.3/3.5 ms
netadm@alisa:~ #

O que aconteceu? O roteador 193.233.7.254 entendeu que nós temos um caminho melhor para o destino e enviou uma mensagem ICMP de redirecionamento (redirect). Podemos usar novamente “ip route get” para ver o que temos na tabela de roteamento agora:

netadm@alisa:~ # ip route get 193.233.7.98
193.233.7.98 dev eth0 src 193.233.7.90
cache mtu 1500 rtt 3072
netadm@alisa:~ #

====

É possível, ainda, evitar a geração desse tipo de mensagem:

echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

site sobre qmail

Captura de pacotes de rede

Exemplo para capturar tráfego da porta 80:

tcpdump -i eth0 -xx -s 0 -w /tmp/tcpdump.out tcp port 80

Para interromper a captura, control-c

Depois pode-se abrir o arquivo gerado no wireshark para análise.

DNS master x slave

DNS definitions

master/slave
“Master/slave is a private relationship between the servers; neither the
registrar nor the public know which IP is in the slave’s configuration
file, or even that it is a slave. A slave’s “master” may in fact be
slave to another master.”

primary/secondary
These unfortunate terms were used for master/slave in earlier versions
of BIND. However, some people think the primary is the first nameserver
IP listed at the registrar, and any others others are secondary. In
fact, all the nameserver IPs are equal and “authoritative”; the first
one does not have a special status.

http://linuxgazette.net/issue90/tag/1.html

… In my case, my computer is the real master and my friend runs two
secondaries. However, the registrar lists only his servers. Is that all
that’s needed to make his secondary appear to be the master from the
public’s perspective, or do I have to do something else too?

[Dan] First bear in mind that “master” and “slave”, a relationship
between servers, has nothing whatever to do with “primary” and
“secondary”, an arbitrary ordering of servers on a list your registrar
maintains for you. Many sysadmins confuse the two, partly because
similar terms are sometimes used, and much grief results.

Artigos interessantes linuxgazette