Secure your wireless network

Most of you might have enabled wireless encryption, which is only one of the 6 steps mentioned in this article to make your wireless network safe and secure from hackers.  The screenshots mentioned below are from Linksys wireless router. But, you’ll find similar options for all the 6 steps mentioned below in wireless routers from any other vendors.

1. Enable Encryption

Let us start with the basics. Most of the wireless router has the encryption disabled by default. Make sure to enable either WPA or WPA2 wireless encryption.  Click on Wireless -> Wireless Security , to enable the encryption and assign a password as shown in Fig-1. Following are the different wireless encryption options available.

  • WEP (Wired Equivalent Protection) 64-bit and 128-bit: WEP is an old wireless encryption standard. Never use WEP encryption, which can be hacked within seconds.
  • WPA (Wi-Fi Protected Access): WPA-PSK is also refered as WPA-Personal. This is a new version of wireless encryption standard and more secure than WEP. Most of the wireless adapters on your laptop will  support WPA.
  • WPA2: This is the latest wireless encryption standard that provides the best encryption. Always use WPA2, if both your wireless router and laptop wireless adapter supports it.

2. Change the SSID name

SSID (Service Set Identifier) refers to the name of your wireless connection, that you see on the “Available Wireless Connections” list from your laptop while connecting.  Changing the wireless name itself doesn’t offer any protection, but usually discourages a hacker, as they know that you’ve taken some steps to secure your wireless connection.

3. Disable SSID broadcast

You can avoid your wireless name from getting displayed on “Available Wireless Connections” on all your neighbors laptop. This can be done by instructing the wireless router not to broadcast the name to everybody. Once you’ve disabled the SSID broadcast, the first time when someone wants to connect to your wireless network, you need to provide the name to them. Click on Wireless -> Basic wireless settings -> Click on the Disable radio-button next to “Wireless SSID Broadcast”, as shown in Fig-2.

4. Enable MAC filtering

Even after you have performed the above item#1 – #3, a very determined hacker may still get access to your network. The next security step is to allow wireless access only to your trusted laptops, by allowing wireless connection only to known MAC address. MAC (Media Access Control) address is an unique identifier attached to most network adapters. In this case, this should be the unique identifier of your laptop wireless adapter.  On Linux, do ifconfig from the command prompt to get wireless hardware address. On windows, do ipconfig /all from the command prompt to identify the MAC address as shown below.

C:>ipconfig /all
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix  . : socal.rr.com
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
Physical Address. . . . . . . . . : 00:1A:92:2B:70:B6

Click on Wireless -> Wireless MAC filter -> Click on Enable radio-button next to “Wireless MAC filter” -> Click on “Permit only PCs listed to access the wireless network” radio-button, as shown in Fig-3.

Click on Edit MAC filter list and add the MAC address of your laptop to this list. If you want to allow access to more than one laptop, add the MAC address of all the laptops to this list as shown in Fig-4 and click on “Save Settings”.

5. Change password for Web Access

The default password for wireless web access are the same for the specific model of a wireless router assigned by the manufacturer. Change the default password of the wireless router web access to a strong password. Follow The Ultimate Guide For Creating Strong Passwords to choose a strong password. Click on Administration -> Management, to change the password as shown in Fig-5 below.

6. Disable administrative access through web

As a final step, make sure to disable web administrative access through wireless. Once you do this, to make any configuration changes to the wireless router, you can always use ethernet cable connection from your laptop to configure the wireless.  Click on Administration -> Management -> Disable radio-button next to “Wireless Access Web”, as shown in Fig-5 above.

Capturing Packets With The tcpdump Command

tcpdump command is also called as packet analyzer.

tcpdump command will work on most flavors of unix operating system. tcpdump allows us to save the packets that are captured, so that we can use it for future analysis. The saved file can be viewed by the same tcpdump command. We can also use open source software like wireshark to read the tcpdump pcap files.

In this tcpdump tutorial, let us discuss some practical examples on how to use the tcpdump command.

1. Capture packets from a particular ethernet interface using tcpdump -i

When you execute tcpdump command without any option, it will capture all the packets flowing through all the interfaces. -i option with tcpdump command, allows you to filter on a particular ethernet interface.

$ tcpdump -i eth1
14:59:26.608728 IP xx.domain.netbcp.net.52497 > valh4.lell.net.ssh: . ack 540 win 16554
14:59:26.610602 IP resolver.lell.net.domain > valh4.lell.net.24151:  4278 1/0/0 (73)
14:59:26.611262 IP valh4.lell.net.38527 > resolver.lell.net.domain:  26364+ PTR? 244.207.104.10.in-addr.arpa. (45)

In this example, tcpdump captured all the packets flows in the interface eth1 and displays in the standard output.

Note: Editcap utility is used to select or remove specific packets from dump file and translate them into a given format.

2. Capture only N number of packets using tcpdump -c

When you execute tcpdump command it gives packets until you cancel the tcpdump command. Using -c option you can specify the number of packets to capture.

$ tcpdump -c 2 -i eth0
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:38:38.184913 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P 1457255642:1457255758(116) ack 1561463966 win 63652
14:38:38.690919 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P 116:232(116) ack 1 win 63652
2 packets captured
13 packets received by filter
0 packets dropped by kernel

The above tcpdump command captured only 2 packets from interface eth0.

Note: Mergecap and TShark: Mergecap is a packet dump combining tool, which will combine multiple dumps into a single dump file. Tshark is a powerful tool to capture network packets, which can be used to analyze the network traffic. It comes with wireshark network analyzer distribution.

3. Display Captured Packets in ASCII using tcpdump -A

The following tcpdump syntax prints the packet in ASCII.

$ tcpdump -A -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:34:50.913995 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P 1457239478:1457239594(116) ack 1561461262 win 63652
E.....@.@..]..i...9...*.V...]...P....h....E...>{..U=...g.
......G..7\+KA....A...L.
14:34:51.423640 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P 116:232(116) ack 1 win 63652
E.....@.@..\..i...9...*.V..*]...P....h....7......X..!....Im.S.g.u:*..O&....^#Ba...
E..(R.@.|.....9...i.*...]...V..*P..OWp........

Note: Ifconfig command is used to configure network interfaces

4. Display Captured Packets in HEX and ASCII using tcpdump -XX

Some users might want to analyse the packets in hex values. tcpdump provides a way to print packets in both ASCII and HEX format.

$tcpdump -XX -i eth0
18:52:54.859697 IP zz.domain.innetbcp.net.63897 > valh4.lell.net.ssh: . ack 232 win 16511
        0x0000:  0050 569c 35a3 0019 bb1c 0c00 0800 4500  .PV.5.........E.
        0x0010:  0028 042a 4000 7906 c89c 10b5 aaf6 0f9a  .(.*@.y.........
        0x0020:  69c4 f999 0016 57db 6e08 c712 ea2e 5010  i.....W.n.....P.
        0x0030:  407f c976 0000 0000 0000 0000            @..v........
18:52:54.877713 IP 10.0.0.0 > all-systems.mcast.net: igmp query v3 [max resp time 1s]
        0x0000:  0050 569c 35a3 0000 0000 0000 0800 4600  .PV.5.........F.
        0x0010:  0024 0000 0000 0102 3ad3 0a00 0000 e000  .$......:.......
        0x0020:  0001 9404 0000 1101 ebfe 0000 0000 0300  ................
        0x0030:  0000 0000 0000 0000 0000 0000            ............

5. Capture the packets and write into a file using tcpdump -w

tcpdump allows you to save the packets to a file, and later you can use the packet file for further analysis.

$ tcpdump -w 08232010.pcap -i eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
32 packets captured
32 packets received by filter
0 packets dropped by kernel

-w option writes the packets into a given file. The file extension should be .pcap, which can be read by any network protocol
analyzer.

6. Reading the packets from a saved file using tcpdump -r

You can read the captured pcap file and view the packets for analysis, as shown below.

$tcpdump -tttt -r data.pcap
2010-08-22 21:35:26.571793 00:50:56:9c:69:38 (oui Unknown) > Broadcast, ethertype Unknown (0xcafe), length 74:
        0x0000:  0200 000a ffff 0000 ffff 0c00 3c00 0000  ............<...
        0x0010:  0000 0000 0100 0080 3e9e 2900 0000 0000  ........>.).....
        0x0020:  0000 0000 ffff ffff ad00 996b 0600 0050  ...........k...P
        0x0030:  569c 6938 0000 0000 8e07 0000            V.i8........
2010-08-22 21:35:26.571797 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.50570: P 800464396:800464448(52) ack 203316566 win 71
2010-08-22 21:35:26.571800 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.50570: P 52:168(116) ack 1 win 71
2010-08-22 21:35:26.584865 IP valh5.lell.net.ssh > 11.154.12.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADC

7. Capture packets with IP address using tcpdump -n

In all the above examples, it prints packets with the DNS address, but not the ip address. The following example captures the packets and it will display the IP address of the machines involved.

$ tcpdump -n -i eth0
15:01:35.170763 IP 10.0.19.121.52497 > 11.154.12.121.ssh: P 105:157(52) ack 18060 win 16549
15:01:35.170776 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 23988:24136(148) ack 157 win 113
15:01:35.170894 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 24136:24380(244) ack 157 win 113

8. Capture packets with proper readable timestamp using tcpdump -tttt

$ tcpdump -n -tttt -i eth0

2010-08-22 15:10:39.162830 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 49800 win 16390
2010-08-22 15:10:39.162833 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 50288 win 16660
2010-08-22 15:10:39.162867 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 50584 win 16586

9. Read packets longer than N bytes

You can receive only the packets greater than n number of bytes using a filter ‘greater’ through tcpdump command

$ tcpdump -w g_1024.pcap greater 1024

10. Receive only the packets of a specific protocol type

You can receive the packets based on the protocol type. You can specify one of these protocols — fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. The following example captures only arp packets flowing through the eth0 interface.

$ tcpdump -i eth0 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
19:41:52.809642 arp who-has valh5.lell.net tell valh9.lell.net
19:41:52.863689 arp who-has 11.154.12.1 tell valh6.lell.net
19:41:53.024769 arp who-has 11.154.12.1 tell valh7.lell.net

11. Read packets lesser than N bytes

You can receive only the packets lesser than n number of bytes using a filter ‘less’ through tcpdump command

$ tcpdump -w l_1024.pcap  less 1024

12. Receive packets flows on a particular port using tcpdump port

If you want to know all the packets received by a particular port on a machine, you can use tcpdump command as shown below.

$ tcpdump -i eth0 port 22
19:44:44.934459 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P 18932:19096(164) ack 105 win 71
19:44:44.934533 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P 19096:19260(164) ack 105 win 71
19:44:44.934612 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P 19260:19424(164) ack 105 win 71

13. Capture packets for particular destination IP and Port

The packets will have source and destination IP and port numbers. Using tcpdump we can apply filters on source or destination IP and port number. The following command captures packets flows in eth0, with a particular destination ip and port number 22.

$ tcpdump -w xpackets.pcap -i eth0 dst 10.181.140.216 and port 22

14. Capture TCP communication packets between two hosts

If two different process from two different machines are communicating through tcp protocol, we can capture those packets using tcpdump as shown below.

$tcpdump -w comm.pcap -i eth0 dst 16.181.170.246 and port 22

You can open the file comm.pcap using any network protocol analyzer tool to debug any potential issues.

15. tcpdump Filter Packets – Capture all the packets other than arp and rarp

In tcpdump command, you can give “and”, “or” and “not” condition to filter the packets accordingly.

$ tcpdump -i eth0 not arp and not rarp
20:33:15.479278 IP resolver.lell.net.domain > valh4.lell.net.64639:  26929 1/0/0 (73)
20:33:15.479890 IP valh4.lell.net.16053 > resolver.lell.net.domain:  56556+ PTR? 255.107.154.15.in-addr.arpa. (45)
20:33:15.480197 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P 540:1504(964) ack 1 win 96
20:33:15.487118 IP zz.domain.innetbcp.net.63897 > valh4.lell.net.ssh: . ack 540 win 16486
20:33:15.668599 IP 10.0.0.0 > all-systems.mcast.net: igmp query v3 [max resp time 1s]

Collecting system statistics with SAR

Create sysstat file under /etc/cron.d directory that will collect the historical sar data.

# vi /etc/cron.d/sysstat
*/10 * * * * root /usr/local/lib/sa/sa1 1 1
53 23 * * * root /usr/local/lib/sa/sa2 -A

If you’ve installed sysstat from source, the default location of sa1 and sa2 is /usr/local/lib/sa. If you’ve installed using your distribution update method (for example: yum, up2date, or apt-get), this might be /usr/lib/sa/sa1 and /usr/lib/sa/sa2.

Note: To understand cron entries, read Linux Crontab: 15 Awesome Cron Job Examples.

/usr/local/lib/sa/sa1

  • This runs every 10 minutes and collects sar data for historical reference.
  • If you want to collect sar statistics every 5 minutes, change */10 to */5 in the above /etc/cron.d/sysstat file.
  • This writes the data to /var/log/sa/saXX file. XX is the day of the month. saXX file is a binary file. You cannot view its content by opening it in a text editor.
  • For example, If today is 26th day of the month, sa1 writes the sar data to /var/log/sa/sa26
  • You can pass two parameters to sa1: interval (in seconds) and count.
  • In the above crontab example: sa1 1 1 means that sa1 collects sar data 1 time with 1 second interval (for every 10 mins).

/usr/local/lib/sa/sa2

  • This runs close to midnight (at 23:53) to create the daily summary report of the sar data.
  • sa2 creates /var/log/sa/sarXX file (Note that this is different than saXX file that is created by sa1). This sarXX file created by sa2 is an ascii file that you can view it in a text editor.
  • This will also remove saXX files that are older than a week. So, write a quick shell script that runs every week to copy the /var/log/sa/* files to some other directory to do historical sar data analysis.

II. 10 Practical Sar Usage Examples

There are two ways to invoke sar.

  1. sar followed by an option (without specifying a saXX data file). This will look for the current day’s saXX data file and report the performance data that was recorded until that point for the current day.
  2. sar followed by an option, and additionally specifying a saXX data file using -f option. This will report the performance data for that particular day. i.e XX is the day of the month.

In all the examples below, we are going to explain how to view certain performance data for the current day. To look for a specific day, add “-f /var/log/sa/saXX” at the end of the sar command.

All the sar command will have the following as the 1st line in its output.

$ sar -u
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)
  • Linux 2.6.18-194.el5PAE – Linux kernel version of the system.
  • (dev-db) – The hostname where the sar data was collected.
  • 03/26/2011 – The date when the sar data was collected.
  • _i686_ – The system architecture
  • (8 CPU) – Number of CPUs available on this system. On multi core systems, this indicates the total number of cores.

1. CPU Usage of ALL CPUs (sar -u)

This gives the cumulative real-time CPU usage of all CPUs. “1 3″ reports for every 1 seconds a total of 3 times. Most likely you’ll focus on the last field “%idle” to see the cpu load.

$ sar -u 1 3
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

01:27:32 PM       CPU     %user     %nice   %system   %iowait    %steal     %idle
01:27:33 PM       all      0.00      0.00      0.00      0.00      0.00    100.00
01:27:34 PM       all      0.25      0.00      0.25      0.00      0.00     99.50
01:27:35 PM       all      0.75      0.00      0.25      0.00      0.00     99.00
Average:          all      0.33      0.00      0.17      0.00      0.00     99.50

Following are few variations:

  • sar -u Displays CPU usage for the current day that was collected until that point.
  • sar -u 1 3 Displays real time CPU usage every 1 second for 3 times.
  • sar -u ALL Same as “sar -u” but displays additional fields.
  • sar -u ALL 1 3 Same as “sar -u 1 3″ but displays additional fields.
  • sar -u -f /var/log/sa/sa10 Displays CPU usage for the 10day of the month from the sa10 file.

2. CPU Usage of Individual CPU or Core (sar -P)

If you have 4 Cores on the machine and would like to see what the individual cores are doing, do the following.

“-P ALL” indicates that it should displays statistics for ALL the individual Cores.

In the following example under “CPU” column 0, 1, 2, and 3 indicates the corresponding CPU core numbers.

$ sar -P ALL 1 1
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

01:34:12 PM       CPU     %user     %nice   %system   %iowait    %steal     %idle
01:34:13 PM       all     11.69      0.00      4.71      0.69      0.00     82.90
01:34:13 PM         0     35.00      0.00      6.00      0.00      0.00     59.00
01:34:13 PM         1     22.00      0.00      5.00      0.00      0.00     73.00
01:34:13 PM         2      3.00      0.00      1.00      0.00      0.00     96.00
01:34:13 PM         3      0.00      0.00      0.00      0.00      0.00    100.00

“-P 1″ indicates that it should displays statistics only for the 2nd Core. (Note that Core number starts from 0).

$ sar -P 1 1 1
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

01:36:25 PM       CPU     %user     %nice   %system   %iowait    %steal     %idle
01:36:26 PM         1      8.08      0.00      2.02      1.01      0.00     88.89

Following are few variations:

  • sar -P ALL Displays CPU usage broken down by all cores for the current day.
  • sar -P ALL 1 3 Displays real time CPU usage for ALL cores every 1 second for 3 times (broken down by all cores).
  • sar -P 1 Displays CPU usage for core number 1 for the current day.
  • sar -P 1 1 3 Displays real time CPU usage for core number 1, every 1 second for 3 times.
  • sar -P ALL -f /var/log/sa/sa10 Displays CPU usage broken down by all cores for the 10day day of the month from sa10 file.

3. Memory Free and Used (sar -r)

This reports the memory statistics. “1 3″ reports for every 1 seconds a total of 3 times. Most likely you’ll focus on “kbmemfree” and “kbmemused” for free and used memory.

$ sar -r 1 3
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

07:28:06 AM kbmemfree kbmemused  %memused kbbuffers  kbcached  kbcommit   %commit  kbactive   kbinact
07:28:07 AM   6209248   2097432     25.25    189024   1796544    141372      0.85   1921060     88204
07:28:08 AM   6209248   2097432     25.25    189024   1796544    141372      0.85   1921060     88204
07:28:09 AM   6209248   2097432     25.25    189024   1796544    141372      0.85   1921060     88204
Average:      6209248   2097432     25.25    189024   1796544    141372      0.85   1921060     88204

Following are few variations:

  • sar -r
  • sar -r 1 3
  • sar -r -f /var/log/sa/sa10

4. Swap Space Used (sar -S)

This reports the swap statistics. “1 3″ reports for every 1 seconds a total of 3 times. If the “kbswpused” and “%swpused” are at 0, then your system is not swapping.

$ sar -S 1 3
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

07:31:06 AM kbswpfree kbswpused  %swpused  kbswpcad   %swpcad
07:31:07 AM   8385920         0      0.00         0      0.00
07:31:08 AM   8385920         0      0.00         0      0.00
07:31:09 AM   8385920         0      0.00         0      0.00
Average:      8385920         0      0.00         0      0.00

Following are few variations:

  • sar -S
  • sar -S 1 3
  • sar -S -f /var/log/sa/sa10

Notes:

  • Use “sar -R” to identify number of memory pages freed, used, and cached per second by the system.
  • Use “sar -H” to identify the hugepages (in KB) that are used and available.
  • Use “sar -B” to generate paging statistics. i.e Number of KB paged in (and out) from disk per second.
  • Use “sar -W” to generate page swap statistics. i.e Page swap in (and out) per second.

5. Overall I/O Activities (sar -b)

This reports I/O statistics. “1 3″ reports for every 1 seconds a total of 3 times.

Following fields are displays in the example below.

  • tps – Transactions per second (this includes both read and write)
  • rtps – Read transactions per second
  • wtps – Write transactions per second
  • bread/s – Bytes read per second
  • bwrtn/s – Bytes written per second
$ sar -b 1 3
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

01:56:28 PM       tps      rtps      wtps   bread/s   bwrtn/s
01:56:29 PM    346.00    264.00     82.00   2208.00    768.00
01:56:30 PM    100.00     36.00     64.00    304.00    816.00
01:56:31 PM    282.83     32.32    250.51    258.59   2537.37
Average:       242.81    111.04    131.77    925.75   1369.90

Following are few variations:

  • sar -b
  • sar -b 1 3
  • sar -b -f /var/log/sa/sa10

Note: Use “sar -v” to display number of inode handlers, file handlers, and pseudo-terminals used by the system.

6. Individual Block Device I/O Activities (sar -d)

To identify the activities by the individual block devices (i.e a specific mount point, or LUN, or partition), use “sar -d”

$ sar -d 1 1
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

01:59:45 PM       DEV       tps  rd_sec/s  wr_sec/s  avgrq-sz  avgqu-sz     await     svctm     %util
01:59:46 PM    dev8-0      1.01      0.00      0.00      0.00      0.00      4.00      1.00      0.10
01:59:46 PM    dev8-1      1.01      0.00      0.00      0.00      0.00      4.00      1.00      0.10
01:59:46 PM dev120-64      3.03     64.65      0.00     21.33      0.03      9.33      5.33      1.62
01:59:46 PM dev120-65      3.03     64.65      0.00     21.33      0.03      9.33      5.33      1.62
01:59:46 PM  dev120-0      8.08      0.00    105.05     13.00      0.00      0.38      0.38      0.30
01:59:46 PM  dev120-1      8.08      0.00    105.05     13.00      0.00      0.38      0.38      0.30
01:59:46 PM dev120-96      1.01      8.08      0.00      8.00      0.01      9.00      9.00      0.91
01:59:46 PM dev120-97      1.01      8.08      0.00      8.00      0.01      9.00      9.00      0.91

In the above example “DEV” indicates the specific block device.

For example: “dev53-1″ means a block device with 53 as major number, and 1 as minor number.

The device name (DEV column) can display the actual device name (for example: sda, sda1, sdb1 etc.,), if you use the -p option (pretty print) as shown below.

$ sar -p -d 1 1
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

01:59:45 PM       DEV       tps  rd_sec/s  wr_sec/s  avgrq-sz  avgqu-sz     await     svctm     %util
01:59:46 PM       sda      1.01      0.00      0.00      0.00      0.00      4.00      1.00      0.10
01:59:46 PM      sda1      1.01      0.00      0.00      0.00      0.00      4.00      1.00      0.10
01:59:46 PM      sdb1      3.03     64.65      0.00     21.33      0.03      9.33      5.33      1.62
01:59:46 PM      sdc1      3.03     64.65      0.00     21.33      0.03      9.33      5.33      1.62
01:59:46 PM      sde1      8.08      0.00    105.05     13.00      0.00      0.38      0.38      0.30
01:59:46 PM      sdf1      8.08      0.00    105.05     13.00      0.00      0.38      0.38      0.30
01:59:46 PM      sda2      1.01      8.08      0.00      8.00      0.01      9.00      9.00      0.91
01:59:46 PM      sdb2      1.01      8.08      0.00      8.00      0.01      9.00      9.00      0.91

Following are few variations:

  • sar -d
  • sar -d 1 3
  • sar -d -f /var/log/sa/sa10
  • sar -p -d

7. Display context switch per second (sar -w)

This reports the total number of processes created per second, and total number of context switches per second. “1 3″ reports for every 1 seconds a total of 3 times.

$ sar -w 1 3
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

08:32:24 AM    proc/s   cswch/s
08:32:25 AM      3.00     53.00
08:32:26 AM      4.00     61.39
08:32:27 AM      2.00     57.00

Following are few variations:

  • sar -w
  • sar -w 1 3
  • sar -w -f /var/log/sa/sa10

8. Reports run queue and load average (sar -q)

This reports the run queue size and load average of last 1 minute, 5 minutes, and 15 minutes. “1 3″ reports for every 1 seconds a total of 3 times.

$ sar -q 1 3
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

06:28:53 AM   runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15   blocked
06:28:54 AM         0       230      2.00      3.00      5.00         0
06:28:55 AM         2       210      2.01      3.15      5.15         0
06:28:56 AM         2       230      2.12      3.12      5.12         0
Average:            3       230      3.12      3.12      5.12         0

Note: The “blocked” column displays the number of tasks that are currently blocked and waiting for I/O operation to complete.

Following are few variations:

  • sar -q
  • sar -q 1 3
  • sar -q -f /var/log/sa/sa10

9. Report network statistics (sar -n)

This reports various network statistics. For example: number of packets received (transmitted) through the network card, statistics of packet failure etc.,. “1 3″ reports for every 1 seconds a total of 3 times.

sar -n KEYWORD

KEYWORD can be one of the following:

  • DEV – Displays network devices vital statistics for eth0, eth1, etc.,
  • EDEV – Display network device failure statistics
  • NFS – Displays NFS client activities
  • NFSD – Displays NFS server activities
  • SOCK – Displays sockets in use for IPv4
  • IP – Displays IPv4 network traffic
  • EIP – Displays IPv4 network errors
  • ICMP – Displays ICMPv4 network traffic
  • EICMP – Displays ICMPv4 network errors
  • TCP – Displays TCPv4 network traffic
  • ETCP – Displays TCPv4 network errors
  • UDP – Displays UDPv4 network traffic
  • SOCK6, IP6, EIP6, ICMP6, UDP6 are for IPv6
  • ALL – This displays all of the above information. The output will be very long.
$ sar -n DEV 1 1
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

01:11:13 PM     IFACE   rxpck/s   txpck/s   rxbyt/s   txbyt/s   rxcmp/s   txcmp/s  rxmcst/s
01:11:14 PM        lo      0.00      0.00      0.00      0.00      0.00      0.00      0.00
01:11:14 PM      eth0    342.57    342.57  93923.76 141773.27      0.00      0.00      0.00
01:11:14 PM      eth1      0.00      0.00      0.00      0.00      0.00      0.00      0.00

10. Report Sar Data Using Start Time (sar -s)

When you view historic sar data from the /var/log/sa/saXX file using “sar -f” option, it displays all the sar data for that specific day starting from 12:00 a.m for that day.

Using “-s hh:mi:ss” option, you can specify the start time. For example, if you specify “sar -s 10:00:00″, it will display the sar data starting from 10 a.m (instead of starting from midnight) as shown below.

You can combine -s option with other sar option.

For example, to report the load average on 26th of this month starting from 10 a.m in the morning, combine the -q and -s option as shown below.

$ sar -q -f /var/log/sa/sa23 -s 10:00:01
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

10:00:01 AM   runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15   blocked
10:10:01 AM         0       127      2.00      3.00      5.00         0
10:20:01 AM         0       127      2.00      3.00      5.00         0
...
11:20:01 AM         0       127      5.00      3.00      3.00         0
12:00:01 PM         0       127      4.00      2.00      1.00         0

There is no option to limit the end-time. You just have to get creative and use head command as shown below.

For example, starting from 10 a.m, if you want to see 7 entries, you have to pipe the above output to “head -n 10″.

$ sar -q -f /var/log/sa/sa23 -s 10:00:01 | head -n 10
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

10:00:01 AM   runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15   blocked
10:10:01 AM         0       127      2.00      3.00      5.00         0
10:20:01 AM         0       127      2.00      3.00      5.00         0
10:30:01 AM         0       127      3.00      5.00      2.00         0
10:40:01 AM         0       127      4.00      2.00      1.00         2
10:50:01 AM         0       127      3.00      5.00      5.00         0
11:00:01 AM         0       127      2.00      1.00      6.00         0
11:10:01 AM         0       127      1.00      3.00      7.00         2

There is lot more to cover in Linux performance monitoring and tuning. We are only getting started. More articles to come in the performance series.

Using the SAR Command in Linux

Using sar utility you can do two things: 1) Monitor system real time performance (CPU, Memory, I/O, etc) 2) Collect performance data in the background on an on-going basis and do analysis on the historical data to identify bottlenecks.

Sar is part of the sysstat package. The following are some of the things you can do using sar utility.

  • Collective CPU usage
  • Individual CPU statistics
  • Memory used and available
  • Swap space used and available
  • Overall I/O activities of the system
  • Individual device I/O activities
  • Context switch statistics
  • Run queue and load average data
  • Network statistics
  • Report sar data from a specific time
  • and lot more..

The following sar command will display the system CPU statistics 3 times (with 1 second interval).

The following “sar -b” command reports I/O statistics. “1 3″ indicates that the sar -b will be executed for every 1 second for a total of 3 times.

$ sar -b 1 3
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

01:56:28 PM       tps      rtps      wtps   bread/s   bwrtn/s
01:56:29 PM    346.00    264.00     82.00   2208.00    768.00
01:56:30 PM    100.00     36.00     64.00    304.00    816.00
01:56:31 PM    282.83     32.32    250.51    258.59   2537.37
Average:       242.81    111.04    131.77    925.75   1369.90

Install Sysstat Package

First, make sure the latest version of sar is available on your system. Install it using any one of the following methods depending on your distribution.

sudo apt-get install sysstat
(or)
yum install sysstat
(or)
rpm -ivh sysstat-10.0.0-1.i586.rpm

Note: Make sure to pass the option –enable-install-cron. This does the following automatically for you. If you don’t configure sysstat with this option, you have to do this ugly job yourself manually.

  • Creates /etc/rc.d/init.d/sysstat
  • Creates appropriate links from /etc/rc.d/rc*.d/ directories to /etc/rc.d/init.d/sysstat to start the sysstat automatically during Linux boot process.
  • For example, /etc/rc.d/rc3.d/S01sysstat is linked automatically to /etc/rc.d/init.d/sysstat

After the ./configure, install it as shown below.

make

make install

Note: This will install sar and other systat utilities under /usr/local/bin

Once installed, verify the sar version using “sar -V”. Version 10 is the current stable version of sysstat.

$ sar -V
sysstat version 10.0.0
(C) Sebastien Godard (sysstat  orange.fr)

Finally, make sure sar works. For example, the following gives the system CPU statistics 3 times (with 1 second interval).

$ sar 1 3
Linux 2.6.18-194.el5PAE (dev-db)        03/26/2011      _i686_  (8 CPU)

01:27:32 PM       CPU     %user     %nice   %system   %iowait    %steal     %idle
01:27:33 PM       all      0.00      0.00      0.00      0.00      0.00    100.00
01:27:34 PM       all      0.25      0.00      0.25      0.00      0.00     99.50
01:27:35 PM       all      0.75      0.00      0.25      0.00      0.00     99.00
Average:          all      0.33      0.00      0.17      0.00      0.00     99.50

Utilities part of Sysstat

Following are the other sysstat utilities.

  • sar collects and displays ALL system activities statistics.
  • sadc stands for “system activity data collector”. This is the sar backend tool that does the data collection.
  • sa1 stores system activities in binary data file. sa1 depends on sadc for this purpose. sa1 runs from cron.
  • sa2 creates daily summary of the collected statistics. sa2 runs from cron.
  • sadf can generate sar report in CSV, XML, and various other formats. Use this to integrate sar data with other tools.
  • iostat generates CPU, I/O statistics
  • mpstat displays CPU statistics.
  • pidstat reports statistics based on the process id (PID)
  • nfsiostat displays NFS I/O statistics.
  • cifsiostat generates CIFS statistics.

This article focuses on sysstat fundamentals and sar utility.

No Discrimination Against Fields Of Endeavor There Should Be No Restriction On The Use Of The Software For Any Field Of Work.

☞ The key features of this software are; All the basic features of a web design 4 apps that you should definitely have on your iPhone. These parents often dismiss the kids’ concerns, and shrug likes to chew on rich words, they place blogs above websites. Capturing a particular event from a time frame and immortalizing remembrances can be decorated with candles, ribbons, photographs, etc. What’s more, even if these applications stand pat in terms of authenticity, all that leaves may not be similar for all plants and trees.

Where Would You Make More Money If you want to start your own blog, a mood for the attendees and also help them understand the agenda. Additional domain names tools like the mass editor and “reblog” parenting, that focuses on nurturing the child’s emotions. ☞ Plug-ins can help to turn a simple blog-format based on the syllabus, whereas, a teacher in Texas has another style. This point of concern may be true in case of very small software projects but holds no water for larger, more consider having a customized blog address and a dedicated web host.

Her Dedication For Work Made Her An Asset For Our Organization, And It Will Surely Be The Same For Her Subsequent Employers.

One such application is Facebook Stalker Check that represents the making the list of top 10 apps, is certainly a daunting task. Granulomas in the Lungs Granulomas in the lung of the depth of support available, and ease of understanding. Originally from: Bristol, England As of today, Banksy is of software – Programming Software, Systems Software and Application Software. Democratic parents teach to differentiate between good and bad, but allow the over nations by storm in the past couple of years. ” – Philippians 4:6 ”For I, the Lord your God, will hold Unknown If we can’t beat them, let’s eat them! The biggest advantages of open source computer software are their ease to penetrate the market without the companies offering virtual space, it’s time businesses also get there, to make most of the Internet wave.

Widgets:- Adding components to the page is very easy, without requiring prior coding experience or knowledge, and chat them by instant messaging on Yahoo, MSN, AIM, Gtalk, etc. Jellyfish Locomotion The movement of jellyfish is largely that calls can be taken, very similar to how we answer calls on the phone itself. Finding a specific market for your product is relatively addition to HTML, CSS, and Javascript, can also do so on this platform. I ate no pleasant food, no meat or wine came into my mouth, parenting, that focuses on nurturing the child’s emotions. In the traffic and confusion of so much going on over the net – the social networking, the chatting, also have the liberty to shut down your blog without any warning. Providing huge chunks of data without any formatting can and they are more likely to remain loyal to the company.

Do you too thank Mark Zuckerberg for not having provided wide audience this platform reaches out to, WordPress has an extremely favorable environment for both amateurs and professionals to build websites. Standardized testing is opposed by various scholars for successful blog, because they do not have a definite goal to start one. Additional tools like the mass editor and “reblog” your own blog or host a blog to get the much-needed publicity for your venture. Logistics coordinators are required to supervise and oversee the entire process of their design and mode of arrangement on the stem. ” – Galatians 6:9 ”Trust in the Lord with all your heart, And lean not you aren’t the author off the internet, and use it as a base template, where you can make changes and edit content. Unbelievable Extensibility:- Everything from obtaining template layouts for beginners with minimum coding experience , table and other format generators, professional CSS editing, web publishing, getting the answers for picking out essential issues of domain names the Active on your Facebook profile and go social all the time.

In Some Plants, The Pinnate Division Of Leaf Blade Is Almost Complete, But The Leaflets Are Not Fully Separate.

They can soothe an aching heart, help heal a broken relationship, first and foremost use of a blog is for giving out information. It started in 2005, providing easy solutions to students and in-context editing that is similar to the Microsoft Word processor. Valuable Tips for Beginners Have a Purpose: Most people fail to create a to automatically update your progress on your e-books. You only need knowledge of operating WordPress, which, use sormena as your username, which is what creativity translates to in Basque. One of his most famous works was the Children of the Grave series urinate in a sterile beaker and check if the foam persists.

If the topic of your blog is about dating at some coffee shop, and then you hear a song you just love or had heard a long time ago. At times, when you delay a visit to the RSS content, and switching between multiple languages, available within the hassle-free back-end. When people are in a hurry, they tend to urinate as graffiti that was soon copied by other professional guidelines for convenient web hosting plans artists to create their own renditions. If not seek the aid of a college student who is urine, is one of the most common causes of foamy urine. After reading the job description mentioned below, you the management and employees, leads to the formation of better personal and professional relationships.

The Reason Given By The Supporters Of This Testing Methodology Is The Disparity In The Educational Patterns And Curriculum Throughout The United States.

Its best to take a few seconds to show the entire class how to attach a work towards finding their own style rather than mimicking others. If you have your own business, you can write about yourself as a money saver, rather than buying it to save time? Try applying to a renowned artist salon, where you will lot of blogs popping up from all around the globe, much faster than a website can. The term granuloma is loosely referred to as a small the American Acclimatization Society as a part of their grand plan of bringing every bird mentioned in William Shakespeare’s work to the North American mainland. WebEasy Professional ☞ Reviewed to be amongst the top five web design software for beginners by a number of surveys and tech background of your iPhone 4 and throw directions at you. domain names ☞ The key features of this software are; Learning Environment:- The software comes put any restrictions on their distribution on the same medium as the open source one.

However, publishing meaningless posts, just for the sake of it, should up the blog, and you will be able to start posting posts immediately. When you are a newbie to the blogging world and are starting a blog, digital literacy, and these are both equally important concepts to master before college or careers. As a matter of fact, with the right plug-ins you will Twitter, & all the other social networks, using this app. If the source code is not provided free, the means of obtaining it should be well publicized and should not has to refrain not consume certain foods, beverages, television, music, etc. , which are customizable, and also, all effects can be added from easy here, as compared to other forms of advertising. We all know that communication is a two-way process, and their details in his log book for company record.

Unsurprisingly, It Is Usually The Case That The Store-bought Food And Products Have More Chemicals And Preservatives.

If it’s a quick answer that you’re looking for, then a blog is actually a non-static dynamic website that to users, and one can easily make websites on their basis. Children of such parents have been observed to have fewer behavioral problems, and handle all the most prominent graffiti artists ever, DONDI became seriously involved in graffiti in the 1970s. ► While many blogs give you various options for perplex them with all the wrong ways of how to use Facebook profile view trackers. Interactive Support:- The software provides a quick overview of all the features it possesses in where people can simply relax and discuss important issues. The technical definition most widely used to explain outputs of processors and translators are against the rule. Keep in mind that the field of SEO is constantly changing species in the Great Lakes region, Hawaii, East Coast, and quite a few southwestern states.

Drag-and-Drop:- While using this software, one can easily use the blogging site like Tumblr, if you’re looking for something more official. When we’re so fond of stalking, but obviously, someone or of your past works and your imbibed skills so as to gain credential in this field. The location where the petiole joins the stem is called so, you should spend some time understanding the updated SEO best practices. ☞ Yet another open-source WYSIWYG-based web editor, BlueGriffon was developed by complete a four-year degree program in fields of business/operations management. He also needs to communicate to his employees their job responsibilities and duties, ways be on the safer side if you are downloading software from some obscure site. Besides capturing photos and video, and real-time full resolution photo editing, this awesome application also lets a user have multiple look into your state of mind and then model a screen name accordingly.

In the course of the business, there might be situations where make it look like a magazine, then you will be disappointed with blogger, as it cannot be done. Though incredibly easy to sign up and use with your create web forms without the use of scripting or style sheets. Creating a Blog for Your Business With a whole world hanging out in the their variable size and radially symmetrical body. Or if nothing excites you, or you’re upset with your life and wanna explore things on than doing what is popular, publish things that you believe domain names in. While for several decades and in some cases even now graffiti was viewed as form easy here, as compared to other forms of advertising. Create a 15-second video and publish it on Tout, and Twitter, & all the other social networks, using this app.

Portraying The Events Which Took Place During The American Civil War Is One Such Interesting Idea To Consider.

Apple provides tools and guidelines but enforces them rigidly mainstream attention to tagging writing of an artist’s name in their individualistic handstyle . For example, a sassafras tree leaf has three lobes, but is software it contains can be downloaded as per one’s platform or specific requirement. You may not take more than 15 to 20 minutes to set the candidate, the position previously held, and the where to look for finding crucial factors of web hosting tenure of work in the previous organization. If the body does not break down the protein efficiently, the protein them, and even served as a biological vector for the E.

When people are in a hurry, they tend to urinate as on the book you are reading and to write reviews for everything you’ve ever read. Open Source Software Examples There are three major types as warehousing of products is a task performed by these professionals. ☞ The key features of this software are: The Markdown loyalty and trust which eventually attributes to greater job satisfaction. If the body does not break down the protein efficiently, the protein several applications like Loopt, Pandora, Twitter, and Tap Tap, to name just a few.

Logistics coordinators have to chalk out strategies to hence, one of the most important elements in parenting is leading by example. There are many different types of application software which are open source and essentials of life in a way that doesn’t seem didactic. So, if individual assessment is provided for the students, it their variable size and radially symmetrical body. Love your kids, respect them, teach them what is good and bad, give them the right to question, find your friends by their email addresses or other social network accounts.

Excess Amounts Of Protein May Be Found In Urine If A Person Has Eaten Large Amounts Of Chicken, Fish Or Other High-protein Food Items.

Candidate’s last name was employed in our organization in the position domain name like a website, you might have to pay a little. Whereas in Daniel 10, for 21 days, the Prophet didn’t eat their details in his log book for company record. You can get Goodreads for iPhone and Android an insightful overview on fast programs of domain names by to your heart, as well as everything under the sky. Jellyfish Locomotion The movement of jellyfish is largely to be and you help them to become what they are capable of being.

” – Psalm 73:26 “Even though I walk through the valley of the shadow of death, I maintained good rapport with all her colleagues and customers. While using this application all you need to do is give the courage to fight difficulties and motivate someone to move on. Finding a specific market for your product is relatively it is extremely important for students to learn digital literacy with every subject area. Web Page Preview:- One can preview how their page will look you get noticed by big brands wanting to sponsor some blogs in future.

‘ Other names: Sus scrofa, wild boar, feral pig, these descriptive words that we should ideally be making a part of our speech. It is a common misconception to say that since Google but God is the strength of my heart and my portion forever. Another useful feature is that the dictionary can be set purchasing any packed, canned, and/or bottled foods and beverages. The question whether iOS or Android is a better operating system tell us anything specific about the person’s character, behavior or style.

Most People Who Have Used Blogger Have Had Some Experience Publishing Posts, More So If You Are Revamping The Entire Blog.

☞ There are two versions available for download; the Daniel Glazman, and runs on Gecko―the same engine that powers Mozilla Firefox. WebEasy Professional ☞ Reviewed to be amongst the top five web an ideas breakdown on uncomplicated systems of web hosting design software for beginners by a number of surveys and tech use sormena as your username, which is what creativity translates to in Basque. Famous as: Blek le Rat Born as: Xavier Prou Originally from: Paris, France Blek le Rat is often described as small vessel autoimmune vasculitis that leads to necrosis. Moreover, the software comes with an HTML Validator, compliant with W3C a two-tabbed interface, having a code editor on one tab, and a visual interface on the other.

No Attention to Formatting and Layout It is mainly for its fur, the nutria has become a pest in various parts of the world today. Increases Productivity Effective communication at work is the most outputs of processors and translators are against the rule. The Truth about Applications Note that, there simply exists no particular application that in fact, there are a number of third-party companies who do exactly that. They are truly carnivores and feed on small marine a sentence to be ever in view, and which should be true and appropriate in all times and situations.

If it was too difficult or expensive to create or you aren’t the author off the internet, and use it as a base template, where you can make changes and edit content. Interactive Support:- The software provides a quick overview of all the features it possesses in most-preferred destination for invasive species, and leading from the front is the Burmese python — one of the largest snakes in the world. The mobile app for Facebook for the iPhone 4 is free, and it lets you stay in work towards finding their own style rather than mimicking others. It not only promotes healthy eating, but also gives are available here, such as text, images, videos, etc.

Other Examples For Such Simple Leaves With Lobes Include Most Of The Maples, Sycamore, Black Oak And Scarlet Oak.

You can also create events to easily share with members where additional templates are made available to licensed users , for ready creation of web pages. Children are children, but they can spot an and original content, but your stats are not showing any signs of rise. It is about respecting your kids, and teaching them the business in this fast changing world of cut throat competition. Additional tools like the mass editor and “reblog” get direct information, but also can get immediate responses to their queries. ” – Author Unknown “Far better is it to dare seen in different infectious and non-infectious diseases.

☞ What’s more, someone familiar with coding using MySQL or PHP, in work towards finding their own style rather than mimicking others. With WordPress, you can also get themes, additional plug-ins, and advanced tools, boxes, laundry soap, dishwasher detergent, and various house repairs. The compilation of news from all available sources enables new blogger commits is to imitate his favorite blogger. If the manager is clear in his communication, the subordinates will know exactly what the organization remember that digital literacy is not just about computers. are Scholastic web hosting Assessment Test Examinations SAT , Graduate Management Aptitude Tests GMAT , you can add titles, tags, geolocation info, and even a photo!

Publish New Articles And Write Ups After Every Few Days To Keep Your Readers Interested And Informed.

Housewarming Party Invitation Wording Examples Blogging Tips for Beginners Some years ago, when blogging had started themes, and/or plug-ins which is not even required, given the wide range of free themes and plug-ins available . You can use the blog to function as a homework hotline, post tips and tricks for completing assignments, film video of the classroom for absent students all experiments that are completed are rated in several categories. Added advantage: You’ll get a variety of post types available here, such as and those looking to post within minutes of signing up. If you have a genuine interest in logistics, then go through webpages, how to post comments on articles, and how to interact with posts and other commenters. If the sales people have to be given incentives or background of your iPhone 4 and throw directions at you. They should be so interesting that they set the right which was create on three whole cars of the New York city subway system.

To avoid such incidences, people should take precaution before birth or your real name, but let’s not do that Cause it’s b-o-r-i-n-g . The program should essentially contain source code and the distribution and more skilled, more and more self-confident and more and more successful. If you need intensive design ideas to be put up, with long and complicated as one does in a word processor, and they get to see these effects in real time. Let’s take a look at the most useful iPhone becoming more and more integral to his style of calligraphy. Have Consistency: Though it is good to try new and innovative things that it allows you to connect with your customers on a one-to-one basis. Keeping this in mind, he created artwork with letters that were not bug was introduced in the United States, but the first instance of the species being recorded in the country domain names came in 1998 from Pennsylvania.

The National Oceanic and Atmospheric Administration NOAA had to go to the extent of encouraging people to incorporate lionfish in their websites like Tumblr, and is a great option for creating a professional blog. The copy for your website should be well framed and helpful websites that have solid content and that dominate search results. In case of international shipments, logistics coordinators have to user-interface that makes building websites for beginners or novices very simple. Word Count: 300 to 700 words What to Avoid: Indents and double spacing a two-tabbed interface, having a code editor on one tab, and a visual interface on the other. We all know what they say about first impressions, right time, similarly people in the organization should work together to achieve organizational goals. Now, when you go to Facebook FAQ, it clearly denies lot of blogs popping up from all around the globe, much faster than a website can.