Sunday, March 28, 2010

Traceroute from Unix - Last call from RBI

We call him "DADA", our HP Super-dome champ in Reserve Bank of India, who only bugs us very rarely..

This time he was complaining me that some problem with traceroute to his remote storage, I reminded him traceroute implementation in unix uses udp packets, but I confirmed that its enabled in my firewall and ofcoz I could see the logs of packets traversing my firewall.

So I had to call the other end admin to check in his Firewall, unfortunately he is not available, DADA started blabbering that I need traceroute @#$$%^^^#@@(KARWAKE DENA), and I started thinking how to get out of this as its my Last Working Day in HCL as well as Reserve Bank of Inida..

I went thru the MAN pages of traceroute and found an option at last.. YESSSS..

"-I" was that option, thank god, this switch will instruct traceroute to use ICMP instead of UDP..

so syntax it is as follows..

root@V-PAR1# traceroute -I "DST IP"

Finally he got the trace and I got the way out of HCL.. :) but I was whispering that "UNIX is a real STUFF....":)

Tuesday, March 9, 2010

Microsoft Remote Desktop - Connection Exceeded??

Try the following command when your remote microsoft server says "Number of Connection Exceeded" :)))

mstsc -v "ip address" /f -console

Now kick the other users.. and change your password hehe,,,

Nokia - Cluster Mac Address - "Grep" Strikes Again !!!

From morning I was thinking, what to write today ... and I left office without finding anything.

But I got a call from my Manager asking me to attend a prob with Proxy ARP(I will be writing about proxy arp soon:)))).

I was thinking how to get the cluster mac address of Nokia IP Cluster with out logging into switches/router after my firewall.. More over I wanted to implement my new decision to Reduce Dependency..

So the command is simple,


ifconfig -a | grep -i mac


ofcoz you have to try in master box which configured in forwarding mode..

You will find the cluster mac address just after clustermac

One more thing you might have noticed, "grep -i", Take it as a home work!!! :)))

Wednesday, March 3, 2010


Normally, Checkpoint logs are collected in gateways and further send it to SmartCenter Server. If Smarcenter Server is not available it will log locally, later it will be shifted to gateway.

Gateway:dynamic ----------->SmartCenter:257

Policy Installation

Whenever we push a policy from Smartcenter Server, a tcp connectivity will be established between the gateway and smartcenter server.


Internal Certificate Authority (ICA)

This is the internal certificate authority which is used for secure communication between OPSEC products. ICA resides in Smartcenter server.

Gateway : dynamic----------------->Smartcenter Server: 18264

Smart Console

Smart Console will connect to Smartcenter server as follows

Client PC:dynamic---------------->Smartcenter Server: 18190

Tuesday, March 2, 2010

Netstat Switches for Unix

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.

-e Displays Ethernet statistics. This may be combined with the -s

-n Displays addresses and port numbers in numerical form.

-o Displays the owning process ID associated with each connection.

-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.

-r Displays the routing table.

-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.

interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

Netstat Switch Summary

The first switch, a, is used as the syntax below:

netstat -a

This command lists all active connections including listening ports.


The e switch lists the statistics of the internet connection, including how many packets were sent, recieved or how many bytes were recieved.


The n switch lists all connections and remote computers in numerical form, this being in IP form. For example if you would like to view the server IP in numerical form, use the n switch to transform the web address of to the corresponding IP.


This switch lists active connections, combined with its PID (Process Identification Number).


The p switch gives the user the ability to filter through protocols including TCP, UDP, IP, ICMP, TCPv6, UDPv6, IPv6 and ICMPv6.


The r switch lists information for your ethernet card, netmask, gateway, network destination, etc. For example,

netstat -nr

analyzes the routing table.


The s switch prints to the screen statistics for each protocol, including those in the p switch. This switch can be combined with the p switch in order to display specific statistics for each specified protocol:

netstat -ps TCP

The above command lists the statistics for the TCP protocol, plus its active connections. This query can be narrowed down to an even more specific or broader range of connections, as descibed below.

The interval switch allows you to give your computer a specific time, or interval, between the netstat probings of active connections. For example,

netstat -an 20

lists all connections (switch a) in numeric form (switch n) and spaces each netstat command 20 seconds (interval (20)). Command returns a list of connections every 20 seconds.

Using Multiple Switches

The user can specify multiple switches on the command line. To combine multiple switched either of the following syntaxes will work and yield the same result:

netstat -an
netstat -a -n

There is no limit on how many switches you use, as long as the switches are compatible with each other. For example, using the n switch with the r switch yields results of a standard r switch.
Netstat Output

Netstat with no arguments gives a generic look at what ports are open on the system. User can identify which protocol is in use along with the ports, local PC name, TCP/IP network connections, foreign address, local address and the status of each connection.

The characters under the title "Proto" indicate the protocol type, in this case the only connections present include TCP which means that you and the remote host are communicating via TCP.

The local address specifies the name of your computer on the network along with the port number that you are using to recieve connections, which is randomly generated.

The foreign address lists the remote host's name and the port they are using to initiate the connection.

The state of the connection indicates exactly what it says, the state of the connection between a remote system and yours. Possible states of a connection are as follows:

ESTABLISHED - Both hosts are connected.
CLOSING - The remote host has agreed to close its connection.
LISTENING - Your computer is waiting to handle an incoming connection.
SYN_RCVD - A remote host has asked for you to start a connection.
SYN_SENT - Your computer has accepted to start a connection.
LAST_ACK - Your computer needs to obliterate (i.e. erase from memory)
the packets before closing the connection.
TIMED_WAIT - See above.
CLOSE_WAIT - The remote host is closing its connection with your computer.
FIN_WAIT 1 - A client is closing its connection.
FIN_WAIT 2 - Both hosts have agreed to close the connection.

Finally one more TIP,

Whenever you want to list all the interfaces in your BOX... Use this..

netstat -aina