Re: tcp connection
- Original Message - From: Russell Coker [EMAIL PROTECTED] To: Chris Wagner [EMAIL PROTECTED]; Debian ISP List [EMAIL PROTECTED] Sent: Friday, June 23, 2000 5:18 AM Subject: Re: tcp connection On Wed, 21 Jun 2000, Chris Wagner wrote: At 02:25 PM 6/20/00 +0200, Russell Coker wrote: They don't use NVT. The TELNET protocol is not running on (for example) a web server. Yeah but the NVT settings have to be negotiated for each side to talk to each other. If I telnet to an Apache webserver on port 80, my telnet is No they don't. If the server doesn't start NVT negotiation then nothing happens. going to negotiate NVT with whatever's on the other end. Both sides have to agree to establish the connection. Therefore, either Apache or something below Apache in the stack has to know about NVT. Otherwise Apache would tell me to go take a flying leap if I tried to telnet to it. What is my telnet client negotiating with in this case??? Telnet client negotiates nothing. Text you type is sent, but "\n" is replaced by "\r\n". Text that is received is just displayed as-is. As an experiment to find out how hard it would be for you to determine this without asking the list I timed myself. I determined that in 121 seconds by running strace(1) on telnet. I tried using ltrace(1) to determine the same information, but after 149 seconds I realised that it was not the right tool and would not be able to provide me with the information. Ltrace displays the values of pointers instead of the data it referrs to. I could have used "-S" which might have been more useful, but there's no point when strace(1) is available. Then I decided to solve it properly. Firstly I read rfc854 and rfc855 (the base RFCs on TELNET) which didn't clarify this issue. Then I put a telnet daemon on port 23 and straced a telnet connection to it. The telnet client started with sending a sequence of NVT protocol commands to it which were responded to. Then I put the telnet daemon on port 1000 and repeated the test, this time the telnet client didn't start sending any NVT commands until after it had received some (the server had shown itself to be a NVT protocol server not a web server or whatever else I may have chosen to run on that port). NVT is totally bi-directional so it could run either way. This took me 821 seconds. Chris, most people here would not be able to do what I just did. However I believe that you are able to do everything I did (although it may have taken you a bit longer). I think that you should be answering questions of that nature not asking them. I often see questions that I don't know the answer to, and research them for the benefit of the person who asked and everyone else on the list. It is a great way to learn about things if you've got some spare time. This is why I think that you should have researched and answered if someone else had asked the question. Russell Coker -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: tcp connection
- Original Message - From: Russell Coker [EMAIL PROTECTED] To: Chris Wagner [EMAIL PROTECTED]; Debian ISP List debian-isp@lists.debian.org Sent: Friday, June 23, 2000 5:18 AM Subject: Re: tcp connection On Wed, 21 Jun 2000, Chris Wagner wrote: At 02:25 PM 6/20/00 +0200, Russell Coker wrote: They don't use NVT. The TELNET protocol is not running on (for example) a web server. Yeah but the NVT settings have to be negotiated for each side to talk to each other. If I telnet to an Apache webserver on port 80, my telnet is No they don't. If the server doesn't start NVT negotiation then nothing happens. going to negotiate NVT with whatever's on the other end. Both sides have to agree to establish the connection. Therefore, either Apache or something below Apache in the stack has to know about NVT. Otherwise Apache would tell me to go take a flying leap if I tried to telnet to it. What is my telnet client negotiating with in this case??? Telnet client negotiates nothing. Text you type is sent, but \n is replaced by \r\n. Text that is received is just displayed as-is. As an experiment to find out how hard it would be for you to determine this without asking the list I timed myself. I determined that in 121 seconds by running strace(1) on telnet. I tried using ltrace(1) to determine the same information, but after 149 seconds I realised that it was not the right tool and would not be able to provide me with the information. Ltrace displays the values of pointers instead of the data it referrs to. I could have used -S which might have been more useful, but there's no point when strace(1) is available. Then I decided to solve it properly. Firstly I read rfc854 and rfc855 (the base RFCs on TELNET) which didn't clarify this issue. Then I put a telnet daemon on port 23 and straced a telnet connection to it. The telnet client started with sending a sequence of NVT protocol commands to it which were responded to. Then I put the telnet daemon on port 1000 and repeated the test, this time the telnet client didn't start sending any NVT commands until after it had received some (the server had shown itself to be a NVT protocol server not a web server or whatever else I may have chosen to run on that port). NVT is totally bi-directional so it could run either way. This took me 821 seconds. Chris, most people here would not be able to do what I just did. However I believe that you are able to do everything I did (although it may have taken you a bit longer). I think that you should be answering questions of that nature not asking them. I often see questions that I don't know the answer to, and research them for the benefit of the person who asked and everyone else on the list. It is a great way to learn about things if you've got some spare time. This is why I think that you should have researched and answered if someone else had asked the question. Russell Coker -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
named help please
I am continually getting the following message, named[479]: XSTATS 961857757 961854157 RR=561 RNXD=68 RFwdR=397 RDupR=12 RFail=23 RFErr=0 RErr=0 RAXFR=0 RLame=7 ROpts=0 SSysQ=108 SAns=3050 SFwdQ=409 SDupQ=82 SErr=0 RQ=3501 RIQ=0 RFwdQ=0 RDupQ=30 RTCP=24 SFwdR=397 SFail=0 SFErr=0 SNaAns=837 SNXD=194 Is this something to worry about, if so can someone please tell me how to remedy? Thanks in advance Bill [EMAIL PROTECTED] * The Mind is like a parachute; it works much better when it's open. *
Re: named help please
On Sun, 25 Jun 2000, Bill wrote: I am continually getting the following message, named[479]: XSTATS 961857757 961854157 RR=561 RNXD=68 RFwdR=397 RDupR=12 RFail=23 RFErr=0 RErr=0 RAXFR=0 RLame=7 ROpts=0 SSysQ=108 SAns=3050 SFwdQ=409 SDupQ=82 SErr=0 RQ=3501 RIQ=0 RFwdQ=0 RDupQ=30 RTCP=24 SFwdR=397 SFail=0 SFErr=0 SNaAns=837 SNXD=194 It's a statistical report generated when named flushes it's cache. Is this something to worry about, No, unless the *Err numbers concern you. if so can someone please tell me how to remedy? Run: apt-get install bind-doc You could do some service delivery analysis with the numbers. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: named help please
Bill,
I am continually getting the following message,
named[479]: XSTATS 961857757 961854157 RR=561 RNXD=68 RFwdR=397
RDupR=12 RFail=23 RFErr=0 RErr=0 RAXFR=0 RLame=7 ROpts=0
SSysQ=108 SAns=3050 SFwdQ=409 SDupQ=82 SErr=0 RQ=3501 RIQ=0
RFwdQ=0 RDupQ=30 RTCP=24 SFwdR=397 SFail=0 SFErr=0 SNaAns=837
SNXD=194
Is this something to worry about, if so can someone please tell
me how to remedy?
This is completely normal behaviour and is not normally anything
to be concerned about. If you really want to disable this, place
the following in the options section of your named.conf.
options {
...
statistics-interval 0;
...
};
Here is the section about statistics-interval from the
documentation.
Nameserver statistics will be logged every statistics-interval
minutes. The default is 60. If set to 0, no statistics will be logged.
http://www.isc.org/products/BIND/docs/config/options.html
Here is an example of the same output fro a slightly more active
nameserver.
Jun 25 01:00:00 nameserver named[666]: XSTATS 961860234
961070215 RR=4846111 RNXD=462736 RFwdR=2195015 RDupR=199824
RFail=1765296 RFErr=0 RErr=20422 RAXFR=7161 RLame=174577
ROpts=0 SSysQ=536208 SAns=11211466 SFwdQ=3531399
SDupQ=3736147 SErr=0 RQ=15559270 RIQ=33 RFwdQ=0 RDupQ=781551
RTCP=192653 SFwdR=2195015 SFail=58 SFErr=0 SNaAns=5211822
SNXD=3102630
Yours sincerely,
-- Mark John Suter | I know that you believe you understand
[EMAIL PROTECTED] | what you think I said, but I am not sure
GPG key id F2FEBB36 | you realise that what you heard is not
Ph: +61 4 1126 2316 | what I meant. anonymous
pgpdOzPGXEPwr.pgp
Description: PGP signature
Re: named help please
On Sun, 25 Jun 2000, Bill wrote: I am continually getting the following message, named[479]: XSTATS 961857757 961854157 RR=561 RNXD=68 RFwdR=397 RDupR=12 RFail=23 RFErr=0 RErr=0 RAXFR=0 RLame=7 ROpts=0 SSysQ=108 SAns=3050 SFwdQ=409 SDupQ=82 SErr=0 RQ=3501 RIQ=0 RFwdQ=0 RDupQ=30 RTCP=24 SFwdR=397 SFail=0 SFErr=0 SNaAns=837 SNXD=194 Is this something to worry about, if so can someone please tell me how to remedy? you don't want to remedy. this rather cryptic line in your syslog is actually giving you the query statistics for your name server. Brian [EMAIL PROTECTED] How often I found where I should be going only by setting out for somewhere else.. -- R. Buckminster Fuller
