Technology Insights

How to Use MTR (Traceroute and Ping Combined)

One of the not so well know networking tools available on Linux is MTR.  MTR combines the functionality of the traceroute and ping programs in a single net-work diagnostic tool.  As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine.   A sudden increase in packet-loss or response time is often an indication of a bad (or simply overloaded) link.  mtr is fairly easy to use once you have a look at the different options possible:

mtr-help-flags

Technology Insights

Use whois To Get More Information About A Domain Name With The Host Switch

Using whois can be a valuable tool to find out more information about a domain via the command line in Linux. A typical whois query can be performed to find out where the domain was purchased and using it again with the -h (host switch) can provide more detailed information about the domain. Using the -h switch will typically provide information such as who purchased the domain, when the domain was purchased, when the domain expires, etc. Below are a couple basic examples of how whois can be used followed by whois queries with the output.

Technology Errors

dumpcap: That string isn’t a valid capture filter (syntax error), dumpcap filter syntax

I needed to capture some packets on a server to import into Wireshark on a Windows XP computer but hadn’t done this in awhile so I needed to refresh on how to do this. I ended up using dumpcap to capture the data, then obtain the dump file on the windows computer, and then imported into Wireshark. One thing I had a moment of trouble with was the dumpcap filter syntax. Below are some examples of how to use the filter that the dumpcap -f switch uses.

Basic dumpcap Capture[All Data]:

bash

  1. dumpcap -w /path/to/file

Technology Insights

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

If you attempt to SSH to a server and receive a message similar to the below:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
23:43:66:2a:ac:53:d9:62:8c:af:03:5f:6b:67:b7:86.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:5
RSA host key for server.example.com has changed and you have requested strict checking.
Host key verification failed.
lost connection