EtherApe Network Visualization Tool

EtherApe.

What is it? It's a very cool network visualization tool. I first encountered the tool when a colleague of mine used it in a Marketing Showcase for a large networking company that we worked for.

Later, I rejoined that same colleague, and he had unleashed the same weapon for marketing demo systems. Interestingly, despite the fact that it was 10 years or so later, the people at this state-of-the-art networking company had not heard of the tool.

So - EtherApe was such a cool tool, that our trade shows and showcases were dependent on it once again. Which meant, that it not only did people want to run it, but inevitably, people wanted to customize it. Myself, I had never ventured into the bowels of EtherApe (we had other engineers doing this, so why duplicate effort?).

Eventually, though, there WAS a need to - a project - that came up, and we did want to customize EtherApe, so I rolled up my sleeves and downloaded EtherApe, and customized it using the Glade software. Unfortunately, I sent the server I did this on out into the field (to the customer), and therefore, although documenting what I did, did not have the actual customizations I had made.

I learned that I got lucky on that initial project. Compiling EtherApe can be difficult enough on a modern system. Customizing it leaves a number of places where someone can go wrong.

So, the objective of this blog is to "recapture the steps" to:
a. Download and Run EtherApe
b. Have the ability to customize EtherApe.

On the Etherape page, it lists the following dependencies:

• The libpcap packet capture library, available from the Lawrence Berkeley National Laboratory.
• GTK+, available from the GTK+ site. Version 2.12 or above is needed.
• Libglade 2, available from ftp://ftp.gnome.org/pub/GNOME/sources/libglade
• Gnome, available from the Gnome site. Version 2 is needed.
• The standard resolver library (exact name varies with OS and distribution)

libpcap
I checked, and the libpcap package was already installed, thanks to prior installations of things like Wireshark. In fact, not only libpcap was installed, but the libpcap development package is also installed. This is good, because it provides headers and additional packages.
My versions are:
libpcap-1.5.3-8.el7.x86_64
libpcap-devel-1.5.3-8.el7.x86_64

gtk+

Next, I looked at gtk+. The Etherape page states a minimum version of 2.12, which indicates to me that this version was probably tested by the developers.  When I go to the website for gtk+, I notice that there is a "gtk+" version 3 branch, and a version 2 branch (see below image). The version 2 has a 2.24 - and when you click on this, the latest version on 2.24 sources is 2.24.31. So - in summary, this is how I wound up installing this particular version of gtk+. I downloaded these sources, compiled them and installed them. This did not install an rpm, by the way - so an rpm -qa would not report this particular package as being installed on the system. One would have to "know", or "remember" that this was installed in a custom way, as is the case when you install sources like this.

NOTE:
Looking around, I do find this 2.12 version sitting on a site called:
https://launchpad.net/gtk/+milestone/2.12.0

This version is hosted as a bzip2 file, which means you must use the bzip utility to download it! And bzip is not like tar - in that it does not, by default, save the original archive. You must use the -dk options to do this, such as:
bzip2 -dk gtk+-2.12.0.tar.bz2

I did go ahead and download the 2.12 version of gtk+, and bzip - figuring it could be good to have, "just in case". You never know when these sites might disappear.


Next, from the gtk+ site, I see that gtk+ also has its list of dependencies:

Now keep in mind, these are dependencies for version 3.22 of GTK+. It doesn't mean an earlier version of GTK+ uses all of these, although it would be reasonable to assume so.

So let's do a quick check on the command line, with rpm -q (query), and see what we get:
rpm -qa | grep glib; reports version 2.46.2-4.el7.x86_64. glib-devel is NOT installed.
rpm -qa | grep pango; reports version 1.36.8-2 of both pango and pango-devel.
rpm -qa | grep pixbuf; reports version 2.31.6-3 of both gdk-pixbuf2 and gdk-pixbuf2-devel.
rpm -qa | grep atk; reports version 2.14.0-1.el7.x86_64 of both atk and atk-devel.
rpm -qa | grep gobj; reports version 1.42.0-1.el7.x86_64 of gobject-introspection.

libglade 2
With glade, we downloaded the 2.6.4 and did a configure/make/install on that package.
Doing a quick check to see what we have on the system:
rpm -qa | grep glade; reports libglade2-2.6.4-11.el7.x86_64 and also the devel package.

Gnome
It is not clear what we need to install for Gnome. Obviously, you need to have the Gnome desktop installed (which we do).

I decided to take a guess, and install libgnome (not sure if this is even a real package or not). So I typed "yum install libgnome", and sure enough, six packages installed.  The versions of libgnome and libgnome-devel include libgnome-2.32.1-9.el7.x86_64 and libgnome-devel-2.32.1-9.el7.x86_64.


On to Etherape

So we have all packages necessary, it appears, for Etherape to run.
Do we have the right versions of these packages? Not sure.

Let's check and see if we have Etherape.
rpm -qa | grep Etherape; returns nothing.

What version of Etherape should we download?
You can download binaries, or you can download and compile the source code, from the Sourceforge site. It could be interesting to inspect the source, so let's download that.

It looks like .9.1.4 is the current version (we are not at version 1.0 of this software, which has been around now for years? that seems weird to me). At this version level, it appears they have binary (precompiled) installs for several distribution flavors and versions of Linux, including CentOS 6 and 7.

But we want the source, and there is a source file there as well. We will download the file: etherape-0.9.14.tar.gz . This will download the file into the default browser directory for the user you are running as, and you will probably want to unpack it in another directory (/opt, /usr/local, etc) to compile it.

NOTE: If you get an error about a missing package called ScrollKeeper, install the package rarian. ScrollKeeper is now part of the rarian package, to my understanding.

From here, you can - and should - invoke Etherape to make sure it runs. That's certainly important.

Once you have verified that it runs, the next step is to run glade, and make sure glade launches. Problem is, how to you actually start glade? I wasn't sure - and it wasn't easy to figure out in two seconds. This site here has an example of how to start glade:

https://www-uxsup.csx.cam.ac.uk/courses/moved.Glade/course.pdf

But glade-2 did not start it. Instead, I found a glade-3 binary in /usr/local/bin. It turns out, that I guess Linux installed glade 3.85 on the system.

I did invoke this glade (3.85) and it did read in an Etherape glade file.

To be continued....

Parameter Expansion in Bash

It has been so long since I have scripted (back then I used Korn shell), that when I started looking at some advanced Bash, and started seeing some very weird syntax, I had to go research it.

It turns out that these "weird things", are a feature in Bash called Parameter Expansion.

http://wiki.bash-hackers.org/syntax/pe

Bash is "Borne Again Shell".

The Borne shell was the original shell, and then Korn shell became the shell of choice, replacing Borne in many cases, in the 90s.

Now, Bash has apparently re-taken Korn shell with these kinds of funky features.

They don't make Unix any easier to look at when you see this stuff. Although, power and flexibility is the tradeoff. Apparently. More power, less keystrokes.

Configuring KDump on CentOS 7

It used to be, back in my day, that a core file would just appear when the kernel decided to dump core.

Apparently that is not the case anymore. Now, you need to configure KDump, I have learned.

Here's an article on this:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Kernel_Crash_Dump_Guide/sect-kdump-config-cli.html

We had to do this recently because of an application that kept causing a kernel panic. We gave the dumps to developers who figured out the problem was related to an ioctl call being made in software.

UPDATE:
Here's another, perhaps better, article:
http://www.thegeekstuff.com/2014/05/kdump/

This one shows how to use the crash utility, as well as induce a system crash by sending signal 11 to a process.

Starting Gnome Automatically with SystemD

I used to start x by just "starting X" - meaning, running startx on the terminal, or putting a script in rc.local or init.d.

But now that SystemD is in play, here is how you do this:

systemctl set-default graphical.target

This is handy if you need to spin up VMs with minimal installs and then add a desktop manager later on.  I had to do this because I needed to access a KVM host with virt-manager. Yes, there's a way to do EVERYTHING on command line (or with CLI). But I like the GUI for this.

NOTE: To install Gnome on a box that did not even have X on it, I used:
yum groupinstall "GNOME-desktop"

VirtualBox Tips and Tricks - Installing Guest Additions

https://wiki.centos.org/HowTos/Virtualization/VirtualBox/CentOSguest

The trick here is in finding Devices.  Devices is actually in the VM window - not the host manager window! If you don't know this, you may find yourself tripping through all of the host menus and submenus trying to find the "Install Guest Additions" prompt.

Obviously you need to have the ISO mounted.

So again:

Copy Guest Additions iso to the VM
Go to the VM window, choose "Optical Drive" and mount that ISO.
Then go to Devices, Insert Guest Manager CD Image
Lastly, choose Install Guest Additions (once CD is loaded) - also from Devices on the VM.

Installing a KVM Host on CentOS 7

I am using another reference to do this, which can be found below.

http://www.server-world.info/en/note?os=CentOS_7&p=kvm

Ok. After I followed these instructions, I had to locate another site:

http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-kvm-qemu-on-centos-7-rhel-7.html


So basically, step 1 is to install the necessary packages. Using BOTH of these sites, I came up with the following list:

• qemu-kvm =  QEMU emulator
• qemu-img = QEMU disk image manager
• virt-install =  Command line tool to create virtual machines.
• libvirt = Provides libvirtd daemon that manages virtual machines and controls hypervisor.
• libvirt-install = Provides libvirtd daemon that manages virtual machines and controls hypervisor.
• bridge-utils = creating bridges, et al.
• libvirt-client  = provides client side API’s for accessing servers and also provides virsh utility which provides command line tool to manage virtual machines.
• virt-viewer – Graphical console

So I installed these using yum -y (assume yes) ...packages...

Next, step 2, is to create a bridge that will be used to allow the VMs inside the KVM to reach the NIC on the box to communicate with outside networks.

Actually, because I already have a bridge interface (br0), I am going to try to use that rather than creating a bridge.

Next, I need to connect to the KVM host. I don't have X on this machine, so I will need to connect from another CentOS 7 box that does have X installed. On that box, which has X and Gnome Desktop, I installed libvirt, libvirt-client, and virt-viewer.

But - I ran into a problem connecting.

After debugging, I realized the KVM host does not accept inbound SSH connections as root. So I tried to connect as a different user that is in the wheel group, and this did not work either.

I think the answer to that is in this blog here, which involves policy set up.

http://wiki.libvirt.org/page/SSHPolicyKitSetup

This in fact did not work either, so I instead did this:

https://goldmann.pl/blog/2012/12/03/configuring-polkit-in-fedora-18-to-access-virt-manager/

polkit.addRule(function(action, subject) {
  if (action.id == "org.libvirt.unix.manage" && subject.local && subject.active && subject.isInGroup("wheel")) {
      return polkit.Result.YES;
  }
});

But I took the subject.local out, because I was connecting from a remote machine.

next, on the other CentOS 7 device I was connecting to the KVM host from (which is also a CentOS 7 VM on Virtual Box), we ran the following commands so that we wouldn't get repeatedly authenticated.

ssh-keygen (accept defaults)
ssh-copy-id [ kvm host address ]

UPDATE:
I finally got a server with 32 Gb RAM to use as a KVM host. I decided NOT to put XWindows on this host, and use it, truly, just as a host. I set up a virt-manager on another VirtualBox Linux VM, and figured I would use that to interact with the host.

I had a devil of a time getting the darn VMs to install.

Finally, I realized that the secret, was to pass in some extra-args on the command line. I realized this on a web discussion, which I would have liked to have posted here, but unfortunately I could not relocate that discussion. Also, I had to change cdrom to "location". Once I did this, I was able to see standard console output on the install.

#!/usr/bin/bash

virt-install \
-n CentOS7-KVM1 \
--description "KVM1 CentOS7" \
--os-type=Linux \
--os-variant=centOS7.0 \
--ram=2048 \
--vcpus=2 \
--disk path=/home/kvm/images/vDisk0.img,bus=virtio,size=10 \
--graphics none \
--location /var/tmp/CentOS-7-x86_64-Minimal-1511.iso \
--network bridge:virbr0 \
--extra-args "console=tty0 console=ttyS0,115200n8 serial"

Percona and MariaDB

Downloaded PerconaDB today.

Apparently it is re-packaged MariaDB, which in turn is re-packaged MySQL.

Why Percona? For Clustering.

More later.