tcpdrop is a free utility to drop an established TCP connection in Sun solaris. It is a port of the tcpdrop utility from FreeBSD and openBSD. tcpdrop doesn’t do what it says on the tin and nothing more but does it very well. tcpdrop works in Solaris 10,9,8
For long we used Tracking IP basd IPMP wherein we track the availability of a gateway on the network using ICMP Echo request. When the gateway IP fails to respond it is considered link is unavailable and NIC fails over to the standby NIC in the IPMP group.
In the past we have to mess around with the NDD commands and stats tools like kstat to find the network link status, speed, duplex information in Sun Solaris. With Solaris 10, this has become much easier with the dladm utility.
dladm is the admin utility for Data-Link Interface which helps to display informarthe like Link Status (UP/DOWN), Speed, Duplex, MTU, VLAN Tagged and crucially statistics of network traffic on each of the interfaces historically as well as in real time. dladm can also configure and admin Link Aggregation on multiple NICs which we will not focus here.
Continue reading »
PCP is a very useful security and adminitration script that can help you quickly find Processes (PIDs) having particular TCP Port(s) open, TCP ports open by specific PIDs or even list all the TCP Ports open by all PIDs running on your system.
Setting up a Sun Solaris Server to receive its IP address from a DHCP Server is fairly straight forward and is infact just a matter of setting up files on your Solaris Server.
Everytime you reboot your Sun Solaris Server, you may find that one or more of your Network Interfaces may not come online.
If you did a “netstat -r”
sunsolaris# netstat -r
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
——————– ——————– —– —– —— ———
BASE-ADDRESS.MCAST.NET solaris10 U 1 0 hme0
default 192.168.0.1 UG 1 0 hme0
localhost localhost UH 1 61 lo0
You may not find that the network for the Network interface not found in there (192.168.0.0 here) and as you would expect adding the netmask manually fixes the problem.
sunsolaris# ifconfig hme0 255.255.0.0
Just as we saw modifying the caching time for ARP entries in the ARP table here. We can modify the default time that a sun Solaris system can hold the routing entries.
The default time for which a dynamically learnt Route entry in the routing table is 20mins (1200000ms)
Not so often we would end up troubleshooting or manipulating ARP and ARP tables in Sun Solaris. However, following are some of the useful commands which can help when required. The following commands will help you display,modify,add,delete ARP entries in Sun Solaris ARP table.
ARP attacks are the easiest attacks that can be launched on a network or a Server causing a Denial of Service. One of those things that can be done on the Sun Solaris Operating System is to alter the caching time for the ARP cache whch reduces the time that a rogue ARP entry stays in the ARP table. While this is not fool proof but can certainly make it that extra difficult to the hacker.
The default time that ARP entries are cached in a Sun Solaris system is 5 mins.
IP packet forwarding is the process of routing packets between network interfaces on one system. A packet arriving on one network interface and addressed to a host on a different network is forwarded to the appropriate interface.
In Solaris 10, IP Forwarding can be enabled or disabled using the routeadm & ifconfig commands as against the ndd commands in Solaris 9 and earlier. The advantage is the change dynamic and real-time and the change persist across reboot unlike the ndd command.