Tags:
create new tag
, view all tags

How to Debug Networked Apps Using Tcpdump

2012-05-06 - 02:06:58 by PeterThoeny in Deployment
I recently did yet another LDAP / Active Directory integration for a TWiki installation. LDAP has many knobs to turn, it can be challenging to configure it properly. In this case we had an issue where some users could authenticate, and others not. You can turn on debugging in the LdapContrib, but it did not help pinpointing the issue. TWiki communicates with the LDAP server over port 389. Wouldn't it be nice to see what gets sent back and forth across the network? That is where network monitoring comes into play.

There are many network monitoring utilities available to debug networked applications. The most common one is tcpdump, which is typically pre-installed on a Linux server. There is a port of tcpdump for Windows, it is called WinDump.

The tcpdump is a command line utility to analyze network packets. It allows one to intercept and display TCP/IP and other packets being transmitted or received over a network to which the server is attached. The tcpdump utility requires some basic knowledge of TCP/IP networking, but even without it one can guess what is going on.

In our case we wanted to find out why some users could not authenticate. As root user we run this command:

# tcpdump -vvv -A -i eth0 'port 389'

The -vvv option turns on very verbose (aka noisy) output - there is also -vv, -v and none at all to reduce the noise. The -A option displays the packet content in plain ASCII. The last parameter in quotes specifies to monitor only traffic on port 389 of network interface eth0, e.g. the LDAP traffic we are interested in. There are many more parameters to tweak the monitoring settings - consult the man pages for details.

Analyzing the output we learned that users who could authenticate where queried against LDAP, but the ones who could not where not. This helped pinpoint the issue: Authentication failed if a user is not listed in the TWikiUsers topic.

There are other networking monitoring tools available for specific needs, see the related links below.

As a closing comment, network monitoring tools allow one to sniff network traffic. With power comes responsibility. Use it wisely and respectfully.

Related:

Comments

.

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2012-05-14 - PeterThoeny
 

Twitter Delicious Facebook Digg Google Bookmarks E-mail LinkedIn Reddit StumbleUpon    
  • Help
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.