[Reconnoiter-users] Bad/Available

Dan Di Spaltro dan.dispaltro at gmail.com
Fri May 22 01:43:51 EDT 2009


Okay, so I tried to run the ping module locally.  Here is what I got.
Notice in the config I set the interval to be 5000 and the count to be
10, but I don't think the xml parameters are getting picked up in the
ping module.

ping_icmp_send(0x693ca0,127.0.0.1,2000,5)
ping_icmp_real_send(127.0.0.1)
ping_icmp: 127.0.0.1 0 is still outstanding.
ping_icmp_real_send(127.0.0.1)
ping_icmp: 127.0.0.1 0 is still outstanding.
ping_icmp_real_send(127.0.0.1)
ping_icmp: 127.0.0.1 0 is still outstanding.
ping_icmp_real_send(127.0.0.1)
ping_icmp: 127.0.0.1 0 is still outstanding.
ping_icmp_real_send(127.0.0.1)
ping_icmp: 127.0.0.1 0 is still outstanding.
ping_icmp(127.0.0.1) [cnt=5,avail=0,min=nan,max=nan,avg=nan]
127.0.0.1`ping_icmp <- [cnt=5,avail=0,min=nan,max=nan,avg=nan]
127.0.0.1`ping_icmp -> [unavailable:bad]

Obviously this should work, so I was rooting around in the code and
found this line of code, now is this incorrectly interpreting the ping
because the roundtrip is 0ms?
if(data->turnaround[i] != 0) {
   points++;
...

Trying to keep the everything as simple as possible, here is the config:

<checks max_initial_stutter="30000" >
    <check module="ping_icmp" interval="5000" count="10"
period="15000" target="127.0.0.1"
uuid="1b6e28ba-2fa1-11d2-853f-b9a761bde3fb" timeout="14000" />
  </checks>

Thanks, talk to you soon,


On Thu, May 21, 2009 at 11:27 AM, Dan Di Spaltro<dan.dispaltro at gmail.com> wrote:
> Okay did that.
>
> This is how I typically run the noitd daemon, this should yield the
> same results as that xml line right?
> /usr/local/sbin/noitd -D -d
>
> Anyways, there isn't a whole bunch of logging, so I am not sure what I
> am doing wrong.
>
> Talk to you soon,
>
> On Thu, May 21, 2009 at 8:35 AM, Theo Schlossnagle<jesus at omniti.com> wrote:
>> Try turning on debugging for that in noit.conf:
>>
>>        <log name="debug/ping_icmp" disabled="false"/>
>>
>>
>> On May 21, 2009, at 11:29 AM, Dan Di Spaltro wrote:
>>
>>> On Wed, May 20, 2009 at 5:35 PM, Theo Schlossnagle<jesus at omniti.com>
>>> wrote:
>>>>
>>>> On May 20, 2009, at 8:13 PM, Dan Di Spaltro wrote:
>>>>
>>>>> Okay got it.  I just don't think it is actually working, I am not sure
>>>>> how to debug it, but the ping should work, its on the same network and
>>>>> I can easily ping this computer from the Noitd computer, but it just
>>>>> doesn't work.  I usually get anywhere from 4-0ms latency when I ping
>>>>> from the command line.  Anyways, there seems to be a lot of code in
>>>>> the ping module, so I am not sure if I am doing it wrong or what.
>>>>>
>>>>> 173.45.232.xx`ping_icmp <- [cnt=5,avail=0,min=nan,max=nan,avg=nan]
>>>>> 174.132.225.xxx`ping_icmp <-
>>>>> [cnt=5,avail=60,min=0.0480,max=0.0480,avg=0.0480]
>>>>
>>>> Well... there are a lot of options here...  The best is to watch the
>>>> packets:
>>>>
>>>> tcpdump/snoop + wireshark will tell you a lot here.  I haven't seen any
>>>> problems like this.
>>>>
>>>> I'd run a ping at the same time as noitd while noit is running... for a
>>>> while and see if there is any packet loss.  How many hosts are you
>>>> pinging?
>>>> 512?
>>>
>>> 2, just those above two addresses, I am running tcpdump |grep ICMP and
>>> the sequence numbers look like they are coming back correctly, and it
>>> looks like everything is working in that respect.  I also tried
>>> running both side by side, and didn't see any packet loss.  The one
>>> above that comes up with everything nan is on the same network which
>>> usually yields a 0-4ms ping.
>>>
>>>>
>>>> Do you see any socket errors in the noit log (like buffer space
>>>> exceeded)?
>>>>  The icmp module attempts to increase the send buffer space up into the
>>>> megabyte range -- so hopefully that isn't an issue.
>>>
>>> I don't see errors in the noit.log like that
>>>
>>>>
>>>> --
>>>> Theo Schlossnagle
>>>> http://omniti.com/is/theo-schlossnagle
>>>> p: +1.443.325.1357 x201   f: +1.410.872.4911
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Dan Di Spaltro
>>
>> --
>> Theo Schlossnagle
>> http://omniti.com/is/theo-schlossnagle
>> p: +1.443.325.1357 x201   f: +1.410.872.4911
>>
>>
>>
>>
>>
>>
>
>
>
> --
> Dan Di Spaltro
>



-- 
Dan Di Spaltro



More information about the Reconnoiter-users mailing list