Administration – geekdecoder

Network Throughput Testing with iPerf

January 9, 2019January 9, 2019 by The Geek Decoder

iPerf is a command-line tool used in diagnosing network speed issues by measuring the maximum network throughput a server can handle. It is particularly useful when experiencing network speed issues, as you can use iPerf to determine which server is unable to reach maximum throughput.

Basic usage:

run iperf -s on machine A then go to machine b and run iperf -c and it’ll tell you the xfer speed

Install iPerf

The iperf package is included in most Linux distribution’s repositories.

Debian and UbuntuPermalink

# apt-get install iperf

CentOS

CentOS repositories do not have iPerf. Use the EPEL repository, which is a repository used to install third-party software packages on RedHat systems such as RHEL and CentOS:

# yum install epel-release
# yum update
# yum install iperf

Arch LinuxPermalink

# pacman -S iperf

openSUSEPermalink

# zypper install iperf

GentooPermalink

# emerge iperf

If you have not yet run emaint –sync you may need to do so before it will allow you to install the iPerf package. Additionally, by default you will need to substitute each iperf command with /usr/bin/iperf3. This path may differ dependent on your iPerf version.

How to Use iPerf

iPerf must be installed on the computers at both ends of the connection you’re testing. If you are using a Unix or Linux-based operating system on your personal computer, you can install iPerf on your local machine.

If you are testing the throughput of your server, however, it’s better to use another server as the end point, as your local ISP may impose network restrictions that can affect the results of your test.

CP Clients & Servers

iPerf requires two systems because one system must act as a server, while the other acts as a client. The client connects to the server you’re testing the speed of.

On the server you plan to test, launch iPerf in server mode:

# iperf -s

You should see output similar to:

      
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------

On your second server, connect to the first. Replace 198.51.100.5 with the first servers IP address.


# iperf -c 198.51.100.5

     
------------------------------------------------------------
Client connecting to 198.51.100.5, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[  3] local 198.51.100.6 port 50616 connected with 198.51.100.5 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.1 sec  1.27 GBytes  1.08 Gbits/sec

You will also see the connection and results on your iPerf server:


------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 198.51.100.5 port 5001 connected with 198.51.100.6 port 50616
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-10.1 sec  1.27 GBytes  1.08 Gbits/sec

To stop the iPerf server process, press CTRL + c.

UDP Clients & Servers

Using iPerf, you can also test the maximum throughput achieved via UDP connections.

Start a UDP iPerf server:

# iperf -s -u


      
------------------------------------------------------------
Server listening on UDP port 5001
Receiving 1470 byte datagrams
UDP buffer size:  208 KByte (default)
------------------------------------------------------------

Connect your client to your iPerf UDP server. Replace 198.51.100.5 with your IP address:


# iperf -c 198.51.100.5 -u

   
------------------------------------------------------------
Client connecting to 198.51.100.5, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size:  208 KByte (default)
------------------------------------------------------------
[  3] local 198.51.100.6 port 58070 connected with 198.51.100.5 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  1.25 MBytes  1.05 Mbits/sec
[  3] Sent 893 datagrams
[  3] Server Report:
[  3]  0.0-10.0 sec  1.25 MBytes  1.05 Mbits/sec   0.084 ms    0/  893 (0%)

1.05 Mbits/sec is considerably less than what was observed on the TCP tests. It is also considerably less than the maximum outbound bandwidth cap provided by the 1GB link. This is because iPerf limits the bandwidth for UDP clients to 1 Mbit per second by default.

You can change this with the -b flag, replacing the number after with the maximum bandwidth rate you wish to test against. If you are testing for network speed, set this number above the maximum bandwidth cap provided by your provider:

# iperf -c 198.51.100.5 -u -b 1000m

This tells the client that we want to achieve a maximum of 1000 Mbits per second if possible. The -b flag only works when using UDP connections, since iPerf does not set a bandwidth limit on the TCP clients.

   
------------------------------------------------------------
Client connecting to 198.51.100.5, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size:  208 KByte (default)
 ------------------------------------------------------------
      [  3] local 198.51.100.5 port 52308 connected with 198.51.100.5 port 5001
      [ ID] Interval       Transfer     Bandwidth
      [  3]  0.0-10.0 sec   966 MBytes   810 Mbits/sec
      [  3] Sent 688897 datagrams
      [  3] Server Report:
      [  3]  0.0-10.0 sec   966 MBytes   810 Mbits/sec   0.001 ms    0/688896 (0%)
      [  3]  0.0-10.0 sec  1 datagrams received out-of-order

This time the results are considerably higher.

Bidirectional Tests

In some cases, you may want to test both servers for the maximum amount of throughput. This can easily be done using the built-in bidirectional testing feature iPerf offers.

to test both connections, run the following command from the client:

# iperf -c 198.51.100.5 -d

The result is that iPerf will start a server and a client connection on the client server (198.51.100.6). Once this has been done, iPerf will connect the iPerf server to the client connection, which is now acting as both a server connection and a client connection.

------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
------------------------------------------------------------
Client connecting to 198.51.100.5, TCP port 5001
TCP window size:  351 KByte (default)
------------------------------------------------------------
[  3] local 198.51.100.6 port 50618 connected with 198.51.100.5 port 5001
[  5] local 198.51.100.6 port 5001 connected with 198.51.100.5 port 58650
[ ID] Interval       Transfer     Bandwidth
[  5]  0.0-10.1 sec  1.27 GBytes  1.08 Gbits/sec
[  3]  0.0-10.2 sec  1.28 GBytes  1.08 Gbits/sec

On the server, you will see:


------------------------------------------------------------
Client connecting to 198.51.100.6, TCP port 5001
TCP window size:  153 KByte (default)
------------------------------------------------------------
[  6] local 198.51.100.5 port 58650 connected with 198.51.100.6 port 5001
[  6]  0.0-10.1 sec  1.27 GBytes  1.08 Gbits/sec
[  5]  0.0-10.2 sec  1.28 GBytes  1.08 Gbits/sec

Options
Option Description
-f Change the format in which the tests are run. For example, you can use -f k to get results in Kbits per second instead of Mbits per second. Valid options include m (Mbits, default), k (Kbits), K (KBytes), and M (MBytes).
-V Forces iPerf to use IPv6 rather than IPv4.
-i Changes the interval between periodic bandwidth tests. For example, -i 60 will make a new bandwidth report every 60 seconds. The default is zero, which performs one bandwidth test.
-p Changes the port. When not specified, the default port is 5001. You must use this flag on both the client and server.
-B Binds iPerf to a specific interface or address. If passed through the server command, the incoming interface will be set. If passed through the client command, the outgoing interface will be set.

Accessing Website with IP NAT Hairpinning

November 19, 2018 by The Geek Decoder

The term hairpinning comes from the fact that the traffic comes from one source into a router or similar devices, makes a U-turn and goes back the same way it came.

Visualize this and you see something that looks like a hairpin.

Hairpin NAT is a useful technique for accessing an internal server using a public IP. Since you are using a public IP to attempt to access a server in your network, the traffic will attempt to go out to the internet. In order to reach the server, the traffic will need to be redirected to the correct location.
The issue with this article is that you need to load a website or use curl to access the website on an internal IP that is set up as NAT to a public IP.

Scenario:

Server1 – Web Server. Has a public IP 214.44.55.44 and is behind a firewall with the private IP 10.0.0.12.

When you try and load the site on this server, it does not load.
Fix: Set up hosts file to point to the private IP.

How to Set or Change Hostname in CentOS 7

November 15, 2018November 13, 2018 by The Geek Decoder

Use this information when changing the hostname in centos 7.

Ways to show the hostname

# hostname
# hostname -s
# hostname -f
# cat /etc/hostname
# hostnamectl

How to change the hostname.
In order to change or set a CentOS 7 machine hostname, use the hostnamectl command as shown in the below command excerpt.

# hostnamectl set-hostname your-new-hostname

In order to apply the new hostname, a system reboot is required, issue one of the below commands in order to reboot a CentOS 7 machine.


# init 6
# systemctl reboot
# shutdown -r now

A second method to setup a CentOS 7 machine hostname is to manually edit the /etc/hostname file

# nano /etc/hostname

Setting up cron to remove emails from an utility email

September 22, 2018September 22, 2018 by The Geek Decoder

Sometimes you need to add an email to receive alerts and other emails for you system or business. WThen after a while the email account is full of emails. One method to automate this is to set up a cron in cpanel to remove the emails. Here is an example.


bin/find /home/cpaneluser/mail/domain.name/emailuser/new -type f -exec rm {} \;

Smartmon tools Windows

September 19, 2018September 19, 2018 by The Geek Decoder

Some Smartmon tools

https://github.com/v-zhuravlev/zbx-smartctl
https://share.zabbix.com/storage-devices/smart-monitoring-with-smartmontools-lld
https://www.smartmontools.org/wiki/Download#InstalltheWindowspackage

Install Lets encrypt on WHM and cPanel

September 15, 2018September 15, 2018 by The Geek Decoder

Follow this: https://documentation.cpanel.net/display/CKB/The+Let%27s+Encrypt+Plugin
The this for the icon in cpanel: https://premium.wpmudev.org/blog/free-ssl-https-cpanel/

Log into your SSH client at root level, then add the Let’s Encrypt repository with the following command:


cd /etc/yum.repos.d/ && wget https://letsencrypt-for-cpanel.com/static/letsencrypt.repo

Next, install the plugin for cPanel with line below and yum:

yum -y install letsencrypt-cpanel

Output:

 yum -y install letsencrypt-cpanel
Loaded plugins: fastestmirror, universal-hooks
Loading mirror speeds from cached hostfile
 * EA4: 104.219.172.10
 * cpanel-addons-production-feed: 104.219.172.10
 * base: mirrors.usc.edu
 * extras: mirror.san.fastserv.com
 * updates: mirrors.xmission.com
letsencrypt-cpanel                                                                                                             | 2.9 kB  00:00:00
letsencrypt-cpanel/primary_db                                                                                                  | 9.4 kB  00:00:00
Resolving Dependencies
--> Running transaction check
---> Package letsencrypt-cpanel.x86_64 0:0.14.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                                  Arch                         Version                         Repository                                Size
======================================================================================================================================================
Installing:
 letsencrypt-cpanel                       x86_64                       0.14.0-1                        letsencrypt-cpanel                       3.5 M

Transaction Summary
======================================================================================================================================================
Install  1 Package

Total download size: 3.5 M
Installed size: 10 M
Downloading packages:
letsencrypt-cpanel-0.14.0-1.x86_64.rpm                                                                                         | 3.5 MB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
*** By running this installer, you indicate that you have read the end-user
 licence agreement (https://cpanel.fleetssl.com/eula) and agree to all of its terms, as stated. ***

Running installer as root
OS version OK
cPanel version OK
No licence file detected at /etc/letsencrypt-cpanel.licence
Fetching new trial licence ...
Licence file present
Redirecting to /bin/systemctl stop letsencrypt-cpanel.service
Failed to stop letsencrypt-cpanel.service: Unit letsencrypt-cpanel.service not loaded.
FleetSSL cPanel service daemon stopped
  Installing : letsencrypt-cpanel-0.14.0-1.x86_64                                                                                                 1/1

This server has self-signed service certificates
It is not safe to operate this plugin in this circumstance
'insecure' is being added to /etc/letsencrypt-cpanel.conf

If you wish to generate a Let's Encrypt cert for the server
Please read the configuration documentation on our website, at
https://cpanel.fleetssl.com/docs/service-certificates/

Config written to /etc/letsencrypt-cpanel.conf
Uninstallation of existing service failed (it's OK)
Installed init scripts.
Copied plugin files OK
Installing cPanel paper_lantern plugin (may take a minute) ...
cPanel Plugin installer succeeded OK
Installed chkservd scripts
Added apache pre virtualhost global include
Set cpanel tweak settings

--- Installation complete ---
The plugin should now be available in the cPanel feature manager
Will rebuild conf and restart Apache to reload AutoSSL DCV URLs
Rebuilding Apache conf and restarting now ...
Built /etc/apache2/conf/httpd.conf OK
  Verifying  : letsencrypt-cpanel-0.14.0-1.x86_64                                                                                                 1/1

Installed:
  letsencrypt-cpanel.x86_64 0:0.14.0-1

Complete!

Check Apache Connections

September 13, 2018September 13, 2018 by The Geek Decoder

How many apache connections are there?
Ubuntu

# ps faux | grep '/usr/sbin/apache2' | wc -l

CentOS

# ps faux | grep '/usr/sbin/httpd' | wc -l

Check IP Amounts in Access logs

September 5, 2018September 5, 2018 by The Geek Decoder

When checking a server access logs, you may wnat to see how many time an IP is requesting pages. Here is the command:


grep 123.123.123.123 /usr/local/apache/logs/error_log | wc -l
1018

How do I find all files containing specific text on Linux?- with find

August 31, 2018August 31, 2018 by The Geek Decoder

I recently had a challenge to look at code. The IP was redirecting to another IP and after testing decided to check the code. This is in Plesk:

# find /var/www/vhosts/domain.com/httpdocs/ -type f -exec grep -H '216.xx.bb.cc' {} \;

And voila! There were 2 files with the hardcoded IP in the config file. This will also work with other strings as well.

Generate ssh keys on linux and use with PuTTY on Windows

September 1, 2018August 10, 2018 by The Geek Decoder

Log into the Linux server as the user you are going to use to connect with ssh. Generate the key.

ssh-keygen -t rsa -b 4096 -C "email@domain.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3/dDa9R+zzDpGNt/EU9Jusj/snbKt3+B8F+ULnxXtWk email@domain.com
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|               ..|
|              o *|
|           . . E+|
|        S . = =o=|
|         . + * O=|
|          . + @.*|
|            .@ %=|
|            ++@+#|
+----[SHA256]-----+

Now copy the id_rsa key to your Windows desktop. This can be done by copying and pasting the contents of the file or using an SCP client such as PSCP which is supplied with the PuTTY install or FileZilla.