first day trip on the Suzook

My betrothed and I bought a 2007 Suzuki C50 motorcycle and took it on our first day trip, from Columbus to Millersburg Ohio. On the way up we took 62 to 541 to Coshocton. 541 is an amazing road :) Beautiful hill country. We were apparently chasing a storm, because the road was freshly wet most of the way, but the sun was shining and steam was rising off of the road.

We soon decided that what we had read was right, that the stock seats and no passenger back rest on the C50 is not really practical for touring. We took a lot of breaks through the day.

We stopped in Coshocton for lunch at a great Italian place on Main Street in the old downtown. The sausage and peppers are highly recommended.

I then took 83 up to 62 and into Millersburg for a short break, that's where the picture of the bike was taken. The pink helmet with polka dots belongs to my wife, mine is a flat black half-helmet with silver flames :)

The passenger rest is supposed to arrive today and I ordered seats from Ultimate (www.ultimate.ca), which are supposed to be the best touring seats for Suzuki Boulevards and Volusias. So far the modern technology, power, and ride are really amazing :)

netflow on Ubuntu 8.04

To generate and collect netflow data on your Ubuntu 8.04 box, I had to install a couple of packages:

sudo apt-get install fprobe
sudo apt-get install nfdump

fprobe is the daemon that will listen to the traffic and generate a netflow stream to a collector. The nfdump package includes nfcapd, which listens to the netflow stream and generates the flow files on your disk or wherever.

On Ubuntu 8.04 x86-64, fprobe installed an /etc/default file and an /etc/init.d/fprobe file. However, with a quick customization of the files, I found that my changes were ignored and fprobe did not actually run. For now I just ran it manually as root:

fprobe -p -i eth1 -fip localhost:555

The -p flag tells it not to bother putting the interface in promiscuous mode. I did that because I had already put the interface into promiscuous mode manually, after seeing that in /var/log/messages eth0 had been put into promiscuous mode, even though it had no ip address, and was not being used.

The -i flag tells it which interface to get traffic from.

The -f flag tells fprobe to get ip traffic, and is currently required to get any traffic collected at all.

Finally the hostname and port to send the netflow stream to be collected are the last arguments. With that, I had flows being exported!

Next I needed to collect the flows. I was able to edit the /etc/init.d/nfdump file to customize nfdump to work with my machine. You can get it at marmot. The main ingredients are the arguments you feed to nfcapd, here are mine:
DAEMON_ARGS="-D -p 555 -4 -l /home/lincolnr/incoming/nfcap/"

That tells nfcapd to run as a daemon, listen on port 555 for netflow data, use IPv4, and use /home/lincolnr/incoming/nfcap as the storage area for the flow files. This might not be a good production setup, as there is no filtering of where the netflow data comes from. So any netflow stream that is received will get processed, and maybe somebody could do something bad with that somehow...

Then I restarted it with sudo /etc/init.d/nfdump restart.

So running ls -al /home/lincolnr/incoming/nfcap, I started getting some non-empty flow files :)
drwxr-xr-x 21 lincolnr root 16384 2010-06-08 09:26 ..
-rw-r--r-- 1 root root 276 2010-06-08 09:37 nfcapd.201006080932
-rw-r--r-- 1 root root 276 2010-06-08 09:43 nfcapd.201006080937
-rw-r--r-- 1 root root 276 2010-06-08 09:48 nfcapd.201006080942
-rw-r--r-- 1 root root 1120 2010-06-08 09:56 nfcapd.201006080951
-rw-r--r-- 1 root root 756 2010-06-08 10:01 nfcapd.201006080956
-rw-r--r-- 1 root root 1900 2010-06-08 10:06 nfcapd.201006081001
-rw-r--r-- 1 root root 1484 2010-06-08 10:11 nfcapd.201006081006

Yay! Notice that root owns the files and they are world readable. I don't really like that part but it's fine for what I'm trying to do now. Using nfdump, then I can get reports on the traffic:
Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows
2010-06-08 10:20:10.788 0.000 IGMP 192.168.2.1:0 -> 239.255.255.250:0 1 32 1
2010-06-08 10:20:11.497 0.000 IGMP 192.168.2.2:0 -> 224.0.0.251:0 1 32 1
2010-06-08 10:21:14.270 0.000 TCP 208.94.232.254:80 -> 192.168.2.2:54213 1 52 1
2010-06-08 10:21:14.270 0.000 TCP 192.168.2.2:54213 -> 208.94.232.254:80 1 52 1
2010-06-08 10:17:16.609 310.298 TCP 199.18.249.12:59457 -> 192.168.2.2:22 45 2548 1
2010-06-08 10:17:16.568 310.303 TCP 192.168.2.2:22 -> 199.18.249.12:59457 63 58444 1
2010-06-08 10:17:49.883 244.052 UDP 192.168.2.1:1900 -> 239.255.255.250:1900 85 29625 1
2010-06-08 10:22:09.351 0.000 IGMP 192.168.2.1:0 -> 224.0.0.1:0 1 28 1
2010-06-08 10:22:09.804 0.000 IGMP 192.168.2.2:0 -> 224.0.0.251:0 1 32 1
2010-06-08 10:22:17.191 0.000 IGMP 192.168.2.1:0 -> 239.255.255.250:0 1 32 1
2010-06-08 10:22:19.042 0.000 IGMP 192.168.2.1:0 -> 224.0.0.2:0 1 32 1
2010-06-08 10:22:46.366 0.000 UDP 192.168.2.2:138 -> 192.168.2.255:138 2 493 1
2010-06-08 10:23:14.321 0.000 TCP 208.94.232.254:80 -> 192.168.2.2:54213 1 52 1
2010-06-08 10:23:14.321 0.000 TCP 192.168.2.2:54213 -> 208.94.232.254:80 1 52 1
2010-06-08 10:24:15.953 0.000 IGMP 192.168.2.1:0 -> 239.255.255.250:0 1 32 1
2010-06-08 10:24:14.373 0.000 IGMP 192.168.2.1:0 -> 224.0.0.1:0 1 28 1
2010-06-08 10:24:21.405 0.000 IGMP 192.168.2.1:0 -> 224.0.0.2:0 1 32 1
2010-06-08 10:24:19.438 0.000 IGMP 192.168.2.2:0 -> 224.0.0.251:0 1 32 1
Summary: total flows: 18, total bytes: 91630, total packets: 209, avg bps: 1725, avg pps: 0, avg bpp: 438
Time window: 2010-06-08 10:17:16 - 2010-06-08 10:24:21
Total flows processed: 18, skipped: 0, Bytes read: 948
Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 23076.9

Yay! We can generate netflow data from traffic on our Linux box, and also capture it. I will start another post to explain more about what this is, and why I'm doing it. Hope this helps someone, yes it does work if you trick into working :)

cabin fever

can't be zen all the time

The dead of winter in the midwest has an effect on people. I have been fighting it pretty successfully this year. It's been a struggle, because everyone around me has been struggling. Today it finally got me. It made me angry, because it's the people closest to me whose anguish I now feel. All I could do was cry, and use my words to describe my feelings. You can't be zen all the time. Then I went and had some quiet time to myself, went window shopping for books.

The last two days I had a fun project, I found a rim and tire for my Jeep. I have big tires on my Jeep, and I needed to find a big tire for a spare, and a big rim for the tire to fit on. I ended up buying everything from some really cool guys with eastern European accents, at a little independent used tire shop. They like my ride, and they picked on me for having mismatched lug nuts. I spent the rest of the evening sanding and prepping the rim, and painted it a nice flat black. It turned out better than I really was attempting to make it.