Netshoot: Difference between revisions

From Wildsong
Jump to navigationJump to search
Brian Wilson (talk | contribs)
Brian Wilson (talk | contribs)
Line 26: Line 26:
It's not a service that runs all the time, I intend to launch it as needed, for example,
It's not a service that runs all the time, I intend to launch it as needed, for example,


  docker run -it --net container:mapproxy_mapproxy_1 nicolaka/netshoot:0.1
  docker run -it --rm --net container:mapproxy_mapproxy_1 -v $PWD/pcap:/srv/pcap nicolaka/netshoot:0.1
  # ping mapproxy
  ping -c 3 mapproxy
  (works)
  ## (works)
  # tcpdump -n  
  tcpdump -n -w /srv/pcap/8080.pcap port 8080
 


=== The tests ===
=== The tests ===

Revision as of 21:14, 31 August 2022

Netshoot is a Docker that can be used for network analysis.

I needed to watch traffic on two Mapproxy sites to determine what was different between them, one worked and the other didn't. Everything here is based on this use case (at this time anyway.)

Netshoot contains many many network troubleshooting tools that are new to me, very exciting!!

Tracking Mapproxy

On each server, (CC and Wildsong),

  • Run netshoot, tell it to track port 8080 on the Mapproxy container.
  • Log traffic with tcpdump for these two tests
    • Hit the service with the GetCapabilities request by running ArcGIS Pro and trying to create a connection.
    • Hit the service via a PrintMap request from Web App Builder
  • Examine captured data to see what's different in the requests and responses
  • With the deep insight obtained, now I can repair the broken server.

Build

git clone [email protected]:nicolaka/netshoot
cd netshoot
make build-x86 # there is also an ARM version

Deploy

It's not a service that runs all the time, I intend to launch it as needed, for example,

docker run -it --rm --net container:mapproxy_mapproxy_1 -v $PWD/pcap:/srv/pcap nicolaka/netshoot:0.1
ping -c 3 mapproxy
## (works)
tcpdump -n -w /srv/pcap/8080.pcap port 8080


The tests

I turned off the cache / proxy on Cloudflare to make sure traffic will come through all the way to the Mapproxy server. At the moment I am not seeing any traffic but then again I don't see the aerial tiles in Pro either. I can see traffic when I hit the web page directly.

This URL works, and I can see traffic on the server. https://giscache.wildsong.biz/city-aerials/service?request=GetCapabilities That means its cousin should work too, https://giscache.co.clatsop.or.us/city-aerials/service?request=GetCapabilities Unfortunately, it does. If I can't come up with simple test cases, I have a problem.

Let's try WebAppBuilder print services. I have created a map that has a Wildsong service and a CC service. I can see aerial imagery for both services in the map viewer. When I turn on the Wildsong service and "print", the PDF file is generated and I can see the image in the output. When I use the CC service, it immediately throws an error.

When I ask for a "description" of the service it hits https://giscache.wildsong.biz/osip/service?SERVICE=WMS&REQUEST=GetCapabilities and https://giscache.co.clatsop.or.us/osip/service?SERVICE=WMS&REQUEST=GetCapabilities Both of these URLs work. They return an unreadable block of text. It's XML and does not display well in a browser. I added an XML viewer called "Pretty XML" to my browser. NOW it's readable.

The tools included

He gives this list... I want to know what each does. I am deleting the obvious ones like bash and file.

apache2-utils htpasswd
bind-tools
bird
bridge-utils
busybox-extras
calicoctl
conntrack-tools
ctop
dhcping
drill
ethtool
fping
httpie
iftop
iperf
iproute2
ipset
iptables
iptraf-ng
iputils
ipvsadm
jq
libc6-compat
liboping
mtr
net-snmp-tools
netcat-openbsd
netgen
nftables
ngrep
nmap
nmap-nping
openssl
py-crypto
py2-virtualenv
scapy
socat
strace
swaks
tcpdump
tcptraceroute
termshark
tshark
util-linux
websocat

Resources

Github site for Netshoot: https://github.com/nicolaka/netshoot