Wireshark

Source:https://www.wireshark.org/download.html

Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Features:
  1. Deep inspection of hundreds of protocols, with more being added all the time
  2. Live capture and offline analysis
  3. Standard three-pane packet browser
  4. Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
  5. Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  6. The most powerful display filters in the industry
  7. Rich VoIP analysis
  8. Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  9. Capture files compressed with gzip can be decompressed on the fly
  10. Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  11. Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  12. Coloring rules can be applied to the packet list for quick, intuitive analysis
  13. Output can be exported to XML, PostScript®, CSV, or plain text

Capture, Filter and Inspect Packets using Wireshark Tool

Here is the demo..



Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets.

This tutorial will get you up to speed with the basics of capturing packets, filtering them, and inspecting them. You can use Wireshark to inspect a suspicious program’s network traffic, analyze the traffic flow on your network, or troubleshoot network problems.

Getting Wireshark


You can download Wireshark for Windows or Mac OS X from its official website. If you’re using Linux or another UNIX-like system, you’ll probably find Wireshark in its package repositories. For example, if you’re using Ubuntu, you’ll find Wireshark in the Ubuntu Software Center.

Just a quick warning: Many organizations don’t allow Wireshark and similar tools on their networks. Don’t use this tool at work unless you have permission.


Capturing Packets:

After downloading and installing Wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the wireless network, click your wireless interface. You can configure advanced features by clicking Capture Options, but this isn’t necessary for now.



As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system. If you’re capturing on a wireless interface and have promiscuous mode enabled in your capture options, you’ll also see other the other packets on the network.



Click the stop capture button near the top left corner of the window when you want to stop capturing traffic.



Color Coding
You’ll probably see packets highlighted in green, blue, and black. Wireshark uses colors to help you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black identifies TCP packets with problems — for example, they could have been delivered out-of-order.



Sample Captures
If there’s nothing interesting on your own network to inspect, Wireshark’s wiki has you covered. The wiki contains a page of sample capture files that you can load and inspect.

Opening a capture file is easy; just click Open on the main screen and browse for a file. You can also save your own captures in Wireshark and open them later.



Filtering Packets
If you’re trying to inspect something specific, such as the traffic a program sends when phoning home, it helps to close down all other applications using the network so you can narrow down the traffic. Still, you’ll likely have a large amount of packets to sift through. That’s where Wireshark’s filters come in.

The most basic way to apply a filter is by typing it into the filter box at the top of the window and clicking Apply (or pressing Enter). For example, type “dns” and you’ll see only DNS packets. When you start typing, Wireshark will help you autocomplete your filter.



You can also click the Analyze menu and select Display Filters to create a new filter.



Another interesting thing you can do is right-click a packet and select Follow TCP Stream.



You’ll see the full conversation between the client and the server.



Close the window and you’ll find a filter has been applied automatically — Wireshark is showing you the packets that make up the conversation.



Inspecting Packets

Click a packet to select it and you can dig down to view its details.



You can also create filters from here — just right-click one of the details and use the Apply as Filter submenu to create a filter based on it.



Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of what you can do with it. Professionals use it to debug network protocol implementations, examine security problems and inspect network protocol internals

Parameterization in Load Runner

Replacing hard coded values in the script with different values is called Parameterization.


Parameterization used for :
  1. Reducing script size
  2. Avoiding cache effect

Type of Parameters


1.Date/Time – Whenever we have to replace a date value with a parameter, Date/Time parameter is used. Any post with past date is not valid. To keep it updated, Date/Time parameter provides flexibility to get the current or future date. If past date is needed, it handles that too.

2.Group Name -We can generate a parameter on the basis of group that we select on controller for the script while execution. This parameter will only work while running the script on controller.

3. Iteration Number – This replaces the parameter with current iteration number. This is generally used to build some logic. For example- when we want some code in script to be executed alternatively. For this, we will use the iteration number to check whether it is even or odd number and for one of the condition we will execute the function.

4. Load Generator Name – We can also generate parameter while executing the script on controller on the basis of load generator name on which that script is running. This parameter only works while running the script on controller.

5. Vuser ID – When we run the script on controller, it assigns a unique id to each virtual user that emulate during the execution. This parameter type is used –
To print the Vuser ID in an external file for script-debugging purpose.
To segregate transaction volume based on Vuser ID

6. File – Some time we want to pass the specific value in the script. In such cases, we use file and enter the values that want to use during execution. LR provides options to run the script with provided list sequentially or randomly on next iteration.
In few cases we want to use a set of values passed to the script. In such cases, we can use same file for the other parameter value as well.
7. Random Number – As per need, Vugen also generates random value from the provided range.

8.Unique value – In few situations, script is not allowed to pass any duplicate value. In such cases, unique parameter is used to avoid failures due to duplicate value,.

9.User Defined function – Such parameter calls a function whose return value replaces the parameter name.

10. XML – XML Parameter Types are used for multiple valued data contained in an XML structure. XML parameters are widely used with Web Service scripts and with SOA services.

What is a HAR File and what is the use of HAR?

HAR stands for HTTP Archive. 

This is a common format for recording HTTP tracing information. This file contains a variety of information, but for our purposes, it has a record of each object being loaded by a browser. Each of these objects’ timings is recorded.

The HAR file format is still an evolving standard, and the information contained within is both flexible and extensible. You should expect the HAR file to include a breakdown of timings including:
  • how long it takes to fetch the DNS information
  • how long each object takes to be requested
  • how long it takes to connect to the server
  • how long it takes to transfer from the server to the browser of each object
  • whether the object is blocked or not
The data is stored as a JSON document and extracting meaning from the low level data is not always easy, but with practice, a HAR file can quickly help you identify the key performance problems with a web page, which in turn will help you efficiently target your development towards the areas that will deliver the greatest return on your efforts.

HTTP WATCH

Why do you need an HTTP Viewer or Sniffer?
All web applications make extensive use of the HTTP protocol (or HTTPS for secure sites). Even simple web pages require the use of multiple HTTP requests to download HTML, graphics and javascript. The ability to view the HTTP interaction between the browser and web site is crucial to these areas of web development:
  • Trouble shooting
  • Performance tuning
  • Verifying that a site is secure and does not expose sensitive information
How can HttpWatch Help?
HttpWatch integrates with Internet Explorer and Firefox browsers to show you exactly what HTTP traffic is triggered when you access a web page. If you access a site that uses secure HTTPS connections, HttpWatch automatically displays the decrypted form of the network traffic.

Conventional network monitoring tools just display low level data captured from the network. In contrast, HttpWatch has been optimized for displaying HTTP traffic and allows you to quickly see the values of headers, cookies, query strings .

HttpWatch also supports non-interactive examination of HTTP data. When log files are saved, a complete record of the HTTP traffic is saved in a compact file. You can even examine log files that your customers and suppliers have recorded using the free Basic Edition.
Why HttpWatch?

Seven reasons to use HttpWatch rather than other HTTP monitoring tools:
  1. Easy to Use - start logging after just a couple of mouse clicks in Internet Explorer or Firefox. No other proxies, debuggers or network sniffers have to be configured
  2. Productive - quickly see cookies, headers, POST data and query strings without having to manually decode raw HTTP packets
  3. Robust - reliably log thousands of HTTP transactions for hours or days while tracking down intermittent problems
  4. Accurate - HttpWatch has minimal impact on the normal interaction of the browser with a web site. No extra network hops are added, allowing you to measure real world HTTP performance
  5. Flexible - HttpWatch only requires client-side installation and will work with any server side technology that renders HTML pages in Internet Explorer or Firefox. No special server-side permissions or configurations are required - ideal for use against production servers on the Internet or Intranet
  6. Comprehensive - works with HTTP compression, redirection, SSL encryption & NTLM authentication. A complete automation interface provides access to recorded data and allows HttpWatch to be controlled from most popular programming languages.
  7. Professional Support - updates and bug fixes are provided free of charge on our website and technical support is available by email, phone or fax.

Uses of HttpWatch:
  1. Testing a web application to ensure that it is correctly issuing or setting headers that control page expiration
  2. Finding out how other sites work and how they implement certain features
  3. Checking the information that the browser is supplying when you visit a site
  4. Verifying that a secure web site is not issuing sensitive data in cookies or headers
  5. Tuning the performance of a web site by measuring download times, caching or the number of network round trips
  6. Learning about how HTTP works (useful for programming and web design classes)
  7. Alowing webmasters to fine tune the caching of images and other content
  8. Performing regression testing on production servers to verify performance and correct behavior

How to run Ajax Click n Script in Controller?

AJAX (Asynchronous JavaScript and XML) is a technique for creating interactive Web applications. With AJAX, Web pages exchange small packets of data with the server, instead of reloading an entire page. This reduces the amount of time that a user needs to wait when requesting data. It also increases the interactive capabilities and enhances the usability.
Using AJAX, developers can create fast Web pages using Javascript and asynchronous server requests. The requests can originate from user actions,timer events, or other predefined triggers.AJAX components, also known as AJAX controls, are GUI based controls that use the AJAX technique—they send a request to the server when trigger occurs.

For example, a popular AJAX control is a Reorder List control that lets you drag components to a desired position in a list. VuGen’s support for AJAX implementation is based on Microsoft’s ASP.NET AJAX Control Toolkit formerly known as Atlas.

AJAX Supported Frameworks

The supported frameworks for AJAX functions are:
Atlas 1.0.10920.0/ASP.NET AJAX—All controls
 Scriptaculous 1.8—Autocomplete, Reorder List, and Slider

VuGen supports the following frameworks at the engine level. This implies
that VuGen will create standard Web Click and Script steps, but not AJAX
specific functions:
 Prototype 1.6
 Google Web Toolkit (GWT) 1.4

AJAX Example Script

VuGen uses the control handler layer to create the effect of an operation on a GUI control. During recording, when encountering one of the supported AJAX controls, VuGen generates a function with an ajax_xxx prefix. In the following example, a user selected item number 1 (index=1) in an
Accordion control. VuGen generated an ajax_accordion function.

Note: When you record an AJAX session, VuGen generates standard Web (Click and Script) functions for objects that are not one of the supported AJAX controls. In the example above, the word FILE_PATH was typed into an edit box.

web_browser("Accordion.aspx",

DESCRIPTION,
ACTION,
"Navigate=http://labm1app08/AJAX/Accordion/Accordion.aspx",
LAST);
lr_think_time(5);
ajax_accordion("Accordion",
DESCRIPTION,
"Framework=atlas",
"ID=ctl00_SampleContent_MyAccordion",
ACTION,
"UserAction=SelectIndex",
"Index=1",
LAST);
web_edit_field("free_text_2",
"Snapshot=t18.inf",
DESCRIPTION,
"Type=text",
"Name=free_text",
ACTION,
"SetValue=FILE_PATH",
LAST);
  

Note: When you record an AJAX session, VuGen generates standard Web (Click and Script) functions for objects that are not one of the supported AJAX controls. In the example above, the word FILE_PATH was typed into an edit box.

"The requested operation cannot be completed because the Terminal connection is currently busy processing a connect operation" Error solved

This is the issue where a user has disconnected from a remote server instead logging off, taking up one of the Remote Desktop sessions.Then we will get the error "The terminal server has exceeded the maximum number of allowed connections".This can be easily corrected by logging into the server in console mode and manually logging off the user.

Whenever we try to connect for first time it will show the same error this is because the user was disconnected from the remote machine instead of logoff.vSo for this the user need to login to the system and log off the session that he opened previously.You can use the below commands to kill the user in remote machine. 




c:\>sc \\THESERVERNAME query TermService


SERVICE NAME: TermService

DISPLAY_NAME: Terminal Services
TYPE               : 20  WIN32_SHARE_PROCESS
STATE              : 4  RUNNING(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))
WIN32_EXIT_CODE    : 0  (0x0)
SERVICE_EXIT_CODE  : 0  (0x0)
CHECKPOINT         : 0x0
WAIT_HINT          : 0x0

The Terminal Services was running, it can't be restarted on Server 2003 so we can take a look att the running processes:

C:\>tasklist /s MYSERVERNAME /u MYUSERNAME /p MYPASSWORD
(Output truncated to highlight relevant processes) 

Image Name PID Session Name Session# Mem Usage

Image Name           PID      Session Name   Session#  Mem Usage

==================== ======== ============== ========= ============

System Idle Process  0                       0                 28 K

csrss.exe            4140     Console        7              2,684 K

winlogon.exe         4220     Console        7              5,840 K

logon.scr            4500     Console        7              1,580 K

Looking at the processes above, I recalled an issue that could sometimes arise with the logon.scr process on Virtual Machines. 

Thinking that logon.scr (Process ID 4500) may be the culprit, I decided try killing the process: 

C:\>taskkill /s MYSERVERNAME /u MYUSERNAME /p MYPASSWORD /PID 4500 SUCCESS: The process with PID 4500 has been terminated.

After seeing that the process was successfully killed, I tried logging in again and could do so successfully!

HP Performance Center 12 and HP LoadRunner 12 protocol bundles

Bundle name Protocols
.NET record/replay Microsoft® ADO.NET
Microsoft .NET 2.0, 3.0, 3.5, and 4.0
Windows® Communication Foundation (WCF)
Database ODBC
Oracle (2-Tier)
DCOM Microsoft COM/DCOM
Developer Unit Test (nUnit, jUnit, and Selenium)
SDK
GUI virtual users HP Functional Testing (HP QuickTest Professional)
Java record/replay Jacada
Java over HTTP Vuser
JMS
Network Domain Name Resolution (DNS)
File Transfer Protocol (FTP)
Internet Message Access Protocol (IMAP)
Lightweight Directory Access Protocol (LDAP)
Microsoft Exchange (MAPI)
Post Office Protocol (POP3)
Simple Mail Transfer Protocol (SMTP)
Tuxedo
Windows Sockets
CORBA—Java
RMI—Java (includes ORMI)
Oracle E-Business Oracle NCA
Oracle Web Applications 11i (Click and Script)
PeopleSoft Enterprise (Click and Script)
PeopleSoft—Tuxedo
Siebel—Web
Web (HTTP/HTML)
Remote access Citrix Virtual User (ICA)
Remote Terminal Emulation (RTE)
Remote desktop Microsoft Remote Desktop Protocol (RDP)
Protocol available for HP LoadRunner only.Share with colleagues Rate this document
Sign up for updates
hp.com/go/getupdated
Data sheet |
 Rich Internet applications Action Message Format (includes RTMP/AMF)
AJAX Click and Script
AJAX TruClient—Firefox
AJAX TruClient—IE
Flex Virtual User (for Adobe® Flash)
Silverlight Vuser
Mobile TruClient
SAP SAP Click and Script
SAP GUI
SAP—Web
SAP Mobile Platform (SMP)
SOA MQSeries—Client
MQSeries—Server
Service Test Vuser
Web Services
Templates2 C Vuser
C#.NET Vuser (Visual Studio add-in)
C++.NET Vuser (Visual Studio add-in)
Enterprise Java Beans (EJB)
Java Vuser
JavaScript Vuser
VBScript Vuser
VB.NET Vuser (Visual Studio add-in)
VBNet Vuser
Web 2.0 Web and multimedia, RIA and SOA (combined)
Web and multimedia Media Player (MMS)
Real (RealPlayer)
Web (Click and Script)
Web (HTTP/HTML)
Mobile Applications Protocol
Wireless Multimedia Messaging Service (MMS)
WAP

LoadRunner – Script Anatomy Description

When you record and save a LoadRunner script in Vugen, there are a number of files that are created. Here’s what they are, and what they do and identification of the files you can safely delete..

Files Required for PlaybackDuring the course of recording and playback of scripts, the Vugen application will create many files, but only some of them are necessary for playback (either in Vugen or the Controller).

For example, say you have script named PerformancEngineer, with two Actions, Home and Forums, then the required files you would need in the PerformanceEngineer script directory would be:

* PerformanceEngineer.usr
* default.usp
* default.cfg
* globals.h
* Home.c
* Forums.c
* vuser_init.c
* vuser_end.c
* PerformanceEngineer.prm

Here’s what is in each file:

PerformanceEngineer.usr: Primarily, the .usr file defines which actions are used by the script. There are other properties which define which protocols are used and other settings, but most of the info
default.usp: Contains the run logic for the script
default.cfg: Contains the run-time settings (except for run-logic)
globals.h: The global headers file- visible and editable in Vugen
*.c (Action files): These are the action files containing your script code. You can edit these files in ny text editor, if you want. Sometimes it is easier than starting up Vugen
PerformanceEngineer.prm: Containes the parameter definitions
*.dat: Your data files, you can save these in the script directory or somewhere else, even a mapped network drive on a different server
Files Created During Vugen Playback

All of the files listed below can safely be deleted and not affect your ability to use the script.

result1: One or more result directories are created which contain script playback results
*.idx: The .idx files are binary “index” files created by Vugen for holding parameter values
PerformanceEngineer.ci:
combined_PerformanceEngineer.c: A list of #includes for all of your Actions
logfile.log, mdrv.log: random log files which you will probably never need to look at
mdrv_cmd.txt, options.txt: These text files contain commands and arguments for the script compiler and driver (mdrv) and are created dynamically, so you can safely delete them.
output.txt: This one is important. This file contains all of the log messages generated during script playback. The contents of this file appear in the “Output Window” section of Vugen
output.bak: A backup of the above file
pre_cci.c: Output from the C pre-processor, which contains all of the functions used in your scrip, from all of the Acitons and header files.

In summary, you can delete: *.txt, *.log, *.idx, *.bak, result*, pre_cci.c, combined_*, *.ci
Files Created During Recording

The ‘data’ directory in your script directory contains the script recording data. I usually delete this so it doesn’t get checked into my version control system, but you may want to keep it around if you use the graphical scripting mode and/or you want to compare playback vs. recording. The auto-correlation feature makes use of this data, too, but I haven’t had much sucess using that feature.

(This has been referred from the site performanceengineer.com)

Perceiver Monitoring tool

Perceiver is the new monitoring tool.This is introduced because Companies invest in enterprise applications and infrastructure to deliver optimal service to their end-user community. IT organizations are asked to manage more systems with fewer resources, while reducing costs. Performance Analysts and Capacity Planners are often asked to create volumes of custom charts and graphs for different audiences, instead of focusing on high value capacity planning and performance engineering responsibilities that provide a greater return on investment for the company.For this it is the best solution to use the BMC perceiver tool. 

KEY BENEFITS :
User interface allows non-experts to easily access actionable data 
Ad hoc queries to track, view, and relate performance metrics to business applications 
Common interface for enterprisewide systems and applications
Out-of-the-box value with BMC best practices view

FEATURES :
1.Enhances decision-making capabilities by providing direct access to relevant performance data through a dynamic Web interface
2.Provides ad-hoc queries to track, view and relate detailed performance metrics to business applications 
3.Increases the visibility and success of the performance organization by providing a consumer viewing tool for internal customers
4. Simplifies training and use via an easy-to-use web interface, eliminating the need for expert users and additional in-depth training
5. Maximizes the investment in BMC Performance Assurance by greatly increasing the number of direct users
6. Delivers out-of-the-box value with pre-loaded BMC Software Best Practice views including an online drag and drop editor for customization
7. Protects your performance investment by providing a performance viewing tool available across multiple platforms 

ABOUT BMC SOFTWARE BMC Software delivers the solutions:
IT needs to increase business value through better management of technology and IT processes. Our industry-leading Business Service Management solutions help you reduce cost, lower risk of business disruption, and benefit from an IT infrastructure built to support business growth and flexibility. Only BMC provides best-practice IT processes, automated technology management, and award-winning BMC Atrium technologies that offer a shared view into how IT services support business priorities. Known for enterprise solutions that span mainframe, distributed systems, and enduser devices, BMC also delivers solutions that address the unique challenges of the midsized business. Founded in 1980, BMC has offices worldwide and fiscal 2008 revenues of $1.73 billion. Activate your business with the power of IT. www.bmc.com

Source: http://discovery.bmc.com/

nslookup for multiple servers with a single click.

Nslookup is a command testing and troubleshooting the DNS servers. 

Nslookup can be run in two methods.They are interactive and noninteractive. Noninteractive mode is useful when only a single piece of data n eeds to be returned. 

Syntax: nslookup [-option] [hostname] [server]

some times it may need to get the dns details for the large number of servers at that time we need to run the command multiple times and capture the values each and time we hit the command.

To simplify this situation i have found an interesting too named as dnsdataview tool.
You can nslookup multiple number of servers at a single click with the clean GUI.

Download the tool here:

http://www.nirsoft.net/utils/dnsdataview.zip

Reference: http://www.nirsoft.net/utils/dns_records_viewer.html

WHAT IS A REVERSE PROXY SERVER?

A proxy server is a go-between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy  server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate back-end server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.

Reverse proxy server benefits:


1.Load balancing: A reverse proxy server can act as a “traffic cop,” sitting in front of your back-end servers and distributing client requests across a group of servers in a manner that maximizes speed and capacity utilization while ensuring no one server is overloaded, which can degrade performance. If a server goes down, the load balancer redirects traffic to the remaining online servers.

2.Web acceleration:Reverse proxies can compress inbound and outbound data, as well as cache commonly requested content, both of which speed up the flow of traffic between clients and servers. They can also perform additional tasks such as SSL encryption to take load off of your web servers, thereby boosting their performance.

3.Security and anonymity :By intercepting requests headed for your back-end servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locater or URL regardless of the structure of your local area network