Configuring a NTP(Network Time Protocol ) client on Solaris 10

Configuring a NTP client

 

Create the ntp.conf file

You can use ntp.client file as template and edit ntp.conf

#cd /etc/inet
# cp ntp.client ntp.conf

 Eg :

 #vi /etc/inet/ntp.client

#

# An example file that could be copied over to /etc/inet/ntp.conf; it

# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.
#
server 192.168.10.6 prefer
server 172.16.0.2
driftfile /var/ntp/ntp.drift
multicastclient 224.0.1.1
#

Save and exit from ntp.conf

 

Check the NTP server reachability and response to NTP client:

 

# ntpdate -d 192.168.10.6

30 Jun 12:51:46 ntpdate[9927]: ntpdate 3-5.93e+sun 03/06/05 23:16:45 (1.4)
transmit(192.168.10.6)
receive(192.168.10.6)
transmit(192.168.10.6)
receive(192.168.10.6)
transmit(192.168.10.6)
receive(192.168.10.6)
transmit(192.168.10.6)
receive(192.168.10.6)
transmit(192.168.10.6)
server 192.168.10.6, port 123
stratum 4, precision -18, leap 00, trust 000
refid [127.127.1.0], delay 0.02591, dispersion 0.00000
transmitted 4, in filter 4
reference time:    db1f46e8.a3e1a000  Thu, Jun 30 2016 12:51:12.640
originate timestamp: db1f470a.efb60000  Thu, Jun 30 2016 12:51:46.936
transmit timestamp:  db1f470a.efa4d000  Thu, Jun 30 2016 12:51:46.936
filter delay:  0.02599  0.02591  0.02591  0.02591
                   0.00000  0.00000  0.00000  0.00000
filter offset: 0.000024 0.000012 0.000012 0.000012

                  0.000000 0.000000 0.000000 0.000000

delay 0.02591, dispersion 0.00000
offset 0.000012

30 Jun 12:51:46 ntpdate[9927]: adjust time server 172.16.0.2 offset 0.000012 sec

 

Start the ntpd daemon

# svcadm enable svc:/network/ntp:default

Check the ntp service status:

#svcs ntp
STATE  STIME   FMRI
online 10:23:44 svc:/network/ntp:default

 

driftfile /var/ntp/ntp.drift à The difference between your clock and the time provided by NTP servers can be examined by viwing the drift file:

Eg:

# cat /var/ntp/ntp.drift
-40.65

Once the service is running you can check which server is sync with the client:

if there is * against 192.168.10.6 means NTP sync is working with particular server.

- outlyer

The peer is discarded by the clustering algorithm as an outlyer.

+ candidat

The peer is a survivor and a candidate for the combining algorithm.

# selected

The peer is a survivor, but not among the first six peers sorted by synchronization distance. If the association is ephemeral, it may be demobilized to conserve resources.

* sys.peer

The peer has been declared the system peer and lends its variables to the system variables.

  

NTP default port :123 UDP

 

Read More

See default ports in solaris 10

# cat /etc/services
#
# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident  "@(#)services   1.34    08/11/19 SMI"
#
# Network services, Internet style
#
tcpmux          1/tcp
echo            7/tcp
echo            7/udp
discard         9/tcp           sink null
discard         9/udp           sink null
systat          11/tcp          users
daytime         13/tcp
daytime         13/udp
netstat         15/tcp
chargen         19/tcp          ttytst source
chargen         19/udp          ttytst source
ftp-data        20/tcp
ftp             21/tcp
ssh             22/tcp                          # Secure Shell
telnet          23/tcp
smtp            25/tcp          mail
time            37/tcp          timserver
time            37/udp          timserver
name            42/udp          nameserver
whois           43/tcp          nicname         # usually to sri-nic
domain          53/udp
domain          53/tcp
bootps          67/udp                          # BOOTP/DHCP server
bootpc          68/udp                          # BOOTP/DHCP client
kerberos        88/udp          kdc             # Kerberos V5 KDC
kerberos        88/tcp          kdc             # Kerberos V5 KDC
hostnames       101/tcp         hostname        # usually to sri-nic
pop2            109/tcp         pop-2           # Post Office Protocol - V2
pop3            110/tcp                         # Post Office Protocol - Version 3
sunrpc          111/udp         rpcbind
sunrpc          111/tcp         rpcbind
imap            143/tcp         imap2           # Internet Mail Access Protocol v2
ldap            389/tcp                         # Lightweight Directory Access Protocol
ldap            389/udp                         # Lightweight Directory Access Protocol
dhcpv6-client   546/udp         dhcpv6c         # DHCPv6 Client (RFC 3315)
dhcpv6-server   547/udp         dhcpv6s         # DHCPv6 Server (RFC 3315)
submission      587/tcp                         # Mail Message Submission
submission      587/udp                         #    see RFC 2476
ldaps           636/tcp                         # LDAP protocol over TLS/SSL (was sldap)
ldaps           636/udp                         # LDAP protocol over TLS/SSL (was sldap)
#
# Host specific functions
#
tftp            69/udp
rje             77/tcp
finger          79/tcp
link            87/tcp          ttylink
supdup          95/tcp
iso-tsap        102/tcp
x400            103/tcp                         # ISO Mail
x400-snd        104/tcp
csnet-ns        105/tcp
pop-2           109/tcp                         # Post Office
uucp-path       117/tcp
nntp            119/tcp         usenet          # Network News Transfer
ntp             123/tcp                         # Network Time Protocol
ntp             123/udp                         # Network Time Protocol
netbios-ns      137/tcp                         # NETBIOS Name Service
netbios-ns      137/udp                         # NETBIOS Name Service
netbios-dgm     138/tcp                         # NETBIOS Datagram Service
netbios-dgm     138/udp                         # NETBIOS Datagram Service
netbios-ssn     139/tcp                         # NETBIOS Session Service
netbios-ssn     139/udp                         # NETBIOS Session Service
NeWS            144/tcp         news            # Window System
slp             427/tcp         slp             # Service Location Protocol, V2
slp             427/udp         slp             # Service Location Protocol, V2
mobile-ip       434/udp         mobile-ip       # Mobile-IP
cvc_hostd       442/tcp                         # Network Console
ike             500/udp         ike             # Internet Key Exchange
uuidgen         697/tcp                         # UUID Generator
uuidgen         697/udp                         # UUID Generator
#
# UNIX specific services
#
# these are NOT officially assigned
#
exec            512/tcp
login           513/tcp
shell           514/tcp         cmd             # no passwords used
printer         515/tcp         spooler         # line printer spooler
courier         530/tcp         rpc             # experimental
uucp            540/tcp         uucpd           # uucp daemon
biff            512/udp         comsat
who             513/udp         whod
syslog          514/udp
talk            517/udp
route           520/udp         router routed
ripng           521/udp
klogin          543/tcp                         # Kerberos authenticated rlogin
kshell          544/tcp         cmd             # Kerberos authenticated remote shell
new-rwho        550/udp         new-who         # experimental
rmonitor        560/udp         rmonitord       # experimental
monitor         561/udp                         # experimental
pcserver        600/tcp                         # ECD Integrated PC board srvr
sun-dr          665/tcp                         # Remote Dynamic Reconfiguration
kerberos-adm    749/tcp                         # Kerberos V5 Administration
kerberos-adm    749/udp                         # Kerberos V5 Administration
kerberos-iv     750/udp                         # Kerberos V4 key server
krb5_prop       754/tcp                         # Kerberos V5 KDC propogation
ufsd            1008/tcp        ufsd            # UFS-aware server
ufsd            1008/udp        ufsd
cvc             1495/tcp                        # Network Console
ingreslock      1524/tcp
www-ldap-gw     1760/tcp                        # HTTP to LDAP gateway
www-ldap-gw     1760/udp                        # HTTP to LDAP gateway
listen          2766/tcp                        # System V listener port
nfsd            2049/udp        nfs             # NFS server daemon (clts)
nfsd            2049/tcp        nfs             # NFS server daemon (cots)
eklogin         2105/tcp                        # Kerberos encrypted rlogin
lockd           4045/udp                        # NFS lock daemon/manager
lockd           4045/tcp
ipsec-nat-t     4500/udp                        # IPsec NAT-Traversal
dtspc           6112/tcp                        # CDE subprocess control
fs              7100/tcp                        # Font server
#[swat] The swat service is added by the SUNWsmbar package.
#[swat] Removing the swat service manually while SUNWsmbar
#[swat] package is installed in the system can cause issues
#[swat] with smf(5) stability or with zones(5) installation.
swat            901/tcp                         # Samba Web Adm.Tool
apocd   38900/udp
snmpd           161/udp        snmp             # SMA snmp daemon
servicetag      6481/udp
servicetag      6481/tcp


You can just edit and restart 

Read More

Creating Persistent Routes in Solaris

Creating Persistent Routes in Solaris

Print the currently active routes:

# netstat -rn

Routing Table: IPv4

  Destination           Gateway           Flags  Ref     Use     Interface

-------------------- -------------------- ----- ----- ---------- ---------

default              172.16.0.254         UG        1 1650937522

10.0.0.0             172.16.0.12          UG        1   10206514

172.16.0.0           172.16.0.3           U         1    9528249 igb0:1

224.0.0.0            172.16.0.3           U         1          0 igb0:1

127.0.0.1            127.0.0.1            UH       19      26626 lo0:1

Add a route persistently:

# route -p add default ip-address

Eg:

# route -p add 192.168.10.0/24 172.16.0.10

-p             Make changes to the network route tables per-

                    sistent across system restarts. The operation

                    is applied  to  the  network  routing  tables

                    first  and, if successful, is then applied to

                    the list  of  saved  routes  used  at  system

                    startup.  In determining whether an operation

                    was successful, a failure to add a route that

                    already  exists  or to delete a route that is

                    not in the routing table is ignored. Particu-

                    lar  care  should be taken when using host or

                    network  names  in  persistent   routes,   as

                    network-based  name  resolution  services are

                    not available at the time routes are added at

                    startup.

          (Reference :Solaris man page)

For routes that are created by using this method, use following command

to display all of the static routes

 #route -p show 

Following examples creates an IPv4 route to the destination 192.168.10.0 and subnet  with the subnet  mask of 255.255.255.0(/24):

# route add 192.168.10.0/24 somegateway

       

# route add 192.168.10.0 -netmask 255.255.255.0 somegateway

# route add 192.168.10.0 somegateway 255.255.255.0

For IPv6, only “/” format is accepting for subnet. The following example creates an IPv6 route to the destination 35dd:: with netmask of 16 one-bits followed by 112 zero-bits.

# route add -inet6 35dd::/16 somegateway

Read More

How to Capture Network Packets in Solaris

How to Capture Network Packets in Solaris  

# snoop -h

snoop: illegal option -- h

Usage:  snoop

        [ -a ]                  # Listen to packets on audio

        [ -d device ]           # Listen on interface named device

        [ -s snaplen ]          # Truncate packets

        [ -c count ]            # Quit after count packets

        [ -P ]                  # Turn OFF promiscuous mode

        [ -D ]                  # Report dropped packets

        [ -S ]                  # Report packet size

        [ -i file ]             # Read previously captured packets

        [ -o file ]             # Capture packets in file

        [ -n file ]             # Load addr-to-name table from file

        [ -N ]                  # Create addr-to-name table

        [ -t  r|a|d ]           # Time: Relative, Absolute or Delta

        [ -v ]                  # Verbose packet display

        [ -V ]                  # Show all summary lines

        [ -p first[,last] ]     # Select packet(s) to display

        [ -x offset[,length] ]  # Hex dump from offset for length

        [ -C ]                  # Print packet filter code

        [ -q ]                  # Suppress printing packet count

        [ -r ]                  # Do not resolve address to name

        [ filter expression ]

Example:

        snoop -o saved  host fred

        snoop -i saved -tr -v -p19

Show DHCP packets :

# snoop |grep -i dhcp

Using device igb0 (promiscuous mode)

   50.17.0.1 -> NTU-HQ-GLOBAL DHCP/BOOTP DHCPDISCOVER

NTU-HQ-GLOBAL -> 50.17.0.1    DHCP/BOOTP DHCPOFFER

   50.17.0.1 -> NTU-HQ-GLOBAL DHCP/BOOTP DHCPDISCOVER

Show UDP packets :

# snoop |grep -i udp

Using device igb0 (promiscuous mode)

  172.16.0.1 -> 50.200.0.229 UDP D=1728 S=37628 LEN=32

  172.16.0.1 -> 50.17.0.41   UDP D=1728 S=37628 LEN=32

  172.16.0.1 -> 50.210.0.214 UDP D=1728 S=37628 LEN=32

Verbose packet display:

# snoop -v

ETHER:  ----- Ether Header -----

ETHER:

ETHER:  Packet 182 arrived at 15:37:15.74365

ETHER:  Packet size = 66 bytes

ETHER:  Destination = 0:0:5e:0:1:64, U.S. Department of Defense (IANA)

ETHER:  Source      = 0:21:28:d2:88:8c,

ETHER:  Ethertype = 0800 (IP)

^CETHER:

IP:   ----- IP Header -----

IP:

IP:   Version = 4

IP:   Header length = 20 bytes

IP:   Type of service = 0x00

IP:         xxx. .... = 0 (precedence)

IP:         ...0 .... = normal delay

IP:         .... 0... = normal throughput

IP:         .... .0.. = normal reliability

IP:         .... ..0. = not ECN capable transport

IP:         .... ...0 = no ECN congestion experienced

IP:   Total length = 52 bytes

IP:   Identification = 36051

IP:   Flags = 0x4

IP:         .1.. .... = do not fragment

IP:         ..0. .... = last fragment

IP:   Fragment offset = 0 bytes

IP:   Time to live = 255 seconds/hops

IP:   Protocol = 17 (UDP)

IP:   Header checksum = 0000

IP:   Source address = 172.16.0.1, 172.16.0.1

IP:   Destination address = 50.78.0.6, 50.78.0.6

IP:   No options

IP:

UDP:  ----- UDP Header -----

UDP:

UDP:  Source port = 37628

UDP:  Destination port = 1728

UDP:  Length = 32

UDP:  Checksum = DE96

UDP:

Display information on host 172.16.0.1 using summary verbose mode:

# snoop -V 172.16.0.1

To enable data captures from the snoop output without losing packets (while writing to the screen)by sending the snoop output to a file (snooper) :

# snoop -o/tmp/snooper -V 172.16.0.1

Show broadcast packets:

# snoop -d igb0 broadcast

Using device igb0 (promiscuous mode)

50.17.0.1   -> (broadcast)  ARP C Who is 172.16.0.8, sys13 ?

       

Read More

How to traceroute in Solaris 10

traceroute

It will print the route packets take to network host

# traceroute

Usage: traceroute [-adFIlnSvx] [-A address_family] [-c traffic_class]

        [-f first_hop] [-g gateway [-g gateway ...]| -r] [-i iface]

        [-L flow_label] [-m max_hop] [-P pause_sec] [-p port] [-Q max_timeout]

        [-q nqueries] [-s src_addr] [-t tos] [-w wait_time] host [packetlen]

Some output symbol descriptions:

!  the ttl (hop limit) value in the received packet is <= 1.

!H host unreachable.

# traceroute  5 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 40 byte packets

 1  172.16.0.250 (172.16.0.250)  0.679 ms !H *  0.594 ms !H

!X communication administratively prohibited.

 ICMP (ICMP6) unreachable code N.

!F The associated gateway is broken.

!N network unreachable.

!P protocol unreachable.

!S source route failed. It is likely that the gateway does not support source routing.

!T unreachable for the specified TOS (type-of-service).

!U source host isolated or precedence problem.

!A host unreachable for a reason other than lack of an entry in the routing table.

!B packet too big.

!E destination is not a neighbor.

!R unrecognized next header.

# traceroute  50.200.0.144

traceroute to 50.200.0.144 (50.200.0.144), 30 hops max, 40 byte packets

 1  172.16.0.250 (172.16.0.250)  0.457 ms  0.285 ms  0.320 ms

 2  50.200.0.144 (50.200.0.144)  1.593 ms  1.475 ms  1.549 ms

Read More

Continuous ping in solaris 10

usage: ping host [timeout]
usage: ping -s [-l | U] [adLnRrv] [-A addr_family] [-c traffic_class]
        [-g gateway [-g gateway ...]] [-F flow_label] [-I interval]
        [-i interface] [-P tos] [-p port] [-t ttl] host [data_size] [npackets]

 -s  :  Send one  datagram  per  second  and collect statistics.

Put a Continuous ping:

# ping -s 50.17.0.1
PING 50.17.0.1 (50.17.0.1): 56 data bytes
64 bytes from 50.17.0.1: icmp_seq=0. time=1.22 ms
64 bytes from 50.17.0.1: icmp_seq=1. time=26.5 ms
64 bytes from 50.17.0.1: icmp_seq=2. time=8.13 ms
64 bytes from 50.17.0.1: icmp_seq=3. time=64.1 ms
64 bytes from 50.17.0.1: icmp_seq=4. time=30.7 ms
64 bytes from 50.17.0.1: icmp_seq=5. time=33.9 ms
64 bytes from 50.17.0.1: icmp_seq=6. time=1.03 ms
64 bytes from 50.17.0.1: icmp_seq=7. time=1.14 ms

.

.

.

.

.

64 bytes from 50.17.0.1: icmp_seq=26. time=1.27 ms

64 bytes from 50.17.0.1: icmp_seq=27. time=0.994 ms

^C

----50.17.0.1 PING Statistics----

28 packets transmitted, 28 packets received, 0% packet loss

round-trip (ms)  min/avg/max/stddev = 0.989/19.27/64.1/18.9

Put a Continuous ping with specific data size :

# ping  -s 50.17.0.1 200

PING 50.17.0.1: 200 data bytes

208 bytes from 50.17.0.1: icmp_seq=0. time=1.35 ms

208 bytes from 50.17.0.1: icmp_seq=1. time=27.1 ms

208 bytes from 50.17.0.1: icmp_seq=2. time=22.1 ms

^C

----50.17.0.1 PING Statistics----

3 packets transmitted, 3 packets received, 0% packet loss

round-trip (ms)  min/avg/max/stddev = 1.35/16.9/27.1/14.

Read More