List of examples:
| Category | Example title |
|---|---|
| Debug | Run a program in another namespace's pid |
| Debug | Access the filesystem of another namespace's pid |
| Debug | Monitor the CPU/IO/Memory used by another namespace's pid |
| Monitoring | Monitors network usage |
| Monitoring | Monitor Java memory |
| Network | Start a SOCKS server |
| Performance | Network performance between two points |
| Performance | Connectivity to a database via JDBC |
| Security | Get a remote host TLS/SSL certificate details |
| Security | Export a remote host TLS/SSL certificate |
| Test | Test TCP port reachability and/or ping |
| Test | Start an echo web server |
To search for a specific example type '/Network performance' and use the arrow keys to navigate
You can provide a comma delimited list of hosts and ports to test if those TCP ports are reachable:
testHosts.yaml targets=a.host:1234,b.host:2345,c.host:3456This will return a table indicating if the TCP ports are reachable including the time it took to receive the acknowledgement.
If the port is not specified it will also perform a "ping" (ICMP) test. You can also export the results to CSV if necessary:
testHosts.yaml targets=a.host:1234,a.host,b.host:2345,b.host __format=csvTo obtain the transfer rate, bandwidth and error ratio transmiting from point B to point A, on point A execute:
iperf -s -p 12345And on point B execute:
iperf -c a.point.net.local -p 12345 -e --trip-timesCheck point A output for latency results
You can test connectivity to a PostgreSQL, H2 and Oracle databases without any extra driver.
- Set the database password securely
read -sp "Password: " PASS && export PASS && echo- Execute for the target database JDBC and user
jdbc.yaml jdbc=jdbc:postgresql://hh-pgsql-public.ebi.ac.uk:5432/pfmegrnargs user=reader pass=$PASSTo check more options just execute
jdbc.yaml
To monitor the network usage, and bandwidth, on a specific network device (e.g. eth0), execute:
sudo iftop -i eth0 -PThis is possible by starting a debug container for an existing Kubernetes pod where a Java application is running (execute 'usage-help' to get more details on how to start a Kubernetes debug container).
In the debugger container identify the running Java process:
ps axfPIDs are "shared" between the target container and the debug container
After identifying the Java pid of the target container execute a similar command changing the HSPERF variable value (the example is assuming pid 12 running under "myuser"):
HSPERF=/proc/12/root/tmp/hsperfdata_myuser/12 && oafp $HSPERF in=hsperf path=java out=grid grid="[[(title:Threads,type:chart,obj:'int threads.live:green:live threads.livePeak:red:peak threads.daemon:blue:daemon -min:0')|(title:Class Loaders,type:chart,obj:'int cls.loadedClasses:blue:loaded cls.unloadedClasses:red:unloaded')]|[(title:Heap,type:chart,obj:'bytes __mem.total:red:total __mem.used:blue:used -min:0')|(title:Metaspace,type:chart,obj:'bytes __mem.metaTotal:blue:total __mem.metaUsed:green:used -min:0')]]" loop=1You can also check a more complete dashboard with:
javaGC.yaml file=/proc/12/root/tmp/hsperfdata_myuser/12You can start an echo web server to repeat whatever requests it receives. Every request will be logged and also sent back as a reply. To start just execute:
EchoHTTPd.yaml port=8080You can start it directly by executing
docker run --rm -p 8080:8080 nmaguiar/netutils EchoHTTPd.yaml port=8080
You can execute a program (including a shell) in another namespace's pid.
If you are using kubectl debug pod-to-debug -it --image nmaguiar/netutils --target=container-to-debug --profile=sysadmin -- /bin/bash:
nsenter -t [target pid] -m -u -n -i shor if you are using docker run -it --rm --privileged --pid=host nmaguiar/netutils you can run:
nsenter -t 1 -m -u -n -i shIf you are using kubectl debug pod-to-debug -it --image nmaguiar/netutils --target=container-to-debug --profile=sysadmin -- /bin/bash or docker run -it --rm --privileged --pid=host nmaguiar/netutils and you need to access the other namespace pid filesystem execute:
sudo bash
switch-fs-by-pid.sh 1234If you are using kubectl debug pod-to-debug -it --image nmaguiar/netutils --target=container-to-debug --profile=sysadmin -- /bin/bash or docker run -it --rm --privileged --pid=host nmaguiar/netutils and you need to access the other namespace pid filesystem execute:
# CPU of 1234 every 1 sec
pidstat -p 1234 1
# IO of 1234 every 1 sec
pidstat -p 1234 -d 1
# Memory of 1234 every 1 sec
pidstat -p 1234 -r 1A SOCKS server allows you to use a browser or other client application to access the docker or Kubernetes network where nmaguiar/netutils is ruunning on:
kubectl run netutils --rm -it --image nmaguiar/netutils -- socksProxy.yamlThen start a port-forward where you client (e.g. browser) is installed:
kubectl port-forward pod/netutils 11080:1080To test you can use curl to access a service or a pod IP address:
curl http://test.my-namespace.svc:12345 --proxy socks5h://127.0.0.1:11080To start a Chrome browser to connect to the socks proxy:
| OS | Command |
|---|---|
| Linux/WSL | curl https://ojob.io/unix/newChrome.sh | sh -s default localhost:11080 |
| Mac | curl https://ojob.io/mac/newChrome.sh | sh -s default localhost:11080 |
| Windows | curl https://ojob.io/win/newChrome.bat -O newChrome.bat && newChrome.bat default localhost:11080 |
Check https://github.com/nmaguiar/socksd for more details to connect different clients
To get details about a remote host TLS/SSL certificate you can execute:
DOMAIN=example.com && oaf -c "sprint(ow.loadNet().getTLSCertificates('$DOMAIN',443))" | oafp path="[].{issuer:issuerDN,subject:subjectDN,notBefore:notBefore,notAfter:notAfter,alternatives:join(' | ',sort(map(&[1],nvl(alternatives,\`[]\`))))}" out=ctreeFor complete details you can also run:
openssl s_client -connect example.com:443 -servername example.com </dev/null 2>/dev/null | openssl x509 -textTo export the PEM file for a remote host TLS/SSL certificate execute:
openssl s_client -connect example.com:443 -servername example.com </dev/null 2>/dev/null | openssl x509 -outform PEM -out example_com_cert.pemTo verify the exported certificate execute:
openssl x509 -in example_com_cert.pem -text -noout