How to generate a crash dump on Redhat Linux
The Red Hat Crash Utility is a kernel-specific debugger. It is usually used for performing postmortem system analysis when the system panicked, locked up, or appears unresponsive.
Starting with the Red Hat Enterprise Linux 3 release, the crash utility is automatically installed during the system installation if the Development Tools package set is selected.
Test that Diskdump works. The following commands will crash your machine:
# echo 1 > /proc/sys/kernel/sysrq
# echo c > /proc/sysrq-trigger
Make sure that you run the above two commands in console (press Ctrl + Alt + F1), so that we can see what is happening when your system crashes. You have to perform this so that you can have a vmcore file to follow the rest of the paper. It will be located at /var/crash.
tcpdump - dump traffic on a network
Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.
Example:
root@u12:~# tcpdump -nnvvXS -c2 port 80
-n
Don’t convert host addresses to names. This can be used to avoid DNS lookups.
-nn
Don’t convert protocol and port numbers etc. to names either.
-vv
Even more verbose output. For example, additional fields are printed from NFS reply packets, and SMB packets are fully decoded.
-X
When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
-S
Print absolute, rather than relative, TCP sequence numbers.
tshark - Dump and analyze network traffic
TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TSharkâs native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.
Without any options set, TShark will work much like tcpdump. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet.
Example :
# tshark -n -i ppp0 port 80
Running as user “root” and group “root”. This could be dangerous.
Capturing on ppp0
-n Disable network object name resolution (such as hostname, TCP and UDP port names), the -N flag might override this one.
-i [capture interface]
Taking dump of multiple tables
The mysqldump can be used to dump a database or a collection of databases for backup or for transferring the data to another MySQL server.
Execute the following command to get the dump of a table.
$ mysqldump -uusername -p databasename tablename > dump_filename.sql
This table can be added to the database using the following command.
$ mysql -uusername -p databasename < dump_filename.sql
In order to take dump of N tables named table1, table2.table3….tableN use the following syntax:
$ mysqldump -uusername -p databasename table1 table2 table3 …. tableN > dump_filename.sql
