Re: DD -> Netcat NT Imaging

From: Volker Tanger (volker.tangerat_private)
Date: Fri Sep 13 2002 - 06:46:26 PDT

Next message: Ed Moyle: "RE: Question about brute forcing EFS..."

Previous message: Valdis.Kletnieksat_private: "Re: DD -> Netcat NT Imaging"
In reply to: Valdis.Kletnieksat_private: "Re: DD -> Netcat NT Imaging"
Next in thread: Valdis.Kletnieksat_private: "Re: DD -> Netcat NT Imaging"
Reply: Valdis.Kletnieksat_private: "Re: DD -> Netcat NT Imaging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Valdis.Kletnieksat_private wrote:
> On Fri, 13 Sep 2002 13:59:53 +0200, Volker Tanger said:
> 
> 
>>Had this phenomenon once or twice. The timeout may happen if the sending 
>>party is much slower than the reveiving one AND the receiving one also 
>>is the listening nc.
> 
> 
> OK.. either I'm dense or I've not had enough caffeine.  How do you set up
> a situation where the receiving netcat *isnt* the listening one?  In other
> words, under what situations is the 'AND' clause *not* true?

Slow-Server:  dd if=/dev/hda | bzip2 -c | nc -p 12345 -l
Fast-Client:  nc SERVER 12345 > image.bz2

Basically you should build the queue continuously (!) degrading to from 
fast to slow. The sample above should then read as follow, if you aim 
for reliable network connection:

Slow-Server:  cat image.bz2 | nc CLIENT 12345
Fast-Client:  nc -p 12345 -l | bzip2 -c > image.bz2

This way there always is data "waiting at the door" to be received. In 
the first sample the nc client is "torn" between the slow server and the 
speeding local HD. This setup simply is calling for timeouts.

More Netact imaging fun (okay, I was trying to play dirty here): I once 
tried to chain clients like

Master: 
    dd if=/dev/hda | nc CLIENT#1 1111
Client#1:  dd -p 1111 -l | tee /dev/hda | nc CLIENT#2 2222
Client#2:  dd -p 2222 -l | tee /dev/hda | nc CLIENT#3 3333
Client#3:  dd -p 3333 -l | tee /dev/hda ......

which failed to complete all times I tried. Always there was a timeout 
somewhere. Even extraordinary timeouts (-w 28800 = 8 hours) did not 
help. Identical hardware on all parts, so no speed difference here.

I finally settled with putting a GZIPped image on a server and then 
feeding the clients from there, unbzip2ing the image on the clients. 
With the same hardware I easily could serve ~150 clients this way - much 
more reliable and additionaly more flexible than the daisy chain tried 
above.

Bye

Volker Tanger
IT-Security Consulting

-- 
discon gmbh
Wrangelstraße 100
D-10997 Berlin

fon    +49 30 6104-3307
fax    +49 30 6104-3461

volker.tangerat_private
http://www.discon.de/

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Ed Moyle: "RE: Question about brute forcing EFS..."
Previous message: Valdis.Kletnieksat_private: "Re: DD -> Netcat NT Imaging"
In reply to: Valdis.Kletnieksat_private: "Re: DD -> Netcat NT Imaging"
Next in thread: Valdis.Kletnieksat_private: "Re: DD -> Netcat NT Imaging"
Reply: Valdis.Kletnieksat_private: "Re: DD -> Netcat NT Imaging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 09:17:42 PDT