Nix and non intel platform issues
Sponsored Links
This presentation is the property of its rightful owner.
1 / 21

*nix and Non-Intel Platform issues PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

CSC 486/586. *nix and Non-Intel Platform issues. Objectives. Non-Intel hardware (RISC platform) issues Other *nix issues (any platform) Network scanning Backup Tapes. Non Intel-based (x86) hardware platforms - RISC. SUN, HP-UX, IBM, Apple, etc. How do I boot it?.

Download Presentation

*nix and Non-Intel Platform issues

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

CSC 486/586

*nix and Non-Intel Platform issues


  • Non-Intel hardware (RISC platform) issues

  • Other *nix issues (any platform)

    • Network scanning

    • Backup Tapes

Non Intel-based (x86) hardware platforms - RISC

SUN, HP-UX, IBM, Apple, etc.

How do I boot it?

  • Your Intel boot disks (CD/floppy) won’t boot it

  • Usually no floppy drive and may be no CD drive either

  • If you don’t have a boot CD for the proprietary platform, you may need to boot to the native UNIX OS and perform any data acquisition from within the native OS using built-in UNIX commands

  • May need to use native system to access NAS or other storage medium….better practice ahead of time!!!

Can I attach my drive to it?

  • Proprietary drive controllers

  • Usually no PCI slot for your own controller

  • Usually SCSI…

    • Is it “High Voltage” SCSI (HVD) or Low Voltage (LVD)?

    • Don’t fry your drive!!!

      • Their high voltage drive + your low voltage system = nothing

      • Your low voltage drive + their high voltage system = smoke

    • Adaptec 2944 controller card

    • Look for a standard SCSI controller in drive. Usually a standard SCSI tape backup drive attached to the standard SCSI controller.

You’ve attached your drive now what?

  • Better get online or start reading the Sys admins manuals…

  • Identify your drive from the subject hard drives within the OS

  • You need to partition and format your drive with a UFS file system…..using Unix commands

    If you are not sure what to do….call someone!!!

Data Acquisition???

  • Image with “dd”

  • Capture files and folders with “tar” onto your UFS formatted drive

  • CP or CPIO (but the first two options are better)

  • FTP data across the network to another machine

    • You should always have an FTP client on your laptop (i.e. SmartFTP).

    • FTP command line version is built into all OSs.

    • Use WinRAR or tar (in the native Unix OS) to put a “wrapper” around files pulled off by FTP

    • This is usually the best way to deal with machines like an IBM AS-400

      If you are not sure what to do….call someone!!!

How will you analyze the data?

  • Do you need the RISC system to “analyze” the data you are seizing?

  • Do you need to “run” the Unix software or just look at files?

  • FTP’d database files may not do much good without the front-end database app.

  • Linux can be used to view, search, extract files you seize onto your UFS formatted drive.

Other Linux/Unix Issues

  • Network Scanning

    • Nmap

  • Backup Tapes

    • How to read tapes, pull data off and uncompress it with Linux/Unix

Windows scanning tools vs. Nmap

  • Scanned

Windows scanning tools vs. Nmap

  • Same IP address range scanned….this time in Linux with Nmap 4.23RC1

  • Detected ALL machines, even those running firewalls!

Backup Tapes

  • Tape data is linear…just a stream of data in whatever form the backup utility writes.

    • No Partition, no file system

    • Normally can not “map out” files and directories without the backup utility that created the data stream.

  • Tapes come in many sizes, capacities, and use a variety of different tape drives.

  • Many commonly used backup programs/utilities.

Backup Tapes

  • Unless you have a tape drive of the same type used, also seize the tape drive so you have a device that reads the tapes.

  • If seizing backup tapes, also seize the backup software used by the subject.

  • …but what do you do if someone just gives you tapes and you don’t know what program created the backup data.

Working with Tapes in Linux

  • mt – SCSI tape control

  • dd – device copy

  • file – File signature identification

  • Proper SCSI tape device driver

    • /dev/st0 – rewinding tape device

    • /dev/nst0 – non-rewinding tape device

  • First set the block size of your tape drive to 0 so that you can read variable block sizes.

    • mt -f /dev/st0 setblk 0

Determining allocation (how much data is on the tape)

  • Run to end of data (EOD) on tape

    mt -f /dev/nst0 eod

  • Determine position on tape

    mt -f /dev/nst0 tell

  • Response is total blocks allocated on the tape

    Tape is at block 24088

  • Rewind tape

    mt –f /dev/st0 rewind

Finding block size

  • Grab an arbitrary large block of data to force error reporting

    dd if=/dev/nst0 of=test ibs=128k obs=1 count=1

  • Error report gives correct block size

    0+1 records in

    5120+0 records out

Identifying the data

  • Use file command to identify

    file test

    Test: gzip compressed data, deflated, last modified: Wed Jan 26 16:43:42 205, os: Unix

  • Uses /usr/share/magic file which identifies file signatures

  • Gzipped or otherwise compressed data must be decompressed to identify

  • Typically such data is a compressed archive (tar, cpio, or dump)

Pulling data off the tape

  • Start at beginning of session

    mt –f /dev/nst0 bsfm 1

  • Read entire session to a file

    dd if=/dev/nst0 of=/mnt/session1.txt bs=5120

  • The dd command reports blocks copied

    15198+0 records in

    15198+0 records out

  • May need to set block size of tape drive to block size determined on tape.

    • mt –f /dev/st0 setblk 5120

Uncompressing the data

  • You may need a third-party tool to interpret the data file you pulled off the tape.

  • If it is a *nix archive such as tar or gz, use standard tar and gunzip commands to uncompress into logical files and folders.

    tar –zxf /mnt/session1.txt


Use the discussion board, as usual…

  • Login