Nix and non intel platform issues
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

*nix and Non-Intel Platform issues PowerPoint PPT Presentation


  • 68 Views
  • Uploaded on
  • Presentation posted in: General

CSC 486/586. *nix and Non-Intel Platform issues. Objectives. Non-Intel hardware (RISC platform) issues Other *nix issues (any platform) Network scanning Backup Tapes. Non Intel-based (x86) hardware platforms - RISC. SUN, HP-UX, IBM, Apple, etc. How do I boot it?.

Download Presentation

*nix and Non-Intel Platform issues

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Nix and non intel platform issues

CSC 486/586

*nix and Non-Intel Platform issues


Objectives

Objectives

  • Non-Intel hardware (RISC platform) issues

  • Other *nix issues (any platform)

    • Network scanning

    • Backup Tapes


Non intel based x86 hardware platforms risc

Non Intel-based (x86) hardware platforms - RISC

SUN, HP-UX, IBM, Apple, etc.


How do i boot it

How do I boot it?

  • Your Intel boot disks (CD/floppy) won’t boot it

  • Usually no floppy drive and may be no CD drive either

  • If you don’t have a boot CD for the proprietary platform, you may need to boot to the native UNIX OS and perform any data acquisition from within the native OS using built-in UNIX commands

  • May need to use native system to access NAS or other storage medium….better practice ahead of time!!!


Can i attach my drive to it

Can I attach my drive to it?

  • Proprietary drive controllers

  • Usually no PCI slot for your own controller

  • Usually SCSI…

    • Is it “High Voltage” SCSI (HVD) or Low Voltage (LVD)?

    • Don’t fry your drive!!!

      • Their high voltage drive + your low voltage system = nothing

      • Your low voltage drive + their high voltage system = smoke

    • Adaptec 2944 controller card

    • Look for a standard SCSI controller in drive. Usually a standard SCSI tape backup drive attached to the standard SCSI controller.


You ve attached your drive now what

You’ve attached your drive now what?

  • Better get online or start reading the Sys admins manuals…

  • Identify your drive from the subject hard drives within the OS

  • You need to partition and format your drive with a UFS file system…..using Unix commands

    If you are not sure what to do….call someone!!!


Data acquisition

Data Acquisition???

  • Image with “dd”

  • Capture files and folders with “tar” onto your UFS formatted drive

  • CP or CPIO (but the first two options are better)

  • FTP data across the network to another machine

    • You should always have an FTP client on your laptop (i.e. SmartFTP).

    • FTP command line version is built into all OSs.

    • Use WinRAR or tar (in the native Unix OS) to put a “wrapper” around files pulled off by FTP

    • This is usually the best way to deal with machines like an IBM AS-400

      If you are not sure what to do….call someone!!!


How will you analyze the data

How will you analyze the data?

  • Do you need the RISC system to “analyze” the data you are seizing?

  • Do you need to “run” the Unix software or just look at files?

  • FTP’d database files may not do much good without the front-end database app.

  • Linux can be used to view, search, extract files you seize onto your UFS formatted drive.


Other linux unix issues

Other Linux/Unix Issues

  • Network Scanning

    • Nmap

  • Backup Tapes

    • How to read tapes, pull data off and uncompress it with Linux/Unix


Windows scanning tools vs nmap

Windows scanning tools vs. Nmap

  • Scanned 10.10.10.1-10.10.10.103


Windows scanning tools vs nmap1

Windows scanning tools vs. Nmap

  • Same IP address range scanned….this time in Linux with Nmap 4.23RC1

  • Detected ALL machines, even those running firewalls!


Backup tapes

Backup Tapes

  • Tape data is linear…just a stream of data in whatever form the backup utility writes.

    • No Partition, no file system

    • Normally can not “map out” files and directories without the backup utility that created the data stream.

  • Tapes come in many sizes, capacities, and use a variety of different tape drives.

  • Many commonly used backup programs/utilities.


Backup tapes1

Backup Tapes

  • Unless you have a tape drive of the same type used, also seize the tape drive so you have a device that reads the tapes.

  • If seizing backup tapes, also seize the backup software used by the subject.

  • …but what do you do if someone just gives you tapes and you don’t know what program created the backup data.


Working with tapes in linux

Working with Tapes in Linux

  • mt – SCSI tape control

  • dd – device copy

  • file – File signature identification

  • Proper SCSI tape device driver

    • /dev/st0 – rewinding tape device

    • /dev/nst0 – non-rewinding tape device

  • First set the block size of your tape drive to 0 so that you can read variable block sizes.

    • mt -f /dev/st0 setblk 0


Determining allocation how much data is on the tape

Determining allocation (how much data is on the tape)

  • Run to end of data (EOD) on tape

    mt -f /dev/nst0 eod

  • Determine position on tape

    mt -f /dev/nst0 tell

  • Response is total blocks allocated on the tape

    Tape is at block 24088

  • Rewind tape

    mt –f /dev/st0 rewind


Finding block size

Finding block size

  • Grab an arbitrary large block of data to force error reporting

    dd if=/dev/nst0 of=test ibs=128k obs=1 count=1

  • Error report gives correct block size

    0+1 records in

    5120+0 records out


Identifying the data

Identifying the data

  • Use file command to identify

    file test

    Test: gzip compressed data, deflated, last modified: Wed Jan 26 16:43:42 205, os: Unix

  • Uses /usr/share/magic file which identifies file signatures

  • Gzipped or otherwise compressed data must be decompressed to identify

  • Typically such data is a compressed archive (tar, cpio, or dump)


Pulling data off the tape

Pulling data off the tape

  • Start at beginning of session

    mt –f /dev/nst0 bsfm 1

  • Read entire session to a file

    dd if=/dev/nst0 of=/mnt/session1.txt bs=5120

  • The dd command reports blocks copied

    15198+0 records in

    15198+0 records out

  • May need to set block size of tape drive to block size determined on tape.

    • mt –f /dev/st0 setblk 5120


Uncompressing the data

Uncompressing the data

  • You may need a third-party tool to interpret the data file you pulled off the tape.

  • If it is a *nix archive such as tar or gz, use standard tar and gunzip commands to uncompress into logical files and folders.

    tar –zxf /mnt/session1.txt


Questions

Questions???

Use the discussion board, as usual…


  • Login