Home > Linux Stuff, smb traffic analyzer > SMBTAv2 @ Hackweek 2010

SMBTAv2 @ Hackweek 2010

The SMB traffic analyzer software suite (in short SMBTA) is a toolset aimed at visualizing the data flow on one or more Samba servers, providing statistics about the usage of Samba services. The long term goal of the SMB Traffic Analyzer project is to provide a universal remote debugging facility for Samba.

Well, there was Hackweek last week at SUSE again. And like a tradition, the SMBTA team is taking part in that very cool event. Our primary target currently is to release a first version of smbtad and smbtatools, so that we are able to have working tools released until Samba 3.6.0 Preview 1.

This time, I have had really important tasks, so I could not do the hacking fun for the whole week. However, just when you don’t think about it, others come up and hack on the project and bring it much further than I ever thought. So, as a result of the efforts of Benjamin Brunner from the SMBTA Team at hackweek 2010, we have two new functions in smbtaquery.

- ‘last_activitiy’: This is showing the user in the most detailed fashion the last actions of an object (an object is a user, share, or file). An example output can be seen below:

2010-06-11 19:54:13.949: User benni wrote 40000 bytes from file benni4.
2010-06-11 19:54:13.957: User benni wrote 40000 bytes from file benni4.
2010-06-11 19:54:13.966: User benni wrote 40000 bytes from file benni4.
2010-06-11 19:54:13.974: User benni wrote 40000 bytes from file benni4.
2010-06-11 19:54:13.983: User benni wrote 40000 bytes from file benni4.
2010-06-11 19:54:13.991: User benni wrote 40000 bytes from file benni4.
2010-06-11 19:54:13.999: User benni wrote 40000 bytes from file benni4.
2010-06-14 12:52:59.552: User benni changed directory /abuild/pool.

- ‘usage’: this function creates a virtual day over 24 hours by using the complete data set. With it, you can easily see at which time during the day – on average –  the network is most used, and at which time capacities are seen. A sample output looks like this:

10:00 - 11:00 : 0.00 Bytes       0.00%
11:00 - 12:00 : 0.00 Bytes       0.00%
12:00 - 13:00 : 0.00 Bytes       0.00%
13:00 - 14:00 : 0.00 Bytes       0.00%
14:00 - 15:00 : 3.85 GB         17.73% ########
15:00 - 16:00 : 209.44 MB        0.94%
16:00 - 17:00 : 3.55 GB         16.32% ########
17:00 - 18:00 : 0.00 Bytes       0.00%
18:00 - 19:00 : 54.77 MB         0.25%
19:00 - 20:00 : 14.07 GB        64.75% ################################
20:00 - 21:00 : 0.00 Bytes       0.00%
21:00 - 22:00 : 0.00 Bytes       0.00%
22:00 - 23:00 : 0.00 Bytes       0.00%
23:00 - 24:00 : 0.00 Bytes       0.00%
total: 21.74 GB

These two functions alone are pretty cool. But Hackweek brought us even more. Michael Haefner of the SMBTA team did a great job in extending the documentation, and fixing numerous bugs in smbtaquery. Hackweek brought as much further than I’ve ever envisioned. Because of this, we now have a clear way to a first release, and this is what we are targetting for the upcoming time.

About these ads
  1. No comments yet.
  1. June 16, 2010 at 7:56 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: