Home > Hackweek, Linux Stuff, openSUSE, smb traffic analyzer > SMB Traffic Analyzer 1.2.6 released

SMB Traffic Analyzer 1.2.6 released

Should you read this article in a blog roll, and have the impression what you read is from outer space, note this article is about the SMB Traffic Analyzer project, a software suite to provide statistical traffic analysis for Samba networks.

Summary: with a development time of about a year SMB Traffic Analyzer (SMBTA from now on…) version 1.2.6 has risen out of our git repositories to represent a new milestone for the project, bringing full buckets of features and bug fixes to the table. With Nanuk Krinner, another developer joined the team and brought in completely new areas of SMBTA usage, by creating a component for desktop usage. To view all the details on this release, the tracker bug for this release can be viewed here, and the list of bugs being handled by this version is: 8167 8168 8172 8205 8206 8210 8232 8237 8270 8280 8288 8298 8321 8439 8496 8497 8919 8932 8934 9061

The whole real-time infrastructure has been redesigned and rebuilt. We have concentrated on making the interface simpler, and splitted the infrastructure into a very simple and lightweight generic client called “smbtamonitor-gen“, that can be called by a parent process (such as a graphical client), connect to smbtad and interface with the parent by unix domain sockets on the local machine. This allows us to develop more complex real time applications that don’t need to cope with the low level networking to smbtad. For a start, we have developed two basic real-time apps, a text mode client for the command line interface, called  “smbtamonitor-cli” that does nothing else than posting traffic values on the command line and can be used as a foundation for more complex clients,

An instance of smbtamonitor-qt running against a traffic simulation. Of course it runs flawless against real servers too.

and Nanuk Krinner developed a first version of “smbtamonitor-qt“, a real-time application employing the QT library to allow a new level of usability and features on the desktop level. Although being seen as a starter, smbtamonitor-qt is already able to dynamically zoom in and out of Samba traffic in real-time, from a time range of a day, to a scale of up to 5 seconds ( bso#8932, bso#8919). Also we have fixed a crash in the smbtamonitor-gen component when a Samba object could not be identified (bso#8280).

Since SMBTA is not only about real-time, the project relies on a database to store Samba traffic that happened in the past. Here we track more detailed data, such as usernames, filenames, and ip addresses to name a few. The groundwork tool to allow for stable, complex and portable querying of this data is smbtaquery, which produces XML that allows other tools sitting on top of smbtaquery to interpret and create views out of the data. smbtaquery has relativly complex time functions that allow to limit queries over specific timeframes. The qouting mechanism in smbtaquery has been enhanced to allow more complex timestamps given as time delimiters in functions (bso#8169), and a segmentation fault when no database driver was given either in configuration or by command line, has been fixed (bso#9061).

We have fixed a segmentation fault in smbtaquery (bso#9061), and fixed a crash of smbtad when handling multiple real-time clients (bso#8934).

The new function ‘system->self-check’ shows the status of all components of the software chain, and can be run by admistrator-type users from within webSMBTA.

When updating from a former version of SMBTA, it was usually necessary to call “smbtad -C” to convert the existing database to the newer version where we have added features. Due to changes in the database scheme, that now includes integrated version control, smbtad just needs to be restarted, and it will check the database version against the format that it is running on, and convert the database fully automatically when needed. There are also new functions to smbtaquery to allow the user to check that any component is up to date. (bso#8206). smbtad will now also dynamically update the protocol version of VFS modulesthat are connecting to it. Therefore, within a “report” function, smbtaquery is able to tell the user

Time range selection has been eased by using this widget within webSMBTA.

about the status of the whole software chain, and adds comments and notes to where it applies. For example, the VFS module, as coming from a specific Samba version, might already implement a few new features that are not yet used in SMBTA by smbtad and the rest of the tools. These features might be added later to the rest of the software suite, and smbtad simply ignores these features to stay compatible. The report function in smbtaquery is able to inform the user about this status. Last but not least, SMBTA 1.2.6 can also self check online for a new version of the software package, so that the user will be informed about the availability of a new version of SMBTA on it’s website.

Administrators will have a new function that allows to retrieve the configuration settings of a remote running smbtad instance. There are two versions of it, one returns a fully commented list of configuration settings, another is in a simpler format just listing all the configuration values. This function is of help in bug reports. It can be called from within webSMBTA.

Upon user requests, we adapted smbtad to also run on sqlite3, again. This time via libDBI, and all our initial tests worked fine as far as smbtad is involved. Tests using smbtatools are still pending and any user who wants to join testing smbtatools for sqlite3 is highly welcome :) (bso#8288).

The webSMBTA component now integrates user management and authentification, allowing for

The administrative interface in webSMBTA allows to add/set/remove admin users and normal users.

users that have administrator-rights and normal users. Functions such as the remote configuration report of smbtad are only able to be used by administrator-class users. webSMBTA allows full user management within the web interface. More than one admistrator-class user can be added, and also as much users as wanted. (bso#8167).

In addition to this, webSMBTA stores the functions that a user has been running, and is able to restore the “workplace” of every user when logging in (bso#8496). Every function callable in webSMBTA now has a way to produce alternative output. That means, not only HTML, the user can also request the output in ASCII (or any other format we might support in future), and webSMBTA will offer the alternative format as a download. Related to this new feature, it also offers a print-view on every function it is running. (bso#8172). The webSMBTA functionality to select time modifiers has been enhanced and allows comfortably to select time ranges by using a calendar widget.

webSMBTA now has a small input field that triggers a search function as you type…

One of the really cool additions to webSMBTA is an integrated “global search”.

… the search function will immediately be displayed and updated as you type, runs over anything SMBTA has seen, identifies what objects it has found, and makes those clickable….

The user can just enter free form text and webSMBTA will search through the whole database while typing, and identify each objects it is going to find. Clicking on one of the found objects will automatically set the object chooser of webSMBTA to point at this object. This function greatly eases usability and offers a fascinating

… and a click on an object triggers webSMBTA to mark the chosen object in it’s selector for the user to further examine the object!

way to search through a Samba network (bso#8237, bso#8298). To easy the way webSMBTA is handling the database, a “–test-db” option has been added to smbtaquery, allowing to only test the database connection, and do nothing else. This allows for better error handling within webSMBTA (bso#8270). For it’s internal operations, webSMTA is requesting some space to temporary store some helper files. The path on the filesystem to use these helper files has been hardcoded to /tmp in former versions, now a variable temporary storage path can be given by setting the Dir.tmpdir variable inside of webSMBTA (bso#8497), wich is of help on systems where the usual /tmp path is not reachable or an other temporary storage path has to be used. On a side note, webSMBTA has been ported and tested on rails 3.2 during the Hackweek event at SUSE in 2012.

Our project documentationis no longer available within the package.

The whole documentation set for SMBTA has been moved to SambaWiki.

Instead, Benjamin Brunner converted the whole documentation from asciiDOC to wiki format and moved it to SambWiki in an effort around the Hackweek8 event at SUSE. This will allow developers to quickly change the documentation in future, a motivational plus when it comes to maintain the documentation in relation to bugs and features :) Many thanks to Benjamin for this large effort, it marks a starting point for us to move SMBTA to a new homepage, which is in our plans.

We have once again changed the database format, this time for good hopefully. We have simplified the database format a lot to help making new features much more trivial and easier to implement. Additionally, we store more dynamic data in the database while smbtad is running, such as the number of connected modules, and from where (from which IP) they come from (bso#8205). A critical bug in smbtad has been fixed, that now assumes that any filename or path entries in the database have to be qouted. In former versions, filenames such as ‘   “hello world”  ‘ could have caused problems when querying the database (bso#8232). smbtad now allows to bind to an interface address and works as well as within IPv4 and IPv6 networks (bso#8321).

Benchmarking and performance

Performance tests with a file size of 1MB

tests have been run to show the speed penalty one gets from using SMBTA. By using the Phoronix testsuite, Robert Piasek has run a few tests employing exactly what smbtad was optimized for, and we have added the results to the package. Performance loss is one the most asked questions when we are doing presentations around SMBTA everywhere (bso#8210).

SMB Traffic Analyzer is free software, released under GPLv3. For more information, please visit it’s homepage.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: