I downloaded the iso image and figured out how to burn it .. boot it and stuff.
I ran into this when I was trying to figure out why my network ports
were not being detected, or configured via DHCP or why they were not
working at all.
I was looking and see this :
[EMAIL PROTECTED]:~$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
rtls0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS>
mtu 1500 index 2
inet 0.0.0.0 netmask ff000000
rtls1: flags=201000842<BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3
inet 0.0.0.0 netmask 0
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu
8252 index 1
inet6 ::1/128
not very useful.
I went looking in the messages log and saw that the interfaces were
being detected but not configured .. for some weird reason :
Jul 22 11:42:50 opensolaris genunix: [ID 390243 kern.info] Creating
/etc/devices/devid_cache
Jul 22 11:43:07 opensolaris nwamd[23]: [ID 821790 daemon.warning]
svc:/system/device/local:default never came up
Jul 22 11:43:07 opensolaris mac: [ID 486395 kern.info] NOTICE: rtls1 link down
Jul 22 11:43:07 opensolaris in.routed[487]: [ID 749644 daemon.notice]
rtls0 has a bad address 0.0.0.0
Jul 22 11:43:07 opensolaris in.routed[487]: [ID 464608 daemon.error]
route 0.0.0.0/8 --> 0.0.0.0 nexthop is not directly connected
Jul 22 11:43:09 opensolaris mac: [ID 435574 kern.info] NOTICE: rtls1
link up, 100 Mbps, full duplex
Jul 22 11:43:13 opensolaris /sbin/dhcpagent[624]: [ID 778557
daemon.warning] configure_v4_lease: no IP broadcast specified for
rtls1, making best guess
So I pulled the ethernet cables out and swapped them from one
interface to the other and saw this :
Jul 22 12:00:02 opensolaris mac: [ID 486395 kern.info] NOTICE: rtls1 link down
Jul 22 12:00:13 opensolaris mac: [ID 435574 kern.info] NOTICE: rtls0
link up, 100 Mbps, full duplex
So I google around and find etherreal and sharkwire and stuuf but none
of that is in this and this I find snoop.
So I then ran snoop on the interface rtls0 to see what it was doing in
terms of DHCP config if I yank the cable or take the interface up and
down etc. Eventually .. I started firefox and then the packet count
went up like *Crazy* for no good reason. Firefox loads a local file on
the machine as its startup page but that is not what snoop says. Snoop
says that a pile of traffic came from blogs and from OpenSolaris.org
but none of it gets displayed to the me.
So I am thinking .. hey .. what are you guys up to?
My first clue was that instead of just seeing some DHCP config traffic
I saw this :
ETHER: Packet 21 arrived at 12:03:29.94288
ETHER: Packet size = 82 bytes
ETHER: Destination = 0:13:10:d4:2e:58,
ETHER: Source = 0:10:b5:cb:f6:5,
ETHER: Ethertype = 0800 (IP)
ETHER:
.
.
.
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 61744
UDP: Destination port = 53 (DNS)
UDP: Length = 48
UDP: Checksum = D4E1
UDP:
DNS: ----- DNS Header -----
DNS:
DNS: Query ID = 29597
DNS: Opcode: Query
DNS: RD (Recursion Desired)
DNS: 1 question(s)
DNS: Domain Name: planet.opensolaris.org.
DNS: Class: 1 (Internet)
DNS: Type: 28 (IPv6 Address)
DNS:
Why is this looking for planet.opensolaris.org ?? That is a blog
collector isn't it ?
A little while later, as in microseconds I see this pile of junk :
1328: 2049 206e 6565 6420 7468 6520 6162 696c I need the abil
1344: 6974 7920 746f 2071 7569 636b 6c79 2061 ity to quickly a
1360: 6e64 2065 6173 696c 7920 7275 6e20 5769 nd easily run Wi
1376: 6e64 6f77 7320 5669 7374 6120 666f 7220 ndows Vista for
1392: 6a75 7374 2061 2066 6577 206d 696e 7574 just a few minut
1408: 6573 2077 6974 686f 7574 2068 6176 696e es without havin
1424: 6720 746f 2073 6875 7464 6f77 6e20 4f70 g to shutdown Op
1440: 656e 536f 6c61 7269 732c 2062 6f6f 7420 enSolaris, boot
1456: 5669 7374 612c 2061 6e64 2074 6865 6e20 Vista, and then
1472: 7368 7574 646f 776e 2056 6973 7461 2061 shutdown Vista a
1488: 6e64 2072 6573 7461 7274 204f 7065 6e53 nd restart OpenS
1504: 6f6c 6172 6973 2e26 616d olaris.&am
what ??
I scroll down 100 packets of blog traffic and see this :
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 133 arrived at 12:03:31.87026
ETHER: Packet size = 405 bytes
ETHER: Destination = 0:13:10:d4:2e:58,
ETHER: Source = 0:10:b5:cb:f6:5,
ETHER: Ethertype = 0800 (IP)
ETHER:
.
.
.
HTTP: ----- HyperText Transfer Protocol -----
HTTP:
HTTP: GET /1p.png?time=1216753411460 HTTP/1.1
HTTP: Host: pkg.opensolaris.org
HTTP: User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US;
rv:1.8.1.14) Gecko/20080421 Firefox/2.0.0.14
HTTP: Accept: image/png,*/*;q=0.5
HTTP: Accept-Language: en-us,en;q=0.5
HTTP: [...]
HTTP:
I looked at that url and I see that it is FireFox fetching a simple
png file ( 1p.png ) and passing a parameter for the time as well as
reporting the User-Agent. So that seems like pretty obvious user base
tracking and data collection going on there.
What else are you guys snooping on or reporting back to head quarters about?
I'm going to drag down FireFox 3 and then see if it does the same sort
of thing on Solaris 10 or on OpenSolaris. I never knew that Sun was
collecting user data via the browser. That is sneaky .. you know.
Jo
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
