January 2014 Archives

Monitor your network reliability

| | Comments (0)
colbert.jpgMy network has been unreliable. Many weeks of inconvenience didn't push me to solve it, but you can bet I did once my wife told me The Colbert Report wasn't streaming well. I turned to a script to help me. You may find it helpful too.

If you launch this script on a machine, it will ping in batches of 200 and writes the results to a log file. You can then scan the results to know how your network performs over time.

@echo off

@REM =============== CONFIG BEGIN ================

@REM == set the size of the ping batches
set loopsize=200
@REM == set the destination for ping
set pingdest=www.google.com

@REM =============== CONFIG END ================

@REM == set up the log file directory
set logdir=%~dp0\ping.logs
if not exist %logdir% mkdir %logdir%
@REM == set the current log file
for /f "tokens=1-9 delims=/:. " %%d in ("%date% %time%") do set stamp=%%g-%%e-%%f_%%h-%%i-%%j
set log=%logdir%\pinglog_%stamp%.log

echo === starting %loopsize% pings on %date% at %time%
echo === starting %loopsize% pings on %date% at %time% >> %log%
netsh wlan show interfaces | grep SSID | grep -v BSSID
netsh wlan show interfaces | grep SSID | grep -v BSSID >> %log%
ping -n %loopsize% %pingdest%  >> %log%
goto loop
@echo on

In my case, I noticed that video streaming was glitchy, and VOIP telephone calls and video conferences would sometimes lose data. The script reported that batches of pings almost always had 2% losses and frequently as high as 5% losses. My network setup looked like this:

internet provider - modem - netgear wifi router - computers

Was the problem my inexpensive Internet package? My used modem from ebay? My old router? I changed my system to be this:

internet provider - modem - dlink wifi router - netgear wifi router - computers

Then I connected one machine to the dlink radio and another to the netgear radio. I watched network performance on each. The dlink radio performed great, but the netgear radio still had high ping loss. I had identified that the netgear wifi router was the problem.

So I reverted a firmware upgrade that I had put in a couple months ago, connected again to the netgear radio, and now its ping losses are far less than one in a thousand. This script helped me diagnose and solve the problem -- so I don't have to buy a new router and reconfigure the house.

By the way, I use this ugly command to extract just the lines I need to see: the name of the radio I'm connected to and the results per ping batch. This works because I've downloaded egrep and sed (among other unix-style utilities) and added them to my path:

egrep "SSID|loss" C:\ping.logs\pinglog_2014-01-24_9-46-32.log | sed s/".*("//g | sed s/").*"//g | sed s/".*\:"//g

The result looks like this:

0% loss
 netgear radio
0% loss
 netgear radio
0% loss
 netgear radio

Configure Eclipse TFS Plugin for SSL Repos

| | Comments (0)
Java and Microsoft integrations? Edge cases aren't always fully documented.

Today I tried setting up my Eclipse IDE with a Microsoft Team Foundation Server (TFS). The TFS plugin is here. My organization's TFS in on a host with SSL, and we use our own certificate authority for the certificate. When I tried to connect to TFS, I got this error:

SunCertPathBuilderException.jpgsun.security.validator.validatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

With SSL, the client (in this case Eclipse) needs to know whether to trust the certificate on the server. Usually, servers use certificates from Verisign, Thawte, and the like. Java ships with a file that describes those commercial certificate authorities that can be trusted. But if you're using a certificate or a CA that isn't recognized, then Java and by extension Eclipse won't trust the certificate. But you can tell Java to trust the certificates or CAs you need. There are at least three ways to do this.

First, I found an IBM webpage that described how to start Eclipse with an extra trust store. This worked, but it seems like unnecessary overhead to create a new trust store and to launch the application with extra arguments every time. The page is here. This creates a custom keystore:

C:\>%JAVA_HOME%\bin\keytool.exe  -import -alias tfsrepo.mydomain.com -file c:\temp\tfsrepo.mydomain.der -keystore mycustom.keystore -storepass password

And this starts Eclipse using that keystore:

C:\eclipse\eclipse.exe -vmargs -Djavax.net.ssl.trustStore="%JAVA_HOME%\bin\mycustom.keystore" -Djavax.net.ssl.trustStorePassword=password

Second, I realized that it would be simpler to have the Java install behind Eclipse include my TFS server's certificate in its default trust store. So I downloaded the SSL certificate for my TFS server and added it to my cacerts file:

C:\>%JAVA_HOME%\bin\keytool.exe  -import -alias tfsrepo.mydomain.com -file c:\temp\tfsrepo.mydomain.der -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit

Third, I realized that I ought to just import the certificate for my organization's top-level CA instead of using the TFS cert. The top-level CA's certificate lasts many years longer than the one on the TFS server, and if I trust the top-level CA then my Eclipse install will trust all other systems with certificates from our CA. So I first deleted the TFS certificate:

%JAVA_HOME%\bin\keytool.exe  -delete -alias tfsrepo.mydomain.com  -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit

Then I imported the top-level CA's certificate:

C:\>%JAVA_HOME%\bin\keytool.exe  -import -alias topCA.mydomain.com -file c:\temp\topCA.mydomain.der -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit

And now I can launch Eclipse (c:\eclipse\eclipse.exe) and connect to my TFS system (File->Import->Team->Projects for Team Foundation Server->Servers->Add->tfsrepo.mydomain.com).

To download a certificate, use your web browser to visit the URL of the system. Use the browser's feature to look at the certificate. cert-firefox.jpgIn Firefox, I click the lock icon in front of the URL, then click "More Information...," then click "View Certificate," then "Details." At this point, I have an Export button to save this certificate to a file, or I can use the certificate hierarchy to select the top-level certificate from the CA and save it.


And if you want to see which certificates your Java system trusts, you can list what's in the cacerts file with this:

%JAVA_HOME%\bin\keytool.exe  -list -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit