I´m trying get the macadd, signal dbm and time stamp from devices near of my access point but I don´t know what the best approach to achive that.
I wrote a small client (using python) to connect Kismet using the TCP port 2501.
My script use "client protocol" from Kismet but I´m having some doubts.
First of all, I get data with "first date" and "last date" like that (datetime in timestamp):
mac signal_dbm firsttime last time
==================================================================
AAAA -81 10/04/2015 18:20:21 10/04/2015 18:27:12
AAAA -79 10/04/2015 18:23:38 10/04/2015 18:26:42
Whats is the meaning of this data and dates??
In fact I would like get data from Kismet like that.
mac signal_dbm timestamp
====================================================================
AAAA -81 10/04/2015 18:20:21
AAAA -81 10/04/2015 18:20:26
AAAA -79 10/04/2015 18:20:31
...
Is this possible?
Thanks
Julio Schurt
I believe the purpose of the firstime and lasttime fields is to let you know when a client was first noticed by Kismet and when it was most recently seen.
The idea is that you can tell how long a client has been connected by working out the difference between the two, and if a client has a lasttime in the past you can work out how long it's been disconnected for.
Related
I'm trying to determine if there is any difference in time between two time servers in Windows. For example, I have time.windows.com and time.nist.gov. Is there a simple way to compare the time difference?
From windows you can compare both time sources to your own machine and approximate the difference.
w32tm /monitor /computers:time.windows.com,time.nist.gov
time.windows.com[52.179.17.38:123]:
ICMP: error IP_REQ_TIMED_OUT - no response in 1000ms
NTP: -0.0528936s offset from local clock
RefID: utcnist2.colorado.edu [128.138.141.172]
Stratum: 2
time.nist.gov[132.163.97.1:123]:
ICMP: error IP_REQ_TIMED_OUT - no response in 1000ms
NTP: -0.0476330s offset from local clock
RefID: 'NIST' [0x5453494E]
Stratum: 1
Warning:
Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs across
NTP implementations and may not be using IP addresses.
Good Luck!
Shane
I'm having some difficulties setting up an elastalert rule. It's quite a basic one, and I've read the documentation but clearly not understood it and I'm after some help.
I have a basic test rule that i want to alert when my data input to elastic from certain devices stops for more that 5 minutes.
es_host: localhost
es_port: 9200
name: Example rule
type: flatline
index: test_mapping-*
threshold: 1
timeframe:
minutes: 5
filter:
- term:
device: "ggYthy767b"
alert:
- command
command: ["/bin/test"]
realert:
minutes: 10
This works, so when data stops i get an alert, then that alert is silenced until 10 minutes later it realerts again. The issue is that it realerts every 10 minutes and i don't know how to stop it. Is there a way to get it to realert just once and then stop? Or have i misunderstood? Also I have 10+ different devices, and i want the same alert to apply if any of them stop sending data for 5 minutes, is that possible within one rule? Thanks very much in advance.
The question you need to ask to yourself is how often do you want to get alerted. Once a lifetime, a year, a month or fortnightly or what? So "realert" is the part you want to edit. You might want to change it to something like below. So even if the alert is triggered multiple times you'll only get it once a day. It uses simple English terms so you can update it how you like it (weeks, hours etc.).
realert:
days: 1
But if you're getting alerted much more than you want, either you're system is too unstable or your alerts are too paranoid. For example for this alert every 5 minutes you're looking for one record which actually doesn't get populated. You should raise your period or add less selective filters because it's a 'flatline' alert. You can also use it with "query_key" so it will be applied on a per key basis.
I would like to know if I can get a breakdown of response times in JMeter load tests. E.g. when I use curl I can get the breakdown of each response time by specifying curl format like so,
\n
time_namelookup: %{time_namelookup}\n
time_connect: %{time_connect}\n
time_appconnect: %{time_appconnect}\n
time_pretransfer: %{time_pretransfer}\n
time_redirect: %{time_redirect}\n
time_starttransfer: %{time_starttransfer}\n
----------\n
time_total: %{time_total}\n
\n
and then making the actual curl call like so,
curl -w "#curl-format.txt" "http://some.api/call"
As you can see this gives me the breakdown in terms of time spent doing a DNS Name resolution, connecting with the server, transferring response form server to the client etc.
Is it possible to get something similar in JMeter?
So I have at least found a way to get what I want, partially.
In Jmeter I can collect the Connect time, which is a combination of DNS lookup, handshake & connection.
If someone has a better answer, would be happy to know it.
I've faced with the strange situation. When connected to the Google Play Services I request the array of Achievements calling GamesClient.loadAchievements(this, true); In onAchievementsLoaded() method I see that all my achievements are of correct type. To ensure I call Achievement.getType() and for each of my achievement it returns Achievement.TYPE_INCREMENTAL.
The problem arrives when I'm trying to increment any of my achievements by 1 using
GamesClient.incrementAchievementImmediate(this, id, 1);
In onAchievementUpdated() I receive statusCode 3002 (STATUS_ACHIEVEMENT_NOT_INCREMENTAL).
I'm in total frustration. The matter is that all achievements initially were of other type (not incremental), but then in dev console the type has been changed. 2 days passed since that.
It was my mistake, I've reviewed my code once again and found that I was sending wrong achievement id. But Google guys do ugly too - they report wrong status code for that. The response should be STATUS_ACHIEVEMENT_UNKNOWN, according to documentation. I was receiving 3002 STATUS_ACHIEVEMENT_NOT_INCREMENTAL instead, which confused me a lot.
I am based in the UK and have two webservers, one German based (1&1) and the other is UK based (Easyspace).
I recently signed up to the UK easyspace server because it was about the same price I paid for my 1&1 server but also I wanted to see if my sites hosted on a UK server gave better results in terms of UK based traffic.
Its seems my traffic is roughly the same for both servers... however 1&1 server performance and customer service is much better than Easyspace so I was thinking about cancelling it and getting another 1&1 server.
I understand about latency issues where USA/Asia would be much slower for UK traffic but I am just wondering what your thoughts are traffic, SEO etc and if you think I should stick with a UK server or if it doesn't matter?
Looking forward to your replies.
I have never heard of common search engines ranking sites by their response time as it is highly variable due to the nature of the internet.
If a search engine would penalize you for the subnet you are on then you likely have bigger problems.
I get better results on google.com.au for my sites than on other flavours of google, even though the sites are not hosting in Australia. So I would suggest that the actual physical location of the servers won't matter so much and if you are wanting to be higher up on google.co.uk you might want a co.uk domain?
Google associates a region with your site mostly through its suffix (TLD/SLD, eg. .co.uk), but if you create a Google Webmaster Tools account you can tell it otherwise in the odd case it makes a mistake.
As far as the traffic is concerned the site will be loaded fast for UK visitors. I suggest using this server if most of your visitors are from UK. Server location does not have to do anything with SEO.
Stick with your UK server if you think its better.
My main concern is losing UK based customers if the server is located outside the UK but it appears from the comments that this is probably not the case.
However, my UK server is based in Scotland, my other server is based in Germany and is actually closer to London than Scotland?
Just to compare the speed between Scotland server and Germany server:
=== Germany Based ===
Pinging firststopdigital.com [87.106.101.189]:
Ping #1: Got reply from 87.106.101.189 in 126ms [TTL=46]
Ping #2: Got reply from 87.106.101.189 in 126ms [TTL=46]
Ping #3: Got reply from 87.106.101.189 in 126ms [TTL=46]
Ping #4: Got reply from 87.106.101.189 in 126ms [TTL=46]
Variation: 0.4ms (+/- 0%)
Shortest Time: 126ms
Average: 126ms
Longest Time: 126ms
=== UK Based ===
Pinging pb-net.co.uk [62.233.81.163]:
Ping #1: Got reply from 62.233.81.163 in 120ms [TTL=55]
Ping #2: Got reply from 62.233.81.163 in 119ms [TTL=55]
Ping #3: Got reply from 62.233.81.163 in 119ms [TTL=55]
Ping #4: Got reply from 62.233.81.163 in 119ms [TTL=55]
Variation: 0.3ms (+/- 0%)
Shortest Time: 119ms
Average: 119ms
Longest Time: 120ms
The difference is around 6ms which is not much at all.
Incidentally I just performed a ping to a USA based domain I own:
Pinging pbnetltd.com [74.86.61.36]:
Ping #1: Got reply from 74.86.61.36 in 6.4ms [TTL=121]
Ping #2: Got reply from 74.86.61.36 in 6.3ms [TTL=121]
Ping #3: Got reply from 74.86.61.36 in 6.2ms [TTL=121]
Ping #4: Got reply from 74.86.61.36 in 6.3ms [TTL=121]
Variation: 0.2ms (+/- 3%)
Shortest Time: 6.2ms
Average: 6.3ms
Longest Time: 6.4ms
The USA timings are much quicker considering the extra distance across the Atlantic to NY and back (9am UK time so USA are asleep - will try again tonight).