lost and found ( for me ? )

ldb command : load balancer detector

ldb command detects whether or not a given domain name is using DNS and / or HTTP load balance.

install lbd via yum

[root@fc16 ~]# yum install lbd -y


Here’s a result of “lbd” command.
site nameDNS based load balancingHTTP based load balancing
www.google.comyesno
www.f5.comnoyes
www.facebook.comnoyes
www.cisco.comnoyes
www.amazon.comnoyes

- google



[root@fc16 ~]# lbd www.google.com

lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing.
                                   Written by Stefan Behte (http://ge.mine.nu)
                                   Proof-of-concept! Might give false positives.

Checking for DNS-Loadbalancing: FOUND
www.l.google.com has address 74.125.235.145
www.l.google.com has address 74.125.235.147
www.l.google.com has address 74.125.235.144
www.l.google.com has address 74.125.235.146
www.l.google.com has address 74.125.235.148

Checking for HTTP-Loadbalancing [Server]:
gws
NOT FOUND

Checking for HTTP-Loadbalancing [Date]: 16:24:41, 16:24:41, 16:24:41, 16:24:41, 16:24:41, 16:24:41, 16:24:41, 16:24:41, 16:24:42, 16:24:42, 16:24:42, 16:24:42, 16:24:42, 16:24:42, 16:24:42, 16:24:42, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:46, 16:24:46, NOT FOUND

Checking for HTTP-Loadbalancing [Diff]: NOT FOUND

www.google.com does Load-balancing. Found via Methods: DNS

[root@fc16 ~]#


How can “lbd” detect ??
If a DNS query for a given name returns multiple IP addresses , that site would use DNS based load balancing.
How can “lbd” detect whether a given domain name is using HTTP load balance or not ??

- F5 networks



[root@fc16 ~]# lbd www.f5.com

lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing.
                                   Written by Stefan Behte (http://ge.mine.nu)
                                   Proof-of-concept! Might give false positives.

Checking for DNS-Loadbalancing: NOT FOUND
Checking for HTTP-Loadbalancing [Server]:
F5
NOT FOUND

Checking for HTTP-Loadbalancing [Date]: 16:35:19, 16:35:19, 16:35:19, 16:35:20, 16:35:20, 16:35:20, 16:35:21, 16:35:21, 16:35:21, 16:35:22, 16:35:22, 16:35:23, 16:35:23, 16:35:23, 16:35:24, 16:35:24, 16:35:24, 16:35:25, 16:35:25, 16:35:26, 16:35:26, 16:35:26, 16:35:27, 16:35:27, 16:35:27, 16:35:28, 16:35:28, 16:35:29, 16:35:29, 16:35:29, 16:35:30, 16:35:30, 16:35:30, 16:35:31, 16:35:31, 16:35:32, 16:35:32, 16:35:32, 16:35:33, 16:35:33, 16:35:33, 16:35:34, 16:35:34, 16:35:34, 16:35:35, 16:35:35, 16:35:35, 16:35:36, 16:35:36, 16:35:37, NOT FOUND

Checking for HTTP-Loadbalancing [Diff]: FOUND
< ETag: "141eb9-5c2f-68c1d600"
> ETag: "12662e-5c2f-68293f80"

www.f5.com does Load-balancing. Found via Methods: HTTP[Diff]

[root@fc16 ~]#

[hattori@fc16 ~]$ dig www.f5.com +short
65.61.115.222

sending many HTTP head requests.
[hattori@fc16 ~]$ tshark -r aa.pcap -R '(ip.addr==65.61.115.222)' | grep -i head
31   3.411521 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0
41   3.714625 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0
55   4.023489 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0
65   4.338639 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0
75   4.648413 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0
85   4.955623 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0
101   5.265392 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0
113   5.574418 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0
123   5.888941 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0
135   6.201406 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0
<snip>

It seems that lbd determine whether or not there are differences from HTTP responses.

- facebook
[root@fc16 ~]# lbd www.facebook.com

lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing.
                                   Written by Stefan Behte (http://ge.mine.nu)
                                   Proof-of-concept! Might give false positives.

Checking for DNS-Loadbalancing: NOT FOUND
Checking for HTTP-Loadbalancing [Server]:

NOT FOUND

Checking for HTTP-Loadbalancing [Date]: 16:48:15, 16:48:15, 16:48:16, 16:48:16, 16:48:16, 16:48:18, 16:48:18, 16:48:18, 16:48:19, 16:48:19, 16:48:19, 16:48:20, 16:48:20, 16:48:20, 16:48:21, 16:48:21, 16:48:21, 16:48:21, 16:48:22, 16:48:22, 16:48:22, 16:48:23, 16:48:23, 16:48:23, 16:48:24, 16:48:24, 16:48:24, 16:48:25, 16:48:25, 16:48:25, 16:48:26, 16:48:26, 16:48:26, 16:48:27, 16:48:27, 16:48:27, 16:48:28, 16:48:28, 16:48:28, 16:48:28, 16:48:29, 16:48:29, 16:48:29, 16:48:30, 16:48:30, 16:48:30, 16:48:31, 16:48:31, 16:48:31, 16:48:32, NOT FOUND

Checking for HTTP-Loadbalancing [Diff]: FOUND
< X-FB-Debug: TQFOHei+tR3CroNNzDBmAAtbq+8GyG2pjVeN5d1nBRY=
> X-FB-Debug: IMeU/14zk0Yei85KMmue76iDrKGoj9CmQOJVzsQm/Tw=

www.facebook.com does Load-balancing. Found via Methods: HTTP[Diff]



- Cisco
[root@fc16 ~]# lbd www.cisco.com

lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing.
                                   Written by Stefan Behte (http://ge.mine.nu)
                                   Proof-of-concept! Might give false positives.

Checking for DNS-Loadbalancing: NOT FOUND
Checking for HTTP-Loadbalancing [Server]:
AkamaiGHost
NOT FOUND

Checking for HTTP-Loadbalancing [Date]: 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:19, 16:52:19, 16:52:19, 16:52:19, 16:52:19, 16:52:19, 16:52:19, NOT FOUND

Checking for HTTP-Loadbalancing [Diff]: FOUND
< Content-Length: 194
> Content-Length: 193

www.cisco.com does Load-balancing. Found via Methods: HTTP[Diff]




- amazon
[root@fc16 ~]# lbd www.amazon.com

lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing.
                                   Written by Stefan Behte (http://ge.mine.nu)
                                   Proof-of-concept! Might give false positives.

Checking for DNS-Loadbalancing: NOT FOUND
Checking for HTTP-Loadbalancing [Server]:
Server
NOT FOUND

Checking for HTTP-Loadbalancing [Date]: 16:59:57, 16:59:58, 16:59:58, 16:59:59, 17:00:00, 17:00:00, 17:00:01, 17:00:01, 17:00:02, 17:00:03, 17:00:03, 17:00:04, 17:00:04, 17:00:05, 17:00:05, 17:00:06, 17:00:07, 17:00:07, 17:00:08, 17:00:08, 17:00:09, 17:00:10, 17:00:10, 17:00:11, 17:00:11, 17:00:12, 17:00:13, 17:00:13, 17:00:14, 17:00:14, 17:00:15, 17:00:16, 17:00:16, 17:00:16, 17:00:17, 17:00:18, 17:00:18, 17:00:19, 17:00:19, 17:00:20, 17:00:21, 17:00:21, 17:00:22, 17:00:22, 17:00:23, 17:00:23, 17:00:24, 17:00:25, 17:00:25, 17:00:26, NOT FOUND

Checking for HTTP-Loadbalancing [Diff]: FOUND
< x-amz-id-1: 14CJ9V9C9P7ADP0W2VMA
> x-amz-id-1: 1NWV9Q6DB5HB7RVJ5R7C
< x-amz-id-2: 85++P+gkHujo8I+VsUoY0HJ7hLRDeYfJSVj6S0mkzcKcAzL/nj5+vI4RY63geJ45
> x-amz-id-2: UEio6eGIH72xHxxJnHdHT98hRsWuu9AvTPSBoa5zepi0TGoGvW3srWT2+YlnwHAa

www.amazon.com does Load-balancing. Found via Methods: HTTP[Diff]

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.