install lbd via yum
| [root@fc16 ~]# yum install lbd -y |
Here’s a result of “lbd” command.
| site name | DNS based load balancing | HTTP based load balancing |
| www.google.com | yes | no |
| www.f5.com | no | yes |
| www.facebook.com | no | yes |
| www.cisco.com | no | yes |
| www.amazon.com | no | yes |
| [root@fc16 ~]# lbd www.google.com lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing. Written by Stefan Behte (http://ge.mine.nu) Proof-of-concept! Might give false positives. Checking for DNS-Loadbalancing: FOUND www.l.google.com has address 74.125.235.145 www.l.google.com has address 74.125.235.147 www.l.google.com has address 74.125.235.144 www.l.google.com has address 74.125.235.146 www.l.google.com has address 74.125.235.148 Checking for HTTP-Loadbalancing [Server]: gws NOT FOUND Checking for HTTP-Loadbalancing [Date]: 16:24:41, 16:24:41, 16:24:41, 16:24:41, 16:24:41, 16:24:41, 16:24:41, 16:24:41, 16:24:42, 16:24:42, 16:24:42, 16:24:42, 16:24:42, 16:24:42, 16:24:42, 16:24:42, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:43, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:44, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:45, 16:24:46, 16:24:46, NOT FOUND Checking for HTTP-Loadbalancing [Diff]: NOT FOUND www.google.com does Load-balancing. Found via Methods: DNS [root@fc16 ~]# |
How can “lbd” detect ??
If a DNS query for a given name returns multiple IP addresses , that site would use DNS based load balancing.
How can “lbd” detect whether a given domain name is using HTTP load balance or not ??
- F5 networks
| [root@fc16 ~]# lbd www.f5.com lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing. Written by Stefan Behte (http://ge.mine.nu) Proof-of-concept! Might give false positives. Checking for DNS-Loadbalancing: NOT FOUND Checking for HTTP-Loadbalancing [Server]: F5 NOT FOUND Checking for HTTP-Loadbalancing [Date]: 16:35:19, 16:35:19, 16:35:19, 16:35:20, 16:35:20, 16:35:20, 16:35:21, 16:35:21, 16:35:21, 16:35:22, 16:35:22, 16:35:23, 16:35:23, 16:35:23, 16:35:24, 16:35:24, 16:35:24, 16:35:25, 16:35:25, 16:35:26, 16:35:26, 16:35:26, 16:35:27, 16:35:27, 16:35:27, 16:35:28, 16:35:28, 16:35:29, 16:35:29, 16:35:29, 16:35:30, 16:35:30, 16:35:30, 16:35:31, 16:35:31, 16:35:32, 16:35:32, 16:35:32, 16:35:33, 16:35:33, 16:35:33, 16:35:34, 16:35:34, 16:35:34, 16:35:35, 16:35:35, 16:35:35, 16:35:36, 16:35:36, 16:35:37, NOT FOUND Checking for HTTP-Loadbalancing [Diff]: FOUND < ETag: "141eb9-5c2f-68c1d600" > ETag: "12662e-5c2f-68293f80" www.f5.com does Load-balancing. Found via Methods: HTTP[Diff] [root@fc16 ~]# |
| [hattori@fc16 ~]$ dig www.f5.com +short 65.61.115.222 |
sending many HTTP head requests.
| [hattori@fc16 ~]$ tshark -r aa.pcap -R '(ip.addr==65.61.115.222)' | grep -i head 31 3.411521 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0 41 3.714625 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0 55 4.023489 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0 65 4.338639 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0 75 4.648413 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0 85 4.955623 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0 101 5.265392 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0 113 5.574418 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0 123 5.888941 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0 135 6.201406 192.168.11.100 -> 65.61.115.222 HTTP 85 HEAD / HTTP/1.0 <snip> |
It seems that lbd determine whether or not there are differences from HTTP responses.
| [root@fc16 ~]# lbd www.facebook.com lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing. Written by Stefan Behte (http://ge.mine.nu) Proof-of-concept! Might give false positives. Checking for DNS-Loadbalancing: NOT FOUND Checking for HTTP-Loadbalancing [Server]: NOT FOUND Checking for HTTP-Loadbalancing [Date]: 16:48:15, 16:48:15, 16:48:16, 16:48:16, 16:48:16, 16:48:18, 16:48:18, 16:48:18, 16:48:19, 16:48:19, 16:48:19, 16:48:20, 16:48:20, 16:48:20, 16:48:21, 16:48:21, 16:48:21, 16:48:21, 16:48:22, 16:48:22, 16:48:22, 16:48:23, 16:48:23, 16:48:23, 16:48:24, 16:48:24, 16:48:24, 16:48:25, 16:48:25, 16:48:25, 16:48:26, 16:48:26, 16:48:26, 16:48:27, 16:48:27, 16:48:27, 16:48:28, 16:48:28, 16:48:28, 16:48:28, 16:48:29, 16:48:29, 16:48:29, 16:48:30, 16:48:30, 16:48:30, 16:48:31, 16:48:31, 16:48:31, 16:48:32, NOT FOUND Checking for HTTP-Loadbalancing [Diff]: FOUND < X-FB-Debug: TQFOHei+tR3CroNNzDBmAAtbq+8GyG2pjVeN5d1nBRY= > X-FB-Debug: IMeU/14zk0Yei85KMmue76iDrKGoj9CmQOJVzsQm/Tw= www.facebook.com does Load-balancing. Found via Methods: HTTP[Diff] |
- Cisco
| [root@fc16 ~]# lbd www.cisco.com lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing. Written by Stefan Behte (http://ge.mine.nu) Proof-of-concept! Might give false positives. Checking for DNS-Loadbalancing: NOT FOUND Checking for HTTP-Loadbalancing [Server]: AkamaiGHost NOT FOUND Checking for HTTP-Loadbalancing [Date]: 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:17, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:18, 16:52:19, 16:52:19, 16:52:19, 16:52:19, 16:52:19, 16:52:19, 16:52:19, NOT FOUND Checking for HTTP-Loadbalancing [Diff]: FOUND < Content-Length: 194 > Content-Length: 193 www.cisco.com does Load-balancing. Found via Methods: HTTP[Diff] |
- amazon
| [root@fc16 ~]# lbd www.amazon.com lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing. Written by Stefan Behte (http://ge.mine.nu) Proof-of-concept! Might give false positives. Checking for DNS-Loadbalancing: NOT FOUND Checking for HTTP-Loadbalancing [Server]: Server NOT FOUND Checking for HTTP-Loadbalancing [Date]: 16:59:57, 16:59:58, 16:59:58, 16:59:59, 17:00:00, 17:00:00, 17:00:01, 17:00:01, 17:00:02, 17:00:03, 17:00:03, 17:00:04, 17:00:04, 17:00:05, 17:00:05, 17:00:06, 17:00:07, 17:00:07, 17:00:08, 17:00:08, 17:00:09, 17:00:10, 17:00:10, 17:00:11, 17:00:11, 17:00:12, 17:00:13, 17:00:13, 17:00:14, 17:00:14, 17:00:15, 17:00:16, 17:00:16, 17:00:16, 17:00:17, 17:00:18, 17:00:18, 17:00:19, 17:00:19, 17:00:20, 17:00:21, 17:00:21, 17:00:22, 17:00:22, 17:00:23, 17:00:23, 17:00:24, 17:00:25, 17:00:25, 17:00:26, NOT FOUND Checking for HTTP-Loadbalancing [Diff]: FOUND < x-amz-id-1: 14CJ9V9C9P7ADP0W2VMA > x-amz-id-1: 1NWV9Q6DB5HB7RVJ5R7C < x-amz-id-2: 85++P+gkHujo8I+VsUoY0HJ7hLRDeYfJSVj6S0mkzcKcAzL/nj5+vI4RY63geJ45 > x-amz-id-2: UEio6eGIH72xHxxJnHdHT98hRsWuu9AvTPSBoa5zepi0TGoGvW3srWT2+YlnwHAa www.amazon.com does Load-balancing. Found via Methods: HTTP[Diff] |
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.