Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

decrypt ngserver.log

Created: 18 Apr 2013 | 4 comments

Hi,

I'm trying to ghsotcast from Server2008 to a workstation (10.80.102.164)

To gather the task progress for reporting purposes, i'm thinking of looking at ngserver.log

But Looks like workstation names\IP Addresses are encoded in some way in the log.

Does anyone know how to decode\make sense of this :

Got status #\Status{ Name = (#[0xE8 0x39 0x35 0x4D 0x42 0x87]), Uuid = #[0x00 0xE8 0xDF 0x7E 0xF6 0x57 0xE1 0x11 0x00 0x00 0xE8 0x39 0x35 0x4D 0x42 0x87], Sequence = 3195476149U, Status = Idle, Platform = Win2k, Version = 720901, Build = 67802, IPADDRESS = 173041331, SUBNETMASK = 4294967232U, ProductVersion = #"115.01.2266" }
4:33:06 PM found client 2405U ip 10.80.102.179:1346 state = Idle

Specifically looking at the below :

  • Name = (#[0xE8 0x39 0x35 0x4D 0x42 0x87])
  • Uuid = #[0x00 0xE8 0xDF 0x7E 0xF6 0x57 0xE1 0x11 0x00 0x00 0xE8 0x39 0x35 0x4D 0x42 0x87]
  • Sequence = 3195476149U
  • IPADDRESS = 173041331
  • SUBNETMASK = 4294967232U

Also, the log says found client 2405U ip 10.80.102.179:1346 .But thats not the client IP i was expecting. The client ip is 10.80.102.164.

Thank you.

Operating Systems:

Comments 4 CommentsJump to latest comment

EdT's picture

What is the workstation name?  Does it have more than one NIC ?

Strings like 0xE8 normally represent hexadecimal.

If your issue has been solved, please use the "Mark as Solution" link on the most relevant thread.

gbzygil's picture

Computername : C002324162083

Just one NIC on it.

Nigel Bree's picture

 Strings like 0xE8 normally represent hexadecimal.

Correct, they are. The machine in question runs an HP network adapter; the "Name" field is a list of MAC addresses for the network adapters in the machine, and thanks to the IEEE OUI Registry you can see from the first three (hexadecimal) octets of any MAC address what the manufacturer of the NIC is.

The UUID is the SMBIOS UUID of the machine which is a 128-bit (16 byte) number that uniquely indicates its identity amongst all machines anywhere (except for Dells).

IPADDRESS = 173041331

This is the originating machine's idea of what its own address is; since an IPv4 address is just a 32-bit number, it happens that the GSS client code I wrote just wraps it as a plain number (rather than a longer piece of binary data) and thus when ngserver prints it it ends up printed as a plain number in decimal rather than one of the special binary formats so you manually have to convert it to hex to make sense of it: in hexadecimal that number is 0x0A 0x50 0x66 0xB3 and taking each of those bytes individually you can convert it to 10.80.102.179

4:33:06 PM found client 2405U ip 10.80.102.179:1346 state = Idle

​This is the sense the server makes of the information it's been given; from the machine UUID and MAC address data, it matched the machine against machine 2405 in the particular console's database; the IP address printed is what the Windows TCP/IP stack says was the originating address that the client used, which from this we can see is the same as the client's own idea of its IP address, and thus shows that no unusual routing is in place.

gbzygil's picture

Thankyou Nigel.

I was able to extract the task progress% from :

'"<<SERVERNAME>>push<<LogId>>" Percent through transfer:XX MB/min: YY'

(Thats after i got the LogId of the task).