See the list of interfaces on which tcpdump can listen
# /usr/sbin/tcpdump -D
Listen on any available interface
# /usr/sbin/tcpdump -i any
Verbose Mode
# /usr/sbin/tcpdump -v
# /usr/sbin/tcpdump -vv
# /usr/sbin/tcpdump -vvv
# /usr/sbin/tcpdump -q
Limit the capture to an number of packets N
# /usr/sbin/tcpdump -c N
Display IP addresses and port numbers when capturing packets
# /usr/sbin/tcpdump -n
Capture any packets where the destination host is 192.168.0.1, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst host 192.168.0.1
Capture any packets where the source host is 192.168.0.1, display IP addresses and port numbers
# /usr/sbin/tcpdump -n src host 192.168.0.1
Capture any packets where the source or destination host is 192.168.0.1, display IP addresses and port numbers
# /usr/sbin/tcpdump -n host 192.168.0.1
Capture any packets where the destination network is 192.168.10.0/24, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst net 192.168.10.0/24
Capture any packets where the source network is 192.168.10.0/24, display IP addresses and port numbers
# /usr/sbin/tcpdump -n src net 192.168.10.0/24
Capture any packets where the source or destination network is 192.168.10.0/24,display IP addresses and port numbers
# /usr/sbin/tcpdump -n net 192.168.10.0/24
Capture any packets where the destination port is 23, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst port 23
Capture any packets where the destination port is is between 1 and 1023 inclusive, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst portrange 1-1023
Capture only TCP packets where the destination port is is between 1 and 1023 inclusive,display IP addresses and port numbers
# /usr/sbin/tcpdump -n tcp dst portrange 1-1023
Capture only UDP packets where the destination port is is between 1 and 1023 inclusive, display IP addresses and port numbers
# /usr/sbin/tcpdump -n udp dst portrange 1-1023
Capture any packets with destination IP 192.168.0.1 and destination port 23,display IP addresses and port numbers
# /usr/sbin/tcpdump -n "dst host 192.168.0.1 and dst port 23"
Capture any packets with destination IP 192.168.0.1 and destination port 80 or 443,display IP addresses and port numbers
# /usr/sbin/tcpdump -n "dst host 192.168.0.1 and (dst port 80 or dst port 443)"
Capture any ICMP packets
# /usr/sbin/tcpdump -v icmp
Capture any ARP packets
# /usr/sbin/tcpdump -v arp
Capture either ICMP or ARP packets
# /usr/sbin/tcpdump -v "icmp or arp"
Capture any packets that are broadcast or multicast
# /usr/sbin/tcpdump -n "broadcast or multicast"
Capture 500 bytes of data for each packet rather than the default of 68 bytes
# /usr/sbin/tcpdump -s 500
Capture all bytes of data within the packet
# /usr/sbin/tcpdump -s 0
Monitor all packets on eth1 interface
# /usr/sbin/tcpdump -i eth1
Monitor all traffic on port 80 ( HTTP )
# /usr/sbin/tcpdump -i eth0 'port 80'
Monitor all traffic on port 25 ( SMTP )
# /usr/sbin/tcpdump -vv -x -X -s 1500 -i eth0 'port 25'
Capture only N number of packets using tcpdump -c
# /usr/sbin/tcpdump -c 2 -i eth0
Display Captured Packets in ASCII using tcpdump -A
# /usr/sbin/tcpdump -A -i eth0
Display Captured Packets in HEX and ASCII using tcpdump -XX
# /usr/sbin/tcpdump -XX -i eth0
Capture the packets and write into a file using tcpdump -w
# /usr/sbin/tcpdump -w data.pcap -i eth0
.pcap is extension
Reading the packets from a saved file using tcpdump -r
# /usr/sbin/tcpdump -tttt -r data.pcap
Capture packets with IP address using tcpdump -n
# /usr/sbin/tcpdump -n -i eth0
Capture packets with proper readable timestamp using tcpdump -tttt
# /usr/sbin/tcpdump -n -tttt -i eth0
Read packets longer than N bytes
# /usr/sbin/tcpdump -w data.pcap greater 1024
Read packets lesser than N bytes
# /usr/sbin/tcpdump -w data1024.pcap less 1024
Receive only the packets of a specific protocol type
# /usr/sbin/tcpdump -i eth0 arp
Receive packets flows on a particular port using tcpdump port
# /usr/sbin/tcpdump -i eth0 port 22
Capture packets for particular destination IP and Port
# /usr/sbin/tcpdump -w data.pcap -i eth0 dst 10.181.140.216 and port 22
Capture TCP communication packets between two hosts
# /usr/sbin/tcpdump -w data.pcap -i eth0 dst 16.181.170.246 and port 22
Tcpdump Filter Packets – Capture all the packets other than arp and rarp
# /usr/sbin/tcpdump -i eth0 not arp and not rarp
How to change the linux hostname?
# hostname
test.com
# hostname server.com
# hostname
server.com
# vi /etc/hostname
server.com
Now restart and see the changes.
How to change MySql root password?
For every database, you should set the root or sa passwords to something other than the default, unless you want to get hacked. For mysql, the system administrator user is called root. You will use the mysqladmin utility from a command line to set the new password.
Syntax:
# mysqladmin -u root password “new_password”
# mysqladmin -u root -h host_name password “new_password”
Example:
# mysqladmin -u root password Pa55w0rD
# mysqladmin -u root -h localhost password linuxgEEks
You need to restart the database server after this change
# /etc/init.d/mysql restart
Syntax:
# mysqladmin -u root password “new_password”
# mysqladmin -u root -h host_name password “new_password”
Example:
# mysqladmin -u root password Pa55w0rD
# mysqladmin -u root -h localhost password linuxgEEks
You need to restart the database server after this change
# /etc/init.d/mysql restart
How To Backup MySQL Database to a file?
Backing up your database is a very important system administration task, and should generally be run from a cron job at scheduled intervals. We will use the mysqldump utility included with mysql to dump the contents of the database to a text file that can be easily re-imported.
Syntax:
# mysqldump -h localhost -u root -pmypassword database_name > dumpfile_name.sql
Example:
# mysqldump -h localhost -u root -pPa55w0rD database110 > backup_file.sql
This will give you a text file containing all the commands required to re-create the database.
Syntax:
# mysqldump -h localhost -u root -pmypassword database_name > dumpfile_name.sql
Example:
# mysqldump -h localhost -u root -pPa55w0rD database110 > backup_file.sql
This will give you a text file containing all the commands required to re-create the database.
How To Set SSH Login Message?
To set ssh login message, its very easy and interesting.
# vi /etc/motd
write the message of your own
######### Welcome to the SSH World #########
### This is the Email Server, please exit properly ###
########################################
Save and Quit
// To check quit the ssh terminal and re-login...
######### Welcome to the SSH World #########
### This is the Email Server, please exit properly ###
########################################
Thats all, Enjoy!!!!!
# vi /etc/motd
write the message of your own
######### Welcome to the SSH World #########
### This is the Email Server, please exit properly ###
########################################
Save and Quit
// To check quit the ssh terminal and re-login...
######### Welcome to the SSH World #########
### This is the Email Server, please exit properly ###
########################################
Thats all, Enjoy!!!!!
nmap in details
nmap is a tool to check the status of ports in any machine
Example1 : To scan a particular system for open ports
#nmap hostname
Example2 : Scanning for a single port on a machine
#nmap –p 22 hostname
–p indicates port.
Example3 : For scanning only ports
#nmap –F hostname
-F is for fast scan and this will not do any other scanning like IP address, hostname, operating system, and uptime etc.
Example4 : Scanning only TCP ports
#nmap –sT hostname
-s is for scanning and T is for only scanning of TCP ports
Example5 : Scanning only UDP ports
#nmap –sU hostname
-U indicates UDP port scanning
Exmaple6 : Scan for ports and get the version of different services running on that machine
#nmap –sV hostname
-V indicates version of each network service running on that host
Example7 : Check which protocol is supported by the remote machine
#nmap –sO hostname
Example8 : Scan a system for operating system and uptime details
# nmap -O hostname
-O is for operating system scan along with default port scan
Example9 : Scan a network
#nmap networkID/subnetmask
For the above command you can try in this way
#nmap x.x.x.x/24
Example1 : To scan a particular system for open ports
#nmap hostname
Example2 : Scanning for a single port on a machine
#nmap –p 22 hostname
–p indicates port.
Example3 : For scanning only ports
#nmap –F hostname
-F is for fast scan and this will not do any other scanning like IP address, hostname, operating system, and uptime etc.
Example4 : Scanning only TCP ports
#nmap –sT hostname
-s is for scanning and T is for only scanning of TCP ports
Example5 : Scanning only UDP ports
#nmap –sU hostname
-U indicates UDP port scanning
Exmaple6 : Scan for ports and get the version of different services running on that machine
#nmap –sV hostname
-V indicates version of each network service running on that host
Example7 : Check which protocol is supported by the remote machine
#nmap –sO hostname
Example8 : Scan a system for operating system and uptime details
# nmap -O hostname
-O is for operating system scan along with default port scan
Example9 : Scan a network
#nmap networkID/subnetmask
For the above command you can try in this way
#nmap x.x.x.x/24
Netstat in Linux
List all ports
# netstat -a | more
List all tcp ports using netstat -at
# netstat -at
List all udp ports using netstat -au
# netstat -au
List only listening ports
# netstat -l
List only listening TCP Ports using netstat -lt
# netstat -lt
List only listening UDP Ports using netstat -lu
# netstat -lu
List only the listening UNIX Ports using netstat -lx
# netstat -lx
Show statistics for all ports
# netstat -s
Show statistics for TCP/UDP ports
# netstat -st
# netstat -su
Display PID and program names
# netstat -pt
Don’t resolve host, port and user name
# netstat -an
Print netstat information continuously
# netstat -c
Find the non supportive Address families in your system
# netstat --verbose
Display the kernel routing information
# netstat -r
Find out on which port a program is running
# netstat -ap | grep ssh
Find out which process is using a particular port
# netstat -an | grep ':80'
Show the list of network interfaces
# netstat -i
Display extended information on the interfaces
# netstat -ie
# netstat -a | more
List all tcp ports using netstat -at
# netstat -at
List all udp ports using netstat -au
# netstat -au
List only listening ports
# netstat -l
List only listening TCP Ports using netstat -lt
# netstat -lt
List only listening UDP Ports using netstat -lu
# netstat -lu
List only the listening UNIX Ports using netstat -lx
# netstat -lx
Show statistics for all ports
# netstat -s
Show statistics for TCP/UDP ports
# netstat -st
# netstat -su
Display PID and program names
# netstat -pt
Don’t resolve host, port and user name
# netstat -an
Print netstat information continuously
# netstat -c
Find the non supportive Address families in your system
# netstat --verbose
Display the kernel routing information
# netstat -r
Find out on which port a program is running
# netstat -ap | grep ssh
Find out which process is using a particular port
# netstat -an | grep ':80'
Show the list of network interfaces
# netstat -i
Display extended information on the interfaces
# netstat -ie
How to install SendMailAnalyser in linux, centOS?
SendmailAnalyzer can work in any platform where Sendmail and Perl could run. What you need is a modern Perl distribution 5.8.x or more is good but older version should also work.
Download sendmailanalyzer-x.x.tar.gz and perform the following opertaions
# tar -zxvf sendmailanalyzer-x.x.tar.gz
# cd sendmailanalyzer-x.x/
# perl Makefile.PL
# make && make install
Start SendmailAnalyzer daemon:
# /usr/local/sendmailanalyzer/sendmailanalyzer -f
Add httpd configuratiosn for SendmailAnalyzer
Alias /sareport /usr/local/sendmailanalyzer/www
<Directory /usr/local/sendmailanalyzer/www>
Options ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex sa_report.cgi
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
# Allow from .example.com
</Directory>
Test:
http://server_ip_address/sareport
Additional tasks to be added in crontab
# SendmailAnalyzer log reporting daily cache
0 1 * * * /usr/local/sendmailanalyzer/sa_cache > /dev/null 2>&1
# On huge MTA you may want to have five minutes caching
#*/5 * * * * /usr/local/sendmailanalyzer/sa_cache -a > /dev/null 2>&1
Logrotate:
/etc/logrotate.d/syslog to restart SendmailAnalyzer when maillog is rotated or create a cron job.
For example:
/var/log/cron /var/log/debug /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler /var/log/syslog
{
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null` 2>/dev/null || true
/PATH_TO/rc.sendmailanalyzer restart >/dev/null 2>&1 || true
# or /etc/rc.d/init.d/sendmailanalyzer restart >/dev/null 2>&1 || true
endscript
}
Download sendmailanalyzer-x.x.tar.gz and perform the following opertaions
# tar -zxvf sendmailanalyzer-x.x.tar.gz
# cd sendmailanalyzer-x.x/
# perl Makefile.PL
# make && make install
Start SendmailAnalyzer daemon:
# /usr/local/sendmailanalyzer/sendmailanalyzer -f
Add httpd configuratiosn for SendmailAnalyzer
Alias /sareport /usr/local/sendmailanalyzer/www
<Directory /usr/local/sendmailanalyzer/www>
Options ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex sa_report.cgi
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
# Allow from .example.com
</Directory>
Test:
http://server_ip_address/sareport
Additional tasks to be added in crontab
# SendmailAnalyzer log reporting daily cache
0 1 * * * /usr/local/sendmailanalyzer/sa_cache > /dev/null 2>&1
# On huge MTA you may want to have five minutes caching
#*/5 * * * * /usr/local/sendmailanalyzer/sa_cache -a > /dev/null 2>&1
Logrotate:
/etc/logrotate.d/syslog to restart SendmailAnalyzer when maillog is rotated or create a cron job.
For example:
/var/log/cron /var/log/debug /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler /var/log/syslog
{
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null` 2>/dev/null || true
/PATH_TO/rc.sendmailanalyzer restart >/dev/null 2>&1 || true
# or /etc/rc.d/init.d/sendmailanalyzer restart >/dev/null 2>&1 || true
endscript
}
How to install darkstat in linux, centOS?
Darkstat - Web Based Network Traffic & Bandwidth Monitoring Tool on Linux
# yum install darkstat
# darkstat -i eth0
Test:
http://ip-address:667
# yum install darkstat
# darkstat -i eth0
Test:
http://ip-address:667
How to install Monitorix in linux, centOS?
-->Monitorix is a lightweight system monitoring tool that can track services and resources of a system. This is one of the best tool to track system activities in simple and easiest way.
It can monitor system attributes like
-->System load
-->Active processes
-->Memory allocation
-->Kernel usage
-->Context switches and forks
-->VFS usage
-->Kernel usage per processor
-->Filesystems usage
-->Disk I/O activity
-->Inode usage
-->Time spent in I/O activity
-->Network traffic and usage
-->IPv4 states
-->IPv6 states
-->Active close
-->Passive close
-->UDP statistics
-->System services demand
-->IMAP and POP3 services
-->SMTP service
-->Network port traffic (Ports: 21, 22, 25, 80, 110, 139, 3306, 53, 143)
-->Users using the system
-->Devices interrupt activity
Installation Procedure
# yum install httpd rrdtool rrdtool-perl perl-libwww-perl perl-MailTools perl-MIME-Lite perl-CGI perl-DBI
Note: Some times on updated package this may not be enough, use the following command to update and download more packages to support the configurations.
# yum -y install rrdtool rrdtool-perl perl-libwww-perl perl-MailTools perl-MIME-Lite perl-CGI perl-DBI perl-XML-Simple perl-Config-General perl-HTTP-Server-Simple perl-IO-Socket-SSL
Download monitorix and install
# rpm -ivh http://www.monitorix.org/monitorix-n.n.n-1.noarch.rpm
After successful installations
# service monitorix start
#chkconfig monitorix on ----> Add to startup
Log file: /var/log/monitorix
Testing:
http://ip-address:8080/monitorix/
Thats all, comments and suggestions are welcome!!
It can monitor system attributes like
-->System load
-->Active processes
-->Memory allocation
-->Kernel usage
-->Context switches and forks
-->VFS usage
-->Kernel usage per processor
-->Filesystems usage
-->Disk I/O activity
-->Inode usage
-->Time spent in I/O activity
-->Network traffic and usage
-->IPv4 states
-->IPv6 states
-->Active close
-->Passive close
-->UDP statistics
-->System services demand
-->IMAP and POP3 services
-->SMTP service
-->Network port traffic (Ports: 21, 22, 25, 80, 110, 139, 3306, 53, 143)
-->Users using the system
-->Devices interrupt activity
Installation Procedure
# yum install httpd rrdtool rrdtool-perl perl-libwww-perl perl-MailTools perl-MIME-Lite perl-CGI perl-DBI
Note: Some times on updated package this may not be enough, use the following command to update and download more packages to support the configurations.
# yum -y install rrdtool rrdtool-perl perl-libwww-perl perl-MailTools perl-MIME-Lite perl-CGI perl-DBI perl-XML-Simple perl-Config-General perl-HTTP-Server-Simple perl-IO-Socket-SSL
Download monitorix and install
# rpm -ivh http://www.monitorix.org/monitorix-n.n.n-1.noarch.rpm
After successful installations
# service monitorix start
#chkconfig monitorix on ----> Add to startup
Log file: /var/log/monitorix
Testing:
http://ip-address:8080/monitorix/
Thats all, comments and suggestions are welcome!!
Subscribe to:
Posts (Atom)