Friday, December 23, 2011

Command Line Tips

Here is some of command line tricks that can help you a lot.
I am working on this post So you will get more and more...

1.) Using vim to see Calender of two years in single window.

#vim -O <(cal 2011) <(cal 2012)
Here -O     Open  one window for each file.

2.) ifconfig eth0;sleep 60;ifconfig eth0)|grep "RX bytes"

# Pass two runs of ifconfig 60 seconds apart through the same grep using a subshell.

[root@server2 ~]#(ifconfig eth0;sleep 60;ifconfig eth0)|grep "RX bytes"
          RX bytes:332299170 (316.9 MiB)  TX bytes:21752930 (20.7 MiB)
          RX bytes:337602454 (321.9 MiB)  TX bytes:21927669 (20.9 MiB

3.) Here is One line coding for getting status of all init.d scripts(services) and store result in a file

root@primary ~] for i in /etc/init.d/*; do echo -e $i status:; echo -e "\t";$i status ;echo -e "\n"; done > ~/daemon_status_list

Dated : 19-Oct-2011
4.) Command to display list of top files or directories size wise.

#for X in $(du -s * | sort -nr | cut -f 2| head -n 2); do     du -hs $X; done 

5.) Execute a command at a given time
#echo "ls -l" | at
e.g. Suppose you want to dispaly the list of current working directory at your current terminal. then use following command:
#echo "ls -l > $(tty)" | at 13:46

You can also make use of this trick according to your requirements.


6) Using column Command:




7.) Using Regular Expression to exclude some of Directories.
[root@test]~# ll -d  /*
drwxr-xr-x   2 root   root      4096 May 31 04:02 /bin
drwxr-xr-x   3 root   root      1024 May 29 00:17 /boot
drwxr-xr-x   3 root   root      4096 May 28 02:33 /customer
drwxr-xr-x  12 root   root      3660 Sep 19 03:28 /dev
drwxr-xr-x  88 root   root     12288 Nov 16 06:49 /etc
drwxr-xr-x   2 root   root      4096 Aug  8  2008 /home
drwxrwxrwx  17 root   root      4096 Oct 31 03:37 /local
dr-xr-xr-x 395 root   root         0 Sep 18 23:26 /proc


Exclude all directory starting from d,p and l
[root@ph132704]~# ll -d  /[!d,p,l]*
drwxr-xr-x  2 root   root      4096 May 31 04:02 /bin
drwxr-xr-x  3 root   root      1024 May 29 00:17 /boot
drwxr-xr-x  3 root   root      4096 May 28 02:33 /customer
drwxr-xr-x 88 root   root     12288 Nov 16 06:49 /etc
drwxr-xr-x  2 root   root      4096 Aug  8  2008 /home

This can be helpful while using du and want to exclude some directories.
[root@test]~# du -sh /[!c-z]*
7.7M    /bin
19M     /boot


!Enjoy CLI Mode

Excuse for typo
Kuldeep Sharma









Monday, December 12, 2011

Hard Link Vs Soft Link in Linux

A Link is a connection of one file with other.

Links allow more than one file name to refer to the same file, elsewhere. In Linux we make the use of ln command to create links of a file.

There are two types of links, both of which are created by ln:
  • symbolic links, which refer to a symbolic path indicating the abstract location of another file, and
  • hard links, which refer to the specific location of physical data.
These links behave differently when the source of the link (what is being linked to) is moved or removed. Symbolic links are not updated (they merely contain a string which is the pathname of its target); hard links always refer to the source, even if moved or removed.

For  symbolic links we make use of ln -s and for hard links we make use of ln command as shown below :
1.) symbolic links : 
[root@server199 ks]# ln -s sed.sh softlink.sh 
[root@server199 ks]# ll -rs
total 8
0 lrwxrwxrwx 1 root root   6 Dec 12 18:03 softlink.sh -> sed.sh
4 -rw-r--r-- 2 root root 107 Dec 11 18:34 sed.sh
4 -rw-r--r-- 2 root root 107 Dec 11 18:34 hardlink.sh
 
2.) hard links : 
[root@server199 ks]# ll
total 4
-rw-r--r-- 1 root root 107 Dec 11 18:34 sed.sh
[root@server199 ks]# ln sed.sh hardlink.sh 
[root@server199 ks]# ll
total 8
-rw-r--r-- 2 root root 107 Dec 11 18:34 hardlink.sh
-rw-r--r-- 2 root root 107 Dec 11 18:34 sed.sh

Here I am not going in deep just wonna to share difference between these two.
1.) Hard Link create a link file having same contents as in original file like symbolic Link does. But In Hark link both files have same i-node number.
e.g.
[root@server199 ks]# ll -i
total 8
7897090 -rw-r--r-- 2 root root 107 Dec 11 18:34 hardlink.sh
7897090 -rw-r--r-- 2 root root 107 Dec 11 18:34 sed.sh
[root@server199 ks]# ll -i
total 8
7897090 -rw-r--r-- 2 root root 107 Dec 11 18:34 sed.sh
7897091 lrwxrwxrwx 1 root root   6 Dec 12 18:03 softlink.sh -> sed.sh

2.) Hard Link Can not be created on Directories, But Symbolic Link can be.
e.g.
[root@server199 ks]# ln test/ dirhardlink
ln: `test/': hard link not allowed for directory
[root@server199 ks]# ln -s test/ dirsoftlink
[root@server199 ks]# ll
total 12
lrwxrwxrwx 1 root root    5 Dec 12 18:10 dirsoftlink -> test/
drwxr-xr-x 2 root root 4096 Dec 12 18:08 test
 3.) If you delete original file then through Hard Link you can still access the contents of file but not applicable in case of Soft Links.
e.g.
[root@server199 ks]# ll -i
total 8
7897090 -rw-r--r-- 2 root root 107 Dec 11 18:34 hardlink.sh
7897090 -rw-r--r-- 2 root root 107 Dec 11 18:34 sed.sh
7897091 lrwxrwxrwx 1 root root   6 Dec 12 18:15 softlink.sh -> sed.sh

[root@server199 ks]# rm -rf sed.sh

[root@server199 ks]# cat hardlink.sh
 HI This is testing File for testing working function of sed for converting small letters to capital ones.

[root@server199 ks]# cat softlink.sh
cat: softlink.sh: No such file or directory

[root@server199 ks]# ll
total 4
-rw-r--r-- 1 root root 107 Dec 11 18:34 hardlink.sh
lrwxrwxrwx 1 root root   6 Dec 12 18:15 softlink.sh -> sed.sh
[root@server199 ks]#

If you have some more then please share.

!Enjoy Linux
Kuldeep Sharma

Thursday, December 8, 2011

Block Ping Linux

How to block all incoming ping linux

Steps to block:
1)Just edit this file /etc/sysctl.conf
2)Next look for this line:
net.ipv4.icmp_echo_ignore_all

NOTE: if you dont find net.ipv4.icmp_echo_ignore_all then simply added to the last line be sure the the value is equals to 1.
So make it look like this:
net.ipv4.icmp_echo_ignore_all = 1

After that to make changes effective without rebooting run following command:
#sysctl -p

!Enjoy Linux

Kuldeep Sharma

Wednesday, December 7, 2011

tcpdump Packet Analyser some interesting commands

tcpdump command is also called as packet analyzer.


Mr. tcpdump




 tcpdump command will work on most flavors of unix operating system. tcpdump allows us to save the packets that are captured, so that we can use it for future analysis. The saved file can be viewed by the same tcpdump command. We can also use open source software like wireshark to read the tcpdump pcap files.
In this tcpdump tutorial, let us discuss some practical examples on how to use the tcpdump command.

1. Capture packets from a particular ethernet interface using tcpdump -i :

When you execute tcpdump command without any option, it will capture all the packets flowing through all the interfaces. -i option with tcpdump command, allows you to filter on a particular ethernet interface.

[root@server199 ~]# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
13:54:40.373435 IP server199.ssh > openfiler.cst-port: P 2206499536:2206499732(196) ack 474299364 win 17152
13:54:40.373602 IP server199.ssh > openfiler.cst-port: P 196:344(148) ack 1 win 17152
13:54:40.373664 IP openfiler.cst-port > server199.ssh: . ack 196 win 65183
13:54:40.383680 IP server199.ssh > openfiler.cst-port: P 344:556(212) ack 1 win 17152
13:54:40.383766 IP server199.ssh > openfiler.cst-port: P 556:688(132) ack 1 win 17152
13:54:40.383796 IP server199.ssh > openfiler.cst-port: P 688:820(132) ack 1 win 17152
13:54:40.384319 IP openfiler.cst-port > server199.ssh: . ack 556 win 64823 
Note: Editcap utility is used to select or remove specific packets from dump file and translate them into a given format

2. Capture only N number of packets using tcpdump -c :

[root@server199 ~]# tcpdump -c 2 -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
13:55:52.542557 IP server199.ssh > openfiler.cst-port: P 2206531760:2206531876(116) ack 474300768 win 17152
13:55:52.542761 IP server199.ssh > openfiler.cst-port: P 116:232(116) ack 1 win 17152
2 packets captured
2 packets received by filter
0 packets dropped by kernel
Note: Mergecap and TShark: Mergecap is a packet dump combining tool, which will combine multiple dumps into a single dump file. Tshark is a powerful tool to capture network packets, which can be used to analyze the network traffic. It comes with wireshark network analyzer distribution.

3. Display Captured Packets in ASCII using tcpdump -A :

[root@server199 ~]# tcpdump -c 2 -A -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
13:57:46.459720 IP server199.ssh > openfiler.cst-port: P 2206533564:2206533760(196) ack 474301600 win 17152
E....M@.@....................ED.P.C.....MJ.Pje. .c...-...(.....f...n.._..p.E%.b/=p
13:57:46.460333 IP openfiler.cst-port > server199.ssh: . ack 196 win 64355
E..(h.@..................ED.....P..c2.........
2 packets captured
2 packets received by filter
0 packets dropped by kernel

Note: Ifconfig command is used to configure network interfaces.

4. Display Captured Packets in HEX and ASCII using tcpdump -XX :

[root@server199 ~]# tcpdump -c 2 -XX -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
13:59:49.457052 IP server199.ssh > openfiler.cst-port: P 2206535128:2206535244(116) ack 474302276 win 17152
        0x0000:  001c c0f8 3f33 001c c0f8 3ea9 0800 4510  ....?3....>...E.
        0x0010:  009c f660 4000 4006 bdcf c0a8 02c7 c0a8  ...`@.@.........
        0x0020:  0204 0016 0e9e 8385 0dd8 1c45 4744 5018  ...........EGDP.
        0x0030:  4300 2a59 0000 c1de 4234 01e9 091c aea1  C.*Y....B4......
        0x0040:  7b6e 8ce8 a715 2061 ff71 d2ca 5c8e 0a16  {n.....a.q..\...
        0x0050:  43c5 fd43 4f92 2828 5bb5 548e e274 679d  C..CO.(([.T..tg.
13:59:49.457362 IP server199.ssh > openfiler.cst-port: P 116:232(116) ack 1 win 17152
        0x0000:  001c c0f8 3f33 001c c0f8 3ea9 0800 4510  ....?3....>...E.
        0x0010:  009c f661 4000 4006 bdce c0a8 02c7 c0a8  ...a@.@.........
        0x0020:  0204 0016 0e9e 8385 0e4c 1c45 4744 5018  .........L.EGDP.
        0x0030:  4300 f842 0000 95c8 c2ab 1ee9 e99d b7a6  C..B............
        0x0040:  87ba fa85 23c7 fb4e 9c70 dc98 0b29 0968  ....#..N.p...).h
        0x0050:  ae08 afcc 49e7 2c8b a13e f294 2d34 2f22  ....I.,..>..-4/"
2 packets captured
2 packets received by filter
0 packets dropped by kernel

5. Capture the packets and write into a file using tcpdump -w :

[root@server199 ~]# tcpdump -w test.pcap -c 2 -XX -i eth1
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2 packets captured
2 packets received by filter
0 packets dropped by kernel

6. Reading the packets from a saved file using tcpdump -r :

[root@server199 ~]# tcpdump -tttt -r test.pcap
reading from file test.pcap, link-type EN10MB (Ethernet)
2011-12-07 14:00:55.509268 IP server199.ssh > openfiler.cst-port: P 2206541352:2206541484(132) ack 474305448 win 17152
2011-12-07 14:00:55.509869 IP openfiler.cst-port > server199.ssh: . ack 132 win 65351

Here -tttt option will show output date wise.

7. Capture packets with IP address using tcpdump -n :

[root@server199 ~]# tcpdump -c 2 -n  -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:03:52.239579 IP 192.168.2.199.ssh > 192.168.2.4.cst-port: P 2206560936:2206561052(116) ack 474312884 win 17152
14:03:52.239638 IP 192.168.2.199.ssh > 192.168.2.4.cst-port: P 116:232(116) ack 1 win 17152
2 packets captured
2 packets received by filter
0 packets dropped by kernel


8. Capture packets with proper readable timestamp using tcpdump -tttt :

[root@server199 ~]# tcpdump -c 2 -tttt  -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:05:11.288023 IP server199.ssh > openfiler.cst-port: P 2206563600:2206563716(116) ack 474314496 win 17152
2011-12-07 14:05:11.288165 IP server199.ssh > openfiler.cst-port: P 116:232(116) ack 1 win 17152
2 packets captured
2 packets received by filter
0 packets dropped by kernel

9. Read packets longer than or less than N bytes :

[root@server199 ~]# tcpdump -c 2 -tttt  -i eth1 greater 100
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:06:18.691421 IP server199.ssh > openfiler.cst-port: P 2206569996:2206570112(116) ack 474317356 win 17152
2011-12-07 14:06:18.691579 IP server199.ssh > openfiler.cst-port: P 116:232(116) ack 1 win 17152
2 packets captured
2 packets received by filter
0 packets dropped by kernel
 [root@server199 ~]# tcpdump -c 2 -tttt  -i eth1 less 50
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:09:48.091340 arp reply server199 is-at 00:1c:c0:f8:3e:a9 (oui Unknown)
2011-12-07 14:10:16.094128 arp reply server199 is-at 00:1c:c0:f8:3e:a9 (oui Unknown)
2 packets captured
5 packets received by filter
0 packets dropped by kernel

10. Receive only the packets of a specific protocol type :

You can receive the packets based on the protocol type. You can specify one of these protocols — fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. The following example captures only arp packets flowing through the eth0 interface.

[root@server199 ~]# tcpdump -c 2 -tttt  -i eth1 udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:08:03.755831 IP server199.43143 > 202.138.97.193.domain:  9720+ AAAA? www.desimusic.com. (35)
2011-12-07 14:08:03.776733 IP server199.35734 > 202.138.97.193.domain:  20852+ PTR? 193.97.138.202.in-addr.arpa. (45)
2 packets captured
5 packets received by filter
0 packets dropped by kernel

11. Receive packets flows on a particular port using tcpdump port :

If you want to know all the packets received by a particular port on a machine, you can use tcpdump command as shown below.

[root@server199 ~]# tcpdump -c 2 -tttt  -i eth1 port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:11:04.494260 IP server199.ssh > openfiler.cst-port: P 2206581484:2206581680(196) ack 474322660 win 17152
2011-12-07 14:11:04.494604 IP openfiler.cst-port > server199.ssh: . ack 196 win 65535
2 packets captured
6 packets received by filter
0 packets dropped by kernel 

12. Capture packets for particular destination IP and Port

The packets will have source and destination IP and port numbers. Using tcpdump we can apply filters on source or destination IP and port number. The following command captures packets flows in eth1, with a particular destination ip and port number 22.
 [root@server199 ~]# tcpdump -c 2 -n -tttt  -i eth1 dst 192.168.2.4 and port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:12:15.542430 IP 192.168.2.199.ssh > 192.168.2.4.cst-port: P 2206587440:2206587556(116) ack 474326612 win 17152
2011-12-07 14:12:15.542499 IP 192.168.2.199.ssh > 192.168.2.4.cst-port: P 116:232(116) ack 1 win 17152
2 packets captured
2 packets received by filter
0 packets dropped by kernel

13. Capture TCP communication packets between two hosts: 

If two different process from two different machines are communicating through tcp protocol, we can capture those packets using tcpdump as shown below.

[root@server199 ~]# tcpdump -c 2 -w comm.pcap -i eth1 dst 192.168.2.4 and port 22
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2 packets captured
4 packets received by filter
0 packets dropped by kernel 

14. tcpdump Filter Packets – Capture all the packets other than arp and rarp:

In tcpdump command, you can give “and”, “or” and “not” condition to filter the packets accordingly.
[root@server199 ~]# tcpdump -i eth1 not arp and not rarp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:18:45.414205 IP server199.ssh > openfiler.cst-port: P 2206634628:2206634824(196) ack 474348588 win 17152
14:18:45.414821 IP openfiler.cst-port > server199.ssh: . ack 196 win 64195
14:18:45.567644 IP server199.ssh > openfiler.cst-port: P 196:344(148) ack 1 win 17152
14:18:45.567712 IP server199.ssh > openfiler.cst-port: P 344:460(116) ack 1 win 17152
14:18:45.567781 IP server199.ssh > openfiler.cst-port: P 460:592(132) ack 1 win 17152
14:18:45.568467 IP openfiler.cst-port > server199.ssh: . ack 460 win 65535

!Enjoy working with tcpdump Packaet Analyser
A Special Thanks to The Geek Stuff Admin.
Kuldeep Sharma

 



Friday, December 2, 2011

Renaming Multiple files at Once

 Renaming Multiple files at Once
#for i in *.arc;
  do
        mv "$i" "${i/.arc}".dbf;
   done

This is just simple one. There are lots of ways to do same task. I will come with those very soon,


!Enjoy Linux

Kuldeep Sharma

Wednesday, October 12, 2011

Find information about NIC in Linux

Hi All,
          In some scenarios, we want to find out the performance factors of our NIC card attached. Because, if we are working on network for doing some work, then surely we need to transfer data from one system to other. Maximum performance depends on the configuration of NIC Card we are using.
                          
           So here are some command Line tools in Linux to find out useful info.
1.) ethtool
2.) mii-tool
3.) dmesg

1.) ethtool:

[root@server199 ~]# ethtool eth1
Settings for eth1:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Advertised auto-negotiation: Yes
        Speed: 100Mb/s
        Duplex: Full
        Port: Twisted Pair
        PHYAD: 2
        Transceiver: internal
        Auto-negotiation: on
        Supports Wake-on: d
        Wake-on: d
        Current message level: 0x00000001 (1)
        Link detected: yes


2.) mii-tool:

[root@server199 ~]# mii-tool -v eth1
SIOCGMIIREG on eth1 failed: Input/output error
eth1: negotiated 100baseTx-FD flow-control, link ok
  product info: vendor 00:50:43, model 11 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control


3.) dmesg:

 [root@server199 ~]# dmesg | grep -i eth1
e1000e: eth1 NIC Link is Down
e1000e: eth1 NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX/TX
eth1: 10/100 speed: disabling TSO
e1000e: eth1 NIC Link is Down
e1000e: eth1 NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX/TX
eth1: 10/100 speed: disabling TSO


Some Terms:
Half-Duplex:
                      A half-duplex (HDX) system provides communication in both directions, but only one direction at a time (not simultaneously).

Full-Duplex:
                      A full-duplex (FDX), or sometimes double-duplex system, allows communication in both directions, and, unlike half-duplex, allows this to happen simultaneously.



   !Hope You will Enjoy

Kuldeep Sharma

Monday, October 3, 2011

Moving Iptables logs to different file

Dear All,
              Today I am going to post regarding the Iptable logs. I was getting iptable in /var/log/messages, so its getting difficult to check other messages from /var/log/messages as iptables generates a huge bulk of logs.


           So for that I decided to move iptables log to different directory. For this we have to do changes in foolowing configuration files.
1.) /etc/syslog.conf
In the above file append the following line.
kern.warning                                            /home/log/iptables.log

Also as before I was getting all iptables log in /var/log/messages, So need to do some more changes in syslog.conf file as change below line...

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none         /var/log/messages

               to.....................

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;kernel.warning         /var/log/messages

Now just restart the syslogd daemon.

[root@gateway ~]# /etc/init.d/syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]
[root@gateway ~]#



You can now see all iptables message logged to /home/log/iptables.log file:

[root@gateway ~]# tailf /home/log/iptables.log
Oct  4 00:33:06 gateway last message repeated 2 times
Oct  4 00:33:06 gateway kernel: IN=eth1 OUT=


   !Enjoy Linux
Kuldeep Sharma

Saturday, October 1, 2011

How DHCP Server Works?

Hi Friends,
                 Here I am going to post the whole process about the Interaction between DHCP Client and DHCP Server(How a DHCP client communicate with DHCP Server to get an IP Address).

                         DHCP is a very common protocol and we often here about it. DHCP is much more complex than it looks. DHCP IP address assignment process goes through a few steps explained in this article.
            DHCP stands for Dynamic Host Configuration Protocol and is used to automatically assign IP configuration to hosts connecting to a network. The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCPIP network. DHCP is based on the Bootstrap Protocol (BOOTP)A DHCP client makes a request to a DHCP server that may or may not reside on the same subnet. The automatic distribution of IP configuration information to hosts eases the administrative burden of maintaining IP networks. In its simplest form, DHCP distributes the IP address, subnet mask and default gateway to a host, but can include other configuration parameters such as name servers and netbios configuration.
A DHCP client goes through six stages during the DHCP process. These stages are:
  • Initializing
  • Selecting
  • Requesting
  • Binding
  • Renewing
  • Rebinding 
DHCP Client and DHCP Server Interaction




                            
          The DHCP client starts the DHCP process by issuing a DHCPDISCOVER message to its local subnet on UDP port 67. Since the client does not know what subnet it belongs to, a general broadcast is used (destination address 255.255.255.255). If the DHCP server is located on a different subnet, a DHCP-relay agent must be used. The DHCP-relay agent can take several forms. The ip-helper IOS command is used to set up a DHCP-relay agent on a Cisco router.

         The DHCP-relay agent forwards the DHCPDISCOVER message to a subnet that contains a DHCP server. Once the DHCP server receives the DHCPDISCOVER message, it replies with a DHCPOFFER message. The DHCPOFFER message contains the IP configuration information for the client. THE DHCPOFFER message is sent as a broadcast on UDP port 68. The client will know that the DHCPOFFER message is intended for it because the client's MAC address is included in the message. If the client is on a different subnet than the server, the message is sent unicast to the DHCP-relay agent on UDP port 67. The DHCP-relay agent broadcasts the DHCPOFFER on the client's subnet on UDP port 68.

           After the client receives the DHCPOFFER, it sends a DHCPREQUEST message to the server. The DHCPREQUEST message informs the server that it accepts the parameters offered in the DHCPOFFER message. The DHCPREQUEST is a broadcast message, but it includes the MAC address of the server, so that other DHCP servers on the network will know which server is serving the client.

            The DHCP server will send a DHCPACK message to the client to acknowledge the DHCPREQUEST. The DHCPACK message contains all the configuration information that was requested by the client. After the client receives the DHCPACK, it binds the IP address and is ready to communicate on the network. If the server is unable to provide the requested configuration, it sends a DHCPNACK message to the client. The client will resend the DHCPREQUEST message. If the DHCPREQUEST message does not return a DHCPACK after four attempts, the client will start the DHCP process from the beginning and send a new DHCPDISCOVER message.

           After the client receives the DHCPACK, it will send out an ARP request for the IP address assigned. If it gets a reply to the ARP request, the IP address is already in use on the network. The client then sends a DHCPDECLINE to the server and sends a new DHCPREQUEST. This step is optional, and is often not performed.

         Since the DHCP works on broadcast, two pc which are on different networks (or VLANs) cannot work on the DHCP protocol. Does that mean we should have one dedicated server of DHCP in each vlan? No … in Cisco devices IP helper-address command helps to broadcast DHCP messages from one vlan to other vlan.

       Regards
Kuldeep Sharma

Tuesday, September 6, 2011

Service does not support chkconfig error

Hi Friends,
                  As u all know in Redhat or other derived distros to add any service to runlevel we make use of chkconfig  command as given below:

#chkconfig --level *runlevel* *service name* on/off

But before that we have to add that particular service to chkconfig, without adding this we can not run above command. So to add a service to chkconfig use following syntax:

#chkconfig --add  *service name*

But sometimes what happens when we run this command, we get following error message as:  service test does not support chkconfig.

So to this working you have to add following line just after the shebang/hashbang  #!/bin/sh or #!/bin/bash.
 
#chkconfig: 2345 95 20
# description: Description of the script
# processname:test
 
The first line, even if commented, is used by chkconfig and must be present defines that on runlevels 2,3,4 and 5, this subsystem will be activated with priority 95 (one of the lasts), and deactivated with priority 20 (one of the firsts).

Congratulations next time you’ll boot your server it’ll automatically the configured service, squid in this example.
 
!Hope this will Help you
Kuldeep

bash: ./iptest.sh: /bin/bash: bad interpreter: Permission denied

Hello All,
               Recently I have faced an interesting issue during command execution. I have given executable permission, But still getting permission denied error like "bash: ./iptest.sh: /bin/bash: bad interpreter: Permission denied"

I have done some searching and finally found exact issue. Actually I was working on my externally USB hard Disk. So by default it mounts with executable permission. Let me show you below:

Before doing any changes(default mount)
[root@server199 scripts]# ./iptest.sh
bash: ./iptest.sh: /bin/bash: bad interpreter: Permission denied

Now I have check default permission on mounted Disk

[root@server199 ~]# mount | grep disk
/dev/sdb1 on /media/disk type vfat (rw,noexec,nosuid,nodev,shortname=winnt,uid=0)

So its mounted with noexec Permission.

Now remount Disk with Executable permissions as shown below and then check:

[root@server199 ~]# cd

[root@server199 ~]# mount -t vfat /dev/sdb1 /media/disk/ -oremount,rw,exec,nosuid,nodev

[root@server199 ~]# mount | grep disk
/dev/sdb1 on /media/disk type vfat (rw,nosuid,nodev)

[root@server199 ~]# cd /media/disk/scripts/

[root@server199 scripts]# ./iptest.sh
enter ip adress
192.168.2.102
you have enterde valid ip adress

!Feel free to Ask
:)
Kuldeep

Thursday, August 25, 2011

Replacing a string recurcively in all files of a folder in Linux

Today I have come to a situation in which I have to search for a particular string in a Directory/Directories recurcively and if found, then have to replace with other string.
                  So here is simple one line command using for loop or you can also make a good script using the below command.

Go to directory where you have to search the particular and fire below command.

# for file in $(grep -rli *string to search* *);           
   do  
          sed -i 's/*string to search*/*String to be replaced*/g' $file; 
  done

Note : * at end of grep is compulsory, but don't put with string you want to search. eg if you want search linux then write linux not *linux*. The * at end of grep command is astrerisk for searching all files.

Where,
Option with grep do following tasks..
-r : For recurcively search
-i : For all matches(whether small or capital)
-l : Stop after fisrt occurence

Option with sed do following tasks..
-i : edit the orginal file permanently
Note : if -e option with sed shows you result on screen and do not change the contents of file permanetly.

Tuesday, August 23, 2011

Secure WEb-Console and JMX-Console in Jboss

Hi All,
            Here I am posting my first video on How to Secure web-console and jmx-console in JBOSS 5.1GA.





!Enjoy
Feel free to comment...

Setting PXE Network Boot Server in Linux

Dear All,
               Here I am showing you another way to configure PXE Network Boot Server on Linux. I have shown this in my previous post PXE(Preboot eXecution Environment) Installation and Configuration . This will be really helpful when you have no CD/DVD Drive in your Client System.

Requirements : You will need following thing to be configure for this...
  • A DHCP server
  • A TFTP server (tftpd-hpa)
  • vmlinuz and initrd.img from your distribution of choice
  • The PXELINUX.0 boot loader and a suitable config file
  • Network installation Server that may be NFS, FTP, or HTTP. Here I am using ftp server. 
  • system-config-netboot package for pxeos commands.
Note : My server IP -- 192.168.2.199

1.) Install the TFTP server:
Ensure you use the tftpd-hpa package, as PXELINUX requires that the boot server has a TFTP server which supports the “tsize” TFTP option. If you don’t use tftpd-hpa you will most likely see an error such as ‘TFTP server does not support the tsize option’.
              You can make use of yum or can download it from net. I am showing you comtents of "/etc/xinetd.d/tftp" here
[root@server199 ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args        = -s /tftpboot   [-- my Dir where I have configure ftp Server]
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}



2.) Install and configure dhcp server:
                        I am not going in detail of dhcp server just showing you contents of dhcpd.conf file.


[root@server199 ~]# cat /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;

allow booting;
allow bootp;
class "pxeclients" {
      match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
      next-server 192.168.2.199;
      filename "linux-install/pxelinux.0";
}


subnet 192.168.2.0 netmask 255.255.255.0 {

# --- default gateway
        option routers                  192.168.2.1;
        option subnet-mask              255.255.255.0;

#       option nis-domain               "domain.org";
#        option domain-name             "xalted.org";
        option domain-name-servers      192.168.0.1;

        option time-offset              -18000; # Eastern Standard Time
#       option ntp-servers              192.168.1.1;
#       option netbios-name-servers     192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
#       option netbios-node-type 2;

        range dynamic-bootp 192.168.2.10 192.168.2.197;
        default-lease-time 21600;
        max-lease-time 43200;

       
}

3.) Setting up PXELINUX:
                    
PXELINUX is a SYSLINUX derivative, for booting Linux off a network server. Essentially, it is used to load a linux kernel of your choice on to your machine. You specify which kernel to load in a config file. You can download the latest pxelinux.0 file from kernel.org. You will need to extract it from the syslinux archive .
You are going to be creating a folder structure that will eventually look like this:


[root@server199 /]# mkdir -p /tftpboot/linux-install/
[root@server199 /]# mkdir -p /tftpboot/linux-install/pxelinux.cfg
[root@server199 /]# touch /tftpboot/linux-install/pxelinux.cfg/default
[root@server199 /]# mkdir -p /tftpboot/linux-install/distros
[root@server199 /]# mkdir -p /tftpboot/linux-install/distros/centos5.6
[root@server199 /]# vi /tftpboot/linux-install/pxelinux.cfg/default
[root@server199 pxelinux.cfg]# cat default
default local
timeout 100
prompt 1
display msgs/boot.msg
F1 msgs/boot.msg
F2 msgs/general.msg
F3 msgs/expert.msg
F4 msgs/param.msg
F5 msgs/rescue.msg
F7 msgs/snake.msg

label 0
  localboot 1

label 1
  kernel centos/vmlinuz
  append initrd=centos/initrd.img ramdisk_size=8419 method=ftp://192.168.2.199/centos5.6 ip=dhcp
[root@server199 pxelinux.cfg]#
[root@server199 pxelinux.cfg]#
[root@server199 pxelinux.cfg]# cat /tftpboot/linux-install/menu.msg

                          .-=-.          .--.
              __        .'     '.       /  " )
      _     .'  '.     /   .-.   \     /  .-'0c\0a
     ( \   / .-.  \   /   /   \   \   /  /    0c^0a
      \ `-` /   \  `-'   /     \   `-`  /
       `-.-`     '.____.'       `.____.'
07
                                       _
  __ _ _ __   __ _  ___ ___  _ __   __| | __ _
 / _` | '_ \ / _` |/ __/ _ \| '_ \ / _` |/ _` |
| (_| | | | | (_| | (_| (_) | | | | (_| | (_| |
 \__,_|_| |_|\__,_|\___\___/|_| |_|\__,_|\__,_|

07

Choose one of the following labels in order to boot:
- linux (localboot)
- centos5.6

[root@server199 ~]# tree -d /tftpboot/
/tftpboot/  -----------Manual Created
`-- linux-install----------Manual Created
    |-- centos-----------
    |-- distros----------        Manual Created
    |   `-- centos5.6  ....Manual Created
    |       |-- CentOS
    |       |-- NOTES
    |       |-- images
    |       |   |-- pxeboot
    |       |   `-- xen
    |       |-- isolinux
    |       `-- repodata
    |-- msgs  ------------ Manual Created
    `-- pxelinux.cfg   --------  Manual Created

13 directories
[root@server199 linux-install]# tree msgs/
msgs/   --- Manual Created
`-- boot.msg   ---- Manual Created

0 directories, 1 file
[root@server199 linux-install]# pwd
/tftpboot/linux-install
[root@server199 linux-install]# ll
total 48
drwxr-xr-x 2 root root  4096 Aug 22 12:42 centos
drwxr-xr-x 3 root root  4096 Aug 22 11:36 distros
-rw-r--r-- 1 root root   620 Aug 22 11:41 menu.msg   
drwxr-xr-x 2 root root  4096 Aug 22 12:45 msgs
-rw-r--r-- 1 root root 26442 Aug 22 11:45 pxelinux.0
drwxr-xr-x 2 root root  4096 Aug 23 12:44 pxelinux.cfg
[root@server199 linux-install]#

4.) Setting up ftp Server :
                             Finally Setup ftp server. You can install vsftpd using yum or can download from net. I am just showing you my vsftpd.conf file.


[root@server199 ~]# cat /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=NO
tcp_wrappers=YES
vsftpd_log_file=/var/log/vsftpd.log
# Allow anonymous FTP?
anon_max_rate=0
anon_mkdir_write_enable=NO
anon_root=/tftpboot/linux-install/distros
anon_world_readable_only=YES
anon_umask=0022
anon_upload_enable=NO
anon_other_write_enable=NO
no_anon_password=NO
userlist_deny=NO







Now copy the Centos5.6 DVD to location "/tftpboot/linux-install/distros".
[root@server199 distros]# ll
total 4 drwxr-xr-x 7 root root 4096 Aug 22 12:03 centos5.6
[root@server199 distros]# cd centos5.6/
[root@server199 centos5.6]# ls
CentOS      NOTES                  RELEASE-NOTES-en.html     RELEASE-NOTES-fr.html  RELEASE-NOTES-pt_BR.html  TRANS.TBL
EULA        RELEASE-NOTES-cs       RELEASE-NOTES-en_US       RELEASE-NOTES-ja       RELEASE-NOTES-ro          vmlinuz
GPL         RELEASE-NOTES-cs.html  RELEASE-NOTES-en_US.html  RELEASE-NOTES-ja.html  RELEASE-NOTES-ro.html
images      RELEASE-NOTES-de       RELEASE-NOTES-es          RELEASE-NOTES-nl       repodata
initrd.img  RELEASE-NOTES-de.html  RELEASE-NOTES-es.html     RELEASE-NOTES-nl.html  RPM-GPG-KEY-beta
isolinux    RELEASE-NOTES-en       RELEASE-NOTES-fr          RELEASE-NOTES-pt_BR    RPM-GPG-KEY-CentOS-5




Finally restart the following services:

[root@server199 linux-install]# /etc/init.d/xinetd restart
Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]
[root@server199 linux-install]# /etc/init.d/vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]
[root@server199 linux-install]# /etc/init.d/dhcpd restart
Shutting down dhcpd:                                       [  OK  ]
Starting dhcpd:                                            [  OK  ]
[root@server199 linux-install]#

Last Step add "pxeos"  entry by issuing following command:

[root@server199 linux-install]# pxeos -a -i "Centos5.6" -p FTP -D 0 -s 192.168.2.199 -L /centos5.6/ centos
[root@server199 linux-install]#


and then test it from client by changing boot order of client system and make PXE Boot as First boot device.

!Enjoy 
Feel free to comment....



Integrate Jenkins with Azure Key Vault

Jenkins has been one of the most used CI/CD tools. For every tool which we are using in our daily life, it becomes really challenges when ...