Pages

Friday, December 23, 2011

Command Line Tips

Here is some of command line tricks that can help you a lot.
I am working on this post So you will get more and more...

1.) Using vim to see Calender of two years in single window.

#vim -O <(cal 2011) <(cal 2012)
Here -O     Open  one window for each file.

2.) ifconfig eth0;sleep 60;ifconfig eth0)|grep "RX bytes"

# Pass two runs of ifconfig 60 seconds apart through the same grep using a subshell.

[root@server2 ~]#(ifconfig eth0;sleep 60;ifconfig eth0)|grep "RX bytes"
          RX bytes:332299170 (316.9 MiB)  TX bytes:21752930 (20.7 MiB)
          RX bytes:337602454 (321.9 MiB)  TX bytes:21927669 (20.9 MiB

3.) Here is One line coding for getting status of all init.d scripts(services) and store result in a file

root@primary ~] for i in /etc/init.d/*; do echo -e $i status:; echo -e "\t";$i status ;echo -e "\n"; done > ~/daemon_status_list

Dated : 19-Oct-2011
4.) Command to display list of top files or directories size wise.

#for X in $(du -s * | sort -nr | cut -f 2| head -n 2); do     du -hs $X; done 

5.) Execute a command at a given time
#echo "ls -l" | at
e.g. Suppose you want to dispaly the list of current working directory at your current terminal. then use following command:
#echo "ls -l > $(tty)" | at 13:46

You can also make use of this trick according to your requirements.


6) Using column Command:




7.) Using Regular Expression to exclude some of Directories.
[root@test]~# ll -d  /*
drwxr-xr-x   2 root   root      4096 May 31 04:02 /bin
drwxr-xr-x   3 root   root      1024 May 29 00:17 /boot
drwxr-xr-x   3 root   root      4096 May 28 02:33 /customer
drwxr-xr-x  12 root   root      3660 Sep 19 03:28 /dev
drwxr-xr-x  88 root   root     12288 Nov 16 06:49 /etc
drwxr-xr-x   2 root   root      4096 Aug  8  2008 /home
drwxrwxrwx  17 root   root      4096 Oct 31 03:37 /local
dr-xr-xr-x 395 root   root         0 Sep 18 23:26 /proc


Exclude all directory starting from d,p and l
[root@ph132704]~# ll -d  /[!d,p,l]*
drwxr-xr-x  2 root   root      4096 May 31 04:02 /bin
drwxr-xr-x  3 root   root      1024 May 29 00:17 /boot
drwxr-xr-x  3 root   root      4096 May 28 02:33 /customer
drwxr-xr-x 88 root   root     12288 Nov 16 06:49 /etc
drwxr-xr-x  2 root   root      4096 Aug  8  2008 /home

This can be helpful while using du and want to exclude some directories.
[root@test]~# du -sh /[!c-z]*
7.7M    /bin
19M     /boot


!Enjoy CLI Mode

Excuse for typo
Kuldeep Sharma









Monday, December 12, 2011

Hard Link Vs Soft Link in Linux

A Link is a connection of one file with other.

Links allow more than one file name to refer to the same file, elsewhere. In Linux we make the use of ln command to create links of a file.

There are two types of links, both of which are created by ln:
  • symbolic links, which refer to a symbolic path indicating the abstract location of another file, and
  • hard links, which refer to the specific location of physical data.
These links behave differently when the source of the link (what is being linked to) is moved or removed. Symbolic links are not updated (they merely contain a string which is the pathname of its target); hard links always refer to the source, even if moved or removed.

For  symbolic links we make use of ln -s and for hard links we make use of ln command as shown below :
1.) symbolic links : 
[root@server199 ks]# ln -s sed.sh softlink.sh 
[root@server199 ks]# ll -rs
total 8
0 lrwxrwxrwx 1 root root   6 Dec 12 18:03 softlink.sh -> sed.sh
4 -rw-r--r-- 2 root root 107 Dec 11 18:34 sed.sh
4 -rw-r--r-- 2 root root 107 Dec 11 18:34 hardlink.sh
 
2.) hard links : 
[root@server199 ks]# ll
total 4
-rw-r--r-- 1 root root 107 Dec 11 18:34 sed.sh
[root@server199 ks]# ln sed.sh hardlink.sh 
[root@server199 ks]# ll
total 8
-rw-r--r-- 2 root root 107 Dec 11 18:34 hardlink.sh
-rw-r--r-- 2 root root 107 Dec 11 18:34 sed.sh

Here I am not going in deep just wonna to share difference between these two.
1.) Hard Link create a link file having same contents as in original file like symbolic Link does. But In Hark link both files have same i-node number.
e.g.
[root@server199 ks]# ll -i
total 8
7897090 -rw-r--r-- 2 root root 107 Dec 11 18:34 hardlink.sh
7897090 -rw-r--r-- 2 root root 107 Dec 11 18:34 sed.sh
[root@server199 ks]# ll -i
total 8
7897090 -rw-r--r-- 2 root root 107 Dec 11 18:34 sed.sh
7897091 lrwxrwxrwx 1 root root   6 Dec 12 18:03 softlink.sh -> sed.sh

2.) Hard Link Can not be created on Directories, But Symbolic Link can be.
e.g.
[root@server199 ks]# ln test/ dirhardlink
ln: `test/': hard link not allowed for directory
[root@server199 ks]# ln -s test/ dirsoftlink
[root@server199 ks]# ll
total 12
lrwxrwxrwx 1 root root    5 Dec 12 18:10 dirsoftlink -> test/
drwxr-xr-x 2 root root 4096 Dec 12 18:08 test
 3.) If you delete original file then through Hard Link you can still access the contents of file but not applicable in case of Soft Links.
e.g.
[root@server199 ks]# ll -i
total 8
7897090 -rw-r--r-- 2 root root 107 Dec 11 18:34 hardlink.sh
7897090 -rw-r--r-- 2 root root 107 Dec 11 18:34 sed.sh
7897091 lrwxrwxrwx 1 root root   6 Dec 12 18:15 softlink.sh -> sed.sh

[root@server199 ks]# rm -rf sed.sh

[root@server199 ks]# cat hardlink.sh
 HI This is testing File for testing working function of sed for converting small letters to capital ones.

[root@server199 ks]# cat softlink.sh
cat: softlink.sh: No such file or directory

[root@server199 ks]# ll
total 4
-rw-r--r-- 1 root root 107 Dec 11 18:34 hardlink.sh
lrwxrwxrwx 1 root root   6 Dec 12 18:15 softlink.sh -> sed.sh
[root@server199 ks]#

If you have some more then please share.

!Enjoy Linux
Kuldeep Sharma

Thursday, December 8, 2011

Block Ping Linux

How to block all incoming ping linux

Steps to block:
1)Just edit this file /etc/sysctl.conf
2)Next look for this line:
net.ipv4.icmp_echo_ignore_all

NOTE: if you dont find net.ipv4.icmp_echo_ignore_all then simply added to the last line be sure the the value is equals to 1.
So make it look like this:
net.ipv4.icmp_echo_ignore_all = 1

After that to make changes effective without rebooting run following command:
#sysctl -p

!Enjoy Linux

Kuldeep Sharma

Wednesday, December 7, 2011

tcpdump Packet Analyser some interesting commands

tcpdump command is also called as packet analyzer.


Mr. tcpdump




 tcpdump command will work on most flavors of unix operating system. tcpdump allows us to save the packets that are captured, so that we can use it for future analysis. The saved file can be viewed by the same tcpdump command. We can also use open source software like wireshark to read the tcpdump pcap files.
In this tcpdump tutorial, let us discuss some practical examples on how to use the tcpdump command.

1. Capture packets from a particular ethernet interface using tcpdump -i :

When you execute tcpdump command without any option, it will capture all the packets flowing through all the interfaces. -i option with tcpdump command, allows you to filter on a particular ethernet interface.

[root@server199 ~]# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
13:54:40.373435 IP server199.ssh > openfiler.cst-port: P 2206499536:2206499732(196) ack 474299364 win 17152
13:54:40.373602 IP server199.ssh > openfiler.cst-port: P 196:344(148) ack 1 win 17152
13:54:40.373664 IP openfiler.cst-port > server199.ssh: . ack 196 win 65183
13:54:40.383680 IP server199.ssh > openfiler.cst-port: P 344:556(212) ack 1 win 17152
13:54:40.383766 IP server199.ssh > openfiler.cst-port: P 556:688(132) ack 1 win 17152
13:54:40.383796 IP server199.ssh > openfiler.cst-port: P 688:820(132) ack 1 win 17152
13:54:40.384319 IP openfiler.cst-port > server199.ssh: . ack 556 win 64823 
Note: Editcap utility is used to select or remove specific packets from dump file and translate them into a given format

2. Capture only N number of packets using tcpdump -c :

[root@server199 ~]# tcpdump -c 2 -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
13:55:52.542557 IP server199.ssh > openfiler.cst-port: P 2206531760:2206531876(116) ack 474300768 win 17152
13:55:52.542761 IP server199.ssh > openfiler.cst-port: P 116:232(116) ack 1 win 17152
2 packets captured
2 packets received by filter
0 packets dropped by kernel
Note: Mergecap and TShark: Mergecap is a packet dump combining tool, which will combine multiple dumps into a single dump file. Tshark is a powerful tool to capture network packets, which can be used to analyze the network traffic. It comes with wireshark network analyzer distribution.

3. Display Captured Packets in ASCII using tcpdump -A :

[root@server199 ~]# tcpdump -c 2 -A -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
13:57:46.459720 IP server199.ssh > openfiler.cst-port: P 2206533564:2206533760(196) ack 474301600 win 17152
E....M@.@....................ED.P.C.....MJ.Pje. .c...-...(.....f...n.._..p.E%.b/=p
13:57:46.460333 IP openfiler.cst-port > server199.ssh: . ack 196 win 64355
E..(h.@..................ED.....P..c2.........
2 packets captured
2 packets received by filter
0 packets dropped by kernel

Note: Ifconfig command is used to configure network interfaces.

4. Display Captured Packets in HEX and ASCII using tcpdump -XX :

[root@server199 ~]# tcpdump -c 2 -XX -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
13:59:49.457052 IP server199.ssh > openfiler.cst-port: P 2206535128:2206535244(116) ack 474302276 win 17152
        0x0000:  001c c0f8 3f33 001c c0f8 3ea9 0800 4510  ....?3....>...E.
        0x0010:  009c f660 4000 4006 bdcf c0a8 02c7 c0a8  ...`@.@.........
        0x0020:  0204 0016 0e9e 8385 0dd8 1c45 4744 5018  ...........EGDP.
        0x0030:  4300 2a59 0000 c1de 4234 01e9 091c aea1  C.*Y....B4......
        0x0040:  7b6e 8ce8 a715 2061 ff71 d2ca 5c8e 0a16  {n.....a.q..\...
        0x0050:  43c5 fd43 4f92 2828 5bb5 548e e274 679d  C..CO.(([.T..tg.
13:59:49.457362 IP server199.ssh > openfiler.cst-port: P 116:232(116) ack 1 win 17152
        0x0000:  001c c0f8 3f33 001c c0f8 3ea9 0800 4510  ....?3....>...E.
        0x0010:  009c f661 4000 4006 bdce c0a8 02c7 c0a8  ...a@.@.........
        0x0020:  0204 0016 0e9e 8385 0e4c 1c45 4744 5018  .........L.EGDP.
        0x0030:  4300 f842 0000 95c8 c2ab 1ee9 e99d b7a6  C..B............
        0x0040:  87ba fa85 23c7 fb4e 9c70 dc98 0b29 0968  ....#..N.p...).h
        0x0050:  ae08 afcc 49e7 2c8b a13e f294 2d34 2f22  ....I.,..>..-4/"
2 packets captured
2 packets received by filter
0 packets dropped by kernel

5. Capture the packets and write into a file using tcpdump -w :

[root@server199 ~]# tcpdump -w test.pcap -c 2 -XX -i eth1
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2 packets captured
2 packets received by filter
0 packets dropped by kernel

6. Reading the packets from a saved file using tcpdump -r :

[root@server199 ~]# tcpdump -tttt -r test.pcap
reading from file test.pcap, link-type EN10MB (Ethernet)
2011-12-07 14:00:55.509268 IP server199.ssh > openfiler.cst-port: P 2206541352:2206541484(132) ack 474305448 win 17152
2011-12-07 14:00:55.509869 IP openfiler.cst-port > server199.ssh: . ack 132 win 65351

Here -tttt option will show output date wise.

7. Capture packets with IP address using tcpdump -n :

[root@server199 ~]# tcpdump -c 2 -n  -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:03:52.239579 IP 192.168.2.199.ssh > 192.168.2.4.cst-port: P 2206560936:2206561052(116) ack 474312884 win 17152
14:03:52.239638 IP 192.168.2.199.ssh > 192.168.2.4.cst-port: P 116:232(116) ack 1 win 17152
2 packets captured
2 packets received by filter
0 packets dropped by kernel


8. Capture packets with proper readable timestamp using tcpdump -tttt :

[root@server199 ~]# tcpdump -c 2 -tttt  -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:05:11.288023 IP server199.ssh > openfiler.cst-port: P 2206563600:2206563716(116) ack 474314496 win 17152
2011-12-07 14:05:11.288165 IP server199.ssh > openfiler.cst-port: P 116:232(116) ack 1 win 17152
2 packets captured
2 packets received by filter
0 packets dropped by kernel

9. Read packets longer than or less than N bytes :

[root@server199 ~]# tcpdump -c 2 -tttt  -i eth1 greater 100
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:06:18.691421 IP server199.ssh > openfiler.cst-port: P 2206569996:2206570112(116) ack 474317356 win 17152
2011-12-07 14:06:18.691579 IP server199.ssh > openfiler.cst-port: P 116:232(116) ack 1 win 17152
2 packets captured
2 packets received by filter
0 packets dropped by kernel
 [root@server199 ~]# tcpdump -c 2 -tttt  -i eth1 less 50
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:09:48.091340 arp reply server199 is-at 00:1c:c0:f8:3e:a9 (oui Unknown)
2011-12-07 14:10:16.094128 arp reply server199 is-at 00:1c:c0:f8:3e:a9 (oui Unknown)
2 packets captured
5 packets received by filter
0 packets dropped by kernel

10. Receive only the packets of a specific protocol type :

You can receive the packets based on the protocol type. You can specify one of these protocols — fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. The following example captures only arp packets flowing through the eth0 interface.

[root@server199 ~]# tcpdump -c 2 -tttt  -i eth1 udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:08:03.755831 IP server199.43143 > 202.138.97.193.domain:  9720+ AAAA? www.desimusic.com. (35)
2011-12-07 14:08:03.776733 IP server199.35734 > 202.138.97.193.domain:  20852+ PTR? 193.97.138.202.in-addr.arpa. (45)
2 packets captured
5 packets received by filter
0 packets dropped by kernel

11. Receive packets flows on a particular port using tcpdump port :

If you want to know all the packets received by a particular port on a machine, you can use tcpdump command as shown below.

[root@server199 ~]# tcpdump -c 2 -tttt  -i eth1 port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:11:04.494260 IP server199.ssh > openfiler.cst-port: P 2206581484:2206581680(196) ack 474322660 win 17152
2011-12-07 14:11:04.494604 IP openfiler.cst-port > server199.ssh: . ack 196 win 65535
2 packets captured
6 packets received by filter
0 packets dropped by kernel 

12. Capture packets for particular destination IP and Port

The packets will have source and destination IP and port numbers. Using tcpdump we can apply filters on source or destination IP and port number. The following command captures packets flows in eth1, with a particular destination ip and port number 22.
 [root@server199 ~]# tcpdump -c 2 -n -tttt  -i eth1 dst 192.168.2.4 and port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2011-12-07 14:12:15.542430 IP 192.168.2.199.ssh > 192.168.2.4.cst-port: P 2206587440:2206587556(116) ack 474326612 win 17152
2011-12-07 14:12:15.542499 IP 192.168.2.199.ssh > 192.168.2.4.cst-port: P 116:232(116) ack 1 win 17152
2 packets captured
2 packets received by filter
0 packets dropped by kernel

13. Capture TCP communication packets between two hosts: 

If two different process from two different machines are communicating through tcp protocol, we can capture those packets using tcpdump as shown below.

[root@server199 ~]# tcpdump -c 2 -w comm.pcap -i eth1 dst 192.168.2.4 and port 22
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
2 packets captured
4 packets received by filter
0 packets dropped by kernel 

14. tcpdump Filter Packets – Capture all the packets other than arp and rarp:

In tcpdump command, you can give “and”, “or” and “not” condition to filter the packets accordingly.
[root@server199 ~]# tcpdump -i eth1 not arp and not rarp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:18:45.414205 IP server199.ssh > openfiler.cst-port: P 2206634628:2206634824(196) ack 474348588 win 17152
14:18:45.414821 IP openfiler.cst-port > server199.ssh: . ack 196 win 64195
14:18:45.567644 IP server199.ssh > openfiler.cst-port: P 196:344(148) ack 1 win 17152
14:18:45.567712 IP server199.ssh > openfiler.cst-port: P 344:460(116) ack 1 win 17152
14:18:45.567781 IP server199.ssh > openfiler.cst-port: P 460:592(132) ack 1 win 17152
14:18:45.568467 IP openfiler.cst-port > server199.ssh: . ack 460 win 65535

!Enjoy working with tcpdump Packaet Analyser
A Special Thanks to The Geek Stuff Admin.
Kuldeep Sharma

 



Friday, December 2, 2011

Renaming Multiple files at Once

 Renaming Multiple files at Once
#for i in *.arc;
  do
        mv "$i" "${i/.arc}".dbf;
   done

This is just simple one. There are lots of ways to do same task. I will come with those very soon,


!Enjoy Linux

Kuldeep Sharma