Network/Tools

From LunaSys
Revision as of 15:07, 25 March 2012 by Eadam (talk | contribs)
Jump to navigation Jump to search

Scripts

br0 creation from eth0

#!/bin/bash

#CFGPATH=/etc/sysconfig/network-scripts
CFGPATH=/root
REFCFGPATH=/root

if [ ! -f "$REFCFGPATH/ifcfg-eth0.ref" ]; then
  cp $CFGPATH/ifcfg-eth0 $REFCFGPATH/ifcfg-eth0.ref
fi

grep -E '(DEVICE|HWADDR|ONBOOT)' $REFCFGPATH/ifcfg-eth0.ref > $CFGPATH/ifcfg-eth0
echo "BRIDGE=br0" >> $CFGPATH/ifcfg-eth0

grep -v -E '(HWADDR)' $REFCFGPATH/ifcfg-eth0.ref > $CFGPATH/ifcfg-br0
sed -i 's/eth0/br0/g' $CFGPATH/ifcfg-br0
sed -i 's/BOOTPROTO=none/BOOTPROTO=static/g' $CFGPATH/ifcfg-br0
sed -i 's/TYPE="Ethernet"/TYPE="Bridge"/g' $CFGPATH/ifcfg-br0
sed -i 's/HWADDR=/# HWADDR/g' $CFGPATH/ifcfg-br0


Nice commands

taken from: 

- [1]
- [2]

netstat

useful to find out if your server is under attack or not. You can also list abusive IP address using this method. 

# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Dig out more information about a specific ip address: 

# netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n

To print list of all unique IP address connected to server, enter: 

# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq

If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter: 

# netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

ss

Display Sockets Summary 

# ss -s

Display All Open Network Ports 

# ss -l

Display All TCP Sockets 

# ss -t -a

Display All UDP Sockets 

# ss -u -a

Display All Established SMTP Connections 

# ss -o state established '( dport = :smtp or sport = :smtp )'

Display All Established HTTP Connections 

# ss -o state established '( dport = :http or sport = :http )'

Find All Local Processes Connected To X Server 

# ss -x src /tmp/.X11-unix/*

List all the TCP sockets in state -FIN-WAIT-1 for our httpd to network 202.54.1/24 and look at their timers: 

# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 202.54.1/24

How Do I Filter Sockets Using TCP States? 

## tcp ipv4 ##
ss -4 state FILTER-NAME-HERE
## tcp ipv6 ##
ss -6 state FILTER-NAME-HERE

How Do I Matches Remote Address And Port Numbers? 

ss dst ADDRESS_PATTERN
## Show all ports connected from remote 192.168.1.5##
ss dst 192.168.1.5
## show all ports connected from remote 192.168.1.5:http port##
ss dst 192.168.1.5:http
ss dst 192.168.1.5:smtp
ss dst 192.168.1.5:443
Retrieved from "http://wiki.lunasys.fr/mediawiki/index.php?title=Network/Tools&oldid=90"