Network/Tools

From LunaSys
Revision as of 15:15, 24 April 2012 by Eadam (talk | contribs) (→‎netstat)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Scripts

br0 creation from eth0

#!/bin/bash

CFGPATH=/etc/sysconfig/network-scripts
#CFGPATH=/root
REFCFGPATH=/root

# keep the original
if [ ! -f "$REFCFGPATH/ifcfg-eth0.ref" ]; then
  cp $CFGPATH/ifcfg-eth0 $REFCFGPATH/ifcfg-eth0.ref
fi

# build new eth0
grep -E '(DEVICE|HWADDR|ONBOOT)' $REFCFGPATH/ifcfg-eth0.ref > $CFGPATH/ifcfg-eth0
echo "BRIDGE=br0" >> $CFGPATH/ifcfg-eth0

# build br0
grep -v -E '(HWADDR|UUID)' $REFCFGPATH/ifcfg-eth0.ref | sed 's/eth0/br0/g' | sed 's/BOOTPROTO=["]*none["]*/BOOTPROTO=static/g' | sed 's/TYPE=["]*Ethernet["]*/TYPE="Bridge"/g' | sed 's/NM_CONTROLLED=["a-z]*/NM_CONTROLLED="no"/g' > $CFGPATH/ifcfg-br0

Nice commands

taken from: 

- [1]
- [2]

iptraf

nethogs

netstat

useful to find out if your server is under attack or not. You can also list abusive IP address using this method. 

# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Dig out more information about a specific ip address: 

# netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n

To print list of all unique IP address connected to server, enter: 

# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq

If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter: 

# netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

ss

Display Sockets Summary 

# ss -s

Display All Open Network Ports 

# ss -l

Display All TCP Sockets 

# ss -t -a

Display All UDP Sockets 

# ss -u -a

Display All Established SMTP Connections 

# ss -o state established '( dport = :smtp or sport = :smtp )'

Display All Established HTTP Connections 

# ss -o state established '( dport = :http or sport = :http )'

Find All Local Processes Connected To X Server 

# ss -x src /tmp/.X11-unix/*

List all the TCP sockets in state -FIN-WAIT-1 for our httpd to network 202.54.1/24 and look at their timers: 

# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 202.54.1/24

How Do I Filter Sockets Using TCP States? 

## tcp ipv4 ##
ss -4 state FILTER-NAME-HERE
## tcp ipv6 ##
ss -6 state FILTER-NAME-HERE

How Do I Matches Remote Address And Port Numbers? 

ss dst ADDRESS_PATTERN
## Show all ports connected from remote 192.168.1.5##
ss dst 192.168.1.5
## show all ports connected from remote 192.168.1.5:http port##
ss dst 192.168.1.5:http
ss dst 192.168.1.5:smtp
ss dst 192.168.1.5:443
Retrieved from "http://wiki.lunasys.fr/mediawiki/index.php?title=Network/Tools&oldid=126"