|
tcpdump-practical approach |
 |
 |
 |
|
Written by Administrator
|
|
Monday, 02 August 2010 05:17 |
|
tcpdump is a common command line packet analyzer.It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
tcpdump works on most UNIX like operating systems.
USAGE:
#tcpdump –Display standard tcpdump output
#tcpdump -v ,-vv, -vvv –Display more detailed output.
#tcpdump -D –Display available network interfaces for capturing
#tcpdump -n –To display with out resolving host names(Display Ip address)
#tcpdump -nn –To display with out resolving hostnames and ports.
#tcpdump -q –Display quick output
#tcpdump -i eth0 –Capture traffic of interface eth0 only
#tcpdump src 192.168.0.195 and dst 192.168.0.10 and port 8888 –Display traffic through port 8888 from 192.168.0.195 to 192.168.0.10 #tcpdump tcp –Capture tcp traffic.
#tcpdump port http –Capture traffic through http port(80).
#tcpdump -c 50 –Capture 50 packets.
#tcpdump host www.coretimer.com –Display packets to or from www.coretimer.com.
#tcpdump -A –Display the content of captured packets.
#tcpdump -X –print the packet’s contents in both hex and ASCII.
#tcpdump -S –Print absolute sequence numbers along with the output.
#tcpdump -e –Gets Ethernet header also.
#tcpdump -E –Decrypt IPSEC traffic with encryption key.
#tcpdump src 192.168.0.10 –Display traffic from 192.168.0.10
#tcpdump dst 192.168.0.10 –Display traffic to 192.168.0.195
#tcpdump portrange 21-23 –Print the traffic in the specified port range.
#tcpdump less 300 –Display packet size below or greater 300 bytes
#tcpdump greater 300
#tcpdump -w test.log –Capture the packets to a file test.log
#tcpdump -r test.log –To read the captured packets from file test.log
#tcpdump ‘tcp[13] & 16 != 0′ –To capture ACK packets only
Source: http: www.coretimer.com
|
|
|
Create Logical volume (LVM2) |
|
|
|
|
First we need to find out which disks and partitions are being used. So we could use the following commands
#df -h [This will display which partitions are being used]
#fdisk -l [This will show which disks are being used and disks that are not mounted.]
Now we can start the lvm implementation,we have two unused partitions /dev/sda3 and /dev/sda4
In logical volume creation,need to the following sequence - create physical volume
- create volume group
- create logical volume
1.Create physical volume
#pvcreate /dev/sda3
#pvcreate /dev/sda4
Verify the volumes with pvdisplay command
#pvdisplay
2.Create volume group
#vgcreate test_volume /dev/sda3 /dev/sda4
#vgchange -a y test_volume [To activate the volume]
Verify the group with vgdisplay |
|
Read more...
|
|
Virtusertable configuration in sendmail |
|
|
|
|
virtusertable is used to do aliases to virtual domains hosted on the same server.
In this case we use mail1.domain.org as main host and mail2.domain.org as virtual host.
Before creating virtusertable mapping ,you need to create a file virtusertable in /etc/mail/.In virtusertable each entry should be a single line.The entry in left hand side denotes the original recipient address.And the right hand side entry denotes the mapping address.
Here is the sample of virtusertable
This e-mail address is being protected from spambots, you need JavaScript enabled to view it
john
This e-mail address is being protected from spambots, you need JavaScript enabled to view it
David The original recipient address is the email address that people will send messages to.The mapping address should be a local user or a remote email address.After making changes to virtusertable ,you need to create a db file that sendmail will read.The following command is used to map the virtusertable to sendmail.So this command will create virtusertable.db in /etc/mail/ |
|
Read more...
|
|
|
Required packages
mrtg-2.10.15-1.i386.rpm
net-snmp
net-snmp-utils Prerequisite: snmp should be configured and running
Change the permissions of the directory #chmod 777 /var/www/mrtg
Generate a configuration file #cfgmaker --output=/etc/mrtg/mrtg.cfg -ifref=ip --global
"workdir: /var/www/mrtg" --global 'options[_]: growright,bits'
This e-mail address is being protected from spambots, you need JavaScript enabled to view it
Edit the configuration file and make the necessary changes. #vi /etc/mrtg/mrtg.cfg
|
|
Read more...
|
|
How to view and check who currently login using SSH |
|
|
|
|
This could be viewed by the following procedure.
lsof command is used to list open files like disk files, pipes, network sockets and devices opened by all processes.So we are using this concept to view ssh connections to our machine. Commands used are : #lsof -i :22 OR #lsof -i :ssh OR #lsof |grep :ssh All these commands will display the active ssh connections to our machine as shown below COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME sshd 1892 root 3u IPv6 4966 TCP *:ssh (LISTEN) sshd 14382 root 3r IPv4 56404 TCP 192.168.0.195:ssh->192.168.0.57:directvdata (ESTABLISHED) |
|
Read more...
|
|
|
|
|
|
|
Page 1 of 8 |
