Category Archives: command

tcpdump

tcpdump

tcpdump [ -AdDefIKlLnNOpqRStuUvxX ] [ -B buffer_size ] [ -c count ]
[ -C file_size ] [ -G rotate_seconds ] [ -F file ]
[ -i interface ] [ -m module ] [ -M secret ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ]
[ -E spi@ipaddr algo:secret,… ]
[ -y datalinktype ] [ -z postrotate-command ] [ -Z user ]
[ expression ]

Command Line Options
-A Print frame payload in ASCII
-c <count> Exit after capturing count packets
-D List available interfaces
-e Print link-level headers
-F <file> Use file as the filter expression
-G <n> Rotate the dump file every n seconds
-i <iface> Specifies the capture interface
-K Don’t verify TCP checksums
-L List data link types for the interface
-n Don’t convert addresses to names
-p Don’t capture in promiscuous mode
-q Quick output
-r <file> Read packets from file
-s <len> Capture up to len bytes per packet
-S Print absolute TCP sequence numbers
-t Don’t print timestamps
-v[v[v]] Print more verbose output
-w <file> Write captured packets to file
-x Print frame payload in hex
-X Print frame payload in hex and ASCII
-y <type> Specify the data link type
-Z <user> Drop privileges from root to user

EXAMPLES

To print all packets arriving at or departing from sundown:

tcpdump host sundown

To print traffic between helios and either hot or ace:

tcpdump host helios and \( hot or ace \)

To print all IP packets between ace and any host except helios:

tcpdump ip host ace and not helios

To print all traffic between local hosts and hosts at Berkeley:

tcpdump net ucb-ether

To print all ftp traffic through internet gateway snup: (note that the expression is quoted to prevent the shell from (mis-)interpreting the parentheses):

tcpdump 'gateway snup and (port ftp or ftp-data)'

To print traffic neither sourced from nor destined for local hosts (if you gateway to one other net, this stuff should never make it onto your local net).

tcpdump ip and not net localnet

To print the start and end packets (the SYN and FIN packets) of each TCP conversation that involves a non-local host.

tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net localnet'

To print all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for example, SYN and FIN packets and ACK-only packets. (IPv6 is left as an exercise for the reader.)

tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

To print IP packets longer than 576 bytes sent through gateway snup:

tcpdump 'gateway snup and ip[2:2] > 576'

To print IP broadcast or multicast packets that were not sent via Ethernet broadcast or multicast:

tcpdump 'ether[0] & 1 = 0 and ip[16] >= 224'

To print all ICMP packets that are not echo requests/replies (i.e., not ping packets):

tcpdump 'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply'
Advertisements

Bigpipe vs TMSH

Important things to remember when examining commands in tmsh:

  • show (usually) provides just the statistical information, with configuration parameters present to provide a level of disambiguation.
  • list provides configuration information, but just variations from the default. For example, “list /ltm nat 192.0.2.1” will only show the “originating-address” information
  • all-properties extends a “list” command to show every configuration option, not just the variations from default.

DESCRIPTION

bigpipe command tmsh Command Comment
b arp show show /net arp all
b arp all delete tmsh delete /net arp all
b class DATA-GROUP mode read modify ltm data-group DATA-GROUP access-mode read-only
b class show show running-config /ltm data-group
b cluster show show /sys cluster all-properties
b config load file.ucs load /sys ucs file.ucs
b config save file.ucs save /sys ucs file.ucs
b config sync run /cm config-sync from-group/to-group DEVICEGROUPNAME
b conn show show /sys connection
b conn show all show /sys connection all-properties Show all connection table properties
b conn ss server node-ip:node-port delete delete /sys connection ss-server-addr node-ip ss-server-port node-port Delete connection table entries for node-ip node-port
b daemon list list /sys daemon-ha all-properties
b db < key name > < value > modify /sys db < key name > value < value > Modify database values
b db Platform.PowerSupplyMonitor disable tmsh modify sys db platform.powersupplymonitor value disable Disables PSU alert if only one PSU in use on Dual PSU system
b db show show running-config /sys db -hidden all-properties
b export my.config.scf save /sys scf my.config.scf v10.x only
b export my.config.scf save /sys config file my.config.scf tar-file my.config.tar v11.0+
b failover standby run /sys failover standby v11+
b fo show show /sys failover
b fo standby run /util bigpipe fo standby v10+
b ha table show /sys ha-status all-properties
b hardware baud rate modify /sys console baud-rate v10: sol10621 | v11: sol13325
b ha table show show /sys ha-status all-properties
b httpd list list /sys httpd To list httpd configuration.
b import my.config.scf load /sys scf my.config.scf v10.x only
b import my.config.scf load /sys config file my.config.scf tar-file my.config.tar v11.0+
b interface show -j show /net interface -hidden all-properties -hidden is not tab completable, but should be shown in the command output on iHealth.
b load load sys config partitions all
b merge load /sys config merge Added in v11. In v10 use bigpipe
b merge /path/to/file.txt tmsh load /sys config file /path/to/file.txt merge Merge a file into the BIG-IP configuration. Added in v11. In v10, use bigpipe
b mgmt show show running-config /sys management-ip
b monitor show show running-config /ltm monitor (?)
b nat show show /ltm nat all or list /ltm nat all-properties The two tmsh commands are required here since b nat show will list the unit preference and ARP status. Statistical information is shown via “show” while configuration information is shown via “list”.
b node all monitor show list ltm node monitor
b node show show /ltm node
b ntp servers 10.10.10.10 modify sys ntp servers add { 10.10.10.10 }
b packet filter all show show /net packet-fliter
b partition list auth partition no “show” command yet, list will only show written partitions
b persist tmsh show ltm persistence persist-records
b platform show /sys hardware
b pool list list /ltm pool
b pool show show /ltm pool members
b profile access all stats
b profile auth all show all show /ltm auth profile all The tmsh auth command does not display associated OCSP information shown by bigpipe.
b profile http ramcache show show /ltm profile http
b profile http stats show /ltm profile http
b profile ssl stats show /ltm profile ssl
b profile persist profile_name list all tmsh list ltm persistence profile_name all-properties
b profile tcp show show /ltm profile tcp
b profile tcp stats show /ltm profile tcp
b profile udp show show /ltm profile udp
b profile udp stats show /ltm profile udp
b profile xml show show /ltm profile xml
b reset load / sys default-config v10.x
b reset load / sys config default v11.x
b route show show /net route all
b rule < rule > show all show /ltm rule < rule >
b rule show show /ltm rule all
b rule stats reset reset-stats /ltm rule < rule >
b save save sys config partitions all
b self show show running-config /net self
b snat show /ltm snat
b snatpool show show /ltm snatpool
b software show sys software
b software desired install sys software image NAME volume HDX.Y reboot
b software desired install sys software image NAME create-volume volume HDX.Y v11.0+ : Creates volume and installs software. (Cannot create empty volumes in v11)
b software desired install sys software hotfix NAME volume HDX.Y Installs desired Hotfix to the specified Volume.
b stp show show running-config /net stp all-properties
b syslog list all list sys syslog all-properties
b syslog remote server none modify sys syslog remote-servers none
b syslog remote server test-srv host 192.168.206.47 modify sys syslog remote-servers add {test-srv{host 192.168.206.47}} You can append “remote-port 517” for example to the end of the command to specify the port
b syslog remote server test-srv local ip 172.28.72.90 modify sys syslog remote-servers modify {test-srv{local-ip 172.28.72.90}} The self ip must be non-floating
b system hostname modify sys global-settings hostname NEWHOST.EXAMPLE.COM
b trunk show -j show /net trunk -hidden all
b trunk all lacp show show /net trunk detail
b unit show
b verify load load sys config verify
b version show /sys version Takes grep (but not “head” as in “b version |head”) – for example, grep on build: tmsh show sys version |grep -i build
b virtual address show show /ltm virtual-address all-properties “show” does not show the objects used by the virtual, and list does not show statistics.
b virtual all show all show /ltm virtual all-properties or list /ltm virtual all-properties “show” does not show the objects used by the virtual, and list does not show statistics.
b vlan all show all -j show /net vlan -hidden
b vlangroup all show all show /net vlan-group all
bigstart status|start|stop|restart SERVICE_NAME show|start|stop|restart sys service SERVICE_NAME
bpsh (?) load sys config from-terminal merge Merge config from interactive shell. Paste/type the config objects you want to add. Then type Ctrl+d to complete the submission or Ctrl+c to cancel the input. Added in v11.0.

Linux Commands (Commands only accessible from the CLI)

Linux Command tmsh Comment
arp -an run /util bash -c “arp -an”
crontab -l run /util bash -c “crontab -l”
date run /util bash -c “date”
df -h run /util bash -c “df -h”
df -i run /util bash -c “df -i”
df -ik run /util bash -c “df -ik”
eud_info (version) run /util bash -c “eud_info (version)”
free run /util bash -c “free”
grub default -d run /util bash -c “grub default -d”
grub default -l run /util bash -c “grub default -l”
halid run /util bash -c “halid”
hsb snapshot (version) run /util bash -c “hsb snapshot (version)”
ifconfig -a run /util bash -c “ifconfig -a”
interrupts run /util bash -c “interrupts”
ip -f dnet addr show run /util bash -c “ip -f dnet addr show”
ip -f inet addr show run /util bash -c “ip -f inet addr show”
ip -f inet link show run /util bash -c “ip -f inet link show”
ip -f inet neigh show run /util bash -c “ip -f inet neigh show”
ip -f inet route show run /util bash -c “ip -f inet route show”
ip -f inet rule show run /util bash -c “ip -f inet rule show”
ip -f inet tunnel show run /util bash -c “ip -f inet tunnel show”
ip -f inet6 addr show run /util bash -c “ip -f inet6 addr show”
ip -f inet6 link show run /util bash -c “ip -f inet6 link show”
ip -f inet6 neigh show run /util bash -c “ip -f inet6 neigh show”
ip -f inet6 route show run /util bash -c “ip -f inet6 route show”
ip -f inet6 tunnel show run /util bash -c “ip -f inet6 tunnel show”
ip -f ipx addr show run /util bash -c “ip -f ipx addr show”
ip -f link addr show run /util bash -c “ip -f link addr show”
ip -f link link show run /util bash -c “ip -f link link show”
ip -f link neigh show run /util bash -c “ip -f link neigh show”
ip -f link route show run /util bash -c “ip -f link route show”
ls -las /var/local/ucs run /util bash -c “ls -las /var/local/ucs”
ls -lasLR /dev/mprov/ run /util bash -c “ls -lasLR /dev/mprov/”
ls -lasLR /var/core run /util bash -c “ls -lasLR /var/core”
ls -lasR /boot run /util bash -c “ls -lasR /boot”
ls -lasR /hotfix run /util bash -c “ls -lasR /hotfix”
lsof -n run /util bash -c “lsof -n”
meminfo run /util bash -c “meminfo”
mount run /util bash -c “mount”
netstat -nge run /util bash -c “netstat -nge”
netstat -ni run /util bash -c “netstat -ni”
netstat -pan run /util bash -c “netstat -pan”
netstat -sa run /util bash -c “netstat -sa”
ntpdc -n -c peer 127.0.0.1 run /util bash -c “ntpdc -n -c peer 127.0.0.1”
ntpq -pn run /util bash -c “ntpq -pn”
pci run /util bash -c “pci”
pstree run /util bash -c “pstree”
qkview run /util qkview
rpm -qa run /util bash -c “rpm -qa”
switchboot -l run /util bash -c “switchboot -l” Or use: /sys reboot volume < volume >
sysctl run /util bash -c “sysctl”
top run /util bash -c “top”
vmstat run /util bash -c “vmstat”
who -aH run /util bash -c “who -aH”

https://devcentral.f5.com/wiki/TMSH.BigpipeMappings.ashx

Connect to CISCO router under Fedora

Today I will explain how to connect to a Cisco router with USB to DB9 converter in Fedora. You can use this to connect to a switch, firewall or another kind of device in which you use this cable an a terminal connection.

Scenario:

Machine: Dell Laptop without serial port OS: Fedora 12

Router: Cisco 2524 IOS: 11.1

Cable: RJ-45 to DB-9 female (management cable)

Converter: USB to DB9

Fist, you need a terminal software. Most common is minicom but you can use Putty. Minicom is not so friendly as Putty. I can explain both and then, you can choose 😉

Using minicom

Install as root

[user@localhost ~]$ su
Password:
[root@localhost user]# yum install minicom

Once you have minicom installed, is time to configure the device. Before start minicom you should know in which port is installed. To get that information type:

[root@localhost user]# dmesg | grep tty

You will get something like:

usb 2-2.1: FTDI USB Serial Device converter now attached to ttyUSB0

We know that converter device is in /dev/ttyUSB0. Let’s start minicom with -s option (set-up mode). You only can start with this option as root.

[root@localhost user]# minicom -s

Output:

Surfing throught the menu with the up and down keys, enter in “Serial Port setup” option.

Output:

Typing letters in left side you’ll enter in each option.

Option “E” output:

Once you have configured everything you should save with “Save setup as…” option and put a name. For example: cisco

If you choose Exit you will be directly connected to the router, if not, choose “Exit from minicom” to close down the application.

To start minicom with the configuration previously saved as cisco type as root:

[root@localhost user]# minicom cisco

That’s it!

Using Putty

Too simple.Install putty as root typing:

[user@localhost ~]$ su
Password:
[root@localhost user]# yum install putty

Then, start putty with

[eduardo@localhost ~]$ putty

Output:

Configure serial port as before with:

[root@localhost user]# dmesg | grep tty

You will get something like:

usb 2-2.1: FTDI USB Serial Device converter now attached to ttyUSB0

In serial box type:

/dev/ttyUSB0

In speed box type:

9600

done!

Linux Commands II

If you want a good manual with unix commands, you have two options:

1st – A small and quick manual within no more than 5 pages

2nd- A list of all kind of linux commands in a book or pdf with 300 pages or more.

If you choose first option and you use all commands in the list, you will get know in a week because of use.

My point of view is: I like a book with thousands of commands with each explanation to review. I will never know all commands. It is stupid to know all ones when you have a good help and the most known search engine website 😉 Anyway, if you want to be a good administrator, you should know a long list. Each command have a list of options that you can check with:

[user@localhost ~]$ help {command}

or

[user@localhost ~]$ man {command}

That is the reason because  is not mandatory to know all commands within options.

In this post, I will  put some interesting commands.

TOP – Command to know the CPU usage. It displays a listing of the most CPU intensive tasks on the system.

Tasks: 193 total,   1 running, 192 sleeping,   0 stopped,   0 zombie

Cpu(s):  1.8%us,  1.5%sy,  0.0%ni, 96.6%id,  0.0%wa,  0.2%hi,  0.0%si,  0.0%st

Mem:   2060700k total,  1849668k used,   211032k free,    58676k buffers

Swap:  4194292k total,       20k used,  4194272k free,  1187076k cached


PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND

2658 eduardo   20   0  129m  24m  16m S  2.3  1.2   2:42.51 chrome

3321 eduardo   20   0  354m 112m  24m S  1.7  5.6   2:10.95 firefox

1625 root      20   0 98412  62m  17m S  1.0  3.1  63:29.99 Xorg

4421 root      20   0  2556 1104  824 R  0.7  0.1   0:00.30 top

3658 eduardo   20   0  115m  25m  13m S  0.3  1.3   0:09.74 chrome

3723 eduardo   20   0 48832  12m 9212 S  0.3  0.6   0:06.31 gnome-terminal

1 root      20   0  2024  780  580 S  0.0  0.0   0:01.14 init

2 root      20   0     0    0    0 S  0.0  0.0   0:00.00 kthreadd

3 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/0

4 root      20   0     0    0    0 S  0.0  0.0   0:00.16 ksoftirqd/0

5 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 watchdog/0

6 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/1

7 root      20   0     0    0    0 S  0.0  0.0   0:00.66 ksoftirqd/1

8 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 watchdog/1

9 root      20   0     0    0    0 S  0.0  0.0   0:00.11 events/0

10 root      20   0     0    0    0 S  0.0  0.0   0:01.25 events/1

11 root      20   0     0    0    0 S  0.0  0.0   0:00.00 cpuset

12 root      20   0     0    0    0 S  0.0  0.0   0:00.00 khelper

13 root      20   0     0    0    0 S  0.0  0.0   0:00.00 netns

14 root      20   0     0    0    0 S  0.0  0.0   0:00.00 async/mgr

15 root      20   0     0    0    0 S  0.0  0.0   0:00.00 pm

PS – Reports the process status. This command typed alone show you the current running processes.

[user@localhost ~]$ ps
PID TTY          TIME CMD
3725 pts/0    00:00:00 bash
3743 pts/0    00:00:00 ps

Adding the following options, you can get the top 5 CPU users

[user@localhost ~]$ ps -eo pcpu,pid,user,args | sort -k 1 -r | head -5

%CPU   PID USER     COMMAND

62.4  2538 user  vinagre

4.8  2997 user  rhythmbox

31.6  1625 root     /usr/bin/Xorg :0 -nr -verbose -auth /var/run/gdm/auth-for-gdm-LC90Bs/database -nolisten tcp vt1

2.8  3321 user  /usr/lib/firefox-3.5/firefox http://www.google.com

MPSTAT – Display the unilization of each CPU individually.

[root@localhost user]# mpstat

Linux 2.6.32.12-115.fc12.i686 (localhost.localdomain) 05/27/2010 _i686_ (2 CPU)


11:21:15 PM  CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest   %idle

11:21:15 PM  all   32.00    0.34   16.37    0.66    0.07    2.06    0.00    0.00   48.51

This command display activities for each available processor and can be used on SMP(Multiple CPU) and UP machines, but in the latter, only global average activities will be printed:
[root@localhost user]# mpstat -P ALL
Linux 2.6.32.12-115.fc12.i686 (localhost.localdomain) 05/27/2010 _i686_ (2 CPU)

11:23:43 PM  CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest   %idle
11:23:43 PM  all   32.06    0.33   16.44    0.65    0.07    2.08    0.00    0.00   48.37
11:23:43 PM    0   48.16    0.37   14.58    0.82    0.05    1.24    0.00    0.00   34.77
11:23:43 PM    1   17.44    0.30   18.13    0.49    0.08    2.83    0.00    0.00   60.73
IOSTAT – Display CPU statistics and in/out statistics for devices and partitions. Useful to know your CPU utilization since the last reboot.
[root@localhost user]# iostat
Linux 2.6.32.12-115.fc12.i686 (localhost.localdomain) 05/27/2010 _i686_ (2 CPU)
avg-cpu:  %user   %nice %system %iowait  %steal   %idle
32.17    0.32   18.63    0.64    0.00   48.24
Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
sda               4.77       149.94       347.32    1680964    3893686
sdb               0.03         0.87         0.00       9782          1
VMSTAT – Reports information about processes, memory, paging, block IO, traps, and cpu activity.

[root@localhost user]# vmstat 3
procs ———–memory———- —swap– —–io—- –system– —–cpu—–
r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
2  0    548  52268  55060 1212524    0    0    37    81  955 1157 32 18 48  1  0
2  0    548  54620  55464 1209524    0    0   252  4275 1769 1565 24  4 52 20  0
1  0    548  54224  55548 1204264    0    0    37  3940 1624 1536 20  4 60 15  0
1  0     20  52704  55600 1201252   45    0   145  3536 1258 1306  7  5 60 28  0
TCPDUMP – Dump traffic no a network
[root@localhost user]# tcpdump ‘tcp port pop3’ tcpdump: verbose output suppressed, use -v or -vv for
full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

NETSTAT – Ddisplays network connections, routing tables, interface statistics, masquerade

connections, and multicast memberships. Output of this command can be too long, but you can
put some options to get a short result like:
[root@localhost user]# netstat -nat | awk ‘{print $6}’ | sort | uniq -c | sort -n
1 established)
1 ESTABLISHED
1 Foreign
1 TIME_WAIT
10 LISTEN
51 CLOSE_WAIT
Sources:

Linux commands “a”

These are the most common bash commands in linux. Some of them, depending of the distribution can´t be available or have been replaced for another ones.
adduser Add a user to the system

* Command is Centos: # useradd <username>
This command create a user locked. To unlock the user add passwd <password>
* Command in Debian: # adduser <username>

addgroup Add a group to the system
alias    Create an alias. It´s useful when you use commands with options

* Example: # alias ls=’ls -l’ From now, when you type ‘ls’  is like ‘ls -l’

apropos Search Help manual pages. Same as # man -k
apt-get Search for and install software packages (Debian)
Interesting command. This command allow you
update – Download new list of apps
upgrade – Upgrade the app
install – Install new packages
remove – Remove packages
purge  – Delete and purge packages
source – Download font sources
build-dep – Configure build dependencies of font packages
dist-upgrade – Upgrade the distribution
clean – Delete downloaded files
autoclean – Delete old downloaded files
check – Check in fulfill dependencies
awk Find and Replace text, database sort/validate/index