$ netstat -tanup or if you just want tcp services $ netstat -tanp or $ netstat -ap|grep LISTEN|less This can be helpful to determine the services running. Need stats on dropped UDP packets? $ netstat -s -u or TCP $ netstat -s -t or summary of everything $ netstat -s or looking for error rates on the interface? $ netstat -i Listening interfaces? $ netstat -l
Red Hat, Fedora, Gnome, KDE, MySQL, PostgreSQL, PostGIS, Slony, Zarafa, Scalix, SugarCRM, vtiger, CITADEL,OpenOffice, LibreOffice,Wine, Apache, hadoop, Nginx Drupla, Joomla, Jboss, Wordpress, WebGUI, Tomcat, TiKi WiKi, Wikimedia, SpamAssassin, ClamAV, OpenLDAP, OTRS, RT, Samba, Cyrus, Dovecot, Exim, Postfix, sendmail, Amanda, Bacula, DRBD, Heartbeat, Keepalived, Nagios, Zabbix, Zenoss,
Monday, October 18, 2010
What Network Services are Running
awk - common awk commands.
Find device names "sd" or with major number 4 and device name "tty". Print the record number NR, plus the major number and minor number. $ awk '$2 == "sd"||$1 == 4 && $2 == "tty" { print NR,$1,$2}' /proc/devices Find device name equal to "sound". $ awk '/sound/{print NR,$1,$2}' /proc/devices Print the 5th record, first field, in file test $ awk 'NR==5{print $1}' test Print a record, skip 4 records, print a record etc from file1 $ awk '(NR-1) % 4 == 0 {print $1}' file1 Print all records except the last one from file1 $ tac file1|awk 'NR > 1 {print $0}'|tac Print A,B,C ..Z on each line, cycling back to A if greater than 26 lines $ awk '{ print substr("ABCDEFGHIJKLMNOPQRSTUVWXYZ",(NR-1)%26+1,1),$0}' file1 Number of bytes in a directory. $ ls -l|awk 'BEGIN{ c=0}{ c+=$5} END{ print c}' Remove duplicate, nonconsecutive line. As an advantage over "sort|uniq" you can eliminate duplicate lines in an unsorted file. $ awk '! a[$0]++' file1 Or the more efficient script $ awk '!($0 in a) {a[$0];print}' file1 Print only the lines in file1 that have 80 characters or more $ awk 'length < 80' file1 Print line number 25 on an extremely large file -- note it has to be efficient and exit after printing line number 25. $ awk 'NR==25 {print; exit}' verybigfile
Using the "find" Command.
List only directories, max 2 nodes down that have "net" in the name $ find /proc -type d -maxdepth 2 -iname '*net*' Find all *.c and *.h files starting from the current "." position. $ find . \( -iname '*.c' -o -iname '*.h' \) -print Find all, but skip what's in "/CVS" and "/junk". Start from "/work" $ find /work \( -iregex '.*/CVS' -o -iregex '.*/junk' \) -prune -o -print Note -regex and -iregex work on the directory as well, which means you must consider the "./" that comes before all listings. Here is another example. Find all files except what is under the CVS, including CVS listings. Also exclude "#" and "~". $ find . -regex '.*' ! \( -regex '.*CVS.*' -o -regex '.*[#|~].*' \) Find a *.c file, then run grep on it looking for "stdio.h" $ find . -iname '*.c' -exec grep -H 'stdio.h' {} \; sample output --> ./prog1.c:#include./test.c:#include Looking for the disk-hog on the whole system? $ find / -size +10000k 2>/dev/null Looking for files changed in the last 24 hours? Make sure you add the minus sign "-1", otherwise, you will only find files changed exactly 24 hours from now. With the "-1" you get files changed from now to 24 hours. $ find . -ctime -1 -printf "%a %f\n" Wed Oct 6 12:51:56 2010 . Wed Oct 6 12:35:16 2010 Linux_and_Open_Source.txt Or if you just want files. $ find . -type f -ctime -1 -printf "%a %f\n" Details on file status change in the last 48 hours, current directory. Also note "-atime -2"). $ find . -ctime -2 -type f -exec ls -l {} \; NOTE: if you don't use -type f, you make get "." returned, which when run through ls "ls ." may list more than what you want. Also you may only want the current directory $ find . -ctime -2 -type f -maxdepth 1 -exec ls -l {} \; To find files modified within the last 5 to 10 minutes $ find . -mmin +5 -mmin -10
Monitor all Network Traffic Except Your Current ssh Connection
$ tcpdump -i eth0 -nN -vvv -xX -s 1500 port not 22 Or to filter out port 123 as well getting the full length of the packet (-s 0), use the following: $ tcpdump -i eth0 -nN -vvv -xX -s 0 port not 22 and port not 123 Or to filter only a certain host say 192.168.158.205 $ tcpdump -i eth0 -nN -vvv -xX port not 22 and host 192.168.158.205 Just want ip addresses and a little bit of data, then, use this. The "-c 20" is to stop after 20 packets. $ tcpdump -i eth0 -nN -s 1500 port not 22 -c 20 If you're looking for sign of DOS attacks, the following show just the SYN packets on all interfaces: $ tcpdump 'tcp[13] & 2 == 2'
Subscribe to:
Posts (Atom)