Prakash Sawarkar

Thursday, 14 November 2013

Sun ILOM – T5220, T5240, x4600, X4450 configure

ILOM is an independent system controller providing a command-line interface and web based interface on T-series oracle sun server hardware's like T5120, T5220, T5240, T5440 T3, T-4 servers.It can monitor system temperature,voltages,internal disks, chassis fans,CPU's and power supplies.We can configure ilom with snmp to send hardware alerts.ILOM provides remote system administration and Java web-based console provides much easier than the command line.Another important feature is host control.We can switch on and switch off the system remotely. Here we will see step by step procedure of configuring ILOM:

Step-1.Connect to the ILOM using serial port:
Ensure that the serial port on your connecting device is set to the following.Normally we will use hyper terminal for this.
Parameters:
9600 baudrate
8 bits
No parity
1 stop bit
No handshaking

Establish an ILOM service processor session.See the ILOM user’s guide for instructions.
Type the default user name – root
Type the default password – changeme

Step-2. Set User accounts:
After logging in to ILOM console,creating new account called admin

-> cd /SP/users -> create admin role=administrator Creating user… Created /SP/users/admin -> set root password You will be prompted for a password, change to new password

Step-3. Set SP Hostname:
-> set /SP hostname=’server hostname’-lom Set hostname to ‘server hostname’-lom

Step-4. Set Network time:
> set /SP/clients/ntp/server/1 address=xx.xx.xx.xxx Set ‘address’ to ‘xx.xx.xx.xxx’
-> set /SP/clients/ntp/server/2 address=xx.xx.xx.xxx Set ‘address’ to ‘xx.xx.xx.xxx’ -> show /SP/clients/ntp/server/1 /SP/clients/ntp/server/1 Targets: Properties: address = xx.xx.xx.xxx Commands: cd set show
-> show /SP/clients/ntp/server/2 /SP/clients/ntp/server/2 Targets: Properties: address = xx.xx.xx.xxx Commands: cd set show
-> cd /SP/clock /SP/clock -> set usentpserver=enabled Set ‘usentpserver’ to ‘enabled’ /SP/clock
-> show Targets: Properties: datetime = Sat Sep 28 19:23:41 2013 usentpserver = enabled Commands: cd set show

Step-5. Set Network Configuration:
Connect an Ethernet cable to the network management port.

-> cd /SP/network Refer to CMDB for ipaddress,netmask,gateway
-> set pendingipaddress=nnn.nnn.nnn.nnn -> set pendingipnetmask=xxx.xxx.xxx.xxx
-> set pendingipgateway=ggg.ggg.ggg.ggg -> set pendingipdiscovery=static -> set commitpending=true -> show

Step-6. Set SSH access and HTTP(S):

-> cd /SP/services -> set ssh state=enabled -> set http servicestate=enabled -> set http secureredirect=enabled -> set https servicestate=enabled -> show ssh state /SP/services/ssh Properties: state = enabled -> show http /SP/services/http Targets: Properties: port = 80 secureredirect = enabled servicestate = enabled -> show https /SP/services/https Targets: ssl Properties: port = 443 servicestate = enabled
Now you will able to use system console remotely by using console IP on ssh service and http web service.To access web-based Ilom console,just enter the console IP in browser and access web console.

Monday, 14 October 2013

Install Oracle Java JDK/JRE 7u25 on RHEL/CentOS 6.x/5.x and Fedora 1.x

Most of the Linux operating systems comes with pre-installed OpenJDK package to run java-based applications and plugins. Now, you’re thinking if Java already ships with OS, why we need to install it again?. Yes! right good question, but in certain cases we need Sun/Oracle Java program to compile and run particular development applications. This is the reason we are compiling this article on how to install Sun/Oracle Java JDK /JRE 7u25 on RHEL 6.x/5.8, CentOS 6.x5.8 and Fedora 1.x systems using binary RPM files.
1) Update the system
2) Remove any installed versions
3) Download JAVA JDK6 or JDK7
4) Install JAVA JDK6 or JDK7
5) Set-up JAVA JDK6 or JDK7
6) Confirm JAVA JDK6 or JDK7 installation
7) Post-Installation Setup
Step:-1. The first thing I’ve done was to make sure the CentOS 6 system is fully up-to-date,
# yum update
Step:-2. Once the update completed, I then checked the system for any other installed JAVA packages using:
# rpm -qa | grep -E '^open[jre|jdk]|j[re|dk]'
there was the ‘java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.i686‘ package already installed so I removed it by running:
# yum remove java-1.6.0-openjdk
Step:-3. The next step was to go and download the required JAVA JDK package for the system I was working on. It was a 64 bit CentOS 6 so I needed to get the 64 bit JAVA JDK package from Oracle’s JAVA download page.
Note: that I needed to install an older version of JAVA JDK since it was specific to the software I was setting up.
Download JAVA JDK6 Binary at:
http://www.oracle.com/technetwork/java/javase/downloads/jdk6u35-downloads-1836443.html
Download JAVA JDK7 at:
http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
Step:-4. Once the JAVA JDK package got downloaded I proceeded with installing the package.
A) Installing the JAVA JDK6 package in CentOS 6 set executable bit using:
# chmod +x jdk-6u35-linux-x64-rpm.bin
and installed the JAVA JDK6 package by running:
# ./jdk-6u35-linux-x64-rpm.bin
B) Installing the JAVA JDK7 package in CentOS 6
# rpm -Uvh jdk-7u45-linux-x64.rpm
Step:-5. Once the JAVA JDK package is installed I then needed to configure it on the system using the `alternatives` command. This is in order to tell the system what are the default commands for JAVA. Most _sys_admins_ aren’t aware about this and I think that it is a vital part when setting the JAVA package.
A) Setting up the JAVA JDK6 package
# alternatives --install /usr/bin/java java /usr/java/jdk1.6.0_35/jre/bin/java 20000
# alternatives --install /usr/bin/jar jar /usr/java/jdk1.6.0_35/bin/jar 20000
# alternatives --install /usr/bin/javac javac /usr/java/jdk1.6.0_35/bin/javac 20000
# alternatives --install /usr/bin/javaws javaws /usr/java/jdk1.6.0_35/jre/bin/javaws 20000
After that
# alternatives --set java /usr/java/jdk1.6.0_35/jre/bin/java
# alternatives --set javaws /usr/java/jdk1.6.0_35/jre/bin/javaws
# alternatives --set javac /usr/java/jdk1.6.0_35/bin/javac
# alternatives --set jar /usr/java/jdk1.6.0_35/bin/jar
This set the default commands for JAVA JDK6 and listing the ‘/etc/alternatives/’ directory showed the following:
# ls -lA /etc/alternatives/
total 0
lrwxrwxrwx. 1 root root 29 Feb 22 03:39 jar -> /usr/java/jdk1.6.0_35/bin/jar
lrwxrwxrwx. 1 root root 34 Feb 22 03:39 java -> /usr/java/jdk1.6.0_35/jre/bin/java
lrwxrwxrwx. 1 root root 31 Feb 22 03:39 javac -> /usr/java/jdk1.6.0_35/bin/javac
lrwxrwxrwx. 1 root root 36 Feb 22 03:39 javaws -> /usr/java/jdk1.6.0_35/jre/bin/javaws
B) Setting up the JAVA JDK7 package
# alternatives --install /usr/bin/java java /usr/java/jdk1.7.0_45/jre/bin/java 20000
# alternatives --install /usr/bin/jar jar /usr/java/jdk1.7.0_45/bin/jar 20000
# alternatives --install /usr/bin/javac javac /usr/java/jdk1.7.0_45/bin/javac 20000
# alternatives --install /usr/bin/javaws javaws /usr/java/jdk1.7.0_45/jre/bin/javaws 20000
# alternatives --set java /usr/java/jdk1.7.0_45/jre/bin/java
# alternatives --set javaws /usr/java/jdk1.7.0_45/jre/bin/javaws
# alternatives --set javac /usr/java/jdk1.7.0_45/bin/javac
# alternatives --set jar /usr/java/jdk1.7.0_45/bin/jar
This set the default commands for JAVA JDK7 and listing the ‘/etc/alternatives/’ directory showed the following
# ls -lA /etc/alternatives/
total 0
lrwxrwxrwx. 1 root root 29 Feb 22 03:39 jar -> /usr/java/jdk1.7.0_45/bin/jar
lrwxrwxrwx. 1 root root 34 Feb 22 03:39 java -> /usr/java/jdk1.7.0_45/jre/bin/java
lrwxrwxrwx. 1 root root 31 Feb 22 03:39 javac -> /usr/java/jdk1.7.0_45/bin/javac
lrwxrwxrwx. 1 root root 36 Feb 22 03:39 javaws -> /usr/java/jdk1.7.0_45/jre/bin/javaws
Step:-6. Finally I verified the installed version of JAVA via:
# java -version
java version "1.6.0_35"
Java(TM) SE Runtime Environment (build 1.6.0_35-b10)
Java HotSpot(TM) Server VM (build 20.10-b01, mixed mode)
and
# java -version
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
Step:-7) Post-Installation Setup
Add JAVA_HOME environment variable to /etc/profile file or # HOME/.bash_profile file
Java JDK and JRE latest version (/usr/java/latest)
## export JAVA_HOME JDK/JRE ##
export JAVA_HOME="/usr/java/latest"
Java JDK and JRE absolute version (/usr/java/jdk1.7.0_45)
## export JAVA_HOME JDK ##
export JAVA_HOME="/usr/java/jdk1.7.0_45"
## export JAVA_HOME JRE ##
export JAVA_HOME="/usr/java/jre1.7.0_45"
I know this how-to will serve me as a quick reference for installing JAVA in the future and I truly hope this will help someone else too.

Sunday, 18 August 2013

Redo Backup, Recovery Tool to Backup and Restore Systems

Redo Backup and Recovery is so simple that anyone can use it. It is the easiest, most complete disaster recovery solution available. It allows bare-metal restore. Bare metal restore is not only the best solution for hardware failure, it is also the ultimate antivirus: Even if your hard drive melts or gets completely erased by a virus, you can have a completely-functional system back up and running in as little as 10 minutes.

All your documents and settings will be restored to the exact same state they were in when the last snapshot was taken. Redo Backup and Recovery is a live CD, so it does not matter if you use Windows or Linux. You can use the same tool to backup and restore every machine. And because it is open source released under the GPL, it is completely free for personal and commercial use.
Requirements : USB External Storage Device / Hard Drive or shared network drive.

Download the latest version of the Redo Backup live CD.http
http://sourceforge.net/projects/redobackup/ or http://redobackup.org/

After creating ISO CD image, put the CD in and reboot your computer to use Redo Backup. While system is starting you may need to press F8 or F12 keys to boot from the CD-ROM drive.
Click on "Start Redo Backup"

Welcome screen of "Redo Backup" interface

This is the Redo main menu interface. Connect your USB external storage device to your system and then click on the 'Backup or Restore' option.

Click on the 'Backup' button.

Select which parts of the drive to create backup of. Leave all parts selected if you are unsure. Click on "Next".

Select Destination Drive it could be local drive connected to your computer USB storage device or shared network drive. or shared network drive.

Select Backup Destination Drive

Next it will ask you to give unique name for this backup image, such as the “date“. Today’s date is automatically entered for you like “20130950“.
Next it will backing up your system to the location you selected. This may take an hour or more depending on the speed of your computer and the amount of data you have.

That’s it, you successfully created backup image for your computer. If you would like to Restore this image on any other computer follow the same procedure and select “Restore“, then follow on-screen instructions.

When the process has completed, click on the 'OK' button then reboot or power off your system by clicking on the 'Power Off' option.

Sunday, 11 August 2013

Tcpdump Commands – A Network Sniffer Tool

Tcpdump is a most powerful and widely used command-line packets sniffer or package analyzer tool which is used to capture or filter TCP/IP packets that received or transferred over a network on a specific interface. It is available under most of the Linux/Unix based operating systems. tcpdump also gives us a option to save captured packets in a file for future analysis. It saves the file in a pcap format, that can be viewed by tcpdump command or a open source GUI based tool called Wireshark (Network Protocol Analyzier) that reads tcpdump pcap format files.
1 TCPDUMP works in network layer
2 A network packet header consists of sender,destination,state information and other flag informations.
3TCPDUMP only captures the first 96bytes of data from the packet by default.
Most of the linux distributions these days comes preloaded with tcpdump tool. But you need to be root or sudo permissions to run the tool
Packet sniffer tool called tcpdump.Here, we are going to show you how to install tcpdump and then we discuss and cover some useful commands with their practical examples.
Checking if TCPDUMP is already installed on the machine.
# rpm -qa | grep tcpdump
tcpdump-4.0.0-3.20090921gitdf3cb4.2.el6.x86_64
If not then install
# yum install tcpdump
Once tcpdump tool is installed on systems, you can continue to browse following commands with their examples.
1.Capture Packets from Specific Interface
The command screen will scroll up until you interrupt and when we execute tcpdump command it will captures from all the interfaces, however with -i switch only capture from desire interface.
# tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:06:54.730711 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 45175180:45175360, ack 217829, win 41860, length 180
22:06:54.730753 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 45175360:45175620, ack 217829, win 41860, length 260
22:06:54.730799 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 45175620:45175912, ack 217829, win 41860, length 292
22:06:54.730843 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 45175912:45176220, ack 217829, win 41860, length 308
22:06:54.730885 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 45174140, win 63440, length 0
22:06:54.730889 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 45174692, win 62888, length 0
22:06:54.730891 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 45176220:45176528, ack 217829, win 41860, length 308
22:06:54.730892 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 45175180, win 64240, length 0
2. Capture Only N Number of Packets
When you run tcpdump command it will capture all the packets for specified interface, until you Hit cancel button. But using -c option, you can capture specified number of packets. The below example will only capture 5 packets.
# tcpdump -c 5 -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:10:37.385308 IP6 fe80::b947:a4a7:3540:fbd0.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
22:10:37.386857 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 775198156:775198352, ack 2552333147, win 41860, length 196
22:10:37.387109 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 196, win 64240, length 0
22:10:37.387482 IP oracle.microair.in.48204 > google-public-dns-a.google.com.domain: 20907+ PTR? 2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
22:10:37.441122 IP 172.24.0.69.7765 > 255.255.255.255.7765: UDP, length 92
5 packets captured
51 packets received by filter
0 packets dropped by kernel
3. Print Captured Packets in ASCII
The below tcpdump command with option -A displays the package in ASCII format. It is a character-encoding scheme format.
# tcpdump -A -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:12:28.783324 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [.], seq 3274416:3275876, ack 14717, win 41860, length 1460
E...[.@.@................f...!.OP...^"........\........S?}.....0..5 ... +..6wJ....\"....`d.C......{.H......n)...*/...A..x...(..U..f...t!..?l.'.V y...@.$.;`.~..!-...#..............Q.hA......vM.e*....U.`._..x....L."}".%.......!.C.yDm....9,.3.d.!....7.K.....{......Jk..xI...G..O.-uu...6&.`.....f.....j..]`..T7.....*..z.\...3T.bR..[\.
..A.....3...U.9R.U..?Q
...\s#.........9b......rp;{..K.l.$Q,...............(...z...zW...Q.fs.-.M.|a.|+
..@...M...Vc+O.<....=xi.0.y....z....N....]B..w...|.i....13..LE..I...k..^vCre..-zq..n...I..=7.i....4M...<l..8q9A>t.....N>.,{..~.........0u%...G..w.5._.|.a6&.1X...e.......b.W.m.!..[z.....\".....mg..1...x.j.........U#..J=.u@...j.b8m...;.....@.@G....>..+Y<..+..>-.i...yR....h.n..{x}.L....w...xH....:..A....V,*...p$aq |..G.......w.....nA5X.S{...M..$.P0.
length 31
GTTQUICKADMIN........}.{.................F...'...T..........
3818 packets captured
5343 packets received by filter
494 packets dropped by kernel
4. Display Available Interfaces
To list number of available interfaces on the system, run the following command with -D option.
# tcpdump -D
1.eth0
2.usbmon1 (USB bus number 1)
3.usbmon2 (USB bus number 2)
4.usbmon3 (USB bus number 3)
5.usbmon4 (USB bus number 4)
6.usbmon5 (USB bus number 5)
7.usbmon6 (USB bus number 6)
8.usbmon7 (USB bus number 7)
9.usbmon8 (USB bus number 8)
10.any (Pseudo-device that captures on all interfaces)
11.lo
5. Display Captured Packets in HEX and ASCII
The following command with option -XX capture the data of each packet, including its link level header in HEX and ASCII format.
# tcpdump -XX -i eth0
22:16:50.395579 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 17683412, win 64240, length 0
0x0000: 78ac c0bf 1f28 001d 7d5d 6cc1 0800 4500 x....(..}]l...E.
0x0010: 0028 2930 4000 8006 794c ac18 0011 ac18 .()0@...yL......
0x0020: 0012 dfe9 0016 9822 fd4b 2f75 3468 5010 .......".K/u4hP.
0x0030: faf0 8344 0000 0000 0000 0000 ...D........
22:16:50.398976 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 17685192, win 64240, length 0
0x0000: 78ac c0bf 1f28 001d 7d5d 6cc1 0800 4500 x....(..}]l...E.^C
0x0010: 0028 2932 4000 8006 794a ac18 0011 ac18 .()2@...yJ......
0x0020: 0012 dfe9 0016 9822 fd7f 2f75 3b5c 5010 ......."../u;\P.
0x0030: faf0 7c1c 0000 0000 0000 0000 ..|.........
6. Capture and Save Packets in a File
As we said, that tcpdump has a feature to capture and save the file in a .pcap format, to do this just execute command with -w option.
# tcpdump -w 0001.pcap -i eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
3242 packets captured
5443 packets received by filter
459 packets dropped by kernel
7. Read Captured Packets File
To read and analyze captured packet 0001.pcap file use the command with -r option, as shown below.
# tcpdump -r 0001.pcap
reading from file 0001.pcap, link-type EN10MB (Ethernet)
22:18:20.777219 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 796301044:796301176, ack 2552432619, win 41860, length 132
22:18:20.777768 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 132, win 63328, length 0
22:18:20.778891 ARP, Request who-has 172.24.0.237 tell 172.24.0.222, length 46
22:18:20.779235 ARP, Request who-has 172.24.0.222 tell 172.24.0.237, length 46
22:18:20.789737 IP6 fe80::838:18d9:7a9f:ada4 > ff02::1:ff3f:f871: ICMP6, neighbor solicitation, who has fe80::f6ce:46ff:fe3f:f871, length 32
22:18:20.804236 ARP, Request who-has 172.24.0.100 tell 172.24.0.225, length 46
22:18:20.851399 ARP, Request who-has 172.24.229.57 tell 172.24.1.56, length 46
22:18:20.884141 IP6 fe80::99e1:a71b:73e4:c08f.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
22:18:20.971320 IP6 fe80::838:18d9:7a9f:ada4 > ff02::1:ff3f:f871: ICMP6, neighbo
8. Capture IP address Packets
To capture packets for a specific interface, run the following command with option -n.
# tcpdump -n -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:22:36.418987 IP 172.24.0.18.ssh > 172.24.0.17.57321: Flags [P.], seq 491164:491328, ack 2237, win 41860, length 164
22:22:36.419018 IP 172.24.0.18.ssh > 172.24.0.17.57321: Flags [P.], seq 491328:491492, ack 2237, win 41860, length 164
22:22:36.419061 IP 172.24.0.18.ssh > 172.24.0.17.57321: Flags [P.], seq 491492:491736, ack 2237, win 41860, length 244
22:22:36.419103 IP 172.24.0.18.ssh > 172.24.0.17.57321: Flags [P.], seq 491736:491996, ack 2237, win 41860, length 260
22:22:36.419154 IP 172.24.0.18.ssh > 172.24.0.17.57321: Flags [P.], seq 491996:492288, ack
9. Capture only TCP Packets.
To capture packets based on TCP port, run the following command with option tcp.
# tcpdump -i eth0 tcp
22:24:26.130264 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 379764, win 64240, length
22:24:26.130272 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 380124, win 63880, length
22:24:26.130308 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 381100:381280, ack 1769, win 41860, length 180
22:24:26.130359 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 381280:381684, ack 1769, win 41860, length 404
22:24:26.130405 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 381684:381960, ack 1769, win 41860, length 276
22:24:26.130453 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 381960:382140, ack 1769, win 41860, length 180
22:24:26.130502 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq
10. Capture Packet from Specific Port
Let’s say you want to capture packets for specific port 22, execute the below command by specifying port number 22 as shown below.
# tcpdump -i eth0 port 22
22:26:07.085560 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 252584:252860, ack 1145, win 41860, length 276
22:26:07.085599 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 252860:253008, ack 1145, win 41860, length 148
22:26:07.085629 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 253008:253172, ack 1145, win 41860, length 164
22:26:07.085713 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 251740, win 63164, length
22:26:07.085722 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 252292, win 62612, length
22:26:07.085727 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 252860, win 62044, length
11. Capture Packets from source IP
To capture packets from source IP, say you want to capture packets for 192.168.0.2, use the command as follows.
# tcpdump -i eth0 src 172.24.0.17
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:29:25.056030 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 815597688, win 63160,
22:29:25.340967 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 149, win 63012, length 0
22:29:25.540963 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 297, win 62864, length 0
22:29:25.603310 IP 172.24.0.17.54624 > 224.0.0.252.hostmon: UDP, length 27
22:29:25.672694 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 561, win 64240, length 0
22:29:25.703109 IP 172.24.0.17.54624 > 224.0.0.252.hostmon: UDP, length 27
22:29:25.703428 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 82
12. Capture Packets from destination IP
To capture packets from destination IP, say you want to capture packets for 173.194.36.21, use the command as follows.
# tcpdump -i eth0 dst 173.194.36.21
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:55:01.798591 IP 192.168.0.2.59896 > 173.194.36.21.http: Flags [.], ack 2480401451, win 318, options [nop,nop,TS val 7955710 ecr 804759402], length 0
10:55:05.527476 IP 192.168.0.2.59894 > 173.194.36.21.http: Flags [F.], seq 2521556029, ack 2164168606, win 245, options [nop,nop,TS val 7959439 ecr 804759284], length 0
10:55:05.626027 IP 192.168.0.2.59894 > 173.194.36.21.http: Flags [.], ack 2, win 245, o
13 Capture ARP traffic
# tcpdump -i eth0 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:39:04.490803 ARP, Request who-has 172.24.230.102 tell 172.24.1.56, length 46
22:39:04.725159 ARP, Request who-has 172.24.2.254 tell 172.24.3.128, length 46
22:39:04.838408 ARP, Request who-has 172.24.1.83 tell 172.24.0.239, length 46
C22:39:05.003475 ARP, Request who-has 172.24.3.106 tell 172.24.3.107, length 46

Saturday, 3 August 2013

Linux Netstat Command Examples

Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc.
10 practical Linux netstat command examples.

1. List All Ports (both listening and non listening ports)
List all ports using netstat -a
# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
e
tcp 0 0 *:submission *:* LIST
EN
tcp 0 0 localhost:dyna-access *:* LIST
EN
tcp 0 0 *:sunrpc *:* LIST
EN
tcp 0 0 *:urd *:* LIST
EN
tcp 0 0 *:ssh *:* LIST
EN
tcp 0 0 *:smtp *:* LIST
EN
tcp 0 0 *:iscsi-target *:* LIST
EN
tcp 0 0 *:49641 *:* LIST
EN
tcp 0 52 oracle.microair.in:ssh 172.24.23.153:14211 ESTA
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZ
kVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-90
0-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f
1-0-4e4fb3ab4acf6
unix 2 [ ] DGRAM 10609 /var/run/portreserve/so
cket
unix 2 [ ACC ] STREAM LISTENING 10684 /var/run/rpcbind.sock
List all tcp ports using netstat -at
# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
List all udp ports using netstat -au
# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:iris-xpcs *:*
udp 0 0 *:821 *:*
udp 0 0 *:41786 *:*
udp 0 0 *:sunrpc *:*
2. List Sockets which are in Listening State
List only listening ports using netstat -l
# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:iscsi-target *:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZkVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-900-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f
List only listening TCP Ports using netstat -lt
# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
List only listening UDP Ports using netstat -lu
# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:iris-xpcs *:*
udp 0 0 *:821 *:*
List only the listening UNIX Ports using netstat -lx
# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZkVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-900-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f1-0-4e4fb3ab4acf6
unix 2 [ ACC ] STREAM LISTENING 10684 /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 10737 /var/run/mcelog-client
unix 2 [ ACC ] STREAM LISTENING 11764 /var/run/dbus/system_bu
3. Show the statistics for each protocol
Show statistics for all ports using netstat -s
# netstat -s
Ip:
390700 total packets received
0 forwarded
0 incoming packets discarded
383228 incoming packets delivered
8510 requests sent out
Icmp:
7 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 2
echo requests: 5
79 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 74
echo replies: 5
IcmpMsg:
InType3: 2
InType8: 5
OutType0: 5
OutType3: 74
Tcp:
5 active connections openings
113 passive connection openings
16 failed connection attempts
0 connection resets received
1 connections established
7103 segments received
10131 segments send out
73 segments retransmited
0 bad segments received.
378 resets sent
Udp:
42 packets received
13 packets to unknown port received.
0 packet receive errors
44 packets sent
Show statistics for TCP (or) UDP ports using netstat -st (or) -su
# netstat -st
# netstat -su
4. Display PID and program names in netstat output using netstat -p
netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.
# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 248 oracle.microair.in:ssh 172.24.0.17:57321 ESTABLISHED 29088/sshd
5. Don’t resolve host, port and user name in netstat output
When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.
This also speeds up the output, as netstat is not performing any look-up.
# netstat -an
If you don’t want only any one of those three items ( ports, or hosts, or users ) to be resolved, use following commands.
# netsat -a --numeric-ports
# netsat -a --numeric-hosts
# netsat -a --numeric-users
6. Print netstat information continuously
netstat will print information continuously every few seconds.
# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 prakash-laptop.loc:33362 201-151-18-123.ama:www ESTABLISHED
tcp 1 1 prakash-laptop.loc:52144 201.41.143.232:www CLOSING
tcp 0 0 prakash-laptop.loc:43143 server-101-41-43-5:www ESTABLISHED
7. Find the non supportive Address families in your system
# netstat --verbose
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 oracle.microair.in:ssh 172.24.0.17:57321 ESTABLISHED
netstat: no support for `AF INET (sctp)' on this system.
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 10609 /var/run/portreserve/socket
unix 2 [ ] DGRAM 10824 /var/run/fcm/fcm_clif
unix 2 [ ] DGRAM 1855 @/org/kernel/udev/udevd
unix 15 [ ] DGRAM 10626 /dev/log
unix 2 [ ] DGRAM 11192 @/org/freedesktop/hal/u
At the end, you will have something like this.
unix 3 [ ] STREAM CONNECTED 14695 @/tmp/.X11-unix/X9
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
8. Display the kernel routing information using netstat -r
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 172.16.24.251 0.0.0.0 UG 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
172.10.0.0 * 255.255
Note: Use netstat -rn to display routes in numeric format without resolving for host-names.
9. Find out on which port a program is running
# netstat -ap | grep ssh
tcp 0 0 *:ssh *:* LISTEN 2125/sshd
tcp 0 52 oracle.microair.in:ssh 172.16.0.223:56231 ESTABLISHED 29088/sshd
tcp 0 0 *:ssh *:* LISTEN 2125/sshd
unix 2 [ ] DGRAM 62948 29088/sshd
Find out which process is using a particular port:
# netstat -an | grep ':80'
10. Show the list of network interfaces
# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
eth0 1500 0 0 0 0 0 0 0 0 0
eth2 1500 0 743679 0 0 0 262033 6 0 0
lo 65336 0 4 0 0 0 4 0 0 0
Display extended information on the interfaces (similar to ifconfig) using netstat -ie:
# netstat -ie
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 73:CC:A0:BF:BF:14
inet addr:172.16.0.223 Bcast:172.16.4.255 Mask:255.255.252.0
inet6 addr: fe80::7aac:c0ff:febf:1f28/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:750344 errors:0 dropped:0 overruns:0 frame:0
TX packets:26214 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:78170590 (74.5 MiB) TX bytes:8935032 (8.5 MiB)
Interrupt:19 Memory:f0500000-f0520000