Unix – Basic Tips n tricks for Network /IT Engineers.

lazyelectrons

Ahem..There are way too many docs already, but lets look at some simple steps. šŸ™‚

lets start with very basic three commands , which doesn’t need any explanation

rajesh@raj-ux3:~/Work1$ uptime
up 21 min, 2 users, load average: 0.00, 0.00, 0.00
rajesh@raj-ux3:~/Work1$ who
root tty1 2018-03-17 21:57
rajesh pts/0 2018-03-17 21:59 (192.168.0.11)
rajesh@raj-ux3:~/Work1$ date
Sat Mar 17 22:19:05 PDT 2018

who shows who all are logged in the box, from where (source IP if telnet/ssh)

Now, to clear the screen,

rajesh@raj-ux3:~/Work1$clear

Now, what if you want to run three commands in one go

mkdir rajesh-test; touch ./rajesh-test/testfile ; date >> ./rajesh-test/testfile1; ls -la rajesh-test/
total 12
drwxrwxr-x 2 rajesh rajesh 4096 Mar 17 22:21 .
drwxrwxr-x 6 rajesh rajesh 4096 Mar 17 22:21 ..
-rw-rw-r-- 1 rajesh rajesh 0 Mar 17 22:21 testfile
-rw-rw-r-- 1 rajesh rajesh 29 Mar 17 22:21 testfile1

Here, I touch a file, with name testfile which means I create a dummy file , with no content, You can see the file size as zero.

Then IĀ  prints date and >>Ā  aka redirect that output to a file testfile1. so test file will contain the output of date command.

The third command just does a ls to list the files.

how to figure-out what damn release/version of unix or Linux you are in ?
rajesh@raj-ux3:~/Work1$ uname -a
Linux raj-ux3 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
rajesh@raj-ux3:~/Work1$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
rajesh@raj-ux3:~/Work1$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

well, lets get more tricky, what all network services are running in this node, and who – if any – is connected to it !

[root@sjc-tools Camera]#netstat -an | grep tcp
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN  <<-- SSH 
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 
tcp 0 0 172.19.108.8:22 10.155.69.184:59625 ESTABLISHED <<--One SSH Connection
tcp6 0 0 :::81 :::* LISTEN 
tcp6 0 0 :::22 :::* LISTEN 
tcp6 0 0 :::23 :::* LISTEN 
tcp6 0 0 ::1:25 :::* LISTEN

[root@sjc-tools Camera]# netstat -an | grep udp
udp 0 0 172.16.108.8:40121 54.236.224.171:123 ESTABLISHED <-NTP
udp 0 0 172.16.108.8:60723 162.210.110.4:123 ESTABLISHED <-NTP
udp 0 0 127.0.0.1:323 0.0.0.0:* 
udp 0 0 172.16.108.8:42873 168.235.81.25:123 ESTABLISHED
udp6 0 0 ::1:323 :::*

How much disk space is in use –

[root@sjc-tools ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 35G 3.7G 32G 11% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 3.9G 8.6M 3.9G 1% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 184M 831M 19% /boot
overlay 35G 3.7G 32G 11% /var/lib/docker/overlay/38004045a8bd1e1aa99b517e46fbcca0f4be7de9b857bf0b0dee63d131df69ec/merged
shm 64M 0 64M 0% /var/lib/docker/containers/53347056e183c664370b3c4f8fc6873236b4c3eed31a811742ff2e6c9a11f407/shm
tmpfs 783M 0 783M 0% /run/user/0

Lets do some scripting.

Lets make aĀ  simple Script – bash – to create a simple cisco IOS config.

[root@sjc-tools ~]#for i in {1..10}
> do echo "conf t"
> echo "vlan $i"
> echo "name Data_vlan$i"
> done
#
conf t
vlan 1
name Data_vlan1
conf t
vlan 2
name Data_vlan2
conf t
vlan 3
name Data_vlan3
conf t
vlan 4
name Data_vlan4
conf t
vlan 5
name Data_vlan5
conf t
vlan 6
name Data_vlan6
conf t
vlan 7
name Data_vlan7
conf t
vlan 8
name Data_vlan8
conf t
vlan 9
name Data_vlan9
conf t
vlan 10
name Data_vlan10
[root@sjc-tools ~]#

Here I am asking bash to move variable i fromĀ  1 to 10.

Then in each step, just print (output) , “conf t“, then vlan $iĀ  meaning, in each step, it will print vlan $iĀ  as vlan 1, vlan 2..till vlan 10.

Next line is same, instead of vlan, i am using “name Data_Vlan$i” to get an output of name Data_vlan1 to name Data_vlan10

You can run in single line like above

[root@sjc-tools ~]#for i in {1..10}; do echo "conf t"; echo "vlan $i"; echo "name Data_vlan$i"; done

You can do even system functions with it, cascading operations

rajesh@raj-ux3:/etc$ for file in `ls *.conf``; do ls -la $file; done
-rw-r--r-- 1 root root 3028 Aug 1 2017 adduser.conf
-rw-r--r-- 1 root root 7788 Sep 8 2017 ca-certificates.conf
-rw-r--r-- 1 root root 2969 Nov 10 2015 debconf.conf
-rw-r--r-- 1 root root 604 Jul 2 2015 deluser.conf
-rw-r--r-- 1 root root 280 Jun 19 2014 fuse.conf
-rw-r--r-- 1 root root 2584 Feb 18 2016 gai.conf
-rw-r--r-- 1 root root 4781 Mar 17 2016 hdparm.conf
-rw-r--r-- 1 root root 92 Oct 22 2015 host.conf
-rw-r--r-- 1 root root 771 Mar 6 2015 insserv.conf
-rw-r--r-- 1 root root 144 Sep 8 2017 kernel-img.conf
-rw-r--r-- 1 root root 34 Jan 27 2016 ld.so.conf
-rw-r--r-- 1 root root 191 Jan 18 2016 libaudit.conf
-rw-r--r-- 1 root root 703 May 5 2015 logrotate.conf
-rw-r--r-- 1 root root 14867 Apr 11 2016 ltrace.conf
-rw-r--r-- 1 root root 967 Oct 30 2015 mke2fs.conf
-rw-r--r-- 1 root root 497 May 4 2014 nsswitch.conf
-rw-r--r-- 1 root root 6816 May 11 2017 overlayroot.conf
rajesh@raj-ux3:/etc$

Or may be even more. Here I am copying allĀ  .conf files to the newly created directory backup in my home directory

rajesh@raj-ux3:/etc$ mkdir $HOME/backup
rajesh@raj-ux3:/etc$ for file in `ls *.conf`; do cp $file $HOME/backup//; done 
rajesh@raj-ux3:/etc$ ls $HOME/backup
adduser.conf host.conf mke2fs.conf sensors3.conf
ca-certificates.conf insserv.conf nsswitch.conf sos.conf
debconf.conf kernel-img.conf overlayroot.conf sysctl.conf
deluser.conf ld.so.conf pam.conf ucf.conf
fuse.conf libaudit.conf popularity-contest.conf updatedb.conf
gai.conf logrotate.conf resolv.conf
hdparm.conf ltrace.conf rsyslog.conf
rajesh@raj-ux3:/etc$

Well, lets use it for Troubleshooting šŸ˜‰ scanning the network. I am pinging all IPs from 1 to 200 in the network.

rajesh$ for i in {1..200}; do ping -c3 192.168.0.$i; done
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0 ttl=64 time=120.535 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=4.652 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=4.841 ms

--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 4.652/43.343/120.535/54.583 ms
PING 192.168.0.2 (192.168.0.2): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1

=== output omitted ==

Lets do more complex one,

for i in {1..2}; do ping -c3 192.168.0.$i > /dev/null; result=$?; if [ $result -eq 0 ]; then echo -e "\033[32m Ping Success for 192.168.0.$i"; echo -e "\033[0m"; else echo -e "\033[0;31m Ping Failed for 192.168.0.$i "; echo -e "\033[0m"; fi; done

Ping Success for 192.168.0.1

ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
 Ping Failed for 192.168.0.2

Let me explain it here a bit more

for i in {1..2}; do ping -c3 192.168.0.$i > /dev/null; 
result=$?;
# -- Ping the hosts as per the list
# $? returns the result of the ping, Success or Failure 

 if [ $result -eq 0 ]; # If Ping is Successful 
   then 
     echo -e "\033[32m Ping Success for 192.168.0.$i"; 
     # Print the result in Green, 
     echo -e "\033[0m"; 
     # reset text color back to original 
  else 
     echo -e "\033[0;31m Ping Failed for 192.168.0.$i "; 
     # if ping failed for any reason, print it in RED
     echo -e "\033[0m"; 
      # reset text color back to originalĀ 
 fi; 
done

Lets do some more advanced Scripting. If you need to telnet to a device and make some changes/clis on a bunch of devices, you need CLI Interaction.

We can use one of the very old tool to do that. Its called expect. Today its an extension of tcl, but some of the unix/linux still have the original expect.

Here is an expect Script, most of it is self explanatory. I am logging in to a Cisco IOS Style Device and Rebooting it.

#------ $Rev 1.0 , rajesh ----#
# test.tcl #
package require Expect
set send_human {.1 .3 1 .05 1}
# The above line is to adjust the speed at which commands are typed in the
# Cli by the script, it cant be too fast as we need router/host time
# to respond.
#
#
# -- Start SSH with user admin, IP will be passed as CLI option --
# here is how it is specified - [lindex $argv 0]
spawn ssh -o StrictHostKeyChecking=no admin@[lindex $argv 0]
#
#
# -- Login --#
expect "password:" 
exp_send -h "cisco123\n"
# "\n" is enter/CR.
# -- Logged in and I have # Prompt
#
expect "#"
#
exp_send -h "reload at 01:00 \n"
expect "confirm]"
exp_send -h "\n"
expect "#"
exp_send "exit\n"
#

this is a tcl script with expect extension/package. So you run it with tclsh. You provide the IP Address of the device you need to run these commands as the cli option.

Here it is in action.

raj-Ux#tclsh test.tcl 10.1.1.1
# -- Below output is from the script executon
spawn ssh -o StrictHostKeyChecking=no rajeshvs@10.1.1.1
Password:
Router#reload at 01:00 /y
Reload scheduled for 01:00:00 PDT Tue Jun 5 2018 (in 11 hours and 28 minutes) by rajeshvs on vty5 (198.18.74.10)
Reload reason: /y
Proceed with reload? [confirm]
raj-Ux#

Lets combine both the above, ie bash + expect script to make quick automation scripts

raj-ux:/Rajesh/# for router in {26..47};
> do tclsh test.tcl 198.188.1.$router
>done

This script above will basically invoke the expect script across multiple devices. In our case its a script to reboot, but it could be something for configuring or monitoring or doing backup.

Lets get back to Operating SystemĀ  Level.

To figure out what type is a file –

rajesh@raj-ux3:/etc$ file /bin/ls
/bin/ls: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=d0bc0fb9b3f60f72bbad3c5a1d24c9e2a1fde775, stripped
rajesh@raj-ux3:/etc$ file /etc/hosts
/etc/hosts: ASCII text
rajesh@raj-ux3:/etc$

to poke inside and executable and find the encoded stringsĀ  or in simple English, to print the text inside a non-text file.

rajesh@raj-ux3:/etc$ strings /bin/ls
/lib64/ld-linux-x86-64.so.2
libselinux.so.1
_ITM_deregisterTMCloneTable
__gmon_start__
_Jv_RegisterClasses
_ITM_registerTMCloneTable
_init
fgetfilecon
freecon
lgetfilecon
_fini
libc.so.6
fflush
strcpy

to get Head and Tail of a file

rajesh@raj-ux3:/etc$ head /var/log/syslog 
Sep 8 23:26:00 raj-ux3 rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="960" x-info="http://www.rsyslog.com"] start
Sep 8 23:26:00 raj-ux3 rsyslogd-2222: command 'KLogPermitNonKernelFacility' is currently not permitted - did you already set it via a RainerScript command (v6+ config)? [v8.16.0 try http://www.rsyslog.com/e/2222 ]
Sep 8 23:26:00 raj-ux3 rsyslogd: rsyslogd's groupid changed to 108
Sep 8 23:26:00 raj-ux3 rsyslogd: rsyslogd's userid changed to 104
Sep 8 23:26:00 raj-ux3 rsyslogd-2039: Could not open output pipe '/dev/xconsole':: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2039 ]
Sep 8 23:26:00 raj-ux3 kernel: [ 0.000000] Initializing cgroup subsys cpuset
Sep 8 23:26:00 raj-ux3 kernel: [ 0.000000] Initializing cgroup subsys cpu
Sep 8 23:26:00 raj-ux3 kernel: [ 0.000000] Initializing cgroup subsys cpuacct
Sep 8 23:26:00 raj-ux3 kernel: [ 0.000000] Linux version 4.4.0-87-generic (buildd@lcy01-31) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) ) #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 (Ubuntu 4.4.0-87.110-generic 4.4.73)
Sep 8 23:26:00 raj-ux3 kernel: [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-4.4.0-87-generic root=/dev/mapper/raj--ux3--vg-root ro

rajesh@raj-ux3:/etc$ tail /var/log/syslog 
Mar 17 21:59:20 raj-ux3 systemd[1]: Started User Manager for UID 1000.
Mar 17 22:09:01 raj-ux3 CRON[1914]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean)
Mar 17 22:12:17 raj-ux3 /usr/lib/snapd/snapd[1006]: snapmgr.go:422: No snaps to auto-refresh found
Mar 17 22:12:17 raj-ux3 systemd[1]: Starting Cleanup of Temporary Directories...
Mar 17 22:12:17 raj-ux3 systemd-tmpfiles[1955]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring.
Mar 17 22:12:17 raj-ux3 snapd[1006]: 2018/03/17 22:12:17.049466 snapmgr.go:422: No snaps to auto-refresh found
Mar 17 22:12:17 raj-ux3 systemd[1]: Started Cleanup of Temporary Directories.
Mar 17 22:17:01 raj-ux3 CRON[1962]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 17 22:17:16 raj-ux3 /usr/lib/snapd/snapd[1006]: snapmgr.go:496: DEBUG: Next refresh scheduled for 2018-03-18 03:50:39.966008933 -0700 PDT.
Mar 17 22:39:01 raj-ux3 CRON[2432]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean)
rajesh@raj-ux3:/etc$

use tail -f if you wanna follow the file

Bit on the hardware side, list PCI devices

rajesh@raj-ux3:/etc$ lspci
00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (rev 01)
00:01.0 PCI bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX AGP bridge (rev 01)
00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 08)
00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 08)
00:07.7 System peripheral: VMware Virtual Machine Communication Interface (rev 10)
00:0f.0 VGA compatible controller: VMware SVGA II Adapter
00:10.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 01)
00:11.0 PCI bridge: VMware PCI bridge (rev 02)
00:15.0 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.1 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.2 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.3 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.4 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.5 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.6 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.7 PCI bridge: VMware PCI Express Root Port (rev 01)
00:16.0 PCI bridge: VMware PCI Express Root Port (rev 01)
00:16.1 PCI bridge: VMware PCI Express Root Port (rev 01)
00:16.2 PCI bridge: VMware PCI Express Root Port (rev 01)
00:16.3 PCI bridge: VMware PCI Express Root Port (rev 01)
00:16.4 PCI bridge: VMware

Check Process or grep for specific process, ssh for example here

 
root@raj-ux3:/home/rajesh# ps -aef 
UID PID PPID C STIME TTY TIME CMD
root 1 0 2 10:42 ? 00:00:01 /sbin/init
root 2 0 0 10:42 ? 00:00:00 [kthreadd]
root 3 2 0 10:42 ? 00:00:00 [ksoftirqd/0]
root 4 2 0 10:42 ? 00:00:00 [kworker/0:0]
root 5 2 0 10:42 ? 00:00:00 [kworker/0:0H]
root 6 2 0 10:42 ? 00:00:00 [kworker/u256:0]
root 7 2 0 10:42 ? 00:00:00 [rcu_sched]
root 8 2 0 10:42 ? 00:00:00 [rcu_bh]
root 9 2 0 10:42 ? 00:00:00 [migration/0]
root 10 2 0 10:42 ? 00:00:00 [watchdog/0]
root 11 2 0 10:42 ? 00:00:00 [kdevtmpfs]
root 12 2 0 10:42 ? 00:00:00 [netns]
root 13 2 0 10:42 ? 00:00:00 [perf]
root 14 2 0 10:42 ? 00:00:00 [khungtaskd]
root 15 2 0 10:42 ? 00:00:00 [writeback]
root 16 2 0 10:42 ? 00:00:00 [ksmd]
root 17 2 0 10:42 ? 00:00:00 [khugepaged]
root 18 2 0 10:42 ? 00:00:00 [crypto]
root 19 2 0 10:42 ? 00:00:00 [kintegrityd]
root 20 2 0 10:42 ? 00:00:00 [bioset]
root 21 2 0 10:42 ? 00:00:00 [kblockd]
root 22 2 0 10:42 ? 00:00:00 [ata_sff]
root 23 2 0 10:42 ? 00:00:00 [md]
root 24 2 0 10:42 ? 00:00:00 [devfreq_wq]
root 25 2 0 10:42 ? 00:00:00 [kworker/u256:1]
root 26 2 0 10:42 ? 00:00:00 [kworker/0:1]
root 28 2 0 10:42 ? 00:00:00 [kswapd0]
root 29 2 0 10:42 ? 00:00:00 [vmstat]
root 30 2 0 10:42 ? 00:00:00 [fsnotify_mark]
root 31 2 0 10:42 ? 00:00:00 [ecryptfs-kthrea]
root 47 2 0 10:42 ? 00:00:00 [kthrotld]
root 48 2 0 10:42 ? 00:00:00 [acpi_thermal_pm]
root 49 2 0 10:42 ? 00:00:00 [bioset]
root 50 2 0 10:42 ? 00:00:00 [bioset]
root 51 2 0 10:42 ? 00:00:00 [bioset]
root 52 2 0 10:42 ? 00:00:00 [bioset]
root 53 2 0 10:42 ? 00:00:00 [bioset]
root 54 2 0 10:42 ? 00:00:00 [bioset]
root 55 2 0 10:42 ? 00:00:00 [bioset]
root 56 2 0 10:42 ? 00:00:00 [bioset]
root 273 2 0 10:42 ? 00:00:00 [bioset]
root 275 2 0 10:42 ? 00:00:00 [kworker/0:1H]
root 340 2 0 10:42 ? 00:00:00 [raid5wq]
root 365 2 0 10:42 ? 00:00:00 [kdmflush]
root 366 2 0 10:42 ? 00:00:00 [bioset]
root 381 2 0 10:42 ? 00:00:00 [bioset]
root 408 2 0 10:42 ? 00:00:00 [jbd2/dm-0-8]
root 409 2 0 10:42 ? 00:00:00 [ext4-rsv-conver]
root 457 2 0 10:42 ? 00:00:00 [kworker/0:4]
root 476 1 0 10:42 ? 00:00:00 /lib/systemd/systemd-journald
root 480 2 0 10:42 ? 00:00:00 [iscsi_eh]
systemd+ 737 1 0 10:42 ? 00:00:00 /lib/systemd/systemd-timesyncd
root 909 2 0 10:42 ? 00:00:00 [kdmflush]
root 912 2 0 10:42 ? 00:00:00 [bioset]
root 945 1 0 10:42 ? 00:00:00 /usr/sbin/acpid
root 948 1 0 10:42 ? 00:00:00 /usr/sbin/cron -f
root 952 1 0 10:42 ? 00:00:00 /lib/systemd/systemd-logind
root 955 1 0 10:42 ? 00:00:00 /usr/bin/lxcfs /var/lib/lxcfs/
syslog 956 1 0 10:42 ? 00:00:00 /usr/sbin/rsyslogd -n
daemon 965 1 0 10:42 ? 00:00:00 /usr/sbin/atd -f
root 970 1 0 10:42 ? 00:00:00 /usr/lib/accountsservice/accounts-daemon
root 972 1 0 10:42 ? 00:00:00 /usr/bin/vmtoolsd
message+ 975 1 0 10:42 ? 00:00:00 /usr/bin/dbus-daemon --system --address=syst
root 995 1 0 10:42 ? 00:00:00 /usr/lib/snapd/snapd
root 1009 1 0 10:42 ? 00:00:00 /sbin/mdadm --monitor --pid-file /run/mdadm/
root 1014 1 0 10:42 ? 00:00:00 /usr/lib/policykit-1/polkitd --no-debug
root 1069 1 0 10:42 ? 00:00:00 /sbin/dhclient -1 -v -pf /run/dhclient.ens33
root 1205 1 0 10:42 ? 00:00:00 /usr/sbin/sshd -D
root 1229 1 0 10:42 ? 00:00:00 /sbin/iscsid
root 1230 1 0 10:42 ? 00:00:00 /sbin/iscsid
mysql 1234 1 2 10:42 ? 00:00:00 /usr/sbin/mysqld
root 1298 1 0 10:42 tty1 00:00:00 /bin/login --
root 1303 1 0 10:42 ? 00:00:00 /bin/sh /etc/init.d/ondemand background
root 1324 1303 0 10:42 ? 00:00:00 sleep 60
root 1347 1 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 1350 1347 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 1351 1347 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 1352 1347 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 1353 1347 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 1354 1347 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start
root 1559 1 0 10:43 ? 00:00:00 /lib/systemd/systemd --user
root 1561 1559 0 10:43 ? 00:00:00 (sd-pam)
root 1567 1298 0 10:43 tty1 00:00:00 -bash
root 1588 1205 0 10:43 ? 00:00:00 sshd: rajesh [priv]
rajesh 1590 1 0 10:43 ? 00:00:00 /lib/systemd/systemd --user
rajesh 1591 1590 0 10:43 ? 00:00:00 (sd-pam)
rajesh 1625 1588 0 10:43 ? 00:00:00 sshd: rajesh@pts/0
rajesh 1626 1625 0 10:43 pts/0 00:00:00 -bash
root 1638 1626 0 10:43 pts/0 00:00:00 su
root 1639 1638 0 10:43 pts/0 00:00:00 bash
root 1649 1639 0 10:43 pts/0 00:00:00 ps -aef

root@raj-ux3:/home/rajesh# ps -aef | grep sshd 
root 1205 1 0 10:42 ? 00:00:00 /usr/sbin/sshd -D
root 1588 1205 0 10:43 ? 00:00:00 sshd: rajesh [priv]
rajesh 1625 1588 0 10:43 ? 00:00:00 sshd: rajesh@pts/0
root 1652 1639 0 10:43 pts/0 00:00:00 grep --color=auto sshd
root@raj-ux3:/home/rajesh#

Partitions

rajesh@raj-ux3:/proc$ cat partitions 
major minor #blocks name

8 0 20971520 sda
 8 1 498688 sda1
 8 2 1 sda2
 8 5 20469760 sda5
 11 0 1048575 sr0
 252 0 19419136 dm-0
 252 1 1048576 dm-1
rajesh@raj-ux3:/proc

to check loaded Modules/Drivers

rajesh@raj-ux3:/proc$ cat /proc/modules 
vmw_vsock_vmci_transport 28672 1 - Live 0x0000000000000000
vsock 36864 2 vmw_vsock_vmci_transport, Live 0x0000000000000000
ppdev 20480 0 - Live 0x0000000000000000
vmw_balloon 20480 0 - Live 0x0000000000000000
coretemp 16384 0 - Live 0x0000000000000000
joydev 20480 0 - Live 0x0000000000000000
input_leds 16384 0 - Live 0x0000000000000000
serio_raw 16384 0 - Live 0x0000000000000000
snd_ens1371 28672 0 - Live 0x0000000000000000
uvcvideo 90112 0 - Live 0x0000000000000000
videobuf2_vmalloc 16384 1 uvcvideo, Live 0x0000000000000000
snd_ac97_codec 131072 1 snd_ens1371, Live 0x0000000000000000
gameport 16384 1 snd_ens1371, Live 0x0000000000000000
videobuf2_memops 16384 1 videobuf2_vmalloc, Live 0x0000000000000000
videobuf2_v4l2 28672 1 uvcvideo, Live 0x0000000000000000
snd_rawmidi 32768 1 snd_ens1371, Live 0x0000000000000000
videobuf2_core 36864 2 uvcvideo,videobuf2_v4l2, Live 0x0000000000000000
snd_seq_device 16384 1 snd_rawmidi, Live 0x0000000000000000
ac97_bus 16384 1 snd_ac97_codec, Live 0x0000000000000000
snd_pcm 106496 2 snd_ens1371,snd_ac97_codec, Live 0x0000000000000000
v4l2_common 16384 1 videobuf2_v4l2, Live 0x0000000000000000
btusb 45056 0 - Live 0x0000000000000000
btrtl 16384 1 btusb, Live 0x0000000000000000
btbcm 16384 1 btusb, Live 0x0000000000000000
btintel 16384 1 btusb, Live 0x0000000000000000
videodev 176128 4 uvcvideo,videobuf2_v4l2,videobuf2_core,v4l2_common, Live 0x0000000000000000
snd_timer 32768 1 snd_pcm, Live 0x0000000000000000
bluetooth 520192 5 btusb,btrtl,btbcm,btintel, Live 0x0000000000000000
media 24576 2 uvcvideo,videodev, Live 0x0000000000000000
snd 81920 6 snd_ens1371,snd_ac97_codec,snd_rawmidi,snd_seq_device,snd_pcm,snd_timer, Live 0x0000000000000000
soundcore 16384 1 snd, Live 0x0000000000000000
shpchp 36864 0 - Live 0x0000000000000000
i2c_piix4 24576 0 - Live 0x0000000000000000
vmw_vmci 65536 2 vmw_vsock_vmci_transport,vmw_balloon, Live 0x0000000000000000
nfit 36864 0 - Live 0x0000000000000000
8250_fintek 16384 0 - Live 0x0000000000000000
parport_pc 32768 0 - Live 0x0000000000000000
parport 49152 2 ppdev,parport_pc, Live 0x0000000000000000
mac_hid 16384 0 - Live 0x0000000000000000
ib_iser 49152 0 - Live 0x0000000000000000
rdma_cm 49152 1 ib_iser, Live 0x0000000000000000
iw_cm 45056 1 rdma_cm, Live 0x0000000000000000
ib_cm 45056 1 rdma_cm, Live 0x0000000000000000
ib_sa 36864 2 rdma_cm,ib_cm, Live 0x0000000000000000
ib_mad 49152 2 ib_cm,ib_sa, Live 0x0000000000000000
ib_core 106496 6 ib_iser,rdma_cm,iw_cm,ib_cm,ib_sa,ib_mad, Live 0x0000000000000000
ib_addr 16384 2 rdma_cm,ib_core, Live 0x0000000000000000
iscsi_tcp 20480 0 - Live 0x0000000000000000
libiscsi_tcp 24576 1 iscsi_tcp, Live 0x0000000000000000
libiscsi 53248 3 ib_iser,iscsi_tcp,libiscsi_tcp, Live 0x0000000000000000
scsi_transport_iscsi 98304 4 ib_iser,iscsi_tcp,libiscsi, Live 0x0000000000000000
autofs4 40960 2 - Live 0x0000000000000000
btrfs 987136 0 - Live 0x0000000000000000
raid10 49152 0 - Live 0x0000000000000000
raid456 110592 0 - Live 0x0000000000000000
async_raid6_recov 20480 1 raid456, Live 0x0000000000000000
async_memcpy 16384 2 raid456,async_raid6_recov, Live 0x0000000000000000
async_pq 16384 2 raid456,async_raid6_recov, Live 0x0000000000000000
async_xor 16384 3 raid456,async_raid6_recov,async_pq, Live 0x0000000000000000
async_tx 16384 5 raid456,async_raid6_recov,async_memcpy,async_pq,async_xor, Live 0x0000000000000000
xor 24576 2 btrfs,async_xor, Live 0x0000000000000000
raid6_pq 102400 4 btrfs,raid456,async_raid6_recov,async_pq, Live 0x0000000000000000
libcrc32c 16384 1 raid456, Live 0x0000000000000000
raid1 36864 0 - Live 0x0000000000000000
raid0 20480 0 - Live 0x0000000000000000
multipath 16384 0 - Live 0x0000000000000000
linear 16384 0 - Live 0x0000000000000000
hid_generic 16384 0 - Live 0x0000000000000000
usbhid 49152 0 - Live 0x0000000000000000
hid 118784 2 hid_generic,usbhid, Live 0x0000000000000000
crct10dif_pclmul 16384 0 - Live 0x0000000000000000
crc32_pclmul 16384 0 - Live 0x0000000000000000
ghash_clmulni_intel 16384 0 - Live 0x0000000000000000
aesni_intel 167936 0 - Live 0x0000000000000000
aes_x86_64 20480 1 aesni_intel, Live 0x0000000000000000
lrw 16384 1 aesni_intel, Live 0x0000000000000000
gf128mul 16384 1 lrw, Live 0x0000000000000000
glue_helper 16384 1 aesni_intel, Live 0x0000000000000000
ablk_helper 16384 1 aesni_intel, Live 0x0000000000000000
cryptd 20480 3 ghash_clmulni_intel,aesni_intel,ablk_helper, Live 0x0000000000000000
vmwgfx 237568 1 - Live 0x0000000000000000
ttm 98304 1 vmwgfx, Live 0x0000000000000000
drm_kms_helper 155648 1 vmwgfx, Live 0x0000000000000000
psmouse 131072 0 - Live 0x0000000000000000
syscopyarea 16384 1 drm_kms_helper, Live 0x0000000000000000
sysfillrect 16384 1 drm_kms_helper, Live 0x0000000000000000
sysimgblt 16384 1 drm_kms_helper, Live 0x0000000000000000
fb_sys_fops 16384 1 drm_kms_helper, Live 0x0000000000000000
ahci 36864 0 - Live 0x0000000000000000
libahci 32768 1 ahci, Live 0x0000000000000000
e1000 135168 0 - Live 0x0000000000000000
mptspi 24576 2 - Live 0x0000000000000000
mptscsih 40960 1 mptspi, Live 0x0000000000000000
drm 364544 4 vmwgfx,ttm,drm_kms_helper, Live 0x0000000000000000
mptbase 102400 2 mptspi,mptscsih, Live 0x0000000000000000
scsi_transport_spi 32768 1 mptspi, Live 0x0000000000000000
pata_acpi 16384 0 - Live 0x0000000000000000
fjes 28672 0 - Live 0x0000000000000000
rajesh@raj-ux3:/proc$

CPU

rajesh@raj-ux3:/proc$ cat cpuinfo 
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 158
model name : Intel(R) Core(TM) i7-7920HQ CPU @ 3.10GHz
stepping : 9
microcode : 0x58
cpu MHz : 3094.113
cache size : 8192 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 22
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch epb fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 invpcid rtm rdseed adx smap xsaveopt dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
bugs :
bogomips : 6188.22
clflush size : 64
cache_alignment : 64
address sizes : 42 bits physical, 48 bits virtual
power management:

sniffing traffic –

root@raj-ux3:/home/rajesh# tcpdump -i ens33 dst port 23
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
11:01:05.115221 IP 172.16.129.1.63112 > 172.16.129.128.telnet: Flags [SEW], seq 1333940134, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 623195467 ecr 0,sackOK,eol], length 0
^C
1 packet captured
3 packets received by filter
0 packets dropped by kernel
root@raj-ux3:/home/rajesh# tcpdump -i ens33 dst port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
11:01:40.314869 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [S], seq 3797991664, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 623230412 ecr 0,sackOK,eol], length 0
11:01:40.315192 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [.], ack 2789728594, win 4117, options [nop,nop,TS val 623230412 ecr 210178], length 0
11:01:42.041250 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [P.], seq 0:7, ack 1, win 4117, options [nop,nop,TS val 623232125 ecr 210178], length 7: HTTP: get /
11:01:42.043238 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [.], ack 484, win 4102, options [nop,nop,TS val 623232126 ecr 210610], length 0
11:01:42.043250 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [.], ack 485, win 4102, options [nop,nop,TS val 623232126 ecr 210610], length 0
11:01:42.043362 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [F.], seq 7, ack 485, win 4102, options [nop,nop,TS val 623232126 ecr 210610], length 0

 

Back to Home Page for More Crazy Stuff

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s