The Hunters Hut
The Hunters Hut
Linux Command Lore
Linux Command Lore

Linux Command Lore

Obtain General Information with *nix

Get information on mounted volumes

lsblk

The lsblk command is to list block devices. It reads the data from udev database along with sysfs file system to print a report on all available or specified block devices. Block devices abstracts the actual hardware characteristics of any physical device and allows you to interact with it using a buffered interface.

fdisk

fdisk is mostly used to manipulate the partition table, it can list info on all partitions by using fdisk -l

SuSe Linux | Find SuSe Version

How do I find out the OpenSUSE/SuSE Linux version via Command Line Interface.

Result:

General OS Checks for Linux Systems

Packages

List installed packages

RPM Platforms (Redhat, CentOS, SuSe, Fedora, ArchLinux, Scientific Linux, etc.)

If you are on a RPM-based Linux platform, here are two ways to determine the list of packages installed.

Get the local path where a particular package was installed

Standard Commandline Operations

Compression (zip) / Decompression (unzip)

Unzip a file

RSA Crypto Operations

Generate a local key and copy public key to target host

VIM

Set VIM in nocompatible mode

To avoid dirty characters like “^M” when copy-pasting run vim with: vim -u NONE Alternatively also use the paste command: :set paste when you are finished issue :set nopaste

Network Discovery

TCPDump

Breaking down the Tcpdump Command Line

Some common commandline parameters. Ex. sudo tcpdump -i eth0 -nn -s0 -v port 80

Explanation:

💡
-i: Select the interface that the capture is to take place on, this will often be an ethernet card or wireless adapter but could also be a vlan or something more unusual. Not always required if there is only one network adapter.
💡
-nn: A single n will not resolve hostnames. A double nn will not resolve hostnames or ports. This is handy for not only viewing the IP / port numbers but also when capturing a large amount of data, as the name resolution will slow down the capture.
💡
-s0: Snap length, is the size of the packet to capture. -s0 will set the size to unlimited - use this if you want to capture all the traffic. Needed if you want to pull binaries / files from network traffic.
💡
-v: Verbose, using -v or -vv increases the amount of detail shown in the output, often showing more protocol specific information.

You can capture traffic coming from or going to different ports and hosts but TCPDUMP’s real power comes in the combination of different conditions. There are three logical operators to help you assemble the right combination of filters:

AND: use and or &&
OR: use or or ||
NEGATION: use not or !

Display ASCII text

Adding -A to the command line will have the output include the ascii strings from the capture. This allows easy reading and the ability to parse the output using grep or other commands.

Get Packet Contents with Hex Output

Hex output is useful when you want to see the content of the packets displayed in both HEX and ASCII

Output:

Capture on specific Protocol

Filter on UDP traffic. Another way to specify this is to use protocol 17 that is udp. These two commands will produce the same result. The equivalent of the tcp filter is protocol 6.

Capture Hosts based on IP address

Using the host filter will capture traffic going to (destination) or from (source) a specific IP address.

Alternatively, capture only packets going one way using src or dst.

Capture traffic from a specific port

You can also capture traffic coming from a range of ports

Write to a capture file

Writing a standard pcap file is a common command option. Writing a capture file to disk allows the file to be opened in Wireshark or other packet analysis tools.

LinkedIn

ThreatHunterz.com