- Obtain General Information with *nix
- Get information on mounted volumes
- lsblk
- fdisk
- SuSe Linux | Find SuSe Version
- General OS Checks for Linux Systems
- Packages
- List installed packages
- RPM Platforms (Redhat, CentOS, SuSe, Fedora, ArchLinux, Scientific Linux, etc.)
- Get the local path where a particular package was installed
- Standard Commandline Operations
- Compression (zip) / Decompression (unzip)
- Unzip a file
- RSA Crypto Operations
- Generate a local key and copy public key to target host
- VIM
- Set VIM in nocompatible mode
- Network Discovery
- TCPDump
- Breaking down the Tcpdump Command Line
- Display ASCII text
- Get Packet Contents with Hex Output
- Capture on specific Protocol
- Capture Hosts based on IP address
- Capture traffic from a specific port
- Write to a capture file
Obtain General Information with *nix
Get information on mounted volumes
lsblk
The lsblk command is to list block devices. It reads the data from udev database along with sysfs file system to print a report on all available or specified block devices. Block devices abstracts the actual hardware characteristics of any physical device and allows you to interact with it using a buffered interface.
lsblk
fdisk
fdisk is mostly used to manipulate the partition table, it can list info on all partitions by using fdisk -l
SuSe Linux | Find SuSe Version
How do I find out the OpenSUSE/SuSE Linux version via Command Line Interface.
cat /etc/SuSE-release # or cat /etc/issue
Result:
Welcome to SUSE Linux Enterprise Server for SAP Applications 13 SP1 (x86_64) - Kernel.
# or SUSE Linux Enterprise Server 12 (x86_64)VERSION = 12PATCHLEVEL = 1
General OS Checks for Linux Systems
Packages
List installed packages
RPM Platforms (Redhat, CentOS, SuSe, Fedora, ArchLinux, Scientific Linux, etc.)
If you are on a RPM-based Linux platform, here are two ways to determine the list of packages installed.
# Using yum
yum list installed
# Using rpm
rpm -qa
Get the local path where a particular package was installed
dpkg -L <package-name>
Standard Commandline Operations
Compression (zip) / Decompression (unzip)
Unzip a file
# Extract the contents of a file to current directory:
unzip compressed.zip
# To change the extraction target directory:
unzip compressed.zip -d /some/target/dir
# To preview contents of zip file:
unzip -l compressed.zip
# Only unzip specific files, add them at the end:
unzip compressed.zip file1 subdirectory/file2
# The inverse of the above command. Unzip every file EXCEPT the ones specified after the -x modifier:
unzip compressed.zip -x file1 subdirectory/file2
# Unzipping a password protected file:
unzip -p mypass compressed.zip
RSA Crypto Operations
Generate a local key and copy public key to target host
# First generate a key (enter to all for a quick key with no password protection)
ssh-keygen -t rsa
# Copy the key to a target host, pass in the flag to avoid prompting for host fingerprint trust check
ssh-copy-id -o StrictHostKeyChecking=no -i /path/to/.ssh/id_rsa [email protected]_name
VIM
Set VIM in nocompatible mode
To avoid dirty characters like “^M” when copy-pasting run vim with: vim -u NONE
Alternatively also use the paste command: :set paste
when you are finished issue :set nopaste
Network Discovery
TCPDump
Breaking down the Tcpdump Command Line
Some common commandline parameters. Ex. sudo tcpdump -i eth0 -nn -s0 -v port 80
Explanation:
You can capture traffic coming from or going to different ports and hosts but TCPDUMP’s real power comes in the combination of different conditions. There are three logical operators to help you assemble the right combination of filters:
AND: use and or &&
OR: use or or ||
NEGATION: use not or !
Display ASCII text
Adding -A
to the command line will have the output include the ascii
strings from the capture. This allows easy reading and the ability to parse the output using grep
or other commands.
sudo tcpdump -A -s0 port 80
Get Packet Contents with Hex Output
Hex output is useful when you want to see the content of the packets displayed in both HEX and ASCII
tcpdump -c 1 -X icmp
Output:
0x0670: ecee 007c 88db 7ac7 5003 4454 2617 9f00 ...|..z.P.DT&...
0x0680: 6bb6 4393 f320 eba9 4f15 ada7 7ef0 1f48 k.C.....O...~..H
0x0690: 9715 8193 4c08 c125 f266 a8d8 9283 de1c ....L..%.f......
0x06a0: f004 3594 3728 a7ca 0000 0170 f8b4 31aa ..5.7(.....p..1.
0x06b0: e70c 8507 b1aa fad3 eb27 fd8b 30e0 a3ba .........'..0...
0x06c0: 7f8e e45c 4515 f33c 1c2a 25cb 6ed5 ef50 ...\E..<.*%.n..P
0x0750: eaf3 8699 abc5 fcbc 1b4e ce6b 45c6 6d24 .........N.kE.m$
0x0760: be68 76ac 6805 7c14 5cbf 8360 9118 c7b6 .hv.h.|.\..`....
0x0770: b70e 0c30 5f31 e66f 839f 24ef 3bc4 93ff ...0_1.o..$.;...
0x0780: a89f 5290 fb5b b54f 9b3e f8c0 1053 0599 ..R..[.O.>...S..
0x0790: 9fb5 064a 1e46 ee6a 0ed2 7970 7c4e 1399 ...J.F.j..yp|N..
0x07a0: 9f2f c29b 0043 40a5 45d0 8b0b d116 7355 ./[email protected]
Capture on specific Protocol
Filter on UDP traffic. Another way to specify this is to use protocol 17 that is udp
. These two commands will produce the same result. The equivalent of the tcp
filter is protocol 6.
sudo tcpdump -i eth0 udpsudo tcpdump -i eth0 proto 17
Capture Hosts based on IP address
Using the host
filter will capture traffic going to (destination) or from (source) a specific IP address.
sudo tcpdump -i eth0 host 10.30.1.10
Alternatively, capture only packets going one way using src
or dst
.
sudo tcpdump -i eth0 dst 10.30.1.10sudo tcpdump src 192.168.1.10
Capture traffic from a specific port
tcpdump src port 445
You can also capture traffic coming from a range of ports
tcpdump portrange 21-23
Write to a capture file
Writing a standard pcap
file is a common command option. Writing a capture file to disk allows the file to be opened in Wireshark or other packet analysis tools.
sudo tcpdump -i eth0 -s0 -w test.pcap