bash colors

How to get some bash color in your life:

To change the prompt to bright white on blue:

export PS1=”\e[37;44m[\u@\h \W]\$ \e[m ”

To change the search results from grep.

export GREP_COLOR=’1;30;43′

Add these to ~/.bashrc to use them next time you open a terminal session!

tcpdump strip ip address from text line

A nice way to strip info from your tcpdump:

tcpdump -i em2 -nn -s 0 <filter> | awk {'print $3'} |
awk -F"[ .]" '{print $1"."$2"."$3"."$4}'

blue: get some data from the second networkcard.

green: print column 3 (source ip address).

red: strip the port number from the column.

Can you figure out what this one does:

tcpdump -i em2 -nn -s 0 -c 10000 | awk {'print $3'} | 
awk -F"[ .]" '{print $1"."$2"."$3"."$4}' | grep 10.10.3.45 | wc -c

 

 

Showing the DNS queries to your AD controller with TCPdump

The following command will show the DNS queries to your DNS server:

tcpdump -i em2 -nn -s 0 dst port 53 | awk {'print $1" "$3" "$8'} | grep -v seq

red = show the dns queries. green = show only words 1, 3 and 8 in the line. blue = filter the ‘seq’  junk.

Result:

08:27:10.093938 10.1.1.2.53060 stun.client.akadns.net.
08:27:10.116692 10.1.1.2.59186 stun.client.akadns.net.
08:27:10.118604 10.1.1.2.49966 stun.client.akadns.net.
08:27:10.120539 10.1.1.2.50279 stun.client.akadns.net.
08:27:10.122403 10.1.1.2.63134 stun.client.akadns.net.
08:27:10.124533 10.1.1.2.54681 stun.client.akadns.net.

Example to remove text before word in a line

The following command strips text before a word in a line. You can replace the word with something else:

sed ‘s/^.*StripBefore:/WillBecome:/’

Example:

tshark -i em2 host 192.168.1.1 | grep Path | sed 's/^.*Path:/Dir:/'

With output:

0.000000 192.168.2.1 -> 192.168.1.1   SMB 252 Trans2 Request, QUERY_PATH_INFO, 
Query File Basic Info, Path: \Groups\Staff\importantFile.doc

Will become:

Dir: \Groups\Staff\importantFile.doc

(This command will show all files accessed on the fileserver 192.168.1.1 ;-)