bash colors

How to get some bash color in your life:

To change the prompt to bright white on blue:

export PS1=”\e[37;44m[\u@\h \W]\$ \e[m ”

To change the search results from grep.

export GREP_COLOR=’1;30;43′

Add these to ~/.bashrc to use them next time you open a terminal session!

tcpdump strip ip address from text line

A nice way to strip info from your tcpdump:

tcpdump -i em2 -nn -s 0 <filter> | awk {'print $3'} |
awk -F"[ .]" '{print $1"."$2"."$3"."$4}'

blue: get some data from the second networkcard.

green: print column 3 (source ip address).

red: strip the port number from the column.

Can you figure out what this one does:

tcpdump -i em2 -nn -s 0 -c 10000 | awk {'print $3'} | 
awk -F"[ .]" '{print $1"."$2"."$3"."$4}' | grep | wc -c



Create a text filter in rsyslog.conf

Here is an example how to filter some messages from your rsyslog:

# Save Cisco Messages (filter known junk messages)

:msg, contains, "System clock" ~
:msg, contains, "changed state to down" ~
:msg, contains, "changed state to up" ~
:msg, contains, "LINK STATUS CHANGE" ~
:msg, contains, "FIB synchro state" ~
local7.*                                                -/var/log/cisco.log

Showing the DNS queries to your AD controller with TCPdump

The following command will show the DNS queries to your DNS server:

tcpdump -i em2 -nn -s 0 dst port 53 | awk {'print $1" "$3" "$8'} | grep -v seq

red = show the dns queries. green = show only words 1, 3 and 8 in the line. blue = filter the ‘seq’  junk.



Example to remove text before word in a line

The following command strips text before a word in a line. You can replace the word with something else:

sed ‘s/^.*StripBefore:/WillBecome:/’


tshark -i em2 host | grep Path | sed 's/^.*Path:/Dir:/'

With output:

0.000000 ->   SMB 252 Trans2 Request, QUERY_PATH_INFO, 
Query File Basic Info, Path: \Groups\Staff\importantFile.doc

Will become:

Dir: \Groups\Staff\importantFile.doc

(This command will show all files accessed on the fileserver ;-)

Tcpdump unique host filter

Filter for unique host:

# Unique line filter
# Usage:
# tcpdump -i ethX -nn -s 0 [optional tcpdump filter] | grep --line-buffered [optional filter]
   | awk {'print $3'} | awk -F"[ .]" '{print $1"."$2"."$3"."$4}' | ./thisFilter

use Socket;
use Net::DNS;

# Collectie aanmaken
my %hosts;
my $answer;
my $namer;

my $DnsServer = "";
my $res = new Net::DNS::Resolver;
my $ip;

# Resolve DNS Name
sub myCheckDNSName
   $ipnumber = $_[0];

   $ip = new Net::IP($ipnumber,4);

   if ($ip)
        # resolved host
        $answer = $res->query($ip->reverse_ip(),'PTR');
        $namer = $answer->{'answer'}[0];
        $resolved = $namer->{'ptrdname'};
        return ($resolved);
        return ("Not resolved");

while (<>) {
        my $line = $_;
        $line =~ s/\r?\n//g;

        if ($line =~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)/ )
         if (exists $hosts{$line})
            # bestaat al, niks doen!
            # print "exists: $line";
            $now = localtime(time);

            # reverse dns
            $resolved_name = myCheckDNSName($line);
            $hosts{$line} = "($resolved_name) $now ";

            print "-----------------------------------<<<< update >>>>----------------------------------\n\n";
            foreach $value (sort {$hosts{$a} cmp $hosts{$b} } keys %hosts)
               print " $value $hosts{$value} \n";
            print "\n";

Mount a windows share on Linux

Login on the linux system with sufficient rights:

Create a share in the mount directory (/mnt):

root# mkdir /mnt/SHARE

Make a connection to the server:

root# mount -t smbfs -o username=arjen \\SERVER\SHARE /mnt/SHARE

View your files:

root# ls /mnt/share

Release the share:

root# umount /mnt/share

Thats all folks!