bash colors

How to get some bash color in your life:

To change the prompt to bright white on blue:

export PS1=”\e[37;44m[\u@\h \W]\$ \e[m ”

To change the search results from grep.

export GREP_COLOR=’1;30;43′

Add these to ~/.bashrc to use them next time you open a terminal session!

tcpdump strip ip address from text line

A nice way to strip info from your tcpdump:

tcpdump -i em2 -nn -s 0 <filter> | awk {'print $3'} |
awk -F"[ .]" '{print $1"."$2"."$3"."$4}'

blue: get some data from the second networkcard.

green: print column 3 (source ip address).

red: strip the port number from the column.

Can you figure out what this one does:

tcpdump -i em2 -nn -s 0 -c 10000 | awk {'print $3'} | 
awk -F"[ .]" '{print $1"."$2"."$3"."$4}' | grep 10.10.3.45 | wc -c

 

 

Create a text filter in rsyslog.conf

Here is an example how to filter some messages from your rsyslog:

# Save Cisco Messages (filter known junk messages)

:msg, contains, "System clock" ~
:msg, contains, "changed state to down" ~
:msg, contains, "changed state to up" ~
:msg, contains, "LINK STATUS CHANGE" ~
:msg, contains, "FIB synchro state" ~
local7.*                                                -/var/log/cisco.log

Showing the DNS queries to your AD controller with TCPdump

The following command will show the DNS queries to your DNS server:

tcpdump -i em2 -nn -s 0 dst port 53 | awk {'print $1" "$3" "$8'} | grep -v seq

red = show the dns queries. green = show only words 1, 3 and 8 in the line. blue = filter the ‘seq’  junk.

Result:

08:27:10.093938 10.1.1.2.53060 stun.client.akadns.net.
08:27:10.116692 10.1.1.2.59186 stun.client.akadns.net.
08:27:10.118604 10.1.1.2.49966 stun.client.akadns.net.
08:27:10.120539 10.1.1.2.50279 stun.client.akadns.net.
08:27:10.122403 10.1.1.2.63134 stun.client.akadns.net.
08:27:10.124533 10.1.1.2.54681 stun.client.akadns.net.

Example to remove text before word in a line

The following command strips text before a word in a line. You can replace the word with something else:

sed ‘s/^.*StripBefore:/WillBecome:/’

Example:

tshark -i em2 host 192.168.1.1 | grep Path | sed 's/^.*Path:/Dir:/'

With output:

0.000000 192.168.2.1 -> 192.168.1.1   SMB 252 Trans2 Request, QUERY_PATH_INFO, 
Query File Basic Info, Path: \Groups\Staff\importantFile.doc

Will become:

Dir: \Groups\Staff\importantFile.doc

(This command will show all files accessed on the fileserver 192.168.1.1 ;-)

Tcpdump unique host filter

Filter for unique host:

#!/usr/bin/perl
#
# Unique line filter
#
# Usage:
#
# tcpdump -i ethX -nn -s 0 [optional tcpdump filter] | grep --line-buffered [optional filter]
   | awk {'print $3'} | awk -F"[ .]" '{print $1"."$2"."$3"."$4}' | ./thisFilter
#

use Socket;
use Net::DNS;

# Collectie aanmaken
my %hosts;
my $answer;
my $namer;

# DNS
my $DnsServer = "172.16.32.1";
my $res = new Net::DNS::Resolver;
$res->nameservers($DnsServer);
my $ip;

# Resolve DNS Name
sub myCheckDNSName
{
   $ipnumber = $_[0];

   $ip = new Net::IP($ipnumber,4);

   if ($ip)
   {
        # resolved host
        $answer = $res->query($ip->reverse_ip(),'PTR');
        $namer = $answer->{'answer'}[0];
        $resolved = $namer->{'ptrdname'};
        return ($resolved);
   }
   else
   {
        return ("Not resolved");
   }
}

while (<>) {
        my $line = $_;
        $line =~ s/\r?\n//g;

        if ($line =~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)/ )
        {
         if (exists $hosts{$line})
         {
            # bestaat al, niks doen!
            # print "exists: $line";
         }
         else
         {
            $now = localtime(time);

            # reverse dns
            $resolved_name = myCheckDNSName($line);
            $hosts{$line} = "($resolved_name) $now ";

            print "-----------------------------------<<<< update >>>>----------------------------------\n\n";
            foreach $value (sort {$hosts{$a} cmp $hosts{$b} } keys %hosts)
            {
               print " $value $hosts{$value} \n";
            }
            print "\n";
         }
        }
}

Mount a windows share on Linux

Login on the linux system with sufficient rights:

Create a share in the mount directory (/mnt):

root# mkdir /mnt/SHARE

Make a connection to the server:

root# mount -t smbfs -o username=arjen \\SERVER\SHARE /mnt/SHARE

View your files:

root# ls /mnt/share

Release the share:

root# umount /mnt/share

Thats all folks!