Pages

Showing posts with label linux command. Show all posts
Showing posts with label linux command. Show all posts

Thursday, December 28, 2023

Mastering Packet Analysis with Tcpdump - Packet Analysing.

Tcpdump is a powerful command-line packet analyzer tool used for network troubleshooting and analysis. It allows the user to intercept and display the packets transmitted or received over a network to which the computer is attached. In this guide, we'll explore how to use tcpdump for various purposes, including capturing packets, filtering traffic, and analyzing packet content.

1. Display Available Interfaces:

To see a list of available network interfaces on your system:

tcpdump -D

2. Capture Packets from a Specific Interface:

To start capturing packets from a specific interface (e.g., venet0):

tcpdump -i venet0

3. Capture Only N Number of Packets:

To limit the capture to a specific number of packets (e.g., 2 packets):

tcpdump -c 2 -i venet0

4. Print Captured Packets in ASCII:

To view the captured packets in ASCII format:

tcpdump -c 2 -A -i venet0

5. Display Captured Packets in HEX and ASCII:

To view the packet's contents in both HEX and ASCII formats:

tcpdump -c 2 -XX -i venet0

Advanced Packet Capturing

6. Capture and Save Packets in a File:

To capture packets and save them to a file for later analysis:

tcpdump -w capture.pcap -i venet0 -c 2

7. Read Captured Packets from a File:

To read packets from a previously saved file:

tcpdump -r capture.pcap

8. Capture Packets from a Specific IP Address:

To capture packets involving a particular IP address:

tcpdump -n -i venet0 -c 2 src 117.229.105.142

9. Capture Only TCP Packets:

To capture only TCP packets:

tcpdump tcp -n -i venet0 -c 2

10. Capture Packets from a Specific Port:

To capture packets from a particular port (e.g., SSH port 22):

tcpdump -i venet0 -c 2 port 22

Filtering and Analyzing Traffic

11. Capture Packets with a Readable Timestamp:

To capture packets with a more readable timestamp:

tcpdump -i venet0 -c 2 -tttt

12. Read Packets Longer than N Bytes:

To capture and read packets longer than a certain size (e.g., 10 bytes):

tcpdump -i venet0 greater 10 -c 2

13. Filter Packets – Exclude ARP and RARP:

To capture all packets other than ARP and RARP:

tcpdump -i venet0 not arp and not rarp -c 2

Conclusion

Tcpdump is an incredibly versatile tool that can be used for a wide range of network analysis tasks. By understanding how to use its various options and filters, you can diagnose network issues, monitor traffic in real-time, and perform in-depth protocol analysis. Remember, while tcpdump can capture sensitive data, it should be used responsibly and ethically. Happy analyzing!

Friday, October 24, 2014

Removing Blank Lines from the File.

In sed 
Type the following sed command to delete all empty files:

Display with out Blank Lines
sed '/^$/d' input.txt

Remove all the Blank Lines from file
sed -i '/^$/d' input.txt
cat input.txt

In awk 

Type the following awk command to delete all empty files:

Display with out Blank Lines
awk NF input.txt

Remove all the Blank Lines from file
awk 'NF  input.txt > output.txt
cat output.txt


In perl
Type the following perl one liner to delete all empty files and save orignal file as input.txt.backup:
Remove all the Blank Lines from file
perl -i.backup -n -e "print if /\S/" input.txt


In vi editor
:g/^$/d
:g will execute a command on lines which match a regex. The regex is 'blank line' and the command is
:d (delete)


In tr
tr -s '\n' < abc.txt

In grep
grep -v "^$" abc.txt



Tuesday, February 26, 2013

Awk Introduction and Printing Operations

Awk Introduction and Printing Operations

Awk is a programming language which allows easy manipulation of structured data and the generation of formatted reports. Awk stands for the names of its authors “Aho, Weinberger, and Kernighan”

The Awk is mostly used for pattern scanning and processing. It searches one or more files to see if they contain lines that matches with the specified patterns and then perform associated actions.

Some of the key features of Awk are:

Awk views a text file as records and fields.
Like common programming language, Awk has variables, conditionals and loops
Awk has arithmetic and string operators.
Awk can generate formatted reports

Awk reads from a file or from its standard input, and outputs to its standard output. Awk does not get along with non-text files.

Syntax:

awk '/search pattern1/ {Actions}
/search pattern2/ {Actions}' file

In the above awk syntax:

search pattern is a regular expression.
Actions – statement(s) to be performed.
several patterns and actions are possible in Awk.
file – Input file.
Single quotes around program is to avoid shell not to interpret any of its special characters.

Awk Working Methodology

Awk reads the input files one line at a time.
For each line, it matches with given pattern in the given order, if matches performs the corresponding action.
If no pattern matches, no action will be performed.
In the above syntax, either search pattern or action are optional, But not both.
If the search pattern is not given, then Awk performs the given actions for each line of the input.
If the action is not given, print all that lines that matches with the given patterns which is the default action.
Empty braces with out any action does nothing. It wont perform default printing operation.
Each statement in Actions should be delimited by semicolon.

Let us create employee.txt file which has the following content, which will be used in the
examples mentioned below.

$cat employee.txt
100  Thomas  Manager    Sales       $5,000
200  Jason   Developer  Technology  $5,500
300  Sanjay  Sysadmin   Technology  $7,000
400  Nisha   Manager    Marketing   $9,500
500  Randy   DBA        Technology  $6,000

Awk Example 1. Default behavior of Awk

By default Awk prints every line from the file.

$ awk '{print;}' employee.txt
100  Thomas  Manager    Sales       $5,000
200  Jason   Developer  Technology  $5,500
300  Sanjay  Sysadmin   Technology  $7,000
400  Nisha   Manager    Marketing   $9,500
500  Randy   DBA        Technology  $6,000

In the above example pattern is not given. So the actions are applicable to all the lines.
Action print with out any argument prints the whole line by default. So it prints all the
lines of the file with out fail. Actions has to be enclosed with in the braces.
Awk Example 2. Print the lines which matches with the pattern.

$ awk '/Thomas/
> /Nisha/' employee.txt
100  Thomas  Manager    Sales       $5,000
400  Nisha   Manager    Marketing   $9,500

In the above example it prints all the line which matches with the ‘Thomas’ or ‘Nisha’. It has two patterns. Awk accepts any number of patterns, but each set (patterns and its corresponding actions) has to be separated by newline.
Awk Example 3. Print only specific field.

Awk has number of built in variables. For each record i.e line, it splits the record delimited by whitespace character by default and stores it in the $n variables. If the line has 4 words, it will be stored in $1, $2, $3 and $4. $0 represents whole line. NF is a built in variable which represents total number of fields in a record.

$ awk '{print $2,$5;}' employee.txt
Thomas $5,000
Jason $5,500
Sanjay $7,000
Nisha $9,500
Randy $6,000

$ awk '{print $2,$NF;}' employee.txt
Thomas $5,000
Jason $5,500
Sanjay $7,000
Nisha $9,500
Randy $6,000

In the above example $2 and $5 represents Name and Salary respectively. We can get the Salary using  $NF also, where $NF represents last field. In the print statement ‘,’ is a concatenator.
Awk Example 4. Initialization and Final Action

Awk has two important patterns which are specified by the keyword called BEGIN and END.

Syntax:

BEGIN { Actions}
{ACTION} # Action for everyline in a file
END { Actions }

# is for comments in Awk

Actions specified in the BEGIN section will be executed before starts reading the lines from the input.
END actions will be performed after completing the reading and processing the lines from the input.

$ awk 'BEGIN {print "Name\tDesignation\tDepartment\tSalary";}
> {print $2,"\t",$3,"\t",$4,"\t",$NF;}
> END{print "Report Generated\n--------------";
> }' employee.txt
Name    Designation    Department    Salary
Thomas      Manager      Sales              $5,000
Jason      Developer      Technology      $5,500
Sanjay      Sysadmin      Technology      $7,000
Nisha      Manager      Marketing      $9,500
Randy      DBA           Technology      $6,000
Report Generated
--------------

In the above example, it prints headline and last file for the reports.
Awk Example 5. Find the employees who has employee id greater than 200

$ awk '$1 >200' employee.txt
300  Sanjay  Sysadmin   Technology  $7,000
400  Nisha   Manager    Marketing   $9,500
500  Randy   DBA        Technology  $6,000

In the above example, first field ($1) is employee id. So if $1 is greater than 200, then just do the default print action to print the whole line.
Awk Example 6. Print the list of employees in Technology department

Now department name is available as a fourth field, so need to check if $4 matches with the string “Technology”, if yes print the line.

$ awk '$4 ~/Technology/' employee.txt
200  Jason   Developer  Technology  $5,500
300  Sanjay  Sysadmin   Technology  $7,000
500  Randy   DBA        Technology  $6,000

Operator ~ is for comparing with the regular expressions. If it matches the default action i.e print whole line will be  performed.
Awk Example 7. Print number of employees in Technology department

The below example, checks if the department is Technology, if it is yes, in the Action, just increment the count variable, which was initialized with zero in the BEGIN section.

$ awk 'BEGIN { count=0;}
$4 ~ /Technology/ { count++; }
END { print "Number of employees in Technology Dept =",count;}' employee.txt
Number of employees in Tehcnology Dept = 3

Then at the end of the process, just print the value of count which gives you the number of employees in Technology departme

 

will print all but very first column:
cat somefile | awk '{$1=""; print $0}'

will print all but two first columns:
cat somefile | awk '{$1=$2=""; print $0}'