Site Feed

Wednesday, March 22, 2017

Discover Switch Port Using tcpdump and wireshark

Discover the Switch Port to which the Server is Connected

A previous article, Advanced Linux Networking Tools, covered the basic usage of tcpdump and tshark to discover switch ports on a Cisco switch, but there are times a system may be connected to a different brand, or using a different protocol.  Also, wireshark is not always installed, so relying on tshark is not always the most convenient way to get the required info.

By default, Cisco uses a proprietary method of communication between switches and routers called Cisco Discovery Protocol (CDP).  There is another protocol called Link Layer Discovery Protocol (LLDP), which used by other brands, so it is useful to list other options.

Find switch information

First, use ifconfig to find the interface names.  Then, use tcpdump to listen for packets.  Optional:  write the packet capture output to a .cap file, and use tshark to read the output.

Cisco Discovery Protocol (CDP)

YOUR_INTERFACE=eth0
 tcpdump -n -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'

Link Layer Discovery Protocol (LLDP)
YOUR_INTERFACE=eth0
 tcpdump -v -s 1500 -c 1 -i $YOUR_INTERFACE '(ether[12:2]=0x88cc)'

tcpdump -v -s 1500 -c 1 -i $YOUR_INTERFACE '(ether[12:2]=0x88cc)'  and ether dst 01:80:c2:00:00:0e

With Wireshark

sudo tcpdump -nv -c 1 -i eth0 -s 1500 '(ether[12:2]=0x88cc)' 

 sudo tcpdump -nv -c 1 -s 1500 -w /tmp/pkt1.cap -i bond1 '(ether[12:2]=0x88cc)'
  sudo tshark -V -r /tmp/pkt1.cap

Check LLDP on eth0
sudo tcpdump -nv -c 1 -i eth0 -s 1500 -w /tmp/pkt0.cap '(ether[12:2]=0x88cc)';sudo tshark -V -r /tmp/pkt0.cap

Limit Results by using egrep
sudo tcpdump -nv -c 1 -i eth0 -s 1500 -w /tmp/pkt0.cap '(ether[12:2]=0x88cc)';sudo tshark -V -r /tmp/pkt0.cap | egrep -i "Chassis Id: | Port Id: | System Name = |port Description ="


 Without Wireshark


CDP
 sudo  tcpdump -n -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'
 sudo  tcpdump -n -v -i bond1 -s 1500 -c 1 'ether[20:2] == 0x2000'

LLDP
 sudo tcpdump -nv -c 1 -i eth0 -s 1500 '(ether[12:2]=0x88cc)'
 sudo  tcpdump -n -v -i bond1 -s 1500 -c 1  '(ether[12:2]=0x88cc)'

Sometimes, a little patience is required.  After all, tcpdump is listening for packets, so it may take a minute, or so for a packet to show up on the interface of interest.  Also, if the interface is bonded, then bond0 may be the name of the interface to use instead of something like eth0.

Bash One-Liners for Ping

Here are a few notes to add to the previous article on ping. This time, we look at some bash one-liner tips and tricks. Combine multiple commands Return Values Ping Multiple Hosts Using Bash Nmap and Fping

Ping, and Command Line Variables

Start from the beginning. We want to see what happens when attempting to ping a host that resolves an IP address from DNS, but is not reachable from our network at the moment. This is to show how we might build a simple monitoring tool from scratch, and also to see what kind of fun we can have with the command line. To ping a host only one time use the count option, which in Windows is -n, and in Linux is -c.

Windows

C:\>set host=google.com

C:\>ping -n 1 %host%

Pinging google.com [216.58.219.46] with 32 bytes of data:
Request timed out.

Ping statistics for 216.58.219.46:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

Bash: Linux, Mac, Unix

Note that in bash, we don't use the set command to assign a variable, but we may want to use export. So we could use:
host=google.com
ping -c 1 $host
Or with export:
export host=google.com
ping -c 1 $host
The only difference should be that the variable is still available in a sub shell, if we use export. With both lines combined, use a semicolon.
host=google.com;ping -c 1 $host

Return Codes

Remember that commands will return a result that is placed in the $? variable, which can be used later in our script. Return codes for ping:
 0 = success (host is up)
 1 = ping failed (host is down)
 2 = unknown host (host is not in DNS)
To see how this works with an unknown host, run these two commands. First, ping an non-existent host, and then echo the $? variable.
$ ping -c 1 xyz-nothing
ping: unknown host xyz-nothing
$ echo $?
2
The same thing, combined on one line, with a host variable:
$  host=xyz-nothing;ping -c 1 $host;echo $?
ping: unknown host xyz-nothing
2
If a ping check failed, then give the hostname, the return code, and the date and time.
$ host=google.com;ping -c 1 $host > /dev/null 2>&1; RESULT=$?;echo $host: $RESULT; if [ "$RESULT" != "0" ]; then date --rfc-3339=ns;fi
google.com: 1
2016-09-01 14:35:10.833175095-07:00
Or a simplified version, using the logical "or" double pipe "||", though we need the parentheses to run multiple commands
$ host=google.com;ping -c 1 $host > /dev/null 2>&1 || ( echo "$host $RESULT";date --rfc-3339=ns )                            
google.com 1
2016-09-01 14:35:31.012810392-07:00

Git Quick Start

When attempting to learn new tools, such as git, or vim, it is easy to get lost in all the features.  Here is a quick start guide that focuses on the essentials for a single user to get started with a local git repo.  Working with a team, and advanced features can be added later.

Git Quick Start Commands


Git Core Commands
  • git init
  • git add .
  • git commit -m “initial commit”
Supporting Commands
  • git status
  • git log
Remote Repository Commands
  • git clone [url]
  • git pull
  • git push

Git Notes on github goes into more detail

https://github.com/systemnotes/gitnotes

Tuesday, November 10, 2015

Online Learning Resources

I recently started exploring online resources that my company provides for free to their employees. 

I was pleasantly surprised to see all my favorite O'Reilly books on SafariBooksOnline, but also amazed at how much new technology has been developed over the last few years.  Areas that I thought I was very familiar with have suddenly shifted to include new tools, and new ways of doing things with cloud, big data, automation, and all kinds of new Apache products.

Check to see if your company provides free subscriptions, and then have a look at some of these resources:

Paid Learning Sites




When discussing career development ideas with my colleagues, I usually recommend training courses, or books, or documents to improve skills in some area. 

One reason a formal class is so effective is that the homework forces the student to learn.  I had a book with the title "Data Structures and Algorithms in C", which I had every intention of digging into "some day."  The examples are difficult to understand, and code snippets seemed incomplete, so I felt kind of lost.  Then I took a "Data Structures and Algorithms" class at UCSD Extension, which used that exact book.  Sure the examples were still hard to follow, but taking a formal structured approach to study made the book come to life.  Of course, a good instructor is an important part of any class, but the point is, that having a reason to dig into the content every week made the learning experience much more valuable.

More Programming Resources

Some free, some paid.



iTunes U has some excellent courses, but I don't know what category to put it in.  Some are free, some are paid, and the app is easy to use from an Apple product, such as iPad, and iPhone.  It may require an Apple ID.  Does it work on all devices?  Can it be accessed from a non-Apple device, the web, or Linux, or Windows host?  Still, it's definitely worth checking out.



Of course, I often refer to the Advanced Bash-Scripting Guide, at the



General Education

 Of course, no education list would be complete without the excellent free courses at Khan Acadamey: https://www.khanacademy.org.  And also TED Talks www.ted.com.

I have enjoyed MIT Open Courseware for years - http://ocw.mit.edu, and many other schools have followed their lead.

Other resources are listed on a forum at the LifeisnoJoke.com/upward forum -- http://lifeisnojoke.com/upward/index.php?topic=7.0

Caljobs maintains a list of online resources

 Start at http://www.caljobs.ca.gov Unemployment Insurance Claimants Services for Individuals Education Services Online Learning Resources.

Still More

Here are some lists of online learning resources that I bookmarked after a google search:



LifeHack put together a nice list of sites for free online education.


Textbooks

Textbooks are often sold on college campuses for a fraction of the original price, but now they can also be found online at sties such as:

Remember that I mentioned SafariBooksOnline above, but there are other sites that provide access to books on a subscription basis.  For example a "kindle unlimited subscription account" from Amazon may be an option, physical books are not important to have.

Other Resources

Also notice that there may be some additional links for learning elsewhere on this System Notes blog side bars, or other articles.


Friday, October 2, 2015

How to Protect Online Activity

Introduction to Online Security, Internet Privacy, Anonymous browsing.  


As an honest hard-working citizen, you may think you have nothing to hide, but at the same time you may be annoyed with intrusive advertizing, or you may be concerned with the ability of hackers to see your bank accounts, or for governments, foreign or domestic to watch what you do online.

Advertising

Some people are surprised to see ads shortly after visiting a website.  For example, suppose you want to check the price of flights to Seattle, just out of curiosity to compare prices to different cities, but with no intention of ever going there.  Then, you notice over the next few days, that there all kinds of advertisements in your browser for flights, or hotels in Seattle.  Then you wonder how did those advertisers get the crazy idea that I might be interested in going to Seattle?  Or why do I keep seeing ads for something in which I have no interest?  That is tracking technology known as Interest-Based Advertising.

Criminal Hackers

People have the erroneous idea that their passwords are secure, and that a little router at home will protect them from the bad kind of hackers.  Malware can be installed by viruses that come from file sharing, and phishing is another technique used to get people to go to a fake website, and install some kind of malware.  One example is an email with a link to a fake website, with a logo that may look like a familiar bank.  The unsuspecting user clicks on the link in the email (not a good idea), and is directed to the hacker's website.  Then the user enters his username and password for the user to see, before redirecting to the bank.  There was a documentary about how a team of students would collect small amounts into their bank accounts, and funnel the funds back to the leader, in an effort to try to avoid detection.  Of course they were caught, eventually.  The way they got into the accounts was by installing a keystroke logger -- a piece of malware that takes every keystroke, and sends it somewhere for them to analyze.  Then when the user connects to their bank, they enter the username, and password.  The browser uses SSL, so there is a little lock icon, so the user feels safe.  The SSL connection was secure, but the computer was not.  The user could change their password every day, and the hacker would have the new password every time, as long as the malware was still running and communicating back to them.  This is why password security is not always enough, and anti-malware should include anti-spyware or anti-tracking.  Advertising is annoying enough, but obviously it is more important for banking to be secure.

Governments

There has been some discussion in the news about a particular government blocking internet access, or spying on it's citizens at one time or another, but this topic can really be about any government at any time.  Again, as law-abiding upstanding citizens with nothing to hide, there is no need to be paranoid, but who knows how strong the fourth amendment right to privacy will be in the online world, since some information may be considered to be in "plain view".  It is easy to see the need for any government to protect it's people, but also for people to protect themselves, so both sides make some good points.

Employers
Yes, employers often spy on employees, either to protect company confidential information, or to gather evidence of inappropriate, or even illegal activities.  If you work for a company, you should have no expectation of privacy, and should consider that there may be snapshots taken of your screen every 10 minutes.

PBS had a Frontline Roundtable on Privacy and Surveillance, called

How to Protect Yourself (and Your Data) Online

http://www.pbs.org/wgbh/pages/frontline/government-elections-politics/united-states-of-secrets/podcast-how-to-protect-yourself-and-your-data-online/

On SystemNotes, we love free, open-source software, so we have listed here some of the tools that were mentioned when discussing how to keep online activities safe from criminal hackers, advertisers, and the government.

The Tools listed in the discussion, are quick and easy to implement:

Encrypt Internet Browsing

Https-Everywhere -- https://www.eff.org/https-everywhere

Install https-everywhere https://www.eff.org/https-everywhere to encrypt web traffic on all sites visited.  Usually, https (SSL) is enabled only on sites were encryption is considered important by the company providing the site.  Online banking and shopping is where https is almost always enabled.  This software enables https by default.
 
Hide Tracking Information

https://duckduckgo.com -- Use https://duckduckgo.com instead of something like Google, Bing, or Yahoo, to avoid having all searches recorded.

Probably only one of these is needed, since they seem to accomplish the same thing:

Privacy Badger:  https://www.eff.org/privacybadger
Disconnect Me:  https://disconnect.me  Disconnect browser add-on
Ghostery:  https://www.ghostery.com


Note that web browsers continue to add security features, and new plugins may be available.  Here are some links to notes on popular browsers:


For more info, check out the EFF.org site:
 
EFF - Surveillance Self-Defense - Defensive Technology
Basic technical information on how to protect the privacy of your data

https://ssd.eff.org/tech

PBS Frontline: United States of Secrets
May 13 & May 20, 2014
http://www.pbs.org/wgbh/pages/frontline/united-states-of-secrets/
    Part One - "The Program"How did the gov't come to spy on millions of Americans?  114:11
    Part Two - "Privacy Lost"How Silicon Valley feeds the NSA's global dragnet  53:41


Related Posts:  Free AntiVirus and AntiSpyware Software -- http://systemnotesorg.blogspot.com/2011/10/free-antivirus-and-antispyware-software.html

All Antivirus Articles: http://systemnotesorg.blogspot.com/search/label/antivirus

Of course there are other ways to protect a home, or businees network, such as installing a firewall, and using OpenDNS, but those are topics for another article.

Thursday, January 9, 2014

Get a List of rpms for a Specific Program or Version


Systems that use rpm as the package manager can often be managed by using yum, but sometimes a simple rpm command can quickly give the required information.

The RPM Package Manager has a huge number of options, but most commonly only a few are used on a regular basis.

Get a list of rpms for mysql-5.1

 
Check for mysql version 5.1
 
$ rpm -qa |grep mysql | grep 5.1
mysql-test-5.1.52-1.el6_0.1.x86_64
mysql-connector-java-5.1.12-2.el6.x86_64
mysql-bench-5.1.52-1.el6_0.1.x86_64
mysql-server-5.1.52-1.el6_0.1.x86_64
mysql-connector-odbc-5.1.5r1144-7.el6.x86_64
mysql-5.1.52-1.el6_0.1.x86_64
mysql-libs-5.1.52-1.el6_0.1.x86_64
mysql-devel-5.1.52-1.el6_0.1.x86_64

Of course we can use egrep, and sort to get a more specific list

$ rpm -qa |egrep -i "bash|ntpdate|httpd"|sort
bash-4.1.2-8.el6.x86_64
ntpdate-4.2.4p8-2.el6.x86_64

xargs - build and execute command lines from standard input

Now suppose we want to remove all the rpms found by the rpm query. Sometimes we can just pipe the output to xargs.

$ rpm -qa |grep mysql | xargs rpm -e

Other times there are dependencies the prevent removal of some rpms.  In that case we can come up with some other tricks.  Create a list, and then run "rpm -e" on the list.  As a last resort we can use --force, or --nodeps, but that is usually not recommended.

Saturday, May 25, 2013

Use awk to Extract a Column from a Text File


Here is an example of how to use awk to extract a column from a text file.

The default field separator is a space, so this will work with some text files:

   cat somefile.txt | awk '{print $2}'

But, if the fields are separated by a delimiter, such as tab, or comma, just specify the field separator by using "-F" before the print statement

   cat somefile.txt | awk -F"\t" '{print $2}'

 Unix and linux distributions generally come with sed and awk, among other things.

The problem.

You want to get a list of companies to research before investing in them, and paste only the stock symbols into a Yahoo finance portfolio.   You run a stock screen on a site such as  magicformulainvesting.com, or investors.com but if you try to paste the text into a spreadsheet it may show up as a single row, with no way to extract the column.

Here is the process

1.)  Run a Stock Screen

Get output similar to this:

Company Name (in alphabetical order) Ticker Market Cap ($ Millions) Price From Most Recent Quarter Data
Almost Family Inc     AFAM     201.49     09/24     06/30
Apollo Group Inc     APOL     3,317.35     09/24     05/31
Argan Inc     AGX     231.55     09/24     07/31
Block (H&R) Inc.     HRB     4,635.98     09/24     07/31
Body Central Corp     BODY     179.63     09/24     06/30
CACI International Inc.     CACI     1,333.66     09/24     06/30
Capella Education Co     CPLA     478.40     09/24     06/30
CF Industries Holdings Inc     CF     13,579.97     09/24     06/30
Cisco Systems Inc     CSCO     99,628.89     09/24     07/31
Dell Inc     DELL     17,586.96     09/24     07/31
Deluxe Corp     DLX     1,567.52     09/24     06/30
Dice Holdings Inc     DHX     522.27     09/24     06/30
Dolby Laboratories Inc     DLB     3,681.33     09/24     06/30
Express Inc     EXPR     1,313.50     09/24     07/31
GameStop Corp.     GME     2,755.19     09/24     07/31
Great Northern Iron Ore Properties     GNI     129.44     09/24     06/30
GT Advanced Technologies Inc     GTAT     703.72     09/24     06/30
Iconix Brand Group Inc     ICON     1,269.35     09/24     06/30
Intersections Inc     INTX     188.20     09/24     06/30
ITT Educational Services Inc     ESI     839.48     09/24     06/30
j2 Global Inc     JCOM     1,435.93     09/24     06/30
KLA-Tencor Corp     KLAC     7,857.04     09/24     06/30
Kulicke and Soffa Industries Inc     KLIC     763.82     09/24     06/30
Lender Processing Services Inc     LPS     2,435.63     09/24     06/30
LML Payment Systems Inc     LMLP     96.04     09/24     06/30
ManTech International Corp     MANT     900.87     09/24     06/30
Maxygen Inc     MAXY     73.00     09/24     06/30
Metabolix Inc     MBLX     54.72     09/24     06/30
Microsoft Corp     MSFT     257,967.20     09/24     06/30
Momenta Pharmaceuticals Inc     MNTA     754.55     09/24     06/30
Nature's Sunshine Products Inc     NATR     254.74     09/24     06/30
Nevsun Resources Ltd     NSU     913.88     09/24     06/30
Nu Skin Enterprises Inc.     NUS     2,263.52     09/24     06/30
PDL BioPharma Inc     PDLI     1,086.98     09/24     06/30
PetMed Express Inc     PETS     201.72     09/24     06/30
Pozen Inc     POZN     194.06     09/24     06/30
Questcor Pharmaceuticals Inc.     QCOR     1,138.54     09/24     06/30
Raytheon Co.     RTN     19,209.52     09/24     06/30
Seagate Technology Plc     STX     12,175.83     09/24     06/30
Spirit Airlines Inc     SAVE     1,272.78     09/24     06/30
Strayer Education Inc     STRA     792.35     09/24     06/30
TeleNav Inc     TNAV     250.19     09/24     06/30
Ubiquiti Networks Inc     UBNT     1,103.50     09/24     06/30
Unisys Corp     UIS     939.02     09/24     06/30
USA Mobility Inc     USMO     263.79     09/24     06/30
Utstarcom Holdings Corp     UTSI     159.41     09/24     06/30
Vaalco Energy Inc     EGY     505.50     09/24     06/30
Veeco Instruments Inc     VECO     1,229.09     09/24     06/30
Vonage Holdings Corp     VG     514.25     09/24     06/30
Warner Chilcott Plc     WCRX     3,334.05     09/24     06/30

2.)  Copy and paste to a text file


    vi magic_20120925_50M_50.txt

3.)  Extract the column

 Use awk with a field separator of "\t" for tab, and print the second column:

    cat magic_20120925_50M_50.txt | awk -F"\t" '{print $2}'

AFAM
APOL
AGX
HRB
BODY
CACI
CPLA
CF
CSCO
DELL
DLX
DHX
DLB
EXPR
GME
GNI
GTAT
ICON
INTX
ESI
JCOM
KLAC
KLIC
LPS
LMLP
MANT
MAXY
MBLX
MSFT
MNTA
NATR
NSU
NUS
PDLI
PETS
POZN
QCOR
RTN
STX
SAVE
STRA
TNAV
UBNT
UIS
USMO
UTSI
EGY
VECO
VG
WCRX

4.)  Then just copy the text, and paste it into your portfolio.


That's all there is to it. 

For more advanced processing, you may have to use printf, which follows the standard C format.

Disclaimer: We do not provide investing advice or recommend stocks.  We may or may not have positions in some of these stocks.  To understand what to do with the information from the stock screener, it is best to read the book listed on the site.

More awk Examples

We will use a one-liner using echo, so the incoming data and the output are both visible.

Here it is in action on a comma separated list:

  $ echo "Almost Family Inc,     AFAM,     201.49,     09/24,     06/30" | awk -F, '{print $2}'
       AFAM
 

Where have we seen comma separated lists before?  Oh yeah, spreadsheets can be saved as .csv files.
 
Here we can print any number of fields:

$ echo "Almost Family Inc,     AFAM,     201.49,     09/24,     06/30" | awk -F, '{print $2,$3}'
     AFAM      201.49


Now suppose we want columns one and two, but in reverse order?  We try this:

$ echo "Almost Family Inc,     AFAM,     201.49,     09/24,     06/30" | awk -F, '{print $2 $1}'
     AFAMAlmost Family Inc


Not quite what we want.  Or should we say Almost..., no pun intended?  What we really want is column two, followed by a space, and then column one.  Separating the fields by a comma may give us what we want.

$ echo "Almost Family Inc,AFAM,201.49,09/24,06/30" | awk -F, '{print $2,$1}'
AFAM Almost Family Inc


Much better, but if we want exact control of the output, we could use printf instead of print.

$ echo "Almost Family Inc,     AFAM,     201.49,     09/24,     06/30" | awk -F, '{printf("%s %s\n",$2,$1)}'
     AFAM Almost Family Inc


Notice how printf follows the C or perl syntax, and requires a newline character "\n", unless you want all the output on the same line.  We use "%s" for string, and anything between the quotes including spaces, and special characters such as tab \t, and newline \n will give us the format we want.  Then after the close quote we give it a comma separated list of variables.  The number of variables must match the format in the quotes.  In the example above we want to print two variables with a space in between, and a newline at the end.  The first part of printf is for the format, and the second is for the variables.