Linux Learning Notes (System daily management-2)

Linux Grab Kit

Tcpdump–nn–i NIC name host IP port

-wfilename: Grab the captured content and put it in a file

You can see what's inside the file through strings.

-C Number: Specifies the number of grab packets

-S0: Can crawl all the packages

Tshark: can also grab the bag

Wireshark can also install Yum install-y under Linux Wireshark

Packet Capture parsing HTTP request:

Tshark-n-T a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "Http.request.method"-E "Http.request.uri"

-I: Specify the NIC

SELinux: Firewall Tools

Getenforce: can view status

Setenforce 0/1:0 means off, 1 means open

NetFilter: Firewall

Iptables: Tools to implement Firewalls

IPTABLES-NVL: Viewing rules

The default is the filter table without adding t
Iptables-f: Clears the current rule (cannot purge policy)stop can both be cleared
Iptables–z: Counter Zeroing

Iptalbes–a: Trailing Add rule

-S can specify the source IP

-P Specify protocol

--dport Destination Port

--sport Source Port

-D Specify Destination IP

-j expression behavior: Accept/drop (reject)/reject (opt-out)

Iptables–i: Header Insertion Rule

Iptables-nvl–line-number: can see line number

Then use the iptable-d input/output line number to delete the rule

Iptables–p: Set Default rule (default is accept)

The rule file saved by the service iptables save rule is:/etc/sysconfig/iptables

Both of these are possible.
Service iptables Stop can pause the firewall, but it will read/etc/sysconfig/iptables to start the firewall after the reboot, and even if we stop the firewall, it will open once we add any rule.
Iptables–t: Specifies the table name, which is the filter table by default without-t

Iptables-save > 1.ipt: Save Rule
Filter This table is mainly used for filtering packets , is the System preset table, built-in three chain INPUT, output and forward. Input acts on the package that enters the machine; the output acts on the packet sent by the machine; forward acts on packets that are not related to the machine.

NAT is primarily useful for network address translation, port mapping , and also three chains. The purpose of the prerouting chain is to change the destination address of a package just as it arrives at the firewall, if necessary. The OUTPUT chain changes the destination address of the locally generated package. The postrouting chain changes its source address before the package leaves the firewall.

The mangle is primarily used to modify the TOS (type Ofservice, service type), TTL (Time tolive, lifetime) value of the packet, and to set the mark mark for the packet to implement QoS (Quality of service, Service quality) tuning and Policy Routing applications are not widely available due to the need for appropriate routing device support. Five chains:prerouting, Postrouting, INPUT, OUTPUT, FORWARD

Raw sets a flag on the message that determines whether the packet is handled by the state tracking mechanism with only two chains:OUTPUT, prerouting

NAT Table Application:
Routers are implemented using the Iptables NAT principle
Suppose you have two NICs on your machine eth0 and eth1, where eth0 IP is 192.168.10.11,eth1 IP is 172.16.10.11. Eth0 Connected Intnet But eth1 is not connected, now there is another machine (172.16.10.12) and eth1 is interoperability, then how to set up to allow the connection eth1 this machine can connect intnet?
echo "1" >/proc/sys/net/ipv4/ip_forward
Iptables-t nat-a postrouting-s 172.16.10.0/24-o eth0-j Masquerade

April 17, 2015

By:champly

Linux Learning Notes (System daily management-2)