Linux Network (iii)

One, Linux jobs and priorities
Ii. ICMP and FTP-related commands
Third, traceroute
Iv. tcpdump

one, Linux jobs and priorities
Nice job FG BG Nohup Renice
Job
Front-end operation (foreground): Starts with terminal and occupies terminal after startup
Background Job (background): Can be started through the terminal, but after the boot into the background to run (release terminal)

For example Htop do not support in the background, can only be placed in the foreground//httpd can only be placed in the background

1. How do I get my job running in the background?
1. In-run jobs
CTRL + Z//sent back to the background, which is the stop state
2. Jobs that have not been started
COMMAND &//Background operation, but terminal related, terminal terminated, the process will also terminate
3.nohup COMMAND &
Sent back to the backend, regardless of the terminal
Nohup Ping www.baidu.com
View Jobs: Jobs
+ Priority: FG without parameters, priority

Job Control Commands:
FG [[%]#]: Recalled to the front desk
BG [[%]#]: Let the background stop the process, run
Kill% #: kills process
% and job number are saved, except kill

2. Adjust process priorities
Priority ranges that can be adjusted with the nice value: 100-139
correspond to:-20-19 respectively
When the process starts, its nice defaults to 0 and its priority is 120;

1.nice command:
Starts and runs the command with the specified nice value
Nice [option] [COMMAND [ARGU] ...]
Nice-n Top
-N: Specify nice value
Note: Only administrators can lower the Nice value
2.renice command: Running process tuning

PS Axo nice,comm,pid |grep top
Renice-n 10 8161//8161 for top PID
Renice [-n] Nice PID
3. View nice values
PS Axo Pid,nice,comm,prio |grep COMMAND

COMMAND &//Background operation, but terminal related, terminal terminated, the process will also terminate
Nohup COMMAND & sent back to the backend, regardless of terminal

ii. ICMP and FTP-related commands
Network Client Tools
Icmp:internet Control Message Protocol

1.ping/lftp/ftp/lftpget/wget, etc.

-I interval-c count-i interface-s packetsize, default 64 bytes-T ttl-v verbose-w timeout//One ping operation, waiting for the other party to respond to the super Time-n numeric-output-w dead-line, ping command waits

2.hping//yum Install Hping3
Send TCP and UDP packets directly

--fast//per s send 10 packets--faster--flood//as fast as possible without looking at the response information-I interval micro s

Hping--fast 192.168.4.1//A kind of attack behavior
Hping--flood 192.168.4.1

3.FTP Command File Transfer Protocol
Yum Install FTP
FTP 192.168.0.1//anonymous Anonymous Login

Get mget//download
Put Mput//upload

Help
Quit/bye exit

4.LFTP: Replace the traditional FTP tool
LFTP [-d] [-e cmd] [-P port] [-u User[,pass]] [site]
Default 21,
Lftp-u ftp,passwd 192.168.0.1
LFTP benefits can be automated path completion
Get Mget
Put Mput
RM MRM

5.lftpget//Direct download, support other protocols
Lftpget URL
Lftpget http://192.168.0.1/index.html
-C Continue previous downloads

6.wget Downloads
-B perform download operation in background
-Q silent mode download, no progress displayed
-O File//specify where to download
-C onward Transfer
--progress={dot|bar}//How to show progress
--limit-rate=amount//Specify download rate transfer file


Third, traceroute
1.traceroute
Parameter:-D uses the socket-level troubleshooting feature.

-F Sets the size of the live value TTL for the first instrumented packet.    -F set do not leave the break.    -G Sets the source routing gateway, which can be set to a maximum of 8.    -I sends out the packet using the specified network interface.    -I replaces UDP data information with an ICMP response. -M sets the size of the maximum surviving value TTL for the detection packet.    Maximum hop-n uses the IP address instead of the host name directly.    -P Sets the communication port for the UDP transport protocol.    -R ignores the normal routing Table and sends the packet directly to the remote host.    -S sets the IP address of the local host to send the packet.    -T sets the value of the TOS for the detection packet.    -V shows the execution of the instruction in detail. -W Sets the time to wait for the remote host to return. Time-out-X turns the correctness of the packet on or off.

    
traceroute-p 6888 www.baidu.com    //using UDP port 6888 as the probe port
[[email  Protected] ~]# traceroute-q 4 www.baidu.com
 1  211.151.74.2 (211.151.74.2)   40.633 ms  40.819 ms   41.004 ms  41.188 ms //each Hop Probe 4 times
 2  211.151.56.57 (211.151.56.57)   0.637 ms  0.633 ms  0.627 ms  0.619 ms
 3  211.151.227.206 (211.151.227.206)   0.505 ms  0.580 MS&N Bsp 0.571 ms  0.569 ms    
    


    
Iv. tcpdump
1. The "header" of the intercepted packet provides analysis. It supports filtering on the network layer, protocol, host, network, or port, and provides logical statements such as and, or, not, and so on
2. Introduction to Options

    -A  prints out all the groupings in ASCII format and minimizes the head of the link layer.     -c  after a specified number of packets are received, the tcpdump is stopped.     -C  before writing an original grouping to a file, check that the current size of the file exceeds the size specified in the parameter file_size . If the specified size is exceeded, the current file is closed, and then a new file is opened. The units of the parameter  file_size  are megabytes (1,000,000 bytes, not 1,048,576 bytes).     -d  the code for matching packets is given in a compiled format that people can understand.     -dd  the code for the matching packet is given in the format of the C program segment.     -ddd  the code for matching packets is given in decimal form.     -D  Print out all network interfaces in the system that can be tcpdump truncated.     -e  prints the header information of the data link layer on the output line.     -E  uses [Email protected] algo:secret to decrypt IPSec that uses addr as the address and contains the Security parameter index value SPI  ESP Group.     -f  prints the external Internet address as a digital form.     -F  reads an expression from the specified file, ignoring the expression given in the command line.     -i  Specifies the network interface for the listener.     -l  make the standard output into a buffered line, and you can export the data to a file.     -L  lists the known data links for the network interface.     -m  Importing the Smi mib module from the file moduleYi. This parameter can be used multiple times to import multiple MIB modules.     -M  If the TCP-MD5 option is present in the TCP message, you need to use secret as the shared verification code to verify the summary of the TCP-MD5 selection option (see rfc 2385 for details).     -b  Select protocols on the data-link layer, including IP, ARP, RARP, and IPX.     -n  does not convert the network address into a name.     -nn  to convert the name of the bad mouth.     -N  does not output the domain name portion of the hostname. For example, ' nic.ddn.mil ' only outputs ' NIC '.     -t  the timestamp is not printed on each line of the output.     -O  does not run the group grouping Matching (packet-matching) code optimizer.     -P  does not set the network interface to promiscuous mode.     -q  fast output. Only less protocol information is output.     -r  reads packets from the specified file (these packages are typically generated through the-w option).     -S  outputs the serial number of TCP as an absolute value, not as a relative.     -s  reads the first snaplen bytes from each grouping, rather than the default of 68 bytes.     -T  will listen to the packet directly interpreted as a specified type of message, common types have RPC remote procedure call) and SNMP (Simple Network Management Protocol;).     -t  does not output a timestamp in each row.     -tt  outputs the unformatted timestamp in each row.     -ttt  outputs the time difference between the bank and the previous line.     -tttt  prints the timestamp of the default format processed by date in each row.     -u  outputs an NFS handle that is not decoded.     -v  output A slightly more detailed information, such as the TTL and the type of service that can be included in the IP packet.     -vv  output detailed message information.     -w  writes the groupings directly to the file instead of parsing and printing them out.

Example: Tcpdump-n-i eth0 DST 192.168.31.147 or 192.168.31.157 and TCP

Key words:
About types of keywords: host,net,port
Keywords to determine transmission direction: SRC,DST,DST or SRC,DST and SRC
Protocol keyword: FDDI,IP,ARP,RARP,TCP,UDP
FDDI indicates that it is in FDDI (Distributed Fiber Data Interface Network)
Gateway, broadcast,less, greater
Three types of logic operations
Take non-operation is ' not '! ‘
And the operation is ' and ', ' && '
Or the operation is ' or '
3. Introduction of output results
Tcpdump--E Host 192.10.1.1
tcpdump ARP
TCP UDP//can be monitored

4. Example

tcpdump host 210.27.48.1 and  (210.27.48.2 or 210.27.48.3 )      a wants to intercept all packets received and sent by all 210.27.48.1  hosts: #tcpdump  host 210.27.48.1b want to intercept the host 210.27.48.1   Communication with host 210.27.48.2  or 210.27.48.3: #tcpdump  host 210.27.48.1 and  (210.27.48.2  or 210.27.48.3 ) c If you want to get host 210.27.48.1 except for IP packets that communicate with all hosts outside the host 210.27.48.2, use the command: #tcpdump  ip host  210.27.48.1 and ! 210.27.48.2d If you want to get the Telnet packet received or sent by the host 210.27.48.1, use the following command: #tcpdump  tcp  port 23 host 210.27.48.1E  monitoring of native udp 123  ports  123  service ports for NTP # The  tcpdump udp port 123F  system will only monitor communications packets for hosts named hostname. The hostname can be a local host, or it can be any computer on the network. The following command can read all data sent by the host  hostname: #tcpdump  -i eth0 src host hostnameG  The following command can monitor all packets sent to the host hostname: #tcpdump  -i eth0 dst host hostnameH   We can also monitor packets through the specified gateway: #tcpdump  -i eth0 gateway GatewaynameI  If you also want to monitor TCP or UDP packets addressed to the specified port, execute the following command: #tcpdump  -i eth0 host hostname  and port 80J  If you want to get host 210.27.48.1 in addition to the IP packets that communicate with all hosts except host 210.27.48.2 #tcpdump ip host  210.27.48.1 and ! 210.27.48.2K  want to intercept host 210.27.48.1  and host 210.27.48.2  or 210.27.48.3 communication, use the command #tcpdump host 210.27.48.1 and  (210.27.48.2 or 210.27.48.3  ) l  If you want to get the IP packets that host 210.27.48.1 in addition to communicating with all hosts except the host 210.27.48.2, use the command: #tcpdump  ip host 210.27.48.1  and ! 210.27.48.2M  If you want to get the Telnet packet received or sent by the host 210.27.48.1, use the following command: #tcpdump  tcp port  23 host 210.27.48.1n if we just want to list packets sent to port 80, use dst port; if we only want to see packets returning 80 ports, using Src port. #tcpdump  –i eth0 host hostname and dst port 80   Destination port is 80 or # tcpdump –i eth0 host hostname and src port 80   Source Port is 80    is generally a host of HTTP-provided services o if the conditions are large  &nbsp To add and  or  or  or  not#tcpdump -i eth0 host ! 211.161.223.70 before the condition  and ! 211.161.223.71 and dst port 80

-C 50 parameter meaning: Grab only 50 packets, you can end the packet; (lowercase c)
-C 1 parameter meaning: Fetch the packet 1 m for a file, grab n files; (uppercase C)
Tcpdump-i eth1-c 1 >xie.txt
Take 1M as a file, grab the packet of ETH1 network card, the system will execute the record automatically; the only thing that needs attention is the size of the hard disk!

Tcpdump Recommended Blog:
Http://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html

This article is from the "Dark Horse vacated" blog, please be sure to keep this source http://hmtk520.blog.51cto.com/12595610/1977855

Linux Network (iii)