Geody Labs


# Main Index: Debian Linux Magic Spells Cheat Sheet (one liners, how to, tips and tricks)

# Networking

arp -a # show DNS, IP, and MAC address for all network interfaces
ifconfig -a # show DNS, IP, and MAC address for all network interfaces
ifconfig eth0 # show DNS, IP, and MAC address for all network interfaces # show DNS, IP, and MAC address for the given interface (eth0)

Change MAC Address of an interface (eth0):
ifconfig eth0 down
ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx
ifconfig eth0 up

ifconfig # show local network interfaces
ifconfig INTERFACE IP_ADDRESS # change the IP address for a network interface
ifconfig INTERFACE down # disable a network interface (WARNING: if you are connected from a remote system and disable the network interface to which you are connected you'll be disconnected, and if there isn't another interface available or a script that sets the interface up again automatically, you'll need physical access to the computer to configure it)
ifconfig INTERFACE up # enable a network interface

iwconfig # show local wireless network interfaces
iwconfig INTERFACE IP_ADDRESS # change the IP address for a wireless network interface
iwconfig INTERFACE down # disable a wireless network interface (WARNING: if you are connected from a remote system and disable the network interface to which you are connected you'll be disconnected, and if there isn't another interface available or a script that sets the interface up again automatically, you'll need physical access to the computer to configure it)
iwconfig INTERFACE up # enable a wireless network interface

Wake On LAN (WOL):
apt-get install ethtool
ethtool -s eth0 wol g # Set Wake On LAN on the specified interface (eth0). The system must support Wake On LAN and it has to be enabled from the BIOS
ethtool -s eth0 wol d # Unset Wake On LAN on the specified interface (eth0)
apt-get install etherwake
etherwake xx:xx:xx:xx:xx:xx # Wake On LAN the remote system with the specified MAC address

Default Gateway:
route add default gw GATEWAY_IP # Set Default Gateway. GATEWAY_IP in most cases is 192.168.0.1 or 192.168.0.254 or 192.168.1.0 or 192.168.1.254 (should you make an educated guess)
ip r # Show Default Gateway
route -n | grep 'UG[ \t]' | awk '{print $2}' # Get the IP of the Default Gateway

# Specify DNS Servers to resolve domain names
jed /etc/resolv.conf
# OpenDNS servers
nameserver 208.67.222.222
nameserver 208.67.220.200

jed /etc/hosts # assign hosts to specific IPs

jed /etc/network/options
jed /etc/network/interfaces

/etc/init.d/networking restart

Show active Internet connections:
netstat -anp
netstat -an | awk '{print $5}' | grep -o "[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" | egrep -v "(`for i in \`ip addr | grep inet |grep eth0 | cut -d/ -f1 | awk '{print $2}'\`;do echo -n "$i|"| sed 's/\./\\\./g;';done`127\.|0\.0\.0)" | sort -n | uniq -c | sort -rn # show open connections sorted by IP address
netstat -an | grep 'ESTABLISHED' | awk '{print $5}' | grep -o "[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" | egrep -v "(`for i in \`ip addr | grep inet |grep eth0 | cut -d/ -f1 | awk '{print $2}'\`;do echo -n "$i|"| sed 's/\./\\\./g;';done`127\.|0\.0\.0)" | sort -n | uniq -c | sort -rn # show established connections sorted by IP address
netstat -anp | grep 'IP' # Show current connections for the given IP
netstat -anp | grep 'ESTABLISHED' | grep 'IP' # Show current estabilished connections for the given IP
netstat -plntu # show applications listening TCP/UDP sockets
netstat -plntu | grep /apache | awk '{print $4}' | rev | cut -d ":" -f1 | rev | uniq # Show ports on which Apache webserver is listening, if enabled
netstat -plntu | grep /apache | awk '{print $4}' | rev | cut -d ":" -f1 | rev | uniq | tr '\n' ',' | awk '{sub(/,$/, "")};1' # Show ports on which Apache webserver is listening, if enabled (comma separated)
netstat -plntu | grep /tor | awk '{print $4}' | rev | cut -d ":" -f1 | rev | uniq # Show ports on which TOR server is listening, if enabled
netstat -plntu | grep /mysqld | awk '{print $4}' | rev | cut -d ":" -f1 | rev | uniq # Show ports on which MySQL server is listening, if enabled
netstat -plntu | grep /sshd | awk '{print $4}' | rev | cut -d ":" -f1 | rev | uniq # Show ports on which SSH is listening, if enabled
netstat -plntu | grep /sendmail | awk '{print $4}' | rev | cut -d ":" -f1 | rev | uniq # Show ports on which sendmail is listening, if enabled
netstat -A inet -lnp # show only listening servers
netstat -ant | awk '{print $4 " " $6}' | grep ':22 ' | grep 'ESTABLISHED' | wc -l # count estabilished SSH connections
netstat -ant | awk '{print $4 " " $6}' | grep ':80 ' | grep 'ESTABLISHED' | wc -l # count estabilished HTTP connections
netstat -ant | awk '{print $4 " " $6}' | grep ':443 ' | grep 'ESTABLISHED' | wc -l  # count estabilished HTTPS connections
netstat -anp | grep -v ":443 " | grep -v ":80 " | grep 'ESTABLISHED' # show NOT HTTPS/HTTP estabilished connections (excluding ports 443, 80)

Show network sockets in use:
lsof -i tcp:80 # show all processes that are using port 80 TCP

Scan an IP for open ports:
echo "Open ports:"; for i in {1..65535}; do (echo < /dev/tcp/127.0.0.1/$i) &>/dev/null && echo $i; done # Scan localhost (127.0.0.1) for open ports

Check if a connection to an IP:PORT is working:
Run on the server (Listen):
nc -tlvp PORT
Run on the client (Connect):
nc -vz IP PORT
If everything works fine, you should get Connection succeeded on the client and Connection received on the server.


Show bandwidth usage:
apt-get install nload
nload # show traffic in real time

apt-get install iftop
iftop # show connections and their bandwidth usage

Network usage stats:

apt install vnstat

jed /etc/vnstat.conf # Configuration

vnstat -u -i eth0 # Create the database file. If the interface is not eth0 change it accordingly
chown vnstat:vnstat /var/lib/vnstat/eth0 # Set vnstat as the owner of the database file. If the interface is not eth0 type the file name accordingly

service vnstat start # Start vnstat

service vnstat stop # Stop vnstat

vnstat -h # Hourly Stats
vnstat -d # Daily Stats
vnstat -w # Weekly Stats
vnstat -m # Monthly Stats
vnstat -t # Top Transfers

Ping host:
ping HOST # ping a host until CTRL-C is pressed
ping -c N HOST # ping a host N times

Trace route to host:
traceroute HOST

Network Mapping:
apt-get install nmap

nmap -sS 192.0.2.0 # search for open ports in the given IP
nmap -sS 192.0.2.0/24 # search for connected IPs (and related open ports) in the given IP mask
nmap -sS -O -v 192.0.2.0 # return Operating System and uptime for the given IP

Port scanning:

apt install netcat-openbsd # this is a rewrite of netcat, which provides more features, including support for IPv6, proxies, and Unix sockets.
# apt install netcat-traditional # this is the classic version of netcat that has less features than netcat-openbsd

# scan TCP ports:
nc -vvn -z 192.0.2.2 1-80 # scan TCP ports from 1 upto 80 in the given IP address

# scan UDP ports:
nc -u -vvn -z 192.0.2.8 1-255 # scan UDP ports from 1 upto 255 in the given IP address

Calculate broadcast, network, Cisco wildcard mask, and host range
apt-get install ipcalc
ipcalc 192.0.2.0/24
ipcalc 192.0.2.0/255.255.255.0
ipcalc 192.0.2.0-192.0.2.100 # deaggregate address range

DNS lookup:
apt-get install host # If you want to use the host command

# Resolve Hostname to IP address
dig +short www.example.com | awk '{ print ; }'
getent hosts www.example.com | awk '{ print $1 ; }'
host www.example.com | awk '/has address/ { print $4 ; }'
nslookup www.example.com | awk '/^Address: / { print $2 ; }'

# Resolve Hostname to IP address (only get the first result if there are more then one IP)
dig +short www.example.com | awk '{ print ; exit }'
getent hosts www.example.com | awk '{ print $1 ; exit }'
host www.example.com | awk '/has address/ { print $4 ; exit }'
nslookup www.example.com | awk '/^Address: / { print $2 ; exit }'

# Resolve Hostname to IPv4 or IPv6 address
host www.example.com # return both IPv4 and IPv6 addresses
host -t A www.example.com # return the IPv4 addresses
host -t AAAA www.example.com # return the IPv6 addresses

# Reverse DNS lookup
host 192.0.2.0
nslookup 192.0.2.0

DNS queries:
dig www.example.com A # get the IP address of the given domain
dig www.example.com TXT # get text annotations about the given domain
dig www.example.com MX # get the mail servers of the given domain
dig www.example.com NS # get the authoritative DNS servers for the given domain
dig www.example.com ANY # get all DNS information for the given domain
whois example.com # Information about a domain name

# IP Tables:

# iptables work with IPv4 addresses. Use ip6tables to work with IPv6 addresses.

iptables -S # Show rules (doesn't resolve IPs)
iptables -L # List rules (resolve IPs)
iptables -L -n # List rules (doesn't resolve IPs)
iptables -L INPUT --line-numbers # List only INPUT rules together with their line numbers (resolve IPs)
iptables -L INPUT -n --line-numbers # List only INPUT rules together with their line numbers (doesn't resolve IPs)

iptables -I INPUT -s 192.0.2.100 -j DROP # Block a specific (single) IP
iptables -I INPUT -s 192.0.2.100/32 -j DROP # Block a specific (single) IP (CIDR 32 only includes a single IP)
iptables -I INPUT -s 192.0.2.100/255.255.255.255 -j DROP # Block a specific (single) IP (subnet mask 255.255.255.255 only includes a single IP)
iptables -I INPUT -s 192.0.2.0/255.255.255.0 -j DROP # Block a range of IPs using a subnet mask
iptables -I INPUT -s 192.0.2.0/24 -j DROP # Block a range of IPs using CIDR
iptables -I INPUT -s 192.0.2.100 -j DROP -m time --timestart 22:00 --timestop 23:00 # Block the given IP only for one hour (22:00 to 23:00) every day

iptables -I INPUT -s 192.0.2.100 -j REJECT --reject-with icmp-port-unreachable # Reject a specific (single) IP. The difference between DROP and REJECT is that REJECT returns an error packet, while DROP returns no reply. Generally, REJECT is preferred on local networks and DROP on the Internet.

iptables -D INPUT LINE_NUMBER # Delete the INPUT rule with specified LINE_NUMBER
iptables -D INPUT 1 # Delete the last INPUT rule
iptables -D INPUT -s 192.0.2.100 -j DROP; # Unblock the matching IP Address
iptables -D INPUT -s 192.0.2.0/255.255.255.0 -j DROP # Unblock the matching range of IPs using a subnet mask
iptables -D INPUT -s 192.0.2.0/24 -j DROP # Unblock the matching range of IPs using CIDR

iptables -S|grep " DROP"|awk '{sub(/-A /,"iptables -I ")}; 1' > iptablesdrop.sh ; chmod 777 iptablesdrop.sh ; # Back up Drop instances in IP Tables into a shell script
iptables -S|grep " REJECT"|awk '{sub(/-A /,"iptables -I ")}; 1' > iptablesdrop.sh ; chmod 777 iptablesdrop.sh ; # Back up Reject instances in IP Tables into a shell script
iptables -S|grep -E "( DROP| REJECT)"|awk '{sub(/-A /,"iptables -I ")}; 1' > iptablesdrop.sh ; chmod 777 iptablesdrop.sh # Back up Drop and Reject instances in IP Tables into a shell script
iptables -S|grep -E "( DROP| REJECT)"|grep -Ev "^-A f2b-"|awk '{sub(/-A /,"iptables -I ")}; 1' > iptablesdrop.sh ; chmod 777 iptablesdrop.sh # Back up Drop and Reject instances in IP Tables, excluding the ones created by fail2ban, into a shell script

iptables-save > /etc/iptables/rules.v4 # Back up all IP Tables for IPv4
iptables-restore < /etc/iptables/rules.v4 # Restore all IP Tables for IPv4
ip6tables-save > /etc/iptables/rules.v6 # Back up all IP Tables for IPv6
ip6tables-restore < /etc/iptables/rules.v6 # Restore all IP Tables for IPv6

Script to clear IPTables:
---

#!/bin/bash

# Clear iptables
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

---

Download files from the Internet:
# note: default ports: HTTP: 80, FTP: 21
wget "http://www.example.com/file.gz"  # download the document at the given URL to the local directory
wget "http://www.example.com/file.gz" -O PATH/downloaded_file.gz  # download the document at the given URL to the specified directory and with the specified file name
wget -S "http://www.example.com/file.gz"  # download the document at the given URL in the local directory, and save the HTTP header at the beginning of the file
wget -c --wait=2 --limit-rate=20k "http://www.example.com/file.gz" # continue an interrupted download, and pause 2 secods after getting every file and limit download speed to 20KBps
wget -t 50 "http://www.example.com/file.gz"  # retries up to 50 times if the download fails or it's incomplete
wget -t 0 "http://www.example.com/file.gz"  # retries forever if the download fails or it's incomplete, until it can get the requested file
echo 'wget "http://www.example.com/file.gz"'|at 02:00  # start a download at 2:00am
wget -O- "http://www.example.com/path/page.html" # dump the output of the page on the console (normally on the screen)
wget -q -O- "http://www.example.com/path/page.html"|grep 'a href'  # show all links within given document
wget -r -l1 "http://www.example.com/path/page.html"  # download the first layer of links from given document
wget -r -l1 --no-parent "http://www.example.com/path/page.html"  # download the first layer of links from given document, ignoring links that are not within the given URL path
wget -r -l1 --no-parent -nc "http://www.example.com/path/page.html"  # download the first layer of links from given document, ignoring links that are not within the given URL path, and avoid downloading files already present in the destination directory (useful when resuming an interrupted download)
wget "http://www.example.com/doc?id="{1..50} // Download all files called doc?id= ranging from 1 to 50 from the given URL
wget "http://www.example.com/doc?id="{01..50} // Download all files called doc?id= ranging from 01 to 50 from the given URL
wget -r -l0 "http://www.example.com/path/page.html"  # download a whole website to the local directory
wget --mirror "http://www.example.com/"  # download a whole website to the local directory
wget -r -l1 --no-parent -A "*.gif" "http://www.example.com/dir/"  # download all files matching a certain pattern (all GIF files in this case) from the specified URL
wget -U USER_AGENT_STRING "http://www.example.com/file.gz" # you may set the User Agent to pretend to get the file from the server with a normal browser

Dump the content of a webpage on the screen:
lynx -dump http://www.example.com/
lynx --source http://www.example.com/ # Show document source
lynx -head -dump http://www.elfqrin.com/ # Show document info (headers)
wget -qO- http://www.example.com/ | cat # Show document source
wget --server-response --spider -q http://www.example.com/ # Show document info (headers)
curl http://www.example.com/ # Show document source
curl -I http://www.example.com/ # Show document info (headers)

Run a script on the web server:
wget -O- "http://localhost/script.php" # run a script on the local server
wget -q -O- "http://localhost/script.php" # run a script on the local server hiding the output
wget -q -T 0 -O- "http://localhost/script.php" # By default wget drops connection after 900 seconds (15 minutes), in this case you'll get a "Read error (Connection timed out) in headers.  Retrying." and if the script always takes more than the given time, it will retry uselessly until the maximum allowed retries (by default 20, but it can be changed with -t). To avoid time outs you can set a longer time using -T followed by the number of seconds (or 0 for infinite time, in this case make sure the script is working or it will run forever and if it uses resources incrementally it may crash the server). Also, if you experienced a time out with wget while running a script on localhost you should better restart the webserver as the script may continue running despite of wget timing out and dropping the connection.
lynx -dump http://localhost/script.php >/dev/null # run a script on the local server (less reliable than wget for this purpose) hiding the output

# If you receive this error message from the PPP Daemon (PPPD)
# pppd: The remote system is required to authenticate itself but I couldn't find any secret (password) which would let it use an IP address.
# You can fix it adding the string "noauth" (or changing the existing string "auth" to "noauth") in /etc/ppp/options




Please DONATE to support the development of Free and Open Source Software (PayPal, Credit Card, Bitcoin, Ether)

Page issued on 25-Sep-2022 05:25 GMT
Copyright (c) 2022 Geody - Legal notices: copyright, privacy policy, disclaimer