Rotating files with tcpdump
tcpdump -s 0 port 80 -C 10 -w /tmp/capture.pcap
The above command captures complete packets (-s 0) and writes them to /tmp/capture.pcap. The -C 10 tells tcpdump to rotate the .pcap files out when they reach 10MB in size. So capture.pcap would be the original, followed by capture.pcap1, capture.pcap2, etc.
One important note: tcpdump drops permissions when you use the -C, so make sure you write to a directory that is world-writable.
Cisco router ACL helper perl script
I am not a skilled programmer/scripter. Here's a Perl script I wrote that takes the inbound rules for an access list on a Cisco router and spits out the corresponding rules for the outbound list. It's still a work-in-progess.
UPDATE 09/07/11: slightly modified regular expression to better match different ACL syntax.
#!/usr/bin/perl -w
# cisco_router_aclgen.pl
# needs to handle resolvable ports (ntp instead of 123, dns 53, ssh 22, etc);
@inbound = ();
@outbound = ();
@invalid = ();
system "clear"; # clear the terminal screen
print "\n\n\t\tEnter your inbound ACL rules. Type end when finished or ^c to quit.\n"; # present user with prompt
while (<STDIN>) { # loops through user input
$inbound = $_;
last if /^end$|^END$/;
if ( $inbound =~ m/(no\ permit|permit)(\ ip|\ icmp|\ tcp|\ udp)(\ any|(\ host|\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))(\ any|(\ host|\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))?(\ eq\ \d{1,5}|\ range\ \d{1,5}\ \d{1,5}|\ any)(|\ log)$/ ) {
$prefix = "$1$2";
$src = "$3";
$dst = "$6";
#$ports = "$9";
$ports = "$9";
$outbound = "$prefix$dst$ports$src\n";
print "1=$1, 2=$2, 3=$3, 4=$4, 5=$5, 6=$6, 7=$7, 8=$8, 9=$9, 10=$10, 11=$11, 12=$12, 13=$13\n"; # left in for debugging
push @inbound, "$inbound";
push @outbound, "$outbound";
} elsif ( $inbound =~ m/(no\ permit|permit)(\ ip|\ icmp|\ tcp|\ udp)(\ any|(\ host|\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))?(\ eq\ \d{1,5}|\ range\ \d{1,5}\ \d{1,5}|\ any)(\ any|(\ host|\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))(|\ log)$/ ) {
$prefix = "$1$2";
$src = "$3";
$ports = "$6";
$dst = "$7";
$outbound = "$prefix$dst$src$ports\n";
print "1=$1, 2=$2, 3=$3, 4=$4, 5=$5, 6=$6, 7=$7, 8=$8, 9=$9, 10=$10, 11=$11, 12=$12, 13=$13\n"; # left in for debugging
push @inbound, "$inbound";
push @outbound, "$outbound";
} elsif ( $inbound =~ m/^\!\n$|remark.*/ ) {
push @inbound, "$inbound";
push @outbound, "$inbound";
}
else {
push @invalid, "$inbound";
}
}
system "clear"; # clear the terminal screen
print "\n\tWhat is the name of the INBOUND access list?\n\n";
$acl_in_name = <>;
print "\n\tWhat is the name of the OUTBOUND access list?\n\n";
$acl_out_name = <>;
system "clear"; # clear the terminal screen
print "#" x 100;
print "\n\nconfig t \nip access-list extended $acl_in_name";
for $inbound (@inbound) {
print "$inbound";
}
print "no deny ip any any log\ndeny ip any any log\n\!\n\nip access-list extended $acl_out_name";
for $outbound (@outbound) {
print "$outbound";
}
print "no deny ip any any log\ndeny ip any any log\nend\n\n";
print "#" x 100;
if ( @invalid ) {
print "\n\nThe following lines were not included in the access list because they do not follow normal ACL syntax:\n\n";
for $invalid (@invalid) {
print "\t$invalid";
}
}
print "\n" x 5;
Create a 100Mb file in Linux
I recently needed to create a 100 Mb file to do some testing. It didn't matter what was in it, I just needed a file of that specific size.
I created it with the following command:
dd if=/dev/random of=filename bs=1024 count=102400
The options are as follows:
if = the source of the input
of = output file name
bs = in this case this sets the block size
count = the number of blocks to copy in the file
Multiply the number of blocks (count) times the size (bs) to calculate the size of the file (in bytes).
Basic DNS troubleshooting with dig
I don't usually end up troubleshooting DNS issues, but one thing led to another recently and I ended up elbows deep in DNS troubles. I spent a good portion of my day on telcons with one party who actually administers the DNS servers for this client, and Akamai. I did walk away with a better understanding of how Akamai works and basic DNS querying using the dig command in Linux.
The following shows the DNS equivalent of a traceroute. Notice that is starts "tracing" the name from right to left, starting with the DNS root servers, then the .com, and so on.
[dacaprice@linux ~]$ dig dacaprice.com +trace ; <<>> DiG 9.7.4b1-RedHat-9.7.4-0.3.b1.fc14 <<>> dacaprice.com +trace ;; global options: +cmd . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. ;; Received 228 bytes from 208.67.220.220#53(208.67.220.220) in 273 ms com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. ;; Received 491 bytes from 192.112.36.4#53(192.112.36.4) in 386 ms dacaprice.com. 172800 IN NS ns1.comphouse.com. dacaprice.com. 172800 IN NS ns2.comphouse.com. ;; Received 109 bytes from 192.41.162.30#53(192.41.162.30) in 70 ms dacaprice.com. 14400 IN A 72.32.185.230 dacaprice.com. 86400 IN NS ns2.comphouse.com. dacaprice.com. 86400 IN NS ns1.comphouse.com. ;; Received 125 bytes from 72.32.185.230#53(72.32.185.230) in 50 ms
The next section illustrates how to query a specific DNS server. In this case I queried ns2.comphouse.com (an authority for dacaprice.com). The output shows the authoritative nameservers for dacaprice.com, the A record, mapping the name, dacaprice.com, to the IP address of the webserver and various other query-related statistics.
[dacaprice@linux ~]$ dig @ns2.comphouse.com dacaprice.com ; <<>> DiG 9.7.4b1-RedHat-9.7.4-0.3.b1.fc14 <<>> @ns2.comphouse.com dacaprice.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42212 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;dacaprice.com. IN A ;; ANSWER SECTION: dacaprice.com. 14400 IN A 72.32.185.230 ;; AUTHORITY SECTION: dacaprice.com. 86400 IN NS ns2.comphouse.com. dacaprice.com. 86400 IN NS ns1.comphouse.com. ;; ADDITIONAL SECTION: ns1.comphouse.com. 14400 IN A 72.32.185.230 ns2.comphouse.com. 14400 IN A 67.192.225.138 ;; Query time: 52 msec ;; SERVER: 67.192.225.138#53(67.192.225.138) ;; WHEN: Tue Aug 9 22:07:10 2011 ;; MSG SIZE rcvd: 125
Check CPU architecture
dmidecode is a linux tool for dumping a computer's DMI table contents in a human-readable format. To verify processor architecture information type the following command as root:
[root@linux]# dmidecode --type processor
Processor can be substituted for other options such as: bios, system, baseboard, chassis, memory, cache, connector, or slot. In the past, I've also used dmidecode (with the chassis option) to snag the serial number off of a remote machine to call in for a warranty repair.