How can i have a logs on TCP port available, so that it can be remotely tested by someone else ? for example:
MAINSERVER> tail -f /etc/httpd/logs/access_log | grep -e fruit_Python -e fruit_BASH -e fruit_C | .... TCP 9999 ... make this available ....??
NOW, from my Laptop remotely i want to do this temporary:
MYLAPTOP> tail -f http://MAINSERVER:9999 | grep -e grab_BASH
Any idea please?
You can use netcat (nc) to do this:
Server side (listen for connection):
tail -f /foo/bar |nc -l -k -p 9999
-l listen
-k listen for another connection after current completed
Client side (connecting):
nc MAINSERVER 9999 | grep whatever_you_like
You can use bash as well to connect to /dev/tcp/host/port but sometimes it's not suported (compiled in to Bash) for security reasons.
Client:
grep whatever_you_like < /dev/tcp/MAINSERVER/9999
Related
I want to know which port is my Jonas, on which a Java project has been deployed, is attached to in a Linux server. I have the pid of the Jonas and tried netstat -lnp but I found no port attached to that PID.
Any idea of how to do this.
Open a terminal application i.e. shell prompt.
Run any one of the following command:
sudo lsof -i -P -n | grep LISTEN
sudo netstat -tulpn | grep LISTEN
sudo nmap -sTU -O IP-address-Here
lsof command
The syntax is:
$ sudo lsof -i -P -n
$ sudo lsof -i -P -n | grep LISTEN
$ doas lsof -i -P -n | grep LISTEN ### [OpenBSD] ###
There are many ways to do, I prefer this
sudo netstat -pan |grep pid
Also, you can use
sudo lsof -Pan -p pid -i
pid should be actual "pid" number that you have
I need a script for running a new process every hour.
I created a bash script that is scheduled to run every hour through cron. It only works the first time but fails otherwise.
If run from shell, it works perfectly.
Here is the script:
#!/bin/sh
ps -ef | grep tcpdump | grep -v grep | awk '{print $2}' | xargs kill
sleep 2
echo "Lanzando tcpdump"
tcpdump -ni eth0 -s0 proto TCP and port 25 -w /root/srv108-$(date +%Y%m%d%H%M%S).smtp.pcap
cron
#hourly /root/analisis.sh > /dev/null 2>&1
Why is the cron job failing?
This is the answer the OP added to the question itself.
Correction of the script after the comments (it works fine)
#!/bin/bash
pkill -f tcpdump
/usr/sbin/tcpdump -ni eth0 -s0 proto TCP and port 25 -w /root/srv108-$(date +%Y%m%d%H%M%S).smtp.pcap
That is, I just needed to use the full path to tcpdump.
The failure may be related to the cron job never finishing - you are starting a new tcpdump in the foreground, which will run forever.
Try this simplified script:
#!/bin/bash
killall tcpdump
tcpdump -ni eth0 -s0 proto TCP and port 25 -w /root/srv108-$(date +%Y%m%d%H%M%S).smtp.pcap&
I tried this command to try to find unused ports. What I want it to do is run netcat on a range of ports, find the ones that are not running services, grep the first one of those lines of output, and then use sed to output the port number only.
nc -z <my url> 5000-5010 | grep -m 1 succeeded | sed 's/[^0-9]//g'
But when I try and launch a service using the port that is returned, I get a message saying the port is currently in use.
I found out netcat success means a service is running on the port, but when I try this instead
nc -zv <my url> 5000-5010 | grep -m 1 failed | sed 's/[^0-9]//g'
I get nothing, even though most lines of output contain the word failed.
Going through the man pages revealed that netcat -z only returns output for successful results, though why line after line of failed connection appears on my terminal window is still beyond me.
How can I use netcat to view the first port a connection failed on?
To get a list of closed (unused) ports on a linux system you can use:
Realtime Output:
#!/bin/bash
remoteHost=stackoverflow.com
for i in {80..100}
do
nc -v -z -w 1 $remoteHost $i &> /dev/null && echo "Port $i Open" || echo "Port $i Closed"
done
You can change the timeout, currently set to 1 sec (-w 1), to a higher value if needed.
Output:
Port 80 Open
Port 81 Closed
Port 82 Closed
Port 83 Closed
Port 84 Closed
Port 85 Closed
etc..
nc arguments:
-v Have nc give more verbose output.
-z Specifies that nc should just scan for listening daemons, without sending any data to them. It is an error to use this option in conjunction with the -l option.
-w timeout
If a connection and stdin are idle for more than timeout seconds, then the connection is silently closed. The -w flag has no effect on the -l option, i.e. nc will listen forever for a connection, with or without the -w flag. The default is no timeout.
Resources
nc man
The nc -v command writes the failed/succeeded messages on standard error, not the standard output. You can redirect stderr to stdout using 2>&1.
nc -zv <my url> 5000-5010 2>&1 | grep -m 1 failed
to get the failed line.
See http://www.cyberciti.biz/faq/redirecting-stderr-to-stdout/
By the way, I suggest you use awk to get the port number from the output line:
nc -zv <my url> 5000-5010 2>&1 | grep -m 1 failed | awk '{print $6}'
which prints the value in the 6th column of the output line.
I am using below code to kill a process which is using a port number
port = sudo lsof -n -i4TCP:3030 | grep LISTEN | awk '{print $2;}'
if [ ! -z "$port" -a "$port" != " " ]; then
sudo kill "$port"
fi
But it is saying port: command not found. What is causing the issue and how can I fix it.
As it stands,
port = sudo lsof -n -i4TCP:3030 | grep LISTEN | awk '{print $2;}'
attempts to run a command port with parameters = sudo lsof -n -i4TCP:3030 and pipe its output through grep LISTEN and then awk '{print $2;}'.
Use
port=$(sudo lsof -n -i4TCP:3030 | grep LISTEN | awk '{print $2;}')
There's no reason to roll this yourself: fuser on Linux will do it for you in a single command, and much more efficiently:
sudo fuser -n tcp -k 3030
With just one line!
sudo kill `sudo lsof -t -i:3030`
I am using the Linux command line and when I run the following command:
tcpdump -n dst host destsitename
tcpdump -n dst host stackoverflow.com
to see if my server as source talk to this domain, how I can find out which process doing the communication from my server as source.
My question is which option should I use in "tcpdump".
Run netstat -avnp and fetch the <pid> (the last column)
Run ps -ef | fgrep <pid> and see what that <pid> belongs to
If you know the port, you can try:
lsof -i :1234
The benefits of using lsof instead of netstat is that the -p is not supported on Unix/OS X.
Use lsof and grep by site name:
$: lsof -i |grep mapscii.me
$: telnet 16678 zersh 3u IPv4 1789302 0t0 TCP 192.168.21.180:43148->mapscii.me:telnet (ESTABLISHED)
or netstat:
$ netstat anlpt |grep mapscii.me
tcp 0 0 192.168.21.180:43168 mapscii.me:telnet ESTABLISHED
Try use next script:
LOCAL_IP="src_ip"
TARGET_IP="..."
while read x; do
port=$( echo $x | grep "IP ${LOCAL_IP}" | awk '{print $3}' | sed "s/${LOCAL_IP}.//" )
if [ ! -z ${port} ]; then
lsof -Pni :${port}
fi
done <<< "$( tcpdump -nn -c1 host ${TARGET_IP} )"
PS. In my case it only worked in the background. Hung in processes for more than 10 hours looking for the source of the problem:
while read x; do port=$(echo $x | grep "IP ${LOCAL_IP}" | awk '{print $3}' | sed "s/${LOCAL_IP}.//"); if [ ! -z ${port} ]; then lsof -Pni :${port}; fi; done <<< "$( tcpdump -nn -c2 host ${TARGET_IP} )" >> /tmp/result &
On linux you can also use the ss command (which replaces the deprecated netstat command):
$ ss -p dst stackoverflow.com
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp ESTAB 0 0 192.168.2.5:50676 151.101.65.69:https users:(("firefox",pid=4657,fd=251))