Below is the output of the netstat command with -n & -r options in which the destination field shows compacted address (127.1/16). I wanted to know that is there any way or options available to netstat command to display entire Destination IP (127.1.0.0/16) rather than (127.1/16) ?
#netstat -r -n
Destination Gateway Flags Refs Use Mtu Interface
127.0.0.1 127.0.0.1 UH 110 296172 33212 lo0
127.1/16 link#7 UC 2 0 - vlan10
But the command is not showing 127.1.0.0/8, it's showing 127.1/16, which means the whole 127.1.x.x range.
Read up on netmasks: http://en.wikipedia.org/wiki/Subnetwork#IPv4_subnetting
And experiment with them here, to get a better understanding: http://jodies.de/ipcalc
You may want to consider alternatives to just using netstat. "netstat -r" gives the same output as "route". You could also try "ip route show", or "ip route show dev " if you want to see routes going via a particular device/interface. Your may also be interested the output returned by "routel".
Related
I am fairly new to linux I wanted to ask if its possible in linux commands to run a "route -n" command to retrieve information for a specific NIC. E.G route -n ether0. Because currently it shows me for all the NIC's but what if I want just for one?
Use the iproute2 ip command (rather than the antique route command), and provide a selector with your NIC:
# for ether0
ip -o route list dev ether0
(I've added -o since your tags indicate that you're using this for scripting purposes; ensuring that each result lives on its own line is appropriate in this case).
This is a significant improvement on the simple route | grep ether0 approach, as it shows routing entries which can end up sending traffic through a NIC but don't name that NIC explicitly.
As the default for iproute2 is to avoid leaning on the resolver, no local flag equivalent to -n is necessary; instead, if you did want to use the resolver, you would need to add -r.
Do you want see route for ether0, you can use below command
ip -o route show dev ether0
or
ip route show | grep ether0
or
route -n | grep ether0
or
netstat -nr | grep ether0
To see NIC for ether0, you can use ifconfig command and Gateway NIC you can use arp -a commands
ifconfig ether0
for see GW and direct connected NICS you can use below command
arp -a
I have tried nmap, nbtscan, fping, arp-scan for the overstated need and all are producing expected output.
But I am facing some trouble with the arp command its not working and showing something like this:
? (10.240.253.2) at 80:a1:d7:7c:22:94 [ether] on eth0
<something>.local (10.240.253.53) at 9c:2a:70:d8:50:ed [ether] on eth0
I have tried arp -a and arp -a -n both. Also I tried running ping -b <broadcast ip address> before these command but ping -b does not execute at all means it does nothing.
On other systems in my network it is running fine. But it seems there is some setting problem with my computer that I am not aware of.
arp is not a scanner. It queries your system's ARP cache.
Therefore, it will only show IP and MAC addresses of hosts which have sent ARP queries or answers recently seen by your system.
As you mention, nmap, for example, is much more suited to what you're trying to do than arp.
I am trying to get the source MAC address of every packet being dumped on the network, excluding any packets involving the host machine. I expect that in order to accomplish this I should get the data from tcpdump with the host's network interface in promiscuous mode.
Note that I am not interested in getting the full header or even the link level header. The -e option is not what I want. I just want the source MAC address for each packet, and nothing more.
This is what I am currently doing right now:
sudo tcpdump -I -elt -i wlan0 not host 127.0.0.1 2>> /dev/null | sed 's/ .*//'
with 127.0.0.1 replaced with the actual IP address of the local network interface.
This works great in some networks, where the source MAC address is the first piece of information that is output by tcpdump. Unfortunately, this has not always been my experience. It seems that the output to tcpdump is protocol-dependent and so on some networks it varies.
I suppose I could rewrite my sed command so that it outputs the first item that matches the regex for a MAC address:
(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}
but I am unsure if the first MAC address in the line will always be the source MAC address.
If there's no way to have tcpdump output the source MAC address directly, is there some way I could have it output the raw bits from the link level header? From there I should be able to piece together the source MAC address.
by using tshark you can do it like that:
example:
tshark -i eth0 -e eth.src -Tfields
Specifically RHEL 6.5
It's a Dev box and we have certain port ranges we are permitted for development use.
...unfortunately, getting a tech's attention to find out what ports are available is like pulling teeth. Would prefer a script or alias that does this so that we don't have to ask all the time. Clues? Is this an iptables command or is it a netstat command or some weird combo? nmap is not available on this machine.
Please don't say this is a Server Fault question. They say it's a programming question. :-|
Definitely a SF question but here we go. From the dev box itself (command line) you should be able to see what ports are in use with the netstat tool.
To see the list of listening ports both UDP and TCP, complete with the program names:
# preferably as root
netstat --listening --program --numeric-ports --protocol=ip -6 -4
From another machine, you can use nmap or a similar tool to see what ports are open/listening by scanning the IP address assigned to the dev box. Before trying this, maybe you should ask for permission. Also, you should consider that the box in question might have firewall rules in place that can thwart your scanning attempts.
To see what firewall rules are in place in the dev box try:
# as root
iptables -nvxL -t filter
# maybe there are NAT rules, redirects to other addresses, etc.
iptables -nvxL -t nat
To see what these iptables options do, try man iptables.
As an example, assuming 172.16.0.1 is the IP address assigned to the dev box, to run nmap in the simplest way possible:
# preferably as root
nmap -v 172.16.0.1
In a few minutes you should see a list of ports/services listening in that relevant box.
Try man nmap and read the documentation for more details.
If you really think this is a programming issue, you can use the netcat tool and program a simple script to do something roughly equivalent to what nmap does.
#!/bin/bash
#
# DISCLAIMER: NOT TESTED -- just an example
# NOTE: This will take many DAYS to complete
HOST=172.16.0.1
for port in `seq 1 65535`
do
echo "Trying ${port}..."
netcat -vvv ${HOST} $port -w 1 -z
done
For every open TCP port you should see a line similar to this:
Connection to 172.16.0.1 23 port [tcp/telnet] succeeded!
I'm not sure whether to post it here or at ServerFault.
Anyway, I'm trying to work around company's firewall to connect to some media sharing site using my phone's 3g network. I've come up with a simple ip route command which take pppd's inet address as it's parameter. But, I want to make it a little bit more automated by reading the inet address right from the script, not by passing it via command line parameter.
Here's the scenario, to make it more obvious:
The command invocation as of now: $jumpfirewall xxx.xxx.xxx.xxx
The command invocation I want: $jumpfirewall
Do you know some command or library that I can use to read it from command line?
Adapted from cyberciti:
/sbin/ifconfig ppp0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'
The ifconfig ppp0 will get information for your primary PPP interface; the grep cuts it down to the line containing the IP address; the cut splits out everything after inet addr: up to bcast:, giving something like 1.2.3.4 Bcast:; and the awk call will print only the first (space-separated) field, leaving you with only the IP address.
pppd automatically calls a script in /etc/ppp/ip-up when a link is brought up. In this script, $4 is the local IP address of the PPP link. (On some distributions, /etc/ppp/ip-up is set to call the scripts in /etc/ppp/ip-up.d, with $PPP_LOCAL set to the IP address, so you can place your script there).
This way, you won't have to manually call the script - just bring up the PPP link and it'll be run automatically. There's a corresponding /etc/ppp/ip-down you can use to undo your route when the link goes down.