public:books:linux_shell_scripting_cookbook:chapter_7

  • Usage:
    # list current network interface configs:
    $ ifconfig
    
    # manually set IP address:
    # ifconfig wlan0 192.168.0.80
    # ifconfig wlan0 192.168.0.80  netmask 255.255.252.0
    
    # automatic configuration:
    # dhclient eth0
    
    # print list of network interfaces:
    $ ifconfig | cut -c-10 | tr -d ' ' | tr -s '\n'
    
    # spoof hardware address:
    # ifconfig eth0 hw ether 00:1c:bf:87:25:d5
  • We can edit /etc/resolv.conf to add server IP addresses:
    $ cat /etc/resolv.conf
    nameserver 8.8.8.8
    
    # echo nameserver IP_ADDRESS >> /etc/resolv.conf
    
    # To retrieve an IP address we can use ping:
    $ ping google.com
    PING google.com (64.233.181.106) 56(84) bytes of data.
    
    # To list all the Ip addresses we use:
    $ host google.com
    google.com has address 64.233.181.105
    google.com has address 64.233.181.99
    google.com has address 64.233.181.147
    google.com has address 64.233.181.106
    google.com has address 64.233.181.103
    google.com has address 64.233.181.104
    
    # or:
    $ nslookup google.com
    Server:    8.8.8.8
    Address:  8.8.8.8#53
    Non-authoritative answer:
    Name:  google.com
    Address: 64.233.181.105
    Name:  google.com
    Address: 64.233.181.99
    Name:  google.com
    Address: 64.233.181.147
    Name:  google.com
    Address: 64.233.181.106
    Name:  google.com
    Address: 64.233.181.103
    Name:  google.com
    Address: 64.233.181.104
    Server:    8.8.8.8
    
    # we can add symbolic names for a given IP:
    # echo 192.168.0.9 backupserver >> /etc/hosts
    
    # to display rout information:
    $ route -n
    Kernel IP routing table
    Destination   Gateway      Genmask       Flags Metric Ref  Use   Iface
    192.168.0.0   0.0.0.0      255.255.252.0   U     2     0     0   wlan0
    169.254.0.0   0.0.0.0      255.255.0.0     U     1000  0     0   wlan0
    0.0.0.0       192.168.0.4  0.0.0.0         UG    0     0     0   wlan0
    
    # setup a default gateway:
    # route add default gw 192.168.0.1 wlan0
  • Ping provides the Round Trip Time (time needed to get to host and come back):
    --- google.com ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4000ms
    rtt min/avg/max/mdev = 118.012/206.630/347.186/77.713 ms
  • Limiting the number of packets to send:
    $ ping 192.168.0.1 -c 2
  • Return status of ping command:
    $ ping domain -c2
    if [ $? -eq 0 ];
    then
      echo Successful ;
    else
      echo Failure
    fi
  • Trace a packet route:
    $ traceroute google.com
    traceroute to google.com (74.125.77.104), 30 hops max, 60 byte packets
    1  gw-c6509.lxb.as5577.net (195.26.4.1)  0.313 ms  0.371 ms  0.457 ms
    2  40g.lxb-fra.as5577.net (83.243.12.2)  4.684 ms  4.754 ms  4.823 ms
    3  de-cix10.net.google.com (80.81.192.108)  5.312 ms  5.348 ms  5.327 ms
    4  209.85.255.170 (209.85.255.170)  5.816 ms  5.791 ms 209.85.255.172 
    (209.85.255.172)  5.678 ms
    5  209.85.250.140 (209.85.250.140)  10.126 ms  9.867 ms  10.754 ms
    6  64.233.175.246 (64.233.175.246)  12.940 ms 72.14.233.114 
    (72.14.233.114)  13.736 ms  13.803 ms
    7  72.14.239.199 (72.14.239.199)  14.618 ms 209.85.255.166 
    (209.85.255.166)  12.755 ms 209.85.255.143 (209.85.255.143)  13.803 ms
    8  209.85.255.98 (209.85.255.98)  22.625 ms 209.85.255.110 
    (209.85.255.110)  14.122 ms
    * 
    9  ew-in-f104.1e100.net (74.125.77.104)  13.061 ms  13.256 ms  13.484 ms
    
    => one could also use mtr instead to get real time data.
  • Using ping:
    #!/bin/bash
    #Filename: ping.sh
    # Change base address 192.168.0 according to your network.
    for ip in 192.168.0.{1..255} ;
    do
      ping $ip -c 2 &> /dev/null ;
      
      if [ $? -eq 0 ];
      then
        echo $ip is alive
      fi
    done
  • Using fping:
    $ fping -a 192.160.1/24 -g 2> /dev/null 
    192.168.0.1 
    192.168.0.90
    
    # or :
    $ fping -a 192.168.0.1 192.168.0.255 -g
    
    # Parallel pings:
    #!/bin/bash
    #Filename: fast_ping.sh
    # Change base address 192.168.0 according to your network.
    for ip in 192.168.0.{1..255} ;
    do
       (
          ping $ip -c2 &> /dev/null ;
      
          if [ $? -eq 0 ];
          then
           echo $ip is alive
          fi
       )&
      done
    wait
  • To run a command on a remote we use:
    $ ssh user@host 'COMMANDS'
    
    # multiple commands:
    $ ssh user@host "command1 ; command2 ; command3"
    
    # ssh with compression:
    $ ssh -C user@hostname COMMANDS
    
    # Redirect stdin data to remote shell:
    $ echo 'text' | ssh user@remote_host 'echo'
    text
    # or Redirect data from file as:
    $ ssh user@remote_host 'echo'  < file
    
    # Running graphical commands:
    ssh user@host "export DISPLAY=:0 ; command1; command2"
    
    # or to get the display on the local computer (using ssh X11 forwarding)
    ssh -X user@host "command1; command2"
  • Usage:
    # To connect to FTP server
    $ lftp username@ftphost
    
    # Using SCP to copy to remote:
    $ scp filename user@remotehost:/home/path
    
    # recursive copy with scp:
    $ scp -r /home/slynux user@remotehost:/home/backups

⇒ Recipe providing script for wireless connection with WEP key. See source directly.

  • Setup:
    # Create key on the machine that requires login to remote:
    $ ssh-keygen -t rsa
    
    # Append the key on the host:
    $ ssh USER@REMOTE_HOST "cat >> ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub
    Password:
    
    # We can use ssh-copy-id to register our public key instead:
    ssh-copy-id USER@REMOTE_HOST
  • To forward port 8000 on the local machine to port 80 of www.kernel.org:
    ssh -L 8000:www.kernel.org:80 user@localhost
    
    # here we just replace user with the actual user name.
  • To forward port 8000 on a remote machine to port 80 of www.kernel.org:
    ssh -R 8000:www.kernel.org:80 user@REMOTE_MACHINE
    
    # Here we replace the user and the remote machine name.
  • Non-interactive port forward:
    ssh -fR 8000:www.kernel.org:80 user@localhost -N
    
    # -f : fork to background before executing command
    # -R : use login name on the remote
    # -N : there is no command to execute.
  • Reverse port forwarding:
    ssh -R 8000:localhost:80 user@REMOTE_MACHINE
  • To mount a remote folder we use:
    # sshfs -o allow_other user@remotehost:/home/path /mnt/mountpoint
    
    # umount /mnt/mountpoint
  • List all open ports with:
    $ lsof -i
    COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    firefox-b 2261 slynux   78u  IPv4  63729      0t0  TCP localhost:47797-
    >localhost:42486 (ESTABLISHED)
    firefox-b 2261 slynux   80u  IPv4  68270      0t0  TCP slynux-laptop.
    local:41204->192.168.0.2:3128 (CLOSE_WAIT)
    firefox-b 2261 slynux   82u  IPv4  68195      0t0  TCP slynux-laptop.
    local:41197->192.168.0.2:3128 (ESTABLISHED)
    ssh       3570 slynux    3u  IPv6  30025      0t0  TCP localhost:39263-
    >localhost:ssh (ESTABLISHED)
  • To list open ports from current machine:
    $ lsof -i | grep ":[0-9]\+->" -o | grep "[0-9]\+" -o  | sort | uniq
  • List open ports with netstat:
    $ netstat -tnp
  • Setup listening socket :
    # listen on port 1234 on local machine.
    nc -l 1234
  • Connect to socket using:
    nc HOST 1234
    # HOST could be "localhost" or remote IP
  • Then to send messages we jsut type them and press Enter.
  • Quickly copy files over the network:
    # On receiving computer:
    nc -l 1234 > destination_filename
    
    # Then on sender computer:
    nc HOST 1234 < source_filename

⇒ How to use linux and iptables for sharing internet connection. See source document.

  • Block traffic to a specific address:
    # iptables -A OUTPUT -d 8.8.8.8 -j DROP
  • Block traffic to a specific port:
    # iptables -A OUTPUT -p tcp -dport 21 -j DROP
  • Clear the changes made to the iptables chains:
    # iptables --flush
  • public/books/linux_shell_scripting_cookbook/chapter_7.txt
  • Last modified: 2020/07/10 12:11
  • by 127.0.0.1