Domain Name Service or Domain Name System message format.
Below screenshot is from the CN text book
Below 2 screenshots from Wireshark network capture
Sunday, September 24, 2017
DNS Message Format
Domain Name Service or Domain Name System message format.
Below screenshot is from the CN text book
Below 2 screenshots from Wireshark network capture
Monday, July 10, 2017
TCPDUMP COMMAND
TCPDUMP is a widely used tool/command that is used to capture the network packets in linux environment .
CAPTURE HOST
**********************
tcpdump -i <interface-name> host <ip-address>
it will capture each and every packet matching the ip-address whether it is a source or destination
NOTE: i means interface
NO DOMAIN LOOKUP
***************************
tcpdump -i <interface-name> -n host <ip-address>
it will capture each and every packet matching the ip-address whether it is a source or destination
it will not resolve the ip-address
NO DOMAIN AND PROTOCOL LOOKUP
******************************************
tcpdump -i <interface-name> -nn host <ip-address>
it will capture each and every packet matching the ip-address whether it is a source or destination
it will not resolve the ip-address
it will not resove the protocol
NOTE: n means name resolution
RESTRICT THE PACKETS BEING CAPTURED
**************************************************
tcpdump -i <interface-name> -nn host <ip-address> -c <number of packets to be captured>
NOTE: c means count
CAPTURE HOST AND SERVICE OR PORT
**********************************************
tcpdump -i <interface-name> -nn host <ip-address> and port <port-number>-c <number of packets to be captured>
SAVE AND CAPTURE TCPDUMP DATA
*******************************************
tcpdump -i <interface-name> -nn host <ip-address> and port <port-number>-c <number of packets to be captured> >/tmp/PacketCapture.txt
tcpdump -i <interface-name> -nn host <ip-address> and port <port-number>-c <number of packets to be captured> -w >/tmp/PacketCapture.pcap
To collect dump .pcap file,which later can be used in wireshark
CAPTURE HOST AND PROTOCOL
**************************************
tcpdump -i <interface-name> -nn host <ip-address> and <protocol> -c <number of packets to be captured>
NOTE:protocol can be replaced by udp,tcp.icmp etc
NEGATE FILTER
**********************
tcpdump -i <interface-name> -nn host <ip-address> and not <protocol> -c <number of packets to be captured>
CAPTURING PACKETS ON PARTCIULAR SOURCE/DESTINATION ADDRESS
******************************************************************************
tcpdump -i <interface-name> -nn dst <ip-address> and not <protocol> -c <number of packets to be captured>
tcpdump -i <interface-name> -nn src <ip-address> and not <protocol> -c <number of packets to be captured>
COMBINATION
********************
tcpdump -i <interface-name> -nn dst <ip-address1> or dst <ip-addres2> and <portnumber>
CAPTURE MAC ADDRESS
******************************
tcpdump -i <interface-name> -nn -e host <ip-address> -c <number of packets to be captured>
VERBOSE MODE
**********************
tcpdump -i <interface-name> -nn -vv host <ip-address> -c <number of packets to be captured>
more detailed information along with header
CAPTURING DUMP FOR NETWORK
***************************************
tcpdump -i <interface-name> -nn net <subnet mask> -c <number of packets to be captured>
For ex:
tcpdump -i eth3 -nn net 10.10.11.10/16 -c 5
CAPTURING DUMP MULITCAST AND BROADCAST
*****************************************************
tcpdump -i <interface-name> -nn "broadcast or multicast" -c <number of packets to be captured>
For ex:
tcpdump -i eth3 -nn "broadcast or multicast" -c 5
CAPTURING DUMP FOR PORT RANGE
*****************************************
tcpdump -i <interface-name> -nn dst <ip-address> and portrange <port-range details>
For ex:
tcpdump -i eth3 -nn dst 10.20.30.40 and portrange 1-100
- tcpdump -h --will give the version of tcpdump that is installed
CAPTURE HOST
**********************
tcpdump -i <interface-name> host <ip-address>
it will capture each and every packet matching the ip-address whether it is a source or destination
NOTE: i means interface
NO DOMAIN LOOKUP
***************************
tcpdump -i <interface-name> -n host <ip-address>
it will capture each and every packet matching the ip-address whether it is a source or destination
it will not resolve the ip-address
NO DOMAIN AND PROTOCOL LOOKUP
******************************************
tcpdump -i <interface-name> -nn host <ip-address>
it will capture each and every packet matching the ip-address whether it is a source or destination
it will not resolve the ip-address
it will not resove the protocol
NOTE: n means name resolution
RESTRICT THE PACKETS BEING CAPTURED
**************************************************
tcpdump -i <interface-name> -nn host <ip-address> -c <number of packets to be captured>
NOTE: c means count
CAPTURE HOST AND SERVICE OR PORT
**********************************************
tcpdump -i <interface-name> -nn host <ip-address> and port <port-number>-c <number of packets to be captured>
SAVE AND CAPTURE TCPDUMP DATA
*******************************************
tcpdump -i <interface-name> -nn host <ip-address> and port <port-number>-c <number of packets to be captured> >/tmp/PacketCapture.txt
tcpdump -i <interface-name> -nn host <ip-address> and port <port-number>-c <number of packets to be captured> -w >/tmp/PacketCapture.pcap
To collect dump .pcap file,which later can be used in wireshark
CAPTURE HOST AND PROTOCOL
**************************************
tcpdump -i <interface-name> -nn host <ip-address> and <protocol> -c <number of packets to be captured>
NOTE:protocol can be replaced by udp,tcp.icmp etc
NEGATE FILTER
**********************
tcpdump -i <interface-name> -nn host <ip-address> and not <protocol> -c <number of packets to be captured>
CAPTURING PACKETS ON PARTCIULAR SOURCE/DESTINATION ADDRESS
******************************************************************************
tcpdump -i <interface-name> -nn dst <ip-address> and not <protocol> -c <number of packets to be captured>
tcpdump -i <interface-name> -nn src <ip-address> and not <protocol> -c <number of packets to be captured>
COMBINATION
********************
tcpdump -i <interface-name> -nn dst <ip-address1> or dst <ip-addres2> and <portnumber>
CAPTURE MAC ADDRESS
******************************
tcpdump -i <interface-name> -nn -e host <ip-address> -c <number of packets to be captured>
VERBOSE MODE
**********************
tcpdump -i <interface-name> -nn -vv host <ip-address> -c <number of packets to be captured>
more detailed information along with header
CAPTURING DUMP FOR NETWORK
***************************************
tcpdump -i <interface-name> -nn net <subnet mask> -c <number of packets to be captured>
For ex:
tcpdump -i eth3 -nn net 10.10.11.10/16 -c 5
CAPTURING DUMP MULITCAST AND BROADCAST
*****************************************************
tcpdump -i <interface-name> -nn "broadcast or multicast" -c <number of packets to be captured>
For ex:
tcpdump -i eth3 -nn "broadcast or multicast" -c 5
CAPTURING DUMP FOR PORT RANGE
*****************************************
tcpdump -i <interface-name> -nn dst <ip-address> and portrange <port-range details>
For ex:
tcpdump -i eth3 -nn dst 10.20.30.40 and portrange 1-100
Tuesday, July 4, 2017
Java Keytool Commands
Keytool is very useful tool that comes along with JRE or JDK,which is useful in creating JKS (Java Keystore files) ,helps in generating private key and CSR(Cert Signing Request) and also converting the JKS file into PKCS12 file.
Below are the steps to create a SSL cert and get it signed with CA
- Generate Key
- Generate CSR
- Validate the CSR
- Submit the CSR to Cert Signing Authority(CA),For Ex: CA-Verisign,Symatec,Godaddy etc
- Add the given public cert(.p7b format) to the JKS file.
Below are various KEYTOOL commands which are very helpful
KEYTOOL COMMAND TO GENERATE PRIVATE KEY AND CSR
**************************************************************
cd JDK_HOME\bin
keytool -genkey -alias <ALIAS_NAME> -keyalg RSA -keysize 2048 -keystore <JKS FILE COMPLETE PATH> -dname "CN=XXXXXXXXX,OU=YYYYY, O=ZZZZZZZZZ, L=AAAAA, ST=BBBBB, C=WWWW"
KEYTOOL COMMAND TO GENERATE CSR
******************************************
keytool -certreq -alias <ALIAS_NAME> -file <CSR FILE COMPLETE PATH> -keystore <JKS FILE ALONG WITH COMPLETE PATH>
Verify the CSR using the below link
******************************************
https://ssltools.websecurity.symantec.com/checker/views/csrCheck.jsp
KEYTOOL COMMAND TO DISPLAY or LIST OUT THE ENTRIES OF THE JKS FILE
*******************************************************************************
keytool -list -v -keystore <KEYSTORE FILE NAME WITH COMPLETE NAME> -storetype jks -storepass <PASSWORD>
KEYTOOL COMMAND TO ADD ENTRIES OF ONE JKS FILE TO ANOTHER JKS FILE
*******************************************************************************
keytool -importkeystore -srckeystore <SOURCE KEYSTORE> -destkeystore <DESTINATION KEYSTORE> -srcalias <SRC ALIAS> -destalias <DST ALIAS> -srcstorepass **** -deststorepass ****
KEYTOOL COMMAND TO CHANGE THE ALIAS OF THE GIVEN THE JKS FILE
**********************************************************************
keytool -changealias -alias <CURRENT ALIAS> -destalias <DEST ALIAS> -keypass ********* -keystore <JKS FILE ALONG WITH COMPLETE PATH> -storepass *******
KEYTOOL COMMAND TO Import the signed (public) certificate to the keystore:
******************************************************************
keytool -import -trustcacerts -alias <ALIAS_NAME> -file <.P7B FILE COMPLETE PATH> -keystore <JKS FILE ALONG WITH COMPLETE PATH>
KEYTOOL COMMAND TO EXPORT CER file from JKS file
**********************************************************
keytool -export -keystore <JKS FILE ALONG WITH COMPLETE PATH> -alias <ALIAS-NAME> -file <CER FILE NAME>
KEYTOOL COMMAND TO CHANGE PASSWORD OF A JKS FILE
*********************************************************
keytool -keypasswd -keystore <JKS FILE ALONG WITH COMPLETE PATH> -alias <ALIAS-NAME>
KEYTOOL COMMAND TO CONVERT JKS to PKCS12
*************************************************
keytool -importkeystore -srckeystore <JKS FILE ALONG WITH COMPLETE PATH> -srcstoretype JKS -deststoretype PKCS12 -destkeystore <PKCS12 FILE ALONG WITH COMPLETE PATH>
NOTE:<>-this are parameters and we need to substitute with the appropriate values.
Sunday, July 2, 2017
Sed-Stream Editor tutorial
Sed is one of the interesting command in Unix
Sed - Stream Editor
******************************************************************************
sed 's/t/T/' test.txt
substitute the first occurrence of 't' with 'T' in the file test.txt and display on screen,orginal files remains unchanged
--------------------------------------------------------------------------------------------------------------------------
sed 's/t/T/g' test.txt
substitute all/globally the occurrences of 't' with 'T' in the file test.txt and display on screen,orginal files remains unchanged.
--------------------------------------------------------------------------------------------------------------------------
sed -i 's/t/T/g' test.txt
substitute inline/in the file all/globally the occurrences of 't' with 'T' in the file test.txt,orginal file gets modified.
--------------------------------------------------------------------------------------------------------------------------
sed 's/^t/T/g' test.txt
substitute only the begining of the line with 't' with the 'T'
^--indicates the begining of the file
--------------------------------------------------------------------------------------------------------------------------
sed 's/t$/T/g' test.txt
substitute only the ending of the line with 't' with the 'T'
$--indicates the ending of the file
--------------------------------------------------------------------------------------------------------------------------
sed 's/[0-9]/*/g' test.txt
substitute all the numbers in the file with *
--------------------------------------------------------------------------------------------------------------------------
sed 's/[a-z]/*/g' test.txt
substitute all the lowercase letters in the file with *
--------------------------------------------------------------------------------------------------------------------------
sed 's/[A-Z]/*/g' test.txt
substitute all the capital letters in the file with *
--------------------------------------------------------------------------------------------------------------------------
SED Whole Word Match with Boundaries
sed 's/\bnew\b\old/I/g' test.txt
replaces only the word new with old in the test file
\b -means boundary
--------------------------------------------------------------------------------------------------------------------------
SED Remove Lines When Match is Found
sed '/new/d' test.txt
--------------------------------------------------------------------------------------------------------------------------
SED Like Head to Display Top of File
sed '5,$ d' test.txt
Deletes the lines starting from 5 to end of the file ,i.e displays only first 4 lines of the file
sed '4 q' test.txt
Display first 4 lines in the file and then quit
--------------------------------------------------------------------------------------------------------------------------
SED Remove Comments From a file
sed '/^#/d' test.txt
Delete all the lines starting with #
sed '1!{/^#/d;}' test.txt
Skip line 1 and Delete all the lines starting with #
--------------------------------------------------------------------------------------------------------------------------
SED print every other line
sed -n 'p;n' test.txt
print every other line(1,3,5,7),skip one line
sed -n 'p;n;n' test.txt
print every other 2 lines(1,4,7,10),skip 2 lines
--------------------------------------------------------------------------------------------------------------------------
sed '=' test.txt
print line number and print the line after that
sed -n '$=' test.txt
print last line number alone ,which is nothing but the count of number of lines in a file
--------------------------------------------------------------------------------------------------------------------------
Subscribe to:
Posts (Atom)