Category Archives: Linux

How to capture network traffic using tcpdump on a Linux machine

Posted on by
Reply

To capture network traffic using tcpdump on a Linux machine and analyze it in Wireshark, follow these steps:

  1. Install Wireshark: If Wireshark is not already installed on your Linux machine, you can install it using your package manager. For example, on Debian-based systems (like Ubuntu), you can use:sudo apt-get update sudo apt-get install wireshark Make sure you have appropriate permissions to run Wireshark or use it with sudo.
  2. Capture network traffic with tcpdump: Run tcpdump to capture the network traffic. For example, to capture all traffic on interface eth0 and save it to a file named capture.pcap:sudo tcpdump -i eth0 -w capture.pcap Replace eth0 with the name of your network interface, which you can find using the ifconfig command.
  3. Stop tcpdump: Once you’ve captured enough traffic, stop tcpdump by pressing Ctrl+C.
  4. Transfer the capture file to your local machine (optional): If you’re running Wireshark on a different machine, you’ll need to transfer the capture file (capture.pcap) from the Linux machine to your local machine. You can use utilities like scp (secure copy) or rsync for this purpose.
  5. Open the capture file in Wireshark: Launch Wireshark on your local machine and open the capture file (capture.pcap) that you created using tcpdump.wireshark capture.pcap Alternatively, you can open Wireshark first and then use the GUI to open the capture file.
  6. Analyze the captured traffic: In Wireshark, you can analyze the captured packets, apply filters, view packet details, and perform various other network analysis tasks.

By following these steps, you can capture network traffic using tcpdump on a Linux machine and analyze it in Wireshark for troubleshooting, security analysis, or network debugging purposes. Remember to use tcpdump with appropriate permissions (e.g., sudo) to capture traffic on privileged ports or interfaces.

Linux: traceroute command

Posted on by
Reply

The traceroute command in Linux is a network diagnostic tool used to trace the path that an Internet Protocol (IP) packet takes from the local machine to a specified destination host. It does this by sending a series of packets with increasing Time-To-Live (TTL) values, starting from 1.

Here’s how the traceroute command works and what information it provides:

  1. Sending packets with TTL: The traceroute command sends UDP packets (by default) or ICMP Echo Request packets towards the destination IP address with TTL set to 1. When a router receives a packet with TTL of 1, it decrements the TTL by 1 and if it reaches zero, it sends back an ICMP “Time Exceeded” message to the sender. This message indicates that the packet has expired.
  2. Analyzing ICMP Time Exceeded messages: traceroute captures these ICMP Time Exceeded messages and uses them to determine the route the packet took to reach the destination. Each router along the path responds with an ICMP Time Exceeded message, indicating its presence.
  3. Incrementing TTL: traceroute then sends another set of packets with TTL set to 2, and so on, until the packets finally reach the destination. Each time, it records the IP address and round-trip time (RTT) of the intermediate routers.
  4. Displaying the route: Once traceroute receives a response from the destination or reaches its maximum number of hops, it displays the route taken by the packets along with the round-trip time for each hop.
  5. Identifying delays: By analyzing the round-trip times, traceroute can identify network delays at each hop, helping to diagnose network performance issues.
  6. Options: The traceroute command supports various options to customize its behavior. For example, you can specify the maximum number of hops (-m option), the type of packets to send (-I for ICMP or -U for UDP), and the interval between packets (-i option).

Example usage:

traceroute google.com

This command would trace the route to google.com, showing the IP addresses of each hop along the way and the round-trip time for each hop.

traceroute is a valuable tool for network troubleshooting, allowing administrators to identify network routing issues, locate bottlenecks, and analyze network performance between two hosts.

Linux: ip route information

Posted on by
Reply

n Linux, the ip route command is used to display and manipulate the kernel’s IP routing table. This table contains information about how packets should be forwarded to their destinations. Here’s a breakdown of the information provided by the ip route command:

  1. Destination: This field represents the destination network or host to which the route applies. It can be specified as an IP address or network address.
  2. Gateway: This field specifies the IP address of the next-hop router to which packets should be forwarded to reach the destination network or host. If the destination is directly reachable (e.g., on the same subnet), this field may be blank.
  3. Genmask/Mask: This field indicates the network mask associated with the destination address. It’s used to determine which portion of the IP address represents the network portion and which portion represents the host portion.
  4. Flags: Flags provide additional information about the route. Common flags include:
    • U (Up): Indicates that the route is up and available.
    • G (Gateway): Indicates that a gateway is required to reach the destination.
    • H (Host): Indicates that the destination is a host (single IP address).
    • D (Dynamic): Indicates that the route was dynamically added by a routing protocol.
    • C (Cache): Indicates that the route was dynamically added and is stored in the routing cache.
    • M (Modified): Indicates that the route has been modified since it was last used.
  5. Metric: This field represents the routing metric associated with the route. The metric is used by the routing algorithm to determine the best path to a destination when multiple routes are available. Lower metric values typically indicate better paths.
  6. Ref: This field shows the number of references to the route. It indicates how many routes are using this particular route entry.
  7. Use: This field displays the number of lookups performed on this route. It indicates how many times this route has been used.
  8. Iface/Interface: This field specifies the network interface through which packets should be sent to reach the destination. It indicates the outgoing interface for the route.
  9. Scope: This field defines the scope of the route, which determines where the route is valid. Common values include:
    • global: The route is valid globally.
    • link: The route is only valid on the local network segment.
    • host: The route is valid only for the specified host.

The ip route command provides a comprehensive view of the system’s routing table, allowing administrators to understand how packets are being routed and to configure routing behavior as needed.

Linux: ifconfig command

Posted on by
Reply

The ifconfig command in Linux (and other Unix-like operating systems) is used to display and configure network interfaces. When you execute the ifconfig command without any arguments, it typically shows information about all active network interfaces on your system. Here’s a breakdown of the data you typically see:

  1. Interface Name (eth0, wlan0, etc.): This is the name of the network interface. It could be a physical interface like Ethernet (eth0, eth1, etc.) or a wireless interface (wlan0, wlan1, etc.).
  2. Link encap: This indicates the type of encapsulation method used on the interface, such as Ethernet, Loopback, or Point-to-Point.
  3. HWaddr (Hardware Address): This is the MAC (Media Access Control) address of the network interface, which uniquely identifies it on the network.
  4. inet: This shows the IPv4 address assigned to the interface. If the interface is configured with an IPv4 address, you’ll see it listed here.
  5. inet6: If IPv6 is enabled on the interface, this field will display the IPv6 address assigned to the interface.
  6. Netmask: This indicates the subnet mask associated with the IPv4 address. It determines the size of the network segment the device is on.
  7. broadcast: This displays the broadcast address for the network segment the interface is connected to. It’s used for broadcasting messages to all devices on the same network.
  8. inet6 addr: Similar to the inet field, but for IPv6 addresses.
  9. Scope: This indicates the scope of the IP address, whether it’s global, link-local, site-local, etc.
  10. RX packets/TX packets: These show the number of packets received (RX) and transmitted (TX) by the interface since it was activated or the statistics were last cleared.
  11. RX bytes/TX bytes: These display the number of bytes received (RX) and transmitted (TX) by the interface.
  12. MTU: This stands for Maximum Transmission Unit, which is the largest packet size allowed on the interface without fragmentation.
  13. RX errors/TX errors: These indicate the number of errors encountered while receiving (RX) or transmitting (TX) packets.
  14. Collisions: This shows the number of collisions detected on the interface. Collisions occur when two devices attempt to transmit data simultaneously on a shared network segment.

The output of ifconfig may vary slightly depending on the version of the tool and the Linux distribution you’re using. Some distributions are moving towards using the ip command instead of ifconfig, as it provides more features and is more powerful.

Linux: display World Wide Port Names (WWPNs)

Posted on by
Reply

To display World Wide Port Names (WWPNs) and other information about Fibre Channel (FC) adapters on a Linux system, you can use various commands depending on the tools available on your system. Here are a few common methods:

  1. Using lsscsi and sg_map commands:This method requires the lsscsi and sg_map utilities, which are commonly available on many Linux distributions.sudo lsscsi -g This command lists SCSI devices, including Fibre Channel adapters. Note down the device corresponding to your Fibre Channel adapter.Then, use sg_map to map SCSI generic (sg) device names to WWPNs:sudo sg_map -i This command will show the mapping of SCSI generic devices to WWPNs and other information.
  2. Using systool:On systems with sysfs support, you can use the systool command to display information about Fibre Channel adapters:sudo systool -c fc_host -v This command lists information about Fibre Channel host adapters, including WWPNs and other details.
  3. Using fcinfo (For systems with Emulex HBAs):If you’re using Emulex HBAs, you can use the fcinfo command:sudo fcinfo <adapter_name> Replace <adapter_name> with the name of your Fibre Channel adapter (e.g., lpfc0). This command will display detailed information about the adapter, including WWPNs.
  4. Using scli (For systems with QLogic HBAs):If you’re using QLogic HBAs, you can use the scli command:sudo scli -p <port_number> -g Replace <port_number> with the port number of your Fibre Channel adapter (e.g., 0). This command will display detailed information about the HBA, including WWPNs.

Choose the method that best fits your system configuration and the tools available. These commands should provide you with the necessary information about WWPNs and other details of your Fibre Channel adapters on Linux.

Linux: How to use nmcli to display current network configuraton and reconfigure a network adapter

Posted on by
Reply

nmcli is a command-line tool used to interact with NetworkManager, a network management daemon used in many Linux distributions. It allows you to view and configure network settings. Here’s how you can use nmcli to display the current network configuration and reconfigure a network adapter:

  1. Display Current Network Configuration:You can use nmcli to display the current network configuration:nmcli connection show This command will list all network connections along with their configuration details.
  2. Display Detailed Information about a Specific Connection:To view detailed information about a specific connection, such as the IP address, gateway, DNS servers, etc., use:nmcli connection show <connection_name> Replace <connection_name> with the name of the connection you want to inspect.
  3. Reconfigure a Network Adapter:To reconfigure a network adapter, you can modify its settings directly using nmcli. Here’s a basic example to set a static IP address:nmcli connection modify <connection_name> ipv4.addresses <ip_address>/<subnet_mask> ipv4.gateway <gateway_address> ipv4.dns <dns_server> Replace <connection_name>, <ip_address>, <subnet_mask>, <gateway_address>, and <dns_server> with appropriate values.For example:nmcli connection modify "Wired Connection 1" ipv4.addresses 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.dns 8.8.8.8 This command modifies the “Wired Connection 1” connection to use the specified static IP address, subnet mask, gateway, and DNS server.
  4. Apply Changes:After modifying the connection settings, apply the changes:nmcli connection up <connection_name> Replace <connection_name> with the name of the connection you modified.
  5. Verify Changes:Use nmcli connection show <connection_name> to verify that the changes have been applied successfully.

Remember to replace placeholders such as <connection_name>, <ip_address>, <subnet_mask>, <gateway_address>, and <dns_server> with actual values relevant to your network configuration. Additionally, ensure that you have appropriate permissions (usually root or sudo) to modify network settings.

Linux: Using lsblk and smartctl to display hard disk overall-health self-assessment

Posted on by
Reply

root@debian01:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1 259:0 0 476.9G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part /boot/efi
├─nvme0n1p2 259:2 0 488M 0 part /boot
└─nvme0n1p3 259:3 0 476G 0 part
└─nvme0n1p3_crypt 254:0 0 475.9G 0 crypt
├─debian01–vg-root 254:1 0 23.3G 0 lvm /
├─debian01–vg-var 254:2 0 9.3G 0 lvm /var
├─debian01–vg-swap_1 254:3 0 976M 0 lvm
├─debian01–vg-tmp 254:4 0 1.9G 0 lvm /tmp
└─debian01–vg-home 254:5 0 440.5G 0 lvm /home

root@debian01:~# smartctl -a –test=long /dev/nvme0n1
smartctl 7.3 2022-02-28 r5338 [x86_64-linux-6.1.0-18-amd64] (local build)
Copyright (C) 2002-22, Bruce Allen, Christian Franke, http://www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Number: SAMSUNG MZ9LQ512HBLU-00B00
Serial Number: S7DANXMW102944
Firmware Version: FXM7601Q
PCI Vendor/Subsystem ID: 0x144d
IEEE OUI Identifier: 0x002538
Total NVM Capacity: 512,110,190,592 [512 GB]
Unallocated NVM Capacity: 0
Controller ID: 5
NVMe Version: 1.4
Number of Namespaces: 1
Namespace 1 Size/Capacity: 512,110,190,592 [512 GB]
Namespace 1 Utilization: 61,558,759,424 [61.5 GB]
Namespace 1 Formatted LBA Size: 512
Namespace 1 IEEE EUI-64: 002538 d130ba314d
Local Time is: Mon Mar 18 11:42:24 2024 CST
Firmware Updates (0x16): 3 Slots, no Reset required
Optional Admin Commands (0x0017): Security Format Frmw_DL Self_Test
Optional NVM Commands (0x005f): Comp Wr_Unc DS_Mngmt Wr_Zero Sav/Sel_Feat Timestmp
Log Page Attributes (0x1e): Cmd_Eff_Lg Ext_Get_Lg Telmtry_Lg Pers_Ev_Lg
Maximum Data Transfer Size: 512 Pages
Warning Comp. Temp. Threshold: 83 Celsius
Critical Comp. Temp. Threshold: 85 Celsius
Namespace 1 Features (0x10): NP_Fields

Supported Power States
St Op Max Active Idle RL RT WL WT Ent_Lat Ex_Lat
0 + 5.12W – – 0 0 0 0 0 0
1 + 3.59W – – 1 1 1 1 0 0
2 + 2.92W – – 2 2 2 2 0 500
3 – 0.0500W – – 3 3 3 3 210 1200
4 – 0.0050W – – 4 4 4 4 1000 9000

Supported LBA Sizes (NSID 0x1)
Id Fmt Data Metadt Rel_Perf
0 + 512 0 0

=== START OF SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

SMART/Health Information (NVMe Log 0x02)
Critical Warning: 0x00
Temperature: 51 Celsius
Available Spare: 100%
Available Spare Threshold: 50%
Percentage Used: 0%
Data Units Read: 181,599 [92.9 GB]
Data Units Written: 1,857,619 [951 GB]
Host Read Commands: 1,898,681
Host Write Commands: 48,222,637
Controller Busy Time: 238
Power Cycles: 75
Power On Hours: 52
Unsafe Shutdowns: 61
Media and Data Integrity Errors: 0
Error Information Log Entries: 0
Warning Comp. Temperature Time: 153
Critical Comp. Temperature Time: 3
Temperature Sensor 1: 51 Celsius
Thermal Temp. 1 Transition Count: 1236
Thermal Temp. 2 Transition Count: 1014
Thermal Temp. 1 Total Time: 2672
Thermal Temp. 2 Total Time: 12386

Error Information (NVMe Log 0x01, 16 of 64 entries)
No Errors Logged

root@debian01:~#

Linux: Steps involved in updating the Linux kernel

Posted on by
Reply

Updating the Linux kernel involves several steps to ensure a smooth and successful process. Here’s a general overview of the steps involved in updating the Linux kernel:

  1. Check Current Kernel Version:
    • Before updating the kernel, check the current kernel version using the uname command:bashCopy codeuname -r
    • Note down the current kernel version to compare it with the new kernel version after the update.
  2. Backup Important Data:
    • Although updating the kernel typically doesn’t affect user data directly, it’s always a good practice to back up important data before making any system-level changes.
  3. Check for Available Updates:
    • Use your package manager to check for available kernel updates. The commands vary depending on your Linux distribution:
      • For Debian/Ubuntu-based systems:sqlCopy codesudo apt update sudo apt list --upgradable
      • For CentOS/RHEL-based systems:sqlCopy codesudo yum check-update
      • For Fedora:sqlCopy codesudo dnf check-update
  4. Install the New Kernel:
    • Once you’ve identified available kernel updates, install the new kernel using your package manager. Be sure to install both the kernel image and kernel headers (if required):
      • For Debian/Ubuntu-based systems:phpCopy codesudo apt install linux-image-<version> linux-headers-<version>
      • For CentOS/RHEL-based systems:Copy codesudo yum install kernel
      • For Fedora:Copy codesudo dnf install kernel
  5. Update Boot Loader Configuration:
    • After installing the new kernel, update the boot loader configuration to include the new kernel entry. This ensures that the system can boot into the updated kernel.
      • For GRUB (used in most Linux distributions):bashCopy codesudo update-grub # Debian/Ubuntu-based sudo grub2-mkconfig -o /boot/grub2/grub.cfg # CentOS/RHEL-based
      • For systemd-boot (used in some distributions):sqlCopy codesudo bootctl update
  6. Reboot the System:
    • Once the new kernel is installed and the boot loader configuration is updated, reboot the system to load the updated kernel:Copy codesudo reboot
  7. Verify Kernel Update:
    • After rebooting, log in to the system and verify that the new kernel is running:bashCopy codeuname -r
  8. Test System Functionality:
    • Test various system functionalities and applications to ensure that they work correctly with the new kernel.
    • Pay attention to any hardware drivers or kernel modules that may require reinstallation or configuration adjustments.
  9. Monitor System Stability:
    • Monitor system stability and performance over time to ensure that the new kernel update doesn’t introduce any issues or regressions.
  10. Rollback (If Necessary):
    • In case the new kernel causes issues or compatibility problems, you can roll back to the previous kernel version.
    • Most boot loaders allow you to select the kernel version to boot from during system startup. Choose the previous kernel version from the boot menu to boot into it.

By following these steps, you can safely update the Linux kernel on your system while minimizing the risk of downtime or compatibility issues.

Linux: How to replace a bad disk on a Linux RAID configuration

Posted on by
Reply

Replacing a failed disk in a Linux RAID configuration involves several steps to ensure that the array remains operational and data integrity is maintained. Below is a step-by-step guide on how to replace a bad disk in a Linux RAID configuration using the mdadm utility:

  1. Identify the Failed Disk:
    • Use the mdadm --detail /dev/mdX command to display detailed information about the RAID array.
    • Look for the state of each device in the array to identify the failed disk.
    • Note the device name (e.g., /dev/sdX) of the failed disk.
  2. Prepare the New Disk:
    • Insert the new disk into the system and ensure it is recognized by the operating system.
    • Partition the new disk using a partitioning tool like fdisk or parted. Create a Linux RAID (type FD) partition on the new disk.
  3. Add the New Disk to the RAID Array:
    • Use the mdadm --manage /dev/mdX --add /dev/sdX1 command to add the new disk to the RAID array.
    • Replace /dev/mdX with the name of your RAID array and /dev/sdX1 with the partition name of the new disk.
    • This command starts the process of rebuilding the RAID array onto the new disk.
  4. Monitor the Rebuild Process:
    • Monitor the rebuild process using the mdadm --detail /dev/mdX command.
    • Check the progress and status of the rebuild operation to ensure it completes successfully.
    • The rebuild process may take some time depending on the size of the RAID array and the performance of the disks.
  5. Verify RAID Array Status:
    • After the rebuild process completes, verify the status of the RAID array using the mdadm --detail /dev/mdX command.
    • Ensure that all devices in the array are in the “active sync” state and that there are no errors or warnings.
  6. Update Configuration Files:
    • Update configuration files such as /etc/mdadm/mdadm.conf to ensure that the new disk is recognized and configured correctly in the RAID array.
  7. Perform Testing and Verification:
    • Perform thorough testing to ensure that the RAID array is functioning correctly and that data integrity is maintained.
    • Test read and write operations on the array to verify its performance and reliability.
  8. Optional: Remove the Failed Disk:
    • Once the rebuild process is complete and the RAID array is fully operational, you can optionally remove the failed disk from the array using the mdadm --manage /dev/mdX --remove /dev/sdX1 command.
    • This step is optional but can help clean up the configuration and remove any references to the failed disk.

By following these steps, you can safely replace a bad disk in a Linux RAID configuration using the mdadm utility while maintaining data integrity and ensuring the continued operation of the RAID array.

What is RAID and how do you configure it in Linux?

Posted on by
Reply

RAID (Redundant Array of Independent Disks) is a technology used to combine multiple physical disk drives into a single logical unit for data storage, with the goal of improving performance, reliability, or both. RAID arrays distribute data across multiple disks, providing redundancy and/or improved performance compared to a single disk.

There are several RAID levels, each with its own characteristics and benefits. Some common RAID levels include RAID 0, RAID 1, RAID 5, RAID 6, and RAID 10. Each RAID level uses a different method to distribute and protect data across the disks in the array.

Here’s a brief overview of some common RAID levels:

  1. RAID 0 (Striping):
    • RAID 0 offers improved performance by striping data across multiple disks without any redundancy.
    • It requires a minimum of two disks.
    • Data is distributed evenly across all disks in the array, which can improve read and write speeds.
    • However, there is no redundancy, so a single disk failure can result in data loss for the entire array.
  2. RAID 1 (Mirroring):
    • RAID 1 provides redundancy by mirroring data across multiple disks.
    • It requires a minimum of two disks.
    • Data written to one disk is simultaneously written to another disk, providing redundancy in case of disk failure.
    • RAID 1 offers excellent data protection but doesn’t provide any performance benefits compared to RAID 0.
  3. RAID 5 (Striping with Parity):
    • RAID 5 combines striping with parity data to provide both improved performance and redundancy.
    • It requires a minimum of three disks.
    • Data is striped across multiple disks, and parity information is distributed across all disks.
    • If one disk fails, data can be reconstructed using parity information stored on the remaining disks.
  4. RAID 6 (Striping with Dual Parity):
    • RAID 6 is similar to RAID 5 but includes an additional level of redundancy.
    • It requires a minimum of four disks.
    • RAID 6 can tolerate the failure of up to two disks simultaneously without data loss.
    • It provides higher fault tolerance than RAID 5 but may have slightly lower performance due to the additional parity calculations.
  5. RAID 10 (Striping and Mirroring):
    • RAID 10 combines striping and mirroring to provide both improved performance and redundancy.
    • It requires a minimum of four disks.
    • Data is striped across mirrored sets of disks, offering both performance and redundancy benefits of RAID 0 and RAID 1.

To configure RAID in Linux, you typically use software-based RAID management tools provided by the operating system. The most commonly used tool for configuring RAID in Linux is mdadm (Multiple Device Administration), which is a command-line utility for managing software RAID devices.

Here’s a basic outline of the steps to configure RAID using mdadm in Linux:

  1. Install mdadm (if not already installed):sudo apt-get install mdadm # For Debian/Ubuntu sudo yum install mdadm # For CentOS/RHEL
  2. Prepare the disks:
    • Ensure that the disks you plan to use for RAID are connected and recognized by the system.
    • Partition the disks using a partitioning tool like fdisk or parted. Create Linux RAID (type FD) partitions on each disk.
  3. Create RAID arrays:
    • Use the mdadm command to create RAID arrays based on the desired RAID level.
    • For example, to create a RAID 1 array with two disks (/dev/sda and /dev/sdb):sudo mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1
  4. Format and mount the RAID array:
    • Once the RAID array is created, format it with a filesystem of your choice (e.g., ext4) using the mkfs command.
    • Mount the RAID array to a mount point in the filesystem.
  5. Update configuration files:
    • Update configuration files such as /etc/mdadm/mdadm.conf to ensure that the RAID array configuration is persistent across reboots.
  6. Monitor and manage RAID arrays:
    • Use mdadm commands to monitor and manage RAID arrays, such as adding or removing disks, checking array status, and replacing failed disks.

These are general steps for configuring software RAID using mdadm in Linux. The exact commands and procedures may vary depending on the specific RAID level and configuration requirements. It’s essential to refer to the documentation and guides specific to your Linux distribution and RAID configuration.