Skip to content

Latest commit

 

History

History
275 lines (196 loc) · 6.19 KB

4.Mon-tool.md

File metadata and controls

275 lines (196 loc) · 6.19 KB

1. Network

1.1 nmap

  • Cài đặt nmap
yum install nmap -y
  • Sacn các host active trong mạng
nmap -sP 192.168.1.0/24
  • ICMP Scaning : Sử dụng các câu lệnh để kiểm tra ICMP echo reply.
nmap -sn 192.168.88.11-255
  • Scan đầy đủ thông tin của host
nmap -A -T4 192.168.30.1
  • Xác định OS
nmap -O 192.168.50.1
  • Tạo socket và show packet
nmap --packet-trace 192.168.1.1
  • Scan port
nmap -p 80 192.168.1.1 ## Scan TCP port 80
  • Scan TCP Port
nmap -p T:53 192.168.50.1
  • Scan UDP port
nmap -p U:53 192.168.1.1
  • Scan bypass firewall
nmap --mtu 32 192.168.1.1

1.2. mtr

  • Sử dụng để traceroute đường đi đến host
  • Cài đặt mtr
yum install mtr -y
  • Report route và connection quality of traffic
mtr -rw google.com
  • Hiển thị theo IP
mtr -n google.com

1.3. tcpdump

  • Cài đặt tcpdump
yum install tcpdump -y
  • Capture paceker trên một interface
tcpdump -i ens192
  • Chỉ định số packet được theo dõi
tcpdump -c 10 -i ens192
  • Xem data của các packet được theo dõi dưới ASCII format
tcpdump -A -i ens192
  • Theo dõi packet từ IP nguồn
tcpdump -i ens192 src 192.169.100.140
  • Theo dõi packet theo IP đích
tcpdump -i ens192 dst 127.0.0.1
  • Theo dõi theo protocol
tcpdump -i ens192 tcp
  • Theo dõi theo port
tcpdump -i ens192 port 22

1.4. Netstat

  • Cài đặt
yum instal net-tools

  • network socket type :

    • A Unix domain socket or IPC socket (inter-process communication socket) is a data communications endpoint for exchanging data between processes executing on the same host operating system. Valid socket types in the UNIX domain are: SOCK_STREAM (compare to TCP), for a stream-oriented socket; SOCK_DGRAM (compare to UDP), for a datagram-oriented socket that preserves message boundaries (as on most UNIX implementations, UNIX domain datagram sockets are always reliable and don't reorder datagrams); and SOCK_SEQPACKET (compare to SCTP), for a sequenced-packet socket that is connection-oriented, preserves message boundaries, and delivers messages in the order that they were sent.[1] The Unix domain socket facility is a standard component of POSIX operating systems.
    • IP sockets (especially TCP/IP sockets) are a mechanism allowing communication between processes over the network. In some cases, you can use TCP/IP sockets to talk with processes running on the same computer (by using the loopback interface).

  • When using localhost loopback, it stands to reason that memory copy operations are the main factor of throughput, as frames are copied from the source-application memory, then between TCP layers and finally to the memory of the target-application.

  • Các option phổ biến

    • l : hiển thị các socket đang ở trạng thái chờ
    • a : hiển thị các socket đang ở trạng thái listening và đã kết nối
    • p : hiển thị PID và name của chương trình của socket
    • protocol : hiển thị theo kiểu connect
    • e : hiển thị thêm các thông tin bổ sung

1.5. ifup

  • Real time top-like command line based network bandwidth monitoring tool
  • Cài đặt
yum install -y epel-release
yum install -y iftop

1.6. nload

  • nload is a another simple, easy to use command-line tool for monitoring network traffic and bandwidth usage in real time.
  • Cài đặt
yum install epel-release
yum install nload
  • Hiển thị theo interface
nload ens192
  • Hiển thị multi interface
nload -m ens224 ens192 br-int ens224

1.7. lsof - list open file

  • An open file may be a regular file, a directory, a block special file, a character special file, an executing text reference, a library, a stream or a network file (Internet socket, NFS file or UNIX domain socket.) A specific file or all the files in a file system may be selected by path.

  • Cài đặt

yum install -y lsof
  • Tìm các file được bắt đầu bởi command
lsof -c nova-compute
  • List các file network
lsof -i
  • Ngoài ra hỗ trợ lọc các kết nối network
[46][protocol][@hostname|hostaddr][:service|port]
  • List file network theo service
lsof -i:smtp 
lsof -i:25
  • List file network theo địa chỉ IP và giao thức
lsof [email protected]:25
  • Liệt kê các file internet và unix
lsof -i -U
  • List file chỉ được Process ID
lsof -i -p 1

1.8. Command example

  • netstat -atn | awk '/tcp/ {print $6}' | sort | uniq -c - summary by state
  • ss -neopt state time-wait | wc -l - counters by a specific state: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listening, closing
  • netstat -st - tcp stats summary
  • nstat -a - human-friendly tcp stats summary
  • cat /proc/net/sockstat - summarized socket stats
  • cat /proc/net/tcp - detailed stats, see each field meaning at the kernel docs
  • cat /proc/net/netstat - ListenOverflows and ListenDrops are important fields to keep an eye on
  • cat /proc/net/netstat | awk '(f==0) { i=1; while ( i<=NF) {n[i] = $i; i++ }; f=1; next} \ (f==1){ i=2; while ( i<=NF){ printf "%s = %d\n", n[i], $i; i++}; f=0} ' | grep -v "= 0; a human readable /proc/net/netstat

2. System utilization

2.1. nmon

  • nmon is a systems administrator tool to get information about cpu, top process, memory and

  • Cài đặt

yum install nmon -y

2.2 Process View

  • Xem process dưới dạng cây
ps -ejH
ps axjf
pstree

2.3 glances

  • glances is an open source cross-platform monitoring tool. It provides tons of information on the small screen. It can also work in client/server mode.
  • Caài đặt
yum install glances

apt install nethogs