Here are some tool for privileged users: tcpdump, pathchar, and Sniffit and Ethereal sniffers.
Here are some system security pointers:
To list all your processes, enter: ps To list all processes, enter: ps aux
uname [-amnrsv] -a Displays all information specified with the -m, -n, -r, -s, and -v options. -m Displays the type of hardware running the system. -n Displays the name of the node (this may be a name that the system is known by to a communications network). -r Displays the release number of the operating system. -s Displays the name of the implementation of the operating system. (This option is on by default.) -v Displays the operating system version.
To kill a process with process id 21234 $ kill -KILL 21234 To stop a process with process id 21234 $ kill -STOP 21234 To resume a stopped process with process id 21234 $ kill -CONT 21234
Used with non text files, such as object and executable files, prints out all the strings oconsisting of at least 4 consecutive printable characters found in the file. strings [-ao] [-n number] [file...] -a Searches an entire object file, rather than just the initialized data space. -n number Sets the minimum string length to number rather than the default of 4. -o Precedes each string by its offset (in octal) in the file.
file filename Determines what kind of file filename is, if binary, text, if object file, if source in Java ..
strace command It executes the command printing out information about all the system calls it makes and signals it receives. With qualifiers you can obtain also information about the time taken in the calls and between the calls. For example strace -c a.out prints information and timing statistics for the program a.out
ipcs [-a|-bcopt] [-mqs] where -a Same as specifying the -b, -c, -o, -p, and -t options. -b Writes the maximum number of bytes in message queues, the size of seg- ments for shared memory, and the number of semaphores in each semaphore set. -c Writes the username and group name of the user that made the facility. -m Writes information about active shared memory segments. -o Writes the following usage information: Number of messages on queue Total number of bytes in message queues Number of processes attached to shared memory segments -p Writes the Process number of last process to attach or detach on shared memory segments -q Writes information about active message queues. -s Writes information about active semaphore set. -t Writes the following: Time of the last control operation that changed the access permis- sions for all facilities Time of the last msgsnd() and last msgrcv() on message queues Time of the last semop() on semaphore sets
ipcrm [-m shared_memory] [-M shared_memory_key] [-q message_queue] [-Q message_key] [-s semaphore_ID] [-S semaphore_key] where: -m shared_memory Removes the shared memory identifier shared_memory. The shared memory segment and data structure associated with shared_memory are also removed after the last detach operation. -M shared_memory_key Removes the shared memory identifier, created with key shared_memory_key. The shared memory segment and data structure associ- ated with it are also removed after the last detach. -q message_queue Removes the message queue identifier message_queue and the message queue and data structure associated with it. -Q message_key Removes the message queue identifier, created with key message_key, and the message queue and data structure associated with it. -s semaphore_ID Removes the semaphore identifier semaphore_ID and the set of semaphores and data structure associated with it. -S semaphore_key Removes the semaphore identifier, created with key semaphore_key, and the set of semaphores and data structure associated with it.
To produce the default display for network connections, enter: netstat To show the state of the configured interfaces, enter: $ netstat -i To show the routing tables, enter: $ netstat -r To show the routing tables with network addresses, enter: $ netstat -rn
To show information about all interfaces, enter: $ ifconfig -a To query the status of serial line interface sl0, enter: $ ifconfig sl0
To find the dotted decimal IP address of host name snowhite.cis.temple.edu $ nslookup snowhite.cis.temple.edu To find the hostname of the dotted decimal IP address 18.104.22.168 $ nslookup 22.214.171.124
To determine the status of host www.cs.stanford.edu: $ ping www.cs.stanford.edu To also have a record of the route to www.cs.stanford.edu: $ ping -R www.cs.stanford.edu
To find the route to host rtfm.mit.edu, enter: $ traceroute rtfm.mit.edu
To display all current ARP entries: $ arp -a
To list all open files, use: lsof To list all open Internet, x.25 (HP-UX), and UNIX domain files, use: lsof -i -U To list all files using any protocol on any port of snowhite.cis.temple.edu, use: lsof -i @snowhite.cis.temple.edu To find the process that has /u/abe/foo open, use: lsof /u/abe/foo To find any open file, including an open UNIX domain socket file, with the name /dev/log, use: lsof /dev/log To obtain PID and command name field output for each process, file descrip- tor, file device number, and file inode number for each file of each pro- cess, use: lsof -FpcfDi To find an IP version 4 socket file by its associated numeric dot-form address, use: lsof -firstname.lastname@example.org
iostat [drive...] [interval] [count] For example iostat 1 5 displays 5 status reports taken at 1 second intervals.
vmstat interval [count] vmstat [-f|-M|-P|-s] where: -f Displays only statistics about the number of forks since system startup (see the fork() call). -P Displays accumulated statistics about physical memory use. -s Displays accumulated statistics along with the page size.
To display the disk usage of a directory tree and each of its sub- trees, enter: $ du /u/fran To display the disk usage of each file, enter: $ du -a /u/fran To display only the total disk usage of a directory tree, enter: $ du -rs /u/fran