/l3/users/eb/2009/linux3/user :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Вторник (06/02/09)

/dev/pts/4
10:21:37
#mii-tool eth0
eth0: 100 Mbit, full duplex, no link
10:21:39
#mii-tool -F 10baseT-FD










10:21:58




#mii-tool eth0


eth0: 10 Mbit, full duplex, link ok











10:22:00




#mii-tool eth0


eth0: 10 Mbit, full duplex, link ok











10:22:17




#mii-tool eth0 -к





mii-tool: invalid option -- 'Ð'
mii-tool: invalid option -- 'º'
usage: mii-tool [-VvRrwl] [-A media,... | -F media] [interface ...]
       -V, --version               display version information
       -v, --verbose               more verbose output
       -R, --reset                 reset MII to poweron state
       -r, --restart               restart autonegotiation
       -w, --watch                 monitor for link status changes
       -l, --log                   with -w, write events to syslog
       -A, --advertise=media,...   advertise only specified media
       -F, --force=media           force specified media technology
media: 1000baseTx-HD, 1000baseTx-FD,
       100baseT4, 100baseTx-FD, 100baseTx-HD,
       10baseT-FD, 10baseT-HD,
       (to advertise both HD and FD) 1000baseTx, 100baseTx, 10baseT











10:24:57




#mii-tool eth0 -Ðr


restarting autonegotiation...











10:25:00




#mii-tool eth0


eth0: no link











10:25:02




#mii-tool eth0


eth0: negotiated 1000baseT-FD flow-control, link ok











10:25:05




#ьmidiag





bash: midiag: command not found











10:26:58




#apt-file update


Downloading complete file http://127.0.0.1:9999/debian/dists/sid/Contents-i386.gz











10:28:18




#apt-file search mii


hwb: /usr/share/doc/hwb/html/connector/network/mii.html
iceape-dev: /usr/include/iceape/transformiix/nsIXFormsUtilityService.h
iceape-dev: /usr/include/iceape/transformiix/nsIXFormsXPathEvaluator.h
icedove: /usr/lib/icedove/components/libtransformiix.so
icedove-dbg: /usr/lib/debug/usr/lib/icedove/components/libtransformiix.so
icedove-dev: /usr/include/icedove/transformiix/nsIXFormsUtilityService.h
icedove-dev: /usr/include/icedove/transformiix/nsIXFormsXPathEvaluator.h
iceowl: /usr/lib/iceowl/components/libtransformiix.so
iceowl-dev: /usr/include/iceowl/transformiix/nsIXFormsUtilityService.h
iceowl-dev: /usr/include/iceowl/transformiix/nsIXFormsXPathEvaluator.h
...
wmii2-doc: /usr/share/doc/wmii2-doc/pdf/beginnersguide-en.pdf.gz
wmii2-doc: /usr/share/doc/wmii2-doc/pdf/beginnersguide-es.pdf.gz
wmii2-doc: /usr/share/doc/wmii2-doc/pdf/beginnersguide-it.pdf.gz
wmii2-doc: /usr/share/doc/wmii2-doc/ps/beginnersguide-de.ps.gz
wmii2-doc: /usr/share/doc/wmii2-doc/ps/beginnersguide-en.ps.gz
wmii2-doc: /usr/share/doc/wmii2-doc/ps/beginnersguide-es.ps.gz
wmii2-doc: /usr/share/doc/wmii2-doc/ps/beginnersguide-it.ps.gz
yorick-data: /usr/share/yorick/i/fermii.i
zsh: /usr/share/zsh/functions/Completion/Linux/_mii-tool
zsh-beta: /usr/share/zsh-beta/functions/Completion/Linux/_mii-tool











10:28:34




#apt-get install mii-diag


Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  portmap
Use 'apt-get autoremove' to remove them.
Suggested packages:
  nictools-pci nictools-nopci
The following NEW packages will be installed:
  mii-diag
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 19.0kB of archives.
After this operation, 57.3kB of additional disk space will be used.
Get:1 http://127.0.0.1 sid/main mii-diag 2.11-2 [19.0kB]
Fetched 19.0kB in 0s (228kB/s)
Selecting previously deselected package mii-diag.
(Reading database ... 55411 files and directories currently installed.)
Unpacking mii-diag (from .../mii-diag_2.11-2_i386.deb) ...
Processing triggers for man-db ...
Setting up mii-diag (2.11-2) ...











10:29:10




#mii-diag eth0


Basic registers of MII PHY #0:  3100 792d 02a8 0380 0de1 c1e1 000d 2801.
 The autonegotiated capability is 01e0.
The autonegotiated media type is 100baseTx-FD.
 Basic mode control register 0x3100: Auto-negotiation enabled.
 You have link beat, and everything is working OK.
 Your link partner advertised c1e1: 100baseTx-FD 100baseTx 10baseT-FD 10baseT.
   End of basic transceiver information.











10:29:34




#mii-tool eth0


eth0: negotiated 1000baseT-FD flow-control, link ok











10:29:55




#lspci


00:00.0 Host bridge: Intel Corporation 82865G/PE/P DRAM Controller/Host-Hub Interface (rev 02)
00:02.0 VGA compatible controller: Intel Corporation 82865G Integrated Graphics Controller (rev 02)
00:03.0 PCI bridge: Intel Corporation 82865G/PE/P PCI to CSA Bridge (rev 02)
00:1d.0 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #1 (rev 02)
00:1d.1 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #2 (rev 02)
00:1d.2 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #3 (rev 02)
00:1d.3 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #4 (rev 02)
00:1d.7 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB2 EHCI Controller (rev 02)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev c2)
00:1f.0 ISA bridge: Intel Corporation 82801EB/ER (ICH5/ICH5R) LPC Interface Bridge (rev 02)
00:1f.1 IDE interface: Intel Corporation 82801EB/ER (ICH5/ICH5R) IDE Controller (rev 02)
00:1f.2 IDE interface: Intel Corporation 82801EB (ICH5) SATA Controller (rev 02)
00:1f.3 SMBus: Intel Corporation 82801EB/ER (ICH5/ICH5R) SMBus Controller (rev 02)
00:1f.5 Multimedia audio controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) AC'97 Audio Controller (rev 02)
01:01.0 Ethernet controller: Intel Corporation 82547EI Gigabit Ethernet Controller











10:31:12




#find /sys -name \*01:01.0\*


/sys/devices/pci0000:00/0000:00:03.0/0000:01:01.0
/sys/bus/pci/devices/0000:01:01.0
/sys/bus/pci/drivers/e1000/0000:01:01.0











10:31:57




#find /sys -name \*01:01.0\* | grep driver


/sys/bus/pci/drivers/e1000/0000:01:01.0











10:32:24




#modinfo e1000


filename:       /lib/modules/2.6.29-2-686/kernel/drivers/net/e1000/e1000.ko
version:        7.3.21-k3-NAPI
license:        GPL
description:    Intel(R) PRO/1000 Network Driver
author:         Intel Corporation, <linux.nics@intel.com>
srcversion:     B63893FA4766AF8E0455964
alias:          pci:v00008086d000010B5sv*sd*bc*sc*i*
alias:          pci:v00008086d00001099sv*sd*bc*sc*i*
alias:          pci:v00008086d0000108Asv*sd*bc*sc*i*
alias:          pci:v00008086d0000107Csv*sd*bc*sc*i*
...
parm:           XsumRX:Disable or enable Receive Checksum offload (array of int)
parm:           TxIntDelay:Transmit Interrupt Delay (array of int)
parm:           TxAbsIntDelay:Transmit Absolute Interrupt Delay (array of int)
parm:           RxIntDelay:Receive Interrupt Delay (array of int)
parm:           RxAbsIntDelay:Receive Absolute Interrupt Delay (array of int)
parm:           InterruptThrottleRate:Interrupt Throttling Rate (array of int)
parm:           SmartPowerDownEnable:Enable PHY smart power down (array of int)
parm:           KumeranLockLoss:Enable Kumeran lock loss workaround (array of int)
parm:           copybreak:Maximum size of packet that is copied to a new buffer on receive (uint)
parm:           debug:Debug level (0=none,...,16=all) (int)











10:36:31




#apt-get install ethtool


Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  portmap
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  ethtool
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 68.4kB of archives.
After this operation, 262kB of additional disk space will be used.
Get:1 http://127.0.0.1 sid/main ethtool 6+20090307-1 [68.4kB]
Fetched 68.4kB in 0s (573kB/s)
Selecting previously deselected package ethtool.
(Reading database ... 55416 files and directories currently installed.)
Unpacking ethtool (from .../ethtool_6+20090307-1_i386.deb) ...
Processing triggers for man-db ...
Setting up ethtool (6+20090307-1) ...











10:36:51




#ethtool





ethtool: bad command line argument(s)
For more information run ethtool -h











10:37:26




#ethtool --help


ethtool version 6git
Usage:
ethtool DEVNAME Display standard information about device
        ethtool -s|--change DEVNAME     Change generic options
                [ speed %%d ]
                [ duplex half|full ]
                [ port tp|aui|bnc|mii|fibre ]
                [ autoneg on|off ]
                [ advertise %%x ]
                [ phyad %%d ]
...
        ethtool -p|--identify DEVNAME   Show visible port identification (e.g. blinking)
               [ TIME-IN-SECONDS ]
        ethtool -t|--test DEVNAME       Execute adapter self test
               [ online | offline ]
        ethtool -S|--statistics DEVNAME Show adapter statistics
        ethtool -n|--show-nfc DEVNAME   Show Rx network flow classificationoptions
                [ rx-flow-hash tcp4|udp4|ah4|sctp4|tcp6|udp6|ah6|sctp6 ]
        ethtool -N|--config-nfc DEVNAME Configure Rx network flow classification options
                [ rx-flow-hash tcp4|udp4|ah4|sctp4|tcp6|udp6|ah6|sctp6 p|m|v|t|s|d|f|n|r... ]
        ethtool -h|--help DEVNAME       Show this help











10:37:30




#ping --help





ping: invalid option -- '-'
Usage: ping [-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline]
            [-p pattern] [-s packetsize] [-t ttl] [-I interface or address]
            [-M mtu discovery hint] [-S sndbuf]
            [ -T timestamp option ] [ -Q tos ] [hop1 ...] destination











/dev/pts/2
10:38:19




$sudo ethtool -s eth0 speed 1000 autoneg off duplex full


[sudo] password for user:











10:39:23




$sudo ethtool -s eth0 speed 10 autoneg off duplex full












10:40:01




$sudo ethtool -s eth0 speed 1000 autoneg off duplex full


[sudo] password for user:











/dev/pts/4
10:46:23




#ping -f 192.168.15.254


PING 192.168.15.254 (192.168.15.254) 56(84) bytes of data.
...........................................................................................................................................................................................................................................................................................................................................................................................................^C
--- 192.168.15.254 ping statistics ---
6729 packets transmitted, 6334 received, 5% packet loss, time 36413ms
rtt min/avg/max/mdev = 2.159/4.873/64.123/2.993 ms, pipe 6, ipg/ewma 5.412/5.867 ms











10:47:32




#ping -f -s 1400 192.168.15.254


PING 192.168.15.254 (192.168.15.254) 1400(1428) bytes of data.
..............................................................................................................................................................................................................................................................................................................................................................................................................^C
--- 192.168.15.254 ping statistics ---
1877 packets transmitted, 633 received, 66% packet loss, time 22233ms
rtt min/avg/max/mdev = 3.807/18.896/203.340/36.752 ms, pipe 17, ipg/ewma 11.851/59.908 ms











10:49:11




#ping -f -s 1400 192.168.15.11


PING 192.168.15.11 (192.168.15.11) 1400(1428) bytes of data.
...^C
--- 192.168.15.11 ping statistics ---
5719 packets transmitted, 5716 received, 0% packet loss, time 15837ms
rtt min/avg/max/mdev = 2.525/2.678/5.301/0.091 ms, ipg/ewma 2.769/2.678 ms











10:49:58




#ping -f -s 1400 10.0.35.100


PING 10.0.35.100 (10.0.35.100) 1400(1428) bytes of data.
...............................................................................................................................................................................................................................................................................................................................................................................................................^
--- 10.0.35.100 ping statistics ---
3405 packets transmitted, 2306 received, 32% packet loss, time 20291ms
rtt min/avg/max/mdev = 2.854/2.990/3.417/0.129 ms, ipg/ewma 5.961/3.126 ms











10:50:50




#ping -f 10.0.35.120





PING 10.0.35.120 (10.0.35.120) 56(84) bytes of data.
..............................................................................................................................................................................................................................................................................................................................................................................................................E.
--- 10.0.35.120 ping statistics ---
6685 packets transmitted, 0 received, +6218 errors, 100% packet loss, time 12691ms
, pipe 3











10:51:11




#apt-cache search icmp tunnel


icmptx - Tunnel IP over ICMP
ptunnel - Tunnel TCP connections over ICMP packets











10:54:18




#apt-cache search scapy


python-scapy - Packet generator/sniffer and network scanner/discovery











11:02:37




#apt-cache search python-scapy


python-scapy - Packet generator/sniffer and network scanner/discovery











11:03:32




#apt-get install python-scapy


Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  portmap
Use 'apt-get autoremove' to remove them.
Suggested packages:
  imagemagick python-gnuplot python-crypto python-pyx ebtables python-visual sox xpdf gv
The following NEW packages will be installed:
  python-scapy
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 131kB of archives.
After this operation, 741kB of additional disk space will be used.
Get:1 http://127.0.0.1 sid/main python-scapy 2.0.0.5-1 [131kB]
Fetched 131kB in 17s (7425B/s)
Selecting previously deselected package python-scapy.
(Reading database ... 55428 files and directories currently installed.)
Unpacking python-scapy (from .../python-scapy_2.0.0.5-1_all.deb) ...
Processing triggers for man-db ...
Setting up python-scapy (2.0.0.5-1) ...
Processing triggers for python-support ...











11:04:42




#dpkg -L python-scapy | grep bin


/usr/bin
/usr/bin/scapy











11:04:51




#scapy


Welcome to Scapy (2.0.0.5 beta)
>>> help
Type help() for interactive help, or help(object) for help about object.
>>> help()
Welcome to Python 2.5!  This is the online help utility.
If this is your first time using Python, you should definitely check out
the tutorial on the Internet at http://www.python.org/doc/tut/.
Enter the name of any module, keyword, or topic to get help on writing
Python programs and using Python modules.  To quit this help utility and
return to the interpreter, just type "quit".
...
Enter any module name to get more help.  Or, type "modules spam" to search
for modules whose descriptions contain the word "spam".
help> quit
You are now leaving help and returning to the Python interpreter.
If you want to ask for help on a particular object directly from the
interpreter, you can type "help(object)".  Executing "help('string')"
has the same effect as typing a particular string at the help> prompt.
>>> quit
Use quit() or Ctrl-D (i.e. EOF) to exit
>>> quit()











/dev/pts/2
11:14:45




$sudo traceroute -n 192.168.102.1


[sudo] password for user:
traceroute to 192.168.102.1 (192.168.102.1), 30 hops max, 60 byte packets
 1  192.168.102.1  0.046 ms  0.020 ms  0.017 ms











/dev/pts/4
11:14:58




#mtr crimea-board.info


                                                      My traceroute  [v0.75]
                                                                                                         Tue Jun  2 11:17:29 2009
linux4 (0.0.0.0)
Keys:  Help   Display mode   Restart statistics   Order of fields   quit                 Packets               Pings
                                                                                       Loss%   Snt   Last   Avg  Best  Wrst StDev
 Host                                                                                   0.0%   136    0.7   1.4   0.7  57.2   5.2
    10.0.35.1                                                                           0.0%   136    0.2   0.2   0.2   0.5   0.0
 2. 192.168.70.1                                                                       93.3%   136   67.6  18.9   5.7  67.6  20.0
 3. ip.194.150.93.65.veer.net.ua                                                       94.8%   136  106.8  32.4   7.6 106.8  36.2
 4. uplink-uaix.veer.net.ua                                                             0.0%   136   15.6  84.1   8.1 630.1 103.6
 5. 217.27.155.29.sitel.com.ua                                                          0.0%   136   16.3  95.4   6.8 714.4 126.7
 6. itsystems-10G-gw.ix.net.ua                                                          0.0%   135   29.5 109.2   9.1 216.0  43.7
 7. 195.3.245.137                                                                       0.0%   135   26.5 106.4  21.9 250.0 126.0
 8. 193.238.110.93                                                                      0.0%   135   29.8 112.6  23.9 560.3 128.0
 9. 193.238.109.57                                                                      0.0%   135   46.1 129.4  22.7 488.7 140.9
10. crimea-board.info                                                                   0.0%   135   38.1 131.4  23.8 729.4 136.1
11. ???                                                                                             747.2 117.7       747.2 132.6
                                                                                                    688.7 131.8       648.5 126.5











11:20:43




#traceroute -I -U crimea-board.info


traceroute to crimea-board.info (193.238.109.9), 30 hops max, 60 byte packets
 1  192.168.15.254 (192.168.15.254)  0.856 ms  1.081 ms  1.291 ms
 2  10.0.35.1 (10.0.35.1)  0.141 ms  0.110 ms  0.167 ms
 3  * * *
 4  * * *
 5  uplink-uaix.veer.net.ua (194.150.92.14)  16.728 ms  16.716 ms  16.687 ms
 6  217.27.155.29.sitel.com.ua (217.27.155.29)  16.618 ms  16.516 ms  16.445 ms
 7  itsystems-10G-gw.ix.net.ua (195.35.65.57)  16.350 ms  15.704 ms  23.072 ms
 8  195.3.245.137 (195.3.245.137)  32.842 ms  27.434 ms  35.733 ms
 9  193.238.110.93 (193.238.110.93)  41.798 ms  41.784 ms  41.747 ms
10  193.238.109.57 (193.238.109.57)  48.716 ms  56.154 ms  56.146 ms
11  crimea-board.info (193.238.109.9)  134.073 ms  124.263 ms  114.697 ms











11:21:11




#traceroute -U crimea-board.info


traceroute to crimea-board.info (193.238.109.9), 30 hops max, 60 byte packets
 1  192.168.15.254 (192.168.15.254)  0.852 ms  1.081 ms  1.293 ms
 2  10.0.35.1 (10.0.35.1)  0.147 ms  0.172 ms  0.144 ms
 3  * * *
 4  * * *
 5  uplink-uaix.veer.net.ua (194.150.92.14)  59.039 ms  59.031 ms  59.043 ms
 6  217.27.155.29.sitel.com.ua (217.27.155.29)  12.683 ms  58.820 ms  58.758 ms
 7  itsystems-10G-gw.ix.net.ua (195.35.65.57)  58.779 ms  58.085 ms  57.246 ms
 8  195.3.245.137 (195.3.245.137)  57.238 ms  94.579 ms  48.281 ms
 9  193.238.110.93 (193.238.110.93)  48.241 ms  48.199 ms  48.160 ms
10  193.238.109.57 (193.238.109.57)  48.058 ms  48.080 ms  48.043 ms
11  crimea-board.info (193.238.109.9)  112.200 ms  112.173 ms  64.209 ms











11:21:22




#traceroute -I crimea-board.info


traceroute to crimea-board.info (193.238.109.9), 30 hops max, 60 byte packets
 1  192.168.15.254 (192.168.15.254)  1.080 ms  1.359 ms  1.596 ms
 2  10.0.35.1 (10.0.35.1)  0.243 ms  0.260 ms  0.261 ms
 3  * * *
 4  * * *
 5  uplink-uaix.veer.net.ua (194.150.92.14)  21.991 ms  21.988 ms  22.044 ms
 6  217.27.155.29.sitel.com.ua (217.27.155.29)  21.966 ms  21.720 ms  21.745 ms
 7  itsystems-10G-gw.ix.net.ua (195.35.65.57)  21.640 ms  20.339 ms  20.269 ms
 8  195.3.245.137 (195.3.245.137)  37.123 ms  28.421 ms  37.499 ms
 9  193.238.110.93 (193.238.110.93)  37.505 ms  37.494 ms  37.485 ms
10  193.238.109.57 (193.238.109.57)  37.455 ms  37.444 ms  37.421 ms
11  crimea-board.info (193.238.109.9)  37.409 ms  27.754 ms  34.792 ms











11:21:33




#tracepath





bash: tracepath: command not found











11:23:37




#apt-file search trace


libace-dev: /usr/include/ace/os_include/os_trace.h
libace-doc: /usr/share/doc/libace-doc/examples/Misc/test_trace.cpp
libactivesupport-ruby1.8: /usr/lib/ruby/1.8/active_support/backtrace_cleaner.rb
libactivesupport-ruby1.9: /usr/lib/ruby/1.9.0/active_support/backtrace_cleaner.rb
libafterimage-dev: /usr/include/libAfterBase/trace.h
liballegro-doc: /usr/share/man/man3/al_trace.3alleg.gz
liballegro-doc: /usr/share/man/man3/register_trace_handler.3alleg.gz
liballegro-doc: /usr/share/man/man3/retrace_count.3alleg.gz
libapache-dbi-perl: /usr/share/doc/libapache-dbi-perl/traces.txt.gz
libapache2-mod-perl2-dev: /usr/include/apache2/modperl_trace.h
...
libnspr4-dev: /usr/include/nspr/prtrace.h
libocamlbricks-ocaml-dev: /usr/share/doc/libocamlbricks-ocaml-dev/html/api/code_ATTMemo.memo.trace.html
libocamlnet-ocaml-doc: /usr/share/doc/libocamlnet-ocaml-doc/html-main/Http_client.trace.html
libocamlnet-ocaml-doc: /usr/share/doc/libocamlnet-ocaml-doc/html-main/Http_client.trace_call.html
libocamlnet-ocaml-doc: /usr/share/doc/libocamlnet-ocaml-doc/html-main/type_Http_client.trace.html
libocamlnet-ocaml-doc: /usr/share/doc/libocamlnet-ocaml-doc/html-main/type_Http_client.trace_call.html
libomniorb4-dev: /usr/include/omniORB4/tracedthread.h
libopencascade-modeling-dev: /usr/include/opencascade/TopOpeBRepDS_traceDSX.hxx
libopencascade-modeling-dev: /usr/include/opencascade/TopOpeBRep_traceSIFF.hxx
libopencascade-visualization-dev: /usr/include/opencascade/OpenGl_traces.h











11:24:31




#apt-file search trace | grep bin


apt-forktracer: /usr/bin/apt-forktracer
auditd: /sbin/autrace
autotrace: /usr/bin/autotrace
bacula-common: /usr/sbin/btraceback
blktrace: /usr/sbin/blktrace
blktrace: /usr/sbin/btrace
dans-gdal-scripts: /usr/bin/gdal_trace_outline
dbndns: /usr/bin/dnstrace
dbndns: /usr/bin/dnstracesort
djbdns: /usr/bin/dnstrace
...
xen-utils-3.2-1: /usr/lib/xen-3.2-1/bin/xentrace_setsize
xen-utils-common: /usr/sbin/xentrace
xen-utils-common: /usr/sbin/xentrace_format
xen-utils-common: /usr/sbin/xentrace_setmask
xen-utils-common: /usr/sbin/xentrace_setsize
xen-utils-unstable: /usr/lib/xen-unstable/bin/xentrace
xen-utils-unstable: /usr/lib/xen-unstable/bin/xentrace_format
xen-utils-unstable: /usr/lib/xen-unstable/bin/xentrace_setmask
xen-utils-unstable: /usr/lib/xen-unstable/bin/xentrace_setsize
xtrace: /usr/bin/xtrace











11:25:09




#apt-file search ping | grep bin


aoetools: /sbin/aoeping
arping: /usr/sbin/arping
bcfg2-server: /usr/sbin/bcfg2-ping-sweep
beagle: /usr/bin/beagle-ping
beagle: /usr/share/beagle/webinterface/mappings.xml
bluez: /usr/bin/l2ping
camping: /usr/bin/camping
ctdb: /usr/bin/ping_pong
dhcping: /usr/sbin/dhcping
dnet-progs: /usr/bin/dnping
...
ssmping: /usr/bin/ssmping
ssmping: /usr/bin/ssmpingd
texlive-base-bin: /usr/bin/a2ping
texlive-base-bin: /usr/share/man/man1/a2ping.1.gz
xmltv-util: /usr/bin/tv_remove_some_overlapping
xymon: /usr/lib/hobbit/server/bin/hobbitping
zapping: /usr/bin/zapping
zapping: /usr/bin/zapping_remote
zapping: /usr/bin/zapping_setup_fb
zapping: /usr/sbin/zapping_setup_fb









прошло 12 минут




11:38:00




#ssh 192.168.102.2


The authenticity of host '192.168.102.2 (192.168.102.2)' can't be established.
RSA key fingerprint is 34:6c:c2:da:38:7c:d7:17:e9:cd:17:8d:e7:cf:f1:a6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.102.2' (RSA) to the list of known hosts.
root@192.168.102.2's password:
Permission denied, please try again.
root@192.168.102.2's password:
Linux linux4 2.6.29-2-686 #1 SMP Sun May 17 17:56:29 UTC 2009 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jun  1 14:32:48 2009 from linux3.unix.nt











11:44:57




#tcpdump -i eth0 not port 22


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:45:43.827291 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
^C
1 packets captured
1 packets received by filter
0 packets dropped by kernel











11:45:47




#tcpdump -n -i eth0 not port 22


11:45:54.124639 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [.], ack 1, win 92, options [nop,nop,TS val 1495634 ecr 689084701], length 0
11:45:54.125226 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [P.], seq 1:867, ack 1, win 92, options [nop,nop,TS val 1495634 ecr 689084701], length 866
11:45:54.125380 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [F.], seq 867, ack 1, win 92, options [nop,nop,TS val 1495634 ecr 689084701], length 0
11:45:54.184220 IP 194.150.93.78.18030 > 192.168.102.2.38643: Flags [.], ack 1, win 46, options [nop,nop,TS val 689084716 ecr 1495634,nop,nop,sack 1 {867:868}], length 0
11:45:54.184342 IP 194.150.93.78.18030 > 192.168.102.2.38643: Flags [.], ack 868, win 59, options [nop,nop,TS val 689084716 ecr 1495634], length 0
11:45:54.186109 IP 194.150.93.78.18030 > 192.168.102.2.38643: Flags [F.], seq 1, ack 868, win 59, options [nop,nop,TS val 689084716 ecr 1495634], length 0
11:45:54.186118 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1495649 ecr 689084716], length 0
11:46:13.978789 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
11:46:23.745512 IP 192.168.102.2.34915 > 10.0.35.1.53: 40456+ A? ya.ru. (23)
...
11:46:23.853780 IP 213.180.204.8 > 192.168.102.2: ICMP 213.180.204.8 udp port 33471 unreachable, length 68
11:46:23.853790 IP 213.180.204.8 > 192.168.102.2: ICMP 213.180.204.8 udp port 33475 unreachable, length 68
11:46:23.854583 IP 192.168.102.2.56358 > 10.0.35.1.53: 36284+ PTR? 8.204.180.213.in-addr.arpa. (44)
11:46:23.854978 IP 10.0.35.1.53 > 192.168.102.2.56358: 36284 1/2/2 (141)
11:46:33.678374 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 46
11:46:33.678385 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 28
^C
148 packets captured
148 packets received by filter
0 packets dropped by kernel











11:46:40




#tcpdump -i eth0 not port 22


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:46:44.155108 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
11:46:45.783966 IP 192.168.102.2.41500 > 10.0.35.1.domain: 53937+ A? xgu.ru. (24)
11:46:45.784327 IP 192.168.102.2.44225 > 10.0.35.1.domain: 1234+ PTR? 1.35.0.10.in-addr.arpa. (40)
11:46:45.784419 IP 10.0.35.1.domain > 192.168.102.2.41500: 53937 1/3/0 A 194.150.93.78 (106)
11:46:45.784522 IP 192.168.102.2.34207 > chub.in.18030: Flags [S], seq 3498674066, win 5840, options [mss 1460,sackOK,TS val 1508549 ecr 0,nop,wscale 6], length 0
11:46:45.784716 IP 10.0.35.1.domain > 192.168.102.2.44225: 1234 NXDomain 0/1/0 (117)
11:46:45.784775 IP 192.168.102.2.40212 > 10.0.35.1.domain: 24728+ PTR? 2.102.168.192.in-addr.arpa. (44)
...
11:46:45.836394 IP chub.in.18030 > 192.168.102.2.34207: Flags [F.], seq 1, ack 33018, win 501, options [nop,nop,TS val 689097631 ecr 1508558], length 0
11:46:45.836401 IP 192.168.102.2.34207 > chub.in.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1508562 ecr 689097631], length 0
11:47:14.307053 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
11:47:44.483343 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
^C
49 packets captured
49 packets received by filter
0 packets dropped by kernel











/dev/pts/2
11:47:35




$sudo traceroute -n -I -q1 crimea-board.info


traceroute to crimea-board.info (193.238.109.9), 30 hops max, 60 byte packets
 1  192.168.15.254  0.622 ms
 2  10.0.35.1  0.285 ms
 3  192.168.70.1  8.761 ms
 4  194.150.93.65  22.635 ms
 5  194.150.92.14  22.654 ms
 6  217.27.155.29  22.642 ms
 7  195.35.65.57  22.630 ms
 8  195.3.245.137  29.623 ms
 9  193.238.110.93  29.653 ms
10  193.238.109.57  37.457 ms
11  193.238.109.9  37.503 ms











/dev/pts/4
11:47:49




#exit


exit
Connection to 192.168.102.2 closed.











11:47:57




#vi /etc/hostname










11:48:14




#tcpdump -i eth0.102 -n not port 22


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:49:02.575972 IP 192.168.102.2.44529 > 10.0.35.100.33434: UDP, length 32
11:49:02.576032 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:49:02.576047 IP 192.168.102.2.37557 > 10.0.35.100.33435: UDP, length 32
11:49:02.576059 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:49:02.576065 IP 192.168.102.2.41596 > 10.0.35.100.33436: UDP, length 32
11:49:02.576072 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:49:02.576075 IP 192.168.102.2.47113 > 10.0.35.100.33437: UDP, length 32
11:49:02.576080 IP 192.168.102.2.45585 > 10.0.35.100.33438: UDP, length 32
...
11:49:05.752829 IP 192.168.102.2.34209 > 194.150.93.78.18030: Flags [F.], seq 837, ack 1, win 92, options [nop,nop,TS val 1543675 ecr 689132745], length 0
11:49:05.759371 IP 194.150.93.78.18030 > 192.168.102.2.34209: Flags [.], ack 837, win 59, options [nop,nop,TS val 689132746 ecr 1543675], length 0
11:49:05.763014 IP 194.150.93.78.18030 > 192.168.102.2.34209: Flags [F.], seq 1, ack 838, win 59, options [nop,nop,TS val 689132747 ecr 1543675], length 0
11:49:05.763100 IP 192.168.102.2.34209 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1543678 ecr 689132747], length 0
11:49:07.574206 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:49:07.574293 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
^C
49 packets captured
49 packets received by filter
0 packets dropped by kernel











11:49:09




#tcpdump -i eth0.102 -n not port 22


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:50:39.142326 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 1, length 40
11:50:39.142365 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:50:39.142379 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 2, length 40
11:50:39.142390 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:50:39.142396 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 3, length 40
11:50:39.142403 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:50:39.142408 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 4, length 40
11:50:39.142412 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 5, length 40
...
11:50:45.988541 IP 194.150.93.78.18030 > 192.168.102.2.34210: Flags [.], ack 1, win 46, options [nop,nop,TS val 689157806 ecr 1568734,nop,nop,sack 1 {840:841}], length 0
11:50:45.988628 IP 194.150.93.78.18030 > 192.168.102.2.34210: Flags [.], ack 841, win 59, options [nop,nop,TS val 689157806 ecr 1568734], length 0
11:50:45.990840 IP 194.150.93.78.18030 > 192.168.102.2.34210: Flags [F.], seq 1, ack 841, win 59, options [nop,nop,TS val 689157807 ecr 1568734], length 0
11:50:45.990918 IP 192.168.102.2.34210 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1568737 ecr 689157807], length 0
11:50:50.970210 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:50:50.970326 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
^C
65 packets captured
65 packets received by filter
0 packets dropped by kernel











11:51:09




#tcpdump -i eth0.102 -n not port 22


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:51:14.785114 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 1, length 40
11:51:14.785149 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:51:14.785164 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 2, length 40
11:51:14.785174 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 3, length 40
11:51:14.785177 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 4, length 40
11:51:14.785181 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 5, length 40
11:51:14.785183 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 6, length 40
11:51:14.785186 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 7, length 40
...
11:51:16.098427 IP 194.150.93.78.18030 > 192.168.102.2.50576: Flags [.], ack 1, win 46, options [nop,nop,TS val 689165334 ecr 1576262,nop,nop,sack 1 {785:786}], length 0
11:51:16.098511 IP 194.150.93.78.18030 > 192.168.102.2.50576: Flags [.], ack 786, win 58, options [nop,nop,TS val 689165334 ecr 1576262], length 0
11:51:16.103168 IP 194.150.93.78.18030 > 192.168.102.2.50576: Flags [F.], seq 1, ack 786, win 58, options [nop,nop,TS val 689165336 ecr 1576262], length 0
11:51:16.103251 IP 192.168.102.2.50576 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1576265 ecr 689165336], length 0
11:51:21.082209 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:51:21.082306 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
^C
55 packets captured
55 packets received by filter
0 packets dropped by kernel











11:51:24




#tcpdump -i eth0.102 -n not port 22


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:52:22.054210 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:52:22.054300 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
11:52:26.253438 IP 192.168.102.2.51202 > 10.0.35.1.53: 50315+ A? xgu.ru. (24)
11:52:26.253793 IP 10.0.35.1.53 > 192.168.102.2.51202: 50315 1/3/0 A 194.150.93.78 (106)
11:52:26.253981 IP 192.168.102.2.50577 > 194.150.93.78.18030: Flags [S], seq 247269307, win 5840, options [mss 1460,sackOK,TS val 1593804 ecr 0,nop,wscale 6], length 0
11:52:26.260042 IP 194.150.93.78.18030 > 192.168.102.2.50577: Flags [S.], seq 2815076957, ack 247269308, win 5792, options [mss 1460,sackOK,TS val 689182877 ecr 1593804,nop,wscale 7], length 0
11:52:26.260122 IP 192.168.102.2.50577 > 194.150.93.78.18030: Flags [.], ack 1, win 92, options [nop,nop,TS val 1593806 ecr 689182877], length 0
11:52:26.260269 IP 192.168.102.2.50577 > 194.150.93.78.18030: Flags [P.], seq 1:741, ack 1, win 92, options [nop,nop,TS val 1593806 ecr 689182877], length 740
...
11:52:36.366250 IP 192.168.102.2.50578 > 194.150.93.78.18030: Flags [P.], seq 1:741, ack 1, win 92, options [nop,nop,TS val 1596333 ecr 689185403], length 740
11:52:36.366266 IP 192.168.102.2.50578 > 194.150.93.78.18030: Flags [F.], seq 741, ack 1, win 92, options [nop,nop,TS val 1596333 ecr 689185403], length 0
11:52:36.375358 IP 194.150.93.78.18030 > 192.168.102.2.50578: Flags [.], ack 1, win 46, options [nop,nop,TS val 689185406 ecr 1596333,nop,nop,sack 1 {741:742}], length 0
11:52:36.375441 IP 194.150.93.78.18030 > 192.168.102.2.50578: Flags [.], ack 742, win 57, options [nop,nop,TS val 689185406 ecr 1596333], length 0
11:52:36.378233 IP 194.150.93.78.18030 > 192.168.102.2.50578: Flags [F.], seq 1, ack 742, win 57, options [nop,nop,TS val 689185407 ecr 1596333], length 0
11:52:36.378328 IP 192.168.102.2.50578 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1596336 ecr 689185407], length 0
^C
57 packets captured
57 packets received by filter
0 packets dropped by kernel











11:52:48




#tcpdump -i eth0.102 -n icmp


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:53:00.814042 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 1, length 40
11:53:00.814078 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:53:00.814091 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 2, length 40
11:53:00.814097 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 3, length 40
11:53:00.814101 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 4, length 40
11:53:00.814104 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 5, length 40
11:53:00.814107 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 6, length 40
11:53:00.814110 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 7, length 40
...
11:53:00.814626 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 14, length 40
11:53:00.814629 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 15, length 40
11:53:00.814690 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 16, length 40
11:53:00.814695 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 17, length 40
11:53:00.814699 IP 192.168.15.254 > 192.168.102.2: ICMP time exceeded in-transit, length 36
\
^C
34 packets captured
34 packets received by filter
0 packets dropped by kernel











/dev/pts/2
11:54:35




$sudo traceroute -n -I -q1 crimea-board.info


traceroute to crimea-board.info (193.238.109.9), 30 hops max, 60 byte packets
 1  192.168.15.254  0.642 ms
 2  10.0.35.1  2.585 ms
 3  192.168.70.1  19.033 ms
 4  194.150.93.65  47.188 ms
 5  194.150.92.14  46.967 ms
 6  217.27.155.29  46.703 ms
 7  195.35.65.57  46.435 ms
 8  195.3.245.137  46.231 ms
 9  193.238.110.93  45.942 ms
10  193.238.109.57  45.735 ms
11  193.238.109.9  45.483 ms











/dev/pts/4
11:54:41




#tcpdump -i eth0 -n icmp


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:54:58.380643 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 1, length 40
11:54:58.381263 IP 192.168.15.254 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:54:58.381840 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 2, length 40
11:54:58.382115 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 3, length 40
11:54:58.382515 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 4, length 40
11:54:58.382783 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 5, length 40
11:54:58.383041 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 6, length 40
11:54:58.383301 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 7, length 40
...
11:54:58.506733 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 21, length 40
11:54:58.506737 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 22, length 40
11:54:58.506739 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 23, length 40
11:54:58.506800 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 24, length 40
11:54:58.506807 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 25, length 40
11:54:58.506810 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 26, length 40
^C
52 packets captured
52 packets received by filter
0 packets dropped by kernel











/dev/pts/2
11:55:58




$sudo traceroute -n -I -q1 crimea-board.info


traceroute to crimea-board.info (193.238.109.9), 30 hops max, 60 byte packets
 1  192.168.15.254  0.629 ms
 2  10.0.35.1  0.196 ms
 3  192.168.70.1  6.113 ms
 4  194.150.93.65  13.797 ms
 5  194.150.92.14  21.013 ms
 6  217.27.155.29  20.863 ms
 7  195.35.65.57  20.708 ms
 8  195.3.245.137  28.933 ms
 9  193.238.110.93  28.882 ms
10  193.238.109.57  38.319 ms
11  193.238.109.9  38.118 ms











/dev/pts/4
11:56:00




#tcpdump -i eth0 -n icmp | grep excee





tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:56:15.221903 IP 10.0.35.1 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.222105 IP 192.168.15.254 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.227901 IP 192.168.70.1 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.235685 IP 194.150.93.65 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.242988 IP 195.35.65.57 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.243034 IP 217.27.155.29 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.243041 IP 194.150.92.14 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.251312 IP 195.3.245.137 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.251345 IP 193.238.110.93 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.260853 IP 193.238.109.57 > 192.168.15.3: ICMP time exceeded in-transit, length 36
^C50 packets captured
50 packets received by filter
0 packets dropped by kernel











/dev/pts/2
11:56:15




$sudo which tcpd


[sudo] password for user:
/usr/sbin/tcpd











/dev/pts/4
11:57:40




#сÑcat /etc/services


hkp             11371/udp                       # OpenPGP HTTP Keyserver
bprd            13720/tcp                       # VERITAS NetBackup
bprd            13720/udp
bpdbm           13721/tcp                       # VERITAS NetBackup
bpdbm           13721/udp
bpjava-msvc     13722/tcp                       # BP Java MSVC Protocol
bpjava-msvc     13722/udp
vnetd           13724/tcp                       # Veritas Network Utility
vnetd           13724/udp
bpcd            13782/tcp                       # VERITAS NetBackup
...
vboxd           20012/tcp                       # voice box system
vboxd           20012/udp
binkp           24554/tcp                       # binkp fidonet protocol
asp             27374/tcp                       # Address Search Protocol
asp             27374/udp
csync2          30865/tcp                       # cluster synchronization tool
dircproxy       57000/tcp                       # Detachable IRC Proxy
tfido           60177/tcp                       # fidonet EMSI over telnet
fido            60179/tcp                       # fidonet EMSI over TCP
# Local services











12:00:01




#netstat -lnp


Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
tcp6       0      0 :::22                   :::*                    LISTEN      2359/sshd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2087/portmap
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
...
unix  2      [ ACC ]     STREAM     LISTENING     7910     2907/ssh-agent      /tmp/ssh-ILQqgD2864/agent.2864
unix  2      [ ACC ]     STREAM     LISTENING     7960     2864/x-session-mana /tmp/.ICE-unix/2864
unix  2      [ ACC ]     STREAM     LISTENING     9251     3514/gconfd-2       /tmp/orbit-user/linc-dba-0-77498d5d5146b
unix  2      [ ACC ]     STREAM     LISTENING     9265     3511/notification-d /tmp/orbit-user/linc-db7-0-666bc305bec7
unix  2      [ ACC ]     STREAM     LISTENING     9362     3537/firefox-bin    /tmp/orbit-user/linc-dd1-0-1d74f3283a780
unix  2      [ ACC ]     STREAM     LISTENING     6581     2338/syslog-ng      /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     6605     2348/dbus-daemon    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     7959     2864/x-session-mana @/tmp/.ICE-unix/2864
unix  2      [ ACC ]     STREAM     LISTENING     7460     2758/gdm            /var/run/gdm_socket
unix  2      [ ACC ]     STREAM     LISTENING     6890     2636/lpd            /dev/printer











12:01:05




#netstat -lnp | grep [tu]cp


tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
tcp6       0      0 :::22                   :::*                    LISTEN      2359/sshd











12:01:27




#netstat -lnp | grep [tu][cd]p


tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
tcp6       0      0 :::22                   :::*                    LISTEN      2359/sshd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2087/portmap











12:01:45




#netstat -lnp -A inet


Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2087/portmap











12:02:14




#пкgrep -v ^# /etc/inetd.conf


9999            stream  tcp     nowait  approx  /usr/sbin/approx











12:10:52




#~


# Lines starting with "#:LABEL:" or "#<off>#" should not
# be changed unless you know what you are doing!
#
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
#
# Packages should modify this file by using update-inetd(8)
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
...
~
~
~
~
~
~
~
~
~
"/etc/inetd.conf" 41L, 1198C written











/dev/pts/2
12:12:31




$iptables --help





bash: iptables: command not found











/dev/pts/4
12:13:19




#vi /etc/host













12:13:19




#vi /etc/host













12:13:19




#vi /etc/hosts.allow










12:14:13




#vi /etc/hosts.deny










12:15:25




#vi /etc/hosts.allow










12:16:07




#pkill -HUP inetd












12:16:21




#nc 127.0.0.1 55












12:16:36




#pkill -HUP inetd












12:16:45




#vi /etc/inetd.conf










12:17:42




#echo 2+2 | nc 127.0.0.1 55


bash: echo: write error: Broken pipe











12:18:02




#nc --help





nc: invalid option -- '-'
nc -h for help











12:18:13




#nc -h


[v1.10-38]
connect to somewhere:   nc [-options] hostname port[s] [ports] ...
listen for inbound:     nc -l -p port [-options] [hostname] [port]
options:
        -c shell commands       as `-e'; use /bin/sh to exec [dangerous!!]
        -e filename             program to exec after connect [dangerous!!]
        -b                      allow broadcasts
        -g gateway              source-routing hop point[s], up to 8
        -G num                  source-routing pointer: 4, 8, 12, ...
        -h                      this cruft
...
        -q secs                 quit after EOF on stdin and delay of secs
        -s addr                 local source address
        -T tos                  set Type Of Service
        -t                      answer TELNET negotiation
        -u                      UDP mode
        -v                      verbose [use twice to be more verbose]
        -w secs                 timeout for connects and final net reads
        -z                      zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').











12:23:46




#which bc


/usr/bin/bc











12:25:46




#echo 2+2 | nc 127.0.0.1 55





4
^C











12:25:58




#echo 2+2 | nc 127.0.0.1 56












12:26:05




#nmap





bash: nmap: command not found











12:26:24




#apt-get install nmap


Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  portmap
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  nmap
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 1072kB of archives.
After this operation, 3801kB of additional disk space will be used.
Get:1 http://127.0.0.1 sid/main nmap 4.68-1 [1072kB]
Fetched 1072kB in 0s (3765kB/s)
Selecting previously deselected package nmap.
(Reading database ... 55519 files and directories currently installed.)
Unpacking nmap (from .../archives/nmap_4.68-1_i386.deb) ...
Processing triggers for man-db ...
Setting up nmap (4.68-1) ...











12:26:52




#nmap -p 3000-3005 10.0.35.100


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:27 EEST
Interesting ports on 10.0.35.100:
PORT     STATE  SERVICE
3000/tcp closed ppp
3001/tcp closed nessus
3002/tcp open   unknown
3003/tcp closed unknown
3004/tcp closed unknown
3005/tcp closed deslogin
Nmap done: 1 IP address (1 host up) scanned in 0.176 seconds











12:27:27




#nmap -p 1-5000 10.0.35.100


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:27 EEST
Interesting ports on 10.0.35.100:
Not shown: 4997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 0.514 seconds











12:27:43




#nmap -p 1-5005 10.0.35.100


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:27 EEST
Interesting ports on 10.0.35.100:
Not shown: 5002 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 0.529 seconds











12:27:54




#nmap -p 7-5005 10.0.35.100


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:28 EEST
Interesting ports on 10.0.35.100:
Not shown: 4996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 0.521 seconds











12:28:25




#nmap --help


Nmap 4.68 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
...
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sP 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -PN -p 80
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES











12:31:02




#nmap -p1-10000 -sS 10.0.35.100


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:31 EEST
Interesting ports on 10.0.35.100:
Not shown: 9996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
9999/tcp open  abyss
Nmap done: 1 IP address (1 host up) scanned in 1.930 seconds











12:40:35




#!pki


pkill -HUP inetd











12:41:22




#vi /etc/inetd.conf










12:41:58




#iptables --v -list





iptables v1.4.3.2: unknown option `--v'
Try `iptables -h' or 'iptables --help' for more information.











12:48:45




#iptables -v --list


Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination











12:48:56




#iptables -t filter -A tcp src 192.168.102.2 -J reject with tcp-reset





Bad argument `src'
Try `iptables -h' or 'iptables --help' for more information.











12:52:31




#iptables -t filter -A tcp source 192.168.102.2 -j REJECT with tcp-reset





Bad argument `source'
Try `iptables -h' or 'iptables --help' for more information.











12:53:24




#iptables -t filter -A -p tcp source 192.168.102.2 -j REJECT with tcp-reset





Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/2
12:54:06




$sudo iptables --help


[sudo] password for user:
Sorry, try again.
[sudo] password for user:
iptables v1.4.3.2
Usage: iptables -[AD] chain rule-specification [options]
       iptables -I chain [rulenum] rule-specification [options]
       iptables -R chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LS] [chain [rulenum]] [options]
       iptables -[FZ] [chain] [options]
...
[!] --out-interface -o output name[+]
                                network interface name ([+] for wildcard)
  --table       -t table        table to manipulate (default: `filter')
  --verbose     -v              verbose mode
  --line-numbers                print line numbers when listing
  --exact       -x              expand numbers (display exact values)
[!] --fragment  -f              match second or further fragments only
  --modprobe=<command>          try to insert modules using this command
  --set-counters PKTS BYTES     set the counter during insert/append
[!] --version   -V              print package version.









Статистика
Время первой команды журнала10:21:37 2009- 6- 2
Время последней команды журнала12:54:06 2009- 6- 2
Количество командных строк в журнале101
Процент команд с ненулевым кодом завершения, % 9.90
Процент синтаксически неверно набранных команд, % 3.96
Суммарное время работы с терминалом *, час 2.54
Количество командных строк в единицу времени, команда/мин 0.66
Частота использования команд
tcpdump10|========|  8.33%
mii-tool9|=======|  7.50%
sudo9|=======|  7.50%
vi8|======|  6.67%
traceroute7|=====|  5.83%
nmap7|=====|  5.83%
iptables7|=====|  5.83%
grep7|=====|  5.83%
ping6|=====|  5.00%
nc6|=====|  5.00%
ethtool5|====|  4.17%
apt-file5|====|  4.17%
netstat4|===|  3.33%
apt-get4|===|  3.33%
echo3|==|  2.50%
apt-cache3|==|  2.50%
pkill2|=|  1.67%
find2|=|  1.67%
which2|=|  1.67%
dpkg1||  0.83%
tracepath1||  0.83%
ьmidiag1||  0.83%
пкgrep1||  0.83%
~1||  0.83%
mii-diag1||  0.83%
modinfo1||  0.83%
сÑcat1||  0.83%
lspci1||  0.83%
scapy1||  0.83%
mtr1||  0.83%
!pki1||  0.83%
ssh1||  0.83%
exit1||  0.83%
____
*) Интервалы неактивности длительностью 30 минут и более не учитываются
Справка
    Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
    
    
  1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
    2. 
    
  2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
    3. 
    
  3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

    

    


    $ l s-l
    

    bash: l: command not found

    
    		

    

    

    
    
    4. 
    
  4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

    

    


    $ test 5 -lt 4
    

    		

    

    
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

    
    
    5. 
    
  5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

    

    


    $ find / -name abc
    

    find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

    
    		

    

    

    
    
    6. 
    
  6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

    

    


    # id
    

    uid=0(root) gid=0(root) Gruppen=0(root)

    
    		

    

    
    
    
    
    7. 
    
  7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

    

    


    $ vi ~/.bashrc
    

    2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

    		

    

    
    
    
    
    8. 
    
  8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

    

    


    $ patch ~/.bashrc
    
    		

    

    
    В данном случае изменения применяются к файлу ~/.bashrc
    
    9. 
    
  9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
    
    
    
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
    10. 
    
  10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
    11. 
    
  11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
    12. 
    
  12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
    13. 
    
  13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
    14. 
    
  14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

    $ whoami

    

    user

    

    $ #^ Интересно, кто я?

    
    в журнале это будет выглядеть так:
    

    $ whoami

    

    user

    

    

      Интересно, кто я?
     
     
    
    15. 
    
  15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

    $ whoami

    

    user

    

    $ cat > /dev/null #^ Интересно, кто я?

    

    Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

    
    В журнале это будет выглядеть так:

    

    


    $ whoami
    

    user

    

    Интересно, кто я?
    
Программа whoami выводит имя пользователя, под которым
    
мы зарегистрировались в системе.
    

    
Она не может ответить на вопрос о нашем назначении
    
в этом мире.
    

    
    		

    

    
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
    

    16. 
    
  16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
    17. 

    
  17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
    18. 

    
    
    
  18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
    19. 
    
    

    
    
    
  19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

    1
    2
3   
    4

    
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
    20. 
    
    



О программе
    

    LiLaLo (L3) расшифровывается как Live Lab Log.

    Программа разработана для повышения эффективности обучения Unix/Linux-системам.

    (c) Игорь Чубин, 2004-2008

    

$Id$