12:29:58
|
#/mnt/date
l3script: /mnt/date: Permission denied |
| /l3/users/igor-public/vncdemo/root :1 :2 :3 :4 :5 :6 |
|
|
#mkfs.ext3 image
mke2fs 1.40.6 (09-Feb-2008)
image is not a block special device.
Proceed anyway? (y,n) y
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
25688 inodes, 102400 blocks
5120 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
13 block groups
8192 blocks per group, 8192 fragments per group
1976 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 26 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
|
|
#mount -o loop image /mnt
|
|
#which date
/bin/date |
|
#cp /bin/date /mnt/
|
|
#/mnt/date
Tue Dec 16 10:29:45 UTC 2008 |
|
#mount -o remount,noexec /mnt
|
|
#/mnt/date
l3script: /mnt/date: Permission denied |
|
#/lib/ld-linux.so.2 /mnt/date
/mnt/date: error while loading shared libraries: /mnt/date: failed to map segment from shared object: Operation not permitted |
|
#vi /tmp/d
--- /dev/null 2008-12-14 14:19:20.116332575 +0000 +++ /tmp/d 2008-12-16 10:38:14.000000000 +0000 @@ -0,0 +1,19 @@ + +eth0 Link encap:Ethernet HWaddr 00:16:3e:04:02:71 + inet addr:10.0.35.71 Bcast:10.255.255.255 Mask:255.0.0.0 + inet6 addr: fe80::216:3eff:fe04:271/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX PACKETS:5132548 ERRORS:0 DROPPED:0 OVERRUNS:0 FRAME:0 + TX PACKETS:3207047 ERRORS:0 DROPPED:0 OVERRUNS:0 CARRIER:0 + collisions:0 txqueuelen:1000 + RX bytes:589230758 (561.9 MiB) TX bytes:1918627612 (1.7 GiB) + +lo Link encap:Local Loopback + inet addr:127.0.0.1 Mask:255.0.0.0 + inet6 addr: ::1/128 Scope:Host + UP LOOPBACK RUNNING MTU:16436 Metric:1 + RX packets:97 errors:0 dropped:0 overruns:0 frame:0 + TX packets:97 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:29799 (29.1 KiB) TX bytes:29799 (29.1 KiB) + |
|
#l3mass_upload /home/user/ids-network-part.png
Uploaded file name is 1159830598755099-1229415638_1229423913_ids-network-part.png Upload complete /var/www/xguru/l3shot/1159830598755099-1229415638_1229423913_ids-network-part.png  |
|
#l3mass_upload /home/user/vi.png
Uploaded file name is 1159830598755099-1229415638_1229424164_vi.png Upload complete /var/www/xguru/l3shot/1159830598755099-1229415638_1229424164_vi.png  |
|
#cd
|
|
#tcpdump -i eth0 -n arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 10:47:14.071498 arp who-has 10.0.100.49 tell 10.0.1.42 10:47:14.191055 arp who-has 10.0.10.222 tell 10.0.10.41 10:47:14.203077 arp who-has 10.0.66.1 tell 10.0.1.3 10:47:14.206540 arp who-has 10.0.81.1 tell 10.0.1.9 10:47:14.706633 arp who-has 10.0.48.1 tell 10.0.1.9 10:47:14.778989 arp who-has 10.0.49.2 tell 10.0.1.9 10:47:14.806399 arp who-has 192.168.200.213 tell 192.168.200.2 10:47:14.806983 arp who-has 192.168.200.100 tell 192.168.200.2 ... 10:47:39.864932 arp who-has 10.0.82.1 tell 10.0.1.9 10:47:40.708682 arp who-has 10.0.82.1 tell 10.0.1.9 10:47:40.860829 arp who-has 10.0.13.2 (ff:ff:ff:ff:ff:ff) tell 10.0.13.2 10:47:41.157713 arp who-has 10.0.1.5 (ff:ff:ff:ff:ff:ff) tell 10.0.1.5 10:47:41.350887 arp who-has 10.0.100.32 tell 10.0.1.9 10:47:41.562054 arp who-has 192.168.200.222 tell 192.168.200.4 10:47:41.708730 arp who-has 10.0.82.1 tell 10.0.1.9 140 packets captured 140 packets received by filter 0 packets dropped by kernel |
|
#tcpdump -i eth0 -n arp > arp.log
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 387 packets captured 387 packets received by filter 0 packets dropped by kernel |
|
#cat arp.log | sed 's/(.*)//' | less
|
|
#cat arp.log | sed 's/(.*)//' | awk '{print $6" -> "$4}' | less
|
|
#cat arp.log | sed 's/(.*)//' | awk '{print $6" -> "$4";"
-u | grep -v : | grep -v '^ -' > arp.dot |
|
#vi arp.dot
|
|
#vi arp.dot
|
|
#vi arp.dot
--- /tmp/l3-saved-7843.28084.4638 2008-12-16 10:52:35.000000000 +0000
+++ arp.dot 2008-12-16 10:52:51.000000000 +0000
@@ -1,3 +1,4 @@
+digraph G {
10x0x1x1 -> 10x0x1x44;
10x0x1x1 -> 10x0x15x1;
10x0x1x1 -> 10x0x21x1;
@@ -96,3 +97,4 @@
192x168x200x2 -> 192x168x200x213;
192x168x200x249 -> 192x168x200x222;
192x168x200x4 -> 192x168x200x222;
+}
|
|
#apt-get install graphviz
Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: python2.4-minimal python2.4 libttf2 cpp-4.2 Use 'apt-get autoremove' to remove them. The following extra packages will be installed: ttf-liberation Suggested packages: graphviz-doc ... 0 upgraded, 2 newly installed, 0 to remove and 373 not upgraded. Need to get 1408kB of archives. After this operation, 2781kB of additional disk space will be used. Do you want to continue [Y/n]? Get:1 http://10.0.35.1 sid/main graphviz 2.20.2-3 [402kB] Err http://10.0.35.1 sid/main ttf-liberation 1.04.92.dfsg-4 404 Not Found Fetched 402kB in 0s (791kB/s) Failed to fetch http://10.0.35.1:9999/debian/pool/main/t/ttf-liberation/ttf-liberation_1.04.92.dfsg-4_all.deb 404 Not Found E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? |
|
#apt-get update
Get:1 http://10.0.35.1 sid Release.gpg [189B] Get:2 http://10.0.35.1 sid Release [80.6kB] Ign http://10.0.35.1 sid/main Packages/DiffIndex Ign http://10.0.35.1 sid/main Packages Get:3 http://10.0.35.1 sid/main Packages [7407kB] Fetched 7488kB in 7s (1003kB/s) Reading package lists... Done |
|
#apt-get install graphviz
Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: python2.4-minimal python2.4 libttf2 cpp-4.2 Use 'apt-get autoremove' to remove them. The following extra packages will be installed: ttf-liberation Suggested packages: graphviz-doc ... Get:1 http://10.0.35.1 sid/main ttf-liberation 1.04.93-1 [1007kB] Fetched 1007kB in 6s (161kB/s) Selecting previously deselected package graphviz. (Reading database ... 40210 files and directories currently installed.) Unpacking graphviz (from .../graphviz_2.20.2-3_i386.deb) ... Selecting previously deselected package ttf-liberation. Unpacking ttf-liberation (from .../ttf-liberation_1.04.93-1_all.deb) ... Setting up graphviz (2.20.2-3) ... Setting up ttf-liberation (1.04.93-1) ... Updating fontconfig cache for /usr/share/fonts/truetype/ttf-liberation |
|
#less /etc/services
|
|
#neato -Tpng -o arp.png arp.dot
Warning: arp.dot:25: ambiguous "10x" splits into two names: "10" and "x" Warning: arp.dot:26: ambiguous "10x" splits into two names: "10" and "x" Warning: arp.dot:26: ambiguous "10x" splits into two names: "10" and "x" Warning: arp.dot:27: ambiguous "10x" splits into two names: "10" and "x" Warning: arp.dot:27: ambiguous "10x" splits into two names: "10" and "x" Warning: arp.dot:28: ambiguous "10x" splits into two names: "10" and "x" Warning: arp.dot:28: ambiguous "10x" splits into two names: "10" and "x" Warning: arp.dot:29: ambiguous "10x" splits into two names: "10" and "x" Warning: arp.dot:29: ambiguous "10x" splits into two names: "10" and "x" Warning: arp.dot:30: ambiguous "10x" splits into two names: "10" and "x" ... Warning: arp.dot:95: ambiguous "192x" splits into two names: "192" and "x" Warning: arp.dot:95: ambiguous "192x" splits into two names: "192" and "x" Warning: arp.dot:96: ambiguous "192x" splits into two names: "192" and "x" Warning: arp.dot:96: ambiguous "192x" splits into two names: "192" and "x" Warning: arp.dot:97: ambiguous "192x" splits into two names: "192" and "x" Warning: arp.dot:97: ambiguous "192x" splits into two names: "192" and "x" Warning: arp.dot:98: ambiguous "192x" splits into two names: "192" and "x" Warning: arp.dot:98: ambiguous "192x" splits into two names: "192" and "x" Warning: arp.dot:99: ambiguous "192x" splits into two names: "192" and "x" Warning: arp.dot:99: ambiguous "192x" splits into two names: "192" and "x" |
|
#vi arp.dot
--- /tmp/l3-saved-7843.9156.23039 2008-12-16 10:57:28.000000000 +0000
+++ arp.dot 2008-12-16 10:58:29.000000000 +0000
@@ -1,100 +1,100 @@
digraph G {
-10x0x1x1 -> 10x0x1x44;
-10x0x1x1 -> 10x0x15x1;
-10x0x1x1 -> 10x0x21x1;
-10x0x1x1 -> 10x0x54x1;
-10x0x1x1 -> 10x0x63x1;
-10x0x1x121 -> 10x0x1x9;
-10x0x1x123 -> 10x0x1x4;
-10x0x1x123 -> 10x0x1x7;
-10x0x1x123 -> 10x0x18x1;
-10x0x1x124 -> 10x0x1x4;
-10x0x1x124 -> 10x0x100x1;
-10x0x1x2 -> 10x0x1x6;
-10x0x1x3 -> 10x0x1x6;
-10x0x1x3 -> 10x0x19x1;
-10x0x1x3 -> 10x0x38x2;
-10x0x1x3 -> 10x0x42x1;
-10x0x1x3 -> 10x0x53x1;
-10x0x1x3 -> 10x0x83x1;
-10x0x1x4 -> 10x0x1x6;
-10x0x1x4 -> 10x0x15x1;
-10x0x1x4 -> 10x0x21x1;
-10x0x1x4 -> 10x0x73x1;
-10x0x1x4 -> 10x0x83x1;
-10x0x1x42 -> 10x0x1x6;
-10x0x1x42 -> 10x0x31x1;
-10x0x1x42 -> 10x0x54x1;
-10x0x1x42 -> 10x0x78x1;
-10x0x1x5 -> 10x0x1x5;
-10x0x1x7 -> 10x0x1x44;
-10x0x1x7 -> 10x0x100x49;
-10x0x1x7 -> 10x0x27x1;
-10x0x1x9 -> 10x0x1x1;
-10x0x1x9 -> 10x0x1x2;
-10x0x1x9 -> 10x0x1x3;
-10x0x1x9 -> 10x0x1x4;
-10x0x1x9 -> 10x0x1x86;
-10x0x1x9 -> 10x0x100x32;
-10x0x1x9 -> 10x0x100x41;
-10x0x1x9 -> 10x0x14x170;
-10x0x1x9 -> 10x0x14x171;
-10x0x1x9 -> 10x0x14x1;
-10x0x1x9 -> 10x0x15x1;
-10x0x1x9 -> 10x0x18x1;
-10x0x1x9 -> 10x0x20x1;
-10x0x1x9 -> 10x0x28x2;
-10x0x1x9 -> 10x0x45x1;
-10x0x1x9 -> 10x0x48x1;
-10x0x1x9 -> 10x0x49x2;
-10x0x1x9 -> 10x0x56x1;
-10x0x1x9 -> 10x0x64x1;
-10x0x1x9 -> 10x0x81x1;
-10x0x1x9 -> 10x0x82x1;
-10x0x10x21 -> 10x0x10x222;
-10x0x10x22 -> 10x0x1x1;
-10x0x10x23 -> 10x0x10x222;
-10x0x10x28 -> 10x0x10x222;
-10x0x10x31 -> 10x0x1x1;
-10x0x10x33 -> 10x0x1x1;
-10x0x10x38 -> 10x0x1x1;
-10x0x10x43 -> 10x0x10x222;
-10x0x10x47 -> 10x0x10x222;
-10x0x10x80 -> 10x0x1x1;
-10x0x10x80 -> 10x0x1x4;
-10x0x10x80 -> 10x0x1x7;
-10x0x10x80 -> 10x0x10x222;
-10x0x10x80 -> 10x0x10x80;
-10x0x100x1 -> 10x0x1x124;
-10x0x100x30 -> 10x0x1x3;
-10x0x100x30 -> 10x0x1x4;
-10x0x100x30 -> 10x0x2x1;
-10x0x100x8 -> 10x0x1x1;
-10x0x13x2 -> 10x0x13x2;
-10x0x14x1 -> 10x0x1x42;
-10x0x14x1 -> 10x0x1x9;
-10x0x14x1 -> 10x0x2x1;
-10x0x14x170 -> 10x0x1x9;
-10x0x14x171 -> 10x0x1x4;
-10x0x14x171 -> 10x0x1x9;
-10x0x18x1 -> 10x0x1x123;
-10x0x18x1 -> 10x0x1x7;
-10x0x18x1 -> 10x0x1x9;
-10x0x2x1 -> 10x0x59x1;
-10x0x2x1 -> 10x0x75x1;
-10x0x2x2 -> 10x0x30x1;
-10x0x2x2 -> 10x0x47x1;
-10x0x2x2 -> 10x0x59x1;
-10x0x20x1 -> 10x0x1x9;
-10x0x28x6 -> 10x0x28x9;
-10x0x28x6 -> 10x0x83x1;
-10x0x35x1 -> 10x0x35x71;
-10x0x35x61 -> 10x0x35x1;
-10x0x35x71 -> 10x0x1x7;
-10x0x54x1 -> 10x0x1x2;
-192x168x200x150 -> 192x168x200x222;
-192x168x200x2 -> 192x168x200x100;
-192x168x200x2 -> 192x168x200x213;
-192x168x200x249 -> 192x168x200x222;
-192x168x200x4 -> 192x168x200x222;
+x10x0x1x1 -> x10x0x1x44;
+x10x0x1x1 -> x10x0x15x1;
+x10x0x1x1 -> x10x0x21x1;
+x10x0x1x1 -> x10x0x54x1;
+x10x0x1x1 -> x10x0x63x1;
+x10x0x1x121 -> x10x0x1x9;
+x10x0x1x123 -> x10x0x1x4;
+x10x0x1x123 -> x10x0x1x7;
+x10x0x1x123 -> x10x0x18x1;
+x10x0x1x124 -> x10x0x1x4;
+x10x0x1x124 -> x10x0x100x1;
+x10x0x1x2 -> x10x0x1x6;
+x10x0x1x3 -> x10x0x1x6;
+x10x0x1x3 -> x10x0x19x1;
+x10x0x1x3 -> x10x0x38x2;
+x10x0x1x3 -> x10x0x42x1;
+x10x0x1x3 -> x10x0x53x1;
+x10x0x1x3 -> x10x0x83x1;
+x10x0x1x4 -> x10x0x1x6;
+x10x0x1x4 -> x10x0x15x1;
+x10x0x1x4 -> x10x0x21x1;
+x10x0x1x4 -> x10x0x73x1;
+x10x0x1x4 -> x10x0x83x1;
+x10x0x1x42 -> x10x0x1x6;
+x10x0x1x42 -> x10x0x31x1;
+x10x0x1x42 -> x10x0x54x1;
+x10x0x1x42 -> x10x0x78x1;
+x10x0x1x5 -> x10x0x1x5;
+x10x0x1x7 -> x10x0x1x44;
+x10x0x1x7 -> x10x0x100x49;
+x10x0x1x7 -> x10x0x27x1;
+x10x0x1x9 -> x10x0x1x1;
+x10x0x1x9 -> x10x0x1x2;
+x10x0x1x9 -> x10x0x1x3;
+x10x0x1x9 -> x10x0x1x4;
+x10x0x1x9 -> x10x0x1x86;
+x10x0x1x9 -> x10x0x100x32;
+x10x0x1x9 -> x10x0x100x41;
+x10x0x1x9 -> x10x0x14x170;
+x10x0x1x9 -> x10x0x14x171;
+x10x0x1x9 -> x10x0x14x1;
+x10x0x1x9 -> x10x0x15x1;
+x10x0x1x9 -> x10x0x18x1;
+x10x0x1x9 -> x10x0x20x1;
+x10x0x1x9 -> x10x0x28x2;
+x10x0x1x9 -> x10x0x45x1;
+x10x0x1x9 -> x10x0x48x1;
+x10x0x1x9 -> x10x0x49x2;
+x10x0x1x9 -> x10x0x56x1;
+x10x0x1x9 -> x10x0x64x1;
+x10x0x1x9 -> x10x0x81x1;
+x10x0x1x9 -> x10x0x82x1;
+x10x0x10x21 -> x10x0x10x222;
+x10x0x10x22 -> x10x0x1x1;
+x10x0x10x23 -> x10x0x10x222;
+x10x0x10x28 -> x10x0x10x222;
+x10x0x10x31 -> x10x0x1x1;
+x10x0x10x33 -> x10x0x1x1;
+x10x0x10x38 -> x10x0x1x1;
+x10x0x10x43 -> x10x0x10x222;
+x10x0x10x47 -> x10x0x10x222;
+x10x0x10x80 -> x10x0x1x1;
+x10x0x10x80 -> x10x0x1x4;
+x10x0x10x80 -> x10x0x1x7;
+x10x0x10x80 -> x10x0x10x222;
+x10x0x10x80 -> x10x0x10x80;
+x10x0x100x1 -> x10x0x1x124;
+x10x0x100x30 -> x10x0x1x3;
+x10x0x100x30 -> x10x0x1x4;
+x10x0x100x30 -> x10x0x2x1;
+x10x0x100x8 -> x10x0x1x1;
+x10x0x13x2 -> x10x0x13x2;
+x10x0x14x1 -> x10x0x1x42;
+x10x0x14x1 -> x10x0x1x9;
+x10x0x14x1 -> x10x0x2x1;
+x10x0x14x170 -> x10x0x1x9;
+x10x0x14x171 -> x10x0x1x4;
+x10x0x14x171 -> x10x0x1x9;
+x10x0x18x1 -> x10x0x1x123;
+x10x0x18x1 -> x10x0x1x7;
+x10x0x18x1 -> x10x0x1x9;
+x10x0x2x1 -> x10x0x59x1;
+x10x0x2x1 -> x10x0x75x1;
+x10x0x2x2 -> x10x0x30x1;
+x10x0x2x2 -> x10x0x47x1;
+x10x0x2x2 -> x10x0x59x1;
+x10x0x20x1 -> x10x0x1x9;
+x10x0x28x6 -> x10x0x28x9;
+x10x0x28x6 -> x10x0x83x1;
+x10x0x35x1 -> x10x0x35x71;
+x10x0x35x61 -> x10x0x35x1;
+x10x0x35x71 -> x10x0x1x7;
+x10x0x54x1 -> x10x0x1x2;
+x192x168x200x150 -> x192x168x200x222;
+x192x168x200x2 -> x192x168x200x100;
+x192x168x200x2 -> x192x168x200x213;
+x192x168x200x249 -> x192x168x200x222;
+x192x168x200x4 -> x192x168x200x222;
}
|
|
#neato -Tpng -o arp.png arp.dot
|
|
#gqview arp.png
(gqview:31723): Gtk-WARNING **: cannot open display: |
|
#neato -Tpng -o /home/user/arp.png arp.dot
|
|
#vi arp.dot
--- /tmp/l3-saved-7843.3353.19155 2008-12-16 10:59:42.000000000 +0000
+++ arp.dot 2008-12-16 10:59:51.000000000 +0000
@@ -1,4 +1,5 @@
digraph G {
+edge [len=2];
x10x0x1x1 -> x10x0x1x44;
x10x0x1x1 -> x10x0x15x1;
x10x0x1x1 -> x10x0x21x1;
|
|
#neato -Tpng -o /home/user/arp.png arp.dot
|
|
#l3mass_upload /home/user/arp.png
Uploaded file name is 1159830598755099-1229415638_1229425381_arp.png Upload complete /var/www/xguru/l3shot/1159830598755099-1229415638_1229425381_arp.png  |
|
#apt-cache dotty syslog-ng > /tmp/syslog.dot
|
|
#dot -Tpng -o /home/user/syslog-deps.png /tmp/syslog.dot
|
|
#l3mass_upload /home/user/syslog-deps.png
Uploaded file name is 1159830598755099-1229415638_1229425519_syslog-deps.png Upload complete /var/www/xguru/l3shot/1159830598755099-1229415638_1229425519_syslog-deps.png  |
|
#date
Tue Dec 16 11:12:13 UTC 2008 |
|
#neato -Tpng -o /home/user/syslog-deps.png /tmp/syslog.dot
|
|
#vi /tmp/syslog.dot
--- /tmp/l3-saved-7843.32182.13462 2008-12-16 11:13:23.000000000 +0000
+++ /tmp/syslog.dot 2008-12-16 11:13:35.000000000 +0000
@@ -1,4 +1,5 @@
digraph packages {
+edge[len=1];
concentrate=true;
size="30,40";
"syslog-ng" -> "libc6";
|
|
#neato -Tpng -o /home/user/syslog-deps.png /tmp/syslog.dot
|
|
#vi /tmp/syslog.dot
--- /tmp/l3-saved-7843.27870.9497 2008-12-16 11:13:52.000000000 +0000
+++ /tmp/syslog.dot 2008-12-16 11:14:00.000000000 +0000
@@ -1,5 +1,5 @@
digraph packages {
-edge[len=1];
+edge[len=2];
concentrate=true;
size="30,40";
"syslog-ng" -> "libc6";
|
|
#neato -Tpng -o /home/user/syslog-deps.png /tmp/syslog.dot
|
|
#l3mass_upload /home/user/syslog-deps.png
Uploaded file name is 1159830598755099-1229415638_1229426147_syslog-deps.png Upload complete /var/www/xguru/l3shot/1159830598755099-1229415638_1229426147_syslog-deps.png  |
|
#date
Tue Dec 16 11:15:52 UTC 2008 |
|
#ls /
bin dev home lib media opt root selinux sys usr boot etc initrd lost+found mnt proc sbin srv tmp var |
|
#ls /home/user/
Desktop one-server-for-one-service.xcf syslog-deps.png akula.xcf osdn2008-xen-drbd-chubin syslog-ng.png arp.png osdn2008-xen-drbd-chubin.tar.bz2 syslog.xcf flower.png rmrf.png upload_xcf gnu-screen.xcf spasibo.png uploaded ids-network-part.png start.xcf vi.png ids-network-part.xcf suid.png |
|
#uptime
12:19:07 up 1:01, 2 users, load average: 0.04, 0.01, 0.00 |
|
#atq
|
|
#apt-cache search arping
arping - sends IP and/or ARP pings (to the MAC address) gtkmorph - Digital image warp and morph (gtk) gtkmorph-example - digital image warp and morph, examples iputils-arping - Tool to send ICMP echo requests to an ARP address libmorph - digital image warping library libmorph-dev - digital image warping library (development files) python-scapy - Packet generator/sniffer and network scanner/discovery xmorph - digital image warp and morph (x11) |
|
#apt-get install arping
Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: python2.4-minimal python2.4 libttf2 cpp-4.2 Use 'apt-get autoremove' to remove them. The following extra packages will be installed: libnet1 The following NEW packages will be installed: arping libnet1 ... Get:1 http://10.0.35.1 sid/main libnet1 1.1.2.1-4 [55.4kB] Get:2 http://10.0.35.1 sid/main arping 2.08-1 [23.4kB] Fetched 78.8kB in 0s (1202kB/s) Selecting previously deselected package libnet1. (Reading database ... 40299 files and directories currently installed.) Unpacking libnet1 (from .../libnet1_1.1.2.1-4_i386.deb) ... Selecting previously deselected package arping. Unpacking arping (from .../arping_2.08-1_i386.deb) ... Setting up libnet1 (1.1.2.1-4) ... Setting up arping (2.08-1) ... |
|
#arping 10.0.35.1
ARPING 10.0.35.1 42 bytes from 00:16:3e:04:00:01 (10.0.35.1): index=0 time=120.163 usec 42 bytes from 00:16:3e:04:00:01 (10.0.35.1): index=1 time=180.006 usec --- 10.0.35.1 statistics --- 2 packets transmitted, 2 packets received, 0% unanswered |
|
#arping 10.0.35.2
ARPING 10.0.35.2 --- 10.0.35.2 statistics --- 2 packets transmitted, 0 packets received, 100% unanswered |
|
#arping 10.0.35.3
ARPING 10.0.35.3 --- 10.0.35.3 statistics --- 2 packets transmitted, 0 packets received, 100% unanswered |
|
#arping 10.0.35.4
ARPING 10.0.35.4 --- 10.0.35.4 statistics --- 2 packets transmitted, 0 packets received, 100% unanswered |
|
#arping 10.0.35.10
ARPING 10.0.35.10 42 bytes from 00:16:3e:04:00:02 (10.0.35.10): index=0 time=190.020 usec 42 bytes from 00:16:3e:04:00:02 (10.0.35.10): index=1 time=185.966 usec --- 10.0.35.10 statistics --- 2 packets transmitted, 2 packets received, 0% unanswered |
|
#man arping
|
|
#for i in {1..255}
> do > arping -c1 10.0.35.$i >& /dev/null && echo 10.0.35.$i > done 10.0.35.1 10.0.35.9 10.0.35.10 10.0.35.15 10.0.35.16 10.0.35.61 10.0.35.62 10.0.35.63 10.0.35.64 10.0.35.111 [1]+ Stopped arping -c1 10.0.35.$i >&/dev/null |
|
#kill %1
[1]+ Terminated arping -c1 10.0.35.$i >&/dev/null |
|
#10.0.35.201
[133] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [138] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [142] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [143] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [144] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [145] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [146] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [147] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [148] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [149] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i ... [246] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [247] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [248] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [249] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [250] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [251] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [252] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [253] Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [254]- Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i [255]+ Exit 1 arping -c1 10.0.35.$i >&/dev/null && echo 10.0.35.$i |
|
#ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:16:3e:04:02:71
inet addr:10.0.35.71 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::216:3eff:fe04:271/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:153745 errors:0 dropped:0 overruns:0 frame:0
TX packets:94557 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13780593 (13.1 MiB) TX bytes:224958114 (214.5 MiB)
|
|
#arp -an
? (10.0.1.7) at 00:18:71:79:F8:9A [ether] on eth0 ? (10.0.35.62) at 00:16:35:7D:81:EE [ether] on eth0 ? (10.0.35.15) at 00:22:64:34:33:56 [ether] on eth0 ? (10.0.35.61) at 00:14:C2:05:A2:0E [ether] on eth0 ? (10.0.35.64) at 00:14:C2:05:A3:38 [ether] on eth0 ? (10.0.35.1) at 00:16:3E:04:00:01 [ether] on eth0 ? (10.0.35.63) at 00:14:C2:05:A2:60 [ether] on eth0 |
|
#apt-get install bridge-utils
Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: python2.4-minimal python2.4 libttf2 cpp-4.2 Use 'apt-get autoremove' to remove them. The following NEW packages will be installed: bridge-utils 0 upgraded, 1 newly installed, 0 to remove and 376 not upgraded. Need to get 31.2kB of archives. After this operation, 111kB of additional disk space will be used. Get:1 http://10.0.35.1 sid/main bridge-utils 1.4-5 [31.2kB] Fetched 31.2kB in 0s (394kB/s) Selecting previously deselected package bridge-utils. (Reading database ... 40320 files and directories currently installed.) Unpacking bridge-utils (from .../bridge-utils_1.4-5_i386.deb) ... Setting up bridge-utils (1.4-5) ... |
|
#brctl addbr br0
|
|
#brctl addif br0 eth0
|
|
#brctl addif br0 eth1
|
|
## http://xgu.ru/wiki/Linux_Bridge
|
|
## http://xgu.ru/wiki/Linux_Bonding
|
|
#l3mass_upload /home/user/yersinia.png
Uploaded file name is 17833602743910090-1229429917_1229432008_yersinia.png Upload complete /var/www/xguru/l3shot/17833602743910090-1229429917_1229432008_yersinia.png  |
|
#date
Tue Dec 16 12:53:57 UTC 2008 |
|
#date
Tue Dec 16 12:54:08 UTC 2008 |
|
#passwd
.ICEauthority .gimp-2.4/ .recently-used.xbel .Xauthority .gnome2/ .ssh/ .adobe/ .gqview/ .thumbnails/ .bash_history .hushlogin .vlc/ .bash_profile .java/ .vnc/ .bashrc .l3rc .wireshark/ .cache/ .lesshst .xsession-errors .config/ .lilalo/ Desktop/ .dbus/ .local/ arp.dot .dmrc .macromedia/ arp.log .gconf/ .mozilla/ arp.png .gconfd/ .profile pic1.xcf |
|
#. /etc/bash_completion.d/
l3script: .: /etc/bash_completion.d/: is a directory |
|
#vi /etc/apt/sources.list
--- /tmp/l3-saved-1801.16321.21948 2008-12-16 12:57:07.000000000 +0000 +++ /etc/apt/sources.list 2008-12-16 12:57:17.000000000 +0000 @@ -1,2 +1,3 @@ #deb http://debian.org.ua/debian sid main deb http://10.0.35.1:9999/debian sid main +deb http://10.0.35.1:9999/debian etch main |
|
#apt-get update
0% [Working] Hit http://10.0.35.1 sid Release.gpg Get:1 http://10.0.35.1 etch Release.gpg [386B] Hit http://10.0.35.1 sid Release Get:2 http://10.0.35.1 etch Release [58.2kB] Ign http://10.0.35.1 sid/main Packages/DiffIndex Ign http://10.0.35.1 etch/main Packages Ign http://10.0.35.1 sid/main Packages Get:3 http://10.0.35.1 etch/main Packages [5624kB] Hit http://10.0.35.1 sid/main Packages Fetched 5683kB in 6s (878kB/s) Reading package lists... Done |
|
#apt-get install bash-completion
Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: python2.4-minimal python2.4 libttf2 cpp-4.2 Use 'apt-get autoremove' to remove them. The following NEW packages will be installed: bash-completion 0 upgraded, 1 newly installed, 0 to remove and 376 not upgraded. Need to get 89.2kB of archives. After this operation, 459kB of additional disk space will be used. Get:1 http://10.0.35.1 sid/main bash-completion 20080705 [89.2kB] Fetched 89.2kB in 0s (1465kB/s) Selecting previously deselected package bash-completion. (Reading database ... 40344 files and directories currently installed.) Unpacking bash-completion (from .../bash-completion_20080705_all.deb) ... Setting up bash-completion (20080705) ... |
|
#. /etc/bash_completion
|
|
#vi /root/.bashrc
--- /tmp/l3-saved-1801.31462.26682 2008-12-16 12:58:32.000000000 +0000 +++ /root/.bashrc 2008-12-16 12:58:39.000000000 +0000 @@ -17,5 +17,6 @@ #screen -x || screen +. ~/.bashrc [ $0 == l3script ] && . /root/.lilalo/l3bashrc && _l3_start |
|
#modprobe bonding
|
|
#ifconfig -a | less
|
|
#apt-cache search linux bonding
|
|
#apt-cache search bonding
ifenslave - Attach and detach slave interfaces to a bonding device ifenslave-2.6 - Attach and detach slave interfaces to a bonding device |
|
#apt-get install ifenslave
Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: python2.4-minimal python2.4 libttf2 cpp-4.2 Use 'apt-get autoremove' to remove them. The following extra packages will be installed: ifenslave-2.6 The following NEW packages will be installed: ifenslave ifenslave-2.6 ... Get:1 http://10.0.35.1 sid/main ifenslave-2.6 1.1.0-11 [12.4kB] Get:2 http://10.0.35.1 sid/main ifenslave 2 [1268B] Fetched 13.7kB in 0s (20.5kB/s) Selecting previously deselected package ifenslave-2.6. (Reading database ... 40383 files and directories currently installed.) Unpacking ifenslave-2.6 (from .../ifenslave-2.6_1.1.0-11_i386.deb) ... Selecting previously deselected package ifenslave. Unpacking ifenslave (from .../archives/ifenslave_2_all.deb) ... Setting up ifenslave-2.6 (1.1.0-11) ... Setting up ifenslave (2) ... |
|
#ifenslave
ifenslave ifenslave-2.6 |
|
#ifenslave bond0 eth0
|
|
#ifenslave
Usage: ifenslave [-f] <master-if> <slave-if> [<slave-if>...]
ifenslave -d <master-if> <slave-if> [<slave-if>...]
ifenslave -c <master-if> <slave-if>
ifenslave --help
|
|
#ifconfig eth0 noarp
noarp: Unknown host ifconfig: `--help' gives usage information. |
|
#ifconfig eth0 -arp
|
|
#ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:04:02:71
inet addr:10.0.35.71 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::216:3eff:fe04:271/64 Scope:Link
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:723708 errors:0 dropped:0 overruns:0 frame:0
TX packets:573549 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:62687704 (59.7 MiB) TX bytes:1225465392 (1.1 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3820 (3.7 KiB) TX bytes:3820 (3.7 KiB)
|
|
#ifconfig eth0 arp
|
|
#ifconfig eth0 -arp
|
|
#arp -an
? (10.0.35.61) at 00:14:C2:05:A2:0E [ether] on eth0 ? (192.168.15.5) at 00:16:3E:05:00:01 [ether] on eth0 ? (10.0.35.64) at 00:14:C2:05:A3:38 [ether] on eth0 ? (10.0.35.63) at 00:14:C2:05:A2:60 [ether] on eth0 ? (10.0.1.7) at <incomplete> on eth0 ? (10.0.35.1) at 00:16:3E:04:00:01 [ether] on eth0 ? (10.0.35.62) at 00:16:35:7D:81:EE [ether] on eth0 ? (10.0.35.15) at 00:22:64:34:33:56 [ether] on eth0 |
|
#ping 10.0.35.1
PING 10.0.35.1 (10.0.35.1) 56(84) bytes of data. 64 bytes from 10.0.35.1: icmp_seq=1 ttl=64 time=0.117 ms --- 10.0.35.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.117/0.117/0.117/0.000 ms |
|
#ping 10.0.35.61
PING 10.0.35.61 (10.0.35.61) 56(84) bytes of data. 64 bytes from 10.0.35.61: icmp_seq=1 ttl=64 time=0.241 ms 64 bytes from 10.0.35.61: icmp_seq=2 ttl=64 time=0.195 ms --- 10.0.35.61 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.195/0.218/0.241/0.023 ms |
|
#ping 10.0.35.9
PING 10.0.35.9 (10.0.35.9) 56(84) bytes of data. --- 10.0.35.9 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1005ms |
|
#ifconfig eth0 arp
|
|
#ping 10.0.35.9
PING 10.0.35.9 (10.0.35.9) 56(84) bytes of data. --- 10.0.35.9 ping statistics --- 7 packets transmitted, 0 received, 100% packet loss, time 6006ms |
|
#ping 10.0.35.9
PING 10.0.35.9 (10.0.35.9) 56(84) bytes of data. --- 10.0.35.9 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1006ms |
|
#ping 10.0.35.11
PING 10.0.35.11 (10.0.35.11) 56(84) bytes of data. --- 10.0.35.11 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1007ms |
|
#l3mass_upload /home/user/arp-spoofing.png
Uploaded file name is 17833602743910090-1229429917_1229435269_arp-spoofing.png Upload complete /var/www/xguru/l3shot/17833602743910090-1229429917_1229435269_arp-spoofing.png |
|
#nc 192.168.15.31 110
+OK QPOP (version 2.53) at fbsd1.unix.nt starting. <5136.1229428098@fbsd1.unix.nt> USER user +OK Password required for user. PASS password +OK user has 0 messages (0 octets). |
| Время первой команды журнала | 12:29:03 2008-12-16 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 15:48:19 2008-12-16 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 101 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 20.79 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 1.98 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 1.61 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 1.05 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1
2
3
4
Группы команд, выполненных на разных терминалах, разделяются специальной линией.
Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
Для того чтобы посмотреть команды только одного сенса,
нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008