Linux Cent OS Network Handy commands

 

Linux Cent OS Network Handy commands

tcp connection details:

sof -i

COMMAND   PID     USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME

ssh     15465 shgeorge    3r  IPv4 628118962      0t0  TCP 172.21.1.100:42329->sdc-f5-dmz-ltm-01-ve.aim.local:ssh (ESTABLISHED)

lsof -i :ssh

COMMAND   PID     USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME

ssh     15465 shgeorge    3r  IPv4 628118962      0t0  TCP 172.21.1.100:42329->sdc-f5-dmz-ltm-01-ve.aim.local:ssh (ESTABLISHED)

 netstat -an | grep LISTEN

tcp        0      0 192.168.100.1:53            0.0.0.0:*                   LISTEN      

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      

tcp        0      0 0.0.0.0:58811               0.0.0.0:*                   LISTEN      

tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN      

tcp        0      0 127.0.0.1:5900              0.0.0.0:*                   LISTEN      

tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      

tcp        0      0 :::22                       :::*                        LISTEN      

tcp        0      0 :::111                      :::*                        LISTEN      

tcp        0      0 :::58992                    :::*                        LISTEN      

unix  2      [ ACC ]     STREAM     LISTENING     17044  /var/lib/libvirt/qemu/sdc-securid-vm.deerfield.aim.local.monitor

unix  2      [ ACC ]     STREAM     LISTENING     221367479 /var/run/salt/minion/minion_event_942f3619a7_pull.ipc

unix  2      [ ACC ]     STREAM     LISTENING     14014  /var/run/rpcbind.sock

biggest top 10 directories

du -hs */ | sort -nr | head

biggest file

ls -lS | head

 ls -lS | head

Linux Firewall

eg. permit udp/69

iptables -D INPUT -p udp –dport 69 -j ACCEPT

# Allows connections to SSH/SFTP/SCP

-A INPUT -j ACCEPT -p tcp --dport 22

# Allow ping 

-A INPUT -p icmp -j ACCEPT

openssl

open key file 

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

search a file *.xml

find . -name *.xml

  find files bigger than 10,000 bytes

find . -size +10000c -size -50000c -print

 

 Top 10 directories

biggest top 10 directories

du -hs */ | sort -nr | head

Server Performance Using vmstat Command

vmstat -a

ZIP  a file

gzip -ztf archive.tar.gz

unzip tar file

tar:

tar -tf archive.tar

Vue Prometric online exam Tips

 

Pearson Vue Prometric online exam:

I tried to take one of the online exam offers by Vue Prometric

During the sign-in process using my Windows 10 laptop, it failed

When I tried to download the Vue software file OnVue-3.25.24.exe, anti-virus software made it an unsafe file and could not run the .exe file. I had to switch it to Macbook pro and able to run the file. Please do the following to run the file

Windows 10:

Turn off the anti-virus software, instead of click download, open the download link in another tab.

Install the .exe file

MacBook Pro

Unzip and install the file, give allow permission to run

During the Mic test, speak loudly to pass.

Also; turn on facetime, otherwise webcam won’t pass.

I had to wait 30 minutes to get the online proctor even though Vue screen says 15 Minutes.

PALO ALTO Firewall Handy Commands PAN-OS 9.1

show routing route   >> route

ping source 203.0.11.1 host 8.8.8.8  > ping a host

show system statistics application

show log system subtype equal HA    > HA

show log system subtype equal HA

Time                Severity Subtype Object EventID ID Description

===============================================================================

2016/07/01 00:24:55 info     ha             ha1-lin 0  HA1 link up

2016/07/01 00:25:12 info     ha             state-c 0  HA Group 1: Moved from state Initial to state Active-P

show system disk-space

show running resource-monitor

show system resource followsho 

show log [ system | traffic | threat ] direction equal backward –   >> log

show log system direction equal backward 

show log system severity equal critical

show log system subtype equal LACP start-time equal 2019/05/13@18:20:00   > specific date and time

show system info –provides the system’s management IP, serial number and code version

show system statistics – shows the real-time throughput on the device

show system software status – shows whether various system processes are running

show jobs processed – used to see when commits, downloads, upgrades, etc. are completed

show system disk--space-- show percent usage of disk partitions

show system logdb--quota – shows the maximum log file sizes

debug dataplane internal vif link – show management interface (eth0) counters

show system resources -- shows processes running in the management plane similar to “top” command

show running resource--monitor – used to see the resource utilization in the data plane, such as dataplane CPU utilization

NAT

show running nat--policy-- shows current NAT policy table

show running ippool-- use to see if NAT pool leak

test nat--policy--match – simulate traffic going through the device, what NAT policy will it match?

Routing

show routing route – displays the routing table

test routing fib--lookup virtual--router <VR_name> ip <IP_addr_trying_reach> -- finds which route in the routing table will be used to reach the IP address that you are testing

Policies

show running security--policy – shows the current policy set

test security--policy--match from trust to untrust destination <IP>-- simulate a packet going through the system, which policy will it match?

URL

test url <url or IP> – used to test the categorization of a URL on the FW

Agent

show pan--agent user--IDs -- used to see if the FW has pulled groups from the PANAgent

show user ip--user--mapping – used to see IP to username mappings on the FW

clear user--cache all – clears the user--ID cache

show user user-id-agent statistics

show user group name "AD\name-of-the-group"

LOG

show log [ system | traffic | threat ] direction equal backward – will take you to the end of the specified log

show log [ system | traffic | threat ] direction equal forward – will take you to beginning of the specified log

Update / Downgrade

request content upgrade install file <filename>

request content downgrade install previous –downgrade to the previous content version

License

request license info – shows the license installed on the device

IPSec

To view detailed debug information for IPSec tunneling:

          1. debug ike global on debug

          2. less mp--log ikemgr.log

TCPDUMP

tcpdump filter “src net <ip/netmask>”

tcpdump snaplen 1500 filter “src net <ip/netmask>”

view-pcap filename.pcap

VPN

show vpn flow Shows encap/decap counters

show vpn gateway Shows list of IKE gateway configurations.

show vpn ike-sa Shows IKE Phase 1 SA

show vpn ipsec-sa Shows IPSEC Phase 2 SA.

show vpn tunnel Shows list of auto-key IPSec tunnel configurations.

show log system subtype equal vpn direction equal backward

clear vpn ike-sa gateway <value>

clear vpn ipsec-sa tunnel <value>

test vpn ike-sa gateway <value>

test vpn ipsec-sa tunnel <value

System details

show system info                   //shows the uptime of the device

show system environmentals         //e.g. power supply failures

show ntp

show session info                  //packet rate, number of sessions, fastpath active, etc.

show session id <id>

show interface { all | <interface-name> }

show routing route                 //routing table (all routes)

show routing fib                   //forwarding table (only used routes)

show routing protocol <protocol> ...

show arp { all | <interface-name> }

show neighbor interface { all | <interface-name> }   //IPv6 neighbor cache

show mac all                       //only with layer 2 interfaces

show jobs all

show jobs id <id>

show running resource-monitor      //resource statistics

show system resource follow        //="top", CPU usage and processes

show system disk-space             //="df -h"

debug software restart <service>   //Restart a certain process

request restart system             //Reboot the whole device

HA

show high-availability all

show high-availability state

show high-availability link-monitoring

show high-availability path-monitoring

show high-availability control-link statistics

show high-availability state-synchronization

request high-availability state suspend

request high-availability state functional

request high-availability state peer suspend

request high-availability state peer functional

SCP

scp export log system to username@host://ip address of the server/home/username/filename

scp import software from username@host://ip address of the server/home/username/file name