Networking Analysis and Tools
a selected summary and overview
FOUND THIS COMMENT ON A WEBSITE while looking for info:
"If you're uncomfortable using the Linux command line from a terminal,
you might as well stop reading at this point or at least skip to the other applications."
Really? If you're uncomfortable at the command line and you are not working in IT, get a Mac.
If you work in IT and want a future working in IT, you'd better learn the command line.
The command line is where the power of Linux resides. Master the command line and enjoy the power.
The command line is more efficient, provides more options and is orders of magnitude faster, and scales
well, allowing a single admin to manage at least three times the number of systems as a Microsoft GUI-admin could.
Do not fear the command line. Embrace it. Cling to it. For in the command line exist the powers of root.
If you like GUIs, well... I like photographs, but I don't manage computers with them. Remember, Microsoft has made
working on computers so easy that even a 5 year can do it... and can become a Certified Microsoft Professional. Serious.
In October 2014, BBC reported that such happened in the UK. The tools offered via a GUI can be easily learned and memorized,
but those tools do not have the richness of configuration or reporting that the command line does. The GUI interface has
to be programmed, and to incorporate every option would be an immense task, well, on Linux, the commands available within
Microsoft are often limited, so a GUI does not always limit what you can do there. But in Linux you have a vast array of
options and tools and can use IPC (interprocess communication) to filter and manipulate the results.
===========================================================================
an assortment of command line networking tools for Linux
In no particular order found a variety of tools and made sure they worked.
They did not work in all distributions... YMMV.
( if some of the characters do not display properly, try to view using "Unicode" in your browser)
All of these commands may be added to your distribution using package managers.
nmap - network map - identifies computers within a specified IP range
nmap -sP 192.168.1-255
--> nmap -sP 156.293.294.195-205
Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-09 11:13 PDT
Nmap scan report for thelab-wkstnsystem (156.293.294.195)
Host is up (0.000042s latency).
Nmap scan report for 1234.somecompany.com (156.293.294.196)
Host is up (0.0029s latency).
Nmap scan report for 5678. somecompany.com (156.293.294.197)
Host is up (0.0012s latency).
Nmap scan report for 9012. somecompany.com (156.293.294.199)
Host is up (0.0012s latency).
Nmap scan report for 3456.somecompany.com (156.293.294.200)
Host is up (0.0011s latency).
Nmap done: 11 IP addresses (5 hosts up) scanned in 1.22 seconds
=======================================================================
findsmb - indentifies SMB protocols on your subnet (Samba)
--> which findsmb ## locates IP and hostnames on a subnet broadcasting Microsoft protocols
/usr/bin/findsmb
--> findsmb
*=DMB
+=LMB
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
---------------------------------------------------------------------
196.293.192.295 THE_LAB [NW] [Unix] [Samba 4.1.17-3.30.1-3375-SUSE-oS13.1-x86_64]
==========================================================================
traceroute and a lighter version - tracepath
------------------------------------------------
--> traceroute thelab-wkstn
traceroute to thelab-wkstn (199.203.247.86), 30 hops max, 60 byte packets
1 rp45-02a-v234-1.ns.cs.somecompany.com (199.203.234.2) 0.794 ms 0.789 ms 0.776 ms
2 thelab-wkstn.pnw.somecompany.com (199.203.247.86) 1.967 ms * *
---------------------------------------------------
--> tracepath
Usage: tracepath [-n] [-l ] [/]
--> tracepath the_lab
1: the_lab (196.293.192. TYPICAL TECHNICAL PROPERTIES
1: the_lab (196.293.192.25) 1.824ms reached
1: the_lab (196.293.192.25) 0.823ms reached
Resume: pmtu 1500 hops 1 back 64
------------------------------------------------
--> tracepath thelab-wkstn
1?: [LOCALHOST] pmtu 1500
1: rp45-02a-v234-1.nscs.somecompany.com 1.133ms
1: rp45-02a-v234-1.nscs.somecompany.com 1.093ms
2: thelab-wkstn.pnw.somecompany.com 2.091ms reached
Resume: pmtu 1500 hops 2 back 127
ifup, ifdown, ifcfg - interface commands
ifup eth0
ifdown eth0
ifcfg
Use ifcfg to configure a particular interface. Simply type ifcfg to get help on using this script.
For example, to change eth0 from 192.168.0.1 to 192.168.0.2 you could do:
ifcfg eth0 del 192.168.0.1
ifcfg eth0 add 192.168.0.2
The first command takes eth0 down and removes that stored IP address and the second one brings it back up with the new address.
route
route
The route command is the tool used to display or modify the routing table.
To add a gateway as the default you would type:
route add default gw 192.168.1.1
-------------------------------------------------
ethtool - an interesting tool that shows configuration, speed and related info
--> ethtool --help
ethtool version 3.10
Usage:
ethtool DEVNAME Display standard information about device
ethtool -s|--change DEVNAME Change generic options
[ speed %d ]
[ duplex half|full ]
[ port tp|aui|bnc|mii|fibre ]
[ mdix auto|on|off ]
[ autoneg on|off ]
[ advertise %x ]
[ phyad %d ]
[ xcvr internal|external ]
[ wol p|u|m|b|a|g|s|d... ]
[ sopass %x:%x:%x:%x:%x:%x ]
[ msglvl %d | msglvl type on|off ... ]
ethtool -a|--show-pause DEVNAME Show pause options
ethtool -A|--pause DEVNAME Set pause options
[ autoneg on|off ]
[ rx on|off ]
[ tx on|off ]
ethtool -c|--show-coalesce DEVNAME Show coalesce options
ethtool -C|--coalesce DEVNAME Set coalesce options
[adaptive-rx on|off]
[adaptive-tx on|off]
[rx-usecs N]
[rx-frames N]
[rx-usecs-irq N]
[rx-frames-irq N]
[tx-usecs N]
[tx-frames N]
[tx-usecs-irq N]
[tx-frames-irq N]
[stats-block-usecs N]
[pkt-rate-low N]
[rx-usecs-low N]
[rx-frames-low N]
[tx-usecs-low N]
[tx-frames-low N]
[pkt-rate-high N]
[rx-usecs-high N]
[rx-frames-high N]
[tx-usecs-high N]
[tx-frames-high N]
[sample-interval N]
ethtool -g|--show-ring DEVNAME Query RX/TX ring parameters
ethtool -G|--set-ring DEVNAME Set RX/TX ring parameters
[ rx N ]
[ rx-mini N ]
[ rx-jumbo N ]
[ tx N ]
ethtool -k|--show-features|--show-offload DEVNAME Get state of protocol offload and other features
ethtool -K|--features|--offload DEVNAME Set protocol offload and other features
FEATURE on|off ...
ethtool -i|--driver DEVNAME Show driver information
ethtool -d|--register-dump DEVNAME Do a register dump
[ raw on|off ]
[ file FILENAME ]
ethtool -e|--eeprom-dump DEVNAME Do a EEPROM dump
[ raw on|off ]
[ offset N ]
[ length N ]
ethtool -E|--change-eeprom DEVNAME Change bytes in device EEPROM
[ magic N ]
[ offset N ]
[ length N ]
[ value N ]
ethtool -r|--negotiate DEVNAME Restart N-WAY negotiation
ethtool -p|--identify DEVNAME Show visible port identification (e.g. blinking)
[ TIME-IN-SECONDS ]
ethtool -t|--test DEVNAME Execute adapter self test
[ online | offline | external_lb ]
ethtool -S|--statistics DEVNAME Show adapter statistics
ethtool -n|-u|--show-nfc|--show-ntuple DEVNAME Show Rx network flow classification options or rules
[ rx-flow-hash tcp4|udp4|ah4|esp4|sctp4|tcp6|udp6|ah6|esp6|sctp6 |
rule %d ]
ethtool -N|-U|--config-nfc|--config-ntuple DEVNAME Configure Rx network flow classification options or rules
rx-flow-hash tcp4|udp4|ah4|esp4|sctp4|tcp6|udp6|ah6|esp6|sctp6 m|v|t|s|d|f|n|r... |
flow-type ether|ip4|tcp4|udp4|sctp4|ah4|esp4
[ src %x:%x:%x:%x:%x:%x [m %x:%x:%x:%x:%x:%x] ]
[ dst %x:%x:%x:%x:%x:%x [m %x:%x:%x:%x:%x:%x] ]
[ proto %d [m %x] ]
[ src-ip %d.%d.%d.%d [m %d.%d.%d.%d] ]
[ dst-ip %d.%d.%d.%d [m %d.%d.%d.%d] ]
[ tos %d [m %x] ]
[ l4proto %d [m %x] ]
[ src-port %d [m %x] ]
[ dst-port %d [m %x] ]
[ spi %d [m %x] ]
[ vlan-etype %x [m %x] ]
[ vlan %x [m %x] ]
[ user-def %x [m %x] ]
[ dst-mac %x:%x:%x:%x:%x:%x [m %x:%x:%x:%x:%x:%x] ]
[ action %d ]
[ loc %d]] |
delete %d
ethtool -T|--show-time-stamping DEVNAME Show time stamping capabilities
ethtool -x|--show-rxfh-indir DEVNAME Show Rx flow hash indirection
ethtool -X|--set-rxfh-indir DEVNAME Set Rx flow hash indirection
equal N | weight W0 W1 ...
ethtool -f|--flash DEVNAME Flash firmware image from the specified file to a region on the device
FILENAME [ REGION-NUMBER-TO-FLASH ]
ethtool -P|--show-permaddr DEVNAME Show permanent hardware address
ethtool -w|--get-dump DEVNAME Get dump flag, data
[ data FILENAME ]
ethtool -W|--set-dump DEVNAME Set dump flag of the device
N
ethtool -l|--show-channels DEVNAME Query Channels
ethtool -L|--set-channels DEVNAME Set Channels
[ rx N ]
[ tx N ]
[ other N ]
[ combined N ]
ethtool --show-priv-flags DEVNAME Query private flags
ethtool --set-priv-flags DEVNAME Set private flags
FLAG on|off ...
ethtool -m|--dump-module-eeprom|--module-info DEVNAME Query/Decode Module EEPROM information and optical diagnostics if available
[ raw on|off ]
[ hex on|off ]
[ offset N ]
[ length N ]
ethtool --show-eee DEVNAME Show EEE settings
ethtool --set-eee DEVNAME Set EEE settings
[ eee on|off ]
[ advertise %x ]
[ tx-lpi on|off ]
[ tx-timer %d ]
ethtool -h|--help Show this help
ethtool --version Show version number
------------------------------------------------
--> ethtool enp0s25
Settings for enp0s25:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
MDI-X: on (auto)
Supports Wake-on: pumbg
Wake-on: g
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes
------------------------------------------------------------------------
netstat - a very powerful command
--> netstat --help
usage: netstat [-veenNcCF] [] -r netstat {-V|--version|-h|--help}
netstat [-vnNcaeol] [ ...]
netstat { [-veenNac] -i | [-cnNe] -M | -s }
-r, --route display routing table
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all, --listening display all sockets (default: connected)
-o, --timers display timers
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
-T, --notrim dont't trim address information
={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom --sctp
=Use '-A ' or '--'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
------------------------------------------------
--> netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 199.203.234.1 0.0.0.0 UG 0 0 0 enp0s25
199.203.234.0 0.0.0.0 255.255.254.0 U 0 0 0 enp0s25
-----------------------------------------------------------------------------------------------------
--> netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
enp0s25 1500 0 8820127 0 4075674 0 1990371 0 0 0 BMRU
lo 65536 0 138 0 0 0 138 0 0 0 LRU
------------------------------------------------------------------------------------------------------
--> netstat -s
Ip:
2339561 total packets received
312 with invalid addresses
0 forwarded
0 incoming packets discarded
2338339 incoming packets delivered
1340781 requests sent out
1092 reassemblies required
182 packets reassembled ok
Icmp:
300 ICMP messages received
24 input ICMP message failed.
InCsumErrors: 0
ICMP input histogram:
destination unreachable: 26
timeout in transit: 5
echo requests: 62
echo replies: 207
679 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 410
echo request: 207
echo replies: 62
IcmpMsg:
InType0: 207
InType3: 26
InType8: 62
InType11: 5
OutType0: 62
OutType3: 410
OutType8: 207
Tcp:
67 active connections openings
24 passive connection openings
6 failed connection attempts
2 connection resets received
4 connections established
1234218 segments received
1536244 segments send out
22 segments retransmited
0 bad segments received.
7 resets sent
InCsumErrors: 0
Udp:
611846 packets received
386 packets to unknown port received.
0 packet receive errors
397960 packets sent
RcvbufErrors: 0
SndbufErrors: 0
InCsumErrors: 0
UdpLite:
InDatagrams: 0
NoPorts: 0
InErrors: 0
OutDatagrams: 0
RcvbufErrors: 0
SndbufErrors: 0
InCsumErrors: 0
TcpExt:
ArpFilter: 0
34 TCP sockets finished time wait in fast timer
7491 delayed acks sent
4 delayed acks further delayed because of locked socket
Quick ack mode was activated 65 times
34 packets directly queued to recvmsg prequeue.
897734 packets header predicted
TCPPureAcks: 8455
TCPHPAcks: 352277
TCPRenoRecovery: 0
TCPSackRecovery: 0
TCPSACKReneging: 0
TCPFACKReorder: 0
TCPSACKReorder: 0
TCPRenoReorder: 0
TCPTSReorder: 0
TCPFullUndo: 0
TCPPartialUndo: 0
TCPDSACKUndo: 0
TCPLossUndo: 0
TCPLostRetransmit: 0
TCPRenoFailures: 0
TCPSackFailures: 0
TCPLossFailures: 0
TCPFastRetrans: 0
TCPForwardRetrans: 0
TCPSlowStartRetrans: 0
TCPTimeouts: 8
TCPLossProbes: 14
TCPLossProbeRecovery: 5
TCPRenoRecoveryFail: 0
TCPSackRecoveryFail: 0
TCPSchedulerFailed: 0
TCPRcvCollapsed: 0
TCPDSACKOldSent: 65
TCPDSACKOfoSent: 0
TCPDSACKRecv: 6
TCPDSACKOfoRecv: 0
TCPAbortOnData: 26
TCPAbortOnClose: 0
TCPAbortOnMemory: 0
TCPAbortOnTimeout: 1
TCPAbortOnLinger: 0
TCPAbortFailed: 0
TCPMemoryPressures: 0
TCPSACKDiscard: 0
TCPDSACKIgnoredOld: 0
TCPDSACKIgnoredNoUndo: 5
TCPSpuriousRTOs: 0
TCPMD5NotFound: 0
TCPMD5Unexpected: 0
TCPSackShifted: 0
TCPSackMerged: 0
TCPSackShiftFallback: 0
TCPBacklogDrop: 0
TCPMinTTLDrop: 0
TCPDeferAcceptDrop: 0
IPReversePathFilter: 0
TCPTimeWaitOverflow: 0
TCPReqQFullDoCookies: 0
TCPReqQFullDrop: 0
TCPRetransFail: 0
TCPRcvCoalesce: 39745
TCPOFOQueue: 2769
TCPOFODrop: 0
TCPOFOMerge: 0
TCPChallengeACK: 0
TCPSYNChallenge: 0
TCPFastOpenActive: 0
TCPFastOpenActiveFail: 0
TCPFastOpenPassive: 0
TCPFastOpenPassiveFail: 0
TCPFastOpenListenOverflow: 0
TCPFastOpenCookieReqd: 0
TCPSpuriousRtxHostQueues: 6
BusyPollRxPackets: 0
TCPAutoCorking: 15390
TCPFromZeroWindowAdv: 0
TCPToZeroWindowAdv: 0
TCPWantZeroWindowAdv: 0
TCPSynRetrans: 0
TCPOrigDataSent: 707932
IpExt:
InNoRoutes: 0
InTruncatedPkts: 0
InMcastPkts: 437601
OutMcastPkts: 14465
InBcastPkts: 270048
OutBcastPkts: 0
InOctets: 1025669159
OutOctets: 1006556464
InMcastOctets: 40328623
OutMcastOctets: 503235
InBcastOctets: 54899553
OutBcastOctets: 0
InCsumErrors: 0
InNoECTPkts: 2607413
InECT1Pkts: 0
InECT0Pkts: 0
InCEPkts: 0
----------------------------------------------------------------------
--> netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 164 lab-eCFD1:ssh thelab-wkstn.pnw.b:51945 ESTABLISHED
tcp 0 0 lab-eCFD1:42803 lab-ecfd2.boein:ssh ESTABLISHED
tcp 0 0 lab-eCFD1:42805 lab-ecfd2.boein:ssh ESTABLISHED
tcp 0 0 lab-eCFD1:ssh thelab-wkstn.pnw.b:52096 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 6 [ ] DGRAM 8270 /run/systemd/journal/socket
unix 29 [ ] DGRAM 8272 /dev/log
unix 2 [ ] DGRAM 21106 @/org/freedesktop/systemd1/notify/ba3bc9b401c03fc6
unix 2 [ ] DGRAM 8257 @/org/freedesktop/systemd1/notify
unix 2 [ ] DGRAM 9439 /run/systemd/shutdownd
unix 3 [ ] STREAM CONNECTED 11525621 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 357781 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 29152
unix 3 [ ] STREAM CONNECTED 29127
unix 3 [ ] STREAM CONNECTED 27271
unix 3 [ ] STREAM CONNECTED 12596 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 10532 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11649026 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 29170
unix 3 [ ] STREAM CONNECTED 21275 /var/run/xdmctl/dmctl-:0/socket
unix 3 [ ] STREAM CONNECTED 27768 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9939
unix 3 [ ] STREAM CONNECTED 10719
unix 3 [ ] STREAM CONNECTED 19793
unix 3 [ ] STREAM CONNECTED 9835 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 387494
unix 3 [ ] STREAM CONNECTED 18063
unix 3 [ ] STREAM CONNECTED 9919 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 24304 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10710 @/tmp/dbus-DeTvJFKbY1
unix 2 [ ] DGRAM 10458
unix 3 [ ] STREAM CONNECTED 29154
unix 3 [ ] STREAM CONNECTED 17991 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 22795 @/tmp/dbus-DeTvJFKbY1
unix 2 [ ] DGRAM 17705
unix 3 [ ] STREAM CONNECTED 22785 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 22794 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 18064
unix 3 [ ] STREAM CONNECTED 10026583
unix 3 [ ] STREAM CONNECTED 24032 /run/dbus/system_bus_socket
unix 3 [ ] DGRAM 1892
unix 3 [ ] STREAM CONNECTED 11646914
unix 2 [ ] DGRAM 9771
unix 3 [ ] STREAM CONNECTED 29173
unix 3 [ ] STREAM CONNECTED 28699 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 11641665
unix 3 [ ] STREAM CONNECTED 16957
unix 3 [ ] STREAM CONNECTED 26673
unix 3 [ ] STREAM CONNECTED 29158
unix 3 [ ] STREAM CONNECTED 29716 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 27737
unix 3 [ ] STREAM CONNECTED 12827 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 9745
unix 3 [ ] STREAM CONNECTED 10744 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 15434640
unix 3 [ ] STREAM CONNECTED 21234
unix 3 [ ] STREAM CONNECTED 13733
unix 3 [ ] STREAM CONNECTED 15471087 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 29161
unix 3 [ ] STREAM CONNECTED 11647528 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 12688
unix 3 [ ] STREAM CONNECTED 10600 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 18849
unix 3 [ ] STREAM CONNECTED 11584 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 27322
unix 3 [ ] STREAM CONNECTED 12500 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9961 /run/dbus/system_bus_socket
unix 2 [ ] DGRAM 15089
unix 3 [ ] STREAM CONNECTED 27750 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 24413 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 13752
unix 3 [ ] STREAM CONNECTED 9824
unix 3 [ ] STREAM CONNECTED 9918 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21120
unix 3 [ ] STREAM CONNECTED 18851
unix 3 [ ] STREAM CONNECTED 22793 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 10008
unix 3 [ ] STREAM CONNECTED 9778 @/tmp/.X11-unix/X0
unix 2 [ ] DGRAM 15669
unix 3 [ ] STREAM CONNECTED 12687
unix 3 [ ] STREAM CONNECTED 13755
unix 3 [ ] STREAM CONNECTED 24034
unix 3 [ ] STREAM CONNECTED 26675
unix 2 [ ] DGRAM 18564962
unix 3 [ ] STREAM CONNECTED 21763
unix 3 [ ] STREAM CONNECTED 25562
unix 3 [ ] STREAM CONNECTED 11542
unix 3 [ ] STREAM CONNECTED 12574
unix 3 [ ] STREAM CONNECTED 18850 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 10708 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 23988
unix 3 [ ] STREAM CONNECTED 24275
unix 3 [ ] STREAM CONNECTED 22809 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 22721
unix 3 [ ] STREAM CONNECTED 11645763 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 24274
unix 3 [ ] STREAM CONNECTED 10550 @/tmp/dbus-6njYObGL
unix 3 [ ] STREAM CONNECTED 25476 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 17844 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 13722
unix 3 [ ] STREAM CONNECTED 17818
unix 3 [ ] STREAM CONNECTED 19661
unix 3 [ ] STREAM CONNECTED 10712 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 27063
unix 3 [ ] STREAM CONNECTED 12831 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 18093 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10440
unix 3 [ ] STREAM CONNECTED 23993
unix 3 [ ] STREAM CONNECTED 11648740
unix 3 [ ] STREAM CONNECTED 12565 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 29163
unix 3 [ ] STREAM CONNECTED 22802 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 28717 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 12824 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 11646905
unix 3 [ ] STREAM CONNECTED 9934 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 25347
unix 3 [ ] STREAM CONNECTED 29719
unix 3 [ ] STREAM CONNECTED 27078 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 27743
unix 3 [ ] STREAM CONNECTED 29125
unix 3 [ ] STREAM CONNECTED 19843
unix 3 [ ] STREAM CONNECTED 27064
unix 3 [ ] STREAM CONNECTED 22699 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 19873
unix 3 [ ] STREAM CONNECTED 27072
unix 3 [ ] STREAM CONNECTED 27742
unix 3 [ ] STREAM CONNECTED 18023
unix 2 [ ] DGRAM 23989
unix 3 [ ] STREAM CONNECTED 27068 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 28693
unix 3 [ ] STREAM CONNECTED 12602 @/tmp/dbus-6njYObGL
unix 3 [ ] STREAM CONNECTED 12832 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 25513
unix 3 [ ] STREAM CONNECTED 22693
unix 3 [ ] STREAM CONNECTED 29123
unix 3 [ ] STREAM CONNECTED 22855 /run/user/1000/pulse/native
unix 3 [ ] STREAM CONNECTED 19828
unix 3 [ ] STREAM CONNECTED 27073
unix 3 [ ] STREAM CONNECTED 17887 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11646915
unix 3 [ ] STREAM CONNECTED 29137
unix 3 [ ] STREAM CONNECTED 9964 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9926 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 25472
unix 3 [ ] STREAM CONNECTED 26895
unix 3 [ ] STREAM CONNECTED 17890 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 22616 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 13739
unix 2 [ ] DGRAM 1888
unix 3 [ ] STREAM CONNECTED 11650050 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 9931
unix 3 [ ] STREAM CONNECTED 10713 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 29698 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19791 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 18781
unix 3 [ ] STREAM CONNECTED 29175
unix 3 [ ] STREAM CONNECTED 22926 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 16800
unix 3 [ ] STREAM CONNECTED 17821
unix 3 [ ] STREAM CONNECTED 25722
unix 3 [ ] STREAM CONNECTED 29134
unix 3 [ ] STREAM CONNECTED 9982
unix 3 [ ] STREAM CONNECTED 11600941
unix 3 [ ] STREAM CONNECTED 29149
unix 3 [ ] STREAM CONNECTED 22807
unix 3 [ ] STREAM CONNECTED 19827 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19787
unix 3 [ ] STREAM CONNECTED 11649036 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 18725
unix 3 [ ] STREAM CONNECTED 19118935
unix 3 [ ] STREAM CONNECTED 11600942
unix 3 [ ] STREAM CONNECTED 19826 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 12682 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 13740
unix 3 [ ] STREAM CONNECTED 29146
unix 3 [ ] STREAM CONNECTED 18069 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25471
unix 3 [ ] STREAM CONNECTED 10696
unix 3 [ ] STREAM CONNECTED 26907
unix 3 [ ] STREAM CONNECTED 11595 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 385572 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 16960
unix 2 [ ] DGRAM 18791
unix 3 [ ] STREAM CONNECTED 25727
unix 3 [ ] STREAM CONNECTED 386371 @/tmp/dbus-6njYObGL
unix 3 [ ] STREAM CONNECTED 15736 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 15472560 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11646904
unix 3 [ ] STREAM CONNECTED 9938
unix 3 [ ] STREAM CONNECTED 18636854
unix 3 [ ] STREAM CONNECTED 18031 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9746 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 27749
unix 3 [ ] STREAM CONNECTED 12590 @/tmp/dbus-6njYObGL
unix 3 [ ] STREAM CONNECTED 25349 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 15434642
unix 3 [ ] STREAM CONNECTED 29119
unix 3 [ ] DGRAM 12386
unix 3 [ ] STREAM CONNECTED 18003
unix 2 [ ] STREAM CONNECTED 26824
unix 3 [ ] STREAM CONNECTED 11525620 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 29139
unix 2 [ ] DGRAM 27423
unix 3 [ ] DGRAM 10701
unix 3 [ ] STREAM CONNECTED 18013 @/tmp/dbus-6njYObGL
unix 3 [ ] STREAM CONNECTED 27847 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 18834 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 13766 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15732 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 11593 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 11591 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 22749 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25460
unix 3 [ ] STREAM CONNECTED 13762 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 11649027 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 26851
unix 3 [ ] STREAM CONNECTED 25469
unix 2 [ ] DGRAM 19935
unix 2 [ ] DGRAM 15666
unix 3 [ ] STREAM CONNECTED 27003
unix 3 [ ] STREAM CONNECTED 9830 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 17819
unix 3 [ ] STREAM CONNECTED 13917
unix 3 [ ] STREAM CONNECTED 29179
unix 3 [ ] STREAM CONNECTED 12879
unix 3 [ ] STREAM CONNECTED 24377 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 10599
unix 3 [ ] STREAM CONNECTED 12871
unix 3 [ ] STREAM CONNECTED 9892 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 11589 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15746 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 10026580
unix 3 [ ] STREAM CONNECTED 22820 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 347728 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 27683 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 21115 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 9910 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 13916
unix 3 [ ] STREAM CONNECTED 9911 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 29181
unix 3 [ ] STREAM CONNECTED 10557 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 10026581
unix 3 [ ] STREAM CONNECTED 371416
unix 3 [ ] STREAM CONNECTED 27697 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11606 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 11645772
unix 3 [ ] STREAM CONNECTED 12169 @/tmp/dbus-DeTvJFKbY1
unix 2 [ ] STREAM CONNECTED 18564957
unix 3 [ ] STREAM CONNECTED 12822 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 24273
unix 3 [ ] STREAM CONNECTED 16815
unix 3 [ ] STREAM CONNECTED 287742 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 29169
unix 3 [ ] STREAM CONNECTED 19824 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 13737
unix 3 [ ] STREAM CONNECTED 22700 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 25256
unix 3 [ ] DGRAM 1891
unix 3 [ ] STREAM CONNECTED 19199597
unix 3 [ ] STREAM CONNECTED 387499
unix 3 [ ] STREAM CONNECTED 27679
unix 3 [ ] STREAM CONNECTED 19074834 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 29151
unix 3 [ ] STREAM CONNECTED 22859
unix 3 [ ] STREAM CONNECTED 21833
unix 3 [ ] STREAM CONNECTED 11525619 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 16958
unix 3 [ ] STREAM CONNECTED 19825 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 29130
unix 3 [ ] STREAM CONNECTED 10748
unix 3 [ ] STREAM CONNECTED 12823 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 24250
unix 2 [ ] DGRAM 19921
unix 3 [ ] STREAM CONNECTED 27098
unix 3 [ ] STREAM CONNECTED 27056
unix 2 [ ] DGRAM 18621980
unix 3 [ ] STREAM CONNECTED 26656
unix 3 [ ] STREAM CONNECTED 387498
unix 3 [ ] STREAM CONNECTED 17719
unix 3 [ ] STREAM CONNECTED 11525617
unix 3 [ ] STREAM CONNECTED 29167
unix 3 [ ] STREAM CONNECTED 29128
unix 3 [ ] STREAM CONNECTED 25900
unix 3 [ ] STREAM CONNECTED 22832
unix 3 [ ] STREAM CONNECTED 10697 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 27760
unix 3 [ ] STREAM CONNECTED 18848
unix 3 [ ] STREAM CONNECTED 29157
unix 3 [ ] STREAM CONNECTED 10702 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 17904 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 19199598
unix 3 [ ] STREAM CONNECTED 21175
unix 3 [ ] STREAM CONNECTED 9748 /run/dbus/system_bus_socket
unix 2 [ ] DGRAM 13706
unix 3 [ ] STREAM CONNECTED 29172
unix 3 [ ] STREAM CONNECTED 18112 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 18843
unix 3 [ ] STREAM CONNECTED 11525612 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 29160
unix 3 [ ] STREAM CONNECTED 29155
unix 3 [ ] STREAM CONNECTED 21214
unix 3 [ ] STREAM CONNECTED 9925
unix 3 [ ] STREAM CONNECTED 11600937 @/tmp/dbus-zhn6WR4h1M
unix 3 [ ] STREAM CONNECTED 18617341
unix 3 [ ] STREAM CONNECTED 17969 @/tmp/dbus-DeTvJFKbY1
unix 2 [ ] DGRAM 18564979
unix 3 [ ] STREAM CONNECTED 16795
unix 3 [ ] STREAM CONNECTED 28716
unix 3 [ ] STREAM CONNECTED 28710 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 11648741
unix 3 [ ] STREAM CONNECTED 15670
unix 3 [ ] STREAM CONNECTED 27125 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 25478 @/tmp/.X11-unix/X0
unix 2 [ ] DGRAM 11550
unix 3 [ ] STREAM CONNECTED 9916
unix 3 [ ] STREAM CONNECTED 9823
unix 3 [ ] STREAM CONNECTED 19714
unix 3 [ ] STREAM CONNECTED 28723
unix 3 [ ] STREAM CONNECTED 22674
unix 3 [ ] STREAM CONNECTED 12828 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 9917
unix 3 [ ] STREAM CONNECTED 18617340
unix 3 [ ] STREAM CONNECTED 22856 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 11594 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 23996 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 18842
unix 3 [ ] STREAM CONNECTED 12599 @/tmp/dbus-6njYObGL
unix 3 [ ] STREAM CONNECTED 12588 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 22685 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 11650049 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11570 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 26786 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 12631 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 12609 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 12212
unix 3 [ ] STREAM CONNECTED 27091
unix 3 [ ] STREAM CONNECTED 18840
unix 3 [ ] STREAM CONNECTED 12598 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 11646900
unix 3 [ ] STREAM CONNECTED 11587 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15473034 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 10026582
unix 3 [ ] STREAM CONNECTED 13751
unix 3 [ ] STREAM CONNECTED 17842 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 18106
unix 3 [ ] STREAM CONNECTED 29753
unix 3 [ ] STREAM CONNECTED 9920 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 25348
unix 3 [ ] STREAM CONNECTED 10007
unix 3 [ ] STREAM CONNECTED 18070 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 28715
unix 3 [ ] STREAM CONNECTED 10703 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 9891 /run/systemd/journal/stdout
unix 3 [ ] DGRAM 12385
unix 3 [ ] STREAM CONNECTED 11647527 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 18101
unix 3 [ ] STREAM CONNECTED 23992
unix 3 [ ] STREAM CONNECTED 22791
unix 3 [ ] STREAM CONNECTED 11543 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 29164
unix 3 [ ] STREAM CONNECTED 9903 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 18025 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 24290
unix 3 [ ] STREAM CONNECTED 9825 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 18102
unix 3 [ ] STREAM CONNECTED 12825 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 29751
unix 3 [ ] STREAM CONNECTED 15766
unix 3 [ ] STREAM CONNECTED 29124
unix 3 [ ] STREAM CONNECTED 28698
unix 3 [ ] STREAM CONNECTED 10705 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 19927
unix 3 [ ] STREAM CONNECTED 11600943 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 22753 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 17971
unix 3 [ ] STREAM CONNECTED 27124 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 29715 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 12627 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 16804 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 10523 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 29166
unix 3 [ ] STREAM CONNECTED 23995 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 29723
unix 3 [ ] STREAM CONNECTED 13835
unix 3 [ ] STREAM CONNECTED 13757
unix 3 [ ] STREAM CONNECTED 29176
unix 3 [ ] STREAM CONNECTED 17030
unix 3 [ ] STREAM CONNECTED 22811 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 29131
unix 2 [ ] DGRAM 19128363
unix 3 [ ] STREAM CONNECTED 29199
unix 3 [ ] STREAM CONNECTED 17923 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 29143
unix 3 [ ] STREAM CONNECTED 27101
unix 3 [ ] STREAM CONNECTED 27667 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25463
unix 3 [ ] STREAM CONNECTED 18864 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 1946
unix 3 [ ] STREAM CONNECTED 15434641
unix 3 [ ] STREAM CONNECTED 11256791
unix 3 [ ] STREAM CONNECTED 29148
unix 2 [ ] DGRAM 27385
unix 3 [ ] STREAM CONNECTED 29701 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15733 /run/dbus/system_bus_socket
unix 2 [ ] DGRAM 25909
unix 3 [ ] STREAM CONNECTED 11649035 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 29178
unix 3 [ ] STREAM CONNECTED 22792
unix 3 [ ] STREAM CONNECTED 29724
unix 3 [ ] STREAM CONNECTED 13756
unix 3 [ ] STREAM CONNECTED 25475 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 29145
unix 3 [ ] STREAM CONNECTED 15791 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 17820
unix 3 [ ] STREAM CONNECTED 11592 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 29133
unix 3 [ ] STREAM CONNECTED 21231 /run/user/1000/pulse/native
unix 3 [ ] STREAM CONNECTED 9979 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 22810 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 24323 /run/user/1000/ksocket-Luser/kdeinit4__0
unix 3 [ ] STREAM CONNECTED 11588 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 13789
unix 2 [ ] DGRAM 25259
unix 2 [ ] DGRAM 18634316
unix 3 [ ] STREAM CONNECTED 389181
unix 3 [ ] STREAM CONNECTED 29142
unix 2 [ ] DGRAM 25724
unix 3 [ ] STREAM CONNECTED 11525618
unix 3 [ ] STREAM CONNECTED 25483
unix 3 [ ] STREAM CONNECTED 17919 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 12164
unix 3 [ ] STREAM CONNECTED 15792 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 10709 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 10720
unix 3 [ ] STREAM CONNECTED 12224
unix 3 [ ] STREAM CONNECTED 24248
unix 3 [ ] STREAM CONNECTED 18636855
unix 3 [ ] STREAM CONNECTED 29122
unix 3 [ ] STREAM CONNECTED 25519
unix 3 [ ] STREAM CONNECTED 29118
unix 3 [ ] STREAM CONNECTED 9833
unix 3 [ ] STREAM CONNECTED 12826 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19842
unix 3 [ ] DGRAM 10700
unix 3 [ ] STREAM CONNECTED 24439
unix 3 [ ] STREAM CONNECTED 17726 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 18833
unix 3 [ ] STREAM CONNECTED 10026584
unix 3 [ ] STREAM CONNECTED 29140
unix 2 [ ] DGRAM 25517
unix 3 [ ] STREAM CONNECTED 25210
unix 3 [ ] STREAM CONNECTED 16904
unix 3 [ ] STREAM CONNECTED 19792 @/tmp/.ICE-unix/1886
unix 3 [ ] STREAM CONNECTED 29120
unix 3 [ ] STREAM CONNECTED 14971847 @/tmp/dbus-6njYObGL
unix 3 [ ] STREAM CONNECTED 15740 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 29117
unix 3 [ ] STREAM CONNECTED 18103 @/tmp/dbus-DeTvJFKbY1
unix 3 [ ] STREAM CONNECTED 24448
unix 3 [ ] STREAM CONNECTED 29282
unix 3 [ ] STREAM CONNECTED 19820
unix 3 [ ] STREAM CONNECTED 25163
unix 3 [ ] STREAM CONNECTED 28711 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 25853
unix 3 [ ] STREAM CONNECTED 22877 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15434643
unix 3 [ ] STREAM CONNECTED 18767
unix 3 [ ] STREAM CONNECTED 18863 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19821
unix 3 [ ] STREAM CONNECTED 23994 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 25770
unix 3 [ ] STREAM CONNECTED 24576
unix 3 [ ] STREAM CONNECTED 26908
unix 3 [ ] STREAM CONNECTED 11560 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 25679
unix 3 [ ] STREAM CONNECTED 28714 @/tmp/dbus-DeTvJFKbY1
unix 2 [ ] DGRAM 27409
unix 3 [ ] STREAM CONNECTED 29182
unix 3 [ ] STREAM CONNECTED 27763 @/tmp/dbus-6njYObGL
unix 3 [ ] STREAM CONNECTED 17925 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 18024
unix 3 [ ] STREAM CONNECTED 26718
unix 3 [ ] STREAM CONNECTED 18115
unix 3 [ ] STREAM CONNECTED 11647532 /run/user/1000/pulse/native
unix 3 [ ] STREAM CONNECTED 18782
unix 3 [ ] STREAM CONNECTED 11525613 @/tmp/dbus-zhn6WR4h1M
unix 3 [ ] STREAM CONNECTED 25516
unix 3 [ ] STREAM CONNECTED 10456
unix 2 [ ] DGRAM 9452
unix 3 [ ] STREAM CONNECTED 29697
unix 3 [ ] STREAM CONNECTED 9893 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 11604 /run/systemd/journal/stdout
ss - show sockets
--> /usr/sbin/ss -s
Total: 850 (kernel 0)
TCP: 14 (estab 4, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
* 0 - -
RAW 0 0 0
UDP 11 6 5
TCP 14 9 5
INET 25 15 10
FRAG 0 0 0
----------------------------------------------------------------
--> /usr/sbin/ss --help
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help this message
-V, --version output version information
-n, --numeric don't resolve service names
-r, --resolve resolve host names
-a, --all display all sockets
-l, --listening display listening sockets
-o, --options show timer information
-e, --extended show detailed socket information
-m, --memory show socket memory usage
-p, --processes show process using socket
-i, --info show internal TCP information
-s, --summary show socket usage summary
-b, --bpf show bpf filter socket information
-Z, --context display process SELinux security contexts
-z, --contexts display process and socket SELinux security contexts
-4, --ipv4 display only IP version 4 sockets
-6, --ipv6 display only IP version 6 sockets
-0, --packet display PACKET sockets
-t, --tcp display only TCP sockets
-u, --udp display only UDP sockets
-d, --dccp display only DCCP sockets
-w, --raw display only RAW sockets
-x, --unix display only Unix domain sockets
-f, --family=FAMILY display sockets of type FAMILY
-A, --query=QUERY, --socket=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]
-D, --diag=FILE Dump raw information about TCP sockets to FILE
-F, --filter=FILE read filter information from FILE
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
------------------------------------------------
--> /usr/sbin/ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 164 199.203.234.125:ssh 199.203.247.86:51945
ESTAB 0 0 199.203.234.125:42803 199.203.234.137:ssh
ESTAB 0 0 199.203.234.125:42805 199.203.234.137:ssh
ESTAB 0 0 199.203.234.125:ssh 199.203.247.86:52096
----------------------------------------------
--> /usr/sbin/ss -tpi
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 164 199.203.234.125:ssh 199.203.247.86:51945
cubic wscale:8,7 rto:203 rtt:2.188/2.159 ato:40 mss:1460 cwnd:10 ssthresh:18 send 53.4Mbps pacing_rate 106.7Mbps unacked:1 rcv_rtt:64819 rcv_space:58900
ESTAB 0 0 199.203.234.125:42803 199.203.234.137:ssh users:(("ssh",pid=28295,fd=3))
cubic wscale:7,7 rto:201 rtt:0.97/0.447 ato:40 mss:1448 cwnd:10 send 119.4Mbps pacing_rate 238.6Mbps rcv_rtt:2 rcv_space:29200
ESTAB 0 0 199.203.234.125:42805 199.203.234.137:ssh users:(("ssh",pid=28387,fd=3))
cubic wscale:7,7 rto:201 rtt:0.818/0.107 ato:40 mss:1448 cwnd:10 send 141.6Mbps pacing_rate 283.0Mbps rcv_rtt:1 rcv_space:29200
ESTAB 0 0 199.203.234.125:ssh 199.203.247.86:52096
cubic wscale:8,7 rto:202 rtt:1.489/0.57 ato:40 mss:1460 cwnd:10 ssthresh:16 send 78.4Mbps pacing_rate 156.9Mbps rcv_rtt:64586 rcv_space:29648
------------------------------------------------
vmstat - virtual memory stats - uptime, pmap, pstree, etc.
--> vmstat
procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
r b swpd free buff cache si so bi bo in cs us sy id wa st
1 0 0 2384724 350460 2329108 0 0 0 0 1 0 0 0 100 0 0
------------------------------------------------
--> uptime
16:24pm up 47 days 4:15, 7 users, load average: 0.00, 0.01, 0.05
-----------------------------------------------
--> pmap vi
No process with pid 0 found
------------------------------------------------
( if some of the characters below do not display properly, try to view using "Unicode" in your browser)
------------------------------------------------
--> pstree
systemd─┬─ModemManager─┬─{gdbus}
│ └─{gmain}
├─agetty
├─at-spi-bus-laun─┬─dbus-daemon
│ ├─{dconf worker}
│ ├─{gdbus}
│ └─{gmain}
├─at-spi2-registr───{gdbus}
├─auditd───{auditd}
├─avahi-daemon
├─baloo_file───{QProcessManager}
├─bluetoothd
├─console-kit-dae─┬─62*[{console-kit-dae}]
│ ├─{gdbus}
│ └─{gmain}
├─cron
├─cupsd
├─2*[dbus-daemon]
├─dbus-launch
├─dconf-service─┬─{gdbus}
│ └─{gmain}
├─deja-dup─┬─{dconf worker}
│ ├─{gdbus}
│ └─{threaded-ml}
├─dmeventd
├─gconfd-2
├─goa-daemon─┬─{gdbus}
│ ├─{gmain}
│ └─{pool}
├─gvfs-afc-volume─┬─{gdbus}
│ └─{gvfs-afc-volume}
├─gvfs-goa-volume───{gdbus}
├─gvfs-gphoto2-vo───{gdbus}
├─gvfs-mtp-volume───{gdbus}
├─gvfs-udisks2-vo─┬─{gdbus}
│ └─{gmain}
├─gvfsd───{gdbus}
├─gvfsd-fuse─┬─{gdbus}
│ ├─{gvfs-fuse-sub}
│ └─2*[{gvfsd-fuse}]
├─gvfsd-metadata───{gdbus}
├─haveged
├─ibus-daemon─┬─ibus-dconf─┬─{gdbus}
│ │ └─{gmain}
│ ├─ibus-engine-sim─┬─{gdbus}
│ │ └─{gmain}
│ ├─kimpanel-ibus-p─┬─{QProcessManager}
│ │ ├─{gdbus}
│ │ └─{gmain}
│ ├─{gdbus}
│ └─{gmain}
├─ibus-x11─┬─{gdbus}
│ └─{gmain}
├─irqbalance
├─kactivitymanage─┬─{QInotifyFileSys}
│ └─4*[{QThread}]
├─kded4─┬─{KCupsConnection}
│ ├─{QInotifyFileSys}
│ ├─{QThread}
│ └─{gdbus}
├─kdeinit4─┬─deja-dup-monito─┬─{dconf worker}
│ │ └─{gdbus}
│ ├─klauncher
│ ├─ksmserver─┬─kscreenlocker_g─┬─{QInotifyFileSys}
│ │ │ └─{kscreenlocker_g}
│ │ ├─kwin─┬─{QProcessManager}
│ │ │ └─{kwin}
│ │ └─{QProcessManager}
│ ├─parcellite─┬─{gdbus}
│ │ └─{gmain}
│ ├─python───python───python
│ ├─tracker-extract─┬─{dconf worker}
│ │ ├─{gdbus}
│ │ ├─{gmain}
│ │ └─10*[{pool}]
│ ├─tracker-miner-a─┬─{gdbus}
│ │ └─{gmain}
│ ├─tracker-miner-f─┬─{dconf worker}
│ │ ├─{gdbus}
│ │ └─{gmain}
│ └─tracker-miner-u─┬─{gdbus}
│ └─{gmain}
├─kdesud
├─kdm─┬─Xorg
│ └─kdm───ck-launch-sessi───startkde─┬─kwrapper4
│ └─ssh-agent
├─kglobalaccel
├─klipper
├─kmix───2*[{QInotifyFileSys}]
├─knotify4───{QInotifyFileSys}
├─konsole─┬─2*[bash───ssh]
│ ├─{QInotifyFileSys}
│ └─{QProcessManager}
├─krunner───{QInotifyFileSys}
├─kuiserver
├─lvmetad
├─master─┬─pickup
│ └─qmgr
├─mcelog
├─mission-control─┬─{dconf worker}
│ └─{gdbus}
├─nscd───10*[{nscd}]
├─ntpd───ntpd
├─packagekitd─┬─{gdbus}
│ ├─{gmain}
│ └─{pool}
├─plasma-desktop─┬─2*[{QInotifyFileSys}]
│ └─{plasma-desktop}
├─polkit-kde-auth───{gdbus}
├─polkitd─┬─{JS GC Helper}
│ ├─{JS Sour~ Thread}
│ ├─{gdbus}
│ ├─{gmain}
│ └─{runaway-killer-}
├─pulseaudio─┬─gconf-helper
│ ├─{alsa-sink-ALC26}
│ ├─{alsa-sink-HDMI }
│ └─{alsa-source-ALC}
├─rtkit-daemon───2*[{rtkit-daemon}]
├─sshd─┬─sshd───sshd───bash───pstree
│ └─sshd───sshd───bash───sudo───su───bash───script───script───bash
├─start_kdeinit
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
├─systemd-udevd
├─tracker-store─┬─{dconf worker}
│ ├─{gdbus}
│ ├─{gmain}
│ └─4*[{pool}]
├─udisksd─┬─{cleanup}
│ ├─{gdbus}
│ ├─{gmain}
│ └─{probing-thread}
├─upowerd─┬─{gdbus}
│ └─{gmain}
├─wickedd
├─wickedd-auto4
├─wickedd-dhcp4
├─wickedd-dhcp6
├─wickedd-nanny
└─wpa_supplicant
--> free
total used free shared buffers cached
Mem: 16385544 14012432 2373112 23172 350492 2334864
-/+ buffers/cache: 11327076 5058468
Swap: 16777212 0 16777212
--> ps ax | grep sshd
2124 ? Ss 0:00 /usr/sbin/sshd -D
3083 pts/3 S+ 0:00 grep --color=auto sshd
26520 ? Ss 0:00 sshd: Luser [priv]
26523 ? S 0:06 sshd: Luser@pts/3
26793 ? Ss 0:00 sshd: Luser [priv]
26804 ? S 0:04 sshd: Luser@pts/4
-----------------------------------------------------------------------------
--> cat /proc/1093/cmdline
/usr/lib/wicked/bin/wickedd-auto4--systemd--foreground
--> ps -ef | grep 1093
root 1093 1 0 Apr23 ? 00:00:00 /usr/lib/wicked/bin/wickedd-auto4 --systemd –foreground
--> man wicked
NAME
wicked - network management utility
SYNOPSIS
wicked [global-options] ifup [options] interface
wicked [global-options] ifdown [options] interface
wicked [global-options] ifreload [options] interface
wicked [global-options] ifstatus [options] interface
wicked [global-options] ifcheck [options] interface
wicked [global-options] show-config [options] [interface]
wicked [global-options] convert [options] [file ... ]
wicked [global-options] show-xml [options] [interface]
wicked [global-options] xpath [options] format...
wicked [global-options] getnames [options] device...
DESCRIPTION
wicked offers access to the wicked network managment service from the command line. It can be used to display
the current state of network devices, to bring interfaces up or down, or to check their operational status.
Conceptually, the wicked network management system deals with two very distinct classes of information. One is
the set of configuration files stored somewhere in the system; the other is the current configuration state
maintained by the kernel and closely related system daemons like pppd(8) or openvpn(8).
Currently, wicked only supports sysconfig style ifcfg- files. Data present in these config files is converted
to an internal XML representation.
The server only knows about the latter, but does not parse any configuration files, and does not maintain any
state besides what is actually in effect. On the other hand, the client never probes the kernel directly to
obtain the current system state. The client's job is to parse the configuration file(s) handed to it by the
user, process and convert them to policies, and hand them off to wickedd-nanny. wickedd-nanny then performs
device configuration when policy conditions have been met.
The client, nanny and server processes communicate with each other over DBus.
OPTIONS
wicked supports a set of options common to all subcommands. These options must precede the subcommand, as in
# wicked --dry-run ifup eth0
--------------------------------------------
NAME
wicked - network management utility
SYNOPSIS
wicked [global-options] ifup [options] interface
wicked [global-options] ifdown [options] interface
wicked [global-options] ifreload [options] interface
wicked [global-options] ifstatus [options] interface
wicked [global-options] ifcheck [options] interface
wicked [global-options] show-config [options] [interface]
wicked [global-options] convert [options] [file ... ]
wicked [global-options] show-xml [options] [interface]
wicked [global-options] xpath [options] format...
wicked [global-options] getnames [options] device...
DESCRIPTION
wicked offers access to the wicked network managment service from the command line. It can be used to display the
current state of network devices, to bring interfaces up or down, or to check their operational status.
Conceptually, the wicked network management system deals with two very distinct classes of information. One is
the set of configuration files stored somewhere in the system; the other is the current configuration state main-
tained by the kernel and closely related system daemons like pppd(8) or openvpn(8).
Currently, wicked only supports sysconfig style ifcfg- files. Data present in these config files is converted to
an internal XML representation.
The server only knows about the latter, but does not parse any configuration files, and does not maintain any
state besides what is actually in effect. On the other hand, the client never probes the kernel directly to
obtain the current system state. The client's job is to parse the configuration file(s) handed to it by the user,
process and convert them to policies, and hand them off to wickedd-nanny. wickedd-nanny then performs device
configuration when policy conditions have been met.
The client, nanny and server processes communicate with each other over DBus.
OPTIONS
wicked supports a set of options common to all subcommands. These options must precede the subcommand, as in
# wicked --dry-run ifup eth0
Currently, wicked supports the following list of options:
--config filename
----------------------------------------
--> more /proc/cgroups
#subsys_name hierarchy num_cgroups enabled
cpuset 2 1 1
cpu 3 1 1
cpuacct 3 1 1
memory 4 1 1
devices 5 1 1
freezer 6 1 1
net_cls 7 1 1
blkio 8 1 1
perf_event 9 1 1
net_prio 7 1 1
hugetlb 10 1 1
--------------------------------------
lsof - The open files included are disk files, network sockets, pipes, devices and processes.
--> lsof -h
lsof 4.84
latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]]
[-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
[+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]
Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.
-?|-h list help -a AND selections (OR) -b avoid kernel blocks
-c c cmd c ^c /c/[bix] +c w COMMAND width (9) +d s dir s files
-d s select by FD set +D D dir D tree *SLOW?* -i select IPv[46] files
-K list tasKs -l list UID numbers -n no host names
-N select NFS files -o list file offset -O avoid overhead *RISKY*
-P no port names -R list paRent PID -s list file size
-t terse listing -T disable TCP/TPI info -U select Unix socket
-v list version info -V verbose search +|-w Warnings (+)
-X skip TCP&UDP* files -Z Z context [Z] -- end option scan
+f|-f +filesystem or -file names +|-f[gG] flaGs
-F [f] select fields; -F? for help
+|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)
+m [m] use|create mount supplement
+|-M portMap registration (-) -o o o 0t offset digits (8)
-p s exclude(^)|select PIDs -S [t] t second stat timeout (15)
-T qs TCP/TPI Q,St (s) info
-g [s] exclude(^)|select and print process group IDs
-i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]
+|-r [t[m]] repeat every t seconds (15); + until no files, - forever.
An optional suffix to t is m; m must separate t from and
is an strftime(3) format for the marker line.
-s p:s exclude(^)|select protocol (p = TCP|UDP) states by name(s).
-u s exclude(^)|select login|UID set s
-x [fl] cross over +d|+D File systems or symbolic Links
names select named files or files on named file systems
Anyone can list all files; /dev warnings disabled; kernel ID check disabled.
--> lsof -c ssh
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssh-agent 1623 Luser cwd unknown /proc/1623/cwd (readlink: Permission denied)
ssh-agent 1623 Luser rtd unknown /proc/1623/root (readlink: Permission denied)
ssh-agent 1623 Luser txt unknown /proc/1623/exe (readlink: Permission denied)
ssh-agent 1623 Luser NOFD /proc/1623/fd (opendir: Permission denied)
sshd 2124 root cwd unknown /proc/2124/cwd (readlink: Permission denied)
sshd 2124 root rtd unknown /proc/2124/root (readlink: Permission denied)
sshd 2124 root txt unknown /proc/2124/exe (readlink: Permission denied)
sshd 2124 root NOFD /proc/2124/fd (opendir: Permission denied)
sshd 26520 root cwd unknown /proc/26520/cwd (readlink: Permission denied)
sshd 26520 root rtd unknown /proc/26520/root (readlink: Permission denied)
sshd 26520 root txt unknown /proc/26520/exe (readlink: Permission denied)
sshd 26520 root NOFD /proc/26520/fd (opendir: Permission denied)
sshd 26523 Luser cwd unknown /proc/26523/cwd (readlink: Permission denied)
sshd 26523 Luser rtd unknown /proc/26523/root (readlink: Permission denied)
sshd 26523 Luser txt unknown /proc/26523/exe (readlink: Permission denied)
sshd 26523 Luser NOFD /proc/26523/fd (opendir: Permission denied)
sshd 26793 root cwd unknown /proc/26793/cwd (readlink: Permission denied)
sshd 26793 root rtd unknown /proc/26793/root (readlink: Permission denied)
sshd 26793 root txt unknown /proc/26793/exe (readlink: Permission denied)
sshd 26793 root NOFD /proc/26793/fd (opendir: Permission denied)
sshd 26804 Luser cwd unknown /proc/26804/cwd (readlink: Permission denied)
sshd 26804 Luser rtd unknown /proc/26804/root (readlink: Permission denied)
sshd 26804 Luser txt unknown /proc/26804/exe (readlink: Permission denied)
sshd 26804 Luser NOFD /proc/26804/fd (opendir: Permission denied)
ssh 28295 Luser cwd DIR 254,1 4096 144212 /home/Luser/.ssh
ssh 28295 Luser rtd DIR 254,1 4096 2 /
ssh 28295 Luser txt REG 254,1 686856 399566 /usr/bin/ssh
ssh 28295 Luser mem REG 254,1 14632 524313 /lib64/libkeyutils.so.1.5
ssh 28295 Luser mem REG 254,1 137435 524387 /lib64/libpthread-2.19.so
ssh 28295 Luser mem REG 254,1 52448 395506 /usr/lib64/libkrb5support.so.0.1
ssh 28295 Luser mem REG 254,1 14712 394230 /usr/lib64/libcom_err.so.2.1
ssh 28295 Luser mem REG 254,1 191376 395537 /usr/lib64/libk5crypto.so.3.1
ssh 28295 Luser mem REG 254,1 855272 394141 /usr/lib64/libkrb5.so.3.3
ssh 28295 Luser mem REG 254,1 432120 395474 /usr/lib64/libpcre.so.1.2.3
ssh 28295 Luser mem REG 254,1 1978611 524390 /lib64/libc-2.19.so
ssh 28295 Luser mem REG 254,1 294688 394089 /usr/lib64/libgssapi_krb5.so.2.2
ssh 28295 Luser mem REG 254,1 98070 524395 /lib64/libresolv-2.19.so
ssh 28295 Luser mem REG 254,1 88216 524376 /lib64/libz.so.1.2.8
ssh 28295 Luser mem REG 254,1 18904 524377 /lib64/libdl-2.19.so
ssh 28295 Luser mem REG 254,1 2220432 524319 /lib64/libcrypto.so.1.0.0
ssh 28295 Luser mem REG 254,1 138792 524292 /lib64/libselinux.so.1
ssh 28295 Luser mem REG 254,1 158190 524326 /lib64/ld-2.19.so
ssh 28295 Luser DEL REG 0,17 15667 /run/nscd/dbOmCRiY
ssh 28295 Luser 0u CHR 199,1 0t0 4 /dev/pts/1
ssh 28295 Luser 1u CHR 199,1 0t0 4 /dev/pts/1
ssh 28295 Luser 2u CHR 199,1 0t0 4 /dev/pts/1
ssh 28295 Luser 3u IPv4 401737 0t0 TCP lab-eCFD1:42803->lab-ecfd2.somecompany.com:ssh (ESTABLISHED)
ssh 28295 Luser 4u CHR 199,1 0t0 4 /dev/pts/1
ssh 28295 Luser 5u CHR 199,1 0t0 4 /dev/pts/1
ssh 28295 Luser 6u CHR 199,1 0t0 4 /dev/pts/1
ssh 28387 Luser cwd DIR 254,1 4096 144212 /home/Luser/.ssh
ssh 28387 Luser rtd DIR 254,1 4096 2 /
ssh 28387 Luser txt REG 254,1 686856 399566 /usr/bin/ssh
ssh 28387 Luser mem REG 254,1 14632 524313 /lib64/libkeyutils.so.1.5
ssh 28387 Luser mem REG 254,1 137435 524387 /lib64/libpthread-2.19.so
ssh 28387 Luser mem REG 254,1 52448 395506 /usr/lib64/libkrb5support.so.0.1
ssh 28387 Luser mem REG 254,1 14712 394230 /usr/lib64/libcom_err.so.2.1
ssh 28387 Luser mem REG 254,1 191376 395537 /usr/lib64/libk5crypto.so.3.1
ssh 28387 Luser mem REG 254,1 855272 394141 /usr/lib64/libkrb5.so.3.3
ssh 28387 Luser mem REG 254,1 432120 395474 /usr/lib64/libpcre.so.1.2.3
ssh 28387 Luser mem REG 254,1 1978611 524390 /lib64/libc-2.19.so
ssh 28387 Luser mem REG 254,1 294688 394089 /usr/lib64/libgssapi_krb5.so.2.2
ssh 28387 Luser mem REG 254,1 98070 524395 /lib64/libresolv-2.19.so
ssh 28387 Luser mem REG 254,1 88216 524376 /lib64/libz.so.1.2.8
ssh 28387 Luser mem REG 254,1 18904 524377 /lib64/libdl-2.19.so
ssh 28387 Luser mem REG 254,1 2220432 524319 /lib64/libcrypto.so.1.0.0
ssh 28387 Luser mem REG 254,1 138792 524292 /lib64/libselinux.so.1
ssh 28387 Luser mem REG 254,1 158190 524326 /lib64/ld-2.19.so
ssh 28387 Luser DEL REG 0,17 15667 /run/nscd/dbOmCRiY
ssh 28387 Luser 0u CHR 199,2 0t0 5 /dev/pts/2
ssh 28387 Luser 1u CHR 199,2 0t0 5 /dev/pts/2
ssh 28387 Luser 2u CHR 199,2 0t0 5 /dev/pts/2
ssh 28387 Luser 3u IPv4 428093 0t0 TCP lab-eCFD1:42805->lab-ecfd2.somecompany.com:ssh (ESTABLISHED)
ssh 28387 Luser 4u CHR 199,2 0t0 5 /dev/pts/2
ssh 28387 Luser 5u CHR 199,2 0t0 5 /dev/pts/2
ssh 28387 Luser 6u CHR 199,2 0t0 5 /dev/pts/2
------------------------------------------------
--> ifconfig -a
enp0s25 Link encap:Ethernet HWaddr B8:CA:3A:BD:96:00
inet addr:199.203.234.125 Bcast:199.203.235.255 Mask:255.255.254.0
inet6 addr: fe80::baca:3aff:febd:9600/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8850960 errors:0 dropped:4077800 overruns:0 frame:0
TX packets:2006568 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1515619886 (1445.4 Mb) TX bytes:1084707663 (1034.4 Mb)
Interrupt:20 Memory:f7400000-f7420000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:146 errors:0 dropped:0 overruns:0 frame:0
TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11936 (11.6 Kb) TX bytes:11936 (11.6 Kb)
------------------------------------------------
Luser@lab-eCFD1 [/home/Luser]
------------------------------------------------
--> tcpdump -i enp0s25
tcpdump: enp0s25: You don't have permission to capture on that device
(socket: Operation not permitted)
------------------------------------------------
Luser@lab-eCFD1 [/home/Luser]
------------------------------------------------
--> sudo tcpdump -i enp0s25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s25, link-type EN10MB (Ethernet), capture size 262144 bytes
16:51:40.276623 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 4023178631:4023178827, ack 760058642, win 538, length 196
16:51:40.277892 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1:53, ack 196, win 12437, length 52
16:51:40.277934 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 53, win 538, length 0
16:51:40.350276 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8216.00:1c:0e:ec:68:00.8428, length 42
16:51:40.360256 IP rp45-02b-v534-1.ns.cs.somecompany.com.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=active group=234 addr=rp45-02b-v534.ns.cs.somecompany.com
16:51:40.530418 01:80:c2:00:00:01 (oui Unknown) > Broadcast, ethertype Unknown (0x8874), length 60:
0x0000: e00b 8a21 76d8 2c91 fe02 b000 0000 0000 ...!v.,.........
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
16:51:40.721164 IP rp45-02a-v534.ns.cs.somecompany.com.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=standby group=234 addr=rp45-02b-v534.ns.cs.somecompany.com
16:51:41.279509 IP lab-eCFD1.48940 > dnspac1.ns.cs.somecompany.com.domain: 10254+ PTR? 86.247.203.199.in-addr.arpa. (45)
16:51:41.282455 IP dnspac1.ns.cs.somecompany.com.domain > lab-eCFD1.48940: 10254 1/0/0 PTR thelab-wkstn.pnw.somecompany.com. (85)
16:51:41.282764 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 196:504, ack 53, win 538, length 308
16:51:41.282991 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 504:816, ack 53, win 538, length 312
16:51:41.283030 IP lab-eCFD1.55835 > dnspac1.ns.cs.somecompany.com.domain: 17339+ PTR? 2.0.0.224.in-addr.arpa. (40)
16:51:41.283816 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [.], ack 816, win 12434, length 0
16:51:41.283851 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 53:105, ack 816, win 12434, length 52
16:51:41.283859 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 105, win 538, length 0
16:51:41.283873 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 105:157, ack 816, win 12434, length 52
16:51:41.283878 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 157, win 538, length 0
16:51:41.283882 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 157:209, ack 816, win 12434, length 52
16:51:41.283885 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 209, win 538, length 0
16:51:41.286070 IP dnspac1.ns.cs.somecompany.com.domain > lab-eCFD1.55835: 17339 NXDomain 0/1/0 (123)
16:51:41.286478 IP lab-eCFD1.50333 > dnspac1.ns.cs.somecompany.com.domain: 59151+ PTR? 2.158.12.10.in-addr.arpa. (42)
16:51:41.289738 IP dnspac1.ns.cs.somecompany.com.domain > lab-eCFD1.50333: 59151 1/0/0 PTR rp45-02b-v534-1.ns.cs.somecompany.com. (88)
16:51:41.290188 IP lab-eCFD1.41251 > dnspac1.ns.cs.somecompany.com.domain: 19438+ PTR? 1.158.12.10.in-addr.arpa. (42)
16:51:41.293158 IP dnspac1.ns.cs.somecompany.com.domain > lab-eCFD1.41251: 19438 1/0/0 PTR rp45-02b-v534.ns.cs.somecompany.com. (86)
16:51:41.293464 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 816:1012, ack 209, win 538, length 196
16:51:41.293667 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 1012:1456, ack 209, win 538, length 444
16:51:41.293796 IP lab-eCFD1.45495 > dnspac1.ns.cs.somecompany.com.domain: 7119+ PTR? 3.158.12.10.in-addr.arpa. (42)
16:51:41.294534 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [.], ack 1456, win 12432, length 0
16:51:41.296761 IP dnspac1.ns.cs.somecompany.com.domain > lab-eCFD1.45495: 7119 1/0/0 PTR rp45-02a-v534.ns.cs.somecompany.com. (86)
16:51:41.296791 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 209:261, ack 1456, win 12432, length 52
16:51:41.296800 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 261:313, ack 1456, win 12432, length 52
16:51:41.296804 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 313:365, ack 1456, win 12432, length 52
16:51:41.296806 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 365:417, ack 1456, win 12432, length 52
16:51:41.296862 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 417, win 538, length 0
16:51:41.297094 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 1456:1652, ack 417, win 538, length 196
16:51:41.309861 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 417:469, ack 1652, win 12431, length 52
16:51:41.349127 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 469, win 538, length 0
16:51:41.351447 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 80ea.00:1c:0e:ec:68:00.8428, length 42
16:51:41.530326 01:80:c2:00:00:01 (oui Unknown) > Broadcast, ethertype Unknown (0x8874), length 60:
0x0000: e00b 8a21 76d8 2c91 fe02 b000 0000 0000 ...!v.,.........
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
16:51:41.918052 IP thelab-wkstn.pnw.somecompany.com.52096 > lab-eCFD1.ssh: Flags [P.], seq 3240412909:3240412945, ack 3034650549, win 255, length 36
16:51:41.918073 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.52096: Flags [.], ack 36, win 245, length 0
16:51:42.298381 IP lab-eCFD1.43354 > dnspac1.ns.cs.somecompany.com.domain: 48892+ PTR? 53.60.124.192.in-addr.arpa. (44)
16:51:42.300697 IP dnspac1.ns.cs.somecompany.com.domain > lab-eCFD1.43354: 48892 1/0/0 PTR dnspac1.ns.cs.somecompany.com. (82)
16:51:42.301016 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 1652:2056, ack 469, win 538, length 404
16:51:42.301220 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], seq 2056:3516, ack 469, win 538, length 1460
16:51:42.301227 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 3516:3584, ack 469, win 538, length 68
16:51:42.301270 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 3584:3764, ack 469, win 538, length 180
16:51:42.301995 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], seq 3764:5224, ack 469, win 538, length 1460
16:51:42.301998 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 5224:5328, ack 469, win 538, length 104
16:51:42.301520 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 5328:6772, ack 469, win 538, length 1444
16:51:42.301782 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 6772:7064, ack 469, win 538, length 292
16:51:42.302400 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 469:521, ack 2056, win 12429, length 52
16:51:42.302430 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 521, win 538, length 0
16:51:42.302444 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [.], ack 3764, win 12423, length 0
16:51:42.302991 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [.], ack 7064, win 12410, length 0
16:51:42.316741 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 521:573, ack 7064, win 12410, length 52
16:51:42.316762 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 573, win 538, length 0
16:51:42.316772 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 573:625, ack 7064, win 12410, length 52
16:51:42.316777 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 625, win 538, length 0
16:51:42.316788 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 625:677, ack 7064, win 12410, length 52
16:51:42.316791 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 677, win 538, length 0
16:51:42.317021 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 677:729, ack 7064, win 12410, length 52
16:51:42.317041 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 729, win 538, length 0
16:51:42.317050 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 729:781, ack 7064, win 12410, length 52
16:51:42.317054 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 781, win 538, length 0
16:51:42.317058 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 781:833, ack 7064, win 12410, length 52
16:51:42.317062 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 833, win 538, length 0
16:51:42.317066 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 833:885, ack 7064, win 12410, length 52
16:51:42.317069 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 885, win 538, length 0
16:51:42.317072 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 885:937, ack 7064, win 12410, length 52
16:51:42.317075 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 937, win 538, length 0
16:51:42.317080 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 937:989, ack 7064, win 12410, length 52
16:51:42.317083 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 989, win 538, length 0
16:51:42.317281 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 989:1041, ack 7064, win 12410, length 52
16:51:42.317301 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1041, win 538, length 0
16:51:42.317310 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1041:1093, ack 7064, win 12410, length 52
16:51:42.317314 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1093, win 538, length 0
16:51:42.317318 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1093:1145, ack 7064, win 12410, length 52
16:51:42.317321 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1145, win 538, length 0
16:51:42.317326 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1145:1197, ack 7064, win 12410, length 52
16:51:42.317329 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1197, win 538, length 0
16:51:42.317333 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1197:1249, ack 7064, win 12410, length 52
16:51:42.317336 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1249, win 538, length 0
16:51:42.317551 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1249:1301, ack 7064, win 12410, length 52
16:51:42.317571 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1301, win 538, length 0
16:51:42.317581 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1301:1353, ack 7064, win 12410, length 52
16:51:42.317586 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1353:1405, ack 7064, win 12410, length 52
16:51:42.317589 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1405:1457, ack 7064, win 12410, length 52
16:51:42.317591 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1457:1509, ack 7064, win 12410, length 52
16:51:42.317646 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1509, win 538, length 0
16:51:42.317837 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1509:1561, ack 7064, win 12410, length 52
16:51:42.317855 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1561:1613, ack 7064, win 12410, length 52
16:51:42.317859 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1613:1665, ack 7064, win 12410, length 52
16:51:42.317861 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1665:1717, ack 7064, win 12410, length 52
16:51:42.317864 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1717:1769, ack 7064, win 12410, length 52
16:51:42.317921 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1769, win 538, length 0
16:51:42.351452 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8216.00:1c:0e:ec:68:00.8428, length 42
16:51:42.417211 IP rp45-02a-v234-1.ns.cs.somecompany.com.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=active group=234 addr=rp45-02a-v234.ns.cs.somecompany.com
16:51:42.530343 01:80:c2:00:00:01 (oui Unknown) > Broadcast, ethertype Unknown (0x8874), length 60:
0x0000: e00b 8a21 76d8 2c91 fe02 b000 0000 0000 ...!v.,.........
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
16:51:42.696688 IP rp45-02b-v234.ns.cs.somecompany.com.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=standby group=234 addr=rp45-02a-v234.ns.cs.somecompany.com
16:51:43.144110 IP rp45-02b-v534-1.ns.cs.somecompany.com.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=active group=234 addr=rp45-02b-v534.ns.cs.somecompany.com
16:51:43.303341 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], seq 7064:8524, ack 1769, win 538, length 1460
16:51:43.303348 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], seq 8524:9984, ack 1769, win 538, length 1460
16:51:43.303351 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 9984:11212, ack 1769, win 538, length 1228
16:51:43.303355 IP lab-eCFD1.52084 > dnspac1.ns.cs.somecompany.com.domain: 48865+ PTR? 2.234.203.199.in-addr.arpa. (44)
16:51:43.303546 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], seq 11212:12672, ack 1769, win 538, length 1460
16:51:43.303553 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 12672:13920, ack 1769, win 538, length 1248
16:51:43.304560 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [.], ack 9984, win 12398, length 0
16:51:43.305167 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [.], ack 13920, win 12383, length 0
16:51:43.305685 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1769:1821, ack 13920, win 12383, length 52
16:51:43.305700 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1821, win 538, length 0
16:51:43.305714 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1821:1873, ack 13920, win 12383, length 52
16:51:43.305718 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1873, win 538, length 0
16:51:43.306592 IP dnspac1.ns.cs.somecompany.com.domain > lab-eCFD1.52084: 48865 1/0/0 PTR rp45-02a-v234-1.ns.cs.somecompany.com. (90)
16:51:43.307129 IP lab-eCFD1.44185 > dnspac1.ns.cs.somecompany.com.domain: 46524+ PTR? 1.234.203.199.in-addr.arpa. (44)
16:51:43.310258 IP dnspac1.ns.cs.somecompany.com.domain > lab-eCFD1.44185: 46524 1/0/0 PTR rp45-02a-v234.ns.cs.somecompany.com. (88)
16:51:43.310533 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 13920:14420, ack 1873, win 538, length 500
16:51:43.310797 IP lab-eCFD1.39052 > dnspac1.ns.cs.somecompany.com.domain: 61785+ PTR? 3.234.203.199.in-addr.arpa. (44)
16:51:43.313943 IP dnspac1.ns.cs.somecompany.com.domain > lab-eCFD1.39052: 61785 1/0/0 PTR rp45-02b-v234.ns.cs.somecompany.com. (88)
16:51:43.314227 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [P.], seq 14420:14776, ack 1873, win 538, length 356
16:51:43.315305 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [.], ack 14776, win 12380, length 0
16:51:43.317846 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1873:1925, ack 14776, win 12380, length 52
16:51:43.317878 IP thelab-wkstn.pnw.somecompany.com.51945 > lab-eCFD1.ssh: Flags [P.], seq 1925:1977, ack 14776, win 12380, length 52
16:51:43.317944 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.51945: Flags [.], ack 1977, win 538, length 0
16:51:43.355110 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 80ea.00:1c:0e:ec:68:00.8428, length 42
16:51:43.530307 01:80:c2:00:00:01 (oui Unknown) > Broadcast, ethertype Unknown (0x8874), length 60:
0x0000: e00b 8a21 76d8 2c91 fe02 b000 0000 0000 ...!v.,.........
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
^C
16:51:43.553427 IP6 fe80::fd31:94e6:f317:dac.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:51:43.609181 IP rp45-02a-v534.ns.cs.somecompany.com.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=standby group=234 addr=rp45-02b-v534.ns.cs.somecompany.com
16:51:43.903014 IP rp45-02a-v534.ns.cs.somecompany.com > 224.0.0.1: igmp query v2
16:51:43.903286 IP rp45-02a-v234-1.ns.cs.somecompany.com > 224.0.0.1: igmp query v2
16:51:43.954134 IP thelab-wkstn.pnw.somecompany.com.52096 > lab-eCFD1.ssh: Flags [P.], seq 36:72, ack 1, win 255, length 36
16:51:43.954155 IP lab-eCFD1.ssh > thelab-wkstn.pnw.somecompany.com.52096: Flags [.], ack 72, win 245, length 0
16:51:44.081215 IP a5416005.pnw.somecompany.com > 224.0.0.252: igmp v2 report 224.0.0.252
133 packets captured
202 packets received by filter
0 packets dropped by kernel
5 packets dropped by interface
------------------------------------------------
--> wireshark - must be a gui...
Unable to init server: Could not connect: Connection refused
(wireshark:3543): Gtk-WARNING **: cannot open display: localhost:10.0
------------------------------------------------
dig
Dig (domain information groper) query DNS related information like A Record, CNAME, MX Record etc.
This command mainly use to troubleshoot DNS related query.
# dig www.tecmint.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> www.tecmint.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
--> host -t CNAME the_lab
the_lab.somecompany.com has no CNAME record
------------------------------------------------
Luser@lab-eCFD1 [/home/Luser]
------------------------------------------------
--> host -t CNAME somecompany.com
somecompany.com has no CNAME record
------------------------------------------------
Luser@lab-eCFD1 [/home/Luser]
------------------------------------------------
--> host -t MX somecompany.com
somecompany.com mail is handled by 10 relay.somecompany.com.
------------------------------------------------
ARP (Address Resolution Protocol) is useful to view / add the contents of the kernel’s ARP tables. To see default table use the command as.
------------------------------------------------
--> arp -e
Address HWtype HWaddress Flags Mask Iface
a5287677.pnw.somecompany. ether f0:1f:af:34:7a:26 C enp0s25
lab-ecfd2.somecompany.co ether f8:b1:56:a1:93:f8 C enp0s25
a5537498.pnw.somecompany. ether ec:f4:bb:4f:ab:1b C enp0s25
lab-ecfd4.somecompany.co ether b8:ca:3a:bd:99:0b C enp0s25
199.203.234.133 (incomplete) enp0s25
a5573246.pnw.somecompany. ether ec:f4:bb:6d:48:7f C enp0s25
a5416100.pnw.somecompany. ether f0:1f:af:35:5a:02 C enp0s25
199.203.234.131 (incomplete) enp0s25
a5382921.dhcp.print.boe ether 9c:93:4e:29:26:93 C enp0s25
199.203.234.132 (incomplete) enp0s25
199.203.234.134 (incomplete) enp0s25
rp45-02a-v234.ns.cs.boe ether 00:00:0c:07:ac:ea C enp0s25
199.203.234.128 (incomplete) enp0s25
lab-ecfd3.somecompany.co ether b8:ca:3a:bd:6f:01 C enp0s25
------------------------------------------------
iwconfig command in Linux is use to configure a wireless network interface.
You can see and set the basic Wi-Fi details like SSID channel and encryption. You can refer man page of iwconfig to know more.
# iwconfig [interface]
--> iwconfig
eth0 no wireless extensions.
lo no wireless extensions.
wlan0 IEEE 802.11abgn ESSID:"A_WIRELESS_NETWORK"
Mode:Managed Frequency:2.462 GHz Access Point: 00:23:69:A5:2C:1C
Bit Rate=54 Mb/s Tx-Power=15 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=70/70 Signal level=-35 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:18 Invalid misc:110 Missed beacon:0
--------------------------
| 
