Linux Kernel Magic SysRq keys
1. lsmod 2. insmod
As you can see, many more steps are required to create the file. In this example you can see the process required however. It is
unlikely in the extreme that the ttyS0 file would not be provided by the MAKEDEV script, but it suffices to illustrate the point.
$mknod /opt/champu b 3 10
$mount /opt/champu /home
1. lsmod 2. insmod 3. rmmod 4. modprobe 5. modinfo 6. depmod
lsmod is a command on Linux systems which prints the contents of the /proc/modules file. It shows which loadable kernel modules are currently loaded.
Abridged example output:
# lsmod
Module Size Used by af_packet 27392 2
8139too 30592 0 snd_cs46xx 96872 3 snd_pcm_oss 55808 1
snd_mixer_oss 21760 2 snd_pcm_oss
ip6table_filter 7424 1
ip6_tables 19728 1 ip6table_filter
ipv6 290404 22
xfs 568384 4
lsmod
First column is Module name and second column is size of modules i..e
the output format is module name, size, use count, list of referring
modules.
modprobe is a Linux program originally written by Rusty Russell used to add a loadable kernel module (LKM) to the Linux kernel or
remove an LKM from the kernel. It is commonly used indirectly as udev relies upon modprobe to load drivers for automatically detect
-ed hardware.
Networking
Tools
$ifconfig
$neat-tui
$/etc/sysconfig/network-scripts/ifcfg-eth0
$netconfig
$ethtool
$ip r l
$telnet
$nmap
$netstat
$ping
$route
$traceroute
$tcpdump – n/w traffic tool
$iptraf - Monitor n/w traffic.curses-based tool - Self-explana-tory
$etheral - Network Analyzers which does data capture and filter-ing
$tethral - Captures and displays only the high level protocols
b.sadhiq
$ ifconfig --> Status of all interfaces
eth0 Link encap:Ethernet HWaddr 00:50:FC:2A:2C:48 inet addr:192.0.34.7 Bcast:192.0.34.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:240 (240.0 b) Interrupt:11 Base address:0xf000
eth1 Link encap:Ethernet HWaddr 00:60:CC:AA:2C:9C inet addr:192.168.0.20 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:240 (240.0 b) Interrupt:11 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1407 errors:0 dropped:0 overruns:0 frame:0 TX packets:1407 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0
eth0 Link encap:Ethernet HWaddr 00:50:FC:2A:2C:48 inet addr:192.0.34.7 Bcast:192.0.34.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:240 (240.0 b) Interrupt:11 Base address:0xf000
$ ifconfig eth0 IP --> Set eth0 to IP
$ ifconfig eth0 IP:x --> Set eth0 to multiplexed IP
$ ifconfig eth0 down --> Bring eth0 down
$ ifdown eth0 --> ditto
$ ifconfig eth0 up --> Bring eth0 up
$ ifup eth0 --> ditto
$ ifconfig eth0 -arp --> Disable use of arp protocol on this in-terface
$ ifconfig eth0 -allmulti
Enable or disable all-multicast mode. If selected, all multi-cast packets on the network will be received by the interface.
$ ifconfig eth0 -promisc
Turn off promiscuous mode of the interface eth0. If on, tells the interface to send all traffic on the NW to the kernel, not just traffic addressed to the m/c Check with ifconfig or netstat -i
$ ifconfig eth0 hw ether CC:CC:CC:CC:CC:CC
Changes the MAC address. Do a 'ifconfig eth0 down' first,change, then 'ifconfig eth0 up'. MAC addr is changed.
b.sadhiq
$ ifconfig eth0 172.16.1.77 broadcast 172.16.1.255 netmask 255.255.0.0
Changes IP/BC/netmask all in one go!
$ ifconfig eth0 mtu 800 Change mtu to 800
ethtool - Display or change ethernet card settings
$ ethtool ethX
$ ethtool -h
$ ethtool -a ethX
$ ethtool -A ethX [autoneg on|off] [rx on|off] [tx on|off]
$ ethtool -c ethX
$ ethtool -C ethX [adaptive-rx on|off] [adaptive-tx on|off] [rx-usecs N] [rx-frames N] [rx-[rx-usecs-irq N] [rx-frames-irq N]
[tx-usecs N] [tx-frames N] [tx-usecs-irq N] [tx-frames-irq N]
[stats-block-usecs N] [pkt-rate-low N] [rx-usecs-low N] [rx-frames-low N] [tx-usecs-[rx-frames-low N] [tx-frames-[rx-frames-low N] [pkt-rate-high N]
[rx-usecs-high N] [rx-frames-high N] [tx-usecs-high N]
[tx-frames-high N] [sample-interval N]
$ ethtool -g ethX
$ ethtool -G ethX [rx N] [rx-mini N] [rx-jumbo N] [tx N]
$ ethtool -i ethX
$ ethtool -d ethX
$ ethtool -p ethX [N]
$ ethtool -r ethX
$ ethtool -S ethX
$ ethtool -t ethX [offline|online]
$ man ethtool
ping - TCP/IP Diagnostic Tool
Send ICMP ECHO_REQUEST to network hosts
There are two types of ping -
The std Unix ping which sends a ICMP ECHO REQUEST and receives a ICMP ECHO REPLY frim the remote host if it is UP and running
The other is to send a UDP or TCP pkt to port 7 [echo] of the re-mote host and see that whatever you type is echoed back. The host is UP.
$ telnet remote-host echo or 7
and whatever you type will be echoed back to you. system is alive !
$ ping -c -a -n IP/Hostname [Count/AudiblePing/No Name Resolution]
ping send a packet of 64 bytes by def. The size if 56 ICMP data bytes + 8 bytes for the header data.
$ ping -s 1600 203.12.10.20
b.sadhiq
Send a larger pkt size than the MTU of Ethernet [1500], you can force fragmentation. You can then identify low-level media issue or a congested NW. Since ping works at the IP layer, no server process [HTTP/DNS] is reqd to be running on the target host. Just a running kernel.
Check the ICMP seq no to see that no pkts are dropped and are in sequence.
Run
$ traceroute --> to get the path the pkt is taking and then track down the
offending mid-way routers by pinging each in succession.
$ route ['add'/'del'] [-net|-host] 'addr' {gw 'IP'} {netmask 'mask'}
'interface' Default route:
/etc/sysconfig/network GATEWAY=IP
or
route add default gw gateway-IP-addr
Routing determines path a pkt takes from its source thru a maze of NWs to dest.
Like asking for directions in an unfamiliar place. A person may point you tothe right city, another to a street, another to the right bldg.
Routing is done at the IP layer.
When a pkt bound for some other host arrives, the path is found by matching the dest IP addr against the Kernel Routing Table [KRT].
If it matches a route in the KRT, the pkt is fwd'ed to the 'next-hop gateway' IP addr associated with the route.
Two special cases are possible here:
Case I: pkt may be destined for some host on a directly connected NW. In this case the 'next-hop gateway' IP addr in the KRT will be one of the localhosts own interfaces and the pkt is sent directly
ror. Most NWs have only one way out and that is the default route.
On the Internet backbone, the routers do not have default routes.
The buck stops here. If they do not have a routing entry for a dest, the dest cannot be reached and a "network unreachable" ICMP error is sent to the sender
The KRT contains info like "To get to NW X from m/c Y, send pkt to m/c Z with a cost of 1 [metric], alongwith TTL and reliability val-ues for that route.
Routing Policy:
• Static routes : For small unconnected NWs
• Dynamic routes : Many subnets, large NWs, connected to the In-ternet
• Static/Dyn :
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.0.34.0 0.0.0.0. 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0. 255.255.255.0 U 0 0 0 eth1
127.0.0.1 0.0.0.0 255.255.255.0 U 0 0 0 lo
0.0.0.0. 192.0.34.1 0.0.0.0 UG 0 0 0 eth0
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
1. 132.236.227.0 132.236.227.93 255.255.255.0 U 0 0 0 eth0
b.sadhiq
2. 132.236.212.0 132.236.212.1 255.255.255.192 U 0 0 0 eth1
3. 127.0.0.1 0.0.0.0 255.255.255.0 U 0 0 0 lo
4. default 132.236.227.1 0.0.0.0 UG 0 0 0 eth0
5. 132.236.220.64 132.236.212.6 255.255.255.192 UG 0 0 0 eth1
Routes 1 and 2 were added by ifconfig when the eth0 and eth1 inter-faces were configured at bootup
This means to reach machine 132.236.227.93 on the NW 132.236.227.0 the GW is machine 132.236.227.93 - the machine itself is its GW which implies it can be reached directly on this NW and one has to go to no other m/c to consult.
Ditto for the next one.
Route 3 is the loopback interface, a pseudo-device that prevents pkts sent from the host to itself from going out on the NW; in-stead, they are transferred directly route add default gw
132.236.227.1 eth0
Route 4 is the default route.
It says :
Pkts not explicitly addressed to any of the 3 NWs listed [or to the m/c itself] will be sent to the default GW host,
132.236.227.1 Route 5 says :
To reach NW 132.236.220.64/26, pkts must be sent GW host 132.236.212.6 thru eth1.
netstat - Monitoring your TCP/IP NW
Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
$ netstat -l :
Show only inactive or listening connections, not establised
$ netstat -p :
Show the PID and name of the program to which each socket belongs
$ netstat -o :
Include information related to networking timers
$ netstat -r :
Show the kernel routing table
$ netstat –vatnp | grep <servicename>
$ netstat –tulnp | grep <servicename>
State : TCP/IP connection [socket] state ESTABLISHED
The socket has an established connection.
SYN_SENT
The socket is actively attempting to establish a connec-tion to the remote host
Debug Note :
If you find a connection that stays in this state, then a local process is trying very hard to contact a non-existent or inaccessible NW server.