I'm not interested in all the information of ifconfig output, I just want to know the network interface with its respective ip address.
I can get the network interface from ifconfig using the command:
ifconfig |grep " L" | awk '{ print $1}'
eth0
lo
tun0
and the ip address of each interface with the command
ifconfig |grep "inet:" | cut -d: -f2 | awk '{ print $1}'
192.168.0.10
127.0.0.1
10.5.0.13
How can display both data together, network interface and ip addres with just one command or script?
eth0 - 192.168.0.10
lo - 127.0.0.1
tun0 - 10.5.0.13
You can use ip route show instead to get the information you want. Filter with this command for example:
ip r show|grep " src "|cut -d " " -f 3,12
outputs something like:
eth0 192.168.1.114
Related
There are many awk attacks to my server. I have tried to block them , but too much of them .
is there a way to block them one time?
I use this command :
netstat -an|awk -F: '{print $2}'|sort|uniq -c|sort -nr|head
show the result
[root#local ~]# netstat -an|awk -F: '{print $2}'|sort|uniq -c|sort -nr|head
1080 80 107.189.8.33
864 80 185.129.61.5
485 80 23.154.177.11
386 80 183.245.24.27
318 80 185.243.218.32
309 80 185.220.101.2
276 80 61.153.251.150
259 80 59.148.106.164
235 80 185.175.119.113
And after list a ip , I will find the connection ips to 80 port more than 100 ones . and block them .
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="107.189.8.0/24" drop'
Anyway to make a .sh file , to find out the awk ips which more than 200 connections , and add them to the droplist of the firewall?
in this case , need to exclude 127.0.0.1 and our own ips .
hope anyone can help thanks.
I have tried to output the ips with problem using this code .
netstat -an|awk -F: '{print $2}'|sort|uniq -c|sort -nr|head > ccips.txt
after this , I use :
awk '{sub("IP:", "", $3); print $3}' /root/ccips.txt | xargs -n1 -I{} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address={} drop'
this can block all the ips with attack .
I just don't know how to import this to a .sh , which can be do this in one command .
I THINK what you're trying to do is create a file like this of IPs you don't want to block:
$ cat allowedIPs
127.0.0.1
whatever...
and then have a script like this to block all IPs not in that file connecting to port 80 (untested and guessing at what the netstat -an output looks like by reading your code):
$ cat blockIPs
#!/usr/bin/env bash
netstat -an |
awk -F: '
NR == FNR {
allowedIPs[$1]
next
}
{
split($2,portIP," ")
port = portIP[1]
ip = portIP[2]
}
(port == 80) && !(ip in allowedIPs) && !seen[ip]++ {
print ip
}
' allowedIPs - |
xargs -n1 -I{} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address={} drop'
I'm trying to write a script that gathers network information with awk command.
ifconfig enp0s3| grep "inet " | awk '{gsub("addr:","",$2); print $2 }'
this is the command that I ended up getting to get my IP address, yet I have not figured out how can I write it in a script where I can get an output like this:
IP Address : 10.0.2.15
I tried
echo" IP Address:"$ ifconfig enp0s3| grep "inet " | awk '{gsub("addr:","",$2); print $2 }'
but I keep getting errors.
You can use the following awk command to get the IP Address and the MAC Address in a single run. However, the default gateway isn't available via ifconfig:
ifconfig eth0 \
| awk -F'( *|:)' '{printf "IP Address: %s\nMAC Address: %s\n",$16,$7":"$8":"$9":"$10":"$11":"$12}' RS='\n\n'
Output:
IP Address: 10.0.2.15
MAC Address: 00:23:12:f2:56:6d
I need load ip list from file, scan it, and create output format such as ip:port. I tried this:
nmap -iL mylistwithip.txt -p 80,21 -oG -PS 80,21 | awk '/open/{print $2}' >` output.txt
but it gives me only "open" and that's all.
While I need only opened ports from list of IP addresses, for example:
192.168.2.1
192.168.2.2
192.168.2.3
after scan ports, sample output.txt:
192.168.2.1:80
192.168.2.1:21
192.168.2.3:80
(only scanned ip addresses with opened ports)
Try this awk oneliner:
nmap -Pn -oG - 192.168.1.1 | awk '/open/{ s = $2; for (i = 5; i <= NF-4; i++) s = substr($i,1,length($i)-4) "\n"; split(s, a, "/"); print $2 ":" a[1]}'
try one more solution with single awk only.
nmap -vv -iL file | awk -F'[ /]' '/Discovered open port/{print $NF":"$4}'
Quick and ugly hack to achieve that:
nmap -vv -iL mylistwithip.txt | grep "Discovered open port" | awk {'print $6":"$4'} | awk -F/ {'print $1'} > output.txt
With -vv output includes lines like
Discovered open port 22/tcp on 192.168.2.1
Discovered open port 80/tcp on 192.168.2.1
Discovered open port 22/tcp on 192.168.2.107
Discovered open port 80/tcp on 192.168.2.107
First awk selects "ip address" and "port number/protocol" fields, and second cuts off "/protocol".
This will probably break in some future update of nmap. Using -sG (greppable output) would be a better idea.
I have a server who is forwarding connections to a set of other servers.
Here I forward all incomming connections on:
my.tunnel.com:33199 to my.server2.com:52222
And..
my.tunnel.com:33200 to my.server3.com:52222
.. until
my.tunnel.com:XXXXX to my.serverN.com:52222
I'm initiating this by the following command on each server, except the tunnel my.tunnel.com:
ssh -o StrictHostKeyChecking=no -l root -i /etc/ssh/id_rsa -R *:33199:127.0.0.1:22 -p 443 my.tunnel.com 0 33199
...
ssh -o StrictHostKeyChecking=no -l root -i /etc/ssh/id_rsa -R *:XXXXX:127.0.0.1:22 -p 443 my.tunnel.com 0 XXXXX
Well, this works fine!
But!
At the point of the launching of each of these commands I'd like to check on my.tunnel.com that my.server2.com wants my.tunnel.com to forward exactly from port 33199, but not another port! So at this point I'd like to get this port number.
Please let me know if the problem is still not enough clearly exposed.
Thanks!
To get the forwarded port
There is no such information in the environmental variables, so you must pass it yourself:
ssh -R 33199:127.0.0.1:22 my.tunnel.com "export MY_FWD_PORT=33199; my_command"
(my_command is the script you want to run on the server). More information about passing variables - https://superuser.com/q/163167/93604
To get the source port
Look at the environment variable SSH_CONNECTION in man ssh(1). Its meaning is:
source_ip source_port dest_ip dest_port
You probably want source_port, so just get the second part of it:
echo $SSH_CONNECTION | awk '{ print $2 }'
or
echo $SSH_CONNECTION | cut -d" " -f 2
I am attempting to create a proof of concept bash script to scan the network using ngrep, find appropriate cookies and then place them into a variable.
cook=`ngrep -s 1000 -l -q -d eth1 "Cookie:" tcp and port 80 |
grep -m 1 -Po '(?<=user=)[^;]+'`
cook2=`ngrep -s 1000 -l -q -d eth1 "Cookie:" tcp and port 80 |
grep -m 1 -Po '(?<=ab=)[^;]+'`
How can I store cookie & cookie2 from the ONE packet instead of having to ngrep twice?
Assuming the string is in this form
Cookie: foo=111; bar=222; baz=333
you can source the string, as it is valid Bash code. Example
ngrep -s 1000 -l -q -d eth1 'Cookie:' tcp and port 80 | cut -d: -f2- > v.sh
. v.sh
rm v.sh
cook="$user"
cook2="$ab"