:::::Linux Commands (Debian)/CLI Tools (SSH client – Putty/port 222/root user login)::::
#ifconfig (all active network interfaces and some interface statistics)(add or change IP addresses)
#clear (to clear the screen)
#ping 192.168.1.1
#traceroute 192.168.1.1
#reboot
#ethtool ethA (for example to change the MTU size on the fly for testing purposes)
#setup (to change the default interface or changing the interface IPs etc)
#tcpdump -nqi ethA port 80 (will list all the packets ariving at ethA interface for port 80)
(you can listen-in on any interface to see if the traffic is going to and fro)
#tcpdump -nqi ethA -s 0 -w /root/dump.pcap (to capture the traffic for analysing it in wireshark)(use WinSCP to browse files)
(-s switch sets no limitation on the size of the packet recorded)
(-w shows the file where the information is saved)
(use WinSCP to browse the file in the under the root directory on smoothwall system)
:Transfer file to and from the UTM system:
WinSCP tool
http://winscp.net/eng/download.php
UTM has builtin SCP tool
#scp -P 222 /root/dump.pcap root@smoothwall.ip.address:/root/
#tail -f /var/log/messages-2014-12-24 (shows the last 10 enteries in the system logs and replaces when new lines are added to it)
(sort of real time logs viewer for last 10 lines)
#grep monitor /var/log/messages-2014-12-24 (seraches for all the occurances of a specific string)
#cat /var/log/messages-2014-12-24 (to list the contents of the whole file)
#cat /var/log/messages-2014-12-24 | grep monitor > /root/monitor.txt (to list the contents of the whole file with monitor string)
#cat /var/log/messages-2014-12-24 | grep monitor | wc -l (tells the number of occurences of monitor string)
#less /var/log/messages-2014-12-24 (to list the contents of the whole file)
#top (resource usage and running processes)
(uptime and the load average)
(CPU usage: us for users, sy for system and ni for nice processes)(id is idle time, wa is wait state)
(if the wa is high that means the smoothwall is busy with extensive logs or reports)
#htop (resource usage and running processes)(same as top but better layout)
#vmstat (summary information for system load and usage, but does not show individual processes)
#ps aux (display all processes running on the UTM system)(to search for specific processes or list them all)
#ps aux | grep auth (all the processes that have auth in them)
#ps auxf | sort -nr -k 4 | head -10 (shows the top 10 memory consuming processes)
#cat /proc/cpuinfo (lot of information about the system and the hardware associated)
#cat /proc/meminfo (information on meemory and memory usage)
#cat /proc/mounts (various file systems and where they are mounted and which options have been used)
:to see many services running:
#/etc/actions/secondboot
:to disable ‘navld’ process/L7 depp packet inspection process(as after update 73 the process CPU usage shows high):
#cd /etc/actions/secondboot
#chmod -x 0095navld
:to restart the central monitor service i.e. nagios that shows up on the dashboard:
#/etc/actions/secondboot/nagios
:to see the system logs on CLI for a particular date:
#less /var/log/messages-2014-05-24
:to see the Email and web filter logs on CLI for a particular date:
#less /var/log/woodshed-2014-05-24
:::MS-DOS commands::::
c:/>ipconfig
c:/>tracert
c:/>ping
Network and CyberSecurity Professional 