Unix command line

saki1434
unixcommands.docx

Please research the following unix commands - and then provide summary explaining how the command can be used by a security analyst.

watch ss -tp

Network connections

netstat -ant

Tcp connections -anu=udp

netstat -tulpn

Connections with PIDs

lsof -i

Established connections

smb:// ip /share

Access windows smb share

share user x.x.x.x c$

Mount Windows share

smbclient -0 user\\\\ ip \\ share

Sl1B connect

ifconfig eth# ip I cidr

Set IP and netmask

ifconfig ethO:l ip I cidr

Set virtual interface

route add default gw gw lp

Set GW

ifconfig eth# mtu [size]

Change MTU size

export l1AC=xx: XX: XX: XX: XX: XX

Change MAC

ifconfig int hw ether t~AC

Change MAC

macchanger -m l1AC int

Backtrack MAC changer

iwlist int scan

Built-in wifi scanner

dig -x ip

Domain lookup for IP

host ip

Domain lookup for IP

host -t SRV service tcp.url.com

Domain SRV lookup

dig @ ip domain -t AXrR

DNS Zone Xfer

host -1 domain namesvr

DNS Zone Xfer

ip xfrm state list

Print existing VPN kejs

ip addr add ip I cidr aev ethO

Adds 'hidden' interface

/var/log/messages I grep DHCP

List DHCP assignments

tcpkill host ip and port port

Block ip:port

echo "1" /proc/sys/net/ipv4/ip forward

Turn on IP Forwarding

echo ''nameserver x.x.x.x'' /etc7resolv.conf

Add DNS Server

nbtstat -A <ip>

Get hostname for <ip>

id

Current username

w

Logged on users

who -a

User information

last -a

Last users logged on

ps -ef

Process listing (top)

df -h

Disk usage (free)

uname -a

Kernel version/CPU info

mount

t1ounted file Sjstems

getent passwd

Show list of users

PATH~$PATH:/home/mypath

Add to PATH variable

kill pid

Kills process with pid

cat /etc/issue

Show OS info

cat /etc/'release'

Show OS version info

cat /proc/version

Show kernel info

rpm --querJ -all

Installed pkgs (Redhat)

rpm -ivh ) .rpm

Install RPM (-e~remove)

dpkg -get-selections

Installed pkgs (Obuntu)

dpkg -I '.deb

Install DEB (-r~remove)

pkginfo

Installed pkgs (Solaris)

which tscsh/csh/ksh/bash

Show location of executable

chmod -so tcsh/csh/ksh

Disable shell , force bash