Linux - eekbot/public GitHub Wiki
# worked on Ubuntu 20
netadmin@az700-vm01:~$ sudo apt install apache2
# verifies installation
netadmin@az700-vm01:~$ apt -qq list apache2
apache2/focal-updates,focal-security,now 2.4.41-4ubuntu3.15 amd64 [installed]
# opens fw for http only:
netadmin@az700-vm01:~$ sudo ufw allow Apache
Rules updated
Rules updated (v6)
# opens fw for https only:
netadmin@az700-vm01:~$ sudo ufw allow 'Apache Secure'
Rules updated
Rules updated (v6)
# opens fw for both http and https:
netadmin@az700-vm01:~$ sudo ufw allow 'Apache Full'
Rules updated
Rules updated (v6)
# Verifies process status:
netadmin@az700-vm01:~$ systemctl status apache2
# Automatically starts httpd service on boot:
netadmin@az700-vm01:~$ sudo systemctl enable apache2
Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apache2
nmap -sV --script ssl-enum-ciphers -p 443 <host>
nmap -sV --script ssh2-enum-algos -p 22 <host>
The following tcpdump command contains pretty much all of the options that I've ever needed for a capture:
tcpdump -nni INT_1.1.1.0_24:nnn -xs0 -w /var/tmp/capture01.pcap -C 25 -W 6 \(host 129.105.68.187 and port 80\) and \(host 129.105.238.9 or host 129.105.238.10 \)
To obtain the interface name, I like going to the GUI, under Network < VLANs > VLAN List
The -nni switches forces the F5 to capture traffic on the INT_1.1.1.0_24 interface
You can use <0.0> for the interface to capture all interfaces, but this is generally not desired because there will be too much information being captured.
the :nnn and -x were options that F5 asked for before, but I tend to omit those
The -s0 prevents the captured packets from being truncated
The lowercase -w switch will write the capture to a file called capture01.pcap in the /var/tmp directory
The -C and -W (both in caps) switches make it so that the captures will be 25 mb in size and it will rotate out 6 files.
I'll assume the host & port portions are intuitive, but note that if you want to combine those option and need a parentheses, there's a backslash in front of the parentheses to escape that character.
To end the capture, use <ctrl + c>
telnet 10.68.32.140 80
GET /heartbeat HTTP/1.1
host: test.blah.com
and hit return twice
$ telnet 10.14.33.32 80
Trying 10.14.33.32...
Connected to 10.14.33.32.
Escape character is '^]'.
GET /heartbeat HTTP/1.1
host: server.blah.com
HTTP/1.1 404 Not Found
Date: Tue, 21 Jan 2014 23:18:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 255
Via: 1.1 server.int.blah.com
Connection: close
<html><head><title>WebSphere Message Brokers error report</title></head>
<body><h1>HTTP Status 404 - Resource Not Found</h1>
URI /URI/heartBeat does not map to any message flow in broker MBQA01<p>
<h3>WebSphere Message Broker 8001</h3>M/body></html>
Connection closed by foreign host.
[user@device]
/home/user