Can I specify more than 1 dst ip address for tcpdump?
If not, how shall I filter the information nicely if I only want the traffic for two specific destinations?
Thank you very much!
Yes, you could have a filter with multiple "dst host XXX.XXX.XXX.XXX" clauses connected by "or", such as "dst host 192.9.200.1 or dst host 192.9.200.2".
Yes you can add multiple source or destination ip addresses for tcpdump as a filter to your capture.
Use "dst host XXXXXX or dst host XXXXX or dst host XXXX" as a filter after your tcpdump command.
you can find several other filters with example on:
http://rationallyparanoid.com/articles/tcpdump.html
Related
I am using a service for smtp relay and they give me a smtp server url (mail.theirdomain).. I wanted to ask if there is any way of "masking" this for example with some dns records to make the mail.theirdomain, mail.mydomain?
Sure, you can do a DNS lookup of mail.theirdomain.com and see what IP address this hostname points to (e.g. x.x.x.x). Then, you can create a hostname mail.mydomain.com, and point this hostname to the same IP address (x.x.x.x).
But, if you do a reverse DNS lookup (i.e. PTR lookup) of x.x.x.x, it will likely point to mail.theirdomain.com (not mail.mydomain.com), and you can't change this, because you do not have control of x.x.x.x.
Also, if you open an SMTP connection to mail.mydomain.com, it will likely show mail.theirdomain.com in the SMTP banner that the server responds with after a client connects - and this is not something that you can change either.
I'm trying to scan list of IP addresses using below command
nmap -v -n -sP -iL <IP-list-file.txt>
here I'm looking retry option with nmap command for the failed probe retransmission. Above command will do a single ICMP probe for each IP/hosts. Even I tried with --max-retries no result. So I'm looking a similiar option like { ping -c<2> IP > along with this nmap.
Even tried "-A -T5" no result
Note:- My purpose is to check only whether the host/IP is alive or dead that's it. Preferably nmap utility.
Nmap uses a lot of different methods for host discovery. The options that you used will do one of two things depending on whether you have root privileges:
If you do run Nmap as root, it will send four probes: ICMP Echo Request, TCP SYN to port 443, TCP ACK to port 80, and ICMP Timestamp Request. Only if all four fail to get a response will it mark the target as down.
If you do not run Nmap as root, it will attempt to make a TCP connection to port 80 and port 443. If both of these time out, it will mark the target as down.
So this method is already more robust than simply using /bin/ping. Nmap also retries probes a certain number of times depending on how reliable the network seems. For host discovery, this starts out at 2 retransmits per probe. There doesn't really seem to be a way to increase this without Nmap detecting network problems, so the best way to increase confidence in a "down" determination is to add more host discovery probes using the various -P* options.
The -A and -T5 options will not help at all. -A turns on extra features, none of which will run if the target is considered down, and -T5 simply tells Nmap to assume a very fast and reliable network. It will never retransmit more than 2 times, and will time out probes very quickly. This is almost certainly the opposite of what you want.
I have a situation, where I have a computer with multiple IP's, the computers primary IP will never change, but all the secondary IP's will.
I connect to a remote MYSQL computer and I have access granted based on my IP address. Sometimes, my PC likes to select one of the secondary IP's.
I looked in to the "Set As Source" flag and tested that solution, but what happens is, that I can't select those extra IP's for outbound communication.
Dim IPS As IPAddress() = Dns.GetHostAddresses(Dns.GetHostName())
Any IP with the "set as source" = false - won't be returned with the above code.
So how would I get around this dilemma? I can't seem to find a solution, with socket progamming I can bind any IP I want, but I don't see a way to do this with a mySQL connection.
Anyway, I was able to accomplish this by adding a second NIC on the Server and putting the single IP on 1 NIC and all the other IP's on the second NIC. Then putting in a route that forces the traffic through the Primary NIC interface to MySQL.
Without two NICS, you can't select which IP it uses, But with two you can assign the routes to either NIC (Interface).
Does anyone know how to turn off DNS lookup on an AWS RDS server, MySQL? Keep getting the same error, and its giving me 504 errors.
2014-07-31 12:39:44 14174 [Warning] IP address '222.127.85.158' could not be resolved: Name or service not known
Regards,
Bob
You can turn it off in your my.cnf file.
See this post: https://www.percona.com/blog/2008/05/31/dns-achilles-heel-mysql-installation/
I don't think you can. It's better to use hostnames in the long run anyways. Can't think of many reasons why you'd only want to use IP.
While you should be able to access your RDS instance via its IP, you shouldn't do it.
Amazon does not guarantee that the IP will always be the same.
Amazon's failover (multi AZ) switches the IP address behind the DNS entry. So can't use the IP address with a failover setup
When I check ifconfig -a command on Solaris 10, I get a list of interfaces configured.
However my requirement is, I need the interface name on which my system address is configured.
Ex. my IP is 1.2.3.4 How can I check if on which interface this Ip is configred.
Also I dont have an Ip address of system. I just need to find interface on which system Ip is configured.
Thanks in avance
One way to go about this is to examine your /etc/hostname.interface files. One of these will contain the hostname. You may only have one, but if you are using IPMP you'll have others and if you're on multiple networks you'll have more.
Example of a solaris 10 host with an IPMP pair for the front-end and an IPMP pair for the back-end:
#ls -C1 /etc/hostname.*
/etc/hostname.e1000g0
/etc/hostname.e1000g1
/etc/hostname.e1000g2
/etc/hostname.e1000g3
#cat /etc/hostname.*
myhostname netmask + broadcast + group ipmp_fe up
group ipmp_fe up
myhostname-nfs netmask + broadcast + group ipmp_be up
group ipmp_be up
Each interface with an IP address will have a hostname in the corresponding /etc/hostname.interface file which corresponds to an entry in /etc/hosts. A simple shell script can parse this out for you. In the example above, this host is using IPMP so you have 2 extra files which do not contain the hostname.
There are other ways to configure solaris networking but the above is how it's been done for a long time and likely how it's done on your system.