How to use tcpdump Command With Examples on Linux CentOS 5/CentOS 6/RHEL 5/RHEL 6

Tcpdump is a tool to dump the traffic on a network. It’s a packet sniffer that able to capture traffic that passes through a machine. It operates on a packet level, meaning that it captures the actual packets that fly in and out of your computer. If your linux server haven’t installed with tcpdump package, you can refer to the previous post on the quick step to install tcpdump. This tcpdump command with examples steps has been tested on Linux CentOS 5/CentOS 6/CentOS 7/RHEL 5/RHEL 6 / RHEL 7.

tcpdump Command With Examples

How to use Tcpdump Command with Examples on Linux

There are a few tcpdump command with examples that i will share with you. -w option will writes the packets into .pcap file. The extension should be always .pcap as it can be read by any network protocol analyzer.

1. To see any available network interface that can be monitor using option -D :

# tcpdump -D
1.eth0
2.usbmon1 (USB bus number 1)
3.usbmon2 (USB bus number 2)
4.any (Pseudo-device that captures on all interfaces)
5.lo

2. View the incoming packets on port 80 in real-time for apache web server, then save it to port80-apache1.pcap. By using this command, you can analyze where packets were coming from or being sent to :

# tcpdump -w port80-apache1.pcap -i eth0 tcp port 80

3. Execute tcpdump command without any additional option, it will capture all the packets flowing through all the interfaces. Just run -i option with tcpdump command as below :

# tcpdump -w filename.pcap -i eth0

4. Capture only N number of packets. This can be done using tcpdump -c command. This example will only capture 3 packet :

# tcpdump -c 3 -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
21:22:18.777243 IP centos62.ehowstuff.local.ssh > 192.168.1.52.pq-lic-mgmt: Flags [.], ack 4148066988, win 17688, options [nop,nop,TS val 790832 ecr 135264], length 0
21:22:18.783396 IP centos62.ehowstuff.local.ssh > 192.168.1.52.pq-lic-mgmt: Flags [P.], seq 0:196, ack 1, win 17688, options [nop,nop,TS val 790838 ecr 135264], length 196
21:22:18.785458 ARP, Request who-has 192.168.1.1 tell centos62.ehowstuff.local, length 28
3 packets captured
15 packets received by filter
0 packets dropped by kernel

5. Read the packets using tcpdump -r for the saved file as per example below :

Capture 3 packet and save it to test.pcap

# tcpdump -w test.pcap -c 3 -i eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
3 packets captured
3 packets received by filter
0 packets dropped by kernel

Try to read test.pcap using tcpdump -r command :

# tcpdump -r test.pcap
reading from file test.pcap, link-type EN10MB (Ethernet)
21:24:51.199237 IP centos62.ehowstuff.local.ssh > 192.168.1.52.pq-lic-mgmt: Flags [P.], seq 693745553:693745685, ack 4148082568, win 17688, options [nop,nop,TS val 943254 ecr 136793], length 132
21:24:51.201339 IP 192.168.1.52.pq-lic-mgmt > centos62.ehowstuff.local.ssh: Flags [P.], seq 1:53, ack 132, win 17232, options [nop,nop,TS val 136793 ecr 943254], length 52
21:24:51.241386 IP centos62.ehowstuff.local.ssh > 192.168.1.52.pq-lic-mgmt: Flags [.], ack 53, win 17688, options [nop,nop,TS val 943296 ecr 136793], length 0

6. tcpdump allows you to define port range as bellow for capturing packets based on a range of tcp port. Examples below will capture the packet from port 21 until 80.

# tcpdump tcp portrange 21-80

I hope this article gives you some ideas and essential guidance on how to use tcpdump Command with Examples on Linux CentOS 5/CentOS 6/CentOS 7/RHEL 5/RHEL 6 / RHEL 7

 

How to Grep Multiples Lines and using Specific Keyword on Linux

grep is a command line text search utility originally written for Unix or linux. In linux you can grep multiple lines before or after matching the keywords. This examples has been tested on linux CentOS 6.2, but it may workings on other linux version such as Redhat Enterprise Linux 5 (RHEL5) or (RHEL6).

Get grep command help :

[root@centos62 ~]# grep --help

Example :

Context control:
  -B, --before-context=NUM  print NUM lines of leading context
  -A, --after-context=NUM   print NUM lines of trailing context
  -C, --context=NUM         print NUM lines of output context
  -NUM                      same as --context=NUM

Assumed that you have exported all log for 29 March 2012 from /var/log/messages into 29032012.txt as below :

[root@centos62 ~]# more /var/log/messages | grep "Mar 29" > 29032012.txt

1. How to Grep Multiples Lines

Please grep “cubic” with -B1 and -A4 :

[root@centos62 ~]# grep -B1 -A4 "cubic" 29032012.txt

The output will return like this :

Mar 29 21:04:16 centos62 kernel: usbhid: v2.6:USB HID core driver
Mar 29 21:04:16 centos62 kernel: TCP cubic registered
Mar 29 21:04:16 centos62 kernel: Initializing XFRM netlink socket
Mar 29 21:04:16 centos62 kernel: NET: Registered protocol family 17
Mar 29 21:04:16 centos62 kernel: Using IPI No-Shortcut mode
Mar 29 21:04:16 centos62 kernel: registered taskstats version 1

2. How to Grep using Specific Keyword :
Grep only keyword “BIOS-e820” from 29032012.txt file as below :

[root@centos62 ~]# more 29032012.txt | grep "BIOS-e820"

The output will return like this :

Mar 29 21:04:16 centos62 kernel: BIOS-e820: 0000000000000000 - 000000000009f800 (usable)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000000ca000 - 00000000000cc000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000000dc000 - 00000000000e0000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000000e4000 - 0000000000100000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 0000000000100000 - 000000003fef0000 (usable)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 000000003fef0000 - 000000003feff000 (ACPI data)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 000000003feff000 - 000000003ff00000 (ACPI NVS)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 000000003ff00000 - 0000000040000000 (usable)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000fffe0000 - 0000000100000000 (reserved)

How to Install tcpdump on CentOS 5/CentOS 6/RHEL 5/RHEL 6

Tcpdump is a packet sniffer that able to capture traffic that passes through a machine. It operates on a packet level, meaning that it captures the actual packets that fly in and out of your computer. It can save the packets into a file. In this post, i will show how to install tcpdump on CentOS 5/CentOS 6/ CentOS 7/RHEL 5/RHEL 6/ RHEL 7 server. You can proceed to read the example usage of tcpdump in this article.

Install tcpdump on CentOS

How to Install tcpdump on CentOS / RHEL

1. Run any tcpdump command to check whether tcpdump installed or not :

[root@centos62 ~]# tcpdump -D
-bash: tcpdump: command not found

2. To install tcpdump, simply run the following command :

[root@centos62 ~]# yum install tcpdump -y

3. Show available interface that can be monitor :

# tcpdump -D
1.eth0
2.usbmon1 (USB bus number 1)
3.usbmon2 (USB bus number 2)
4.any (Pseudo-device that captures on all interfaces)
5.lo

4. Check tcpdump version in CentOS 6.7

# tcpdump --version
tcpdump version 4.1-PRE-CVS_2015_07_23
libpcap version 1.4.0
Usage: tcpdump [-aAdDefhIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
                [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
                [ -i interface ] [ -j tstamptype ] [ -M secret ]
                [ -P in|out|inout ]
                [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
                [ -W filecount ] [ -y datalinktype ] [ -z command ]
                [ -Z user ] [ expression ]

5. Check tcpdump version in CentOS 7.1

# tcpdump --version
tcpdump: invalid option -- '-'
tcpdump version 4.5.1
libpcap version 1.5.3
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
                [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
                [ -i interface ] [ -j tstamptype ] [ -M secret ]
                [ -P in|out|inout ]
                [ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]
                [ -W filecount ] [ -y datalinktype ] [ -z command ]
                [ -Z user ] [ expression ]

I hope this article gives you some ideas and essential guidance on how to install tcpdump on CentOS 5/CentOS 6/ CentOS 7/RHEL 5/RHEL 6/ RHEL 7.

 

How to Install and Configure yum-priorities on RHEL 6/CentOS 6

In this post, i will show on how to install and configure yum-priorities on CentOS 6 or RHEL 6 Linux server. Theoretically, the repositories with the lowest numerical priority number have the highest priority. This is one of the method to prevents mistakes such as accidentally running yum upgrade with everything. This steps has been tested on CentOS 6.2, but it may working on CentOS 6.0, CentOS 6.1 and RHEL 6 server.

1. To Install the yum-priorities, simply run this command :

[root@centos62 ~]# yum install yum-priorities -y

Example :

[root@centos62 ~]# yum install yum-priorities -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.ipserverone.com
 * epel: ftp.jaist.ac.jp
 * extras: centos.ipserverone.com
 * remi: iut-info.univ-reims.fr
 * remi-test: iut-info.univ-reims.fr
 * rpmforge: ftp-stud.fht-esslingen.de
 * updates: centos.ipserverone.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-priorities.noarch 0:1.1.30-10.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                          Arch              Version                   Repository       Size
====================================================================================================
Installing:
 yum-plugin-priorities            noarch            1.1.30-10.el6             base             22 k

Transaction Summary
====================================================================================================
Install       1 Package(s)

Total download size: 22 k
Installed size: 28 k
Downloading Packages:
yum-plugin-priorities-1.1.30-10.el6.noarch.rpm                               |  22 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : yum-plugin-priorities-1.1.30-10.el6.noarch                                       1/1

Installed:
  yum-plugin-priorities.noarch 0:1.1.30-10.el6

Complete!

2. After the plugin is installed, make sure that it is enabled on /etc/yum/pluginconf.d/priorities.conf file.

[root@centos62 ~]# more /etc/yum/pluginconf.d/priorities.conf
[main]
enabled = 1

If “enabled” value = 0, you can enable it using vi editor and set it to 1.

3. With the plugin enabled, you may add priorities to the target repositories by adding the following line :

priority=N

Where N is an integer from 1 to 99. The lower the number the more important it is, so CentOS-Base.repo must always the lowest.

[root@centos62 ~]# vi /etc/yum.repos.d/CentOS-Base.repo

Add this line on base repo :

priority = 1

Example :

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
priority = 1

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
-- INSERT --

4. As an example, another 3rd party repository is Remi. Follow this steps to Add the Remi Repository on CentOS 6/RHEL 6 Linux Server :
Open the Remi configuration file and insert “priority = 5” after “enabled = 1” in the [remi] section :

[root@centos62 ~]# vi /etc/yum.repos.d/remi.repo

Example :

[remi]
name=Les RPM de remi pour Enterprise Linux $releasever - $basearch
#baseurl=http://rpms.famillecollet.com/enterprise/$releasever/remi/$basearch/
mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/remi/mirror
enabled=1
priority = 5
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
failovermethod=priority

[remi-test]
name=Les RPM de remi en test pour Enterprise Linux $releasever - $basearch
#baseurl=http://rpms.famillecollet.com/enterprise/$releasever/test/$basearch/
mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/test/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

How to Create and Extract a gzip Compressed Archive File on Linux

Archiving and compressing files are useful when creating backups and transferring data across a network. One of the oldest and most common commands for creating and working with the backup archives is tar command. tar originally stood for tape archiver. With tar, we cab gather large sets of the files into a single file(archive). We can indicate that the archive should be compressed using gzip or bzip2 compression.

To use tar command, one of the three following options is required.
c = create and archive
x = extract and archive or
t = test or list the contents of an archive

Other options let you add vebosity(v), indicate the name of the archive file to create or extract and set the type of compression to use (g for gzip or j or bzip2).

This example will show an examples of tar syntax which will create (c) a gzip compressed(z) archive file (f /tmp/etc.tar.gz) of the /etc directory. Be verbose(v) with the output. This command has been tested on Redhat Enterprise Linux 6 (RHEL6) with root access and it will backup entire /etc directory.

[root@rhel6 ~]# tar cvzf /tmp/etc.tar.gz /etc

Meanwhile, this tar command will show hpw to extract(x) and view(v) all files from a gzip-compressed(z) archive(f /tmp/etc.tar.gz) to the /backup-test directory.

Create /backup-test directory and cd to /backup-test.

[root@rhel6 /]# mkdir /backup-test
[root@rhel6 /]# cd /backup-test
[root@rhel6 backup-test]# pwd
/backup-test

Extract(x) and view(v) all files from a gzip-compressed(z) archive(f /tmp/etc.tar.gz) to the /backup-test directory.

[root@rhel6 backup-test]# tar xvzf /tmp/etc.tar.gz

List the extracted directory ;

[root@rhel6 backup-test]# ls
etc

How to use Basic Regular Expression with grep command on Linux

Regular expressions are special text strings that used to search for and match patterns in text. To make the search expression more specific, it can work together with the grep command. The grep command is the General Regular Expression Parser; it searches a file for strings matching a given regular expression, and by default it the prints out any line containing a string that matches. There are many useful options which can be set for grep which affect it output. This examples will show how to use caret ^ and dollar sign $ to print more specific output. This examples has been tested on Redhat Enterprise Linux 6 server. It may works on CentOS as well.

The caret ^ is meta-characters that respectively match the empty string at the beginning of a line.

Anchor : line begins with...

Meanwhile, the dollar sign $ is a meta-characters that respectively match the empty string at the end of a line.

Anchor : line ends with...

Examples :
1. Print all usernames that begin with the letter e :

[root@rhel6 ~]# grep '^e' /etc/passwd
ehowstuff:x:503:503::/home/ehowstuff:/bin/bash

2. Print all usernames that begin with the letter g :

[root@rhel6 ~]# grep '^g' /etc/passwd
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

3. Print all usernames that begin with the letter a :

[root@rhel6 ~]# grep '^a' /etc/passwd
adm:x:3:4:adm:/var/adm:/sbin/nologin
abrt:x:499:499::/etc/abrt:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin

4. Print all lines that end with the letter h :

[root@rhel6 ~]# grep 'h$' /etc/passwd
root:x:0:0:root:/root:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
test:x:500:500::/home/test:/bin/bash
sambauser1:x:501:501::/home/sambauser1:/bin/bash
ftpuser:x:502:502::/home/ftpuser:/bin/bash
ehowstuff:x:503:503::/home/ehowstuff:/bin/bash
testuser:x:504:504::/home/testuser:/bin/bash

How to Open the File in Read Only Mode on Linux

Question :
How to open a file on read only mode on linux?

Answer :
This command has been tested on Redhat Enterprise linux 6 (RHEL6) server. To open the file with vim in read only mode on linux, you need to run “vim -R” as below. Vim is enhanced version of vi editor that viewing the text file with coloring. “vim -R” is good command if you want to avoid accidentally deleted any important line as in read only.

Example :

[root@rhel6 ~]# vim -R /etc/passwd

read only mode

How Display Logged in User Information and Terminal number on Linux Server

In this post i will show on how to display logged in user information and terminal number on Linux server. This post provides practical examples for future references. This steps has been tested on Redhat Linux Enterprise server 6 and may working CentOS server as well.

1. “who am i” command is use to display the username of currently logged.

[root@rhel6 ~]# who am i
root     pts/1        2012-04-17 06:14 (192.168.1.52)

2. who command will display all the user currently logged in all terminals.

[root@rhel6 ~]# who
root     tty1         2012-04-17 04:29
root     pts/0        2012-04-17 04:29 (192.168.1.52)
root     pts/1        2012-04-17 06:14 (192.168.1.52)
root     pts/2        2012-04-17 06:01 (192.168.1.52)

3. tty command is used to display the terminal number of currently logged in terminals.

[root@rhel6 ~]# tty
/dev/pts/1

4. The w command shows who is logged in to the system and what they are doing.

[root@rhel6 ~]# w
 06:18:39 up  1:50,  4 users,  load average: 0.02, 0.02, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1     -                04:29    1:48m  4.80s  4.78s ping www.google.com
root     pts/0    192.168.1.52     04:29    1:49m  0.02s  0.02s -bash
root     pts/1    192.168.1.52     06:14    0.00s  0.05s  0.01s w
root     pts/2    192.168.1.52     06:01   26.00s  0.11s  0.03s -bash

How to Fix “cannot restore segment prot after reloc: Permission denied” error While Restarting zmcontrol on Zimbra

Question :

I want to start the Zimbra services. But i am getting the following issue while restarting zmcontrol using “zmcontrol start” command as per below error messages :

[zimbra@mail ~]$ zmcontrol start
Host mail.bloggerbaru.local
        Starting zmconfigd...Done.
        Starting logger...Done.
        Starting mailbox...Done.
        Starting antispam...Done.
        Starting antivirus...Done.
        Starting snmp...Done.
        Starting spell...Failed.
Starting apache...httpd: Syntax error on line 232 of /opt/zimbra/conf/httpd.conf: Cannot load /opt/zimbra/httpd/modules/libphp5.so into server: /opt/zimbra/httpd/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied
failed.

Answer :
It was SELinux caused the Zimbra services problems failed to start and you have to disable selinux file as below :

1. Disable SELinux on your next reboot.

[root@centos6 ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

To disable SELinux, without having to reboot, you can use the setenforce command as below:

[root@mail ~]# setenforce 0

2. Rerun zmcontrol start command again :

[zimbra@mail ~]$ zmcontrol start
Host mail.bloggerbaru.local
        Starting zmconfigd...Done.
        Starting logger...Done.
        Starting mailbox...Done.
        Starting antispam...Done.
        Starting antivirus...Done.
        Starting snmp...Done.
        Starting spell...Done.
        Starting mta...Done.
        Starting stats...Done.

How to Add Persistent Static Routes on RHEL 6/CentOS 6

This example will show you on how to configure the Persistent static route in RedHat Enterprise Linux 6 (RHEL 6) server. This configuration may different with other version of RHEL but the basic is almost the same. Persistent static route will permanently stored the setting and will not be deleted after rebooted. The following setting is just example only, you need to update the ip addresses and netmask in order to fit your environment :

To add a persistent static route in Redhat Enterprise Linux 6, create a file called route-X in the /etc/sysconfig/network-scripts/ directory. In this case, i will add persistent static route for eth0 and eth1.
1. Create a file route-eth0 rot eth0 routing :

[root@rhel6 ~]# vi /etc/sysconfig/network-scripts/route-eth0
ADDRESS0=192.168.1.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.1.1

2. Create a file route-eth1 rot eth1 routing :

[root@rhel6 ~]# vi /etc/sysconfig/network-scripts/route-eth1
ADDRESS1=192.168.2.0
NETMASK1=255.255.255.0
GATEWAY1=192.168.2.1

Display routing table :

[root@rhel6 ~]# netstat -rn

How to Install nmap on RHEL 6 Linux Server

Nmap (“Network Mapper”) is a free and open source tool for network exploration or security auditing. It can help you to find open port on a network. Nmap very useful for system and network administrator to perform system and network administration’s task and sometimes may helps in troubleshooting to narrow down the issue. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In this post i will show the quick step to install nmap on your Red Hat Enterprise Linux 6 (RHEL 6) server.

Simply run the following yum command :

[root@rhel6 ~]# yum install nmap -y
Loaded plugins: rhnplugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nmap.i686 2:5.21-3.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package          Arch             Version                   Repository                        Size
====================================================================================================
Installing:
 nmap             i686             2:5.21-3.el6              DVD-RHEL6-Repository             2.2 M

Transaction Summary
====================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 2.2 M
Installed size: 7.2 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : 2:nmap-5.21-3.el6.i686                                                       1/1

Installed:
  nmap.i686 2:5.21-3.el6

Complete!

Type nmap without argument will show the available option for nmap command :

[root@rhel6 ~]# nmap
Nmap 5.21 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL : Input from list of hosts/networks
  -iR : Choose random targets
  --exclude : Exclude hosts/networks
  --excludefile : Exclude list from file
HOST DISCOVERY:
  -sL: List Scan - simply list targets to scan
  -sP: Ping Scan - go no further than determining if host is online
  -PN: Treat all hosts as online -- skip host discovery
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -PO[protocol list]: IP Protocol Ping
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  --dns-servers : Specify custom DNS servers
  --system-dns: Use OS's DNS resolver
  --traceroute: Trace hop path to each host
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  --scanflags : Customize TCP scan flags
  -sI : Idle scan
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
  -sO: IP protocol scan
  -b : FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
  -p : Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
  -F: Fast mode - Scan fewer ports than the default scan
  -r: Scan ports consecutively - don't randomize
  --top-ports : Scan  most common ports
  --port-ratio : Scan ports more common than 
SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
  --version-intensity : Set from 0 (light) to 9 (try all probes)
  --version-light: Limit to most likely probes (intensity 2)
  --version-all: Try every single probe (intensity 9)
  --version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
  -sC: equivalent to --script=default
  --script=:  is a comma separated list of
           directories, script-files or script-categories
  --script-args=: provide arguments to scripts
  --script-trace: Show all data sent and received
  --script-updatedb: Update the script database.
OS DETECTION:
  -O: Enable OS detection
  --osscan-limit: Limit OS detection to promising targets
  --osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
  Options which take 

How to Install and Configure Bind Chroot DNS Server on RHEL 6

In this post, i will guide you on how to install and configure Bind Chroot DNS server on Redhat Enterprise Linux 6 (RHEL 6). DNS is the Domain Name System that maintains a database that can help user’s computer to translate domain names to IP addresses. This post will show the installation and configuration for bind-chroot 9.7 version. Assumed that you have configured your RHEL 6 with local yum repository as per documented in the following post.
How to Setup Local Yum Repository from CD-ROM/DVD-ROM image on RHEL 6

1. Install Bind Chroot DNS Server

[root@rhel6 ~]# yum install bind-chroot -y
Loaded plugins: rhnplugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.i686 32:9.7.0-5.P2.el6 set to be updated
--> Processing Dependency: bind = 32:9.7.0-5.P2.el6 for package: 32:bind-chroot-9.7.0-5.P2.el6.i686
--> Running transaction check
---> Package bind.i686 32:9.7.0-5.P2.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package              Arch          Version                     Repository                     Size
====================================================================================================
Installing:
 bind-chroot          i686          32:9.7.0-5.P2.el6           DVD-RHEL6-Repository           65 k
Installing for dependencies:
 bind                 i686          32:9.7.0-5.P2.el6           DVD-RHEL6-Repository          3.5 M

Transaction Summary
====================================================================================================
Install       2 Package(s)
Upgrade       0 Package(s)

Total download size: 3.5 M
Installed size: 6.4 M
Downloading Packages:
----------------------------------------------------------------------------------------------------
Total                                                                30 MB/s | 3.5 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : 32:bind-9.7.0-5.P2.el6.i686                                                  1/2
  Installing     : 32:bind-chroot-9.7.0-5.P2.el6.i686                                           2/2

Installed:
  bind-chroot.i686 32:9.7.0-5.P2.el6

Dependency Installed:
  bind.i686 32:9.7.0-5.P2.el6

Complete!

2. Create a file /var/named/chroot/var/named/bloggerbaru.local with the following configuration :

[root@rhel6 ~]# vi /var/named/chroot/var/named/bloggerbaru.local
;
;       Addresses and other host information.
;
@       IN      SOA     bloggerbaru.local. hostmaster.bloggerbaru.local. (
                               2011030801      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns.bloggerbaru.local.
               IN      A       192.168.1.43
               IN      MX      10 mail.bloggerbaru.local.

mail            IN      A       192.168.1.43
ns              IN      A       192.168.1.43

3. Generate an RNDC key :
The rndc tool is used to managed the named daemon. We need to generate a keyfile called /etc/rndc.key which is referenced both by /etc/rndc.conf and /etc/named.conf. Execute the following command to generate the RNDC key :

[root@rhel6 ~]# rndc-confgen -a -c /etc/rndc.key
wrote key file "/etc/rndc.key"

4. View the content of the RNDC key :

[root@rhel6 ~]# cat /etc/rndc.key
key "rndc-key" {
        algorithm hmac-md5;
        secret "rDy6d+XB4NiAnHWA5N7Jig==";
};

5. Edit the /var/named/chroot/etc/named.conf file for bloggerbaru.local :

[root@rhel6 ~]# vi /var/named/chroot/etc/named.conf
options {
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
forwarders { 8.8.8.8; };
};
include "/etc/rndc.key";
// We are the master server for bloggerbaru.local

zone "bloggerbaru.local" {
    type master;
    file "bloggerbaru.local";
};

6. Start the DNS service using the following command :

[root@rhel6 ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]

7. To ensure the named daemon will start at boot, execute the following chkconfig :

[root@rhel6 ~]# chkconfig named on

8. Before testing, make sure your pc or server pointing to the DNS Server that has been set up :

[root@rhel6 ~]# cat /etc/resolv.conf
nameserver 192.168.1.43

9. Test your DNS service :

[root@rhel6 ~]# host -t mx bloggerbaru.local
bloggerbaru.local mail is handled by 10 mail.bloggerbaru.local.
[root@rhel6 ~]# host -t ns bloggerbaru.local
bloggerbaru.local name server ns.bloggerbaru.local.