SlideShare una empresa de Scribd logo
1 de 55
Descargar para leer sin conexión
Ferramentas Unix
2
PS
Lista de processos do SO




                           3
4
5
$   ps -A
  PID TTY       TIME   CMD
    1 ?     00:00:00   init
    2 ?     00:00:00   ksoftirqd/0
    3 ?     00:00:00   events/0
    4 ?     00:00:00   khelper
    5 ?     00:00:00   kthread
    7 ?     00:00:00   kacpid
   89 ?     00:00:00   kblockd/0
   92 ?     00:00:00   khubd
  138 ?     00:00:00   pdflush
  139 ?     00:00:01   pdflush
  141 ?     00:00:00   aio/0
  140 ?     00:00:15   kswapd0
  227 ?     00:00:00   kseriod
  386 ?     00:00:00   kjournald
 1303 ?     00:00:00   udevd
 1756 ?     00:00:04   kjournald
 1757 ?     00:00:00   kjournald
 1758 ?     00:00:27   kjournald
 1759 ?     00:00:02   kjournald
 2488 ?     02:31:43   named
 2547 ?     00:00:02   syslogd
 2551 ?     00:00:00   klogd
 2579 ?     00:00:00   portmap
 2599 ?     00:00:00   rpc.statd
 2637 ?     00:00:00   rpc.idmapd
 2720 ?     00:00:02   nifd
 2752 ?     00:00:00   mDNSResponder
 2764 ?     00:00:00   smartd
 2774 ?     00:00:00   acpid
 2784 ?     00:00:01   sshd
 (...)
                                       6
$   ps -C httpd
  PID   TTY       TIME   CMD
29361   ?     00:00:13   httpd
30204   ?     00:01:39   httpd
31855   ?     00:00:00   httpd
31856   ?     00:00:00   httpd
31857   ?     00:00:00   httpd
31859   ?     00:00:00   httpd
31860   ?     00:00:00   httpd
31862   ?     00:00:00   httpd
31863   ?     00:00:02   httpd
31866   ?     00:00:00   httpd
31868   ?     00:00:11   httpd
31869   ?     00:00:00   httpd
31872   ?     00:00:00   httpd
31879   ?     00:00:02   httpd
31902   ?     00:00:00   httpd
31905   ?     00:00:02   httpd
31906   ?     00:00:00   httpd
32376   ?     00:00:00   httpd
32387   ?     00:00:00   httpd
32388   ?     00:00:00   httpd
32389   ?     00:00:00   httpd
32756   ?     00:00:00   httpd
                                 7
$ ps -p 3078
  PID TTY          TIME CMD
 3078 ?        01:09:10 java


$ ps -u alegomes
  PID TTY         TIME   CMD
  480 ?       00:00:00   sshd
  481 pts/0   00:00:00   bash
  707 pts/0   00:00:00   ps


                                8
top
Apresentação iterativa de informações de processos




                                                     9
10
$   top -h
         top: procps version 3.2.3
usage:   top -hv | -bcisS -d delay -n iterations [-u user | -U user] -p pid [,pid ...]




                                                                                     11
12
netstat
Lista sockets, conexões e estatísticas de interfaces




                                                       13
14
15
$ netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address                 Foreign Address            State
tcp        0      0 atlantico.seatecnolog:45081   viewvc:ldap                ESTABLISHED
tcp        0      0 localhost:53094               localhost:8009             ESTABLISHED
tcp        0      0 atlantico.seatecnolog:45888   viewvc:ldap                ESTABLISHED
tcp        0      0 atlantico.seatecnolog:48511   viewvc:ldap                ESTABLISHED
tcp        0      0 localhost:mysql               localhost:33856            ESTABLISHED
tcp        0      0 localhost:mysql               localhost:33857            ESTABLISHED
tcp        0      0 localhost:mysql               localhost:32796            ESTABLISHED
tcp        0      0 localhost:mysql               localhost:32793            ESTABLISHED
tcp        0      0 atlantico.seatecnolog:41514   viewvc:ldap                ESTABLISHED
tcp        0      0 localhost:mysql               localhost:35863            ESTABLISHED
tcp        0      0 localhost:44443               localhost:8009             ESTABLISHED
tcp        0      0 localhost:44442               localhost:8009             ESTABLISHED
tcp        0      0 localhost:44441               localhost:8009             ESTABLISHED
tcp        0      0 localhost:42265               localhost:8009             ESTABLISHED
tcp        0      0 localhost:42218               localhost:8009             ESTABLISHED
tcp        0      0 localhost:42223               localhost:8009             ESTABLISHED
tcp        0      0 localhost:47238               localhost:8009             ESTABLISHED
tcp        0      0 localhost:47236               localhost:8009             ESTABLISHED
tcp        0      0 localhost:47235               localhost:8009             ESTABLISHED
tcp        0      0 localhost:47232               localhost:8009             ESTABLISHED
tcp        0      0 localhost:47233               localhost:8009             ESTABLISHED
tcp        0      0 localhost:47230               localhost:8009             ESTABLISHED
tcp        0      0 localhost:47231               localhost:8009             ESTABLISHED
tcp        0      0 localhost:47228               localhost:8009             ESTABLISHED
tcp        0      0 localhost:47229               localhost:8009             ESTABLISHED
tcp        0      0 localhost:mysql               localhost:33855            ESTABLISHED
tcp        0      0 atlantico.seatecnolog:54489   viewvc:http                ESTABLISHED
tcp        0      0 atlantico.seatecnolog:49894   viewvc:ldap                ESTABLISHED
tcp        0      0 atlantico.seatecnolog:44141   ::ffff:192.168.1.6:mysql   ESTABLISHED
tcp        0      0 localhost:8009                localhost:44443            ESTABLISHED 16
$ netstat -an | grep -i list
tcp   0   0   0.0.0.0:2144            0.0.0.0:*   LISTEN
tcp   0   0   0.0.0.0:32769           0.0.0.0:*   LISTEN
tcp   0   0   0.0.0.0:873             0.0.0.0:*   LISTEN
tcp   0   0   0.0.0.0:3306            0.0.0.0:*   LISTEN
tcp   0   0   0.0.0.0:139             0.0.0.0:*   LISTEN
tcp   0   0   0.0.0.0:9102            0.0.0.0:*   LISTEN
tcp   0   0   0.0.0.0:111             0.0.0.0:*   LISTEN
tcp   0   0   0.0.0.0:21              0.0.0.0:*   LISTEN
tcp   0   0   192.168.1.4:53          0.0.0.0:*   LISTEN
tcp   0   0   127.0.0.1:53            0.0.0.0:*   LISTEN
tcp   0   0   127.0.0.1:5335          0.0.0.0:*   LISTEN
tcp   0   0   127.0.0.1:25            0.0.0.0:*   LISTEN
tcp   0   0   127.0.0.1:953           0.0.0.0:*   LISTEN
tcp   0   0   0.0.0.0:445             0.0.0.0:*   LISTEN
tcp   0   0   :::32804                :::*        LISTEN
tcp   0   0   ::ffff:127.0.0.1:8005   :::*        LISTEN
tcp   0   0   :::8009                 :::*        LISTEN
tcp   0   0   :::1099                 :::*        LISTEN
tcp   0   0   :::80                   :::*        LISTEN
tcp   0   0   :::8080                 :::*        LISTEN
tcp   0   0   :::22                   :::*        LISTEN
tcp   0   0   :::443                  :::*        LISTEN



                                                           17
vmstat
relatório da memória virtual




                               18
19
20
21
22
http://en.wikipedia.org/wiki/Slab_allocator   23
$ vmstat
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
 r b    swpd   free   buff cache    si   so    bi    bo   in    cs us sy id wa
 0 0 56020 21864 21848 73660         0    0     5    11    2    10 3 0 97 0




$ vmstat 2
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
 r b    swpd   free   buff cache    si   so    bi    bo   in    cs us sy id wa
 1 0 56020 17684 25224 74536         0    0     5    11    2    10 3 0 97 0
 0 0 56020 17684 25232 74536         0    0     0    16 1015   330 0 0 100 0
 0 0 56020 17684 25240 74536         0    0     0    12 1012   329 0 0 100 0
 0 0 56020 17684 25248 74536         0    0     0    26 1015   328 0 0 100 0
 0 0 56020 17684 25248 74536         0    0     0     0 1012   329 0 0 100 0
 0 0 56020 17684 25256 74536         0    0     0     6 1015   225 63 0 37 0
 0 0 56020 17560 25264 74536         0    0     0    10 1032   367 0 0 100 0
 0 0 56020 17560 25264 74536         0    0     0     0 1013   321 0 0 100 0
 0 0 56020 17560 25272 74536         0    0     0    14 1031   351 0 0 100 0
 0 0 56020 17560 25272 74536         0    0     0     0 1012   321 0 0 100 0




                                                                                 24
lsof
lista “arquivos” abertos




                           25
26
$ lsof -?
lsof 4.77
  latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
  latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
  latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
  usage: [-?abhlnNoOPRstUvV] [+|-c c] [+|-d s] [+D D] [+|-f[cfgGn]]
  [-F [f]] [-g [s]] [-i [i]] [-k k] [+|-L [l]] [-m m] [+|-M] [-o [o]]
  [-p s] [+|-r [t]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]
Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.
   -?|-h list help          -a AND selections (OR)      -b avoid kernel blocks
   -c c cmd c, /c/[bix]     +c w COMMAND width (9)
   +d s dir s files         -d s select by FD set       +D D dir D tree *SLOW?*
                            -i select IPv[46] files     -l list UID numbers
   -n no host names         -N select NFS files         -o list file offset
   -O avoid overhead *RISK -P no port names             -R list paRent PID
   -s list file size        -t terse listing            -T disable TCP/TPI info
   -U select Unix socket    -v list version info        -V verbose search
   +|-w Warnings (+)        -- end option scan
   +f|-f +filesystem or -file names      +|-f[cfgGn] Ct Fstr flaGs Node
   -F [f] select fields; -F? for help    -k k    kernel symbols (/mach_kernel)
   +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)
   -m m   kernel memory (/dev/kmem)
   +|-M   portMap registration (-)       -o o    o 0t offset digits (8)
   -p s   exclude(^)|select PIDs         -S [t] t second stat timeout (15)
   -T fqs TCP/TPI Fl,Q,St (s) info
   -g [s] exclude(^)|select and print process group IDs
   -i i   select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]
   +|-r [t] repeat every t seconds (15); + until no files, - forever
   -u s   exclude(^)|select login|UID set s
   -x [fl] cross over +d|+D File systems or symbolic Links
   names select named files or files on named file systems
Only root can list all files; /dev warnings enabled; kernel ID check disabled.      27
$   lsof
COMMAND     PID     USER   FD     TYPE     DEVICE   SIZE/OFF     NODE NAME
ATSServer   173 alegomes cwd      VDIR       14,2       1428        2 /
ATSServer   173 alegomes    0r    VCHR        3,2        0t0 61137924 /dev/null
ATSServer   173 alegomes    1w    VCHR        3,2        0t0 61137924 /dev/null
ATSServer   173 alegomes    2w    VCHR        3,2 0t1428748 61137924 /dev/null
ATSServer   173 alegomes    3r                                        0x03a8a220 file struct, ty=0x3, op=0x384768
ATSServer   173 alegomes    4r                                        0x03a8a5a0 file struct, ty=0x3, op=0x384768
ATSServer   173 alegomes    5u    VREG       14,2     225280   282757 /Library/Caches/com.apple.ATS/501/filetoken.db
ATSServer   173 alegomes    6u    VREG       14,2     204800   282758 /Library/Caches/com.apple.ATS/501/fonts.db
ATSServer   173 alegomes    7u    VREG       14,2      53248   282759 /Library/Caches/com.apple.ATS/501/qdfams.db
ATSServer   173 alegomes    8u    VREG       14,2      57344   282760 /Library/Caches/com.apple.ATS/501/annex.db
ATSServer   173 alegomes    9u    VREG       14,2    7445316   282761 /Library/Caches/com.apple.ATS/501/annex_aux
ATSServer   173 alegomes   10r    VREG       14,2    1135530   261575 /System/Library/Frameworks/
ApplicationServices.framew
ork/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/SynthDB.rsrc
loginwind   176 alegomes cwd      VDIR       14,2       2380   231123 /Users/alegomes
loginwind   176 alegomes    0u    VCHR        3,2        0t0 61137924 /dev/null
loginwind   176 alegomes    1u    VCHR        0,0      0t140 61140100 /dev/console
loginwind   176 alegomes    2u    VCHR        0,0      0t140 61140100 /dev/console
loginwind   176 alegomes    3r                                        0x03a8aba0 file struct, ty=0x3, op=0x384768
loginwind   176 alegomes    4u    unix 0x03a9adb0        0t0          ->0x03a9c7d0
loginwind   176 alegomes    5r                                        0x03a8ab50 file struct, ty=0x3, op=0x384768




                                                                                                                       28
iostat

estatísticas e I/O




                     29
30
$ iostat -h
iostat: illegal option -- h
usage: iostat [-CdIKoT?] [-c count] [-n devs]
              [-w wait] [drives]




                                            31
$   iostat
          disk0         cpu
  KB/t tps MB/s     us sy id
 20.11   3 0.06     42 17 41



$   iostat -c 10
            disk0         cpu
  KB/t   tps MB/s   us   sy id
 20.11     3 0.06   42   17 41
  0.00     0 0.00   66   20 14
  0.00     0 0.00   63   26 11
 12.56     8 0.10   67   20 13
  6.30    15 0.09   70   20 10


                                 32
sar

relatório de atividades do sistema




                                     33
34
$ sar
sar: failed to open input file [-1][/var/log/sa/sa21]

/usr/bin/sar [-Adgpu] [-n { DEV | EDEV | PPP } ] [-o filename] t [n]

/usr/bin/sar [-Adgpu] [-n { DEV | EDEV | PPP }] [-e time] [-f filename] [-i sec] [-s time]




                                                                                       35
$   sar 5 10

18:16:10   %usr     %sys     %idle
18:16:15    66       21       14
18:16:20    74       17       10
18:16:25    66       21       13
18:16:30    70       18       12
18:16:35    69       17       14
18:16:40    69       17       14
18:16:45    64       20       16
18:16:50    70       16       14
18:16:55    70       18       11
18:17:00    68       18       14
Average:       68       18       13
                                      36
nmap
Utilitário de segurança
   (investigador de portas?)




                               37
38
$ nmap
Nmap 3.70 Usage: nmap [Scan Type(s)] [Options] <host or net list>
Some Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
  -sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
  -sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
  -sV Version scan probes open ports determining service & app names/versions
  -sR RPC scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
  -p <range> ports to scan. Example range: 1-1024,1080,6666,31337
  -F Only scans ports listed in nmap-services
  -v Verbose. Its use is recommended. Use twice for greater effect.
  -P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
  -6 scans via IPv6 rather than IPv4
  -T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy
  -n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
  -oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile>
  -iL <inputfile> Get targets from file; Use '-' for stdin
* -S <your_IP>/-e <devicename> Specify source address or network interface
  --interactive Go into interactive mode (then press h for help)
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
                                                                                39
$   nmap 192.168.1.4
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2009-05-20 16:09 BRT
Interesting ports on atlantico.seatecnologia.com.br (192.168.1.4):
(The 1648 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
21/tcp   open ftp
22/tcp   open ssh
53/tcp   open domain
80/tcp   open http
111/tcp open rpcbind
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
873/tcp open rsync
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy

Nmap run completed -- 1 IP address (1 host up) scanned in 0.436 seconds




                                                                           40
tcpdump
analisador de tráfego de rede




                                41
42
$ tcpdump -?
tcpdump version 3.9.7
libpcap version 0.8.3
Usage: tcpdump [-aAdDefKlLnNOpqRStuUvxX] [-c count] [ -C file_size ]
                [ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]
                [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
                [ -W filecount ] [ -y datalinktype ] [ -Z user ]
                [ expression ]




                                                                                43
$ sudo tcpdump
tcpdump: WARNING: en0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes




                                                                             44
$   sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...




                                                                                                             45
$   sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...




16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)




                                                                                                             45
$   sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...




16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)




                                                                                                             45
$   sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...




16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)




                                                                                                             45
$   sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...




16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)




                                                                                                             45
$   sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...




16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)




                                                                                                             45
$   sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...




16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)




                                                                                                             45
NDT
Network Diagnostic Tools




                           46
47
➊




      Acompanhar, com comandos Unix, o
    consumo de CPU, memória e tráfego
      de rede durante testes de carga de
            alguma aplicação Web.
                                           48
P&R

Más contenido relacionado

La actualidad más candente

Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全維泰 蔡
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全維泰 蔡
 
Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識維泰 蔡
 
Ipso vrrp troubleshooting
Ipso vrrp troubleshootingIpso vrrp troubleshooting
Ipso vrrp troubleshootingPavan Kumar
 
True stories on the analysis of network activity using Python
True stories on the analysis of network activity using PythonTrue stories on the analysis of network activity using Python
True stories on the analysis of network activity using Pythondelimitry
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Monero Presentation by Justin Ehrenhofer - Athens, Greece 2017
Monero Presentation by Justin Ehrenhofer - Athens, Greece 2017Monero Presentation by Justin Ehrenhofer - Athens, Greece 2017
Monero Presentation by Justin Ehrenhofer - Athens, Greece 2017Justin Ehrenhofer
 
Báo cáo thực tập athena trần trọng thái
Báo cáo thực tập athena   trần trọng tháiBáo cáo thực tập athena   trần trọng thái
Báo cáo thực tập athena trần trọng tháitran thai
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep diveNaoto MATSUMOTO
 
Evaluation of OpenFlow in RB750GL
Evaluation of OpenFlow in RB750GLEvaluation of OpenFlow in RB750GL
Evaluation of OpenFlow in RB750GLToshiki Tsuboi
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringOSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringNETWAYS
 
Latin America Tour 2019 - 10 great sql features
Latin America Tour 2019  - 10 great sql featuresLatin America Tour 2019  - 10 great sql features
Latin America Tour 2019 - 10 great sql featuresConnor McDonald
 
Ipv6 test plan for opnfv poc v2.2 spirent-vctlab
Ipv6 test plan for opnfv poc v2.2 spirent-vctlabIpv6 test plan for opnfv poc v2.2 spirent-vctlab
Ipv6 test plan for opnfv poc v2.2 spirent-vctlabIben Rodriguez
 
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]APNIC
 
Monero Presentation by Justin Ehrenhofer - Budapest, Hungary 2017
Monero Presentation by Justin Ehrenhofer - Budapest, Hungary 2017Monero Presentation by Justin Ehrenhofer - Budapest, Hungary 2017
Monero Presentation by Justin Ehrenhofer - Budapest, Hungary 2017Justin Ehrenhofer
 
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]RootedCON
 

La actualidad más candente (20)

Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全
 
Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識
 
Rac
RacRac
Rac
 
Ipso vrrp troubleshooting
Ipso vrrp troubleshootingIpso vrrp troubleshooting
Ipso vrrp troubleshooting
 
True stories on the analysis of network activity using Python
True stories on the analysis of network activity using PythonTrue stories on the analysis of network activity using Python
True stories on the analysis of network activity using Python
 
Log
LogLog
Log
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Monero Presentation by Justin Ehrenhofer - Athens, Greece 2017
Monero Presentation by Justin Ehrenhofer - Athens, Greece 2017Monero Presentation by Justin Ehrenhofer - Athens, Greece 2017
Monero Presentation by Justin Ehrenhofer - Athens, Greece 2017
 
Báo cáo thực tập athena trần trọng thái
Báo cáo thực tập athena   trần trọng tháiBáo cáo thực tập athena   trần trọng thái
Báo cáo thực tập athena trần trọng thái
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep dive
 
Evaluation of OpenFlow in RB750GL
Evaluation of OpenFlow in RB750GLEvaluation of OpenFlow in RB750GL
Evaluation of OpenFlow in RB750GL
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringOSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
 
2 netcat enum-pub
2 netcat enum-pub2 netcat enum-pub
2 netcat enum-pub
 
Dfhghg
DfhghgDfhghg
Dfhghg
 
Latin America Tour 2019 - 10 great sql features
Latin America Tour 2019  - 10 great sql featuresLatin America Tour 2019  - 10 great sql features
Latin America Tour 2019 - 10 great sql features
 
Ipv6 test plan for opnfv poc v2.2 spirent-vctlab
Ipv6 test plan for opnfv poc v2.2 spirent-vctlabIpv6 test plan for opnfv poc v2.2 spirent-vctlab
Ipv6 test plan for opnfv poc v2.2 spirent-vctlab
 
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]
 
Monero Presentation by Justin Ehrenhofer - Budapest, Hungary 2017
Monero Presentation by Justin Ehrenhofer - Budapest, Hungary 2017Monero Presentation by Justin Ehrenhofer - Budapest, Hungary 2017
Monero Presentation by Justin Ehrenhofer - Budapest, Hungary 2017
 
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]
 

Similar a Unix Monitoring Tools

Es werde Licht! Monitoring jenseits von tail und grep
Es werde Licht! Monitoring jenseits von tail und grepEs werde Licht! Monitoring jenseits von tail und grep
Es werde Licht! Monitoring jenseits von tail und grepOliver Fischer
 
Reverse engineering of binary programs for custom virtual machines
Reverse engineering of binary programs for custom virtual machinesReverse engineering of binary programs for custom virtual machines
Reverse engineering of binary programs for custom virtual machinesSmartDec
 
Varnish @ Velocity Ignite
Varnish @ Velocity IgniteVarnish @ Velocity Ignite
Varnish @ Velocity IgniteArtur Bergman
 
Александр Лямин. HOWTO. Высокий пакетрейт на x86-64: берем планку в 14,88 Mpps
Александр Лямин. HOWTO. Высокий пакетрейт на x86-64: берем планку в 14,88 MppsАлександр Лямин. HOWTO. Высокий пакетрейт на x86-64: берем планку в 14,88 Mpps
Александр Лямин. HOWTO. Высокий пакетрейт на x86-64: берем планку в 14,88 MppsPositive Hack Days
 
Phd2013 lyamin Высокий пакетрейт на x86-64, берем планку 14.88Mpps
Phd2013 lyamin  Высокий пакетрейт на  x86-64, берем планку 14.88MppsPhd2013 lyamin  Высокий пакетрейт на  x86-64, берем планку 14.88Mpps
Phd2013 lyamin Высокий пакетрейт на x86-64, берем планку 14.88MppsAlexander Lyamin
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 
DEP/ASLR bypass without ROP/JIT
DEP/ASLR bypass without ROP/JITDEP/ASLR bypass without ROP/JIT
DEP/ASLR bypass without ROP/JITArtem I. Baranov
 
Troubleshooting tips and tricks for Oracle Database Oct 2020
Troubleshooting tips and tricks for Oracle Database Oct 2020Troubleshooting tips and tricks for Oracle Database Oct 2020
Troubleshooting tips and tricks for Oracle Database Oct 2020Sandesh Rao
 
gumiStudy#2 実践 memcached
gumiStudy#2 実践 memcachedgumiStudy#2 実践 memcached
gumiStudy#2 実践 memcachedgumilab
 
Monero Presentation by Justin Ehrenhofer - Madison, Wisconsin 1 2017
Monero Presentation by Justin Ehrenhofer - Madison, Wisconsin 1 2017Monero Presentation by Justin Ehrenhofer - Madison, Wisconsin 1 2017
Monero Presentation by Justin Ehrenhofer - Madison, Wisconsin 1 2017Justin Ehrenhofer
 
001 network toi_basics_v1
001 network toi_basics_v1001 network toi_basics_v1
001 network toi_basics_v1Hisao Tsujimura
 
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019Troubleshooting Tips and Tricks for Database 19c - Sangam 2019
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019Sandesh Rao
 
Troubleshooting Tips and Tricks for Database 19c ILOUG Feb 2020
Troubleshooting Tips and Tricks for Database 19c   ILOUG Feb 2020Troubleshooting Tips and Tricks for Database 19c   ILOUG Feb 2020
Troubleshooting Tips and Tricks for Database 19c ILOUG Feb 2020Sandesh Rao
 
Making performant sites
Making performant sitesMaking performant sites
Making performant siteswonko
 
realestate and MySQL devops melbourne
realestate and MySQL devops melbournerealestate and MySQL devops melbourne
realestate and MySQL devops melbournemysqldbahelp
 

Similar a Unix Monitoring Tools (20)

Es werde Licht! Monitoring jenseits von tail und grep
Es werde Licht! Monitoring jenseits von tail und grepEs werde Licht! Monitoring jenseits von tail und grep
Es werde Licht! Monitoring jenseits von tail und grep
 
Reverse engineering of binary programs for custom virtual machines
Reverse engineering of binary programs for custom virtual machinesReverse engineering of binary programs for custom virtual machines
Reverse engineering of binary programs for custom virtual machines
 
Linux networking
Linux networkingLinux networking
Linux networking
 
Varnish @ Velocity Ignite
Varnish @ Velocity IgniteVarnish @ Velocity Ignite
Varnish @ Velocity Ignite
 
Phd2013 lyamin
Phd2013 lyaminPhd2013 lyamin
Phd2013 lyamin
 
Александр Лямин. HOWTO. Высокий пакетрейт на x86-64: берем планку в 14,88 Mpps
Александр Лямин. HOWTO. Высокий пакетрейт на x86-64: берем планку в 14,88 MppsАлександр Лямин. HOWTO. Высокий пакетрейт на x86-64: берем планку в 14,88 Mpps
Александр Лямин. HOWTO. Высокий пакетрейт на x86-64: берем планку в 14,88 Mpps
 
Phd2013 lyamin Высокий пакетрейт на x86-64, берем планку 14.88Mpps
Phd2013 lyamin  Высокий пакетрейт на  x86-64, берем планку 14.88MppsPhd2013 lyamin  Высокий пакетрейт на  x86-64, берем планку 14.88Mpps
Phd2013 lyamin Высокий пакетрейт на x86-64, берем планку 14.88Mpps
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging Ruby
 
DEP/ASLR bypass without ROP/JIT
DEP/ASLR bypass without ROP/JITDEP/ASLR bypass without ROP/JIT
DEP/ASLR bypass without ROP/JIT
 
Troubleshooting tips and tricks for Oracle Database Oct 2020
Troubleshooting tips and tricks for Oracle Database Oct 2020Troubleshooting tips and tricks for Oracle Database Oct 2020
Troubleshooting tips and tricks for Oracle Database Oct 2020
 
gumiStudy#2 実践 memcached
gumiStudy#2 実践 memcachedgumiStudy#2 実践 memcached
gumiStudy#2 実践 memcached
 
実践 memcached
実践 memcached実践 memcached
実践 memcached
 
Monero Presentation by Justin Ehrenhofer - Madison, Wisconsin 1 2017
Monero Presentation by Justin Ehrenhofer - Madison, Wisconsin 1 2017Monero Presentation by Justin Ehrenhofer - Madison, Wisconsin 1 2017
Monero Presentation by Justin Ehrenhofer - Madison, Wisconsin 1 2017
 
001 network toi_basics_v1
001 network toi_basics_v1001 network toi_basics_v1
001 network toi_basics_v1
 
IDS.pptx
IDS.pptxIDS.pptx
IDS.pptx
 
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019Troubleshooting Tips and Tricks for Database 19c - Sangam 2019
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019
 
No more dumb hex!
No more dumb hex!No more dumb hex!
No more dumb hex!
 
Troubleshooting Tips and Tricks for Database 19c ILOUG Feb 2020
Troubleshooting Tips and Tricks for Database 19c   ILOUG Feb 2020Troubleshooting Tips and Tricks for Database 19c   ILOUG Feb 2020
Troubleshooting Tips and Tricks for Database 19c ILOUG Feb 2020
 
Making performant sites
Making performant sitesMaking performant sites
Making performant sites
 
realestate and MySQL devops melbourne
realestate and MySQL devops melbournerealestate and MySQL devops melbourne
realestate and MySQL devops melbourne
 

Más de SEA Tecnologia

Loomio how to Series - Working on a Discussion
Loomio how to Series - Working on a DiscussionLoomio how to Series - Working on a Discussion
Loomio how to Series - Working on a DiscussionSEA Tecnologia
 
Loomio how to Series - Creating a new Group of People
Loomio how to Series - Creating a new Group of PeopleLoomio how to Series - Creating a new Group of People
Loomio how to Series - Creating a new Group of PeopleSEA Tecnologia
 
Loomio how to Series - Creating a new Discussion
Loomio how to Series - Creating a new DiscussionLoomio how to Series - Creating a new Discussion
Loomio how to Series - Creating a new DiscussionSEA Tecnologia
 
Gerentes em Crise existencial - Existimos no Universo Ágil?
Gerentes em Crise existencial - Existimos no Universo Ágil?Gerentes em Crise existencial - Existimos no Universo Ágil?
Gerentes em Crise existencial - Existimos no Universo Ágil?SEA Tecnologia
 
O curioso caso de Náutilus Button
O curioso caso de Náutilus ButtonO curioso caso de Náutilus Button
O curioso caso de Náutilus ButtonSEA Tecnologia
 
Contratos de desenvolvimento de software para governo blue pill or red pill?
Contratos de desenvolvimento de software para governo  blue pill or red pill?Contratos de desenvolvimento de software para governo  blue pill or red pill?
Contratos de desenvolvimento de software para governo blue pill or red pill?SEA Tecnologia
 
Os benefícios e desafios da participação pública digital
Os benefícios e desafios da participação pública digitalOs benefícios e desafios da participação pública digital
Os benefícios e desafios da participação pública digitalSEA Tecnologia
 
A escola do século XXI deve ser ágil, enxuta e empreendedora.
A escola do século XXI deve ser ágil, enxuta e empreendedora.A escola do século XXI deve ser ágil, enxuta e empreendedora.
A escola do século XXI deve ser ágil, enxuta e empreendedora.SEA Tecnologia
 
Open data, scraping e thacks com Software Livre
Open data, scraping e thacks com Software LivreOpen data, scraping e thacks com Software Livre
Open data, scraping e thacks com Software LivreSEA Tecnologia
 
Agilidade dos projetos à empresa, uma história de Intracontágio
Agilidade dos projetos à empresa, uma história de IntracontágioAgilidade dos projetos à empresa, uma história de Intracontágio
Agilidade dos projetos à empresa, uma história de IntracontágioSEA Tecnologia
 
Roadshow Brasília Novas funcionalidades Liferay 6
Roadshow Brasília Novas funcionalidades Liferay 6Roadshow Brasília Novas funcionalidades Liferay 6
Roadshow Brasília Novas funcionalidades Liferay 6SEA Tecnologia
 
Roadshow Liferay no Brasil 2010
Roadshow Liferay no Brasil 2010Roadshow Liferay no Brasil 2010
Roadshow Liferay no Brasil 2010SEA Tecnologia
 
Sem tesão não há solução
Sem tesão não há soluçãoSem tesão não há solução
Sem tesão não há soluçãoSEA Tecnologia
 
Empreendimentos em Rede
Empreendimentos em RedeEmpreendimentos em Rede
Empreendimentos em RedeSEA Tecnologia
 

Más de SEA Tecnologia (20)

Loomio how to Series - Working on a Discussion
Loomio how to Series - Working on a DiscussionLoomio how to Series - Working on a Discussion
Loomio how to Series - Working on a Discussion
 
Loomio how to Series - Creating a new Group of People
Loomio how to Series - Creating a new Group of PeopleLoomio how to Series - Creating a new Group of People
Loomio how to Series - Creating a new Group of People
 
Loomio how to Series - Creating a new Discussion
Loomio how to Series - Creating a new DiscussionLoomio how to Series - Creating a new Discussion
Loomio how to Series - Creating a new Discussion
 
Gerentes em Crise existencial - Existimos no Universo Ágil?
Gerentes em Crise existencial - Existimos no Universo Ágil?Gerentes em Crise existencial - Existimos no Universo Ágil?
Gerentes em Crise existencial - Existimos no Universo Ágil?
 
O curioso caso de Náutilus Button
O curioso caso de Náutilus ButtonO curioso caso de Náutilus Button
O curioso caso de Náutilus Button
 
Contratos de desenvolvimento de software para governo blue pill or red pill?
Contratos de desenvolvimento de software para governo  blue pill or red pill?Contratos de desenvolvimento de software para governo  blue pill or red pill?
Contratos de desenvolvimento de software para governo blue pill or red pill?
 
#Fail
#Fail#Fail
#Fail
 
Agilidade no Governo
Agilidade no GovernoAgilidade no Governo
Agilidade no Governo
 
Os benefícios e desafios da participação pública digital
Os benefícios e desafios da participação pública digitalOs benefícios e desafios da participação pública digital
Os benefícios e desafios da participação pública digital
 
A escola do século XXI deve ser ágil, enxuta e empreendedora.
A escola do século XXI deve ser ágil, enxuta e empreendedora.A escola do século XXI deve ser ágil, enxuta e empreendedora.
A escola do século XXI deve ser ágil, enxuta e empreendedora.
 
Lean Startup
Lean StartupLean Startup
Lean Startup
 
Open Data
Open DataOpen Data
Open Data
 
Open data, scraping e thacks com Software Livre
Open data, scraping e thacks com Software LivreOpen data, scraping e thacks com Software Livre
Open data, scraping e thacks com Software Livre
 
Agilidade dos projetos à empresa, uma história de Intracontágio
Agilidade dos projetos à empresa, uma história de IntracontágioAgilidade dos projetos à empresa, uma história de Intracontágio
Agilidade dos projetos à empresa, uma história de Intracontágio
 
Roadshow Brasília Novas funcionalidades Liferay 6
Roadshow Brasília Novas funcionalidades Liferay 6Roadshow Brasília Novas funcionalidades Liferay 6
Roadshow Brasília Novas funcionalidades Liferay 6
 
Roadshow Liferay no Brasil 2010
Roadshow Liferay no Brasil 2010Roadshow Liferay no Brasil 2010
Roadshow Liferay no Brasil 2010
 
Sem tesão não há solução
Sem tesão não há soluçãoSem tesão não há solução
Sem tesão não há solução
 
Empreendimentos em Rede
Empreendimentos em RedeEmpreendimentos em Rede
Empreendimentos em Rede
 
Java Profiling Tools
Java Profiling ToolsJava Profiling Tools
Java Profiling Tools
 
Misc Monitoring Tools
Misc Monitoring ToolsMisc Monitoring Tools
Misc Monitoring Tools
 

Último

Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 

Último (20)

Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 

Unix Monitoring Tools

  • 2. 2
  • 4. 4
  • 5. 5
  • 6. $ ps -A PID TTY TIME CMD 1 ? 00:00:00 init 2 ? 00:00:00 ksoftirqd/0 3 ? 00:00:00 events/0 4 ? 00:00:00 khelper 5 ? 00:00:00 kthread 7 ? 00:00:00 kacpid 89 ? 00:00:00 kblockd/0 92 ? 00:00:00 khubd 138 ? 00:00:00 pdflush 139 ? 00:00:01 pdflush 141 ? 00:00:00 aio/0 140 ? 00:00:15 kswapd0 227 ? 00:00:00 kseriod 386 ? 00:00:00 kjournald 1303 ? 00:00:00 udevd 1756 ? 00:00:04 kjournald 1757 ? 00:00:00 kjournald 1758 ? 00:00:27 kjournald 1759 ? 00:00:02 kjournald 2488 ? 02:31:43 named 2547 ? 00:00:02 syslogd 2551 ? 00:00:00 klogd 2579 ? 00:00:00 portmap 2599 ? 00:00:00 rpc.statd 2637 ? 00:00:00 rpc.idmapd 2720 ? 00:00:02 nifd 2752 ? 00:00:00 mDNSResponder 2764 ? 00:00:00 smartd 2774 ? 00:00:00 acpid 2784 ? 00:00:01 sshd (...) 6
  • 7. $ ps -C httpd PID TTY TIME CMD 29361 ? 00:00:13 httpd 30204 ? 00:01:39 httpd 31855 ? 00:00:00 httpd 31856 ? 00:00:00 httpd 31857 ? 00:00:00 httpd 31859 ? 00:00:00 httpd 31860 ? 00:00:00 httpd 31862 ? 00:00:00 httpd 31863 ? 00:00:02 httpd 31866 ? 00:00:00 httpd 31868 ? 00:00:11 httpd 31869 ? 00:00:00 httpd 31872 ? 00:00:00 httpd 31879 ? 00:00:02 httpd 31902 ? 00:00:00 httpd 31905 ? 00:00:02 httpd 31906 ? 00:00:00 httpd 32376 ? 00:00:00 httpd 32387 ? 00:00:00 httpd 32388 ? 00:00:00 httpd 32389 ? 00:00:00 httpd 32756 ? 00:00:00 httpd 7
  • 8. $ ps -p 3078 PID TTY TIME CMD 3078 ? 01:09:10 java $ ps -u alegomes PID TTY TIME CMD 480 ? 00:00:00 sshd 481 pts/0 00:00:00 bash 707 pts/0 00:00:00 ps 8
  • 9. top Apresentação iterativa de informações de processos 9
  • 10. 10
  • 11. $ top -h top: procps version 3.2.3 usage: top -hv | -bcisS -d delay -n iterations [-u user | -U user] -p pid [,pid ...] 11
  • 12. 12
  • 13. netstat Lista sockets, conexões e estatísticas de interfaces 13
  • 14. 14
  • 15. 15
  • 16. $ netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 atlantico.seatecnolog:45081 viewvc:ldap ESTABLISHED tcp 0 0 localhost:53094 localhost:8009 ESTABLISHED tcp 0 0 atlantico.seatecnolog:45888 viewvc:ldap ESTABLISHED tcp 0 0 atlantico.seatecnolog:48511 viewvc:ldap ESTABLISHED tcp 0 0 localhost:mysql localhost:33856 ESTABLISHED tcp 0 0 localhost:mysql localhost:33857 ESTABLISHED tcp 0 0 localhost:mysql localhost:32796 ESTABLISHED tcp 0 0 localhost:mysql localhost:32793 ESTABLISHED tcp 0 0 atlantico.seatecnolog:41514 viewvc:ldap ESTABLISHED tcp 0 0 localhost:mysql localhost:35863 ESTABLISHED tcp 0 0 localhost:44443 localhost:8009 ESTABLISHED tcp 0 0 localhost:44442 localhost:8009 ESTABLISHED tcp 0 0 localhost:44441 localhost:8009 ESTABLISHED tcp 0 0 localhost:42265 localhost:8009 ESTABLISHED tcp 0 0 localhost:42218 localhost:8009 ESTABLISHED tcp 0 0 localhost:42223 localhost:8009 ESTABLISHED tcp 0 0 localhost:47238 localhost:8009 ESTABLISHED tcp 0 0 localhost:47236 localhost:8009 ESTABLISHED tcp 0 0 localhost:47235 localhost:8009 ESTABLISHED tcp 0 0 localhost:47232 localhost:8009 ESTABLISHED tcp 0 0 localhost:47233 localhost:8009 ESTABLISHED tcp 0 0 localhost:47230 localhost:8009 ESTABLISHED tcp 0 0 localhost:47231 localhost:8009 ESTABLISHED tcp 0 0 localhost:47228 localhost:8009 ESTABLISHED tcp 0 0 localhost:47229 localhost:8009 ESTABLISHED tcp 0 0 localhost:mysql localhost:33855 ESTABLISHED tcp 0 0 atlantico.seatecnolog:54489 viewvc:http ESTABLISHED tcp 0 0 atlantico.seatecnolog:49894 viewvc:ldap ESTABLISHED tcp 0 0 atlantico.seatecnolog:44141 ::ffff:192.168.1.6:mysql ESTABLISHED tcp 0 0 localhost:8009 localhost:44443 ESTABLISHED 16
  • 17. $ netstat -an | grep -i list tcp 0 0 0.0.0.0:2144 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9102 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 192.168.1.4:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp 0 0 :::32804 :::* LISTEN tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN tcp 0 0 :::8009 :::* LISTEN tcp 0 0 :::1099 :::* LISTEN tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::8080 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 :::443 :::* LISTEN 17
  • 19. 19
  • 20. 20
  • 21. 21
  • 22. 22
  • 24. $ vmstat procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 56020 21864 21848 73660 0 0 5 11 2 10 3 0 97 0 $ vmstat 2 procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 1 0 56020 17684 25224 74536 0 0 5 11 2 10 3 0 97 0 0 0 56020 17684 25232 74536 0 0 0 16 1015 330 0 0 100 0 0 0 56020 17684 25240 74536 0 0 0 12 1012 329 0 0 100 0 0 0 56020 17684 25248 74536 0 0 0 26 1015 328 0 0 100 0 0 0 56020 17684 25248 74536 0 0 0 0 1012 329 0 0 100 0 0 0 56020 17684 25256 74536 0 0 0 6 1015 225 63 0 37 0 0 0 56020 17560 25264 74536 0 0 0 10 1032 367 0 0 100 0 0 0 56020 17560 25264 74536 0 0 0 0 1013 321 0 0 100 0 0 0 56020 17560 25272 74536 0 0 0 14 1031 351 0 0 100 0 0 0 56020 17560 25272 74536 0 0 0 0 1012 321 0 0 100 0 24
  • 26. 26
  • 27. $ lsof -? lsof 4.77 latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/ latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man usage: [-?abhlnNoOPRstUvV] [+|-c c] [+|-d s] [+D D] [+|-f[cfgGn]] [-F [f]] [-g [s]] [-i [i]] [-k k] [+|-L [l]] [-m m] [+|-M] [-o [o]] [-p s] [+|-r [t]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names] Defaults in parentheses; comma-separated set (s) items; dash-separated ranges. -?|-h list help -a AND selections (OR) -b avoid kernel blocks -c c cmd c, /c/[bix] +c w COMMAND width (9) +d s dir s files -d s select by FD set +D D dir D tree *SLOW?* -i select IPv[46] files -l list UID numbers -n no host names -N select NFS files -o list file offset -O avoid overhead *RISK -P no port names -R list paRent PID -s list file size -t terse listing -T disable TCP/TPI info -U select Unix socket -v list version info -V verbose search +|-w Warnings (+) -- end option scan +f|-f +filesystem or -file names +|-f[cfgGn] Ct Fstr flaGs Node -F [f] select fields; -F? for help -k k kernel symbols (/mach_kernel) +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0) -m m kernel memory (/dev/kmem) +|-M portMap registration (-) -o o o 0t offset digits (8) -p s exclude(^)|select PIDs -S [t] t second stat timeout (15) -T fqs TCP/TPI Fl,Q,St (s) info -g [s] exclude(^)|select and print process group IDs -i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list] +|-r [t] repeat every t seconds (15); + until no files, - forever -u s exclude(^)|select login|UID set s -x [fl] cross over +d|+D File systems or symbolic Links names select named files or files on named file systems Only root can list all files; /dev warnings enabled; kernel ID check disabled. 27
  • 28. $ lsof COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ATSServer 173 alegomes cwd VDIR 14,2 1428 2 / ATSServer 173 alegomes 0r VCHR 3,2 0t0 61137924 /dev/null ATSServer 173 alegomes 1w VCHR 3,2 0t0 61137924 /dev/null ATSServer 173 alegomes 2w VCHR 3,2 0t1428748 61137924 /dev/null ATSServer 173 alegomes 3r 0x03a8a220 file struct, ty=0x3, op=0x384768 ATSServer 173 alegomes 4r 0x03a8a5a0 file struct, ty=0x3, op=0x384768 ATSServer 173 alegomes 5u VREG 14,2 225280 282757 /Library/Caches/com.apple.ATS/501/filetoken.db ATSServer 173 alegomes 6u VREG 14,2 204800 282758 /Library/Caches/com.apple.ATS/501/fonts.db ATSServer 173 alegomes 7u VREG 14,2 53248 282759 /Library/Caches/com.apple.ATS/501/qdfams.db ATSServer 173 alegomes 8u VREG 14,2 57344 282760 /Library/Caches/com.apple.ATS/501/annex.db ATSServer 173 alegomes 9u VREG 14,2 7445316 282761 /Library/Caches/com.apple.ATS/501/annex_aux ATSServer 173 alegomes 10r VREG 14,2 1135530 261575 /System/Library/Frameworks/ ApplicationServices.framew ork/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/SynthDB.rsrc loginwind 176 alegomes cwd VDIR 14,2 2380 231123 /Users/alegomes loginwind 176 alegomes 0u VCHR 3,2 0t0 61137924 /dev/null loginwind 176 alegomes 1u VCHR 0,0 0t140 61140100 /dev/console loginwind 176 alegomes 2u VCHR 0,0 0t140 61140100 /dev/console loginwind 176 alegomes 3r 0x03a8aba0 file struct, ty=0x3, op=0x384768 loginwind 176 alegomes 4u unix 0x03a9adb0 0t0 ->0x03a9c7d0 loginwind 176 alegomes 5r 0x03a8ab50 file struct, ty=0x3, op=0x384768 28
  • 30. 30
  • 31. $ iostat -h iostat: illegal option -- h usage: iostat [-CdIKoT?] [-c count] [-n devs] [-w wait] [drives] 31
  • 32. $ iostat disk0 cpu KB/t tps MB/s us sy id 20.11 3 0.06 42 17 41 $ iostat -c 10 disk0 cpu KB/t tps MB/s us sy id 20.11 3 0.06 42 17 41 0.00 0 0.00 66 20 14 0.00 0 0.00 63 26 11 12.56 8 0.10 67 20 13 6.30 15 0.09 70 20 10 32
  • 34. 34
  • 35. $ sar sar: failed to open input file [-1][/var/log/sa/sa21] /usr/bin/sar [-Adgpu] [-n { DEV | EDEV | PPP } ] [-o filename] t [n] /usr/bin/sar [-Adgpu] [-n { DEV | EDEV | PPP }] [-e time] [-f filename] [-i sec] [-s time] 35
  • 36. $ sar 5 10 18:16:10 %usr %sys %idle 18:16:15 66 21 14 18:16:20 74 17 10 18:16:25 66 21 13 18:16:30 70 18 12 18:16:35 69 17 14 18:16:40 69 17 14 18:16:45 64 20 16 18:16:50 70 16 14 18:16:55 70 18 11 18:17:00 68 18 14 Average: 68 18 13 36
  • 37. nmap Utilitário de segurança (investigador de portas?) 37
  • 38. 38
  • 39. $ nmap Nmap 3.70 Usage: nmap [Scan Type(s)] [Options] <host or net list> Some Common Scan Types ('*' options require root privileges) * -sS TCP SYN stealth port scan (default if privileged (root)) -sT TCP connect() port scan (default for unprivileged users) * -sU UDP port scan -sP ping scan (Find any reachable machines) * -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only) -sV Version scan probes open ports determining service & app names/versions -sR RPC scan (use with other scan types) Some Common Options (none are required, most can be combined): * -O Use TCP/IP fingerprinting to guess remote operating system -p <range> ports to scan. Example range: 1-1024,1080,6666,31337 -F Only scans ports listed in nmap-services -v Verbose. Its use is recommended. Use twice for greater effect. -P0 Don't ping hosts (needed to scan www.microsoft.com and others) * -Ddecoy_host1,decoy2[,...] Hide scan using many decoys -6 scans via IPv6 rather than IPv4 -T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy -n/-R Never do DNS resolution/Always resolve [default: sometimes resolve] -oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile> -iL <inputfile> Get targets from file; Use '-' for stdin * -S <your_IP>/-e <devicename> Specify source address or network interface --interactive Go into interactive mode (then press h for help) Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*' SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES 39
  • 40. $ nmap 192.168.1.4 Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2009-05-20 16:09 BRT Interesting ports on atlantico.seatecnologia.com.br (192.168.1.4): (The 1648 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 873/tcp open rsync 3306/tcp open mysql 8009/tcp open ajp13 8080/tcp open http-proxy Nmap run completed -- 1 IP address (1 host up) scanned in 0.436 seconds 40
  • 42. 42
  • 43. $ tcpdump -? tcpdump version 3.9.7 libpcap version 0.8.3 Usage: tcpdump [-aAdDefKlLnNOpqRStuUvxX] [-c count] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -Z user ] [ expression ] 43
  • 44. $ sudo tcpdump tcpdump: WARNING: en0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes 44
  • 45. $ sudo tcpdump -i en1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes 16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27 16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28 16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30 16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40) 16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105) 16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41) 16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106) 16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40) 16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105) 16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40) 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) ... 45
  • 46. $ sudo tcpdump -i en1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes 16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27 16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28 16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30 16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40) 16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105) 16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41) 16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106) 16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40) 16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105) 16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40) 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) ... 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) 45
  • 47. $ sudo tcpdump -i en1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes 16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27 16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28 16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30 16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40) 16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105) 16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41) 16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106) 16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40) 16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105) 16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40) 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) ... 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) 45
  • 48. $ sudo tcpdump -i en1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes 16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27 16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28 16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30 16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40) 16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105) 16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41) 16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106) 16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40) 16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105) 16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40) 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) ... 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) 45
  • 49. $ sudo tcpdump -i en1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes 16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27 16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28 16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30 16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40) 16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105) 16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41) 16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106) 16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40) 16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105) 16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40) 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) ... 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) 45
  • 50. $ sudo tcpdump -i en1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes 16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27 16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28 16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30 16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40) 16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105) 16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41) 16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106) 16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40) 16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105) 16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40) 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) ... 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) 45
  • 51. $ sudo tcpdump -i en1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes 16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27 16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28 16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30 16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40) 16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105) 16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41) 16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106) 16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40) 16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105) 16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40) 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) ... 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) 45
  • 53. 47
  • 54. Acompanhar, com comandos Unix, o consumo de CPU, memória e tráfego de rede durante testes de carga de alguma aplicação Web. 48
  • 55. P&R

Notas del editor

  1. KB/t - KB por transferencia tps - transferencias por segundo (?) MB/s - :-/ us - tempo % da CPU gasto em processos de usuarios sy - tempo % da CPU gasto em processos de systema id - tempo % da CPU em estado ocioso