My Favorite Unix Tools: A Highly Eclectic Top 10 List

We resident of the UNIX administrator highlighted the cause of the most precious, his tool kit.

by James Owen August 14, 2002 - as a Unix administrator, its typical to find themselves become are not accustomed to using a small subset of the thousands of Unix utilities of any release.

After all, half the fun of Unix administration is cobbling together several tools service is a continuous expansion of the use of various esoteric. Sometimes, though, I In "br> eager to complete some slightly from the wall, and find their own thinking This must be a more suitable tools, if only I can find it. This is other half of the Unix management: grinding frustration.

In this article, I will introduce some of the less well-known UNIX tools, the need to fill You may not know that you have. They cited no particular reason, in addition to their save my bacon more than once, and in any particular order, in addition to the alphabetical. Some are multi-functional, in the best of the Unix tradition performed only one other task, but it was very good. We hope that at least one or two will be new to your toolbox.

Arping http://www.habets.pp.se/synscan/programs.php?prog=arping Sometimes, you need to know the IP address of the machine dirt network, but that they have only MAC (Media Access Control) the number handy. Find NetBIOS name of a source of conflict in the Windows network is a common cause especially if the offending machine continuously evade the attention. Arping similar standards-utilities, but the MAC address to the number as input is not an IP address. There are many floating of public utilities that perform this function, However, this is one of the simplest. It will not work on the hosts do not respond to broadcast echo request, and since banned response to these requests, can mitigate denial-of-service attack , arping is useful, and can be used as high-speed test: If you can successfully "arping", a machine, which is likely to require guaranteed. Hping, a more advanced and practical can be "inexpensive" to the broader agreement, which is worth a look at .

German http://dsh.sourceforge.net/ the German Perl scripts, short-term Distributed carcasses, resolved more than 90 percent of my day-to-day management problems. Distributed shell is a way to execute orders on multiple remote machines, through an interface similar aesthetic to the Unix command line. To achieve this, an intermediary program waits for no one must be running in order for all target machines. Commercial products such as network shell or IBMs own AIX German apply to the use of a proprietary process as a middleman role. Free German Digest this point, and allows you to use a remote control Shell (rsh) or safety shell (SSH) server contrary. As DSH examination is written in Perl, it is very easy to expand and freedoms free of charge. If it sounds interesting, consider this before article of mine for some additional information.

Dsniff http://monkey.org/ Ten dugsong / dsniff / , I would not even casually mention what is potentially the most dangerous utility The list - or as ever. Dsniff is actually a suite of applications intended to exploited in the network protocol: Sniffer capture interesting information from a different agreement, utilities, the men - M processor middleman attacks on the SSH and HTTP connectivity, as well as other means of deception. Improper use of these tool, it can be thoroughly disrupt a network. Properly used, however, can be dsniff a powerful audit tool that enables you to sort through the clouds to deliver Internet chat to see a weak password, logging, from the suspicious locations, and so on. Although more advanced networks will be able to avoid some of the dsniff trick, papers and presentations can be downloaded from the Web site is education, is worth we have to look at, even if you never have the opportunity to use Utilities. "All warfare is based on deception" (The Art of War, Art of War Project Gutenberg ancient version) fastresolve http://www.pix.net/staff/djm/sw/fastresolve/ disable the DNS to find, is one of the first tips in the performance of any Web Server tuning guide. This, however, makes post-processing logs difficulties. First, IP address is hard reading, the host can help you address to the group user groups Second, check unregistered IP addresses It is worth it, because unwilling to pay a domain name is a clear sign of low character, course. Fastresolve is a cause, to a large number of DNS lookups, fast, and cache the results for later use. I use it to access mainframe Gigabyte six months of Web logs, in less than one hour a day. If you manage a Web site of any size, or even to any services, that is, the IP address of logs rather than Console, I suggest that the examination or Other tools listed here.

Lsof / lslk ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/ ftp://vic.cc.purdue.edu/pub/tools/unix/lslk/ lsof lslk are two elderly people and the cause is still elusive, useful the. Lsof ( "list Open File"), any document on the list is currently being used by the running processes lslk (list "lock") list, the file is locked running processes. Lslk is handy when, for example, the NFS directory refused to unload, as a file still in use - use l slk, you can found this document in the name, identification process cling to it, it killed mercilessly. Lsof, if I switches, TCP Connection can list a process that is open, it is very useful If you are not sure where Some open access to your server plaintiff.

Netcat http://www.atstake.com/research/tools/ netcat or simply open arbitrary TCP UDP connection and the output of arbitrary data.

It a "network Swiss army knife", according to its creators.

Telnet use the procedure to connect to an arbitrary TCP ports, is a rapid testing method connectivity - for example, opened a T elnet ports 25, a server will let everyone know that, if its e-mail delivery. However, netcat is more versatile than Telnet, because it can be opened UDP and TCP connections, thus opening up a more extensive the possibility of testing. At the same time, through telnet is limited, it can not send some "control" characters, netcat not. Readme files, as netcat is worth reading, and its full of imagination and unusual uses, from the rapid port scan, bandwidth test. If netcat sounds interesting, and the remaining shares @ production tool, but also very useful.

These are the same folks who produce the Windows password audit / cracking lophtcrack tools, now known as lc4 - a powerful the root causes.

Netgeo http://www.caida.org/tools/utilities/netgeo/ netgeo one I like the cause, although it is somewhat boring. Its 1 Perl modules connect to the database provided free netgeo from caida, the Cooperative Association of Internet Data Analysis. The database relevant IP address and physical location of consistency is possible. Mr Address Mapping the location it is difficult exact science, since the source data, such as Whois query the database maintained internic, is a rare, if continuously updated by the domain name registrant. At the same time, consolidation of the Internet suppliers tend to increase the physical isolation of customers and suppliers - to the client in the state of Florida, might actually connecting to the Internet through a providers in St. Louis. In any case, its fun to see the results. For example, the central and western United States is always weight far greater than you might imagine, many ISP have backbone devices. If you have any interest on the Internet map, I will propose to use their own mapping services - if anything no, you can produce some impressive map. Caida also maintained impressive file frivolous lack the tools to analyze network traffic, as including graphics traceroute utilities, network mapping, etc.

right.

Ngrep http://www.packetfactory.net/projects/ngrep/ ngrep netcat is the opposite: not generate any string of text on the network, searching them. As its name implies, this is a simple application of grep , everywhere a regular expression search tools to the network layer.

To give it a string to find, and will print out a match each packet passes from. In many cases, only in this way can we develop a network-related applications that is, to see the raw data packets, but are too numerous to record any growth package, but briefest interval browser eyes. Ngrep streamline the work of this sort is, though, you must know that you are looking for progress, at least in part.

Fortunately, more and more use of encryption and security of network switches will be limited voyeuristic abuse ngrep (such as search for the phrase "Password ") in the future.

Ntop http://www.ntop.org/ top utility provides a tremendous some useful function is not the distribution of some Unix: a dynamic show that the process of from the consumption of resources. Its popular, a lot of people do not even bother to use manufacturers provide alternatives when they do exist. Ntop, or network top, as is the use of the network is the highest processor utilization. The text-only version of the ntop Display highest bandwidth the users IP address. Graphics version is a full-fledged network protocol analyzer in miniature, complete with embedded web interface. Monitoring ntop leave your machine on the network, and you cumulative, and constantly - you updated pie chart divided by the bandwidth of according to the protocol and the host country. These can be used to accurately rogue MP3 server or prove To your boss, you do in fact need more than one 10 mb / sec to connect to your database server, even if it costs a little more.

Scanssh http://monkey.org/ Ten provos / scanssh / like dsniff (paragraph ), from the prolific scanssh monkey.org.

This Simple and elegant utility whether it is said: scan range network address for the print server and security shell version of any IT identified. Thanks to their speed in the patch release openssh, this tool is useful keeping any network constantly updated. Its less functional than the more famous nmap, because it is not a mature network scanners, but slightly better than in the identification SSH version.

What is your favorite Unix tools? Share Below!