passing data to netcat - command-line

I'm able to execute the following command with desired output.
echo -n "GET / HTTP/1.0\r\n\r\n" | nc google.com 80
Why can't I achieve the same result by first connecting via nc,
nc google.com 80
and then entering "GET / HTTP/1.0\r\n\r\n" in console?
How do the two scenarios differ?

Related

Check number of active meetings in Big Blue Button from command line

I want to check how many active meetings there are on the BBB server at any one time from the command line. I have tried
$ bbb-conf --network
but not getting anywhere. I have also checked the number of active connections to port 80 and 443
$ netstat -anp | grep :443 | grep ESTABLISHED | wc -l
but I'm not sure if I can trust that figure.
I know I can use the isMeetingRunning call from the API but I'm just looking for command line.
Any ideas would be appreciated
The following bash script, which can be run from command line on the same machine as the BigBlueButton server, will process the response to the BBB API getMeetings call.
#!/bin/bash
APICallName="getMeetings"
APIQueryString=""
X=$( bbb-conf --secret | fgrep URL: )
APIEndPoint=${X##* }
Y=$( bbb-conf --secret | fgrep Secret: )
Secret=${Y##* }
S=$APICallName$APIQueryString$Secret
Checksum=$( echo -n $S | sha1sum | cut -f 1 -d ' ' )
if [[ "$APIQueryString" == "" ]]
then
URL="${APIEndPoint}api/$APICallName?checksum=$Checksum"
else
URL="${APIEndPoint}api/$APICallName?$APIQueryString&checksum=$Checksum"
fi
wget -q -O - "$URL" | grep -o '<meetingID>' | wc -w
Tested on a live BBB machine.
Note:
The APICallName and APIQueryString can be modified to provide interface to other BBB API calls. See https://docs.bigbluebutton.org/dev/api.html
The command-line sha1sum will output a different result if a newline is appended to its input. This is the reason echo -n is used instead of echo.
In the last line, the script processes the XML output from the API call in a very naïve way, simply counting the number of occurences of the <meetingID> tag. More elaborate processing would probably require parsing the XML.

How to edit nmap output

I need to count how many devices has port 80 open with nmap. I tried with "nmap -p80 --open 192.168.153.*" but this does not print what i want.
I want the following output:
"Number of devices with port 80 open: 2"
Does anyone know how to do that?
you can try to use a shell script;
nmap 192.168.1.* -p80 --open | grep report > output;printf "Number of devices with port 80 open: "; cat output| wc -l
Output:
Number of devices with port 80 open: 3

redirect output of editcap to tcpdump

I want filter first 100 packets inside a pcap file and show the result on stdout. for filtering first 100 packet I used below command:
editcap -r test.pcap output.pcap 1-100
for showing result and filtering packet for the further purpose I want to used tcpdump.
tcpdump -tttt tcp and host ip 192.168.1.1 -r inputfile.pcap
i want to redirect output of editcap to tcpdump, like this:
editcap -r test.pcap - | tcpdump -tttt tcp and host ip 192.168.1.1 -r -
but in this command I couldnt filter first 100 packets. Is it possible to do so??
If not is it possible to rediredt output of editcap to RAM and then the tcpdump read from RAM ??
thanks in advanced.
P.S by the way, I don't want to use the below command, because this command read the all Packet inside the file. I need the command read some packets inside he pcap file and shows then was finished the job.
tshark -r ~/test1.pcap -R "frame.number<20 and frame.number>10"
but in this command I couldnt filter first 100 packets
I.e., you don't see any packets?
Try doing
editcap -F pcap -r test.pcap - 1-100 | tcpdump -tttt tcp and host ip 192.168.1.1 -r -
as editcap might be writing out a pcap-ng file and there is a bug in some versions of libpcap when reading pcap-ng files that causes filtering in tcpdump not to work.

Haproxy: Need to know all Incoming IP's

I have two web servers running with One load balancer with Haproxy. I need to block IP's that are coming to my load balancer more than often. How do I check all the incoming IP's? Is there a log?
If you want to see the established connections on a Linux server, use this command (via SSH):
netstat -ntu | grep ESTAB | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -n 10
If you want to log more verbose HAProxy activity, use this setting in haproxy.cfg:
log 127.0.0.1 local0 info
You can view the more verbose output in /var/log/haproxy_0.log
You should try this :
echo 'Client IP: '.$_SERVER["REMOTE_ADDR"];
echo 'Client IP: '.$_SERVER["HTTP_CLIENT_IP"];
These commands displays loadbalancer's IP. More at : https://serverfault.com/a/331909

Nmap scan range output file problem

Okay, I want to have Nmap scan an IP range for computers with a certain port open (port 80 in this case) and have it output all the IP's it finds into a text file, stored in this format:
192.168.0.1
192.168.0.185
192.168.0.192
192.168.0.195
So to output the file, I tried using this command:
nmap -sT -p 80 -ttl 40 192.168.0.0-255 -oG - | grep "80/open" > output.txt
Where "output.txt" is the output file that contains the results. So a line of output.txt looks
like this:
Host: 192.168.0.1 () Ports: 80/open/tcp//http///
So I basically want it only to output the IP address with port 80 open, and nothing else.
I want it to not output the "Host: " or the "()" and "Ports: 80/open/tcp//http///" lines. So is there anyway I can have Nmap not put that stuff into the output file? Or make it only
output the IP addresses? I tried looking at the map page, it was of little help. And I looked all over the Internet and that wasn't very useful either. So does anyone know how I can do this? Thanks
Awk is your friend!
$ nmap -sT -p 80 192.168.0.0/24 -oG - | awk '/ 80\/open/{print $2}' > output.txt
This will find lines with port 80 open (notice the space before 80, if you plan to scan more than the one port!), and print field 2, splitting on whitespace. Another way to do it would be:
$ nmap -sT -p 80 --open 192.168.0.0/24 -oG - | awk '$4=="Ports:"{print $2}' > output.txt
This one uses the --open argument to Nmap to only produce output for hosts with open ports. The awk command checks that this is a "Ports" line, not a "Status" line (which may only show up when using -v, but I'm not positive) before printing the IP address.
Note that it is usually in your best interests to save the scan results to a file, to avoid needing to repeat the scan if you decide to extract some different information. If you choose to do this, I would recommend using the XML output (-oX), since there are lots of analysis tools that have parsers built for it already.
Having nmap produce exactly what you want would indeed be nice. But as a more general solution:
$ nmap ... | grep ... | tr '/' ' ' | awk '{ print $2,$5; }
192.168.0.1 80
Or maybe:
nmap ... | grep ... | tr '/' ' ' | cut -d' ' -f2,8
I found a script called scanreport.sh very useful. Although its not necessary, you could just use awk as suggested, but thought it might be of interest.
It gives the ability to output the nmap results nicely by service or port (with highlighting). It uses the grep-able output from nmap (-oG) after a quick tidy from grep -v ^# nmapoutput.txt > report.txt
Example
nmap -sS 192.168.1.22 -oG /directory/of/choice/results.txt
grep -v ^# results.txt > report.txt
./scanreport.sh -f report.txt
Host: 192.168.1.22 ()
22 open tcp ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0)
80 open tcp http Apache httpd 2.2.14 ((Ubuntu))
./scanreport.sh -f report.txt -p 80
Host: 192.168.1.22 ()
80 open tcp http Apache httpd 2.2.14 ((Ubuntu))
./scanreport.sh -f report.txt -s ssh
Host: 192.168.1.22 ()
22 open tcp ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0)
Plenty of stuff on google about it but here a link to one ref.
./scanreport.sh