Whois query works with telnet but not netcat - whois

I am trying to write an advanced whois client, so I have been experimenting with sending commands to whois servers using netcat (nc) in Arch Linux. For example, this works great:
$ echo domain google.com | nc whois.crsnic.net 43
# => nc outputs whois data for google.com
However, the whois server that handles suffixes like .br.com is whois.centralnic.net and that server seems to not work with netcat. When I give it any query, it seems to simply close the connection without a response:
$ echo foobar | nc whois.centralnic.net 43
# => No output from nc.
I successfully made the same query using telnet:
$ telnet whois.centralnic.net 43
Trying 193.105.170.136...
Connected to whois.centralnic.net.
Escape character is '^]'.
foobar
DOMAIN NOT FOUND
Connection closed by foreign host.
So what could possibly make a server behave differently for telnet than netcat?
I thought maybe it was a timing issue, so I unsuccessfully tried:
$ { sleep 4; echo foobar; sleep 4; } | nc whois.centralnic.net 43
# => No output from nc.
I saw that netcat has a -T option to make it behave more like telnet, so I unsuccessfully tried:
$ { sleep 4; echo foobar; sleep 4; } | nc -T whois.centralnic.net 43
# => No output from nc.
In my production system I will not be using netcat or telnet, but there seems to be some strange networking issue happening here and I would like to be aware of it. Can anyone shed some light on why netcat would work for all the whois servers but only telnet will work for whois.centralnic.net?

The service expects CRLF in its request, not just LF;
This works (on Ubuntu, there are multiple netcat versions, so can't speak for yours)
$ echo -e "foobar\r\n" | nc whois.centralnic.net 43
DOMAIN NOT FOUND

Related

use existing SSH_AUTH_SOCK to execute commands on remote server

I connect to my work server (workserver1.com) from my local PC (localhost) using SSH and execute a bunch of commands on workserver1.
Below are the commands I execute using SSH
1) run script on server collect production data and put it in a txt
ssh -A workserver1.com 'python3 /usr/local/collect_data_online.py 2>&1 | tee /home/myname/out.txt'
$ please input your dynamic token: <manually input credential token generated every 15s>
2) filter lines I need and put in a dat file
ssh -A workserver1.com "grep 'my-keyword-cron' out.txt | grep -oP '({.*})' | tee workserver2.dat"
$ please input your dynamic token: <manually input credential token again>
3) send data collected in 2) and send to workserver2 which could only access through workserver1**
ssh -A workserver1.com 'curl workserver2.com --data-binary "#workserver2.dat" --compressed' "
$ please input your dynamic token: <manually input credential token 3rd time>
In each steps above , I actually created 3 completed different socket with workserver1.com. I got this info from running command below on remote server
$ ssh -A workserver1.com 'printenv | grep SSH'
SSH_CLIENT=10.126.192.xxx 58276 22
SSH_SESSION_ID=787878787878787878
SSH_TTY=/dev/pts/0
SSH_AUTH_SOCK=/tmp/ssh-XXXXKuJLEX/agent.29291
SSH_AUTH_CERT_SERIAL=666666666
SSH_AUTH_CERT_KEY=myname
# SSH_CONNECTION changes each time I make a SSH request to workserver1.com. so I need repeatedly input dynamic token manually
SSH_CONNECTION=10.126.192.xxx 58276 10.218.35.yyy 22
On my localhost I can also see SSH sock which used for the SSH connection
$ SSH_AUTH_SOCK=/tmp/ssh-localhost/agent.12345
My question is , is there a way to using single existing socket to avoid making multiple SSH connections and just input the dynamic token once. I hope I could use existing sock to interactively type commands to this SSH server and collect outpu/data as I want , just like on my localhost
What's in my mind is
1) socat can I run some command on localhost like
socat UNIX-CONNECT:$SSH_AUTH_SOCK,exec:'commands I want to execute' - ==> possible to get an interactive client&server shell?
2) is there any ssh option I could use ?
I am new to socat and not familiar with ssh except some commonly used commands
Thank you for your help in advance
The solution is open the first connection with '-M'
First use ControlMaster and ControlPath in ~/.ssh/config as below:
host *
ControlMaster auto
ControlPath ~/.ssh/ssh_mux_%h_%p_%r
And when connect toremote host the very first time, add '-M'
ssh -M $remotehost
Then in follow ssh connection with the same host you could just use
ssh $remotehost

not getting any data from the listed triggers in zabbix

I am little confuse in zabbix triggers expresion, right now i am triggering an application count netstat -anp | grep 1433 |wc -l but I am getting no data from these trigger, can any one please help?
thanks in advance
item proc.num[1433] trigger {hostname:proc.num[1433].last()}>1500
Zabbix Agent doesn't have any key to count TCP/UDP connections. To collect the result of netstat you need a custom script, through user parameter. Also note that grep -c prints the number of lines, for example:
To count established connections on port 443:
netstat -an | egrep -c ":443 *ESTABLISHED"

tshark doesn't always print source ip

How can i get the tcp payload of packets with tshark, and also get the source IP that sent these packets?
This command works for most packets, but some packets are still printed WITHOUT a source IP (Why?) :
tshark -Y "tcp.dstport == 80" -T fields -d tcp.port==80,echo -e echo.data -e ip.src
*To test my command, run it and then browse to http://stackoverflow.com. Notice that usually the data chunks ("47:45:54:20:2f:61:64:73:...") have an IP after them, but not always.
I found the problem:
The packets with a missing source IP were IPv6, but my original command only prints IPv4.
This works:
tshark -Y "tcp.dstport == 80" -T fields -d tcp.port==80,echo -e echo.data -e ip.src -e ipv6.src

How to send one byte symbol to server socket with netcat?

There's already a working server service via socket, and I would like to test it via netcat. I'm using Mac OS X Lion. Currently, I'm able to connect to server via port, to send packet, but the packet contains wrong value. Here are the details:
I need to send 'm' symbol to the server and the server will return 00000000, a zero byte as a response. Server guy told me, server receives 'A0' when I'm sending 'm', and server receives '313039A' when I'm sending '109'. How to define sending format or something, I just need to send 'm' (01101101)?
You can send just "m" with
echo -n 'm' | nc <server> <port>
You can easily check what you're sending on your local machine:
# in one Terminal start the listener:
$ nc -l 1234 | hexdump -C
00000000 6d |m|
00000001
# in other Terminal send the packet:
$ echo -n 'm' | nc 127.0.0.1 1234
nc will happily send/receive NUL bytes - there is no problem with that:
# sending side
$ echo -n X | tr X '\000' | nc 127.0.0.1 1234
# receiving side
$ nc -l 1234 | hexdump -C
00000000 00 |.|
00000001

How can I tail a remote file?

I am trying to find a good way to tail a file on a remote host. This is on an internal network of Linux machines. The requirements are:
Must be well behaved (no extra process laying around, or continuing output)
Cannot require someone's pet Perl module.
Can be invoked through Perl.
If possible, doesn't require a custom built script or utility on the remote machine (regular linux utilities are fine)
The solutions I have tried are generally of this sort
ssh remotemachine -f <some command>
"some command" has been:
tail -f logfile
Basic tail doesn't work because the remote process continues to write output to the terminal after the local ssh process dies.
$socket = IO:Socket::INET->new(...);
$pid = fork();
if(!$pid)
{
exec("ssh $host -f '<script which connects to socket and writes>'");
exit;
}
$client = $socket->accept;
while(<$client>)
{
print $_;
}
This works better because there is no output to the screen after the local process exits but the remote process doesn't figure out that its socket is down and it lives on indefinitely.
Have you tried
ssh -t remotemachine <some command>
-t option from the ssh man page:
-t Force pseudo-tty allocation. This can be used to execute
arbitrary screen-based programs on a remote machine, which
can be very useful, e.g. when implementing menu services.
Multiple -t options force tty allocation, even if ssh has no local tty.
instead of
-f Requests ssh to go to background just before command execution.
This is useful if ssh is going to ask for passwords or passphrases,
but the user wants it in the background.
This implies -n. The recommended way to start X11 programs at a remote
site is with something like ssh -f host xterm.
Some ideas:
You could mount it over NFS or CIFS, and then use File::Tail.
You could use one of Perl's SSH modules (there are a number of them), combined with tail -f.
You could try Survlog Its OS X only though.
netcat should do it for you.
You can Tail files remotely using bash and rsync. The following script is taken from this tutorial: Tail files remotely using bash and rsync
#!/bin/bash
#Code Snippet from and copyright by sshadmincontrol.com
#You may use this code freely as long as you keep this notice.
PIDHOME=/a_place/to/store/flag/file
FILE=`echo ${0} | sed 's:.*/::'`
RUNFILEFLAG=${PIDHOME}/${FILE}.running
if [ -e $RUNFILEFLAG ]; then
echo "Already running ${RUNFILEFLAG}"
exit 1
else
touch ${RUNFILEFLAG}
fi
hostname=$1 #host name to remotlely access
log_dir=$2 #log directory on the remotehost
log_file=$3 #remote log file name
username=$3 #username to use to access remote host
log_base=$4 #where to save the log locally
ORIGLOG="$log_base/$hostname/${log_file}.orig"
INTERLOG="$log_base/$hostname/${log_file}.inter"
FINALLOG="$log_base/$hostname/${log_file}.log"
rsync -q -e ssh $username#$hostname:$log_dir/$log_file ${ORIGLOG}
grep -Ev ".ico|.jpg|.gif|.png|.css" > ${INTERLOG}
if [ ! -e $FINALLOG ]; then
cp ${INTERLOG} ${FINALLOG}
else
LINE=`tail -1 ${FINALLOG}`
grep -F "$LINE" -A 999999999 ${INTERLOG} \
| grep -Fv "$LINE" >> ${FINALLOG}
fi
rm ${RUNFILEFLAG}
exit 0
rsync://[USER#]HOST[:PORT]/SRC... [DEST] | tail [DEST] ?
Someone suggested using nc (netcat). This solution does work but is less ideal than just using ssh -t. The biggest problem is that you have to use nc on both sides of the connection and need to do some port discovery on the local machine to find a suitable port over which to connect. Here is the adaptation of the above code to use netcat:
$pid = fork();
if(!$pid)
{
exec("ssh $host -f 'tail -f $filename |nc $localhost $port'");
exit;
}
exec("nc -l -p $port");
There is File::Tail. Don't know if it helps?