Project

General

Profile

Useful Commands & Info

User documentation
08/10/2021

  • Last Updated: 01/07/2022

By convention for this document, text in <angle brackets> should be replaced and text in (parenthesis) is optional.
Example:

ping (-I <source IP>) <destination IP>

You might use to write:
ping 1.1.1.1
ping -I 192.168.1.1 8.8.8.8

Most of this documentation is sorted, but commands that are widely used will be up here.

Tcpdump

tcpdump is a versatile command used to show network traffic, and is great for checking to see traffic has the source and destination addresses you expect and in addition to using the right interface. You can use flags to change how the out is formatted, specify protocols, ports, and more. Basic usage is included here but for more advanced usage you can run ‘man tcpdump’.
To include only ping (icmp) traffic, you can add ‘icmp’. You can also filter to only show traffic on a specific port.

tcpdump -i <interface> (icmp)/(port <port number>)

For example, if there is an ssh connection via eth0, you could tcpdump only that traffic with:
tcpdump -i eth0 port 22

Or to see ping traffic passing through eth0:
tcpdump -i eth0 icmp

A great way to use tcpdump is to open two terminals, on one ping a host, and on the other run tcpdump to see if the ping traffic is what you expect.

Grep

As you know, you can use grep to search for text. Here are a few of the many ways to use grep:

Search for files recursively that contain specific text:

grep -r “<to search>”

Search one file for lines containing specific text (two ways):
cat <filename> | grep “<to search>”
grep “<to search>” <filename>

Filter command output to only show lines containing specific text, along with an example that lists only virtual machines that are off.
<any command> | grep <to search>
virsh list --all | grep off

Additional useful flags (“man grep” for the rest):
Case insensitive: -i
Use regex: -P
Only show the matching part, not the whole line: -o
Show # lines before the match (note no space after the b): -b<#>
Show # lines after the match (note no space after the a): -a<#>

My Traceroute

Like traceroute, this command shows the path your packets take to reach a destination. This version is faster and gives better information. Press ‘q’ to quit.

mtrc <IP address>

Misc Notes:

Mac address naming convention

To make debugging easier, you can set the MAC address of the vmbr you’re putting on a VM to reflect the vmbr. This can be done by setting the middle pair of the MAC address to be the vmbr you’re using. For example, if you can to use the vmbr 755, you can set its MAC address in the xml file of the VM like so:

 52:54:07:55:af:45

This will make it easier to set up your interfaces once you’re in the VM and set the appropriate IP addresses.

Ip route

When you want to check the routes on your device, you can run:

 ip route 

This shows all of the routes that are on the device, where the traffic is going on each interface, and the default route(s).

Ip route add/del

If you want to add a route in command line, you can simply run:

 ip route add <ip address/prefix> <next hop> 

However, this is only temporary and the route will be gone on the next reboot. To make the route permanent, you will need to add it in /etc/network/interfaces or in /etc/bird/bird.conf

If you want to delete a route, you can run this:

 ip route del <ip address/prefix> <next hop> 

This is also only temporary and will be reverted at the next reboot.

DHCP and routes

When you are creating a test VM to test the dhcp servers on your VMs, you should keep in mind which network you’re expecting connections to work on. For example, if you have an interface that’s connected to a 172.30.10.0/24 network and another interface that’s connected to a 172.30.20.0/24, one of the two will become the default route. To reduce confusion, you should either use only one of the interfaces at a time (ifdown the other), or specify which interface you want to use. So, if you want to ping from the interface on the 172.30.10.0/24 network, you can run:

 ping -i <interface connected to 172.30.10.0/24 network> <where you want to ping> 

Route -n

This command shows all of the routes that traffic is going through on a device. So, if you run:

 route -n 

It should have an output similar fto this:

IPsec

IPsec is IP security that provides protected communication between two devices in a network. Ipsecctl is what is used in OpenBSD to determine what packets will be processed with IPsec. To test connections using IPsec to make sure they are encrypted you can run:

 ipsecctl -sa 

-sa shows all of the connections that are active and what type of encryption that those connections are using. If you want to know more about ipsecctl, there are man pages for it.

KVM/Host

Virsh domiflist

List network interface information for a specific virsh domain:

virsh domiflist <domain>

Instead of having to scan through an entire xml file of your VM, you can run this command and it will list the vnets that the VM is using, the type of connection being made, the vmbr that’s being used, and the MAC address that’s associated with it.

brctl show

This command lists all virtual bridges, the vlan they are connected on, in addition to vnets.

brctl show

Short for ‘bridge controller show’, this is a useful command when you need to check if a VM is actually using a vmbr or not. When you run the command, you can see that there are things called vnets. A vnet represents a connection between a virtual bridge and a VM, and are important in order for your VMs to function properly. You can think of a vnet as a virtual ethernet cable travelling from a virtual machine to the bridge it’s plugged into.

List running processes

ps ax

This is useful to find a running process you want to kill. Sometimes, you might get kicked out of a VM console session without properly exiting it first, and the host will think that you’re still consoled in, so when you try to console into the VM, it’ll throw an error saying that there’s a session already running. You can search the output with grep (ex: “ps ax | grep console”) to find the process ID of the console session. Once you kill the process (see below) you should be able to console into your VM again.

Kill a running process. If you include -9, that is the KILL signal, which kills the process without giving it any chance to shut itself down. Useful if a process is unresponsive.

kill (-9) <process ID>

Ifup vmbr before starting VM

Whenever you are creating a new vmbr for a VM, it’s important to remember that in order for the VM to work, the vmbr needs to exist. If you don’t verify that the vmbr actually exists before trying to define a VM, you will get an error like this:

error: Failed to start domain guest
error: Cannot get interface MTU on 'vmbr100': No such device

To make sure that your vmbr is up and running, all you need to do is run the following command:

 ifup <vmbr> 

Or you can run “ship”.

How to make aliases

All aliases are in /opt/shared/etc/bash_aliases.cfg. You can make an alias that refers to a certain command. For example if you want an alias that runs the command “virsh list --all”, you can by going into the /opt/shared/etc/bash_aliases.cfg file and add a line to make an alias.

alias vl=‘virsh list --all’.

Once you’ve created an alias, you can either log out and back in or run the following command to use your new alias(es)
source ~/.bashrc

You can also have an alias refer to script. For example, the alias ship refers to the script /opt/shared/scripts/ship. So, in the file /opt/shared/etc/bash_aliases.cfg, the alias for ship is listed as: alias ship=’/opt/shared/scripts/ship’.

Editing virtual machine definitions

Virsh define <xml file> will overwrite a virtual machine’s definition with the new file provided, which can involve changing interfaces, the path to the disk, etc. Virsh edit <domain> will allow you to edit the current configuration. The two ways to edit a virtual machine definition are:
1) Edit the xml file corresponding to the VM, and redefine it with the new config, or 2) virsh edit the VM. Even though virsh edit is faster, editing the xml and redefining it is recommended because that way you have a backup copy of your configuration, instead of depending on the temporary copy virsh stores for you (which is what you edit when you type ‘virsh edit’, NOT the xml file you originally used to define it).

Creating VMs

To define VM from xml configuration:

root@labsrv1 16:20:46 
 > ~ # virsh define <path_to_xml_file>

To edit a VM configuration:

root@labsrv1 16:20:46 
 > ~ # virsh edit <name of VM>

To clone a virtual machine (provided that the virtual machine is shutdown):

root@labsrv1 22:24:20 
 > ~ # virt-clone -o <old_vm_name> -n <new_vm_name> -f <new_vm_image_path>

Example:

root@labsrv1 22:24:20 
 > ~ # virt-clone -o spoke1 -n spoke2 -f /data/spoke2.img

Managing VMs

To start a virtual machine:

root@labsrv1 16:20:46 
 > ~ # virsh start <vm_name>

To cut off power to a virtual machine:

root@labsrv1 16:20:46 
 > ~ # virsh destroy <vm_name>

To access the console of a virtual machine:

root@labsrv1 16:20:46 
 > ~ # virsh console <vm_name>

To exit the console of a virtual machine:

Ctrl+]

Bird

If bird doesn’t automatically start running when the machine is started, you can run this to enable it

systemctl enable bird

If you prefer, you can run bird commands from the linux shell without entering the separate birdc shell by simply entering a command after birdc. Do note, however, that by doing this you lose the ability to press ‘?’ to view possible next commands, so it’s only recommended if you already know exactly what you want to run. All future commands are documented this way, but if you prefer to run them from within birdc simply leave off ‘birdc’ at the beginning of the command.

You can show all routes bird has learned and where they were learned from (‘all’ shows extra info)

birdc show route (all)

To show bgp status and other protocol info:

birdc show protocols

To disable a protocol:

 birdc disable <protocol> 

And to enable a protocol:

 birdc enable <protocol> 

VM/Non-Bird

You can NAT in linux using nftables. If you haven’t NATted as part of the NEAT curriculum yet, I suggest waiting until then to try this. If you are familiar with iptables, this is its successor.
Install the package you need and enable it so it runs:

apt install nftables
systemctl enable nftables.service

Edit /etc/nftables.conf and add the following:

table ip nat {
        chain postrouting {
                type nat hook postrouting priority 100;
                policy accept;
                ip saddr <source subnet> oif "ens6" snat to <own IP address to NAT to>
        }
}

For example, home routers typically NAT their LAN subnet 192.168.1.1/24 to their public IP address, which might be something like 129.174.182.42.

OpenBSD

You can often view your options for the next part of a command by adding a ? and pressing enter on OpenBSD. This can save time and unnecessary questions.

BGP

Check if config is okay:

bgpctl check

Show the status of neighbors. If ‘State/PrfRcvd’ should be a number (the number of prefixes received) when they are connected. If the neighbors are not connected, it will show as ‘Active’.

bgpctl show

For testing, you can enable/disable a bgp connection the same way you can ifup/ifdown an interface:

bgpctl neighbor <NAME> up/down

Show routes learned by bgp:

bgpctl show rib

Show bgp routes being taught to or learned from a specific neighbor (great when you see a route you don’t expect or are missing one you expect to have):

bgpctl show rib neighbor <NAME> (detail) in/out

You can reload bgp configuration without killing everything (similar to a ‘birdc “configure soft”’)

bgpctl reload

If you need to restart the bgp daemon entirely for some reason, you can do so with this command. Think of it like ‘service networking restart’ or similar: it’s unnecessary in most cases.

/etc/rc.d/bgpd restart

OSPF

Check if config is okay:

ospfctl check

Show routes learned by ospf:

ospfctl show rib

Show ospf routes being taught to or learned from a specific neighbor (great when you see a route you don’t expect or are missing one you expect to have):

ospfctl show neighbor

You can reload ospf configuration without killing everything (similar to a ‘birdc “configure soft”’)

ospfctl reload

If you need to restart the ospf daemon entirely for some reason, you can do so with this command. Think of it like ‘service networking restart’ or similar: it’s unnecessary in most cases.

/etc/rc.d/ospfd restart

pfctl

You can enable/disable your firewall for testing

pfctl -e
pfctl -d

Check if firewall config contains errors before attempting to load it (no output is a good thing):

pfctl -nf </path/to/pf.conf>

Additional commands not used in labs

You can add an interface to a linux VM while it’s running (OpenBSD doesn’t support this). Simply create the interface xml the same way you would as part of its definition and then run this command (not every OS supports this - doesn’t work on OpenBSD). Reminder to make sure the bus is correct, the slot is not currently in use, and the mac address is unique.

virsh attach-device <domain> --file <xml file> --config --live

Example xml file:
<interface type='bridge'>
     <mac address='52:54:04:90:da:11'/>
     <source bridge='vmbr490'/>
     <model type='virtio'/>
     <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</interface>

Files

route-n.PNG (25.8 KB) route-n.PNG Chloe Martin, 08/11/2021 02:20 PM