Monday, June 12, 2006

10 Most Valuable tips Vi Editor

1. undo & redo
don't be surprise that vi also have undo & redo capabilities. but for vi is only one level undo. not really sure how many level for vim, for sure more than vi. just press u to find out.
Esc + u or :u to undo
Ctrl + r to redo

2. search pattern
a few ways to search a pattern in vi:
/pattern search down for pattern
?pattern search up for pattern
pressing n or N to go to the next or previous matching pattern

press * or # search for a pattern under the cursor
pressing * or # to go to the next or previous matching pattern

3. search & replace
search & replace is quite important in my job where sometime i need to do a bulk replacement
:s/pattern/new_patten/ replace a pattern with new pattern
:1,$ s/pattern/new_patten/g g for replace all occurrences of pattern
:1,$ s/pattern/new_patten/c c for confirm replace

1 start from line 1
$ end at last line
Read more...

4. go to specific line
do you hate when you run a scripts, an error occurred in specific line!
this is how you go directly to the line to find out what went wrong
:n will go to line n (eg: :69 will bring your cursor to line 69)
:se nu or :set number will display line number
:.= shows current line number
:= shows number of line in file
Ctrl + g shows file name, current line number, total lines in file & % of the file location

5. vi few files
i'm sure sometime you need to edit several files at once. especially those log files.
while you are in vi, you can open up other file using:
:split other_file to open other file & will split into 2 screens
Ctrl + w + w to switch between the files

while in command prompt, simply:
$ vi file1 file2 file3
:n edit next file (file2)
:n edit next file (file3)
:rew rewind to the first file (file1)

6. shell access or run a command
while editing a file in vi, you can also access shell to run specific commands without quiting from vi
:shell will gives you a command prompt, type exit when you done with the shell, will return back to vi
or simply use :!command to execute the command

7. command output into vi
don't waste time to copy & paste the command output, instead redirect it into the file
:r!cat /etc/passwd will inserts content of /etc/passwd into the current file

8. recovering your file
life is not perfect, sometime something goes wrong while you are editing your file, eg: power failure or lost connection. indeed you can recover it back by using:
$ vi -r your_filename

9. word completion
for me this feature is quite useful for developers since they most likely repeating the same words/patterns:
type a few characters of the word and then keep on pressing Ctrl + p or Ctrl + n until you find the match, but make sure the words/patterns are already there in the file.

10. get help, don't panic!
if you get lost or no idea how to do things in vi, don't panic! get help
use :h or :help to access the main help file
to go directly to specific help, give an argument to the :help command
or to search for help use :help any_word eg: :help me will bring you to the line which contains word me, pressing Ctrl + d to see matching help entries for me.


Thanks to this article

Saturday, June 10, 2006

Who Visits your Website - Apache logs

There are couple of Programs like Awstats, PhpMyVisites etc ...
which can calculate the statistics of Visitors from your Apache Logs.

But what if you are lazy like me to configure those stuff,
Create logins etc... and check the graph.

Heres a easy way out :

[root@localhost unixbox]# cat /var/log/httpd/access_log
| sort | uniq -w15 -c | cut -f 1 -d- | sort -r -g

10 210.214.45.231
6 210.214.243.38
4 210.214.190.85
2 210.214.190.250
2 202.171.143.53
2 201.2.65.26
2 200.124.175.159
2 200.124.167.220

The Left hand side will list the total number of hits from the IP addresses.

For example 210.214.45.231 has visited us 10 times,
Now if you want to check the date and time of the visit grep
that particular IP address in access_log.

Now suppose you want the total number of hits for a Particular Directory,
then you may try this, Say For eg. /ram/ directory and print a count
(from greatest to least).

add this " grep -e /ram " , like the below command will list IP addresses
accessing /ram folder.

[root@localhost unixbox]# cat /var/log/httpd/access_log
|grep -e /ram/ | sort | uniq -w15 -c | cut -f 1 -d- | sort -r -g


Thanks to this article

Friday, June 09, 2006

Ngrep - Network Traffic Monitoring

Constant monitoring and troubleshooting are key to maintaining a network's availability.

With ngrep, you can analyze network traffic in a manner similar
to that of other network sniffers. However, unlike its brethern,
ngrep can match regular expressions within the network packet payloads.
By using its advanced string matching capabilities, ngrep can look
for packets on specified ports and assist in tracking the usernames
and passwords zipping off the network, as well as all Telnet
attempts to the server.

Ngrep uses the libpcap library, and can also take hexadecimal
expressions for which to capture network traffic. It supports
TCP, UDP, ICMP, IGMP, and Raw protocols across Ethernet,
PPP, SLIP, FDDI, Token Ring, 802.11, and null interfaces.
In addition to listening to live traffic, ngrep can also filter
previous tcpdump grabs.

Author Jordan Ritter says that ngrep has traditionally been
used to debug plaintext protocol interactions such as
HTTP, SMTP, and FTP; to identify and analyze anomalous network communications, such as those between worms, viruses, and
zombies; and to store, read, and reprocess pcap dump files
while looking for specific data patterns.

You can also use ngrep to do the more mundane plaintext
credential collection, as with HTTP basic authentication or
FTP or POP3 authentication. Like all tools, it can be useful
in the right hands and damaging if used by those with less
than admirable intentions.

Before installing the 400-odd KB utility, make sure you have
the libpcap library. If you use tcpdump, you have it.

Although I have installed it through urpmi.


[root@localhost ~]# ngrep -d any port 25

interface: any
filter: (ip) and ( port 25 )
####
T 127.0.0.1:25 -> 127.0.0.1:1938 [AP]
220 localhost ESMTP Postfix (2.2.5) (Mandriva Linux)..
#
#
T 127.0.0.1:1938 -> 127.0.0.1:25 [AP]
quit..
##

T 127.0.0.1:25 -> 127.0.0.1:1938 [AP]
221 Bye..
######exit


This will Monitor all activity crossing source or destination
port 25 (SMTP).


[root@localhost ~]# ngrep -wi -d any 'user|pass' port 21
interface: any
filter: (ip) and ( port 21 )
match: ((^user|pass\W)|(\Wuser|pass$)|(\Wuser|pass\W))
########
T 202.41.9.99:21 -> 10.10.93.220:4472 [AP]
530 Please login with USER and PASS...
##
T 202.41.9.99:21 -> 10.10.93.220:4472 [AP]
530 Please login with USER and PASS...
##
T 10.10.93.220:4472 -> 202.41.9.99:21 [AP]
USER aaa..
###

T 10.10.93.220:4472 -> 202.41.9.99:21 [AP]
PASS aaa123..
######
T 202.41.9.99:21 -> 10.10.93.220:4472 [AP]
530 Please login with USER and PASS...
#######
exit
56 received, 0 dropped

Monitor any traffic crossing source or destination port 21 (FTP),
looking case-insensitively for the words ``user'' or ``pass'',
matched as word-expressions (the match term(s) must have
non-alphanumeric, delimiting characters surrounding them).

[root@localhost ~]# ngrep port 80
interface: eth0 (10.10.93.0/255.255.255.0)
filter: (ip) and ( port 80 )
####
##
T 10.10.93.220:2452 -> 66.102.15.100:80 [AP]


The above will debug http connections

[root@localhost ~]# ngrep -d any 'error' port syslog
interface: any
filter: (ip) and ( port syslog )
match: error

Monitor any network-based syslog traffic for the occurrence
of the word ``error''. ngrep knows how to convert service port
names (on UNIX, located in ``/etc/services'') to port numbers.

Wednesday, June 07, 2006

Bash Hotkeys

ctrl-l -- clear screen
ctrl-r -- does a search in the previously given commands so that you don't have to repeat long command.
ctrl-u -- clears the typing before the hotkey.
ctrl-a -- takes you to the beginning of the command you are currently typing.
ctrl-e -- takes you to the end of the command you are currently typing in.
esc-b -- takes you back by one word while typing a command.
ctrl-c -- kills the current command or process.
ctrl-d -- kills the shell.
ctrl-h -- deletes one letter at a time from the command you are typing in.
ctrl-z -- puts the currently running process in background, the process can be brought back to run state by using fg command.
esc-p -- like ctrl-r lets you search through the previously given commands.
esc-. -- gives the last command you typed.