Amar – Amar's Blog

lsof examples

List all open files

[root@web ~]# lsof | more
COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root cwd DIR 253,1 4096 2 /
systemd 1 root rtd DIR 253,1 4096 2 /
systemd 1 root txt REG 253,1 1482272 12491 /usr/lib/systemd/systemd
systemd 1 root mem REG 253,1 20040 5304 /usr/lib64/libuuid.so.1.3.0
systemd 1 root mem REG 253,1 256960 16014 /usr/lib64/libblkid.so.1.1.0
systemd 1 root mem REG 253,1 90664 5379 /usr/lib64/libz.so.1.2.7
systemd 1 root mem REG 253,1 157424 5266 /usr/lib64/liblzma.so.5.2.2
systemd 1 root mem REG 253,1 23968 5911 /usr/lib64/libcap-ng.so.0.0.0
systemd 1 root mem REG 253,1 19888 5705 /usr/lib64/libattr.so.1.1.0
systemd 1 root mem REG 253,1 19776 15352 /usr/lib64/libdl-2.17.so
systemd 1 root mem REG 253,1 398264 5305 /usr/lib64/libpcre.so.1.2.0
systemd 1 root mem REG 253,1 2118128 4967 /usr/lib64/libc-2.17.so
systemd 1 root mem REG 253,1 143944 4997 /usr/lib64/libpthread-2.17.so
systemd 1 root mem REG 253,1 88720 26127 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
systemd 1 root mem REG 253,1 44448 15376 /usr/lib64/librt-2.17.so
systemd 1 root mem REG 253,1 265024 10516 /usr/lib64/libmount.so.1.1.0
systemd 1 root mem REG 253,1 91792 26778 /usr/lib64/libkmod.so.2.2.10
systemd 1 root mem REG 253,1 122936 5394 /usr/lib64/libaudit.so.1.0.0
systemd 1 root mem REG 253,1 61672 9477 /usr/lib64/libpam.so.0.83.1
systemd 1 root mem REG 253,1 20024 5710 /usr/lib64/libcap.so.2.22
systemd 1 root mem REG 253,1 155744 5377 /usr/lib64/libselinux.so.1
systemd 1 root mem REG 253,1 159640 15344 /usr/lib64/ld-2.17.so
systemd 1 root 0u CHR 1,3 0t0 4788 /dev/null
systemd 1 root 1u CHR 1,3 0t0 4788 /dev/null
systemd 1 root 2u CHR 1,3 0t0 4788 /dev/null
systemd 1 root 3u a_inode 0,9 0 4784 [timerfd]
systemd 1 root 4u a_inode 0,9 0 4784 [eventpoll]
systemd 1 root 5u a_inode 0,9 0 4784 [signalfd]
systemd 1 root 6r DIR 0,20 0 6553 /sys/fs/cgroup/systemd
systemd 1 root 8u netlink 0t0 9539 KOBJECT_UEVENT
systemd 1 root 9r REG 0,3 0 6811 /proc/1/mountinfo

List process which opened a specific file

[root@web ~]# lsof /var/log/fail2ban.log
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
fail2ban- 1220 root 4w REG 253,1 214 4342 /var/log/fail2ban.log
[root@web ~]#

List open files under a directory

[root@web ~]# lsof +D /var/log/
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
firewalld 468 root 3w REG 253,1 355 5744 /var/log/firewalld
tuned 989 root 3w REG 253,1 17395 21726 /var/log/tuned/tuned.log
gunicorn 990 webapp 4w REG 253,1 83302 5009 /var/log/gunicorn.log
rsyslogd 992 root 3w REG 253,1 8203 2608 /var/log/cron
rsyslogd 992 root 4w REG 253,1 36704 9488 /var/log/messages
rsyslogd 992 root 5w REG 253,1 1959836 8305 /var/log/maillog
rsyslogd 992 root 8w REG 253,1 1515 9501 /var/log/secure
php-fpm 1068 root 2w REG 253,1 6126788828 20697 /var/log/php-fpm.log
php-fpm 1068 root 4w REG 253,1 6126788828 20697 /var/log/php-fpm.log
fail2ban- 1220 root 4w REG 253,1 214 4342 /var/log/fail2ban.log
nginx 2536 root 2w REG 253,1 58860 137141 /var/log/nginx/error.log
nginx 2536 root 8w REG 253,1 58860 137141 /var/log/nginx/error.log
nginx 2538 nginx 2w REG 253,1 58860 137141 /var/log/nginx/error.log
nginx 2538 nginx 8w REG 253,1 58860 137141 /var/log/nginx/error.log
gunicorn 18219 webapp 4w REG 253,1 83302 5009 /var/log/gunicorn.log
gunicorn 28657 webapp 4w REG 253,1 83302 5009 /var/log/gunicorn.log
[root@web ~]#

List open files under a mount point

[root@web ~]# lsof /home/amar/
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash 22009 amar cwd DIR 253,1 4096 128013 /home/amar
sudo 22208 root cwd DIR 253,1 4096 128013 /home/amar
[root@web ~]#

Find Process IDs by name

pgrep command can be used to find process id by the name of the process.

Example:
Lets find the process id of chrome

$ pgrep -li chrome
1155 Google Chrome
1162 Google Chrome H
1171 Google Chrome H
1172 Google Chrome H
1173 Google Chrome H
1174 Google Chrome H
1214 Google Chrome H
1271 Google Chrome H
1275 Google Chrome H

How to add IPv6 Route in MacOS

Set a default route:

sudo route add -inet6 -prefixlen 0 default 2100:xxxx:xxxx::1

Add a specific prefix route:

sudo route add -inet6 <ipv6network>/<prefixlength> <ipv6_gateway>

Example:
sudo route add -inet6 2050::/96 2010::1

IPv6 ISATAP Tunneling between Cisco Routers

Introduction:

R1, R2, R3, R4 are running RIPv2
We would like to form a IPv6 Tunnel between R1 and R2 over the IPv4 network (RIP)
For this scenario, we will form a ISATAP Tunnel

Configuration Checklist:

Configure R1-R3 interface with network 10.0.1.0/24
Configure R3-R2 interface with network 10.0.2.0/24
Configure R3-R4 interface with network 10.0.4.0/24
Configure RIP to run between R1, R2, R3, R4

Configure IPv4 Networking:

R1:

interface Ethernet0/0
 ip address 10.0.1.1 255.255.255.0
end
!
router rip
 version 2
 network 10.0.0.0
 no auto-summary
!

R2:

!
interface Ethernet0/1
 ip address 10.0.2.1 255.255.255.0
end
!
router rip
 version 2
 network 10.0.0.0
 no auto-summary
!

R3:

!
interface Ethernet0/0
 ip address 10.0.1.2 255.255.255.0
end
!
interface Ethernet0/1
 ip address 10.0.2.2 255.255.255.0
end
!
interface Ethernet0/2
 ip address 10.0.3.2 255.255.255.0
end
!
router rip
 version 2
 network 10.0.0.0
 no auto-summary

R4:

interface Ethernet0/2
 ip address 10.0.3.1 255.255.255.0
end
!
router rip
 version 2
 network 10.0.0.0
 no auto-summary

Checking RIP Routes and Connectivity:

Router R1 – R2:

R1#sh ip route rip | begin Gate
Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
R 10.0.2.0/24 [120/1] via 10.0.1.2, 00:00:14, Ethernet0/0
R 10.0.3.0/24 [120/1] via 10.0.1.2, 00:00:14, Ethernet0/0
R1#
R1#
R1#ping 10.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#

Configure Tunnel-0:

Router R1:

interface Tunnel0
 no ip address
 no ip redirects
 ipv6 address 2005:0:0:7::/64 eui-64
 ipv6 enable
 tunnel source 10.0.1.1
 tunnel mode ipv6ip isatap
end
!

R1#sh ipv6 interface brief | begin Tunnel0
 Tunnel0 [up/up]
 FE80::5EFE:A00:101
 2005::7:0:5EFE:A00:101

Router R2:

interface Tunnel0
 no ip address
 ipv6 address autoconfig
 ipv6 enable
 tunnel source 10.0.2.1
 tunnel mode ipv6ip
 tunnel destination 10.0.1.1
 end 
!

R2#sh ipv6 interface brief | begin Tunnel0
 Tunnel0 [up/up]
 FE80::A00:201
 2005::7:0:0:A00:201

Check Ipv6 Connectivity:

Stateful NAT using HSRP

Introduction:

This post shows a way to configure Stateful NAT using HSRP for failover. This configuration does not use peer ip but uses the HSRP group name to find the primary and peer for the NAT.

Configuration Checklist:

Configure HSRP between R1 – R2
Use unique standby {1} name {name} – this name is used in the stateful nat configuration
Configure access-list, pool for NAT
Configure interfaces with nat inside and outside
Configure stateful nat using above pool, access-list and standy name

R1:

interface Ethernet0/0 ip address 192.168.1.2 255.255.255.0 ip nat inside ip virtual-reassembly in standby 1 ip 192.168.1.1 standby 1 priority 110 standby 1 preempt standby 1 name SNAT-1 # SNAT-1 should be unique as this will form the stateful nat's peer ! interface Ethernet0/1 ip address 37.0.0.1 255.255.255.0 ip nat outside ip virtual-reassembly in ! router ospf 1 router-id 1.1.1.1 network 37.0.0.0 0.0.0.255 area 0 ! ip nat Stateful id 1 # stateful id need not be unique redundancy SNAT-1 # Use the redundancy name as the standby groups name mapping-id 1 # mapping-id id need to be unique and same on both devices protocol udp ip nat pool NAT-37.0.0.0/24 37.0.0.10 37.0.0.100 prefix-length 24 ip nat inside source list RANGE-192.168.1.0/24 pool NAT-37.0.0.0/24 mapping-id 1 overload ! ip access-list standard RANGE-192.168.1.0/24 permit 192.168.1.0 0.0.0.255

R2:

interface Ethernet0/0 ip address 192.168.1.3 255.255.255.0 ip nat inside ip virtual-reassembly in standby 1 ip 192.168.1.1 standby 1 preempt standby 1 name SNAT-1 ! interface Ethernet0/2 ip address 38.0.0.1 255.255.255.0 ip nat outside ip virtual-reassembly in ! router ospf 1 router-id 2.2.2.2 network 38.0.0.0 0.0.0.255 area 0 ! ip nat Stateful id 1 redundancy SNAT-1 mapping-id 1 protocol udp ip nat pool NAT-38.0.0.0/24 38.0.0.10 38.0.0.100 prefix-length 24 ip nat inside source list RANGE-192.168.1.0/24 pool NAT-38.0.0.0/24 mapping-id 1 overload ! ip access-list standard RANGE-192.168.1.0/24 permit 192.168.1.0 0.0.0.255 !

Enable Stateless DHCPv6 on Cisco Routers

Objective:

Configure R5 for DHCPv6 stateless. R5 should receive the DNS server IP address of 1ce:1ce:babe::1 from the DHCPv6 server (R6).

Step-1

Enable IPv6 Routing on R6 & R5:

R5(config)#ipv6 unicast-routing

R6(config)#ipv6 unicast-routing

Create DHCP Pool on R1:
R6(config)#ipv6 dhcp pool STATELESS_EXAMPLE R6(config-dhcpv6)#dns-server 1ce:1ce:babe::1 R6(config-dhcpv6)#exit

Enable DHCPv6 Server on interface e0/1 of R1:
R6(config)#interface ethernet 0/1 R6(config-if)#ipv6 dhcp server STATELESS_EXAMPLE R6(config-if)#ipv6 nd other-config-flag

Enable IPv6 SLAAC on Cisco Routers

We will enable SLAAC on interface R1-e0/0 which will receive prefix information from Router R6.

Step-1

Enable IPv6 Routing on R6
R6(config)#ipv6 unicast-routing

Step-2

Enable IPv6 and Add prefix on R6:
interface Ethernet0/1 ip address 192.168.100.10 255.255.255.0 ipv6 address 2000:1234:5678::6666:1/64 ipv6 enable end

Step-3

Enable IPv6 Routing on R1
R1(config)#ipv6 unicast-routing

Step-4

Enable IPv6 and configure IPv6 auto-config R1:
interface Ethernet0/0 no ip address ipv6 address autoconfig ipv6 enable end

Result:

R1#sh ipv6 interface ethernet 0/0 Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:100 No Virtual link-local address(es): Stateless address autoconfig enabled Global unicast address(es): 2000:1234:5678:0:A8BB:CCFF:FE00:100, subnet is 2000:1234:5678::/64 [EUI/CAL/PRE] valid lifetime 2591903 preferred lifetime 604703 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:100 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) ND advertised reachable time is 0 (unspecified) ND advertised retransmit interval is 0 (unspecified) ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use stateless autoconfig for addresses.

WireShark Capture:

Enable EIGRP in VRF’s on Cisco

Introduction:

This post will show you how to enable EIGRP routing for particular VRF’s. Enabling EIGRP inside a VRF requires few special commands as compared to enabling it for the GRT (Global Routing Table).

address-family ipv4 vrf {vrf_name}

address-family ipv4 vrf – tells the router to enable EIGRP IPv4 routing for VRF
{vrf_name} – This should be the VRF name for which you intend to enable routing

Configuration Example:

Topology

R1:
router eigrp 20
!
address-family ipv4 vrf CustA
network 10.1.1.0 0.0.0.255
network 192.168.1.0
autonomous-system 20
eigrp router-id 1.0.0.1
exit-address-family
!
address-family ipv4 vrf CustB
network 10.1.1.0 0.0.0.255
network 192.168.1.0
autonomous-system 30
eigrp router-id 1.0.0.2
exit-address-family
!
address-family ipv4 vrf CustC
network 10.1.1.0 0.0.0.255
network 192.168.1.0
autonomous-system 40
eigrp router-id 1.0.0.3
exit-address-family
!

R2:
router eigrp 20
!
address-family ipv4 vrf CustA
network 20.1.1.0 0.0.0.255
network 192.168.1.0
autonomous-system 20
eigrp router-id 2.0.0.1
exit-address-family
!
address-family ipv4 vrf CustB
network 20.1.1.0 0.0.0.255
network 192.168.1.0
autonomous-system 30
eigrp router-id 2.0.0.2
exit-address-family
!
address-family ipv4 vrf CustC
network 20.1.1.0 0.0.0.255
network 192.168.1.0
autonomous-system 40
eigrp router-id 2.0.0.3
exit-address-family
!

Implement OSPF in VRF’s

To add particular VRF to OSPF process just use the command:
router ospf 1 vrf vrfname

Example:

R1:
router ospf 1 vrf CustA
router-id 1.0.0.1
network 10.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router ospf 2 vrf CustB
router-id 1.0.0.2
network 10.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router ospf 3 vrf CustC
router-id 1.0.0.3
network 10.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!

R2:
router ospf 1 vrf CustA
router-id 2.0.0.2
network 20.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router ospf 2 vrf CustB
router-id 2.0.0.1
network 20.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router ospf 3 vrf CustC
router-id 2.0.0.3
network 20.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!

Implement RIP in VRF’s

To add particular VRF to RIP process just use the command:
address-family ipv4 vrf vrfname

Example:

R1:

router rip
 version 2
 no auto-summary
 !
 address-family ipv4 vrf CustC
  network 10.0.0.0
  network 192.168.1.0
  no auto-summary
  version 2
 exit-address-family
 !
 address-family ipv4 vrf CustB
  network 10.0.0.0
  network 192.168.1.0
  no auto-summary
  version 2
 exit-address-family
 !
 address-family ipv4 vrf CustA
  network 10.0.0.0
  network 192.168.1.0
  no auto-summary
  version 2
 exit-address-family
 ```

**R2:
** 
 ```
 router rip
 version 2
 no auto-summary
 !
 address-family ipv4 vrf CustC
  network 20.0.0.0
  network 192.168.1.0
  no auto-summary
  version 2
 exit-address-family
 !
 address-family ipv4 vrf CustB
  network 20.0.0.0
  network 192.168.1.0
  no auto-summary
  version 2
 exit-address-family
 !
 address-family ipv4 vrf CustA
  network 20.0.0.0
  network 192.168.1.0
  no auto-summary
  version 2
 exit-address-family
!