Categories
Linux Network RedHat Technology

Using Tcptrack on Centos 8

This tutorial shows how to use the Tcptrack package on Centos 8, which does not have this RPM in its repository.

The Tcptrack is a console tool that displays the TCP connections that are currently active. It is also useful to see the amount of data and traffic that each connection consumes. Its usage is quite similar to the Tcpdump command.

To install this package on your Centos or RedHat version 8, follow the steps below. You should be logged in with root privileges.

1 – Enable the Powetools repository and Install both the RPM builder and those packages’ dependencies:

# yum config-manager --set-enabled powertools

# yum -y install rpm-build libpcap-devel gcc-c++ ncurses-devel make

2 – Download the source code:

# cd /tmp

# git clone https://github.com/bchretien/tcptrack.git

3 – Change SPEC file to the new version:

# cd /tmp/tcptrack/

# vi tcptrack.spec

Change line #2 to:

%define version 1.4.3

4 – Create the compressed source

# cd /tmp

# mv tcptrack tcptrack-1.4.3

# mkdir -p /root/rpmbuild/SOURCES/

# tar -czvf /root/rpmbuild/SOURCES/tcptrack-1.4.3.tar.gz tcptrack-1.4.3

5 – Now, go to the source directory and build the new package:

# cd /tmp/tcptrack-1.4.3

# rpmbuild -ba tcptrack.spec

6 – It is done! You can install the package that was just created:

# rpm -ivh /root/rpmbuild/RPMS/x86_64/tcptrack-1.4.3-1.x86_64.rpm

7 – There is a simple example of how to use it:

# tcptrack -i eth0

8 – Following, more advanced filters:

Showing only IPv4 connections

# tcptrack -i eth0 "ip"

Showing only connections through ports 465 and 587

# tcptrack -i eth0 "port 465 and port 587"

Showing only connections from a specific IP:

# tcptrack -i eth0 "host 192.168.1.2"

You can also combine both filters:

# tcptrack -i eth0 "host 192.168.1.2 and port 443"

Here is an example of how to exclude a value from your view:

# tcptrack -i eth0 "host 192.168.1.2 and port ! 22"

By pressing “s” you can sort by:

  • Rate
  • Bytes
  • Idle
  • Unsorted

That’s it, have fun 🙂

Categories
Linux Network RedHat

RedHat 8 Basic Network Settings

For those who have choose to not set up the network connection during the RedHat 8 installation process, it is quintessential doing that soon after the system performs a reboot. Otherwise, you might not be able to install remote packages, receiving nor sending information anywhere.

The following tutorial provides the very basic configuration to make such connectivity possible.

1 – Change your “hostname”. Just edit the file “/etc/hostname” and overwrite the machine’s full hostname.

2 – Define your IP address.

Considering that your system has recognized your interface as “ens160“, and you do not have a DHCP system available on LAN. Edit the file “/etc/sysconfig/network-scripts/ifcfg-ens160.

2.1 – Change the parameter BOOTPROTO from dhcp to static

2.2 – In the end of file, you should add two parameters: IPADDR=X.X.X.X (for example, 192.168.0.2) IPMASK=X.X.X.X (for example, 255.255.255.0)

3 – Now, edit the file “/etc/sysconfig/network” to set up your default gateway. Add the following parameter: GATEWAY=X.X.X.X (for example, 192.168.0.1)

4 – To make this changes effective, type the commands below:

# ifdown ens160 ; ifup ens160

5 – You can check if those settings were rightly applied.

# ifconfig ens160
ens160: flags=4163 mtu 1500
inet 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::289b:a5a7:1282:9065 prefixlen 64 scopeid 0x20
inet6 2804:14c:5bb2:8e8f:72ff:9ed2:b6d9:81b4 prefixlen 64 scopeid 0x0
ether 00:0c:29:9a:b6:0e txqueuelen 1000 (Ethernet)
RX packets 611 bytes 71365 (69.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 569 bytes 67271 (65.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 ens160
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160

6 – Finally, test if you are able to get a “ping” response from an public internet address.

# ping -c 3 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=22.6 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=55 time=22.6 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=55 time=20.8 ms

If the IP address that you already set up has fully access to the Internet beyond the gateway, you will be able to get the correct answer from the destiny.

--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 20.785/21.971/22.571/0.847 ms