Handy Linux Utilities
- 
 @stuartjordan said in Handy Linux Utilities: I'll start With a couple and will add more NCDU: A utility to track down where high file usage is being used: I love it and use all the time. Glances: A nice resource usage utility: I have a mixed feelings about this one. It's really useful but it's rather bloated, close to 100MB with all dependencies. Docker images are even worse, developer was hesitant with Alpine based images. NMAP: Network scan/Security scan with Vulnerability scripts: Classic. No comments needed. Terminator (gnome) - A different terminal that you can split into multiple terminals: I've never used it, I don't have any Linux desktops to try it. Killer name though. 
- 
 @marcinozga said in Handy Linux Utilities: @stuartjordan said in Handy Linux Utilities: Glances: A nice resource usage utility: I have a mixed feelings about this one. It's really useful but it's rather bloated, close to 100MB with all dependencies. Docker images are even worse, developer was hesitant with Alpine based images. The Docker images being silly large is understandable to me, it's just another lazy container packager. What I want to know is how you get Glances and dependencies up to 100MB? The rpm file in the Fedora 24 repository is only around 1 MB. 
- 
 On Ubuntu 20.10 
- 
  Ubuntu 21.04 
- 
 @marcinozga said in Handy Linux Utilities:  Ubuntu 21.04 I guess I never install just Glances alone, and I for sure never use Ubuntu when I have a choice in the matter. 
- 
  Docker image, extracted. That's huge for alpine based. 
- 
 @marcinozga said in Handy Linux Utilities: @stuartjordan said in Handy Linux Utilities: I'll start With a couple and will add more NCDU: A utility to track down where high file usage is being used: I love it and use all the time. Glances: A nice resource usage utility: I have a mixed feelings about this one. It's really useful but it's rather bloated, close to 100MB with all dependencies. Docker images are even worse, developer was hesitant with Alpine based images. NMAP: Network scan/Security scan with Vulnerability scripts: Classic. No comments needed. Terminator (gnome) - A different terminal that you can split into multiple terminals: I've never used it, I don't have any Linux desktops to try it. Killer name though. Some servers I use Htop but I do like Glances though, I use it on my home machine for example. 
- 
 @travisdh1 said in Handy Linux Utilities: @marcinozga said in Handy Linux Utilities:  Ubuntu 21.04 I guess I never install just Glances alone, and I for sure never use Ubuntu when I have a choice in the matter. I'm not a Glances users but looking at it it uses python and psUtils so it's a pretty complicated way of monitoring system resources. So it has more dependencies. Not your typical C unix utility, so to speak. But you might be able to keep it contained by not installing all recommended packages. Just add the --no-install-recommendsoptions.If there is some package among the recommended ones that you need, you can just install it yourself. 
- 
 @pete-s said in Handy Linux Utilities: @travisdh1 said in Handy Linux Utilities: @marcinozga said in Handy Linux Utilities:  Ubuntu 21.04 I guess I never install just Glances alone, and I for sure never use Ubuntu when I have a choice in the matter. I'm not a Glances users but looking at it it uses python and psUtils so it's a pretty complicated way of monitoring system resources. So it has more dependencies. Not your typical C unix utility, so to speak. But you might be able to keep it contained by not installing all recommended packages. Just add the --no-install-recommendsoptions.If there is some package among the recommended ones that you need, you can just install it yourself. Yep, Glances is not the normal very small and efficient program. It's the best thing I've found for giving a good idea of overall system performance without having to switch between multiple different programs to look at everything tho. 
- 
 @travisdh1 said in Handy Linux Utilities: @pete-s said in Handy Linux Utilities: @travisdh1 said in Handy Linux Utilities: @marcinozga said in Handy Linux Utilities:  Ubuntu 21.04 I guess I never install just Glances alone, and I for sure never use Ubuntu when I have a choice in the matter. I'm not a Glances users but looking at it it uses python and psUtils so it's a pretty complicated way of monitoring system resources. So it has more dependencies. Not your typical C unix utility, so to speak. But you might be able to keep it contained by not installing all recommended packages. Just add the --no-install-recommendsoptions.If there is some package among the recommended ones that you need, you can just install it yourself. Yep, Glances is not the normal very small and efficient program. It's the best thing I've found for giving a good idea of overall system performance without having to switch between multiple different programs to look at everything tho. Makes sense. I usually monitor performance outside of the OS - if it's a VM and it usually is. 
- 
 Why we must warn people not to use non encrypted traffic: 
 Do Not Use Telnet,Ftp or standard httpHere we will do an arp poison man in the middle attack to see another devices traffic on the same network. when we just had hubs this was easier now we have switches we have to use this method: - apt install wireshark (Graphical)
- apt install nmap
- apt install etttercap-text-only (there is a graphical version, this is cli only)
- sudo nmap -sn 192.168.1.0/24
- descover hosts IP and mac addresses / pick a host.
- sudo ettercap -T(txt only) -S(no ssl) -i(interface) wlan0 -M(man in the middle attack) arp:remote /192.168.1.1(router)// //192.168.1.8//(person to attack)
- sudo wireshark then apply filter ip.addr = 192.168.1.8
- obviously cannot see inside encrypted ssl traffic.
- but we can see plain text packets by applying filter ip.addr == 192.168.1.8 && http
- save in wireshark as pcap file
- visit website a-packets.com - generates a report for free.
- to see telnet as it's clear text use filter = wireshark filter ip.addr = = 192.168.1.8 && telnet
 
- 
 @stuartjordan said in Handy Linux Utilities: Why we must warn people not to use non encrypted traffic: 
 Do Not Use Telnet,Ftp or standard httpHere we will do an arp poison man in the middle attack to see another devices traffic on the same network. when we just had hubs this was easier now we have switches we have to use this method: - sudo ettercap -T(txt only) -S(no ssl) -i(interface) wlan0 -M(man in the middle attack) arp:remote /192.168.1.1(router)// //192.168.1.8//(person to attack)
 In this example, ettercap has the ability to see packets (the conversation) on a switched network between two different end points? 
- 
 @pmoncho yes while the man in the middle still passes the packets through to the router and back to the client. If they are using a basic hub (layer 1) rather then a switch don't need to do this at all. just fire up wireshark as hubs don't use mac addresses. 
- 
 @stuartjordan said in Handy Linux Utilities: @pmoncho yes while the man in the middle still passes the packets through to the router and back to the client. If they are using a basic hub (layer 1) rather then a switch don't need to do this at all. just fire up wireshark as hubs don't use mac addresses. Haven't seen a hub in decades. But setting up a mirror port on a switch will work exactly the same. Also you only need wiresharkfor the analysis of the dumped traffic.tcpdumpis the utility for capturing the traffic.
- 
 @pete-s You can setup a mirror port if you have admin access to the switch. which hopefully isn't left with the default login settings. 
- 
 @stuartjordan said in Handy Linux Utilities: Why we must warn people not to use non encrypted traffic: 
 Do Not Use Telnet,Ftp or standard httpHere we will do an arp poison man in the middle attack to see another devices traffic on the same network. when we just had hubs this was easier now we have switches we have to use this method: - apt install wireshark (Graphical)
- apt install nmap
- apt install etttercap-text-only (there is a graphical version, this is cli only)
- sudo nmap -sn 192.168.1.0/24
- descover hosts IP and mac addresses / pick a host.
- sudo ettercap -T(txt only) -S(no ssl) -i(interface) wlan0 -M(man in the middle attack) arp:remote /192.168.1.1(router)// //192.168.1.8//(person to attack)
- sudo wireshark then apply filter ip.addr = 192.168.1.8
- obviously cannot see inside encrypted ssl traffic.
- but we can see plain text packets by applying filter ip.addr == 192.168.1.8 && http
- save in wireshark as pcap file
- visit website a-packets.com - generates a report for free.
- to see telnet as it's clear text use filter = wireshark filter ip.addr = = 192.168.1.8 && telnet
 I had a student do this to the student network at my last job. Everybody would complain about slow network in one building but by the time I could go check it, it was fine again. I figured out what he was doing and some switches have stuff built in to combat this (you just have to turn it on). 




