Commands by bhbmaster (7)

  • wmr - | pv -s $SIZEOFMEM | ssh -p 40004 -c arcfour,blowfish-cbc -C root@savelocation.com "cat - > /forensics/T430-8gb-RAM1.dd" Run above command from Windows Cygwin: On Windows: Install Cygwin, and copy WMR (windows memory reader 1.0) memory diagnostic into cygwin\bin folder, also install cygwins netcat and ssh (openssh). I recommend installing apt-cyg and running " On Linux: Have an SSH Server SIMPLEST FORM: WINDOWS: # wmr - | ssh root@savelocation.com "cat - > /tmp/FileToSave.dd" For more details on how to extract information from memory dump: apt-get install foremost foremost -t all -T -i /forensics/T430-8gb-RAM1.dd For more information: http://www.kossboss.com/memdump-foremost Show Sample Output


    0
    wmr - | pv -s $SIZEOFMEM | ssh -p 40004 -c arcfour,blowfish-cbc -C root@savelocation.com "cat - > /forensics/T430-8gb-RAM1.dd"
    bhbmaster · 2013-05-31 00:04:19 0
  • Most of the commands require the jpegs a certain format, not this, it just follows alphabetical order. The same order you follow if you do "ls -lisah" from top to bottom, top frame is first, bottom is last... This goes perfectly with a webcam timelapse... I have just the script for it: http://www.kossboss.com/linux---app-script---timelapse---capush Show Sample Output


    0
    mencoder mf://*.jpg -mf fps=50:type=jpg -ovc raw -oac copy -o out50fps.avi
    bhbmaster · 2013-05-30 07:49:36 0
  • NOTE: When opening the files you might need to strip the very top line with notepad++ as its a mistake header This is useful when the local machine where you need to do the packet capture with tcpdump doesn?t have enough room to save the file, where as your remote host does tcpdump -i eth0 -w - | ssh forge.remotehost.com -c arcfour,blowfish-cbc -C -p 50005 "cat - | gzip > /tmp/eth0.pcap.gz" Your @ PC1 doing a tcpdump of PC1s eth0 interface and its going to save the output @ PC2 who is called save.location.com to a file /tmp/eth0-to-me.pcap.gz again on PC2 More info @: http://www.kossboss.com/linuxtcpdump1 Show Sample Output


    1
    tcpdump -i eth0 -w - | ssh forge.remotehost.com -c arcfour,blowfish-cbc -C -p 50005 "cat - | gzip > /tmp/eth0.pcap.gz"
    bhbmaster · 2013-05-30 07:41:22 0
  • This is useful when the local machine where you need to do the packet capture with tcpdump doesn?t have enough room to save the file, where as your remote host does tcpdump -i eth0 -w - | ssh savelocation.com -c arcfour,blowfish-cbc -C -p 50005 "cat - > /tmp/eth0.pcap" Your @ PC1 doing a tcpdump of PC1s eth0 interface and its going to save the output @ PC2 who is called save.location.com to a file /tmp/ppp1-to-me.pcap.gz again on PC2 More info @: http://www.kossboss.com/linuxtcpdump1 Show Sample Output


    0
    tcpdump -i eth0 -w - | ssh savelocation.com -c arcfour,blowfish-cbc -C -p 50005 "cat - > /tmp/eth0.pcap"
    bhbmaster · 2013-05-30 07:33:48 0
  • NOTE: When doing these commands when asked for questions there might be flowing text from the pv doing the progress bar just continue typing as if its not there, close your eyes if it helps, there might be a yes or no question, type "yes" and ENTER to it, and also it will ask for a password, just put in your password and ENTER I talk alot more about this and alot of other variations of this command on my site: http://www.kossboss.com/linuxtarpvncssh Show Sample Output


    0
    cd /srcfolder; tar -czf - . | pv -s `du -sb . | awk '{print $1}'` | ssh -c arcfour,blowfish-cbc -p 50005 root@destination.com "tar -xzvf - -C /dstfolder"
    bhbmaster · 2013-05-30 07:21:06 0
  • Where filein is the source file, destination.com is the ssh server im copying the file to, -c arcfour,blowfish-cbc is selecting the fastest encryption engines, -C is for online compressions and decompression when it comes off the line - supposed to speed up tx in some cases, then the /tmp/fileout is how the file is saved... I talk more about it on my site, where there is more room to talk about this: http://www.kossboss.com/linuxtarpvncssh and http://www.kossboss.com/linux---transfer-1-file-with-ssh Show Sample Output


    0
    cat filein | ssh destination.com -c arcfour,blowfish-cbc -C -p 50005 "cat - > /tmp/fileout"
    bhbmaster · 2013-05-30 07:18:46 0
  • Do above at the Destination aka The Server. Do the following at the Source aka The Client: tar -cf - /srcfolder | pv | nc www.home.com 50002 If you want ETAs and stuff: tar -cf - /srcfolder | pv -s `du -sb /srcfolder | awk '{print $1}'` | nc www.home.com 50002 If you dont care about progress bars @ server/destination: tar -cf - /srcfolder | pv | nc www.home.com 50002 If you dont care about progress bars @ client/source: tar -cf - /srcfolder | pv -s `du -sb /srcfolder | awk '{print $1}'` | nc www.home.com 50002 I have this in alot better detail where there is more room to talk about it on my site: http://www.kossboss.com/linuxtarpvncssh Show Sample Output


    0
    while true; do nc -l -p 50002 | pv | tar -xf -; done
    bhbmaster · 2013-05-30 07:17:23 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Convert ascii string to hex
Converts the ascii text to hex from bash. Check the sample output.

Find usb device in realtime
Using this command you can track a moment when usb device was attached.

Get movie length

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

SAR - List the average memory usage for all days recorded under '/var/log/sa/*' using sar -r.

Notepad in a browser
A commandline version of the notepad in a browser: http://www.commandlinefu.com/commands/view/12161/notepad-in-a-browser-type-this-in-the-url-bar All credit to the origional author of this fantastic command, whos only failing as most of the comments pointed out was that it wasn't a command... well, now its a command. Send all upvotes to dtlp747.

Debug a remote php application (behind firewall) using ssh tunnel for XDEBUG port 9000
If you need to xdebug a remote php application, which is behind a firewall, and you have an ssh daemon running on that machine. you can redirect port 9000 on that machine over to your local machine from which you run your xdebug client (I am using phpStorm) So, run this command on your local machine and start your local xdebug client, to start debugging. more info: http://code.google.com/p/spectator/wiki/Installing

Create a mirror of a local folder, on a remote server
Create a exact mirror of the local folder "/root/files", on remote server 'remote_server' using SSH command (listening on port 22) (all files & folders on destination server/folder will be deleted)

watch snapshots commit in VMware ESX
To monitor .vmdk files during snapshot deletion (commit) on ESX only (ESXi doesn't have the watch command): 1. Navigate to the VM directory containing .vmdk files. # watch "ls -tough --full-time *.vmdk" where: -t sorts by modification time -o do not list group information (to narrow the output) -u sorts by access time -g only here for the purpose to easily remember the created mnemonic word 'tough' -h prints sizes in human readable format (e.g., 1K 234M 2G) --full-time sets the time style to full-iso and does not list user information (to narrow the output) optionally useful parameters to the watch command: -d highlight changes between updates -n seconds to wait between updates (default is 2) -t turn off printing the header

ls -qahlSr # list all files in size order - largest last
I find it useful, when cleaning up deleting unwanted files to make more space, to list in size order so I can delete the largest first. Note that using "q" shows files with non-printing characters in name. In this sample output (above), I found two copies of the same iso file both of which are immediate "delete candidates" for me.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: