Differences

This shows you the differences between two versions of the page.

--- soc:irt:linux:start [2026/06/11 15:35] – titannet
+++ soc:irt:linux:start [2026/06/11 15:53] (current) – titannet
@@ Line 1: / Line 1: @@
 ====== Linux ======
+===== Live and Disk System =====
+==== Process Information ====
 <code bash>
@@ Line 14: / Line 19: @@
 # open ports, assume folder /proc/{pid}/
-cat net/tcp | awk 'NR>1 {split($2, a, ":"); printf "%d\n", "0x" a[2]}'
+cat ./net/tcp | awk 'NR>1 {split($2, a, ":"); printf "%d\n", "0x" a[2]}'
-cat /net/udp | awk 'NR>1 {split($2, a, ":"); printf "%d\n", "0x" a[2]}'
+# local ip's and ports
+awk 'NR>1 {
+    split($2, a, ":")
+    hex = a[1]
+    # Extract bytes (IP is little-endian in the file)
+    b1 = substr(hex,7,2); b2 = substr(hex,5,2)
+    b3 = substr(hex,3,2); b4 = substr(hex,1,2)
+    printf "%d.%d.%d.%d:%d\n",
+        "0x"b1, "0x"b2, "0x"b3, "0x"b4,
+        "0x"a[2]
+}' ./net/tcp
 # connected local ip's
 cat /net/arp
+cat /net/route
+</code>
+==== Logs ====
+<code bash>
+/var/log/...         # most system logs
+/var/log/journal     # binary system logs, readable with journalctl
 </code>
+==== Triage ====
+  * [[soc:irt:linux:tools:uac]]
+===== Live =====
+==== Basic System Info ====
 <code bash>