Unix & Linux Stack Exchange
Q&A for users of Linux, FreeBSD and other Unix-like operating systems
Latest Questions
13
votes
3
answers
14774
views
What is the difference between the od, hd, hexdump and xxd commands?
What is the difference between the od, hd, hexdump and xxd commands ? They are all commands for dumping files and they can all dump it in various formats such as hexadecimal, octal or binary. Why creating different programs ?
What is the difference between the od, hd, hexdump and xxd commands ?
They are all commands for dumping files and they can all dump it in various formats such as hexadecimal, octal or binary. Why creating different programs ?
Nicryc
(335 rep)
Jan 15, 2020, 10:47 PM
• Last activity: Jan 9, 2025, 02:25 PM
0
votes
1
answers
150
views
How to programatically get size of the EEPROM where the bios is stored
I tried getting Bios Rom size from Dmidecode which says 16MB. But the vender specs says it should be 32MB. Is there any way to dive in and read the size of the whole chip (ROM where bios is stored). For reference check the picture attached.[![enter image description here][1]][1] [1]: https://i.sstat...
I tried getting Bios Rom size from Dmidecode which says 16MB. But the vender specs says it should be 32MB. Is there any way to dive in and read the size of the whole chip (ROM where bios is stored). For reference check the picture attached.
Kaleem Khattak
(3 rep)
Jul 10, 2024, 10:13 PM
• Last activity: Jul 13, 2024, 01:11 AM
11
votes
2
answers
6100
views
Dump network traffic of single application (strace-like)
I'm looking for a way to dump pcap of network data generated by an application, in a simmilar way `strace` dumps syscalls, etc. eg: net-strace somecommand -args `somecommand` would do something over the network, and `net-strace` would save a pcap dump of all the traffic generated by that app (+ repl...
I'm looking for a way to dump pcap of network data generated by an application, in a simmilar way
strace dumps syscalls, etc. eg:
net-strace somecommand -args
somecommand would do something over the network, and net-strace would save a pcap dump of all the traffic generated by that app (+ replies and related traffic).
Can this be achieved?
gesti
(111 rep)
Dec 18, 2014, 01:01 PM
• Last activity: Mar 13, 2024, 08:19 AM
-2
votes
1
answers
116
views
What type of device is required to view emmc chip on Linux
I have emmc I want to read on Linux, what kind of devices can read emmc on Linux ?
I have emmc I want to read on Linux, what kind of devices can read emmc on Linux ?
Imran Ali
(1 rep)
Jul 8, 2023, 12:26 PM
• Last activity: Jul 21, 2023, 07:34 AM
0
votes
1
answers
145
views
failed to restore root filesystem from dump backup
I'm currently testing a backup/restore of RHEL 6.4 OS via the "dump" and "restore" on testing environment, and I do know that RHEL 6.4 seemed too outdated in nowadays. Butsome enterprises are still using such version of RHEL to load their services. **Here's the scenario**: to backup the system and c...
I'm currently testing a backup/restore of RHEL 6.4 OS via the "dump" and "restore" on testing environment, and I do know that RHEL 6.4 seemed too outdated in nowadays. Butsome enterprises are still using such version of RHEL to load their services.
**Here's the scenario**: to backup the system and critical programs in case of host crash/failure event.
* The test RHEL 6.4 host for backup utilizes windows Hyper-V VM as infrastrucure and the OS root is installed on LVM logical volume.
* In order to backup the system, I placed system into single user mode and used command to backup the root filesystem
-shell
dump -0uf //mybackup.dump /-shell
restore -rf //mybackup.dump
user53815
(57 rep)
Jul 7, 2023, 03:30 PM
• Last activity: Jul 13, 2023, 03:11 PM
23
votes
3
answers
114419
views
How to dump memory image from linux system?
I know to dump memory images in Windows. (eg-dumpit) But I don't know how to dump memory images in Linux. I want to get memory images in Linux and from Linux to Linux with ssh connection or something. How can I get in Linux?
I know to dump memory images in Windows. (eg-dumpit) But I don't know how to dump memory images in Linux.
I want to get memory images in Linux and from Linux to Linux with ssh connection or something.
How can I get in Linux?
bakie
(363 rep)
Mar 14, 2014, 11:50 PM
• Last activity: Mar 21, 2023, 11:02 AM
0
votes
0
answers
187
views
Dump file conversion with iconv
I tried to convert the dump file with iconv. The command that I used: iconv -f utf-8 -t iso-8859-1 | iconv -f windows-1251 -t utf-8 Unfortunately, it converts to the unreadable letters: `Îáúÿâëÿåòñÿ íàáîð ìîäåðàòîГ&#...
I tried to convert the dump file with iconv. The command that I used:
iconv -f utf-8 -t iso-8859-1 |
iconv -f windows-1251 -t utf-8
Unfortunately, it converts to the unreadable letters:
Îáúÿâëÿåòñÿ Гà áîð ìîäåðà òîðîâ. It works correctly if it is only one phrase.
From other thread I understood that the dump file might contain both text and binary data, and trying to interpret the binary data parts as text would most likely result in unreadable junk.
I tried to convert SQL dump file from web forum with unknown coding to utf-8. It works correctly if it is only one phrase like in this thread: https://unix.stackexchange.com/questions/629040/formatting-from-iso-8859-1-to-windows-1251 . And it did not work for the file.
prokol
(1 rep)
Jan 14, 2023, 08:06 PM
• Last activity: Jan 18, 2023, 01:05 PM
6
votes
2
answers
1463
views
What causes \r's to be inserted before \n's when retrieving a binary file over ssh, and how do I circumvent it?
I have inherited a Ubuntu 14.04 production server which needs to be upgraded to 20.04, and I would like a sandboxed version to experiment with first, hence I want to `dump` and `restore` the filesystems over the network from either a MacOS or another 14.04 virtualbox instance. An earlier version of...
I have inherited a Ubuntu 14.04 production server which needs to be upgraded to 20.04, and I would like a sandboxed version to experiment with first, hence I want to
dump and restore the filesystems over the network from either a MacOS or another 14.04 virtualbox instance. An earlier version of this question is at https://askubuntu.com/q/1314747/963 .
The server cannot "see" my machines so I cannot easily run dump and push the result remotely to my machine, but need to invoke ssh from my machine to run dump.
ssh -t me@there "echo MYPASSWORD | sudo -S dump -y -f - /boot 2>/dev/null " > boot.dump
Problem is that I've found that running this command inserts a lot of \r characters in front of \n characters which ruins the dump file so restore cannot use it. I understand that this is probably due to a driver translating linefeeds to the characters needed for printing, but I do not see where this is triggered.
How should I do this to get the correct binary dump file?
Thorbjørn Ravn Andersen
(1064 rep)
Feb 9, 2021, 04:08 PM
• Last activity: Sep 13, 2021, 12:59 PM
0
votes
0
answers
53
views
How do I dump text from the GNU info reader?
I would like to dump the text from a page of a tool's info documentation to a text file and read and edit it subsequently in Vim. Does the GNU info reader permit dumping of its text, or is there an easy way to find the directory of its source text and render it (in case of markup tags)?
I would like to dump the text from a page of a tool's info documentation to a text file and read and edit it subsequently in Vim.
Does the GNU info reader permit dumping of its text, or is there an easy way to find the directory of its source text and render it (in case of markup tags)?
Julius Hamilton
(159 rep)
Sep 12, 2021, 07:57 PM
0
votes
0
answers
445
views
Dumping a packed shared library
I have 2 packed shared libraries, the second one is probably dependent on first one. The first one is packed with UPX, and the unpacking code is in .init_proc. I have tried attaching a debugger and dumping the application in .init_proc, but i cant get to it while debugging. It just skips to the EP....
I have 2 packed shared libraries, the second one is probably dependent on first one.
The first one is packed with UPX, and the unpacking code is in .init_proc. I have tried attaching a debugger and dumping the application in .init_proc, but i cant get to it while debugging. It just skips to the EP. And segfaults. Which is very strange. It is being loaded using LD_PRELOAD.
Anoter executable has the unpacking code in the EP, but it is unknown which packer have been used to pack it. This library segfaults when i try to load it too. Also, both are prooven to work on another machine.
So my question is, is there any guide to unpacking ELF executables or anything like that?
Mikel Frejie
(1 rep)
Nov 25, 2020, 05:41 PM
6
votes
2
answers
3662
views
Deleted my ssh keys
I'm on a Mac (OSX). I've accidentally deleted my ssh keys, but I haven't restarted my computer yet so I'm still able to access servers with my key. I guess the ssh-agent has some form of it in memory? Is there any way to retrieve the key from the ssh-agent? I still remember the password etc.
I'm on a Mac (OSX).
I've accidentally deleted my ssh keys, but I haven't restarted my computer yet so I'm still able to access servers with my key. I guess the ssh-agent has some form of it in memory?
Is there any way to retrieve the key from the ssh-agent?
I still remember the password etc.
James
(183 rep)
Sep 5, 2015, 03:20 AM
• Last activity: Aug 4, 2020, 10:40 AM
2
votes
1
answers
895
views
Dumping a live filesystem
I've managed to root a device and I'd like to dump it's entire filesystem in order to analyze and reverse engineer it. This device claims to be `Linux 2.6.31 mips GNU/Linux`. The way I can access the shell interface is via network, by simply telneting to a port. How can I dump it's entire filesystem...
I've managed to root a device and I'd like to dump it's entire filesystem in order to analyze and reverse engineer it.
This device claims to be
Linux 2.6.31 mips GNU/Linux. The way I can access the shell interface is via network, by simply telneting to a port.
How can I dump it's entire filesystem outside the device?
# Things I tried
* DD: Kind of out of the question, df -h says that the filesystem is 48% used and a dd image would take that to 98%, potentially making it run out of space and bricking it?
* Rsync: This one seems the best option, but AFAIK, rsync uses ssh internally, but there's no ssh to this device, you just open a port to it and it drops you to a shell. Parameters like root@192.168.1.1:23:/ simply seem to ignore the port (ssh: connect to host 192.168.3.10 port 22: Connection refused). rsync binary is not present in the device.
# Things to consider
* Filesystem should remain exactly the same, meaning that even symlinks should still point to where they point right now.
444A49
(23 rep)
Jun 1, 2020, 01:52 PM
• Last activity: Jun 1, 2020, 03:09 PM
-1
votes
1
answers
544
views
accidently used dd on the wrong drive
i was trying to make a bootable usb with disk dump command in ubuntu, but i typed the wrong device name and hit enter so it started the process on my external hard drive , but after a few seconds i realized i just did something retarded that i just destroyed my ex hdd which i used for important file...
i was trying to make a bootable usb with disk dump command in ubuntu, but i typed the wrong device name and hit enter so it started the process on my external hard drive , but after a few seconds i realized i just did something retarded that i just destroyed my ex hdd which i used for important files and i cancelled the dd with ctrl+c,now my hdd is empty , and when i try to use it on my windows it asks to be formatted , how can i get my files back ?
salmanrf
(1 rep)
Oct 31, 2019, 04:25 PM
• Last activity: Oct 31, 2019, 09:15 PM
-4
votes
3
answers
681
views
DATA DUMP WHATEVER IS ON usb 3-1 BUY USB ADDRESS ONLY
how can i retrieve data from "ANY" device using "ONLY" it's "USB ADDRESS" ergo usb 3-1 so that "WHATEVER" attaches to this port get dumped as opposed to any other descriptors "NOT" "NOT" /dev/etc... I'M NOT LOOKING FOR A THIRD PARTY SOFTWARE JUST THE NORMAL LINUX **SHORT** COMMAND LINE ANSWER
how can i retrieve data from "ANY" device
using "ONLY" it's "USB ADDRESS"
ergo usb 3-1
so that "WHATEVER" attaches to this port get dumped
as opposed to any other descriptors
"NOT" "NOT" /dev/etc...
I'M NOT LOOKING FOR A THIRD PARTY SOFTWARE JUST THE NORMAL LINUX **SHORT** COMMAND LINE ANSWER
user378296
(1 rep)
Oct 21, 2019, 04:29 PM
• Last activity: Oct 22, 2019, 03:54 AM
2
votes
1
answers
5264
views
How to generate memory dump from outside a running container
I have running a .net service inside a container. And I am observing the memory consumption of this service inside the container is gradually going up to the limit set to that container and after it reaches the threshold limit the container get killed. To debug further I want to generate a memory du...
I have running a .net service inside a container. And I am observing the memory consumption of this service inside the container is gradually going up to the limit set to that container and after it reaches the threshold limit the container get killed. To debug further I want to generate a memory dump of the .net service inside the container by staying outside the container. Can I do it?
I have refrained to install any third-party software as the policy is not allowing me.
My current host details are as follows,
NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/ "
but I have
Ulimit installed on the host machine. Tried with Ulimit but not successful.
JYOTI PRAKASH MALLICK
(231 rep)
Sep 23, 2019, 12:15 PM
• Last activity: Oct 14, 2019, 11:46 AM
1
votes
1
answers
296
views
dump command - does it save extended attributed, ACLs and SELinux settings on ext4 filesystems?
I'd like to use dump(8) for dumping an ext4 filesystem for transport to another system. However, it is not clear from research that I have come across as to whether the dump/restore pair will transfer file extended attributes, Selinux labels, and ACLs. Anybody know for sure?
I'd like to use dump(8) for dumping an ext4 filesystem for transport to another system. However, it is not clear from research that I have come across as to whether the dump/restore pair will transfer file extended attributes, Selinux labels, and ACLs.
Anybody know for sure?
mdpc
(6991 rep)
Jun 20, 2016, 06:39 PM
• Last activity: Jan 5, 2019, 04:47 PM
7
votes
3
answers
5009
views
Are there any ways or tools to dump the memory cache and buffer?
I want to check out what files are loaded in buffer. Just so it's clear, the buffers & cache I'm referring to are what show up when you run the `free -m` command: $ free -m total used free shared buffers cached Mem: 7800 7671 128 0 291 724 -/+ buffers/cache: 6655 1144 Swap: 5823 613 5210
I want to check out what files are loaded in buffer. Just so it's clear, the buffers & cache I'm referring to are what show up when you run the
free -m command:
$ free -m
total used free shared buffers cached
Mem: 7800 7671 128 0 291 724
-/+ buffers/cache: 6655 1144
Swap: 5823 613 5210
jofox
(129 rep)
Aug 23, 2013, 04:03 AM
• Last activity: Dec 20, 2018, 12:18 AM
3
votes
0
answers
969
views
Memory dump on Ubuntu 18.04 failed on too big /proc/kcore/
There are two great articles about how to aquire memory on Linux using linpmem: [SANS](https://digital-forensics.sans.org/media/rekall-memory-forensics-cheatsheet.pdf) [holdmybeersecurity](https://holdmybeersecurity.com/2017/07/29/rekall-memory-analysis-framework-for-windows-linux-and-mac-osx/) Tryi...
There are two great articles about how to aquire memory on Linux using linpmem:
[SANS](https://digital-forensics.sans.org/media/rekall-memory-forensics-cheatsheet.pdf)
[holdmybeersecurity](https://holdmybeersecurity.com/2017/07/29/rekall-memory-analysis-framework-for-windows-linux-and-mac-osx/)
Trying the approach from [holdmybeersecurity](https://holdmybeersecurity.com/2017/07/29/rekall-memory-analysis-framework-for-windows-linux-and-mac-osx/) I ran into the following issue, which seems to be a more general problem:
wget https://github.com/google/rekall/releases/download/v1.5.1/linpmem-2.1.post4
chmod +x linpmem-2.1.post4
./linpmem-2.1.post4 -o mem.aff4rlinpmem more closly it relies on linux memory mapping /proc/kcore to acquire the data.
sudo ls -lh /proc/kcore
-r-------- 1 root root 128T Dec 12 11:32 /proc/kcore/proc/kcore is the virtual allocation of your RAM for the kernel. On 64 bit systems that size can be an absolute limit of 128T since that is the most the system can allocate.
which is kind of against the man proc:
/proc/kcore
This file represents the physical memory of the system and is stored in the ELF core file format. With this pseudo-file, and an unstripped kernel
(/usr/src/linux/vmlinux) binary, GDB can be used to examine the current state of any kernel data structures.
The total length of the file is the size of physical memory (RAM) plus 4 KiB.
**So the big question is: How to aquire the memory/swap only, but not the HDD content?**
gies0r
(131 rep)
Dec 12, 2018, 12:05 PM
• Last activity: Dec 12, 2018, 12:54 PM
2
votes
2
answers
5454
views
How to mount a dd-image which was created via fmem (memory dump tool)
I've used the tool `fmem` for creating a memory dump dd-file. That works fine. But how can I access this image? I've tried it with `mount` but it says I have to specify a filesystem. But non of the given possibilities works (ext4, vfat etc).
I've used the tool
fmem for creating a memory dump dd-file. That works fine.
But how can I access this image? I've tried it with mount but it says I have to specify a filesystem. But non of the given possibilities works (ext4, vfat etc).
Dee
(21 rep)
Jun 8, 2014, 06:29 PM
• Last activity: Nov 24, 2018, 08:36 PM
0
votes
1
answers
257
views
Error message "jrcmd: not found" when I execute a script
I am getting the error below when I execute a script: > Ksh: line 1: jrcmd: not found When I execute the same command in weblogic server, I get the output, but executing the same command inside a script it gives me the error message. This is the script: #!/bin/ksh process_id=`ssh -q account@serverna...
I am getting the error below when I execute a script:
> Ksh: line 1: jrcmd: not found
When I execute the same command in weblogic server, I get the output, but executing the same command inside a script it gives me the error message.
This is the script:
#!/bin/ksh
process_id=`ssh -q account@servername -n "pa -ef |grep weblogic|great -v "grep""|awk '{print $2}'
ssh -q account@servername -n "jrcmd $process_id print_threads > /tmp/thread.txt"
Can I expect any answer?
Mallikarjun Malage
(3 rep)
Sep 17, 2018, 04:51 PM
• Last activity: Sep 18, 2018, 09:45 PM
Showing page 1 of 20 total questions