After writing up the presentation for MacSysAdmin in Sweden, I decided to go ahead and throw these into a quick cheat sheet for anyone who’d like to have them all in one place. Good luck out there, and stay salty.
- Get an ip address for en0:
ipconfig getifaddr en0- Same thing, but setting and echoing a variable:
ip=`ipconfig getifaddr en0`; $ip- View the subnet mask of en0:
ipconfig getoption en0 subnet_mask- View the dns server for en0:
ipconfig getoption en0 domain_name_server- Get information about how en0 got its dhcp on:
ipconfig getpacket en1- Renew dhcp leases:
ipconfig set en1 BOOTP && ipconfig set en1 DHCP
ifconfig en1 down && ifconfig en1 up
# Renew a dhcp lease in a script
echo "add State:/Network/Interface/en0/RefreshConfiguration temporary" | sudo scutil- View some network info:
ifconfig en0- Set en0 to have an ip address of 10.10.10.10 and a subnet mask of 255.255.255.0:
ifconfig en0 inet 10.10.10.10 netmask 255.255.255.0- Show a list of locations on the computer:
networksetup -listlocations- Obtain the active location the system is using:
networksetup -getcurrentlocation- Create a network location called Work and populate it with information from the active network connection:
networksetup -createlocation Work populate- Delete a network location called Work:
networksetup -deletelocation Work- Switch the active location to a location called Work:
networksetup -switchlocation Work- List all of the network interfaces on the system:
networksetup -listallnetworkservices- Rename the network service called Ethernet to the word Wired:
networksetup -renamenetworkservice Ethernet Wired- Disable a network interface:
networksetup -setnetworkserviceenabled off- Change the order of your network services:
networksetup -ordernetworkservices "Wi-Fi" "USB Ethernet"- Set the interface called Wi-Fi to obtain it if it isn’t already
networksetup -setdhcp Wi-Fi- Configure a manual static ip address:
networksetup -setmanual Wi-Fi 10.0.0.2 255.255.255.0 10.0.0.1- Configure the dns servers for a given network interface:
networksetup -setdnsservers Wi-Fi 10.0.0.2 10.0.0.3- Obtain the dns servers used on the Wi-Fi interface:
networksetup -getdnsservers Wi-Fi- Start the application layer firewall:
launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist- Stop the application layer firewall:
launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist- Allow an app to communicate outside the system through the application layer firewall:
socketfilterfw -t "/Applications/FileMaker Pro/FileMaker Pro.app/Contents/MacOS/FileMaker Pro"- Start Bojour:
launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist- Stop Bonjour:
launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
- Add a route so that traffic for 10.0.0.0/32 communicates over the 10.0.9.2 network interface:
route -n add 10.0.0.0/32 10.0.9.2- Log bonjour traffic at the packet level:
sudo killall -USR2 mDNSResponder- Put a delay in your pings:
ping -i 5 192.168.210.1- Ping the hostname 5 times and then stop the ping:
ping -c 5 google.com- Flood ping the host:
ping -f localhost- Set the packet size during your ping:
ping -s 100 google.com- Customize the source IP during your ping:
ping -S 10.10.10.11 google.com- Trace the path packets go through:
traceroute google.com- Trace the routes without looking up names:
traceroute -n google.com- Trace a route in debug mode:
traceroute -d google.com- See the routing table of a Mac:
netstat -nr- View information on all sockets:
netstat -at- View network information for ipv6:
netstat -lt- View per protocol network statistics:
netstat -s- View the statistics for a specific network protocol:
netstat -p igmp- Show statistics for network interfaces:
netstat -i- Establish a network connection with www.apple.com:
/usr/bin/nc -v www.apple.com 80- Establish a network connection with gateway.push.apple.com over port 2195
/usr/bin/nc -v -w 15 gateway.push.apple.com 2195- Establish a network connection with feedback.push.apple.com only allowing ipv4
/usr/bin/nc -v -4 feedback.push.apple.com 2196- Setup a network listener on port 2196 for testing:
/usr/bin/nc -l 2196- Capture some packets:
tcpdump -nS- Capture all the packets:
tcpdump -nnvvXS- Capture the packets for a given port:
tcpdump -nnvvXs 548- Capture all the packets for a given port going to a given destination of 10.0.0.48:
tcpdump -nnvvXs 548 dst 10.0.0.48- Capture the packets as above but dump to a pcap file:
tcpdump -nnvvXs 548 dst 10.0.0.48 -w /tmp/myfile.pcap- Read tcpdump (cap) files and try to make them human readable:
tcpdump -qns 0 -A -r /var/tmp/capture.pcapView disk performance:
iostat -d disk0View network information as it happens (requires ntop to be installed):
ntopGet information about the airport connection on your system:
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -IScan the available Wireless networks:
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -sScan port 80 of www.google.com
/System/Library/CoreServices/Applications/Network\ Utility.app/Contents/Resources/stroke www.google.com 80 80Port scan krypted.com stealthily:
nmap -sS -O krypted.com/24What binaries have what ports and in what states are those ports:
lsof -n -i4TCPMake an alias for looking at what has a listener open, called ports:
alias ports='lsof -n -i4TCP | grep LISTEN'Switch the active location to a location called Work, but also show the GUID of that location so we can make scripties with it laters:
scselect WorkReport back the name of the system:
hostnameFlush the dns cache:
dscacheutil -flushcacheClear your arp cache:
arp -ad