essential, admin, net
Essential Unix commands
Enter the number of entries in the top level directory. You can use the command ls / and simply count the words.
If you are too lazy to count you can pass the output through the wc command: 'wc -l'
ls / | wc -l
20Edit the file /etc/motd so that it contains the single word Welcome You can use the echo command and redirect the output, or you can use an editor such as vi or nano (similar to pico). If you get a permission denied error ARE YOU SURE YOU ARE ROOT?
On some Windows machines, nano does not seem to like the cursor keys. If (and only if) the cursor keys result in funny characters when using nano, type the following at the prompt and then try nano again:
export TERM=vt102
echo 'Welcome' > /etc/motdGive the uid of the user called "operator".
id operator
uid=11(operator) gid=0(root) groups=0(root)
11Who is the owner of the directory /var/cache/httpd? If you get no information, are you sure you are using "ls" to give the directory information or the contents of the directory instead?
ll /var/cache/httpd
total 0
drwx------. 2 apache apache 6 Nov 14 2016 proxy
apacheGive the name of the first directory (alphabetically) of / that has no read permission for other.
ll / | sort -k9
rootChange the permission of the directory /var/log/httpd so that group and world have execute and read permission.
ll /var/log | grep http
drwx------. 2 root root 6 Nov 14 2016 httpd
chmod 755 /var/log/httpdChange the owner of the file /etc/ntp.conf to operator
chown operator:root /etc/ntp.confCreate a directory /root/dropzone It should be set up so that group and other users can save files in the directory, but they cannot read the files that are there. User root must able to read and write the directory.
mkdir /root/dropzone
chmod 733 /root/dropzoneCreate a symbolic link so that the file /usr/share/dict/words appears as /root/words
ln -s /usr/share/dict/words /root/wordsThis is a challenge question. Miss it out if you dont know regular expressions.
Use grep on words to find a word that contains each of the vowels in the correct order. How many such words are there? (you may include words with extra vowels such as adventitious. /root/words
grep '.*a.*e.*i.*o.*u' /root/wordsThis is a challenge question. Miss it out if you dont know regular expressions.
The word minglingly includes the same four characters (e.g. ingl) repeated. How many such words are there which also begin with lower case "m" (any four character are repeated).
# grep -E '\bs' file.txt # all words starting with s
# grep -E 's\b' file.txt # all words ending with s
# cat /root/words | grep ^s | grep '^s.*\(...\).*\1.*\1'
27Look in /usr/share/doc and find a directory starting "git-" followed by a version number. In the following questions this directory is referred to as the "git" directory...
How much space is being used by the git directory? Use a command to calculate this, and dont try adding it up yourself! We want the total answer in human readable format (eg 6.2M).
du -sh /usr/share/doc/git-1.8.3.1
12M /usr/share/doc/git-1.8.3.1In human readable form (eg 123M) how much disk space is available on the main filesystem?
df -h /
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos_lvm-root 6.5G 4.4G 2.2G 67% /Remove the entire git directory (it is not used in our tutorials). Now repeat the above calculation for disk space, but this time give the answer in blocks.
rm -rf /usr/share/doc/git-1.8.3.1
df -T
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/mapper/centos_lvm-root xfs 6813696 4543944 2269752 67% /
devtmpfs devtmpfs 234228 0 234228 0% /dev
tmpfs tmpfs 250160 84 250076 1% /dev/shm
tmpfs tmpfs 250160 8892 241268 4% /run
tmpfs tmpfs 250160 0 250160 0% /sys/fs/cgroup
/dev/sda1 xfs 508588 209632 298956 42% /boot
tmpfs tmpfs 50032 16 50016 1% /run/user/42
tmpfs tmpfs 50032 0 50032 0% /run/user/1001
2269752Essential Unix Administration
Use sfdisk with block units and find out the partitions which exist in /dev/sda. How many blocks are in the first partition?
[root@host-1-129 ~]# sfdisk -l /dev/sda
Disk /dev/sda: 1020 cylinders, 232 heads, 62 sectors/track
Units: cylinders of 7364608 bytes, blocks of 1024 bytes, counting from 0
Device Boot Start End #cyls #blocks Id System
/dev/sda1 * 0+ 71- 72- 512000 83 Linux
sfdisk: start: (c,h,s) expected (0,33,3) found (0,32,33)
sfdisk: end: (c,h,s) expected (71,77,10) found (63,221,30)
/dev/sda2 71+ 1020- 950- 6827008 8e Linux LVM
sfdisk: start: (c,h,s) expected (71,77,11) found (63,221,31)
sfdisk: end: (c,h,s) expected (1020,135,14) found (913,201,56)
/dev/sda3 0 - 0 0 0 Empty
/dev/sda4 0 - 0 0 0 Empty
[root@host-1-129 ~]# sfdisk -s /dev/sda1
512000Use the pvdisplay command of LVM to discover what physical volume (i.e. which partition) is being managed by LVM. What is the partition being used (PV Name) and what is the volume group name (VG Name)?
[root@host-1-129 ~]# pvdisplay
--- Physical volume ---
PV Name /dev/sda2
VG Name centos_lvm
PV Size 6.51 GiB / not usable 3.00 MiB
Allocatable yes (but full)
PE Size 4.00 MiB
Total PE 1666
Free PE 0
Allocated PE 1666
PV UUID kIogiH-f548-AELA-NMVK-sbr7-9u7j-2K6MDz
[root@host-1-129 ~]# vgdisplay
--- Volume group ---
VG Name centos_lvm
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 2
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 1
Open LV 1
Max PV 0
Cur PV 1
Act PV 1
VG Size 6.51 GiB
PE Size 4.00 MiB
Total PE 1666
Alloc PE / Size 1666 / 6.51 GiB
Free PE / Size 0 / 0
VG UUID qGpE99-5l8L-vs0X-M4Zz-0FDU-O5sY-5Qm6P5Use lvdisplay to discover information about the VG Name found in the previous question. What is the first LV Path which is using the volume group discovered in the previous question?
[root@host-1-129 ~]# lvdisplay
--- Logical volume ---
LV Path /dev/centos_lvm/root
LV Name root
VG Name centos_lvm
LV UUID xnNIQ2-ct1m-UqaR-BkjO-GrNI-FUwt-e2ciYM
LV Write Access read/write
LV Creation host, time host-19-17.linuxzoo.net, 2014-09-08 09:08:59 +0100
LV Status available
# open 1
LV Size 6.51 GiB
Current LE 1666
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:0Using the path discovered in the previous question, look at this path in the /dev directory using a long listing ls command. Assuming this is in fact a soft link, what is the ABSOLUTE device name which this link is pointing to?
[root@host-1-129 ~]# ll /dev/centos_lvm/root
lrwxrwxrwx. 1 root root 7 Aug 3 15:13 /dev/centos_lvm/root -> ../dm-0
/dev/dm-0For mounting this logical volume, the current method is NOT to use the volume name, or even the device it points to. Instead the device mapper is used, which can support different layers (such as encryption on top of something else). This can be found in /dev/mapper.
Look in /dev/mapper, and find the soft link which points to the device file identified in the previous question. What is the relative name of this link? So if the link was /dev/mapper/gordon, the answer wanted here is "gordon".
[root@host-1-129 ~]# ll /dev/mapper
total 0
lrwxrwxrwx. 1 root root 7 Aug 3 15:13 centos_lvm-root -> ../dm-0
crw-------. 1 root root 10, 236 Aug 3 15:13 control
centos_lvm-rootLook in the fstab mount table. Find the line which mounts this partition via the mapper device. Where is this partition mounted?
[root@host-1-129 ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon Sep 8 08:09:05 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos_lvm-root / xfs defaults 1 1
UUID=f3b744e4-e754-4842-93d1-43b06de64b66 /boot xfs defaults 1 2
UUID=971d09b6-8ce8-49c7-9ec9-16b0155f42cf swap swap defaults 0 0
/One can also mount things using the filesystem block id (which is the UUID shown in fstab). What block id could you use instead of the mapper mount in this case? It is in a format like ffffff-ffff-fffff-fffff-ffffffffff.
[root@host-1-129 ~]# blkid
/dev/sdb1: UUID="971d09b6-8ce8-49c7-9ec9-16b0155f42cf" TYPE="swap"
/dev/sda1: UUID="f3b744e4-e754-4842-93d1-43b06de64b66" TYPE="xfs"
/dev/sda2: UUID="kIogiH-f548-AELA-NMVK-sbr7-9u7j-2K6MDz" TYPE="LVM2_member"
/dev/mapper/centos_lvm-root: UUID="b66fdf9b-16f0-4648-9663-536881db0ab1" TYPE="xfs"
b66fdf9b-16f0-4648-9663-536881db0ab1Recall that you discovered the device file in /dev which the LVM mapper entry was soft linked to. What was the major and minor number of this device?
[root@host-1-129 ~]# ls -lisha /dev
total 4.0K
6688 0 crw-------. 1 root root 10, 62 Aug 3 15:13 crash
8430 0 drwxr-xr-x. 5 root root 100 Aug 3 15:13 disk
8678 0 brw-rw----. 1 root disk 253, 0 Aug 3 15:13 dm-0
253,0Somewhere in the /proc filesystem there is a file which tells you how much swap space has been allocated to the computer. Find that file and then find out how big in bytes the swap space is. Hint: the information that you require is located within the /proc directory within a file .
[root@host-1-129 ~]# free
total used free shared buff/cache available
Mem: 500320 234168 16908 8564 249244 214144
Swap: 2103484 440 2103044What is the process id of rsyslogd? Hint: remember the 'ps aux' command?
[root@host-1-129 ~]# ps -aux | grep rsyslogd
root 1003 0.0 0.6 219776 3252 ? Ssl 15:13 0:00 /usr/sbin/rsyslogd -n
root 8636 0.0 0.1 112652 920 pts/1 S+ 17:01 0:00 grep --color=auto rsyslogdKill rsyslogd using the kill command.
[root@host-1-129 ~]# kill 1003Using systemctl, get the status of the rsyslog service. What is the full path to the systemd configuration file which controls the rsyslog serice?
[root@host-1-129 ~]# systemctl status rsyslog.service
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Tue 2021-08-03 17:02:29 BST; 56s ago
Process: 1003 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1003 (code=exited, status=0/SUCCESS)
Aug 03 15:13:25 host-1-129.linuxzoo.net systemd[1]: Starting System Logging Service...
Aug 03 15:13:25 host-1-129.linuxzoo.net systemd[1]: Started System Logging Service.
/usr/lib/systemd/system/rsyslog.serviceLook at this configuration file. Find the line which configures the environmental variables of rsyslog (EnvironmentFile). Ignoring the "=" or the "=-" if it exists, what is the environment file for this service?
[root@host-1-129 ~]# cat /usr/lib/systemd/system/rsyslog.service
[Unit]
Description=System Logging Service
;Requires=syslog.socket
After=network.target
[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/rsyslog
ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS
Restart=on-failure
UMask=0066
StandardOutput=null
[Install]
WantedBy=multi-user.target
;Alias=syslog.service
/etc/sysconfig/rsyslogRestart the rsyslogd services using systemctl. Confirm it is running using the status option.
[root@host-1-129 ~]# systemctl restart rsyslog.serviceStart the database. This is called mariadb. This may take a few seconds.
[root@host-1-129 ~]# service mariadb start
Redirecting to /bin/systemctl start mariadb.serviceUsing systemctl, discover the process id (PID) for the main process. Note, mariadb has many processes, so make sure you select the Main PID.
[root@host-1-129 ~]# systemctl status mariadb.service
● mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2021-08-03 17:09:33 BST; 36s ago
Process: 9179 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
Process: 9097 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Main PID: 9178 (mysqld_safe)
CGroup: /system.slice/mariadb.service
├─9178 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
└─9335 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/m...
9178What user is the owner of this process? Use the "ps" command with the appropriate flags.
[root@host-1-129 ~]# ps -aux | grep mariadb
mysql 9335 0.2 16.0 902780 80116 ? Sl 17:09 0:00 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
mysqlIf the main pid is the parent of the database, what is the PID of the first child of this parent pid? So if you have the process name for this PID, then pstree might help here.
9335Set the mariadb to run next time you boot your virtual machine.
[root@host-1-129 ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.Systemctl has an option "list-unit-files", which says which things are enabled for running at boot. How many units are enabled?
[root@host-1-129 ~]# systemctl list-unit-files | grep enabled | wc -l
73How many enabled units are socket units?
[root@host-1-129 ~]# systemctl list-unit-files --type=socket | grep enabled | wc -l
10Now set the mariadb so that it DOES NOT run next time you boot your virtual machine.
[root@host-1-129 ~]# systemctl disable mariadb.service
Removed symlink /etc/systemd/system/multi-user.target.wants/mariadb.service.Linux Networking
What is the network device name which connects you to the linuxzoo network? This will have an IPv4 address which starts "10."... Do not type in /dev when you answer this (i.e. make the answer relative to /dev).
[root@host-1-193 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:c1:00:01:90 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.193/29 brd 10.0.1.199 scope global dynamic ens3
valid_lft 863865sec preferred_lft 863865sec
inet6 fe80::2192:5ec6:16e0:dcba/64 scope link
valid_lft forever preferred_lft forever
ens3What is the broadcast address for this network connection?
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:c1:00:01:90 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.193/29 brd 10.0.1.199 scope global dynamic ens3
valid_lft 863865sec preferred_lft 863865sec
inet6 fe80::2192:5ec6:16e0:dcba/64 scope link
valid_lft forever preferred_lft forever
10.0.1.199What is the netmask in quad dotted format for this network connection?
255.255.255.248What is the IP for the default route (i.e. the gateway) for your virtual machine?
[root@host-1-193 ~]# ip route
default via 10.0.1.198 dev ens3 proto static metric 100
10.0.1.192/29 dev ens3 proto kernel scope link src 10.0.1.193 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
10.0.1.198Device eth2 is connected to a network for which your virtual machine is the gateway. The network ip is 192.168.1.0 and the netmask is 255.255.255.0. Your IP should be the last valid host IP number allowed for that network.
Calculate the your IP/NETWORK configuration for eth2.
# http://jodies.de/ipcalc?host=192.168.1.0&mask1=24&mask2=
Address: 192.168.1.0 11000000.10101000.00000001 .00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111 .00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000 .11111111
=>
Network: 192.168.1.0/24 11000000.10101000.00000001 .00000000 (Class C)
Broadcast: 192.168.1.255 11000000.10101000.00000001 .11111111
HostMin: 192.168.1.1 11000000.10101000.00000001 .00000001
HostMax: 192.168.1.254 11000000.10101000.00000001 .11111110
Hosts/Net: 254 (Private Internet)
192.168.1.254/24Configure eth2 as per the previous question. Confirm operations by pinging 192.168.1.23. Make sure the broadcast address is correct too.
[root@host-1-193 ~]# ifconfig eth2 192.168.1.254 netmask 255.255.255.0 up
[root@host-1-193 ~]# ping 192.168.1.23
PING 192.168.1.23 (192.168.1.23) 56(84) bytes of data.
64 bytes from 192.168.1.23: icmp_seq=1 ttl=64 time=0.142 ms
64 bytes from 192.168.1.23: icmp_seq=2 ttl=64 time=0.045 ms
64 bytes from 192.168.1.23: icmp_seq=3 ttl=64 time=0.060 ms
64 bytes from 192.168.1.23: icmp_seq=4 ttl=64 time=0.062 msDevice eth3 is connected to a network for which your virtual machine is the gateway. The network ip is 192.168.3.48 and the netmask is 255.255.255.240. Your IP should be the last valid host IP number allowed for that network.
Calculate the your IP/NETWORK configuration for eth3.
# http://jodies.de/ipcalc?host=192.168.3.48&mask1=28&mask2=
Address: 192.168.3.48 11000000.10101000.00000011.0011 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 192.168.3.48/28 11000000.10101000.00000011.0011 0000 (Class C)
Broadcast: 192.168.3.63 11000000.10101000.00000011.0011 1111
HostMin: 192.168.3.49 11000000.10101000.00000011.0011 0001
HostMax: 192.168.3.62 11000000.10101000.00000011.0011 1110
Hosts/Net: 14 (Private Internet)
192.168.3.62/28Configure eth3 as per the previous question. Confirm operations by pinging 192.168.3.50. Make sure the broadcast address is correct too.
[root@host-1-193 ~]# ifconfig eth3 192.168.3.62 netmask 255.255.255.240 up
[root@host-1-193 ~]# ping 192.168.3.50
PING 192.168.3.50 (192.168.3.50) 56(84) bytes of data.
64 bytes from 192.168.3.50: icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from 192.168.3.50: icmp_seq=2 ttl=64 time=0.045 ms
64 bytes from 192.168.3.50: icmp_seq=3 ttl=64 time=0.045 ms
^C
--- 192.168.3.50 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.045/0.058/0.086/0.021 msUsing an "ip link" command, discover the mac address of eth3.
[root@host-1-193 ~]# ip link
6: eth3@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000
link/ether be:5a:e8:96:7b:90 brd ff:ff:ff:ff:ff:ff link-netnsid 1
be:5a:e8:96:7b:90What is the mac address of 192.168.3.50? Hint: "/proc"...
[root@host-1-193 proc]# cat /proc/net/arp
IP address HW type Flags HW address Mask Device
192.168.3.50 0x1 0x2 ce:36:a2:bc:ca:11 * eth3
10.0.1.198 0x1 0x2 9a:21:54:58:b2:17 * ens3
ce:36:a2:bc:ca:11If you were able to log onto 192.168.3.50, how would you have configured the default route?
[root@host-1-193 proc]# ip route
default via 10.0.1.198 dev ens3 proto static metric 100
10.0.1.192/29 dev ens3 proto kernel scope link src 10.0.1.193 metric 100
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.254
192.168.3.48/28 dev eth3 proto kernel scope link src 192.168.3.62
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
ip route add default via 192.168.3.62 dev eth0How many programs are listening on ipv4 TCP sockets on your machine. Hint: the netstat command will help you here.
[root@host-1-193 proc]# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:35311 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:49007 0.0.0.0:* LISTEN 1014/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:20048 0.0.0.0:* LISTEN 1053/rpc.mountd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1235/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1022/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1296/master
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
8What is the PID of the process which is listening on UDP port 111 (sunrpc). Hint: the netstat command will help you here.
[root@host-1-193 proc]# netstat -aunp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:111 0.0.0.0:* 631/rpcbind
[root@host-1-193 proc]# ps -aux | grep rpcbind
rpc 631 0.0 0.2 64948 1356 ? Ss 00:59 0:00 /sbin/rpcbind -w
631When you connected to linuxzoo.net via telnet or ssh, it was forwarded from 10.200.0.1 (the main linuxzoo server) to your machine's telnet or ssh server using a proxy. Find the port number on the 10.200.0.1 end of one of these proxy connections and enter it below. Hint: again try the netstat command very near the beginning of the output... It sometimes helps to use "-n", as this does not do DNS lookups.
[root@host-1-89 ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:36494 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:mountd 0.0.0.0:* LISTEN
tcp 0 0 host-1-89.linuxz:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:nfs 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:51691 0.0.0.0:* LISTEN
tcp 0 0 host-1-89.linuxzoo.:ssh hub1-gw.linuxzoo.:24163 ESTABLISHED
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:mountd [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:36247 [::]:* LISTEN
tcp6 0 0 [::]:telnet [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:nfs [::]:* LISTEN
tcp6 0 0 [::]:45765 [::]:* LISTEN
24163In order for your virtual machine to reach the internet, it's packets travels through a number of virtual networks. The final network node is 10.200.0.1. Using traceroute, find out how many hops it takes to reach 10.200.0.1. Note you must use ICMP ECHO in traceroute, rather than the default. Find the right flag in the manual.
[root@host-1-89 ~]# traceroute --icmp 10.200.0.1
traceroute to 10.200.0.1 (10.200.0.1), 30 hops max, 60 byte packets
1 host-1-94.linuxzoo.net (10.0.1.94) 0.283 ms 0.196 ms 0.326 ms
2 hub1-gw.linuxzoo.net (10.200.0.1) 0.467 ms 0.329 ms 0.425 ms
2Use nmap to analyse the ports open on 10.200.0.1. As the nmap command can take quite a while to run, restrict your scan to the open tcp ports between port numbers 50 to 80 inclusive. List the open port numbers you find with spaces between them in the box below (e.g. if ports 50 and 60 are open, the answer is "50 60"). The numbers in your list must be sorted (smallest number first).
IMPORTANT. Linuxzoo security may shut you down if you produce too many packets too quickly! Use the following options for nmap or you may be kicked off the system. Even with these options the scan may take quite a few seconds.
nmap 10.200.0.1 -p 50-80 --max-retries 3
[root@host-1-89 ~]# nmap 10.200.0.1 -p 50-80 --max-retries 3
Starting Nmap 6.40 ( http://nmap.org ) at 2021-08-04 02:33 BST
Nmap scan report for hub1-gw.linuxzoo.net (10.200.0.1)
Host is up (0.00058s latency).
Not shown: 29 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
53 80The tcpdump command allows us to capture all or some of the network traffic on a particular network device. In this question use the tcpdump command to capture the behaviour of a web page request emulated using lwp-request.
Capturing packets sucessfully can be tricky, especially since you have to use the same network to talk to your machine, and you dont want to capture that too... Therefore consider the following commands to perform the capturing. NOTE you only type in the characters IN BOLD.
$ tcpdump -vi eth0 port 80 > /tmp/log & [1] 3123 $ lwp-request http://linuxzoo.net ...blah...blah ...blah...blah $ kill -1 %1 [1]+ Done .... $ Where it says "eth0" you must replace that with your main network connection device, which you discovered right at the beginning of this tutorial.
Now, look at the contents of /tmp/log and enter in the box below the common IP flag which appears in most packets (The information can be found between the [..] brackets immediately after the text "flags". Ignore the information after the text "Flags" e.g. look for the one all in lowercase). Enter the two letters seen in the box below.
What is the common IP flag seen in the log: (case sensitive)
[root@host-1-89 ~]# tcpdump -vi ens3 port 80 > /tmp/log &
[root@host-1-89 ~]# lwp-request http://linuxzoo.net
# You will get html web pae source code
[root@host-1-89 ~]# cat /tmp/log
02:37:15.989878 IP (tos 0x0, ttl 64, id 43516, offset 0, flags [DF], proto TCP (6), length 60)
host-1-89.linuxzoo.net.40470 > 146.176.166.1.http: Flags [S], cksum 0x4439 (incorrect -> 0xa88e), seq 2028748157, win 29200, options [mss 1460,sackOK,TS val 431233 ecr 0,nop,wscale 6], length 0
DFEach packet it split over multiple lines. A new packet starts on a fresh line, beginning with a timestamp. This should be folowed with IP and then the IP header information.
Assuming the packet is a TCP packet, the next link should include "Flags" (with a capital F) which are the TCP flags.
Find the packets involved with the TCP Fin flag. The first of those is the packet which first requested the stream be closed. What is the TCP sequence number of that packet?
02:37:16.221428 IP (tos 0x0, ttl 63, id 33604, offset 0, flags [DF], proto TCP (6), length 9211)
146.176.166.1.http > host-1-89.linuxzoo.net.40470: Flags [P.], cksum 0x67f8 (incorrect -> 0x7875), seq 1:9160, ack 133, win 235, options [nop,nop,TS val 2633755475 ecr 431272], length 9159
9160Last updated
Was this helpful?