essential, admin, net

Essential Unix commands

Enter the number of entries in the top level directory. You can use the command ls / and simply count the words.

If you are too lazy to count you can pass the output through the wc command: 'wc -l'

ls / | wc -l
20

Edit the file /etc/motd so that it contains the single word Welcome You can use the echo command and redirect the output, or you can use an editor such as vi or nano (similar to pico). If you get a permission denied error ARE YOU SURE YOU ARE ROOT?

On some Windows machines, nano does not seem to like the cursor keys. If (and only if) the cursor keys result in funny characters when using nano, type the following at the prompt and then try nano again:

export TERM=vt102

echo 'Welcome' > /etc/motd

Give the uid of the user called "operator".

id operator
uid=11(operator) gid=0(root) groups=0(root)

11

Who is the owner of the directory /var/cache/httpd? If you get no information, are you sure you are using "ls" to give the directory information or the contents of the directory instead?

ll /var/cache/httpd
total 0
drwx------. 2 apache apache 6 Nov 14  2016 proxy

apache

Give the name of the first directory (alphabetically) of / that has no read permission for other.

ll / | sort -k9

root

Change the permission of the directory /var/log/httpd so that group and world have execute and read permission.

ll /var/log | grep http
drwx------. 2 root   root         6 Nov 14  2016 httpd

chmod 755 /var/log/httpd

Change the owner of the file /etc/ntp.conf to operator

chown operator:root /etc/ntp.conf

Create a directory /root/dropzone It should be set up so that group and other users can save files in the directory, but they cannot read the files that are there. User root must able to read and write the directory.

mkdir /root/dropzone

chmod 733 /root/dropzone

Create a symbolic link so that the file /usr/share/dict/words appears as /root/words

ln -s /usr/share/dict/words /root/words

This is a challenge question. Miss it out if you dont know regular expressions.

Use grep on words to find a word that contains each of the vowels in the correct order. How many such words are there? (you may include words with extra vowels such as adventitious. /root/words

grep '.*a.*e.*i.*o.*u' /root/words

This is a challenge question. Miss it out if you dont know regular expressions.

The word minglingly includes the same four characters (e.g. ingl) repeated. How many such words are there which also begin with lower case "m" (any four character are repeated).

# grep -E '\bs' file.txt # all words starting with s
# grep -E 's\b' file.txt # all words ending with s
# cat /root/words | grep ^s | grep '^s.*\(...\).*\1.*\1'
27

Look in /usr/share/doc and find a directory starting "git-" followed by a version number. In the following questions this directory is referred to as the "git" directory...

How much space is being used by the git directory? Use a command to calculate this, and dont try adding it up yourself! We want the total answer in human readable format (eg 6.2M).

du -sh /usr/share/doc/git-1.8.3.1
12M    /usr/share/doc/git-1.8.3.1

In human readable form (eg 123M) how much disk space is available on the main filesystem?

df -h /
Filesystem                   Size  Used Avail Use% Mounted on
/dev/mapper/centos_lvm-root  6.5G  4.4G  2.2G  67% /

Remove the entire git directory (it is not used in our tutorials). Now repeat the above calculation for disk space, but this time give the answer in blocks.

rm -rf /usr/share/doc/git-1.8.3.1
df -T
Filesystem                  Type     1K-blocks    Used Available Use% Mounted on
/dev/mapper/centos_lvm-root xfs        6813696 4543944   2269752  67% /
devtmpfs                    devtmpfs    234228       0    234228   0% /dev
tmpfs                       tmpfs       250160      84    250076   1% /dev/shm
tmpfs                       tmpfs       250160    8892    241268   4% /run
tmpfs                       tmpfs       250160       0    250160   0% /sys/fs/cgroup
/dev/sda1                   xfs         508588  209632    298956  42% /boot
tmpfs                       tmpfs        50032      16     50016   1% /run/user/42
tmpfs                       tmpfs        50032       0     50032   0% /run/user/1001

2269752

Essential Unix Administration

Use sfdisk with block units and find out the partitions which exist in /dev/sda. How many blocks are in the first partition?

[root@host-1-129 ~]# sfdisk -l /dev/sda

Disk /dev/sda: 1020 cylinders, 232 heads, 62 sectors/track
Units: cylinders of 7364608 bytes, blocks of 1024 bytes, counting from 0

   Device Boot Start     End   #cyls    #blocks   Id  System
/dev/sda1   *      0+     71-     72-    512000   83  Linux
sfdisk:         start: (c,h,s) expected (0,33,3) found (0,32,33)

sfdisk:         end: (c,h,s) expected (71,77,10) found (63,221,30)

/dev/sda2         71+   1020-    950-   6827008   8e  Linux LVM
sfdisk:         start: (c,h,s) expected (71,77,11) found (63,221,31)

sfdisk:         end: (c,h,s) expected (1020,135,14) found (913,201,56)

/dev/sda3          0       -       0          0    0  Empty
/dev/sda4          0       -       0          0    0  Empty

[root@host-1-129 ~]# sfdisk -s /dev/sda1
512000

Use the pvdisplay command of LVM to discover what physical volume (i.e. which partition) is being managed by LVM. What is the partition being used (PV Name) and what is the volume group name (VG Name)?

[root@host-1-129 ~]# pvdisplay 
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               centos_lvm
  PV Size               6.51 GiB / not usable 3.00 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              1666
  Free PE               0
  Allocated PE          1666
  PV UUID               kIogiH-f548-AELA-NMVK-sbr7-9u7j-2K6MDz

[root@host-1-129 ~]# vgdisplay 
  --- Volume group ---
  VG Name               centos_lvm
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  2
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               6.51 GiB
  PE Size               4.00 MiB
  Total PE              1666
  Alloc PE / Size       1666 / 6.51 GiB
  Free  PE / Size       0 / 0   
  VG UUID               qGpE99-5l8L-vs0X-M4Zz-0FDU-O5sY-5Qm6P5

Use lvdisplay to discover information about the VG Name found in the previous question. What is the first LV Path which is using the volume group discovered in the previous question?

[root@host-1-129 ~]# lvdisplay 
  --- Logical volume ---
  LV Path                /dev/centos_lvm/root
  LV Name                root
  VG Name                centos_lvm
  LV UUID                xnNIQ2-ct1m-UqaR-BkjO-GrNI-FUwt-e2ciYM
  LV Write Access        read/write
  LV Creation host, time host-19-17.linuxzoo.net, 2014-09-08 09:08:59 +0100
  LV Status              available
  # open                 1
  LV Size                6.51 GiB
  Current LE             1666
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     8192
  Block device           253:0

Using the path discovered in the previous question, look at this path in the /dev directory using a long listing ls command. Assuming this is in fact a soft link, what is the ABSOLUTE device name which this link is pointing to?

[root@host-1-129 ~]# ll /dev/centos_lvm/root
lrwxrwxrwx. 1 root root 7 Aug  3 15:13 /dev/centos_lvm/root -> ../dm-0

/dev/dm-0

For mounting this logical volume, the current method is NOT to use the volume name, or even the device it points to. Instead the device mapper is used, which can support different layers (such as encryption on top of something else). This can be found in /dev/mapper.

Look in /dev/mapper, and find the soft link which points to the device file identified in the previous question. What is the relative name of this link? So if the link was /dev/mapper/gordon, the answer wanted here is "gordon".

[root@host-1-129 ~]# ll /dev/mapper
total 0
lrwxrwxrwx. 1 root root       7 Aug  3 15:13 centos_lvm-root -> ../dm-0
crw-------. 1 root root 10, 236 Aug  3 15:13 control

centos_lvm-root

Look in the fstab mount table. Find the line which mounts this partition via the mapper device. Where is this partition mounted?

[root@host-1-129 ~]# cat /etc/fstab 

#
# /etc/fstab
# Created by anaconda on Mon Sep  8 08:09:05 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos_lvm-root /                       xfs     defaults        1 1
UUID=f3b744e4-e754-4842-93d1-43b06de64b66 /boot                   xfs     defaults        1 2
UUID=971d09b6-8ce8-49c7-9ec9-16b0155f42cf swap                    swap    defaults        0 0

/

One can also mount things using the filesystem block id (which is the UUID shown in fstab). What block id could you use instead of the mapper mount in this case? It is in a format like ffffff-ffff-fffff-fffff-ffffffffff.

[root@host-1-129 ~]# blkid
/dev/sdb1: UUID="971d09b6-8ce8-49c7-9ec9-16b0155f42cf" TYPE="swap" 
/dev/sda1: UUID="f3b744e4-e754-4842-93d1-43b06de64b66" TYPE="xfs" 
/dev/sda2: UUID="kIogiH-f548-AELA-NMVK-sbr7-9u7j-2K6MDz" TYPE="LVM2_member" 
/dev/mapper/centos_lvm-root: UUID="b66fdf9b-16f0-4648-9663-536881db0ab1" TYPE="xfs" 

b66fdf9b-16f0-4648-9663-536881db0ab1

Recall that you discovered the device file in /dev which the LVM mapper entry was soft linked to. What was the major and minor number of this device?

[root@host-1-129 ~]# ls -lisha /dev
total 4.0K
 6688    0 crw-------.  1 root root     10,  62 Aug  3 15:13 crash
 8430    0 drwxr-xr-x.  5 root root         100 Aug  3 15:13 disk
 8678    0 brw-rw----.  1 root disk    253,   0 Aug  3 15:13 dm-0

253,0

Somewhere in the /proc filesystem there is a file which tells you how much swap space has been allocated to the computer. Find that file and then find out how big in bytes the swap space is. Hint: the information that you require is located within the /proc directory within a file .

[root@host-1-129 ~]# free
              total        used        free      shared  buff/cache   available
Mem:         500320      234168       16908        8564      249244      214144
Swap:       2103484         440     2103044

What is the process id of rsyslogd? Hint: remember the 'ps aux' command?

[root@host-1-129 ~]# ps -aux | grep rsyslogd
root      1003  0.0  0.6 219776  3252 ?        Ssl  15:13   0:00 /usr/sbin/rsyslogd -n
root      8636  0.0  0.1 112652   920 pts/1    S+   17:01   0:00 grep --color=auto rsyslogd

Kill rsyslogd using the kill command.

[root@host-1-129 ~]# kill 1003

Using systemctl, get the status of the rsyslog service. What is the full path to the systemd configuration file which controls the rsyslog serice?

[root@host-1-129 ~]# systemctl status rsyslog.service 
● rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Tue 2021-08-03 17:02:29 BST; 56s ago
  Process: 1003 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 1003 (code=exited, status=0/SUCCESS)

Aug 03 15:13:25 host-1-129.linuxzoo.net systemd[1]: Starting System Logging Service...
Aug 03 15:13:25 host-1-129.linuxzoo.net systemd[1]: Started System Logging Service.

/usr/lib/systemd/system/rsyslog.service

Look at this configuration file. Find the line which configures the environmental variables of rsyslog (EnvironmentFile). Ignoring the "=" or the "=-" if it exists, what is the environment file for this service?

[root@host-1-129 ~]# cat /usr/lib/systemd/system/rsyslog.service
[Unit]
Description=System Logging Service
;Requires=syslog.socket
After=network.target

[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/rsyslog
ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS
Restart=on-failure
UMask=0066
StandardOutput=null

[Install]
WantedBy=multi-user.target
;Alias=syslog.service

/etc/sysconfig/rsyslog

Restart the rsyslogd services using systemctl. Confirm it is running using the status option.

[root@host-1-129 ~]# systemctl restart rsyslog.service

Start the database. This is called mariadb. This may take a few seconds.

[root@host-1-129 ~]# service mariadb start
Redirecting to /bin/systemctl start  mariadb.service

Using systemctl, discover the process id (PID) for the main process. Note, mariadb has many processes, so make sure you select the Main PID.

[root@host-1-129 ~]# systemctl status mariadb.service 
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-08-03 17:09:33 BST; 36s ago
  Process: 9179 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
  Process: 9097 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 9178 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─9178 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─9335 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/m...
9178

What user is the owner of this process? Use the "ps" command with the appropriate flags.

[root@host-1-129 ~]# ps -aux | grep mariadb
mysql     9335  0.2 16.0 902780 80116 ?        Sl   17:09   0:00 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock

mysql

If the main pid is the parent of the database, what is the PID of the first child of this parent pid? So if you have the process name for this PID, then pstree might help here.

9335

Set the mariadb to run next time you boot your virtual machine.

[root@host-1-129 ~]# systemctl enable mariadb.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.

Systemctl has an option "list-unit-files", which says which things are enabled for running at boot. How many units are enabled?

[root@host-1-129 ~]# systemctl list-unit-files | grep enabled | wc -l
73

How many enabled units are socket units?

[root@host-1-129 ~]# systemctl list-unit-files --type=socket | grep enabled | wc -l
10

Now set the mariadb so that it DOES NOT run next time you boot your virtual machine.

[root@host-1-129 ~]# systemctl disable mariadb.service
Removed symlink /etc/systemd/system/multi-user.target.wants/mariadb.service.

Linux Networking

What is the network device name which connects you to the linuxzoo network? This will have an IPv4 address which starts "10."... Do not type in /dev when you answer this (i.e. make the answer relative to /dev).

[root@host-1-193 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:c1:00:01:90 brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.193/29 brd 10.0.1.199 scope global dynamic ens3
       valid_lft 863865sec preferred_lft 863865sec
    inet6 fe80::2192:5ec6:16e0:dcba/64 scope link 
       valid_lft forever preferred_lft forever

ens3

What is the broadcast address for this network connection?

2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:c1:00:01:90 brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.193/29 brd 10.0.1.199 scope global dynamic ens3
       valid_lft 863865sec preferred_lft 863865sec
    inet6 fe80::2192:5ec6:16e0:dcba/64 scope link 
       valid_lft forever preferred_lft forever

10.0.1.199

What is the netmask in quad dotted format for this network connection?

255.255.255.248

What is the IP for the default route (i.e. the gateway) for your virtual machine?

[root@host-1-193 ~]# ip route
default via 10.0.1.198 dev ens3  proto static  metric 100 
10.0.1.192/29 dev ens3  proto kernel  scope link  src 10.0.1.193  metric 100 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1

10.0.1.198

Device eth2 is connected to a network for which your virtual machine is the gateway. The network ip is 192.168.1.0 and the netmask is 255.255.255.0. Your IP should be the last valid host IP number allowed for that network.

Calculate the your IP/NETWORK configuration for eth2.

# http://jodies.de/ipcalc?host=192.168.1.0&mask1=24&mask2=

Address:   192.168.1.0           11000000.10101000.00000001 .00000000
Netmask:   255.255.255.0 = 24    11111111.11111111.11111111 .00000000
Wildcard:  0.0.0.255             00000000.00000000.00000000 .11111111
=>
Network:   192.168.1.0/24        11000000.10101000.00000001 .00000000 (Class C)
Broadcast: 192.168.1.255         11000000.10101000.00000001 .11111111
HostMin:   192.168.1.1           11000000.10101000.00000001 .00000001
HostMax:   192.168.1.254         11000000.10101000.00000001 .11111110
Hosts/Net: 254                   (Private Internet)

192.168.1.254/24

Configure eth2 as per the previous question. Confirm operations by pinging 192.168.1.23. Make sure the broadcast address is correct too.

[root@host-1-193 ~]# ifconfig eth2 192.168.1.254 netmask 255.255.255.0 up
[root@host-1-193 ~]# ping 192.168.1.23
PING 192.168.1.23 (192.168.1.23) 56(84) bytes of data.
64 bytes from 192.168.1.23: icmp_seq=1 ttl=64 time=0.142 ms
64 bytes from 192.168.1.23: icmp_seq=2 ttl=64 time=0.045 ms
64 bytes from 192.168.1.23: icmp_seq=3 ttl=64 time=0.060 ms
64 bytes from 192.168.1.23: icmp_seq=4 ttl=64 time=0.062 ms

Device eth3 is connected to a network for which your virtual machine is the gateway. The network ip is 192.168.3.48 and the netmask is 255.255.255.240. Your IP should be the last valid host IP number allowed for that network.

Calculate the your IP/NETWORK configuration for eth3.

# http://jodies.de/ipcalc?host=192.168.3.48&mask1=28&mask2=
Address:   192.168.3.48          11000000.10101000.00000011.0011 0000
Netmask:   255.255.255.240 = 28  11111111.11111111.11111111.1111 0000
Wildcard:  0.0.0.15              00000000.00000000.00000000.0000 1111
=>
Network:   192.168.3.48/28       11000000.10101000.00000011.0011 0000 (Class C)
Broadcast: 192.168.3.63          11000000.10101000.00000011.0011 1111
HostMin:   192.168.3.49          11000000.10101000.00000011.0011 0001
HostMax:   192.168.3.62          11000000.10101000.00000011.0011 1110
Hosts/Net: 14                    (Private Internet)

192.168.3.62/28

Configure eth3 as per the previous question. Confirm operations by pinging 192.168.3.50. Make sure the broadcast address is correct too.

[root@host-1-193 ~]# ifconfig eth3 192.168.3.62 netmask 255.255.255.240 up
[root@host-1-193 ~]# ping 192.168.3.50
PING 192.168.3.50 (192.168.3.50) 56(84) bytes of data.
64 bytes from 192.168.3.50: icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from 192.168.3.50: icmp_seq=2 ttl=64 time=0.045 ms
64 bytes from 192.168.3.50: icmp_seq=3 ttl=64 time=0.045 ms
^C
--- 192.168.3.50 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.045/0.058/0.086/0.021 ms

Using an "ip link" command, discover the mac address of eth3.

[root@host-1-193 ~]# ip link
6: eth3@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000
    link/ether be:5a:e8:96:7b:90 brd ff:ff:ff:ff:ff:ff link-netnsid 1

be:5a:e8:96:7b:90

What is the mac address of 192.168.3.50? Hint: "/proc"...

[root@host-1-193 proc]# cat /proc/net/arp 
IP address       HW type     Flags       HW address            Mask     Device
192.168.3.50     0x1         0x2         ce:36:a2:bc:ca:11     *        eth3
10.0.1.198       0x1         0x2         9a:21:54:58:b2:17     *        ens3

ce:36:a2:bc:ca:11

If you were able to log onto 192.168.3.50, how would you have configured the default route?

[root@host-1-193 proc]# ip route
default via 10.0.1.198 dev ens3  proto static  metric 100 
10.0.1.192/29 dev ens3  proto kernel  scope link  src 10.0.1.193  metric 100 
192.168.1.0/24 dev eth2  proto kernel  scope link  src 192.168.1.254 
192.168.3.48/28 dev eth3  proto kernel  scope link  src 192.168.3.62 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1

ip route add default via 192.168.3.62 dev eth0

How many programs are listening on ipv4 TCP sockets on your machine. Hint: the netstat command will help you here.

[root@host-1-193 proc]# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:35311           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:49007           0.0.0.0:*               LISTEN      1014/rpc.statd      
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:20048           0.0.0.0:*               LISTEN      1053/rpc.mountd     
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1235/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1022/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1296/master         
tcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN      -                   

8

What is the PID of the process which is listening on UDP port 111 (sunrpc). Hint: the netstat command will help you here.

[root@host-1-193 proc]# netstat -aunp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
udp        0      0 0.0.0.0:111             0.0.0.0:*                           631/rpcbind         

[root@host-1-193 proc]# ps -aux | grep rpcbind
rpc        631  0.0  0.2  64948  1356 ?        Ss   00:59   0:00 /sbin/rpcbind -w

631

When you connected to linuxzoo.net via telnet or ssh, it was forwarded from 10.200.0.1 (the main linuxzoo server) to your machine's telnet or ssh server using a proxy. Find the port number on the 10.200.0.1 end of one of these proxy connections and enter it below. Hint: again try the netstat command very near the beginning of the output... It sometimes helps to use "-n", as this does not do DNS lookups.

[root@host-1-89 ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:36494           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:mountd          0.0.0.0:*               LISTEN     
tcp        0      0 host-1-89.linuxz:domain 0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:nfs             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:51691           0.0.0.0:*               LISTEN     
tcp        0      0 host-1-89.linuxzoo.:ssh hub1-gw.linuxzoo.:24163 ESTABLISHED
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN     
tcp6       0      0 [::]:mountd             [::]:*                  LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 [::]:36247              [::]:*                  LISTEN     
tcp6       0      0 [::]:telnet             [::]:*                  LISTEN     
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN     
tcp6       0      0 [::]:nfs                [::]:*                  LISTEN     
tcp6       0      0 [::]:45765              [::]:*                  LISTEN     

24163

In order for your virtual machine to reach the internet, it's packets travels through a number of virtual networks. The final network node is 10.200.0.1. Using traceroute, find out how many hops it takes to reach 10.200.0.1. Note you must use ICMP ECHO in traceroute, rather than the default. Find the right flag in the manual.

[root@host-1-89 ~]# traceroute --icmp 10.200.0.1
traceroute to 10.200.0.1 (10.200.0.1), 30 hops max, 60 byte packets
 1  host-1-94.linuxzoo.net (10.0.1.94)  0.283 ms  0.196 ms  0.326 ms
 2  hub1-gw.linuxzoo.net (10.200.0.1)  0.467 ms  0.329 ms  0.425 ms

2

Use nmap to analyse the ports open on 10.200.0.1. As the nmap command can take quite a while to run, restrict your scan to the open tcp ports between port numbers 50 to 80 inclusive. List the open port numbers you find with spaces between them in the box below (e.g. if ports 50 and 60 are open, the answer is "50 60"). The numbers in your list must be sorted (smallest number first).

IMPORTANT. Linuxzoo security may shut you down if you produce too many packets too quickly! Use the following options for nmap or you may be kicked off the system. Even with these options the scan may take quite a few seconds.

nmap 10.200.0.1 -p 50-80 --max-retries 3

[root@host-1-89 ~]# nmap 10.200.0.1 -p 50-80 --max-retries 3

Starting Nmap 6.40 ( http://nmap.org ) at 2021-08-04 02:33 BST
Nmap scan report for hub1-gw.linuxzoo.net (10.200.0.1)
Host is up (0.00058s latency).
Not shown: 29 filtered ports
PORT   STATE SERVICE
53/tcp open  domain
80/tcp open  http

53 80

The tcpdump command allows us to capture all or some of the network traffic on a particular network device. In this question use the tcpdump command to capture the behaviour of a web page request emulated using lwp-request.

Capturing packets sucessfully can be tricky, especially since you have to use the same network to talk to your machine, and you dont want to capture that too... Therefore consider the following commands to perform the capturing. NOTE you only type in the characters IN BOLD.

$ tcpdump -vi eth0 port 80 > /tmp/log & [1] 3123 $ lwp-request http://linuxzoo.net ...blah...blah ...blah...blah $ kill -1 %1 [1]+ Done .... $ Where it says "eth0" you must replace that with your main network connection device, which you discovered right at the beginning of this tutorial.

Now, look at the contents of /tmp/log and enter in the box below the common IP flag which appears in most packets (The information can be found between the [..] brackets immediately after the text "flags". Ignore the information after the text "Flags" e.g. look for the one all in lowercase). Enter the two letters seen in the box below.

What is the common IP flag seen in the log: (case sensitive)

[root@host-1-89 ~]# tcpdump -vi ens3 port 80 > /tmp/log &
[root@host-1-89 ~]# lwp-request http://linuxzoo.net
# You will get html web pae source code
[root@host-1-89 ~]# cat /tmp/log 
02:37:15.989878 IP (tos 0x0, ttl 64, id 43516, offset 0, flags [DF], proto TCP (6), length 60)
    host-1-89.linuxzoo.net.40470 > 146.176.166.1.http: Flags [S], cksum 0x4439 (incorrect -> 0xa88e), seq 2028748157, win 29200, options [mss 1460,sackOK,TS val 431233 ecr 0,nop,wscale 6], length 0

DF

Each packet it split over multiple lines. A new packet starts on a fresh line, beginning with a timestamp. This should be folowed with IP and then the IP header information.

Assuming the packet is a TCP packet, the next link should include "Flags" (with a capital F) which are the TCP flags.

Find the packets involved with the TCP Fin flag. The first of those is the packet which first requested the stream be closed. What is the TCP sequence number of that packet?

02:37:16.221428 IP (tos 0x0, ttl 63, id 33604, offset 0, flags [DF], proto TCP (6), length 9211)
    146.176.166.1.http > host-1-89.linuxzoo.net.40470: Flags [P.], cksum 0x67f8 (incorrect -> 0x7875), seq 1:9160, ack 133, win 235, options [nop,nop,TS val 2633755475 ecr 431272], length 9159

9160