using tcpdump. tcpdump is a powerful tool that allows us to sniff network packets and make some...
TRANSCRIPT
Using tcpdump
Using tcpdump
tcpdump is a powerful tool that allows us to sniff network packets and make some statistical analysis out of those dumps. tcpdump operates by putting the network card into promiscuous mode in order to capture all the packetsUsing tcpdump we have a view on any TCP/UDP connection establishment and termination
Using tcpdump
Flags can be any of the list S -> SYN (Synchronize sequence numbers
Connection establishment) F -> FIN (Ending of sending by sender -
Connection termination) R -> RST (Reset connection) P -> PSH (Push data) (No flag is set) ACK -> Acknowledgement URG -> Urgent
Using tcpdumpThe three way handshake
The client sends a SYN segment with the port number of the server it wants to connect to and the client's initial sequence number (Line 1).The server responds with its own SYN segment containing its initial sequence number (Line 2). This segment also contains an ack flag. So this segment acknowledges the client SYN (segment 1412042008 +1).The client acknowledges this SYN from the server by sending another segment containing the "." flag and ack (Line 3).
Using tcpdump
Some examples:tcpdump -n tcpdump -n host 192.168.0.21 tcpdump -n host 192.168.0.21 port 80tcpdump -n host 192.168.0.21 port 80 or 443tcpdump -n host 192.168.0.21 and not port 22
Other switches -i specify the network interface -f send results to <filename> -c capture until specified number of packets are captured
Using tcpdump
Now some Demos….
Unix Processes and CRON
What is a Process?A process is an instance of a running program.
A process consists of A process ID An owner who created the process A program counter that keeps track of where you are A copy of the stack and registers used by the process An address space (Chunk of Memory) that contains
Text Segment - executable instruction Data segment - all the data used by the program User segment - process ID information
Unix is a Multitasking OS
In multitasking the OS loads several processes into memory and switches rapidly amongst them. This keeps the processor busy.
The processor switches processes when: A program terminates A program has to wait for IO A program has used up its time allotment
The challenge of multitasking is scheduling which process should run at any given moment.
The kernel is responsible for managing all of the processes.
The Life of a Process1. The user enters a command at the shell2. The shell examines the command, finds the program
file, and invokes the loader.3. The loader examines the file and loads the instructions
and data into main memory. 4. A process control block (PCB) is created and placed
into a ready queue.5. The CPU scheduler chooses processes from the ready
queue and executes them.6. The process get selected and is loader by the
dispatcher.7. The process runs until it has to wait. After waiting it
goes back in the ready queue.8. Repeat 5-7 until the process terminates.
Parent and Child Processes
Every process, save one, has a parent process that created it. Thus, every process is a child of another one.
Processes cannot be orphaned, at the very least they belong to the first process, the root process, created when the system booted.
All processes have an ancestory, a hierarchy of process between it an the root process.
vi cat
shell1
pine
Shell2
root process
Process Creation Functions
fork() - processes are created by the fork system call. This call creates a new process that is identical to its parent but has its own ID.
exec() - loads a copy of the program to be executed over the address space it currently has. This overwrites the text and data areas of the process with the new code and data.
wait() - waits for a child process to end
The Init Process
The init process is the ultimate parent of most processes on the computer.
It is the second process created by the computer and has a pid of 1. Remember, numbering starts at 0.
The following process shows how a shell is run.1. When the computer boots up it switches into multiuser mode.2. Upon switching, init forks and executes getty for every terminal
port3. Getty prints a login prompt at each port and then sleeps4. When user tries to log in getty executes login (overlays itself) 5. Login verifies user info and executes the shell (overlays itself)6. Init is left as the only parent of the shell7. When the shell dies, init forks and executes getty again. Thus, the
process repeats for a new user.
The Shell Process
The shell is a child process of init and is the first process available to the user.
The shell runs other processes that are its children. These processes may include another shell or a program. When the primary shell dies, the user is logged out.
The shell keeps the same PID for the entire time you are logged in. If you kill this PID, you kill your login session.
Shell Commands for Manipulating Processes
The shell provides several commands that allow it to manipulate its child processes.
Child processes may execute in the foreground or the background.
When run in the foreground, the shell waits for the program and displays its output.
When run in the background, the process runs and the shell keeps running and can continue to process commands.
The following keys manipulate processes: cntrl-z suspends the foreground processes cntrl-c kill the foreground process
Shell Commands for Manipulating Processes Cont.
In addition to keys, the bash shell includes the following commands:
bg puts a process (pid) in the background fg puts a process (pid) in the foreground jobs lists active jobs for the shell kill kill a process (pid) stop suspend a background process (pid) wait wait for background processes to finish
If a pid is not given for bg or fg, it assumes the process most recently suspended from the foreground.
Placing a & after a shell command will run it in the background. Note, that you cannot logout until process ends.
The nohup Command
The & option provided by the shell will not allow a background process to run if the shell is killed or the user logs out. Therefore, you cannot logout until all background processes have been dealt with.
The nohup command gets around this issue by guaranteeing that the command that follows it will not cause these hangup. If the shell dies, the ppid of the process transfers to 1, the init process.
Example nohup sort emp.lst &
Standard output from this command may be redirected to nohup.out
Listing Process Status
The ps [options] command is used to list the status of all processes.
Common ps options a list all processes associated with the current
terminal -u user list processes of a particular user (usr) -e list everything including system processes f get a full listing with parent’s ID listed (ppid) l give a long list with memory information
Note that the ps options may differ by system. For example, Linuz uses “ax” instead of “e”.
Killing a Process
The kill [options] pid command is used to terminate a process.
A process can only be killed by its owner or by someone with administrative permissions.
The kill command has the following options: l lists all of the signals kill can send 9 sends a special kill signal that cannot be caught
at - Controlling Job Execution
The at [options] time command can be used to set a job to run at a later time.
The at command takes commands from standard input. You enter the at command, hit enter, type the command to run, and then hit cntrl-D.
Examples: at 15 runs the command at 3:00 PM at 5pm runs the command at 5:00 PM at noon runs command at noon At now + 1 year run command a year from now At 15 + 1 day run command at 3:00PM tomorrow At 9am tomorrow run command at 9:00AM tomorrow
at and batch
at continued The -l option will list all jobs placed in the at queue and their
job number The -r # option will remove the job with the provided number
from the queue
Batch Command The batch command will run a series of commands when time
is available on the system. It does not take a time argument. Typically you enter the commands into a file and redirect that
file into standard input. For example, batch < cmnds.txt Batch places jobs into the at queue and they can be listed and
removed using “at -l” and “at -r” Or use atq or atrm
Cron - Scheduling Periodic Jobs
Cron is a complex program that allows you to schedule jobs/processes for periodic execution. For example, if you want to check the file system or run a virus checked each day.Cron requires you to create a file with the commands and times and notify the cron daemon using crontab -e. This creates a file with the user’s name in /var/spool/cron/crontabs