Twitter
Home Blog Page 422

4 Tools for Network Snooping on Linux

By
Carla Schroder
-

Computer networking data has to be exposed, because packets can’t travel blindfolded, so join us as we use whois, dig, nmcli, and nmap to snoop networks.

Do be polite and don’t run nmap on any network but your own, because probing other people’s networks can be interpreted as a hostile act.

Thin and Thick whois

You may have noticed that our beloved old whois command doesn’t seem to give the level of detail that it used to. Check out this example for Linux.com:

$ whois linux.com
Domain Name: LINUX.COM
Registry Domain ID: 4245540_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2018-01-10T12:26:50Z
Creation Date: 1994-06-02T04:00:00Z
Registry Expiry Date: 2018-06-01T04:00:00Z
Registrar: NameCheap Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: ok https://icann.org/epp#ok
Name Server: NS5.DNSMADEEASY.COM
Name Server: NS6.DNSMADEEASY.COM
Name Server: NS7.DNSMADEEASY.COM
DNSSEC: unsigned
[...]

There is quite a bit more, mainly annoying legalese. But where is the contact information? It is sitting on whois.namecheap.com (see the third line of output above):

$ whois -h whois.namecheap.com linux.com

I won’t print the output here, as it is very long, containing the Registrant, Admin, and Tech contact information. So what’s the deal, Lucille? Some registries, such as .com and .net are “thin” registries, storing a limited subset of domain data. To get complete information use the -h, or --host option, to get the complete dump from the domain’s Registrar WHOIS Server.

Most of the other top-level domains are thick registries, such as .info. Try whois blockchain.info to see an example.

Want to get rid of the obnoxious legalese? Use the -H option.

Digging DNS

Use the dig command to compare the results from different name servers to check for stale entries. DNS records are cached all over the place, and different servers have different refresh intervals. This is the simplest usage:

$ dig linux.com
<<>> DiG 9.10.3-P4-Ubuntu <<>> linux.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<<- opcode: QUERY, status: NOERROR, id: 13694
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1440
;; QUESTION SECTION:
;linux.com.                     IN      A

;; ANSWER SECTION:
linux.com.  10800   IN  A  151.101.129.5
linux.com.  10800   IN  A  151.101.65.5
linux.com.  10800   IN  A  151.101.1.5
linux.com.  10800   IN  A  151.101.193.5

;; Query time: 92 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Tue Jan 16 15:17:04 PST 2018
;; MSG SIZE  rcvd: 102

Take notice of the SERVER: 127.0.1.1#53(127.0.1.1) line near the end of the output. This is your default caching resolver. When the address is localhost, that means there is a DNS server installed on your machine. In my case that is Dnsmasq, which is being used by Network Manager:

$ ps ax|grep dnsmasq
2842 ?        S      0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground 
--no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid 
--listen-address=127.0.1.1

The dig default is to return A records, which define the domain name. IPv6 has AAAA records:

$ $ dig linux.com AAAA
[...]
;; ANSWER SECTION:
linux.com.  60  IN AAAA  64:ff9b::9765:105
linux.com.  60  IN AAAA  64:ff9b::9765:4105
linux.com.  60  IN AAAA  64:ff9b::9765:8105
linux.com.  60  IN AAAA  64:ff9b::9765:c105
[...]

Checkitout, Linux.com has IPv6 addresses. Very good! If your Internet service provider supports IPv6 then you can connect over IPv6. (Sadly, my overpriced mobile broadband does not.)

Suppose you make some DNS changes to your domain, or you’re seeing dig results that don’t look right. Try querying with a public DNS service, like OpenNIC:

$ dig @69.195.152.204 linux.com
[...]
;; Query time: 231 msec
;; SERVER: 69.195.152.204#53(69.195.152.204)

dig confirms that you’re getting your lookup from 69.195.152.204. You can query all kinds of servers and compare results.

Upstream Name Servers

I want to know what my upstream name servers are. To find this, I first look in /etc/resolv/conf:

$ cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1

Thanks, but I already knew that. Your Linux distribution may be configured differently, and you’ll see your upstream servers. Let’s try nmcli, the Network Manager command-line tool:

$ nmcli dev show | grep DNS
IP4.DNS[1]:      192.168.1.1

Now we’re getting somewhere, as that is the address of my mobile hotspot, and I should have thought of that myself. I can log in to its weird little Web admin panel to see its upstream servers. A lot of consumer Internet gateways don’t let you view or change these settings, so try an external service such as What’s my DNS server?

List IPv4 Addresses on your Network

Which IPv4 addresses are up and in use on your network?

$ nmap -sn 192.168.1.0/24
Starting Nmap 7.01 ( https://nmap.org ) at 2018-01-14 14:03 PST
Nmap scan report for Mobile.Hotspot (192.168.1.1)
Host is up (0.011s latency).
Nmap scan report for studio (192.168.1.2)
Host is up (0.000071s latency).
Nmap scan report for nellybly (192.168.1.3)
Host is up (0.015s latency)
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.23 seconds

Everyone wants to scan their network for open ports. This example looks for services and their versions:

$ nmap -sV 192.168.1.1/24

Starting Nmap 7.01 ( https://nmap.org ) at 2018-01-14 16:46 PST
Nmap scan report for Mobile.Hotspot (192.168.1.1)
Host is up (0.0071s latency).
Not shown: 997 closed ports
PORT   STATE    SERVICE VERSION
22/tcp filtered ssh
53/tcp open     domain  dnsmasq 2.55
80/tcp open     http    GoAhead WebServer 2.5.0

Nmap scan report for studio (192.168.1.102)
Host is up (0.000087s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)
631/tcp open  ipp     CUPS 2.1
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 256 IP addresses (2 hosts up) scanned in 11.65 seconds

These are interesting results. Let’s try the same run from a different Internet account, to see if any of these services are exposed to big bad Internet. You have a second network if you have a smartphone. There are probably apps you can download, or use your phone as a hotspot to your faithful Linux computer. Fetch the WAN IP address from the hotspot control panel and try again:

$ nmap -sV 12.34.56.78

Starting Nmap 7.01 ( https://nmap.org ) at 2018-01-14 17:05 PST
Nmap scan report for 12.34.56.78
Host is up (0.0061s latency).
All 1000 scanned ports on 12.34.56.78 are closed

That’s what I like to see. Consult the fine man pages for these commands to learn more fun snooping techniques.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

VMware and Pivotal’s PKS Distribution Marries Kubernetes with BOSH

By
The New Stack
-

In the cloud-native space, broadly speaking, there are two groups of users: platform operators and developers. And rarely does a new product or service meet the needs of both groups equally well.

Through the recently announced PKS (Pivotal Container Service), VMware and Pivotal — in partnership with Google Cloud — are focused squarely on solving this problem. Their new commercially supported release of the Cloud Foundry Container Runtime (formerly Kubo) promises to make Kubernetes easy to run and operate for virtualization administrators, thus giving development teams the support they want for new initiatives that require reliable infrastructure in the form of Kubernetes running on vSphere or Google Cloud Platform.

By combining Kubernetes with VMware’s infrastructure tooling and multi-cloud capabilities, Pivotal and VMware have created a product that may truly bring devs and ops together.

Read more at The New Stack

Serverless Service Mesh With Kubeless And Istio

By
Bitnami Perspectives
-

As a developer, you may know that maintaining services with different versions and authorization policies within a cluster can be difficult and prone to errors. You must carefully manage all possible routes between all of the services.

Creating a service mesh in conjunction with Kubeless and Istio simplifies a lot the deployment and network management. Kubeless allows you to deploy functions in just one command and Istio can manage requests routing and policies with descriptive files. In this article I am going to show how to do the following:

  • Set up the environment to deploy a service mesh.
  • Deploy several serverless functions that will from an application.
  • Route user requests to show different versions of the service.
  • Protect certain parts of the application from unauthorized sources.

Read more at Bitnami

How Debuggers Really Work

By
OpenSource.com
-

A debugger is one of those pieces of software that most, if not every, developer uses at least once during their software engineering career, but how many of you know how they actually work? During my talk at linux.conf.au 2018 in Sydney, I will be talking about writing a debugger from scratch… in Rust!

In this article, the terms debugger/tracer are interchangeably. “Tracee” refers to the process being traced by the tracer.

The ptrace system call

Most debuggers heavily rely on a system call known as ptrace(2), which has the prototype:

long ptrace(enum __ptrace_request request, pid_t pid, void *addr, void *data);

Read more at OpenSource.com

Speech Recognition for Linux Gets a Little Closer

By
Hackaday
-

It has become commonplace to yell out commands to a little box and have it answer you. However, voice input for the desktop has never really gone mainstream. This is particularly slow for Linux users whose options are shockingly limited, although decent speech support is baked into recent versions of Windows and OS X Yosemite and beyond.

There are four well-known open speech recognition engines: CMU Sphinx, Julius, Kaldi, and the recent release of Mozilla’s DeepSpeech (part of their Common Voice initiative). The trick for Linux users is successfully setting them up and using them in applications. [Michael Sheldon] aims to fix that — at least for DeepSpeech. He’s created an IBus plugin that lets DeepSpeech work with nearly any X application. He’s also provided PPAs that should make it easy to install for Ubuntu or related distributions.

Read more at Hackaday

How to Control Systemd Services on Remote Linux Server

By
Tecmint
-

Systemd system and services manager can be controlled using the systemctl command line utility. It enables you to manage systemd locally or on a remote Linux machine over the SSH protocol.

In this short article, we will show you how to manage systemd system and service manager on a remote Linux machine over a SSH session.

Attention: We recommend using public/private key pairs for passwordless authentication for SSH, as opposed to passwords, and also employing additional methods to secure SSH service, as explained in these guides.

Read more at Tecmint

SPDX Clears Confusion Around Software Licenses

By
Linux.com Editorial Staff
-

The Software Package Data Exchange (SPDX) is a Linux Foundation project to help reduce the ambiguity of software by defining standards for reporting information. The license is one such piece of information. SPDX provides a format for listing the specific license variant and version that applies to a software package. With over 300 licenses, you’re likely to find the one you use. The License List contains a human-friendly name, a short name, and a link to the full license text. SPDX also provides guidelines for matching the text of a license file to the official text of the license.

The SPDX Working Group recently released version 3.0 of the License List. This major revision includes clarified identifiers for GPL versions, improved matching guidance, and a new master format for the list. The new format replaces a spreadsheet and text files in favor of an XML-style template. This allows for richer expression of fields within the licenses.

Read more at OpenSource.com

Open Source Networking and a Vision of Fully Automated Networks

By
The Linux Foundation
-

Ever since the birth of local area networks, open source tools and components have driven faster and more capable network technologies forward. At the recent Open Source Summit event in Europe, Arpit Joshipura, Networking General Manager at The Linux Foundation, discussed his vision of open source networks and how they are being driven by full automation.

“Networking is cool again,” he said, opening his keynote address with observations on software-defined networks, virtualization, and more. Joshipura is no stranger to network trends. He has led major technology deployments across enterprises, carriers, and cloud architectures, and has been a steady proponent of open source.

Read more at The Linux Foundation

Announcing The Node.js Application Showcase

By
Node.js
-

The stats around Node.js are pretty staggering. There were 25 million downloads of Node.js in 2017, with over one million of them happening on a single day. And these stats are just the users. On the community side, the numbers are equally exceptional.

What explains this immense popularity? What we hear over and over is that, because Node.js is JavaScript, anyone who knows JS can apply that knowledge to build powerful apps — every kind of app. Node.js empowers everyone from hobbyists to the largest enterprise teams to bring their dreams to life faster than ever before.

Read more at Node.js

“The Apache Way” — Open Source Done Well

By
Jaxenter
-

The Apache Software Foundation has been supporting open source for nearly twenty years. But what’s it all about? In this article, Ignasi Barrera goes over the organization and why it has been so successful in creating new technology for the benefit of the whole community.

We strongly believe that good software is built by strong communities. Successful open source projects are the result of the work and collaboration in their communities and the people behind them. It is all about the people. Experience has shown us that helping people work together as peers is key in producing software in a sustainable way, and we have collected the lessons learned all these years in what we call “The Apache Way”.

Read more at JaxEnter

1...421422423...10,742Page 422 of 10,742