Jul 07

rp_filter Linux kernel feature

Reading time: 1 – 2 minutes

It’s just an IP spoofing protection which is by default enabled on Linux kernels. When it’s value is ‘1’ means that all IP address which are not directly routable and received form a network interface they are directly discarded.

So, if you want to scan a range of IP address in your LAN which not belong to that interface address space when packets from IP addresses are received they are going to be discarded by the kernel. So, take that into account when you have those “unusual” requirements.

It can be enable/disabled by all interfaces or just one:

root@mini9:/proc/sys/net/ipv4# cat ./conf/all/rp_filter
1
root@mini9:/proc/sys/net/ipv4# cat ./conf/ztly5q4n37/rp_filter
1

May 27

DRY DHCP Client: request and IP address to the DHCP server without a DHCP Client

Reading time: < 1 minute

When you want to discover LAN metadata without being part of that network. So, when you want to discover network address range, gateway, DNS IPs, DHCP server IPs, etc. this simple nmap parameter will help you so much.

# nmap --script broadcast-dhcp-discover

Starting Nmap 7.60 ( https://nmap.org ) at 2021-05-19 15:07 CEST
Pre-scan script results:
| broadcast-dhcp-discover:
|   Response 1 of 1:
|     IP Offered: 192.168.1.127
|     DHCP Message Type: DHCPOFFER
|     Subnet Mask: 255.255.255.0
|     Renewal Time Value: 4d00h00m00s
|     Rebinding Time Value: 7d00h00m00s
|     IP Address Lease Time: 8d00h00m00s
|     Server Identifier: 192.168.1.1
|     Router: 192.168.1.1
|_    Domain Name Server: 8.8.8.8, 8.8.4.4
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 1.43 seconds

May 26

Alive: shell script for alive monitoring using PING

Reading time: < 1 minute

Simple shell script based on bash which monitor a host with command line ping. Just bash and ping are the unique dependencies. Only state change are going to be printed:

#!/bin/bash

IP="THE_IP_TO_MONITOR"
STATE="offline"

show_state()
{
  echo "$(date '+%Y-%m-%dT%H:%M:%S') - " + $STATE;
}

while true;
do
  ping -c 4 $IP > /dev/null 2>&1
  if [ "$?" = "0" ]; then
    if [ "$STATE" = "offline" ];
    then
      STATE="online"
      show_state
    fi
  else
    if [ "$STATE" = "online" ];
    then
      STATE="offline"
      show_state
    fi
  fi
  sleep 10
done

Nov 27

Get Linux system process list without ‘ps’ command

Reading time: < 1 minute

When you work with embedded systems sometimes you would feel happy to have a Linux box until you discover there are plenty of basic things that you don’t have available, the extreme of that could be the ‘ps’ command which is used most of the time for checking if any process is running . Maybe you know that thanks the /proc filesystem there is access to the source of the information.

Keep next command close for solving this inconvenience he next time:

find /proc -mindepth 2 -maxdepth 2 -name exe -exec ls -lh {} \; 2>/dev/null

Jun 11

Nested byobu, re-assigning shortcuts

Reading time: 2 – 2 minutes

I’m a byobu user for a long time, I love it for many reasons. But this is just a quick tip for extreme users like me. I mean people who use byobu for local consoles with remote byobu sessions running on top of SSH, for instance.

When prefix key combinations has to be sent to the remote host we have to press “Control + a + a” and finally the command that we want to send to the remote systems. This is not comfortable many times. So, I modified my configuration file for changing the prefix when I want to send remote commands to the nested byobu.

This is going to work this way:

Control + a

    • as a prefix for local byobu session.

Control + b

    as a prefix for remote byobu session

Take a look on this screen capture where you can see byobu status bars stacked.

If you find useful the configuration that I described the only thing that you have to do is modify the configuration file: ~/.byobu/keybindings.tmux

unbind-key -n C-a 
set -g prefix C-a
set -g prefix2 F12
unbind-key -n C-b 
bind-key -n C-b send-prefix

I hope this is useful as it is for me.

May 02

HTTPie – command line HTTP client

Reading time: 1 – 2 minutes

I imagine you are used to using curl for many command line scripts, tests, and much more things. I did the same but some weeks ago I discovered HTTPie which is the best substitute that I’ve ever found for curl. Of course, it’s also available for a lot of Linux distributions, Windows, and Mac. But I used it with docker which is much more transparent for the operative system and easy to update. To be more precise I use next alias trick for using this tool:

alias http='sudo docker run -it --rm --net=host clue/httpie'

Official website: httpie.org

Let me paste some highlights about HTTPie:

  • Sensible defaults
  • Expressive and intuitive command syntax
  • Colorized and formatted terminal output
  • Built-in JSON support
  • Persistent sessions
  • Forms and file uploads
  • HTTPS, proxies, and authentication support
  • Support for arbitrary request data and headers
  • Wget-like downloads
  • Extensions
  • Linux, macOS, and Windows support

From the tool webpage a nice comparison about how HTTPie looks like versus curl.

Mar 21

Linux: Mounting file as a partition

Reading time: 1 – 2 minutes

When we have a file with a ‘dd’ of a full disk and we want to mount a partition of that disk, we have to use an offset for jumping to the beginning of the partition that we want to mount.
Using ‘fdisk’ command we can find the partitions of that disk copied inside a file.

fdisk -l FILE_WITH_DISK_INSIDE

Once partition table is shown there is a column called ‘Start’ using the corresponding number in this column for the partition that we want we can obtain the offset required for our mounting point. Reasoning behind that is multiply start sector per number of bytes per sector.

# OFFSET = START * 512
mount -o ro,loop,offset=OFFSET FILE_WITH_DISK_INSIDE /mnt

I hope thanks to this technical note next time that I forget how to get the offset I find it fastly.

UPDATE 2018/08/29:

If you don’t want to do that manually, there is a small tool called losetup which maps the partitions of a disk image on a file.


# example, attaching partitions to loopback devices
losetup -P /dev/loop0 DISK_IMAGE
# just mount the devices now, they are /dev/loop0pX where X is the number of the partition
# dettach this assignament:
losetup -d /dev/loop0