Monday, December 28, 2009

I do Trust Machines than hu~man ALIAS "Power of | xargs grep"

I do trust Machines than Human.. Here is an example..

One Day I got a call from my senior asking me the path of Checkpoint license file in IPSO. I was sure that in centralized licensing, it takes the smart center server's IP address..

So its sure that that file will contain my smart center server's IP address....:)) but how to search inside a file.... Its just like searching ur girl's mind :-(( quite difficult.. But I stick to the theory... "Nothing is Impossible".. Yea.. xargs will do that..

So the command would be

find . -name "*.*" | xargs grep ipaddress

But I stick to the other theory.. So I do Trust Machines than human

ahhh.. One more..
netstat -an | grep -i is similar to netstat -an | find ""
How to Install unix programs from Source Code

Preparing the System for Compiling

Before you can proceed with compiling programs on your system, you will need a compiler, libraries and some other basic utilities. Some of the common programs required for most of the programs are:

·GNU coreutils : The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. These are the core utilities which are expected to exist on every operating system. Previously these utilities were offered as three individual sets of GNU utilities, fileutils, shellutils, and textutils. Those three have been combined into a single set of utilities called the coreutils.

·GNU binutils - The GNU Binutils are a collection of binary tools. The main ones are ld ( GNU linker ) and as ( GNU assembler )
·GCC- GCC stands GNU Compiler Collection. GCC is an integrated distribution of compilers for several major programming languages. These languages currently include C, C++, Objective-C, Objective-C++, Java, Fortran, and Ada.

·Make - Make is a tool which controls the generation of executables and other non-source files of a program from the program's source files. Make gets its knowledge of how to build your program from a file called the makefile, which lists each of the non-source files and how to compute it from other files. When you write a program, you should write a makefile for it, so that it is possible to use Make to build and install the program.

·GNU tar/gunzip/bunzip2
These are archiving utility generally used to unpack source tarballs. These are generally in format of .tar, .tar.gz or bz2.

Step1: Get Source

In this example, we are going to install the latest version of NMAP released a few weeks back. We get the source from ..dist/nmap-4.20.tar.bz2 which is the current version. The latest rpm version available at this time was nmap-4.11 version.
To do this, I created another directory “nmap” and used wget to get the latest tarball as shown in the screenshot below.

Step 2: Unzip the Source Tarball
Now we unpack (unzip) the tarball by using the tar command.
This will extract the source code for nmap-4.20 into a folder.

Step 3: Run Configure Script

On different systems, the compiler and other libraries might be in different place than a regular Linux system. For example, you may be different type of bash than other users. Configure program creates a MakeFile which will be later used by make program.
Configure is basically a shell script generally written by GNU Autoconf, which looks at your system settings and tries various things to figure out what works. It takes instructions from and builds a MakeFile which it thinks would work on the current system.
You can view various program options by running "./configure --help"

On my system I don’t want to install NMAPFE (the front-end for nmap) so I am going to run the configure command again with appropriate options.

Once the configure command finishes, it creates a Makefile which will be used by make program to create binaries of nmap program. Let us now see what configure added to our Makefile which was not there earlier.
[root@localhost nmap-4.20]# diff Makefile
< prefix = @prefix@
> NMAP_PLATFORM=i686-pc-linux-gnu
> prefix = /usr/local
The last change shows that it removed NMAPFE, since I use --without-nmapfe in my configure option.

Step 4: Use Make Command

Make utility requires a file named Makefile in the same directory in which you are the command. In our case, the MakeFile has been created by using configure script which we will now use to run make command.
Make command uses the directions present in the Makefile and proceed with the installation. The Makefile indicates the sequence, which it must follow to build various components of nmap. This sequence depends on the way the software is designed by its coder.
Now lets run the make command in nmap folder.

Make command generally takes a while, once complete it will compile nmap’s source code and creates the executables. At this point you can use the nmap program from this folder by just typing ./nmap.
This means that everything done, only the same to copied to the installation path, which will be created by the script in the make file, permission are also given by the same script. J
Step 5: Run Make Install
When make is run without any parameters, it starts reading instructions from MakeFile from the start and start compiling code. However, when you run `make install` the make program reads the install label from Makefile and executes only that section of the makefile.
install-nmap: $(TARGET)
$(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(nmapdatadir)
$(INSTALL) -c -m 755 -s nmap $(DESTDIR)$(bindir)/nmap
$(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1
$(INSTALL) -c -m 644 docs/nmap.xsl $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 docs/nmap.dtd $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-services $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-rpc $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-os-fingerprints $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-os-db $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-service-probes $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-protocols $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-mac-prefixes $(DESTDIR)$(nmapdatadir)/
Install section instructs make to copy files created in previous step to final directories. For example, executables are copied into /usr/local/bin. When we ran only make the executables were created in the same folder where we unzipped the tarball. So, now when we run make install, these executables are copied to their final destinations.

Tip: Keeping a log of what was installed by the program
Many good programs provide you with `make uninstall` section to easily uninstall the program and its executables from the system. If not provided, you can use this tip to find what was installed when you ran `make install`.
Before running `make install`, run the following command on your system. This will create a big list of all files that exist in your system except the following directories: /proc , /tmp and /dev. These directories are transient and not used when installing programs so we can ignore them.

After running the `make install` again run the same command and create a post-install list. Then you can run diff between these 2 files and it will show you list of all the files that were installed during nmap installation.

Sunday, August 30, 2009

How Traceroute Works


What is Traceroute?

It is an application layer implementation to find the hops when a packet traverses to a destination.

What are the Protocols Used in Traceroute?

Traceroute works with combination of both ICMP and UDP. It mainly relies on ICMP Time-to-Live Exceeded (Type 11)

How it Works?

When you execute a traceroute command (ie traceroute, your machine sends out 3 UDP packets with a TTL (Time-to-Live) of 1. When those packets reach the next hop router, it will decrease the TTL to 0 and thus reject the packet. It will send an ICMP Time-to-Live Exceeded (Type 11), TTL equal 0 during transit (Code 0) back to your machine - with a source address of itself, therefore you now know the address of the first router in the path.

Next your machine will send 3 UDP packets with a TTL of 2, thus the first router that you already know passes the packets on to the next router after reducing the TTL by 1 to 1. The next router decreases the TTL to 0, thus rejecting the packet and sending the same ICMP Time-to-Live Exceeded with its address as the source back to your machine. Thus you now know the first 2 routers in the path.

This keeps going until you reach the destination. Since you are sending UDP packets with the destination address of the host you are concerned with, once it gets to the destination the UDP packet is wanting to connect to the port that you have sent as the destination port, since it is an uncommon port, it will most like be rejected with an ICMP Destination Unreachable (Type 3), Port Unreachable (Code 3). This ICMP message is sent back to your machine, which will understand this as being the last hop, therefore traceroute will exit, giving you the hops between you and the destination.

The UDP packet is sent on a high port, destined to another high port. On a Linux box, these ports were not the same, although usually in the 33000. The source port stayed the same throughout the session, however the destination port was increase by one for each packet sent out.

One note, traceroute actually sends 1 UDP packet of TTL, waits for the return ICMP message, sends the second UDP packet, waits, sends the third, waits, etc, etc, etc.

If during the session, you receive * * *, this could mean that that router in the path does not return ICMP messages, it returns messages with a TTL too small to reach your machine or a router with buggy software. After a * * * within the path, traceroute will still increment the TTL by 1, thus still continuing on in the path determination.

But what about the non unix implementation, ahhh.. Nothing but it uses fully ICMP messages for trace.. Instead of UDP it will use ICMP. One more twist, since it is UDP there is no port funda.. So the last hop will give a ICMP Reply.. Hope everthing is clear now..

Sunday, June 7, 2009

DDNS - Dynamic Domain Name System

I remember my previous Employer, Mr. Noby E.A. (MD, Craysol Technologies (Inida) Pvt. Ltd; who wrote a VB program to solve the dynamic ip address problem (there was no public IP available from ISP) he faced while hosting a mail server in his office. To resolve this, he wrote a application in VB to capture the current leased ip address (allocated by ISP DHCP) of his mail and update it in a small database located in a remote server published in internet. So before sending anything to his mail server, he will read the database from the public server for the latest ip address of mail server and put it as destination address.. But twas a small problem, at times after fetching the latest public ip of mail server, ISP DHCP renews the IP lease of mail server, hence the message lost.

Again after some time I started thinking about a vpn connectivity from an office which doesn't have public address, so the idea of DDNS came,

Before explaining DDNS, I hope you all have a good idea about DNS, For those who dont know, DNS is the one to one mapping between name to ip address. But in DNS its will not get updated dynamically and it may take even more than 24 hrs to get updated in the root DNS servers. Here come DDNS,

What is DNS?

DNS (Domain Name Service) is the Internet service/protocol which provides the translation between a FQDN, or domain name, and its associated IP address. A DNS server is a computer that is running the DNS service/protocol. Every internet domains must be assigned a DNS server or set of DNS servers to be able to resolve names for that domain.

For example, if you were to type in "", your computer would lookup who the DNS servers were for the domain It would then query that DNS server for the IP address of the name At that point, the DNS server would return the IP Address associated with and then your computer would connect to that IP Address.

But what happens if your IP address changes periodically such as if your machine is connected to your internet service provider who is providing you a dynamic IP Address via DHCP?

What is Dynamic DNS?

DDNS (Dynamic Domain Name Service) was created to solve this problem of giving a name to devices whose IP addresses change continually. So who is most likely to use Dynamic DNS? Well, static IP Addresses or web hosting accounts are relatively expensive. And there were alot of people who had a perfectly good computers at home behind their dedicated internet connection (cable or DSL). They wanted to use that machine as a server, for example, a web server.

But if someone typed "", there needed to be a service that could keep track of what the latest IP Address assigned to your computer was so that it could return the correct IP Address of your computer to a requesting computer. In a nutshell, that is what Dynamic DNS does.

How Does Dynamic DNS Work?

There are two components that are needed for Dynamic DNS to work. One is a client side component that will send the latest IP Address of the computer or device whenever it changes. And the second component is a server side DNS service which will receive the IP Address update from the client side component and also service DNS requests.

The client component is typically a piece of software you install on your computer that will monitor your IP address and forward it to the server component whenever the IP Address changes. Some of the newer cable/dsl modems and firewalls have this capabilty built in which eliminates the need to install client side software on your computer. There are lots of available DDNS client software that vary from freeware to shareware.

The server component for Dynamic DNS is typically provided by a hosted service provider that specializes in Dynamic DNS. Some provide this service for free while others charge a minimal fee. In addition, sometimes your domain registrar will also provide Dynamic DNS services.

Following are some of the DDNS Service Providers

* No-IP
* FreeDNS
* Dynamic Network Services, Inc
* ZoneEdit
* DHS International
* DNS2Go
* DNS Park, LLC.
* DNS Made Easy
* DyNS
* DynIP
* Dynu Systems Inc.
* dns.widge
* Domain DNS
* ZA NiC
* Open Domain Server
* DNS Wizard Corporation
* GnuDIP Dynamic DNS
* Constant Time Software
* StaticCling
* SelfHosT
* PlanetDNS
* Art of DNS
* yyWeb
* IWAS2 Tech's DNS Services
* Microtech Dynamic DNS
* WebReactor Networks
* Nikhilino Online
* DynDNS Info
* Continuum CMDNS
* DynDNS
* Virtual DNS
* SolidDNS
* Nicolas' Internet Services
* RocketDNS
* DSL Vdns Service
* Tzolkin Corporation
* WebWatchMen

Following are some of DDNS Clients

* DynDNS Updater
* Update Client
* Macintosh Dynamic DNS Client
* DynSite for Windows
* DirectUpdate
* NetCruiser Dynamic Domain
* StaticCling client
* EzDNS IP Address E-mailer/Poster

General How To For Setting Up Dynamic DNS

1. Select a Dyamic DNS Service. As part of the setup, You will need to setup a username/password and a FQDN (Fully Qualified Domain Name) to assign to your computer.

2. Find and install a DDNS client on your computer that is compatible with the Dynamic DNS service.

3. Configure your DDNS client with the name of your DDNS service and the username and password associated with your DDNS service.

4. Start up your DDNS client and test that the DDNS name service is resolving your DDNS name to IP Address correctly. You can either do this by testing the FQDN using a tool such as nslookup, ping.

NOTE: You may also have to configure your cable/dsl modem or firewall to open any ports for the services you want to access remotely.

I hope, this was explanatory .. do pls send your feedbacks and doubts to "", so that I can also improve my KB :-)