Author Archives: jeffrin

sample session with “ss” command to show details on network

$ss -t State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.0.100:57982 216.58.197.34:https ESTAB 0 0 192.168.0.100:56572 216.58.196.98:https ESTAB 0 0 192.168.0.100:51440 216.58.220.34:https ESTAB 0 0 192.168.0.100:56850 216.58.196.110:https ESTAB 0 0 192.168.0.100:42946 216.58.220.46:https ESTAB 0 0 192.168.0.100:42758 216.58.197.46:https ESTAB 0 0 192.168.0.100:32912 216.58.220.33:https ESTAB 0 0 192.168.0.100:40452 216.58.220.38:https ESTAB 0 0 192.168.0.100:51128 182.79.251.80:https ESTAB …

Continue reading “sample session with “ss” command to show details on network”

Capturing TCP Flags with tcpdump. Capture ACK or SYN packets

ABOUT TCP FLAGS They are control bits that indicate different connection states or information about how a packet should be handled. FLAGS CWR – Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set (added to header by RFC 3168). ECE …

Continue reading “Capturing TCP Flags with tcpdump. Capture ACK or SYN packets”

Hacking with ANSI C signal Handling

$sudo strace -e trace=signal -p 1 [sudo] password for jeffrin: Process 1 attached kill(4659, SIGTERM) = 0 kill(4659, SIGCONT) = 0 $gcc crtlc1-p1.c $./a.out Hello world Hello world Hello world Hello world Hello world Hello world Hello world Hello world Hello world ^Ci got a signal 2 Hello world Hello world ^C $cat crtlc1-p1.c #include …

Continue reading “Hacking with ANSI C signal Handling”

Collecting information from sysfs about cpu events

$sudo cat /sys/devices/cpu/events/cache-misses event=0x81 $sudo cat /sys/devices/cpu/type 4 $sudo cat /sys/devices/cpu/events/branch-instructions event=0xc2 $sudo cat /sys/devices/cpu/events/branch-instructions event=0xc2 $sudo cat /sys/devices/cpu/events/branch-instructions event=0xc2 $sudo cat /sys/devices/cpu/events/branch-instructions event=0xc2 $sudo cat /sys/devices/cpu/events/branch-misses event=0xc3 $sudo cat /sys/devices/cpu/events/branch-misses event=0xc3 $sudo cat /sys/devices/cpu/events/cache-references event=0x80 $sudo cat /sys/devices/cpu/events/cpu-cycles event=0x76 $sudo cat /sys/devices/cpu/events/instructions event=0xc0 $

Example related — Recovering typical deleted file in GNU/Linux

$which glxgears /usr/bin/glxgears $rm /usr/bin/glxgears rm: remove write-protected regular file ‘/usr/bin/glxgears’? y rm: cannot remove ‘/usr/bin/glxgears’: Permission denied $sudo rm /usr/bin/glxgears [sudo] password for jeffrin: $ps aux | grep glxgears jeffrin 2469 4.4 0.6 157656 20888 pts/0 Sl+ 22:43 0:07 glxgears jeffrin 2515 0.0 0.0 12656 1560 pts/1 S+ 22:46 0:00 grep glxgears $sudo cat …

Continue reading “Example related — Recovering typical deleted file in GNU/Linux”

Example for – Trace all system calls which involve process management

$strace -e trace=process python dig.py execve(“/usr/bin/python”, [“python”, “dig.py”], [/* 39 vars */]) = 0 arch_prctl(ARCH_SET_FS, 0x7feb563b4700) = 0 I think lscpu command is using proc filesystem to get data. /* /sys paths */ #define _PATH_SYS_SYSTEM “/sys/devices/system” #define _PATH_SYS_CPU _PATH_SYS_SYSTEM “/cpu” #define _PATH_SYS_NODE _PATH_SYS_SYSTEM “/node” #define _PATH_PROC_XEN “/proc/xen” #define _PATH_PROC_XENCAP _PATH_PROC_XEN “/capabilities” #define _PATH_PROC_CPUINFO “/proc/cpuinfo” #define …

Continue reading “Example for – Trace all system calls which involve process management”

Hacking with a JavaScript Program

var drawCats = function (howManyTimes) { for (var i = 0; i < howManyTimes; i++) { console.log(i + " =^.^=); } }; drawCats(11); VM455:4 Uncaught SyntaxError: Unexpected token ILLEGALmessage: "Unexpected token ILLEGAL"stack: (…)get stack: function () { [native code] }arguments: nullcaller: nulllength: 0name: ""prototype: StackTraceGetter__proto__: function Empty() {}set stack: function () { [native code] }arguments: …

Continue reading “Hacking with a JavaScript Program”

Hacking with strace to find about write calls in a program

$strace -e write python dig.py write(1, “\33[31mI think lscpu command is us”…, 69I think lscpu command is using proc filesystem to get data. ) = 69 write(1, “\33[31m/* /sys paths */\33[0m\n”, 26/* /sys paths */ ) = 26 write(1, “\33[31m#define _PATH_SYS_SYSTEM “…, 63#define _PATH_SYS_SYSTEM “/sys/devices/system” ) = 63 write(1, “\33[31m#define _PATH_SYS_CPU “…, 65#define _PATH_SYS_CPU _PATH_SYS_SYSTEM …

Continue reading “Hacking with strace to find about write calls in a program”

Internal of lscpu command

I think lscpu command is using proc filesystem to get data. /* /sys paths */ #define _PATH_SYS_SYSTEM “/sys/devices/system” #define _PATH_SYS_CPU _PATH_SYS_SYSTEM “/cpu” #define _PATH_SYS_NODE _PATH_SYS_SYSTEM “/node” #define _PATH_PROC_XEN “/proc/xen” #define _PATH_PROC_XENCAP _PATH_PROC_XEN “/capabilities” #define _PATH_PROC_CPUINFO “/proc/cpuinfo” #define _PATH_PROC_PCIDEVS “/proc/bus/pci/devices” #define _PATH_PROC_SYSINFO “/proc/sysinfo” #define _PATH_PROC_STATUS “/proc/self/status” #define _PATH_PROC_VZ “/proc/vz” #define _PATH_PROC_BC “/proc/bc” #define _PATH_PROC_DEVICETREE “/proc/device-tree” #define …

Continue reading “Internal of lscpu command”

Looking into a few commands with python interactive shell

ABOUT PYTHON Python is an interpreted, high-level, general-purpose programming language. Created by Guido van Rossum and first released in 1991, Python has a design philosophy that emphasizes code readability, notably using significant whitespace. It provides constructs that enable clear programming on both small and large scales.[26] Van Rossum led the language community until stepping down …

Continue reading “Looking into a few commands with python interactive shell”