Linux Networking

What is the broadcast address for your network connection?

Enter an ip :

Using the ip command, what is the metric number of the first line of the route table main which mentions "metric"? (Hint: to display the tables available use the command 'ip rule show'. To show a specific table use 'ip route show table <name>' )

Enter a metric number:

How many programs are listening on TCP sockets on your machine. Hint: the netstat command will help you here.

Number of TCP listeners:

What is the PID of the process which is listening on UDP port 111 (sunrpc). Hint: the netstat command will help you here.

PID of listener:

When you connected to linuxzoo.net via telnet or ssh, it was forwarded from 10.200.0.1 (the main linuxzoo server) to your machine's telnet or ssh server using a proxy. Find the port number on the 10.200.0.1 end of one of these proxy connections and enter it below. Hint: again try the netstat command very near the beginning of the output...

10.200.0.1 proxy port:

In order for your virtual machine to reach the internet, it's packets travels through a number of virtual networks. The final network node is 10.200.0.1.

Using traceroute, find out how many hops it takes to reach 10.200.0.1. Note you must use ICMP ECHO in traceroute, rather than the default. Find the right flag in the manual.

Num of hops:

Use nmap to analyse the ports open on 10.200.0.1. As the nmap command can take quite a while to run, restrict your scan to the open tcp ports between port numbers 50 to 80 inclusive. List the open port numbers you find with spaces between them in the box below (e.g. if ports 50 and 60 are open, the answer is "50 60"). The numbers in your list must be sorted (smallest number first).

IMPORTANT. Linuxzoo security may shut you down if you produce too many packets too quickly! Use the following options for nmap or you may be kicked off the system. Even with these options the scan may take quite a few seconds.

nmap 10.200.0.1 -p 50-80 --max-retries 3

Open ports:

The tcpdump command allows us to capture all or some of the network traffic on a particular network device. In this question use the tcpdump command to capture the behaviour of a web page request emulated using lwp-request.

Capturing packets sucessfully can be tricky, especially since you have to use the same network to talk to your machine, and you dont want to capture that too... Therefore consider the following commands to perform the capturing.

prompt> tcpdump -vi eth0 port 80 > /tmp/log &
[1] 3123
prompt> lwp-request http://linuxzoo.net
...blah...blah
...blah...blah
prompt> kill -1 %1
[1]+ Done ....
prompt>

Now, look at the contents of /tmp/log and enter in the box below the common TCP/IP flag which appears in most packets (The information can be found between the [..] brackets immediately after the text "flags". Ignore the information after the text "Flags" e.g. look for the one all in lowercase). Enter the two letters seen in the box below.

What is the common TCP/IP flag seen in the log: (case sensitive)