Tips and tutorials about system.

ngrep is a tool to monitor network requests in a *nix interface. As the name suggests, the command takes a regular expression and monitors unencrypted traffic to match the pattern. The command can sniff any text protocol like HTTP, SMTP, etc ...

Let's monitor all traffic originating from current machine to codeclamp.com.

user@user-ThinkPad-T400 ~> sudo ngrep codeclamp -d wlan0 interface: wlan0 (192.168.0.0/255.255.255.0) match: codeclamp ###################### U 192.168.0.109:25156 -> 192.168.0.1:53 H............codeclamp.com..... # U 192.168.0.109:64072 -> 192.168.0.1:53 .%...........codeclamp.com..... # U 192.168.0.1:53 -> 192.168.0.109:25156 H............codeclamp.com.............. ..B.,. # U 192.168.0.1:53 -> 192.168.0.109:64072 .%...........codeclamp.com................?.dns1.... ##### T 192.168.0.109:39216 -> 66.6.44.4:80 [AP] GET / HTTP/1.1..Host: codeclamp.com..User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0..Ac cept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept-Language: en-US,en;q=0.5..Accept-Encoding: gzip, deflate..DNT: 1..Connection: keep-alive.... ####

-d option mentions the interface to listen. ngrep captured all the requests to codeclamp.com. The obtained information contains all the sequences of network calls. Call to wifi router, DNS resolution, hosted site home page. The recorded information has source and destination machine IP and port.

Monitoring the site-specific requests works well for non-HTTPS sites.

Next, let's, monitor all UDP network requests.

user@user-ThinkPad-T400 ~> sudo ngrep -q -d wlan0 -i "" udp interface: wlan0 (192.168.0.0/255.255.255.0) filter: (ip or ip6) and ( udp ) U 192.168.0.109:32165 -> 192.168.0.1:53 .............felog.grammarly.io..... U 192.168.0.1:53 -> 192.168.0.109:32165 .............felog.grammarly.io................).ec2-54-221-3-35.compute-1.amazonaws.com..0..........6..#

Find and Replace in Vim

:s/foo/bar/g Change each ‘foo’ to ‘bar’ in the current line.

:%s/foo/bar/g Change each ‘foo’ to ‘bar’ in all lines.

:5,12s/foo/bar/g Change each ‘foo’ to ‘bar’ for all lines from line 5 to line 12 inclusive.

:.,$s/foo/bar/g Change each ‘foo’ to ‘bar’ for all lines from the current line (.) to the last line ($) inclusive.

:.,+2s/foo/bar/g Change each ‘foo’ to ‘bar’ for the current line (.) and the two next lines (+2).

:%s/foo/bar/g Equivalent to :1,$s/foo/bar/g (change all lines).

A lot of times, you want to consume a video or audio over the local network. Consider the case where your friend has the latest episode of the series on the same network. It's easier to expose the directory via HTTP using twisted or any web server and you can consume the content from your laptop. Here is the blog post about running local [web server] (http://codeclamp.com/post/146693283918/simple-stand-alone-webserver).

Once you know the IP address, port, and directory list works as expected, you can pass the URL to VLC and watch the video.

File -> Open Network and enter the URL of the video in the dialog box.

DNS (Domain Name System) is a decentralized system to resolve domain names to IP address. A domain can host a variety of services like the website, mail server, FTP etc ...

The Domain Name System specifies a set of various type of resource records (RRs). RRs are the basic information elements of the domain name system. To represent different types of services, variety of record types are present. Few common types are A, AAAA, CNAME, MX records. If you manage a domain name, you must have heard of these.

Here is an example

example.com IN A 207.159.141.192.

where

IN - Internet

A - A record

207.159.141.192 - Destination IP address

Format of any record type is

Name TTL Record Class Record Type Record Data

codeclamp.com 174800 IN A 162.251.82.250

TTL - Time To Live in Seconds

A Record

Address record returns 32-bit IPV4 address, maps hostnames to IP address.

codeclamp.com IN A 162.251.82.250

AAAA Record

Address record returns 128-bit IPV6 address, maps hostnames to IPv6 address. The four A's states the IPV6 address is four times the size of IPV4.

CNAME Record

Record type specifies the record type is an alias for another domain. Record value always points to another domain, not an IP. Domains that hosts e-mail may not have CNAME record.

Example:

www.codeclamp.com IN CNAME domains.tumblr.com

MX Record

Mail Exchange record type maps the domain to Mail Transfer Agents for the domain. Set of MX records of a domain specifies how SMTP receives email.

ASometimes developers need to serve static content in the local environment for various purposes. Python has built-in HTTPServer. Depending on the version, the command is different.

In Python 2, command is python -m SimpleHTTPServer

codeclamp@user-ThinkPad-T400:~$ python -m SimpleHTTPServer Serving HTTP on 0.0.0.0 port 8000 ... 127.0.0.1 - - [30/Jun/2016 11:46:58] "GET / HTTP/1.1" 200 -

The directory content is accessible at port 8000.

In Python 3, command is nicely packaged python3 -m http.server

codeclamp@user-ThinkPad-T400:~$ python3 -m http.server Serving HTTP on 0.0.0.0 port 8000 ... 127.0.0.1 - - [30/Jun/2016 11:48:56] "GET / HTTP/1.1" 200 -

These two commands are famous.

Twisted is an event-driven networking engine written in Python. It supports various standards. Under web standards, twisted supports serving simple stand-alone webserver. Command is twistd -no web --path=.

codeclamp@user-ThinkPad-T400:~$ twistd -no web --path=. 2016-06-30T11:53:08+0530 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 16.2.0 (/usr/bin/python 2.7.6) starting up. 2016-06-30T11:53:08+0530 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor. 2016-06-30T11:53:08+0530 [-] Site starting on 8080 2016-06-30T11:53:08+0530 [twisted.web.server.Site#info] Starting factory <twisted.web.server.site instance at>

Linux has cal command which displays the calendar in the terminal. This is handy to check dates and month without touching mouse.

codeclamp@user-ThinkPad-T400:~$ cal June 2016 Su Mo Tu We Th Fr Sa 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

By default, cal command displays the current month calendar. cal command takes -3 as a switch to display previous and next month calendar.

cal command displays whole year calendar when the year is the argument.

codeclamp@user-ThinkPad-T400:~$ cal 2016 2016 January February March Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa 1 2 1 2 3 4 5 6 1 2 3 4 5 3 4 5 6 7 8 9 7 8 9 10 11 12 13 6 7 8 9 10 11 12 10 11 12 13 14 15 16 14 15 16 17 18 19 20 13 14 15 16 17 18 19 17 18 19 20 21 22 23 21 22 23 24 25 26 27 20 21 22 23 24 25 26 24 25 26 27 28 29 30 28 29 27 28 29 30 31 31 April May June Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa 1 2 1 2 3 4 5 6 7 1 2 3 4 3 4 5 6 7 8 9 8 9 10 11 12 13 14 5 6 7 8 9 10 11 10 11 12 13 14 15 16 15 16 17 18 19 20 21 12 13 14 15 16 17 18 17 18 19 20 21 22 23 22 23 24 25 26 27 28 19 20 21 22 23 24 25 24 25 26 27 28 29 30 29 30 31 26 27 28 29 30 July August September Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa 1 2 1 2 3 4 5 6 1 2 3 3 4 5 6 7 8 9 7 8 9 10 11 12 13 4 5 6 7 8 9 10 10 11 12 13 14 15 16 14 15 16 17 18 19 20 11 12 13 14 15 16 17 17 18 19 20 21 22 23 21 22 23 24 25 26 27 18 19 20 21 22 23 24 24 25 26 27 28 29 30 28 29 30 31 25 26 27 28 29 30 31 October November December Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa 1 1 2 3 4 5 1 2 3 2 3 4 5 6 7 8 6 7 8 9 10 11 12 4 5 6 7 8 9 10 9 10 11 12 13 14 15 13 14 15 16 17 18 19 11 12 13 14 15 16 17 16 17 18 19 20 21 22 20 21 22 23 24 25 26 18 19 20 21 22 23 24 23 24 25 26 27 28 29 27 28 29 30 25 26 27 28 29 30 31 30 31

The command displays specific month calendar when month and year are the consecutive arguments.