LinuxCommands.md

netstat -anop | grep 9081
ps aux
telnet
crictl ps
crictl inspect

• List all the network interfaces in my device :

ifconfig

• List IP and MAC address of all the devices connected to the network :

arp -na

• You can do tcpdump (root permissions required) to view all the incoming and outgoing network requests to and from your device.

sudo tcpdump -ni en0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on en0, link-type EN10MB (Ethernet), snapshot length 524288 bytes
18:59:47.231088 ARP, Request who-has 192.168.1.108 tell 192.168.1.102, length 28
18:59:48.353580 IP6 fe80::1805:2fb9:b26a:95d1 > ff02::1:ffa5:7e9b: ICMP6, neighbor solicitation, who has fe80::b5:99cd:87a5:7e9b, length 32

You can see the tell type incoming network requests. Its the broadcast request hitting our device, asking if our IP is 192.168.1.108 or not.

Got to know about AWS Reachability Analyzer from faizan.

• Hub is dumb : it broadcasts requests to every connected device.
• Switch is smart : it maintains an ARP table. And so does the router and all the devices connected to the network.

For a device, the MAC address is assigned by the Network Card provider. And you can change you MAC address.

Show all the route tables in my device :

ip route show

default via 192.168.1.1 dev en0
127.0.0.0/8 via 127.0.0.1 dev lo0
127.0.0.1/32 via 127.0.0.1 dev lo0
169.254.0.0/16 dev en0 scope link
192.168.1.0/24 dev en0 scope link
192.168.1.1/32 dev en0 scope link
192.168.1.120/32 dev en0 scope link
224.0.0.0/4 dev en0 scope link
255.255.255.255/32 dev en0 scope link

When hrithik ran the command on Linux, the last route had metric 600 at the end. This indicates the weight of the route if there are duplicate routes. Lower the weight, higher is the priority.

Klavs was travelling in a plane and got to know that his Docker system and the airplane's music system had the same IP range. We can solve this issue in 2 ways :

1. Either by changing Docker system's IP range (which Klavs did).

2. Or by giving less weight to the route corresponding to the airplane's music system. This is also useful when we have multiple private networks connected to your device via multiple VPNs.

About the default route : Understanding Default Routes.

• ttl - every time your TCP packet gets forwarded, the ttl gets decreased by 1. This is how traceroute works.

it initially has a value of 255.

And this is how, we avoid loops (the TCP packets keeps getting forwarded....).

• If you want to check statistics about outgoing requests, you can use the mtr command :

mtr -T 8.8.8.8

• IP tunneling :

You can use these if you want to expose anything from your private network to the internet :

• Pomerium

• Twingate

• Tailscale

• Networking related stuff written by faizan : https://gitea.obmondo.com/EnableIT/wiki/src/commit/648eabbb6e7a1985b08c1a0d22da86d200622ae7/procedures/networking.md

---

In future, we want to write tools for these problems, using eBPF :

• view DNS traffic metrics
• monitoring pakcet loss

---

Things we can take a look at in detail later :

• IPVS LoadBalancer in Linux Kernel.
• Direct Routing

mtr (mytraceroute) command execution result :

Writing a TCP server myself.

I tried initiating a TCP connection by doing telnet 10.0.0.1.

Now, my TCP server, on receiving the SYN packet, sends back something which isn't currently aligned with the TCP specification.

I was sniffing packets at 10.0.0.1, using tshark. Here is the tshark output :

 sudo tshark -i utun4
 
Capturing on 'utun4'
    1   0.000000     10.0.0.1 → 10.0.0.1     TCP 68 49350 → 23 [SYN, ECE, CWR] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=3628290162 TSecr=0 SACK_PERM
    2   1.000665     10.0.0.1 → 10.0.0.1     TCP 68 [TCP Retransmission] 49350 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=3628291163 TSecr=0 SACK_PERM
    3   2.001786     10.0.0.1 → 10.0.0.1     TCP 68 [TCP Retransmission] 49350 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=3628292164 TSecr=0 SACK_PERM
^C3 packets captured

As you can see, telnet retransmits the SYN packet.