=================== Exercise #7 answers =================== This answer file is a modified copy of correct answers submitted by various NET2003 students. 1) Give the correct pathname to the README file and explain how you found it. (What Unix tools and shell features aided you in finding it?) /usr/share/doc/nc-1.10/README # find /usr/share/doc | grep "nc" # ls /usr/share/doc | grep "nc" # echo /usr/share/doc/*nc* # rpm -ql nc | grep README 2) Give the netcat command line you used, and the netcat command line used by your buddy, to transfer the file. # nc -l -p 1234 theirfile.txt 3) Copy the tcpdump output from the *last three* session packets here. (Some of the last tcpdump packets should show "F" FIN TCP flags set.) Output will look similar to this: 16:13:46.178686 IP 10.50.14.123.39909 > 10.50.14.124.1234: F 1:1(0) ack 32 win 1260 16:13:46.178751 IP 10.50.14.124.1234 > 10.50.14.123.39909: F 32:32(0) ack 2 win 1448 16:13:46.178833 IP 10.50.14.123 > 10.50.14.124.1234: . ack 33 win 1460 4) What netcat command line did you use to connect to the localhost IPP port and redirect its output to a file? What did you type into netcat to fetch the root page? # nc 127.0.0.1 631 >out.txt -or- nc localhost 631 >out.txt GET / ... output appears here ... 5) Copy the header lines from the IPP response into your answer here. (The header lines start with a code 200 "OK" response line and all precede the very first statement of the web page. There are about seven header lines to copy here.) HTTP/0.9 200 OK Date: Thu, 02 Mar 2006 21:26:29 GMT Server: CUPS/1.1 Content-Language: C Content-Type: text/html; charset=iso-8859-1 Last-Modified: Wed, 28 May 2003 20:15:50 GMT Content-Length: 1604 6) Enter the command you used and its output here. The output will have a format similar to this (though the actual hosts will differ): # arp -a [...] 7) Generate a listing of *all* the open TCP and UDP ports on your Mandriva caddy system. Use the option to display numerical output; don't convert the numbers to symbolic names. # netstat -nautp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name [...] 8) For each given TCP port number NNN, run "fuser -vn tcp NNN" to identify the Unix process that has that TCP port open. Use the "-p" option to netstat instead. 9) For each given UDP port number NNN, run "fuser -vn udp NNN" to identify the Unix process that has that UDP port open. Use the "-p" option to netstat instead. 10) Now generate a listing of all the open TCP and UDP ports in symbolic form. # netstat -autp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name [...] 11) Which two ports did you pick? What did you find out about them? ... 12) Produce a numeric (no host names looked up) trace routing of the number of hops between your caddy and hosts (a) net2003.idallen.ca, (b) ian0.idallen.ca. # traceroute -n net2003.idallen.ca traceroute to home.idallen.ca (206.47.37.39), 30 hops max, 38 byte packets [...] # traceroute -n ian0.idallen.ca traceroute to ian0.idallen.ca (66.11.173.142), 30 hops max, 38 byte packets [...] 13) Again produce a listing of *all* open TCP ports on your system (TCP only this time!) and pipe it into grep to find only the HTTP port, to demonstrate that the Apache server is listening on the HTTP web port in your Mandriva system. Output will look similar to this: # netstat -atp | grep http tcp 0 0 *:http *:* LISTEN 1234/httpd2 14) How do you know which run level is currently unused under Mandriva? (In which config file is the use of run levels documented?) The config file is named "/etc/inittab". The comments in /etc/inittab document that level 4 is unused. 15) What changes do you make to ensure that "chkconfig reset" does not enable Apache in the unused run level at boot time? Edit file /etc/init.d/httpd and change the chkconfig comment line to delete run level 4 from the list of run levels: chkconfig: 345 92 8 -becomes- chkconfig: 35 92 8 16) How do you use chkconfig to reset the Apache service so that it is shut down in the unused run level and started correctly in other levels at boot time? What chkconfig command line resets the HTTP service to its stored defaults? # chkconfig httpd reset 17) Produce a long listing of the "rc" directory corresponding to the formerly unused run level, after you have successfully used chkconfig to reset and configure your system's symlinks to shut down Apache in the unused run level. Show that the symlinks into the init.d/ directory are correct for that run level. Look for the httpd service being killed in run level 4: # ls -l rc4.d/ [...] lrwxrwxrwx 1 root root 15 Mar 2 16:33 K08httpd -> ../init.d/httpd [...] 18) After changing to the "unused" run level, produce a listing of *all* open TCP ports on your system (TCP only!) to demonstrate that changing to the new run level caused the Apache service to run its "stop" script. Make sure nothing is listening on the "http" port: # netstat -at Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:903 *:* LISTEN tcp 0 0 localhost:10026 *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:x11 *:* LISTEN tcp 0 0 *:ftp *:* LISTEN tcp 0 0 localhost:5335 *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 0 *:x11 *:* LISTEN tcp 0 0 *:ssh *:* LISTEN