Sort by

Recently wrote an article on softirq. I actually enjoyed all the work I put into the article. Also I'm proud of myself going through all the reviews by my peers and bosses haha. Thanks for all the reviews! It would be super cool to post an article on LWN.net one day ;).

Hi, recently I have been looking into how user processes are prepared. Today's post is about the how user process and thread are being prepared in terms of allocated memory. When a new process or thread being created, it calls clone system call. If you want to create a thread, you can pass CLONE_VM flag to the system call. One of the difference between a process and thread is that wheather it shares its memory space or not. The latter does but the former does not, and today's post is about looking into this difference. In order to see the difference, I prepared a program which ① the parents process assignes a variable with 5, and ② the cloned child process rewrites the variable with 10. The difference mentioned earlier can be seen at the ② point. Let's first see how the process looks like. Below shows that the PID 1628 is the parent and the 1629 is the child. crash> ps | grep clone 1628 1601 0 ffff94fd4a271c80 IN 0.1 2628 1336 clone 1629 1628 0 ffff94fd4123b900 IN 0.1 2628 884 clone crash> Now let's take a look at the physical address correspoding to the variable's virtual address which is 0x404068. You can see the corresponding physical address is 17bfe068. As expected, the value at the address is still 5 as the child process does not share the address space. crash> vtop -c ffff94fd4a271c80 404068 VIRTUAL PHYSICAL 404068 17bfe068 ... crash> rd -p 17bfe068 10 17bfe068: 0000000000000005 00000000014b72b0 .........rK..... ... crash> However, if you take a look at the threading, you will see the varible is now changed as the child shares the same address space and rewrites the variable. crash> ps | grep clone 1714 1601 0 ffff94fd44e2d580 IN 0.1 2628 1396 clone 1715 1714 0 ffff94fd41291c80 IN 0.1 2628 964 clone crash> vtop -c ffff94fd44e2d580 404068 VIRTUAL PHYSICAL 404068 1161e068 ... crash> rd -p 1161e068 10 1161e068: 000000000000000a 00000000004c32b0 .........2L..... ... crash> That's it for the today's post. Note that I used x86 for this experiment as vtop on arm64(below) did not work. I wonder why🤔. Might be fun looking into it. crash> vtop -c 11884 aaaae706c84c VIRTUAL PHYSICAL vtop: invalid structure member offset: mm_struct_mmap FILE: memory.c LINE: 4007 FUNCTION: vm_area_dump() [/usr/bin/crash] error trace: aaaae706c84c => aaaae706456c => aaaae7101180 => aaaae71010ec vtop: invalid structure member offset: mm_struct_mmap FILE: memory.c LINE: 4007 FUNCTION: vm_area_dump() crash>

Hi, I wanted make a post on how the first process gets initiated as I have been playing around with qemu recently. Specifically, I will describe how the parameters below lead to the /sbin/init, which has the pid of 1. admin@ip-10-0-16-6:~/busybox/busybox$ qemu-system-aarch64 -M virt -cpu cortex-a72 -m 1024 -kernel /boot/vmlinuz-6.1.0-13-cloud-arm64 -initrd /home/admin/busybox/busybox/rootfs -append "root=/dev/ram0 rdinit=/sbin/init nokaslr" -nographic Let's start with the source code. After the kernel finishes the initilization of this and that, it gets ready for the first process and calls rest_init. The function inits the rest and calls kernel_init, and then run_init_process gets called. Now back to the arguments and see what it's doing. If you take a look at the man page of initrd, it says that -initrd gets uncompressed onto the /dev/ram0, which then mounted as the inital root file system. Here I found little confusing is that if you specify root as /dev/ram0, the initial root file system, which is /dev/ram0, will remain as the normal root file system. Let's make sure that the first run_init_process is the one being called for initiating the first process in the case of using /dev/ram0 as the normal root file system. Here you can see that the execute_command has /sbin/init, the program specifed by rdinit from the normal root file system which now is the /dev/ram0. (gdb) print ramdisk_execute_command $1 = 0xffff00003fdf0196 "/sbin/init" (gdb) print execute_command $2 = 0x0 (gdb) By the way, don't forget to specify "nokaslr" for the boot parameter. Otherwise, break points won't work😑. That is it for this post!

Hi, today I wanted to make a short post that I now have a working kernel built-in ARP(reply) stack😎. Although the stack can't yet handle ARP request, my stack is now able to receive packets from local peers! Here are the output showing the windows sending arp request and raspberry pi (my stack!) replying to the request. C:\WINDOWS\system32>arp -a Interface: 192.168.10.2 --- 0x8 Internet Address Physical Address Type 192.168.10.1 fc-99-47-12-26-7a dynamic 192.168.10.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static Interface: 172.21.176.1 --- 0x2b Internet Address Physical Address Type 172.21.179.85 00-15-5d-4a-0e-39 dynamic 172.21.191.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 224.0.1.60 01-00-5e-00-01-3c static 239.255.255.250 01-00-5e-7f-ff-fa static C:\WINDOWS\system32>ping 192.168.10.3 Pinging 192.168.10.3 with 32 bytes of data: Request timed out. Ping statistics for 192.168.10.3: Packets: Sent = 1, Received = 0, Lost = 1 (100% loss), Control-C ^C C:\WINDOWS\system32> ┌──(kali㉿kali-raspberry-pi)-[~] └─$ dmesg | grep my_arp_rcv [ 93.757253] my_arp_rcv(): address of skb　00000000f1642941 [ 93.757324] my_arp_rcv(): address of arp header0000000063ca06a6 [ 93.757349] my_arp_rcv(): sender IP address of 34252992 [ 93.757371] my_arp_rcv(): target IP address of 51030208 [ 93.757391] my_arp_rcv(): the arp requsest is for IP protocol [ 93.757430] my_arp_rcv(): found matching ip interface [ 93.757484] my_arp_rcv(): successfully sent an arp response C:\WINDOWS\system32>arp -a Interface: 192.168.10.2 --- 0x8 Internet Address Physical Address Type 192.168.10.1 fc-99-47-12-26-7a dynamic 192.168.10.3 e4-5f-01-d3-5b-d9 dynamic --> here the entry is added, fc-99-47-12-26-7a is the MAC of pi 192.168.10.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static Interface: 172.21.176.1 --- 0x2b Internet Address Physical Address Type 172.21.179.85 00-15-5d-4a-0e-39 dynamic 172.21.191.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 224.0.1.60 01-00-5e-00-01-3c static 239.255.255.250 01-00-5e-7f-ff-fa static C:\WINDOWS\system32> I recently started this service called scrapbox.io for keeping all the notes taken while I build my programs. Below is the link to the note while I was doing some debuggings for this arp reply stack. https://scrapbox.io/everydaymemo/arpリプライのデバッグ

Hi! There is this holiday called Golden Week in Japan. It is a week long holiday and I wanted to share this project I was working on for almost 12/7😅. Its about building your own networking stack from device(using TAP) to socket. It is a great project for those who want to understand how OS networking stack works behind the Linux kernel. Below is the github link I was following along the project. https://github.com/pandax381/microps https://github.com/sititou70/klab-protocol-stack-tutorial I've gone through each stack and it really deepened my understanding of how OS handles data arriving to its physical devices and sending all the way up to sockets assigned to each application. I am thinking of sharing some of the key concepts of each stack and how they passes data to each other in the future posts! For today's post, I just wanted to share a modification that I made from the original program regarding the TCP stack. I enabled the TCP stack to be able to establish a active connection to a server on the internet and fetch some random content. Of course, the established connection can't just abandon the connection😏. It has to participate in the process of terminating connection passively. I modified the code to complete the entire procedure of such TCP connection. Below is the log from the local program, the one uses the DIY network stack. 00:18:18.434 [D] tcp_open_rfc793: connection established: local=192.0.2.2:7, foreign=194.195.86.83:8080 (tcp.c:1172) 00:18:18.434 [D] tcp_output_segment: 192.0.2.2:7 => 194.195.86.83:8080, len=100 (payload=80) (tcp.c:417) src: 7 dst: 8080 seq: 1804289384 ack: 3543150099 off: 0x50 (20) flg: 0x18 (---AP---) wnd: 65535 sum: 0x30fe up: 0 00:18:18.434 [D] ip_output_core: dev=net1, iface=192.0.2.2, protocol=TCP(0x06), len=120 (ip.c:477) vhl: 0x45 [v: 4, hl: 5 (20)] tos: 0x00 total: 120 (payload: 100) id: 131 offset: 0x0000 [flags=0, offset=0] ttl: 255 protocol: 6 (TCP) sum: 0xdfe3 (0xdfe3) src: 192.0.2.2 dst: 194.195.86.83 00:18:18.435 [D] arp_resolve: resolved, pa=192.0.2.1, ha=8e:6e:37:e9:d1:92 (arp.c:357) 00:18:18.435 [D] net_device_output: dev=net1, type=IP(0x0800), len=120 (net.c:189) 00:18:18.435 [D] ether_transmit_helper: dev=net1, type=IP(0x0800), len=134 (ether.c:108) src: 00:00:5e:00:53:01 dst: 8e:6e:37:e9:d1:92 type: 0x0800 (IP) Data with the size of 80 was sent. Closing the connection. ... 00:18:18.562 [D] tcp_input: 194.195.86.83:8080 => 192.0.2.2:7, len=67 (payload=47) (tcp.c:996) src: 8080 dst: 7 seq: 3543150099 ack: 1804289464 off: 0x50 (20) flg: 0x18 (---AP---) wnd: 29200 sum: 0xc768 up: 0 +------+-------------------------------------------------+------------------+ | 0000 | 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 | HTTP/1.1 400 Bad | | 0010 | 20 52 65 71 75 65 73 74 0d 0a 43 6f 6e 6e 65 63 | Request..Connec | | 0020 | 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a | tion: close.... | +------+-------------------------------------------------+------------------+ 00:18:18.562 [D] tcp_output_segment: 192.0.2.2:7 => 194.195.86.83:8080, len=20 (payload=0) (tcp.c:417) src: 7 dst: 8080 seq: 1804289464 ack: 3543150146 off: 0x50 (20) flg: 0x10 (---A----) wnd: 65488 sum: 0x029d up: 0 ... 00:18:18.565 [D] tcp_input: 194.195.86.83:8080 => 192.0.2.2:7, len=20 (payload=0) (tcp.c:996) src: 8080 dst: 7 seq: 3543150146 ack: 1804289464 off: 0x50 (20) flg: 0x11 (---A---F) wnd: 29200 sum: 0x905c up: 0 00:18:18.565 [D] tcp_output_segment: 192.0.2.2:7 => 194.195.86.83:8080, len=20 (payload=0) (tcp.c:417) src: 7 dst: 8080 seq: 1804289464 ack: 3543150147 off: 0x50 (20) flg: 0x10 (---A----) wnd: 65535 sum: 0x026d up: 0 ... 00:18:18.565 [D] tcp_output_segment: 192.0.2.2:7 => 194.195.86.83:8080, len=20 (payload=0) (tcp.c:417) src: 7 dst: 8080 seq: 1804289464 ack: 3543150147 off: 0x50 (20) flg: 0x11 (---A---F) wnd: 65535 sum: 0x026c up: 0 ... 00:18:18.689 [D] tcp_input: 194.195.86.83:8080 => 192.0.2.2:7, len=20 (payload=0) (tcp.c:996) src: 8080 dst: 7 seq: 3543150147 ack: 1804289465 off: 0x50 (20) flg: 0x10 (---A----) wnd: 29200 sum: 0x905b up: 0 Connection is closed passively. And here is the log from my web server hosting this web site. By comparing the logs, you can see that the TCP 3 way handshake at the beginning actively initiated by the local program of mine. At the end, the server is the one that initiating the termination of the connection as it has finished sending all the data, which in this case is a "400 Bad Request".... I made few modification on the program so that the local program can handle the state transition associated with the active establishment and the passive termination of a connection. root@ryofslife:~# tcpdump src host 180.56.119.152 -vvv ... 15:18:18.426463 IP (tos 0x48, ttl 233, id 129, offset 0, flags [none], proto TCP (6), length 40) p9209152-ipngn9901marunouchi.tokyo.ocn.ne.jp.60320 > ryofslife.com.http-alt: Flags [S], cksum 0xaed7 (correct), seq 1804289383, win 65535, length 0 ... 15:18:18.550721 IP (tos 0x48, ttl 233, id 130, offset 0, flags [none], proto TCP (6), length 40) p9209152-ipngn9901marunouchi.tokyo.ocn.ne.jp.60320 > ryofslife.com.http-alt: Flags [.], cksum 0xad84 (correct), seq 1804289384, ack 3543150099, win 65535, length 0 ... 15:18:18.554528 IP (tos 0x48, ttl 233, id 131, offset 0, flags [none], proto TCP (6), length 120) p9209152-ipngn9901marunouchi.tokyo.ocn.ne.jp.60320 > ryofslife.com.http-alt: Flags [P.], cksum 0xdb95 (correct), seq 0:80, ack 1, win 65535, length 80: HTTP, length: 80 GET / HTTP/1.1 ... 15:18:18.679744 IP (tos 0x48, ttl 233, id 132, offset 0, flags [none], proto TCP (6), length 40) p9209152-ipngn9901marunouchi.tokyo.ocn.ne.jp.60320 > ryofslife.com.http-alt: Flags [.], cksum 0xad34 (correct), seq 80, ack 48, win 65488, length 0 ... 15:18:18.682063 IP (tos 0x48, ttl 233, id 133, offset 0, flags [none], proto TCP (6), length 40) p9209152-ipngn9901marunouchi.tokyo.ocn.ne.jp.60320 > ryofslife.com.http-alt: Flags [.], cksum 0xad04 (correct), seq 80, ack 49, win 65535, length 0 15:18:18.682646 IP (tos 0x48, ttl 233, id 134, offset 0, flags [none], proto TCP (6), length 40) p9209152-ipngn9901marunouchi.tokyo.ocn.ne.jp.60320 > ryofslife.com.http-alt: Flags [F.], cksum 0xad03 (correct), seq 80, ack 49, win 65535, length 0 15:18:18.683615 IP (tos 0x48, ttl 43, id 54157, offset 0, flags [none], proto TCP (6), length 52) I am thinking of sharing the code on my github once done fixing little bits and pieces😎. Anyways, wish you all have a great week! See in the next post!!

Hi! I have been working on my lab and wanted to share its physical and logical topology. I think I made a huge improvement on the diagram compared to the last one from an aesthetic point of view😎. Here is the logical topology. There are networks connected by BGP and I prepared a local network for each one of them. All the three local networks are reachable from each other as they advertise their local network to their peers. Among the three routers, I installed netem to the VyOS so that I can simulate some of the WAN characteristics like latency and packet loss. And here is the physical setup and topology of my lab. I used two L2 switches to connect three routers and to prepare a local network for each of the routers. I recently took a simple benchmark regarding bandwidth and latency using this lab setup. It's great have an environment where you can gets your hands dirty😏. See you in the next post!

Hi! I've been running out of cables for my lab and I decided to make one by myself from a 15m CAT 6 ethernet cable which I got from my local store for about $10. I had to make 4 attempts to finally get a working cable and here are the mistakes that I made. Hope it helps someone who is trying to do the same thing😅. First attempt, the pin for white/orange wire were not properly attached. It is also not looking good as the cable sheet is too short for the plug😂. Second attempt, I misaligned the blue and white/green wire. Third attempt, I realized that I was configuring the order of the wires upside-down respect to the plug🤣🤣🤣. And here is the final product! Mistakes are proof that you are learning😎. See you in the next post!

Hi! I wanted to share that my lab is finally connected to the internet! For the last 6 months ever since I got my first switch and router, my lab never had gotten out of its LAN😅. It's the first time getting out of my LAN and interacting with the internet and I'm just sooo excited about it. The reason I decided to extend my lab to the internet is because I have been looking into technologies used over the internet, TOR in particular. I'm learning how relays used in TOR allows clients to hide their identity over the internet and how it helps people in some countries with strict censorship. I found the technology as well as the role it plays in society very interesting. I believe such technology to ensure people have access to learn what is happening around the world is crucial. Having such tool gives us additional choice in what we choose from the pool of sources and I believe it could make a huge different sometimes. I am learning that there are many ways that I can take part in the community and I'm sure there is something that I can do to help people out there! https://www.torproject.org/ By the way, I noticed that my lab topology is getting pretty messy😂. I'm currently working on BGP and I'll share a nicer topology here once I'm done with all the BGP configurations that I have in my mind. See you in the next post!!!!!

Hi! I have been working on l2tp on my lab and I wanted to leave a tip here as it took me about a week to finally make it work. I'm not sure if the problem that I faced is specific to the device that I am using, namely cisco 892 router, but here is the tip for those working on l2tp. When you are setting the interface which is used for tunneling the LAN, the one you apply "xconnect", it has to be a WAN interface! I found this very weird and confusing. Why would you want to use WAN interface for tunneling LAN interface🤣. The below link really saved me as the given answer was exactly the one I needed. Without it, I'm probably still working wondering why ping is not working even though that the tunnel is established and everything seems configured correctly. Cisco892で, "WANポート"を使わなければL2TP接続した両端の機器間でPing疎通できない I also used a lot of Switched Port Analyzer(SPAN) for debugging. It's very useful and fun tool for labbing! Below is the topology of my lab after setting up l2tp. I have been interested in benchmarking my networking devices for a while and I am hoping to make a post about it within a next couple week. Anyways, see you in the next post!

Hi! I have been working on my home lab for about 2 weeks and I wanted to share how it is going so far! I am trying to add as many things as possible that I learned on networking over the past 3 or 4 months. The topology is getting little messy but I'm thinking of organizing them once I'm done trying out all the things that I have in my mind😅. Below is the topology at the time of this post. And here are some of the info on the hardwares that appear on the topology. R1&R2: Cisco 892 VyOS: DELL Optiplex 3020 L3-1&L3-2: Catalyst 3560 L2-1&L2-2: Catalyst 2960 I'll be posting updates on my home lab whenever I learned anything interesting while working on it🧐. See you in the next post!

Hi! Today, I wanted to share that I installed VyOS on my DELL desktop as I needed additional router for my home lab. I usually install this kind of softwares on Ras Pi but I learned that there is no ARM64 version of VyOS😂. The reason I turned my DELL into VyOS is only because I wanted to try out BGP with physical devices😏. See you in the next post!

Hi! Today, I wanted to share about the things that I have learned by tunneling between Ras Pi and a router through GRE. At first, I was trying GRE on packet tracer but it didn't work for some reason. So I decided to instead work on physical devices which were available at the moment. I will share some of key commands for setting up GRE on Ras Pi. For the router, you will find many resources online for setting up GRE on a cisco router😅. ┌──(kali㉿kali-raspberry-pi)-[~] └─$ sudo ip tunnel add gre1 mode gre remote 172.168.10.25 local 192.168.233.204 ttl 255 ┌──(kali㉿kali-raspberry-pi)-[~] └─$ ip tunnel list gre0: gre/ip remote any local any ttl inherit nopmtudisc gre1: gre/ip remote 172.168.10.25 local 192.168.233.204 ttl 255 ┌──(kali㉿kali-raspberry-pi)-[~] └─$ sudo ip addr add 10.10.10.1/24 dev gre1 ┌──(kali㉿kali-raspberry-pi)-[~] └─$ sudo ip link set gre1 up ┌──(kali㉿kali-raspberry-pi)-[~] └─$ sudo ip addr add 192.168.233.204/24 dev eth0 The process of setting up GRE is the same for both Ras Pi and a router, only difference is the commands😎. Once done with the above set up, you have to configure the route for both the physical interface connected to the router and the virtual tunnel interface. Below is the route table. ┌──(kali㉿kali-raspberry-pi)-[~] └─$ sudo ip route default via 192.168.85.77 dev wlan0 proto dhcp src 192.168.85.76 metric 600 10.10.10.0/24 dev gre1 proto kernel scope link src 10.10.10.1 172.168.10.25 dev eth0 scope link 192.168.85.0/24 dev wlan0 proto kernel scope link src 192.168.85.76 metric 600 192.168.233.0/24 dev eth0 proto kernel scope link src 192.168.233.204 Here 10.10.10.0/24 is the network for the tunnel and 172.168.10.25 is the address of the router's physical interface connected to Ras Pi. When I was working on tunneling yesterday, I couldn't figure out why ping was failing after setting up the tunnel. It was the route info that was missing🤣. See you in the next post!

Hi! Today, I wanted to share that I recently turned my raspberry pi into to a firewall to make it part of my home lab. Here are some notes for setting up IPFire on raspberry pi. When I was setting up IPFire, I got stuck for a little while with a rainbow screen when trying to boot it up. 1. Set "hdmi_safe" to 0 which you will find in config.txt. hdmi_safe=0 2. Set "SERIAL-CONSOLE" to OFF which you will find in uENV.txt. SERIAL-CONSOLE=OFF Hope it helps if any one of you encounters the same issue. Firewall is something that I haven't really looked into and excited about adding new component into my home lab and learning what it is capable of!

Hi! Today, I configured an EtherChannel to see how it affects STP. For the setup, I prepared two switches (Switch1 & Swtich2) and connected them with 2 cables. Below shows how STP is configured on Switch1 before EtherChannel is ready on Switch2. Switch1(config)# Switch1(config)#interface range fastEthernet 0/1-2 Switch1(config-if-range)#channel-group 1 mode active //Swtich1はactiveに設定 Creating a port-channel interface Port-channel 1 Switch1(config-if-range)# Switch1(config-if-range)#channel-protocol LACP Switch1(config-if-range)#exit Switch1(config)#exit Switch1#show 00:11:48: %SYS-5-CONFIG_I: Configured from console by console % Type "show ?" for a list of subcommands Switch1#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SD) LACP Fa0/1(I) Fa0/2(I) Switch1# Switch1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address ec30.918e.c100 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address ec30.918e.c100 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/1 Desg FWD 19 128.1 P2p Fa0/2 Desg FWD 19 128.2 P2p As you can see from the above, since the EtherChannel is still not configured on Switch2, you can see that STP recognizes 2 ports as they are not yet bundled even though the 2 ports are registered on the channel-group 1. Below is how Switch2 is configured after setting up Switch. Switch1# Switch1#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Fa0/1(P) Fa0/2(P) Switch1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address ec30.918e.c100 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address ec30.918e.c100 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po1 Desg FWD 12 128.56 P2p After the ports are bundled, you can see that there are only 1 port recognized by STP. Another observation you can make is that the cost of the bundle port has decreased from 19 to 12. I also tested how STP will behave if I plugged out one of the port used by the channel-group. Switch1#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Fa0/1(P) Fa0/2(D) Switch1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address ec30.918e.c100 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address ec30.918e.c100 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po1 Desg FWD 19 128.56 P2p Comparing before and after plugging one of the port on Switch1 shows that the cost has decreased but it is still recognized as a port-channel.

Hi! Today, I tested STP with my two switches by simply connecting them with two cables. As shown below, one of the links belonging to the non-root bridge got blocked based on the priority number. pi#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address ec30.918e.c100 Cost 19 Port 5 (FastEthernet0/3) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address f029.2952.8d80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Fa0/1 Desg FWD 19 128.3 P2p Fa0/3 Root FWD 19 128.5 P2p Fa0/5 Altn BLK 19 128.7 P2p As the above shows, Fa0/3 is the root port connected to the switch on the other end. So I plugged it out to see if the connection remains up by changing the root port to Fa0/5. Below is the result. pi>show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address ec30.918e.c100 Cost 19 Port 7 (FastEthernet0/5) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address f029.2952.8d80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Fa0/1 Desg FWD 19 128.3 P2p Fa0/5 Root LIS 19 128.7 P2p As expected, Fa0/5 is now the root port and the connection is still up! However, one drawback of this configuration is that one of the links is left unused. In order to utilize both of the links, I can set up an etherchannel and bundle the two links. I'm currently studying etherchannel to actually test it out and see how it differs from simply connected redundant links🧐.

Hi! Today, I was working on Inter VLAN Routing using a router(800) and L2 switch(Catalyst 2960). I connected a PC to each VLAN(VLAN10, VLAN20) and tested if I can ping to each other. Below is the set up for the PCs(Windows, Raspberry Pi) connected to the switch. The ip address for the Windows PC is 192.168.1.2/24 and the gateway address for 192.168.2.0/24 is 192.168.1.1/24. For Raspberry Pi, its ip address is 192.168.2.2/24 and the gateway address for 192.168.1.0/24 is 192.168.2.1/24. C:\WINDOWS\system32>route add 192.168.2.0 mask 255.255.255.0 192.168.1.1 OK! ┌──(kali㉿kali-raspberry-pi)-[~] └─$ sudo ifconfig eth0 192.168.2.2 ┌──(kali㉿kali-raspberry-pi)-[~] └─$ sudo ip route add 192.168.1.0/255.255.255.0 via 192.168.2.1 dev eth0 onlink ┌──(kali㉿kali-raspberry-pi)-[~] └─$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.164.146 0.0.0.0 UG 600 0 0 wlan0 192.168.1.0 192.168.2.1 255.255.255.0 UG 0 0 0 eth0 192.168.2.0 192.168.2.1 255.255.255.0 UG 0 0 0 eth0 192.168.164.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0 Then I configured the switch. I prepared vlan10 & vlan20 for the Windows PC & Raspberry Pi, respectively. After finishing setting up vlans, you need to assign ports to the respective vlans. This time, I used 4 cables, two for connecting the PCs to the switch and the other two for connecting the router. Here are the commands I used for creating vlans. Switch>enable Switch#config terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#vlan 10 Switch(config-vlan)#vlan 20 Switch(config-vlan)#do show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 VLAN0010 active 20 VLAN0020 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Next I assigned the ports to the respective vlans. Switch(config)#do show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 VLAN0010 active 20 VLAN0020 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 20 enet 100020 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 Switch(config)#interface fa0/1 Switch(config-if)# 00:02:41: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/3 (1), with Router FastEthernet0 (10). Switch(config-if)# 00:02:47: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/5 (1), with Router FastEthernet1 (20). Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10 Switch(config-if)#interface fa0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 20 Switch(config-if)# 00:03:36: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/3 (1), with Router FastEthernet0 (10). Switch(config-if)#interface fa0/3 Switch(config-if)#switchport access vlan 20 00:03:42: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/5 (1), with Router FastEthernet1 (20). Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10 Switch(config-if)#interface fa0/5 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 20 Switch(config-if)#switchport access vlan 20 00:04:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state tmode access Switch(config-if)#do show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/4, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 VLAN0010 active Fa0/1, Fa0/3 20 VLAN0020 active Fa0/2, Fa0/5 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 20 enet 100020 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 After working on the switch, I had to configure the ports on the router each connected to the switch's vlan port. At first, I tried to assign IP address to the ports directly but I got this error. Router#config terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastethernet0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 % IP addresses may not be configured on L2 links. The problem was that the port which I was configuring only works with L2 layer and an IP address can't be assigned. After doing some research, I figured out that I need to first create a vlan so that I can assign an IP address to it. The created vlan with an IP address can then be assigned to a port of your choice. Here is how I did it. Router(config)#vlan 10 Router(config-vlan)#vlan 20 Router(config-vlan)#interface vlan 10 Router(config-if)#ip address 192.168.1.1 255.255.255.0 % 192.168.1.0 overlaps with Vlan1 Router(config-if)#interface vlan 1 Router(config-if)#ip address 192.168.3.1 255.255.255.0 Router(config-if)#interface vlan 10 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shut Router(config-if)#interface vlan 20 Router(config-if)# *Jan 3 09:40:49.434: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down Router(config-if)#ip address 192.168.2.1 255.255.255.0 % 192.168.2.0 overlaps with Vlan2 Router(config-if)#interface vlan 2 Router(config-if)#ip address 192.168.4.1 255.255.255.0 Router(config-if)#interface vlan 20 Router(config-if)#ip address 192.168.2.1 255.255.255.0 Router(config-if)#no shut Router(config-if)#interface fastethernet 1 Router(config-if)#switchport access vlan 10 Router(config-if)#interface fastethernet 2 Router(config-if)#switchport access vlan 20 Router(config-if)#exit Router(config)# Router(config)#do show interface (| include Vlan) ... Vlan10 is up, line protocol is up Hardware is EtherSVI, address is e4d3.f166.3fd2 (bia e4d3.f166.3fd2) Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 ... Vlan20 is up, line protocol is up Hardware is EtherSVI, address is e4d3.f166.3fd2 (bia e4d3.f166.3fd2) Internet address is 192.168.2.1/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 ... Below is the routing table after configuring the router. Router>show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is not set 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.0/24 is directly connected, Vlan10 L 192.168.1.1/32 is directly connected, Vlan10 192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.2.0/24 is directly connected, Vlan20 L 192.168.2.1/32 is directly connected, Vlan20 Now we are ready to ping the PC on the other VLAN connected by the router! Here is the result pinging from the Windows PC(192.168.1.2/24) to Raspberry Pi(192.168.2.2/24) C:\Users\Ryo>ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data: Reply from 192.168.2.2: bytes=32 time=1ms TTL=63 Reply from 192.168.2.2: bytes=32 time=11ms TTL=63 Reply from 192.168.2.2: bytes=32 time=1ms TTL=63 Reply from 192.168.2.2: bytes=32 time=1ms TTL=63 Ping statistics for 192.168.2.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 11ms, Average = 3ms Configuring the router was somewhat difficult as the commands I found online for inter VLAN routing didn't work for the router(800). I had to do some researching to find the commands that works for the router but it was fun as you don't get to do this kind of researching when you are working on packet tracer😎.

I recently bought a router and 2 switches(L2 and L3) for a studying purpose. Today I tried one of the switches, Catalyst 2960. I connected two of my PC and see if I can ping from one to the other. After connecting two of my PC to the ports Fa0/1-2, I checked if they are really connected. Switch>show mac address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0180.c200.0000 STATIC CPU All 0180.c200.0001 STATIC CPU All 0180.c200.0002 STATIC CPU All 0180.c200.0003 STATIC CPU All 0180.c200.0004 STATIC CPU All 0180.c200.0005 STATIC CPU All 0180.c200.0006 STATIC CPU All 0180.c200.0007 STATIC CPU All 0180.c200.0008 STATIC CPU All 0180.c200.0009 STATIC CPU All 0180.c200.000a STATIC CPU All 0180.c200.000b STATIC CPU All 0180.c200.000c STATIC CPU All 0180.c200.000d STATIC CPU All 0180.c200.000e STATIC CPU All 0180.c200.000f STATIC CPU All 0180.c200.0010 STATIC CPU All ffff.ffff.ffff STATIC CPU 1 902e.169d.b2f1 DYNAMIC Fa0/1 1 e45f.01d3.5bd9 DYNAMIC Fa0/2 Total Mac Addresses for this criterion: 22 You can see the mac address table has the mac address of the each device connected to the port(Fa0/1-2). However, I wasn't able to ping from my Windows PC(Fa0/1) to Raspberry-pi(Fa0/2). I checked the ARP table of my Windows PC and it showed the list with the mac address of raspberry pi. C:\>arp -a Interface: 192.168.1.2 --- 0x11 Internet Address Physical Address Type 192.168.1.3 e4-5f-01-d3-5b-d9 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static The problem was my Windows PC's firewall😅. After configuring its firewall rules to allow ICMP traffic, I was able to ping! C:\Users\Ryo>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply from 192.168.1.3: bytes=32 time=2ms TTL=64 Reply from 192.168.1.3: bytes=32 time=6ms TTL=64 Reply from 192.168.1.3: bytes=32 time=1ms TTL=64 Reply from 192.168.1.3: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.1.3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 6ms, Average = 2ms

I tried to understand the difference between VLAN and subnet by looking into their ARP broadcast request. First I deleted all the ARP entries on the source PC so that when I ping, there will be an ARP request broadcasted to all the devices connected to the switch. Here is how you can check and delete the ARP table. C:\>arp -a Internet Address Physical Address Type 192.168.2.4 0001.436a.8be5 dynamic C:\>arp -d C:\>arp -a No ARP Entries Found After deleting all the ARP entries, the source PC will send an ARP request as it has no mac address on its table. Here is the list of ports on the switch when an ARP request was sent. It shows an ARP reqeust is sent to all the ports except the one(FastEthernet0/3) which is connected to the source PC. In addition, even though FastEthernet0/1-2 are not within the same subnet(192.168.2.0/24), you can see that they still receive the ARP request sent by the source PC(192.168.2.2/24). 1. FastEthernet0/1 sends out the frame. #192.168.1.2 2. FastEthernet0/2 sends out the frame. #192.168.1.3 3. FastEthernet0/4 sends out the frame. #192.168.2.3 4. FastEthernet0/5 sends out the frame. #192.168.2.4 Now its time see how an ARP request will behave when the switch is divided into VLANs(192.168.1.0/24, 192.168.2.0/24) . I once again deleted all the ARP entries in the table of the source PC and here is the commands I used for creating VLANs. Switch>enable Switch#config terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa0/1 Switch(config-if)#exit Switch(config)#vlan 10 Switch(config-vlan)#vlan 20 Switch(config-vlan)#int fa0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10 Switch(config-if)#int fa0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10 Switch(config-if)#int fa0/3 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 20 Switch(config-if)#int fa0/4 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 20 Switch(config-if)#int fa0/5 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 20 Switch(config-if)#do show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gig0/1 Gig0/2 10 vlan01 active Fa0/1, Fa0/2 20 vlan02 active Fa0/3, Fa0/4, Fa0/5 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active I created VLAN01 and VLAN02 for 192.168.1.0/24 and 192.168.2.0/24, respectively. And here is the list of the ports that received an ARP request sent by the source PC(192.168.2.2/24). It shows that FastEthernet0/1-2 are not receiving an ARP request any more as they no longer belong to the same VLAN as the source PC(VLAN02)! 1. FastEthernet0/4 sends out the frame. #VLAN01 2. FastEthernet0/5 sends out the frame. #VLAN02 Once you are done with the VLANs, you can place the ports back to the default VLAN by the below commands. Switch(config-if-range)#interface range Fa 0/1-5 Switch(config-if-range)#switchport access vlan 1 Switch(config-if-range)#do show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig0/1, Gig0/2 10 vlan01 active 20 vlan02 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Switch(config-if-range)#no vlan 10 Switch(config-if-range)#no vlan 20

After studying how different devices work at different layers, I got little confused how ping works if its only given ip address to reach the destination pc connected via switch which is a layer 2 device. Here's how it works. 1. We only have the destination's ip and no mac address info. ->ARP request which is broadcasted to all devices connected to the switch. 2. Once your PC has the mac address in its mac address table, the frame is sent to the switch which contains the mac address of the destination pc. 3. Switch needs to know which port is connected to the PC with the destination mac address. ->Flood the frame to all other ports if the destination mac address is not in the mac address table. 4. Once the switch gets the reply form the destination PC, it now knows which port to send the frame to get to the destination PC! Here are ARP and Mac address tables before and after ping. Switch#show mac address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- Switch#show mac address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 00e0.8fe3.e0b3 DYNAMIC Fa0/2 1 00e0.f7a1.365d DYNAMIC Fa0/1 C:\>arp -a No ARP Entries Found C:\>arp -a Internet Address Physical Address Type 192.168.1.2 00e0.8fe3.e0b3 dynamic

For testing static routes, I created a system with 2 routers each connected to a PC. There are 3 networks so that one PC can connect to the other after setting up a static route. Here I first configured router's interface for 192.168.1.0/24 and 192.168.1.1/24 is the default gateway for 192.168.1.0/24. I did the same for the other router responsible for 192.168.2.0/24. The third network(192.168.3.0/24) which needs to be configured is the one connecting the two routers. Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface GigabitEthernet 0/0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown Router(config-if)# %LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up Router(config-if)#do show interfaces GigabitEthernet0/0/0 is up, line protocol is up (connected) Hardware is ISR4331-3x1GE, address is 0001.4384.9c01 (bia 0001.4384.9c01) Internet address is 192.168.1.1/24 ... After setting up all three networks, I pinged form the PC with 192.168.1.2/24. But the result shows that it is still not reachable. C:\>ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data: Reply from 192.168.1.1: Destination host unreachable. Reply from 192.168.1.1: Destination host unreachable. Reply from 192.168.1.1: Destination host unreachable. Reply from 192.168.1.1: Destination host unreachable. Ping statistics for 192.168.2.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), The remaining task is to set up the static routes so that the packet can reach the PC with 192.168.2.2/24. Here is how I set up the static route for 192.168.2.2/24. Router(config)#ip route 192.168.2.0 255.255.255.0 192.168.3.2 After setting up as above, you still won't be able to get replies from the other end as the returning packets get lost at the 192.168.3.2/24. C:\>ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.2.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Once I set up the static route as below, I was able to get replies from 192.168.2.2/24! Router(config)#ip route 192.168.1.0 255.255.255.0 192.168.3.1 C:\>ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data: Reply from 192.168.2.2: bytes=32 time<1ms TTL=126 Reply from 192.168.2.2: bytes=32 time=10ms TTL=126 Reply from 192.168.2.2: bytes=32 time<1ms TTL=126 Reply from 192.168.2.2: bytes=32 time=11ms TTL=126 Ping statistics for 192.168.2.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 11ms, Average = 5ms

I have been studying basic networking by reading books for CCNA. At this point, I think I should go hands-on with packet tracer or the router (Cisco 892) and switches (Cisco L2 and L3) I bought this week for studying purpose. Here are the list of the things I want to try hands-on. ・Static route ・OSPF ・ACL ・DHCP ・Unidirection & Bidirectional NAT ・NAPT(PAT) ・VLAN only using access ports (single switch) ・VLAN using access and trunk ports (two switches) ・VLAN rounting (using router and L2 switch, later using L3 switch)

I started using packet tracer and enjoying the tool a lot. I configured hub, switch, and router based network using the tool. It's really fun to put the materials you learned from books into practice! Here are the commands I used for configuring the router and the details of what it's doing. Router>enable Router# Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface GigabitEthernet0/0 #select the port(interface) on the router Router(config-if)#ip address 192.168.1.4 255.255.255.0 #assign gateway IP address to the interface Router(config-if)#no shutdown #bring up the inerface Router(config-if)# %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up Here I tested if I am connected to the network configured above by pinging from a node within another network. C:\>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Request timed out. Reply from 192.168.1.3: bytes=32 time=14ms TTL=127 Reply from 192.168.1.3: bytes=32 time<1ms TTL=127 Reply from 192.168.1.3: bytes=32 time=11ms TTL=127 Ping statistics for 192.168.1.3: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 14ms, Average = 8ms It shows that the first packet is dropped. This is because of the switch on the network configured above does not have not have the destination pc's MAC address in its ARP table and need to get the one by 'flooding' which takes some time.

"ip addr" shows the mac address for each interface, it's e4:5f:01:d3:5b:da in the case of wlan0. "arp" shows the router's mac address. ┌──(kali㉿kali-raspberry-pi)-[/var/lib/dhcp] └─$ ip addr ... 3: wlan0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether e4:5f:01:d3:5b:da brd ff:ff:ff:ff:ff:ff inet 192.168.164.76/24 brd 192.168.164.255 scope global dynamic noprefixroute wlan0 valid_lft 2858sec preferred_lft 2858sec inet6 fe80::ed36:b7c6:afa8:838d/64 scope link noprefixroute valid_lft forever preferred_lft forever ┌──(kali㉿kali-raspberry-pi)-[/var/lib/dhcp] └─$ arp Address HWtype HWaddress Flags Mask Iface 192.168.164.146 ether ac:a8:8e:ec:6e:66 C wlan0 The first hop of "traceroute", which is 192.168.164.146, shows the router's local ip address. ┌──(kali㉿kali-raspberry-pi)-[~] └─$ traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 192.168.164.146 (192.168.164.146) 40.242 ms 41.001 ms 43.085 ms 2 121.83.171.60 (121.83.171.60) 74.412 ms 74.476 ms 76.689 ms 3 100.64.3.181 (100.64.3.181) 81.472 ms 81.503 ms 83.573 ms 4 58.191.128.178 (58.191.128.178) 86.298 ms 85.972 ms 86.346 ms 5 61.205.127.233 (61.205.127.233) 86.192 ms 87.454 ms 87.482 ms 6 203.140.81.209 (203.140.81.209) 86.012 ms 48.984 ms 55.241 ms 7 60.56.20.190 (60.56.20.190) 54.917 ms 54.165 ms 62.331 ms 8 142.250.172.36 (142.250.172.36) 62.152 ms 61.755 ms 65.046 ms 9 * * * 10 dns.google (8.8.8.8) 65.708 ms 65.737 ms 65.926 ms After piging to my laptop within the same local network, my laptop's mac address is added to the arp table. But ping is failing for some reason... ┌──(kali㉿kali-raspberry-pi)-[/var/lib/dhcp] └─$ ping 192.168.164.137 PING 192.168.164.137 (192.168.164.137) 56(84) bytes of data. ^C --- 192.168.164.137 ping statistics --- 7 packets transmitted, 0 received, 100% packet loss, time 6143ms ┌──(kali㉿kali-raspberry-pi)-[/var/lib/dhcp] └─$ arp Address HWtype HWaddress Flags Mask Iface 192.168.164.146 ether ac:a8:8e:ec:6e:66 C wlan0 192.168.164.137 ether 50:c2:e8:29:9b:cb C wlan0 Wireshark shows the arp protocol is requesting the mac address of 192.168.164.137, and the response from the router shows the mac address is 50:c2:e8:29:9b:cb. However there is no response from 192.168.164.76. 2 18.664379309 Raspberr_d3:5b:da Broadcast ARP 42 Who has 192.168.164.137? Tell 192.168.164.76 3 18.680115301 CloudNet_29:9b:cb Raspberr_d3:5b:da ARP 42 192.168.164.137 is at 50:c2:e8:29:9b:cb 4 18.680196856 192.168.164.76 192.168.164.137 ICMP 98 Echo (ping) request id=0x0002, seq=1/256, ttl=64 (no response found!) I checked my laptop's firewall configuration and enable ping echo request. Ping is now working! ┌──(kali㉿kali-raspberry-pi)-[~] └─$ ping 192.168.164.137 PING 192.168.164.137 (192.168.164.137) 56(84) bytes of data. 64 bytes from 192.168.164.137: icmp_seq=1 ttl=128 time=53.2 ms 64 bytes from 192.168.164.137: icmp_seq=2 ttl=128 time=75.9 ms 64 bytes from 192.168.164.137: icmp_seq=3 ttl=128 time=8.42 ms 64 bytes from 192.168.164.137: icmp_seq=4 ttl=128 time=42.1 ms 64 bytes from 192.168.164.137: icmp_seq=5 ttl=128 time=8.71 ms ^C --- 192.168.164.137 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 8.417/37.644/75.852/26.122 ms

I didn't know there are protocols defining the optimal path for exchanging packets between networks. It's interesting how they use different metrics(hop count, bandwidth, etc) to determine the best path.

I started studying for CCNA hoping to learn basic networking!

Link to my blog. https://illinoisfslife.com/

Here are the commands I used after finishing compiling the source code. ──(kali㉿kali-raspberry-pi)-[~/sources/linux] └─$ ls arch certs CREDITS Documentation fs init ipc Kconfig lib MAINTAINERS mm modules.builtin.modinfo modules.order net README.md scripts sound tools virt vmlinux.o block COPYING crypto drivers include io_uring Kbuild kernel LICENSES Makefile modules.builtin modules-only.symvers Module.symvers README samples security System.map usr vmlinux vmlinux.symvers ┌──(kali㉿kali-raspberry-pi)-[~/sources/linux] └─$ sudo make modules_install ┌──(kali㉿kali-raspberry-pi)-[~/sources/linux] └─$ sudo cp arch/arm64/boot/dts/broadcom/*.dtb /boot/ ┌──(kali㉿kali-raspberry-pi)-[~/sources/linux] └─$ sudo cp arch/arm64/boot/dts/overlays/*.dtb* /boot/overlays/ ┌──(kali㉿kali-raspberry-pi)-[~/sources/linux] └─$ sudo cp arch/arm64/boot/dts/overlays/README /boot/overlays/ ┌──(kali㉿kali-raspberry-pi)-[~/sources/linux] └─$ sudo cp arch/arm64/boot/Image.gz /boot/kernel-ryo-1.img ┌──(kali㉿kali-raspberry-pi)-[/boot] └─$ sudo vim config.txt # 64-bit kernel for Raspberry Pi 4 is called kernel8l (armv8a) kernel=kernel-ryo-1.img ┌──(kali㉿kali-raspberry-pi)-[/boot] └─$ sudo reboot And I got this! ┌──(kali㉿kali-raspberry-pi)-[/var/log] └─$ uname -a Linux kali-raspberry-pi 5.15.83-v8-ryos-first-kernel+ #1 SMP PREEMPT Fri Dec 16 12:25:46 UTC 2022 aarch64 GNU/Linux ┌──(kali㉿kali-raspberry-pi)-[/var/log] └─$ cat messages Dec 16 14:43:01 kali-raspberry-pi pulseaudio[968]: ICE I/O error handler called Dec 16 14:43:04 kali-raspberry-pi kernel: [ 0.000000] Hello World, I'm Ryo! Dec 16 14:43:04 kali-raspberry-pi kernel: [ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd083] Dec 16 14:43:04 kali-raspberry-pi kernel: [ 0.000000] Linux version 5.15.83-v8-ryos-first-kernel+ (kali@kali-raspberry-pi) (gcc (Debian 11.3.0-5) 11.3.0, GNU ld (GNU Binutils for Debian) 2.38.90.20220713) #1 SMP PREEMPT Fri Dec 16 12:25:46 UTC 2022 This time I was able to print during the boot up with my customized kernel! I can now try to do some work on the network stack and compile😁.

This time, I modified /arm/arm64/kernel/setup.c as below. You can find the source code here. void __init smp_setup_processor_id(void) { u64 mpidr = read_cpuid_mpidr() & MPIDR_HWID_BITMASK; set_cpu_logical_map(0, mpidr); pr_info("Hello World, its Ryo!"); pr_info("Booting Linux on physical CPU 0x%010lx [0x%08x]\n", (unsigned long)mpidr, read_cpuid_id()); } Here is the commands that I used. $ KERNEL=kernel8 $ make bcm2711_defconfig $ vim .config CONFIG_LOCALVERSION="-v8-ryos-first-kernel" $ make -j4 Image.gz modules dtbs

The packet data received by NIC is held by sk_buff(). I'm curious how packets travels from NIC to user space programs.

It's completed compiling! Here is what I did afterwards. $ make ... OBJCOPY arch/arm64/boot/Image GZIP arch/arm64/boot/Image.gz [1] + done make $ ls arch certs CREDITS Documentation fs init Kbuild kernel LICENSES Makefile modules.builtin modules-only.symvers Module.symvers README scripts sound tools virt vmlinux.o block COPYING crypto drivers include ipc Kconfig lib MAINTAINERS mm modules.builtin.modinfo modules.order net samples security System.map usr vmlinux vmlinux.symvers $ file vmlinux vmlinux: ELF 64-bit LSB pie executable, ARM aarch64, version 1 (SYSV), statically linked, BuildID[sha1]=8d74859bebe9cce14587e1b3272c7b11fe5de611, not stripped $ sudo make modules_install INSTALL /lib/modules/5.15.44-Re4son-v8l/kernel/sound/usb/misc/snd-ua101.ko INSTALL /lib/modules/5.15.44-Re4son-v8l/kernel/sound/usb/snd-usb-audio.ko INSTALL /lib/modules/5.15.44-Re4son-v8l/kernel/sound/usb/snd-usbmidi-lib.ko DEPMOD /lib/modules/5.15.44-Re4son-v8l $ sudo make install sh ./arch/arm64/boot/install.sh 5.15.44-Re4son-v8l \ arch/arm64/boot/Image System.map "/boot" run-parts: executing /etc/kernel/postinst.d/initramfs-tools 5.15.44-Re4son-v8l /boot/vmlinuz-5.15.44-Re4son-v8l update-initramfs: Generating /boot/initrd.img-5.15.44-Re4son-v8l cryptsetup: ERROR: Couldn't resolve device /dev/root cryptsetup: WARNING: Couldn't determine root device I'm having trouble installing compiled files. I did some research and boot up process is not what I thought as Rasbarry Pi does not support grub😰. I found the kernel source code for Raspberry Pi here. Another mistake that I found is that I was working on linux/arch/arm. My Raspberry Pi is 64bits machine so the directory should be under linux/arch/arm64. Glad I found this mistake before compilation. I will once again compile the source code and see how it goes😂.

Some stuff I learned about how Nmap SYN scanning works. Below is the captured packets from Wireshark. 10 13.006851 192.168.100.103 192.168.100.101 TCP 60 44276 → 445 [SYN] Seq=0 Win=1024 Len=0 MSS=1460 15 13.007423 192.168.100.101 192.168.100.103 TCP 60 445 → 44276 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 16 13.007594 192.168.100.103 192.168.100.101 TCP 60 44276 → 445 [RST] Seq=1 Win=0 Len=0 It shows that the the state of port is open as the server's reply to the nmap's SYN is SYN,ACK. You can observe that SYN scan terminates 3 way handshake by RST sent by nmap. Also, here is the source code I found which I thought might be useful for spoofing Nmap OS detection. You can find the source code here. I think the below code is the part where it specifies the window size of a packet. /* Numbers are taken from RFC3390. * * John Heffner states: * * The RFC specifies a window of no more than 4380 bytes * unless 2*MSS > 4380. Reading the pseudocode in the RFC * is a bit misleading because they use a clamp at 4380 bytes * rather than use a multiplier in the relevant range. */ __u32 tcp_init_cwnd(struct tcp_sock *tp, struct dst_entry *dst) { __u32 cwnd = (dst ? dst_metric(dst, RTAX_INITCWND) : 0); if (!cwnd) { if (tp->mss_cache > 1460) cwnd = 2; else cwnd = (tp->mss_cache > 1095) ? 3 : 4; } return min_t(__u32, cwnd, tp->snd_cwnd_clamp); }

I modified ./arch/arm/kernel/setup.c as below. You can find the source code here. void __init smp_setup_processor_id(void) { int i; u32 mpidr = is_smp() ? read_cpuid_mpidr() & MPIDR_HWID_BITMASK : 0; u32 cpu = MPIDR_AFFINITY_LEVEL(mpidr, 0); cpu_logical_map(0) = cpu; for (i = 1; i < nr_cpu_ids; ++i) cpu_logical_map(i) = i == cpu ? 0 : i; /* * clear __my_cpu_offset on boot CPU to avoid hang caused by * using percpu variable early, for example, lockdep will * access percpu variable inside lock_release */ set_my_cpu_offset(0); pr_info("Hello world, this is Ryo speaking!\n"); pr_info("Booting Linux on physical CPU 0x%x\n", mpidr); } After the above modification, I started compiling the source code as below. $ cp /boot/config-$(uname -r) .config $ sudo apt-get install git fakeroot build-essential ncurses-dev xz-utils libssl-dev bc flex libelf-dev bison $ make menuconfig No change to .config *** End of the configuration. *** Execute 'make' to start the build or try 'make help'. $ make This is going to take a while😝.

I learned that you can't use printk() during the early stage of the boot up process😅. Here is the output of /var/log/messages. ┌──(kali㉿kali-raspberry-pi)-[/var/log] └─$ cat messages Dec 11 02:00:25 kali-raspberry-pi rsyslogd: [origin software="rsyslogd" swVersion="8.2206.0" x-pid="525" x-info="https://www.rsyslog.com"] rsyslogd was HUPed Dec 11 02:27:19 kali-raspberry-pi kernel: [ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd083] Dec 11 02:27:19 kali-raspberry-pi kernel: [ 0.000000] Linux version 5.15.44-Re4son-v8l+ (root@kali-raspberry-pi) (gcc (Debian 11.2.0-19) 11.2.0, GNU ld (GNU Binutils for Debian) 2.38) #1 SMP PREEMPT Debian kali-pi (2022-07-03) Dec 11 02:27:19 kali-raspberry-pi kernel: [ 0.000000] random: crng init done Dec 11 02:27:19 kali-raspberry-pi kernel: [ 0.000000] Machine model: Raspberry Pi 4 Model B Rev 1.5 I once again gone through the source code and found that "Booting Linux on" is printed by pr_info() and Linux version 5.15.44-Re4son-v8l+ is printed by decompressor_printk(). I will go for pr_info() as it comes earlier than decompressor_printk()😝. ┌──(kali㉿kali-raspberry-pi)-[~/sources/linux-5.15.44] └─$ grep -r "Booting" . ./arch/arm/kernel/setup.c: pr_info("Booting Linux on physical CPU 0x%x\n", mpidr); ┌──(kali㉿kali-raspberry-pi)-[~/sources/linux-5.15.44] └─$ grep printk * -r | grep "decompressor_printk" arch/s390/boot/pgm_check_info.c: decompressor_printk("Linux version %s\n", kernel_version);

I check my Raspberry Pi kernel version and its 5.15.44. $ uname -r 5.15.44-Re4son-v8l+ I want to printk during the boot up process so I look through the kernel source code where "Booting Linux on..." is printed as shown below. ┌──(kali㉿kali-raspberry-pi)-[/var/log] └─$ cat messages Dec 11 02:00:25 kali-raspberry-pi rsyslogd: [origin software="rsyslogd" swVersion="8.2206.0" x-pid="525" x-info="https://www.rsyslog.com"] rsyslogd was HUPed Dec 11 02:27:19 kali-raspberry-pi kernel: [ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd083] Dec 11 02:27:19 kali-raspberry-pi kernel: [ 0.000000] Linux version 5.15.44-Re4son-v8l+ (root@kali-raspberry-pi) (gcc (Debian 11.2.0-19) 11.2.0, GNU ld (GNU Binutils for Debian) 2.38) #1 SMP PREEMPT Debian kali-pi (2022-07-03) Dec 11 02:27:19 kali-raspberry-pi kernel: [ 0.000000] random: crng init done Dec 11 02:27:19 kali-raspberry-pi kernel: [ 0.000000] Machine model: Raspberry Pi 4 Model B Rev 1.5 Seems like "Booting Linux on..." is printed by pr_info(), not printk(). Not yet sure where the first printk() is... You can find the source code for version 5.15.44 here.

Today I inserted a kernel module which simply prints "Hello Ryo!" under /var/log/messages. Here is the c program. int init_module(void) { //printk(KERN_INFO "Hello world 1.\n"); printk(KERN_INFO "Hello Ryo!\n"); return 0; } void cleanup_module(void) { //printk(KERN_INFO "Goodbye world 1.\n"); printk(KERN_INFO "Bye Ryo!\n"); } MODULE_LICENSE("GPL"); initi_module() is used to initialize the module and cleanup_module is responsible for shutting down the module. When you are using printk(), you can give eight 8 levels of different logs at the part of "KERN_INFO". Below is the commands I used for initializing and removing the kernel. make -C /lib/modules/`uname -r`/build/ M=${PWD} modules sudo insmod hello_world.ko sudo rmmod hello_world.ko Here is the output of the above operation. Dec 12 14:21:27 kali-raspberry-pi kernel: [ 8233.939103] Hello Ryo! Dec 12 14:22:33 kali-raspberry-pi kernel: [ 8299.742310] Bye Ryo! I will start looking into where I can printk() inside the kernel source code during the boot up process!

I've been working on TUN device for a while and thought I should look into how packets are handled within the kernel. TUN device allows us to handle packets above layer 3. The corresponding entry point within the kernel is ip_rcv() whih can be found here. ip_local_deliver_finish() is the function whichis the exit of the layer 3 responsible for passing data to the layer 4 stack based on the protocol found in the ip header. You can find the function https://elixir.bootlin.com/linux/v2.6.20/source/net/ipv4/ip_input.c#L199. After ip_local_deliver_finish(), the data is sent to the function handling layer 4 protocol such as tcp_v4_rcv(), udp_rcv(), icmp_rcv(). Might be fun to customize your own network stack and make a kernel of your own😝.

I am getting used to reading the hexs shown in Wireshark. Here is the summary of what is going with the below packet sent by my TUN program. 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x89, 0x4b, 0x40, 0x00, 0x40, 0x01, 0x39, 0x59, 0xcb, 0x00, 0x71, 0x02, 0xcb, 0x00, 0x71, 0x01, 0x08, 0x00, 0x2a, 0xc7, 0x00, 0x19, 0x00, 0x07, 0xc8, 0xb6, 0x8c, 0x63, 0x00, 0x00, 0x00, 0x00, 0xaf, 0x2b, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 The first 4 bit (4 of 0x45) ・Version: the fist field tells us which IP version we are using, only IPv4 uses this header so you will always find decimal value 4 here. The first 4 bit (5 of 0x45) ・The length of the ip header. In the case of this example, 5=>5*4(bytes)=>20(bytes)=>20 pair(0x45)s, as each hex is 4 bits. ・Because of the maximum possible value f=>15, the maximum ip header length is 15*4byte=60byte. Protocol: 0x01 ・1 stands for ICMP, 6 stands for tcp, 17 stands for UDP Source and destination address: 0xcb, 0x00, 0x71, 0x02, 0xcb, 0x00, 0x71, 0x01 ・In decimal, 203.0.113.2 and 203.0.113.1 respectively.

Below is the c program for sending receiving packets using TUN device. You should comment out either the dump_packet() or send_packet(). Otherwise, the program will be sending and receiving packets of its own. void dump_packet(int fd, int count, char* buffer) { printf("the fd is %d. read %d bytes!\n", fd, count); int i; for (i=0; i IFNAMSIZ) { return 1; } // Request a TUN device: int fd = open("/dev/net/tun", O_RDWR); if (fd == -1) { return 1; } struct ifreq ifr; memset(&ifr, 0, sizeof(ifr)); ifr.ifr_flags = IFF_TUN; strncpy(ifr.ifr_name, device_name, IFNAMSIZ); int res = ioctl(fd, TUNSETIFF, &ifr); if (res == -1) { return 1; } printf("hello world\n"); //char buffer[BUFFLEN]; char *dumpbuffer = (char *) calloc(300, sizeof(char)); //char *sendbuffer = (char *) calloc(300, sizeof(char)); while (1) { ssize_t count = read(fd, dumpbuffer, 100); if (count < 0) return 1; dump_packet(fd, count, dumpbuffer); send_packet(fd); } return 0; } Wireshark shows the packet are exchanged as below. It's working! 1 0.000000000 203.0.113.2 203.0.113.1 ICMP 86 Echo (ping) request id=0x0019, seq=7/1792, ttl=64 (reply in 2) 2 0.000082333 203.0.113.1 203.0.113.2 ICMP 84 Echo (ping) reply id=0x0019, seq=7/1792, ttl=64 (request in 1)

Below is the database file which Nmap uses as a reference to packet info specific to OS. It is at /usr/share/nmap/nmap-os-db in the case of Ubuntu 20.04.4 LTS. # Linux 2.6.30-ARCH #1 SMP PREEMPT Wed Sep 9 12:37:32 UTC 2009 i686 AMD Athlon(tm) XP 2000+ AuthenticAMD GNU/Linux Fingerprint Linux 2.6.30 Class Linux | Linux | 2.6.X | general purpose CPE cpe:/o:linux:linux_kernel:2.6.30 SEQ(SP=C1-CB%GCD=1-6%ISR=C5-CF%TI=Z%II=I%TS=U) OPS(O1=M5B4NNSNW6%O2=M5B4NNSNW6%O3=M5B4NW6%O4=M5B4NNSNW6%O5=M5B4NNSNW6%O6=M5B4NNS) WIN(W1=16D0%W2=16D0%W3=16D0%W4=16D0%W5=16D0%W6=16D0) ECN(R=Y%DF=Y%T=3B-45%TG=40%W=16D0%O=M5B4NNSNW6%CC=N%Q=) T1(R=Y%DF=Y%T=3B-45%TG=40%S=O%A=S+%F=AS%RD=0%Q=) T2(R=N) T3(R=Y%DF=Y%T=3B-45%TG=40%W=16D0%S=O%A=S+%F=AS%O=M5B4NNSNW6%RD=0%Q=) T4(R=N) T5(R=Y%DF=Y%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) T6(R=N) T7(R=Y%DF=Y%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=3B-45%TG=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(DFI=N%T=3B-45%TG=40%CD=S) The Nmap source code can be found here.

I'm curious how Nmap OS detection works. Project like below is something that I am interested! https://nmap.org/misc/defeat-nmap-osdetect.html

I added the below code to the previous post to receive ICMP packets. char *buffer = (char *) calloc(150, sizeof(char)); ssize_t count = read(fd, buffer, 100); Below is how read() can be used. The read() function shall attempt to read nbyte bytes from the file associated with the open file descriptor, fildes, into the buffer pointed to by buf. In the absence of errors, or if error detection is not performed, the read() function shall return zero and have no other results. reference Below is the received packet in hex. 00 00 08 00 45 00 00 54 89 4b 40 00 40 01 39 59 cb 00 71 01 cb 00 71 02 08 00 2a c7 00 19 00 07 c8 b6 8c 63 00 00 00 00 af 2b 0a 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 The above shows that the source address is "cb 00 71 01->203.0.113.1" and the destination address is "cb 00 71 02->203.0.113.290". I'll try to send packets next time! I'm curious simply switching the source and destination address will be enough to send back the packet?

I created a TUN interface with the below c program. int main(int argc, char** argv) { if (argc != 2) return 1; const char* device_name = argv[1]; if (strlen(device_name) + 1 > IFNAMSIZ) { return 1; } int fd = open("/dev/net/tun", O_RDWR); if (fd == -1) { return 1; } struct ifreq ifr; memset(&ifr, 0, sizeof(ifr)); ifr.ifr_flags = IFF_TUN; strncpy(ifr.ifr_name, device_name, IFNAMSIZ); int res = ioctl(fd, TUNSETIFF, &ifr); if (res == -1) { return 1; } printf("the created device is only available during this program\n"); while (1) { } return 0; } The important part in the above code is below. You can provide the name of the interface to "ifr.ifr_name" and spcify whether you want the interface to be TUN or TAP with "ifr.ifr_flags". int fd = open("/dev/net/tun", O_RDWR); int res = ioctl(fd, TUNSETIFF, &ifr); There is another way of creating TUN device using ip command which is shown below. $ sudo ip tuntap add dev tun0 mode tun My next attempt is to receive and read packets using read() and send(). I also want to see how packets are being exchanged using Wireshark.

Maybe TUN/TAP is a good place to start understanding how low-level networking works?

You can check the file descriptor and associated device files with the below command. $ lsof cat 307 ryo 1w REG 8, 32 0 106248 /home/ryo/ctf/kernel/file1.txt Above shows that device files have major and minor numbers to identify the associated device drivers. You can see that 8, 32 are the major and minor number in the above case. You can check which device number has 8, 32 by the below command. /dev$ ls -la brw------- 1 root root 8, 32 Nov 23 11:51 sdc Maybe I should start looking into device drivers used for networking?

I used Wireshark to observe how packets are exchanged between client and server. Packets are sent by client form some random port. Packets are received by the server with the specified port by the running program. Client socket program written in python import socket # AF_INET refers to ipv4 # SOCK_STREAM refers to TCP protocol clientSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # 3 way handshake(SYN) as socket.SOCK_STREAM is the selected type # clientSocket.connect(('127.0.0.1', 12345)) clientSocket.connect(('192.168.50.130', 1234)) dataFromServer = clientSocket.recv(1024) print(dataFromServer.decode()) Server socket program written in python import socket s = socket.socket() port = 12345 s.bind(('', port)) s.listen(5) while True: # 3 way handshake(ACK) as socket.SOCK_STREAM is the selected type clientSocket, addr = s.accept() print(addr) clientSocket.send('Thank you for connecting'.encode()) clientSocket.close() break Packets form Wireshark 1 0.000000000 127.0.0.1 127.0.0.1 TCP 74 44070 → 1234 [SYN] Seq=0 Win=65495 Len=0 MSS=65495 SACK_PERM=1 TSval=4210716831 TSecr=0 WS=128 2 0.000113299 127.0.0.1 127.0.0.1 TCP 74 1234 → 44070 [SYN, ACK] Seq=0 Ack=1 Win=65483 Len=0 MSS=65495 SACK_PERM=1 TSval=4210716831 TSecr=4210716831 WS=128

Some stuff I learned about socket programming ・client socket socket.socket, socket.connect ・server socket socket.connect, socket.bind, socket.listen, socket.accept Client socket sends SYN with socket.connect and server socket sends ACK with socket.accept. Server socket create client-like(temporary) socket for every incoming client socket.

My 8 months video.

THIS VIDEO IS FROM YOUTUBE.

THIS VIDEO IS FROM INSTAGRAM.

THIS VIDEO IS FROM FACEBOOK.