This is a quick guide to some not so obvious command-line options available in the Linux netstat(8) command. I hope you enjoy it.

1. Plain old netstat

Without any command-line arguments, “netstat” shows a list of network connections in your system, including TCP, UDP and UNIX socket connections.

If you want to speed up things a bit, use “-n” (numeric) to prevent network lookups and display IP and port numbers instead of names.

2. Seeing all connections with “netstat -a”

Just like the above, but shows all connections, including those in the LISTEN state. Good when you want to see all connections in one shot.

3. What I am listening to? “netstat -l”

Many people type “netstat -a | grep -i LISTEN”, but “netstat -l” will do the same: filter the output to show sockets in the LISTEN state only. Very useful to quickly see what is being “served” in your box. You can combine this with “-u” to only show UDP connections or “-p” to restrict the output to TCP connections only.

4. Who’s using that socket? “netstat -p”

With “-p”, netstat shows what program/pid is using a given socket. Very handy to find out who’s listening on a port or holding a connection open. A personal favorite of mine is “netstat -lput”, which displays all TCP and UDP sockets in the LISTEN state, plus the name and pid of the program listening on that socket.

5. Details, lots of details: “netstat -e”

If you really want to see what’s going on, add the “-e” command-line switch to your netstat command. It will cause “extra” information to be printed, such as the username, process name and pid, and the inode number of each of your sockets.

6. Dial “o” for obscure: “netstat -o”

The “-o” command-line option causes the TCP timers to be displayed next to the connection. If you’re not into TCP/IP, the extra information will not make sense. For those who are, you’ll be able to see your TCP timers in real-time, and follow the progress of things like the KeepAlive timer, for instance. For a real treat, use “watch netstat -to”, sit down and watch the blinkenlights.

7. Interface status with “netstat -i”

Shows the status of your interfaces. Very handy to make sure everything is going smooth on the hardware side of things. Keep an eye on the ERR, DRP and OVR counters, as they can indicate trouble (10/100 mismatch anyone?).

8. Continuous display: “netstat -c”

Makes netstat display output continuously. This command-line option can be used with any other form of netstat. I’d suggest using the “watch” command instead.

9. TCP/IP statistics: “netstat -s”

Shows statistics about your TCP/IP stack. Requires deeper knowledge of the protocols to make some sense of it, but can be used by anyone to impress (scare?) friends, relatives and prospect girlfriends.

10. Boooooring: “netstat -r”

Use “ip route” instead of “netstat -r” to look cool and hip, and say “netstat is sooo 1975” when somebody asks why you’re doing that.

[Permalink] | | | | |

While strolling across digg, I found an entry on How to transform your caps-lock into a third Control key. It basically introduces a program, called waNOCAPS, that modifies some entries in the Windows registry to do its deed.

But, can you do that in Linux/X? The answer is yes, and you don’t even need to download a program, or poke into undocumented areas of your operating system.

Unlike Windows, all the infrastructure to remap the keyboard is already embedded in the X11 server. The program to modify key and button mapping in X11 is called “xmodmap”, and comes pre-installed. All you have to do is to open a terminal window and type:

xmodmap -e 'remove Lock = Caps_Lock'
xmodmap -e 'keysym Caps_Lock = Control_L'
xmodmap -e 'add Control = Control_L'

From this point on, your “Caps-Lock” key should behave just like another “Control” key.

But wait, what does that mean? THAT YOU WOULD HAVE TO HOLD SHIFT TO YELL ONLINE? Only if you want! You can remap the right Control key to be your new caps lock:

xmodmap -e 'remove Control = Control_R'
xmodmap -e 'keysym Control_R = Caps_Lock'
xmodmap -e 'add Lock = Caps_Lock'

If you prefer to leave the right Control key alone and use the right “Windows” key as your new Caps-Lock key, use the commands below instead:

xmodmap -e 'keysym Super_R = Caps_Lock'
xmodmap -e 'add Lock = Caps_Lock'

Needless to say, this will only work if your keyboard has a “Windows” key (a distant relative of the infamous “any” key) :)

Note that none of the changes above is permanent. The method to make them permanent will vary according to your distribution of Linux and how you invoke X11. In Ubuntu, for instance, all you have to do is to use “pico”, “nano”, “vi”, or your editor of choice to add the lines below to a file called “.profile” under your home directory (create the file, if necessary):

if [ $DISPLAY ]
then
  # Add the 3 lines below to Convert caps-lock into Control
  xmodmap -e 'remove Lock = Caps_Lock'
  xmodmap -e 'keysym Caps_Lock = Control_L'
  xmodmap -e 'add Control = Control_L'

  # Add the 3 lines below to use the Right-Control as Caps-Lock
  xmodmap -e 'remove Control = Control_R'
  xmodmap -e 'keysym Control_R = Caps_Lock'
  xmodmap -e 'add Lock = Caps_Lock'

  # Or add the 3 lines below to use the right Windows key as Caps-Lock
  xmodmap -e 'keysym Super_R = Caps_Lock'
  xmodmap -e 'add Lock = Caps_Lock'
fi

Log out of your session and log back in. You should now be able to enjoy your new keyboard layout.

[Permalink] | | | | |

This is a very brief HOWTO on how to capture Youtube and Google videos to your computer, saving them as AVI files encoded in the MPEG4 format, using only one command (actually, a few commands that you can cut & paste from this page).

Unlike most other articles around the net on this subject, this does not require the specialized plugins for Firefox or programs. All you need is a Linux workstation running any fairly recent Linux distro, and FFMpeg.

Step 1 — Make sure you have what you need

You need to be running Firefox. You’ll also need FFMpeg. To check if you have FFMpeg installed, just type “ffmpeg —version” at the shell prompt. You should see something like this:

$ ffmpeg --version
ffmpeg version CVS, build 3276800, Copyright (c) 2000-2004 Fabrice Bellard
(...) (many other lines removed)

If you don’t see the above, you’ll need to install ffmpeg. In Ubuntu and most other Debian variants, all you need is “apt-get install ffmpeg”. The installation procedure for other distributions of Linux will vary.

Step 2 — Locate and playback the content

Fire up Firefox and go to the website of your choice (usually Google Videos or Youtube). Select and play the movie you want. Allow the movie to end normally (this will guarantee that we have a fresh copy of the movie in the Firefox cache.)

Step 3 — Convert and save

Open command prompt and cut/paste the following into it:

ffmpeg -i "$(find ~/.mozilla -regex '.*Cache.*' -a -not -regex \
  '.*_CACHE_.*' -printf '%T+ %p\n' | \
  sort -n | awk '{ print $2 }' | xargs file | \
  grep -i "Video" | tail -1 | awk -F : '{ print $1 }')" \
  -vcodec msmpeg4v2 -b 200 -ab 64 -ar 22050 -s 320x240 \
  /tmp/video.avi

You should see something like:

Input #0, flv, from '/home/youruser/.mozilla/firefox/randomnumber/Cache/5D2BD385d01':
  Duration: N/A, bitrate: N/A
  Stream #0.0: Audio: mp3, 22050 Hz, mono
  Stream #0.1: Video: flv, yuv420p, 320x240, 1000.00 fps
Output #0, avi, to '/tmp/output3.avi':
  Stream #0.0: Video: msmpeg4v2, yuv420p, 320x240, 25.00 fps, q=2-31, 200 kb/s
  Stream #0.1: Audio: mp2, 22050 Hz, mono, 64 kb/s
Stream mapping:
  Stream #0.1 -> #0.0
  Stream #0.0 -> #0.1
Press [q] to stop encoding

And a frame counter. At this point, FFMpeg is converting your movie to mpeg4. This will take a while, depending on the speed of your computer and the length of the movie.

When the bash prompt returns, you’ll have your file encoded as “/tmp/video.avi”.

Troubleshooting and optimizations

Despite its intimidating look, the script above does something very simple: it locates Firefox’s cache directory and encodes the most recent file that looks like a “Macromedia Video” file. There’s not a lot of intelligence to it, and a few things can go wrong.

Remember that only the most recent file is encoded. Thus, if you watch one video and watch another, the first one will not be encoded. Worse yet, if you try to watch the first video again, it’s already in the cache, so it won’t be reloaded. As a result, it will never be the “newest file” in the cache again. To fix this, on Firefox, click on “Edit->Preferences->Privacy->Cache” and then click on the “Clear Cache Now” button. Reload the desired video and repeat the procedure.

Another problem is that there are a number of versions of ffmpeg floating around. Yours may have a slightly different syntax, so YMMV.

If you intend to run the program more than once, it may be a good idea to save it into a shell script. To do that, cut & paste the commands into a file called “/usr/local/bin/ffcap”. Then, turn on the executable bit on this file with:

 chmod 755 /usr/local/bin/ffcap

And you should be able to run all the shenanigans above just by type “ffcap” at the bash prompt.

You may also want to tweak the compression parameters or change the output codec. More compression means lower quality, but smaller resulting files. Check ffmpeg’s documentation for that.

If you’re using Gnome, you may want to change the output file from “/tmp/video.avi” to something like “~/Desktop/video.avi”. This will make the video appear on your Gnome desktop when processing is finished. If you save the commands into a script (see above), you may even create an icon in your desktop pointing to the script, so capturing videos is only a click away.

[Permalink] | | | | |

I’ve spent quite some time trying to make Cisco’s “vpnclient” work under Ubuntu. I’ve seen a lot of posts on the Internet about it, but not a single one with a comprehensive solution. I’ll try to summarize (in a nutshell) what I’ve been through, hoping it will help the next guy (or girl).

First, it’s important to remember that Cisco’s VPNClient is not an open source solution — it just integrates with open source. The installation procedure needs to compile a module that matches the current Linux kernel configuration, and that usually needs a properly configured kernel source under “/usr/src/linux”.

As a practice, I always keep a compiled version of my current kernel under “/usr/src/linux”. This is helpful, as many important configuration files and headers are generated during this process. You’ll need a configured kernel to install most “semi-open” Linux modules.

There are lots of references on how to compile a kernel on Debian (or Ubuntu), and I assume if you’re installing a VPN client, you know how to find your way around. Just remember that your kernel source must match your currently running kernel and you must compile the Cisco client using the same version of gcc that was used to compile the kernel (Hint: “cat /proc/version” will tell you what was used to compile the current kernel, and “gcc -v” will tell you what is your current version of gcc).

Another source of confusion is that changes have been made to the 2.6 kernel series that make it impossible to compile the Cisco VPN client. Fortunately, Cisco already adapted to the ever-changing 2.6 kernel and released version 4.8 of their Cisco VPN software. Make sure you have version 4.8, or you’ll need to patch your VPN Client source.

Once all that is at hand, just unpack the Cisco VPN tarball, enter the VPN directory and, as root, execute “./vpn_install”. Answer the script’s questions (the default is usually fine) and the installer will do everything for you. Make sure you have some profiles under “/etc/CiscoSystemsVPNClient/Profiles” to play with.

One unexplained source of headaches for me was the VPN Certificate Store. I’ve installed older versions of the Cisco VPN Client literally dozens of times, and I usually copy the “/etc/CiscoSystemsVPNClient/Certificates” directory freely from one computer to another. Interestingly enough, and for some unexplained reason, this did not work for the current version of vpnclient. If your vpnclient works without certificates but always fails when you try a connection using certificates, you may want to “export” your certificates on a computer where it is running and re-import them into your Linux box. You can do this type “ciscocertmgr -U -op import” to import the user’s certificate. Substitute the “-U” in the previous command by “-R” to import the root certificate (usually your firewall’s certificate).

A final word: The logging facilities of the Cisco VPN client for Linux are not intuitive at all. By reading the documentation, you’re left with the impression that turning logging alone in the “vpnclient.ini” file is enough to get some kind of “binary” logs, which are then translated by “ipseclog” into something readable. This is not true. In reality, you must be running “ipseclog filename” to get logs. The VPN client will connect to the “ipseclog” program, which generates the physical log files.

I hope this will help you spend less time configuring your VPN client than I had to. :)

[Permalink] | | | | |

Let’s face it: Everyone has something to hide. Be it your bank and credit card PINs, business trade secrets or other, let’s say, “sensitive information” [wink wink], there’s a big chance you have files in your hard-drive you’d rather keep hidden from curious eyes.

The answer to the problem is strong cryptography, and in this article, we’ll discuss a way to not only encrypt individual files, but whole filesystems.

Like many other Linux articles in this site, this one is a little “Debian centric”. The procedures should be applicable to other distributions without many modifications. Make sure you have the equivalent packages if you use a different distribution of Linux.

For our purposes, we’ll be using the AES encryption and a modified version of the “loop” module with AES support. We’ll also be using modified versions of mount, umount and losetup.

What you need

You’ll need the following packages (again, if you’re not using Debian, your mileage may vary):

1. loop-aes-utils: This package contains modified versions of mount(8), umount(8), swapon(8), swapoff(8) and losetup(8) from util-linux. Installing it should create a diversion from your ‘util-linux’ packages.

2. loop-aes-source: This package contains a version of the ‘loop’ device with embedded AES cryptography.

3. The source code for your kernel installed and properly configured.

Installation

The first step is to create the appropriate modules.

The loop-aes-source package will install a tar.gz file under /usr/src containing the source code for the AES crypto module. Unpack this file under /usr/src. This will create a new module directory under /usr/src/modules.

It’s now time to create a new kernel module. Change your directory to /usr/src/linux and type make-kpkg modules_image. If everything works well, you’ll end up with a “.deb” file for the AES module under your /usr/src directory. Install this file with “dpkg -i filename.deb”.

Usage

The first step is to create a “container” for our encrypted filesystem. In our example, we’ll create it as a file inside your regular filesystem. You can also use a partition, if your hard-drive has unallocated space.

To create a 10MB AES encrypted file:

dd if=/dev/urandom of=/tmp/crypto.img bs=1k count=10k
losetup -e aes /dev/loop0 /tmp/crypto.img
mke2fs /dev/loop0
losetup -d /dev/loop0

Enter a 20 character password to protect this encrypted volume. This is an annoying limitation, and we’ll discuss a better way to do things further down.

The steps above should be executed only once. Note that executing these steps on a file or partition containing data will cause loss of information. Be careful!

Once the encrypted container has been created, we need to mount it before we can use it. In our case, let’s use /mnt/crypt:

losetup -e aes /dev/loop0 /tmp/crypto.img
mount /dev/loop0 /mnt/crypt

Note that losetup only establishes the algorithm and password used to access the loop device. If you supply the incorrect password and try to mount the device, bad things will happen. No checking is done.

To “turn off” your encrypted device:

umount /dev/loop0
losetup -d /dev/loop0

Using GPG to store the keys

Instead of typing a long password every time you start the program, you can instruct losetup to read the password from a file encrypted to you using GPG. This allows you to use a bigger and safer password for your volume, and eliminates the need to remember one more password.

The first step in that direction is to create a GPG encrypted file containing the password for your volume. As you won’t need to type this password, you can use the following trick to create a “random” password that is very difficult to guess:

ls -l /tmp | md5sum | awk '{ print $1 }' | 
    gpg -er 'youremail@yourdomain.com' >/tmp/crypto.img.gpg

And then, pass the “-K” command line option to losetup, such as:

losetup -e aes -K /tmp/crypto.img.gpg /dev/loop0 /tmp/crypto.img

Note that the “Password:” prompt from “losetup” looks exactly the same as before, but this time losetup is requesting your private GPG passphrase, not the encrypted volume password as before.

For a more “permanent” setup, you may wish to use a disk partition instead of a file, and mount the filesystem automatically after boot. Be careful not to mount this filesystem automatically from /etc/fstab, as you first need to run losetup to activate the encrypted volume!

Keywords: Linux, aes, encrypted, cryptography, filesystem

[Permalink] | | | | |