June 12th, 2009
Sometimes, nothing is more convenient than to do a port scan on a machine to find out what services it offers. The nmap command is very useful to do this:
nmap -sS 192.168.1.1
Starting Nmap 4.53 ( http://insecure.org ) at 2009-06-12 10:11 MDT
Interesting ports on 192.168.1.1 (192.168.1.1):
Not shown: 1683 closed ports
PORT STATE SERVICE
1/tcp filtered tcpmux
4/tcp filtered unknown
7/tcp filtered echo
8/tcp filtered unknown
10/tcp filtered unknown
13/tcp filtered daytime
14/tcp filtered unknown
18/tcp filtered msp
19/tcp filtered chargen
21/tcp open ftp
22/tcp open ssh
23/tcp filtered telnet
25/tcp filtered smtp
53/tcp filtered domain
80/tcp open http
110/tcp open pop3
137/tcp filtered netbios-ns
194/tcp filtered irc
445/tcp filtered microsoft-ds
529/tcp filtered irc
873/tcp open rsync
994/tcp filtered ircs
1026/tcp filtered LSA-or-nterm
1434/tcp filtered ms-sql-m
4000/tcp open remoteanything
6000/tcp filtered X11
6662/tcp filtered radmind
6667/tcp filtered irc
6669/tcp filtered irc
7000/tcp filtered afs3-fileserver
32773/tcp filtered sometimes-rpc9
Nmap done: 1 IP address (1 host up) scanned in 4.500 seconds
Posted in Uncategorized | No Comments »
November 13th, 2008
Writing in Flex was a nice experience because it’s so Java-like. Then I started writing Ruby on Rail apps.
Don’t get me wrong, I definitely appreciate the power that the ruby language and RoR framework provides. But, face it, if you’re used to Java, the ruby syntax can be …hmmm…. unfamiliar.
My first obstacle was figuring out file extensions:
- .erb are embedded ruby tags, e.g. <%. May see an html.erb file.
- .rb are ruby scripts or RoR class files
- .rhtml - ruby on rails script (application/x-httpd-eruby)
That’s when I found a helpful site called filext.com which is pretty good for looking up file extensions.
Posted in Uncategorized | No Comments »
November 13th, 2008
Recently, in an Adobe Flex project running on Windows OS, I was noticing a huge delay when tearing down the process. The process used URLMonitor to access a service and, if the service was unreachable or if a timer went off, it just exited.
By the way, URLMonitor just sends out an HTTP request. In our application if the timer went off URLMonitor.stop() was called and the application exited.
Upon exit(), the application would disappear from Windows Task Manager, but the process would still be in the task list. By running a netstat, we saw that the process still held a socket in the SYN_SENT state. (For a pretty good diagram of TCP socket state machine, see wikipedia.)
In Windows, the process wouldn’t return to the OS or .bat file, until this socket state was cleared up.
Tags: Flex, HTTP request, TCP/IP, URL
Posted in Uncategorized | No Comments »
July 13th, 2008
I recently worked on a SIP B2BUA (back-to-back user agent) on a platform that was routing emergency 911 calls. The originating call used SIP protocol and the emergency service call destination used SS7 protocol, so the original SIP signaling message was translated into SIP-T with the ISUP message added to the body.
As anyone who has ever done protocol work knows, you tend to refer heavily on the RFC’s or ITU specs. Here is a list of the RFC’s that I found especially helpful when working on this SIP B2BUA project:
- RFC 3261, SIP: Session Initiation Protocol, http://www.faqs.org/rfcs/rfc3261.html
- RFC 3262, Reliability of Provisional Responses in the Session Initiation Protocol (SIP), http://www.ietf.org/rfc/rfc3262.txt
- RFC 3372, Session Initiation Protocol for Telephones (SIP-T): Context and Architectures, http://www.ietf.org/rfc/rfc3372.txt
- RFC 3204, MIME media types for ISUP and QSIG Objects, http://www.ietf.org/rfc/rfc3204.txt
- RFC 3325, Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks, http://www.ietf.org/rfc/rfc3325.txt
Posted in SIP, Telephony | No Comments »
October 13th, 2007
A common problem for people is running an executable and having it fail because it cannot find some shared library need for the executable. The best way to make sure that an executable has access to all the shared libraries it needs is the ldd command. Just run it:
terry@c103:~$ ldd /bin/bash
linux-gate.so.1 => (0xffffe000)
libncurses.so.5 => /lib/libncurses.so.5 (0xb7f07000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7f03000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7dc1000)
/lib/ld-linux.so.2 (0xb7f59000)
terry@c103:~$
If any of the libraries are not found, they will show up as missing. Use the LD_LIBRARY_PATH environment variable to add in the path to the missing libraries.
terry@c103:~$ export LD_LIBRARY_PATH=~/lib
terry@c103:~$ env | grep LD
LD_LIBRARY_PATH=/home/terry/lib
terry@c103:~$
Posted in Uncategorized | No Comments »
August 27th, 2007
The sox program is a nice simple utility for converting audio data files from one format to another. After conversion, you can use many different audio editing utilities to modify the sound and use sox to convert the sound file back to your desired format. Using this for a telephony application, you have a wav file you have edited and you want to convert it back to 1 channel of 8000 samples/sec 16bit raw audio data:
sox -t wav recv0.wav -c 1 -r 8000 -s -w recv0.raw
The sox program is available under Ubuntu as an optional package. Adobe has a nice audio editing utility, but there are some good free ones as well. Two that I’ve used include Audacity and there is an audio studio program on Sourceforge. The audio studio program is a front end for sox and very simple, but it does the job for simple work.
Posted in Uncategorized | No Comments »
July 17th, 2007
When i get on a Redhat machine, I’m always trying to remember the commands to start and stop services and configure the /etc/rc*.d directories. Supposedly, if you just create your own links or remove your own links, the operating systems can revert your work. You should use the chkconfig command to enable and disable services. For example:
chkconfig mysqld on
The service command can be used to start or stop services.
service mysqld start
instead of the old
/etc/init.d/mysqld start
The service command is not too useful, but the chkconfig command is.
Posted in Uncategorized | No Comments »
January 26th, 2007
I’ve ripped a bunch of my CDs onto my computer over the years and many of them ore in the open OGG format which doesn’t work with my iPod or Treo. I wrote a simple little script to convert the OGG files to MP3 for my phone. Since Real Player on my phone only seems to support a flat directory structure, I created the file names out of artist and song name. I just mount up the SD card, change directory to it and run the script passing the songs I want to copy on the command like. Using wild cards makes it easy. For example:
cd /media/sdcard ;
ogg2mp3 /home/terry/jukebox/Yeah_Yeah_Yeahs/Show_Your_Bones/*
The script looks like this…
USAGE=false
if [ ! -f "$1" ]
then
echo "Usage $0 sourceFiles ..."
exit 1
fi TMPFILE=/tmp/tmp$$.wav
while [ $# -gt 0 ]
do
ogg123 -d wav -f $TMPFILE "$1"
DIRNAME=`dirname "$1"`
ALBUM=`basename $DIRNAME`
TMP=`dirname $DIRNAME`
ARTIST=`basename $TMP`
MP3FILE=`basename "$1" | sed -e 's/.ogg/.mp3/' | sed -e 's/^[0-9][0-9] - //'`
OUTFILE="${ARTIST}_${MP3FILE}"
echo "-------------$OUTFILE"
lame $TMPFILE "$OUTFILE"
shift
done
rm -f $TMPFILE
Posted in Uncategorized | No Comments »
January 9th, 2007
I’m trying to generate some generic SSL certificate code for Postfix and other products. This is customized for Postfix, but it is easy to change the output files. I’ve put this together to be a cut and paste, just set the environment variables.
keyfile=/etc/ssl/private/smtpd.key
certfile=/etc/ssl/certs/smtpd.crt
pemfile= /etc/ssl/certs/cacert.pem
pass=superSecret
openssl genrsa -des3 -rand /etc/hosts -passout "pass:$pass" -out $keyfile 1024
chmod 600 $keyfile
openssl req -new -passin "pass:$pass" -passout "pass:$pass" -key $keyfile -out /tmp/.server.csr
openssl x509 -req -days 3650 -passin "pass:$pass" -passout "pass:$pass" -in /tmp/.server.csr -signkey $keyfile -out $certfile
openssl rsa -passin "pass:$pass" -in $keyfile -out /tmp/.server.unencrypted
mv -f /tmp/.key.unencrypted $keyfile
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out $pemfile -days 3650
Posted in Uncategorized | No Comments »
January 8th, 2007
If you run a server on the Internet and you do any type of security logging, you know people are constantly trying to find vulnerabilities to your site through ssh. You’ll get pages and pages of PAM authentication errors. Avoiding this is not difficult, just change the port your sshd listens on. Modify the Port parameter in /etc/ssh/sshd_conf and run /etc/init.d/ssh restart. When you log into the system, specify the port on the command line with the -p option.
ssh -p 404 www.tiptopsoftwarecompany.com
Posted in Uncategorized | No Comments »
