Snippets

Networking

Secure SSH Keygen

ssh-keygen -o -a 100 -t ed25519

SSH Tunnel

ssh -N -L2001:localhost:80 somemachine

Now you can access the website by going to http://localhost:2001/

SSH Proxy

ssh -q -N -D 5001 user@host
# e.g.
ssh -q -N -D 5001 pi-rt

You can now set localhost:5001 as a socks proxy in firefox and will appear like to connect from host.

SSH port forwarding

ssh -R 12345:localhost:22 example.org "sleep 1000; exit"

Forwards example.org's port 12345 to your local ssh port, even if your machine is not externally visible on the net. Now you can ssh localhost -p 12345 from example.org and you will log into your machine.

Get current (external) IP address

curl ifconfig.me

Monitor network usage and bandwith, ports, listening applications

lsof -i # monitors network connections in real time
iftop # shows bandwith usage per *connection*
nethogs #  shows the bandwith usage per *process*, linux

Google emergency DNS

  • 8.8.8.8
  • 8.8.4.4
  • 2001:4860:4860::8888
  • 2001:4860:4860::8844

Find all open SSH ports on subnet

nmap -p 22 --open -sV 192.168.1.0/24

Find authoritative nameservers for a TLD

E.g. for .io domain:

dig NS io. @k.root-servers.net.

Tcpdump

tcpdump -i en0 -w tcpdump.data dst 192.168.0.1

# filtering for address
tcpdump host 1.2.3.4
tcpdump src 2.3.4.5 dst 3.4.5.6
tcpdump net 1.2.3.0/24

# filtering for port
tcpdump port 3389
tcpdump src port 1025
tcpdump dst port 389
tcpdump src port 1025 and tcp
tcpdump udp and src port 53
tcpdump portrange 21-23

Examples

# TCP traffic from 10.5.2.3 destined for port 3389
tcpdump -nnvvS and src 10.5.2.3 and dst port 3389

# Traffic originating from the 192.168 network headed for the 10 or 172.16 networks
tcpdump -nvX src net 192.168.0.0/16 and dst net 10.0.0.0/8 or 172.16.0.0/16

# Non-ICMP traffic destined for 192.168.0.2 from the 172.16 network
tcpdump -nvvXSs 1514 dst 192.168.0.2 and src net and not icmp

# Traffic originating from Mars or Pluto that isn't to the SSH port
tcpdump -vv src mars and not dst port 22

Generate a self-signed certificate for localhost

openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Local DHCP server

How to run a DHCP server on one of your laptops Ethernet ports, e.g. for connecting to a Raspberry Pi without a router. Assumes the ethernet interface to be wlp2s0 and DHCP subet 192.168.10.x.

sudo apt install isc-dhcp-server
# set your interface
sudo nano /etc/default/isc-dhcp-server

Now, set 192.168.10.1 as static IP for your interface (via NetworkManager). Also check “Use this connection only for resources on this network” Then, edit sudo nano /etc/dhcp/dhcpd.conf and set:

default-lease-time 3600;
max-lease-time 86400;

subnet 192.168.10.0 netmask 255.255.255.0 {
    range 192.168.10.100 192.168.10.200;

    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.10.255;
    option routers 192.168.10.1;

    option domain-name "local.dev";
    option domain-name-servers 1.1.1.1, 8.8.8.8, 8.8.4.4;
}

Then, disable automatic startup and restart it:

sudo systemctl disable isc-dhcp-server.service
sudo service isc-dhcp-server restart
# might have to temp. disable ufw
sudo ufw disable

To enable routing and NAT:

# enable routing
sudo sysctl -w net.ipv4.ip_forward=1
# wlp2s0 external, enx3c18a07181d5 internal (where DHCP runs)
sudo iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE; \
sudo iptables -A FORWARD -i wlp2s0 -o enx3c18a07181d5 \
    -m state --state RELATED,ESTABLISHED -j ACCEPT; \
sudo iptables -A FORWARD -i enx3c18a07181d5 -o wlp2s0 -j ACCEPT

# to see leases:
cat /var/lib/dhcp/dhcpd.leases

Now, you can tail syslog to see clients connecting. More info: https://help.ubuntu.com/community/isc-dhcp-server

Performance/Bad network sim

Measuring network using iperf

  • On server: iperf -s
  • On client: iperf -fK -i 5 -B <if>

Programming

Creating a private fork on Github

git clone git@github.com:org/repo.git
cd repo
git remote rm origin
git remote add origin git@github.com:private-org/repo.git
git remote add upstream git@github.com:org/repo.git
git push --all
git push --tags
git fetch
git checkout -b upstream-master upstream/master
git checkout master
git checkout -b my-master
git push --set-upstream origin my-master

Updating from upstream:

git checkout upstream-master
git pull
git checkout -b master origin/master # first time
git checkout master
git merge upstream-master
git checkout my-master
git merge upstream-master
git push --all

Ruin somebodys Day (in C)

Sneak into his headers:

# define struct union
# define else

Cmake: print all variables

get_cmake_property(_variableNames VARIABLES)
foreach (_variableName ${_variableNames})
    message(STATUS "${_variableName}=${${_variableName}}")
endforeach()

Misc

Remove unwanted stuff from an Amazon Android phone

With adb shell

pm uninstall -k --user 0 com.imdb.mobile
pm uninstall -k --user 0 com.amazon.clouddrive.photos
pm uninstall -k --user 0 com.amazon.widgets
pm uninstall -k --user 0 com.amazon.mp3
pm uninstall -k --user 0 com.amazon.now
pm uninstall -k --user 0 com.amazon.dee.app
pm uninstall -k --user 0 com.amazon.drive
pm uninstall -k --user 0 com.amazon.avod.thirdpartyclient
pm uninstall -k --user 0 com.amazon.mShop.android
pm uninstall -k --user 0 com.amazon.device.information.provider
pm uninstall -k --user 0 com.amazon.phoenix
pm uninstall -k --user 0 com.amazon.alphafirstrun
pm uninstall -k --user 0 com.amazon.kindle
pm uninstall -k --user 0 com.goodreads
pm uninstall -k --user 0 com.audible.application

Show most used Commands in ZSH

cat ~/.zsh_history | iconv -f ISO-8859-1 -t UTF-8 | sed "s|sudo ||g" | cut -d ';' -f 2- | sort | uniq -c | sort -n

PDF Booklet print

apt-get install texlive-extra-utils
pdfbook <file>.pdf

Then: print <file>-book.pdf double-sided with long-edge binding.

Record screen with ffmpeg

This records with resolution 1860x1050 from offset 60,30:

sleep 5; ffmpeg -video_size 1860x1050 -framerate 15 -f x11grab -i :0.0+60,30 output.mp4

Erase/scrape/delete/shred files securely

  • srm
  • shred

On macOS: rm -P

Measure shell pipe throughput

sudo apt-get install pv
cat /dev/urandom | pv > /dev/null