Lesson Plans/Ubuntu/Lesson 4

From Vista Ridge Cyberpatriot
Jump to navigation Jump to search
  1. As Linux systems launch different commands during and after the system boots, every command run is also known as a “process” and is associated with what is called a “process id”. The very first process that will start on the system will always be process id 0 and all other processes will spawn from that. You can use this concept to track down every process running on a system and what process spawned it. You can use the “ps -ef” command to see a list of all of the processes running on your system. The UID column tells you which user the process is running as. The PID column is the process ID of the process. The PPID is the parent process ID aka. the process that spawned this one. You’ll also see columns for the start time, terminal (TTY), and then the command itself (CMD). What is the process ID of the SSH daemon for the terminal session of your user (ssh: cyberpatriot@pts)? What are all of its parent processes?
  2. On Linux systems you can use the “tail” command to view the last few lines of a file. You can add the “-f” flag to it and it will follow the log file. In other words, as new items are added to the file, you will see them displayed. You can use this on a log such as /var/log/syslog or /var/log/auth.log to view system events or authentication events.
  3. If you append an ampersand (&) to the end of any command you run, it tells the system that you want that command to run in the background. If you were to run one of the tail commands in #2 with the ampersand at the end, it will display to your screen any time the log changes, but still allow you to run new commands in the foreground. See if you can run the “ps -ef” command in #1 to find the process ID of the command that you ran in the background. Now, let’s say you don’t want that command to run in the background anymore. You can stop any running process with the “kill” command. Sometimes this is necessary if the process is no longer responding (referred to as “defunct” or a “zombie” process). You can run the “kill -L” command to view all of the different signals that you can send to a process when you kill it. If all else fails, running “kill -9” should get it to stop. If it doesn’t, then you probably need to reboot. Go ahead and kill the “tail” process that is now running in the background.
  4. Ubuntu systems are commonly used to host a wide variety of what we call “services” for others to use. These services can range from serving up web pages (a “web server”) to sending or receiving emails (an “email server”) and just about anything else you can imagine. Every system has what are known as “ports” that these services run on. In order for another system to know where to communicate with the service, it has to know the port number that it runs on. Wikipedia has an excellent list of TCP and UDP port numbers that you can check out to see common ports and services. That said, just because something is running on one of these ports doesn’t mean that it has to be the service listed here. Likewise, any service could potentially be run on any port on the system. Because the port number is an unsigned 16-bit integer, the highest available port number that can be represented is 65535. You can use the “netstat” command in Linux to print a list of all network connections, routing tables, and more. Add the “-l” flag to show only the listening sockets. Use the “-n” flag to show numerical addresses instead of trying to determine the symbolic host, port or user names. Use the “-t” flag to narrow the results to only TCP. Use the “-p” command to get the list of processes and process ID’s that are associated with the ports. Which PID/Program names are currently listening for connections on your system? What are they used for?
  5. You’ll notice that there are two types of ports referred to as “TCP” and “UDP”. The difference between these is that TCP ports create a persistent stateful connection where both sides are talking to each other while UDP ports receive data without any sort of acknowledgement back to the sender about it being received. Most of the web services that you’re familiar with will run on TCP ports, but some stuff, such as streaming media services, utilize UDP. This is because they don’t care whether or not you received the data and it is far more efficient for them to just continue sending it hoping you’ll pick right back up after whatever you missed. You can use netstat’s “-u” flag instead of “-t” to see any UDP ports listening. Or, if you want to see both, use the “-a” flag. Are there any UDP services running on your system, and if so, what are they?
Retrieved from "https://cypat.rainbowunicorn.org/index.php?title=Lesson_Plans/Ubuntu/Lesson_4&oldid=95"