In computer sciece:

2^10 = 1,024

* the digital approximation of the kilo-, or 1,000 multiplier, which causes a change of prefix. For example: 1,024 bytes = 1 kilobyte (or kibibyte).
* This number has no special significance to computers, but is important to humans because we make use of powers of ten.

Source: http://en.wikipedia.org/wiki/Power_of_two

Here it is:

tcpdump tcp[13] == 2

Here, tcp[13] contains the value of the 13th octet in the TCP header. And, to match only SYN packets, this value must be equal to 2 when interpreted as a 8-bit unsigned integer in network byte order.

Follow-up question: what would be the tcpdump format to see both SYN and ACK packets (but not SYN-ACK)?
Answer:

tcpdump ‘tcp[13] & 2 == 2′

To see only SYN and ACK packet (& not SYN-ACK packets) we will have to logically AND the value for the 13th octet. As it is entioned in the man pages of tcpdump:

In order to achieve our goal, we need to logically AND the binary value of octet 13 with some other value to pre‐
serve the SYN bit. We know that we want SYN to be set in any case, so we’ll logically AND the value in the 13th
octet with the binary value of a SYN:

00010010 SYN-ACK 00000010 SYN
AND 00000010 (we want SYN) AND 00000010 (we want SYN)
——– ——–
= 00000010 = 00000010

We see that this AND operation delivers the same result regardless whether ACK or another TCP control bit is set.
The decimal representation of the AND value as well as the result of this operation is 2 (binary 00000010), so we
know that for packets with SYN set the following relation must hold true:

( ( value of octet 13 ) AND ( 2 ) ) == ( 2 )

This points us to the tcpdump filter expression
tcpdump -i xl0 ’tcp[13] & 2 == 2’

1. disk seek,
2. write to pci bus,
3. read from main memory,
4. read cpu register

Typically an inode would have the following attributes:
* The length of the file in bytes.
* Device ID (this identifies the device containing the file).
* The User ID of the file’s owner.
* The Group ID of the file.
* An inode number that identifies the file within the filesystem.
* The file mode, which determines what users can read, write, and execute the file.
* Timestamps telling when the inode itself was last changed (ctime), the file content last modified (mtime), and last accessed (atime).
* A reference count telling how many hard links point to the inode

Follow-up question: What command or system call would you use to see all the inode info for a given filename with full pathname?
Answer:
For Linux:
~~~~~~~~
zia@lappy:~$ stat ~/.bash_history
File: `/home/zia/.bash_history’
Size: 10090 Blocks: 24 IO Block: 4096 regular file
Device: 301h/769d Inode: 588722 Links: 1
Access: (0600/-rw——-) Uid: ( 1000/ zia) Gid: ( 1000/ zia)
Access: 2006-04-13 17:04:03.000000000 +0800
Modify: 2006-04-13 16:16:34.000000000 +0800
Change: 2006-04-13 16:16:34.000000000 +0800

For FreeBSD:
~~~~~~~~~~
[root@zia root]# stat ~/.bash_history
88 2003802 -rw——- 1 root wheel 8000484 6624 “Apr 13 17:01:31 2006″ “Apr 13 02:28:11 2006″ “Apr 13 02:28:11 2006″ “Apr 13 17:09:24 2006″ 4096 16 0 /root/.bash_history

or to output in linux format:

[root@zia root]# stat -x ~/.bash_history
File: “/root/.bash_history”
Size: 6942 FileType: Regular File
Mode: (0600/-rw——-) Uid: ( 0/ root) Gid: ( 0/ wheel)
Device: 0,88 Inode: 2003802 Links: 1
Access: Thu Apr 13 17:09:23 2006
Modify: Thu Apr 13 17:09:24 2006
Change: Thu Apr 13 17:09:24 2006

An inode or i-node is a data structure on a traditional Unix-style file system such as ext2. An inode stores basic information about a regular file, directory, or other file system object.

From the “Kernel Hacker’s Guide (KHG)”:
Each file is represented by a structure, called an inode. Each inode contains the description of the file: file type, access rights, owners, timestamps, size, pointers to data blocks. The addresses of data blocks allocated to a file are stored in its inode. When a user requests an I/O operation on the file, the kernel code converts the current offset to a block number, uses this number as an index in the block addresses table and reads or writes the physical block.

Follow-up question: what key piece of information about a file is not stored in the inode?
Answer: filename - that is stored in the directory.

Followup of above follow-up: what are directories then?
Answer: Directories are implemented as a special type of files. Actually, a directory is a file containing a list of entries. Each entry contains an inode number and a file name. When a process uses a pathname, the kernel code searchs in the directories to find the corresponding inode number. After the name has been converted to an inode number, the inode is loaded into memory and is used by subsequent requests. (From KHG)

Ever got frustrated thinking “why does it take so long for Linux to reboot?”. Me too. Specially, when the server is a production server.

Well, there’s some hope. OSDL is developing a new tool that will reduce the time to reboot linux. It’s called ‘kexec‘. It’s still in development stage. But, it’s a good time to start playing with it. If you want to know more about it then check out the white paper.