In computer sciece:

2^10 = 1,024

* the digital approximation of the kilo-, or 1,000 multiplier, which causes a change of prefix. For example: 1,024 bytes = 1 kilobyte (or kibibyte).
* This number has no special significance to computers, but is important to humans because we make use of powers of ten.

Source: http://en.wikipedia.org/wiki/Power_of_two

Here it is:

tcpdump tcp[13] == 2

Here, tcp[13] contains the value of the 13th octet in the TCP header. And, to match only SYN packets, this value must be equal to 2 when interpreted as a 8-bit unsigned integer in network byte order.

Follow-up question: what would be the tcpdump format to see both SYN and ACK packets (but not SYN-ACK)?
Answer:

tcpdump ‘tcp[13] & 2 == 2′

To see only SYN and ACK packet (& not SYN-ACK packets) we will have to logically AND the value for the 13th octet. As it is entioned in the man pages of tcpdump:

In order to achieve our goal, we need to logically AND the binary value of octet 13 with some other value to pre‐
serve the SYN bit. We know that we want SYN to be set in any case, so we’ll logically AND the value in the 13th
octet with the binary value of a SYN:

00010010 SYN-ACK 00000010 SYN
AND 00000010 (we want SYN) AND 00000010 (we want SYN)
——– ——–
= 00000010 = 00000010

We see that this AND operation delivers the same result regardless whether ACK or another TCP control bit is set.
The decimal representation of the AND value as well as the result of this operation is 2 (binary 00000010), so we
know that for packets with SYN set the following relation must hold true:

( ( value of octet 13 ) AND ( 2 ) ) == ( 2 )

This points us to the tcpdump filter expression
tcpdump -i xl0 ’tcp[13] & 2 == 2’

Here is the command:

tcpdump ‘icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply’

Mostly in linux:

route -rn

Almost all *nix:

netsat -rn

Single quote: variables ($), backticks (“) & backslash (\) are not treated specially in single quote.
Example:

zia@lappy:~$ echo ‘$(ls -al t*)’
$(ls -al t*)
zia@lappy:~$ echo ‘`ls -lah t*`’
`ls -lah t*`
zia@lappy:~$ echo ‘`ls -lah t*` \”‘
`ls -lah t*` \”

Synopsis: with single-quote, the special characters (i.e. $, “, \ etc.) are not treated specially, they are treated literally.

Double quote: variables ($), backticks (“) & backslash (\) are treated specially or interpreted other than its literal meaning.
For example:

zia@lappy:~$ echo “$(ls -al t*)”
-rwxr-xr-x 1 zia zia 449 2006-05-03 17:07 t
-rw-r–r– 1 root root 3365 2006-03-24 12:31 target.xml
zia@lappy:~$ echo “`ls -lah t*`”
-rwxr-xr-x 1 zia zia 449 2006-05-03 17:07 t
-rw-r–r– 1 root root 3.3K 2006-03-24 12:31 target.xml
zia@lappy:~$ echo “`ls -lah t*` \”"
-rwxr-xr-x 1 zia zia 449 2006-05-03 17:07 t
-rw-r–r– 1 root root 3.3K 2006-03-24 12:31 target.xml “

Synopsis: with double quote (”"), the special characters do exactly what they are supposed to do.

A process becomes a zombie when it’s parent exits without calling wait().

Followup:
Only when the parent-process is dead, then the orphaned child-processes, zombies or not, are adopted by init. The analogy seems to be that you can adopt an orphan but not a child that has a living parent. The processes that init thus adopts will run happily until their own exit(2).

RAID 0 = striped set (no parity)
RAID 1 = mirror
RAID 5 = striped set with parity
RAID 0+1 = mirror of striped set.
RAID 1+0 = stripe of mirrors.
(Extra: RAID 10+0 = striped stripe of mirrors)

RAID 0:
A RAID 0 (also known as a striped set) splits data evenly across two or more disks with no parity information for redundancy. It is important to note that RAID 0 was not one of the original RAID levels, and is not redundant. RAID 0 is normally used to increase performance.

A RAID 0 can be created with disks of differing sizes, but the storage space added to the array by each disk is limited to the size of the smallest disk—for example, if a 120 GB disk is striped together with a 100 GB disk, the size of the array will be 200 GB.

Although RAID 0 was not specified in the original RAID paper, an idealized implementation of RAID 0 would split I/O operations into equal-sized blocks and spread them evenly across two disks. When a drive fails the file system cannot cope with such a large loss of data and coherency since the data is “striped” across all drives. Data can be recovered using special tools. However, it will be incomplete and most likely corrupt.

RAID 0 is useful for setups such as large read-only NFS servers where mounting many disks is time-consuming or impossible and redundancy is irrelevant. Another use is where the number of disks is limited by the operating system. In Microsoft Windows, the number of drive letters for hard disk drives may be limited to 24, so RAID 0 is a popular way to use more disks. It is also a popular choice for gaming systems where performance is desired, data integrity is not very important, but cost is a consideration to most users. However, since data is shared between drives without redundancy, hard drives cannot be swapped out as all disks are dependent upon each other.

RAID 1:
A RAID 1 creates an exact copy (or mirror) of a set of data on two or more disks. This is useful when read performance is more important than data capacity. Such an array can only be as big as the smallest member disk. A classic RAID 1 mirrored pair contains two disks, which increases reliability exponentially over a single disk.

RAID 1 has many administrative advantages. For instance, in some 365*24 environments, it is possible to “Split the Mirror”: declare one disk as inactive, do a backup of that disk, and then “rebuild” the mirror. This requires that the application support recovery from the image of data on the disk at the point of the mirror split. This procedure is less critical in the presence of the “snapshot” feature of some filesystems, in which some space is reserved for changes, presenting a static point-in-time view of the filesystem. Alternatively, a set of disks can be kept in much the same way as traditional backup tapes are.

RAID 5:
A RAID 5 uses block-level striping with parity data distributed across all member disks. RAID 5 has achieved popularity due to its low cost of redundancy. Generally RAID 5 is implemented with hardware support for parity calculations.

Every time a block is written to a disk in a RAID 5, a parity block is generated within the same stripe. A block is often composed of many consecutive sectors on a disk. A series of blocks (a block from each of the disks in an array) is collectively called a “stripe”. If another block, or some portion of a block, is written on that same stripe the parity block (or some portion of the parity block) is recalculated and rewritten. For small writes, this requires reading the old data, writing the new parity, and writing the new data. The disk used for the parity block is staggered from one stripe to the next, hence the term “distributed parity blocks”. RAID 5 writes are expensive in terms of disk operations and traffic between the disks and the controller.

The parity blocks are not read on data reads, since this would be unnecessary overhead and would diminish performance. The parity blocks are read, however, when a read of a data sector results in a cyclic redundancy check (CRC) error. In this case, the sector in the same relative position within each of the remaining data blocks in the stripe and within the parity block in the stripe are used to reconstruct the errant sector. The CRC error is thus hidden from the main computer. Likewise, should a disk fail in the array, the parity blocks from the surviving disks are combined mathematically with the data blocks from the surviving disks to reconstruct the data on the failed drive “on the fly”.

RAID 0+1:
A RAID 0+1 (also called RAID 01, though it shouldn’t be confused with RAID 10) is a RAID used for both replicating and sharing data among disks.

RAID 1+0:
A RAID 10, sometimes called RAID 1+0, or RAID 1&0, is similar to a RAID 0+1 with exception that the RAID levels used are reversed—RAID 10 is a stripe of mirrors.

Difference between RAID 0+1 & RAID 1+0:
The difference between RAID 0+1 and RAID 1+0 is the location of each RAID system. RAID 0+1 is not as robust as RAID 1+0 and cannot tolerate two simultaneous disk failures, if not from the same stripe.

Source: http://en.wikipedia.org/wiki/Redundant_array_of_independent_disks

use named pipes in bash, i.e.:
# diff <(process one) <(process two)

1. disk seek,
2. write to pci bus,
3. read from main memory,
4. read cpu register

In the $? variable.

For example:

zia@lappy:~$ find . -name something-that-cant-be-found
zia@lappy:~$ echo $?
1

AWK is a general purpose computer language that is designed for processing text-based data, either in files or data streams.

AWK is an example of a programming language that extensively uses the string datatype, associative arrays (that is, arrays indexed by key strings), and regular expressions.

Source: http://en.wikipedia.org/wiki/Awk

A “hard link” is another name for an existing file; the link and the
original are indistinguishable. Technically speaking, they share the
same inode, and the inode contains all the information about a
file–indeed, it is not incorrect to say that the inode _is_ the file.
On all existing implementations, you cannot make a hard link to a
directory, and hard links cannot cross filesystem boundaries.

“Symbolic links” (”symlinks” for short), on the other hand, are a
special file type (which not all kernels support: System V release 3
(and older) systems lack symlinks) in which the link file actually
refers to a different file, by name. When most operations (opening,
reading, writing, and so on) are passed the symbolic link file, the
kernel automatically “dereferences” the link and operates on the target
of the link. But some operations (e.g., removing) work on the link
file itself, rather than on its target.

From Wikipedia:

umask (abbreviated from user file creation mode mask) is a function on POSIX environments which sets the default file system mode for newly created files of the current process. The umask value can be interpreted in two ways: (note that umasks must always be calculated in octal)

- as a result of the bitwise exclusive OR operation of the argument and the full access mode 777.

- as a result of the bitwise AND of the unary complement of the argument (using bitwise NOT) and the full access mode 777.

Most Unix shells provide an umask command which affects all child processes executed in this shell.

From linux man pages:

umask [-p] [-S] [mode]
The user file-creation mask is set to mode. If mode begins with a digit, it is interpreted as an octal number; otherwise it is interpreted as a symbolic mode mask similar to that accepted by chmod(1). If mode is omitted, the current value of the mask is printed. The -S option causes the mask to be printed in sym‐bolic form; the default output is an octal number. If the -p option is supplied, and mode is omitted, the output is in a form that may be reused as input. The return status is 0 if the mode was successfully changed or if no mode argument was supplied, and false otherwise.
Note: umask is a shell built-in.

For example, if umask is set to ‘022′ (default for linux), then:

the umask value masks the permissions value of 666 for a file and 777 for a direc-
tor y. The umask value of 022 results in permission for a directory of 755 (rwxr-xr-x).
That same umask results in a file permission of 644 (rw-r–r–). (Execute permissions
are off by default for regular files.)

RELATED Question: Why Can’t I Create a File That Is Executable by Default?

Answer:
Within UNIX, system calls have base permissions (sometimes referred to as “default permissions”) with which to create new files and directories. For directories the base permissions are (octal) 777 (rwxrwxrwx), and for files they are 666 (rw-rw-rw). Before creating the file or directory, the base permissions are compared to a mask (the umask set by the umask command) that will “mask out” permission bits to determine the final permissions for the object being created. The calculation to determine the final permissions is to take the binary of the base permissions and perform a logical AND operation on the ones complement representation of the binary umask.

Just for fun, here is an example for creating a file with a umask of 022: The binary representation for octal 022 is 000010010. The ones complement simply inverts the numbers to make zeros equal ones and ones equal zeros, resulting in 111101101. Now if you perform a logical AND with the base permissions of 666 (binary 110110110) you end up with 644 (binary 110100100), as in the following example:

110110110 base permissions of 666
111101101 ones complement of a umask of 022
——— perform logical AND, two 1s equal 1,
everything else equals 0
110100100 This converts to octal 644 which is rw-r–r–

Source: Sun BigAdmin.

That would be:

root@lappy:~# !!

Works in every OS if you are in bash.

That would be , press ESC and then ?. for example:

root@lappy:~# echo $(ESC+?)

will show all shell variables.

Typically an inode would have the following attributes:
* The length of the file in bytes.
* Device ID (this identifies the device containing the file).
* The User ID of the file’s owner.
* The Group ID of the file.
* An inode number that identifies the file within the filesystem.
* The file mode, which determines what users can read, write, and execute the file.
* Timestamps telling when the inode itself was last changed (ctime), the file content last modified (mtime), and last accessed (atime).
* A reference count telling how many hard links point to the inode

Follow-up question: What command or system call would you use to see all the inode info for a given filename with full pathname?
Answer:
For Linux:
~~~~~~~~
zia@lappy:~$ stat ~/.bash_history
File: `/home/zia/.bash_history’
Size: 10090 Blocks: 24 IO Block: 4096 regular file
Device: 301h/769d Inode: 588722 Links: 1
Access: (0600/-rw——-) Uid: ( 1000/ zia) Gid: ( 1000/ zia)
Access: 2006-04-13 17:04:03.000000000 +0800
Modify: 2006-04-13 16:16:34.000000000 +0800
Change: 2006-04-13 16:16:34.000000000 +0800

For FreeBSD:
~~~~~~~~~~
[root@zia root]# stat ~/.bash_history
88 2003802 -rw——- 1 root wheel 8000484 6624 “Apr 13 17:01:31 2006″ “Apr 13 02:28:11 2006″ “Apr 13 02:28:11 2006″ “Apr 13 17:09:24 2006″ 4096 16 0 /root/.bash_history

or to output in linux format:

[root@zia root]# stat -x ~/.bash_history
File: “/root/.bash_history”
Size: 6942 FileType: Regular File
Mode: (0600/-rw——-) Uid: ( 0/ root) Gid: ( 0/ wheel)
Device: 0,88 Inode: 2003802 Links: 1
Access: Thu Apr 13 17:09:23 2006
Modify: Thu Apr 13 17:09:24 2006
Change: Thu Apr 13 17:09:24 2006

An inode or i-node is a data structure on a traditional Unix-style file system such as ext2. An inode stores basic information about a regular file, directory, or other file system object.

From the “Kernel Hacker’s Guide (KHG)”:
Each file is represented by a structure, called an inode. Each inode contains the description of the file: file type, access rights, owners, timestamps, size, pointers to data blocks. The addresses of data blocks allocated to a file are stored in its inode. When a user requests an I/O operation on the file, the kernel code converts the current offset to a block number, uses this number as an index in the block addresses table and reads or writes the physical block.

Follow-up question: what key piece of information about a file is not stored in the inode?
Answer: filename - that is stored in the directory.

Followup of above follow-up: what are directories then?
Answer: Directories are implemented as a special type of files. Actually, a directory is a file containing a list of entries. Each entry contains an inode number and a file name. When a process uses a pathname, the kernel code searchs in the directories to find the corresponding inode number. After the name has been converted to an inode number, the inode is loaded into memory and is used by subsequent requests. (From KHG)

The following command will suffice in most Unix, including FreeBSD & Solaris:

tr '\\' '/'

To find files:

/usr/bin/find / -type f \( -perm -2 -o -perm -20 \) -exec ls -la {} \;

To find direectories:

/usr/bin/find / -type d \( -perm -2 -o -perm -20 \) -exec ls -la {} \;

/usr/bin/find / -type f \( -perm -004000 -o -perm -002000 \) -exec ls -la {} \;

Linux:

route -n

or

netstat -rn

FreeBSD/Solaris:

netstat -rn

Source: me.

Nslookup is a program to query Internet domain name servers. Nslookup has two modes: interactive and non-interac‐tive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain.

Source: man nslookup.

Files with the SUID or SGID bit set execute with privileges of the owning user or group and not the user executing the file. Normally these bits are used on files that must run as root in order to do what they do. These files can lead to local root compromises (if they contain security holes).

Source: http://www.gentoo.org/doc/en/security/security-handbook.xml?full=1

Follow-up question: What is SUID and SGID?

SUID stands for Set User ID. This means that if the SUID bit is set for any application then your user ID would be set as that of the owner of application/file rather than the current user, while running that application. That means in case I have an application whose owner is ‘ root ‘ and it has its SUID bit set, then when I run this application as a normal user, that application would still run as root. Since the SUID bit tells Linux that the the User ID root is set for this application and whenever this application executes it must execute as if root was executing it (since root owns this file).

Just like SUID, setting the SGID bit for a file sets your group ID to the file’s group while the file is executing. IT is really useful in case you have a real multi-user setup where users access each others files. As a single homeuser I haven’t really found a lot of use for SGID. But the basic concept is the same as the SUID, the files whose SGID bit are set would be used as if they belong to that group rather than to that user alone.

From Gentoo Security doc:
Files with the SUID or SGID bit set execute with privileges of the owning user or group and not the user executing the file. Normally these bits are used on files that must run as root in order to do what they do. These files can lead to local root compromises (if they contain security holes). This is dangerous and files with the SUID or SGID bits set should be avoided at any cost.

Once in a while (or maybe regularly) you may want to upgrade the Ports tree (/usr/ports collection). The easiest way to do this is to use cvsup. Here’s the command:

/usr/local/bin/cvsup -g -L 2 /etc/ports-supfile

After upgrading you *_MUST_* update the ports index file and the database file (INDEX.db) by issuing this command:

/usr/local/sbin/portsdb -Uu

There are several ways to search for a package in FreeBSD ports collection. I will list each one of them one by one here.

1. From the FreeBSD ports website.

2. Using the make search method:

cd /usr/ports
make search name=program-name

For a keyword search use:

make search key=string


3. Using the plain old find command:

cd /usr/ports
find . -name "*program-name/keyword*"