what is every item in the `/var/lib/misc/dnsmasq.leases`? - dns

The context in /var/lib/misc/dnsmasq.leases like below
1646438467 12:03:f2:19:41:4d 192.168.4.239 * 01:12:03:f2:19:41:4d
lease time: 1646438467
MAC address: 12:03:f2:19:41:4d
IP address: 192.168.4.13
hostname: *
but what is the 01:12:03:f2:19:41:4d? It likes like 01: and Mac address
https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html does not mention that

Related

How to get names of devices in your local network using node js

I need to get HueBridge IP address in my app in node js, I would like to scan the whole network and then search for the name "Hue Bridge" or something similar, I found npm package named 'local-devices', but it doesn't return a device name for me for some reason.
const find = require('local-devices');
find().then(devices => {
console.log(devices)
})
Output:
[
{ name: '?', ip: '192.168.1.72', mac: 'secret_mac'},
{ name: '?', ip: '192.168.1.116', mac: 'secret_mac'},
{ name: '?', ip: '192.168.1.117', mac: 'secret_mac'}
]

return only part of Whois information

Hi we are trying to use NodeJS to return IP address WHOIS information before we send the requesting IP address to the rest of our app - That part is easy.
However the part that is not easy is, selecting only the Organization part of the whois information.
for example this is a whois and what it returns
whois 137.184.236.168
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.arin.net
inetnum: 137.0.0.0 - 137.255.255.255
organisation: Administered by ARIN
status: LEGACY
whois: whois.arin.net
changed: 1993-05
source: IANA
# whois.arin.net
NetRange: 137.184.0.0 - 137.184.255.255
CIDR: 137.184.0.0/16
NetName: DIGITALOCEAN-137-184-0-0
NetHandle: NET-137-184-0-0-1
Parent: NET137 (NET-137-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS14061
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2019-11-13
Updated: 2020-04-03
Comment: Routing and Peering Policy can be found at https://www.as14061.net
Comment:
Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse
Ref: https://rdap.arin.net/registry/ip/137.184.0.0
OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: FL2
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2022-05-19
Ref: https://rdap.arin.net/registry/entity/DO-13
OrgAbuseHandle: ABUSE5232-ARIN
OrgAbuseName: Abuse, DigitalOcean
OrgAbusePhone: +1-347-875-6044
OrgAbuseEmail: abuse#digitalocean.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN
OrgTechHandle: NOC32014-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-347-875-6044
OrgTechEmail: noc#digitalocean.com
OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
OrgNOCHandle: NOC32014-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-347-875-6044
OrgNOCEmail: noc#digitalocean.com
OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
The only thing we are interested in is Organization: DigitalOcean, LLC (DO-13)
As we want to drop all IP addresses from this host provider.
We noticed that we have been successful at stopping Google and AWS via using host command but Digital Ocean does not work this way and we need to do it via Whois.
I know in NodeJS I would request the information
exec("whois "+ip, (error, stdout, stderr) => {
console.log(stdout);
}
Could use a regular expression:
const organizationPattern = /^organization:\s*(.+)$/im;
const match = organizationPattern.exec(stdout);
const organization = match ? match[1] : 'unknown';
console.log(organization);

How to find and replace string using groovy script

I need to search some text from file and replace with other string using Groovy script. I am explaining my file below.
test.yml:
devices:
test-server:
type: test1
os: test
tacacs:
username: admin
passwords:
tacacs: admin
connections:
defaults:
class: unicon.Unicon
cli:
protocol: ssh
ip: 1.1.1.1
port: 2024
rest:
protocol: http
ip: 1.1.1.1
port: 8080
username: admin
password: admin
RFS1:
type: test
os: test
tacacs:
username: admin
passwords:
tacacs: admin
connections:
defaults:
class: unicon.Unicon
cli:
protocol: ssh
ip: 1.1.1.1
port: 2024
rest:
protocol: http
ip: 4.4.4.4
port: 8080
username: admin
password: admin
RFS2:
type: test
os: test
tacacs:
username: admin
passwords:
tacacs: admin
connections:
defaults:
class: unicon.Unicon
cli:
protocol: ssh
ip: 1.1.1.1
port: 2024
rest:
protocol: http
ip: 6.6.6.6
port: 8080
username: admin
password: admin
Here I need to search the IP which is under devices:/test-server:/connections:/cli:/ip: 1.1.1.1 with some new charcter like ip:10.10.10.10 using groovy script. I am using below code.
def myFile = new File("test.yml")
def fileText = myFile.text
fileText = (fileText =~ /ip:1.1.1.1/).replaceFirst("ip:10.10.10.10")
myFile.write(fileText)
Here my issue is its replacing the required string in whole file where ip:1.1.1.1 is present but I need to replace under devices:/test-server:/connections:/cli:/ip: 1.1.1.1. Please help me to resolve this issue.
A better way to do this is to simply do YAML parsing, manipulating the object, and saving back to the file.
Here's an example using Jackson:
#Grab(group='com.fasterxml.jackson.dataformat',
module='jackson-dataformat-yaml',
version='2.12.2')
def myFile = new File("test.yml")
def om = new com.fasterxml.jackson.databind.ObjectMapper(
new com.fasterxml.jackson.dataformat.yaml.YAMLFactory());
def value = om.readValue(myFile, Map)
value['devices']['test-server']['connections']['cli']['ip'] = '10.10.10.10'
That replaces the value in the in-memory object. You can then just save that back to a file, with something like:
om.writeValue(myFile, value)

Regex over multiple lines with \n

In the following code I would like to capture the instance ID and then the body underneath it. The pattern is recurring so that there are multiple instances with the same bodies. I can't seem to figure out how to get it to continue past the newline segments.
import re
config = '''
Instance: evpn-a
VLAN ID: 123, MAC address: 00:05:86:71:05:f0
Source: irb.0, Rank: 1, Status: Active
State: <Local-MAC-Only Local-Gateway Remote-Adv-Allowed>
IP address: 192.168.10.251
VLAN ID: 123, MAC address: 00:05:86:71:ab:f0
Source: 20.1.1.2, Rank: 1, Status: Active
State: <Remote-Gateway Local-Adv-Allowed Local-Adv-Done>
IP address: 192.168.10.252
L3 route: 192.168.10.252/32, L3 context: bridge-vrf (irb.0)
Instance: evpn-b
VLAN ID: 123, MAC address: 00:05:86:71:05:f0
Source: irb.0, Rank: 1, Status: Active
State: <Local-MAC-Only Local-Gateway Remote-Adv-Allowed>
IP address: 192.168.10.251
VLAN ID: 123, MAC address: 00:05:86:71:ab:f0
Source: 20.1.1.2, Rank: 1, Status: Active
State: <Remote-Gateway Local-Adv-Allowed Local-Adv-Done>
IP address: 192.168.10.252
L3 route: 192.168.10.252/32, L3 context: bridge-vrf (irb.0)
'''
evpn_obj_list = re.compile(r'Instance:\s+(\S+)(.*?)(?:\S+|\Z)',re.S|re.M).findall(config)
evpn = evpn_obj_list
print(evpn)
The result I get from the above is:
[('evpn-a', '\n\n'), ('evpn-b', '\n\n')]
You may use
rx = re.compile(r'^Instance:\s+(\S+)\s*(.*?)(?=\n\s*Instance:\s|\Z)', re.S|re.M)
evpn_obj_list = rx.findall(config)
See the regex demo.
Details
^ - start of a line
Instance: - a string
\s+ - 1+ whitespaces
(\S+) - Group 1: any one or more non-whitespace chars
\s* - 0+ whitespaces
(.*?) - Group 2: any 0 or more chars, as few as possible
(?=\n\s*Instance:\s|\Z) - a positive lookahead that requires a newline, 0+ whitespaces, Instance:, a whitespace OR the end of file immediately to the right of the current location.
See the Python demo yielding
[('evpn-a', 'VLAN ID: 123, MAC address: 00:05:86:71:05:f0\n Source: irb.0, Rank: 1, Status: Active\n State: <Local-MAC-Only Local-Gateway Remote-Adv-Allowed>\n IP address: 192.168.10.251\n\nVLAN ID: 123, MAC address: 00:05:86:71:ab:f0\n Source: 20.1.1.2, Rank: 1, Status: Active\n State: <Remote-Gateway Local-Adv-Allowed Local-Adv-Done>\n IP address: 192.168.10.252\n L3 route: 192.168.10.252/32, L3 context: bridge-vrf (irb.0)'), ('evpn-b', 'VLAN ID: 123, MAC address: 00:05:86:71:05:f0\n Source: irb.0, Rank: 1, Status: Active\n State: <Local-MAC-Only Local-Gateway Remote-Adv-Allowed>\n IP address: 192.168.10.251\n\nVLAN ID: 123, MAC address: 00:05:86:71:ab:f0\n Source: 20.1.1.2, Rank: 1, Status: Active\n State: <Remote-Gateway Local-Adv-Allowed Local-Adv-Done>\n IP address: 192.168.10.252\n L3 route: 192.168.10.252/32, L3 context: bridge-vrf (irb.0)\n')]

Get all host names associated with the IP

I want to retrieve all the hostnames associated with the IP.
I ran into an error while using requests module in python. And the data that the error contains I want that data.
First I got the IP of of youtube.com I wanted to get the webpage using ip address only so using ping I got the IP address of youtube.com
IP 172.217.163.78
Then I made the request
import requests
session_ = requests.Session()
res_ = session_.get('https://172.217.163.78')
ERROR
\Python3.7.2\lib\site-packages\requests\adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='172.217.163.78', port=443):
Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError("hostname '172.217.163.78'
doesn't match either of '*.google.com', '*.android.com',
'*.appengine.google.com', '*.cloud.google.com', '*.g.co', '*.gcp.gvt2.com', '*.ggpht.cn', '*.google-analytics.com',
'*.google.ca', '*.google.cl', '*.google.co.in',
'*.google.co.jp', '*.google.co.uk', '*.google.com.ar',
'*.google.com.au', '*.google.com.br', '*.google.com.co',
'*.google.com.mx', '*.google.com.tr', '*.google.com.vn',
'*.google.de', '*.google.es', '*.google.fr', '*.google.hu',
'*.google.it', '*.google.nl', '*.google.pl', '*.google.pt',
'*.googleadapis.com', '*.googleapis.cn',
'*.googlecommerce.com', '*.googlevideo.com', '*.gstatic.cn',
'*.gstatic.com', '*.gstaticcnapps.cn', '*.gvt1.com',
'*.gvt2.com', '*.metric.gstatic.com', '*.urchin.com',
'*.url.google.com', '*.youtube-nocookie.com',
'*.youtube.com', '*.youtubeeducation.com',
'*.youtubekids.com', '*.yt.be', '*.ytimg.com',
'android.clients.google.com', 'android.com',
'developer.android.google.cn',
'developers.android.google.cn', 'g.co', 'ggpht.cn', 'goo.gl',
'google-analytics.com', 'google.com', 'googlecommerce.com'
, 'source.android.google.cn', 'urchin.com', 'www.goo.gl',
'youtu.be', 'youtube.com', 'youtubeeducation.com',
'youtubekids.com', 'yt.be'")))
Is there a way to get all the above hostnames, and is there a way to solve this problem SSLError that i'm getting
Does this work for you?
import requests
session_ = requests.Session()
res_ = session_.get('https://172.217.163.78', verify=False)
print (res_.url)
#Output
# http://www.google.com
Have you concerned using socket instead of request?
import socket
from pprint import pprint
ip_address = socket.gethostbyname('www.abc.com')
pprint (socket.gethostbyaddr(ip_address))
sys.exit(0)
OUTPUT
('www.pitchsharktank.com',
['250.132.181.199.in-addr.arpa',
'www.disneycampusrep.com',
'www.disneycollateral.com',
'www.disneyinternsinfo.com',
'www.missiontimekeeper.com',
'www.watchdisneyjunior.go.com',
'www.disneycastingscout.com',
'www.disneyimaginations.com',
'www.disneyprogramsblog.com',
'www.disneyvacationclub.disney.go.com',
'www.watchdisneychannel.go.com',
'www.wdwcollegeprogramecard.com',
'www.wdwcollegeprogramecard2.com',
'www.disneyinternationalepresentation.com',
many many more here],
['199.181.132.250'])
UPDATE
I spent more than half the day looking into the hostname issue. I have found that this problem is complex, especially for IP addresses assigned to Google.
For example:
ping www.youtube.com
PING youtube-ui.l.google.com (64.233.185.93): 56 data bytes
64 bytes from 64.233.185.93: icmp_seq=0 ttl=41 time=19.820 ms
#############################################################
nslookup www.youtube.com
www.youtube.com canonical name = youtube-ui.l.google.com.
Name: youtube-ui.l.google.com
Address: 172.217.11.142
Name: youtube-ui.l.google.com
Address: 64.233.176.190
Name: youtube-ui.l.google.com
Address: 64.233.177.91
Name: youtube-ui.l.google.com
Address: 64.233.177.93
Name: youtube-ui.l.google.com
Address: 64.233.177.190
Name: youtube-ui.l.google.com
Address: 64.233.185.91
Name: youtube-ui.l.google.com
Address: 64.233.185.93
Name: youtube-ui.l.google.com
Address: 64.233.185.136
Name: youtube-ui.l.google.com
Address: 64.233.185.190
Name: youtube-ui.l.google.com
Address: 74.125.138.190
Name: youtube-ui.l.google.com
Address: 74.125.196.91
Name: youtube-ui.l.google.com
Address: 108.177.122.91
Name: youtube-ui.l.google.com
Address: 108.177.122.93
Name: youtube-ui.l.google.com
Address: 108.177.122.136
Name: youtube-ui.l.google.com
Address: 108.177.122.190
Name: youtube-ui.l.google.com
Address: 172.217.0.78
#############################################################
dig www.youtube.com
;; QUESTION SECTION:
;www.youtube.com. IN A
;; ANSWER SECTION:
www.youtube.com. 9446 IN CNAME youtube-ui.l.google.com.
youtube-ui.l.google.com. 132 IN A 64.233.185.190
youtube-ui.l.google.com. 132 IN A 74.125.138.136
youtube-ui.l.google.com. 132 IN A 74.125.138.190
youtube-ui.l.google.com. 132 IN A 74.125.196.91
youtube-ui.l.google.com. 132 IN A 74.125.196.93
youtube-ui.l.google.com. 132 IN A 172.217.0.78
youtube-ui.l.google.com. 132 IN A 172.217.0.142
youtube-ui.l.google.com. 132 IN A 172.217.2.46
youtube-ui.l.google.com. 132 IN A 172.217.4.14
youtube-ui.l.google.com. 132 IN A 172.217.164.78
youtube-ui.l.google.com. 132 IN A 173.194.219.136
youtube-ui.l.google.com. 132 IN A 173.194.219.190
youtube-ui.l.google.com. 132 IN A 64.233.177.91
youtube-ui.l.google.com. 132 IN A 64.233.177.93
youtube-ui.l.google.com. 132 IN A 64.233.177.136
youtube-ui.l.google.com. 132 IN A 64.233.177.190
The IP address that you provided in your original question doesn't appear in either the ping, nslookup or dig results.
In Apple Safari, Google Chrome and Mozilla Firefox the URL https://172.217.163.78 returns https://www.google.com.
The ShowIP extension in Mozilla Firefox shows that the IP address for https://www.youtube.com is 2607:f8b0:4002:c00::88, which is an IPv6 address.
I also found this:
FQDN: youtube.com
Domain Name: youtube.com
Name servers: ns1.google.com
ns2.google.com
ns3.google.com
ns4.google.com
IP numbers: 2404:6800:4003:805::200e
2404:6800:4004:801::200e
2404:6800:4006:809::200e
2607:f8b0:4004:802::200e
2607:f8b0:4005:807::200e
2607:f8b0:400a:804::200e
2800:3f0:4001:80a::200e
2a00:1450:4009:812::200e
2a00:1450:400b:c01::be
74.125.193.91
74.125.193.93
74.125.193.136
74.125.193.190
172.217.7.238
172.217.24.78
172.217.30.78
216.58.195.78
216.58.197.174
216.58.203.110
216.58.206.46
216.58.217.46
LOOKUP fully qualified domain names:
import socket
##############################################
# IP addresses linked to YouTube on 01-28-2019
##############################################
ip_addresses =['2404:6800:4003:805::200e',
'2404:6800:4004:801::200e',
'2404:6800:4006:809::200e',
'2607:f8b0:4004:802::200e',
'2607:f8b0:4005:807::200e',
'2607:f8b0:400a:804::200e',
'2800:3f0:4001:80a::200e',
'2a00:1450:4009:812::200e',
'2a00:1450:400b:c01::be',
'74.125.193.91',
'74.125.193.93',
'74.125.193.136',
'74.125.193.190',
'172.217.7.238',
'172.217.24.78',
'172.217.30.78',
'216.58.195.78',
'216.58.197.174',
'216.58.203.110',
'216.58.206.46',
'216.58.217.46']
for iP_address in ip_addresses:
fully_qualified_domain_name = socket.getfqdn(str(iP_address))
print (fully_qualified_domain_name)
# OUTPUT
sin10s06-in-x0e.1e100.net
nrt12s02-in-x0e.1e100.net
syd09s15-in-x0e.1e100.net
iad23s58-in-x0e.1e100.net
sfo07s16-in-x0e.1e100.net
sea15s08-in-x0e.1e100.net
2800:3f0:4001:80a::200e
lhr35s10-in-x0e.1e100.net
2a00:1450:400b:c01::be
ig-in-f91.1e100.net
ig-in-f93.1e100.net
ig-in-f136.1e100.net
ig-in-f190.1e100.net
iad23s58-in-f14.1e100.net
sin10s06-in-f14.1e100.net
gru06s34-in-f14.1e100.net
sfo07s16-in-f78.1e100.net
nrt12s02-in-f14.1e100.net
syd09s15-in-f14.1e100.net
lhr35s10-in-f14.1e100.net
sea15s08-in-f14.1e100.net
As you can see, not one of these FQDN equals youtube.com.
I also decided to lookup the IP addresses assigned to YouTube through ARIN. the code below loops through those addresses.
import socket
import ipaddress
from dns import reversename, resolver
# IPv4 addresses listed at whois.arin.net for YouTube
# 64.15.112.0/20 = number of hosts 4,096
# 104.237.160.0/19 = number of hosts 8,192
# 208.65.152.0/22 = number of hosts 1,024
# 208.117.224.0/19 = number of hosts 8,192
youtube_IPv4_addresses = ['64.15.112.0/20','104.237.160.0/19', '208.65.152.0/22', '208.117.224.0/19']
# IPv6 addresses listed at whois.arin.net for YouTube
# Start Range: 2620:11a:a000:0:0:0:0:0
# End Range: 2620:11a:a0ff:ffff:ffff:ffff:ffff:ffff
# No. of host: 309485009821345068724781056
youtube_IPv6_addresses = ['2620:11A:A000::/40']
#############################################
# This function is designed to query the IPv4
# address blocks assigned to YouTube for their
# corresponding PTR records, which are used
# for the Reverse DNS (Domain Name System)
#############################################
def get_ipv4_hostnames():
for network in youtube_IPv4_addresses:
ip_addresses = ipaddress.IPv4Network(network)
for ip_address in ip_addresses:
try:
rev_name = reversename.from_address(str(ip_address))
reversed_dns = str(resolver.query(rev_name,"PTR")[0])
print (reversed_dns)
except Exception as error:
print ('The following error occurred: \n {}'.format(error))
#############################################
# WARNING WARNING WARNING WARNING WARNING
#############################################
# There are 309485009821345068724781056
# possible hosts within the IPv6 address
# range assigned to YouTube at ARIN
#############################################
# WARNING WARNING WARNING WARNING WARNING
#############################################
#############################################
def get_ipv6_hostnames():
for network in youtube_IPv6_addresses:
ip_addresses = ipaddress.IPv6Network(network)
for ip_address in ip_addresses:
try:
fully_qualified_domain_name = socket.getfqdn(str(ip_address))
if fully_qualified_domain_name != str(ip_address):
print (fully_qualified_domain_name)
except Exception as error:
print('The following error occurred: \n {}'.format(error))

Resources