How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Steve Your Own Question
Steve
Steve, Consultant
Category: Programming
Satisfied Customers: 289
Experience:  Steve is a consultant in the areas of computer software and programming, information management and networking.
47680681
Type Your Programming Question Here...
Steve is online now
A new question is answered every 9 seconds

Need a Programmer to provide details about exactly what

Customer Question

Need a Programmer to provide details about exactly what this file does, I found it in the sbin directory under the name "route" in my home computer; Route H__PAGEZEROÿ__TEXT@@__text__TEXTº`,ºÄ__stubs__TEXT3n3Ä__stub_helper__TEXTå4rå4Ä__cstring__TEXT7T7__unwind_info__TEXTT?†T?(__DATA@ @__nl_symbol_ptr__DATA@@=__got__DATA@ @?__la_symbol_ptr__DATA0@Ë[email protected]__data__DATA B` B__bss__DATAÄG(__common__DATA®J‰H__LINKEDIT`0P∞""Ä0PP`pPpT ÿTD[» PBYÄ /usr/lib/dyldpËy/1R±6‡+ãßÕ$ (Ä8Ω/usr/lib/libSystem.B.dylib addblackholechangecloningdeletedstexpireflushgatewaygenmaskgethosthopcountifaceinterfaceifaifpinetinet6isolinkllinfolocklockrestmaskmonitormtunetnetmasknostaticosiprefixlenproto1proto2recvpiperejectrttrttvarsasendpipessthreshstaticx25xnsxresolveifscopebad keyword: %susage: route [-dnqtv] command [[modifiers] args] nqdtv/dev/nullsocketmust be root to alter routing tableroute-sysctl-estimatemalloc failedroute-sysctl-getwrite to routing socketgot only %d for rlen %-20.20s default%u.%u.%u.%uinvalid(%d) %x%u%u.%u%u.%u.%uaf %d:bad interface nameinvalid mask: %s%s %s %s: gateway %s (%s): %s getifaddrsinternal error%s: %s bad address: %sprefixlen not supported in this af %s: bad value actual retrieval of interface table got message of size %d on %suwriting to routing socket: %sread from routing socketRTM_ADD: Add RouteRTM_DELETE: Delete RouteRTM_CHANGE: Change Metrics or flagsRTM_GET: Report MetricsRTM_LOSING: Kernel Suspects PartitioningRTM_REDIRECT: Told to use different routeRTM_MISS: Lookup failed on this addressRTM_LOCK: fix specified metricsRTM_OLDADD: caused by SIOCADDRTRTM_OLDDEL: caused by SIOCDELRTRTM_RESOLVE: Route created by cloningRTM_NEWADDR: address being added to ifaceRTM_DELADDR: address being removed from ifaceRTM_IFINFO: iface status changeRTM_NEWMADDR: new multicast group membership on ifaceRTM_DELMADDR: multicast group membership removed from ifacerouting message version %d not understood %s: len %d, if# %d, flags:metric %d, flags:pid: %ld, seq %d, errno %d, ifscope %d, ifref, flags: route to: %s routing message version %d not understoodmessage length mismatch, in packet %d, returned %dmessage indicates error %ddestination: %s mask: %s gateway: %s interface: %.*s flags: %s recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire%8u%c %8d%c sockaddrs: locks: inits: sockaddrs: %s%s: link %s; %s: inet %s; 064128not in tableentry in userouting table overflowdoneExamining routing table from sysctl00—Xa ºHH3HTG,! ¿£„„Î"ù#%€(G)*≈*+\+!ú4¶4∞4∫4ƒ4Œ4ÿ4‚4Ï4ˆ45 555(525<5F5P5Z5d5n5x5Ç5å5ñ5†5™5¥5æ5»5“5‹5Ê55˙5666"6,[email protected]^6h6r6|6Ü6ê6ö6§6Æ6∏6¬6Ã6÷6‡6Í6Ù677777$7(7/757 =7 E7 I7N7 pksentrttvarrttssthreshsendpiperecvpipeexpirehopcountmtuUPGATEWAYHOSTREJECTDYNAMICMODIFIEDDONEDELCLONE CLONING XRESOLVE LLINFOSTATIC BLACKHOLEb016PROTO2PROTO1PRCLONINGWASCLONEDPROTO3b024PINNEDLOCALBROADCASTMULTICASTIFSCOPECONDEMNEDIFREFPROXYROUTERUPBROADCASTDEBUGLOOPBACKPTPb6RUNNINGNOARP PPROMISC ALLMULTI OACTIVESIMPLEX LINK0LINK1LINK2MULTICASTDSTGATEWAYNETMASKGENMASKIFPIFAAUTHORBRD"0`=AÄ-p(`@___stack_chk_guardQrê@___stderrpê@___stdoutpê@_optindê@dyld_stub_binderÄ–ˇˇˇˇˇˇˇˇêr0@___bzeroêr8@___errorêr@@___memcpy_chkêrH@___memmove_chkêrP@___snprintf_chkêrX@___stack_chk_failêr`@___strlcpy_chkêrh@_atoiêrp@_bcopyêrx@_ctimeêrÄ@_errêrà@_errxêrê@_exitêrò@_fflushêr†@_fprintfêr®@_freeaddrinfoêr∞@_freeifaddrsêr∏@_fwriteêr¿@_gai_strerrorêr»@_getaddrinfoêr–@_geteuidêrÿ@_gethostbyaddrêr‡@_gethostbynameêrË@_gethostnameêr@_getifaddrsêr¯@_getnameinfoêrÄ@_getnetbyaddrêrà@_getnetbynameêrê@_getoptêrò@_getpidêr†@_if_nametoindexêr®@_indexêr∞@_inet_addrêr∏@_inet_lnaofêr¿@_inet_networkêr»@_inet_ntoaêr–@_link_addrêrÿ@_link_ntoaêr‡@_mallocêrË@_memcpyêr@_memsetêr¯@_openêrÄ@_printfêrà@_putcêrê@_putcharêrò@_putsêr†@_readêr®@_setuidêr∞@_shutdownêr∏@_socketêr¿@_strchrêr»@_strcmpêr–@_strerrorêrÿ@_strlenêr‡@_strncpyêrË@_strtoulêr@_sysctlêr¯@_timeêrÄ@_warnêrà@_warnxêrê@_writeê__mh_execute_headerº @AB__mh_execute_header___bzero___error___memcpy_chk___memmove_chk___snprintf_chk___stack_chk_fail___stack_chk_guard___stderrp___stdoutp___strlcpy_chk_atoi_bcopy_ctime_err_errx_exit_fflush_fprintf_freeaddrinfo_freeifaddrs_fwrite_gai_strerror_getaddrinfo_geteuid_gethostbyaddr_gethostbyname_gethostname_getifaddrs_getnameinfo_getnetbyaddr_getnetbyname_getopt_getpid_if_nametoindex_index_inet_addr_inet_lnaof_inet_network_inet_ntoa_link_addr_link_ntoa_malloc_memcpy_memset_open_optind_printf_putc_putchar_puts_read_setuid_shutdown_socket_strchr_strcmp_strerror_strlen_strncpy_strtoul_sysctl_time_warn_warnx_writedyld_stub_binderradr://5614542˙fi¿M$D˙fi‡h0]‡com.apple.rout Note- these files were installed at the same time in that same directory... I have the text from these unix files as well if you'd like to see them. "Mount smbfs" "mpioutil" "Route" "Ping" "Ping6" "Ifconfig" "Rtsol" Note

Submitted: 1 year ago.
Category: Programming
Expert:  Steve replied 1 year ago.

Hi there, my name is Steve.

There are very few commands built in to Linux. Most of the commands that you type are actually programs that are installed on your machine. When you type the command, Linux runs the program with the same name.

The route file is the executable for the route command. it enables you to set up static routes if you need to, which you probably don't. If you just type route and press Enter, you should see a listing that says something like Kernel IP routing table and shows a Destination, Gateway, Genmask, Flags, Metric,Ref, Use and Iface.

The other files you've listed are the same thing. For example, ping is a command that sends a signal to another device and waits for the signal to come back. it's a way to test if another computer is online or a device is active. You can ping in Windows as well.

ifconfig displays the details of your network configuration. you might have to run it as sudo ifconfig to see any output.

So these files are all normal files you should have as part of your Linux installation.

If I've answered your question, can you please accept the answer and rate me accordingly? I don't get paid anything for helping you unless you accept the answer and rate me at least 3 stars. If I haven't answered your question, please chat me back and I'll get you the information you need. Thanks and have a great day!

Customer: replied 1 year ago.
I understand this. It's the changes to my network interface and routing table that I would like your input on.
Expert:  Steve replied 1 year ago.

OK, what would you like to know?

Customer: replied 1 year ago.
What does this route say?
Customer: replied 1 year ago.
My home network has been monitored by a someone who does have permission to do so
Expert:  Steve replied 1 year ago.

The route just shows the IP address for the local network and the port that's being used.

Type sudo route and you should see output from the command.

Expert:  Steve replied 1 year ago.

If you tell me what it says or if you can do a screen print and post it here, I can tell you if anything looks unusual.

Customer: replied 1 year ago.
You'll have to give me a bit, I'll be in front of my computer in 15 minutes... You don't see an attempt to reroute my routing table or change my network interface here?
Customer: replied 1 year ago.
Or access to the camera through iface?
Expert:  Steve replied 1 year ago.

I would have to see the output to be able to tell you that. What I can tell you is it's a requirement that you have the files you listed in the directory you listed.

When you get back to your computer, type:

sudo route

and type:

sudo ifconfig

and post it here and I can tell you if it looks OK or not.

Expert:  Steve replied 1 year ago.

No, iface won't give you access to a camera. It's to set up either a wired (Ethernet) connection or a Wi-Fi connection for the computer.

Expert:  Steve replied 1 year ago.

Do you have a router/gateway that you use to connect to the Internet? For example, do you have a router connected to a cable modem or DSL modem?

Expert:  Steve replied 1 year ago.

I'll wait for you to chat me back after you get to your computer.

Customer: replied 1 year ago.
I have a Time Warner home router with a number of devices connected to it.
Expert:  Steve replied 1 year ago.

OK, I'll wait for you to post the output and tell you if anything looks unusual. But if someone were going to do something to your network to monitor it, it's more likely they would have to change settings in your Time Warner router than on your computer, since the router is the gateway to the Internet.

Customer: replied 1 year ago.
sudo route
Password:
usage: route [-dnqtv] command [[modifiers] args]
name-iMac:~ name$ sudo ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:25:00:a0:e7:6a
nd6 options=1<PERFORMNUD>
media: autoselect
status: inactive
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 00:24:36:b6:c1:f2
nd6 options=1<PERFORMNUD>
media: autoselect (<unknown type>)
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:25:00:ff:fe:a0:e7:6a
nd6 options=1<PERFORMNUD>
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304
ether 02:24:36:b6:c1:f2
media: autoselect
status: inactive
Customer: replied 1 year ago.
Sorry, I'm not taking this computer online right now so I have to copy files to another computer before I post them
Customer: replied 1 year ago.
PS- I'm not paranoid, I know for certain that my network has been compromised. I know I need to take Ito a forensic specialist but can't right now, I just want to know what I'm looking at.
Expert:  Steve replied 1 year ago.

The computer is not connected to a network, right?

Customer: replied 1 year ago.
No, not the computer where these files are located
Customer: replied 1 year ago.
But I did I install little snitch a week ago and a number of attempts are made to connect to the Internet even when wifi and Bluetooth are off.
Expert:  Steve replied 1 year ago.

That helps. I didn't realize this was a Mac, so this is BSD and not Linux.

The output shows that you have the following interfaces on the computer:

lo0 - loopback 127.0.0.1

gif0 - Generic tunnel for IPV4 to IPV6

stf0 - IPV6 tunnel interface

en0 - Ethernet 0

en1 - Ethernet 1

fw0 - Firewire

p2p0 - Local link interface (probably AirDrop)

Customer: replied 1 year ago.
I found this plist file under "captive network settings" in a recent sysdiagnose-#<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CurrentSet</key>
<string>/Sets/D5C4A574-A0C2-4092-ABBA-3DE22BD46B36</string>
<key>Model</key>
<string>iMac9,1</string>
<key>NetworkServices</key>
<dict>
<key>1E206F60-B856-48E3-8A85-F411D1419D8C</key>
<dict>
<key>AppleTalk</key>
<dict/>
<key>DNS</key>
<dict/>
<key>IPv4</key>
<dict>
<key>ConfigMethod</key>
<string>DHCP</string>
</dict>
<key>IPv6</key>
<dict>
<key>ConfigMethod</key>
<string>Automatic</string>
</dict>
<key>Interface</key>
<dict>
<key>DeviceName</key>
<string>en1</string>
<key>Hardware</key>
<string>AirPort</string>
<key>Type</key>
<string>Ethernet</string>
<key>UserDefinedName</key>
<string>Wi-Fi</string>
</dict>
<key>Proxies</key>
<dict>
<key>ExceptionsList</key>
<array>
<string>*.local</string>
<string>169.254/16</string>
</array>
<key>FTPPassive</key>
<integer>1</integer>
</dict>
<key>SMB</key>
<dict/>
<key>UserDefinedName</key>
<string>AirPort</string>
</dict>
<key>2EE887D1-C23B-4FE0-BBAB-FAC7FC9B5C2D</key>
<dict>
<key>AppleTalk</key>
<dict/>
<key>DNS</key>
<dict/>
<key>IPv4</key>
<dict>
<key>ConfigMethod</key>
<string>DHCP</string>
</dict>
<key>IPv6</key>
<dict>
<key>ConfigMethod</key>
<string>Automatic</string>
</dict>
<key>Interface</key>
<dict>
<key>DeviceName</key>
<string>en0</string>
<key>Hardware</key>
<string>Ethernet</string>
<key>Type</key>
<string>Ethernet</string>
<key>UserDefinedName</key>
<string>Ethernet</string>
</dict>
<key>Proxies</key>
<dict>
<key>ExceptionsList</key>
<array>
<string>*.local</string>
<string>169.254/16</string>
</array>
<key>FTPPassive</key>
<integer>1</integer>
</dict>
<key>SMB</key>
<dict/>
<key>UserDefinedName</key>
<string>Ethernet</string>
</dict>
<key>3B32B942-9910-45F6-86BF-AA69C5A28324</key>
<dict>
<key>DNS</key>
<dict/>
<key>IPv4</key>
<dict>
<key>ConfigMethod</key>
<string>PPP</string>
</dict>
<key>IPv6</key>
<dict>
<key>ConfigMethod</key>
<string>Automatic</string>
</dict>
<key>Interface</key>
<dict>
<key>DeviceName</key>
<string>Bluetooth-Modem</string>
<key>Hardware</key>
<string>Modem</string>
<key>SubType</key>
<string>PPPSerial</string>
<key>Type</key>
<string>PPP</string>
<key>UserDefinedName</key>
<string>Bluetooth DUN</string>
</dict>
<key>Modem</key>
<dict>
<key>ConnectionPersonality</key>
<string>Default Personality</string>
<key>ConnectionScript</key>
<string>/Library/Modem Scripts/Generic Dialup.ccl</string>
<key>DataCompression</key>
<integer>1</integer>
<key>DeviceModel</key>
<string>Dialup Device</string>
<key>DeviceVendor</key>
<string>Generic</string>
<key>DialMode</key>
<string>WaitForDialTone</string>
<key>ErrorCorrection</key>
<integer>1</integer>
<key>PulseDial</key>
<integer>0</integer>
<key>Speaker</key>
<integer>1</integer>
</dict>
<key>PPP</key>
<dict>
<key>ACSPEnabled</key>
<integer>0</integer>
<key>CommDisplayTerminalWindow</key>
<integer>0</integer>
<key>CommRedialCount</key>
<integer>1</integer>
<key>CommRedialEnabled</key>
<integer>1</integer>
<key>CommRedialInterval</key>
<integer>5</integer>
<key>CommUseTerminalScript</key>
<integer>0</integer>
<key>DialOnDemand</key>
<integer>0</integer>
<key>DisconnectOnFastUserSwitch</key>
<integer>1</integer>
<key>DisconnectOnIdle</key>
<integer>1</integer>
<key>DisconnectOnIdleTimer</key>
<integer>600</integer>
<key>DisconnectOnLogout</key>
<integer>1</integer>
<key>DisconnectOnSleep</key>
<integer>1</integer>
<key>IPCPCompressionVJ</key>
<integer>1</integer>
<key>IdleReminder</key>
<integer>0</integer>
<key>IdleReminderTimer</key>
<integer>1800</integer>
<key>LCPEchoEnabled</key>
<integer>0</integer>
<key>LCPEchoFailure</key>
<integer>4</integer>
<key>LCPEchoInterval</key>
<integer>10</integer>
<key>Logfile</key>
<string>/var/log/ppp.log</string>
<key>VerboseLogging</key>
<integer>0</integer>
</dict>
<key>Proxies</key>
<dict>
<key>FTPPassive</key>
<integer>1</integer>
</dict>
<key>SMB</key>
<dict/>
<key>UserDefinedName</key>
<string>Bluetooth DUN</string>
</dict>
<key>43B2B53D-9D0D-4560-914D-C88D5C579FF5</key>
<dict>
<key>DNS</key>
<dict/>
<key>IPv4</key>
<dict>
<key>ConfigMethod</key>
<string>DHCP</string>
</dict>
<key>IPv6</key>
Customer: replied 1 year ago.
Sorry, I'm not sure what that means exactly
Customer: replied 1 year ago.
Do any of those look like something I normally wouldn't have?
Expert:  Steve replied 1 year ago.

It all looks normal to me.

Expert:  Steve replied 1 year ago.

What exactly do you think this person has done? What do you mean when you say your network was compromised?

Customer: replied 1 year ago.
You don't see the attempt to change my network interface or alter the routing tables in the "black hole" log?
Customer: replied 1 year ago.
You're the first person that's said that looks "normal", just curious, could you please elaborate about Apples use of black holes?
Expert:  Steve replied 1 year ago.

Alter them to where? All traffic coming in and out has to go through your Time Warner gateway.

Expert:  Steve replied 1 year ago.

What did the other people say was unusual about the configuration? If you're comparing it to Windows or even to Linux, it would appear that there are a lot of extra network connections that are present that might be unidentified. But this is BSD, and these are all normal network connections that you should have. Most of the extra connections are to facilitate IPV4 to IPV6 and back.

Expert:  Steve replied 1 year ago.

Are you talking about Apple's concept device, the "holographic phone for 2020," aka the Apple Black Hole?

Customer: replied 1 year ago.
No, I'm talking about this attempt to rewrite the route table.....which allows computers to talk to each other across different networks
Customer: replied 1 year ago.
Are you saying that is the "black hole" this log is referring to?
Expert:  Steve replied 1 year ago.

Your computer is connected to your local area network. On the local area network, traffic only flows between devices on the LAN. There is a private set of IP addresses that are used on the LAN that are meaningless and unidentifiable outside the LAN. Your Time Warner gateway holds your public IP address that's accessible by anyone on the Internet. That's why it has a firewall. All traffic in and out of your LAN passes through the gateway. The gateway removes the local IP address, puts the public IP address on and assigns a port. When data comes back, it takes the public IP address off, looks at the port so it knows where to send it back to, and puts a local address back on.

Expert:  Steve replied 1 year ago.

It's conceivable that someone could create a tunnel from that computer to another server and to route traffic through that tunnel. But the configuration doesn't show that.

Expert:  Steve replied 1 year ago.

But all you have to do when you connect the computer to the network is do a traceroute and you can see the route your traffic is traveling on.

Customer: replied 1 year ago.
Are you saying that the "black hole0 fond in my sbin folder is referring to a 2020 concept phone?
Expert:  Steve replied 1 year ago.

No.

Expert:  Steve replied 1 year ago.

Black Hole was a term that was inside the route executable file when you typed out the contents. It's not relevant.

Expert:  Steve replied 1 year ago.

If you think the traffic is being rerouted, do a traceroute on it and you will know for sure. You can see if a tunnel or proxy server is somehow in place.

Expert:  Steve replied 1 year ago.

You can also configure IPtables to block all traffic and then look at the logs to see what's trying to get out.

Customer: replied 1 year ago.
the reference to a "black hole" is an irrelevant executable that is standard from Time Warner?
Customer: replied 1 year ago.
I understand the file is normal, it's the "changes" to my otherwise normal routing table and interface that raises questions
Customer: replied 1 year ago.
The date this file was created just happens to correspond with the exact day that I became a legal threat to someone
Customer: replied 1 year ago.
Route files are executed by overriding default system settings correct?
Customer: replied 1 year ago.
Steve, did you give up on me? Are you sticking with the "irrelevant" meaning of the black hole? It's ok, I just want to confirm that you think the black hole is either a standard from Apple or Time Warner...
Expert:  Steve replied 1 year ago.

Hey there, sorry, yes I'm sticking with the "irrelevant" theory of the black hole...

Customer: replied 1 year ago.
Steve, I want to close this as much as you do but "irrelevant" doesn't quite cut it. The route executable is used to MANYALLY manipulate the routing table, can you at least agree that the addition of this black hole was done AFTER I bought this computer from Best Buy?

Related Programming Questions