Macbook: MyTraceRoute an alternative ICMP route tracing which works with Zscaler / Zero Trust architecture

If your on a zero trust network adapter like zscaler or netskope, you will see that traceroute doesn’t work as expected. The article below shows how to install mtr (my trace route) using brew:

## Install xcode
xcode-select --install
## Install mtr
brew install mtr


Next we need to change the owner of the MTR package and it’s permissions (otherwise you will need to run it as root every time):

sudo chown root /opt/homebrew/Cellar/mtr/0.95/sbin/mtr-packet
sudo chmod 4755 /opt/homebrew/Cellar/mtr/0.95/sbin/mtr-packet
## Symlink to the new mtr package instead of the default MAC version
ln -s /opt/homebrew/Cellar/mtr/0.95/sbin/mtr /opt/homebrew/bin/
ln -s /opt/homebrew/Cellar/mtr/0.95/sbin/mtr-packet /opt/homebrew/bin/


To run a rolling traceroute with ICMP echo’s use the following:

mtr andrewbaker.ninja
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev

The issue is that Zscaler will attempt to tunnel this traffic. This can be observed by viewing your current routes:

netstat -rn
Internet:
Destination        Gateway            Flags           Netif Expire
default            192.168.0.1        UGScg             en0
1                  100.64.0.1         UGSc            utun6
2/7                100.64.0.1         UGSc            utun6
4/6                100.64.0.1         UGSc            utun6
8/5                100.64.0.1         UGSc            utun6
10/12              100.64.0.1         UGSc            utun6
10.1.30.3          100.64.0.1         UGHS            utun6
10.1.30.15         100.64.0.1         UGHS            utun6
10.1.31/24         100.64.0.1         UGSc            utun6
10.1.31.3          100.64.0.1         UGHS            utun6
10.1.31.41         100.64.0.1         UGHS            utun6
10.1.31.101        100.64.0.1         UGHS            utun6
10.1.31.103        100.64.0.1         UGHS            utun6
10.10.0.11         100.64.0.1         UGHS            utun6
10.10.0.12         100.64.0.1         UGHS            utun6
10.10.160.86       100.64.0.1         UGHS            utun6

As you can see from the above, it lists the routes that are being sent to the Zscaler tunnel interface “utun6” (this is unique to your machine but will look similar). To get around this you can specify the source interface the MTR should run from with the “-I” flag. Below we instruct mtr to use en0 (the lan cable):

mtr andrewbaker.ninja -I en0
                                                                                                                                                                                                            Packets               Pings
 Host                                                                                                                                                                                                     Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. unfisecuregateway                                                                                                                                                                                      1.8%    56    2.0   2.2   1.5   4.5   0.6
 2. 41.71.48.65                                                                                                                                                                                            0.0%    56    4.2   8.1   3.1  28.3   6.0
 3. 41.74.176.249                                                                                                                                                                                          0.0%    56    4.2   4.5   3.4   8.2   0.9
 4. 196.10.140.105                                                                                                                                                                                         0.0%    55    3.0   4.0   2.6  18.8   2.4
 5. 52.93.57.88                                                                                                                                                                                            0.0%    55    5.1   6.3   3.7  12.4   2.0
 6. 52.93.57.103                                                                                                                                                                                           0.0%    55    4.9   4.1   2.6  12.5   1.5
 7. (waiting for reply)
 8. 150.222.94.230                                                                                                                                                                                         0.0%    55    4.0   4.8   3.1  13.8   1.8
 9. 150.222.94.243                                                                                                                                                                                         0.0%    55    4.3   5.3   2.9  37.6   5.2
10. 150.222.94.242                                                                                                                                                                                         0.0%    55   15.2   4.9   2.9  15.2   2.2
11. 150.222.94.237                                                                                                                                                                                         0.0%    55    3.4   5.7   3.1  18.9   2.9
12. 150.222.93.218                                                                                                                                                                                         0.0%    55    4.6   5.5   3.8  11.4   1.3
13. (waiting for reply)

MTR supports TCP, UDP and SCTP based traceroutes. This is useful when testing path latency and packet loss in external or internal networks where QoS is applied to different protocols and ports. Multiple flags are available (man mtr), but for a TCP based MTR use  -T (indicates TCP should be used) and -P (port to trace to):

mtr andrewbaker.ninja -T -P 443 -I en0

Ping specifying source interface

Ping supports specifying the source interface you would like to initiate the ping from. The “-S” flag indicates that the following IP is the source IP address the ping should be done from. This is useful if you want to ping using an internal resource bypassing a route manipulator tool such as Zscaler.

ping outlook.office.com -S 10.220.64.37

Macbook/Linux: Secure Copy from your local machine to an EC2 instance

I always forget the syntax of SCP and so this is a short article with a simple example of how to SCP a file from your laptop to your EC2 instance and how to copy it back from EC2 to your laptop:

Copying from Laptop to EC2

scp -i "mylocalpemfile.pem" mylocalfile.zip ec2-user@myEc2DnsOrIpAdress:/home/mydestinationfolder

scp -i identity_file.pem source_file.extention username@public_ipv4_dns:/remote_path

scp: Secure copy protocol
-i: Identity file
source_file.extension: The file that you want to copy
username: Username of the remote system (ubuntu for Ubuntu, ec2-user for Linux AMI or bitnami for wordpress)
public_ipv4_dns: DNS/IPv4 address of an instance
remote_path: Destination path

Copying from EC2 to your Laptop

scp -i "mylocalpemfile.pem" ec2-user@myEc2DnsOrIpAdress:/home/myEc2Folder/myfile.zip /Users/accountNmae/Dow
nloads
  • scp -i identity_file.pem username@public_ipv4_dns:/remote_path/source_file.extension ~/destination_local_path
Ex: scp -i access.pem bitnami@0.0.0.0:/home/bitnami/temp.txt ~/Documents/destination_dir

Macbook: Alternative to Ping (using TCP rather than ICMP)

A lot of companies are moving to ZTNA (Zero Trust Network Architecture). This is generally a good thing, it helps cyber posture and it and makes life a lot easier as you no longer need to login to VPN tunnels to manage your cloud environment/s.

But one of the few downsides of ZTNA is that (by definition) it cannot support ICMP packets. So how do things like Ping and Trace Route work? Well in general they don’t. If you’re on windows you can use a great SysInternals tool call PsPing, but for Mac you will need TCP ping. Below are the installation details for TCP Ping:

brew install wget
wget https://github.com/paradiseduo/tcping/releases/download/3.5/tcping.zip
unzip tcping.zip
chmod +x tcping
sudo mv tcping /usr/local/bin/
sudo xattr -rd com.apple.quarantine /usr/local/bin/tcping

Examples using TcpPing:

## Domain Ping
tcping -c 5 andrewbaker.ninja 443
## IPV4 Ping
tcping -c 5 13.244.140.33: 443
## IPV6 Ping
tcping -c 3 ::1 8080

Key Parameters

You can go directly to https://github.com/paradiseduo/tcping or if your lazy just use the below.

➜ tcping --help

      dP                     oo
      88
    d8888P .d8888b. 88d888b. dP 88d888b. .d8888b.    {Version: 3.5}
      88   88       88    88 88 88    88 88    88
      88   88.      88.  .88 88 88    88 88.  .88
      dP   `88888P  88Y888P  dP dP    dP `8888P88
                    88                        .88
                    dP                    d8888P

tcping is a ping over tcp connection.

Examples:
    1. ping over tcp with custom port 10 times
        > tcping www.baidu.com 80
    2. ping over tcp with custom port 5 times
        > tcping -c 5 www.baidu.com 443

USAGE: tcping [--count <count>] [--interval <interval>] <ip> <port>

ARGUMENTS:
    <ip>                        The IP or Domain to tcping.
    <port>                      The port to tcping.

OPTIONS:
    -c, --count <count>         The number of times to repeat 'tcping'. Default value is 10, Max value is 65535
    -i, --interval <interval>   The request interval(second). Default value is 1 second
    -h, --help                  Show help information.

How Does TCPing works

TCPing measures RTT using the SYN handshake that occurs when a TCP connection is opened. It does this by opening a TCP connection to the destination port with a SYN, and then waits for the SYN ACK back from the destination to determine if the service is up, and to measure RTT. After it receives a SYN ACK, it will then send a RST ACK. This RST (reset) will forcibly close the half-opened TCP connection (preventing you from inadvertently exhausting the server of resources – aka SYN Flood attack).

Bonus: Install Tcp Route Trace

Am too lazy to write another article, so use the below for TCP route trace:

brew install tcptraceroute

Examples using Tcp Traceroute:

sudo tcptraceroute andrewbaker.ninja 443

Macbook: Change the default Mail Client using Terminal/CLI (Command Line Interface)

22

If you want to change the default mail client on your Mac then you can use a quick Python script to quickly change the default mail app. Copy/paste the following command into Terminal. Below I am setting Outlook to be the default mail client, but you can replace com.microsoft.Outlook with whatever application bundle identifier you use.

/usr/bin/python2.7 <<EOF
import LaunchServices;
result = LaunchServices.LSSetDefaultHandlerForURLScheme(
    "mailto",
    "com.microsoft.Outlook")
print("Result: %d (%s)" % (
    result,
    "Success" if result == 0 else "Error"))
EOF

Note: If you’re not sure what the bundle identifier is for your mail app is then simply run:

## Get the identifier for Apple Mail App
osascript -e 'id of app "Mail"'
com.apple.mail
## Get the identifier for Outlook App
/usr % osascript -e 'id of app "Outlook"'
com.microsoft.Outlook

Macbook: View the list of DNS nameservers used for resolution

To view the list of nameservers your mac is using, simply open Terminal and paste the following:

myMac ~ % scutil --dns | grep 'nameserver*'
  nameserver[0] : 100.64.0.1
  nameserver[0] : 9.9.9.9
  nameserver[1] : 1.1.1.1
  nameserver[2] : 8.8.8.8
  nameserver[0] : 9.9.9.9
  nameserver[1] : 1.1.1.1
  nameserver[2] : 8.8.8.8

Alternatively, you can copy the DNS servers to clipboard directly from the command line (using pbcopy):

networksetup -getdnsservers Wi-Fi | pbcopy

Macbook: How to get your Mac to behave like MS Windows to restore minimised windows when using Command + Tab (Alt + Tab)

For those who like to maximise or minimise their windows on a Mac, you will likely be frustrated by the default behaviour of your Macbook (in that it doesn’t restore/focus minimised or maximised screens). Below are a few steps to make your mac screen restores behave like Microsoft Windows:

Install Homebrew (if you dont have):

## Install homebrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
## IMPORTANT: Once the install finishes run the two commands displayed in the terminal window
echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> $HOME/.zprofile
eval "$(/opt/homebrew/bin/brew shellenv)"

Install AltTab:

brew install --cask alt-tab

Next run the AltTab application (click the magnify glass/search glass in the top right of your macbook (near the clock) and then type “AltTab”). When it starts up it will ask you to permission it to access the various system accessibility functions (ie window preview). If you don’t adjust the settings you will need to switch from using “Command + Tab” to using “Option + Tab”, or read the note below to adjust the settings…

Note: I recommend the following tweaks…

If you want to use the default windows style for tab keystrokes, you will need to change the “Controls” tab setting called “Hold” from “Option” to “Command” as per below:

Next, go to Appearance tab and change the Theme to “Windows 10” (as its hard to see the focus window on Mac style):

Note: detailed documents on AltTab can be found here: https://alt-tab-macos.netlify.app/

How to Automatically Turn your bluetooth off and on when you open and close your MacBook

If you’re like me, little things bother you. When I turn on my bluetooth headset and it connects to my Macbook when its closed/sleeping, I get very frustrated. So I wrote a simple script to fix this behaviour. After running the script below, when you close the lid on your Macbook it will automatically turn bluetooth off. When you open you Macbook it will automatically re-enable bluetooth. Simple 🤓

If you need to install brew/homebrew on your mac then run this:

## Install homebrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
## IMPORTANT: Once the install finishes run the two commands displayed in the terminal window
echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> $HOME/.zprofile
eval "$(/opt/homebrew/bin/brew shellenv)"

Script to automatically enable/disable bluetooth:

## Install the bluetooth util and sleepwatcher
brew install sleepwatcher blueutil
## This creates a file which switches bluetooth off when the macbook lid is closed
echo "$(which blueutil) -p 0" > ~/.sleep
## This creates a file which switches on bluetooth when the lid is open
echo "$(which blueutil) -p 1" > ~/.wakeup
## This makes both the files runable
chmod 755 ~/.sleep ~/.wakeup
## Finally restart the sleepwatcher service (to pickup the new files)
brew services restart sleepwatcher

Tip: Using the Watch command to poll a URL

If you want to quickly test a URL for changes, then the linux Watch command couple with Curl is a really simple way to hit a URL every n seconds (I use this for blue/green deployment testing to make sure there is no downtime when cutting over):

# Install watch command using homebrew
brew install watch
# Poll andrewbaker.ninja every 1 seconds
watch -n 1 curl andrewbaker.ninja