I noticed that, at some point, I started seeing weird packets being multicasted from my VM. Upon closer inspection, I discovered that those are directed towards 224.1.1.1:10565 and contains the script from Romer & Juliet.
Is there any way to know which program is doing this? It's a nice Easter egg, but it spams the Wireshark logs...
EDIT: I found in the Moodle archives an old TP 3 in which this exact behavior is described... Did I just spoil TP 3? :(
Hi,
Well done, nice observation. Indeed, we installed this in the VM for lab3. You can use display filters in Wireshark to display only what you are interested in.
Best,
Marguerite
Yesterday after some digging I indeed found that there are two python bytecode files in `/usr/share/multicast-scripts/`, along with a full script of R&J and an entire file of bad puns. Unfortunately I could not find the python source, if there is any.
I could find the process using the source port of the mysterious packets with: `sudo lsof -n -i :[your multicast source port]`
Then ask for the current working directory of that process (assuming it didn't cd itself, which is reasonable) with `pwdx [the pid you found]`
Nice easter egg! Took me a couple minutes to understand what was happening .
Also, to disable it completely: it's started by rc.local. So edit (with root permissions) /etc/rc.local, and comment out (#) the two last lines. Then reboot (or kill the two processes already started)
Note to creators: be careful, rc.local is becoming quite deprecated (already is in Debian 10). Prefer using a service file with systemd on systemd-compatible systems. And the rc.local file should always end with "exit 0"; while not mandatory, it's best practice :)
Cheers
Follow the pulses of EPFL on social networks
© 2023 EPFL, all rights reserved