Linux Administration - Networking

[top]

arp

Commands

 arp -a
Display ARP entry for all know hosts

[top]

ifconfig

Commands

 ifconfig [interface] down
shutdown network interface

[top]

ip

Commands

 ip route
Get gateway ip address (on default line).

[top]

ipchains

Commands

 ipchains -L -v
Display firewall rules.

[top]

iptables

Commands

 iptables -L -v
Display firewall rules.

[top]

ngrep

Commands

 ngrep port 22
Display traffic occuring on port 22.

 ngrep port 80 and src host 192.168.1.1 and dst host 192.168.1.2
Watch traffic from 192.168.1.1 to 192.168.1.2 with the destination port 80.

 ngrep -x
Display information in easier to read format.

 ngrep -q -t "ogin" port 23 and src host 192.168.1.1
Look for telnet login prompt from 192.168.1.1.

[top]

netcat

Create a chat

 nc -l 3333            (server)
> nc 192.168.1.101 3333 (client)
Listen on port 3333.
Connect to that computer on port 3333.

Transfer a file between 2 machines
 nc -lp 3333 > file.zip                (client)
> nc -w 1 192.168.1.101 3333 < file.zip (server)
Listen on port 3333 and output data to file.zip.
Send data file to port 3333 and after 1 second disconnect.

OR

 nc -lp 3333 > file.zip                       (client)
> tar -czf - file | nc -w 1 192.168.1.101 3333 (server)
Listen on port 3333 and output data to file.zip.
Send output to STDOUT rather than a file.
Copy data to port 3333 and after 1 second disconnect.

Create a port scanner
 nc -v -w 1 127.0.0.1 -z 1-3000
Connect to machine and start a shell.

Telnet
 nc -lp 3333 -e /bin/bash (server)
> nc 192.168.1.101 3333    (client)
Connect to machine and start a shell.

Webserver page
 while true; do nc -l -p 80 -q 1 < error.html; done
Display a simple page to port 80 users.

Clone a hard drive
 dd if=/dev/sda | nc 192.168.1.101 9000 (server)
> nc -l -p 9000 | dd of=/dev/sda         (client)
Send data to port 9000.
Get data and create new drive.

[top]

netstat

Commands

 netstat -ap
Display all listening and non-listening sockets (-a) including the PIDs (-p)

 netstat -ap | grep -i listen | more
Find network services that are listening for connections

 netstat -i
Show network interfaces 

 netstat -ia
Show network interfaces present in kernel 

 netstat -lp
Display ONLY listening sockets (-l) including the PIDs (-p)

 netstat -nr
Show routing tables w/ dotted quad ip addresses rather than hostnames 

 netstat -r
Show routing tables

[top]

nmap

Commands

 nmap -A -T4 [hostnames]
Determine OS & version (-A), fast (-T4)

 nmap -sF, -sN, -sX [hostname]
Determine open ports ... not so traceable

 nmap -sO [hostname]
Determine protocols supported

 nmap -sP -v [hostnames]
Determine if host is online (-sP - Ping scan) 

 nmap -sS
Determine open ports ... less traceable 

 nmap -sT [hostname]
Scan TCP ports (easily traceable).

 nmap -sU [hostname]
Scan UDP ports. (Requires root access)

 nmap -v [hostname]
Determine all open ports.

Typical Scans
 nmap -sP 10.0.0.0/24
 nmap -sP 192.168.1.0/24
Scan entire network for systems that are online

[top]

ping

Commands

 ping -c3 xavier
Ping xavier three times