Tools used for networking.
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install netcat-openbsd tcpdump traceroute mtr
unix | windows | use |
---|---|---|
ifconfig / route | ifconfig | View the system's network configuration |
grep | findstr | Search for specific text |
netstat | netstat | Display established network connections and statistics |
lsof | What processes open which files | |
route | Display where and change how traffic is sent | |
tcpdump | Display traffic to and from a server, view network activity | |
traceroute | tracert | Show the route the traffic takes |
host | nslookup | Explore the Domain Name System (DNS) |
curl ipinfo.io/ip
curl ipecho.net/plain
curl ifconfig.me
curl icanhazip.com
PC's don't have IP addresses. Network interfaces have them, meaning one PC will have multiple IP addresses.
- Find IP address of PC.
ip addr
ip -c addr
ip -o -c addr
# IP address: 192.168.100.16/24
# /24 = 255.255.255.0 subnet mask
- Scan subnet for other devices (IP addresses).
nmap -sn 192.168.100.0/24
- Ping other device.
ping 192.168.100.10
- Default gateway (router)
ip route show
route -n
netstat -rn
ls /sys/class/net/
netstat -i
ip link show
It sends individual packets to test if traffic can get from one address to another, and back.
ping 8.8.8.8
# send 5 packets
ping -c 5 google.com
sudo vim /etc/resolv.conf
# Add nameserver 8.8.8.8
The lsof
utility lists open files, including network sockets (listening or connected).
# List only network sockets
lsof -i
netcat
is a tool for manually talking to servers, by connecting to a port and sending a string over it. It's a thin wrapper over TCP.
nc en.wikipedia.org 80
nc localhost 22
nc gmail-smtp-in.l.google.com 80
To illustrate, we can use two terminals to talk to each other. This is a simple TCP server.
Anything typed at the second console will be concatenated to the first, and vice-versa.
The connection is closed with CTRL
+ d
.
# terminal 1 - Listen for an incoming connection on port 6666
nc -l 6666
# typed: foo
# shown: bar
# terminal 2 - Connect to the machine on that listening port
nc 127.0.0.1 6666
# show: foo
# typed: bar
Commands can be sent via a pipe
.
echo 'message' | netcat server 80
netcat
doesn't know anything about forming HTTP request, but in combination with printf
and piping
, it can be done.
# Google
printf 'HEAD / HTTP/1.1\r\nHost: google.com\r\n\r\n' | nc google.com 80
# JSON
printf 'GET /posts/1 HTTP/1.1\r\nHost:jsonplaceholder.typicode.com\r\n\r\n' | nc jsonplaceholder.typicode.com 80
Used for looking up records in the DNS.
# Returns all the records
host google.com
# Returns just the A record
host -t a google.com
Similar to host
in showing DNS records, but in a way more readable for scripts and closer to the way they are stored in the DNS configuration files.
dig google.com
This will start a static web server on port 8000
. The command has to be run in the directory with the index.html
file.
python -m SimpleHTTPServer 8080
ifconfig
- Check IP address.
ping 8.8.8.8
- Ping IP address.
netstat -tupln
- Check open ports.
cat etc/network/interfaces
- Shows the interfaces brought up after booting.
/etc/hosts
is used to simulate a domain for an IP address. Add 127.0.0.1 domain.com
to avoid typing the IP address.
The terminal version of Wireshark, used for packet sniffing.
The asterisks you're seeing are servers that your packets are being routed through whom are timing out (5.0+ seconds) and so traceroute defaults to printing the *.