network

https://linuxhandbook.com/find-gateway-linux/

https://www.linuxtrainingacademy.com/linux-commands-cheat-sheet/#8_8211_NETWORKING

TODO: CLEANUP

debian wiki

https://wiki.debian.org/NetworkConfiguration

  • external ip

curl ifconfig.me curl http://diagnostic.opendns.com/myip

  • internal adapters

netstat -i

  • gateway

ip route | grep 'default'

ip r | grep 'default'

this one uses G flag? netstat -r -n

  • broadcast

  • internal ip

mtr -web4c 10 google.com

ip r ip address show eth0

ip addr show ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/' sudo ifconfig

find services listening netstat -tlnp

see if ports open or closed or timeout means firewall probably blocking it nc -vz ip port

network map

sudo apt install nmap
ip r
ifconfig to find your ip / mask

find neighbors

sudo nmap -sP 192.168.1.0/24

do i need to secure my linode?
MAC Address: F2:3C:91:4B:89:7D (Unknown)
Nmap scan report for li1204-250.members.linode.com (45.79.105.250)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:39:62:D8 (Unknown)
Nmap scan report for li1204-251.members.linode.com (45.79.105.251)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:85:72:FE (Unknown)
Nmap scan report for li1204-253.members.linode.com (45.79.105.253)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:46:A4:BE (Unknown)
Nmap scan report for li1204-254.members.linode.com (45.79.105.254)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:E5:BE:DB (Unknown)
Nmap scan report for li1204-23.members.linode.com (45.79.105.23)
Host is up.
Nmap done: 256 IP addresses (201 hosts up) scanned in 9.72 seconds
  • internal dhcp

  • internal dns

    cat /etc/resolv.conf nslookup dig ping

  • routing

    apr -a

    mac port forwards

firewall

  • dns cat /etc/resolv.conf

https://www.linode.com/docs/networking/linux-static-ip-configuration/

sudo apt install traceroute dnsutils sudo apt install mtr

etc/systemd/network/05-eth0.network etc/systemd/network/*.network

Find the programs that are listening on ports

netstat -plnt
netstat -tulnp
ss -plnt

find open files?
lsof -i -P | grep <port>

mine are empty

sudo ip addr flush dev eth0
ip link set eth0 up
ip addr add 198.51.100.5/24 broadcast 198.51.100.255 dev eth0
ip route add default via 198.51.100.1

ip tool

root@localhost:~# ip addr | grep inet
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 198.51.100.5/24 brd 198.51.100.255 scope global eth0
inet6 2600:3c02::f03c:91ff:fe24:3a2f/64 scope global
inet6 fe80::f03c:91ff:fe24:3a2f/64 scope link
  • Show domain IP address dig +short example.com nslookup example.com

  • Check DNS using specific nameserver

  • 8.8.8.8 = google, 1.1.1.1 = cloudflare, 208.67.222.222 = opendns dig @8.8.8.8 example.com dig +s @8.8.8.8 example.com nslookup example.com 1.1.1.1

  • Find host provider whois | grep -i "orgname|netname"

  • Curl headers with redirect curl --head --location https://example.com

https://www.linode.com/docs/networking/diagnostics/inspecting-network-information-with-netstat/

sudo apt install net-tools # Debian-based systems
sudo yum install net-tools # CentOS and RHEL systems
sudo yum install dnsutils# CentOS and RHEL systems

external ip

sudo dig +short shanenull.com

45.79.105.23

1 45.79.105.23 2 2600

interfaces

netstat -i

external ip

sudo dig +short shanenull.com 45.79.105.23

1 45.79.105.23 2 2600

interfaces

netstat -i

Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0      1500  3371844      0      0 0       9840590      0      0      0 BMRU
lo       65536    24787      0      0 0         24787      0      0      0 LRU

netstat -ia

Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0      1500  3372135      0      0 0       9840778      0      0      0 BMRU
lo       65536    24787      0      0 0         24787      0      0      0 LRU

http connections

sudo netstat -anpt | grep nginx | grep ESTABLISHED | awk -F "[ :]*" '{print $4}' | uniq -c

tcp connections

netstat -nt | awk '/^tcp/ {print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr

counts states

netstat -ant | awk '{print $6}' | grep -v established\) | grep -v Foreign | sort | uniq -c | sort -n

routes

netstat -nr

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         45.79.105.1     0.0.0.0         UG        0 0          0 eth0
45.79.105.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0

listening

sudo netstat -ntlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      998/sendmail: MTA:  
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      27935/nginx: master 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      932/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      998/sendmail: MTA:  
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      27935/nginx: master 
tcp6       0      0 :::443                  :::*                    LISTEN      27935/nginx: master 
sudo netstat -ntlp | awk '{print $7}'

Address
998/sendmail:
27935/nginx:
932/sshd
998/sendmail:
27935/nginx:
27935/nginx:

sudo netstat -ntlp | awk '{print $7}'

protocol

netstat -s

Ip:
    Forwarding: 2
    2988645 total packets received
    0 forwarded
    1 with unknown protocol
    0 incoming packets discarded
    2981807 incoming packets delivered
    9818434 requests sent out
    120 dropped because of missing route
Icmp:
    7189 ICMP messages received
    1035 input ICMP message failed
    ICMP input histogram:
        destination unreachable: 2965
        timeout in transit: 42
        echo requests: 4175
        echo replies: 6
        timestamp request: 1
    17100 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 12924
        echo replies: 4175
        timestamp replies: 1
IcmpMsg:
        InType0: 6
        InType3: 2965
        InType8: 4175
        InType11: 42
        InType13: 1
        OutType0: 4175
        OutType3: 12924
        OutType14: 1
Tcp:
    4938 active connection openings
    8232 passive connection openings
    150864 failed connection attempts
    202 connection resets received
    1 connections established
    2968280 segments received
    9809523 segments sent out
    7281062 segments retransmitted
    248 bad segments received
    184527 resets sent
    InCsumErrors: 215
Udp:
    5688 packets received
    7248 packets to unknown port received
    9 packet receive errors
    6638 packets sent
    0 receive buffer errors
    0 send buffer errors
    InCsumErrors: 9
UdpLite:
TcpExt:
    149916 resets received for embryonic SYN_RECV sockets
    1 ICMP packets dropped because they were out-of-window
    4594 TCP sockets finished time wait in fast timer
    37 packetes rejected in established connections because of timestamp
    19498 delayed acks sent
    7 delayed acks further delayed because of locked socket
    Quick ack mode was activated 1390 times
    47 SYNs to LISTEN sockets dropped
    4372 packets directly queued to recvmsg prequeue
    TCPDirectCopyFromPrequeue: 14225
    237878 packet headers predicted
    1 packet headers predicted and directly queued to user
    122234 acknowledgments not containing data payload received
    255959 predicted acknowledgments
    4 times recovered from packet loss due to fast retransmit
    TCPSackRecovery: 314
    Detected reordering 2 times using FACK
    Detected reordering 3 times using SACK
    Detected reordering 7 times using time stamp
    4 congestion windows fully recovered without slow start
    6 congestion windows partially recovered using Hoe heuristic
    TCPDSACKUndo: 38
    223 congestion windows recovered without slow start after partial ack
    TCPLostRetransmit: 25
    TCPSackFailures: 385
    52 timeouts in loss state
    443 fast retransmits
    18 forward retransmits
    226 retransmits in slow start
    TCPTimeouts: 8915209
    TCPLossProbes: 2715
    TCPLossProbeRecovery: 714
    TCPSackRecoveryFail: 33
    TCPDSACKOldSent: 1276
    TCPDSACKOfoSent: 1
    TCPDSACKRecv: 1214
    TCPDSACKOfoRecv: 24
    133 connections reset due to unexpected data
    35 connections reset due to early user close
    243 connections aborted due to timeout
    TCPDSACKIgnoredNoUndo: 303
    TCPSpuriousRTOs: 61
    TCPSackShifted: 26
    TCPSackMerged: 255
    TCPSackShiftFallback: 1716
    TCPRcvCoalesce: 26431
    TCPOFOQueue: 252
    TCPOFOMerge: 1
    TCPChallengeACK: 172
    TCPSYNChallenge: 117
    TCPFastOpenCookieReqd: 1
    TCPFromZeroWindowAdv: 2
    TCPToZeroWindowAdv: 2
    TCPWantZeroWindowAdv: 76
    TCPSynRetrans: 7273701
    TCPOrigDataSent: 462719
    TCPHystartTrainDetect: 1
    TCPHystartTrainCwnd: 493
    TCPHystartDelayDetect: 12
    TCPHystartDelayCwnd: 1167
    TCPACKSkippedSynRecv: 1706
    TCPACKSkippedPAWS: 17
    TCPACKSkippedSeq: 2
    TCPKeepAlive: 10
IpExt:
    InOctets: 247749290
    OutOctets: 555556025
    InNoECTPkts: 3018924
    InECT1Pkts: 189
    InECT0Pkts: 613
    InCEPkts: 107
Sctp:
    0 Current Associations
    0 Active Associations
    0 Passive Associations
    0 Number of Aborteds 
    0 Number of Graceful Terminations
    0 Number of Out of Blue packets
    0 Number of Packets with invalid Checksum
    0 Number of control chunks sent
    0 Number of ordered chunks sent
    0 Number of Unordered chunks sent
    0 Number of control chunks received
    0 Number of ordered chunks received
    0 Number of Unordered chunks received
    0 Number of messages fragmented
    0 Number of messages reassembled 
    0 Number of SCTP packets sent
    0 Number of SCTP packets received

routes

netstat -nr

listening

sudo netstat -ntlp

sudo netstat -ntlp | awk '{print $7}'

protocol

netstat -s

who stole my port

$ netstat -tulpn | grep 80

next

ps aux | grep 10177

less /var/log/my-app/my-app.log.2015.12.14.gz

live reading tail -f /var/log/my-app/my-app.log | grep ERROR

  • Find the programs that are listening on ports netstat -plnt ss -plnt lsof -i -P | grep

  • Show domain IP address dig +short example.com nslookup example.com

  • Check DNS using specific nameserver

  • 8.8.8.8 = google, 1.1.1.1 = cloudflare, 208.67.222.222 = opendns dig @8.8.8.8 example.com nslookup example.com 1.1.1.1

  • Find host provider whois | grep -i "orgname|netname"

  • Curl headers with redirect curl --head --location https://example.com

  • Display all network interfaces and ip address ifconfig -a

  • Display eth0 address and details ifconfig eth0

  • Query or control network driver and hardware settings ethtool eth0

  • Send ICMP echo request to host ping host

  • Display whois information for domain whois domain

  • Display DNS information for domain dig domain

  • Reverse lookup of IP_ADDRESS dig -x IP_ADDRESS

  • Display DNS ip address for domain host domain

  • Display the network address of the host name. hostname -i

  • Display all local ip addresses hostname -I

  • Download http://domain.com/file wget http://domain.com/file

  • Display listening tcp and udp ports and corresponding programs netstat -nutlp

  • arp

FILES /proc/net/arp /etc/networks /etc/hosts /etc/ethers

Comments