https://linuxhandbook.com/find-gateway-linux/
https://www.linuxtrainingacademy.com/linux-commands-cheat-sheet/#8_8211_NETWORKING
TODO: CLEANUP
debian wiki
https://wiki.debian.org/NetworkConfiguration
curl ifconfig.me curl http://diagnostic.opendns.com/myip
netstat -i
ip route | grep 'default'
ip r | grep 'default'
this one uses G flag? netstat -r -n
broadcast
internal ip
mtr -web4c 10 google.com
ip r ip address show eth0
ip addr show ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/' sudo ifconfig
find services listening netstat -tlnp
see if ports open or closed or timeout means firewall probably blocking it nc -vz ip port
sudo apt install nmap
ip r
ifconfig to find your ip / mask
sudo nmap -sP 192.168.1.0/24
do i need to secure my linode?
MAC Address: F2:3C:91:4B:89:7D (Unknown)
Nmap scan report for li1204-250.members.linode.com (45.79.105.250)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:39:62:D8 (Unknown)
Nmap scan report for li1204-251.members.linode.com (45.79.105.251)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:85:72:FE (Unknown)
Nmap scan report for li1204-253.members.linode.com (45.79.105.253)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:46:A4:BE (Unknown)
Nmap scan report for li1204-254.members.linode.com (45.79.105.254)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:E5:BE:DB (Unknown)
Nmap scan report for li1204-23.members.linode.com (45.79.105.23)
Host is up.
Nmap done: 256 IP addresses (201 hosts up) scanned in 9.72 seconds
internal dhcp
internal dns
cat /etc/resolv.conf nslookup dig ping
routing
apr -a
mac port forwards
https://www.linode.com/docs/networking/linux-static-ip-configuration/
sudo apt install traceroute dnsutils sudo apt install mtr
etc/systemd/network/05-eth0.network etc/systemd/network/*.network
netstat -plnt
netstat -tulnp
ss -plnt
find open files?
lsof -i -P | grep <port>
mine are empty
sudo ip addr flush dev eth0
ip link set eth0 up
ip addr add 198.51.100.5/24 broadcast 198.51.100.255 dev eth0
ip route add default via 198.51.100.1
ip tool
root@localhost:~# ip addr | grep inet
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 198.51.100.5/24 brd 198.51.100.255 scope global eth0
inet6 2600:3c02::f03c:91ff:fe24:3a2f/64 scope global
inet6 fe80::f03c:91ff:fe24:3a2f/64 scope link
Show domain IP address dig +short example.com nslookup example.com
Check DNS using specific nameserver
8.8.8.8 = google, 1.1.1.1 = cloudflare, 208.67.222.222 = opendns dig @8.8.8.8 example.com dig +s @8.8.8.8 example.com nslookup example.com 1.1.1.1
Find host provider whois
Curl headers with redirect curl --head --location https://example.com
https://www.linode.com/docs/networking/diagnostics/inspecting-network-information-with-netstat/
sudo apt install net-tools # Debian-based systems
sudo yum install net-tools # CentOS and RHEL systems
sudo yum install dnsutils# CentOS and RHEL systems
sudo dig +short shanenull.com
45.79.105.23
1 45.79.105.23 2 2600
netstat -i
sudo dig +short shanenull.com 45.79.105.23
1 45.79.105.23 2 2600
netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 3371844 0 0 0 9840590 0 0 0 BMRU
lo 65536 24787 0 0 0 24787 0 0 0 LRU
netstat -ia
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 3372135 0 0 0 9840778 0 0 0 BMRU
lo 65536 24787 0 0 0 24787 0 0 0 LRU
sudo netstat -anpt | grep nginx | grep ESTABLISHED | awk -F "[ :]*" '{print $4}' | uniq -c
tcp connections
netstat -nt | awk '/^tcp/ {print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr
counts states
netstat -ant | awk '{print $6}' | grep -v established\) | grep -v Foreign | sort | uniq -c | sort -n
netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 45.79.105.1 0.0.0.0 UG 0 0 0 eth0
45.79.105.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
sudo netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 998/sendmail: MTA:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 27935/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 932/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 998/sendmail: MTA:
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 27935/nginx: master
tcp6 0 0 :::443 :::* LISTEN 27935/nginx: master
sudo netstat -ntlp | awk '{print $7}'
Address
998/sendmail:
27935/nginx:
932/sshd
998/sendmail:
27935/nginx:
27935/nginx:
sudo netstat -ntlp | awk '{print $7}'
netstat -s
Ip:
Forwarding: 2
2988645 total packets received
0 forwarded
1 with unknown protocol
0 incoming packets discarded
2981807 incoming packets delivered
9818434 requests sent out
120 dropped because of missing route
Icmp:
7189 ICMP messages received
1035 input ICMP message failed
ICMP input histogram:
destination unreachable: 2965
timeout in transit: 42
echo requests: 4175
echo replies: 6
timestamp request: 1
17100 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 12924
echo replies: 4175
timestamp replies: 1
IcmpMsg:
InType0: 6
InType3: 2965
InType8: 4175
InType11: 42
InType13: 1
OutType0: 4175
OutType3: 12924
OutType14: 1
Tcp:
4938 active connection openings
8232 passive connection openings
150864 failed connection attempts
202 connection resets received
1 connections established
2968280 segments received
9809523 segments sent out
7281062 segments retransmitted
248 bad segments received
184527 resets sent
InCsumErrors: 215
Udp:
5688 packets received
7248 packets to unknown port received
9 packet receive errors
6638 packets sent
0 receive buffer errors
0 send buffer errors
InCsumErrors: 9
UdpLite:
TcpExt:
149916 resets received for embryonic SYN_RECV sockets
1 ICMP packets dropped because they were out-of-window
4594 TCP sockets finished time wait in fast timer
37 packetes rejected in established connections because of timestamp
19498 delayed acks sent
7 delayed acks further delayed because of locked socket
Quick ack mode was activated 1390 times
47 SYNs to LISTEN sockets dropped
4372 packets directly queued to recvmsg prequeue
TCPDirectCopyFromPrequeue: 14225
237878 packet headers predicted
1 packet headers predicted and directly queued to user
122234 acknowledgments not containing data payload received
255959 predicted acknowledgments
4 times recovered from packet loss due to fast retransmit
TCPSackRecovery: 314
Detected reordering 2 times using FACK
Detected reordering 3 times using SACK
Detected reordering 7 times using time stamp
4 congestion windows fully recovered without slow start
6 congestion windows partially recovered using Hoe heuristic
TCPDSACKUndo: 38
223 congestion windows recovered without slow start after partial ack
TCPLostRetransmit: 25
TCPSackFailures: 385
52 timeouts in loss state
443 fast retransmits
18 forward retransmits
226 retransmits in slow start
TCPTimeouts: 8915209
TCPLossProbes: 2715
TCPLossProbeRecovery: 714
TCPSackRecoveryFail: 33
TCPDSACKOldSent: 1276
TCPDSACKOfoSent: 1
TCPDSACKRecv: 1214
TCPDSACKOfoRecv: 24
133 connections reset due to unexpected data
35 connections reset due to early user close
243 connections aborted due to timeout
TCPDSACKIgnoredNoUndo: 303
TCPSpuriousRTOs: 61
TCPSackShifted: 26
TCPSackMerged: 255
TCPSackShiftFallback: 1716
TCPRcvCoalesce: 26431
TCPOFOQueue: 252
TCPOFOMerge: 1
TCPChallengeACK: 172
TCPSYNChallenge: 117
TCPFastOpenCookieReqd: 1
TCPFromZeroWindowAdv: 2
TCPToZeroWindowAdv: 2
TCPWantZeroWindowAdv: 76
TCPSynRetrans: 7273701
TCPOrigDataSent: 462719
TCPHystartTrainDetect: 1
TCPHystartTrainCwnd: 493
TCPHystartDelayDetect: 12
TCPHystartDelayCwnd: 1167
TCPACKSkippedSynRecv: 1706
TCPACKSkippedPAWS: 17
TCPACKSkippedSeq: 2
TCPKeepAlive: 10
IpExt:
InOctets: 247749290
OutOctets: 555556025
InNoECTPkts: 3018924
InECT1Pkts: 189
InECT0Pkts: 613
InCEPkts: 107
Sctp:
0 Current Associations
0 Active Associations
0 Passive Associations
0 Number of Aborteds
0 Number of Graceful Terminations
0 Number of Out of Blue packets
0 Number of Packets with invalid Checksum
0 Number of control chunks sent
0 Number of ordered chunks sent
0 Number of Unordered chunks sent
0 Number of control chunks received
0 Number of ordered chunks received
0 Number of Unordered chunks received
0 Number of messages fragmented
0 Number of messages reassembled
0 Number of SCTP packets sent
0 Number of SCTP packets received
netstat -nr
sudo netstat -ntlp
sudo netstat -ntlp | awk '{print $7}'
netstat -s
$ netstat -tulpn | grep 80
next
ps aux | grep 10177
less /var/log/my-app/my-app.log.2015.12.14.gz
live reading tail -f /var/log/my-app/my-app.log | grep ERROR
Find the programs that are listening on ports netstat -plnt ss -plnt lsof -i -P | grep
Show domain IP address dig +short example.com nslookup example.com
Check DNS using specific nameserver
8.8.8.8 = google, 1.1.1.1 = cloudflare, 208.67.222.222 = opendns dig @8.8.8.8 example.com nslookup example.com 1.1.1.1
Find host provider whois
Curl headers with redirect curl --head --location https://example.com
Display all network interfaces and ip address ifconfig -a
Display eth0 address and details ifconfig eth0
Query or control network driver and hardware settings ethtool eth0
Send ICMP echo request to host ping host
Display whois information for domain whois domain
Display DNS information for domain dig domain
Reverse lookup of IP_ADDRESS dig -x IP_ADDRESS
Display DNS ip address for domain host domain
Display the network address of the host name. hostname -i
Display all local ip addresses hostname -I
Download http://domain.com/file wget http://domain.com/file
Display listening tcp and udp ports and corresponding programs netstat -nutlp
arp
FILES /proc/net/arp /etc/networks /etc/hosts /etc/ethers