network¶
https://linuxhandbook.com/find-gateway-linux/
https://www.linuxtrainingacademy.com/linux-commands-cheat-sheet/#8_8211_NETWORKING
TODO: CLEANUP
debian wiki
https://wiki.debian.org/NetworkConfiguration
- external ip
curl ifconfig.me curl http://diagnostic.opendns.com/myip
- internal adapters
netstat -i
- gateway
ip route | grep 'default'
ip r | grep 'default'
this one uses G flag? netstat -r -n
-
broadcast
-
internal ip
mtr -web4c 10 google.com
ip r ip address show eth0
ip addr show ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/' sudo ifconfig
find services listening netstat -tlnp
see if ports open or closed or timeout means firewall probably blocking it nc -vz ip port
network map¶
sudo apt install nmap
ip r
ifconfig to find your ip / mask
find neighbors¶
sudo nmap -sP 192.168.1.0/24
do i need to secure my linode?
MAC Address: F2:3C:91:4B:89:7D (Unknown)
Nmap scan report for li1204-250.members.linode.com (45.79.105.250)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:39:62:D8 (Unknown)
Nmap scan report for li1204-251.members.linode.com (45.79.105.251)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:85:72:FE (Unknown)
Nmap scan report for li1204-253.members.linode.com (45.79.105.253)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:46:A4:BE (Unknown)
Nmap scan report for li1204-254.members.linode.com (45.79.105.254)
Host is up (-0.20s latency).
MAC Address: F2:3C:91:E5:BE:DB (Unknown)
Nmap scan report for li1204-23.members.linode.com (45.79.105.23)
Host is up.
Nmap done: 256 IP addresses (201 hosts up) scanned in 9.72 seconds
-
internal dhcp
-
internal dns
cat /etc/resolv.conf nslookup dig ping
-
routing
apr -a
mac port forwards
firewall¶
- dns cat /etc/resolv.conf
https://www.linode.com/docs/networking/linux-static-ip-configuration/
sudo apt install traceroute dnsutils sudo apt install mtr
etc/systemd/network/05-eth0.network etc/systemd/network/*.network
Find the programs that are listening on ports¶
netstat -plnt
netstat -tulnp
ss -plnt
find open files?
lsof -i -P | grep <port>
mine are empty
sudo ip addr flush dev eth0
ip link set eth0 up
ip addr add 198.51.100.5/24 broadcast 198.51.100.255 dev eth0
ip route add default via 198.51.100.1
ip tool
root@localhost:~# ip addr | grep inet
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 198.51.100.5/24 brd 198.51.100.255 scope global eth0
inet6 2600:3c02::f03c:91ff:fe24:3a2f/64 scope global
inet6 fe80::f03c:91ff:fe24:3a2f/64 scope link
-
Show domain IP address dig +short example.com nslookup example.com
-
Check DNS using specific nameserver
-
8.8.8.8 = google, 1.1.1.1 = cloudflare, 208.67.222.222 = opendns dig @8.8.8.8 example.com dig +s @8.8.8.8 example.com nslookup example.com 1.1.1.1
-
Find host provider whois
| grep -i "orgname|netname" -
Curl headers with redirect curl --head --location https://example.com
https://www.linode.com/docs/networking/diagnostics/inspecting-network-information-with-netstat/
sudo apt install net-tools # Debian-based systems
sudo yum install net-tools # CentOS and RHEL systems
sudo yum install dnsutils# CentOS and RHEL systems
external ip¶
sudo dig +short shanenull.com
45.79.105.23
1 45.79.105.23 2 2600
interfaces¶
netstat -i
external ip¶
sudo dig +short shanenull.com 45.79.105.23
1 45.79.105.23 2 2600
interfaces¶
netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 3371844 0 0 0 9840590 0 0 0 BMRU
lo 65536 24787 0 0 0 24787 0 0 0 LRU
netstat -ia
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 3372135 0 0 0 9840778 0 0 0 BMRU
lo 65536 24787 0 0 0 24787 0 0 0 LRU
http connections¶
sudo netstat -anpt | grep nginx | grep ESTABLISHED | awk -F "[ :]*" '{print $4}' | uniq -c
tcp connections
netstat -nt | awk '/^tcp/ {print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr
counts states
netstat -ant | awk '{print $6}' | grep -v established\) | grep -v Foreign | sort | uniq -c | sort -n
routes¶
netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 45.79.105.1 0.0.0.0 UG 0 0 0 eth0
45.79.105.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
listening¶
sudo netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 998/sendmail: MTA:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 27935/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 932/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 998/sendmail: MTA:
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 27935/nginx: master
tcp6 0 0 :::443 :::* LISTEN 27935/nginx: master
sudo netstat -ntlp | awk '{print $7}'
Address
998/sendmail:
27935/nginx:
932/sshd
998/sendmail:
27935/nginx:
27935/nginx:
sudo netstat -ntlp | awk '{print $7}'
protocol¶
netstat -s
Ip:
Forwarding: 2
2988645 total packets received
0 forwarded
1 with unknown protocol
0 incoming packets discarded
2981807 incoming packets delivered
9818434 requests sent out
120 dropped because of missing route
Icmp:
7189 ICMP messages received
1035 input ICMP message failed
ICMP input histogram:
destination unreachable: 2965
timeout in transit: 42
echo requests: 4175
echo replies: 6
timestamp request: 1
17100 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 12924
echo replies: 4175
timestamp replies: 1
IcmpMsg:
InType0: 6
InType3: 2965
InType8: 4175
InType11: 42
InType13: 1
OutType0: 4175
OutType3: 12924
OutType14: 1
Tcp:
4938 active connection openings
8232 passive connection openings
150864 failed connection attempts
202 connection resets received
1 connections established
2968280 segments received
9809523 segments sent out
7281062 segments retransmitted
248 bad segments received
184527 resets sent
InCsumErrors: 215
Udp:
5688 packets received
7248 packets to unknown port received
9 packet receive errors
6638 packets sent
0 receive buffer errors
0 send buffer errors
InCsumErrors: 9
UdpLite:
TcpExt:
149916 resets received for embryonic SYN_RECV sockets
1 ICMP packets dropped because they were out-of-window
4594 TCP sockets finished time wait in fast timer
37 packetes rejected in established connections because of timestamp
19498 delayed acks sent
7 delayed acks further delayed because of locked socket
Quick ack mode was activated 1390 times
47 SYNs to LISTEN sockets dropped
4372 packets directly queued to recvmsg prequeue
TCPDirectCopyFromPrequeue: 14225
237878 packet headers predicted
1 packet headers predicted and directly queued to user
122234 acknowledgments not containing data payload received
255959 predicted acknowledgments
4 times recovered from packet loss due to fast retransmit
TCPSackRecovery: 314
Detected reordering 2 times using FACK
Detected reordering 3 times using SACK
Detected reordering 7 times using time stamp
4 congestion windows fully recovered without slow start
6 congestion windows partially recovered using Hoe heuristic
TCPDSACKUndo: 38
223 congestion windows recovered without slow start after partial ack
TCPLostRetransmit: 25
TCPSackFailures: 385
52 timeouts in loss state
443 fast retransmits
18 forward retransmits
226 retransmits in slow start
TCPTimeouts: 8915209
TCPLossProbes: 2715
TCPLossProbeRecovery: 714
TCPSackRecoveryFail: 33
TCPDSACKOldSent: 1276
TCPDSACKOfoSent: 1
TCPDSACKRecv: 1214
TCPDSACKOfoRecv: 24
133 connections reset due to unexpected data
35 connections reset due to early user close
243 connections aborted due to timeout
TCPDSACKIgnoredNoUndo: 303
TCPSpuriousRTOs: 61
TCPSackShifted: 26
TCPSackMerged: 255
TCPSackShiftFallback: 1716
TCPRcvCoalesce: 26431
TCPOFOQueue: 252
TCPOFOMerge: 1
TCPChallengeACK: 172
TCPSYNChallenge: 117
TCPFastOpenCookieReqd: 1
TCPFromZeroWindowAdv: 2
TCPToZeroWindowAdv: 2
TCPWantZeroWindowAdv: 76
TCPSynRetrans: 7273701
TCPOrigDataSent: 462719
TCPHystartTrainDetect: 1
TCPHystartTrainCwnd: 493
TCPHystartDelayDetect: 12
TCPHystartDelayCwnd: 1167
TCPACKSkippedSynRecv: 1706
TCPACKSkippedPAWS: 17
TCPACKSkippedSeq: 2
TCPKeepAlive: 10
IpExt:
InOctets: 247749290
OutOctets: 555556025
InNoECTPkts: 3018924
InECT1Pkts: 189
InECT0Pkts: 613
InCEPkts: 107
Sctp:
0 Current Associations
0 Active Associations
0 Passive Associations
0 Number of Aborteds
0 Number of Graceful Terminations
0 Number of Out of Blue packets
0 Number of Packets with invalid Checksum
0 Number of control chunks sent
0 Number of ordered chunks sent
0 Number of Unordered chunks sent
0 Number of control chunks received
0 Number of ordered chunks received
0 Number of Unordered chunks received
0 Number of messages fragmented
0 Number of messages reassembled
0 Number of SCTP packets sent
0 Number of SCTP packets received
routes¶
netstat -nr
listening¶
sudo netstat -ntlp
sudo netstat -ntlp | awk '{print $7}'
protocol¶
netstat -s
who stole my port¶
$ netstat -tulpn | grep 80
next
ps aux | grep 10177
less /var/log/my-app/my-app.log.2015.12.14.gz
live reading tail -f /var/log/my-app/my-app.log | grep ERROR
-
Find the programs that are listening on ports netstat -plnt ss -plnt lsof -i -P | grep
-
Show domain IP address dig +short example.com nslookup example.com
-
Check DNS using specific nameserver
-
8.8.8.8 = google, 1.1.1.1 = cloudflare, 208.67.222.222 = opendns dig @8.8.8.8 example.com nslookup example.com 1.1.1.1
-
Find host provider whois
| grep -i "orgname|netname" -
Curl headers with redirect curl --head --location https://example.com
-
Display all network interfaces and ip address ifconfig -a
-
Display eth0 address and details ifconfig eth0
-
Query or control network driver and hardware settings ethtool eth0
-
Send ICMP echo request to host ping host
-
Display whois information for domain whois domain
-
Display DNS information for domain dig domain
-
Reverse lookup of IP_ADDRESS dig -x IP_ADDRESS
-
Display DNS ip address for domain host domain
-
Display the network address of the host name. hostname -i
-
Display all local ip addresses hostname -I
-
Download http://domain.com/file wget http://domain.com/file
-
Display listening tcp and udp ports and corresponding programs netstat -nutlp
-
arp
FILES /proc/net/arp /etc/networks /etc/hosts /etc/ethers