Network tools
tcpdump¶
Options:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
|
Examples:
1 2 |
|
Basic communication
1 |
|
Basic communication (very verbose)
1 |
|
A deeper look at the traffic # adds -X for payload but doesn’t grab any more of the packet
1 |
|
Heavy packet viewing # the final “s” increases the snaplength, grabbing the whole packet
1 |
|
To look for traffic based on IP address
1 |
|
To find traffic from only a source or destination
1 2 |
|
To capture an entire network using CIDR notation
1 2 |
|
To see only traffic to or from a certain port
1 2 |
|
To filter to multiple ports to specific host
1 |
|
To filter based on the source or destination port
1 2 |
|
To filter by src/dst, port, protocol
1 2 |
|
To see traffic to any port in a range
1 |
|
Capture all Port 80 Traffic to a File
1 |
|
Read Captured Traffic back into tcpdump
1 |
|
TCP traffic from 10.5.2.3 destined for port 3389
1 |
|
Traffic originating from the 192.168 network headed for the 10 or 172.16 networks
1 |
|
Traffic originating from Mars or Pluto that isn’t to the SSH port
1 |
|
Traffic that’s from 10.0.2.4 AND destined for ports 3389 or 22 (correct)
1 |
|
netcat¶
For scanning ports 1-1000:
1 2 |
|
To listen on a particular port
1 |
|
To connect from another system to port 4444
1 |
|
To send files through netcat:
1 |
|
iperf¶
server process:¶
To start the server in port 9999
$ iperf -s -p 9999
To start the server in daemon mode
$ iperf3 -s -D
Client commands¶
To run a 30 second test, giving results every 1 second:
$ iperf3 -c <dst-ip> -i 1 -t 30
Run a test from remotehost to localhost
$ iperf3 -c <dst-ip> -i 1 -t 20 -R
Run a test with 4 parallel streams, and with a 32M TCP buffer
$ iperf3 -c <dst-ip> -w 32M -P 4
Run a 200 Mbps UDP test:
$ iperf3 -c <dst-ip> -u -i 1 -b 200M
Output the results in JSON format using the -J
$ iperf3 -c <dst-ip> -J
nmap¶
Scan a specific port instead of all common ports:
nmap -p port_number remote_host
Scan for every TCP and UDP open port:
sudo nmap -n -PN -sT -sU -p- remote_host
dig¶
dig netflix.com +nocomments +noquestion +noauthority +noadditional +nostats
The above command can be replaced by:
$ dig netflix.com +noall +answer
To query MX records:
dig netflix.com MX +noall +answer
dig -t MX netflix.com +noall +answer
To query the nameserver
dig -t NS netflix.com +noall +answer
To view all record types:
dig netflix.com ANY +noall +answer
To view the short output (displays only IP addresses)
dig jeeva.asuscomm.com +short
147.92.89.53
To do reverse lookup
dig -x 199.232.41.10
dig -x 147.92.89.53 +short
To use a specific Name server
dig @nameserver netflix.com
Bulk dns query:
cat /tmp/names.txt
netflix.com
prod.netflix.com
corp.netflix.com
dig -f /tmp/names.txt +noall +short
Default dig options: $HOME/.digrc
cat $HOME/.digrc
+noall +answer
Speedtest¶
Use the official CLI provided by ookla instead of the unofficial speedtest-cli one.
## If migrating from prior bintray install instructions please first...
sudo rm /etc/apt/sources.list.d/speedtest.list
sudo apt-get update
sudo apt-get remove speedtest
## Other non-official binaries will conflict with Speedtest CLI
# Example how to remove using apt-get
sudo apt-get remove speedtest-cli
sudo apt-get install curl
curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash
sudo apt-get install speedtest