Networking commands
This section gather commands that are used quite used in networking. It doesn't include commands for each protocol, such as ftp
or ssh
.
- DNS protocol: dig, whois...
- ...
Refer to the list of protocols.
Configuration
Usage π: show the name of the host
Example π₯:
$ hostname
Show host domain
$ hostname -d
Usage π: merge of multiple commands (route
, arp
, ipconfig
). Note that ipconfig
is still used on Windows.
Example π₯:
Show all interfaces (a=addr=address, l=link, s=show)
$ ip a
$ ip -4 a s # only IPV4
$ ip -brief a s # only a brief description
$ ip l
Show one interface "eth0" addresses/links
$ ip addr show dev0
$ ip link show dev0
Useful option π§ͺ: -r
to show names instead of IPs.
Show routing table (r=route)
$ ip r
To add a route, you need a "_dest", a "_gateway", and an "_interface". See Routing.
$ ip r add _dest via _gateway dev _interface
Show ARP cache (n=neigh=neighbor)
$ ip n
Usage π: on Linux, ipconfig
is deprecated over ip a
, but on Windows, it's still the command used.
Example π₯ - Linux:
Show information about the network. Note that RT = received, TX = emitted. Print info about all interfaces:
$ ifconfig -a
Only one interface "eth0"
$ ifconfig eth0
Example π₯ - Windows:
List more or less information about each network interface.
CMD> ifconfig
CMD> ipconfig /all
Release an IP address
CMD> ipconfig /release
Request a new IP address
CMD> ipconfig /release
Show ARP cache. Obsolete, see ip n
.
Show Routing table. Obsolete, see ip r
.
Usage π: list open ports
Example π₯:
$ ss
$ ss -a # all
$ ss -4 # ipv4
$ ss -t # tcp
$ ss -u # udp
$ ss -l # listening
$ ss -n # no resolve
Usage π: show network information and stats.
Example π₯:
$ netstat -l # list ports
$ netstat -i # list interfaces
$ netstat -r # routes
$ netstat -rn # routable networks
$ netstat -a # all ports
$ netstat [...] -t # TCP only
$ netstat [...] -u # UDP only
$ netstat -s # stats per protocol
$ netstat -p # service name + pid
$ netstat -tulpn # common usage
Communication
Usage π: send a message to see if a host is up and replying to pings.
Example π₯:
$ ping example.com
$ ping 8.8.8.8
Do "x" pings
$ ping -c x example.com
Other options
-
-b ip
: ping all addresses in the IP range -
-t ttl
: set the time to live of the ping -
-s size
: the size of the "ping" -
-i interval
: the interval between pings -
-v
: verbose -
-i interface
: pass via interface
Usage π: you can create a server, and create clients, and exchange messages between them.
Variants: ncat
, netcat
.
Example π₯ - server: listen on a port
$ nc ip -l port
$ nc ip -l -p port
$ nc ip -lp port
$ nc ip -lnvp port # π
# keep listening after last client disconnect
$ nc ip -lnvpk port
$ nc --source-port port [...]
Example π₯ - client: connect to a server at IP using a specific port
$ nc ip port
$ nc ip -p port
β‘οΈ Connect to a python webserver...
β‘οΈ Use -vv
for quite verbose.
Usage π: trace the route that a packet is taking.
Example π₯:
$ traceroute ip
Specify an interface, such as eth0
$ traceroute ip -i eth0
Use TCP/SYN
$ sudo traceroute ip -T
Usage π: trace the route that a packet is taking.
Example π₯:
$ tracepath ip
Usage π: Windows traceroute command.
Example π₯:
CMD> tracert ip
Monitoring
Usage π: monitor the network. Root required.
Example π₯:
Listen for requests passing by the interface tun0
$ sudo tcpdump -i tun0
Common general options are:
-
-D
: list interfaces -
-i interface
: listen to this interface -
-w /path/to/file.pcap
: write results to this file -
-l
: copy results in a buffer (XXX | tee file
) -
-F
: read from a file -
-o
: no optimizations -
-v
, and-vv
: show more, or even more verbosity
Common display options are:
-
-e
: show the header of the request -
-n
: show names instead of addresses -
-t
: do not show time
You can apply filters:
$ sudo tcpdump -i tun0 host IP # a specific IP
$ sudo tcpdump -i tun0 net IP/n # a specific network
$ sudo tcpdump -i tun0 port XXX # a specific port
$ sudo tcpdump -i tun0 portrange 0-1024 # a range of ports
$ sudo tcpdump -i tun0 less 64 # size in bytes
$ sudo tcpdump -i tun0 greater 500 # size in bytes
$ sudo tcpdump -i tun0 ip proto [icmp|ip|tcp] # a protocol
$ sudo tcpdump -i tun0 ip proto 17 # a protocol by number
π Before every filter such as host
, net
, port
, etc., you can add src
or dest
to specify where the filter is applied. It defaults to both.
Usage π: monitor network.
Example π₯:
-
-f "filter"
: see wireshark capture filters -
-F file
: read from a file
$ tshark -i eth0 -f "host some_ip"
$ tshark -i eth0 -w /tmp/test.pcap
A popular tool to monitor a network. See Wireshark.
Termshark (8.6k β) is a text-based user interface similar to wireshark.
Security
Usage π: UFW, Uncomplicated Firewall, is the default firewall for Ubuntu. Like others, you define rules for incoming/outgoing traffic.
Example π₯:
$ sudo ufw status # list
$ sudo ufw allow 22/tcp # allow
$ sudo ufw deny 22/tcp # deny
$ sudo ufw delete deny 22/tcp # delete
You can only allow/deny some hosts:
$ sudo ufw allow from IP to IP port 22
$ sudo ufw allow from IP to any port 22
$ sudo ufw allow from CIDR to any port 22
Usage π: define rules for incoming/outgoing traffic.
Example π₯:
List tables
$ sudo iptables -L
DROP any packet using TCP, on port 22, having our machine as destination, and emitted by 172.16.1.1
.
$ sudo iptables -t filter -A INPUT -s 172.16.1.1 -p tcp --dport 22 -j DROP
Hide the source IP address using 50.50.50.50, for any packet passing by our interface "eth2".
$ sudo iptables -t NAT -A POSTROUTING -o eth2 -j SNAT --to-source 50.50.50.50
Common chains are:
-
INPUT
: incoming traffic -
OUTPUT
: outgoing traffic -
FORWARD
: traffic passing through
-
-t table
: FILTER by default -
-A chain
: add a rule at the end of the chain -
-I chain
: add a rule at the start of the chain -
-D chain
: delete a rule -
-o interface
: exit via "interface" -
-i interface
: enter using "interface" -
-j action
: a chain or:-
SNAT/DNAT
: translation source/destination -
ACCEPT
: allow -
DENY/DROP
: deny without notifying the sender -
REJECT
: deny, but notify the sender
-
-
-s ip
: source (separated by colons) -
-d ip
: destination (s(separated by colons) -
--sport port
: source port -
--dport port
: destination port -
--to ip
: if SNAT/DNAT, the new source/destination -
-p protocol
: which protocol
Note: you can use !
(NOT), such as -s !127.0.0.1
meaning every packet not having "127.0.0.1" as source
will be filtered.
Usage π: define rules for incoming/outgoing traffic. It's replacing the legacy iptables
, and supposedly more scalable and performant.
Example π₯:
A table is used to store chains.
$ nft add table t_name # create
$ nft list table t_name # list chain+rules
$ nft delete table t_name # delete
A chain is a suite of rules.
# incoming traffic
$ nft add chain t_name c_name { type filter hook input priority 0 \; }
# outgoing traffic
$ nft add chain t_name c_name { type filter hook output priority 0 \; }
Add rules.
# accept traffic from port 22
$ nft add fwfilter c_name tcp sport 22 accept
# drop traffic to port 22
$ nft add fwfilter c_name tcp dport 22 drop
-
sport
/dport
: based on the port -
saddr
/daddr
: based on the IP -
accept
/drop
: accept or drop the packet -
limit rate 5/minute
: example to limit rate
π» To-do π»
Stuff that I found, but never read/used yet.
- DNS commands
- NFS commands
-
arp -a
,arp -a -d
-
iptables [...] -j REJECT --reject-with tcp-reset
,iptables -m
-
(timeout 1 bash -c '</dev/tcp/IP/port' && echo OPEN || echo CLOSED) 2> /dev/null
$ # sudo apt install bridge-utils
$ sudo brctl addbr xxx
$ sudo brctl show
$ sudo brctl delbr
$ sudo brctl addif name interface # can more multiple interfaces
$ # which will bridge them altogether
$ sudo ip link set dev xxx up # set up
$ sudo ip link set eth0 up # sudo ifconfig eth0 up
$ sudo ifconfig eth0 IP # assign IP to interface
$ sudo route add default gw IP eth0 # gateway for interface
// /etc/network/interfaces: persistent changes
-
vnstat:
sudo vnstat -l -i tun0