Networking commands

This section gather commands that are used quite used in networking. It doesn't include commands for each protocol, such as ftp or ssh.

Refer to the list of protocols.

Configuration

Usage 🐚: show the name of the host

Example πŸ”₯:

$ hostname

Show host domain

$ hostname -d

Usage 🐚: merge of multiple commands (route, arp, ipconfig). Note that ipconfig is still used on Windows.

Example πŸ”₯:

Show all interfaces (a=addr=address, l=link, s=show)

$ ip a
$ ip -4 a s # only IPV4
$ ip -brief a s # only a brief description
$ ip l

Show one interface "eth0" addresses/links

$ ip addr show dev0
$ ip link show dev0

Useful option πŸ§ͺ: -r to show names instead of IPs.

Show routing table (r=route)

$ ip r

To add a route, you need a "_dest", a "_gateway", and an "_interface". See Routing.

$ ip r add _dest via _gateway dev _interface

Show ARP cache (n=neigh=neighbor)

$ ip n

Usage 🐚: on Linux, ipconfig is deprecated over ip a, but on Windows, it's still the command used.

Example πŸ”₯ - Linux:

Show information about the network. Note that RT = received, TX = emitted. Print info about all interfaces:

$ ifconfig -a

Only one interface "eth0"

$ ifconfig eth0

Example πŸ”₯ - Windows:

List more or less information about each network interface.

CMD> ifconfig
CMD> ipconfig /all

Release an IP address

CMD> ipconfig /release

Request a new IP address

CMD> ipconfig /release

Show ARP cache. Obsolete, see ip n.

Show Routing table. Obsolete, see ip r.

Usage 🐚: list open ports

Example πŸ”₯:

$ ss
$ ss -a # all
$ ss -4 # ipv4
$ ss -t # tcp
$ ss -u # udp
$ ss -l # listening
$ ss -n # no resolve

Usage 🐚: show network information and stats.

Example πŸ”₯:

$ netstat -l # list ports
$ netstat -i # list interfaces
$ netstat -r # routes
$ netstat -rn # routable networks

$ netstat -a # all ports
$ netstat [...] -t # TCP only
$ netstat [...] -u # UDP only
$ netstat -s # stats per protocol
$ netstat -p # service name + pid
$ netstat -tulpn # common usage

Communication

introtonetworking

Usage 🐚: send a message to see if a host is up and replying to pings.

Example πŸ”₯:

$ ping example.com
$ ping 8.8.8.8

Do "x" pings

$ ping -c x example.com

Other options

  • -b ip: ping all addresses in the IP range
  • -t ttl: set the time to live of the ping
  • -s size: the size of the "ping"
  • -i interval: the interval between pings
  • -v: verbose
  • -i interface: pass via interface

activerecon

Usage 🐚: you can create a server, and create clients, and exchange messages between them.

Variants: ncat, netcat.

Example πŸ”₯ - server: listen on a port

$ nc ip -l port
$ nc ip -l -p port
$ nc ip -lp port
$ nc ip -lnvp port # πŸ‘ˆ
# keep listening after last client disconnect
$ nc ip -lnvpk port
$ nc --source-port port [...]

Example πŸ”₯ - client: connect to a server at IP using a specific port

$ nc ip port
$ nc ip -p port

➑️ Connect to a python webserver...

➑️ Use -vv for quite verbose.

introtonetworking

Usage 🐚: trace the route that a packet is taking.

Example πŸ”₯:

$ traceroute ip

Specify an interface, such as eth0

$ traceroute ip -i eth0

Use TCP/SYN

$ sudo traceroute ip -T

Usage 🐚: trace the route that a packet is taking.

Example πŸ”₯:

$ tracepath ip

Usage 🐚: Windows traceroute command.

Example πŸ”₯:

CMD> tracert ip

Monitoring

intro_to_network_traffic_analysis

Usage 🐚: monitor the network. Root required.

Example πŸ”₯:

Listen for requests passing by the interface tun0

$ sudo tcpdump -i tun0

Common general options are:

  • -D : list interfaces
  • -i interface : listen to this interface
  • -w /path/to/file.pcap: write results to this file
  • -l: copy results in a buffer (XXX | tee file)
  • -F: read from a file
  • -o: no optimizations
  • -v, and -vv: show more, or even more verbosity

Common display options are:

  • -e: show the header of the request
  • -n: show names instead of addresses
  • -t: do not show time

You can apply filters:

$ sudo tcpdump -i tun0 host IP  # a specific IP
$ sudo tcpdump -i tun0 net IP/n # a specific network
$ sudo tcpdump -i tun0 port XXX # a specific port
$ sudo tcpdump -i tun0 portrange 0-1024 # a range of ports
$ sudo tcpdump -i tun0 less 64     # size in bytes
$ sudo tcpdump -i tun0 greater 500 # size in bytes
$ sudo tcpdump -i tun0 ip proto [icmp|ip|tcp] # a protocol
$ sudo tcpdump -i tun0 ip proto 17 # a protocol by number

πŸ“š Before every filter such as host, net, port, etc., you can add src or dest to specify where the filter is applied. It defaults to both.

Usage 🐚: monitor network.

Example πŸ”₯:

$ tshark -i eth0 -f "host some_ip"
$ tshark -i eth0 -w /tmp/test.pcap

A popular tool to monitor a network. See Wireshark.

Termshark (8.6k ⭐) is a text-based user interface similar to wireshark.

Security

Usage 🐚: UFW, Uncomplicated Firewall, is the default firewall for Ubuntu. Like others, you define rules for incoming/outgoing traffic.

Example πŸ”₯:

$ sudo ufw status # list 
$ sudo ufw allow 22/tcp # allow
$ sudo ufw deny 22/tcp # deny
$ sudo ufw delete deny 22/tcp # delete

You can only allow/deny some hosts:

$ sudo ufw allow from IP to IP port 22
$ sudo ufw allow from IP to any port 22
$ sudo ufw allow from CIDR to any port 22

Usage 🐚: define rules for incoming/outgoing traffic.

Example πŸ”₯:

List tables

$ sudo iptables -L

DROP any packet using TCP, on port 22, having our machine as destination, and emitted by 172.16.1.1.

$ sudo iptables -t filter -A INPUT -s 172.16.1.1 -p tcp --dport 22 -j DROP

Hide the source IP address using 50.50.50.50, for any packet passing by our interface "eth2".

$ sudo iptables -t NAT -A POSTROUTING -o eth2 -j SNAT --to-source 50.50.50.50

Common chains are:

  • INPUT: incoming traffic
  • OUTPUT: outgoing traffic
  • FORWARD: traffic passing through
  • -t table: FILTER by default
  • -A chain: add a rule at the end of the chain
  • -I chain: add a rule at the start of the chain
  • -D chain: delete a rule
  • -o interface: exit via "interface"
  • -i interface: enter using "interface"
  • -j action: a chain or:
    • SNAT/DNAT: translation source/destination
    • ACCEPT: allow
    • DENY/DROP: deny without notifying the sender
    • REJECT: deny, but notify the sender
  • -s ip: source (separated by colons)
  • -d ip: destination (s(separated by colons)
  • --sport port: source port
  • --dport port: destination port
  • --to ip: if SNAT/DNAT, the new source/destination
  • -p protocol: which protocol

Note: you can use ! (NOT), such as -s !127.0.0.1 meaning every packet not having "127.0.0.1" as source will be filtered.

linuxsystemhardening

Usage 🐚: define rules for incoming/outgoing traffic. It's replacing the legacy iptables, and supposedly more scalable and performant.

Example πŸ”₯:

A table is used to store chains.

$ nft add table t_name # create
$ nft list table t_name # list chain+rules
$ nft delete table t_name # delete

A chain is a suite of rules.

# incoming traffic
$ nft add chain t_name c_name { type filter hook input priority 0 \; }
# outgoing traffic
$ nft add chain t_name c_name { type filter hook output priority 0 \; }

Add rules.

# accept traffic from port 22
$ nft add fwfilter c_name tcp sport 22 accept
# drop traffic to port 22
$ nft add fwfilter c_name tcp dport 22 drop
  • sport/dport: based on the port
  • saddr/daddr: based on the IP
  • accept/drop: accept or drop the packet
  • limit rate 5/minute: example to limit rate

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

  • DNS commands
  • NFS commands
  • arp -a, arp -a -d
  • iptables [...] -j REJECT --reject-with tcp-reset, iptables -m
  • (timeout 1 bash -c '</dev/tcp/IP/port' && echo OPEN || echo CLOSED) 2> /dev/null 
$ # sudo apt install bridge-utils
$ sudo brctl addbr xxx
$ sudo brctl show
$ sudo brctl delbr
$ sudo brctl addif name interface # can more multiple interfaces
$ # which will bridge them altogether
$ sudo ip link set dev xxx up # set up
$ sudo ip link set eth0 up # sudo ifconfig eth0 up
$ sudo ifconfig eth0 IP # assign IP to interface
$ sudo route add default gw IP eth0 # gateway for interface
// /etc/network/interfaces: persistent changes
  • vnstat: sudo vnstat -l -i tun0