Network
Linux Network
Network Service
NetworkManager
➜ sudo systemctl start NetworkManager
/etc/hosts
/etc/hosts is a text file on a computer that maps hostnames to IP addresses. It is used for static name resolution, which is not updated automatically like the Domain Name System (DNS) records. /etc/hosts are usually the first file checked when resolving a domain name, so it can be used to block websites or redirect users to different websites. 192.168.10.12 server.example.com myftp.example.com myhost myftp
➜ cat /etc/hosts
/etc/services
When connecting to a machine across a network, applications use /etc/service to translate human-readable service names into port numbers. A service name, port/protocol, any aliases, and any comments are typically included in a service name file. When a protocol is listed in /etc/service, an application can connect automatically to the desired service. The application will need to connect to the service manually and specify the desired port number if a service is not listed in /etc/service file. This file contains a fixed block or a fixed block with an LRECL between 56 and 256 characters. On z/OS UNIX, there is a limit to the number of lines that can be included in /etc/service. In order to ensure that all services are up and running, it is necessary to change the file on a regular basis. Using the svcadm command on z/OS UNIX, you can refresh the /etc/services file. Svecadm disables sasm 2. If the service enters maintenance mode, it should be rebooted using the sasm clear command. To restart the service, use /etc/init.d/mysql.
➜ cat /etc/services
Network Interfaces
➜ ifconfig -a
➜ ifconfig enp0 192.168.1.100 netmask 255.255.255.0
➜ ifconfig enp0 up
➜ ifconfig enp0 down
For changing mac address user this command :
➜ sudo ifconfig enp0 hw ether aa:bb:cc:dd:ee::ff
Network configurations
RedHat base systems :
➜ /etc/sysconfig/network-scripts/ifcfg.eth0
Debian base systems :
➜ cd /etc/network/interfaces.d
Default gateway:
➜ cat /etc/sysconfig/network
DNS config File:
➜ cat /etc/resolv.conf
route :
This show all routing table
➜ route -n
➜ route del 192.168.1.1
➜ route add default gw 192.168.1.1
➜ route del default gw 192.168.1.1
ip
➜ ip addr show
➜ ip addr add 192.168.1.0/24 dev enp0
➜ ip addr del 192.168.1.0/24 dev enp0
➜ ip route
➜ ip route add 5.5.5.1/24 dev enp0
➜ ip route add default via 192.168.1.1
➜ ip route del 5.5.5.1/24 dev enp0s3
nsswitch
this show witch files are respond to some services
➜ cat /etc/nsswitch.conf
traceroute
Note : in traceroute if you recieve to firewall you and Cnat't pass them you get * in that server.so read tracetoute or tracepath carefully.
➜ traceroute google.com
➜ traceroute 4.2.2.4
tracepath
➜ tracepath google.com
➜ tracepath 4.2.2.4
dig
➜ dig google.com
arp :
ARP stands for “Address Resolution Protocol” is a protocol for mapping an IP address to a physical MAC address on a local area network. Basically, ARP is a program used by a computer system to find another computer’s MAC address based on its IP address
➜ sudo arp -a
Delete arp
➜ sudo arp -d 192.168.1.102
Netstat
➜ netstat -nr
: show routes
➜ netstat -na
: Show All Listen porta
➜ netstat -u
: show udp
➜ netstat -t
: show tcp
➜ netstat -l
: show listen
➜ netstat -s
: show stat
➜ netstat -tl
: tcp LISTEN
➜ netstat -tulpen
Note : run this command in full wide monitor
fuser
The fuser command is a Linux utility designed to find which process is using a given file, directory, or socket. It also provides information about the user owning running that process, and the type of access.
➜ fuser -v .
➜ fuser -v -n tcp 8002
The fuser utility can also be used to send specific signals to a process. When used with the -k option, the fuser command sends the KILL signal to a process. There are many other signals that can be sent to a specific running process. You can list these with fuser -l:
➜ fuser -k 8002/tcp
➜ fuser -l
lsof ( List all Open Files)
List User Specific Opened Files
➜ lsof -u koosha
Find Processes Running on Specific Port
➜ lsof -i TCP:22
List Open Files of TCP Port ranges 1-1024
➜ lsof -i TCP:1-1024
Find Out who’s Looking What Files and Commands?
➜ lsof -i -u koosha
List all Network Connections
➜ lsof -i
Kill all Activity of Particular User
➜ kill -9 lsof -t -u koosha
nslookup
Using Nslookup we can quickly gather a variety of information about DNS
➜ nslookup google.com
➜ nslookup google.com 4.2.2.4
mtr ( my traceroute)
in mtr check the all severs like traceroute but check all activity of packages in system mtr command is a simple but effective network analysis and troubleshooting tool.
➜ mtr 4.2.2.4
➜ mtr google.com
➜ mtr -n google.com
: it can get ip's and show it.
tcpdump
tcpdump is a command-line utility that you can use to capture and inspect network traffic going to and from your system.
➜ tcpdump -i port 22
➜ tcpdump -i any port 22 -w ssh.pcap
➜ tcpdump -r ssh.pcap
:: read pcap file
➜ tcpdump src 192.168.1.102 dst 192.168.1.100
➜ tcpdump -i
any port 22 -A :: ascii show
➜ tcpdump -i
ant src 192.168.1.102 -w save.pcap
➜ tcpdump -D
: this show valid interfaces for sniff
tcp-wrapper (hosts.allow & hosts.deny) Command Option
TCP wrappers are capable of more than allowing and denying access to services. With the optional command argument, they can send connection banners, warn of attacks from particular hosts, and enhance logging.
TCP wrappers to warn from potential attacks
➜ vi /etc/hosts.deny
ALL : 200.182.68.0 : spawn /bin/echo date
%c %d >> /var/log/intruder_alert
Deny access and log connection attempt
➜ vi /etc/hosts.deny
ALL : ALL : spawn /bin/echo “%c tried to connect to %d and was blocked” >> /var/log/tcpwrappers.log
The log level can be elevated by using the severity option. Assume that anyone attempting to ssh to an FTP server is an intruder. To denote this, place an emerg flag in the log files instead of the default flag, info, and deny the connection. To do this, place the following line in /etc/hosts.deny:
➜ vi /etc/hosts.deny
sshd : ALL : severity emerg
Fore More Information About tcp_wrapper : https://www.thegeekdiary.com/tcp-wrapper-hosts-allow-hosts-deny-command-options-in-linux
dhclient
dhclient is a free and open source DHCP client tool used for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address. Using dhclient tool, a DHCP client system can request an IP address from a Central DHCP Server which which maintains a list of IP addresses which may be assigned on one or more subnets
➜ dhclient -v enp0
➜ dhclient enp0s
obtain IPV6 address
➜ sudo dhclient -6 -v
Change UDP Listening Port
➜ sudo dhclient -v -p 556 enp0s3
Specify Server IP Address
➜ sudo dhclient -v -s 192.168.0.106 enp0s3
nc
Netcat (or nc in short) is a simple yet powerful networking command-line tool used for performing any operation in Linux related to TCP, UDP, or UNIX-domain sockets. Netcat can be used for port scanning, port redirection, as a port listener (for incoming connections); it can also be used to open remote connections and so many other things. Besides, you can use it as a backdoor to gain access to a target server
Port Scanning
➜ nc -v -w 2 z 192.168.56.1 22
or
➜ c -v -w 2 z 192.168.56.1 22 80
or
➜ nc -v -w 2 z 192.168.56.1 20-25
Transfer Files Between Linux Servers
➜ tar -zcf - debian-10.0.0-amd64-xfce-CD-1.iso | pv | nc -l -p 3000 -q 5
And on the receiver/client computer, run the following command to obtain the file.
➜ nc 192.168.1.4 3000 | pv | tar -zxf -
Create a Command Line Chat Server
➜ nc -l -vv -p 5000
On the other system, run the following command to launch a chat session to a machine where the messaging server is running.
➜ nc 192.168.56.1 5000
Create Dhcp Server
Redhat base systems :
➜ sudo dnf install dhcp server
Debian base systems :
➜ sudo apt install isc-dhcp-server
Nmap
Nmap or Network Mapper is undoubtedly the best reconnaissance tool used by modern penetration testers. This open-source application has come a long way since its inception and proved to be a game-changer in network security. Nmap is widely used to determine critical information of a single network or range of networks. There’s an unending list of robust Nmap commands which allow security researchers to spot vulnerabilities in a network. Malicious users also heavily leverage Nmap for determining an entry point to unauthorized networks. Moreover, a large library of pre-built scripts makes Nmap more powerful than ever.
➜ nmap scanme.nmap.org
➜ sudo nmap -vv 192.168.10.121
Specifying Target Hosts
➜ nmap 192.168.10.121 host.to.scan
➜ nmap 192.168.10.0/24
use the list scan option (-sL), which only lists the targets without running a scan:
➜ nmap -sL 10.8-10.10,11,12.0/28 192.168.1-2.100,101
nmap -sL 10.8-10.10,11,12.0/28 192.168.1-2.100,101
➜ nmap -p 443 192.168.10.121
➜ nmap -p 80,443 192.168.10.121
➜ sudo nmap -sU -p 1-1024 192.168.10.121
➜ nmap -p ssh 192.168.10.121
Ping Scanning
To perform a ping scanning or host discovery, invoke the nmap command with the -sn option: ➜
sudo nmap -sn 192.168.10.0/24
Disabling DNS Name Resolution
Nmap’s default behavior is to perform reverse-DNS resolution for each discovered host, which increases the scan time. When scanning large networks, it is a good idea to disable reverse-DNS resolution and speed up the scans. To do that, invoke the command with the -n option:
➜ sudo nmap -n 192.168.10.0/16
You can also scan for OS, Versions, and run traceroute in one command using the -A option
➜ sudo nmap -A 192.168.10.121
Nmap Scripting Engine
One of the most powerful features of Nmap is its scripting engine. Nmap ships with hundreds of scrips , and you can also write your own scrips in the Lua language. You can use scrips to detect malware and backdoors, perform brute-force attacks, and more. For example, to check if a given host is compromised you can use:
➜ nmap -sV --script http-malware-host scanme.nmap.org
You can use " Nmap Network Exploration and Security Auditing Cookbook" to read more
Nmap Network Exploration and Security Auditing Cookbook Download
Common ports
ftp ➜ 20,21 snmp ➜ 161,162
DNS ➜ 53
ssh ➜ 22
ldap ➜ 389
telnet ➜ 23
imap ➜ 993
mtp ➜ 25
pop3s ➜ 995
http ➜ 80
https ➜ 443
ntp ➜ 123
ipmap ➜ 143
Last updated