Network administration

Commands for Network administration

Install tools

pacman -S curl wget tcpdump rsync nmap iperf bmon socat mtr ipcalc duf ncdu

Inspect the current network

ip a

Use ICMP packages to check if two machines are connected

ping -c3 <network-ID>

Show the path from your current machine to your remote server/system and each hop along the way

traceroute -I <network-ID>

Combines the functionality of traceroute and ping into one tool

mtr <network-ID>

Display or modify the routing table

route

HTTP request with header

curl -IL <network-ID>

Download a file

wget <network-ID>

Information related to a domain name

whois <network-ID>

See what services are running and listening on your machine

ss -lt

ss -tupln

Captures packets off a network interface and interprets them for you

tcpdump -i <network-DEVICE>

ARP (Address Resolution Protocol) is useful to view / add the contents of the kernel’s ARP tables:

arp

Assess the bandwidth available between two computers

Client agent

iperf -s <server-network-ID>

Server agent

iperf -c <client-network-ID>

Track all the network-related stats on your system and then display it in a human-friendly fashion

bmon

Securely copy files from one server to another over SSH

scp </path/to/file/or/directory/> <username>@<network-ID>:/home/user/directory/

rsync -avhP </path/to/file/or/directory/> <username>@<network-ID>:/home/user/directory/

List physical ethernet ports

lspci | grep -i ethernet

Find IP addresses on a network

nmap -sn <network-ID>/<network-prefix>

Print only the IP addresses and remove other information

nmap -sn <network-ID>/<network-prefix> | grep report | awk '{ print $5 }'

Find the OS information associated with these IP addresses

nmap -sT -O <network-ID>/<network prefix>

SYN stealth scan

nmap -sS <network-ID>/<network-prefix>

Cloak a scan with decoys

nmap -sS -D <decoy1,decoy2[,ME],...> <network-ID>/<network-prefix>

OS detection, version detection, script scanning, and traceroute

nmap -v -A <network-ID>/<network-prefix>

Common vulnerabilities and exposures scan

nmap --script vuln <network-ID>/<network-prefix>

more

-p- scan all ports
-Pn
-sA ACK scan
-sF FIN scan
-sl IDLE scan
-sL DNS(list-) scan
-sN NULL scan
-sO Protocol scan
-sP Ping scan
-sR RPC scan
-sS SYN scan (SYN > SYN ACK)
-sT TCP connect scan (three way handshake: SYN > SYN ACK > ACK)
-sW Window scan
-sX XMAS scan
-PI ICMP ping
-Po No ping
-PS SYN ping
-PT TCP ping
-oN Normal output
-oX XML output
-T0 through -T5 scan speed from very slow (-T0) to extremely aggressive ( -T5).
-v Increase verbosity level (use -vv or more for greater effect)

more

Netcat is the network engineer’s Swiss Army knife

ncat

If you use it in client mode, it’s similar to telnet, and you can create a TCP connection to a specific port and send anything that you type.
You can also use it to open a TCP/IP port and read from standard input. That makes it an easy way to transfer files between two computers. Another use case is testing whether your firewall is blocking certain traffic. For example,
execute netcat in server mode on a host behind your firewall and then execute netcat in client mode from outside the firewall. If you can read on the server whatever you type on the client, then the firewall is not filtering the connection.

ncat -l -p <port>

This executes Netcat in server mode on port and waits for incoming connections.

ncat -lnvp <port> -s <network-ID>

ncat <network-ID> <port>

This executes Netcat in client mode and connects to TCP port on remote host .

You can also use Netcat with pipe commands. For example you can compress a file before sending it to the remote host with Netcat.

tar cpf - /some/dir | compress -c | ncat -w 3 <network-ID> <port>