Network administration

Commands for Network administration




Install tools

pacman -S curl wget tcpdump rsync nmap iperf bmon socat mtr ipcalc duf ncdu

Inspect the current network

ip a

Use ICMP packages to check if two machines are connected

ping -c3 <network-ID>

Show the path from your current machine to your remote server/system and each hop along the way

traceroute -I <network-ID>

Combines the functionality of traceroute and ping into one tool

mtr <network-ID>

Display or modify the routing table

route

HTTP request with header

curl -IL <network-ID>

Download a file

wget <network-ID>

whois <network-ID>

See what services are running and listening on your machine

ss -lt
ss -tupln

Captures packets off a network interface and interprets them for you

tcpdump -i <network-DEVICE>

ARP (Address Resolution Protocol) is useful to view / add the contents of the kernel’s ARP tables:

arp

Assess the bandwidth available between two computers

Client agent

iperf -s <server-network-ID>

Server agent

iperf -c <client-network-ID>

bmon

Securely copy files from one server to another over SSH

scp </path/to/file/or/directory/> <username>@<network-ID>:/home/user/directory/
rsync -avhP </path/to/file/or/directory/> <username>@<network-ID>:/home/user/directory/

List physical ethernet ports

lspci | grep -i ethernet

Find IP addresses on a network

nmap -sn <network-ID>/<network-prefix>
nmap -sn <network-ID>/<network-prefix> | grep report | awk '{ print $5 }'

Find the OS information associated with these IP addresses

nmap -sT -O <network-ID>/<network prefix>

SYN stealth scan

nmap -sS <network-ID>/<network-prefix>

Cloak a scan with decoys

nmap -sS -D <decoy1,decoy2[,ME],...> <network-ID>/<network-prefix>

OS detection, version detection, script scanning, and traceroute

nmap -v -A <network-ID>/<network-prefix>

Common vulnerabilities and exposures scan

nmap --script vuln <network-ID>/<network-prefix>

more


-p- scan all ports
-Pn
-sA ACK scan
-sF FIN scan
-sl IDLE scan
-sL DNS(list-) scan
-sN NULL scan
-sO Protocol scan
-sP Ping scan
-sR RPC scan
-sS SYN scan (SYN > SYN ACK)
-sT TCP connect scan (three way handshake: SYN > SYN ACK > ACK)
-sW Window scan
-sX XMAS scan
-PI ICMP ping
-Po No ping
-PS SYN ping
-PT TCP ping
-oN Normal output
-oX XML output
-T0 through -T5 scan speed from very slow (-T0) to extremely aggressive ( -T5).
-v Increase verbosity level (use -vv or more for greater effect)

more


Netcat is the network engineer’s Swiss Army knife

ncat

If you use it in client mode, it’s similar to telnet, and you can create a TCP connection to a specific port and send anything that you type.
You can also use it to open a TCP/IP port and read from standard input. That makes it an easy way to transfer files between two computers. Another use case is testing whether your firewall is blocking certain traffic. For example,
execute netcat in server mode on a host behind your firewall and then execute netcat in client mode from outside the firewall. If you can read on the server whatever you type on the client, then the firewall is not filtering the connection.

ncat -l -p <port>

This executes Netcat in server mode on port and waits for incoming connections.

ncat -lnvp <port> -s <network-ID>
ncat <network-ID> <port>

This executes Netcat in client mode and connects to TCP port on remote host .

You can also use Netcat with pipe commands. For example you can compress a file before sending it to the remote host with Netcat.

tar cpf - /some/dir | compress -c | ncat -w 3 <network-ID> <port>

Andreas Bauer. All rights reserved.

Subnetting

List of IPv4 and IPv6 ranges, subnet size tables and special address types




Calculate subnet masks

ipcalc 10.0.0.1/22 -s 254 254 254 254

IPv4 ranges

Scope Class First Last Netmask
Public A 1.0.0.0 126.255.255.255 255.0.0.0
Public B 128.0.0.0 192.255.0.0 255.255.0.0
Public C 192.0.0.0 223.255.255.0 255.255.255.0
Public D 224.0.0.0 239.255.255.255
Public E 240.0.0.0 255.255.255.255
Private A 10.0.0.0 10.255.255.255 255.0.0.0
Private B 172.16.0.0 172.31.255.255 255.255.0.0
Private C 192.168.0.0 192.168.255.255 255.255.255.0

Special address types

Type CIDR IPv4 IPv6
Default 0.0.0.0/0 0.0.0.0 ::
Loopback (localhost) 127.0.0.0/8 127.0.0.1 - 127.255.255.254 ::1
Link-local 169.254.0.0/16 169.254.0.1 - 169.254.255.254 FE80::/64
Global broadcast 255.255.255.255 using multicast
Multicast 224.0.0.0/4 224.0.0.0 - 224.0.0.255 FF00::/8
Unique Local Unicast FC00::/7 FD00::/8

IPv6 Anycast

Routers direct packets addressed to this destination to the location nearest the sender
Anycast-addresses may have any random prefix and are formally indistinguishable from unicast addresses


IPv4 subnet sizes

IPv4 CIDR mask Dotted decimal mask Amount of usable host addresses
/1 128.0.0.0 2147483646
/2 192.0.0.0 1073741822
/3 224.0.0.0 536870910
/4 240.0.0.0 268435454
/5 248.0.0.0 134217726
/6 252.0.0.0 67108862
/7 254.0.0.0 33554430
/8 255.0.0.0 16777214
/9 255.128.0.0 8388606
/10 255.192.0.0 4194302
/11 255.224.0.0 2097150
/12 255.240.0.0 1048574
/13 255.248.0.0 524286
/14 255.252.0.0 262142
/15 255.254.0.0 131070
/16 255.255.0.0 65534
/17 255.255.128.0 32766
/18 255.255.192.0 16382
/19 255.255.224.0 8190
/20 255.255.240.0 4094
/21 255.255.248.0 2046
/22 255.255.252.0 1022
/23 255.255.254.0 510
/24 255.255.255.0 254
/25 255.255.255.128 126
/26 255.255.255.192 62
/27 255.255.255.224 30
/28 255.255.255.240 14
/29 255.255.255.248 6
/30 255.255.255.252 2
/31 255.255.255.254 no net, 2 hosts
/32 255.255.255.255 no net, one host

IPv6 subnet sizes

IPv6 CIDR mask Amount of networks or addresses
/1 9223372036854775808 networks of size /64
/2 4611686018427387904 networks of size /64
/3 2305843009213693952 networks of size /64
/4 1152921504606846976 networks of size /64
/5 576460752303423488 networks of size /64
/6 288230376151711744 networks of size /64
/7 144115188075855872 networks of size /64
/8 72057594037927936 networks of size /64
/9 36028797018963968 networks of size /64
/10 18014398509481984 networks of size /64
/11 9007199254740992 networks of size /64
/12 4503599627370496 networks of size /64
/13 2251799813685248 networks of size /64
/14 1125899906842624 networks of size /64
/15 562949953421312 networks of size /64
/16 281474976710656 networks of size /64
/17 140737488355328 networks of size /64
/18 70368744177664 networks of size /64
/19 35184372088832 networks of size /64
/20 17592186044416 networks of size /64
/21 8796093022208 networks of size /64
/22 4398046511104 networks of size /64
/23 2199023255552 networks of size /64
/24 1099511627776 networks of size /64
/25 549755813888 networks of size /64
/26 274877906944 networks of size /64
/27 137438953472 networks of size /64
/28 68719476736 networks of size /64
/29 34359738368 networks of size /64
/30 17179869184 networks of size /64
/31 8589934592 networks of size /64
/32 4294967296 networks of size /64
/33 2147483648 networks of size /64
/34 1073741824 networks of size /64
/35 536870912 networks of size /64
/36 268435456 networks of size /64
/37 134217728 networks of size /64
/38 67108864 networks of size /64
/39 33554432 networks of size /64
/40 16777216 networks of size /64
/41 8388608 networks of size /64
/42 4194304 networks of size /64
/43 2097152 networks of size /64
/44 1048576 networks of size /64
/45 524288 networks of size /64
/46 262144 networks of size /64
/47 131072 networks of size /64
/48 65536 networks of size /64
/49 32768 networks of size /64
/50 16384 networks of size /64
/51 8192 networks of size /64
/52 4096 networks of size /64
/53 2048 networks of size /64
/54 1024 networks of size /64
/55 512 networks of size /64
/56 256 networks of size /64
/57 128 networks of size /64
/58 64 networks of size /64
/59 32 networks of size /64
/60 16 networks of size /64
/61 8 networks of size /64
/62 4 networks of size /64
/63 2 networks of size /64
/64 18446744073709551616 addresses
/65 9223372036854775808 addresses
/66 4611686018427387904 addresses
/67 2305843009213693952 addresses
/68 1152921504606846976 addresses
/69 576460752303423488 addresses
/70 288230376151711744 addresses
/71 144115188075855872 addresses
/72 72057594037927936 addresses
/73 36028797018963968 addresses
/74 18014398509481984 addresses
/75 9007199254740992 addresses
/76 4503599627370496 addresses
/77 2251799813685248 addresses
/78 1125899906842624 addresses
/79 562949953421312 addresses
/80 281474976710656 addresses
/81 140737488355328 addresses
/82 70368744177664 addresses
/83 35184372088832 addresses
/84 17592186044416 addresses
/85 8796093022208 addresses
/86 4398046511104 addresses
/87 2199023255552 addresses
/88 1099511627776 addresses
/89 549755813888 addresses
/90 274877906944 addresses
/91 137438953472 addresses
/92 68719476736 addresses
/93 34359738368 addresses
/94 17179869184 addresses
/95 8589934592 addresses
/96 4294967296 addresses
/97 2147483648 addresses
/98 1073741824 addresses
/99 536870912 addresses
/100 268435456 addresses
/101 134217728 addresses
/102 67108864 addresses
/103 33554432 addresses
/104 16777216 addresses
/105 8388608 addresses
/106 4194304 addresses
/107 2097152 addresses
/108 1048576 addresses
/109 524288 addresses
/110 262144 addresses
/111 131072 addresses
/112 65536 addresses
/113 32768 addresses
/114 16384 addresses
/115 8192 addresses
/116 4096 addresses
/117 2048 addresses
/118 1024 addresses
/119 512 addresses
/120 256 addresses
/121 128 addresses
/122 64 addresses
/123 32 addresses
/124 16 addresses
/125 8 addresses
/126 4 addresses
/127 2 addresses
/128 1 address

Determine the necessary network mask for the network size in CIDR notation

750 Hosts
11111111 11111111 11111100 00000000
2^8 = 256 2^8 = 256 128 + 64 +32 +16 + 8 + 4 + 2 + 1
fits in 10 Bits = 2^10 1024 (zeros) = 32-10 = /22 (22 ones)

Binary to Decimal

255 . 255 . 252 . 0
100 fits in 2^7 = 128 32-7= /25
14000 fits in 2^14 = 16384 32-14= /18
3789 fits in 2^12 = 4096 32-12=/20