Network administration
Commands for Network administration
Install tools
pacman -S curl wget tcpdump rsync nmap iperf bmon socat mtr ipcalc duf ncdu
Inspect the current network
ip a
Use ICMP packages to check if two machines are connected
ping -c3 <network-ID>
Show the path from your current machine to your remote server/system and each hop along the way
traceroute -I <network-ID>
Combines the functionality of traceroute and ping into one tool
mtr <network-ID>
Display or modify the routing table
route
HTTP request with header
curl -IL <network-ID>
Download a file
wget <network-ID>
Information related to a domain name
whois <network-ID>
See what services are running and listening on your machine
ss -lt
ss -tupln
Captures packets off a network interface and interprets them for you
tcpdump -i <network-DEVICE>
ARP (Address Resolution Protocol) is useful to view / add the contents of the kernel’s ARP tables:
arp
Assess the bandwidth available between two computers
Client agent
iperf -s <server-network-ID>
Server agent
iperf -c <client-network-ID>
Track all the network-related stats on your system and then display it in a human-friendly fashion
bmon
Securely copy files from one server to another over SSH
scp </path/to/file/or/directory/> <username>@<network-ID>:/home/user/directory/
rsync -avhP </path/to/file/or/directory/> <username>@<network-ID>:/home/user/directory/
List physical ethernet ports
lspci | grep -i ethernet
Find IP addresses on a network
nmap -sn <network-ID>/<network-prefix>
Print only the IP addresses and remove other information
nmap -sn <network-ID>/<network-prefix> | grep report | awk '{ print $5 }'
Find the OS information associated with these IP addresses
nmap -sT -O <network-ID>/<network prefix>
SYN stealth scan
nmap -sS <network-ID>/<network-prefix>
Cloak a scan with decoys
nmap -sS -D <decoy1,decoy2[,ME],...> <network-ID>/<network-prefix>
OS detection, version detection, script scanning, and traceroute
nmap -v -A <network-ID>/<network-prefix>
Common vulnerabilities and exposures scan
nmap --script vuln <network-ID>/<network-prefix>
-p- scan all ports
-Pn
-sA ACK scan
-sF FIN scan
-sl IDLE scan
-sL DNS(list-) scan
-sN NULL scan
-sO Protocol scan
-sP Ping scan
-sR RPC scan
-sS SYN scan (SYN > SYN ACK)
-sT TCP connect scan (three way handshake: SYN > SYN ACK > ACK)
-sW Window scan
-sX XMAS scan
-PI ICMP ping
-Po No ping
-PS SYN ping
-PT TCP ping
-oN Normal output
-oX XML output
-T0 through -T5 scan speed from very slow (-T0) to extremely aggressive ( -T5).
-v Increase verbosity level (use -vv or more for greater effect)
Netcat is the network engineer’s Swiss Army knife
ncat
If you use it in client mode, it’s similar to telnet, and you can create a TCP connection to a specific port and send anything that you type.
You can also use it to open a TCP/IP port and read from standard input.
That makes it an easy way to transfer files between two computers.
Another use case is testing whether your firewall is blocking certain traffic. For example,
execute netcat in server mode on a host behind your firewall and then execute netcat in client mode from outside the firewall.
If you can read on the server whatever you type on the client, then the firewall is not filtering the connection.
ncat -l -p <port>
This executes Netcat in server mode on port and waits for incoming connections.
ncat -lnvp <port> -s <network-ID>
ncat <network-ID> <port>
This executes Netcat in client mode and connects to TCP port on remote host
You can also use Netcat with pipe commands. For example you can compress a file before sending it to the remote host with Netcat.
tar cpf - /some/dir | compress -c | ncat -w 3 <network-ID> <port>
