Linux-Networking Cheat Sheet
Basics
- Resolve a name via nsswitch
getent hosts
- DNS Lookup
dig
dig +noall +answer dig +short dig MX dig NS dig ANY dig -x dig -x +short dig @8.8.8.8 dig -f input.txt +noall +answer - netcat Commands
nc -l -p
# Listen on port nc -w3 # Listen for connection from IP on port # Search banners echo | nc -v -n -w1 - # Port scan nc –v –n –z –w1 -
- ethtool - Usage
ethtool eth0 # Print general info on eth0 ethtool -i eth0 # Print kernel module info ethtool -S eth0 # Print eth0 traffic statistics ethtool -a eth0 # Print RX, TX and auto-negotiation settings ethtool -p eth0 # Blink LED # Changing NIC settings... ethtool -s eth0 speed 100 ethtool -s eth0 autoneg off ethtool -s eth0 duplex full ethtool -s eth0 wol g # Turn on wake-on-LAN
Do not forget to make changes permanent in e.g. /etc/network/interfaces. - ip - Usage
ip link show ip link set eth0 up ip addr show ip neigh show
- miitool - Show Link Infos
# mii-tool -v eth0: negotiated 100baseTx-FD flow-control, link ok product info: vendor 00:07:32, model 17 rev 4 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
- Enable Jumbo Frames
ifconfig eth1 mtu 9000
- ipsets - Using IP sets for simpler iptables rules
ipset create smtpblocks hash:net counters ipset add smtpblocks 27.112.32.0/19 ipset add smtpblocks 204.8.87.0/24 iptables -A INPUT -p tcp --dport 25 -m set --match-set smtpblocks src -j DROP
- iptables - Loopback Routing:
iptables -t nat -A POSTROUTING -d
-s -p tcp --dport 80 -j SNAT --to-source - iptables - Show active rules:
iptables -S iptables -L iptables -L
- iptables - Full flush:
iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT
- iptables - Allow established:
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- iptables - Log failed requests:
iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
- iptables - Persistency on Debian:
apt-get install iptables-persistent # Set some rules and call invoke-rc.d iptables-persistent save
- iptables - Persistency on Ubuntu: UFW (Uncomplicated FireWall)
ufw enable ufw status ufw allow ssh/tcp ufw allow from
proto tcp to any port ufw delete allow from proto tcp to any port - fail2ban CLI Commands
fail2ban-client status fail2ban-client status
Troubleshooting
- Black Hole Route: To block IPs create route on loopback
route add -net 91.65.16.0/24 gw 127.0.0.1 lo # for a subnet route add 91.65.16.4 gw 127.0.0.1 lo # for a single IP
- Quick Access Log IP Top List
tail -100000 access.log | awk '{print $1}' | sort | uniq -c |sort -nr|head -25 - Find out if IP is used before configuring it
arping
- Traceroute with AS and network name lookup
lft -AN www.google.de
- Manually lookup AS
Measuring
- vnstat - Short term measurement bytes/packets min/avg/max:
vnstat -l # Live listing until Ctrl-C and summary vnstat -tr # 5s automatic traffic sample
- vnstat - Long term statistics:
vnstat -h # last hours (including ASCII graph) vnstat -d # last days vnstat -w # last weeks vnstat -m # last months vnstat -t # top 10 days
- curl - Time details on HTTP requests:
curl -w "DNS: %{time_namelookup} Connect: %{time_connect} start: %{time_starttransfer} total: %{time_total}\n" -o /dev/null -s http://example.com
Discovery
- LLDP
lldpctl lldpctl eth0
- nmap commands
# Network scan nmap -sP 192.168.0.0/24 # Host scan nmap
nmap -F # fast nmap -O # detect OS nmap -sV # detect services and versions nmap -sU # detect UDP services # Alternative host discovery nmap -PS # TCP SYN scan nmap -PA # TCP ACK scan nmap -PO # IP ping nmap -PU # UDP ping # Alternative service discovery nmap -sS nmap -sT nmap -sA nmap -sW # Checking firewalls nmap -sN nmap -sF nmap -sX
Debugging
- iptraf - Real-time statistics in ncurses interfaces
- mtr - Debug routing/package loss issues
- netstat - The different modes
# Typically used modes netstat -rn # List routes netstat -tlnp # List all open TCP connections netstat -tlnpc # Continuously do the above netstat -tulpen # Extended connection view netstat -a # List all sockets # And more rarely used netstat -s # List per protocol statistics netstat -su # List UDP statistics netstat -M # List masqueraded connections netstat -i # List interfaces and counters netstat -o # Watch time/wait handling
- nttcp - TCP performance testing
# On sending host nttcp -t -s # On receiving host nttcp -r -s
- List Kernel Settings
sysctl net
- SNMP - Dump all MIBs: When you need to find the MIB for an object known only by name try
snmpwalk -c public -v 1 -O s
.iso | grep - tcpdump - Be verbose and print full package hex dumps:
tcpdump -i eth0 -nN -vvv -xX -s 1500 port
- tcpdump - Non-promiscuous mode to list only traffic that the network stack processes:
tcpdump -e ...
- tcpdump - : Many usage examples.
# Filter port tcpdump port 80 tcpdump src port 1025 tcpdump dst port 389 tcpdump portrange 21-23 # Filter source or destination IP tcpdump src 10.0.0.1 tcpdump dest 10.0.0.2 # Filter everything on network tcpdump net 1.2.3.0/24 # Logically operators tcpdump src port 1025 and tcp # Provide full hex dump of captured HTTP packages tcpdump -s0 -x port 80 # Filter TCP flags (e.g. RST) tcpdump 'tcp[13] & 4!=0'
No comments:
Post a Comment