Notes‎ > ‎

Networking

[host]
Query SRV record
$ host -t SRV _sip._udp.sms-proxy-01.bandwidthclec.com

[iftop]
Displays the top bandwidth source and destination usage
# iftop

[netstat]
Find out which programs listen on which TCP ports
# netstat -tlnp

Monitor connections for HTTP including listen, count and sorting
# watch "netstat -plan|grep :80|awk {'print \$5'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1"

[tcpdump]
Get Cisco network information
# tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'

Troubleshooting DHCP
# tcpdump -vv -i eth0 port 67 or port 68

[tethereal]
Capture sip or rtpevent to console
# tethereal -i eth1 -R "(sip || rtpevent)"

Capture to file to view in wireshark
# tethereal -i eth1 -w /var/tmp/c12b3.pcap

[ngrep]
Capture all SIP packages on 5060 on all interfaces
# ngrep -W byline -td any . port 5060

[nmap]
Port scan in stealth mode with version detection and attempt to identify the OS and no ICMP pings
# nmap -sS -sV -O -P0 <target>
or
# nmap -sS -A -P0 <target>

Get a list of servers with a specific port open
$ nmap -sT -p 80 -oG - 192.168.1.* | grep open

[ping]
Find all active IPs on the nework
$ ping -c2 192.168.1.255 >/dev/null; arp -a

[iptables]
Flush all rules
# iptables --flush

Block known dirty hosts from reaching your machine
$ wget -qO - http://infiltrated.net/blacklisted|awk '!/#|[a-z]/&&/./{print "iptables -A INPUT -s "$1" -j DROP"}'

[nethogs]
Monitor bandwidth by pid
# nethogs -p eth0

[service]
Return external IP
$ curl ip.appspot.com

TODO: write my own service reporting ports open and possible vulnerabilities
$ curl scan.appspot.com

[references]
http://danielmiessler.com/study/tcpdump/
https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/

Comments