Networking

[host]

Query SRV record

$ host -t SRV _sip._udp.sms-proxy-01.bandwidthclec.com

[iftop]

Displays the top bandwidth source and destination usage

# iftop

[netstat]

Find out which programs listen on which TCP ports

# netstat -tlnp

Monitor connections for HTTP including listen, count and sorting

# watch "netstat -plan|grep :80|awk {'print \$5'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1"

[tcpdump]

Get Cisco network information

# tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'

Troubleshooting DHCP

# tcpdump -vv -i eth0 port 67 or port 68

[tethereal]

Capture sip or rtpevent to console

# tethereal -i eth1 -R "(sip || rtpevent)"

Capture to file to view in wireshark

# tethereal -i eth1 -w /var/tmp/c12b3.pcap

[ngrep]

Capture all SIP packages on 5060 on all interfaces

# ngrep -W byline -td any . port 5060

[nmap]

Port scan in stealth mode with version detection and attempt to identify the OS and no ICMP pings

# nmap -sS -sV -O -P0 <target>

or

# nmap -sS -A -P0 <target>

Get a list of servers with a specific port open

$ nmap -sT -p 80 -oG - 192.168.1.* | grep open

[ping]

Find all active IPs on the nework

$ ping -c2 192.168.1.255 >/dev/null; arp -a

[iptables]

Flush all rules

# iptables --flush

Block known dirty hosts from reaching your machine

$ wget -qO - http://infiltrated.net/blacklisted|awk '!/#|[a-z]/&&/./{print "iptables -A INPUT -s "$1" -j DROP"}'

[nethogs]

Monitor bandwidth by pid

# nethogs -p eth0

[service]

Return external IP

$ curl ip.appspot.com

TODO: write my own service reporting ports open and possible vulnerabilities

$ curl scan.appspot.com

[references]

http://danielmiessler.com/study/tcpdump/

https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/