Notes‎ > ‎


Query SRV record
$ host -t SRV

Displays the top bandwidth source and destination usage
# iftop

Find out which programs listen on which TCP ports
# netstat -tlnp

Monitor connections for HTTP including listen, count and sorting
# watch "netstat -plan|grep :80|awk {'print \$5'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1"

Get Cisco network information
# tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'

Troubleshooting DHCP
# tcpdump -vv -i eth0 port 67 or port 68

Capture sip or rtpevent to console
# tethereal -i eth1 -R "(sip || rtpevent)"

Capture to file to view in wireshark
# tethereal -i eth1 -w /var/tmp/c12b3.pcap

Capture all SIP packages on 5060 on all interfaces
# ngrep -W byline -td any . port 5060

Port scan in stealth mode with version detection and attempt to identify the OS and no ICMP pings
# nmap -sS -sV -O -P0 <target>
# nmap -sS -A -P0 <target>

Get a list of servers with a specific port open
$ nmap -sT -p 80 -oG - 192.168.1.* | grep open

Find all active IPs on the nework
$ ping -c2 >/dev/null; arp -a

Flush all rules
# iptables --flush

Block known dirty hosts from reaching your machine
$ wget -qO -|awk '!/#|[a-z]/&&/./{print "iptables -A INPUT -s "$1" -j DROP"}'

Monitor bandwidth by pid
# nethogs -p eth0

Return external IP
$ curl

TODO: write my own service reporting ports open and possible vulnerabilities
$ curl