Query SRV record

$ host -t SRV


Displays the top bandwidth source and destination usage

# iftop


Find out which programs listen on which TCP ports

# netstat -tlnp

Monitor connections for HTTP including listen, count and sorting

# watch "netstat -plan|grep :80|awk {'print \$5'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1"


Get Cisco network information

# tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'

Troubleshooting DHCP

# tcpdump -vv -i eth0 port 67 or port 68


Capture sip or rtpevent to console

# tethereal -i eth1 -R "(sip || rtpevent)"

Capture to file to view in wireshark

# tethereal -i eth1 -w /var/tmp/c12b3.pcap


Capture all SIP packages on 5060 on all interfaces

# ngrep -W byline -td any . port 5060


Port scan in stealth mode with version detection and attempt to identify the OS and no ICMP pings

# nmap -sS -sV -O -P0 <target>


# nmap -sS -A -P0 <target>

Get a list of servers with a specific port open

$ nmap -sT -p 80 -oG - 192.168.1.* | grep open


Find all active IPs on the nework

$ ping -c2 >/dev/null; arp -a


Flush all rules

# iptables --flush

Block known dirty hosts from reaching your machine

$ wget -qO -|awk '!/#|[a-z]/&&/./{print "iptables -A INPUT -s "$1" -j DROP"}'


Monitor bandwidth by pid

# nethogs -p eth0


Return external IP

$ curl

TODO: write my own service reporting ports open and possible vulnerabilities

$ curl