Networking

Network Connection

Status

netstat

# -t: tcp, -u: udp, -l: listen, -p: programs, -n: don't resolve names
netstat -lnptu
# -r: route
netstat -rn

Connectivity of Hosts

ping <target-ip>

# Stop after 5 times
ping -c 5 <target-ip>

# No DNS resolution
ping -n 3 <target-ip>

Trace Route Path Between Two Nodes

traceroute <target-ip>

Investigate Packets/Traffic

  • ICMP

    Check the status of network connections between nodes.

    1. Start Tcpdump

      To start analyzing, start tcpdump. Here we use eth0 interface.

      sudo tcpdump -i eth0 icmp

# For Wireshark
sudo tcpdump -i eth0 icmp -w /tmp/tcpdump.pcap

    2. Send Packets to Target

      For example, send 5 packets to target.

      sudo ping -c 5 <target-ip>

    3. Check Results of Tcpdump

      To check the details, use Wireshark.

      wireshark /tmp/tcpdump.pcap

DNS Resolver

Check the condition of the name resolution

ping example.com

If you cannot ping the target website, the DNS resolver is not working. To change the DNS resolver, update the original nameserver to the new one in /etc/resolv.conf. For example:

...
# nameserver x.x.x.x
nameserver 8.8.8.8
...

Below are some representative DNS servers.

  • Google - 8.8.8.8 & 8.8.4.4

  • Quad9 - 9.9.9.9 & 149.112.112.112

  • OpenDNS - 208.67.222.222 & 208.67.220.220

  • Cloudflare - 1.1.1.1 & 1.0.0.1

After updating /etc/resolv.conf, restart the name resolution service.

sudo systemctl restart systemd-resolved.service

Send Packet with MAC/IP Spoofing

  1. IP Spoofing

    sudo ./run_scapy

>>> spoof_example = IP(src='172.1.1.20', dst='172.1.1.40')
>>> send(spoof_example)

  2. MAC and IP Spoofing

    sudo ./run_scapy

>>> spoofed_MAC_and_IP = Ether(src='00:0c:29:1a:2b:3c', dst='00:0c:29:bd:da:cf', type=0x0800)/IP(src='172.1.1.24', dst='172.1.1.40')
PreviousNetwork Traffic Analysis (NTA)NextReDoS (Regular Expression Denial of Service)

Last updated