Skip to end of metadata
Go to start of metadata

Просмотр таблицы маршрутов

route -e
netstat -r
ip route 

Замена traceroute командой ping

Разные типы пакетов ICMP, но в общем случае подходит, если все хосты трассы пингуемы.

traceroute <remote-host>
mtr <remote host>

=
pingtrace.sh (Если в качестве аргумента указать айпишник, то трасса получается ОЧЕНЬ быстро)

#!/bin/bash

REMOTE_HOST=$1
REMOTE_HOST_2=`host $1 | grep 'has address' | awk '{printf $4}'`
TARGET_HOST="_"
TARGET_TTL=1

echo Tracing host $REMOTE_HOST\($REMOTE_HOST_2\)

while [ "$REMOTE_HOST" != "$TARGET_HOST" -a "$REMOTE_HOST_2" != "$TARGET_HOST" ]
do
    TARGET_HOST=`ping -c 1 -t $TARGET_TTL $REMOTE_HOST | grep 'exceeded' | awk '{printf $2}'`
    if [ "$TARGET_HOST" != "" ]
    then
        echo $TARGET_HOST, TTL=$TARGET_TTL
        TARGET_TTL=$(($TARGET_TTL+1))
    else
        echo $REMOTE_HOST, TTL=$TARGET_TTL
        exit
    fi
done

Пересылка файла по сети

Пересылка между А и В, где сначала А посылает, далее В принимает

#On A:
cat something.zip | nc -l -p 1234

#On B:
netcat server.ip.here. 1234 > something.zip

Пересылка между А и В, где сначала А слушает и пассивно ждет (как сервер), далее В отсылает

#On A:
nc -l -p 1234 -q 1 > something.zip < /dev/null

#On B:
cat something.zip | netcat server.ip.here 1234

NIC configure

ifconfig ethN ip/cidr # set IP 1-time
route add default gw $GW_IP # add default gateway route

CURL

Show HTML page with verbose output on connection

curl -v google.com

Download HTML page

curl -o example.html example.com

Download multiple files in one TCP session

curl -O libiconv-1.14.tar.gz http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.10.tar.gz -O http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.12.tar.gz -O http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.tar.gz

Resume download tranfser

curl -C - -O http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz

See only answer to request

curl -I example.com

Curl via proxy

curl -x http://proxyserver:proxyport --proxy-user user:password -L http://example.com

Ignore SSL certificate error

curl -k https://10.1.136.101:4848

FTP download with curl

curl ftp://example.com/mydirectory/myfile.zip --user username:password -o myfile.zip
curl ftp://example.com --user username:password # first see FTP directory structure

FTP upload with curl

curl -T myfile.zip ftp://example.com/mydirectory/ --user username:password

Delete file on FTP with curl

curl ftp://example.com/ -X 'DELE myfile.zip' --user username:password

Send EMAIL with curl

curl --url "smtps://smtp.example.com:465" --ssl-reqd   --mail-from "user@example.com" --mail-rcpt "friend@example.com"   --upload-file mailcontent.txt --user "user@example.com:password" --insecure

In the above command, replace smtps://smpt.example.com:465 with your SMTP server and port.

--mail-from: This field contains the from address that the receiver should see.

--mail-rcpt: This field contains TO address

--upload-file: The file provided here should contain your message as a content

--user: SMTP user@domain:password

--insecure option used is exactly same as using -k option we saw earlier, to ignore unknown SSL certificates.

Просмотр списка сетевых интерфейсов

ifconfig -s 
netstat -i 
ip addr 

Network monitoring utilities

netstat

Network Statistics

Provides info on:

  • Open sockets
  • Kernel routing tables
  • NICs
  • Masquerade connections
  • Protocol statistics
netstat -a # list all tcp/udp sockets
netstat -at # list all TCP sockets
netstat -l # list all listening sockets
netstat -lu # list all listening UDP sockets
netstat -lx # list all listening UNIX domain sockets
netstat -s # display protocol statistics
netstat -c # display protocol statistics in continuous mode
netstat -r # routing table (same as "ip r")
netstat -i # display network interface details

netstat -p # PID info (most useful, can be used with another params - shows Linux processes with their net activity.)

netstat -tulpn # list TCP+UDP listening ports, PID of processes on them, use numerical addresses

ss

Provides info on current network connections.

-t - TCP ports
-p - list processes using sockets

watch ss -tp

iptraf

Interactive IP LAN Monitor

Shows: TCP info, UDP counts, ICMP info, OSPF info, Ethernet load, node stats, IP checksum errors

iptraf -i eth0 -t 1 -B -L /tmp/iptraf.log # batch collect statistics for 1 minute and write them in log file

iwlist

Wi-Fi frequency scanner

iwlist <wlan0> scan # scan for Wi-Fi using WiFi interface wlan0

wget

wget http://somesite.com/sompage

Wget over proxy

wget --no-host-lookup --proxy=on 192.168.202.1:3128 --proxy-user=blablabla --proxy-passwd=blablabla http://winfaq.com.ru/wintips/index.htm

Download via wget:

# Edit config file /etc/wget/wgetrc  
# Add lines

http_proxy = http://your_proxy:port  
ftp_proxy = http://your_proxy:port  
 
# If you do not want to use proxy at all, set this to off.  
use_proxy = on

Netcat

"Power version" of Telnet. Does network connections using TCP/UDP. There are several Netcats available, best one is ncat - made by nmap team.

Telnet usage:

$ ncat -v google.com 80
GET index.html HTTP/1.1

When ncat is connected (with -v = verbose flag), send a message, like fetching the start page. Press ENTER twice after message sent.

Socket server usage - make a simple socket server, by listening to port 8091:

$ ncat -l -v 8091 > serverlog.log

When connection with Telnet or browser to ncat server, info is given on the clients and is saved to the log file specified.

UDP socket server:

$ ncat -ul -v 8091 > serverlog.log

Remote Shell/Backdoor - ncat can start a basic shell with no SSH needed:

$ ncat -v -l -p 7777 -e /bin/bash

Server on port 7777 will listen for incomings