Networking

Last modified: 2022-01-01

Network Connection

Status

netstat

# -t: tcp, -u: udp, -l: listen, -p: programs, -n: don't resolve names
netstat -lnptu
# -r: route
netstat -rn

Connectivity of Hosts

ping <target-ip>

# Stop after 5 times
ping -c 5 <target-ip>

# No DNS resolution
ping -n 3 <target-ip>

Trace Route Path Between Two Nodes

traceroute <target-ip>

Investigate Packets/Traffic

ICMP

Check the status of network connections between nodes.
1. Start Tcpdump
  
  To start analyzing, start tcpdump. Here we use eth0 interface.
```
sudo tcpdump -i eth0 icmp

# For Wireshark
sudo tcpdump -i eth0 icmp -w /tmp/tcpdump.pcap
```
2. Send Packets to Target
  
  For example, send 5 packets to target.
```
sudo ping -c 5 <target-ip>
```
3. Check Results of Tcpdump
  
  To check the details, use Wireshark.
```
wireshark /tmp/tcpdump.pcap
```

DNS Resolver

Check the condition of the name resolution

ping example.com

If you cannot ping the target website, the DNS resolver is not working.
To change the DNS resolver, update the original nameserver to the new one in /etc/resolv.conf.
For example:

...
# nameserver x.x.x.x
nameserver 8.8.8.8
...

Below are some representative DNS servers.

Google - 8.8.8.8 & 8.8.4.4
Quad9 - 9.9.9.9 & 149.112.112.112
OpenDNS - 208.67.222.222 & 208.67.220.220
Cloudflare - 1.1.1.1 & 1.0.0.1

After updating /etc/resolv.conf, restart the name resolution service.

sudo systemctl restart systemd-resolved.service

Send Packet with MAC/IP Spoofing

IP Spoofing

sudo ./run_scapy

>>> spoof_example = IP(src='172.1.1.20', dst='172.1.1.40')
>>> send(spoof_example)

MAC and IP Spoofing

sudo ./run_scapy

>>> spoofed_MAC_and_IP = Ether(src='00:0c:29:1a:2b:3c', dst='00:0c:29:bd:da:cf', type=0x0800)/IP(src='172.1.1.24', dst='172.1.1.40')

Protocol

Port Forwarding

WiFi

Attack

Tool

VPN

Others