Network

netstat

-p show pid
-t tcp
-u udp
-l listening
-i show network interface packet transactions
-r show kernel ip routing
-g show group membership information of IPV4 and IPV6
-a all

common usage

netstat -ie  = ifconfig
netstat -lt  #show all listening tcp
netstat -r   #show routing
netstat -g   #show group membership information of IPV4 and IPV6
netstat -i   #show network interfact packet tracnsactions

[root@sf-vm-1 ~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         10.0.5.1        0.0.0.0         UG        0 0          0 eno16777984
10.0.5.0        0.0.0.0         255.255.255.0   U         0 0          0 eno16777984
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
[root@sf-vm-1 ~]# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0   1500        3      0      0 0             3      0      0      0 BMU
eno16777  1500 30067952      0    978 0      21248940      0      0      0 BMRU
lo       65536     7256      0      0 0          7256      0      0      0 LRU
[root@sf-vm-1 ~]# netstat -g
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      all-systems.mcast.net
eno1677798      1      all-systems.mcast.net
docker0         1      all-systems.mcast.net
lo              1      ff02::1
lo              1      ff01::1
eno16777984     1      ff02::1:ff46:b199
eno16777984     1      ff02::1
eno16777984     1      ff01::1
docker0         1      ff02::1:ff63:217f
docker0         1      ff02::1
docker0         1      ff01::1

ss - socket statistics

ss is almost same as netstat but fater and has some specific usage

-n, --numeric don't resolve service names
ss -s #summary statistics
ss -antp src :80
ss -altp dst :80
ss -nt -o

ss -t4 state established

1. established
2. syn-sent
3. syn-recv
4. fin-wait-1
5. fin-wait-2
6. time-wait
7. closed
8. close-wait
9. last-ack
10. closing
11. all - All of the above states
12. connected - All the states except for listen and closed
13. synchronized - All the connected states except for syn-sent
14. bucket - Show states, which are maintained as minisockets, i.e. time-wait and syn-recv.
15. big - Opposite to bucket state.

fuser

fuser 8080/tcp

fuser -k 8080/tcp

lsof

lsof -i:8080 kill -9 $(lsof -i:8080)

parameters

-t - show only process ID
-i - show only internet connections related process

nmap

parameter

nmap -sP IP ping only
nmap -sS 192.168.1.1 TCP SYN scan
nmap -sU 192.168.1.1 UDP scan
namp -sO 192.168.1.1 protocol scan
namp -p 1024-2048 192.168.1.1 port range scan
namp -p 80,25,443,110 192.168.1.1 port scan

tcpdump

parameters

-X : Show the packet’s contents in both hex and ascii.
-XX : Same as -X, but also shows the ethernet header.
-D : Show the list of available interfaces
-l : Line-readable output (for viewing as you save, or sending to other commands)
-q : Be less verbose (more quiet) with your output.
-t : Give human-readable timestamp output.
-tttt : Give maximally human-readable timestamp output.
-i eth0 : Listen on the eth0 interface.
-vv : Verbose output (more v’s gives more output).
-c : Only get x number of packets and then stop.
-s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less.
-S : Print absolute sequence numbers.
-e : Get the ethernet header as well.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing an encryption key.

examples:

tcpdump 'src 10.0.2.4 and (dst port 3389 or 22)'

tcpdump dst 192.168.0.2 and src net and not icmp

tcpdump net 1.2.3.0/24

tcpdump -c 1 -X icmp

tcpdump -nnvvS src 10.5.2.3 and dst port 3389

write to one PCAP file

tcpdump port 80 -w capture_file

PreviousDisk NextTCP/IP and OSI

Last updated 5 years ago

Was this helpful?