linux networking commands. commands reviewed ifconfig dmesg netstat ping route tcpdump wireshark...

25
Linux Networking Commands

Upload: scot-barker

Post on 24-Dec-2015

373 views

Category:

Documents


3 download

TRANSCRIPT

Page 1: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

Linux Networking Commands

Page 2: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

Commands Reviewed

Ifconfigdmesgnetstatpingroute

tcpdumpwiresharktraceroutenslookuparpdig

Page 3: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

ifconfig

ifconfig is used to assign an address to a network interface and/or configure network interface parameters. To determine if an interface has been recognized and

configured on a system To initially assign an IP address to an interface to bring an interface up or down

Page 4: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

View All Network Setting

The “ifconfig” command with no arguments will display all the active interfaces details.

Page 5: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

Display Information of All Network Interfaces

ifconfig command with -a argument will display information of all active or inactive network interfaces on server.

Page 6: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

ifconfig

View Network Settings of Specific Interface

Enable an Network Interface

Page 7: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

ifconfig Assign a IP Address to Network Interface

[root@tecmint ~]# ifconfig eth0 172.16.25.125

Assign a netmask to Network Interface [root@tecmint ~]# ifconfig eth0 netmask 255.255.255.224

Assign a Broadcast to Network Interface [root@tecmint ~]# ifconfig eth0 broadcast 172.16.25.63

Assign all in one command [root@tecmint ~]# ifconfig eth0 172.16.25.125 netmask 255.255.255.224

broadcast 172.16.25.63

Change the MAC address of Network Interface [root@tecmint ~]# ifconfig eth0 hw ether AA:BB:CC:DD:EE:FF

Page 8: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

ifconfig

Change MTU for an Network Interface [root@tecmint ~]# ifconfig eth0 mtu 1000

Enable and disablePromiscuous Mode [root@tecmint ~]# ifconfig eth0 promisc [root@tecmint ~]# ifconfig eth0 –promisc

Add or remove New Alias to Network Interface [root@tecmint ~]# ifconfig eth0:0 172.16.25.127 [root@tecmint ~]# ifconfig eth0:0 down

Verify the newly created alias network interface address [root@tecmint ~]# ifconfig eth0:0

eth0:0 Link encap:Ethernet HWaddr 00:01:6C:99:14:68 inet addr:172.16.25.123 Bcast:172.16.25.63 Mask:255.255.255.240 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:17

Page 9: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

See if the device has been found - use dmesg

The command 'dmesg', which is used to print kernel messages, is very useful in determining if a piece of hardware has been found, and if so, what the system is referring to it as.

Examples: dmesg dmesg | grep -i eth0 dmesg | grep -i usb dmesg | grep -i Memory dmesg | grep -i bluetooth dmesg | grep -i tty dmesg –c clear dmesg logs from boot time to till that time

Page 10: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

ping

Confirm that a remote host is online and responding.

ping is intended for use in network testing, measurement, and management.

It is unwise to use ping during normal operations or from automated scripts.

Page 11: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

Decrease /Increase Ping Time Interval $ ping -i 5 IP # ping -i 0.1 IP

Note: Only super user can specify interval less than 0.2 seconds. Check local interface

$ ping 0 $ ping localhost $ ping 127.0.0.1

Send n packets and stop: $ ping -c 5 google.com

Display the current version of ping program $ ping -V

Page 12: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

Ping 5. Flood the network

# ping -f localhost

Audible ping: $ ping -a IP

Change Ping Packet Size $ ping -s 100 localhost

Specify path for ping to send the packet $ ping 192.168.3.33 192.168.7.1 192.168.4.45

Record and print route of how ECHO_REQUEST sent and ECHO_REPLY received $ ping -R 192.168.1.63

Page 13: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

Route command Display Existing Routes

if the destination is within the network range 192.168.1.0 – 192.168.1.255, then the gateway is *, which is 0.0.0.0.

By default route command displays the host name in its output. We can request it to display the numerical IP address using -n option as shown below.

Page 14: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

Adding a Default Gateway $ route add default gw 192.168.1.10

List Kernel’s Routing Cache Information

Reject Routing to a Particular Host or Network route add -host 192.168.1.51 reject

Page 15: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

traceroute

traceroute attempts tracing by launching UDP probe packets with a small TTL (time to live), then listening for an ICMP "time exceeded" reply from a gateway.

host is the destination hostname or the IP number of host to reach.

packetsize is the packet size in bytes of the probe datagram. Default is 38 bytes.

Note Traceroute has lost some of its effectiveness since most

ISP’s disallow it from running on their networks

Page 16: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

netstat

 List out all connections $ netstat –a

List only TCP or UDP connections $ netstat –at $ netstat –au

Disable reverse dns lookup for faster output: By default, the netstat command tries to find out the hostname of each ip address in the connection by doing a reverse dns lookup. This slows down the output. $ netstat -ant

Page 17: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

netstat Print statistic

$ netstat -s

List out only listening connections $ netstat –tnl

Get process name/pid and user id $ sudo netstat –nlpt

Use the e option along with the p option to get the username too. $ sudo netstat -ltpe

Page 18: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

netstat -nr

[root@localhost root]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG 40 0 0 eth1

Page 19: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

nslookup Query Internet domain name servers.

$ nslookup redhat.com

$ nslookup -query=mx redhat.com

nslookup -type=ns redhat.com

Query the SOA Record using -query=soa provides the authoritative information about the domain, the e-mail address of the domain

admin, the domain serial number, etc…

$ nslookup -type=soa redhat.com

View available DNS records using -query=any $ nslookup -type=any google.com

Reverse DNS lookup $ nslookup redhat.com ns1.redhat.com

Page 20: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

arp -a

[root@localhost root]# arp -a gatewayout.tcp-ip.ca (192.168.1.1) at 00:04:5A:DB:A1:C5 [ether] on eth1 basement.tcp-ip.ca (192.168.2.75) at 00:10:E0:04:61:84 [ether] on eth0 just_a_node.tcp-ip.ca (192.168.1.101) at 00:09:B7:13:AA:13 [ether] on eth1

Page 21: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

dig - supercharged nslookup

oroot@localhost root]# dig cs.senecac.on.ca

; <<>> DiG 9.1.3 <<>> cs.senecac.on.ca ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10483 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 4

;; QUESTION SECTION: ;cs.senecac.on.ca. IN A

;; ANSWER SECTION: cs.senecac.on.ca. 86400 IN A 142.204.57.48

Page 22: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

dig - better than nslookup

;; AUTHORITY SECTION: senecac.on.ca. 86400 IN NS ns.onet.on.ca. senecac.on.ca. 86400 IN NS ns2.senecac.on.ca. senecac.on.ca. 86400 IN NS hades.senecac.on.ca. senecac.on.ca. 86400 IN NS ittads.senecac.on.ca. senecac.on.ca. 86400 IN NS pulsar.senecac.on.ca. senecac.on.ca. 86400 IN NS nsprime.senecac.on.ca.

;; ADDITIONAL SECTION: ns2.senecac.on.ca. 86400 IN A 142.204.10.100 hades.senecac.on.ca. 86400 IN A 142.204.57.15 ittads.senecac.on.ca. 86400 IN A 142.204.6.57 pulsar.senecac.on.ca. 86400 IN A 142.204.119.97

;; Query time: 2202 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Sep 29 16:38:20 2002 ;; MSG SIZE rcvd: 238

Page 23: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

tcpdump

tcpdump is a most powerful and widely used command-line packets sniffer or package analyzer tool which is used to capture or filter TCP/IP packets that received or transferred over a network on a specific interface. # yum install tcpdump $ apt-get install tcpdump

Capture Packets from Specific Interface # tcpdump -i eth0

Capture Only N Number of Packets # tcpdump -c 5 -i eth0

Page 24: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

Display Available Interfaces # tcpdump –D

Capture and Save Packets in a File # tcpdump -w 0001.pcap -i eth0

Read Captured Packets File # tcpdump -r 0001.pcap

Capture only TCP packets # tcpdump -i eth0 tcp

Capture Packet from Specific Port # tcpdump -i eth0 port 22

Capture Packets from destination /src IP # tcpdump -i eth0 dst 50.116.66.139 # tcpdump -i eth0 src 50.116.66.139

Page 25: Linux Networking Commands. Commands Reviewed Ifconfig dmesg netstat ping route tcpdump wireshark traceroute nslookup arp dig

Wireshark

Wireshark is a open source and freely available network analyzer tool which is shipped with most of the Linux distributions now a days.