Network

Networking

Capture network events from a process

This will dump all network events relating to the command you specify - useful to see if your application is trying to talk to some remote service:

strace -f -e trace=network -s 10000 command_with_args_here

It also attaches to subprocesses.

tcpdump - capture whole packet

Mostly human readable tcpdump capture command:

tcpdump -p nnvvXSs 1514

Simpler version:

tcpdump -nnXSs 0

0 defaults to the entire packet.

Can also specify -w to write to a file and -C nnn to specify file size.

This will do a circular log with 1MB log files, and keep 20 of them before overwriting the oldest:

tcpdump -C1 -W20 -pnnvvXSs1514 -wtcpdump

Use rsync to copy just the folder structure

rsync -a -f"+ */" -f"- *" source/ destination/

Network Scan

fping is a useful tool for ping scanning whole network ranges. Bit less heavyweight than nmap:

apt-get install fping
fping -g 10.188.0.1 10.188.0.254 2>/dev/null | grep 'is unreachable' | cut -d ' ' -f 1 | sort -t '.' -k 4 -n

To then check for reverse DNS entries:

fping -g 10.188.0.1 10.188.0.254 2>/dev/null | grep 'is unreachable' | \
  cut -d ' ' -f 1 | sort -t '.' -k 4 -n | xargs -n1 host | grep 'not found'

Show open ports

netstat -pant ( older systems )

lsof -i -P -n

ss -plnt

Cisco

Cisco switches use an unusual break sequence. Instead of Ctrl-C, try Ctrl-Shift-6. Might need to be sent twice, and it waits for the current operation to complete.

nmap

Speed it up with:

nmap -sn -T5 --min-parallelism 100 10.0.0.0/16 -oG output.file.txt

Thsi will not go unnoticed by intusion detection systems :-)