但實際上每個出入口都有獨立的名稱 是命中註定不可更改的!(MAC address)
Usage
$ ping <hostname>
Example Output
$ ping linux15.csie.ntu.edu.tw
PING linux15.csie.ntu.edu.tw (140.112.30.46): 56 data bytes
64 bytes from 140.112.30.46: icmp_seq=0 ttl=62 time=1.910 ms
64 bytes from 140.112.30.46: icmp_seq=1 ttl=62 time=1.950 ms
^C
--- linux15.csie.ntu.edu.tw ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.910/1.930/1.950/0.020 ms
Usage
$ traceroute [-p <protocal>] <hostname>
Example Output
$ traceroute linux15
traceroute to linux15.csie.ntu.edu.tw (140.112.30.46), 64 hops max, 52 byte packets
1 10.5.7.254 (10.5.7.254) 1.076 ms 0.809 ms 0.553 ms
2 140.112.16.190 (140.112.16.190) 1.200 ms 1.402 ms 1.273 ms
3 linux15.csie.ntu.edu.tw (140.112.30.46) 1.345 ms 1.178 ms 1.461 ms
Usage
$ mtr <hostname>
Example Output
Usage
# linux
$ arp [-i if] [-n] [hostname]
# mac
$ arp [-n] [-a|hostname]
# windows
$ arp [-a|hostname]
nslookup
is deprecateddig
is more detailed than host
Usage
$ nslookup <IP/hostname> [DNS server IP]
$ host [-a] <IP/hostname> [DNS server IP]
# "host -a" ~= "dig"
$ dig [options] <hostname> [@server]
# +trace trace record since root DNS server
# -t type ANY,A,AAAA,MX,SOA,CNAME...query for certain record
# -x for PTR record
Usage
$ whois <domainname>
Query domain and IP registration
client/server model
## Server mode
$ nc -l [-u] [-t] [-p <port>]
# -l : listening, without -l is client mode (like telnet)
## Client mode
$ nc [-u] [-t] [IP|host] [port]
# -u : use UDP mode
# -t : use TCP mode (default)
port scanning
$ nc -z <hostname> <port>-<port>
Display network connections
$ netstat [-n] [-a] [protocal] [state] [-p] [-c]
# -a : all
# -p : display running process
# -c : continue (dynamic update)
# protocal = -t/-u/-w/-x : TCP/UDP/raw/UNIX sockets
# state = -l : listening port
# -e : active connection
Display routing tables (like route)
$ netstat -r
Display network interfaces
$ netstat -i
Display interface statistics
$ netstat -s [protocal]
Usage
$ lsof -i [-n]
show process to port (compared to netstat -p)
Usage
## Enable setting
$ ifconfig <interface> [up|down]
## Create network alias or just assign address to certain interface
$ ifconfig <interface> [add|del] <address> [netmask <address>]
Default is to show the status of currently active interfaces.
Usage
$ ifup <interface>
$ ifdown <interface>
ifup
/ ifdown
auto eth0
iface eth0 inet static
address 140.112.30.46
netmask 255.255.255.0
network 140.112.30.0
broadcast 140.112.30.255
gateway 140.112.30.254
dns-nameservers 140.112.30.21 140.112.254.4 140.112.2.2
dns-search csie.ntu.edu.tw
Usage
## Show table
$ route [-n]
## Modify
$ route [add|del] [-net <address>|-host <host>] netmask <address> \
[gw <gateway>|dev <Iface>]
# ex: route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.254
Manipulate routing table
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
$ route get <hostname>
# Example
$ route get linux13
route to: linux13.csie.ntu.edu.tw
destination: default
mask: default
gateway: 10.5.7.254
interface: en1
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
Usage
$ dhclient [-v] [-r] <dev>
# -r : release IP
Example
$ dhclient -v eth0
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
DHCPOFFER from 10.0.0.1
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 10.0.0.1
bound to 10.0.0.100 -- renewal in 791 seconds.
Usage
$ ip [option] [action] [command]
# action: link # network device
# address # IP/IPv6
# neighbour # ARP
# route # routing table
man
to help you XD.Usage
$ ssh [-N -f] -L [local-address:]<local-port>:<remote-host>:<remote-port> <gw>
# Example (execute from my laptop):
$ ssh -N -f -L 0.0.0.0:8080:google:80 b99@linux15
In this example: I can view
Usage
$ ssh [-N -f] -R [bind_address:]port:host:hostport [user@]hostname
# Example (execute from my laptop):
$ ssh -N -f -R 0.0.0.0:8080:council:80 b99@ntu
In this example: I can view
Example
tcpdump -i eth1
tcpdump -A -i eth0 -w l_1024.pcap
tcpdump -n -tttt -i eth0 -r data.pcap less 1024
tcpdump -i -nnvvXXStttts0 eth0 -c 10 -w 08232010.pcap port 22
tcpdump -w xpackets.pcap -i eth0 -s0 'dst 10.181.140.216 and port 22'
tcpdump -w comm.pcap -i eth0 -nnvvS 'dst 16.181.170.246 and port 22'
tcpdump -i eth0 'not arp and not rarp'
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net localnet'
tcpdump 'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply'
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
...
Usage
$ tcpdump [option] [expression]
option
-i <Iface> : Listen on specifiec interfaces.
-n : Don't resolve hostnames.
-nn : Don't resolve hostnames or port names.
-X : Show the packet's contents in both hex and ASCII.
-XX : Same as -X, but also shows the ethernet header.
-v, -vv, -vvv : Increase the amount of packet information you get back.
-s <num> : Define the snaplength (size) of the capture in bytes.
Use -s0 to get everything.
-S : Print absolute sequence numbers.
-e : Get the ethernet header as well.
-q : Show less protocol information.
-c <x> : Only get x number of packets and then stop.
-w <file> : write to pcap file
-r <file> : read from pcap file
$ iptables -t <table> [-F|-X|-Z] [-L] -A <chain>
# -t : filter,nat,mangle,...
# -L : list rules
# -A : INPUT,FORWARD,OUTPUT,PREROUTING,POSTROUTING,OUTPUT...
# -F : clear rules
# -X : remove user defined table
# -Z : counting and statistics initialize
$ iptables -A <chain> <rule> -j <action>
$ iptables -D <chain> <number>
# action: ACCEPT,DROP,REJECT,LOG,...
# rule: pretty complicated...Orz
Examples:
$ iptables -A INPUT -i eth1 -s 192.168.100.0/24 -j DROP
$ iptables -A INPUT -s 140.112.2.2 --sport 1:1023 -j LOG
$ iptables -A INPUT -i eth0 -p tcp --dport 1:1023 --syn -j DROP
$ iptables -A INPUT -i eth0 -p icmp --icmp-type 0 -j ACCEPT