Home
PHP
Tech Tube
MySQL
Linux
CSS&HTML
JavaScript

Networking

This is a list of useful shell commands related to networking. Keep in mind that most of the commands require sudo previleges. Of course the commands could be edited to achieve results similar to the described ones. Dump 100 packets of host XXX.XXX.XXX.XXX to .pcap file 
tcpdump -i any -n -s 0 -c 100 -w /tmp/dump_file.pcap host XXX.XXX.XXX.XXX
Useful combination of TCPDUMP and TELNET in separate terminals to determine what's going on with specific connection. 
tcpdump -n -i any host XXX.XXX.XXX.XXX and port XXXX
telnet XXX.XXX.XXX.XXX XXXX
Dump the DNS requests: 
tcpdump -vvv -s 0 -l -n port 53 and dst XXX.XXX.XXX.XXX
Dump the ongoing MySQL queries to .pcap file: 
tcpdump -i any tcp port 3306 -s 65535 -X -q -tttt -w /tmp/mysql.pcap
Find the MySQL inset and update queries: 
tcpdump -i any -l -s 0 -w - dst port 3306 | stdbuf -o0 strings| stdbuf -o0 grep "SELECT\|UPDATE"
Find the MySQL results: 
sudo tcpdump -i any -l -s 0 -w - src port 3306 | stdbuf -o0 strings
Monitor ping requests: 
tcpdump -i any icmp and icmp[icmptype]=icmp-echo >> /tmp/whopings 2>&1 &
Find the open ports on a remote machine: 
nmap -v -sT 192.168.1.2
Find all machines with open port 443 in the given network: 
sudo nmap -sS -p 443 192.168.200.0/24
Check if port 443 is open on a remote host: 
nc -vvv 91.196.125.42 443
List the IP and MAC addresses of the devices in the network: 
arp -a
List the currently logged user: 
who
List the established connections to port 443: 
netstat -anp | grep :443 | egrep ESTABLISHED
IP tables temporary filtering (if the machine restarts the restriction is disabled): 
iptables -t filter -I INPUT -s XXX.XXX.XXX.XXX -j DROP
IP tables unblock from blacklist 
iptables -t filter -D INPUT -s XXX.XXX.XXX.XXX -j DROP
Get information for a given domain: 
dig samiwell.eu
whois samiwell.eu
host -t txt samiwell.eu
Get the external IP address from terminal. 
wget -qO-<a href=" http://ipecho.net/plain" target="_blank"> http://ipecho.net/plain</a>  ; echo
How to read the IPSEC tunnel status: ipsec auto --status | grep TUNNEL_NAME_OR_IP 000 "TUNNEL_NAME": MY_INTERNAL_IP/32===MY_NETWORK_EXTERNAL_IP[+S=C]---GATEWAY_IP...PARTNER_EXTERNAL_IP[+S=C]===PARTNER_INTERNAL_IP/32; erouted; eroute owner: #20 Check if OpenSSL 1.2 connection is supported: 
openssl s_client -connect samiwell.eu:443 -tls1_2
Find active SSH sessions and kill the bad ones 
who -la
kill -9 <process_id>