# Networking ## Networking ### **Resolve a domain to IP address(es)** ``` dig +short www.example.com # or host www.example.com ``` ### **Get DNS TXT record a of domain** ``` dig -t txt www.example.com # or host -t txt www.example.com ``` ### **Send a ping with a limited TTL to 10 (TTL: Time-To-Live, which is the maximum number of hops that a packet can travel across the Internet before it gets discarded.)** ``` ping 8.8.8.8 -t 10 ``` ### **Print the route packets trace to network host** ``` traceroute google.com ``` ### **Check connection to host (e.g. check connection to port 80 and 22 of google.com)** ``` nc -vw5 google.com 80 # Connection to google.com 80 port [tcp/http] succeeded! nc -vw5 google.com 22 # nc: connect to google.com port 22 (tcp) timed out: Operation now in progress # nc: connect to google.com port 22 (tcp) failed: Network is unreachable ``` ### **Nc as a chat tool!** ``` # From server A: $ sudo nc -l 80 # then you can connect to the 80 port from another server (e.g. server B): # e.g. telent 80 # then type something in server B # and you will see the result in server A! ``` ### **Check which ports are listening for TCP connections from the network** ``` #notice that some companies might not like you using nmap nmap -sT -O localhost # check port 0-65535 nmap -p0-65535 localhost ``` ### **Check if a host is up and scan for open ports, also skip host discovery.** ``` #skips checking if the host is alive which may sometimes cause a false positive and stop the scan. $ nmap google.com -Pn # Example output: # Starting Nmap 7.01 ( https://nmap.org ) at 2020-07-18 22:59 CST # Nmap scan report for google.com (172.217.24.14) # Host is up (0.013s latency). # Other addresses for google.com (not scanned): 2404:6800:4008:802::200e # rDNS record for 172.217.24.14: tsa01s07-in-f14.1e100.net # Not shown: 998 filtered ports # PORT STATE SERVICE # 80/tcp open http # 443/tcp open https # # Nmap done: 1 IP address (1 host up) scanned in 3.99 seconds ``` ### **Scan for open ports and OS and version detection (e.g. scan the domain "scanme.nmap.org")** ``` $ nmap -A -T4 scanme.nmap.org # -A to enable OS and version detection, script scanning, and traceroute; -T4 for faster execution ``` ### **Look up website information (e.g. name server), searches for an object in a RFC 3912 database.** ``` whois google.com ``` ### **Show the SSL certificate of a domain** ``` openssl s_client -showcerts -connect www.example.com:443 ``` ### **Display IP address** ``` ip a ``` ### **Display route table** ``` ip r ``` ### **Display ARP cache (ARP cache displays the MAC addresses of device in the same network that you have connected to)** ``` ip n ``` ### **Add transient IP addres (reset after reboot) (e.g. add 192.168.140.3/24 to device eno16777736)** ``` ip address add 192.168.140.3/24 dev eno16777736 ``` ### **Persisting network configuration changes** ``` sudo vi /etc/sysconfig/network-scripts/ifcfg-enoxxx # then edit the fields: BOOTPROT, DEVICE, IPADDR, NETMASK, GATEWAY, DNS1 etc ``` ### **Refresh NetworkManager** ``` sudo nmcli c reload ``` ### **Restart all interfaces** ``` sudo systemctl restart network.service ``` ### **To view hostname, OS, kernal, architecture at the same time!** ``` hostnamectl ``` ### **Set hostname (set all transient, static, pretty hostname at once)** ``` hostnamectl set-hostname "mynode" ``` ### **Find out the web server (e.g Nginx or Apache) of a website** ``` curl -I http://example.com/ # HTTP/1.1 200 OK # Server: nginx # Date: Thu, 02 Jan 2020 07:01:07 GMT # Content-Type: text/html # Content-Length: 1119 # Connection: keep-alive # Vary: Accept-Encoding # Last-Modified: Mon, 09 Sep 2019 10:37:49 GMT # ETag: "xxxxxx" # Accept-Ranges: bytes # Vary: Accept-Encoding ``` ### **Find out the http status code of a URL** ``` curl -s -o /dev/null -w "%{http_code}" https://www.google.com ``` ### **Unshorten a shortended URL** ``` curl -s -o /dev/null -w "%{redirect_url}" https://bit.ly/34EFwWC ``` ### **Perform network throughput tests** ``` # server side: $ sudo iperf -s -p 80 # client side: iperf -c --parallel 2 -i 1 -t 2 -p 80 ``` ### **To block port 80 (HTTP server) using iptables.** ``` sudo iptables -A INPUT -p tcp --dport 80 -j DROP # only block connection from an IP address sudo iptables –A INPUT –s -p tcp –dport 80 –j DROP ```