Network - mwicat/personal GitHub Wiki

Show network speed

apt install nload
nload

Ports

  • rdesktop 3389
  • vnc 5900
  • mysql 3306
  • statsd udp 8125
  • graphite tcp 2003
  • elasticsearch tcp rest 9200 internode 9300

Show ips sending to specified port

tcpdump -iany 'udp port 8125' | perl -nle '/(\d+\.\d+\.\d+\.\d+)\.\d+ >/ && print $1'

tcpdump -iany 'udp port 8125' | perl -nle '/([^ ]+)\.\d+ >/ && print $1'

Grep traffic

sudo apt-get install ngrep
sudo ngrep -W single -d eth0 'my.graphite.metric' 'port 2003'
sudo ngrep -W single -d eth0 '.*' 'udp port 8125'

Dump traffic

tcpdump -s0 -w traffic.cap 'tcp port 80'

Sync directories

watch -n1 rsync -uavz dir/ host:dir/

wireshark in terminal

sudo apt-get install tshark

show communications on port 15672:

tshark -l -f 'tcp port 15672' -i lo

-l = flush
-f - filter

show routing keys for bindings:

tshark -l -f 'ip host myhost' -Tfields -e amqp.method.arguments.routing_key -R 'amqp.method.method == 30' | pv -l > /dev/null

Benchmark network speed

box1:

sudo apt-get install iperf
iperf -s

box2:

sudo apt-get install iperf
iperf -c box1

HTTP/HTTPS gateway

socat tcp-l:8080,reuseaddr,fork ssl:google.com:443,verify=0

Send UDP to multiple destinations

Samplicator

./samplicate -p 7654 192.168.0.2/{24000..25000}

Change bind(2) configuration

http://freecode.com/projects/force_bind

tftpd

DHCP

Show DHCP leases

cat /var/lib/misc/dnsmasq.leases

cat /var/lib/dhcp/dhcpd.leases

Log file

/var/log/syslog

Which interface is connected?

ifconfig eth0 | grep RUNNING

Slow down loopback interface

On

tc qdisc add dev lo root handle 1:0 netem delay 20msec

Off

tc qdisc del dev lo root

TCP logging proxy

socat tcp-l:4003,fork,reuseaddr system:'"tee file_$(date +%s).log | socat - tcp:localhost:4002"'

Inject ICMP

sudo icmpush -du -sp 127.0.0.1 -c port-unreach -prot udp -psrc 43227 -pdst 4444 127.0.0.1

Remote Wireshark

mkfifo capture
sudo stdbuf -o0 tcpdump -s 1500 -w- 'not port 22' > capture

stdbuf -o0 ssh localhost cat capture | wireshark -k -i-

Test TFTP

atftp -g -r test.txt -l /dev/stdout localhost

Transparent SSH proxy

sudo apt-get install python-pip python-dev sudo pip install mitmproxy

connect to proxy port 8080

SSL sniffing

key and cert generation

VLAN

Install

sudo apt-get install vlan

Add vlan 19 tagging for eth1

sudo modprobe 8021q
sudo vconfig add eth1 19
sudo dhclient -d eth1.19

Remove vlan 19 tagging for eth1

sudo vconfig rem eth1.19

Remove unnecessary route added by dhclient

sudo route del -net 0.0.0.0 dev eth1.19

Statsd emulation

ncat -ulp 8125 | stdbuf tr '|' $'\n'

Show GeoIP

sudo apt-get install geoip-bin geoip-database
geoiplookup 74.125.225.33