Access to remote systems
sx, rxCommands sx and rx xmodem... Included in the package minicom.
sz, rzCommands sz and rz are used to receive / transfer files to / from a remote node in the network, using the protocol zmodem... Protocol zmodem has some advantages over the protocol xmodem, as such an advantage can be called more high speed transmission and the possibility of resuming the transmission, in the event of a break. Included in the package minicom.
ftpThis name refers to the utility and file transfer protocol. Ftp sessions can be established from scripts (see Example 17-6, Example A-5 and Example A-14).
uucpUnix to Unix copy... It is a communications package for transferring files between Unix servers. Script in language shell- one of the most effective ways automation of such an exchange.
It seems that with the advent of the Internet and Email, uucp is gradually disappearing into oblivion, however, it can be successfully used in isolated networks that do not have access to the Internet.
cuC all U p - makes a connection to a remote system like a simple terminal. This command is part of the package uucp and a kind of simplified version of the telnet command.
telnetUtility and protocol for connecting to a remote system.
wgetwget - non-interactive utility for downloading files from Web or ftp sites.
wget -p< a href =
wget "title = "http://www.xyz23.com/file01.html
wget ">
wget-r< a href = title ="ftp://ftp.xyz24.net/~bozo/project_files/"> ftp: // ftp.xyz24.net/ ~ bozo / project_files /-o $ SAVEFILE
lynx
lynx - Web browser, inside scripts (with the -dump switch) can be used to download files from Web or ftp sites, in non-interactive mode.
lynx -dump< a href = title ="http://www.xyz23.com/file01.html"> http: // www.xyz23.com/ file01.html> $ SAVEFILE
rlogin
Remote login- initiates a session with the remote system. This command is insecure, ssh should be used instead.
rshRemote shell- executes a command on a remote system. This command is insecure, ssh should be used instead.
rcpRemote copy- copying files between two machines over the network. Like other r * utilities, the command rcp is unsafe and therefore undesirable to use in scripts. As a replacement, we can recommend ssh or expect.
sshSecure shell- establishes a communication session and executes commands on the remote system. Acts as a secure replacement for telnet, rlogin, rcp and rsh... Uses identification, authentication and encryption of information transmitted over the network. You will find details in man ssh .
Networking is an integral part of Linux and offers many tools and commands to diagnose any network problem.
Network commands in examples in Linux
Find host / domain name and IP address - hostname
Make a network connection test - ping-
Getting network configuration - Ifconfig
Network connections, routing tables, interface statistics - NETSTAT
DNS name lookup query - Nslookup
Connecting to other hosts - Telnet
Get network host - user trace information
Make trace - traceroute
Viewing user information - finger
Checking the status of the destination host - Telnet
Examples of using network commands in Linux
Let's see some examples of different network teams on Linux. Some of them are pretty basic like ping and telnet, and some are more powerful like Nslookup and NetStat. When you use these commands in combination, you can get whatever you are looking for like hostname, endpoint connections, connection status, etc.
hostname - Hostname
The hostname with no options displays the host of the machine. Therefore, to check who the owner is, run the command:
# hostname
This command displays the domain name of the machine. To see the IP address for the current machine, run the same command with the "i" key:
# hostname -i
ping - ping
It sends packets of information to a user-defined source. If packets are received, the device assigns and sends the packets back. Ping can be used for two purposes
1 . To ensure that network connection can be installed.
2. Timing connections. If you have a ping www .. Use Ctrl + C to stop the test. You can run the command like this:
# ping site
You can set the time before sending a packet, for example, wait 3 seconds before sending the next packet.
# ping -i 3 your_IP
There are several ways to check the local interface:
# ping 0 # ping localhost # ping 127.0.0.1
You can also send N number of packets and then exit, for this:
# ping -c 5 www.site
You can also find out the version of the ping itself, for this run the command:
# ping -V
You started the ping utility, but there is no response from your host at all, you start to figure out what is the matter, and how to solve this problem, then the remote host will give a sound warning.
# ping -a IP # ping -a 192.168.244.134
With the "-q" option, you can skip responses from your remote host and show the resulting statistics:
# ping -c 5 -q www.site
You can change the size of the transmitted packet (let's say from 56 to 120), and you can do it like this:
# ping -s 100 192.168.244.134
We can also change the duration of the ping command, for example, we need to ping the service for 15 seconds, then for this run:
# ping -w 15 192.168.244.134
Without interrupting the ping command, you can see the execution statistics, you need to press CTRL + |
View network configuration, it displays the current configuration of the network adapter. This is handy to determine if you are transmitting (TX) or receiving (RX) errors.
traceroute
A handy program to view the number of hops and response times to get to a remote system or website. But you need an internet connection to use this tool. But it will be possible for you to install it in order to use it.
# traceroute 192.168.244.133
You can display information about all network cards that are connected, to do this, run:
# ip link show
netstat
Most useful and very versatile for finding connections to and from the host. You can find out all about the multicast groups on a network by running:
# netstat -g
To see who is "sitting" on the port (let's say at 21), run the command:
# netstat -nap | grep 21
To see all connections including TCP and UDP, run the command:
# netstat -a
# netstat –all
The parameter that the program is executed will only display TCP connection:
# netstat –tcp
# netstat –t
The parameter that the program is executed will only display the UDP connection:
# netstat –udp
# netstat –u
nslookup
If you know the IP address it will display as the hostname. To find all the IP addresses for a given domain name, the Nslookup command is used. You must have an internet connection for this utility. Usage example:
# nslookup google.com
You can also use Nslookup to convert hostname to IP address and from IP address from hostname.
finger
View user information, displays username login, real name, terminal name and record status. this is a fairly old Linux command and is rarely used nowadays.
telnet
The destination master is connected using the Telnet protocol, if a telnet connection is established on any port, then the connection between the two hosts is working normally.
# telnet # telnet 192.168.244.134 23
It is usually used to find out if the host is alive or the network connection is OK.
The topic "Top 10 Basic Networking Commands in Linux" is complete, but if I have not mentioned more good teams in your opinion, write in the comments and I will supplement this article. If you have questions and suggestions, write everything in the comments. Thanks.
To be a successful hacker, you need to know at least a little about the operating system. Linux, and this is especially true for working with the network. To fill this gap, I suggest you read this basics guide to networking.
I still assume that you have an idea of the main network concepts... For example, about things like: IP addresses, MAC addresses, DNS, DHCP etc.
Step 1. Analyze network connections
Core team Linux systems for network analysis are ifconfig... It is very similar to the command similar in meaning Windows - ipconfig... Let's take a look at her.
Ifconfig
As you can see in this screenshot, ifconfig gives the user a very large amount of information. On the first line on the left, we see “ eth0". This is the first wired connection ethernet 0(v Linux everything is counted starting from zero).
Immediately behind " eth0»On the right we see the type of connection that is used ( Ethernet) and the address of the network card (manufacturers at any network hardware"Sewn" its globally unique address into in this case this is NIC- network adapter).
The second line is IP address, in this case it is 192.168.1.114, the so-called broadcast address(broadcast address). This address can be used to send information to all IP addresses of this subnet. Finally, network mask(subnet mask) is information about which part IP addresses node (host) refers to the address of the network, and which - to the very address of the node (host) in this network. There is a lot more information there, but it is no longer relevant to the topic of the basics. Linux.
If we look at the screenshot below, we will see the second column (on the left). It starts with “ lo».
This is nothing but loopback address(return address) or localhost... That is, the address of the car you are currently sitting at. It is usually used in cases when you need to test, say, a site that you are developing. Usually this IP address looks like 127.0.0.1.
Step 2. Change IP address
Change IP address simple enough. But you need to keep in mind that most likely you will have a dynamic IP address which assigns you DHCP your provider's server. In some cases, you may need to reassign the address, especially if you are hacking. Replacing your IP addresses will make it harder for network forensics, but it won't make you elusive.
To change IP address you need to use the command ifconfig, point her to the network interface and that IP address which we want. This is done like this:
Ifconfig eth0 192.168.1.115
And now if we enter into the terminal ifconfig, then we will see that IP address changed to the one we assigned.
In the same way, if necessary, we can change the subnet mask ( netmask) and broadcast address ( broadcast address):
Ifconfig eth0 192.168.1.115 netmask 255.255.255.0 broadcast 192.168.1.255
Step 3. DHCP (Dynamic Host Configuration Server)
Have Linux there is DHCP server is a demon, i.e. the program that runs in background and called dhcpd... This is the one DHCP server which assigns IP addresses all machines on the same subnet. He also keeps logs (logs) - what IP address what car was there and at what time. It is on these logs that hackers are tracked after attacks.
If I want to DHCP server assigned me new address then I just call it with the command dhclient(for different distributions Linux various DHCP clients, but BackTrack based on Ubuntu which uses exactly dhclient):
Dhclient
As you can see, the command dhclient sends DHCPDISCOVER a request from a network adapter. At your request dhclient receives an offer ( DHCPOFFER) - new address: 192.168.1.114 from DHCP Server, and then DHCP server confirms the appointment of a new IP addresses.
And if now we call ifconfig, then we will see that DHCP server assigned us a new IP address.
Step 4. DNS - Domain Name Service
DNS(Domain Name Service) or domain name service is a service that allows us to use domain names like www.google.com, which it translates into the desired IP address... Without this service, we would have to memorize thousands IP addresses our favorite sites.
One of the most useful commands for hacking - dig which is equivalent to nslookup v Windows but offers significantly more information about domains. For example, if we apply dig to the domain wonderhowto.com and add the option ns, then dig will show us the server name wonderhowto.com
Dig wonderhowto.com ns
if we use the option mx, then we get all mail servers WonderHowTo:
Dig wonderhowto.com mx
The most common DNS server Linux is an Berkeley Internet Name Domain or BIND... In some cases, users Linux often call DNS how BIND so don't be embarrassed. DNS or BIND just maps individual domain names to their real ones IP addresses.
V BackTrack we can specify as DNS servers as local DNS server and public. To do this, you need to edit the file /etc/resolv.conf... Let's open it with KWrite:
Kwrite /etc/resolv.conf
As you can see, as a provider DNS services we have indicated public DNS servers... If we want to change them or add another server, we just need to insert it into new line and save the file. And next time our operating system needs DNS service, she will look for the appropriate DNS servers in this file.
Simple, right?
In the next article we will cover security and entitlement issues, so come along. If this is your first time here, be sure to check out the previous parts of this series.
Denial of responsibility: This article was written for educational purposes only. The author or publisher has not published this article for malicious purposes. If readers would like to use the information for personal gain, then the author and the publisher are not responsible for any harm or damage caused.A modern computer provides the user with many options, without a good half of which he could easily do without. There is still debate on the web about whether it needs 3D graphics and high-quality audio. However, there is one function, the necessity of which is not disputed by anyone, and that is going online.
Free OS connoisseurs argue that Linux is built for the web like a bird for flying. True, they immediately make an allowance for the fact that only a select few will see the true power of this system, since configuring network interfaces is a difficult task and requires serious knowledge.
It is difficult to argue with this statement, since its all-encompassing nature is obvious. Indeed, not possessing special skills, even stools cannot be put together. Nevertheless, we are dealing here with some exaggeration. Linux is a simple system. The Windows user has to store significantly more information in memory in order to ensure comfortable work with her.
So that the last statement does not seem unfounded, consider the procedure for setting up a network in a Linux system. Moreover, as is customary in the world of free software, there is not one way, but several options. And the user himself will choose the one that he likes best.
Ifconfig command
Typically, the network adapter drivers are connected during system installation. To verify this, just type ifconfig -a in the console. By the way, this name is not at all a distorted name of the ipconfig command, familiar Windows users... It's just short for Interface Configuration.
In response, the user will receive information about the characteristics of the Ethernet connection and the parameters of the so-called ring interface. The first is designated as eth0 (if there are several network adapters, then each will have its own section eth [sequence number]), and the second as lo.
The same command can be used to activate the interface. Most often it looks like this:
ifconfig [interface designator] netmask [netmask] broadcast [broadcast address] up.
However, in practice, all parameters can be omitted. For example, if the netmask and broadcast address are not specified explicitly, the system will apply the standard values ( network address with machine part 255 and mask 255.255.255.0).
To activate PLIP, SLIP and PPP it is necessary to use the pointopoint option. In this case, the interfaces will be named as follows:
- plip [sequence number starting from zero] - for PLIP;
- slip [sequence number starting from zero] - for SLIP;
- ppp [sequential number starting from zero] - for PPP.
For example, to configure the PLIP interface connecting two computers with addresses [address1] and [address2], type in the console:
ifconfig plip0 [address1] pointopoint [address2].
Disabling an interface is performed by the ifconfig [interface designation] down command. Thus, with just one command, you can control network device... And of course, there is no point in keeping all its options in memory - if you forgot something, then man ifconfig will always come to the rescue.
Route command
The route command is responsible for routing. That is, it indicates to the system which network computer packets must be transmitted to reach their destination.
This command displays the routing table. Moreover, each record consists of several fields:
- Destination — IP address of the final destination of the route;
- Gateway - IP address or gateway name (if it is not there, then the symbol “*” is used);
- Genmask - route netmask;
- Flags — indicator of the type or state of the route (can take the following values: U — active, H — host, C — gateway, D — dynamic, M — modified);
- MSS - maximum amount data transferred at a time;
- Metric — number of hops to the gateway;
- Ref - the number of calls to the route at a certain point in time;
Window - the maximum amount of data for the receiving side;
- Use — number of packets transmitted along the route;
- Iface - interface type.
To add an address to the routing table, use the route command with the add key. It should be noted that if the corresponding interface has already been configured using ifconfig, then the system itself can obtain information about it. In this case, there is no point in using specifiers - it is enough to indicate the address of the destination. All other data will be redundant and therefore optional.
Obviously, at least one entry must be made in the routing table for networking to work. The default destination is indicated by the label default.
Use the route del -net command to remove a route.
Other commands
If the interface settings are stored in the system, then for quick activation and deactivation, you can use the ifup and ifdown commands as follows:
- ifup [interface designation] - to enable.
- ifdown [interface designator] - to disable.
To display a list network connections, routing tables, interface statistics, etc. apply netstat command... Among other things, it allows you to display the status of the connection, which is useful when analyzing the system for its security.
For example, LISTEN means that the service is waiting for a connection to another machine, and ESTABLISHED means that it has already been established. If not running programs, for which such a state is normal, then it may be unsafe and indicate an attack on the host.
Config files
The above commands are sufficient for configuring the network. However, these utilities have one significant disadvantage: the result of their work will be valid for only one session. After a reboot, everything will have to start over. For this reason, it is much more convenient to edit the configuration files once.
Despite the fact that their device does not depend on the distribution, they can be located in different places. For example, in Debian, /etc/init.d/network is responsible for configuring interfaces and routing, and in Slackware (MOPS, Zenwalk), /etc/rc.d/rc.inet1. On this score, you can give only one universal advice: when starting to work with a particular product, be sure to read the technical documentation.
Consider the ASPLinux distribution as an example. The / etc / sysconfig / network-scripts / directory is used to store network interface settings. Each of them is defined by the file ifcfg- [interface designator].
This file consists of lines of the form: [parameter] = [value]. The parameters can be as follows:
- NAME - arbitrary name of the connection;
- DEVICE - interface designation;
- IPADDR — interface IP address;
- NETMASK - netmask;
- GATEWAY - gateway IP address;
- ONBOOT - a pointer to the need for activation at boot time;
- USERCTL - indicates that the interface can be activated regular user;
- MTU - MTU value ( maximum size packet transmitted through the interface);
- PEERDNS — indicates the need to use DNS servers obtained when the interface was activated;
- DNS1, DNS2 - IP addresses of primary and secondary DNS servers;
- BOOTPROTO — indicator of the interface configuration mode (none - using user parameters, boottp or dhcp - using the appropriate protocols).
The files /etc/host.conf and /etc/resolv.conf are responsible for configuring DNS. The first one is the usual text file, in which the rules for the operation of the subsystem for finding the names and addresses of nodes are set. Its structure is typical for all objects of this type - each line contains a parameter and its values (there may be several of them).
The order parameter specifies the method for finding the IP address of the host. It can take the following values: bind (use a DNS server), hosts (use a local address base), nis (use an NIS server). They should be in the order in which the search will be carried out.
The trim parameter is used to describe exceptions. The corresponding line specifies the domain that will be automatically removed from the name.
The reorder parameter can be on / off. He is responsible for enabling the operating mode, in which local addresses are given priority over all found ones. Spoofalert turns on recording mode in system log the results of checking false names. And multi allows you to customize the method of processing the local base of nodes. Of course, you do not need to specify all parameters. In practice, /etc/host.conf files with two lines are common.
The /etc/resolv.conf file describes some of the options that are used by the name lookup engine. It can consist of following lines:
- nameserver - addresses of DNS servers;
- domain - the name of the local domain to search for addresses in local network;
- search - list of domains to search for addresses.
Obviously, the domain and search parameters cannot be relevant at the same time. If the system detects this inconsistency, it will only consider the last entry.
Could Linux not use a nameserver at all? In theory, yes, although in practice the method described below is used only in very small networks, where other methods are not justified.
The way is to use the / etc / hosts file. It is a list of host names and their IP addresses, and multiple names can be specified for one address.
Graphical customization tools
Although setting up the network by direct editing config files- the task is not very difficult, almost all modern distributions offer the user graphical tools designed to solve it. Even Zenwalk, which is not generally considered friendly in the Windows sense of the word, allows you to configure network interfaces without using the command line.
And today we already have the right to say that in addition to elementary settings, the user can perform rather complex operations. In particular, a few years ago, the topic of setting up a VPN connection in Linux occupied a prominent place on forums technical support and all the proposed methods for solving this problem could not be called simple in any way. But times are changing.
So, users Linux distribution XP Desktop sets up a VPN connection using a convenient tool with graphical interface which is even simpler than its Windows counterpart. ASPLinux, Mandriva and SuSE Linux offer roughly the same to the consumer.
All in all, Linux is really built for the web. And this can be appreciated not only experienced users but also newbies.
The network is one of the most important components administration of servers or just computers with operating system Linux. Users home computer all of these utilities are unlikely to be needed. But for administrators of servers or even networks, this is an irreplaceable thing. Especially when you need to understand why the network is not working or to find out on which network node the transmission of packets is interrupted.
In this article, we'll take a look at the best network utilities linux, these are the most basic commands you can use to administer a Linux network. This article will not teach you all the intricacies of using such commands, this is just a small list with brief description... If you already have a little experience of using them, then you can use the article as a cheat sheet for better memorization.
ping<хост> - sends one echo request via ICMP protocol to a remote host. Packets will be sent continuously until you press Ctrl + C. When the packet is sent, the host should send an ICMP response message, this will mean that the other host is up.
telnet host<порт> - check the availability of a specific port on the host. By default, telnet uses port 23, but others can be used as well. For example, 7 - echo port, 25 - SMTP, mail server, 79 - Finger, provides information about other network users. Click on Ctrl +] to shutdown telnet.
ARP
ARP is used to translate IP addresses into addresses physical network to which the computer is connected, such as Ethernet or Wifi. Superuser can add and remove Arp entries. Removing them can be useful if the arp entry has been tampered with or is simply incorrect. Explicitly added entries are permanent and can be trusted by the system. The ARP table is stored in the kernel and can be changed dynamically. Received from other computers ARP entries are cached and removed after a 20 minute timeout.
arp –a- display the ARP table
arp -s
arp –a –d- delete all entries from the ARP table
Routing
These utilities allow you to administer your linux network as well as configure routing between nodes.
netstat –r- display the routing table
The routing table is stored in the kernel and is used to route IP packets outside the local network.
route add- This command is used to manually set static (non-dynamic) routes. All packets sent from this computer to a specific network must go through a specific gateway. We install this gateway route command... We can set the default route so that all outgoing packets for which no gateway is defined are sent through it, for this use 0.0.0.0 as the target address.
routed- BSD daemon that performs dynamic routing. It works over the RIP protocol. You can run the program only with superuser rights.
gated - it is an alternative to routed, can use RIP, OSPF, EGP at the same time. You also need root rights.
traceroute- very useful utility to track the route of packets. The most common use of this command is to check the linux network. The packet sends a message to the computer from all gateways between the source and destination.
netstat –rnf inet- displays the ipv4 routing table
sysctl net.inet.ip.forwarding = 1- allows packets to pass through this computer.
route flush- delete all routes
route add -net 0.0.0.0 192.168.10.2- add default route
routed -Pripv2 –Pno_rdisc –d [-s | -q]- start the routed daemon using the RIP2 protocol without ICMP autodiscover support and verbose (s) or minimal (q) output mode.
route add 224.0.0.0/4 127.0.0.1- add route used by RIP2
rtquery –n- ask the RIP daemon to send a request to another host (manual update of the routing table.
Other
Sometimes you need to not only manage your linux network, but also work with other protocols such as DNS or FTP.
nslookup- send DNS query server to convert the domain name to IP. For example, nslookup facebook.com will return the ip address of the server facebook.com.
ftp host- transfer files to the host. Often you also need to use your username and password.
rlogin -l- connect to a virtual terminal with using telnet... It is not recommended to use this construction; it is better to use a secure connection via ssh.
Important files
/ etc / hosts - local names for ip addresses
/ etc / networks- network names relative to ip addresses
/ etc / protocols- protocol names for protocol numbers
/ etc / services- tcp / udp services for port numbers
Network analysis
ifconfig interface address- launch the interface
ifconfig interface- stop interface
ethereal &- allows you to run ethereal in the background
tcpdump –i -vvv- a tool for recording and analyzing packets
netstat –w seconds –I interface- display network settings and statistics
udpmt -p port -s byte target_host- generates UDP traffic
udptarget –p port- receive UDP traffic
tcpmt -p port -s byte target_host- generate TPC traffic
tcptarget –p port- receive TCP traffic
ifconfig- see the status of network interfaces
netmask- will allow you to see the subnets
Switching
ifconfig sl0 srcIP dstIP- configure the serial interface (first run slattach –l / dev / ttyd0 and then sysctl net.inet.ip.forwarding = 1
telnet 192.168.0.254- connect to the switch from this subnet
sh ru or show running-configuration- display the current configuration
configure terminal- go to configuration mode
exit- exit setup mode
VLAN
vlan n- create VLAN with ID n
no vlan N- remove VLAN with ID N
untagged Y- add port Y to VLAN N
ifconfig vlan0 create- create vlan0 interface
ifconfig vlan0 vlan ID vlandev em0- connect vlan0 to em0
ifconfig vlan0 up- activate the virtual interface
UDP / TCP
These are linux networking programs that allow you to transfer packets between machines.
socklab udp- run socklab using the udp protocol.
sock- create udp community
sendto socket id host- data packet transmission port
recvfrom socket_id byte_size- get data from socket
socklab tcp- run socklab via tcp protocol
passive - create a socket in passive mode.
accept- allows incoming connections
connect host port- socklab equivalent
clase- closes the connection
write- write several bytes to the socket
NAT / Firewall
rm /etc/resolv.conf- disables domain name resolution, which guarantees correct filtering by firewall rules.
ipnat –f filename - writes the firewall rules to a file
ipnat –l- get a list of active rules
ipnat –C –F- Clear rule table
map em0 192.168.1.0/24 -> 195.221.227.57/32 em0- bind IP addresses to the interface
map em0 192.168.1.0/24 -> 195.221.227.57/32 portmap tcp / udp 20000: 50000- binding an IP address along with a port.
ipf –f filename- write the rules to a file
ipf –F –a- clear the rule table
ipfstat –I- information about filtering, filtered packets and rules.
conclusions
In this article, we have covered the most useful networking linux utilities, with them you can perform linux network testing, test the network for health and detect network problems. More detailed information for each of them you can find in the official documentation.
