Now that you know some basics of how networking works, let's run through some quick introductions to some tools. Many of these tools are very powerful and have lots of options. Make sure to read their documentation to understand everything they can do. I will mainly be talking about one action you can use each tool for and will not provide an exhaustive list of their capabilities or possible uses.
netstat
is a tool for evaluating the state of open connections on a Linux box. The tool can do a lot, but the main thing I use it for is to see which services are using which ports. I would suggest reading the man page for netstat
by running man netstat
. netstat
can also list active outgoing connections and all sorts of cool stuff about your computer's active networking. Like every other tool in this book, though, read the documentation to find out lots of cool ways to use it.
The following example shows which ports are open on one of my computers. The mnemonic I use to remember these flags is "Tuna Plz!":
$ sudo netstat -tunapl | head Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 28938/VBoxHeadless tcp 0 0 0.0.0.0:35695 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1095/rpcbind tcp 0 0 207.251.90.53:9009 0.0.0.0:* LISTEN 10330/julia tcp 0 0 0.0.0.0:43473 0.0.0.0:* LISTEN 1156/rpc.mountd tcp 0 0 207.251.90.53:9010 0.0.0.0:* LISTEN 10374/julia tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN 5487/python tcp 0 0 207.251.90.53:9011 0.0.0.0:* LISTEN 10423/Julia
nc
or Netcat is a tool for sending requests. It's basically a version of telnet
that is easier to script. For example, if we wanted to send a GET request to Google, with the same request we did with telnet
in the previous section, we would create the request and pipe it into nc
:
$ printf "GET / HTTP/1.1 Host: google.com Connection: close " | nc google.com 80 HTTP/1.1 301 Moved Permanently Location: http://www.google.com/ Content-Type: text/html; charset=UTF-8 Date: Mon, 25 Jun 2018 01:37:04 GMT Expires: Wed, 25 Jul 2018 01:37:04 GMT Cache-Control: public, max-age=2592000 Server: gws Content-Length: 219 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Connection: close <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="http://www.google.com/">here</A>. </BODY></HTML>
The first command, printf
, is like echo
command, but it allows for more diverse formatting options. The above printf
command outputs four lines to form our request. Those are then piped into nc
, which sends them, in order, to the IP resolved at google.com
, on port 80
.
The other point I want to show about nc
is using it to test client software. If you run nc
with -l
, it will create a listener port on the port of your choice. You can then point your client code at it and see exactly what you are sending. For example, I can create a server and then use curl
to send a request to it:
$ nc -l 8080 GET / HTTP/1.1 Host: localhost:8080 User-Agent: curl/7.54.0 Accept: */*
The preceding is the server that has started and has received an HTTP request. It will reply with any text you type or you can type Ctrl + D to end the connection. The following is what curl
saw:
$ curl -svL localhost:8080 * Rebuilt URL to: localhost:8080/ * Trying ::1... * TCP_NODELAY set * Connection failed * connect to ::1 port 8080 failed: Connection refused * Trying 127.0.0.1... * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 8080 (#0) > GET / HTTP/1.1 > Host: localhost:8080 > User-Agent: curl/7.54.0 > Accept: */* > * Empty reply from server * Connection #0 to host localhost left intact
nc
is insanely powerful and there is no way I can do it justice. I highly recommend you look around the internet for things you can do with it, such as using it to tunnel network traffic, scan ports on the network, transfer files, and much more.
I've been showing examples all through this chapter using tcpdump
. It is an incredibly useful tool for watching packets coming and going from your machine. It can listen to any port or interface and listen to packets. You can apply filters to only get a subset of packets and you can write the output to pcap
files to be used in programs such as Wireshark that provide tools for digging through lots of packets.
There are many cheat sheets on the internet that provide good tips on using the tool, so as a learning suggestion, try the following: