SlideShare a Scribd company logo

Linux network tools (Maarten Blomme)

Avansa Mid- en Zuidwest
Avansa Mid- en Zuidwest

The document provides an overview of Linux network tools, including foundational theories like the OSI model and device types (modems, routers, switches). It covers configuration settings, essential tools for network analysis (e.g., netstat, nmap, tcpdump), and methods for remote communication (e.g., ssh, ftp). Additionally, it discusses IP and MAC addressing, and various command-line tools to manage and monitor network connections.

Technology
1 of 33
Downloaded 54 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Linux network tools ● Theory ● Configuration ● Basic tools ● Network analysis ● Network services
2 Theory: OSI model Application space ● Layer 7: application protocol ● Layer 5/6: optional Kernel IP stack ● Layer 4: – UDP: connectionless – TCP: stateful ● Layer 3 (IP layer): – Top layer for routers – Possibly multiple IP addresses per network interface ● Layer 2 (MAC layer): – Top layer for switches – One MAC address per physical interface ● Layer 1: electrical specifications – Top layer for hubs and modems – WiFi – Ethernet port / cable
3 Theory: Some terminology Modem (layer 1) ● A modem is a device that translates between different technologies Repeater (layer 1) ● A repeater is a device that repeats (amplifies) an existing network connection Hub (layer 2) ● A hub is a 'dumb' device that connects wired network devices, every device connected to a hub sees all traffic passing on the network Access point (layer 2) ● An access point can be seen as a wireless hub, it provides access to the network for wireless clients
4 Theory: Some terminology Switch (layer 2) ● A switch is an 'intelligent' hub, it passes only traffic that is destined for a specific device, based on it's MAC address ● There are also so called “level 3” or “level 4” switches, they add some extra features that are based on functionality in the network or transport layer Bridge (layer 2) ● A bridge can be compared to a switch, but it is less advanced and less powerfull Router (layer 3) ● A router does not connect network devices, it connects different networks (eg. your internal home network and the internet) ● It does this based on the IP addresses
5 Theory: Some terminology ● In many cases, this functionality is combined. Most people have at home a device that's modem, router, access point and switch, all in one.
6 Theory: Level 2: MAC Addresses ● MAC: Media Access Control ● 00:14:c1:43:9d:fb – First three numbers: vendor id – Last three numbers: serial number ● Broadcast: ff:ff:ff:ff:ff:ff ● Used to regulate network traffic on level 2
7 Theory: Level 3: IP Addresses ● IP: Internet Protocol – Most used: IPv4 – New: IPv6 ● 192.168.0.5 – Netmask is used to determine to which network the IP address belongs: 255.255.255.0 (or /24) ● Broadcast depends on netmask: 192.255.255.255 ● Used to regulate network traffic on level 3
8 Configuration: IP settings ● Most modern linux distributions use NetworkManager service as a backend to configure the network ● On Debian based distros, the network can be configured in /etc/network/interfaces as a simple fallback ● On Red Hat based distros, this can be done in /etc/sysconfig/network ● ifconfig or ip can be used to configure the network manually, but these settings are gone once you reboot
9 Configuration: DNS ● Domain Name Service is used to convert server names in IP addresses ● DNS servers are configured in the file /etc/resolv.conf $ cat /etc/resolv.conf nameserver 8.8.8.8 ● Normally you would just use the DNS server received by your router, but you can improve your internet access by changing this to a public server like 8.8.8.8 or 8.8.4.4. These servers, maintained by Google, normally respond faster and do not filter any results (eg. thepiratebay.org). ● You edit the file /etc/hosts to override or add server names
10 Configuration: ifconfig ● With ifconfig you can configure a network interface ● On linux it is possible to create virtual network interfaces for different networks ● Configure a virtual network on your wired network interface with a static IP (make sure you all use a different IP!) and check the results $ ifconfig eth0:1 192.168.0.10 $ ifconfig ● You should see your real wired network interface has a dynamic address received via DHCP and the virtual interface has the static address you configured
11 Basic tools: arp ● To know what MAC address corresponds with a certain IP address, the Address Resolution Protocol is used ● ARP requests are automatically send by linux whenever you try to connect with a certain IP ● Linux keeps a ARP cache table that can be viewed and modified with the arp command: $ arp Address HWtype HWaddress Flags Mask Iface 192.168.5.1 ether 00:23:48:c7:64:81 C eth0 ● You can clear the table, delete or add entries manually. The ARP cache table is cleared after a certain time.
12 Basic tools: ping ● ping is a tool that used ICMP echo requests to detect if a host is alive ● ICMP traffic can be blocked, so this is not 100% reliable ● ping has a lot of options to modify it's behavior, you can change the interval, number of pings, network interface, … ● Example: first look at the ARP table, then ping a host, then check the ARP table again $ arp Address HWtype HWaddress Flags Mask Iface $ ping 192.168.0.1 PING 192.168.0.10 (192.168.0.10) 56(84) bytes of data. 64 bytes from 192.168.0.10: icmp_seq=1 ttl=64 time=0.774 ms $ arp Address HWtype HWaddress Flags Mask Iface 192.168.0.1 ether b4:b5:2f:cc:a1:08 C eth0
13 Basic tools: route ● To connecting to different networks (eg. from the local network to the internet), linux uses a routing table to know where to send what packets ● You can view and change this routing table with the route command Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.25.32.1 0.0.0.0 UG 0 0 0 eth0 10.25.0.0 * 255.255.0.0 U 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 ● There is a default gateway (10.25.32.1) defined for all traffic that is for an unknown network ● Data for 10.25.x.x and 192.168.0.x (see masks) goes to eth0 ● By configuring eth0:1 with 192.168.0.10, linux added an entry to the routing table
14 Basic tools: traceroute ● Use the traceroute command to see what path a packet takes to a certain destination: $ traceroute 172.21.1.6 traceroute to 172.21.1.6 (172.21.1.6), 30 hops max, 60 byte packets 1 10.25.32.1 (10.25.32.1) 0.880 ms 1.288 ms 1.291 ms 2 10.65.255.1 (10.65.255.1) 1.281 ms 1.960 ms 2.255 ms 3 172.21.1.33 (172.21.1.33) 5.357 ms 5.366 ms 5.347 ms 4 172.21.1.5 (172.21.1.5) 34.239 ms 34.268 ms 34.261 ms 5 172.21.1.6 (172.21.1.6) 27.104 ms * * ● This works because every IP packet has a TTL (Time To Live) value that is decreased with every hop. This is used to make sure that packets that can't be delivered are not send around in circles. ● Some types of packets can be blocked by your provider. To circument this, try to use a different packet type for traceroute (eg. traceroute -I)
15 Basic tools: DNS tools ● There are several tools that can be used to lookup information about domain names or IP addresses: host, nslookup, dig and whois. ● Example: lookup a domain name or IP address $ host www.google.be www.google.be has address 74.125.136.94 www.google.be has IPv6 address 2a00:1450:4013:c01::5e $ host 74.125.136.94 94.136.125.74.in-addr.arpa domain name pointer ea-in- f94.1e100.net. ● With whois, you can get information about the domain name registrar
16 Basic tools: Wi-Fi ● There are three basic cli tools for wireless networks: iwlist, iwconfig and wpa_supplicant ● iwlist is used to scan for networks $ iwlist wlan0 scan ● iwconfig is used to configure a wireless network interface $ iwconfig wlan0 essid MyNetwork ● wpa_supplicant is used to configure encryption for wireless networks ● There are several tools for hacking WEP-encrypted networks, but WPA(2) is still secure
17 Basic tools: Wi-Fi access point ● Setting up a Wi-Fi access point (hotspot) can easily be done with the NetworkManager ● Doing it manually requires two tools: hostapd and dnsmasq. hostapd changes your wireless network interface in an access point, while dnsmasq is a basic DHCP and DNS server.
18 Network analysis: netstat ● netstat is used to see what connections are open on your linux system. The options -n (no name resolving) and -t (only TCP connections) are quite useful $ netstat -nt Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:54395 127.0.0.1:5939 ESTABLISHED tcp 38 0 10.25.46.157:44261 23.21.220.152:443 CLOSE_WAIT tcp 0 0 10.25.46.157:51457 188.172.204.18:443 ESTABLISHED tcp 38 0 10.25.46.157:38185 54.192.95.120:443 CLOSE_WAIT tcp 0 0 10.25.46.157:48293 10.64.150.31:443 ESTABLISHED tcp 0 0 127.0.0.1:44554 127.0.0.1:48750 ESTABLISHED tcp 0 0 10.25.46.157:43487 74.125.136.189:443 ESTABLISHED tcp 38 0 10.25.46.157:37828 54.192.95.120:443 CLOSE_WAIT tcp 0 0 10.25.46.157:57952 10.64.150.31:443 ESTABLISHED tcp 38 0 10.25.46.157:48434 54.192.95.164:443 CLOSE_WAIT tcp 0 0 10.25.46.157:49543 10.64.150.31:443 ESTABLISHED tcp 0 0 127.0.0.1:53553 127.0.0.1:34226 ESTABLISHED tcp 0 0 10.25.46.157:42063 108.160.165.33:443 ESTABLISHED tcp 0 0 10.25.46.157:51878 198.252.206.25:443 ESTABLISHED tcp 0 0 10.25.46.157:57250 173.194.65.102:443 ESTABLISHED tcp 38 0 10.25.46.157:38281 23.21.219.56:443 CLOSE_WAIT tcp 38 0 10.25.46.157:37985 54.192.95.120:443 CLOSE_WAIT
19 Network analysis: iptraf ● With iptraf (sometimes called iptraf-ng) you can see in great detail what and how much traffic passes through your system, right from the command line!
20 Network analysis: Nmap ● Nmap (“Network Mapper”) is an extremely powerful utility for network discovery and security auditing ● Nmap can be used for: discovering devices on a network and what services they provide, detect what OS a host is running, ... ● Examples: – scan all hosts on a subnet and see what services they provide: nmap 192.168.0.* – the same thing, but 'in secret': nmap -sS 192.168.0.* – check what OS a host is running: nmap -O 192.168.0.1
21 Network analysis: iperf ● iperf is used to measure the effective network bandwidth for TCP or UDP traffic between two hosts ● Example: – Host 1 (192.168.0.1): $ iperf -s ------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4] local 192.168.0.1 port 5001 connected with 192.168.0.10 port 47693 [ ID] Interval Transfer Bandwidth [ 4] 0.0-10.1 sec 113 MBytes 93.8 Mbits/sec – Host 2 (192.168.0.10): $ iperf -c 192.168.0.1 ------------------------------------------------------------ Client connecting to 192.168.0.1, TCP port 5001 TCP window size: 85.0 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.0.10 port 47693 connected with 192.168.0.1 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 113 MBytes 94.7 Mbits/sec
22 Network analysis: wireshark ● Wireshark is a network packet sniffer. It is used to capture packets on a network and do an advanced analysis. It is one of the most powerful open-source tools available for network debugging.
23 Network analysis: tcpdump ● tcpdump is a command line program with the same functionality as wireshark $ tcpdump -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 05:01:39.393785 ARP, Request who-has 10.25.41.51 tell 10.25.46.74, length 46 05:01:39.393842 ARP, Request who-has 10.25.40.100 tell 10.25.46.74, length 46 05:01:39.402624 ARP, Request who-has 10.25.31.8 tell 10.25.46.24, length 46 05:01:39.613080 ARP, Request who-has 10.25.31.11 tell 10.25.32.1, length 46 05:01:39.761154 IP 10.65.120.11.2052 > 10.65.120.255.1005: UDP, length 74 05:01:39.846803 ARP, Request who-has 10.25.31.8 tell 10.25.46.39, length 46
24 Network analysis: etherape ● etherape provides a visual representation of who talks to who via your network connection
25 Network services: remote cli with telnet and SSH ● There are two major ways to connect remotely to a host via the command line: telnet and SSH (Secure SHell) ● Telnet provides an insecure connection, while SSH is fully encrypted. SSH also offers other major features like port forwarding, login with keys and secure file transfer. Always use SSH if possible, all data send through telnet can easily be seen by someone else on the network! ● Example: try to login with telnet and SSH on a server. If you view the telnet traffic in wireshark you will see that everything (even the password) is send in the clear!
26 Network services: file transfer with SSH ● SSH can be used to transfer files securely over any network (including the internet) ● Command line tool: scp $ scp localfile pinguin@192.168.0.1:/home/pinguin/file ● Nautilus file manager can connect with the ssh:// or sftp:// prefixes: ● It is also possible to mount a directory locally with sshfs: $ sshfs pinguin@192.168.0.1:/home/pinguin localdir
27 Network services: file transfer with FTP ● FTP can be used in much the same way as SSH, but as with telnet, FTP is not encrypted and thus highly insecure! ● Command line tool: ftp $ ftp 192.168.0.1 Connected to 192.168.0.1 (192.168.0.1). 220 (vsFTPd 3.0.2) Name (192.168.0.1:maarten): pinguin 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> put localfile ● Nautilus file manager can connect with the ftp:// prefix ● It is also possible to mount a directory locally with curlftpfs: $ curlftpfs ftp://pinguin:pinguin@example.com localdir
28 Network services: file transfer with NFS ● The Network File System is a filesystem designed to be shared over the network ● NFS is historically the oldest network filesystem available and is described in several official RFC's ● NFS supports the same user permission functionality like other linux filesystems ● NFS is not encrypted, and should only be used on trusted networks! ● NFS mounts can not be accessed in Nautilus, they need to be mounted by root ● Check the export list with showmount: $ showmount -e 192.168.0.1 Export list for 192.168.0.1: /home/pinguin (everyone) ● You can mount an NFS share like this: $ mount -t nfs 192.168.0.1:/home/pinguin localdir
29 Network services: file transfer with Samba ● Samba is the open source implementation for the Microsoft Windows network share protocol (SMB- protocol) ● Samba is used more then NFS, it supports Windows hosts and has more features, but it is also not encrypted! ● Command line: use smbget to transfer a file ● Nautilus: use the smb:// prefix ● You can mount an SMB share locally like this: $ mount -t smbfs -o username=pinguin,password=pinguin //192.168.0.1/pinguin localdir
30 Network services: file transfer with wget & curl ● wget and curl are both cli utilities that are used to get files via several protocols (they also support authentication): – wget: FTP, HTTP & HTTPS – curl: DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP $ wget http://192.168.0.1/index.html --2015-06-02 17:04:43-- http://192.168.0.1/index.html Connecting to 192.168.0.1:80... connected. HTTP request sent, awaiting response... 200 OK Length: 11510 (11K) [text/html] Saving to: ‘index.html’ index.html 100%[==========================>] 11.24K --.-KB/s in 0.001s 2015-06-02 17:04:43 (16.5 MB/s) - ‘index.html’ saved [11510/11510] $ curl http://192.168.0.1/index.html -o index.html % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 11510 100 11510 0 0 2126k 0 --:--:-- --:--:-- --:--:-- 2248k
31 Network services: remote desktop ● The two most used types of remote desktop on linux are VNC (Virtual Network Computing) and RDP (Remote Desktop Protocol). VNC is an open-source standard, while RDP is a Microsoft protocol. ● Both VNC and RDP are not suitable for use over the internet because they are not encrypted ● There are several clients for linux: vinagre, krdc, rdesktop, … Use the one that you like most. ● Most distro's offer an easy way to setup VNC ● There are several commercial (but free) services that can be used on linux, like TeamViewer and Google Chrome remote desktop
32 Network services: secure access ● Be very careful when using insecure services over a public network. Eavesdropping is easy! ● Use a secure alternative if possible (eg. ssh/telnet, sftp/ftp) ● If you must use an insecure service like VNC, there are two main solutions: – Tunneling/port forwarding through SSH $ ssh -L 3323:localhost:23 pinguin@192.168.0.1 $ telnet localhost 3323 – VPN (Virtual Private Network): this is an encrypted, virtual network over an existing, unsafe network
33 Extra ● Firewall: iptables, ufw, fwbuilder ● Bridging: brctl ● VLAN: vconfig ● Traffic shaping: tc ● Anonymity online: Tor ● Add blocking

More Related Content

What's hot (20)

PPTX
eBPF Workshop
Michael Kehoe
 
PPTX
6 understanding DHCP
Hameda Hurmat
 
PDF
Socket Programming with Python
GLC Networks
 
PPTX
LINUX DISTRIBUTIONS.pptx
rahul355835
 
PPT
Chapter 3 vlans
kratos2424
 
PDF
Iptables Configuration
stom123
 
PPTX
Ospf area types
CoderGenie Technologies
 
PDF
Cisco Router Basic Configuration
Prof. Erwin Globio
 
PDF
Flask, Redis, Retrofit을 이용한 Android 로그인 서비스 구현하기
Manjong Han
 
PDF
Introduction to the linux command line.pdf
CesleySCruz
 
PDF
SynFlood DDOS Saldırıları ve Korunma Yolları
BGA Cyber Security
 
PPTX
LTM essentials
bharadwajv
 
PPTX
Troubleshooting Network and Network Utilities
Rubal Sagwal
 
PDF
FIREWALLD
Benjamin Samuel
 
PPTX
Linux Network Stack
Adrien Mahieux
 
PDF
Linux Networking Explained
Thomas Graf
 
PPTX
Linux
Nikhil Dhiman
 
PPTX
Docker ve kubernetes ile ilgili kısa bilgilendirmeler
Oğuzhan İğrek
 
PPTX
BTRİSK Web Uygulama Güvenliği Denetimi Eğitim Sunumu
BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
PPT
Dynamic Routing IGRP
Kishore Kumar
 
eBPF Workshop
Michael Kehoe
 
6 understanding DHCP
Hameda Hurmat
 
Socket Programming with Python
GLC Networks
 
LINUX DISTRIBUTIONS.pptx
rahul355835
 
Chapter 3 vlans
kratos2424
 
Iptables Configuration
stom123
 
Ospf area types
CoderGenie Technologies
 
Cisco Router Basic Configuration
Prof. Erwin Globio
 
Flask, Redis, Retrofit을 이용한 Android 로그인 서비스 구현하기
Manjong Han
 
Introduction to the linux command line.pdf
CesleySCruz
 
SynFlood DDOS Saldırıları ve Korunma Yolları
BGA Cyber Security
 
LTM essentials
bharadwajv
 
Troubleshooting Network and Network Utilities
Rubal Sagwal
 
FIREWALLD
Benjamin Samuel
 
Linux Network Stack
Adrien Mahieux
 
Linux Networking Explained
Thomas Graf
 
Linux
Nikhil Dhiman
 
Docker ve kubernetes ile ilgili kısa bilgilendirmeler
Oğuzhan İğrek
 
BTRİSK Web Uygulama Güvenliği Denetimi Eğitim Sunumu
BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Dynamic Routing IGRP
Kishore Kumar
 

Viewers also liked (17)

PDF
Linux fundamental - Chap 15 Job Scheduling
Kenny (netman)
 
DOCX
Linux crontab
Teja Bheemanapally
 
PPTX
Cron Jobs
primeteacher32
 
PPT
unix crontab basics
saratsandhya
 
PPT
Linux
SINGH PROJECTS
 
PDF
Linux Network commands
Hanan Nmr
 
PDF
Linux Network Management
Anil Kumar Pugalia
 
PPT
BITS: Introduction to linux, distributions and installation
BITS
 
PDF
Linux Network Administration (LPI-1,LPI-2)
laonap166
 
PDF
BGA Eğitim Sunum
BGA Cyber Security
 
PDF
SWIFT Altyapısına Yönelik Saldırıların Teknik Analizi - NETSEC
BGA Cyber Security
 
PDF
SOC Ekiplerinin Problemlerine Güncel Yaklaşımlar - NETSEC
BGA Cyber Security
 
PDF
Güvenli Yazılım Geliştirmede Dosya Yükleme
BGA Cyber Security
 
PDF
Uygulamalı Ağ Güvenliği Eğitim Notları
BGA Cyber Security
 
PDF
Amarmore linuxintro-100301095530-phpapp01
haha loser
 
PDF
Kali linux
BGA Cyber Security
 
PDF
Sosyal Medyada Anonim Hesaplar Nasıl Tespit Edilir? - NETSEC
BGA Cyber Security
 
Linux fundamental - Chap 15 Job Scheduling
Kenny (netman)
 
Linux crontab
Teja Bheemanapally
 
Cron Jobs
primeteacher32
 
unix crontab basics
saratsandhya
 
Linux
SINGH PROJECTS
 
Linux Network commands
Hanan Nmr
 
Linux Network Management
Anil Kumar Pugalia
 
BITS: Introduction to linux, distributions and installation
BITS
 
Linux Network Administration (LPI-1,LPI-2)
laonap166
 
BGA Eğitim Sunum
BGA Cyber Security
 
SWIFT Altyapısına Yönelik Saldırıların Teknik Analizi - NETSEC
BGA Cyber Security
 
SOC Ekiplerinin Problemlerine Güncel Yaklaşımlar - NETSEC
BGA Cyber Security
 
Güvenli Yazılım Geliştirmede Dosya Yükleme
BGA Cyber Security
 
Uygulamalı Ağ Güvenliği Eğitim Notları
BGA Cyber Security
 
Amarmore linuxintro-100301095530-phpapp01
haha loser
 
Kali linux
BGA Cyber Security
 
Sosyal Medyada Anonim Hesaplar Nasıl Tespit Edilir? - NETSEC
BGA Cyber Security
 
Ad

Similar to Linux network tools (Maarten Blomme) (20)

PPTX
linux networking laboratory presentation .pptx
AnuradhaJadiya1
 
PPT
dokumen.tips_linux-networking-commands.ppt
ThorOdinson55
 
PDF
Link i pv4
NARESH A
 
PDF
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
idsecconf
 
PPTX
Linux networking
Arie Bregman
 
PPTX
14 network tools
Shay Cohen
 
PDF
Network commands
Dr. Mahadev Gawas
 
PPTX
Lecture 4-Internetworking-Concepts (view-only).pptx
ShaimasafaaldinBahaa1
 
PDF
packet traveling (pre cloud)
iman darabi
 
PDF
MULTIMEDIA COMMUNICATION & NETWORKS
Kathirvel Ayyaswamy
 
PDF
class12_Networking2
T. J. Saotome
 
PPTX
CCNA
Abhishek Parihari
 
PPTX
Networking Basics with Linux
Henry Osborne
 
PDF
Linux router
Miguel E Arellano Quezada
 
PDF
Banog meetup August 30th, network device property as code
Damien Garros
 
PPTX
Microsoft Offical Course 20410C_05
gameaxt
 
PDF
Basic Introduction to Technology (networking).pdf
tthind
 
PPT
IPv6 networking training sduffy v3
Shane Duffy
 
PDF
acn-practical_manual-19-20-1 final.pdf
Qual4
 
PDF
Network Security Fundamentals Final.pptx
HakimAlHuribi
 
linux networking laboratory presentation .pptx
AnuradhaJadiya1
 
dokumen.tips_linux-networking-commands.ppt
ThorOdinson55
 
Link i pv4
NARESH A
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
idsecconf
 
Linux networking
Arie Bregman
 
14 network tools
Shay Cohen
 
Network commands
Dr. Mahadev Gawas
 
Lecture 4-Internetworking-Concepts (view-only).pptx
ShaimasafaaldinBahaa1
 
packet traveling (pre cloud)
iman darabi
 
MULTIMEDIA COMMUNICATION & NETWORKS
Kathirvel Ayyaswamy
 
class12_Networking2
T. J. Saotome
 
CCNA
Abhishek Parihari
 
Networking Basics with Linux
Henry Osborne
 
Linux router
Miguel E Arellano Quezada
 
Banog meetup August 30th, network device property as code
Damien Garros
 
Microsoft Offical Course 20410C_05
gameaxt
 
Basic Introduction to Technology (networking).pdf
tthind
 
IPv6 networking training sduffy v3
Shane Duffy
 
acn-practical_manual-19-20-1 final.pdf
Qual4
 
Network Security Fundamentals Final.pptx
HakimAlHuribi
 
Ad

More from Avansa Mid- en Zuidwest (20)

PDF
Duurzaamheidstips smartphone (Merijn Supply)
Avansa Mid- en Zuidwest
 
PDF
De impact van spullen + Facts & Figures e-waste (Rosalie Heens)
Avansa Mid- en Zuidwest
 
PDF
Hoe Close the Gap met ICT-materiaal digitale kloof helpt te dichten (Peter Ma...
Avansa Mid- en Zuidwest
 
PDF
Recht op Repareren (Rosalie Heens)
Avansa Mid- en Zuidwest
 
PDF
De impact van spullen + Facts & Figures e-waste (Rosalie Heens)
Avansa Mid- en Zuidwest
 
PDF
Smartphone-reparaties: welke zijn zinvol en betaalbaar? (Dries Terryn)
Avansa Mid- en Zuidwest
 
PDF
Opslagruimte vrijmaken op je smartphone (Merijn Supply)
Avansa Mid- en Zuidwest
 
PDF
Duurzaamheidstips smartphone (Merijn Supply)
Avansa Mid- en Zuidwest
 
PPTX
Navigeren met OsmAnd en OpenStreetMap (Monique Lefebvre)
Avansa Mid- en Zuidwest
 
PPTX
Veilig inloggen & wachtwoordbeheer (Monique Lefebvre / Christophe Ketels)
Avansa Mid- en Zuidwest
 
PPTX
Privacy-check van je laptop (Windows/Microsoft) (Christophe Ketels)
Avansa Mid- en Zuidwest
 
PPTX
Je privacy verhogen in Chrome of andere browser (Christophe Ketels)
Avansa Mid- en Zuidwest
 
PDF
Privacy-check van je smartphone (Android/Google) (Pieterjan Jonckheere)
Avansa Mid- en Zuidwest
 
PDF
Privacy-check van je smartphone (Android/Google) (Pieterjan Jonckheere)
Avansa Mid- en Zuidwest
 
PDF
Privacyvriendelijke webdiensten & tools (Kevin Vermassen)
Avansa Mid- en Zuidwest
 
PDF
Privacyvriendelijke webdiensten & tools (Gregory Deseck)
Avansa Mid- en Zuidwest
 
PDF
Privacy: mensenrecht of luxegoed? (Prof. dr. Ralf De Wolf)
Avansa Mid- en Zuidwest
 
PDF
Flatpak, AppImage & Snap (Koen Wybo)
Avansa Mid- en Zuidwest
 
PDF
Elektro Elixir: Software-updates & troubleshooting (Android/iOS/Windows)
Avansa Mid- en Zuidwest
 
PDF
Elektro Elixir: Zo hou je de batterij van je toestellen langer gezond
Avansa Mid- en Zuidwest
 
Duurzaamheidstips smartphone (Merijn Supply)
Avansa Mid- en Zuidwest
 
De impact van spullen + Facts & Figures e-waste (Rosalie Heens)
Avansa Mid- en Zuidwest
 
Hoe Close the Gap met ICT-materiaal digitale kloof helpt te dichten (Peter Ma...
Avansa Mid- en Zuidwest
 
Recht op Repareren (Rosalie Heens)
Avansa Mid- en Zuidwest
 
De impact van spullen + Facts & Figures e-waste (Rosalie Heens)
Avansa Mid- en Zuidwest
 
Smartphone-reparaties: welke zijn zinvol en betaalbaar? (Dries Terryn)
Avansa Mid- en Zuidwest
 
Opslagruimte vrijmaken op je smartphone (Merijn Supply)
Avansa Mid- en Zuidwest
 
Duurzaamheidstips smartphone (Merijn Supply)
Avansa Mid- en Zuidwest
 
Navigeren met OsmAnd en OpenStreetMap (Monique Lefebvre)
Avansa Mid- en Zuidwest
 
Veilig inloggen & wachtwoordbeheer (Monique Lefebvre / Christophe Ketels)
Avansa Mid- en Zuidwest
 
Privacy-check van je laptop (Windows/Microsoft) (Christophe Ketels)
Avansa Mid- en Zuidwest
 
Je privacy verhogen in Chrome of andere browser (Christophe Ketels)
Avansa Mid- en Zuidwest
 
Privacy-check van je smartphone (Android/Google) (Pieterjan Jonckheere)
Avansa Mid- en Zuidwest
 
Privacy-check van je smartphone (Android/Google) (Pieterjan Jonckheere)
Avansa Mid- en Zuidwest
 
Privacyvriendelijke webdiensten & tools (Kevin Vermassen)
Avansa Mid- en Zuidwest
 
Privacyvriendelijke webdiensten & tools (Gregory Deseck)
Avansa Mid- en Zuidwest
 
Privacy: mensenrecht of luxegoed? (Prof. dr. Ralf De Wolf)
Avansa Mid- en Zuidwest
 
Flatpak, AppImage & Snap (Koen Wybo)
Avansa Mid- en Zuidwest
 
Elektro Elixir: Software-updates & troubleshooting (Android/iOS/Windows)
Avansa Mid- en Zuidwest
 
Elektro Elixir: Zo hou je de batterij van je toestellen langer gezond
Avansa Mid- en Zuidwest
 

Recently uploaded (20)

PDF
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PDF
Python basic programing language for automation
DanialHabibi2
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
Python basic programing language for automation
DanialHabibi2
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 

Linux network tools (Maarten Blomme)

  • 1. Linux network tools ● Theory ● Configuration ● Basic tools ● Network analysis ● Network services
  • 2. 2 Theory: OSI model Application space ● Layer 7: application protocol ● Layer 5/6: optional Kernel IP stack ● Layer 4: – UDP: connectionless – TCP: stateful ● Layer 3 (IP layer): – Top layer for routers – Possibly multiple IP addresses per network interface ● Layer 2 (MAC layer): – Top layer for switches – One MAC address per physical interface ● Layer 1: electrical specifications – Top layer for hubs and modems – WiFi – Ethernet port / cable
  • 3. 3 Theory: Some terminology Modem (layer 1) ● A modem is a device that translates between different technologies Repeater (layer 1) ● A repeater is a device that repeats (amplifies) an existing network connection Hub (layer 2) ● A hub is a 'dumb' device that connects wired network devices, every device connected to a hub sees all traffic passing on the network Access point (layer 2) ● An access point can be seen as a wireless hub, it provides access to the network for wireless clients
  • 4. 4 Theory: Some terminology Switch (layer 2) ● A switch is an 'intelligent' hub, it passes only traffic that is destined for a specific device, based on it's MAC address ● There are also so called “level 3” or “level 4” switches, they add some extra features that are based on functionality in the network or transport layer Bridge (layer 2) ● A bridge can be compared to a switch, but it is less advanced and less powerfull Router (layer 3) ● A router does not connect network devices, it connects different networks (eg. your internal home network and the internet) ● It does this based on the IP addresses
  • 5. 5 Theory: Some terminology ● In many cases, this functionality is combined. Most people have at home a device that's modem, router, access point and switch, all in one.
  • 6. 6 Theory: Level 2: MAC Addresses ● MAC: Media Access Control ● 00:14:c1:43:9d:fb – First three numbers: vendor id – Last three numbers: serial number ● Broadcast: ff:ff:ff:ff:ff:ff ● Used to regulate network traffic on level 2
  • 7. 7 Theory: Level 3: IP Addresses ● IP: Internet Protocol – Most used: IPv4 – New: IPv6 ● 192.168.0.5 – Netmask is used to determine to which network the IP address belongs: 255.255.255.0 (or /24) ● Broadcast depends on netmask: 192.255.255.255 ● Used to regulate network traffic on level 3
  • 8. 8 Configuration: IP settings ● Most modern linux distributions use NetworkManager service as a backend to configure the network ● On Debian based distros, the network can be configured in /etc/network/interfaces as a simple fallback ● On Red Hat based distros, this can be done in /etc/sysconfig/network ● ifconfig or ip can be used to configure the network manually, but these settings are gone once you reboot
  • 9. 9 Configuration: DNS ● Domain Name Service is used to convert server names in IP addresses ● DNS servers are configured in the file /etc/resolv.conf $ cat /etc/resolv.conf nameserver 8.8.8.8 ● Normally you would just use the DNS server received by your router, but you can improve your internet access by changing this to a public server like 8.8.8.8 or 8.8.4.4. These servers, maintained by Google, normally respond faster and do not filter any results (eg. thepiratebay.org). ● You edit the file /etc/hosts to override or add server names
  • 10. 10 Configuration: ifconfig ● With ifconfig you can configure a network interface ● On linux it is possible to create virtual network interfaces for different networks ● Configure a virtual network on your wired network interface with a static IP (make sure you all use a different IP!) and check the results $ ifconfig eth0:1 192.168.0.10 $ ifconfig ● You should see your real wired network interface has a dynamic address received via DHCP and the virtual interface has the static address you configured
  • 11. 11 Basic tools: arp ● To know what MAC address corresponds with a certain IP address, the Address Resolution Protocol is used ● ARP requests are automatically send by linux whenever you try to connect with a certain IP ● Linux keeps a ARP cache table that can be viewed and modified with the arp command: $ arp Address HWtype HWaddress Flags Mask Iface 192.168.5.1 ether 00:23:48:c7:64:81 C eth0 ● You can clear the table, delete or add entries manually. The ARP cache table is cleared after a certain time.
  • 12. 12 Basic tools: ping ● ping is a tool that used ICMP echo requests to detect if a host is alive ● ICMP traffic can be blocked, so this is not 100% reliable ● ping has a lot of options to modify it's behavior, you can change the interval, number of pings, network interface, … ● Example: first look at the ARP table, then ping a host, then check the ARP table again $ arp Address HWtype HWaddress Flags Mask Iface $ ping 192.168.0.1 PING 192.168.0.10 (192.168.0.10) 56(84) bytes of data. 64 bytes from 192.168.0.10: icmp_seq=1 ttl=64 time=0.774 ms $ arp Address HWtype HWaddress Flags Mask Iface 192.168.0.1 ether b4:b5:2f:cc:a1:08 C eth0
  • 13. 13 Basic tools: route ● To connecting to different networks (eg. from the local network to the internet), linux uses a routing table to know where to send what packets ● You can view and change this routing table with the route command Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.25.32.1 0.0.0.0 UG 0 0 0 eth0 10.25.0.0 * 255.255.0.0 U 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 ● There is a default gateway (10.25.32.1) defined for all traffic that is for an unknown network ● Data for 10.25.x.x and 192.168.0.x (see masks) goes to eth0 ● By configuring eth0:1 with 192.168.0.10, linux added an entry to the routing table
  • 14. 14 Basic tools: traceroute ● Use the traceroute command to see what path a packet takes to a certain destination: $ traceroute 172.21.1.6 traceroute to 172.21.1.6 (172.21.1.6), 30 hops max, 60 byte packets 1 10.25.32.1 (10.25.32.1) 0.880 ms 1.288 ms 1.291 ms 2 10.65.255.1 (10.65.255.1) 1.281 ms 1.960 ms 2.255 ms 3 172.21.1.33 (172.21.1.33) 5.357 ms 5.366 ms 5.347 ms 4 172.21.1.5 (172.21.1.5) 34.239 ms 34.268 ms 34.261 ms 5 172.21.1.6 (172.21.1.6) 27.104 ms * * ● This works because every IP packet has a TTL (Time To Live) value that is decreased with every hop. This is used to make sure that packets that can't be delivered are not send around in circles. ● Some types of packets can be blocked by your provider. To circument this, try to use a different packet type for traceroute (eg. traceroute -I)
  • 15. 15 Basic tools: DNS tools ● There are several tools that can be used to lookup information about domain names or IP addresses: host, nslookup, dig and whois. ● Example: lookup a domain name or IP address $ host www.google.be www.google.be has address 74.125.136.94 www.google.be has IPv6 address 2a00:1450:4013:c01::5e $ host 74.125.136.94 94.136.125.74.in-addr.arpa domain name pointer ea-in- f94.1e100.net. ● With whois, you can get information about the domain name registrar
  • 16. 16 Basic tools: Wi-Fi ● There are three basic cli tools for wireless networks: iwlist, iwconfig and wpa_supplicant ● iwlist is used to scan for networks $ iwlist wlan0 scan ● iwconfig is used to configure a wireless network interface $ iwconfig wlan0 essid MyNetwork ● wpa_supplicant is used to configure encryption for wireless networks ● There are several tools for hacking WEP-encrypted networks, but WPA(2) is still secure
  • 17. 17 Basic tools: Wi-Fi access point ● Setting up a Wi-Fi access point (hotspot) can easily be done with the NetworkManager ● Doing it manually requires two tools: hostapd and dnsmasq. hostapd changes your wireless network interface in an access point, while dnsmasq is a basic DHCP and DNS server.
  • 18. 18 Network analysis: netstat ● netstat is used to see what connections are open on your linux system. The options -n (no name resolving) and -t (only TCP connections) are quite useful $ netstat -nt Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:54395 127.0.0.1:5939 ESTABLISHED tcp 38 0 10.25.46.157:44261 23.21.220.152:443 CLOSE_WAIT tcp 0 0 10.25.46.157:51457 188.172.204.18:443 ESTABLISHED tcp 38 0 10.25.46.157:38185 54.192.95.120:443 CLOSE_WAIT tcp 0 0 10.25.46.157:48293 10.64.150.31:443 ESTABLISHED tcp 0 0 127.0.0.1:44554 127.0.0.1:48750 ESTABLISHED tcp 0 0 10.25.46.157:43487 74.125.136.189:443 ESTABLISHED tcp 38 0 10.25.46.157:37828 54.192.95.120:443 CLOSE_WAIT tcp 0 0 10.25.46.157:57952 10.64.150.31:443 ESTABLISHED tcp 38 0 10.25.46.157:48434 54.192.95.164:443 CLOSE_WAIT tcp 0 0 10.25.46.157:49543 10.64.150.31:443 ESTABLISHED tcp 0 0 127.0.0.1:53553 127.0.0.1:34226 ESTABLISHED tcp 0 0 10.25.46.157:42063 108.160.165.33:443 ESTABLISHED tcp 0 0 10.25.46.157:51878 198.252.206.25:443 ESTABLISHED tcp 0 0 10.25.46.157:57250 173.194.65.102:443 ESTABLISHED tcp 38 0 10.25.46.157:38281 23.21.219.56:443 CLOSE_WAIT tcp 38 0 10.25.46.157:37985 54.192.95.120:443 CLOSE_WAIT
  • 19. 19 Network analysis: iptraf ● With iptraf (sometimes called iptraf-ng) you can see in great detail what and how much traffic passes through your system, right from the command line!
  • 20. 20 Network analysis: Nmap ● Nmap (“Network Mapper”) is an extremely powerful utility for network discovery and security auditing ● Nmap can be used for: discovering devices on a network and what services they provide, detect what OS a host is running, ... ● Examples: – scan all hosts on a subnet and see what services they provide: nmap 192.168.0.* – the same thing, but 'in secret': nmap -sS 192.168.0.* – check what OS a host is running: nmap -O 192.168.0.1
  • 21. 21 Network analysis: iperf ● iperf is used to measure the effective network bandwidth for TCP or UDP traffic between two hosts ● Example: – Host 1 (192.168.0.1): $ iperf -s ------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4] local 192.168.0.1 port 5001 connected with 192.168.0.10 port 47693 [ ID] Interval Transfer Bandwidth [ 4] 0.0-10.1 sec 113 MBytes 93.8 Mbits/sec – Host 2 (192.168.0.10): $ iperf -c 192.168.0.1 ------------------------------------------------------------ Client connecting to 192.168.0.1, TCP port 5001 TCP window size: 85.0 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.0.10 port 47693 connected with 192.168.0.1 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 113 MBytes 94.7 Mbits/sec
  • 22. 22 Network analysis: wireshark ● Wireshark is a network packet sniffer. It is used to capture packets on a network and do an advanced analysis. It is one of the most powerful open-source tools available for network debugging.
  • 23. 23 Network analysis: tcpdump ● tcpdump is a command line program with the same functionality as wireshark $ tcpdump -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 05:01:39.393785 ARP, Request who-has 10.25.41.51 tell 10.25.46.74, length 46 05:01:39.393842 ARP, Request who-has 10.25.40.100 tell 10.25.46.74, length 46 05:01:39.402624 ARP, Request who-has 10.25.31.8 tell 10.25.46.24, length 46 05:01:39.613080 ARP, Request who-has 10.25.31.11 tell 10.25.32.1, length 46 05:01:39.761154 IP 10.65.120.11.2052 > 10.65.120.255.1005: UDP, length 74 05:01:39.846803 ARP, Request who-has 10.25.31.8 tell 10.25.46.39, length 46
  • 24. 24 Network analysis: etherape ● etherape provides a visual representation of who talks to who via your network connection
  • 25. 25 Network services: remote cli with telnet and SSH ● There are two major ways to connect remotely to a host via the command line: telnet and SSH (Secure SHell) ● Telnet provides an insecure connection, while SSH is fully encrypted. SSH also offers other major features like port forwarding, login with keys and secure file transfer. Always use SSH if possible, all data send through telnet can easily be seen by someone else on the network! ● Example: try to login with telnet and SSH on a server. If you view the telnet traffic in wireshark you will see that everything (even the password) is send in the clear!
  • 26. 26 Network services: file transfer with SSH ● SSH can be used to transfer files securely over any network (including the internet) ● Command line tool: scp $ scp localfile [email protected]:/home/pinguin/file ● Nautilus file manager can connect with the ssh:// or sftp:// prefixes: ● It is also possible to mount a directory locally with sshfs: $ sshfs [email protected]:/home/pinguin localdir
  • 27. 27 Network services: file transfer with FTP ● FTP can be used in much the same way as SSH, but as with telnet, FTP is not encrypted and thus highly insecure! ● Command line tool: ftp $ ftp 192.168.0.1 Connected to 192.168.0.1 (192.168.0.1). 220 (vsFTPd 3.0.2) Name (192.168.0.1:maarten): pinguin 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> put localfile ● Nautilus file manager can connect with the ftp:// prefix ● It is also possible to mount a directory locally with curlftpfs: $ curlftpfs ftp://pinguin:[email protected] localdir
  • 28. 28 Network services: file transfer with NFS ● The Network File System is a filesystem designed to be shared over the network ● NFS is historically the oldest network filesystem available and is described in several official RFC's ● NFS supports the same user permission functionality like other linux filesystems ● NFS is not encrypted, and should only be used on trusted networks! ● NFS mounts can not be accessed in Nautilus, they need to be mounted by root ● Check the export list with showmount: $ showmount -e 192.168.0.1 Export list for 192.168.0.1: /home/pinguin (everyone) ● You can mount an NFS share like this: $ mount -t nfs 192.168.0.1:/home/pinguin localdir
  • 29. 29 Network services: file transfer with Samba ● Samba is the open source implementation for the Microsoft Windows network share protocol (SMB- protocol) ● Samba is used more then NFS, it supports Windows hosts and has more features, but it is also not encrypted! ● Command line: use smbget to transfer a file ● Nautilus: use the smb:// prefix ● You can mount an SMB share locally like this: $ mount -t smbfs -o username=pinguin,password=pinguin //192.168.0.1/pinguin localdir
  • 30. 30 Network services: file transfer with wget & curl ● wget and curl are both cli utilities that are used to get files via several protocols (they also support authentication): – wget: FTP, HTTP & HTTPS – curl: DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP $ wget http://192.168.0.1/index.html --2015-06-02 17:04:43-- http://192.168.0.1/index.html Connecting to 192.168.0.1:80... connected. HTTP request sent, awaiting response... 200 OK Length: 11510 (11K) [text/html] Saving to: ‘index.html’ index.html 100%[==========================>] 11.24K --.-KB/s in 0.001s 2015-06-02 17:04:43 (16.5 MB/s) - ‘index.html’ saved [11510/11510] $ curl http://192.168.0.1/index.html -o index.html % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 11510 100 11510 0 0 2126k 0 --:--:-- --:--:-- --:--:-- 2248k
  • 31. 31 Network services: remote desktop ● The two most used types of remote desktop on linux are VNC (Virtual Network Computing) and RDP (Remote Desktop Protocol). VNC is an open-source standard, while RDP is a Microsoft protocol. ● Both VNC and RDP are not suitable for use over the internet because they are not encrypted ● There are several clients for linux: vinagre, krdc, rdesktop, … Use the one that you like most. ● Most distro's offer an easy way to setup VNC ● There are several commercial (but free) services that can be used on linux, like TeamViewer and Google Chrome remote desktop
  • 32. 32 Network services: secure access ● Be very careful when using insecure services over a public network. Eavesdropping is easy! ● Use a secure alternative if possible (eg. ssh/telnet, sftp/ftp) ● If you must use an insecure service like VNC, there are two main solutions: – Tunneling/port forwarding through SSH $ ssh -L 3323:localhost:23 [email protected] $ telnet localhost 3323 – VPN (Virtual Private Network): this is an encrypted, virtual network over an existing, unsafe network
  • 33. 33 Extra ● Firewall: iptables, ufw, fwbuilder ● Bridging: brctl ● VLAN: vconfig ● Traffic shaping: tc ● Anonymity online: Tor ● Add blocking