Path: content/Tips/Network/default.md
Networking
Caputure network events from a process
This will dump all network events relating to the command you specify - useful to see if your application is trying to talk to some remote service:
strace -f -e trace=network -s 10000 command_with_args_here
It also attaches to subprocesses.
tcpdump - capture whole packet
Mostly human readable tcpdump capture command:
tcpdump -p nnvvXSs 1514
Simpler version:
tcpdump -nnXSs 0
0 defaults to the entire packet.
Can also specify -w to write to a file and -C nnn to specify file size
This will do a circular log with 1MB log files, and keep 20 of them before overwriting the oldest:
tcpdump -C1 -W20 -pnnvvXSs1514 -wtcpdump
Use rsync to copy just the folder structure
Copy just the folder structure:
rsync -a -f"+ */" -f"- *" source/ destination/
Network Scan
fping is a useful tool for ping scaning whole network ranges. Bit less heavyweight than nmap:
apt-get install fping
fping -g 10.188.0.1 10.188.0.254 2>/dev/null | grep 'is unreachable' | cut -d ' ' -f 1 | sort -t '.' -k 4 -nTo then check for reverse DNS entries:
fping -g 10.188.0.1 10.188.0.254 2>/dev/null | grep 'is unreachable' | cut -d ' ' -f 1 | sort -t '.' -k 4 -n | xargs -n1 host | grep 'not found'Show open ports
Used to use netstat -pant but that's not installed on more recent systems. Try lsof -i -P -n instead.
Cisco
Cisco switches use an unusual break sequence. Instead of ctrl-C , try ctrl-shift-6 . Might need to be sent twice, and it waits for the current operation to complete.
nmap
Speed it up with nmap -sn -T5 --min-parallelism 100 10.0.0.0/16 -oG output.file.txt
Last updated : 14 November 2024