Technotes for future me

Linux Networking


netcat Commands

    # Connect
    nc -zv <ip> <port>

    # Listen
    nc -l -p <port>       # Listen on port
    nc -w3 <ip> <port>  # Listen for connection from IP on port

    # Search banners
    echo | nc -v -n -w1 <ip> <port min>-<port max>

    # Port scan
    nc –v –n –z –w1 <ip> <port>

Telnet loop

    for i in $(cat ips); do
    echo quit | timeout --signal=9 3 telnet "$i" 443


Resolve own IP

  dig +short

Resolve a name via nsswitch

  getent hosts <host name>

CloudShark: Sharing network traces DNS Lookup

    dig <domain>
    dig <domain> +noall +answer
    dig <domain> +short
    dig MX <domain>
    dig NS <domain>
    dig ANY <domain>

    dig -x <IP>
    dig -x <IP> +short

    dig @ <domain>

    dig -f input.txt +noall +answer

DNS RR warpsrv: CLI wrapper for DNS RR connections

    apt-get install -y wrapsrv netcat
    export eval $(wrapsrv <DNS name> "netcat -z %h %p && echo http_proxy=http://%h:%p")

[DNSSEC - Verisign Online Tester] ( DNS - CAA Support: Providers and Tools

DNS Servers

  • Bind
  • PowerDNS
  • NSD
  • ldns

DNS over TLS/HTTPS resolvers

DNS over TLS servers


ethtool - Usage

    ethtool eth0                       # Print general info on eth0
    ethtool -i eth0                    # Print kernel module info
    ethtool -S eth0                    # Print eth0 traffic statistics
    ethtool -a eth0                    # Print RX, TX and auto-negotiation settings
    ethtool -p eth0                    # Blink LED

    # Changing NIC settings...
    ethtool -s eth0 speed 100
    ethtool -s eth0 autoneg off
    ethtool -s eth0 duplex full
    ethtool -s eth0 wol g               # Turn on wake-on-LAN

Do not forget to make changes permanent in e.g.

ip - Usage

    ip link show
    ip link set eth0 up
    ip addr show
    ip neigh show

miitool - Show Link Infos

    # mii-tool -v
    eth0: negotiated 100baseTx-FD flow-control, link ok
      product info: vendor 00:07:32, model 17 rev 4
      basic mode:   autonegotiation enabled
      basic status: autonegotiation complete, link ok
      capabilities: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
      advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
      link partner: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control

Enable Jumbo Frames

    ifconfig eth1 mtu 9000

Allow binding IP that does not exist

    sysctl -w net.ipv4.ip_nonlocal_bind=1

NFS - Tuning Secrets: SGI Slides on NFS Performance


Black Hole Route: To block IPs create route on loopback

    route add -net gw lo   # for a subnet
    route add gw lo   # for a single IP

Quick Access Log IP Top List

    tail -100000 access.log | awk '{print $1}' | sort | uniq -c |sort -nr|head -25

Find out if IP is used before configuring it

    arping <IP>

Traceroute with AS and network name lookup

    lft -AN Tracks DNS changes Tuning network settings


vnstat - Short term measurement bytes/packets min/avg/max:

    vnstat -l      # Live listing until Ctrl-C and summary
    vnstat -tr     # 5s automatic traffic sample

vnstat - Long term statistics:

    vnstat -h      # last hours (including ASCII graph)
    vnstat -d      # last days
    vnstat -w      # last weeks
    vnstat -m     # last months

    vnstat -t       # top 10 days


iperf3 nuttcp Ethr

Using curl metrics

You can use curl to measure resolving, time to connect, time to first byte and total time like this:

Issue sequential requests (each with new connection)

    while true; do
    curl -w "$(date +%FT%T)    dns %{time_namelookup}    connect %{time_connect}   firstbyte %{time_starttransfer}   total %{time_total}   HTTP %{http_code}\n" -o /dev/null -s ""
    sleep 1

Issue sequential HTTP/1.1 requests on 1 connection

    curl -w "$(date +%FT%T)    dns %{time_namelookup}    connect %{time_connect}   firstbyte %{time_starttransfer}   total %{time_total}   HTTP %{http_code}\n" --keepalive -K <(printf 'url=""\n%.0s' {1..10000})



    lldpctl eth0

nmap commands

Scan a Single Host or an IP Address

Scan a Single IP Address:


Scan a Host Name:


Increase Verbosity Level:

    nmap -v
    nmap -vv

Scan Multiply IP Addresses

Scan Multiple IP Addresses:


Scan a Subnet:

    nmap 192.168.1.*

Scan a Range of IP Addresses ( –


Scan Network for Active Computers

Scan for Active Hosts on a network:

    nmap -sn

Scan a List of Hosts From Input File

Scan hosts/networks from the Input File:

    nmap -iL input.txt

Format of the input file:

    # Entries can be in any of the formats accepted by Nmap on the command line
    # (IP address, hostname, CIDR, IPv6, or octet ranges). Each entry must be separated
    # by one or more spaces, tabs, or newlines.

    $ cat input.txt,2,3

Exclude IP/Hosts/Networks From Nmap Scan

Exclude Targets from Nmap scan:

    nmap --exclude
    nmap --exclude
    nmap --exclude,2,3

Exclude List of hosts from a file:

    nmap --excludefile exclude.txt

Format of the exclude file is the same as format of the input file shown above.

Scan For Specific Ports

Scan for a Single Port:

    nmap -p 80

Scan for Several Ports:

    nmap -p 80,443

Scan for a Port Range:

    nmap -p 80-1000

Scan for All Ports:

    nmap -p "*"

Scan for top most Common Ports:

    nmap --top-ports 5
    nmap --top-ports 10

Determine Supported IP Protocols

Determine which IP Protocols (TCP, UDP, ICMP, etc.) are supported by target host:

    nmap -sO

Scan For TCP/UDP Ports

Scan for All TCP Ports:

    nmap -sT

Scan for Particular TCP Ports:

    nmap -p T:80

Scan for All UDP Ports:

    nmap -sU

Scan for Particular UDP Ports:

    nmap -p U:53

Combine scanning of different ports:

    nmap -p U:53,79,113,T:21-25,80,443,8080

Perform a Fast Scan

Enable Fast Mode:

    nmap -F

Scan fewer ports than the default scan.

Display the Reason a Port is in a Particular State

Display the Reason why Nmap thinks that a port is in a particular state:

    nmap --reason

Show Only Open Ports

Show Only Open Ports (or possibly open):

    nmap --open

OS Detection

One of Nmap’s best-known features is remote OS detection using TCP/IP stack fingerprinting. Nmap sends a series of TCP and UDP packets to the remote host and examines the responses.

After performing dozens of tests, Nmap compares the results to its database and prints out the OS details if there is a match.

Turn on OS Detection:

    nmap -O

Service Version Detection

Turn on Version Detection:

    nmap -sV

Discover what version of software is running on a remote host.

Firewall Detection

Find out if a host is protected by any Packet Filters or Firewall:

    nmap -sA

MAC Address Spoofing

Spoof your MAC Address:

    nmap --spoof-mac 00:11:22:33:44:55

Spoof your MAC Address with a Random MAC:

    nmap --spoof-mac 0

Scan a Firewall For Security Vulnerabilities

These three scan types exploit a subtle loophole in the TCP RFC to differentiate between open and closed ports. When scanning systems compliant with this RFC, any packet not containing SYN, RST, or ACK bits will result in a returned RST if the port is closed and no response at all if the port is open.

As long as none of those three bits are included, any combination of the other three (FIN, PSH, and URG) are OK.

TCP Null Scan:

    nmap -sN

Don’t set any bits (TCP flag header is 0).

TCP Fin Scan:

    nmap -sF

Set just the TCP FIN bit.

TCP Xmas Scan:

    nmap -sX

Set the FIN, PSH and URG flags (lighting the packet up like a Christmas tree).

Stealthy Scan


    nmap -sS

Well known as a half-open scanning, as it doesn’t open a full TCP connection.

Disable Host Discovery (No Ping)

Don’t ping host before scanning:

    nmap -Pn

Disable DNS Resolution

Never do reverse DNS Resolution on the active IP addresses it finds:

    nmap -n

Save Output of Nmap Scan to a File

Save output of Nmap scan to a TEXT File:

    nmap > output.txt
    nmap -oN output.txt

Save output of Nmap scan to an XML File:

    nmap -oX output.xml

    # Network scan
    nmap -sP

    # Host scan
    nmap <ip>
    nmap -F <ip>      # fast
    nmap -O <ip>     # detect OS
    nmap -sV <ip>     # detect services and versions
    nmap -sU <ip>     # detect UDP services

    # Alternative host discovery
    nmap -PS <ip>     # TCP SYN scan
    nmap -PA <ip>     # TCP ACK scan
    nmap -PO <ip>     # IP ping
    nmap -PU <ip>     # UDP ping

    # Alternative service discovery
    nmap -sS <ip>      
    nmap -sT <ip>
    nmap -sA <ip>
    nmap -sW <ip>

    # Checking firewalls
    nmap -sN <ip>
    nmap -sF <ip>
    nmap -sX <ip>


X-Trace - Multi-protocol tracing framework iptraf - Real-time statistics in ncurses interfaces mtr - Debug routing/package loss issues netstat - The different modes

    # Typically used modes
    netstat -rn          # List routes
    netstat -tlnp       # List all open TCP connections
    netstat -tlnpc      # Continuously do the above
    netstat -tulpen    # Extended connection view
    netstat -a           # List all sockets

    # And more rarely used
    netstat -s            # List per protocol statistics
    netstat -su          # List UDP statistics
    netstat -M           # List masqueraded connections
    netstat -i            # List interfaces and counters
    netstat -o           # Watch time/wait handling

nttcp - TCP performance testing

    # On sending host
    nttcp -t -s

    # On receiving host
    nttcp -r -s

List Kernel Settings

    sysctl net

SNMP - Dump all MIBs: When you need to find the MIB for an object known only by name try

    snmpwalk -c public -v 1 -O s <myhost> .iso | grep <search string>

Hurricane Electric - BGP Tools: Statistics on all AS as well as links to their looking glasses. darkstat - libpcap monitoring

Last updated on 31 Jan 2021
Published on 25 Dec 2019
Edit on GitHub