Programmer's Blog

Programmer's reference

Category Archives: Network

[RHEL] setting up network on eth0

1. use system GUI configuration
#> system-config-network-tui

2. since the onboot option is set to "no" we need to open up
/etc/sysconfig/network-scripts/ifcfg-eth0

and change to onboot=yes

3. then restart the network
#> /etc/init.d/network restart
Advertisements

[Linux] Netstat

Netstat is a tool for auditing the network ports in use for local machine.

To display the routing table
$netstat -rn

To display the quick interfaces statistics
$netstat -i

To display the network interfaces
$netstat -ie

To display all the opened network sockets
$netstat -uta
$netstat -aute 
<---more information

To display all listening state sockets
$netstat -lt

Summary statistics for each protocol
$netstat -s


//source: openmaniak.com

Capture packet using tcpdump

create a capture file for wireshark using tcpdump.

This is to monitor a particular host of the local machine.

The option “0” is zero.

tcpdump -s 0 -vvvv -w packet.pcap port <portnum>

See the list of interfaces on which tcpdump can listen:
tcpdump -D

Listen on interface eth0:
tcpdump -i eth0

Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater):
tcpdump -i any

Be verbose while capturing packets:
tcpdump -v

Be more verbose while capturing packets:
tcpdump -vv

Be very verbose while capturing packets:
tcpdump -vvv

Be less verbose (than the default) while capturing packets:
tcpdump -q

Limit the capture to 100 packets:
tcpdump -c 100

Record the packet capture to a file called capture.cap:
tcpdump -w capture.cap

Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time:
tcpdump -v -w capture.cap

Display the packets of a file called capture.cap:
tcpdump -r capture.cap

Display the packets using maximum detail of a file called capture.cap:
tcpdump -vvv -r capture.cap

Display IP addresses and port numbers instead of domain and service names when capturing packets:
tcpdump -n

Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n dst host 192.168.1.1

Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n src host 192.168.1.1

Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n host 192.168.1.1

Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers:
tcpdump -n dst net 192.168.1.0/24

Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers:
tcpdump -n src net 192.168.1.0/24

Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers:
tcpdump -n net 192.168.1.0/24

Capture any packets where the destination port is 23. Display IP addresses and port numbers:
tcpdump -n dst port 23

Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:
tcpdump -n dst portrange 1-1023

Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:
tcpdump -n tcp dst portrange 1-1023

Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:
tcpdump -n udp dst portrange 1-1023

Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers:
tcpdump -n "dst host 192.168.1.1 and dst port 23"

Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers:
tcpdump -n "dst host 192.168.1.1 and (dst port 80 or dst port 443)"

Capture any ICMP packets:
tcpdump -v icmp

Capture any ARP packets:
tcpdump -v arp

Capture either ICMP or ARP packets:
tcpdump -v "icmp or arp"

Capture any packets that are broadcast or multicast:
tcpdump -n "broadcast or multicast"

Capture 500 bytes of data for each packet rather than the default of 68 bytes:
tcpdump -s 500

Capture all bytes of data within the packet:
tcpdump -s 0