Network¶
Watch network connections¶
$ watch ss -tp
Established connections¶
$ netstat lsof -i
Tcp connections¶
$ netstat -ant # -anu=udp
Connections with PIDs¶
$ netstat -tulpn
List of listening ports¶
$ netstat -uanp
Capture packets¶
$ sudo apt-get install tcpdump
$ sudo tcpdump -i wlan0 src port 80 or dst port 80
$ sudo apt-get install tshark
$ tshark -i any
Change the default gateway¶
$ sudo route del default
$ sudo route add default gw 192.168.1.115
Or:
$ vim /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.119
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.115
dns-nameservers 8.8.8.8 8.8.4.4
Set a static IP¶
$ vim /etc/network/interfaces
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.119
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.115
dns-nameservers 8.8.8.8 8.8.4.4
How do I install dig?¶
$ sudo apt-get istall dnsutils
Monitor bandwidth usage per process¶
$ sudo apt-get install nethogs
$ nethogs -a
$ sudo apt-get install iptraf
$ sudo iptraf-ng
$ watch -n1 netstat -tunap
https://askubuntu.com/questions/532424/how-to-monitor-bandwidth-usage-per-process
Show your gateway¶
$ route -ne
Disable IP6¶
$ sudo vim /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
$ sudo sysctl -p
Number of open connections per ip¶
$ netstat -ntu | awk -F"[ :]+" 'NR>2{print $6}'|sort|uniq -c|sort -nr
Specific port:
$ netstat -ntu | grep ":80\|:443" | awk -F"[ :]+" '{print $6}'|sort|uniq -c|sort -nr
Or:
netstat -na | grep ":443\|:80" | grep -v LISTEN | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn | head
Output:
14 23.43.29.1
12 76.55.52.34
4 8.3.2.34
1 192.163.2.42
1 172.53.43.87
Connections types:¶
$ netstat -ant | awk 'NR>1{print $6}' | sort | uniq -c | sort -rn
Output:
93 ESTABLISHED
15 TIME_WAIT
15 LISTEN
1 SYN_SENT
1 Foreign
1 CLOSE_WAIT
Port forwarding¶
Forward all TCP/UDP from local host port 80 to the remote server at port 80
sudo socat -dd TCP4-LISTEN:80,fork,reuseaddr TCP4:1.2.3.4:80 &
sudo socat -dd UDP-LISTEN:80,fork,reuseaddr UDP:1.2.3.4:80 &
Open port¶
$ ufw allow 80
$ ufw allow 80/udp