Network Connection

Status

netstat

# -t: tcp, -u: udp, -l: listen, -p: programs, -n: don't resolve names
netstat -lnptu
# -r: route
netstat -rn

Connectivity of Hosts

ping <target-ip>

# Stop after 5 times
ping -c 5 <target-ip>

# No DNS resolution
ping -n 3 <target-ip>

Trace Route Path Between Two Nodes

traceroute <target-ip>

Investigate Packets/Traffic

ICMP

Check the status of network connections between nodes.
1. Start Tcpdump
  
  To start analyzing, start tcpdump. Here we use eth0 interface.

        sudo tcpdump -i eth0 icmp

        # For Wireshark
        sudo tcpdump -i eth0 icmp -w /tmp/tcpdump.pcap
    ```

    2. **Send Packets to Target**

        For example, send 5 packets to target.

sudo ping -c 5 ```

3. **Check Results of Tcpdump**

    To check the details, use Wireshark.

wireshark /tmp/tcpdump.pcap

DNS Resolver

Check the condition of the name resolution

ping example.com

If you cannot ping the target website, the DNS resolver is not working.
To change the DNS resolver, update the original nameserver to the new one in /etc/resolv.conf.
For example:

...
# nameserver x.x.x.x
nameserver 8.8.8.8
...

Below are some representative DNS servers.

Google - 8.8.8.8 & 8.8.4.4
Quad9 - 9.9.9.9 & 149.112.112.112
OpenDNS - 208.67.222.222 & 208.67.220.220
Cloudflare - 1.1.1.1 & 1.0.0.1

After updating /etc/resolv.conf, restart the name resolution service.

sudo systemctl restart systemd-resolved.service

Send Packet with MAC/IP Spoofing

IP Spoofing

    sudo ./run_scapy

    >>> spoof_example = IP(src='172.1.1.20', dst='172.1.1.40')
    >>> send(spoof_example)

MAC and IP Spoofing

    sudo ./run_scapy

    >>> spoofed_MAC_and_IP = Ether(src='00:0c:29:1a:2b:3c', dst='00:0c:29:bd:da:cf', type=0x0800)/IP(src='172.1.1.24', dst='172.1.1.40')