Edit

Network Analysis

ip
Bring interface up
sudo ip link set eth0 up
Display the Routing Table
ip route show
Add a route
sudo ip route add 192.168.2.0/24 via 192.168.1.254
Delete a Route
sudo ip route del 192.168.2.0/24
Add a Default Gateway
sudo ip route add default via 192.168.1.1
Use lft to trace hops in the network
sudo lft <IP:PORT>

  • If you suspect that there is a VM or docker being hosted in a different port you can use lft and check if there are differences in the results.

Find the processes associated with a port
lsof -i -n -P <port_number>
Shows TCP open connections in the Listen state
lsof -wnP -iTCP -sTCP:LISTEN
Listening ports & services
ss -tuln
Listening ports + PID
ss -tulnp | grep PID
TTL Values and OS Fingerprinting

The TTL value in the ping response is a starting value decremented by one for each hop the packet takes; Values differ between operating systems:

  • Linux/Unix -> 64

  • Windows -> 128

  • Cisco -> 255

ping -c 4 example.com

  • It sends ICMP Echo Request packets to a target and waits for ICMP Echo Reply packets in return.

Output Example
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.123 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.120 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.122 ms

  • TTL (Time to Live): The maximum number of hops a packet can traverse before being discarded.

  • Time: The round-trip time (RTT) for the packet to reach the destination and return.

Trace the network path
traceroute example.com
PreviousJDWPNexttcpdump

Last updated