Network Analysis

Use lft to trace hops in the network

sudo lft <IP:PORT>

If you suspect that there is a VM or docker being hosted in a different port you can use lft and check if there are differences in the results.

ip

Bring interface up

sudo ip link set eth0 up

Display the Routing Table

ip route show

Add a route

sudo ip route add 192.168.2.0/24 via 192.168.1.254

Delete a Route

sudo ip route del 192.168.2.0/24

Add a Default Gateway

sudo ip route add default via 192.168.1.1

ping

Ping and TCPdump Network Analysis for RCE Detection

Simply ping your own host, you can use the command directly or as a payload for a script:

ping -c 1 10.10.14.6

And catch it with tcpdump:

sudo tcpdump -ni <interface> icmp

TTL Values and OS Fingerprinting

The TTL value in the ping response is a starting value decremented by one for each hop the packet takes; Values differ between operating systems:
Linux/Unix -> 64
Windows -> 128
Cisco -> 255

Send 4 packages

ping -c 4 example.com

It sends ICMP Echo Request packets to a target and waits for ICMP Echo Reply packets in return.

Output Example

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.123 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.120 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.122 ms

TTL (Time to Live): The maximum number of hops a packet can traverse before being discarded.
Time: The round-trip time (RTT) for the packet to reach the destination and return.

ss

Listening ports & services

ss -tuln

Listening ports + PID

ss -tulnp | grep PID

Trace the network path

traceroute example.com

tripwire

Initialize the Tripwire database

sudo tripwire --init

Check the integrity of the system

sudo tripwire --check

Generate a report

sudo tripwire --update

PreviousRegex Nextcurl

Last updated 2 months ago

Network Analysis

Use lft to trace hops in the network

sudo lft <IP:PORT>

If you suspect that there is a VM or docker being hosted in a different port you can use lft and check if there are differences in the results.

ip

Bring interface up

sudo ip link set eth0 up

Display the Routing Table

ip route show

Add a route

sudo ip route add 192.168.2.0/24 via 192.168.1.254

Delete a Route

sudo ip route del 192.168.2.0/24

Add a Default Gateway

sudo ip route add default via 192.168.1.1

ping

Ping and TCPdump Network Analysis for RCE Detection

Simply ping your own host, you can use the command directly or as a payload for a script:

ping -c 1 10.10.14.6

And catch it with tcpdump:

sudo tcpdump -ni <interface> icmp

TTL Values and OS Fingerprinting

The TTL value in the ping response is a starting value decremented by one for each hop the packet takes; Values differ between operating systems:
Linux/Unix -> 64
Windows -> 128
Cisco -> 255

Send 4 packages

ping -c 4 example.com

It sends ICMP Echo Request packets to a target and waits for ICMP Echo Reply packets in return.

Output Example

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.123 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.120 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.122 ms

TTL (Time to Live): The maximum number of hops a packet can traverse before being discarded.
Time: The round-trip time (RTT) for the packet to reach the destination and return.

ss

Listening ports & services

ss -tuln

Listening ports + PID

ss -tulnp | grep PID

Trace the network path

traceroute example.com

tripwire

Initialize the Tripwire database

sudo tripwire --init

Check the integrity of the system

sudo tripwire --check

Generate a report

sudo tripwire --update

PreviousRegex Nextcurl

Last updated 2 months ago