mayfrost-guides/NETWORKING.md

199 lines
6.1 KiB
Markdown
Raw Normal View History

2018-05-29 02:52:08 +00:00
# NETWORKING
2019-01-27 03:39:39 +00:00
## TOC
1. [SETUP](#setup)
1.1 [/etc/network/interfaces](#/etc/network/interfaces)
1.2. [WiFi](#wifi)
2. [FIREWALL](#firewall)
2.1. [ufw](#ufw)
2019-01-27 05:00:08 +00:00
2.2. [iptables](#iptables)
2019-01-27 03:39:39 +00:00
3. [SSH](#ssh)
3.1. [CLIENT](#client)
3.2. [SERVER](#server)
4. [TROUBLESHOOTING](troubleshooting)
4.1. [tcpdump](#tcpdump)
4.2. [netstat](#netstat)
4.3. [traceroute](#traceroute)
4.4. [nmap](#nmap)
2018-10-23 01:31:33 +00:00
## SETUP
2018-10-27 16:37:04 +00:00
### /etc/network/interfaces
2018-10-23 01:31:33 +00:00
```
# use last 8 octets for hosts
255.255.255.0
```
2018-10-27 16:37:04 +00:00
### WiFi
2018-03-01 02:58:41 +00:00
2018-06-13 21:58:03 +00:00
Use WiFi without a separate network manager with this simple guide. Needs "_dhcpcd_" or "_dhcpclient_", "_net-tools_" or "_iproute2_", "_wpa\_supplicant_", and the WiFi drivers for your wireless card (like "_iwlwifi_" and its "_ucode_"), which in part can be installed from a package usually named "_linux-firmware_", but they may not be complete (this provides "_ucode_" but not "_iwlwifi_").
2018-07-11 10:49:24 +00:00
__NOTE__: The "_<DEVICE_NAME>_" can be either "_wlp3s0_" or "_wlan0_". Change accordingly the following commands to suit your needs.
2018-03-01 02:58:41 +00:00
2018-03-01 03:13:42 +00:00
* Create the configuration file (as "_root_", not "_sudo_"):
2018-03-01 03:09:49 +00:00
`wpa_passphrase <NETWORK_NAME> <PASSWORD> > /etc/wpa_supplicant.conf`
2018-03-12 22:19:34 +00:00
* Delete non hashed password from "_/etc/wpa_supplicant.conf_", but not the hashed one.
2018-03-01 02:58:41 +00:00
2018-03-12 22:17:37 +00:00
Each time you need to connect type the following command (as "_root_" or with "_sudo_"):
* __EXAMPLE 1__: With "_net-tools_" and "_dhcpcd_":
2018-07-11 10:49:24 +00:00
```
ifconfig <DEVICE_NAME> down
ifconfig <DEVICE_NAME> up
wpa_supplicant -B -i<DEVICE_NAME> -c /etc/wpa_supplicant.conf -Dwext
dhcpcd <DEVICE_NAME>
```
2018-03-01 02:58:41 +00:00
2018-03-12 22:17:37 +00:00
* __EXAMPLE 2__: With "_iproute2_" and "_dhclient_":
2018-07-11 10:49:24 +00:00
```
ip link set <DEVICE_NAME> down
ip link set <DEVICE_NAME> up
wpa_supplicant -B -i<DEVICE_NAME> -c /etc/wpa_supplicant.conf -Dwext
dhclient <DEVICE_NAME>
```
2018-03-01 02:58:41 +00:00
2018-03-12 22:19:34 +00:00
You can save either example in a script to activate the Wi-Fi whenever you want.
2018-03-01 03:13:42 +00:00
2018-03-12 22:17:37 +00:00
* Note: As an educational tip, the name of a network is also called "_SSID_" in other places.
2018-10-13 20:28:03 +00:00
2019-01-27 03:39:39 +00:00
## FIREWALL
2018-10-13 20:28:03 +00:00
2018-10-14 00:28:51 +00:00
### ufw
2018-10-14 00:40:28 +00:00
* Show status
2018-10-14 00:34:29 +00:00
`sudo ufw status`
2018-10-14 00:40:28 +00:00
* Enable firewall
2018-10-14 00:34:29 +00:00
`sudo ufw enable`
2018-10-14 00:40:28 +00:00
* Disable firewall
2018-10-14 00:34:29 +00:00
`sudo ufw disable`
2018-10-14 00:40:28 +00:00
* Deny all by default
2018-10-14 00:34:29 +00:00
`sudo ufw default deny`
2018-10-14 00:40:28 +00:00
* Allow all by default
2018-10-14 00:34:29 +00:00
`sudo ufw default allow`
2018-10-14 00:40:28 +00:00
* Allow everything for specific port by default
2018-10-14 00:34:29 +00:00
`sudo ufw allow PORT_NUMBER`
2018-10-14 00:40:28 +00:00
* Delete a rule
2018-10-14 00:34:29 +00:00
`sudo ufw delete allow PORT_NUMBER`
2018-10-14 00:40:28 +00:00
* Allow everything for a specific address
2018-10-14 00:34:29 +00:00
`sudo ufw allow from IP_ADDRESS`
2018-10-14 00:40:28 +00:00
* Allow a specific port for a specific address
2018-10-14 00:34:29 +00:00
`sudo ufw allow from IP_ADDRESS to any port PORT_NUMBER`
2018-10-13 20:28:03 +00:00
2019-01-27 05:00:08 +00:00
### iptables
* To flush all rules (reset to blank slate):
`iptables -F`
* To flush an specific rule:
`iptables -F <THE_RULE_TO_FLUSH>`
### BASICS
* The rules are read in the order you give them and also their flags:
_-A_: appends to previous list of rules.
_-I_: inserts to previous list of rules.
* The rules are followed according to their type which is a chain. The three types of chains are:
_INPUT_: Comes from outside the firewall (commonly from another computer).
_OUTPUT_: Comes from behind the firewall (commonly from the same computer).
_FORWARD_: Goes to a third computer.
* To select the interface (can be eth0, lo, wlan0, etc.):
`--in-interface <INTERFACE>`
* or also:
`-i <INTERFACE>`
* To make the rule match all but the requested interface add an exclamation between the interface flag and the interface name:
`-i ! <INTERFACE>`
* To select source of connection:
`-s <SOURCE_IP>`
* To select the protocol (can be tcp, udp, etc.):
`-p <PROTOCOL>`
* Port:
`--dport <PORT>`
* Match packet rules by state (can be used instead of ports):
`-m state`
* Types of state (ESTABLISHED, RELATED, etc.), more than one can be selected by using a comman with no spaces, for example:
`--state ESTABLISHED,RELATED`
* Match packet rules by IP range (can be used instead of ports):
`-m iprange`
* To choose a range set the start IP and the end IP separated by a dash:
`--src-range <FIRST_IP>-<LAST_IP>`
* The action to enforce (ACCEPT, DROP, etc.):
`-j <ACTION>`
2019-01-27 03:39:39 +00:00
## SSH
### CLIENT
* login to remote host
`ssh ADDRESS`
* login to remote host as user USER
`ssh USER@ADDRESS`
## SERVER
* set ssh server configuration in /etc/ssh/sshd_config
```
Port 22 # default port is 22, can be changed
PermitRootLogin without-password # change "without-password" to "no" to forbid root login
AllowUsers USER_NAME # by allowing a specific user it restricts the others
```
* restart "ssh" service to activate changes
## TROUBLESHOOTING
2018-10-13 20:28:03 +00:00
### tcpdump
2018-10-14 00:28:51 +00:00
* dump all
2018-10-14 00:34:29 +00:00
`sudo tcpdump`
2018-10-14 00:28:51 +00:00
* dump 5 packets
2018-10-14 00:34:29 +00:00
`sudo tcpdump -c 5`
2018-10-14 00:28:51 +00:00
* dump in ASCii format
2018-10-14 00:34:29 +00:00
`sudo tcpdump -A`
2018-10-14 00:28:51 +00:00
* dump in hexadecimal format
2018-10-14 00:34:29 +00:00
`sudo tcpdump -xx`
2018-10-14 00:28:51 +00:00
* dump from an specific interface
2018-10-14 00:34:29 +00:00
`sudo tcpdump -i INTERFACE_NAME`
2018-10-14 00:28:51 +00:00
* dump from a specific port
2018-10-14 00:34:29 +00:00
`sudo tcpdump port PORT_NUMBER`
2018-10-14 00:28:51 +00:00
* dump 5 packets in hexadecimal from an specific interface and a specific port
2018-10-14 00:34:29 +00:00
`sudo tcpdump -c 5 -xx -i INTERFACE port PORT_NUMBER`
2018-10-13 20:28:03 +00:00
### netstat
2018-10-14 00:28:51 +00:00
* show routing table, including gateway
2018-10-14 00:34:29 +00:00
`netstat -nr`
2018-10-14 00:28:51 +00:00
* show all ports
2018-10-14 00:34:29 +00:00
`netstat -tulpn`
2018-10-14 00:28:51 +00:00
* show network usage of devices
2018-10-14 00:34:29 +00:00
`netstat -i`
2018-10-14 00:28:51 +00:00
* show active connections
2018-10-14 00:34:29 +00:00
`netstat -ta`
2018-10-14 00:28:51 +00:00
* show active connections, but show ip addresses instead
2018-10-14 00:34:29 +00:00
`netstat -tan`
2018-10-13 20:28:03 +00:00
### traceroute
2018-10-14 00:28:51 +00:00
* show which route your connection takes between your computer to the destination
2018-10-14 00:34:29 +00:00
`traceroute WEBNAME_OR_IP`
2018-10-13 20:28:03 +00:00
### nmap
2018-10-14 00:28:51 +00:00
* scan a specific ip address (including devices)
2018-10-14 00:34:29 +00:00
`nmap IP_NUMBER`
2018-10-14 00:28:51 +00:00
* scan a specific website
2018-10-14 00:34:29 +00:00
`nmap WEBSITE_NAME`
2018-10-14 00:28:51 +00:00
* scan a specific ip address (including devices) with more information
2018-10-14 00:34:29 +00:00
`nmap -v IP_NUMBER`
2018-10-14 00:28:51 +00:00
* scan two ip address (including devices), 192.168.0.1 and 192.168.0.54
2018-10-14 00:34:29 +00:00
`nmap 192.168.0.1,54`
2018-10-14 00:28:51 +00:00
* scan a range of ip address (including devices), from 192.168.0.1 to 192.168.0.100
2018-10-14 00:34:29 +00:00
`nmap 192.168.0.1-100`
2018-10-14 00:28:51 +00:00
* scan all ip address (including devices) from network 192.168.0.0
2018-10-14 00:34:29 +00:00
`nmap 192.168.0.*`
2018-10-14 00:28:51 +00:00
* scan address from a file
2018-10-14 00:34:29 +00:00
`nmap -il <FILE>`
2018-10-14 00:28:51 +00:00
* scan address and identify OS and running services
2018-10-14 00:34:29 +00:00
`nmap -A IP_NUMBER`
2018-10-14 00:28:51 +00:00
* check if target is up
2018-10-14 00:34:29 +00:00
`nmap -sP IP_NUMBER`
2018-10-14 00:28:51 +00:00
* check reason for services states
2018-10-14 00:34:29 +00:00
`nmap --reason IP_NUMBER`
2018-10-14 00:28:51 +00:00
* show host interfaces
2018-10-14 00:34:29 +00:00
`nmap --iflist IP_NUMBER`