# NETWORKING ## TOC 1. [SETUP](#setup) 1.1 [/etc/network/interfaces](#/etc/network/interfaces) 1.2. [WiFi](#wifi) 2. [FIREWALL](#firewall) 2.1. [ufw](#ufw) 2.2. [iptables](#iptables) 3. [SSH](#ssh) 3.1. [CLIENT](#client) 3.2. [SERVER](#server) 4. [TROUBLESHOOTING](troubleshooting) 4.1. [tcpdump](#tcpdump) 4.2. [netstat](#netstat) 4.3. [traceroute](#traceroute) 4.4. [nmap](#nmap) ## SETUP ### /etc/network/interfaces ``` # use last 8 octets for hosts 255.255.255.0 ``` ### WiFi Use WiFi without a separate network manager with this simple guide. Needs "_dhcpcd_" or "_dhcpclient_", "_net-tools_" or "_iproute2_", "_wpa\_supplicant_", and the WiFi drivers for your wireless card (like "_iwlwifi_" and its "_ucode_"), which in part can be installed from a package usually named "_linux-firmware_", but they may not be complete (this provides "_ucode_" but not "_iwlwifi_"). __NOTE__: The "__" can be either "_wlp3s0_" or "_wlan0_". Change accordingly the following commands to suit your needs. * Create the configuration file (as "_root_", not "_sudo_"): `wpa_passphrase > /etc/wpa_supplicant.conf` * Delete non hashed password from "_/etc/wpa_supplicant.conf_", but not the hashed one. Each time you need to connect type the following command (as "_root_" or with "_sudo_"): * __EXAMPLE 1__: With "_net-tools_" and "_dhcpcd_": ``` ifconfig down ifconfig up wpa_supplicant -B -i -c /etc/wpa_supplicant.conf -Dwext dhcpcd ``` * __EXAMPLE 2__: With "_iproute2_" and "_dhclient_": ``` ip link set down ip link set up wpa_supplicant -B -i -c /etc/wpa_supplicant.conf -Dwext dhclient ``` You can save either example in a script to activate the Wi-Fi whenever you want. * Note: As an educational tip, the name of a network is also called "_SSID_" in other places. ## FIREWALL ### ufw * Show status `sudo ufw status` * Enable firewall `sudo ufw enable` * Disable firewall `sudo ufw disable` * Deny all by default `sudo ufw default deny` * Allow all by default `sudo ufw default allow` * Allow everything for specific port by default `sudo ufw allow PORT_NUMBER` * Delete a rule `sudo ufw delete allow PORT_NUMBER` * Allow everything for a specific address `sudo ufw allow from IP_ADDRESS` * Allow a specific port for a specific address `sudo ufw allow from IP_ADDRESS to any port PORT_NUMBER` ### iptables * To flush all rules (reset to blank slate): `iptables -F` * To flush an specific rule: `iptables -F ` ### BASICS * The rules are read in the order you give them and also their flags: _-A_: appends to previous list of rules. _-I_: inserts to previous list of rules. * The rules are followed according to their type which is a chain. The three types of chains are: _INPUT_: Comes from outside the firewall (commonly from another computer). _OUTPUT_: Comes from behind the firewall (commonly from the same computer). _FORWARD_: Goes to a third computer. * To select the interface (can be eth0, lo, wlan0, etc.): `--in-interface ` * or also: `-i ` * To make the rule match all but the requested interface add an exclamation between the interface flag and the interface name: `-i ! ` * To select source of connection: `-s ` * To select the protocol (can be tcp, udp, etc.): `-p ` * Port: `--dport ` * Match packet rules by state (can be used instead of ports): `-m state` * Types of state (ESTABLISHED, RELATED, etc.), more than one can be selected by using a comman with no spaces, for example: `--state ESTABLISHED,RELATED` * Match packet rules by IP range (can be used instead of ports): `-m iprange` * To choose a range set the start IP and the end IP separated by a dash: `--src-range -` * The action to enforce (ACCEPT, DROP, etc.): `-j ` ## SSH ### CLIENT * login to remote host `ssh ADDRESS` * login to remote host as user USER `ssh USER@ADDRESS` ## SERVER * set ssh server configuration in /etc/ssh/sshd_config ``` Port 22 # default port is 22, can be changed PermitRootLogin without-password # change "without-password" to "no" to forbid root login AllowUsers USER_NAME # by allowing a specific user it restricts the others ``` * restart "ssh" service to activate changes ## TROUBLESHOOTING ### tcpdump * dump all `sudo tcpdump` * dump 5 packets `sudo tcpdump -c 5` * dump in ASCii format `sudo tcpdump -A` * dump in hexadecimal format `sudo tcpdump -xx` * dump from an specific interface `sudo tcpdump -i INTERFACE_NAME` * dump from a specific port `sudo tcpdump port PORT_NUMBER` * dump 5 packets in hexadecimal from an specific interface and a specific port `sudo tcpdump -c 5 -xx -i INTERFACE port PORT_NUMBER` ### netstat * show routing table, including gateway `netstat -nr` * show all ports `netstat -tulpn` * show network usage of devices `netstat -i` * show active connections `netstat -ta` * show active connections, but show ip addresses instead `netstat -tan` ### traceroute * show which route your connection takes between your computer to the destination `traceroute WEBNAME_OR_IP` ### nmap * scan a specific ip address (including devices) `nmap IP_NUMBER` * scan a specific website `nmap WEBSITE_NAME` * scan a specific ip address (including devices) with more information `nmap -v IP_NUMBER` * scan two ip address (including devices), 192.168.0.1 and 192.168.0.54 `nmap 192.168.0.1,54` * scan a range of ip address (including devices), from 192.168.0.1 to 192.168.0.100 `nmap 192.168.0.1-100` * scan all ip address (including devices) from network 192.168.0.0 `nmap 192.168.0.*` * scan address from a file `nmap -il ` * scan address and identify OS and running services `nmap -A IP_NUMBER` * check if target is up `nmap -sP IP_NUMBER` * check reason for services states `nmap --reason IP_NUMBER` * show host interfaces `nmap --iflist IP_NUMBER`