3.7 KiB
NETWORKING
WiFi
Use WiFi without a separate network manager with this simple guide. Needs "dhcpcd" or "dhcpclient", "net-tools" or "iproute2", "wpa_supplicant", and the WiFi drivers for your wireless card (like "iwlwifi" and its "ucode"), which in part can be installed from a package usually named "linux-firmware", but they may not be complete (this provides "ucode" but not "iwlwifi").
NOTE: The "<DEVICE_NAME>" can be either "wlp3s0" or "wlan0". Change accordingly the following commands to suit your needs.
- Create the configuration file (as "root", not "sudo"):
wpa_passphrase <NETWORK_NAME> <PASSWORD> > /etc/wpa_supplicant.conf
- Delete non hashed password from "/etc/wpa_supplicant.conf", but not the hashed one.
Each time you need to connect type the following command (as "root" or with "sudo"):
- EXAMPLE 1: With "net-tools" and "dhcpcd":
ifconfig <DEVICE_NAME> down
ifconfig <DEVICE_NAME> up
wpa_supplicant -B -i<DEVICE_NAME> -c /etc/wpa_supplicant.conf -Dwext
dhcpcd <DEVICE_NAME>
- EXAMPLE 2: With "iproute2" and "dhclient":
ip link set <DEVICE_NAME> down
ip link set <DEVICE_NAME> up
wpa_supplicant -B -i<DEVICE_NAME> -c /etc/wpa_supplicant.conf -Dwext
dhclient <DEVICE_NAME>
You can save either example in a script to activate the Wi-Fi whenever you want.
- Note: As an educational tip, the name of a network is also called "SSID" in other places.
Next
using ufw
sudo ufw status sudo ufw enable sudo ufw disable sudo ufw default deny sudo ufw default allow sudo ufw allow PORT_NUMBER
- delete a rule sudo ufw delete allow PORT_NUMBER
- allow everything for a specific address sudo ufw allow from IP_ADDRESS
- allow a specific port for a specific address sudo ufw allow from IP_ADDRESS to any port PORT_NUMBER
tcpdump
- dump all sudo tcpdump
- dump 5 packets sudo tcpdump -c 5
- dump in ASCii format sudo tcpdump -A
- dump in hexadecimal format sudo tcpdump -xx
- dump from an specific interface sudo tcpdump -i INTERFACE_NAME
- dump from a specific port sudo tcpdump port PORT_NUMBER
- dump 5 packets in hexadecimal from an specific interface and a specific port sudo tcpdump -c 5 -xx -i INTERFACE port PORT_NUMBER
netstat
- show routing table, including gateway netstat -nr
- show all ports netstat -tulpn
- show network usage of devices netstat -i
- show active connections netstat -ta
- show active connections, but show ip addresses instead netstat -tan
traceroute
- show which route your connection takes between your computer to the destination traceroute WEBNAME_OR_IP
nmap
- scan a specific ip address (including devices) nmap IP_NUMBER
- scan a specific website nmap WEBSITE_NAME
- scan a specific ip address (including devices) with more information nmap -v IP_NUMBER
- scan two ip address (including devices), 192.168.0.1 and 192.168.0.54 nmap 192.168.0.1,54
- scan a range of ip address (including devices), from 192.168.0.1 to 192.168.0.100 nmap 192.168.0.1-100
- scan all ip address (including devices) from network 192.168.0.0 nmap 192.168.0.*
- scan address from a file nmap -il FILE
- scan address and identify OS and running services nmap -A IP_NUMBER
- check if target is up nmap -sP IP_NUMBER
- check reason for services states nmap --reason IP_NUMBER
- show host interfaces nmap --iflist IP_NUMBER
SSH
- login to remote host ssh ADDRESS
- login to remote host as user USER ssh USER@ADDRESS
- set ssh server configuration in /etc/ssh/sshd_config Port 22 # default port PermitRootLogin without-password # change "without-password" to "no" AllowUsers USER_NAME # by allowing a specific user it restricts the others
- restart "ssh" service to activate changes
use last 8 octets for hosts
255.255.255.0