1.5 Networking
Networking tools in Linux vary significantly across distributions.
The newer iproute2 package includes ss
and ip
which largely replace commands such as ifconfig
, route
, and netstat
.
On the man page of the netstat command, you can read:
This program is mostly obsolete. Replacement for netstat is ss. Replacement for netstat -r is ip route. Replacement for netstat i is ip -s link. Replacement for netstat -g is ip maddr.
Like the man page says, the ss
command has replaced the netstat
command. Other deprecated programs in the net-tools package include:
route
and netstat -r
that have been replaced with ip route
arp
which have been replaced by ip neigh
or neighbor.
Some useful terminology to learn across these programs:
inet - internet protocol family (IPv4)
inet6 - the modern protocol of IP addresses represented in hexidecimal
lo - virtual loop back device/interface for troubleshooting ifconfig lo
wlo1 - wireless network interface (NIC)
RX - Receive
TX - Transmit
Network Monitoring
Tshark
-i
for interface-f
for capture filter
❯ sudo tshark -i wlo1 -f "src port 443"
You can also read -r
from and write -w
to a file.
tcpdump
Similar to tshark, tcpdump
can also analyze packets on a network.
List interfaces with -D
.
❯ tcpdump -D
1.wlo1 [Up, Running, Wireless, Associated]
2.any (Pseudo-device that captures on all interfaces) [Up, Running]
3.lo [Up, Running, Loopback]
4.enp2s0 [Up, Disconnected]
5.virbr0 [Up, Disconnected]
6.docker0 [Up, Disconnected]
The syntax is very similar to tshark
❯ sudo tcpdump -i wlo1 port 443 -w tcpdump.pcap
My Traceroute mtr
Article on mtr
command. Combines ping
and traceroute
functionality.
-r
report mode sends 10 packets in the background and write to sdout. Use -c
to cycle the number of packets.
❯ mtr -r -c 15 google.com > report.txt
mtr uses ICMP echos by default, but you can use UDP with -u
and TCP SYN packets with -T
.
Checking Open Ports
You want set up a server for SSH, the first step is making sure port 22 is open. Here are the various ways to check.
ss -tuln | grep ':22'
telnet localhost 22
sudo lsof -iTCP #look for a name with ssh
Firewalls
Let's say telnet refuses connection and the other commands do not find port 22, this could be UFW (Uncomplicated Firewall) is blocking it. UFW basically a wrapper over iptables
for Ubuntu.
sudo ufw status
will let you know if it is enabled or not, and what ports it allows or blocks.
UFW will either use iptables
or nftables
by default. Here we can see nf_tables is used, if it wasn't, it would say "legacy".
iptables -V
iptables v1.8.7 (nf_tables)
iptables is old and nftables if preferred.