Archive for the tag 'Network'

nmap - Network exploration tool and security / port scanner

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

A typical Nmap scan is shown in Example 1. The only Nmap arguments used in this example are -A, to enable OS and version detection,script scanning, and traceroute; -T4 for faster execution; and then the two target hostnames.

Example 1. A representative Nmap scan

# nmap -A -T4 scanme.nmap.org
SBDavid

Comprehensive Perl Archive Network

The CPAN is the Comprehensive Perl Archive Network and can be accessed at http://www.cpan.org/ , and searched at http://search.cpan.org/ .

# perl -MCPAN -e shell

First, are you sure that the module isn’t already on your system? Try “perl -MFoo -e 1″. (Replace “Foo” with the name of the module; for instance.

“perl -MCGI::Carp -e 1″

If you don’t see an error message, you have the module. (If you do see an error message, it’s still possible you have the module, but that it’s not in your path, which you can display with “perl -e “print qq(@INC)”".)

SBDavid

tcpdump - dump traffic on a network

tcpdump - dump traffic on a network

Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.

Example:

root@u12:~# tcpdump -nnvvXS -c2 port 80

-n
Don’t convert host addresses to names. This can be used to avoid DNS lookups.

-nn
Don’t convert protocol and port numbers etc. to names either.

-vv
Even more verbose output. For example, additional fields are printed from NFS reply packets, and SMB packets are fully decoded.

-X
When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.

-S
Print absolute, rather than relative, TCP sequence numbers.

SBDavid

Linux Network Time Protocol Setup

Linux Network Time Protocol Setup

We can also synchronize the system clock with a remote server over the Network Time Protocol ( NTP).

For the one-time synchronization only, use the ntpdate command:

Check whether the selected NTP server is accessible:

[root@fedora ~]# ntpdate -q 0.rhel.pool.ntp.org
server 202.71.136.67, stratum 2, offset 0.014709, delay 0.25420
server 119.226.101.130, stratum 2, offset -0.007991, delay 0.21991
3 Oct 09:40:35 ntpdate[4083]: adjust time server 119.226.101.130 offset -0.007991 sec
[root@fedora ~]#

Run the ntpdate command followed by one or more server addresses:

[root@fedora ~]# ntpdate 0.rhel.pool.ntp.org 1.rhel.pool.ntp.org
3 Oct 09:41:36 ntpdate[4092]: adjust time server 119.226.101.131 offset 0.000724 sec

Enable the service.

[root@fedora ~]# systemctl status ntpd.service
ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled)
Active: inactive (dead) since Wed, 03 Oct 2012 09:42:42 +0530; 36s ago
CGroup: name=systemd:/system/ntpd.service

Oct 03 09:42:42 fedora.example.com ntpd[4105]: ntpd 4.2.6p5@1.2349-o Fri Apr 27 08:37:16 UTC 2012 (1)

Network Parameters for Hosts Only System

If the system is not going to be used as a firewall or gateway to pass IP traffic between different networks, then edit the file /etc/sysctl.conf and add or correct the following lines:

net.ipv4.ip forward = 0
net.ipv4.conf.all.send redirects = 0
net.ipv4.conf.default.send redirects = 0

These settings disable hosts from performing network functionality which is only appropriate for routers.

Next »