Shell Tools (Network)

Network related shell tools

need to merge?

7 free networking tools you must have | Network World
20 quick tips to make Linux networking easier (free PDF) - TechRepublic
A Collection Of Utilities To Simplify Linux Network Troubleshooting And Performance Tuning - OSTechNix

nicolaka/netshoot: a Docker + Kubernetes network trouble-shooting swiss-army container

`iproute2`/`ip`

iproute2 package deprecates old networking commands in net-tools package
networking:iproute2 [Linux Foundation Wiki]
Deprecated Linux networking commands and their replacements | Doug Vitale Tech Blog

Deprecated command	Replacement command(s)
arp	ip n (ip neighbor)
ifconfig	ip a (ip addr), ip link, ip -s (ip -stats)
ipmaddr	ip maddr
iptunnel	ip tunnel
iwconfig	iw
mii-tool	ethtool
nameif	ip link, ifrename
netstat	ss, ip route (for netstat-r), ip -s link (for netstat -i), ip maddr (for netstat-g)
route	ip r (ip route)

ip command cheat sheet (PDF)
How to check your network connections on Linux | Network World
Linux networking: ifconfig versus ip | Enable Sysadmin

check connection

Linux – Determine / Find Ethernet Connection Speed

ethtool eno1

This shows the connection partnet and actual speed of the connection.
ip's speed is the supported speed of the interface, not the actual negotiated speed.

IP forwarding

Host A: 1
Host B:
192.168.0.30
10.0.0.30

# Host A, similarly Host C
ip route add 10.0.0.0/24 via 192.168.0.30 dev eth0
#            ^ dest network  ^ router IP      ^ NIC
# persist setting
echo "ip route add 10.0.0.0/24 via 192.168.0.30 dev eth0" > /etc/sysconfig/network-scripts/route-10.0.0.0

Host B

# Host B
# check if forwarding is enabled
sysctl net.ipv4.ip_forward
# enable in this session
sysctl -w net.ipv4.ip_forward=1
# persist setting
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

Port scan

unicorn scan

`nmap`

Nmap: the Network Mapper - Free Security Scanner
How To Use Nmap to Scan for Open Ports on your VPS | DigitalOcean
What is Nmap? Why you need this network mapper | Network World

How to Check Service Running on Specific Port on Linux

How Nmap really works // And how to catch it // Stealth scan vs TCP scan // Wireshark analysis - YouTube
Nmap Tutorial to find Network Vulnerabilities - YouTube
NMAP Revealed: Unleash the Ultimate Hacker Tool - YouTube

Hack Like a Pro: How to Conduct Active Reconnaissance and DOS Attacks with Nmap « Null Byte :: WonderHowTo
Hack Like a Pro: Advanced Nmap for Reconnaissance « Null Byte :: WonderHowTo

Nmap Scripting Engine (NSE) | Nmap Network Scanning
Hack Like a Pro: Using the Nmap Scripting Engine (NSE) for Reconnaissance « Null Byte :: WonderHowTo
giterlizzi/nmap-log4shell: Nmap Log4Shell NSE script for discovery Apane Log4j RCE (CVE-2021-44228)

# most nmap commands require root privileges
sudo su

# no ping
-np
# check file
-Sv
# timing
-T 0  # paranoid, avoid detection
-T 5  # insane, fastest

# scan ports and OS
nmap -O ${host}
# check port at host
nmap -p 443 192.168.2.254
# check TLS ciphers
nmap -p 443 --script ssl-enum-ciphers ${host}

massscan

rustscan

RustScan/RustScan: 🤖 The Modern Port Scanner 🤖

scans all 65k ports in 3 seconds
Scripting Engine

Usage · RustScan/RustScan Wiki
Things you may want to do with RustScan but don't understand how · RustScan/RustScan Wiki

check process listening on port

netstat -ltnp | grep -w ':80'
lsof -i :80
fuser 80/tcp

`netcat`

nc or ncat in different distros

Netcat: the TCP/IP swiss army
A Unix Utility You Should Know About: Netcat - good coders code, great coders reuse
Using netcat as an intercepting proxy | Hawk Host Blog
Netcat – a couple of useful examples | G-Loaded Journal
8 Netcat (nc) Command with Examples
Netcat – The Admin’s Best Friend » ADMIN Magazine
Hack Like a Pro: How to Use Netcat, the Swiss Army Knife of Hacking Tools « Null Byte
Linux and Unix Port Scanning With netcat [nc] Command - nixCraft

# hostA, listen for UDP packet at port 5060
nc -u -l 5060
# hostB, connect to hostA's UDP 5060
# -z test connection only
nc -vzu hostA 5060

Wireshark vs. Netcat for Network Protocol Analysis

Network Sniffing

TCPDUMP/LIBPCAP public repository
caesar0301/awesome-pcaptools: A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.

emmanueltouzery/hotwire: Hotwire allows you to study network traffic of a few popular protocols in a simple way

tcpdump - man page - ManKier
tcpdump101.com - Build packet capture syntax online
Packet Analyzer: 15 TCPDUMP Command Examples
Tcpdump 101 | Jacques DALBERA's IT world
A Quick and Practical Reference for tcpdump | Benjamin Cane
Masterclass – Tcpdump – Expressions - Packet Pushers

# dump traffic
sudo tcpdump -vvv -s 0 -nni <interface> -w <file> host <host> and port <port> &

# monitor ARP traffic
sudo tcpdump -i enp3s0 -l -n arp

nicolaka/netshoot: a Docker network troubleshooting swiss-army container

docker run --net host nicolaka/netshoot ngrep -tpd enp3s0 HTTP

projectdiscovery/proxify: Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.

`ss`

Probe Your Linux Sockets With ss | Linux.com | The source for Linux information

`traceroute`

traceroute - man page - ManKier

How Does Traceroute Work and Example's of using traceroute command
Traceroute: Finding meaning among the stars | Enable Sysadmin

`mtr`

How to use the Linux mtr command | Enable Sysadmin
What is MTR & How to Use to Troubleshoot & Test your Connections

network monitor

18 commands to monitor network bandwidth on Linux server – BinaryTides
How to quickly check to see if your Linux server is under a DoS attack from a single IP address - TechRepublic

top-like interface to show bandwidth usage for each connection
iftop: display bandwidth usage on an interface
iftop - A Real Time Linux Network Bandwidth Monitoring Tool

bmon - A Powerful Network Bandwidth Monitoring and Debugging Tool for Linux trace interface

rolandriegel/nload: Real-time network traffic monitor trace interface, simple
nload - Monitor Linux Network Bandwidth Usage in Real Time

GlassWire - Personal Firewall & Network Monitor
Safing Portmaster
Portmaster: GlassWire Alternative for Linux to Monitor Network

Wireless

uoaerg/wavemon: wavemon is an ncurses-based monitoring application for wireless network devices
Kismet - Kismet

`scapy`

Scapy Python package to craft and send packets

Data Harvest » Linux Magazine
Python Network Hacking with Kali Linux and Scapy = attack one! 😀 - YouTube

`netstat`

# list listening TCP ports
netstat -ntlp
netstat -4 tcp:80

lsof -i udp:24000
lsof -i tcp:80

-t tcp
-u udp
-x UNIX sock

-l listening port
-a all connections

-s show stats

-n show IP instead of hostname
-p show PID/program name (may need sudo)
-c continuous mode

oh-my-zsh/systemadmin.plugin.zsh at master · robbyrussell/oh-my-zsh
Linux networking: 13 uses for netstat | Enable Sysadmin

impacket

fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

network speed test

Microsoft/ethr: Ethr is a Network Performance Measurement Tool for TCP, UDP & HTTP.

NAS=/media/dpms-nas2

# write
dd if=/dev/urandom of=$NAS/random500 bs=1M count=500 oflag=direct

# read
dd if=$NAS/random500 of=/dev/null bs=1M count=500 iflag=direct

iperf

# server
iperf -s -p 2323

# client
iperf -c $SERVER -p 2323

userdocs/iperf3-static: A static build of iperf3 to do network testing on remote servers.
How to test the network speed/throughput between two Linux servers - nixCraft