In the actual development process, I am familiar with the use of Linux or Windows related network tools, so I can find the fault faster and more accurate, so today I share a few must network tools

1 nc

“> < p style =” max-width: 100%; clear: both; I do not know whether you use nc to do something with shell in the infiltration process. It is used to quickly build web links. Used to debug client programs.

Nc parameters

A case in point

Perform a task Execute the command
Scan machine A for service with port number 30-40 nc -z A 30-40
The port number for connecting to server A is 5000 nc -C A 5000
File transfer MachineA:nc -v -n ip port <D:\a.exe MachineB:nc -v -l -p port >E:\a.exe

2 ping

It is used to detect network connectivity. We know that the machine on the network has a unique IP address, sends packets to the place, and based on the information returned, preliminatively determine whether the target machine exists or what the operating system of the target machine is. Another common use of Ping, what is the underlying principle, is TCP/UDP?

ping

ICMP is actually used in the concrete implementation, it is a control protocol based on IP protocol, Internet control protocol, what is the packet like


The following describes the field meanings

  • Type: indicates the ICMP type. 0 indicates the request type, and 8 indicates the reply
  • Code: used to find the cause of the error
  • Checksum: Checks for faulty data
  • Identifiers: Use identifiers to identify who sent the control protocol
  • Serial number: a uniquely identified packet

The ping command is used to assemble IP packets and send them. The destination IP address of the packet is the destination IP address of the ping host, and the original IP address is the IP address of the ping host. Then fill in the data according to the ICMP rules.

Then IP packets are known through ARP

Viewing Detailed Parameters

Ping parameters

Common parameter [-l] : defines the size of the data packet to be sent. The default value is 32 bytes

[-n] : specifies the number of packets to be sent. The default value is 3

[-t] : indicates that packets are continuously sent to the destination IP address

TTL

TTL is a value in an IP protocol packet that tells the network router whether a packet has been in the network for too long and should be discarded

  • The longer the TTL is set, the longer the cache time will be and the less likely the update will take effect. Increasing TTL can save domain name resolution time and speed up web site visits

  • The TTL value is reduced to reduce the inaccessible time during space replacement

The return value

  • Request timed out

Possible scenarios

The other party has their phone turned off or does not have this address

They may not be on the same network segment and cannot find each other through routing, resulting in timeout

The peer exists but firewall filtering is configured

  • Destination host Unreachable

The peer and the peer are on different network segments and no default route is configured

The cable is faulty.

  • Bad IP address

Either the IP address does not exist or is not properly connected to the DNS server and cannot be resolved

3 ifconfig/ipaddr

View information about the server network adapter and IP address

ipaddr

The location blurred in the figure above is assumed to be 10.172.100.3, which is an IP address. There are rules for all IP addresses. The IP address is divided into four parts according to the decimal point

So IPV6, 128 bits

At that time, 32 bits were considered sufficient, and they were divided into five categories, as shown in the figure below

Network address classification

Let’s look at the number of hosts at each address


There are too few class C addresses, but too many class B addresses

None Type interzone route selection

CIDR addresses contain standard 32-bit IP addresses and information about network prefix bits. For example, 10.172.100.3/24, the number 24 after the IP address slash indicates that the 24 digits are the network number and the next eight digits are the host number.

How do I get a network number?

Use the IP address AND subnet mask to calculate the network number.


4 tcpdump

A similar tool in Windows is Wireshark, which is implemented using the underlying library Winpcap /libpcap. BPF filtering mechanism is adopted. Let’s look at the implications of the different parameters provided.

tcpdump

Now that we know the parameters, let’s look at a few examples

Perform a task Execute the command
Capture a specific network port packet tcpdump -i eth0
Capture a specific number of packets (1000) tcpdump -c 1000 -i eth0
Save the captured package to a file tcpdump -w a.pcap -i eth0
Read the package in PCAP format tcpdump -r a.pcap
Added a timestamp to capture packets tcpdump -n -ttt -i eth0
Specifies the protocol type for capturing packets tcpdump -i eth0 arp
Capture the specified port tcpdump -i eth0 post 22
Capture a packet for a specific destination IP +port tcpdump -i eth0 dst address and port 22
Capture DNS requests and responses tcpdump -i eth0 -s0 port 53
Matches Http request headers tcpdump -s 0 -v -n -l | egrep -i “POST /|GET /|Host:”

5 lsof

Lists the file descriptor tools currently open on the system. You can tell which processes are using the descriptor of interest

Again, let’s look at the parameters

lsof

Same old rules. Just a couple of examples

Perform a task The command
List all web links lsof -i
Lists all udp network links lsof -i udp
Lists who is using a port lsof -i :3306
Lists who is using a particular TCP port lsof -i tcp:80
Lists the file information according to the file description scope lsof -d 2-3

7 netstat

Netstat is a network statistics tool. It can get all the information on the network interface, routing table information, network interface information and so on. We usually use it in network programming to display TCP connections and state information.


Here are some common examples

Perform a task Execute the command
List all connections netstat -a
Only TCP or UDP is listed netstat -at/netstat -au
Lists the connections in the listener netstat -tnl
Obtain the process name, process number, and user ID nestat -nlpt
Printing statistics netstat -s
Netstat continues output netstat -ct
Prints connections in active state netstat -atnp | grep ESTA
Check whether the service is Running (NPT) netstat -aple| grep ntp

7 dpkt

DPKT defines the packet class, which defines the base class of network packet types. IP and ICMP inherit from DPKT class, and each subclass has a __ hdr__ structure. This structure defines the header of different packets for retrieving corresponding control fields. The sample is as follows

#! /usr/bin/python
#coding=utf-8
import dpkt
import socket
import optparse
 def printPcap(pcap):  Pass through an array of [timestamp, packet] records  for (ts, buf) in pcap:  try:  Get some Ethernet data  eth = dpkt.ethernet.Ethernet(buf)  Get IP layer data  ip = eth.data  # convert the IP address stored in inet_ntoa toa string  src = socket.inet_ntoa(ip.src)  dst = socket.inet_ntoa(ip.dst)  print '[+] Source address: ' + src + '--> destination address:' + dst  except:  pass  def main(a):  parser = optparse.OptionParser('[*] Usage : ./pcapTest.py -f <file>')# test package  parser.add_option('-f',dest='fileName',type='string',help='specify target filename')  (options,args) = parser.parse_args()  fileName = options.fileNameGet the package name   if fileName == None:  print parser.usage  exit(0)  else:  #f = open('geotest.pcap')  f = open(fileName)  pcap = dpkt.pcap.Reader(f)  printPcap(pcap)  if __name__ == '__main__':  main() Copy the code

8 scapy

This is a sniffer pack, not a crawler frame. Check out the official website for “powerful interactive package manipulation tools”, “support a large number of protocols for package parsing and package construction”, “easily replace Hping, 85% of NMAP, arpspoof, tcpdump and more”. At the end of the day, however, it is all powerful because Scapy is a powerful network packet manipulation tool. Just a general introduction, the specific usage of the official website is very detailed, help to learn the network protocol