Skip to content

Latest commit

 

History

History
195 lines (139 loc) · 4.71 KB

chapter-3-analyzing-and-managing-networks.md

File metadata and controls

195 lines (139 loc) · 4.71 KB

Chapter 3: Analyzing and Managing Networks

Overview

Networking is at the core of Linux systems, and understanding how to analyze and manage networks is a crucial skill for cybersecurity professionals. This chapter covers the tools and commands needed to inspect, configure, and troubleshoot network connections in Linux.

1. Viewing Network Interfaces

ifconfig: Interface Configuration

  • Displays network interfaces and their configurations.
  • Deprecated on some systems; replaced by ip.

ip: Modern Network Configuration Tool

  • Provides detailed information and control over network interfaces.

Syntax and Examples:

ifconfig                   # Display all network interfaces
ip a                      # Show all IP addresses
ip link show              # Show link-layer information
ip addr show eth0         # Show details for a specific interface (e.g., eth0)

2. Managing Network Interfaces

Bring Interfaces Up or Down

  • Use ifconfig or ip to enable or disable network interfaces.

Examples:

sudo ifconfig eth0 up       # Enable eth0 interface
sudo ifconfig eth0 down     # Disable eth0 interface
sudo ip link set eth0 up    # Enable eth0 interface with ip
sudo ip link set eth0 down  # Disable eth0 interface with ip

3. Testing Connectivity

ping: Check Network Connectivity

  • Sends ICMP packets to test reachability.

Examples:

ping 8.8.8.8               # Ping Google DNS
ping -c 4 example.com      # Send 4 packets to a domain

traceroute: Trace Network Routes

  • Identifies the path packets take to a destination.

Examples:

traceroute example.com

4. DNS Resolution

dig: DNS Lookup

  • Queries DNS servers for information about domains.

Examples:

dig example.com            # Perform a DNS lookup
dig +short example.com     # Show only the IP address

nslookup: Alternative DNS Query Tool

  • Provides basic DNS resolution.

Examples:

nslookup example.com

5. Network Traffic Analysis

tcpdump: Packet Capturing

  • Captures and inspects network packets.

Examples:

sudo tcpdump -i eth0       # Capture all traffic on eth0
sudo tcpdump port 80       # Capture HTTP traffic
sudo tcpdump -w capture.pcap  # Save captured traffic to a file

wireshark: GUI for Packet Analysis

  • Analyze captured traffic with a graphical interface.

6. Managing Routes

route: View and Modify Routing Tables

  • Displays or changes the kernel routing table.

Examples:

route -n                  # Display routing table
sudo route add default gw 192.168.1.1  # Add a default gateway

ip route: Modern Routing Tool

  • Replaces route for managing routing tables.

Examples:

ip route show             # Display current routes
sudo ip route add default via 192.168.1.1  # Add a default gateway

7. Port Scanning and Services

nmap: Network Mapper

  • Scans networks for open ports and services.

Examples:

nmap 192.168.1.0/24       # Scan an entire subnet
nmap -p 80,443 example.com # Scan specific ports on a domain

netstat: Network Statistics

  • Displays active connections, listening ports, and routing tables.

Examples:

netstat -tuln             # Show listening ports and connections

8. Troubleshooting Tools

ethtool: Network Interface Diagnostics

  • Provides detailed information and settings for network interfaces.

Examples:

sudo ethtool eth0         # Display details about eth0

arp: Address Resolution Protocol

  • Displays and modifies the ARP table.

Examples:

arp -a                    # View ARP table
sudo arp -d 192.168.1.1   # Delete an entry from the ARP table

iptables: Firewall and Packet Filtering

  • Configures network packet filtering rules.

Examples:

sudo iptables -L          # List all rules
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT  # Allow SSH traffic

Summary

By the end of this chapter, you should be able to:

  • View and configure network interfaces.
  • Test and troubleshoot network connectivity.
  • Analyze network traffic using tcpdump and nmap.
  • Manage routes and DNS resolution.

Next Steps:

Exercises

  1. Display all active network interfaces on your system.
  2. Ping your default gateway and verify connectivity.
  3. Use tcpdump to capture HTTP traffic and save it to a file.
  4. Scan your local subnet with nmap to identify active devices.
  5. Add a new default gateway using ip route and verify it with ip route show.