ToolkitNetwork

Yop, voici la Network Toolkit :-)

ICMP/TCP/UDP

ICMP

TCP

Tools

There is a list of tools to use:

  • Monitoring low level
    • netstat: Show current connections (netstat -taupen)
    • ss: Same as setstat, but in better.
    • lsof: Less network oriented (lsof -i)
    • netstat-nat: Allow to see nated connection, especially the contrack table used by LVS.
  • Monitoring high level
    • iptraf: Show network trafic, allow filters
    • iftop: Show network trafic, allow filters
  • Testing
    • tcpkill: Allow to kill a TCP connection (you can do the same with iptables)

Tips

How to use netcat, with examples here and here.

Simulate network failures

Service reject/shutdown:
iptables -I INPUT -s {{ client_ip }} -p tcp --dport {{ client_port }} -j REJECT
iptables -I INPUT -p tcp --dport {{ client_port }} -j REJECT]@

Server hard shutdown:[@
iptables -I INPUT -s {{ client_ip }} -p tcp --dport {{ client_port }} -j DROP &&  iptables -I OUTPUT -d {{ client_ip }} -p tcp --sport {{ client_port }} -j DROP
iptables -I INPUT -p tcp --dport {{ client_port }} -j DROP &&  iptables -I OUTPUT -p tcp --sport {{ client_port }} -j DROP

Those two cases should represent most of network failures.

UDP

System Level

More example here

Tools to use

There is the list of legacy tools, which shouldn't be used anymore:

  • netstat => ss
  • ifconfig => iproute2 (ip address)
  • route => iproute2 (ip route)

Routing

Firewalling

QoS

Higher level protocols

DNS

HTTP

SSL

Common

External resources:

Network ressources:

Tshark/WireShark

Filtering the network may be useful withou knowing the following resources:

WinPCAP filtering syntax

There is the syntax:

  • Expressions:
    • [ip|ip6] proto [tcp|udp|icmp]
    • [src|dst] host $HOST
    • [src|dst] port $PORT
    • [src|dst] portrange $PORT1-$PORT2
    • [src|dst] net $NET[/$MASK]
    • vlan $VLAN_ID
  • Conditions:
    • >, <, >=, <=, =, !=
  • Logical:
    • Negation: !, not
    • Concatenation: &&, and
    • Alternation: ||, or
  • Flags:
    • tcpflags: tcp-fin, tcp-syn, tcp-rst, tcp-push, tcp-ack, tcp-urg
    • icmpflags: icmp-echoreply, icmp-unreach, icmp-sourcequench, icmp-redirect, icmp-echo, icmp-routeradvert, icmp-routersolicit, icmp-timxceed, icmp-paramprob, icmp-tstamp, icmp-tstampreply, icmp-ireq, icmp-ireqreply, icmp-maskreq, icmp-maskreply
Page last modified on February 26, 2016, at 06:58 PM EST