Skip to content

CCIE23050.com CCIE Network blog HTTP://1806971003

CCIE23050.com

  • Home
  • About Me
  • Contact Me

Category: IP

Linux tap0 interface

Posted on November 1, 2016 by admin

Linux tap0 interface
This is handy if you want to bridge a physical and logical interface.

sudo apt-get install uml-utilities

ubuntu:~$ sudo apt-get install uml-utilities

[sudo] password for user:

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following packages were automatically installed and are no longer required:

linux-headers-2.6.35-22-server linux-headers-2.6.35-22

Use ‘apt-get autoremove’ to remove them.

The following extra packages will be installed:

libreadline5

Suggested packages:

user-mode-linux

The following NEW packages will be installed:

libreadline5 uml-utilities

0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.

Need to get 210kB of archives.

After this operation, 741kB of additional disk space will be used.

Do you want to continue [Y/n]? y

Get:1 http://us.archive.ubuntu.com/ubuntu/ maverick/main libreadline5 amd64 5.2-7build1 [147kB]

Get:2 http://us.archive.ubuntu.com/ubuntu/ maverick/universe uml-utilities amd64 20070815-1.1ubuntu2 [63.3kB]

Fetched 210kB in 1s (171kB/s)

Selecting previously deselected package libreadline5.

(Reading database … 156284 files and directories currently installed.)

Unpacking libreadline5 (from …/libreadline5_5.2-7build1_amd64.deb) …

Selecting previously deselected package uml-utilities.

Unpacking uml-utilities (from …/uml-utilities_20070815-1.1ubuntu2_amd64.deb) …

Processing triggers for man-db …

Processing triggers for ureadahead …

ureadahead will be reprofiled on next reboot

Setting up libreadline5 (5.2-7build1) …

Setting up uml-utilities (20070815-1.1ubuntu2) …

* Starting User-mode networking switch uml_switch [ OK ]

Processing triggers for libc-bin …

ldconfig deferred processing now taking place

ubuntu:~$

#echo creating tap0 device
sudo tunctl -t tap0

echo starting with empty interfaces
sudo ifconfig eth1 0.0.0.0 promisc up
sudo ifconfig tap0 0.0.0.0 promisc up

echo creating bridge
sudo brctl addbr br0
sudo brctl addif br0 eth1
sudo brctl addif br0 tap0

echo assigning ip to the virtual bridge
sudo ifconfig br0 -promisc 192.168.2.69 netmask 255.255.255.0 up

Posted in IP, LinuxTagged Linux

Linux nmap

Posted on November 1, 2016 by admin

ubuntu:~$ sudo apt-get install nmap
[sudo] password for xxxx:
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages were automatically installed and are no longer required:
linux-headers-2.6.35-22 linux-headers-2.6.35-22-generic
Use ‘apt-get autoremove’ to remove them.
The following NEW packages will be installed:
nmap
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 1,780kB of archives.
After this operation, 7,221kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ maverick/main nmap i386 5.21-1~build1 [1,780kB]
Fetched 1,780kB in 3s (489kB/s)
Selecting previously deselected package nmap.
(Reading database … 217163 files and directories currently installed.)
Unpacking nmap (from …/nmap_5.21-1~build1_i386.deb) …
Processing triggers for man-db …
Setting up nmap (5.21-1~build1) …

ubuntu:~$ nmap -h
Nmap 5.21 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL : Input from list of hosts/networks
-iR : Choose random targets
–exclude : Exclude hosts/networks
–excludefile : Exclude list from file
HOST DISCOVERY:
-sL: List Scan – simply list targets to scan
-sP: Ping Scan – go no further than determining if host is online
-PN: Treat all hosts as online — skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
–dns-servers : Specify custom DNS servers
–system-dns: Use OS’s DNS resolver
–traceroute: Trace hop path to each host
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
–scanflags : Customize TCP scan flags
-sI : Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b : FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p : Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
-F: Fast mode – Scan fewer ports than the default scan
-r: Scan ports consecutively – don’t randomize
–top-ports : Scan most common ports
–port-ratio : Scan ports more common than
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
–version-intensity : Set from 0 (light) to 9 (try all probes)
–version-light: Limit to most likely probes (intensity 2)
–version-all: Try every single probe (intensity 9)
–version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to –script=default
–script=: is a comma separated list of
directories, script-files or script-categories
–script-args=: provide arguments to scripts
–script-trace: Show all data sent and received
–script-updatedb: Update the script database.
OS DETECTION:
-O: Enable OS detection
–osscan-limit: Limit OS detection to promising targets
–osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take are in milliseconds, unless you append ‘s’
(seconds), ‘m’ (minutes), or ‘h’ (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
–min-hostgroup/max-hostgroup : Parallel host scan group sizes
–min-parallelism/max-parallelism : Probe parallelization
–min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout : Specifies
probe round trip time.
–max-retries : Caps number of port scan probe retransmissions.
–host-timeout : Give up on target after this long
–scan-delay/–max-scan-delay : Adjust delay between probes
–min-rate : Send packets no slower than per second
–max-rate : Send packets no faster than per second
FIREWALL/IDS EVASION AND SPOOFING:
-f; –mtu : fragment packets (optionally w/given MTU)
-D : Cloak a scan with decoys
-S : Spoof source address
-e : Use specified interface
-g/–source-port : Use given port number
–data-length : Append random data to sent packets
–ip-options: Send packets with specified ip options
–ttl : Set IP time-to-live field
–spoof-mac : Spoof your MAC address
–badsum: Send packets with a bogus TCP/UDP/SCTP checksum
–adler32: Use deprecated Adler32 instead of CRC32C for SCTP checksums
OUTPUT:
-oN/-oX/-oS/-oG : Output scan in normal, XML, s|: Output in the three major formats at once
-v: Increase verbosity level (use twice or more for greater effect)
-d[level]: Set or increase debugging level (Up to 9 is meaningful)
–reason: Display the reason a port is in a particular state
–open: Only show open (or possibly open) ports
–packet-trace: Show all packets sent and received
–iflist: Print host interfaces and routes (for debugging)
–log-errors: Log errors/warnings to the normal-format output file
–append-output: Append to rather than clobber specified output files
–resume : Resume an aborted scan
–stylesheet : XSL stylesheet to transform XML output to HTML
–webxml: Reference stylesheet from Nmap.Org for more portable XML
–no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
-6: Enable IPv6 scanning
-A: Enables OS detection and Version detection, Script scanning and Traceroute
–datadir : Specify custom Nmap data file location
–send-eth/–send-ip: Send using raw ethernet frames or IP packets
–privileged: Assume that the user is fully privileged
–unprivileged: Assume the user lacks raw socket privileges
-V: Print version number
-h: Print this help summary page.
EXAMPLES:
nmap -v -A scanme.nmap.org
nmap -v -sP 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -PN -p 80
SEE THE MAN PAGE (http://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
ubuntu:~$

Posted in IP, LinuxTagged Linux

Linux hping3

Posted on November 1, 2016 - November 1, 2016 by admin

To install:

ubuntu:~$ sudo apt-get install hping3
Reading package lists… Done
Building dependency tree Â
Reading state information… Done
The following packages were automatically installed and are no longer required:
linux-headers-2.6.35-22 linux-headers-2.6.35-22-generic
Use ‘apt-get autoremove’ to remove them.
The following NEW packages will be installed:
hping3
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 104kB of archives.
After this operation, 319kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ maverick/universe hping3 i386 3.a2.ds2-6 [104kB]
Fetched 104kB in 1s (90.0kB/s)
Selecting previously deselected package hping3.
(Reading database … 217132 files and directories currently installed.)
Unpacking hping3 (from …/hping3_3.a2.ds2-6_i386.deb) …
Processing triggers for man-db …
Setting up hping3 (3.a2.ds2-6) …
ubuntu:~$

ubuntu:~$ sudo hping3 -h
usage: hping3 host [options]
-h –help show this help
-v –version show version
-c –count packet count
-i –interval wait (uX for X microseconds, for example -i u1000)
–fast alias for -i u10000 (10 packets for second)
–faster alias for -i u1000 (100 packets for second)
–flood sent packets as fast as possible. Don’t show replies.
-n –numeric numeric output
-q –quiet quiet
-I –interface interface name (otherwise default routing interface)
-V –verbose verbose mode
-D –debug debugging info
-z –bind bind ctrl+z to ttl (default to dst port)
-Z –unbind unbind ctrl+z
–beep beep for every matching packet received
Mode
default mode TCP
-0 –rawip RAW IP mode
-1 –icmp ICMP mode
-2 –udp UDP mode
-8 –scan SCAN mode.
Example: hping –scan 1-30,70-90 -S www.target.host
-9 –listen listen mode
IP
-a –spoof spoof source address
–rand-dest random destionation address mode. see the man.
–rand-source random source address mode. see the man.
-t –ttl ttl (default 64)
-N –id id (default random)
-W –winid use win* id byte ordering
-r –rel relativize id field (to estimate host traffic)
-f –frag split packets in more frag. (may pass weak acl)
-x –morefrag set more fragments flag
-y –dontfrag set don’t fragment flag
-g –fragoff set the fragment offset
-m –mtu set virtual mtu, implies –frag if packet size > mtu
-o –tos type of service (default 0×00), try –tos help
-G –rroute includes RECORD_ROUTE option and display the route buffer
–lsrr loose source routing and record route
–ssrr strict source routing and record route
-H –ipproto set the IP protocol field, only in RAW IP mode
ICMP
-C –icmptype icmp type (default echo request)
-K –icmpcode icmp code (default 0)
–force-icmp send all icmp types (default send only supported types)
–icmp-gw set gateway address for ICMP redirect (default 0.0.0.0)
–icmp-ts Alias for –icmp –icmptype 13 (ICMP timestamp)
–icmp-addr Alias for –icmp –icmptype 17 (ICMP address subnet mask)
–icmp-help display help for others icmp options
UDP/TCP
-s –baseport base source port (default random)
-p –destport [+][+] destination port(default 0) ctrl+z inc/dec
-k –keep keep still source port
-w –win winsize (default 64)
-O –tcpoff set fake tcp data offset (instead of tcphdrlen / 4)
-Q –seqnum shows only tcp sequence number
-b –badcksum (try to) send packets with a bad IP checksum
many systems will fix the IP checksum sending the packet
so you’ll get bad UDP/TCP checksum instead.
-M –setseq set TCP sequence number
-L –setack set TCP ack
-F –fin set FIN flag
-S –syn set SYN flag
-R –rst set RST flag
-P –push set PUSH flag
-A –ack set ACK flag
-U –urg set URG flag
-X –xmas set X unused flag (0×40)
-Y –ymas set Y unused flag (0×80)
–tcpexitcode use last tcp->th_flags as exit code
–tcp-mss enable the TCP MSS option with the given value
–tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime
Common
-d –data data size (default is 0)
-E –file data from file
-e –sign add ‘signature’
-j –dump dump packets in hex
-J –print dump printable characters
-B –safe enable ‘safe’ protocol
-u –end tell you when –file reached EOF and prevent rewind
-T –traceroute traceroute mode (implies –bind and –ttl 1)
–tr-stop Exit when receive the first not ICMP in traceroute mode
–tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop
–tr-no-rtt Don’t calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
–apd-send Send the packet described with APD (see docs/APD.txt)
ubuntu:~$

Here I ping www.yahoo.com on TCP port 80.

ubuntu:~$ sudo hping3 -c 3 -I eth0 -p 80 www.yahoo.com
HPING www.yahoo.com (eth0 209.191.122.70): NO FLAGS are set, 40 headers + 0 data bytes
len=46 ip=209.191.122.70 ttl=254 id=53266 sport=80 flags=RA seq=0 win=512 rtt=10.9 ms
len=46 ip=209.191.122.70 ttl=254 id=62292 sport=80 flags=RA seq=1 win=512 rtt=19.9 ms
len=46 ip=209.191.122.70 ttl=254 id=63524 sport=80 flags=RA seq=2 win=512 rtt=23.2 ms

— www.yahoo.com hping statistic —
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 10.9/18.0/23.2 ms
ubuntu:~$

Posted in IP, LinuxTagged Linux

Linux tcptraceroute

Posted on November 1, 2016 by admin

To install tcptraceroute:

ubuntu:~$ sudo apt-get install tcptraceroute

[sudo] password for xxxx:

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following packages were automatically installed and are no longer required:

linux-headers-2.6.35-22 linux-headers-2.6.35-22-generic

Use ‘apt-get autoremove’ to remove them.

The following NEW packages will be installed:

tcptraceroute

0 upgraded, 1 newly installed, 0 to remove and 36 not upgraded.

Need to get 31.1kB of archives.

After this operation, 119kB of additional disk space will be used.

Get:1 http://us.archive.ubuntu.com/ubuntu/ maverick/universe tcptraceroute i386 1.5beta7+debian-4 [31.1kB]

Fetched 31.1kB in 0s (43.0kB/s)

Selecting previously deselected package tcptraceroute.

(Reading database … 217123 files and directories currently installed.)

Unpacking tcptraceroute (from …/tcptraceroute_1.5beta7+debian-4_i386.deb) …

Processing triggers for man-db …

Setting up tcptraceroute (1.5beta7+debian-4) …

update-alternatives: renaming tcptraceroute link from /usr/sbin/tcptraceroute to /usr/bin/tcptraceroute.

update-alternatives: using /usr/bin/tcptraceroute.mt to provide /usr/bin/tcptraceroute (tcptraceroute) in auto mode.

ubuntu:~$

Now you can do traceroutes on TCP port 80.

ubuntu:~$ tcptraceroute www.yahoo.com

Selected device eth0, address 10.11.11.11, port 56878 for outgoing packets

Tracing the path to www.yahoo.com (209.191.122.70) on TCP port 80 (www), 30 hops max

1 10.11.11.12 8.097 ms 0.309 ms 0.243 ms

2 155.105.58.51 1.579 ms 1.873 ms 2.109 ms

3 h209.125.23.38.static.ip.eam.net (38.23.125.209) 0.395 ms 0.409 ms 0.551 ms

4 h181.125.23.38.static.ip.eam.net (38.23.125.181) 1.635 ms 1.423 ms 1.869 ms

5 h32.240.240.172.static.ip.eam.net (172.240.240.32) 8.033 ms 8.922 ms 9.428 ms

6 h128.254.213.151.static.ip.eam.net (153.213.254.128) 11.278 ms 8.652 ms 8.030 ms

7 xe-8-3-0.edge3.dallas1.level3.net (5.71.198.25) 9.216 ms 8.862 ms 7.992 ms

8 yahoo-inc.edge3.dallas1.level3.net (5.79.182.2) 10.001 ms 9.275 ms 9.124 ms

9 ae-1-d121.msr1.mud.yahoo.com (216.115.104.83) 10.341 ms 10.205 ms 10.587 ms

10 te-8-1.fab2-a-gdc.mud.yahoo.com (209.191.78.141) 10.580 ms 9.557 ms 9.649 ms

11 te-8-2.bas-c1.mud.yahoo.com (209.191.78.173) 10.358 ms 9.563 ms 9.661 ms

12 ir1.fp.vip.mud.yahoo.com (209.191.122.70) [open] 11.026 ms 10.533 ms 10.748 ms

ubuntu:~$

ubuntu:~$ tcptraceroute -help

tcptraceroute 1.5beta7

Copyright (c) 2001-2006 Michael C. Toren

Updates are available from http://michael.toren.net/code/tcptraceroute/

Usage: tcptraceroute [-n NFSAE no names] [-i ] [-f ]

[-l ] [-q ] [-t ]

[-m ] [-pP]] [-s]

[-w ] [destination port] [packet length]

ubuntu:~$ tcptraceroute -n www.ccie23050.com

Posted in IP, LinuxTagged Linux

Linux tcpdump

Posted on November 1, 2016 by admin

ubuntu:~$ sudo tcpdump -help
tcpdump version 4.1.1
libpcap version 1.1.1
Usage: tcpdump [-aAbdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -M secret ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]
[ -y datalinktype ] [ -z command ] [ -Z user ]
[ expression ]
[-nn don’t convert protocols and ports to name (no name)]
This would capture all port 514 traffic.
ubuntu:~$ sudo tcpdump -nn port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

This would capture port 80 traffic on eth0
ubuntu:~$ sudo tcpdump -nn -i eth0 port 80

This would capture all traffic except destination port 514.
ubuntu:~$ sudo tcpdump -nn not dst port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

Use ifconfig to choose interface.

ubuntu:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:46:21:8D:63
inet addr:10.11.11.10 Bcast:10.255.255.255 Mask:255.255.255.0
inet6 addr: fec0:abc:abc:10:20c:39ff:fe36:5c31/64 Scope:Site
inet6 addr: fe80::20c:29ff:fe56:5c51/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18490879 errors:0 dropped:0 overruns:0 frame:0
TX packets:64215 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2942908215 (2.9 GB) TX bytes:4558941 (4.5 MB)
Interrupt:19 Base address:0×2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.255.255.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 B) TX bytes:480 (480.0 B)

Posted in IP, LinuxTagged Linux

Linux mtr

Posted on November 1, 2016 by admin

ubuntu:~$ mtr www.ccie23050.com

My traceroute [v0.75]

ubuntu (0.0.0.0) Mon Mar 7 11:32:23 2011

Keys: Help Display mode Restart statistics Order of fields quit

Packets Pings

Host Loss% Snt Last Avg Best Wrst StDev

1. switch1.eq.amc.biz 0.0% 11 0.4 0.4 0.4 0.7 0.1

2. 133.102.54.12 0.0% 11 2.8 2.1 1.2 3.7 0.8

3. h205.155.20.58.static.ip.eam.net 0.0% 11 0.5 0.6 0.4 1.0 0.2

4. h185.125.25.95.static.ip.eam.net 0.0% 11 1.5 2.7 1.3 11.7 3.0

5. h35.250.186.153.static.ip.eam.net 0.0% 11 8.3 11.3 8.1 33.9 7.6

6. h125.255.215.155.static.ip.eam.net 0.0% 11 8.0 8.6 8.0 9.6 0.6

7. xe-8-3-0.edge3.dallas1.level3.net 0.0% 11 62.3 14.2 8.1 62.3 16.1

8. vlan90.csw4.dallas1.level3.net 0.0% 11 9.2 8.4 8.0 9.2 0.4

9. ae-93-93.ebr3.dallas1.level3.net 0.0% 11 8.1 8.5 8.0 9.1 0.4

10. ae-3-3.ebr2.losangeles1.level3.net 0.0% 11 40.3 40.9 39.9 45.8 1.7

11. ae-72-72.csw2.losangeles1.level3.net 0.0% 11 40.8 41.4 39.9 49.7 2.9

12. ae-2-70.edge1.losangeles9.level3.net 0.0% 11 40.5 40.3 39.9 41.1 0.4

13. 4.66.66.198 0.0% 11 40.6 41.2 40.6 42.0 0.4

14. 12.86.48.56 0.0% 11 52.2 67.9 52.1 199.7 44.1

Command:

?|h help

d switching display mode

n toggle DNS on/off

o str set the columns to display, default str=’LRS N BAWV’

j toggle latency(LS NABWV)/jitter(DR AGJMXI) stats

c report cycle n, default n=infinite

i set the ping interval to n seconds, default n=1

f set the initial time-to-live(ttl), default n=1

m set the max time-to-live, default n= # of hops

s set the packet size to n or random(n<0) b set ping bit pattern to c(0..255) or random(c<0) Q set ping packet’s TOS to t u switch between ICMP ECHO and UDP datagrams p Pause so you can copy q Quit

Posted in IP, LinuxTagged Linux

Linux dig host DNS

Posted on November 1, 2016 by admin

To troubleshoot DNS use the dig and host commands.

ubuntu:~$ dig www.ccie23050.com @4.2.2.2

; <<>> DiG 9.7.1-P2 <<>> www.ccie23050.com @4.2.2.2

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45168 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.ccie23050.com. IN A ;; ANSWER SECTION: www.ccie23050.com. 3600 IN CNAME ccie23050.com. ccie23050.com. 3600 IN A 33.67.33.89 ;; Query time: 128 msec ;; SERVER: 4.2.2.2#53(4.2.2.2) ;; WHEN: Mon Mar 7 10:47:00 2011 ;; MSG SIZE rcvd: 65 To troubleshoot a reverse lookup use the -x option. ubuntu:~$ dig -x 209.191.122.70 ; <<>> DiG 9.7.1-P2 <<>> -x 209.191.122.70

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39053 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;70.122.191.209.in-addr.arpa. IN PTR ;; ANSWER SECTION: 70.122.191.209.in-addr.arpa. 1186 IN PTR ir1.fp.vip.mud.yahoo.com. ;; Query time: 0 msec ;; SERVER: 4.2.2.2#53(4.2.2.2) ;; WHEN: Mon Mar 7 11:22:00 2011 ;; MSG SIZE rcvd: 83 ubuntu:~$ host www.ccie23050.com www.ccie23050.com is an alias for ccie23050.com. ccie23050.com has address 33.67.33.89 ccie23050.com mail is handled by 0 smtp.secureserver.net. ccie23050.com mail is handled by 10 mailstore1.secureserver.net.

Posted in IP, LinuxTagged Linux

Linux IPTraf

Posted on November 1, 2016 by admin

IPTraf is a Linux app for looking at network traffic.

To install.

ubuntu:~$ sudo apt-get install iptraf

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following packages were automatically installed and are no longer required:

linux-headers-2.6.35-22 linux-headers-2.6.35-22-generic

Use ‘apt-get autoremove’ to remove them.

The following NEW packages will be installed:

iptraf

0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.

Need to get 165kB of archives.

After this operation, 745kB of additional disk space will be used.

Get:1 http://us.archive.ubuntu.com/ubuntu/ maverick/main iptraf i386 3.0.0-7 [165kB]

Fetched 165kB in 1s (135kB/s)

Selecting previously deselected package iptraf.

(Reading database … 216593 files and directories currently installed.)

Unpacking iptraf (from …/iptraf_3.0.0-7_i386.deb) …

Processing triggers for doc-base …

Processing 1 added doc-base file(s)…

Registering documents with scrollkeeper…

Processing triggers for man-db …

Setting up iptraf (3.0.0-7) …

to run

ubuntu:~$ sudo iptraf

Posted in IP, LinuxTagged Linux

Linux arping

Posted on November 1, 2016 by admin

To see if there is a duplicate IP address a handy tool is arping.

ubuntu:$ arping 192.168.1.83
WARNING: interface is ignored: Operation not permitted
ARPING 192.168.1.83 from 192.168.1.86 eth0
Unicast request from 192.168.1.73 [00:26:C7:D0:93:D2] 203.042ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 5.304ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 4.564ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 5.706ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 5.247ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 38.680ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 5.389ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 5.622ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 5.929ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 4.700ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 3.911ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 6.664ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 5.071ms
Unicast reply from 192.168.1.83 [00:26:C7:D0:93:D2] 5.526ms
^CSent 15 probes (2 broadcast(s))
Received 14 response(s) (1 request(s))

If there is a duplicate IP you would see a reply from two seperate MAC addresses.

Posted in IP, LinuxTagged MAC

Generate and test simulated traffic on IOS.

Posted on November 1, 2016 by admin

Generate HTTP traffic
Rack07R1#copy http://33.33.6.3/File1 null:
%Error opening http://33.33.6.3/File1 (No such file or directory)

Generate FTP traffic
Rack07R1#copy ftp://33.33.6.3/File1 null:
Accessing ftp://33.33.6.3/File1…
%Error opening ftp://33.33.6.3/File1 (Undefined error)
Test http or gernerate traffic on any port with telnet

Rack07R1#telnet 33.33.6.3 80
Trying 33.33.6.3, 80 … Open

get
HTTP/1.1 400 Bad Request
Date: Fri, 15 Mar 2002 21:45:45 GMT
Server: cisco-IOS
Accept-Ranges: none

400 Bad Request

[Connection to 33.33.6.3 closed by foreign host]

ICMP

Rack07R1#debug ip icmp
ICMP packet debugging is on

Rack07R1#ping 33.33.6.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.6.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/7/16 ms
Rack07R1#
Jan 13 19:51:50.812: ICMP: echo reply sent, src 33.33.6.3, dst 33.33.6.3
Jan 13 19:51:50.816: ICMP: echo reply rcvd, src 33.33.6.3, dst 33.33.6.3
Jan 13 19:51:50.828: ICMP: echo reply sent, src 33.33.6.3, dst 33.33.6.3
Jan 13 19:51:50.836: ICMP: echo reply rcvd, src 33.33.6.3, dst 33.33.6.3

other traffic – debug ip packet detail

Test Radius and Tacacs
Rack07R1#test aaa group tacacs+ cisco cisco new-code
Rack07R1#test aaa group radius cisco cisco new-code

Posted in Cisco, IPTagged Cisco

Posts navigation

Older posts

Follow Me

  • YouTube
  • LinkedIn

Location

  • 10809 Executive Center Dr, Little Rock, AR 72211
Proudly powered by WordPress | Theme: micro, developed by DevriX.