andonome
/
lk
2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lk/networking/basics.md

5.0 KiB
Raw Blame History

You

Check how your computer connects to the net:

ip address show


1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 84:3a:4b:ca:5c:24 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.13/24 brd 192.168.0.255 scope global dynamic noprefixroute wlp3s0
       valid_lft 199143sec preferred_lft 172143sec
    inet6 fe80::22:5eb9:8a3a:95b2/64 scope link 
       valid_lft forever preferred_lft forever
4: wwp0s20u4i6: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:cd:4d:28:ec:dc brd ff:ff:ff:ff:ff:ff
    inet 169.254.104.159/16 brd 169.254.255.255 scope global noprefixroute wwp0s20u4i6
       valid_lft forever preferred_lft forever
    inet6 fe80::e9d3:506c:c0a9:6679/64 scope link 
       valid_lft forever preferred_lft forever

That's too much output to read, so try:

ip address show | grep inet


    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
    inet 192.168.0.13/24 brd 192.168.0.255 scope global dynamic noprefixroute wlp3s0
    inet6 fe80::22:5eb9:8a3a:95b2/64 scope link 
    inet 169.254.104.159/16 brd 169.254.255.255 scope global noprefixroute wwp0s20u4i6
    inet6 fe80::e9d3:506c:c0a9:6679/64 scope link

The starting numbers tell you about the address. You just have to memorize the meanings:

Address Prefix Meaning
127.X The computer's name for itself, for when you want to ssh into your own machine
::1/128 Same thing, with ipv6
192.168.X A small network address, given by a DHCP server (possibly your router)
169.X The interface to the internet wasn't given an ip address, so it's made up its own

arp-scan

Look around your local network with arp-scan.

sudo arp-scan -l


Interface: wlp3s0, type: EN10MB, MAC: 84:3a:4b:ca:5c:24, IPv4: 192.168.0.13
Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.0.1	0c:02:27:bc:aa:a1	Technicolor CH USA Inc.
192.168.0.15	b8:27:eb:4a:cd:d9	Raspberry Pi Foundation
192.168.0.10	dc:0b:34:94:5c:c4	LG Electronics (Mobile Communications)

3 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9.7: 256 hosts scanned in 1.937 seconds (132.16 hosts/sec). 3 responded

The interface here was wlp3s0. It starts with 'w', so it's a wifi card. Each internet adapter has a name, called a 'MAC address' in order to identify itself to outsiders. The first three parts of a MAC address are given by the manufacturer (like a family name), and the rest are just for that one device.

The '192.168.0.1' address ends in '.1', so it's probably a router. The manufacturer is 'Technicolor' (arp-scan has identified this from the first digits of the MAC: '0c:02:27').

Next is 192.168.0.15, which is labelled as a 'raspberry pi'. Finally, the '.10' address is a mobille phone.

Mac addresses are easy to fake, so don't trust this output to keep you safe.

nmap

Look around your entire network from 192.168.0.1 to 192.168.0.255:

sudo nmap -F 192.168.0.1/24

The -F means 'do this fast, by only scanning normal traffic' (ports below 1000).


Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-09 13:52 CET
Nmap scan report for 192.168.0.1
Host is up (0.011s latency).
Not shown: 99 closed ports
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 0C:02:27:BC:AA:A1 (Technicolor CH USA)

Nmap scan report for 192.168.0.10
Host is up (0.0040s latency).
All 100 scanned ports on 192.168.0.10 are closed
MAC Address: DC:0B:34:94:7C:C4 (LG Electronics (Mobile Communications))

Nmap scan report for belgradecats (192.168.0.15)
Host is up (0.0096s latency).
Not shown: 98 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
53/tcp open  domain
MAC Address: B8:27:EB:4A:CD:D9 (Raspberry Pi Foundation)

Nmap scan report for 192.168.0.13
Host is up (0.0000080s latency).
Not shown: 99 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 256 IP addresses (4 hosts up) scanned in 5.34 seconds

Network traffic is split into different types of information. Each one gets a number called a 'port'. Most of this information is dead, so only a few ports are used nowadays.

The first one shows port 80, so you can visit it on a web browser. The next shows 53 (so it's handing out names of local computers) and 22 (so you can access it via ssh).

You can scan outside addresses with:

sudo nmap facebook.com

However, when you scan something, that machine will see you, and you may set off alerts, which then have to bother whoever's looking after that address. So if you want to try out nmap from outside, find a place you have permission to scan (like your own external IP address), or try:

sudo nmap hack.me

The hack.me website doesn't mind people scanning.