Tag: penetration testing

Posted on by

How to use Netstat to Track Detailed Network Statistics

Click here to subscribe for more videos like this!

Hey guys, welcome back. So, last video we looked at a way to really track packets and the packets that are actually being sent to and from this machine individually as packets, and now we’re going to talk about a man called “netstat” which is an abbreviated term for network statistics. So, basically the command that we’re going to be using throughout this video is netstat, and based on the flags that we pass it it’s going to return different statistics. So, if I put “netstat -nr” the “n” option makes netstat print addresses as dots, you know dotted IP addresses rather than symbolic host network name, so this is gonna make sense if you want to see the actual IP addresses rather than the domains that are connected to the machine. And, so this is what I’ve got right now. Basically, gives us the information that were looking for regarding the IP routing table, and so the “r” flag in that command that I just put basically states that we’re looking for the kernel IP routing table, and that basically shows what certain things are routed to. So, let’s actually display network interface statistics themselves, and we’re gonna do that with the “-I” command. So, we’re gonna take “netstat -I” and this shows us the usage of each of our devices, and so we can see the local host here which was configured has sent this many packets right here, and it’s received this many packets. As compared to our wireless interface which so far has received that many, and actually this is bytes not packets, and this many. So, you can kind of see how this would be useful. We can actually display connections to our machine as well, and so I think my system update is still going, it is, so this is going to be good. What we’re gonna do is run the “netstat” with the flags -ta, and this is going look for active sockets and it’s going to print out the status of them, and basically you know the foreign address in the local address. So, this obviously is our local machine here. These are the foreign addresses that it’s connecting to, and so what I’m going to do is I’m going to run “netstat -tan” and it’s gonna show IP addresses instead of the host names. And so you can see how that’s gonna be useful because we can actually combine elements of the different flags that we’re passing to the netstat command, and it’s basically you know going to change the way that each of these outputs works. And, so that is how you would use netstat to view active connections and active route of IP addresses internally through through the command line here, and you know if you’re not sure if you think your computer may be connecting to a malicious host or something, what you can do is you can take these IP addresses and you can actually look them up through through a website like network-tools. I think it’s network-tools.com it could be .org I’m not sure, but you can find information about each one of these hosts if you’re not sure where it came from. And, just by looking at these you might be able to you know the actual host names themselves you may know what they are. I think these are all my updates that are happening through the software update, or so that’s I don’t recognize any of these. So, that’s how to use netstat. I hope you guys enjoyed this video and found informative. I hope you guys can basically understand what netstat does. It’s a very simple command but it’s a very useful in a lot of circumstances. So, thank you guys for watching this video, I’ll see you guys soon.

Posted on by

Practical Networking Commands pt.2

Click here to subscribe for more videos like this!

So, right now it’s not capturing any, let’s go ahead and do some updates. So, that just captured 10 of the packets from my machine that was essentially coming into my machine, and so we can analyze them a bit. We can see where they’re going to and where they’re coming from. So, we can see here basically, the first column is a time stamp, right. Over here we’ve got the IP address we’re sending from, so this is our machine here as you recall, and it’s sending this package out to our router which basically ends up here at this domain. And so that’s how to use you know tcpdump very, very minimally. There are some other options that we can go through as well for this command. So, you can print the captured packets in ASCII, so let’s go ahead and do that. “sudo tcpdump -c 10 -A” and this is going to print out the actual packets in ASCII. So, you can use this if you’re trying to see you know what exactly you’re getting in this just all looks like gibberish to me but it’s the packets are actually coming through, so that’s a neat way to use this command. So, basically if you only want to listen on one network interface, I’m going to run “ifconfig” again, and we can see wlo1 is the name of this device. So, what I’m gonna do is run “sudo tcpdump -c 5 -I wlo1” and what that -I does is it tells it to listen to a very specific interface that we define after that “-I”. Now, in addition to displaying the packets in ASCII format we can also display them in hex and ASCII. So, this may make sense for you if you’re looking for some hex response from these packets that are coming in and out, so what we’re gonna do is run “sudo tcpdump -XX -I wlo1” and this is gonna print out, I didn’t use the c flag so I’m just going to cancel there. So, this is gonna print out packets in hex and ASCII format. So, let me clear this. One other neat thing is you can capture packets from specific ports and so let’s go ahead and do that. So, let’s run “sudo tcpdump” and I’ll show you guys why that’s going to make sense here in a moment “-I wlo1” this is the name of my interface and then “port 22” Now, right now I don’t think I have any port 22’s going on here and that’s because port 22 is an SSH port. So, what I’m going to do is I’m going to connect to my server via SSH and we’re gonna packet activity here. So, here we see a bunch packets happening and each time you do something you can see exactly what’s happening here, and you would you be able to parse through these and you know basically see that there is activity, what kind of activity, and you know where it’s happening between. So, that is a bit about the “tcpdump” command. This is gonna be good with troubleshooting network activity, there’s not really many other uses that I can think for this, but if you have any uses for this that i don’t know about leave a comment I would like to know how you guys use this command if you do or any any practical applications that you think this command would serve.

Posted on by

What is a Local Area Network (LAN)?

Click here to subscribe for more videos like this!

So, in the last video we described how the internet works, what the internet is, is technically an interconnected collection of networks. So, all these little networks all over the world can now be connected to other networks in the world, and so we have the internet which is just that. So, to understand the network here we’re bringing it down from you know the top level stuff, down to a more localized thing. And so a local network is the type of network that you have set up in your house, where you connect to the router, the router then you know can interact with the internet for you, and then return the information to you computer. Now, I wanted to talk for a moment about IP addresses and the current issues that face them, while still using ipv4. So, let’s open up a document here. So, an IP address looks like this. This is an IP address of a server somewhere, probably, if you put this in your browser…actually let’s try. That was just a random one that I just wrote up, let’s see what happens. This is probably the address of somebody, somebody you know, somebody is connected to an internet service provider and they get one IP address for all their computers, and the reason why that happens is because these IP addresses can go from 1.1.1.1 all the way to 255. So, as you can imagine the range is pretty big but it’s not quite big enough for the human population, and so we’ve been running out of IP addresses for the last fifteen or twenty years. And, multiple solutions have been brought into the equation to try and solve this problem. One of them was called a NAT. What this is is a network address. Basically, you have one router you have one IP address. So, the IP address you have let’s say is this one up here at the top, this is your IP address that the internet service provider has given you. Without the use of a router you can plug one device into the modem and your computer will use this IP address in requests, so basically when you send a request to google.com to load a page or to load a search what happens is your IP address gets sent to Google as well so that Google can return this data to your device. But, what happens when you only have one IP address and seven computers, that’s when the NAT comes into play. So, this IP address now is the IP address of your modem or router, and it assigns NAT addresses to all the devices on your network. So, let’s say you just have two devices on the network. The first one, actually the IP address of your actual router is likely this. I’ve seen one instance where a network did not use this IP address as its routers IP address. The IP addresses that your router will assign to computers in your home all begin with 192. So, basically it would be something like that, right, that would be the IP address, actually hold up I got this wrong. This is the IP address of your router, this is the IP address of your first computer. So, it always begins with 192.168 Your second computer might be this, and your 3rd computer might be this. So, now you have three IP addresses, three devices on your network and your router here is keeping track of them. So, from this device I type google.com into the address bar, what happens is this IP address along with the request gets sent to my router, the router then sends the request off to the ISP and then over to the internet and stuff, with the IP address of the router which internally is this and externally this is our ISP IP address they gave us. So, what happens this gets sent to google.com, google.com sends the page back to this IP address connected to the router here, the router then takes that request and connects it with the device that requested it, and then it sends it back to that device. And so that’s how a router interfaces between a local network and the internet. So, in the olden days before the NAT address and routers really took off each one of these computers would have had a different IP address, so it would have looked something like this. So, that would have been 3 actual IP addresses when we found a way that you actually only need one IP address for our network, and so that’s what a router does and so these IP addresses are local and you’re gonna see these in terminal. Now, one other special IP address is 127.0.0.1 On every computer this means this computer. It’s basically a self identifying IP address. If I were to type this into my browser I would see my localhost, where if you put this in your browser you would see your localhost. The NAT IP address basically works the same way. So, if I were to go to 192.168.0.3 it would try to find a computer only on my network that has this address and then connect to it. So, that’s how a router works, in the next video we’re getting into the ifconfig. On Windows you have an ipconfig command, on Linux here you’ve got ifconfig and we’re gonna cover that in the next video, and a a few other commands as well. So, thank you guys so much for watching, and I’ll see you guys soon.

Posted on by

How does the internet work?

Click here to subscribe for more videos like this!

In this video we’re not going to be doing anything, we’re not gonna be learning about networking specifically on Linux. We need to understand a few general concepts before we get to that. So, this video is going to be a sort of introduction to networking on Linux. An introduction to networking in general. So, right now you are on a computerized device watching this video which is on the Internet. And the way that’s happening is basically you’re connected to a router, or a modem router all-in-one device, and the router is connected to your internet service provider, and your internet service provider has devices that are connected to the bigger world of the internet. So, you send a request, if you open up a browser and type in google.com and then hit enter, your web browser sends that as a request. It’s basically saying okay this is the web page that this computer wants to look at right now. It sends that through your router, which sends it to your internet service provider, and your internet service provider has all these fancy computers that properly route certain requests to DNS servers, any requests actually. What a DNS server does is it says okay, you gave me this string of text, a domain name or URL, and I have a record here that shows this domain or string of texts is supposed to serve up the content at this IP address. And so how the internet works is it doesn’t understand Google.com or Facebook.com. The internet uses network addresses, right, and so think of it like each web server, each server out there has and address just like every house on your street has an address. So, if you were gonna send somebody down the street to Joe’s place, you would say okay well go to this address, then you would give them the address of Joe’s place and they would be able to find it. The same thing is happening on a DNS server. You give the DNS server a domain name that you want to look at, and then th the DNS server takes that and says okay well I know this domain name is supposed to route to this IP address. So, you request, you need to go over to the server to get that content, and so your request then gets translated to an IP address and other information, and it gets to the web server that it’s supposed to be at. And then the web server running Apache or anything really nginx, I’m sure there’s tons out there that I don’t know about, but the web server receives requests, it receives all of the information related to it. So, cookies you know session variable stuff like that as well as the exact item you want to look at it. So, if you go to website.com/something /something else, everything after the .com/ is called a URI and that indicates what piece of content on the server you want. So, think of the first part domain.com as what server you need to be communicating with, and then afterward you know /about.php or something that’s gonna tell the server once it gets the request what page it needs to send you. And then it does it’s you know rendering process and it sends you that page in the exact same route that your request took to get there. So, it’s like when you send your friend down the street to Joe’s place to pick up a box of pizza. So, your friend walks down the street he turns left you know maybe turns right, he gets to Joe’s place, he walks in says hey I need to get a pizza, Joe gives him the pizza, then he walks same way back to your house, and before you know it a web page has loaded within your computer box. That’s how that happens. I hope you guys understood that. In the next video we’re actually gonna cover a few more concepts before we dive into you know really understanding to the point that we can use applications to do certain things. So, I hope you guys found that informative. If you didn’t, if there’s any point in this video that you felt lost or confused, or even that I was just rambling, or even if you just want to tell me you know a few more web server applications aside from Apache, there is a comment section to the side of this video. You just leave a comment I will reply and get you whatever information you need, and hopefully this will make sense to you.

Posted on by

Introduction to Networking on Linux

Click here to subscribe for more videos like this!

So, we’re all done with the user accounts and groups and stuff and we’re gonna move on to networking. Networking is a big topic in and of itself, and so there’s no humanly way possible I’d be able to teach you everything there is to know about networking, and I don’t plan to. What I plan to do is give you guys the most essential and necessary information about networking and then take that as you want and you know further development, but this should be a starting point for you. It should help you understand what’s actually happening on a network, and even what network is. So, for people new to I guess computers, technology, and maybe not new but maybe you’ve used the internet before and you just haven’t thought about you know what’s actually happening, and that’s how I was for a long time actually. I had worked with an internet service provider and before I worked there I just though you know the internet was magic. That you know I opened up a web browser and type in a series of letters you know separated by a few dots that somehow, magically, I didn’t really care how it happened at that point it went out and found a page. You know magically brought it to my computer, and so if that’s the kind of understanding you guys have at this point this is going to be some really great information for you guys to take and really absorb.