Posted in Uncategorized

Network Tools

There are several tools within linux to work with network settings and to help find information about the network that you are on. One thing that you will see if that I have hidden the mac address of my stuff here for this tutorial. The reason is that the mac address is considered to be the physical address of your network interface. If was brought up that it is similar to your home address.

 

Disclaimer: These should not be used to malicious activity and I do not condone and am not responsible for any malicious act committed by any command shown.

 

  • ifconfig -a – In the example below, the ether name shows the MAC Address assigned to your network interface which is unique to each card. The inet is the network address given to your network interface in an IPV4 format. The inet 6 is also known as IPV6 and is not used by a lot of internet service providers yet.

 

 

 

 

  • iwconfig – The iwconfig command give information about the wifi network that you are connected to. The Access Point that I marked through is the MAC address of that access point.

 

 

  • sudo ifconfig wlp2s0 promisc – To place a wireless interface in promiscuous mode for monitoring your local wifi network, use the ifconfig command shown with the wireless interface. Keep in mind that you need to do this with sudo as you are making changes to the network interface.

 

  • sudo ifconfig wlp2s0 -promisc – This command will take you out of promiscuous mode and back to normal wifi operations.

 

Before the change to promiscuous mode:

 

 

 

 

After the change to promiscuous mode:

 

 

 

—===—===—===—

—===—===—===—

Routing

 

  • route command – The route command in linux shows the kernel routing table information. Under flags, the U is showing up while G is showing Gateway. Show UG is an up gateway.

 

 

  • route -n – The route with the -n switch changes the host names in the route table is IP Address instead of showing the actual name itself.

 

 

  • route add -net default gw gatewayname dev wlp2s0

 

  • route -Cn – Shows the cache route table for faster network traffic routing. There may not be any cache available so don’t be concerned if you don’t see anything here.

 

 

 

—===—===—===—
—===—===—===—
One thing that become an issue is when someone tries to brute force your machine or network. Most companies have way to deter this but what if you are a home user and don’t have the fancy network firewalls and IDS systems? This will help in taking care of the problem.
These notes were something that I had used from time to time while working in the linux hosting industry which work well. If there is a problem IP Address, just nullroute the IP using route command. Lets say that the IP Address causing problem is 65.21.34.4, just type following command at your command line.
  • route add 65.21.34.4 gw 127.0.0.1 lo
You can verify it with following command:
  • netstat -nr OR route -n
You can also reject target:
  • route add -host IP-ADDRESS reject
  • route add -host 64.1.2.3 reject
To confirm the null routing status, use ip command as follows:
  • ip route get 64.1.2.3
Output: RTNETLINK answers: Network is unreachable
Drop entire subnet 192.67.16.0/24:
  • route add -net 192.67.16.0/24 gw 127.0.0.1 lo
You can also use ip command to null route network or ip, enter:
  • ip route add blackhole 202.54.5.2/29
  • route -n
If you would like to remove a null route or a blocked IP Address, just enter the following:
  • route delete 65.21.34.4

 

—===—===—===—

—===—===—===—

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *