network

How to monitor all outgoing requests/connections from your GNU/Linux machine

10 May 2023 in Bash / GNU/Linux tagged bash / connections / GNU/Linux / netstat / network / server by Tux

netstat -nputw;

The “netstat” command is a network utility tool used to display information about active network connections, including the protocol used (TCP or UDP), the local and remote addresses and port numbers, and the current state of the connection.

The options used in this command are as follows:

“n” displays addresses and port numbers in numerical form rather than converting them to hostnames and service names.
“p” shows the process ID (PID) and program name using the connection.
“u” displays UDP connections.
“t” displays TCP connections.
“w” displays raw sockets.
“;” separates the command from other commands that may follow.

Therefore, the command netstat -nputw; will display all current network connections on the machine, including the corresponding processes and raw socket connections, in a numerical format without resolving hostnames and service names.

Do SFP transceivers have a MAC address or does the address belongs to the SFP port?

3 May 2023 in Firewall / Other tagged MAC / network / SFP / transceiver by Tux

SFP (Small Form-factor Pluggable) transceivers do not have a MAC address. The MAC address is assigned to the network interface controller (NIC) or network adapter, which is the hardware component responsible for connecting a device to a network.

The SFP transceiver is a hot-swappable input/output device that plugs into a port on a network switch, router, or other networking devices and allows the device to transmit and receive data over fiber optic or copper cables. The SFP port to which the SFP transceiver is connected is typically assigned a unique MAC address by the device manufacturer.

Therefore, the MAC address belongs to the device’s network interface using the SFP port, not the SFP transceiver itself.

Using nmap to scan a network and identify which hosts are alive

24 March 2023 in GNU/Linux tagged GNU/Linux / network / nmap / scan / scanning by Tux

The command “nmap -sP 192.168.100.0/24” scans a network and identifies which hosts are alive (i.e., which IP addresses are being used) within the specified range.

In more detail, the “nmap” command is a widely used network exploration tool that can be used for tasks such as host discovery, port scanning, and service enumeration.

The “-sP” option tells nmap to perform a “ping scan,” where it sends an ICMP echo request to each host in the specified IP range and checks for responses. This method is typically faster than other scanning techniques because it only determines whether a host is up or not without gathering additional information about the host’s ports or services.

The “192.168.100.0/24” argument specifies the IP range to be scanned, specifically the subnet mask “255.255.255.0,” which corresponds to the range of IP addresses from 192.168.100.0 to 192.168.100.255. The “/24” suffix is a shorthand notation for the subnet mask.

Overall, the command “nmap -sP 192.168.100.0/24” is a helpful tool for network administrators or security professionals who need to identify which hosts are active on a particular network quickly. It can help to identify potential security vulnerabilities or unauthorized devices connected to the network.

Ubuntu – Overwrite dockerd default settings

13 September 2021 in Bash / GNU/Linux tagged bash / bridge / default-address-pools / docker / docker-compose / dockerd / GNU/Linux / network / systemctl / ubuntu by Tux

Trying to create a new bridge on docker, we got the following error

$ docker-compose up -d;
Creating network "docker-compose_new_bridge" with driver "bridge"
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network

After investigating, we realized that it was due to some default limitations of docker that did not allow more virtual networks to be created. To overcome the problem, we read that we had to give access to more address space using the /etc/docker/daemon.json.

On Ubuntu that file did not exist so we created it and copied the following content to it:

{
  "default-address-pools": [
    {
      "base": "172.80.0.0/16",
      "size": 24
    },
    {
      "base": "172.90.0.0/16",
      "size": 24
    }
  ]
}

Source: https://docs.docker.com/engine/reference/commandline/dockerd/

This configuration allowed Docker to reserve the network address space 172.80.[0-255].0/24 and 172.90.[0-255].0/24, that provided the daemon a total of 512 networks each owning 256 addresses.

To apply the changes to the daemon, we restarted it:

sudo systemctl restart docker.service;

and then we applied our changes to our docker ecosystem:

docker-compose up -d;

Bytefreaks.net – a place for hacks