The echo service is defined in RFC 862. It runs on TCP or UDP port 7. One step more advanced than discard, it sends back any data received until the connection is closed. How do you instruct Ncat to return what it receives? One easy way is to run everything through /bin/cat.
The daytime service, defined in RFC 867, sends a human-readable date and time string over TCP or UDP port 13. It ignores any input. The format of the date and time string is left unspecified, so we are free to use the output of /bin/date. Because we are not interested in anything sent by the client we use the –send-only option.
The qotd (quote of the day) service is defined in RFC 865. When a connection is made to TCP or UDP port 17, it sends back a short message, ignoring any input. Ncat can do this by invoking a program that generates messages. A traditional choice is /usr/games/fortune, though there are many possibilities. /usr/bin/uptime, for example, could be useful.
1
2
3
4
TCP qotd server
ncat -l 17 --keep-open --send-only --exec "/usr/games/fortune"UDP qotd server
do ncat -l 17 --keep-open --udp --send-only --exec "/usr/games/fortune"
1.5 chargen service
The chargen service from RFC 864 rounds out our tour of diagnostic services. It runs on TCP and UDP port 19. With TCP, chargen ignores any input and sends a never-ending stream of data. Never-ending, that is, until the connection is closed by the user, who the RFC suggests may have “had enough”. There are many ways of generating the characters; reading from /dev/zero and running yes come to mind.
# -i 指定监控网卡# -e Print the link-level header on each dump line.# -n Don’t convert host addresses to names.# -t Don’t print a timestamp on each dump line.# -s 每个数据的最大显示长度# -v 打印IP数据报头部信息中关键字段的值(例如tos,ttl,offset,传输层协议,长度等信息)。# -x 将数据按照十六进制显示# -X 将数据按照十六进制显示,并显示对应的ASCII。
2.2 tcpdump软件使用实例
2.2.1 指定源IP地址和目的IP地址抓包
1
tcpdump -i eth0 -ent '(dst 192.168.56.6 and src 192.168.56.8) or (dst 192.168.56.8 and src 192.168.56.6)'
2.2.2 指定服务抓包
port domain说明只抓取使用domain域名服务的数据包,即DNS查询和应答报文。
1
tcpdump -i eth0 -nt -s 500 port domain
2.2.3 指定网卡抓包
1
2
# 抓取本地回路上的数据包tcpdump -ntx -i lo
2.2.4 指定协议抓包
1
2
# 只抓取icmp报文tcpdump -i eth0 -ntv icmp
2.2.5 指定端口抓包
1
2
# 只抓发送至或者来自54321端口的TCP报文段tcpdump -i eth0 -n port 54321
3 ping命名的用法
3.1 ping命令常用参数说明
1
2
-i interval # Wait interval seconds between sending each packet.-s packetsize # Specifies the number of data bytes to be sent.
4 ifconfig命令的用法
1
2
3
-a # display all interfaces which are currently available, even if downup # This flag causes the interface to be activateddown # This flag causes the driver for this interface to be shut down.
# 显示当前设备上所有网卡信息,包含down的网卡ifconfig -a
# 查询指定网卡的信息ifconfig eth0
5 route命令的用法
5.1 route常用参数说明
1
2
3
4
5
6
-C # operate on the kernel’s routing cache.-n # show numerical addresses instead of trying to determine symbolic host names-v # select verbose operationdel # delete a route.add # add a new route.dev If # force the route to be associated with the specified device
# deletes the current default route, which is labeled "default" # or 0.0.0.0 in the destination field of the current routing table. route del default
# deletes the route. Since the Linux routing kernel uses classless addressing, # you pretty much always have to specify the netmask that is same as as seen in 'route -n' listing.route del -net 192.56.76.0 netmask 255.255.255.0
# adds a default route (which will be used if no other route matches). # All packets using this route will be gatewayed through the address of a node named "mango". # The device which will actually be used for that route depends on how we can reach "mango" - # "mango" must be on directly reachable route.route add default gw mango
# Adds the route to the host named "mango" via # the SLIP interface (assuming that "mango" is the SLIP host).route add mango sl0
# 查看路由表缓冲区# # route -Cn# Kernel IP routing cache# Source Destination Gateway Flags Metric Ref Use Iface# 192.168.56.2 192.168.56.1 192.168.56.1 0 1 0 eth1# 192.168.56.1 192.168.56.2 192.168.56.2 il 0 0 26 loroute -Cn
6 netstat命令的用法
1
2
3
4
5
6
7
8
9
10
11
-a, --all # Show both listening and non-listening (for TCP this means established connections) sockets. With the --interfaces option, show interfaces that are not marked-l, --listening # Show only listening sockets. (These are omitted by default.)-p, --program # Show the PID and name of the program to which each socket belongs.-n, --numeric # Show numerical addresses instead of trying to determine symbolic host, port or user names.-t|--tcp # filter tcp-u|--udp # filter udp-C # Print routing information from the route cache.-F # Print routing information from the FIB. (This is the default.)--route , -r # Display the kernel routing tables.