Path: content/Tips/Network/default.md
Networking
Caputure network events from a process
This will dump all network events relating to the command you specify - useful to see if your application is trying to talk to some remote service:
strace -f -e trace=network -s 10000 command_with_args_here
It also attaches to subprocesses.
tcpdump - capture whole packet
Mostly human readable tcpdump capture command:
tcpdump -p nnvvXSs 1514
Simpler version:
tcpdump -nnXSs 0
0 defaults to the entire packet.
Can also specify -w to write to a file and -C nnn to specify file size
This will do a circular log with 1MB log files, and keep 20 of them before overwriting the oldest:
tcpdump -C1 -W20 -pnnvvXSs1514 -wtcpdump
Use rsync to copy just the folder structure
Copy just the folder structure:
rsync -a -f"+ */" -f"- *" source/ destination/
Network Scan
fping is a useful tool for ping scaning whole network ranges. Bit less heavyweight than nmap:
apt-get install fping
fping -g 10.188.0.1 10.188.0.254 2>/dev/null | grep 'is unreachable' | cut -d ' ' -f 1 | sort -t '.' -k 4 -nTo then check for reverse DNS entries:
fping -g 10.188.0.1 10.188.0.254 2>/dev/null | grep 'is unreachable' | cut -d ' ' -f 1 | sort -t '.' -k 4 -n | xargs -n1 host | grep 'not found'