EXP: Geekbuzz - Be a Network Spy : Top 5 Tools in the CLI

NixiePixel

New member
Sep 23, 2013
20
0
0
Geekbuzz - Be a Network Spy : Top 5 Tools in the CLI

Want to know why your ping times suck in Battlefield 4? Be careful, you might actually enjoy learning how to troubleshoot your network in the command line. Monitor performance, bandwidth usage much more using simple code.

Watch Video
 

ewhac

Digital Spellweaver
Legacy
Escapist +
Sep 2, 2009
575
0
21
San Francisco Peninsula
Country
USA
ping: Some hosts turn off ICMP responses, since ping and friends can be used to mount cheap DoS attacks. So the lack of a ping response isn't clinching proof that a host is inaccessible.

traceroute: Similar problem -- some hosts will discard packets whose TTL has dropped to zero, rather than returning an error to the originator. Also some hosts and/or routers in between don't want you to know how they're hooked together, so they'll nerf TTL errors as well.

dig: RTFRFC. `dig` basically emits and receives DNS queries directly. If you don't know the DNS protocol or the database record structure it uses, there's a good chance you'll misinterpret the results.

iftop: Huh, never heard of this one. Reminds me a bit of `iptraf`...

whois: Not really all that useful for diagnosing network trouble. However, it can give you a rough idea of whose rogue network is sending you all those bruteforce SSH login attempts (*cough*hinet.net*cough*)...
 

Flunk

New member
Feb 17, 2008
915
0
0
^^ True, it's best practice to disable ICMP responses.

Who is this video for? People who are comfortable with the command line already who already know about these very basic tools or raw notices that are too scared to even venture to the black-screen of doom.
 

StHubi

New member
Jan 15, 2010
56
0
0
Thanks for the well explained video! As a Windows user I knew already a lot of them or at least their Windows equivalents. There still seems to be a little gap in tools on Windows considering iftop. Or is it available for Windows with a different name?
 

StHubi

New member
Jan 15, 2010
56
0
0
Stryker said:
Nixie mentioned Wireshark as a better tool for capturing network-traffic.
It is practically iftop with a graphical user interface (short: GUI).

Be aware though, that sniffing public wireless communications is a legally and morally gray area, if not entirely illegal in your country.
We are talking about invading the privacy of others by tapping into their traffic here and not everyone uses, or can use, encryption.
I know Wireshark already and it is illegal to use it in my country unless you have the permission of the network owner... Normally I prefer command line utilities if they are available, but Wireshark does a REALLY good job.
 

CWestfall

New member
Apr 16, 2009
229
0
0
Flunk said:
^^ True, it's best practice to disable ICMP responses.

Who is this video for? People who are comfortable with the command line already who already know about these very basic tools or raw notices that are too scared to even venture to the black-screen of doom.
I found it quite useful, myself. I'm pretty comfortable with workaday UNIX commands, but very rarely venture into the world of networking.

I knew ping was a thing, of course, and I was aware of traceroute and whois but didn't realize they were available as CLI utilities. iftop and dig were strictly new information.