Networks

SMTP

HELO example.com
MAIL FROM:<a@example.com>
RCPT TO:<b@example.com>
RCPT TO:<c@example.com>
DATA
Subject: Test 01
FROM: a@example.com
To: b@example.com, c@example.com

Good morning
.
[$[Get Code]]

(it has to end with a line with a single dot in it)

POP3

user username
pass userpass
list
retr nr
dele nr
quit
[$[Get Code]]

IMAP

IMAP RFC 3501

C: a0001 LOGIN USER PASS
S: a0001 OK LOGIN Ok.

C: a0002 LIST "" ""
S: * LIST (Noselect) "." ""
S: a0002 OK LIST completed

C: a0003 LSUB "" "*"
S: * LSUB (Marked HasChildren) "." "INBOX"
S: * LSUB (Unmarked HasNoChildren) "." "INBOX.Drafts"
S: * LSUB ...

C: a0004 SELECT "INBOX.test"
S: * FLAGS (Draft Answered Flagged Deleted Seen Recent)
S: * OK [PERMANENTFLAGS (* Draft Answered Flagged Deleted Seen)] Limited
S: * 1 EXISTS
S: * 0 RECENT
S: * OK [UIDVALIDITY 1129647005] Ok
S: * OK [MYRIGHTS "acdilrsw"] ACL
S: a0004 OK [READ-WRITE] Ok

C: a0005 FETCH 1:4 (UID FLAGS)
S: * 1 FETCH (UID 1049 FLAGS (Seen))
S: * 2 FETCH (UID 1113 FLAGS (Seen))
S: * 3 FETCH (UID 1114 FLAGS (Seen))

C: a0006 SEARCH UNSEEN
S: * SEARCH 9

C: a0007 UID FETCH 9 BODY.PEEK[]
S: * 1 FETCH (UID 9 BODY[] {14111}

C: A008 LOGOUT
S: * BYE ...
[$[Get Code]]

HTTP

GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: telnet
Accept: text/xml,application/xml,application/xhtml+xml,text/html,text/plain
Accept-Language: de,en
Referer: http://foo.examle.com
[$[Get Code]]

httpie is a nicer curl

http tgunkel.de
[$[Get Code]]

Testing local web servers with their official hostnames

Webservers are usually configured to only respond to their official domain names. This becomes a problem when you want to test them locally before they go live. This is how you can test a local webserver with the IP 192.168.0.1 that has been configured to listen to www.example.com:

curl --header "Host: www.example.com" 'http://192.168.0.1/index.html'
[$[Get Code]]

If you use https you need to do this

curl -sv --resolve www.example.com:443:192.168.0.1 'https://www.example.com/index.html'
[$[Get Code]]

CORS Cross-Origin Resource Sharing

  • You are using in your browser a website A. You have there some privileges, maybe because you authenticated, or your IP, ...
  • You also have in your browser another website B opened
  • Now B can send via JavaScript a request to website A and A will think it actually comes from you and not from some other website because it runs in your browser.

As this is dangerous such requests will be blocked in your browser. In order to make it work

  • the request from B needs to have an Origin header that explains that it comes from B
  • the response from A needs to have an Access-Control-Allow-Origin that matches the Origin header.

Example

curl --verbose -H "Origin: http://example.com" 'http://internal.server.localhost'
< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: http://example.com
[$[Get Code]]

IP

ipcalc "10.0.0.0/25"
[$[Get Code]]

IPV4

ipv4 MaskConstant Parts
/32Everything, only one machine (255.255.255.255)
/24Everything but the last block (255.255.255.0)
/8Only the first block (255.0.0.0)
/0Nothing, all machines (0.0.0.0)

IPV6

IPV6 An IPV6 address consists of 8 blocks with 4 Hex numbers (which are 16 bits). The whole address has 128 bits. In each Block you can skip the leading 0 and one complete 0 area can be written as ::.

A single IPV6 address:

2001:1db8:85a3:28d3:1319:8a2e:3374:7344/128
[$[Get Code]]

A network where all addresses in the same network only differ in the last Hex number

2001:1db8:85a3:28d3:1319:8a2e:3374:7340/124
[$[Get Code]]

A smaller number behind the / is a larger network

2001:1db8:85a3:28d3:1319:8a2e:3374:0000/112
2001:1db8:85a3:28d3:1319:8a2e:3374:0/112
2001:1db8:85a3:28d3:1319:8a2e:3374::/112

2001:1db8:85a3:28d3:1319:8a2e::/96

2001:1db8:85a3:28d3:1319::/80

2001:1db8:85a3:28d3::/64

2001:1db8:85a3::/48

2001:1db8::/32

2001::/16

fd00::/8
[$[Get Code]]

A normal uplink provider gets a /32, normal people get a /64 network.

Special addresses No address:

::/128

[$[Get Code]]

Localhost

::1/128
[$[Get Code]]

Link local, each interfaces generates this automatically.

fe80::/64
[$[Get Code]]

Successor for the private IPV4 addresses, deprecated

fec0::/10
[$[Get Code]]

Successor of the successor of the private IPV4 addresses. Formed like this

fd00::/8
[$[Get Code]]
fd9e:21a7:a92c:2323::1
[$[Get Code]]

Here is fd the prefix for local generated ULAs, 9e:21a7:a92c a random value for your network and is a Subnet for you.

Similar, but assigned globally.

fc00::/8
[$[Get Code]]

Multicast

ff00::/8
[$[Get Code]]

Examples:

# host -t AAAA www.google.com
www.google.com has IPv6 address 2a00:1450:4005:808::1012


[$[Get Code]]
# ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:1e:8c:ab:cd:12
inet Adresse:10.0.0.4 Bcast:10.0.0.255 Maske:255.255.255.0
inet6-Adresse: fe80::21e:8cff:feab:cd12/64

# ping6 -I eth0 fe80::21e:8cff:feab:cd12
[$[Get Code]]
ping6 -I eth0 ff02::1
[$[Get Code]]

Ping one ipv6 IP in the local network

ping6 -I eth0 fe80::xxxx:xxxx:xxxx:xxxx
[$[Get Code]]

DNS

How do DNS request work There are 13 DNS root servers. You first ask one of them who is responsible for the section

dig @198.41.0.4 www.tgunkel.de
;; QUESTION SECTION:
;www.tgunkel.de. IN A

;; AUTHORITY SECTION:
de. 172800 IN NS s.de.net.
de. 172800 IN NS n.de.net.
de. 172800 IN NS a.nic.de.
de. 172800 IN NS f.nic.de.
de. 172800 IN NS l.de.net.
de. 172800 IN NS z.nic.de.
[$[Get Code]]

You can now cache the result so you do not need to ask again for the next .de domain. It is supposed to be valid for 172800/(60*60)=48 hours.

Pick any of the nameservers for that section and ask again

dig @s.de.net www.tgunkel.de
;; QUESTION SECTION:
;www.tgunkel.de. IN A

;; AUTHORITY SECTION:
tgunkel.de. 86400 IN NS ns2.hans.hosteurope.de.
[$[Get Code]]

Now you know which server is responsible for that domain. That can again be cached. 86400/(60*60)=24 hours

# dig @ns2.hans.hosteurope.de www.tgunkel.de
;; QUESTION SECTION:
;www.tgunkel.de. IN A

;; ANSWER SECTION:
www.tgunkel.de. 3600 IN CNAME tgunkel.de.
[$[Get Code]]

This is the final answer. This one is valid for 3600/(60*60)=1 hour.

Get current dns settings

systemd-resolve --status
[$[Get Code]]

nmap

Find all ssh servers

nmap -p 22 --open -sV 192.168.178.0/24
nmap -p 22 --open -sV 192.168.178.0-255
[$[Get Code]]

Linux Bonding

One Linux computer with at least 2 network cards. Connect your network cards with one or more normal switches.

Advantage: Higher network performance and if one of the network cables fails the connection is not interrupted.

apt-get install net-tools ethtool ifenslave-2.6 bmon
[$[Get Code]]
/etc/network/interfaces

allow eth0
iface eth0 inet dhcp

allow eth1
iface eth1 inet dhcp

auto bond0
iface bond0 inet dhcp
bond-mode 6
bond-miimon 1000
bond-slaves eth0 eth1
[$[Get Code]]

Now you have one virtual network device called bond0 which distributes the data on both real cards eth0 and eth1. If one looses connection this will be detected and the data will be transferred by the remaining cards

bonding: bond0: link status definitely down for interface eth0, disabling it
bonding: bond0: making interface eth1 the new active one.
[$[Get Code]]

Look into packages

tcpflow -p -c -i eth0 port 80 | grep -E '(GET|POST|HEAD) .*/foo/' --line-buffered | tee /tmp/all_foo_requests.txt
tcpdump -A -s 10240 '(((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | egrep --line-buffered "^........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET |HTTP\/|POST |HEAD )/\n\1/g' | grep \ HTTP
[$[Get Code]]

ngrep is a nicer tcpdump

ngrep -q 'HTTP' 'host 172.17.0'
[$[Get Code]]

Configurate Modem

e.g. with minicom

ATD[''NR'']
[$[Get Code]]
Dial Nr
ATL[''0'']
ATL[''1'']
ATL[''2'']
ATL[''3'']

[$[Get Code]]
Speaker Volume Level [x]
ATX[''3'']
ATX[''4'']
[$[Get Code]]
[3]=Ignores busy and honours dial-tone, [4]=Honours busy and dial-tone
ATM[''0'']
ATM[''1'']
ATM[''2'']
[$[Get Code]]
[0]=Speaker off, [1]=Speaker on while dialling, [2]=Speaker on
AT&amp;W
[$[Get Code]]
Save