Networks

SMTP

HELO example.com
MAIL FROM:<a@example.com>
RCPT TO:<b@example.com>
RCPT TO:<c@example.com>
DATA
Subject: Test 01
FROM: a@example.com
To: b@example.com, c@example.com

Good morning
.

(it has to end with a line with a single dot in it)

POP3

user username
pass userpass
list
retr nr
dele nr
quit

IMAP

IMAP RFC 3501

C: a0001 LOGIN USER PASS
S: a0001 OK LOGIN Ok.

C: a0002 LIST "" ""
S: * LIST (Noselect) "." ""
S: a0002 OK LIST completed

C: a0003 LSUB "" "*"
S: * LSUB (Marked HasChildren) "." "INBOX"
S: * LSUB (Unmarked HasNoChildren) "." "INBOX.Drafts"
S: * LSUB ...

C: a0004 SELECT "INBOX.test"
S: * FLAGS (Draft Answered Flagged Deleted Seen Recent)
S: * OK [PERMANENTFLAGS (* Draft Answered Flagged Deleted Seen)] Limited
S: * 1 EXISTS
S: * 0 RECENT
S: * OK [UIDVALIDITY 1129647005] Ok
S: * OK [MYRIGHTS "acdilrsw"] ACL
S: a0004 OK [READ-WRITE] Ok

C: a0005 FETCH 1:4 (UID FLAGS)
S: * 1 FETCH (UID 1049 FLAGS (Seen))
S: * 2 FETCH (UID 1113 FLAGS (Seen))
S: * 3 FETCH (UID 1114 FLAGS (Seen))

C: a0006 SEARCH UNSEEN
S: * SEARCH 9

C: a0007 UID FETCH 9 BODY.PEEK[]
S: * 1 FETCH (UID 9 BODY[] {14111}

C: A008 LOGOUT
S: * BYE ...

HTTP

GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: telnet
Accept: text/xml,application/xml,application/xhtml+xml,text/html,text/plain
Accept-Language: de,en
Referer: http://foo.examle.com

httpie is a nicer curl

http tgunkel.de

Testing local web servers with their official hostnames

Webservers are usually configured to only respond to their official domain names. This becomes a problem when you want to test them locally before they go live. This is how you can test a local webserver with the IP 192.168.0.1 that has been configured to listen to www.example.com:

curl --header "Host: www.example.com" 'http://192.168.0.1/index.html'

If you use https you need to do this

curl -sv --resolve www.example.com:443:192.168.0.1 'https://www.example.com/index.html'

CORS Cross-Origin Resource Sharing

  • You are using in your browser a website A. You have there some privileges, maybe because you authenticated, or your IP, ...
  • You also have in your browser another website B opened
  • Now B can send via JavaScript a request to website A and A will think it actually comes from you and not from some other website because it runs in your browser.

As this is dangerous such requests will be blocked in your browser. In order to make it work

  • the request from B needs to have an Origin header that explains that it comes from B
  • the response from A needs to have an Access-Control-Allow-Origin that matches the Origin header.

Example

curl --verbose -H "Origin: http://example.com" 'http://internal.server.localhost'
< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: http://example.com

IP

ipcalc "10.0.0.0/25"

IPV4

ipv4 MaskConstant Parts
/32Everything, only one machine (255.255.255.255)
/24Everything but the last block (255.255.255.0)
/8Only the first block (255.0.0.0)
/0Nothing, all machines (0.0.0.0)

IPV6

IPV6 An IPV6 address consists of 8 blocks with 4 Hex numbers (which are 16 bits). The whole address has 128 bits. In each Block you can skip the leading 0 and one complete 0 area can be written as ::.

A single IPV6 address:

2001:1db8:85a3:28d3:1319:8a2e:3374:7344/128

A network where all addresses in the same network only differ in the last Hex number

2001:1db8:85a3:28d3:1319:8a2e:3374:7340/124

A smaller number behind the / is a larger network

2001:1db8:85a3:28d3:1319:8a2e:3374:0000/112
2001:1db8:85a3:28d3:1319:8a2e:3374:0/112
2001:1db8:85a3:28d3:1319:8a2e:3374::/112

2001:1db8:85a3:28d3:1319:8a2e::/96

2001:1db8:85a3:28d3:1319::/80

2001:1db8:85a3:28d3::/64

2001:1db8:85a3::/48

2001:1db8::/32

2001::/16

fd00::/8

A normal uplink provider gets a /32, normal people get a /64 network.

Special addresses No address:

::/128

Localhost

::1/128

Link local, each interfaces generates this automatically.

fe80::/64

Successor for the private IPV4 addresses, deprecated

fec0::/10

Successor of the successor of the private IPV4 addresses. Formed like this

fd00::/8
fd9e:21a7:a92c:2323::1

Here is fd the prefix for local generated ULAs, 9e:21a7:a92c a random value for your network and is a Subnet for you.

Similar, but assigned globally.

fc00::/8

Multicast

ff00::/8

Examples:

# host -t AAAA www.google.com
www.google.com has IPv6 address 2a00:1450:4005:808::1012


# ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:1e:8c:ab:cd:12
inet Adresse:10.0.0.4 Bcast:10.0.0.255 Maske:255.255.255.0
inet6-Adresse: fe80::21e:8cff:feab:cd12/64

# ping6 -I eth0 fe80::21e:8cff:feab:cd12
ping6 -I eth0 ff02::1

Ping one ipv6 IP in the local network

ping6 -I eth0 fe80::xxxx:xxxx:xxxx:xxxx

DNS

How do DNS request work There are 13 DNS root servers. You first ask one of them who is responsible for the section

dig @198.41.0.4 www.tgunkel.de
;; QUESTION SECTION:
;www.tgunkel.de. IN A

;; AUTHORITY SECTION:
de. 172800 IN NS s.de.net.
de. 172800 IN NS n.de.net.
de. 172800 IN NS a.nic.de.
de. 172800 IN NS f.nic.de.
de. 172800 IN NS l.de.net.
de. 172800 IN NS z.nic.de.

You can now cache the result so you do not need to ask again for the next .de domain. It is supposed to be valid for 172800/(60*60)=48 hours.

Pick any of the nameservers for that section and ask again

dig @s.de.net www.tgunkel.de
;; QUESTION SECTION:
;www.tgunkel.de. IN A

;; AUTHORITY SECTION:
tgunkel.de. 86400 IN NS ns2.hans.hosteurope.de.

Now you know which server is responsible for that domain. That can again be cached. 86400/(60*60)=24 hours

# dig @ns2.hans.hosteurope.de www.tgunkel.de
;; QUESTION SECTION:
;www.tgunkel.de. IN A

;; ANSWER SECTION:
www.tgunkel.de. 3600 IN CNAME tgunkel.de.

This is the final answer. This one is valid for 3600/(60*60)=1 hour.

Get current dns settings

systemd-resolve --status

nmap

Find all ssh servers

nmap -p 22 --open -sV 192.168.178.0/24
nmap -p 22 --open -sV 192.168.178.0-255

Linux Bonding

One Linux computer with at least 2 network cards. Connect your network cards with one or more normal switches.

Advantage: Higher network performance and if one of the network cables fails the connection is not interrupted.

apt-get install net-tools ethtool ifenslave-2.6 bmon
/etc/network/interfaces

allow eth0
iface eth0 inet dhcp

allow eth1
iface eth1 inet dhcp

auto bond0
iface bond0 inet dhcp
bond-mode 6
bond-miimon 1000
bond-slaves eth0 eth1

Now you have one virtual network device called bond0 which distributes the data on both real cards eth0 and eth1. If one looses connection this will be detected and the data will be transferred by the remaining cards

bonding: bond0: link status definitely down for interface eth0, disabling it
bonding: bond0: making interface eth1 the new active one.

Look into packages

tcpflow -p -c -i eth0 port 80 | grep -E '(GET|POST|HEAD) .*/foo/' --line-buffered | tee /tmp/all_foo_requests.txt
tcpdump -A -s 10240 '(((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | egrep --line-buffered "^........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET |HTTP\/|POST |HEAD )/\n\1/g' | grep \ HTTP

ngrep is a nicer tcpdump

ngrep -q 'HTTP' 'host 172.17.0'

Configurate Modem

e.g. with minicom

ATD[''NR'']
Dial Nr
ATL[''0'']
ATL[''1'']
ATL[''2'']
ATL[''3'']

Speaker Volume Level [x]
ATX[''3'']
ATX[''4'']
[3]=Ignores busy and honours dial-tone, [4]=Honours busy and dial-tone
ATM[''0'']
ATM[''1'']
ATM[''2'']
[0]=Speaker off, [1]=Speaker on while dialling, [2]=Speaker on
AT&amp;W
Save