Practitioner Level

Analyzing Network Traffic on a Linux Host

Pricing
45 minutes
  • 3 Learning Objectives

About this Hands-on Lab

Being able to observe network traffic and scan for open ports is helpful when troubleshooting network connectivity issues. In this hands-on lab, you will be tasked with scanning TCP and UDP ports on remote servers using the `nmap` command, gaining more information about network services using the `ss` and `lsof` commands, and performing packet captures of network traffic using the `tcpdump` command.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Scan for Open Ports on Server 1 and Server 2
  • On Server 3, use the nmap command to scan for open TCP ports on Server 1 and Server 2.
    # nmap -F 10.0.1.10
# nmap -F 10.0.2.10
  • On Server 3, use the nmap command to scan for open UDP ports on Server 1 and Server 2.
    # nmap -sU -F 10.0.1.10
# nmap -sU -F 10.0.2.10
  • On Server 3, use the nmap command to scan for open TCP ports and provide OS and version information on Server 1 and Server 2.
    # nmap -A -F 10.0.1.10
# nmap -A -F 10.0.2.10
  • On Server 3, use the nmap command to scan for open UDP ports and provide OS and version information on Server 1.
    # nmap -sU -A -F 10.0.1.10
Analyze the Listening Sockets on Server 1 and Server 2
  • On Server 1, use the ss command to view open TCP and UDP sockets that were discovered by the nmap command.
    # ss -tulnp
  • On Server 1, view the open files for each service discovered by the nmap command and record the totals to a file (the file should be named after the service that the count is for).
    # lsof | grep ssh | wc -l > ssh
# lsof | grep httpd | wc -l > http
# lsof | grep cupsd | wc -l > cups
# lsof | grep ntpd | wc -l > ntp
  • On Server 2, use the ss command to view open TCP sockets that were discovered by the nmap command.
    # ss -tlnp
  • On Server 2, view the open files for each service discovered by the nmap command and record the totals to a file.
    # lsof | grep sshd | wc -l > ssh
# lsof | grep master | wc -l > postfix
# lsof | grep nginx | wc -l > nginx
Perform a Packet Capture of the 10.0.3.20 Interface on Server 1
  • On Server 1, determine which interface has the 10.0.3.20 address and list the interfaces available for use with the tcpdump command.
    # ip addr show
# tcpdump -D
  • On Server 1, use the tcpdump command to record 5 packets from the 10.0.3.20 interface and save it to a file called 10-0-3-20.pcap. Then, view its contents.
    # tcpdump -i eth1 -c 5 -w 10-0-3-20.pcap
# tcpdump -r 10-0-3-20.pcap
Contact SalesSee Pricing

Additional Resources

You work as a Linux administrator for a small company and have been tasked with analyzing the network traffic and availability of three specific servers in your data center.

First, you will need to log in to Server 3 and scan the open TCP and UDP ports for Server 1 and Server 2. This includes operating system and version information. Then you will need to gather additional information about the services discovered during the scan, including service name, process ID, and a count of all the files the services have opened. The open file counts should be saved to a file named after the service in the /root directory. Finally, you will need to perform a packet capture of the 10.0.3.20 interface on Server 1 and store the contents to a file called in the /root directory.

Note:

  • All tasks should be performed as the root user.
  • All the utilities needed have been installed.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization