Lab
A Cloud Guru

Analyzing Network Traffic on a Linux Host

Being able to observe network traffic and scan for open ports is helpful when troubleshooting network connectivity issues. In this hands-on lab, you will be tasked with scanning TCP and UDP ports on remote servers using the `nmap` command, gaining more information about network services using the `ss` and `lsof` commands, and performing packet captures of network traffic using the `tcpdump` command.

Try for free Contact sales

Path Info

Level

Intermediate

Duration

45m

Published

Dec 18, 2020

Challenge

Scan for Open Ports on Server 1 and Server 2
- On Server 3, use the nmap command to scan for open TCP ports on Server 1 and Server 2.
```
# nmap -F 10.0.1.10
# nmap -F 10.0.2.10
```
- On Server 3, use the nmap command to scan for open UDP ports on Server 1 and Server 2.
```
# nmap -sU -F 10.0.1.10
# nmap -sU -F 10.0.2.10
```
- On Server 3, use the nmap command to scan for open TCP ports and provide OS and version information on Server 1 and Server 2.
```
# nmap -A -F 10.0.1.10
# nmap -A -F 10.0.2.10
```
- On Server 3, use the nmap command to scan for open UDP ports and provide OS and version information on Server 1.
```
# nmap -sU -A -F 10.0.1.10
```
Challenge

Analyze the Listening Sockets on Server 1 and Server 2
- On Server 1, use the ss command to view open TCP and UDP sockets that were discovered by the nmap command.
```
# ss -tulnp
```
- On Server 1, view the open files for each service discovered by the nmap command and record the totals to a file (the file should be named after the service that the count is for).
```
# lsof | grep ssh | wc -l > ssh
# lsof | grep httpd | wc -l > http
# lsof | grep cupsd | wc -l > cups
# lsof | grep ntpd | wc -l > ntp
```
- On Server 2, use the ss command to view open TCP sockets that were discovered by the nmap command.
```
# ss -tlnp
```
- On Server 2, view the open files for each service discovered by the nmap command and record the totals to a file.
```
# lsof | grep sshd | wc -l > ssh
# lsof | grep master | wc -l > postfix
# lsof | grep nginx | wc -l > nginx
```
Challenge

Perform a Packet Capture of the 10.0.3.20 Interface on Server 1
- On Server 1, determine which interface has the 10.0.3.20 address and list the interfaces available for use with the tcpdump command.
```
# ip addr show
# tcpdump -D
```
- On Server 1, use the tcpdump command to record 5 packets from the 10.0.3.20 interface and save it to a file called 10-0-3-20.pcap. Then, view its contents.
```
# tcpdump -i eth1 -c 5 -w 10-0-3-20.pcap
# tcpdump -r 10-0-3-20.pcap
```

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.