Common packages

for those binaries

ifconfig, netstat, rarp, route, ip, dig

from those packages

apt install net-tools iproute2 dnsutils

Ip, arp, route

Command meaning
ip a get IP of the system
ip r get routes of the system
ip route change default via dev ens8 proto dhcp metric 100 modify default route
ip addr add dev ens4 add (failover) IP to a NIC
ip route add default via src
ip route add default scope global src \
    nexthop via dev ens224 weight 1 \
    nexthop via dev ens224 weight 1


new ubuntu network manager

cat /{lib,etc,run}/netplan/*.yaml


Warning : Netstat is considered deprecated and not optimized. It's prefered to use ss instead

Show network connections, listening process

command specification
netstat -t list tcp connections
netstat -lt list listening tcp socket
netstat -lu list listening udp socket
netstat -ltu list listening udp + tcp socket
netstat -lx list listening unix socket
netstat -ltup same as above, with info on process
netstat -ltupn p(PID), l(LISTEN), t(tcp), n(Convert names)
netstat -ltpa all = ESTABLISHED (default) LISTEN
netstat -lapute classic useful usage
netstat -salope same
netstat -tupac same


(new quicker way).
More info on listening process.

ss -tlpn
ss -tulipe
ss -lapute
ss -laputen
ss -ltpn sport eq 2377
ss -t '( sport = :ssh )'
ss -ltn sport gt 500
ss -ltn sport le 500



Real time, just see what’s going on, by looking at all interfaces. ccze is for colorized output

tcpdump -i any -w capturefile.pcap

tcpdump port 80 -w capture_file

tcpdump 'tcp[32:4] = 0x47455420'

tcpdump -n dst host ip

tcpdump -i any -XXXvvv dst host
tcpdump -i any -XXXvvv dst host
tcpdump -i any -XXXvvv dst host and port 443

tcpdump -vv -i any port 514

tcpdump -i any -XXXvvv src net and dst port 1234 or dst port 4321 | ccze -A

tcpdump -i any port not ssh and port not domain and port not zabbix-agent | ccze -A


tcpdump -i lo udp port 123 -vv -X

tcpdump -vv -x -X -s 1500 -i any 'port 25' | ccze -A


Print much better payload

tcpflow -c port 443

tcpflow port 80

tcpflow -i eth0 port 80

tcpflow -c host

List ports a process PID is listening on

lsof -Pan -p $PID -i
# ss version
ss -l -p -n | grep ",1234,"


debian 9 new network management style

vim /etc/systemd/network/
systemctl status systemd-networkd
systemctl restart systemd-networkd


old fashioned network management style


vlan tagging and route add

auto enp61s0f1.3200
iface enp61s0f1.3200 inet static
  vlan-raw-device enp61s0f1
  post-up ip route add via

# with package "ifupdown"
auto eth0
    iface eth0 inet static


Activate NAT (Network Address Translation)

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE




apt install openvpn resolvconf

sudo openvpn --config /home/baptiste/.openvpn/

To get /etc/resolv.conf automatically managed by your vpn client. You have to add the following lines

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf


Netcat (network catch) TCP/IP swiss army knife


nc -l -p 80
nc -lvup 514

# listen all ip on tcp port 443
nc -lvtp 443

Check port opening

only for TCP (obviously), UDP is not connected protocol

nc -znv 3306

manually write tcp packet

echo '<187>Apr 29 15:26:16 qwarch plop[12458]: baptiste' | nc -u 1514

Internet Exchange Point



Bord Gateway Protocol.

  • i-bgp (Internal BGP)
  • e-bgp (External BGP)

Internal = Relations in the same AS External = Relation between various AS

Best practises

Influence des bonnes pratiques sur les incidentsBGP


BGP Open bird console


Once inside bird console.
show routes

show route

Config example


Setup the source address for outgoing interface (krt_prefsrc)

# Config example for bird 1.6 
#debug protocols all;

router id;

# Watch interface up/down events
protocol device {
       scan time 10;

# Import interface routes (Connected)
# (Not required in this example as kernel import all is used here to workaround the /32 on eth0 GCE VM setup)
#protocol direct {
#       interface "*";

# Sync routes to kernel
protocol kernel {
       merge paths on; # For ECMP
       export filter { 
              krt_prefsrc =; # Internal IP Address of the strongSwan VM. 
              accept; # Sync all routes to kernel
       import all; # Required due to /32 on GCE VMs for the static route below

# Configure a static route to make sure route exists
protocol static {
       # Network connected to eth0
       route recursive; # Network connected to eth0
       # Or blackhole the aggregate
       # route blackhole; 

# Prefix lists for routing security
# (Accept /24 as the most specific route)
define GCP_VPC_A_PREFIXES = [{16,24} ]; # VPC A address space
define LOCAL_PREFIXES     = [{16,24} ];  # Local address space

# Filter received prefixes
filter gcp_vpc_a_in
      if (net ~ GCP_VPC_A_PREFIXES) then accept;
      else reject;

# Filter advertised prefixes
filter gcp_vpc_a_out
      if (net ~ LOCAL_PREFIXES) then accept;
      else reject;

template bgp gcp_vpc_a {
       keepalive time 20;
       hold time 60;
       graceful restart aware; # Cloud Router uses GR during maintenance
       #multihop 3; # Required for Dedicated/Partner Interconnect

       import filter gcp_vpc_a_in;
       import limit 10 action warn; # restart | block | disable

       export filter gcp_vpc_a_out;
       export limit 10 action warn; # restart | block | disable

protocol bgp gcp_vpc_a_tun1 from gcp_vpc_a
       local as 65002;
       neighbor as 65000;



Fortinet Vpn connexion handling

Instead of install a dirty vendor client. You can setup your vpn client by the magnificnet NetworkManager.
You need to install the module.
Example for gnome

dnf search fortisslvpn                                                                                                                                                                  ─╯
Last metadata expiration check: 7 days, 18:32:25 ago on Mon 28 Dec 2020 02:34:03 PM CET.
================================================================================= Name Matched: fortisslvpn ==================================================================================
NetworkManager-fortisslvpn.x86_64 : NetworkManager VPN plugin for Fortinet compatible SSLVPN
NetworkManager-fortisslvpn-gnome.x86_64 : NetworkManager VPN plugin for SSLVPN - GNOME files
plasma-nm-fortisslvpn.x86_64 : Fortigate SSL VPN support for plasma-nm
dnf install NetworkManager-fortisslvpn-gnome

And then you're now able to configure a new vpn connection type in networkmanager gui.

nmcli connection modify <vpn-settings-name> ipv4.dns-search '<domain>,<domain>,<domain>'

Ensure it's take into account

resolvectl status ppp0
resolvectl status

results matching ""

    No results matching ""

    results matching ""

      No results matching ""