Commit b804127
Changed files (17)
networking
components
packet_capture
packet_forensics
protocols
unix
commands
windows
meta
networking/components/index.md
@@ -0,0 +1,13 @@
+---
+date: "2016-12-01"
+draft: false
+title: "Networking"
+
+---
+
+
+* [Broadcast Domains]({{< relref "networking/components/broadcast_domains" >}})
+* [Subnetting]({{< relref "networking/components/subnetting" >}})
+* [Switching]({{< relref "networking/components/switching" >}})
+* [Routing]({{< relref "networking/components/routing" >}})
+
networking/packet_capture/index.md
@@ -0,0 +1,13 @@
+---
+date: "2016-12-01"
+draft: false
+title: "Networking"
+
+---
+
+* [bpf]({{< relref "networking/packet_capture/bpf" >}})
+* [phd]({{< relref "networking/packet_capture/phd" >}})
+* [tcpdump]({{< relref "networking/packet_capture/tcpdump" >}})
+* [tshark]({{< relref "networking/packet_capture/tshark" >}})
+* [wireshark]({{< relref "networking/packet_capture/wireshark" >}})
+* [snoop]({{< relref "networking/packet_capture/snoop" >}})
networking/packet_forensics/index.md
@@ -0,0 +1,16 @@
+
+---
+date: "2016-12-01"
+draft: false
+title: "Networking"
+
+---
+
+
+
+
+* [MAC OUI]({{< relref "networking/packet_forensics/mac_oui" >}}) # TODO
+* [IPv4 initial TTL & TCP Window Size]({{< relref "networking/packet_forensics/ipv4_ttl_ws" >}})
+* [Source Ephemeral ports]({{< relref "networking/packet_forensics/ephemeral_ports" >}})
+* [TCP options (p0f" >}})]({{< relref "networking/packet_forensics/tcp_options_p0f" >}})
+* [DHCP options]({{< relref "networking/packet_forensics/dhcp_options" >}})
networking/protocols/lists/subnets_and_cidrs.md
@@ -0,0 +1,247 @@
+---
+date: "2017-01-30"
+draft: false
+title: "Subnets and CIDRs"
+
+---
+
+``` none
+Netmask Netmask (binary) CIDR Notes
+_____________________________________________________________________________
+255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single addr)
+255.255.255.254 11111111.11111111.11111111.11111110 /31 Unuseable
+255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
+255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
+255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
+255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
+255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
+255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable
+255.255.255.0 11111111.11111111.11111111.00000000 /24 "Class C" 254 useable
+
+255.255.254.0 11111111.11111111.11111110.00000000 /23 2 Class C's
+255.255.252.0 11111111.11111111.11111100.00000000 /22 4 Class C's
+255.255.248.0 11111111.11111111.11111000.00000000 /21 8 Class C's
+255.255.240.0 11111111.11111111.11110000.00000000 /20 16 Class C's
+255.255.224.0 11111111.11111111.11100000.00000000 /19 32 Class C's
+255.255.192.0 11111111.11111111.11000000.00000000 /18 64 Class C's
+255.255.128.0 11111111.11111111.10000000.00000000 /17 128 Class C's
+255.255.0.0 11111111.11111111.00000000.00000000 /16 "Class B"
+
+255.254.0.0 11111111.11111110.00000000.00000000 /15 2 Class B's
+255.252.0.0 11111111.11111100.00000000.00000000 /14 4 Class B's
+255.248.0.0 11111111.11111000.00000000.00000000 /13 8 Class B's
+255.240.0.0 11111111.11110000.00000000.00000000 /12 16 Class B's
+255.224.0.0 11111111.11100000.00000000.00000000 /11 32 Class B's
+255.192.0.0 11111111.11000000.00000000.00000000 /10 64 Class B's
+255.128.0.0 11111111.10000000.00000000.00000000 /9 128 Class B's
+255.0.0.0 11111111.00000000.00000000.00000000 /8 "Class A"
+
+254.0.0.0 11111110.00000000.00000000.00000000 /7
+252.0.0.0 11111100.00000000.00000000.00000000 /6
+248.0.0.0 11111000.00000000.00000000.00000000 /5
+240.0.0.0 11110000.00000000.00000000.00000000 /4
+224.0.0.0 11100000.00000000.00000000.00000000 /3
+192.0.0.0 11000000.00000000.00000000.00000000 /2
+128.0.0.0 10000000.00000000.00000000.00000000 /1
+0.0.0.0 00000000.00000000.00000000.00000000 /0 IP space
+
+ Net Host Total
+Net Addr Addr Addr Number
+Class Range NetMask Bits Bits of hosts
+----------------------------------------------------------
+A 0-127 255.0.0.0 8 24 16777216 (i.e. 114.0.0.0)
+B 128-191 255.255.0.0 16 16 65536 (i.e. 150.0.0.0)
+C 192-254 255.255.255.0 24 8 256 (i.e. 199.0.0.0)
+D 224-239 (multicast)
+E 240-255 (reserved)
+F 208-215 255.255.255.240 28 4 16
+G 216/8 ARIN - North America
+G 217/8 RIPE NCC - Europe
+G 218-219/8 APNIC
+H 220-221 255.255.255.248 29 3 8 (reserved)
+K 222-223 255.255.255.254 31 1 2 (reserved)
+(ref: RFC1375 & http://www.iana.org/assignments/ipv4-address-space )
+( http://www.iana.org/numbers.htm )
+----------------------------------------------------------
+
+The current list of special use prefixes:
+ 0.0.0.0/8
+ 127.0.0.0/8
+ 192.0.2.0/24
+ 10.0.0.0/8
+ 172.16.0.0/12
+ 192.168.0.0/16
+ 169.254.0.0/16
+ all D/E space
+(ref: RFC1918 http://www.rfc-editor.org/rfc/rfc1918.txt )
+( or ftp://ftp.isi.edu/in-notes/rfc1918.txt )
+(rfc search: http://www.rfc-editor.org/rfcsearch.html )
+( http://www.ietf.org/ietf/1id-abstracts.txt )
+( http://www.ietf.org/shadow.html )
+
+
+Martians: (updates at: www.iana.org/assignments/ipv4-address-space )
+ no ip source-route
+ access-list 100 deny ip host 0.0.0.0 any
+ deny ip 0.0.0.0 0.255.255.255 any log ! antispoof
+ deny ip 0.0.0.0 0.255.255.255 0.0.0.0 255.255.255.255 ! antispoof
+ deny ip any 255.255.255.128 0.0.0.127 ! antispoof
+ deny ip host 0.0.0.0 any log ! antispoof
+ deny ip host [router intf] [router intf] ! antispoof
+ deny ip xxx.xxx.xxx.0 0.0.0.255 any log ! lan area
+ deny ip 0/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 1/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 2/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 5/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 7/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 10.0.0.0 0.255.255.255 any log ! IANA - Private Use
+ deny ip 23/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 27/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 31/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 36-37/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 39/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 41-42/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 50/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 58-60/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 69-79/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 82-95/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 96-126/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 127/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 169.254.0.0 0.0.255.255 any log ! link-local network
+ deny ip 172.16.0.0 0.15.255.255 any log ! reserved
+ deny ip 192.168.0.0 0.0.255.255 any log ! reserved
+ deny ip 192.0.2.0 0.0.0.255 any log ! test network
+ deny ip 197/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 220/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 222-223/8 0.255.255.255 any log ! IANA - Reserved
+ deny ip 224.0.0.0 31.255.255.255 any log ! multicast
+ deny ip 224.0.0.0 15.255.255.255 any log ! unless MBGP-learned routes
+ deny ip 224-239/8 0.255.255.255 any log ! IANA - Multicast
+ deny ip 240-255/8 0.255.255.255 any log ! IANA - Reserved
+
+filtered source addresses
+ 0/8 ! broadcast
+ 10/8 ! RFC 1918 private
+ 127/8 ! loopback
+ 169.254.0/16 ! link local
+ 172.16.0.0/12 ! RFC 1918 private
+ 192.0.2.0/24 ! TEST-NET
+ 192.168.0/16 ! RFC 1918 private
+ 224.0.0.0/4 ! class D multicast
+ 240.0.0.0/5 ! class E reserved
+ 248.0.0.0/5 ! reserved
+ 255.255.255.255/32 ! broadcast
+
+ARIN administrated blocks: (http://www.arin.net/regserv/IPStats.html)
+ 24.0.0.0/8 (portions of)
+ 63.0.0.0/8
+ 64.0.0.0/8
+ 65.0.0.0/8
+ 66.0.0.0/8
+ 196.0.0.0/8
+ 198.0.0.0/8
+ 199.0.0.0/8
+ 200.0.0.0/8
+ 204.0.0.0/8
+ 205.0.0.0/8
+ 206.0.0.0/8
+ 207.0.0.0/8
+ 208.0.0.0/8
+ 209.0.0.0/8
+ 216.0.0.0/8
+----------------------------------------------------------
+
+well known ports: (rfc1700.txt)
+ www.iana.org/assignments/port-numbers
+
+protocol numbers:
+ www.iana.org/assignments/protocol-numbers
+ www.iana.org/numbers.htm
+
+ICMP(Types/Codes)
+ Testing Destination Reachability & Status
+ (0/0) Echo-Reply
+ (8/0) Echo
+ Unreachable Destinations
+ (3/0) Network Unreachable
+ (3/1) Host Unreachable
+ (3/2) Protocol Unreachable
+ (3/3) Port Unreachable
+ (3/4) Fragmentaion Needed and DF set (Pkt too big)
+ (3/5) Source Route Failed
+ (3/6) Network Unknown
+ (3/7) Host Unknown
+ (3/9) DOD Net Prohibited
+ (3/10) DOD Host Prohibited
+ (3/11) Net TOS Unreachable
+ (3/12) Host TOS Unreachable
+ (3/13) Administratively Prohibited
+ (3/14) Host Precedence Unreachable
+ (3/15) Precedence Unreachable
+ Flow Control
+ (4/0) Source-Quench [RFC 1016]
+ Route Change Requests from Gateways
+ (5/0) Redirect Datagrams for the Net
+ (5/1) Redirect Datagrams for the Host
+ (5/2) Redirect Datagrams for the TOS and Net
+ (5/3) Redirect Datagrams for the TOS and Host
+ Router
+ (6/-) Alternate-Address
+ (9/0) Router-Advertisement
+ (10/0) Router-Solicitation
+ Detecting Circular or Excessively Long Routes
+ (11/0) Time to Live Count Exceeded
+ (11/1) Fragment Reassembly Time Exceeded
+ Reporting Incorrect Datagram Headers
+ (12/0) Parameter-Problem
+ (12/1) Option Missing
+ (12/2) No Room for Option
+ Clock Synchronization and Transit Time Estimation
+ (13/0) Timestamp-Request
+ (14/0) Timestamp-Reply
+ Obtaining a Network Address (RARP Alternative)
+ (15/0) Information-Request
+ (16/0) Information-Reply
+ Obtaining a Subnet Mask [RFC 950]
+ (17/0) Address Mask-Request
+ (18/0) Address Mask-Reply
+ Other
+ (30/0) Traceroute
+ (31/0) Conversion-Error
+ (32/0) Mobile-Redirect
+
+Ref: [RFC 792] [RFC 896] [RFC 950] [RFC 1016]
+ www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_3/cofigide/qos.htm#19774
+
+
+
+Decimal system Prefix's
+ Factor Exponent Prefix
+---------------------------------------------------
+ 1 000 000 000 000 000 000 000 000...10^24....yotta
+ 1 000 000 000 000 000 000 000...10^21....zetta
+ 1 000 000 000 000 000 000...10^18....exa
+ 1 000 000 000 000 000...10^15....peta
+ 1 000 000 000 000...10^12....tera
+ 1 000 000 000...10^9.....giga
+ 1 000 000...10^6.....mega
+ 1 000...10^3.....kilo
+ 100...10^2.....hecto
+ 10...10^1.....deka
+ 0.1...10^-1....deci
+ 0.01...10^-2....centi
+ 0.001...10^-3....milli
+ 0.000 001...10^-6....micro
+ 0.000 000 001...10^-9....nano
+ 0.000 000 000 001...10^-12...pico
+ 0.000 000 000 000 001...10^-15...femto
+ 0.000 000 000 000 000 001...10^-18...atto
+ 0.000 000 000 000 000 000 001...10^-21...zepto
+ 0.000 000 000 000 000 000 000 001...10^-24...yocto
+---------------------------------------------------
+
+Convert Fahrenheit <> Celsius:
+ Celsius = (Fahrenheit - 32) / 1.8
+ Fahrenheit = (Celsius * 1.8) + 32
+```
+Source: [https://oav.net/mirrors/cidr.html](https://oav.net/mirrors/cidr.html)
networking/protocols/ethernet.md
@@ -1,11 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "Ethernet"
-+++
-
-# Ethernet
+---
Systems communicating over Ethernet divide a stream of data into shorter pieces called frames. Each frame contains source and destination MAC addresses, and error-checking data so that damaged frames can be detected and discarded; most often, higher-layer protocols trigger retransmission of lost frames. As per the OSI model, Ethernet provides services up to and including the data link layer.[1]
@@ -22,27 +20,16 @@ byte 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4
## PN Header Descriptions
-| Bytes | Name | Description |
-|-------|------|-------------|
-| `ether[0:4], ether[4:2]` | Dst MAC Address | |
-| `ether[6:4], ether[8:2]` | Src MAC Address | |
-| `ether[12:2]` | [EtherType](./ether_type.md) | indicates which protocol is encapsulated in the payload of the frame |
+| Bytes | Name | Description |
+|--------------------------|------------------------------|----------------------------------------------------------------------|
+| `ether[0:4], ether[4:2]` | Dst MAC Address | |
+| `ether[6:4], ether[8:2]` | Src MAC Address | |
+| `ether[12:2]` | [EtherType](./ether_type.md) | indicates which protocol is encapsulated in the payload of the frame |
- bytes are in bpf filter notation
- name is usually the abbreviated name
- description usulally has the full name and a short description
-## PN Example Packets
-
-* `pn[0] = 0` - this packet is the first, identified by an id of one
-* `pn[0] = 255` - the last possible packet, id of 255
-
-## PN State machine (optional)
-
-Short description of why this protocol has a state machine and what it attempts to accomplish
-
-
-
## Additional resources
* [Ethernet - wikipedia](https://en.wikipedia.org/wiki/Ethernet)
networking/protocols/index.md
@@ -0,0 +1,24 @@
+---
+date: "2016-12-01"
+draft: false
+title: "Networking"
+
+---
+
+## Protocols
+
+* [Ethernet]({{< relref "negttworking/protocols/ethernet.md" >}})
+* [VLAN]({{< relref "networking/protocols/vlan.md" >}})
+* [IP]({{< relref "networking/protocols/ipv4.md" >}})
+* [TCP]({{< relref "networking/protocols/tcp.md" >}})
+* [UDP]({{< relref "networking/protocols/udp.md" >}})
+* [ARP]({{< relref "networking/protocols/arp.md" >}}) # TODO
+* [ICMP]({{< relref "networking/protocols/icmp.md" >}}) # TODO
+* [DHCP]({{< relref "networking/protocols/dhcp.md" >}}) # TODO
+
+### Lists
+
+* [EtherTypes]({{< relref "networking/protocols/lists/ether_types.md" >}}) # TODO
+* [IPv4 Protocol Numbers]({{< relref "networking/protocols/lists/ipv4_protocol_numbers.md" >}}) # TODO
+* [Subnets and CIDRs]({{< relref "networking/protocols/lists/subnets_and_cidrs.md" >}}) # TODO
+* [TCP/UDP Ports]({{< relref "networking/protocols/lists/tcp_udp_ports.md" >}}) # TODO
networking/protocols/ipv4.md
@@ -1,10 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: true
+title: "IPv4"
-+++
-# IPv4 - Internet Protocol Version 4
+---
IPv4 is a connectionless protocol for use on packet-switched networks. It
operates on a best effort delivery model, in that it does not guarantee
@@ -35,21 +34,21 @@ IPv4 Header length = **24 bytes**
# IPv4 Header Descriptions
-| Bytes | Field | Description |
+| Bytes | Field | Description |
|--------------------|----------------------|-----------------------------------------------------------------|
| `ip[0] & 0xF0` | Version | IPv4 = 4, IPv6 = 6 |
| `ip[1] & 0x0F` | IHL | Internet Header Length, number of 4 byte blocks, min=5=20bytes |
| `ip[1]` | TOS | Type of Service,set packet priority (RFC 2472 and 3168) |
-| `ip[2:2]` | Total Length | Defines the entire packet size in bytes, 0-65535 |
+| `ip[2:2]` | Total Length | Defines the entire packet size in bytes, 0-65535 |
| `ip[4:2]` | Identification | Used for uniqely identifying fragements accoring to their group |
| `ip[6] & 0x80` | Flags: X | Reserved: Must be zero |
| `ip[6] & 0x40` | Flags: DF | Don't Fragment: prevent fragementation along route (=1) |
| `ip[6] & 0x20` | Flags: MF | More Fragments: fragment packet and not the last (=1) |
| `ip[6:2] & 0x1FFF` | Fragment Offset | offset measured in 8-byte blocks, 13 bits, max=65,528 |
-| `ip[8]` | TTL | Time to Live: maximum hops the pacet is allowd to traverse |
+| `ip[8]` | TTL | Time to Live: maximum hops the pacet is allowd to traverse |
| `ip[9]` | [Protocol Number][2] | Payload IANA assigned IP protocol number (see [list][2]) |
| `ip[10:2]` | Checksum | Header checksum, silent discard if not correct |
-| `ip[12:4]` | Source | IPv4 Address of originating host |
+| `ip[12:4]` | Source | IPv4 Address of originating host |
| `ip[16:4]` | Destination | IPv4 Address of destination host |
| `ip[20:n]` | Extra Options | variable length, optional, not common |
networking/protocols/tcp.md
@@ -1,10 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "TCP"
-+++
-# TCP - Transmission Control Protocol
+---
TCP provides reliable, ordered, and error-checked delivery of a stream of bytes
between applications running on hosts communicating by an IP network.
networking/protocols/template.md
@@ -1,11 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
-
-+++
-# PN - Protocol Name
+---
+date: "2016-12-01"
+draft: true
+title: "template"
+---
## PN Headers
networking/protocols/udp.md
@@ -1,10 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "UDP"
-+++
-# UDP - User Datagram Protocol
+---
UDP uses a simple connectionless transmission model with a minimum of protocol
mechanism. UDP provides checksums for data integrity, and port numbers for
@@ -13,7 +12,7 @@ It has no handshaking dialogues, and thus exposes the user's program to any
unreliability of the underlying network and so there is no guarantee of
delivery, ordering, or duplicate protection.
-## TODO Headers
+## UDP Headers
```
byte 0 1 2 3 4
@@ -27,21 +26,16 @@ bits 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
```
-## TODO Header Descriptions
+## UDP Header Descriptions
-| Bytes | Field | Description |
-|----------|------------------|------------------------------|
-| udp[0:2] | Source Port | |
-| udp[2:2] | Destination Port | |
-| udp[4:2] | Length | Header+data length in bytes |
-| udp[6:2] | Checksum | Error checking - [RFC768][1] |
+| Bytes | Field | Description |
+|------------|------------------|------------------------------|
+| `udp[0:2]` | Source Port | |
+| `udp[2:2]` | Destination Port | |
+| `udp[4:2]` | Length | Header+data length in bytes |
+| `udp[6:2]` | Checksum | Error checking - [RFC768][1] |
-## TODO Example Packets
-
-* `todo[0] = 0` - this packet is the first, identified by an id of one
-* `todo[0] = 255` - the last possible packet, id of 255
-
-### TODO BPF Shortcuts
+### UDP BPF Shortcuts
| BPF Shortcut Syntax | Description |
|--------------------------------|--------------------------------------------------------------------------------------|
@@ -53,8 +47,6 @@ bits 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
| `udp src port p` | packet is IPv4/v6, udp, and has a source port of `p` |
| `udp` | abbreviaition for: `ip proto udp` |
-
-
## Additional resources
* [1](https://tools.ietf.org/html/rfc768)
* [TODO rfc####](link)
networking/protocols/vlan.md
@@ -1,10 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "VLAN"
-+++
-# VLAN - Virtual LAN tagging
+---
IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an
Ethernet network. The standard defines a system of VLAN tagging for Ethernet
@@ -25,16 +24,16 @@ Ethernet+VLAN total byte count = 6+6+2+2+2+4 = **24 Bytes**
## Ethernet+VLAN tag Headers Descriptions
-| Bytes | Field | Description |
+| Bytes | Field | Description |
|--------------------------|------------------------------------|--------------------------------------------|
| `ether[0:4], ether[4:2]` | Dest MAC Address | |
| `ether[6:4], ether[8:2]` | Src MAC Address | |
-| `ether[12:2]` | TPID | Tag Protocol ID = `0x8100` |
-| `ether[14:2]` | TCI | Tag control information (PCP + DEI + VLAN) |
+| `ether[12:2]` | TPID | Tag Protocol ID = `0x8100` |
+| `ether[14:2]` | TCI | Tag control information (PCP + DEI + VLAN) |
| `ether[14] & 0xE0` | PCP | Priority Control Point - 3bits |
| `ether[14] & 0x10` | DEI | Drop Eligible Indicator |
| `ether[14:2] & 0x0FFF` | VID | VLAN Identifier - 12 bits |
-| `ether[16:2]` | [EtherType](./lists/ether_type.md) | protocol of payload |
+| `ether[16:2]` | [EtherType](./lists/ether_type.md) | protocol of payload |
## Ethernet+VLAN Example Packets
networking/index.md
@@ -1,48 +0,0 @@
-+++
-date = "2016-12-01"
-draft = false
-title = "Networking"
-
-+++
-
-# Networking
-
-## Protocols
-
-* [Ethernet](./protocols/ethernet)
-* [VLAN](./protocols/vlan)
-* [IP](./protocols/ipv4)
-* [TCP](./protocols/tcp)
-* [UDP](./protocols/upd)
-* [ARP](./protocols/arp)
-* [ICMP](./protocols/icmp)
-* [DHCP](./protocols/dhcp)
-* Lists
- * [EtherTypes](./protocols/lists/ether_types)
- * [IPv4 Protocol Numbers](./protocols/lists/ipv4_protocol_numbers)
- * [Subnets and CIDRs](./protocols/lists/subnets_and_cidrs)
- * [TCP/UDP Ports](./protocols/lists/tcp_udp_ports)
-
-## Packet Forensics
-
-* [MAC OUI](./packet_forensics/mac_oui)
-* [IPv4 initial TTL & TCP Window Size](./packet_forensics/ipv4_ttl_ws)
-* [Source Ephemeral ports](./packet_forensics/ephemeral_ports)
-* [TCP options (p0f)](./packet_forensics/tcp_options_p0f)
-* [DHCP options](./packet_forensics/dhcp_options)
-
-## Components
-
-* [Broadcast Domains](./components/broadcast_domains)
-* [Subnetting](./components/subnetting)
-* [Switching](./components/switching)
-* [Routing](./components/routing)
-
-## Pacet Capture
-
-* [bpf](./packet_capture/bpf)
-* [phd](./packet_capture/phd)
-* [tcpdump](./packet_capture/tcpdump)
-* [tshark](./packet_capture/tshark)
-* [wireshark](./packet_capture/wireshark)
-* [snoop](./packet_capture/snoop)
unix/commands/modinfo.md
@@ -0,0 +1,8 @@
+---
+date: "2017-01-22"
+draft: false
+title: "modinfo"
+tag: ["cli", "commands", "kernel"]
+category: "unix"
+
+---
unix/commands/modprobe.md
@@ -1,6 +1,11 @@
---
-date: "2016-12-20"
+date: "2017-01-22"
draft: false
-title: ""
+title: "modprobe"
---
+
+
+## See Also
+
+* [modinfo]({{< relref "unix/commands/modinfo.md" >}})
unix/meta/survey_linux.md
@@ -33,6 +33,12 @@
* `ip address show`
* `ip link show`
+0. **On disk network config**
+ * `cat /etc/sysconfig/network-scripts/ifcfg-<interface name>`
+ * `cat /etc/sysconfig/network-scripts/route-<interface name>`
+ * `ls /etc/sysconfig/networking/devices/` *`# additional configs`*
+ * `ls /etc/sysconfig/networking/profiles/default` *`# additional configs`*
+
### System Profiling
* `vmstat`
* `free`
unix/meta/survey_solaris.md
@@ -19,8 +19,20 @@
* `ls -1 /proc | xargs pfiles | egrep '^[0-9]|AF_INET'`
* `arp -an`
* `cat /etc/resolv.conf`
-* TODO: on disk network config
-* TODO: solaris filewall
+
+0. **On Disk network config**
+ * `ifconfig -a` *`# interface names via driver names`*
+ * `cat /etc/hostname.<interface name>` *`# hostname for ip-address association`*
+ * `cat /etc/hosts` *`# match hostname to ip`*
+ * `ls -l /etc/inet/ipnodes`
+ * `cat /etc/nodename` *`# canonical hostname`*
+ * `cat /etc/netmasks` *`# netmasks for each network`*
+ * `cat /etc/defaultrouter` *`# default gateway`*
+ * `cat /etc/gateways` *`# mulit-network gateways / routes`*
+ * `cat /etc/inet/static_routes` *`# static routes`*
+ * `ls /etc/notrouter` *`# router / not router`*
+
+0. TODO: solaris filewall
### System Profiling
* `vmstat`
windows/meta/survey.md
@@ -12,7 +12,8 @@ title: "Windows Survey"
* `wmic process get executablepath, processid, parentprocessid | more` *`# Unusual processes`*
* `wmic process get commandline` *`# Process args and location`*
* `net service` *`# current running services`*
- * `date /t` `time /t` *`# Get system date and time`*
+ * `date /t` *`# Get system date`*
+ * `time /t` *`# Get system time`*
* `ver` *`# system version`*
* `net stats server` *`# uptime and stats`*
* `systeminfo`
@@ -24,7 +25,11 @@ title: "Windows Survey"
* `gwmi win32_service | select processid, <displayname|name>, state, pathname | sort processid | ft -autosize`
* `get-date`
-# Networking - LIVE EDIT
+# Networking
+
+0. **Caches**
+ * `ipconfig /displaydns` *`# dns cache`*
+ * `arp -a` *`# arp cache`*
0. **Listening Ports**