Technische Hilfen
Erreichbarkeit eines Ports prüfen (vom Client aus):
LINUX:
tcp:
nc -vvv [dst-ip] [dst-port]
telnet [dst-ip] [dst-port]
traceroute --tcp --port=[dst-port] [dst-ip]
nmap -p [dst-port] [dst-ip]
ohne installierte Tools:
(echo > /dev/tcp/www.google.de/443) >/dev/null 2>&1 && echo "open" || echo "closed"
udp:
nc -vvv -u [dst-ip] [dst-port]
traceroute --udp --port=[dst-port] [dst-ip]
nmap -sU -p [dst-port] [dst-ip]
url:
curl -s -o /dev/null -w "%{http_code}\\n" [url]
wget –quiet –spider -S "[url]" 2>&1 | awk 'NR==1 {print $2}'
WINDOWS:
tcp:
telnet [dst-ip] [dst-port]
Test-NetConnection -ComputerName [dst-ip] -Port [dst-port]
nmap.exe -p [dst-port] [dst-ip]
udp:
nmap.exe -sU -p [dst-port] [dst-ip]
Via Powershell:
$udpClient = New-Object
System.Net.Sockets.UdpClient
$udpClient.Connect("[dst-ip]", [dst-port])
$udpClient.Send([byte[]](1,2,3,4), 4)
$response = $udpClient.Receive([ref]([byte[]]@(0 * 4)), [ref]
([System.Net.IPEndPoint]::new(0,0)))
if ($response) {
Write-Output "Port is open"
} else {
Write-Output "Port is closed or no response"
}
$udpClient.Close()
url:
Per Browser. Achtung: Ist ein Proxy konfiguriert?
Verfügbarkeit eines Ports prüfen (auf dem Server):
LINUX:
netstat -tulpen
ss -tulpen
lsof -i -P -n
fuser -n tcp [dst-port]
fuser -n udp [dst-port]
WINDOWS:
netstat –ano ¦find /i “listening”
Routing:
LINUX:
ip route get [dst-ip]
netstat -rn
traceroute -n --icmp [dst-ip]
traceroute -n --tcp --port=[dst-port] [dst-ip]
traceroute -n -F [dst-ip] [packetlen]
WINDOWS:
route print
netstat -rn
tracert [dst-ip]
Packet-Capture:
LINUX:
tcpdump -nni any host [dst-ip] and port [dst-port]
WINDOWS:
windump
wireshark
netsh:
HINWEIS zum Anzeigen von Capture-Optionen:
netsh trace show capturefilterHelp
Capture Start:
netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=[dst-ip] tracefile=[filename]
Capture Stop:
netsh trace stop
Pktmon:
pktmon.exe filter add -i [dst-ip] -p [dst-port] -t [protocol]
pktmon.exe –etw -p 0 -c [interface]
pktmon.exe stop
pktmon.exe format .\\PktMon.etl -o .txt
pktmon.exe filter remove
DNS:
LINUX:
dig +qr [dst-domainname]
dig +qr +norecurse [dst-domainname]
dig [dst-domainname] +trace
WINDOWS:
nslookup -query=any [dst-domainname]
nslookup -debug [dst-domainname]
Cheat-Sheets:
https://blog.boll.ch/wp-content/uploads/2019/10/CheatSheet-FortiOS-6.2.pdf
https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/R80-20-cheat-sheet-fw-monitor/td-p/41546