Hping3 is a powerful command-line tool used for crafting and sending custom network packets. It goes beyond the basic ping function by allowing you to send various types of packets, including TCP, UDP, and ICMP. This versatility makes it a valuable asset for network administrators and security professionals.

Uses and syntax

Firewall Testing: By sending different types of packets to network hosts, you can test firewall rules and intrusion detection systems.

Test how a firewall responds to ICMP packets:

hping3 -1 target_ip

-1 sets ICMP mode

Test firewall against TCP SYN packets:

hping3 -S target_ip -p port_number

-S sets SYN mode

Network Performance Testing: HPING-3 can generate traffic to test network throughput, latency, and packet loss.

Send packets at a specific rate (e.g., 10 packets per second) to test throughput:

hping3 --flood --rate 10 target_ip

Port Scanning: It can scan ports on a network to identify open or closed ports, useful for network mapping.

TCP SYN scan on a specific port:

hping3 -S target_ip -p port_number

Scan a range of ports:

hping3 -S target_ip -p 80-100

Traceroute: With HPING-3, you can perform advanced traceroutes, which can help identify the path packets take through a network.

Perform traceroute using ICMP:

hping3 --traceroute -1 target_ip

Perform traceroute with TCP SYN packets:

hping3 --traceroute -S target_ip -p port_number

Denial of Service (DoS) Simulation: It can simulate DoS attacks on a network by generating a high volume of traffic to test the network’s resilience.

Send a flood of TCP SYN packets to simulate a SYN flood attack:

hping3 --flood -S target_ip -p port_number

Crafting Custom Packets: HPING-3 allows for the customization of packet headers, making it useful for testing how different network devices or protocols respond to various packets.

Send a packet with a specific TCP flag (e.g., RST):

hping3 -R target_ip -p port_number

-R sets RST flag

Network Services Testing: By sending packets with specific flags or payloads, you can test how network services respond, which can be useful for debugging or security assessments.

Test how a web server responds to ACK packets:

hping3 -A target_ip -p 80

-A sets ACK

Send fragmented packets to test handling of such packets:

hping3 -f target_ip

-f sets Frag

Without wanting to sound like an LLM, hping3 is a powerful tool that can get you in trouble if you point it at the wrong IP address.

Real-time network performance insights. This powerful command-line tool is an indispensable asset for system and network administrators aiming to keep a vigilant eye on TCP/IP connections and network bandwidth utilization.

What is iftop?

iftop, short for ‘interface top’, functions akin to the well-known Linux utility ‘top’, but with a focus on network activity. It provides a dynamic view of the data flowing through an interface, displaying bandwidth usage on a per-connection basis. This immediate feedback allows users to identify which hosts are consuming the most bandwidth, a crucial aspect in managing network resources efficiently and mitigating potential bottlenecks.

Key Features and Benefits

One of the core strengths of iftop is its simplicity and ease of use. By running a single command, users can observe the incoming and outgoing traffic from and to different hosts. The tool displays information such as the source and destination addresses, the current bandwidth usage, and the total data transferred over a specific period. This visibility is pivotal for troubleshooting network issues, planning bandwidth allocation, and ensuring that critical services have the necessary resources to operate smoothly.

Moreover, iftop offers several customization options to tailor its output to specific needs. Users can filter traffic by port or IP address, view bandwidth usage by network interface, and even display the network activity graphically in a terminal. These features make iftop a versatile tool that can adapt to various network analysis scenarios.

Getting Started with iftop

Installing iftop is straightforward on most Linux distributions.

For Debian-based systems:

sudo apt-get install iftop

Red hat-based distributions:

yum install iftop

Once installed, running iftop is as simple as typing iftop in the terminal. For a more detailed view, users can employ flags such as -i to specify an interface or -n to prevent hostname resolution, enhancing the tool’s performance.

Conclusion

Exploring iftop: The Must-Have Network Monitoring Tool for Linux

In the bustling world of network administration, Linux users are constantly in search of efficient tools to monitor network traffic and bandwidth usage. Amid a plethora of options, iftop emerges as a standout choice for those seeking real-time network performance insights. This powerful command-line tool is an indispensable asset for system and network administrators aiming to keep a vigilant eye on TCP/IP connections and network bandwidth utilization.

What is iftop?

iftop, short for ‘interface top’, functions akin to the well-known Linux utility ‘top’, but with a focus on network activity. It provides a dynamic view of the data flowing through an interface, displaying bandwidth usage on a per-connection basis. This immediate feedback allows users to identify which hosts are consuming the most bandwidth, a crucial aspect in managing network resources efficiently and mitigating potential bottlenecks.

Key Features and Benefits

One of the core strengths of iftop is its simplicity and ease of use. By running a single command, users can observe the incoming and outgoing traffic from and to different hosts. The tool displays information such as the source and destination addresses, the current bandwidth usage, and the total data transferred over a specific period. This visibility is pivotal for troubleshooting network issues, planning bandwidth allocation, and ensuring that critical services have the necessary resources to operate smoothly.

Moreover, iftop offers several customization options to tailor its output to specific needs. Users can filter traffic by port or IP address, view bandwidth usage by network interface, and even display the network activity graphically in a terminal. These features make iftop a versatile tool that can adapt to various network analysis scenarios.

Getting Started with iftop

Installing iftop is straightforward on most Linux distributions. For Debian-based systems, one can install it using apt-get install iftop, while yum install iftop will suffice for Red Hat-based distributions. Once installed, running iftop is as simple as typing iftop in the terminal. For a more detailed view, users can employ flags such as -i to specify an interface or -n to prevent hostname resolution, enhancing the tool’s performance.

Conclusion

For Linux users tasked with monitoring and managing network traffic, iftop is a tool that combines power with simplicity. Its real-time monitoring capabilities provide immediate insights into network performance, making it easier to identify and address issues proactively. Whether you’re a seasoned network administrator or just starting out, iftop is a valuable addition to your toolkit, offering a clear window into the dynamics of your network traffic.

Introduction

NAT is one of the more obscure protocols that we use in IT/Networking. In brief, NAT translates private IP addresses of your devices on the local network to a single public address for internet access, acting like a guard for your devices and conserving valuable public IP addresses. 

Our home or office will have a public IP address. Use curl ifconfig.me in a command prompt to see your public IP address. Keep it secret, you don’t want people to know this just you don’t like random people to know your home address.

Your home or office will have many devices, each of which needing its own IP address so they will be given a private IP address by the router or DHCP server. 192.168.0.1 look familiar?

Private Address Ranges

This gives us a situation where a laptop in Japan wants to send information to a company’s server in Rome and how does each device know where to send data packets when that IP address is private?

The other problem to think about here is how many devices are there globally compared to how many IP addresses there are. IPv4 uses 32 bit addresses which equals 2^32 possible addresses. This is roughly 4.3 billion. In 2024 there are in the region of 15 billion devices on the internet. So there clearly are not enough IP addresses to go around.

We need devices to have private addresses associated with a public address via a router (or Default Gateway) and this is where NAT comes in and it essentially works in your router to manage the private address communications with other addresses around the world.

How Does It Actually Work?

NAT uses Ports and a NAT Table to manage the private IP communications

Ports – virtual channels on your router that are used for different devices and applications or protocols. Webpages are on Port 80, 443 (HTTP, HTTPS).

NAT Table – the router maintains a table that tracks local private IP addresses with the ports they are using.

The Process

Outbound Traffic

1. Data Source: When a device on your network wants to access something online (e.g., browsing a website), it sends a data packet with its private IP address as the source.
2. Translation: The router intercepts the packet. It replaces the private source address in the packet header with its own public IP address.
3. Port Assignment: The router assigns a unique port number to the packet to differentiate it from other outgoing traffic (think adding a mailbox number for the specific device). This port-public IP combination becomes the “return address” for replies.
4. NAT Table Update: The router records the internal device’s private IP address, port number, and the website’s destination address in its NAT table for future reference.
5. Sending the Packet: The translated packet, now with the router’s public IP and a port number, is sent out to the internet.

Inbound Traffic

1. Receiving a Reply: When a response from the website arrives at your router, it has the public IP and port number used earlier.
2. NAT Table Lookup: The router consults its NAT table to match the public IP and port with the original internal device that initiated the request.
3. Address Swap: The router replaces the public IP address in the reply packet with the private IP address of the requesting device on your network.
4. Delivering the Reply: The router forwards the modified packet with the correct internal address to the intended device within your network.

NAT Table

This imaginary NAT table shows how the IP address is associated with a Port Number and Destination IP Address. So when data is received from that Destination IP Address and on which Port, the router will know which private IP address to send it to.

In reality NAT is much more involved than this but the concept is clear. It uses Ports and Protocols to associate traffic with private IP addresses that are communicating on the world wide web.