Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the network information sniffing tools on Linux, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

In a computer network, data is exposed because packet transmission cannot be hidden, so let's use whois, dig, nmcli, and nmap to sniff the network.

Please be careful not to run nmap on a network that does not belong to you, as this may be considered a malicious attack by others.

Streamlined and detailed domain name information query

You may have noticed that we used the usual old-fashioned whois command to query domain name information, but now we don't seem to provide the same level of detail as in the past. We use this command to query the domain name description information of linux .com:

$whois linux.comDomain Name: LINUX.COMRegistry Domain ID: 4245540_DOMAIN_COM-VRSNRegistrar WHOIS Server: whois.namecheap.comRegistrar URL: http://www.namecheap.comUpdated Date: 2018-01-10T12:26:50ZCreation Date: 1994-06-02T04:00:00ZRegistry Expiry Date: 2018-06-01T04:00:00ZRegistrar: NameCheap Inc.Registrar IANA ID: 1068Registrar Abuse Contact Email: abuse@namecheap.comRegistrar Abuse Contact Phone: + 1.6613102107Domain Status: ok https://icann.org/epp#okName Server: NS5.DNSMADEEASY.COMName Server : NS6.DNSMADEEASY.COMName Server: NS7.DNSMADEEASY.COMDNSSEC: unsigned [...]

There are a lot of annoying legal statements. But where is the contact information? The site is located on the whois.namecheap.com [neiqian] site (see the third line of the output above):

$whois-h whois.namecheap.com linux.com

I won't copy it because it's too long and contains the contact information of registrants, administrators and technicians. What's going on, Lucille? There are some registries, such as .com and .net, which are streamlined registries that hold limited domain name information. For complete information, use the-h or-- host parameter, which will be obtained from the registrar of the domain name.

Most top-level domain names have detailed registration information, such as .info. Try using the [neiqian] whois blockchain.info command to see.

Want to get rid of these annoying legal statements? Use the-H parameter.

DNS parsing

Use the dig command to compare the query results returned from different domain name servers to remove stale information. The domain name server records the resolution information cached everywhere, and different domain name servers have different refresh intervals. Here is a simple usage:

$dig linux.com DiG 9.10.3-P4-Ubuntu linux.com;; global options: + cmd;; Got answer:;;-> > HEADER

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.