Analyzing Network Traffic on a Linux Host

• On Server 3, use the nmap command to scan for open TCP ports on Server 1 and Server 2.

# nmap -F 10.0.1.10
# nmap -F 10.0.2.10

• On Server 3, use the nmap command to scan for open UDP ports on Server 1 and Server 2.

# nmap -sU -F 10.0.1.10
# nmap -sU -F 10.0.2.10

• On Server 3, use the nmap command to scan for open TCP ports and provide OS and version information on Server 1 and Server 2.

# nmap -A -F 10.0.1.10
# nmap -A -F 10.0.2.10

• On Server 3, use the nmap command to scan for open UDP ports and provide OS and version information on Server 1.

# nmap -sU -A -F 10.0.1.10

• On Server 1, use the ss command to view open TCP and UDP sockets that were discovered by the nmap command.

# ss -tulnp

• On Server 1, view the open files for each service discovered by the nmap command and record the totals to a file (the file should be named after the service that the count is for).

# lsof | grep ssh | wc -l > ssh
# lsof | grep httpd | wc -l > http
# lsof | grep cupsd | wc -l > cups
# lsof | grep ntpd | wc -l > ntp

• On Server 2, use the ss command to view open TCP sockets that were discovered by the nmap command.

# ss -tlnp

• On Server 2, view the open files for each service discovered by the nmap command and record the totals to a file.

# lsof | grep sshd | wc -l > ssh
# lsof | grep master | wc -l > postfix
# lsof | grep nginx | wc -l > nginx

• On Server 1, determine which interface has the 10.0.3.20 address and list the interfaces available for use with the tcpdump command.

# ip addr show
# tcpdump -D

• On Server 1, use the tcpdump command to record 5 packets from the 10.0.3.20 interface and save it to a file called 10-0-3-20.pcap. Then, view its contents.

# tcpdump -i eth1 -c 5 -w 10-0-3-20.pcap
# tcpdump -r 10-0-3-20.pcap