Alternate Ways to Read Host Network Data
Context
I created this page for some quick reference commands to check network configurations and states on a host where certain tools such as ip, ifconfig, netstat, ss, arp, route, etc are not available on the target; as tends to be the case in containerized and other stripped down environments.
Linux Host
IP Addresses
hostname -Icat /var/lib/dhcp/dhclient.eth0.leasesRouting Table
Shell One-Liner
while read -r iface dest gw; do [[ $iface != "Iface" ]] && printf "Iface: %s, Destination: %d.%d.%d.%d, Gateway: %d.%d.%d.%d\n" "$iface" $((0x${dest:6:2})) $((0x${dest:4:2})) $((0x${dest:2:2})) $((0x${dest:0:2})) $((0x${gw:6:2})) $((0x${gw:4:2})) $((0x${gw:2:2})) $((0x${gw:0:2})); done < /proc/net/routeARP Cache
cat /proc/net/arpConnection States
Shell One-Liner
cat /proc/net/tcp | tail -n +2 | while read line; do local_hex=$(echo $line | cut -d ' ' -f 2 | cut -d ':' -f 1); local_port=$(echo $line | cut -d ' ' -f 2 | cut -d ':' -f 2); remote_hex=$(echo $line | cut -d ' ' -f 3 | cut -d ':' -f 1); remote_port=$(echo $line | cut -d ' ' -f 3 | cut -d ':' -f 2); state=$(echo $line | cut -d ' ' -f 4); local_ip=$(printf "%d.%d.%d.%d" 0x${local_hex:6:2} 0x${local_hex:4:2} 0x${local_hex:2:2} 0x${local_hex:0:2}); remote_ip=$(printf "%d.%d.%d.%d" 0x${remote_hex:6:2} 0x${remote_hex:4:2} 0x${remote_hex:2:2} 0x${remote_hex:0:2}); state_str=$(case $state in 01) echo "ESTABLISHED";; 02) echo "SYN_SENT";; 03) echo "SYN_RECV";; 04) echo "FIN_WAIT1";; 05) echo "FIN_WAIT2";; 06) echo "TIME_WAIT";; 07) echo "CLOSE";; 08) echo "CLOSE_WAIT";; 09) echo "LAST_ACK";; 0A) echo "LISTEN";; 0B) echo "CLOSING";; 0C) echo "NEW_SYN_RECV";; *) echo "UNKNOWN";; esac); echo "Source: $local_ip:$((16#$local_port)) -> Destination: $remote_ip:$((16#$remote_port)), State: $state_str"; doneDNS Queries
getent hosts hostname_here