Hack Like a Pro: Linux Basics for the Aspiring Hacker, Part 6 (Networking Basics)

Linux Basics for the Aspiring Hacker, Part 6 (Networking Basics)

Welcome, my neophyte hackers!

The aspiring hacker needs to know a bit of Linux to be successful, and probably most importantly, Linux networking. To fill that knowledge gap, I'm offering this guide on Linux networking basics.

I assume that you understand a small amount of networking concepts, things like IP addresses, MAC addresses, DNS, DHCP, etc. If not, please take some time to pick up a few networking basics. Our past admin here on Null Byte, Allen Freeman, has some really good guides you should check out:

Step 1: Analyzing Networks

The most basic linux command for analyzing networks is ifconfig. It's very similar to the Windows command ipconfig. Let's take a look at it.

  • ifconfig

As you can see in this screenshot, ifconfig conveys a significant amount of information to the user. In the very first line, we see to the far left eth0. This is the first wired network connection, ethernet 0 (Linux usually starts counting at 0).

Following this, we see the type of network being used (Ethernet) and the hardware address (this is the globally unique address stamped on every piece of network hardware, in this case the NIC).

The second line then contains information of the IP address, in this case, 192.168.1.114, the broadcast address (the address to send out information to all IPs on the subnet), and finally the network mask (this is the info on what part of the IP address is network and which part is hosts). There is a lot more technical info there, but it's beyond the scope of a Linux basics tutorial.

If we look down below to what appears to be a second paragraph, we see the start of another paragraph with lo to the far left.

This is the loopback address or localhost. This is the address of the machine you're working on if you simply wanted to test something like a website. It generally is represented with the IP address 127.0.0.1.

Step 2: Changing IP Addresses

Changing IP addresses can be fairly simple in Linux. Remember that in most cases, you're going to have a dynamically assigned address from a DHCP server. In some cases, you may need to reassign the address, especially if you're hacking. This can be useful in spoofing your IP address, making network forensics more challenging, but certainly not impossible.

We can do this by using the ifconfig command with the interface we want to assign the IP to and the IP address we want. Such as:

  • ifconfig eth0 192.168.1.115

Now, when we type ifconfig, we can see that our IP address has changed to the new IP address.

We can also change the netmask and broadcast address, if necessary, such as:

  • ifconfig eth0 192.168.1.115 netmask 255.255.255.0 broadcast 192.168.1.255

Step 3: DHCP (Dynamic Host Configuration Server)

Linux has a DHCP server that runs a daeman called dhcpd. It's this DHCP server that assigns IP addresses to all the systems on the subnet. It also keeps logs files of which machines had which IP addresses at which time. It's this log that is often used to trace hackers in a forensic analysis after an attack.

When I want to be assigned a new address from the DHCP server, I can simply call the server with the command dhclient (different Linux distros use different DHCP clients, but BackTrack is built on Ubuntu which uses dhclient), like this:

  • dhclient

As you can see, the dhclient command sends out DHCPDISCOVER request from the default NIC. It then gets an offer (DHCPOFFER) of 192.168.1.114 from the DHCP server, then confirms the IP assignment to the DHCP server. Now, if we type ifconfig, we can see that the DHCP server has assigned a new IP address.

Step 4: DNS (Domain Name Service)

DNS, or Domain Name Services, is the service that enables us to type in a domain name like www.wonderhowto.com, which it then translates to the appropriate IP address. Without it, we would all have to remember thousands of IP addresses of our favorite websites (no small task even for a savant).

One of the most useful commands for the aspiring hacker is dig, which is the equivalent of nslookup in Windows, but offers us much more information on the domain. For instance, we dig wonderhowto.com and by adding the ns option, it will display the name server for wonderhowto.com.

  • dig wonderhowto.com ns

By using the dig command with the mx option, we can get info on WonderHowTo's email servers.

  • dig wonderhowto.com mx

The most common Linux DNS server is the Berkeley Internet Name Domain, or BIND. In some cases, Linux users will often refer to DNS as BIND, so don't be confused. DNS or BIND simply maps individual domain names to IP addresses.

On our BackTrack system, we can point out DNS services to a local DNS server or a public DNS server. This pointing takes place in the a plain text tile named /etc/resolv.conf file. Let's open it with kwrite:

  • kwrite /etc/resolv.conf

As you can see, we are pointing to two public DNS servers to provide us with DNS services. If we want to change our DNS servers or add another server, we can simply add another line to this text file and save it. The next time DNS services are required, the Linux operating system will look to the new DNS server designated in this file.

Simple, right?

In my next Linux tutorial, we will look at security and permissions, so keep coming back. If you haven't already, make sure to check out the first five parts of this series, and if you have any questions, ask away in the comments below or hit up the Null Byte forum for more help.

Penguin photos by Lai Ryanne

Just updated your iPhone? You'll find new features for TV, Messages, News, and Shortcuts, as well as important bug fixes and security patches. Find out what's new and changed on your iPhone with the iOS 17.6 update.

84 Comments

Thanks OTW Good Article, This Series is the Best :-)

Guys, I have a problem on Kali. dhclient isn't working. when I write dhclient eth0 in terminal it just says:
Reloading /etc/samba/smb.conf: smbd only.
RTNETLINK answers: File Exists
I surfed the web for a solution, somebody told me to enter this into terminal:
root@kali:# vim /etc/init.d/samba
But that didn't work neither.

dhclient will only work with backtrack. Find Kali's DHCP Client

hey!

I had the same problem. I downloaded isc-dchp-server as you said above, I set it up and now it's working:

*/etc/init.d/isc-dhcp-server start
ok Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service.*

But still, I type the command "dhclient" and it says the same error:

*smbd.service is not active, cannot reload.
invoke-rc.d: initscript smbd, action "reload" failed.
RTNETLINK answers: File exists*

I don't understand. Could you help me please:(

And by the way I installed tor but there aren't any executable or binary files to run. I tried find -name tor, but can't find any binaries. And it's not in the main applications menu.

here is the best way to install most software easily on kali: go to system tools-add/remove software, an interface pop up, enter the software you want to install e.g tor, list of software will be shown, choose the best that describe the software you want to install.

N.B: login as user to use third party program on kali.

You have to compile the source code.

Burning:

What are you trying to do? Are you trying to get an IP from the DHCP server?

OTW

i really learned a lot from this series! well written, easy to understand and instructive

Mert:

Welcome to Null Byte!

I'm glad you enjoyed this series and hope you will come back for more. There is SO much more coming!

OTW

@otw;
actually, i just simply registered this site to thank you personally. can't wait to see (and learn of course) from you!

Excellent tutorial, especially those links to Allen Freeman's posts. Very informative!

how to change my subnet? i mean what cmd should i use? because you told me before that my and victim's PC have same subnets so i have to change it. so how to do them? what cmd shall i use

Dragon:

I would recommend that you read the articles on networking that are cited in the first paragraph. This will help you brush up on networking fundamentals. Every hacker needs a good grasp of networking to be successful.

OTW

I am trying to follow along as I read your content, however, I might be wrong here, but at the end of Step 2 should the command begin with 'ifconfig' instead of 'ipconfig'?

Thank you OTW.

Nemesis:

Good catch! Yes, in Linux it should be ifconfig and ipconfig in Windows. Its correct in the screenshot. I made the correction in the text.

Thanks
OTW

I am using Backtrack 5 I am in as root, using bash When I enter service networking start I receive networking stop/waiting.

I use Kwrite to look at the file /etc/network/interfaces and it says the primary network interface is eth0 auto eth0

I know the network services are OK - because this is a dual boot system - and I have no problems with the Windows 7 side.

I should mention that this issue just started. In the past service networking start worked just fine. Now I stuck. Any advice would be appreciated

Have tried taking the interface down and then backup?

When i use "ifconfig" while im connected to the internet i get, not 2, but 3 connections. eth0, lo and wlan0.

And everything you said that i should see on ''eth0'' I see on wlan0.

I disconnected and typed "ifconfig" again and then i had only eth0 and lo, but my ip address/netmask/broadcast etc wasn't showing on eth0.

And while i was connected to the internet and i changed my ip address using "ifconfig wlan0 xxx.xxx.xx.xx'' my internet went down.

Could you explain me why everything happened that way? Thank you very much for all your tutorials and quick answers.

God job!

Guilherme:

A fundamental understanding of networking is critical to becoming a good hacker.

eth0 is your wired connection, wlan0 is your wireless connection and lo is your loopback connection (to your own system). When you disconnected, you lost your connection to the wireless and the DHCP server had not yet issued you a new IP address. Finally, when you change your IP address, you will NOT have internet access as your NAT device doesn't have that IP address in its table for routing to the Internet.

OTW

Oh, okay.
I'll keep reading your tutorials and any other doubts i'll ask you.

Thank you again!

I'm sorry, but I'm trying to change my IP address, while still also being able to access the internet, but it seems impossible, would you be able to help me with this?

Thank you,
Nemesis1512

Nemesis:

I'm presuming you are behind a NAT device and you have a private IP. If that is the case, you can't change your IP and still access the Internet. Well...at least no simple way.

OTW

Do you think you will be doing a tutorial in the (near) future of how to change one's private IP then?
Thank you,
Nemesis1512

Changing your private IP is simple,ifconfig eth0 192.168.1.1 ,for example. But you won't be able then to access the Internet.

Yes, sorry, I meant as in will you be showing how to change your IP address and still be able to access the internet that way?

Thank you,
Nemesis1512

Why would one want to do that???

OTW

What is the difference between internal IP and broadcast IP?
Also when I did dhclient nothing changed at all when I did ifconfig afterwards.

Gumskull:

An internal IP is behind a NAT device and the IP's are not routeable. Usually used internally on a LAN. A broadcast IP is simply an IP that sends a message to ALL IP's on the internal network.

Why would you expect the IP to change after typing dhclient?

OTW

Sorry. In the tutorial you showed that we could change our IP's manually so I changed it but also tried to change it back the same way but it still kept me disconnected from the internet so I rebooted my PC to see if it would work and it did. I then went on to the next part of the tutorial where it said that if I were to type dhclient it would change my IP. At this point I didn't realise that meant that it would change it back to the original IP address. Long story short I figured it out. Thanks for the info on internal IP's and broadcast IP's though.

IT didn't change back to your 'original' Ip address. Its how dhcp server works. it gives you the first available IP address in an DHCP pool. when you changed your Ip address manually you freed the IP you once had. When you typed dhclient, you got that same IP cause It's the first available.

Try this. Turn on PC1. Then Turn on PC2. Turn off PC1, then type dhclient on PC2. You'll see that you will get the IP address PC1 once had. Thanks

You said why would one want to connect to the Internet after changing the IP address. Then why does one change his IP address?

Chanda:

I think you misunderstood. I was saying that you wouldn't want to change to a static IP and connect to the Internet.

OTW

Oh. Thank you.
And BTW, it's Chandan.

Sorry for the delay in responding to you suggesting about rebooting the interfaces, I tried the following command sudo / etc/init.d/networking restart and got the following back:

Reconfiguring network interfaces
ignoring unknown interface eth0=eth0.
My understanding is that eth0 is the default port. how can his interface be unknown to the system?

I also did a nmap of my system (127.0.0.1) and got back all 1000 scanned ports on localhost are closed

I figured out the problem after reading several other posts.

I used rwrite to check the /etc/networking/interfaces program and found that the line iface eth0 inet dhcp was commented out. Once I removed the # from the start of the line - everything worked fine.

So I have the port open and everything is working again - however If anyone could tell me what caused the port command line to be commented out, it would be appreciated.

BTW- I am leaving the post here - just in case anyone else has similar problems.
Regards

Steven:

Glad you are up and running!

First, eth0 is not a port, it is an interface. You need to make that ket distinction in the future.

Second, 127.0.0.1 is your loopback/home IP address. It is only for internal work. It can not be seen from the outside.

OTW

Hello,

A little comprehension question:

I tried the dig command while not using my regular IP (I also changed the network part with "ifconfig" and didn't change it back with "dhclient"). It wasn't able to assign any IP's for the URL's. Is this because the destination IP wasn't the one of my router anymore, so it wasn't able to get out of my subnet?

And the mx "postfix" somehow doesn't work for me for every domain name. I didn't get any mail adresses although they actually should (such as youtube). Did I missunderstand the term mail server?

Antagonist

Sir
When i do dhclient this happens
Reloading /etc/samba/smb.conf: smbd only

When i do it again
Reloading /etc/samba/smb.conf: smbd only
RTNETLINK answers: File exists

What should be the problem
Thank you
Pranav

Pranav and Luigi:

That error message is a quirk in the Kali implementation of the dhclient. If you already have an IP address, it will throw that error message. If you remove your IP with dhclient -r and then run dhclient, you will not get that error.

Hope this helps.

OTW

First, maybe I'm using a static ip. Following is in order.
I typed ifconfig
It appears my eth0's inet addr is 192.168.0.101
I open google homepage. Successfully.
Then I typed ifconfig eth0 192.168.0.97
Then ifconfig again to see eth0's inet addr is 192.168.0.97
I open google homepage. Failed. It said Server not found.
Then I typed dhclient.
The terminal replied with:
Reloading /etc/samba/smb.conf: smbd only.
Some times the sentence above goes together with: RTNETLINK answers: File exists
It Doesn't matter.
I opened google homepage again. Successfully. Why?
I don't pay attention to the Reloading...File exists
What I need to understand is why does my laptop connect to internet again after I used dhclient?

Oh yeh continue:
After I open google homepage successfully (the one after dhclient).
I typed ifconfig again. Its the latter IP.
192.168.0.97
So is it true that at this moment, the LAN modem accept my new static ip?

Because dhclient grabs an IP address from the DHCP server. That means that the router now knows who you are and can route your traffic out to the internet.

Hello,
I tried dhclient command on the terminal.
To which, the reply prompt was
RTNETLINK answers: Operation not permitted

Can you elaborate on this?
Thanks and Regards

when I run kwirite /etc/resolv.conf command, it gives me an error message;
bash: kwrite : command not found
can somebody tell me what is wrong here?

kwrite is only found in KDE versions of Linux. If you are using Kali, try using leafpad.

leafpad /etc/resolv.conf

thanks a lot! i was searching everywhere for a sloution. thanks for the help OTW!! and great tutorial!!

i

hi where is part 7 and 8 of hack like pro linux basics for aspiring hacker

Go to the search window and type "linux hacker 7".

Hi OTW !

I got a question asked before. Despite advices in comments and all research on web I can't make works dhclient command.

Example :
ifconfig (IP : 192.168.1.101)
dhclient (Error : Reloading /etc/samba/smb.conf: smbd only)

So I tried
dhclient -r (Error : Reloading /etc/samba/smb.conf: smbd only)
ifconfig (IP : UP BROADCAST RUNNING MULTICAST)
dhclient (Nothing)
ifconfig (IP : UP BROADCAST RUNNING MULTICAST)

Why have I this error ? I don't understand what this means. The only way to change my IP is manually with ifconfig.

Thanks for your help !

Are you running it in a VM?

No, I was running it in real machine with Kali installed on it.

Questions:
Are you running as root?
Any further info in the logs?

Yes wireless and running as root.

I'm a kiddie, where can I found these specific logs ?

Thanks for your interest to my problem guys !

Flying Spirit

Good eyes OTW. Try specifying the network interface (mine is wlan1, yours might be different).
root@Kali:~# dhclient wlan1
If that doesn't work try disconnecting from your WiFi and then reconnecting to it.
The easiest way to view the logs would be
Applications > System Tools > Log File Viewer
They are also located in var > log > syslog
It is probably showing multiple lines that say
Kali dhclient: No broadcast interfaces found - exiting.

I tried to target wlan0, disconnecting/reconnecting from WiFi, that didn't work.

In logs it said that a DHCPREQUEST is done and a DHCPACK is received.
The next line is : bound to 192.168.1.10 -- renewal in 37895 seconds.

I know that my MAC address have an IP assigned for a time. So even if I try to release my IP I have to wait 37895 seconds and hope have a new one.

The logs seem to indicate a proper DHCP lease. You don't then have an IP address after it says bound to 192.168.1.10? If you then do ifconfig you don't have an IP address for wlan0?

I got the same IP than before dhclient command execution.

Does the server don't want to give me another one ? I read that we can't force it do to that.

I miss understood your issue. I thought you were saying that you weren't getting an IP address at all from DHCP and had to manually assign one.

The client will most likely get the same IP address from the DHCP server. In fact if you run a packet capture during the release/renew process you will see that the client asks for the old IP address even after releasing it back to the server. This is because the client still stores it's previous leases and try's to simplify things by asking for what it already knows. If the server hasn't handed out the IP address it will gladly hand it back to the client.

This goes for the DHCP server also. It has cached it's leases and when the client identified by it's MAC address asks for a lease it will hand it the previous one. This can be viewed by clearing the previous DHCP leases on the client and then run a packet capture during the release/renew process. The client will specify any IP address and the server will give it it's old IP address.

Long story short

Ok I understand ! This is very interesting !

I miss understood dhclient command effect, at first reading, because I tought that we can change our IP easily and automaticaly for cover our tracks.

Thank you so much @Dill and @OTW :-)

The IP address in this case would only affect the LAN segment your kali machine is connected to, not your public of WAN IP address what most hackers are trying to hide. If you are hacking on say a public LAN then really the danger here would be your MAC address, and spoofing it would be the best idea (host name also).

I don't know how to spoof my MAC address and hide my public IP yet, but I'm on my way. You really know what you talking about ! :-)

Hello!

After entering dhclient i get the following output:

$ Job for smbd.service failed. See 'systemctl status smbd.service' and 'journalctl -xn' for details.
$ invoke-rc.d: initscript smbd, action "reload" failed.
$ RTNETLINK answers: File exists

So i tried dhclient -r", the output then was:

$ Killed old client process
$ Job for smbd.service failed. See 'systemctl status smbd.service' and 'journalctl -xn' for details.
$ invoke-rc.d: initscript smbd, action "reload" failed.

and then again dhclient.. but nothing happened, except the cursor moving directly to a new line.. i lost my internet connection.

After typing dhclient wlan0 i got my connection back, but dhclient still gave the same output, as shown in the beginning.

So, it seems i cant get a new IP vom the DHCP server..?
Im not sure what's happening there..could someone explain me how to solve it?

Thank you

same case with me. Getting exact errors as above. Please help

Are you using Kali 2.0? I'm using Kali 1.1 and it works fine.

We are using Kali Linux here on Null Byte. Must be a bug in ParrotSec.

I tried on Kali 2.0 it doesn't work too.

When I enter the command ifconfig I get a different readout than the one shown. I am using Kali Linux 2.0 x64bit am I doing something wrong or is this normal for a Kali readout using ifconfig?

Image via fbcdn.net

That output is fine. You have different interfaces.

I have the same thing happening and prefer the output shown in the example (it seems easier to read as a newbie). Is there any way to accomplish changing the output to match? I'm assuming the difference is because Kali is based on Debian and BackTrack was based on Ubuntu?

Thanks in advance.

Hey!

I am having an issue that it looks like others in the comment section were having also a few months ago. I am running Kali Linux 2.0. Whenever I enter dhclient, I get this:

root@kali:~# dhclient
Job for smbd.service invalid.
invoke-rc.d: initscript smbd, action "reload" failed.
RTNETLINK answers: File exists

I have not been able to resolve this issue. Any suggestions?

Thanks in advance.

the error seems to be still there. but i used
dhclient -v
to get rest of the details.

what is the dhcp client for kali linux? i can't seem to access the dhcp client when i type dhclient in the terminal. please help me out and thanks in advance.

I'm using Kali 2.0 64bit installed on a laptop. Does anyone know where the aircrack-ng directory is? I can find aircrack-ng in bin but I can't seem to find the directory. Since so many of these tutorials use that directory I'd like to find it. I've been using other directories to do the same thing but now I'm getting to a point where it would just be easier to follow along with the same directory.

Hi,i am a newbee to the world of hacking and i want to know each and everything regarding linux,i saw a lot many tools in my OS kali-linux,i want to know how to use them,are you going to explain them all?moreover i want to know from where did you learned it all.(if you don't have any problem with that)

Hello, I am using Ubuntu 14.04. I believe backtrack is generated from ubuntu, so all commands can be executed on ubuntu. right?

I am using Ubuntu 16.04 lts and when I try dhclient it says:
RTNETLINK answers: Operation not permitted

how can I solve this??

What if I make gateway +
1.Change ip with ifconfig

2.Add netmask (what for stands netmask and can you tell more?) and broadcast(what it stands for and is it need to be the same as ip that I change)

3.Change DNS and clear logs
4.Enable VPN and use proxychains
5.Change my mac address
Is it enough to be anonymous?

good info! needed to search for extra info, but still nice tutorial!

ty!

Share Your Thoughts

  • Hot
  • Latest