One of the most important issues in Linux is the Linux network. Suppose you know a bit about network concepts, such as IP addresses, MAC addresses, DNS, DHCP, and so on. If not, please take a moment to study the principles of the network.
Step 1: Analyze the networks
The main Linux command is for network analysis ifconfig. This is very similar to the Windows ipconfig command. Let’s take a look at it.
As you see in this image, ifconfig provides a lot of information to the user. In the first paragraph on the left, we see eth0. This is the first cable network connection, ethernet 0. (Linux usually starts counting from 0).
In the second line, the IP address information is 192.168.73.132. Then netmask or network mask (this information about what part of the IP address of the network is and which part of the host)
And finally broadcast (This address is for sending information to all IPs in the subnet). There is further technical information available, but beyond the scope of Linux training.
If we look at the top, another paragraph is started with lo. This is the localhost or local address. This is the address of the device you are working with, and you can test something like a website. It is usually shown with the IP address 127.0.0.1.
Step 2: Change the IP address
Change the IP address in Linux is relatively simple. Keep in mind that in most cases, you will receive a dynamic address from a DHCP server.
In some cases, it may be necessary to redefine the address, especially if it is for hacking.
This can be useful in spoofing your IP address (spoofing attacks) because it makes the crime more unpredictable on the network, but it’s definitely not impossible to find a hacker.
We can do this by using the ifconfig command with the interfaces (interface) that we want to assign the desired IP. As:
ifconfig eth0 192.168.73.133Now when you are typing ifconfig, we can see that our IP address has changed to the new IP address. We can also change netmask and broadcast if needed: ifconfig eth0 192.168.73.133 netmask 255.255.255.0 broadcast 192.168.73.255
Step 3: DHCP (Dynamic Host Configuration Server)
Linux has a DHCP server called dhcpd. It is a DHCP server that assigns IP addresses to all subnetworks.
It also holds logs (log files) for those devices that have IP address at that time.
This log file is often used to track hackers in a forensic analysis after the attack.
When I want to assign a new address from the DHCP server, I can easily use the dhclient command.
(Different Linux distributions use different DHCP clients, but DLC-based Kali Linux uses dhclient). Like this:
dhclient -v -r eth0
Step 4: DNS (Domain Name Service)
A DNS or Domain Name Service is a service that enables us to type a domain name such as www.cybrit.ir, which will then be translated to the appropriate IP address.
Without it, we all have to remember thousands of IP addresses of your favorite web sites.
One of the most useful commands for the hacker is dig, which is equivalent to nslookup in Windows, but provides more information about the domain.
For example, to see the time.is domain name servers, we will execute the dig time.is command by adding the ns option.
dig time.is ns
Using the dig command with the mx option, we can receive information from the time.is email servers.
dig time.is mx
The most common DNS server is the Berkeley Internet Name Domain (BIND). In some cases, Linux users often refer to DNS as BIND, so do not make mistakes.
DNS or BIND simply shows the domain names of the individual IP addresses.
In Kali Linux, we can identify DNS services to a local DNS server or a public DNS server. This refers to the file location named /etc/resolv.conf. Let it open with gedit:
As you can see, we refer to a public DNS server to provide our DNS services.
If we want to change our DNS servers or add another server, we can simply add another line to this text file and save it.