Analyzing Network Traffic on a Linux Host

Libraries: If you want this lab, consider one of these libraries.
Cloud

Analyzing Network Traffic on a Linux Host

Being able to observe network traffic and scan for open ports is helpful when troubleshooting network connectivity issues. In this hands-on lab, you will be tasked with scanning TCP and UDP ports on remote servers using the `nmap` command, gaining more information about network services using the `ss` and `lsof` commands, and performing packet captures of network traffic using the `tcpdump` command.

Get started Contact sales

Lab Info

Level

Intermediate

Last updated

Sep 14, 2025

Duration

45m

Challenge

Scan for Open Ports on Server 1 and Server 2
- On Server 3, use the nmap command to scan for open TCP ports on Server 1 and Server 2.
```
# nmap -F 10.0.1.10
# nmap -F 10.0.2.10
```
- On Server 3, use the nmap command to scan for open UDP ports on Server 1 and Server 2.
```
# nmap -sU -F 10.0.1.10
# nmap -sU -F 10.0.2.10
```
- On Server 3, use the nmap command to scan for open TCP ports and provide OS and version information on Server 1 and Server 2.
```
# nmap -A -F 10.0.1.10
# nmap -A -F 10.0.2.10
```
- On Server 3, use the nmap command to scan for open UDP ports and provide OS and version information on Server 1.
```
# nmap -sU -A -F 10.0.1.10
```
Challenge

Analyze the Listening Sockets on Server 1 and Server 2
- On Server 1, use the ss command to view open TCP and UDP sockets that were discovered by the nmap command.
```
# ss -tulnp
```
- On Server 1, view the open files for each service discovered by the nmap command and record the totals to a file (the file should be named after the service that the count is for).
```
# lsof | grep ssh | wc -l > ssh
# lsof | grep httpd | wc -l > http
# lsof | grep cupsd | wc -l > cups
# lsof | grep ntpd | wc -l > ntp
```
- On Server 2, use the ss command to view open TCP sockets that were discovered by the nmap command.
```
# ss -tlnp
```
- On Server 2, view the open files for each service discovered by the nmap command and record the totals to a file.
```
# lsof | grep sshd | wc -l > ssh
# lsof | grep master | wc -l > postfix
# lsof | grep nginx | wc -l > nginx
```
Challenge

Perform a Packet Capture of the 10.0.3.20 Interface on Server 1
- On Server 1, determine which interface has the 10.0.3.20 address and list the interfaces available for use with the tcpdump command.
```
# ip addr show
# tcpdump -D
```
- On Server 1, use the tcpdump command to record 5 packets from the 10.0.3.20 interface and save it to a file called 10-0-3-20.pcap. Then, view its contents.
```
# tcpdump -i eth1 -c 5 -w 10-0-3-20.pcap
# tcpdump -r 10-0-3-20.pcap
```

About the author

Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.