- Lab
-
Libraries: If you want this lab, consider one of these libraries.
- Cloud

Analyzing Network Traffic on a Linux Host
Being able to observe network traffic and scan for open ports is helpful when troubleshooting network connectivity issues. In this hands-on lab, you will be tasked with scanning TCP and UDP ports on remote servers using the `nmap` command, gaining more information about network services using the `ss` and `lsof` commands, and performing packet captures of network traffic using the `tcpdump` command.

Lab Info
Table of Contents
-
Challenge
Scan for Open Ports on Server 1 and Server 2
- On Server 3, use the
nmap
command to scan for open TCP ports on Server 1 and Server 2.
# nmap -F 10.0.1.10 # nmap -F 10.0.2.10
- On Server 3, use the
nmap
command to scan for open UDP ports on Server 1 and Server 2.
# nmap -sU -F 10.0.1.10 # nmap -sU -F 10.0.2.10
- On Server 3, use the
nmap
command to scan for open TCP ports and provide OS and version information on Server 1 and Server 2.
# nmap -A -F 10.0.1.10 # nmap -A -F 10.0.2.10
- On Server 3, use the
nmap
command to scan for open UDP ports and provide OS and version information on Server 1.
# nmap -sU -A -F 10.0.1.10
- On Server 3, use the
-
Challenge
Analyze the Listening Sockets on Server 1 and Server 2
- On Server 1, use the
ss
command to view open TCP and UDP sockets that were discovered by thenmap
command.
# ss -tulnp
- On Server 1, view the open files for each service discovered by the
nmap
command and record the totals to a file (the file should be named after the service that the count is for).
# lsof | grep ssh | wc -l > ssh # lsof | grep httpd | wc -l > http # lsof | grep cupsd | wc -l > cups # lsof | grep ntpd | wc -l > ntp
- On Server 2, use the
ss
command to view open TCP sockets that were discovered by thenmap
command.
# ss -tlnp
- On Server 2, view the open files for each service discovered by the
nmap
command and record the totals to a file.
# lsof | grep sshd | wc -l > ssh # lsof | grep master | wc -l > postfix # lsof | grep nginx | wc -l > nginx
- On Server 1, use the
-
Challenge
Perform a Packet Capture of the 10.0.3.20 Interface on Server 1
- On Server 1, determine which interface has the 10.0.3.20 address and list the interfaces available for use with the
tcpdump
command.
# ip addr show # tcpdump -D
- On Server 1, use the
tcpdump
command to record 5 packets from the 10.0.3.20 interface and save it to a file called 10-0-3-20.pcap. Then, view its contents.
# tcpdump -i eth1 -c 5 -w 10-0-3-20.pcap # tcpdump -r 10-0-3-20.pcap
- On Server 1, determine which interface has the 10.0.3.20 address and list the interfaces available for use with the
About the author
Real skill practice before real-world application
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Learn by doing
Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.
Follow your guide
All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.
Turn time into mastery
On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.