# HG changeset patch # User Oleksandr Gavenko # Date 1233911075 -7200 # Node ID 6c01de88f39ec3d81d31c45fdcc5591e7689719a # Parent 99584256fa8808b2d42f3f9511e565a86198d131 up diff -r 99584256fa88 -r 6c01de88f39e port.rst --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/port.rst Fri Feb 06 11:04:35 2009 +0200 @@ -0,0 +1,92 @@ +-*- outline -*- + +* Port forwarding. + + $ ssh -L 8888:www.linuxhorizon.ro:80 user@computer -N + $ ssh -L 8888:www.linuxhorizon.ro:80 -L 110:mail.linuxhorizon.ro:110 \ + 25:mail.linuxhorizon.ro:25 user@computer -N + +The second example (see above) show you how to setup your ssh tunnel for web, pop3 +and smtp. It is useful to recive/send your e-mails when you don't have direct access +to the mail server. + +For the ASCII art and lynx browser fans here is illustrated the first example: + + +----------+<--port 22-->+----------+<--port 80-->o-----------+ + |SSH Client|-------------|ssh_server|-------------| host | + +----------+ +----------+ o-----------+ + localhost:8888 computer www.linuxhorizon.ro:80 + +* Port listening. + +Connect to a server: + + $ nc hostname port + +Be a server: + + $ nc -l -p port + +* Simple filetransfer. + +Serve a file: + + $ nc -l -p port < file + +Receive a file: + + $ nc hostname port > file + +* Filesystem cloning. + +Serve the filesystem: + + $ tar cOPp --same-owner / | nc -l -p port + +Receive the filesystem: + + $ nc -w3 hostname port | tar xPp + +* Disk cloning. + +Serve the disk image: + + $ dd if=/dev/hda | nc -l -p port + +Receive the image: + + $ nc -w3 hostname port | dd of=/dev/hda + +* Encrypted, compressed and IP restricted filetransfer. + +If combining encryption and compression, be sure to compress first then +encrypt when sending and reverse the order for receiving. Do not attempt to +encrypt then compress. Compression works by finding patterns which are +destroyed intentionally by the process of encryption. Also, though not +required, specifying the IP address of the host that will be transferring the +file is a good idea. + +Serving a compresssed, encrypted file from 192.168.0.1 to 192.168.0.2: + + $ gzip -c < file | openssl aes-128-cbc -e -k thispassword | nc -l 192.168.0.2 12345 + +Receiving, decrypting and decompressing that file: + + $ nc 192.168.0.1 12345 | openssl aes-128-cbc -d -k thispassword | gunzip -c > file + +* Scan with nmap. + +TODO + +* Scan with netcat. + + $ nc -v -w 2 -z hostname portrange + $ nc -v -w 2 -z hostname portlisting + +Where portrange is for example "10-20" to scan all ports between 10 and 20, +portlisting is for example 11,20,135 will scan these ports. + +I just tried this on windows xp, and the comma separated list of ports does +NOT work. Instead, use space separated list. eg: + + cmd> nc.exe -vv -w 2 -z www.example.com 20-25 79 80 110 137-139 443