init - PoC

items/2024-01-20_long_bandwidth-measurement-using-netcat.md

@@ -0,0 +1,110 @@
+# Bandwidth Measurement using netcat on Linux
+
+There are various implementations. I am using nmap-ncat on rockOS 8 on both hosts. 
+
+Netcat's using **TCP by default** and this test is **not limited by disk I/O** from what I understood. That said, it is not the best solution, but it is a great 'quick and dirty' method. Additionally, there is **no encryption overhead** and **no compression** involved.
+
+**Important:** Please use with caution. You can lose access to a host while performing the test.
+
+---
+
+Server / Receiver:
+: `nc -k -v -l 33333 > /dev/null`
+: `-k` # keeps listening after connection ends *(might not be available e.g. gnu-netcat)*
+: `-v` # verbose output
+: `-l 33333` # listen on port 33333 (default TCP)
+: `> /dev/null` # send incoming data into the void to avoid disk I/O
+
+Client / Sender:
+: `dd if=/dev/zero bs=500M count=1 | nc -v 192.0.2.5 33333`
+: `dd` # convert/copy files
+: `if=/dev/zero` # read from file, only zeros in this case
+: `bs=500M` # sets the data-/ blocksize, 500 Mibibytes, use `500MB` for Megabytes,
+: `count=1` # set the maximum number of blocks, just leave it at `1`
+: `|` # 'pipes' all data to the next command
+: `nc` # netcat command
+: `-v` # set a more verbose output
+: `192.0.2.5` # set destination server IP
+: `33333` # set destination port
+
+---
+
+**Result on the client side**
+
+```markdown
+[user@test-rocky-01 ~]$ dd if=/dev/zero bs=500M count=1 | nc -v 192.0.2.5 33333  
+Ncat: Version 7.92 ( https://nmap.org/ncat )
+Ncat: Connected to 192.0.2.5:33333.
+1+0 records in
+1+0 records out
+524288000 bytes (524 MB, 500 MiB) copied, 19.6253 s, 26.7 MB/s
+Ncat: 524288000 bytes sent, 0 bytes received in 19.71 seconds.
+```
+
+---
+
+**Result on the server side**
+
+```markdown
+[user@test-rocky-02 ~]$ nc -k -v -l 33333 > /dev/null
+Ncat: Version 7.92 ( https://nmap.org/ncat )
+Ncat: Listening on :::33333
+Ncat: Listening on 0.0.0.0:33333
+Ncat: Connection from 198.51.100.19.
+Ncat: Connection from 198.51.100.19:42822.
+Ncat: Connection from 198.51.100.19.
+Ncat: Connection from 198.51.100.19:43088.
+[...]
+```
+
+**Side note:** It is recommended to test both directions.
+
+#### Additional options
+
+**Side note:** For security reasons on most systems you need **higher permissions to use ports in the range of 0-1023** (reserved port range).
+
+```markdown
+[user@test-rocky-02 ~]$ nc -k -v -l 444 > /dev/null
+Ncat: Version 7.92 ( https://nmap.org/ncat )
+Ncat: bind to :::444: Permission denied. QUITTING.
+```
+
+---
+
+Specify source interface/IP:
+: `-s 10.20.10.8`
+
+Specify source port:
+: `-p 45454` # on the client obviously
+: Tip: changing the source port with every run to find a specific run faster in a packet capture
+
+Using UDP instead of TCP:
+: `-u` # must be used on both hosts and might not be compatible with other options
+
+# Troubleshooting
+
+#### Large transfer / longer test
+
+`[user@test-rocky-01 ~]$ dd if=/dev/zero bs=4G count=1 | nc -p 5555 -v 192.0.2.5 33333`
+`dd: memory exhausted by input buffer of size 4294967296 bytes (4.0 GiB)`
+
+You are limited by your RAM when you want to send more data. You can decrease `bs=4G` to `bs=1G`, and increase the counter `count=1` to `4` to transfer 4GiB of data.
+
+#### Connection refused
+
+`Ncat: Connection refused.`
+`Ncat: TIMEOUT.`
+
+Make sure:
+- that the netcat server is running
+- double-check the destination host and port of the command
+- make sure that you can reach the destination over this port 
+    - network firewalls
+    - routing
+- check both host firewalls and make sure the inbound and outbound traffic is allowed
+
+# Caution
+
+As mentioned before, you can lose access to your hosts. Additionally, please **announce tests to your network and security team** as you can disrupt a productive network or trigger some kind of IDS system in place.
+
+---