See who is hosting a website

To see who is hosting a website (e.g. netflix.com), you will need the IP address of the website and the WHOIS record for that IP address. You can obtain both from the command-line.

Obtain the IP address for netflix.com:

# Ping the website
ping netflix.com
# Alternatively, use traceroute and note the last IP address
traceroute netflix.com

For me, the command returned the IP address 52.209.235.141. Now, look up the WHOIS record for the IP address to see who owns it:

# Look up the WHOIS record
whois 52.209.235.141

Here is the record I got from WHOIS for netflix:

OrgName:        Amazon Technologies Inc.
OrgId:          AT-88-Z
Address:        410 Terry Ave N.
City:           Seattle
StateProv:      WA
PostalCode:     98109
Country:        US

So, at the time of writing, it seems that netflix.com was hosted by Amazon.

How to chat between computers using netcat on Mac and Linux

In our home we have a mix of Mac and Linux computers. My children have a Raspberry Pi in their room and I have a Mac at my desk. Today we chatted with each other through the Terminal running on both computers.

Hi children!
Dudududududududu
Am I talking to a bird?
^v^

(It was a very interesting conversation as you can see)

How to chat using netcat

You can chat between two Unix computers (e.g. Linux or Mac) only using the Terminal and netcat command (i.e. the command nc). The netcat command is slightly different on the two OS'es, but I'll write the variation in comments.

First, you open a terminal window on both computers:

On a Mac, open e.g. the Terminal application

Now, choose one computer to listen (computer #1) and the other to connect to the first (computer #2). We chose that my Mac would listen and the childrens Raspberry Pi would connect.

Set up the listening computer

On the first computer, start netcat listening for incoming messages on port 23456 (or whatever port you prefer). You'll see that the command is slightly different on Mac and Linux.

# On Mac: nc -l <PORT>
nc -l 23456
# On Linux: nc -l -p <PORT>
nc -l -p 23456

Check the IP address of the listening computer:

ifconfig

Look for an entry called "inet", which looks something like this:

...
inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255
...

Shout the IP address you found into the house for all to hear!

Hey, I'm listening on port 23456 and my IP address is 192.168.1.101 !!!

Remember to shout the IP address you found, not the one I wrote above, since yours will probably be different... Now this computer is ready to chat!

Set up the connecting computer

On the second computer, use netcat to connect to the "listening" computer, using the IP address and port that the other person shouted to you.

# Mac/Linux: nc <IP ADDR> <PORT>
nc 192.168.1.101 23456

Again, rememember that the IP address above is just an example. Most likely, the person shouted different numbers to you.

Now the fun part: chat!

Now either computer you can type messages and hit enter. The thing you typed will appear on the other computer. Remember to finish your message by hitting the enter key.

hi, how are you? <enter>

After you hit enter, the message will appear on the other computer, where the person might reply:

hi, how are you?
I am fine thank you. How are you doing? <enter>

Experiment

After you have exchanged a few pleasant greetings, you can start hacking. For example:

  • What happens if you receive a message while you are typing?
  • Does the output always look the same on both computers?
  • What happens if you send special characters (e.g. apple character on a Mac)?
    • You can generally type special characters by using modifier keys, such as alt/option. E.g. to type an Apple icon on a Mac (Danish keyboard) you'll hit option + $/§.

When you are done chatting you can exit netcat with ctrl + c. It doesn't matter who does this first, the other side will exit as well.

How to discover devices on your network (Mac/Linux)

There are several ways to check what devices are currently logged on to your network (e.g. WiFi at home).

The first option is to use arp, which I have found works the best. There will be some cases where it does not work.

In the following example, I'll assume that your IP address is 192.168.1.xxx.

Using arp and nmap

First, scan your sub-network:

# see you IP address using ifconfig, here it's assumed to be 192.168.1.0
nmap 192.168.1.0/24

Second, list devices in your ARP cache:

arp -a

If the output doesn’t look up to date, or if it’s missing an IP you believe should be there, ping the broadcast IP (typically the last result of arp -a ending with “.255”).

# Assuming 239.255.255.250 was the last address in the output from arp -a
ping 239.255.255.250

Now, run arp -a again.

ARP spoofing

Notice that a malicious user can use arp spoofing to mix up the association between MAC addresses and IP addresses. This can be used for man-in-the-middle attacks.

Other ways

You could also use WireShark or even a third or fourth method, but I will not cover those here.