3 - Basic Network Commands Overview and Terms Flashcards
___ is one of the most basic tools for testing connectivity to other hosts. It sends an internet control message protocol (ICMP) echo request to a host and listens for the reply.
Ping
Note: If a reply is received, it will display the time it took and the time to live (TTL) left.
___ and ___ are used to trace the route an IP packet takes to a destination.
traceroute (Linux)
tracert (Windows)
___ is similar to traceroute/tracert in that it displays the path taken by a packet from its source to its destination. ___ is useful because it can be used by any user instead of needing superuser privileges.
tracepath
Note: It is primarily used in Linux
___ provides the user with the IP, subnet mask, and default gateway for each network adapter by default with the /all option information, such as MAC address, DHCP status, and lease information.
ipconfig (internet protocol configuration)
Note: The command ipconfig/release can be used to release all connections and renew all adapters. It is primarily used in Windows.
___ is used to configure the kernel network interfaces.
ifconfig (interface? configuration)
Note: It is implemented at the time of booting to configure the necessary interfaces. Once the interfaces are configures, it is used for debugging or tuning the system. Primarily used in Linux.
___ displays the IP to physical (MAC) address mappings for hosts that have been discovered in the ___ cache. ___ can be used to add, remove, or modify entries in the ___ cache.
ARP (Address Resolution Protocol)
Note: The hosts need to be on the local network, as these addresses are discovered by broadcasting to everyone on the network and noting the reply from the owner; broadcast traffic is not allowed through a router so that the system will maintain the MAC address of the router.
___ displays information about active ports and their state and can be useful in troubleshooting and capacity management.
netstat (network statistics)
Note: The command netstat -r displays routing information for network adapters. Available in Windows, MacOS, and Linux.
___ displays information for displaying DNS information and troubleshooting DNS problems.
nslookup (name server lookup)
Note: It is useful in displaying names to IP address mappings.
___ is a command used to query the DNS name servers.
dig (domain information groper)
Note: It is helpful in troubleshooting DNS problems. It is also used for lookups and will display answers from the query. It is a replacement for nslookup.
___ is a tool most often used to look up who owns a domain or block of IP addresses on the internet, including name, email address, and physical address.
whois
Note: There are many privacy options that hide this information from being returned. Primarily used in Linux.
___ can be used to display the current route tables on a host.
route
Note: Route can also be used to add or remove routes. This is used by the local host to determine where to send traffic.
The ___ command is used to securely copy files between servers, leveraging SSH (secure shell) for authentication and enccryption.
SCP (Secure Copy Protocol)
___ copies the file from one host to another host. The data is unencrypted.
ftp (file transfer protocol)
___ transfers a file from either a client to a server or from a server to a client using UDP instead of TCP, and so it is usually used on reliable networks.
tftp (trivial file transfer protocol)
What does UDP stand for?
user datagram protocol
___ displays information about a user or users on a remote system, including things such as last log-in time and username.
finger
Note: Primarily used on Linux
___ scans networks to see what it can find in terms of hosts and open ports.
nmap (Network Mapper)
Note: It is commonly used to determine what is deployed on a network for vulnerability analysis, security scans, and related activities. Nmap is not native to either Linux or Windows but can be downloaded for free and used with both.
___ displays TCP/IP packets and other network packets that are being transmitted over the network system.
tcpdump
Note: It is a form of protocol analyzer and is designed to show the contents of network packets in human-readable form for troubleshooting, security analysis, etc. Tcpdump is not native to either Linux or Windows but can be downloaded for free and used with both.
___ and ___ allow a user to manage accounts and devices remotely.
telnet/ssh
Note: The main difference between the two is that SSH is encrypted, and thus all data is secure from eavesdropping, while telnet is unencrypted.
- One of the most basic tools
- Tests connectivity to other hosts
- Sends an ICMP echo request to a host and listens for the reply
- Useful in troubleshooting connectivity issues
- Measures latency between two devices
ping
- Used to trace the route an IP packet takes to a destination
- Displays each hop’s IP address and the time it takes to receive the packet
- Used for Linux and Windows systems
- Useful in troubleshooting performance and connectivity issues
traceroute/tracert
- Displays the path taken by a packet from its source to its destination
- Can be used by any user, regardless of privileges
- Primarily used in Linux
tracepath
- Provides the user with the IP, subnet mask, and default gateway for each network adapter
- Can be used to release all connections and renew all adapters
- Primarily used in Windows
ipconfig
- Used to configure the kernel network interfaces
- Implemented at the time of booting to configure the necessary interfaces
- Used for debugging or tuning the system
- Primarily used in Linux
ifconfig
- Displays the IP to physical (MAC) address mappings for hosts that have been discovered
- Used to add, remove, or modify entries in the cache
- Discovers addresses by broadcasting to the network and noting the reply from the owner
arp
- Displays information about active ports
- Useful in troubleshooting and capacity management
- Displays routing information for network adapters
- Available in Windows, MacOS, and Linux
netstat
- Displays some DNS information
- Troubleshoots DNS problems
- Useful in displaying names to IP address mappings
- Native to both Windows and Linux
nslookup
- Used to retrieve the entire DNS response message
- Used for lookups and will display answers from the query
- Uses the OS resolver libraries
- Native to Linux
dig
- Most often used to look up who owns a domain or block of IP addresses on the Internet
- Returns information including name, email address, and physical address
- Privacy options may hide this information from being returned
- Primarily used in Linux
whois
- Used to display the current route tables on a host
- Can be used to add or remove routes
- Used by the local host to determine where to send traffic
route
- Used to securely copy files between servers
* Leverages SSH for authentication and encryption
scp
What does SSH stand for?
secure shell
- Copies the file from one host to another host
- The data in unencrypted unless a Secure Sockets Layer is used
- Transfer uses TCP
- Used on the Internet and other wide-area networks
ftp
- Transfers a file from either a client to a server or from a server to a client
- Uses UDP instead of TCP
- Typically used on reliable networks
tftp
What does UDP stand for?
User Datagram Protocol
- Displays information about a user or users on a remote system
- Includes information such as last login time and username
- Primarily used in Linux
finger
- Scans networks to find hosts and open ports
- Helps determine what is deployed on a network
- Not native to either Linux or Windows but can be used with both
nmap
- Displays packets that are being transmitted over the network system
- Is a form of protocol analyzer
- Shows the contents of network packets in human-readable form
tcpdump
- Allows a user to manage accounts and devices remotely
- Can be encrypted to secure data from eavesdropping
- Can be unencrypted as well
telnet / ssh
Which command should be run in Linux to ping an IP address 192.168.0.15 eight times before it automatically terminates the process?
a) ping -w 8 192.168.0.15
b) ping -i 8 192.168.0.15
c) ping -s 8 192.168.0.15
d) ping -c 8 192.168.0.15
d) ping -c 8 192.168.0.15
Note: The -c switch is used in Linux to limit the number of pings within a single session.
A server administrator is tasked to harden the database servers, and one of the requirements is to document any firewall ports that are open and closed. Which native Windows command line utility should the administrator use?
a) finger
b) tcpdump
c) netstat
d) dig
c) netstat
The network administrator is receiving complaints about clients experiencing high latency only when connecting to their web-based customer management system (CMS). Which Windows command should this network administrator use to identify where this latency is occurring?
a) route
b) tracert
c) traceroute
d) tcpdump
b) tracert
An organization needs to perform an analysis to identify vulnerabilities such as open firewall ports, unauthorized operating systems or device types, and weak passwords. Which tool is recommended?
a) nmap
b) finger
c) teacepath
d) nslookup
a) nmap
Which protocol provides remote access over encrypted connections?
a) SSH
b) FTP
c) ICMP
d) DNS
a) SSH
What does the ARP cache map?
a) MAC addresses to ICMP
b) IP addresses to network destinations
c) IP addresses to MAC addresses
d) MAC addresses to interfaces
c) IP addresses to MAC addresses
What does ARP stand for?
Address Resolution Protocol
What does ICMP stand for?
internet control message protocol
