Analyzing and Managing Networks

Question 1

Using ifconfig to show information about active network interfaces and one of the listed shows as eth0, what does that mean?

Answer 1

It means Ethernet0, ethernet indicating that it is a wired interface and 0 is just the number. As linux starts counting at 0, this is the first wired interface.

Question 2

What command can be used to show useful information for wireless hacking?

Answer 2

iwconfig.

Question 3

How to change the ip address associated to eth0 interface to 192.168.0.220?

Answer 3

$ ifconfig eth0 192.168.0.220

Question 4

Why a hacker would spoof his MAC address?

Answer 4

To bypass network access controls or to evade being traced.

Question 5

What are the steps to spoof a MAC address of an interface?

Answer 5

Using the eth0 interface as an example.
~~~
$ ifconfig eth0 down
$ ifconfig eth0 hw ether 00:11:22:33:44:55
$ ifconfig eth0 up
~~~

Question 6

Why a DHCP server is important for forensics after an attack?

Answer 6

Because a DHCP server assigns IP addresses to all the systems in the subnet and keeps a log file for which IP address was assigned to which machine.

Question 7

How to request a new IP address from DHCP?

Answer 7

$ dhclient <interface>

Question 8

How does the proccess of retrieving a new IP address from DHCP work?

Answer 8

The client sends a DHCPDISCOVER request from the specified network adapter, then the server sends a DHCPOFFER and the client can accept it sending a DHCP request.

Question 9

What command is useful to obtain DNS information about a target domain?

Answer 9

dig.

Question 10

Describe the dig command syntax.

Answer 10

$ dig <domain> <record-type>