Ch4 Tools of the Trade

Question 1

use ping to determine ___ or ___

Answer 1

if a domain is working; if I can connect with someone

Question 2

ping defaults to IP version ___, to revert to the older version use the switch ___

Answer 2

6; -4

Question 3

to make ping run continuously on windows, use the switch ___

Answer 3

-t

Question 4

how can I make ping run continuously on Linux?

Answer 4

it runs continuously as the default on Linux

Question 5

use netstat to see the list of ____

Answer 5

sessions a host is running now

Question 6

use netstat -n to see ___

Answer 6

who I am communicating with

Question 7

use netstat -a to see if my machine is a ___, the clue is if ___

Answer 7

server; some lines say “listening” in the right hand column

Question 8

if you are trying to determine whether an internet connection is breaking in your LAN or at the ISP, use ___

Answer 8

tracert

Question 9

___ poisoners can pose as devices on your network

Answer 9

ARP (Address Resolution Protocol)

Question 10

to see the addresses of all the deviced (like NIC’s) on your network to see if some connections are being misused, use the command/switch ___

Answer 10

arp -a

Question 11

to see the MAC addresses of all your devices, use ___ with the switch ___

Answer 11

ipconfig; -all

Question 12

if ipconfig shows that your IPv4 address has changed, then you might have a ___ problem

Answer 12

DHCP server

Question 13

in Linux, to get the same info as ipconfig in windows, use the command and switch ___

Answer 13

ip addr

Question 14

to identify (or change) your DNS server, use the command ___

Answer 14

nslookup

Question 15

which Linux command can be used to show/change the DNS server as well as showing cache and other records about the network?

Answer 15

dig

Question 16

which Linux command can be used to open, listen to or act as a client on any port?

Answer 16

netcat

Question 17

a ___, aka ___ can query all systems with a certain Network ID

Answer 17

network scanner; port scanner

Question 18

to scan everything with networkID 192.168 with 24 subnet mask returning the most information possible use ___

Answer 18

nmap -v -sn 192.168.4.0/24

Question 19

a more user-friendly graphic overlay for nmap is ___

Answer 19

zenmap

Question 20

___ can be used to identify all laptops, smartphones, etc. connected to the network

Answer 20

wireshark

Question 21

the main 3 uses for network scanners are:

Answer 21

look for open ports; network inventory; rogue systems

Question 22

what can be used to analyze network traffic coming in and out of a host computer?

Answer 22

a protocol analyzer (like wireshark)

Question 23

what are the two parts of a network analyzer?

Answer 23

sniffer and analyzer

Question 24

in analyzing data from wireshark, what indicates DHCP traffic?

Answer 24

bootp

Question 25

what is ARP and what does it do?

Answer 25

Address Resolution Protocol, resolves IP addresses to MAC (Media Access Control) addresses [devices]

Question 26

what can be used to manage all devices on a network from a single station?

Answer 26

SNMP (Simple Networking Managing Protocol)

Question 27

a device on a network must have an ___ to be SNMP enabled, then it is called a ___

Answer 27

agent; managed device

Question 28

an SNMP managed device will use port ___, or port ___ if encrypted

Answer 28

UDP 161; TLS 10161

Question 29

a ___ such as the software ___ talks to SNMP enabled devices, using port ___, or port ___ if encrypted

Answer 29

SNMP Manager; Network Management Station (NMS); UDP 162; TLS 10162

Question 30

to allow it to be managed remotely on a network, every device has built into it by the manufacturer a ___

Answer 30

Management Information Base (MIB)

Question 31

the most common commands in SNMP are ___, ___ and ___

Answer 31

get (to ask a device for information); trap (to be alerted of conditions); walk (a batch of get's)

Question 32

the main difference between versions of SNMP is ___

Answer 32

level of encryption (none, weak, strong)

Question 33

does SNMP require you to be at the network location?

Answer 33

no, can be run remotely through a virtual machine

Question 34

the command to activate SNMP on a network is ___

Answer 34

snmp -[server] [community name] RO(read only)

Question 35

the basic two types of logs found on networks are ___ and ___

Answer 35

network logs; non-network logs

Question 36

network logs are either ___ or ___

Answer 36

OS or system level; application level

Question 37

something you might find in a OS level network log:

Answer 37

remote login success/fail

Question 38

application level network logs could include events relating to ___ or ___

Answer 38

web servers; firewalls

Question 39

the 3 main categories of non-network logs are ___, ___ or ___

Answer 39

Operating System events; Application events; Security events

Question 40

each device on a network will typically have it's own file location, because it is ____, but using SNMP a ___ can be created

Answer 40

decentralized; central repository

Question 41

when a 3rd party does the work of pulling together data from device logs on a network, this is called ___

Answer 41

Monitoring as a Service (MaaS)