Ch4 Tools of the Trade Flashcards

1
Q

use ping to determine ___ or ___

A

if a domain is working; if I can connect with someone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ping defaults to IP version ___, to revert to the older version use the switch ___

A

6; -4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

to make ping run continuously on windows, use the switch ___

A

-t

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

how can I make ping run continuously on Linux?

A

it runs continuously as the default on Linux

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

use netstat to see the list of ____

A

sessions a host is running now

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

use netstat -n to see ___

A

who I am communicating with

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

use netstat -a to see if my machine is a ___, the clue is if ___

A

server; some lines say “listening” in the right hand column

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

if you are trying to determine whether an internet connection is breaking in your LAN or at the ISP, use ___

A

tracert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

___ poisoners can pose as devices on your network

A

ARP (Address Resolution Protocol)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

to see the addresses of all the deviced (like NIC’s) on your network to see if some connections are being misused, use the command/switch ___

A

arp -a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

to see the MAC addresses of all your devices, use ___ with the switch ___

A

ipconfig; -all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

if ipconfig shows that your IPv4 address has changed, then you might have a ___ problem

A

DHCP server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

in Linux, to get the same info as ipconfig in windows, use the command and switch ___

A

ip addr

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

to identify (or change) your DNS server, use the command ___

A

nslookup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

which Linux command can be used to show/change the DNS server as well as showing cache and other records about the network?

A

dig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

which Linux command can be used to open, listen to or act as a client on any port?

A

netcat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

a ___, aka ___ can query all systems with a certain Network ID

A

network scanner; port scanner

18
Q

to scan everything with networkID 192.168 with 24 subnet mask returning the most information possible use ___

A

nmap -v -sn 192.168.4.0/24

19
Q

a more user-friendly graphic overlay for nmap is ___

A

zenmap

20
Q

___ can be used to identify all laptops, smartphones, etc. connected to the network

A

wireshark

21
Q

the main 3 uses for network scanners are:

A

look for open ports; network inventory; rogue systems

22
Q

what can be used to analyze network traffic coming in and out of a host computer?

A

a protocol analyzer (like wireshark)

23
Q

what are the two parts of a network analyzer?

A

sniffer and analyzer

24
Q

in analyzing data from wireshark, what indicates DHCP traffic?

A

bootp

25
Q

what is ARP and what does it do?

A

Address Resolution Protocol, resolves IP addresses to MAC (Media Access Control) addresses [devices]

26
Q

what can be used to manage all devices on a network from a single station?

A

SNMP (Simple Networking Managing Protocol)

27
Q

a device on a network must have an ___ to be SNMP enabled, then it is called a ___

A

agent; managed device

28
Q

an SNMP managed device will use port ___, or port ___ if encrypted

A

UDP 161; TLS 10161

29
Q

a ___ such as the software ___ talks to SNMP enabled devices, using port ___, or port ___ if encrypted

A

SNMP Manager; Network Management Station (NMS); UDP 162; TLS 10162

30
Q

to allow it to be managed remotely on a network, every device has built into it by the manufacturer a ___

A

Management Information Base (MIB)

31
Q

the most common commands in SNMP are ___, ___ and ___

A

get (to ask a device for information); trap (to be alerted of conditions); walk (a batch of get’s)

32
Q

the main difference between versions of SNMP is ___

A

level of encryption (none, weak, strong)

33
Q

does SNMP require you to be at the network location?

A

no, can be run remotely through a virtual machine

34
Q

the command to activate SNMP on a network is ___

A

snmp -[server] [community name] RO(read only)

35
Q

the basic two types of logs found on networks are ___ and ___

A

network logs; non-network logs

36
Q

network logs are either ___ or ___

A

OS or system level; application level

37
Q

something you might find in a OS level network log:

A

remote login success/fail

38
Q

application level network logs could include events relating to ___ or ___

A

web servers; firewalls

39
Q

the 3 main categories of non-network logs are ___, ___ or ___

A

Operating System events; Application events; Security events

40
Q

each device on a network will typically have it’s own file location, because it is ____, but using SNMP a ___ can be created

A

decentralized; central repository

41
Q

when a 3rd party does the work of pulling together data from device logs on a network, this is called ___

A

Monitoring as a Service (MaaS)