Ch4 Tools of the Trade Flashcards
use ping to determine ___ or ___
if a domain is working; if I can connect with someone
ping defaults to IP version ___, to revert to the older version use the switch ___
6; -4
to make ping run continuously on windows, use the switch ___
-t
how can I make ping run continuously on Linux?
it runs continuously as the default on Linux
use netstat to see the list of ____
sessions a host is running now
use netstat -n to see ___
who I am communicating with
use netstat -a to see if my machine is a ___, the clue is if ___
server; some lines say “listening” in the right hand column
if you are trying to determine whether an internet connection is breaking in your LAN or at the ISP, use ___
tracert
___ poisoners can pose as devices on your network
ARP (Address Resolution Protocol)
to see the addresses of all the deviced (like NIC’s) on your network to see if some connections are being misused, use the command/switch ___
arp -a
to see the MAC addresses of all your devices, use ___ with the switch ___
ipconfig; -all
if ipconfig shows that your IPv4 address has changed, then you might have a ___ problem
DHCP server
in Linux, to get the same info as ipconfig in windows, use the command and switch ___
ip addr
to identify (or change) your DNS server, use the command ___
nslookup
which Linux command can be used to show/change the DNS server as well as showing cache and other records about the network?
dig
which Linux command can be used to open, listen to or act as a client on any port?
netcat
a ___, aka ___ can query all systems with a certain Network ID
network scanner; port scanner
to scan everything with networkID 192.168 with 24 subnet mask returning the most information possible use ___
nmap -v -sn 192.168.4.0/24
a more user-friendly graphic overlay for nmap is ___
zenmap
___ can be used to identify all laptops, smartphones, etc. connected to the network
wireshark
the main 3 uses for network scanners are:
look for open ports; network inventory; rogue systems
what can be used to analyze network traffic coming in and out of a host computer?
a protocol analyzer (like wireshark)
what are the two parts of a network analyzer?
sniffer and analyzer
in analyzing data from wireshark, what indicates DHCP traffic?
bootp
what is ARP and what does it do?
Address Resolution Protocol, resolves IP addresses to MAC (Media Access Control) addresses [devices]
what can be used to manage all devices on a network from a single station?
SNMP (Simple Networking Managing Protocol)
a device on a network must have an ___ to be SNMP enabled, then it is called a ___
agent; managed device
an SNMP managed device will use port ___, or port ___ if encrypted
UDP 161; TLS 10161
a ___ such as the software ___ talks to SNMP enabled devices, using port ___, or port ___ if encrypted
SNMP Manager; Network Management Station (NMS); UDP 162; TLS 10162
to allow it to be managed remotely on a network, every device has built into it by the manufacturer a ___
Management Information Base (MIB)
the most common commands in SNMP are ___, ___ and ___
get (to ask a device for information); trap (to be alerted of conditions); walk (a batch of get’s)
the main difference between versions of SNMP is ___
level of encryption (none, weak, strong)
does SNMP require you to be at the network location?
no, can be run remotely through a virtual machine
the command to activate SNMP on a network is ___
snmp -[server] [community name] RO(read only)
the basic two types of logs found on networks are ___ and ___
network logs; non-network logs
network logs are either ___ or ___
OS or system level; application level
something you might find in a OS level network log:
remote login success/fail
application level network logs could include events relating to ___ or ___
web servers; firewalls
the 3 main categories of non-network logs are ___, ___ or ___
Operating System events; Application events; Security events
each device on a network will typically have it’s own file location, because it is ____, but using SNMP a ___ can be created
decentralized; central repository
when a 3rd party does the work of pulling together data from device logs on a network, this is called ___
Monitoring as a Service (MaaS)
