Chapter 17 - Supplement - Sheet1 Flashcards
Protocol Analyzers
AKA sniffers / network monitors. Uysed to capture packets in their raw format as they cross the network.
Examples of protocol analyzers
Wireshare, OmniPeek
Promiscuous Mode
NIC processes all packets that it sees
Throughput Testers
Usually software based, work much like a protocol analyzer in that they measure traffic, but these measure throughput of that traffic (network speeds)
Connectivity Software
Designed to allow you to make a connection to a machine, its desktop, and perform any action you could perform while sitting in front of it.
Traceroute
(AKA trace) displays the path a packet takes to get to a remote device by using IP Packet TTL, time-outs, and ICMP error messages.
ipconfig / ifconfig
Display the current configuration of TCP/IP on a given workstation. Includes IP, DNS, WINS config and default gateway
OSes that use ipconfig
New Macs, Windows
ipconfig /all
ipconfig option that gives you hardware addresses, DHCP lease times, and DNS addresses
ipconfig /release & ipconfig /renew
Renews the IP address lease, or gets a new one if applicable.
OSes that use ifconfig
Linxus, Unix, Mac
ifconfig
ipconfig equivalent. Short for interface configuration
2 purposes to using the ping utility
To find out if a host is responding OR to find out if you can reach a host
ping -t
Pings the specified host until stopped
ping -a
Resolves addresses to hostnames
ping - n count
Specified the number of echo requests to send. Default is 4. (4 “Reply from…”)
ping -w timeout
Set the timeout time in milliseconds. Default is 1000, which is 1 second
ARP
Address Resolutin Protocol. Used to translate TCP/IP addresses to MAC addresses using broadcasts.
ARP Table
Windows table that includes a list of TCP/IP addresses and their associated physical (MAC) addresses. Cached in memory to reduce the need to perform lookups
2 Types of Entries in the ARP Table
Dynamic and Static
Dynamic ARP table entries
Created whenever the Windows TCP/IP stack performs an ARP lookup but the MAC address isn’t found in the ARP table. When MAC address is finally resolved (via Broadcast) that info is added to the table.
Static ARP table entries
Manually added MAC addresses.
arp -a
Dispays current ARP entries.
arp -g
Dispays current ARP entries. Same as arp -a
arp -a -v
Verbose ARP entries - shows all invalid entires and regular arp -a entries
arp -s [IP Address] [MAC Address]
Add a static entry into the ARP table
Unix’s version of nslookup
dig
nslookup
Allows you to query a name server and quickly find out which name resolves to which ip address
Location of hosts table on Windows
C:\Windows\System32\drivers\etc\
DOS Command to display the PC name
hostname
mtr
AKA My traceroute. Computer program that c ombines the functions of the traceroute and pint utilities in a single network diagnostic tool.
route
Command used to set network routing rules. Usually Windows takes care of this.
netstat
Lists the inbound and outbound conections on your machine. Can also use it to view packet stats and errors
netstat -e
Displays ethernet stats. Combined with -s, displays stats by protocol. Stats are for since the PC has been turned on.
netstat -s
Displays ethernet stats by protocol. Stats are for since the PC has been turned on.
netstat -r
Displays routing table. Same output as route print
netstat -a
Displays all TCP/IP connections and UDP connections
“bytes” in netstat -e tells you
Number of bytes sent or received at this PC’s NIC. Good for determining if a network connection is actually transmitting.
“unicast packets” in netstat -e tells you
Number of packets sent from or received at this PC.
“non-unicast packets” in netstat -e tells you
Number of packets that weren’t directly sent from a workstation to another. Example: Broadcast packets. Number of non-unicast packets should be smaller than unicase packets.
“discards” in netstat -e tells you
Number of packets discarded by the NIC during transmission or reception b/c they weren’t assembled correctly
“unknown protocols” in netstat -e tells you
Number of received packets that the Windows networking stat couldn’t interpret. Only in the received column. Certainly it wouldn’t send unknown protocols
netstat -s -p
netstat -s but allows you to specify the protocol after the -p switch
-n switch for netstat
Works with other switches. Displays the IP address instead of the hostname
Command to start FTP session in DOS
ftp
Command to open FTP server in FTP mode
open servername.domain.com
Common to quit FTP from DOS
quit
Commands to set file type in FTP mode in dos
ascii, binary
Command to download file in FTP mode from DOS
get filename.exe
Command to download multiple files in FTP mode in dos
mget
Use mget to download all txt files
mget *.txt
At FTP command prompt, how do you navigate to a location on the local machine to position your self to upload a file in that directory?
lcd c:\path\to\directory
FTP command from DOS to upload a file
put local-filename.txt remote-name.txt
Why is it not recommended that you use telnet
Not encrypted. Insecure.
What command can you type from a command prompt to see the hops a packet takes
to get to a destination host?
Tracert
What tool would you use to verify a complaint about a slow network?
Throughput tester
You need your IP address, subnet mask, default gateway, and DNS information. What
command will you type from a Windows command prompt?
ipconfig /all
You need to log in as a dumb terminal to a server or UNIX host and run programs.
What application will you use?
Telnet
You need to add a route to your Windows server’s routing table. What command will
you use?
route
You want to log in to a server and transfer files. What application will you use?
FTP
You need to check your name-resolution information on your host. What command
will you type from the command prompt?
nslookup
You want to use netstat, but you want to see only the IP address, not the names of the
hosts. Which modifier will you use?
-n
You want the IP configuration on a UNIX host. What command will you type at the
command prompt?
ifconfig
Which Windows command will show you the routing table of your host or server?
route print
