Chapter 3 Flashcards
Netflow
Is a Cisco network protocol that collects IP traffic information, allowing network traffic monitoring. Flow data is used to provide a view of traffic flow and volume. A typical flow capture includes the IP and port source and destination for the traffic and the class of service. Netflows and a netflow analyzer can help identify service problems and baseline typical network behavior and can also be useful in identifying unexpected behaviors.
Windows netstat - o output
Provides ethernet statistics on how many bytes and packets have been sent and received. Also shows Discards, errors and unknown protocols.
Windows netstat -e
Shows various information depending on the OS, Windows shows the destination network, netmask, gateway, interface the route is associated with and a metric for the route that captures link speed
Windows netstat -nr
This means that running netstat from a system can provide information about both the machine’s network behavior and what the local network looks like. Knowing what machines a system has or is communicating with can help you understand local topology and services.
DHCP
Is a client/server protocol that provides an IP address as well as information such as the default gateway and subnet mask for the network segment that the host will reside on.
DHCP being used in passive reconnaissance
When you are conducting passive reconnaissance, DHCP logs from the DHCP server for a network can provide a quick way to identify many of the hosts on the network. If you combine DHCP logs with other logs, such as firewall logs, you can determine which hosts are provided with dynamic IP addresses and which hosts are using static IP addresses.
nslookup
Uses DNS to translate URL’s to IP addresses and vice versa
traceroute
Traces the route by each hop. Will typically find that the last few responses stay the same. These are often the local routers and other network devices in an organization’s network, and knowing how traffic gets to a system can give you insight into the company’s internal network topology.
Border Gateway Protocol
Is responsible for looking at all of the available paths that data could travel and picking the best route, which usually means hopping between autonomous systems.
Domain Registrars
This means that registrars work with the domain name registries to provide registration services: the ability to acquire and use domain names. Registrars provide the interface between customers and the domain registries and handle purchase, billing, and day-to-day domain maintenance, including renewals for domain registrations.
Zone Transfers
Are intended to be used to replicate DNS databases between DNS servers, which makes them a powerful information-gathering tool if a target’s DNS servers allow a zone transfer.
Exif
Data often includes location and camera data, allowing the images to be mapped and identified to a specific device or type of camera.
Cisco Log Criticality 0-7. What level for emergencies and what is for debugging?
Log level 0 is used for emergencies in Cisco’s logging level scheme. Log level 7 is for debugging information and is at the bottom of the scale
axfr flag
It is one of the many mechanisms available for administrators to replicate DNS databases across a set of DNS servers. This is used for DNS Zone Transfers.
