Command Line Security Tools 2.2 Flashcards
ping
Uses Internet Control Message Protocol (ICMP). Usually the first thing you use, test to see if the device is there and responding.
netstat
Available on many OS’s to provide you with network statistics.
- a = show all active connections
- b = show binaries (Windows)
- n = do not resolve names (shows only IP addresses)
traceroute
Determines the routes a packet takes to a destination. Allows you to map the entire path.
Windows command = tracert
POSIX command = traceroute
Uses ICMP time to live to determine how many hops to destination. This is not seconds or minutes, only hops.
Not all devices will reply with ICMP time. Some firewalls filter ICMP.
nslookup
Used to lookup canonical names, IP addresses, cache timers et.
nslookoup - both windows and POSIX-based. Used to lookup names and IP addresses. Still available but now deprecated. Recommended to now use dig
POSIX
Portable Operating System Interface (POSIX) is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems.
dig
Domain Information Groper - More advanced version of nslookup with a lot more detail and more options.
Address Resolution Protocol (ARP)
Determines a MAC address based on an IP address. you need the hardware address to communicate.
Command = arp - a
Allows us to verify that the IP address and MAC address associations are correct for the devices we are connecting to.
ipconfig & ifconfig
Most troubleshooting starts with IP address. Ping your local router/gateway. Both commands used to determine IP address and hardware address on your device.
ipconfig = windows ifconfig = linux and other OS's
tcpdump
Captures packets at the command line. Available programs for most OS’s. Applies filters in real time to help you identify traffic patterns. Can save data packets in a protocol analyzer. Writes it in pcap format. Takes some practice to learn how to use.
Nmap
Network mapper to find and learn more about network devices. Port scans to identify open ports. Can learn what OS is running on a device w/o logging in. Service scan to find out what services are running on it and any additionally comes with some additional scripts to extend its capabilities.
netcat
A utility to allow you to read or write information on a network. Think of it as an application similar to a browser to read or write to a network.