NETWORK TOOLS Flashcards
Tracert/traceroute
Windows/Linux?
Differences?
When to use?
Route Tracing command
tracert is Windows, traceroute is Linux
tracert sends ICMP, traceroute sends UDP packets
Useful for understanding network topology or troubleshooting
nslookup/dig
function?
OS
compare/contrast?
command-line tool for querying DNS for mapping of DN and IP address. reversible.
Dig is more capable, nslookup is cleaner
windows doesn’t have dig, linux has both
ipconfig/ifconfig
Function?
OS?
command line tool that displays all current TCP/IP network configuration. Can also refresh or drop DHCP and DNS addresses/settings.
ipconfig is windows, ifconfig is linux.
ping
function?
OS?
command line tool for testing the reachability of a host on IP network. available in all OS.
Sends ICMP echo request packets to host and calculates times
-c flag sets number of results, -t flag will continue until stopped. -t flag can show if a system suddenly stops responding or if response time fluctuates.
pathping
Function?
OS?
windows command line tool that traces route to a destination while providing info about latency and packet loss.
pathping vs tracert/traceroute
tracert helps find the actual path from the source to the destination device, whereas pathping provides information about latency and data loss at intermediate hops between source and destination.
hping
function os
hping is used to assemble and analyze TCP/IP packets. This can be used to build a custom packet to test for an issue or vulnerability or to see if a firewall is responding properly.
netstat
provides network statistics by protocol and includes info about local address
Windows/Linux
Netcat
Network swiss army knife
reading from and writing to network connections using TCP or UDP. can also port scan.
cross platform
USE netcat to open a remote shell or transfer a file
IP scanners
scanless is an automated port scanner using 3rd party scanners to gather info.
ARP
ARP is basically a program used by a computer system to find another computers MAC based on its IP address. Is a protocol for mapping an IP address to a MAC address on a LAN.
cross platform, but the -a flag will show current ARP cache for each interface on windows, but the same flag shows alternate formatting for Linux.
arp /a will display the cache.
route
the route command displays or modifies the computers routing table. used to view or manipulate the IP routing table.
cross platform
cURL (client URL)
command for transferring data using various network protocols. Used to transfer data via URLs. can manually perform HTTP commands, can transfer files via FTP, FTPS, SFTP.
Linux only
theHarvester
OSINT command line tool for gathering email accounts, domains, usernames, etc.
sn1per
automated scanning tool that combines multiple tools for pen testers. highly capable, often used for pen testing.
dnsenum
Main purpose is to gather as much info as possible about a domain.
Used to find DNS servers
Nessus
vulnerability scanning tool
nmap
port scanning
cross platform
nmap vs Nessus
nmap will simply identify the port, protocol, and version of a service.
Nessus will attempt to identify whether the service is vulnerable and will provide a full report of those vulns with useful information.
Cuckoo (Sandbox)
Sandboxing is where you run code to observe and analyze it in a safe environment.
Cuckoo sandbox is an automated malware analysis tool
tcpreplay
used to resend all packets from the input file at the speed at which they were recorded, or at a specific data rate, up to as fast as the hardware is capable.
has load balancing capabilities
tcpdump
packet analyzer
default command line packet capture tool/
allows user to display TCP/IP packets being transmitted or received over the network to which the computer is attached.
cross platform
wireshark
packet analyzer
troubleshooting networks with performance issues.
tcpdump vs wireshark
wireshark is GUI based tool that catches data packets.
tcpdump is a command-line based packet capturing tool
wireshark is a broader, more sophisticated tool
