Ports

Question 1

FTP

Answer 1

TCP
21 for control
20 for file transfer

Question 2

SSH

Answer 2

TCP
22

Question 3

DNS

Answer 3

UDP
TCP 53 for zone transfer
UDP 53 for name resolution queries

Question 4

Kerberos

Answer 4

88 UDP

Question 5

POP3

Answer 5

110 TCP

Question 6

IMAP4

Answer 6

143 TCP

Question 7

POP Secure

Answer 7

995 TCP

Question 8

Secure IMAP

Answer 8

993 TCP

Question 9

SMTP

Answer 9

25 TCP

Question 10

SMTP-over-TLS

Answer 10

587 TCP

Question 11

SNMPv3

Answer 11

161, 162 UDP

Question 12

LDAP

Answer 12

389 TCP

Question 13

LDAPS

Answer 13

636 TCP

Question 14

RDP

Answer 14

3389 TCP

Question 15

NTP

Answer 15

123 UDP

Question 16

FTPS

Answer 16

989, 990 TCP

Question 17

SFTP

Answer 17

22 TCP

Question 18

IPSec

Answer 18

Uses internet key exchange (IKE) over port 500 UDP

Question 19

TFTP

Answer 19

69 UDP

Question 20

Ipconfig

Answer 20

Ipconfig /all
Ipconfig /flushdns, flush dns cache
Ipconfig /displaydns, show dns cache

Question 21

Ifconfig

Answer 21

Ifconfig -a, similar to ipconfig /all
Ifconfig eth0, show conf. eth0
Ifconfig eth0 promisc, enable promisc mode, process all traffic
Ifconfig eth0 allmulti, enable multicast mode, process all multicast traffic
Ifconfig eth0 -allmulti, disable multicase mode

Question 22

Ip (tool)

Answer 22

Ip link show, show interfaces
Ip link set eth0 up, enable eth0
Ip -s link, show network stats

Question 23

Netstat

Answer 23

Netstat -a, show all tcp udp ports being listened on
Netstat -r, show routing table
Netstat -e, show network stats
Netstat -s, show net stats for specific protocols
Netstat -n, show addresses and ports in numerical order
Netstat -p protocol, show stats on specific protocol
Netstat, show open TCP connections

You can combine options. E.g netstat -anp tcp

Question 24

Tracert

Answer 24

Windows
tracert google.com, show hops between system and Google
racert -d google.com, don’t resolve IP addresses to host names, makes command faster

Question 25

Traceroute

Answer 25

Linux
Traceroute -n google.com, don’t resolve IPs

Question 26

Pathping

Answer 26

Sends pings to hops on routes. Computes statistics depending on responses to pings.
Pathping -n google.com

If a hop has 100% packet loss. Chances are it is just blocking icmp. If it really is bad, then all other hops from that point on in the path must also be dropping 100%.

Question 27

Arp

Answer 27

Windows and Linux
Arp, help on windows, arp cache linux
Arp -a google.com, show arp cache entry for specified ip
Arp -a, show entire cache on windows

Question 28

Journalctl

Answer 28

Linux
Query linux system logging utility called journald.
Journalctl – since “1 hour ago”, show logs only in journals.
Journalctl –list-boots, show boot logs

Question 29

PTR Record

Answer 29

Pointer record
Opposite of an A record. For when client queries DNS with an IP.

Question 30

Smb

Answer 30

Tcp
139