Section 22: Network Tools and Commands

Question 1

Wireless Analyzer

Answer 1

▪ Ensures you have the proper coverage and helps prevent overlap between wireless access point coverage zones and channels

Question 2

Protocol Analyzer

Answer 2

▪ Used to capture and analyze signals and data traffic over a communication channel (WireShark)

Question 3

Packet Capturing Tool

Answer 3

▪ Used to capture packets running over a network connection in real time.
● Ethereal
● Protocol expert
● Netasyst
● Network analyzer
● Observer
● LanHound
● EtherPeek
● tcpdump
● WinDump
● PRTG network monitor
● SolarWinds
● NetworkMiner

Question 4

Internet / LAN Speed Test Software

Answer 4

Speedtest.net
LANSpeedTest - LAN
Helios Speedtest - LAN

Question 5

Port Scanner

Answer 5

NMap, SolarWinds, LAN Sweep

Question 6

iPERF

Answer 6

Maximum achievable bandwidth on an IP-based network.
Open Source with a Client and Server component.

Question 7

NetFlow Analyzer

Answer 7

Monitoring, troubleshooting, inspection, interpretation and synthesis of traffic flow data.

Question 8

TFTP Server

Answer 8

Trivial File Transfer Protocol - Used for simple file transfers and boot-loading of remote devices. Can only read files or write files.

Question 9

Terminal Emulator (PuTTY, CMDer, ZOC, Mintty. LINUX: GNOME, Konsole, xterm)

Answer 9

A host computer can access a remote computer. Use a command-line or GUI. Should SSH for added security.
(Windows: PuTTY, CMDer, ZOC, Mintty;
LINUX: GNOME, Konsole, xterm;
IOS: Iterm2, MacTerm, Kitty)

Question 10

IP Scanner

Answer 10

Search for and detect IP addresses and other information about devices on the network. (NMap, FreeIP Scanner, IP Address Manager, PRTG Network Monitor, Angry IP Scanner, Network Scanner, IP Range Scanner)

Question 11

IPConfig

Answer 11

Windows command ▪ Displays all of the current TCP/IP network configuration values and refreshes DHCP and DNS settings for a Windows client/server

Question 12

IFConfig

Answer 12

Deprecated - Command line tool used in Unix, Linux, and OS X systems to display IP address information

Question 13

IP

Answer 13

Unix, Linux, or OS X command
▪ Configures network interface parameters (Know some basic commands for exam.)
*ip [ OPTIONS ] OBJECT { COMMAND | help }
ip address - show all IP addresses associated on all network devices.
ip link - display link layer information.
ip route - the route packets your network will take as set in your routing table.
ip link set (interface) up / down - Inferface up or down.
ip monitor - monitor and displays the state of devices, addresses and routes continuously.
ip help - help to know more about ip command.

Question 14

NSLookup

Answer 14

Name Server Lookup
▪ Used to query the DNS to provide the mapping between domain names and IP addresses or other DNS records. Can be used for reconnaissance.
(Non-Interactive Mode: Type NSLookup and a domain name)
(Interactive Mode: Type NSLookup to enter the interactive shell)
▪ In Windows, use set q=mx to search for mail exchange records;
set q=CNAME for canonical names; …)
▪ In Linux, use set type=mx to search for mail exchange records

Question 15

dig

Answer 15

Domain Information Groper:
▪ Used to conduct queries against DNS nameservers for verifying and troubleshooting DNS problems and to perform DNS lookups.
▪ A command in Linux, Unix, and OS X systems by default.

Question 16

ARP

Answer 16

Address Resolution Protocol (ARP) - Finds the hardware address, (MAC) address, of a host from its known IP address.
NOTE: An ARP request is a broadcast, and an ARP response is a Unicast.

▪ Used to display and modify entries in the Address Resolution Protocol (or ARP) cache on a system
▪ An ARP entry in the cache will get deleted after 21,600 seconds (6 hours)
● arp -d (Clears arp cache-Dynamic and static)

Question 17

route

Answer 17

▪ Used to view and manipulate the IP routing table in a Windows, Linux, Unix, or OS X system

Question 18

nbtstat

Answer 18

▪ (Windows Only) Used to view the current connections and statistics for devices communicating using the NetBIOS over TCP/IP protocol

Question 19

netstat

Answer 19

Network Statistics (netstat) (Windows, Unix, Linux, OSX)
▪ Displays information for IP-based connections on a client including its current sessions, its source and destination IPs, and port numbers

Question 20

telnet

Answer 20

▪ Provides a bidirectional interactive text-oriented communication facility using a virtual terminal connection
(Both a command and a protocol. Older and unsecure. Only acceptable to use when direct connected via cable to a router or switch. Disabled by default in Windows 10. To enable: dism /online /enable-feature /featurename:telnetclient)

Question 21

tcpdump

Answer 21

▪ Allows for the display of TCP/IP and other packets being transmitted or received over a network to the client’s screen
(Not included on Windows by default.)

Question 22

nmap

Answer 22

Network Mapper (nmap) - Linux command-line tool
▪ Discovers hosts and services on a computer network by sending packets and analyzing the responses
(Good for port scanning and IP scanning, identification of rogue network devices,…)

Question 23

hostname

Answer 23

▪ Used to display the hostname portion of the full computer name for a given system

Question 24

For Exam: Network Platform (Router, Switch, Firewall,…) Commands

Answer 24

*Cisco (Know for exam)
show interface
show config
show route

*Juniper
show interfaces
show configuration
show route

*Sidewinder
cf interface (configure interface)
cf config
cf route status

Question 25

show interface

Answer 25

▪ Displays statistics for a network interface

Question 26

show config

Answer 26

▪ Displays the current system configuration

Question 27

show route (ususally use show IP route)

Answer 27

▪ Displays the information for learned routes and current state of the routing table