Tools of the trade

Question 1

What does the arp -a command show?

Answer 1

Shows all cached IP address/mac addresses used

Question 2

What does Nmap do?

Answer 2

Scans network and looks at every IP to see what’s being used - used in command prompt

Question 3

What is NMS

Answer 3

Network Management Station

Software for managing and configuring SNMP devices

Question 4

TCP dump for linux is used for what?

Answer 4

Sniffing and collecting info on all incoming and outgoing packets

Question 5

Netstat -n

Answer 5

Shows who I am talking to

Question 6

SNMP uses what ports?

Answer 6

UDP port 161 or port 10161 when using TLS(transport layer security)

Question 7

What are centralized logs?

Answer 7

Logs kept on a central server.

Can use SNMP

Question 8

Log data should have all of the following…

Answer 8

Date, time, process/source, account, event number, event description

Question 9

What are 3 types of logs?

Answer 9

Event
Security
Audit

Question 10

What are two types of events?

Answer 10

Network

Non-network

Question 11

What is SNMP?

Answer 11

Simple Network Management Protocol

SNMP managed devices run an agent that talks with a NMS

Question 12

What does the nslookup command show?

Answer 12

Query’s the dns server

Question 13

SNMPwalk

Answer 13

One command sends many “gets” at once

Question 14

What is the ipconfig command in linux?

Answer 14

ip addr

Question 15

SNMP term - Get

Answer 15

Sending query to device

Question 16

SNMP term - Trap

Answer 16

Sends reply to NMS automatically when it hits certain values

Question 17

What is Zenmap?

Answer 17

Its a graphical user interface version of Nmap to make it easier to read

Question 18

Ping -t in windows

Ping in linux

Answer 18

Will keep pinging until you stop it

Question 19

What does the dig command show in linux?

Ex: dig www.google.com

Answer 19

Shows server and cached info

Question 20

What are decentralized logs?

Answer 20

Logs on a local machine

Question 21

Wireshark allows us to filter the data by…

Answer 21

Services and protocols

Question 22

What does sudo netcat -L 231 do?

Answer 22

Opens up port 231 as a listening port

-Used for pentesting and aggresive use

Question 23

What two functions does a protocol analyzer have?

Answer 23

Sniffing and analyzing the data

Question 24

What does the netstat command show?

Answer 24

Shows all connections and ports

Question 25

Netstat -a

Answer 25

Shows who is talking to me

Question 26

What does the tracert command show?

Answer 26

Shows routers form you computer to whatever you want

ex: tracert www.google.com
- will show every connection you have until you reach google, generally the first two lines are in house

Question 27

ARP

Answer 27

Address Resolution Protocol

Question 28

MaaS

Monitoring as a Service - is what?

Answer 28

3rd party company that keeps logs for you.

Question 29

Network scans can be done to detect what?

Answer 29

Open ports, protocols, hardware and rogue systems

Question 30

SNMP term - MIB

Answer 30

Management Information Base

Question 31

SNMP community

Answer 31

Is an organization of managed devices

-This could be setup manually to separate devices in different buildings or floors for example.