Tools & Random Stuff Flashcards

1
Q

ipconfig

A

ipconfig
Windows - config of NW interfaces

Things it can do:

  • List of all network interfaces with IP info
  • DHCP config and DNS server of interfaces

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : lmms.lmco.com
Link-local IPv6 Address . . . . . : fe80::50b0:902a:5a9f:d0cd%18
IPv4 Address. . . . . . . . . . . : 129.197.99.159
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 129.197.99.254

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ifconfig or ip

A

ifconfig or ip
linux - view and manipulate config of NW interfaces. Allows promiscuous mode

Some things it can do:

  • Displays active interfaces
  • activate/deactivate an interface
  • Assign an IP address to an interface

eth0 Link encap:Ethernet HWaddr 09:00:12:90:e3:e5
inet addr:192.168.1.29 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe70:e3f5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54071 errors:1 dropped:0 overruns:0 frame:0
TX packets:48515 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22009423 (20.9 MiB) TX bytes:25690847 (24.5 MiB)
Interrupt:10 Base address:0xd020
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:83 errors:0 dropped:0 overruns:0 frame:0
TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7766 (7.5 KiB) TX bytes:7766 (7.5 KiB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

netstat

A

netstat

  • stats for TCP/IP
  • shows incoming/outgoing connections
  • programs making connections
  • how much data is being transmitted
  • identifies listening ports

Switches

  • a: Show connections
  • n: addresses/ports of connections
  • b: executable that created connectionTCP 127.0.0.1:7766 127.0.0.1:50050 ESTABLISHED
    TCP 127.0.0.1:50050 127.0.0.1:7766 ESTABLISHED
    TCP 127.0.0.1:50094 0.0.0.0:0 LISTENING
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

tracert

A

tracert
lists routers (hops) between two systems; verify path has not changed
• Takes advantage of ICMP Time to Live Exceeded error
message
• The time in TTL refers to hops, not seconds or minutes
• TTL=1 is the first router, TTL=2 is the second router, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

arp

A

arp

view and manipulate ARP cache

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

dig

A

dig
Domain Information Groper
-Reverse lookup of IP address to determine owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Nmap

A
Nmap
-banner grabbing
• Network scanner
• Find and learn more about network devices
• Port scan
• Find devices and identify open ports
• Operating system scan
• Discover the OS without logging in to a device
• Service scan
• What service is available on a device?
Name, version, details
• Additional scripts
• Nmap Scripting Engine (NSE)
• Extend capabilities, vulnerability scans
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

netcat (nc)

A
netcat
-banner grabbimg
• “Read” or “write” to the network
• Open a port and send or receive some traffic
• Listen on a port number
• Transfer data
• Port scan 
-send data to a port
• Become a backdoor
• Run a shell from a remote device
• Other alternatives and OSes - Ncat
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

nslookup

A
nslookup
-Lookup DNS info
• Lookup names and IP addresses
-Microsoft
• Deprecated (use dig instead)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CER

A
CER
Crossover Error Rate
-Biometrics
-False Alarm Rate (FAR) = False Rejection Rate (FRR)
-The smaller the better
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Incident Response Process

A

Incident Response Process

  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Lessons Learned
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Volatility Of Data

A

Volatility Of Data

  • CPU registers, CPU cache
  • Router table, ARP cache, process table, kernel statistics, memory
  • Temporary file system
  • Disk
  • Remote logging
  • Physical configuration, network topology
  • Archival media
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

telnet

A

telnet

-banner grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly