Tools & Random Stuff Flashcards
ipconfig
ipconfig
Windows - config of NW interfaces
Things it can do:
- List of all network interfaces with IP info
- DHCP config and DNS server of interfaces
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : lmms.lmco.com
Link-local IPv6 Address . . . . . : fe80::50b0:902a:5a9f:d0cd%18
IPv4 Address. . . . . . . . . . . : 129.197.99.159
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 129.197.99.254
ifconfig or ip
ifconfig or ip
linux - view and manipulate config of NW interfaces. Allows promiscuous mode
Some things it can do:
- Displays active interfaces
- activate/deactivate an interface
- Assign an IP address to an interface
eth0 Link encap:Ethernet HWaddr 09:00:12:90:e3:e5
inet addr:192.168.1.29 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe70:e3f5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54071 errors:1 dropped:0 overruns:0 frame:0
TX packets:48515 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22009423 (20.9 MiB) TX bytes:25690847 (24.5 MiB)
Interrupt:10 Base address:0xd020
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:83 errors:0 dropped:0 overruns:0 frame:0
TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7766 (7.5 KiB) TX bytes:7766 (7.5 KiB)
netstat
netstat
- stats for TCP/IP
- shows incoming/outgoing connections
- programs making connections
- how much data is being transmitted
- identifies listening ports
Switches
- a: Show connections
- n: addresses/ports of connections
- b: executable that created connectionTCP 127.0.0.1:7766 127.0.0.1:50050 ESTABLISHED
TCP 127.0.0.1:50050 127.0.0.1:7766 ESTABLISHED
TCP 127.0.0.1:50094 0.0.0.0:0 LISTENING
tracert
tracert
lists routers (hops) between two systems; verify path has not changed
• Takes advantage of ICMP Time to Live Exceeded error
message
• The time in TTL refers to hops, not seconds or minutes
• TTL=1 is the first router, TTL=2 is the second router, etc.
arp
arp
view and manipulate ARP cache
dig
dig
Domain Information Groper
-Reverse lookup of IP address to determine owner
Nmap
Nmap -banner grabbing • Network scanner • Find and learn more about network devices • Port scan • Find devices and identify open ports • Operating system scan • Discover the OS without logging in to a device • Service scan • What service is available on a device? Name, version, details • Additional scripts • Nmap Scripting Engine (NSE) • Extend capabilities, vulnerability scans
netcat (nc)
netcat -banner grabbimg • “Read” or “write” to the network • Open a port and send or receive some traffic • Listen on a port number • Transfer data • Port scan -send data to a port • Become a backdoor • Run a shell from a remote device • Other alternatives and OSes - Ncat
nslookup
nslookup -Lookup DNS info • Lookup names and IP addresses -Microsoft • Deprecated (use dig instead)
CER
CER Crossover Error Rate -Biometrics -False Alarm Rate (FAR) = False Rejection Rate (FRR) -The smaller the better
Incident Response Process
Incident Response Process
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned
Volatility Of Data
Volatility Of Data
- CPU registers, CPU cache
- Router table, ARP cache, process table, kernel statistics, memory
- Temporary file system
- Disk
- Remote logging
- Physical configuration, network topology
- Archival media
telnet
telnet
-banner grabbing
