UNIX Commands

Question 1

Arp (UNIX)

Answer 1

can be used to display MAc address to IP address mappings
Syntax:
		arp [-a]
		arp [-n] [-i interface] -a
		arp -s hostname ether_addr [temp] [reject] [blackhole] [ifscope
		interface]
		arp -d hostname [ifscope interface]
		arp -d [-i interface] -a
		arp -f filename

• -a: displays current ARP entries in a UNIX hosts ARP table
• -n: displays network addresses as numbers instead of symbols
• -i interface: option specifies that the arp command should be limited to a specified interface
• -d: an ARP entry for a host can be deleted with this option, in combination with the “inet_addr” parameter, wildcard character of * can delete all host entries
• -s: can be used in conjunction with the “hostname” and “eth_addr”, statically adds a host entry in the ARP table
• ifscope interface: option indicates that the arp command should be limited to a specified interface
• hostname: option is the IP address of the host to be associated with a specified MAC address
• eth_addr: specifies a 48 bit MAC address
• temp: used in conjunction with the “s”, says that the static ARP entry is only temporary, as opposed to the default of being permanent
• reject: used in conjunction with “-s”, says that traffic to the destination specified in the ARP entry will be rejected, and sender will be notified host is unreachable
• blackhole: similar to reject, says that traffic to the destination specified in the static ARP entry will be rejected, sender not notified
• -f filename: allows an external file to be used to import a collection of ARP entries, entries in the external file should be in the following format: hostname ether_addr [temp] [ifscope interface]

Question 2

Ifconfig (UNIX)

Answer 2

similar to “windows ipconfig” but with different output
by itself, displays UNIX host interfaces along with configuration information (MAC addresss, max transmission unit MTU, IPv4/IPv6 address
can also configure interface parameters
Syntax:
ifconfig [interface [inet ip_addr netmask netmask]]

Question 3

Dig and nslookup (UNIX)

Answer 3

nslookup: used for a FQDN to IP address resolution
dig: also used to resolve a FQDN to IP address, entirely a command line command (lacks interactive mode of nslookup command)

Question 4

Host (UNIX)

Answer 4

another approach to resolving FQDNs to IP addresses, offers a variety of options, can return mail server information for the resolved domain as well

Question 5

Iptables (UNIX)

Answer 5

used to put rules in place for packet filering, typical criteria include packet type, packet source/destination, target
Syntax:
iptables [-t ] \

Question 6

Nmap (UNIX)

Answer 6

“network mapper”, open source and versatile tool used to explore networks, perform security scans, create network audits, and find open ports on a machine
can scan for live hosts, OS, packet filters and open oorts
Syntax:
nmap [Scan Type(s)] [Options] {target specification}

Question 7

Tcpdump (UNIX)

Answer 7

used to print out the headers of packets on a network interface that match a Boolean expressions, can run with “-w” which causes it to save the packet data to a file for later analysis, run with “-r” causing it to read from a saved packet file rather than read packets from a network interface
Syntax:
tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ] [ -C file_size ]
[ -F file ] [ -i interface ] [ -m module ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -U user ] [ -w file ]
[ -E algo:secret ] [ expression ]

Question 8

Traceroute (UNIX)

Answer 8

can help isolate which router along a path from source to destination is having issues, also can determine which segment might be causing excessive delay due to congestion based on round trip response time

Question 9

Traceroute for IPv6 (UNIX)

Answer 9

can verify IPv6 path
Syntax:
* traceroute destinationipv6addr
*traceroute6 destinationipv6addr
* traceroute -6 destinationipv6addr

Question 10

Netstat (UNIX)

Answer 10

same purposes as windows, displays various information about current connections (includes source/destinatioin IP addresses, port numbers, protocol statistics)
Syntax:
netstat [-a] [-p] [-r] [-s]

• -a: displays all of a UNIX hosts active IP based sessions, along with TCP/UDP ports of each session
• -p: shows connections for the protocol specified by the protocol, in this case tcp/udp/tcpv6/udpv6
• -r: displays a UNIX hosts routing table
• -s: displays statistical information for protocols (udp, ip/v6, icmp/v6, igmp, ipsec/v6,, rip6, pfkey

Question 11

Ping (UNIX)

Answer 11

typically used to test network reachability to a specified destination, but sends continuous pings as opposed to windows 4 pings
Syntax:
ping [-c count] [-D] [-S srcaddr] target_name

• -c count: specifies the number of pings to send
• -D: sets the “dont’ fragment” bit in packets header
• -S srcaddr: allows you to specify source IP address from which ICMP echo messages are sent
• target_name: specifies the name or IP address of the device you are sending the ICMP echo to

Question 12

Route (UNIX)

Answer 12

not used to display hosts IP routing table, but can be used to modify a UNIX host routing table
Partial Syntax:
route [-qv] [[add | delete] net network/mask gateway]

• -q: q= “quiet”, supresses any input from appearing onscreen after the route command is entered
• -v: v=”verbose”, causes additional details about the route commands execution to be shown on screen
• add: adds a route to UNIX routing table
• delete: deleted a route from UNIX routing table
• net: specifies that the next parameter is a network address
• network: specifies the network to add or remove from a UNIX hosts routing table
• mask: number of bits in a specified networks subnet mask
• gateway: option is the IP address of the gateway, which is the next hop toward the specified network