Chapter 10 Command-line Tools
When in interacive mode with nslookup, what else is needed to complete the command?
After nslookup, parameters are needed.. example; >nslookup >cbtnuggets.com >? (to display helpful commands)
What are typical criteria you can specify with iptables?
Packet type // Specifies the type of packets the command filters Packet source/destination // Specifies which packets the command filtered based on the source or destination of the packet Target // Specifies which action is taken on packets matching preceding criteria
What is tracert?
Pings every router hop from the source to the destination and reports the round-trip for each router hop
What does tcpdump do?
Print out the headers of packets on a network interface that match a Boolean expression
What is the command to leave the man pages?
Q
What is nslookup?
Resolve an FQDN to an IP address
What does netstat do in UNIX?
Serves the same basic purpose of the Windows netstsat command, which is display various info about current connections
What does pathping do?
Shows the amount of packet loss at any given router so you can identify the routers that might be causing the path.
What protocol does ping use?
ICMP/internet control message protocol) // layer 4
What are the netstat parameters; -a -b -e -f -p proto -r -s
-a // Displays all of a PC's active IP-based sessions, along with TCP/UDP ports of each session -b // Shows you the names of the program that opened up a session -e // Shows statistics info for an interface's IP-based traffic, such as the number of bytes sent and received -f // Displays fully qualified domain names (FQDN) of destination addresses appearing in a listing of active sessions -p proto // Displays connections for a specific protocol, ex; imp, icmpv6, ip, ipv6... -r // Displays a PC's IP routing table -s // Displays statistical info for the following protocols; icmpv4 and 6, ipv4 and 6, tcpv4 and 6, updv4 and 6
What are the parameters for netstat with UNIX? -a -b -r -s
-a // Displays all of a UNIX host's active IP based sessions, along with the TCP/UDP ports of each session -b // Shows you the names of the program that opened up a session -r // Displays a UNIX host's IP routing table -s // Displays statistical info for protocols such as udp, ip, icmp, igmp, ipsec, ip6, icmp6, ipsec6, rip6, and pfkey.
What are the UNIX arp command parameters? -a -n -i interface -d -s ifscope interface hostname eta_addr temp reject blackhole -f filename
-a // Displays current ARP entries in UNIX host's ARP table -n // Displays network addresses as numbers instead of symbols -i interface // Specifies that the ARP command should be limited to a specified interface -d // An ARP entry for a host can be deleted w/ this option, in combination with the net_addr parameter. * can delete all host entries -s // Used in conjunction w/ the host-name and eth_addr parameters, statically adds a host entry in the ARP table ifscope interface // Indicates that the ARP command should be limited to a specified interface hostname // The IP address of the host to be associated w/ a specified MAC address eta_addr // Specifies a 48-bit MAC address temp // Used w/ -s option, the temp option says that the static ARP entry is only temp, as opposed to permanent reject // Used w/ the -s option, it says that traffic to the destination specified in the static ARP entry will be rejected, however sender will be notified blackhole // Traffic to the destination specified in the static ARP entry will be rejected, however sender not notified. -f filename // Allows an external file to be used to import ARP entries
What are the parameters for Windows ARP command; -a or -g -v inet_addr -N or if_addr -d -s eta_addr if_addr
-a or -g // Display current entires in a PC's ARP table -v // V=verbose, includes any invalid and loopback interface entries in an ARP table inet_addr // This option is a specific IP address -N if_addr // Shows ARP entries learned for a specified network -d // An Arp entry for a host can be deleted with this option -s // Used in conjunction with the int_addr and ethic_addr parameters, statically adds a host entry in the ARP table eta_addr // A 48-bit MAC address if_addr // If a host has multiple interfaces, an ARP entry might be associated with a specific interface. Only used for statically adding or deleting an ARP entry to or from a specific interface
What are the nbstat parameters; -a -A -c -n -r -R -S
-a remote_name // Allows you to see the NetBIOS table of a remote PC with a NetBIOS name as specified by the remote_name argument -A ip_address // Allows you to see the NetBIOS table of a remote PC with an IP address as specified by the ip_address argument -c // Displays contents of a PC's NetBIOS name cache along with the IP addresses corresponding to those NetBIOS names -n // Displays NetBIOS names that have been registered by an app, such as a server app -r // Shows statistical NetBIOS info, such as the number NetBIOS names resolved by broadcasting and the number of NetBIOS names resolved by a WINS server -R // Purses a PC's NetBIOS cache and reloads entries from a PC's LMHOSTS file. -S // Provides a listing of the BetBIOS session table, along with the IP addresses of the listed NetBIOS names
What are the ping parameters of UNIX? -c count -D -S srcaddr target_name
-c count // Specifies the number of pings to send -D // Sets the 'don't fragment' bit in a packet's header, so if the packet tries to cross a router that attempts to fragment the packet, it is dropped and an ICMP error message is returned -S srcaddr // Allows you to specify the source IP address from which the ICMP echo messages should be sent target_name // Specifies the name or the IP address of the device to which you are sending ICMP echo messages
What are the parameters for the route command? -f -p command destination mask net mask gateway metric metric if interface
-f // clears gateway entries from the routing table. -p // Used with the 'add' command to make a statically configured route persistent. command // Supported commands include; print, add, delete, and change destination // Specifies the destination host or subnet to add to a PC's routing table mask net mask // Used in conjunction with the destination option, specifies the subnet mask of the destination gateway // Specifies the IP address of the next hop router used to reach the specified destination metric metric // Specifies the cost to reach a specified destination if interface // Used to forward traffic to a specified destination out of a specific interface
What are the parameters with pathping? -g host-list -h maximum_hops -I address -n -p period -q num_queries -w timeout -4 -6
-g host-list // Loose source route along host-list. Permits you to specify a set of destinations the packet must visit in transit -h maximum_hops // Max numbers of hops to search for target -i address // Use the specified source address -n // Do not resolve addresses to hostnames -p period // Wait period milliseconds between pings -q num_queries // Number of queries per hop -w timeout // Wait timeout milliseconds for each reply -4 // Force using IPv4 -6 // Force using IPv6
What parameters are used with the UNIX route command? -q -v add | delete net network mask gateway
-q // stands for 'quiet', suppresses any output from appearing on screen after the route command -v // stands for 'verbose', causes additional details about the route command's execution to be shown onscreen add | delete // add or delete a UNIX host's routing table net // Specifies that the next parameter is a network address network // Specifies the network to add/remote from a UNIX host's routing table mask // Number of bits in a specified network's subnet mask gateway // IP address of the gateway, which is the next hop toward the specified network
What are the parameters with the ping command? -t -n count -f -i TTL -S srcaddr target_name
-t // repeatedly sends pings until Ctrl+C is issued -n count // Specifies the number of pings to send -f // Sets the "don't fragment" bit in a packet's header. If a router attempts to fragment the packet, it is dropped and an ICMP message is returned -i TTL // Sets the TTL value in a packet's header. TTL is decremented for each router hop. Discarded once it hits 0/zero -S srcaddr // The PC from which you are issuing the ping command has more than one IP address, this option allows you to specific the source IP address from which the ICMP echo messages should be sent. target_name // Specifies the name or the IP address of the device to which you are sending ICMP echo messages
What are some of the parameters you can use with tcpdump? -w flag -r flag
-w flag // causes it to save the packet data to a file for later analysis -r flag // causes it to read from a saved packet file rather than to read packets from a network interface
What are some of the ipconfig parameters?
/all /renew /release /renew6 /release6
When using the nslookup command in noninteractive mode followed by an FQDN, does what?
Display the IP address corresponding to the FQDN.
What does the route command display?
Display's a PC's current IP routing table
What is nbtstat?
Displays NetBIOS info for IP based networks.
When using UNIX, what does the ifconfig command do?
Displays a UNIX host's interfaces along with configuration info about those interfaces, including MAC address, maximum transmission unit (MTU), IPv4 and 6 address info
What does the ipconfig do?
Displays the IP address configuration parameters on a Windows PC. If using DHCP, it is also able to release and renew a DHCP lease
What is netstat?
Displays various information about IP-based connections on a PC
What does the traceroute in UNIX do?
Help isolate which router hop along the path from a source device to a destination device is having issues
What is another approach to resolving FQDN's to IP addresses?
Host command
What does the UNIX route command do?
It can be used to modify a UNIX host's IP routing table. It can also add/delete IP routes from a UNIX host's routing table
The netstat command alone does what?
Lists source and destination IP address and port numbers for all IP-based sessions
Does a failed response from a tracert mean an issue with the router-configuration?
No, some routers are configured to not respond to ICMP requests, which is what a tracert does.
To verify that a PC is successfully resolving NetBIOS names, either by using a broadcast or from a WINS server, which command works?
nbstat -r
What is the ping command?
To check IP connectivity between two network devices
What are iptables used for?
To put rules in place for packet filtering
What does the ARP command do?
To see what Layer 2 MAC address corresponds to as a known Layer 3 IP address.
The ifconfig command can also configure interface parameters, TRUE or FALSE
True, an interface's IP address can be configured w/ the ifconfig command
What does the UNIX ping command do?
Typically used to test network reachability to a specified destination
What does the nmap command do?
Used to explore networks, perform security scans, create network audits, and find open ports on remote machines
What are the ARP commands?
arp -s inet_addr eth_addr [if_addr] arp -d inet_addr [if_addr] arp -a [inet_addr] [-N if_addr] [-v]
What is dig and nslookup when used in UNIX?
dig=can similarly be used to resolve FQDNs to IP addresses nslookup=Which can also be used for FQDN-to-IP-address resolution
If you wanted to configure en0 with an IP and net mask, how would you input the command? ip - 192.168.1.26 subnet - 255.255.255.0
ifconfig en0 inet 192.168.1.26 net mask 255.255.255.0
When using UNIX, what is the command to get detailed information, for example from ARP...?
man arp
What is the command to view the NetBIOS table of a remote PC?
nbstat -a
What command allows you to view a PC's NetBIOS name cache?
nbstat -c
To add a route, which command is used?
route add example: route add 10.2.1..0 mask 255.255.255.0 192.168.1.0
To delete a route, which command is used?
route delete example: route delete 10.2.1..0 mask 255.255.255.0 192.168.1.0
