Chapter 11 (command-line Troubleshooting tools)

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

what can you use to show the routing table on a local or remote system?

netstat and route print commands

ifconfig

performs the same function as ipconfig, but on a Linux, UNIX, or Mac OS system. Provides much more functionality than ipconfig.

ICMP flood attack

ping attack, the attacker sends continuous ping packets to a server or network system, eventually tying up that system's resources, making it unable to respond to requests from other systems.

Nestat swithces

-e : shows NIC activity and displays the number of packets that have been both sent and recieved. -a : displays statistics for both TCP and UDP -r : often used to view a systems routing table. -s : displays a number of statistics related to the TCP/IP protocol suite.

what steps are there with troubleshooting with ping?

1. ping the IP address of your local loopback using the ping command 127.0.0.1 Means protocol suite is installed correctly. 2. Ping the assigned IP address of your local network intferace card (NIC). If successful, you know your NIC is functioning on the network, and has TCP/IP correctly installed. 3. Ping the IP address of another known good system on your local network. You can determine whether the computer you are using can other computers on the network. 4. After confirming network connectivity for the local network, verify connectivity to a remote network by sending a ping to the IP address of the default gateway. 5. If you can ping the remote gateway, you can verify remote connectivity by sending a ping to the IP address of a system on a remote network.

What do the netsat -r command and route print commands have in common?

Both show the same output

Time to Live (TTL)

Prevents circular routing, which occurs when a ping request keeps looping through a series of hosts. Counts each hop along the way toward its destination device. Each time it counts one hop, the hop is subtracted. If it reaches 0, it has expired.

What are the four headings of Netstat without any switches?

Proto: lists the protocol being used, either UDP or TCP Local Address: Specifies the local address and port being used Foreign address: Identifies the destination address and port being used State: Specifies whether the connection is established.

Common TCP/IP troubleshooting Tools

Tracert/traceroute tracert -6 traceroute6 traceroute -6 ping ping6/ping -6 pathping arp arp ping netstat iptables ipconfig ifconfig nslookup/dig tcpdump route nmap

Address Resolution Protocol(ARP)

Used to resolve IP addressess to MAC addresses. Significant because on a network, devices find each other using the IP address, but communication between devices requires the MAC address. To find the MAC address it sends out discovery packets.

Interactive mode

a command prompt that allows you to specify further queries after typing in nslookup command

nmap

a free download for windows or Linux used to scan ports on machines. Those scans can show what services are running as well as information about the target machines operating system. Can scan a range of IP addresses or just a single IP address.

loopback

a special function within the TCP/IP protocol stack that is supplied for troubleshooting purposes. Can use any number 127.x.x.x, as long as it isn't 127.0.0.0, or 127.255.255.255. Can also ping the hostname, localhost.

nslookup

a utility used to troubleshoot DNS-related problems. Can run manual name resolution queries against DNS servers, get information about your DNS configuration, or specify what kind of DNS record should be resolved. Displays the current hostname and the IP address of locally configured DNS server.

netstat command

displays the protocol statistics and current TCP/IP connections on the local system. Used without any switches the netstat command shows the active connections for all outbound TCP/IP connections.

ARP ping

does not use the ICMP to test connectivity, it uses ARP protocol. It is not routable, and the arp ping cannont be routed to work over separate networks. Works only on local subnet. Specifies an IP address; responds with the MAC address and name of the computer system. Can directly ping a MAC address.

Ping

basic function of the command is to test the connectivity between two devices on the network. Designed to determine whether the two computers can see each other and to notify you of how long the round trip takes to complete. Works by sending ICMP echo request messages to another device on the network. If other device on the network hears the request, it automatically repsonds with an ICMP echo reply. Sends four data packets on windows based machine Most widely used of all network tools; primarily used to verify connectivty between two network devices.

pathping

combines the features of ping and tracert.

Tcpdump

command used in LINUX/Unix systems to print the contents of network packets. It can read packets from a network interface card or from a previously created saved packet file and write packets to either standard output or a file.

ipconfig

shows basic information, such as the name of the local network interface, the IP address, the subnet mask, and the default gateway.

Unknown host error

this message is generated when the hostname of the destination computer cannot be resolved. This error usually occurs when you ping an incorrect hostname, or try to use ping with a hostname when hostname resolution is not configured.

Trace route(tracet/traceroute)

trace the route between hosts. Does this by using ICMP echo packets to report information at every step in the journey. Provides information such as the IP address of every router connection it passes through, the name of the router. Also reports the lenght, in milliseconds, of the round trip the packet made from the source location to the router and back. Can help where the network bottlenecks or breakdowns might be.

dig

used on Linux,UNIX, and Mac OS systems to perform manual DNS lookups. Performs the same basic task as nslookup, but with one major distinction. Does not have a interactive mode, uses command line only switcehs. Considered more powerful then nslookup

iptables

used to configure the firewall in Linux. Requires elevated privileges.

Route utility

very handy tool; you can display and modify the routing table on Windows and Linux systems. Shows output from a route print command on a Windows system.


Ensembles d'études connexes

64 C'est pas sorcier -chien aveugle

View Set

12 Quick Check - What is Logistics?

View Set

Saunders NCLEX-PN: Fundamentals - Culture and Health Promotion Practice Questions

View Set

Exam 1 Money banking and financial securities

View Set

(7) (Stroud) Media Use and Political Predispositions: Revisiting the Concept of Selective Exposure

View Set

chapter 32 study guide questions (drugs affecting coagulation)

View Set