Comptia Network+ N10-008 Todd Lammle Chapter 25 Network Tools and Commands

Throughput tester/bandwidth speed tester

What tool would you use to verify a complaint about a slow network?

A. The ipconfig /all switch will display the most complete listing of TCP/IP configuration information, also displaying the MAC address, DHCP lease times, and the DNS addresses.

Which ipconfig switch will display the most complete listing of IP configuration information for a station? A. /all B. /renew C. /release D. /?

A. Theo netstat -a command will display all connections and listening ports on the host computer. Remember that the -a must be lowercase and that it will not work correctly without the hyphen before it.

Which netstat utility switch displays all connections and listening ports? A. -a B. -f C. -p D. -t

C. The command ip was added to most Linux distributions and is replacing the depreciated ifconfig command.

Which new Linux command was added recently to configure IP and interface parameters? A. nbtstat B. ipconfig C. ip D. ifconfig

ifconfig can include address's of interfaces to specify the interface you want to extract TCP/IP information from but when left out it will report on all configured interfaces.

What's a big difference between ifconfig command compared to ipconfig command?

ARP cache MAC address lookup table ARP broadcast

When a TCP/IP device needs to forward a packet to a device on the local subnet, it first looks in its own table, called an _____________ or ______________________, for an association between the known IP address of the destination device on the local subnet and that same device's MAC address. The cache is called that because the contents are periodically weeded out. If no association that includes the destination IP address can be found, the device will then send out an ________________ that includes its own MAC and IP information as well as the IP address of the target device and a blank MAC address field, as the whole goal of the operation is it find the MAC address in that blank field.

Wi-Fi analyzers

When deploying and troubleshooting wireless networks, you must have some way to determine signal levels, noise readings, SSIDs, and interference to resolve most Wi-Fi related issues. __________________ can gather valuable information so you can see what is healthy and what is not. They can see the Wi-Fi coverage in an area and use that information for optimal access-point placement to get complete coverage and avoid dead spots. Many vendors now have one built into access points and client software running on your laptop and a wireless controller can also do the job of one.

DHCP Discover DHCP offer DHCP Request DHCP Ack

When using a protocol analyzer to examine traffic of a host interacting with a DHCP server to be assigned an IP address, or when the host is using commands 'ipconfig /release' then 'ipconfig /renew', what four kinds of packets should be found by the protocol analyzer?

A, D. The arp utility's -a and -g switches perform the same function. They both show the current ARP cache.

Which of the following arp utility switches perform the same function? (Choose all that apply.) A. -g B. -A C. -d D. -a

Trivial File Transfer Protocol (TFTP)

A _________________ server is a small application that is available from a wide variety of developers as freeware for Windows and Linux computers. All that is needed is to run the server on your local machine and point its source directory to the location of the file to upload. Then from the network device, specify the IP address of the server and the name of the file you want to upload. It is designed to be a simple, effective, and fast method to upload code to a network device.

port scanner

A __________________ is a software tool designed to search a host for open ports.

Flow Exporter

A ____________________ is a network device such as a router that monitors traffic flowing in and out of an interface and exports not the complete packet but a summary of its contents to a flow collector. A flow collector is a server on the network that receives the flows from multiple exporters and consolidates the NetFlow data in a centralized storage location.

B. The tracert utility will give you that output. The tracert command (or trace for short) traces the route from the source IP host to the destination host.

A. arp B. tracert C. nbtstat D. netstat

B. The purpose of the ping utility is to test the communications channel between two IP hosts as well as how long it takes the packets to get from one host to another.

ANSWER THE ABOVE A. tracert B. ping C. WINS D. ipconfig

pathping

An alternative to the tracert command that summarizes the TCP/UDP route taken with more packet details like individual hop's RTT, lost/sent packets to and from the source, and more detailed address names.

route

Displays and modifies the entries in the local IP routing table. If used without parameters, _____________ displays help at the command prompt.

routing loop

If you are running traceroute and see repeating addresses and TTL time-outs, you probably have a ___________________.

Internet Control Message Protocol (ICMP)

If you ping any station that has an IP address, the _____________ that's part of that particular host's TCP/IP stack will respond to the request.

Network Basic Input/Output System (NetBIOS) nbtstat

Microsoft Windows uses an interface called _________________________, which relates names with workstations and is an upper-layer interface that requires a transport protocol—usually TCP/IP, and IPv6 can be used as well. Deploying the ______________ utility will achieve these three important things: track NetBIOS over TCP/IP statistics, show the details of incoming and outgoing NetBIOS over TCP/IP connections, and resolve NetBIOS names

ip

Now overshadowing the ifconfig command on Linux, the _______________ command allows you to find out what interfaces are configured on the computer, view and configure their IP values, take an interface up or down, configure routing, display network status information, view and configure multicast values, view the ARP table, add or remove static routes, and view the host's routing table.

ping

The ____________ utility is the most basic TCP/IP utility, and it's included with most TCP/IP stacks for most platforms. In most cases, it is a command-line utility, although there are many GUI implementations available. You use the utility for two primary purposes: to found out if a host is responding or to find out if you can reach a host.

tcpdump

The ____________ utility is used to read either packets captured live from a network or packets that have been saved to a file. Although there is a Windows version called windump, it only works on Unix-like operating systems. It can be used to capture traffic on all or a particular interface and filter by source or destination traffic.

iptables

The ________________ firewall utility is built for the Linux operating system. It is a command-line utility that uses what are called chains to allow or disallow traffic. When traffic arrives, it looks for a rule that addresses that traffic type, and if none exists, it will enforce the default rule.

ARP table

The ________________ in Windows includes a list of TCP/IP addresses and their associated physical (MAC) addresses. It is cached in memory so that Windows doesn't have to perform ARP lookups for frequently accessed TCP/IP addresses like those of servers and default gateways. Each entry contains an IP address and a MAC address plus a value for TTL that determines how long each entry will remain in the there.

NetFlow

The _________________ protocol allows for the viewing and analysis of application-level traffic across an interface. It is a step above SNMP in that it looks at the actual conversations taking place on your network and, based on that information, allows you to gain deep visibility of what traffic is moving across your network. It collects source and destination addresses, application information, and quality of service (QoS) data and is very helpful in troubleshooting causes of networking problems.

Address Resolution Protocol (ARP)

The ____________________ is part of the TCP/IP protocol stack. It's used to translate TCP/IP addresses to MAC addresses using broadcasts. Also, understand that it is used by IP to determine the MAC address of a device that exists on the same subnet as the requesting device.

ipconfig ifconfig/ip ipconfig /all

The utilities known as _______________ (in Windows) and _________________ (in Unix/Linux/Mac) will display the current configuration of TCP/IP on a given workstation—including the current IP address, DNS configuration, configuration, and default gateway. With the new Mac, Windows 10, and Windows Server 2019 operating systems, you can now see the IPv6 configuration because IPv6 is enabled by default. And just in case the command doesn't provide enough information for you, try the _____________ command.

Bandwidth Speed Testers

These devices, typically software based, work much like protocol analyzers in that they measure the traffic seen on the network and can also classify the types of traffic that are eating up bandwidth. This software is installed on a server and also on a client.

port scan

To _______________ means to scan for TCP and UDP open ports on a single target host either to legitimately connect to and use its services for business and/or personal reasons or to find and connect to those ports and subsequently attack the host and steal or manipulate it for nefarious reasons.

To found out if a host is responding To find out if you can reach a host

What are the two primary purposes for the Ping command?

traceroute or tracert

What command can you type from a command prompt to see the hops a packet takes to get to a destination host?

ping6

What command do you use to ping an ipv6 address on a Mac device?

ipconfig /renew ipconfig /release

When you change networks, you need to get the IP address of that subnet and/or virtual LAN (VLAN). Windows 10 works most of the time without doing anything, but sometimes you do have to renew the IP configuration when changing networks. To do this just type ______________ from a command prompt, and if you're connected to a DHCP server that's available, you'll then magically receive an IP address. If that doesn't work, you will need to use the command ________________ to flush current DHCP TCP/IP information from the host. These commands might require elevation on your network to execute.

nslookup

When you're inside this utility, the command prompt will change to a short input of just an '>' symbol and It will also display the name and IP address of the default DNS server you will be querying. The command to start this process is ____________________. It's primary job is to tell you the many different features of a particular domain name, the names of the servers that serve it, and how they're configured.

C. The program Packet Internet Groper (ping) is used to find out if a host has the IP stack initialized.

Which TCP/IP utility is most often used to test whether an IP host is up and functional? A. ftp B. telnet C. ping D. netstat

A. The arp utility is used to display the contents of the ARP cache, which tracks the resolution of IP addresses to physical (MAC) addresses and will produce the displayed output.

Which TCP/IP utility will produce the following result? Interface: 199.102.30.152 Internet Address 199.102.30.152 Physical Address A0-ee-00-5b-0e-ac Type dynamic A. arp B. netstat C. tracert D. nbtstat

E. The telnet utility can be used to test if a particular IP host is responding on a particular TCP port by running the telnet command and specifying a port number.

Which Windows TCP/IP utility could you use to find out whether a server is responding on TCP port 21? A. tcp B. port C. ping D. netstat E. telnet

route print

Which Windows command will show you the routing table of your host or server?

A. Microsoft has made what it calls Remote Desktop software available for free with Windows products since Windows NT. When this software is installed (installed by default in later versions) on both source and destination computers, a remote desktop connection can be made.

Which Windows utility can you use to connect to a machine 50 miles away to troubleshoot? A. Remote Desktop B. netstat C. arp D. Wireshark

C. The arp -a command will display the current contents of the ARP cache on the local workstation.

Which arp command can you use to display the currently cached ARP entries? A. arp B. arp -all C. arp -a D. ipconfig -arp E. arp -ipconfig

A. To capture traffic on all interfaces, use the any keyword with the -i (interface) switch.

Which command captures traffic on all interfaces? A. tcpdump -i any B. tcpdump -i eth0 C. tcpdump host 192.168.5.5 D. tcpdump host all

C. dig is an old Unix command that will show you DNS server information.

Which command-line tool would best be used to verify DNS functionality in Linux? A. netstat B. nbtstat C. dig D. icmp E. arp

B. There are three different chain types: Input: Controls behavior for incoming connections Forward: Used for incoming connections that aren't being delivered locally (like a router would receive) Output: Used for outgoing connections

Which of the following is not a chain type used by iptables? A. Forward B. Backward C. Input D. Output

B, D. The address 127.0.0.1 is the special IP address designated for the local TCP/IP interface. The hostname localhost is the hostname given to the local interface. Therefore, pinging either the IP address or the hostname for the local interface will tell you whether the local interface is working.

Which ping commands will verify that your local TCP/IP interface is working? (Choose all that apply.) A. ping 204.153.163.2 B. ping 127.0.0.1 C. ping localif D. ping localhost E. ping iphost

C. The ipconfig /all utility will display the current configuration of TCP/IP on a given workstation—including the current IP address, DNS configuration, WINS configuration, and default gateway.

Which utility can you use to find the MAC and TCP/IP addresses of your Windows workstation? A. ping B. ipconfig C. ipconfig /all D. tracert E. telnet

C. The tracert utility returns the names and addresses of all routers through which a packet passes on its way to a destination host.

Which utility will display a list of all the routers that a packet passes through on the way to an IP destination? A. netstat B. nbtstat C. tracert D. ping E. arp

B. Commercial sniffers like Wireshark and Omnipeek can capture any packets because they set the NIC to operate in promiscuous mode, which means the NIC processes all packets that it sees.

Wireshark is an example of a ___________________ . A. Throughput tester B. Protocol analyzer C. Remote connection tool D. IDS

C. The tracert utility will tell you which router is having the performance problem and how long it takes to move between each host. Tracert can be used to locate problem areas in a network.

You are the network administrator. A user calls you complaining that the performance of the intranet web server is sluggish. When you try to ping the server, it takes several seconds for the server to respond. You suspect that the problem is related to a router that is seriously overloaded. Which workstation utility could you use to find out which router is causing this problem? A. netstat B. nbtstat C. tracert D. ping E. arp

route

You need to add a route to your Windows server's routing table. What command will you use?

nslookup

You need to check your name-resolution information on your host. What command will you type from the command prompt?

C. The arp utility will show you the resolved MAC to IP address of all hosts on your network segment. Remember, this will work for only local hosts, not remote hosts.

You need to find a NIC's specific MAC address and IP address. Which command-line tool can you use to find this information without physically going to the computer? A. ping B. nbtstat C. arp D. netstat E. ftp

Telnet

You need to log in as a dumb terminal to a server or Unix host and run programs. What application will you use?

ipconfig /all

You need your IP address, subnet mask, default gateway, and DNS information. What command will you type from a Windows command prompt?

ifconfig

You want the IP configuration on a Unix host. What command will you type at the command prompt?

FTP

You want to log in to a server and transfer files. What application will you use?

netstat -n

You want to use netstat, but you want to see only the IP address, not the names of the hosts. Which modifier will you use?

Telnet

______________ is a virtual terminal protocol utility that allows you to make connections to remote devices, gather information, and run programs. It was originally developed to open terminal sessions from remote Unix workstations to Unix servers. Although it's still used for that purpose, we now use it as a troubleshooting tool as well. In today's Windows environments, it is a basic command-line tool for testing TCP connections.

netstat

______________ is a way to check out the inbound and outbound TCP/IP connections on your machine. You can also use it to view packet statistics like how many packets have been sent and received, the number of errors, and so on. When used without any options, it shows all the outbound TCP/IP connections. This utility is a great tool to use to determine the status of outbound web connections.

Traceroute tracert

________________ displays the path a packet takes to get to a remote device by using something we call IP packet time to live (TTL) time-outs and Internet Control Message Protocol (ICMP) error messages. In Windows command prompt, type ______________, a space, and the Domain Name Service (DNS) name or IP address of the host machine to which you want to find the route. The command utility will respond with a list of all the DNS names and IP addresses of the routers that the packet is passing through on its way. It uses TTL to indicate the time it takes for each attempt.

Port Sweeping

________________ means scanning multiple hosts on a network for a specific listening TCP or UDP port, like SQL.

Nmap

_________________ is one of the most popular port scanning tools used today. After performing scans with certain flags set in the scan packets, security analysts can make certain assumptions based on the responses received. These flags are used to control the TCP connection process and so are present only in TCP packets. Normally flags are "turned on" because of the normal TCP process, but hackers can craft packets to check the flags they want to check. These "flags" represent the TCP processes with different values in the TCP packet header.

Dynamic ARP table entries

__________________ are created whenever the Windows TCP/IP stack performs an ARP lookup but the MAC address isn't found in the ARP table. When the MAC address of the requested IP address is finally found, or resolved, that information is then added into the ARP table.

File Transfer Protocol (FTP)

__________________ is a subset of TCP/IP and that it is used for the transfer of files. In recent years, it has become a cross-platform protocol for transferring files. Almost every client and server platform has implemented it and Windows is no exception. Its TCP/IP stack comes with a command-line utility.

IP Scanners

___________________ can tell you what IP addresses are active and what they are "listening for." All IP applications have an associated port number that is open for incoming connections. They can be used for network mapping by listing all of the active IP addresses in each subnet and what applications are running on them. There are many commercial and open-source versions available on the market. Many have advanced features such as listing bugs and vulnerabilities of a scanned device and providing information on remediation.

Protocol analyzers

___________________, also called sniffers or network monitors, are used to capture packets in their raw format as they cross the network. The Network Monitor tool that comes with these operating systems will capture only packets that are sourced from or destined to the computer on which the tool is running. Commercial sniffers like Wireshark and Omnipeek can capture any packets because they set the NIC to operate in promiscuous mode, which means the NIC processes all packets that it sees.

Static ARP table entries

_____________________ serve the same function as dynamic entries but are made manually using the arp utility.

Mtr, or My traceroute

_____________________, is a computer program that combines the functions of the traceroute and ping utilities in a single network diagnostic tool. It also adds round-trip time and packet loss to the output and probes routers on the route path by limiting the number of hops individual packets are allowed to traverse and listening to news of their termination. It is great if you have Linux or Unix, but by default, it's not installed on Windows devices. Third-party applications of it are available to install on Windows, but Microsoft did respond with its own version of it—it's called pathping