Network+ 5.2
common platform enumeration (CPE)
Nmap comes with a database of applications & version fingerprint signatures, classified using a standard syntax called ____ unmatched responses can be submitted to a web URL for analysis by the community
attenuation, signal strength
although fiber optic cable does not suffer from _____ in the same way as copper cable or to the same extent, there will be some loss of ____ from one end of the connection to the other this is due to microscopic imperfections in the structure of the glass fiber & in the smoothness of the edge of the core, leading to some small fraction of the light within the core being scattered or absorbed
split pair
another potential cable wiring fault is a ____ this is where both ends of a single wire in one pair are wired to terminals belonging to a different pair this is generally the kind of functionality associated with a cable tester or certifier
Nmap
as well as port scanning, ____ is used to discover hosts & map out the network topology ____ can use diverse methods of host discovery, some of which can operate stealthily & serve to defeat security mechanisms such as firewalls & intrusion detection the basic syntax of an ____ command is to give the IP subnet (or IP address) to scan
light meter
attenuation can be tested using an optical source & optical power meter (or _____), which may be purchased together as a fiber testing kit
firewalls
be aware that ICMP traffic is often blocked by ____, making a response such as "Request timed out." inevitable
punchdown tool
fixed cable is terminated using a ____ these tools fixed conductors into an Insulation Displacement Connector (IDC). there are different IDC formats (66 block, 110 block, & Krone), & these require different blades many ____s have replaceable blades (blades are double-sided; one sides pushes the wire into the terminal while the other side cuts the excess)
optical time domain reflectometer (OTDR)
if a break is identified in an installed cable, the location of the break can be found using an _____ this sends light pulses down the cable & times how long it takes for any reflections to bounce back from the break a broken cable will need to be repaired (spliced) or replaced
multimeter
if a dedicated cable tester or certifier device is not available, a _____ can be used to check physical connectivity the primary purpose of a _____ is for testing electrical circuits, but they can test for the continuity of any sort of copper wire, the existence of a short, & the integrity of a terminator
destination host unreachable & no reply (request timed out)
if ping is unsuccessful, one of two messages are commonly received. what are they?
distribution system, range extender
if you cannot extend the _____ (cabled network) to support an additional access point, you will need to configure a wireless bridge or use a _____
crossover, straight-through
if you have problems with a patch cord, check that it has not been wired for ____, rather than ____ use
iptables -A OUTPUT -p icmp -s [IP address] -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p icmp -s 0/0 -d [IP address] -m state --state ESTABLISHED,RELATED -j ACCEPT
if you want to allow the local host (10.1.0.254) to ping other hosts (on any network, or 0/0), you must also enable a matching rule on the INPUT table to allow the remote hosts to reply to the probes:
-sn, -sP
if you want to perform only host discovery, you can use Nmap with the ____ switch (or ____ in earlier versions) to suppress the port scan
route print
in Windows, to show the routing table, run ____
nslookup
in a Windows environment, you can troubleshoot DNS with the ____ command, either interactively or from the command prompt if ____ is run without any arguments (ow just with the argument -Server), the tool is started in interactive mode
OUTPUT
in iptables, what is the chain for outgoing connections? for example, if you try to ping an FQDN such as comptia.org, iptables will check its ____ chain to see what the rules are regarding ping and comptia.org (or the IP address that comptia.org resolves to) before deciding to allow or deny the connection attempt
INPUT
in iptables, what is the chain that affects incoming connections? for example, if a user attempts to SSH into the Linux server, iptables will attempt to match the IP address and port to a rule in the ____ chain
FORWARD
in iptables, what is the chain used for connections that are passing through the serve, rather than being delivered locally? unless the Linux system is performing routing, NATing, or something else similar on the system that requires ____ing, this chain will not be used
and (&&) or (||) not (!)
in tcpdump, filter expressions can be combined by using what three Boolean operators?
electromagnetic interference (EMI)
interference from a powerful radio or electromagnetic source working in the same frequency band, such as a Bluetooth device, cordless phone, or microwave oven ____ can be detected by using a spectrum analyzer
/flushdns
ipconfig ____ clears the DNS resolver cache
/all displays
ipconfig ____ displays complete TCP/IP configuration parameters for each interface to which TCP/IP is bound, including whether DHCP is enabled for the interface & the interface's hardware (MAC) address
/displaydns
ipconfig ____ displays the DNS resolver cache
/renew
ipconfig ____ interface forces a DHCP client to renew the lease it has for an IP address
/release
ipconfig ____ interface releases the IP address obtained from a DHCP Server so that the interface(s) will no longer have an IP address
/registerdns
ipconfig ____ registers the host with a DNS server (if it supports dynamic updates)
cable testers
more advanced ____ provide detailed information on the physical & electrical properties of the cable _____ test & report on cable conditions, crosstalk, attenuation, noise, resistance, & other characteristics of a cable run
protocol analyzer
most Ethernet adapters & drivers support the function of a _____ working in promiscuous mode
host-based packet sniffers
most ____ can make a network adapter work in promiscuous mode, so that it processes all unicast traffic within the Ethernet broadcast domain, whether it is intended for the host machine or not
route
on a Windows or Linux/UNIX host, the ____ command is used to view & modify the routing table
local network, ARP, Neighbor Discovery (ND)
on a ____ segment, Nmap will also perform ____ and ____ sweeps if a host is detected, Nmap performs a port scan against that host to determine where services it is running this OS fingerprinting can be time consuming on a large IP scope & is also non-stealthy
dhclient
on most versions of Linux, the ____ tool is used to release & renew a DHCP-configured interface
wi-fi analyzer
received signal strength indicator (RSSI) & signal-to-noise ratio (SNR) can be measured by using a _____ this type of software can be installed to a laptop or smartphone
-j
the ___ option allows you to specify preferred routers (loose source routing) with the tracert utility
tracert, traceroute
the ____ ICMP utility is used from a Windows host to trace the route taken by packet as it hops to the destination host on a remote network it can be used either with an IP address or a host & domain name it returns the IP address (or name) of each router used by the packet to reach its destination
netstat
the ____ command allows you to check the state of ports on the local host you can use ____ to check for service misconfigurations--perhaps a host is running a web or FTP server that a user installed without authorization. you may also be able to identify suspect remote connections to services on the local host or from the host to remote IP addresses if you are attempting to identify malware, the most useful ____ output is to show which process is listening on which ports. you may also be able to identify connections to suspicious IP address ranges
ping
the ____ utility sends a configurable number & size of ICMP packets to a destination host this can be used to perform a basic connectivity test that is not dependent on the target host running any higher-level applications or services use ____ for a basic connectivity test
ipconfig
the _____ command is used to verify the IP configuration on Windows-based systems _____ without any switches will display the IP address, subnet mask, & default gateway (router) for all network interfaces to which TCP/IP is bound
nmap security scanner
the _____ is widely used for scanning remote hosts & networks, both as an auditing & a penetration testing tool the tool is open source software with packages for most versions of Windows, Linux & macOS it can be opened with a command line or via a GUI
nmap-services configuration file
the frequency statistics for determining how commonly a port is used are stored in the ____
tracert, traceroute, mtr, and pathping
the path between two remote hosts is better investigated using what four utilities?
fingerprinting
the process of identifying an OS or software application from its responses to probes is called ___
/release6 and /renew6
there are ____ and ____ switches for use with DHCPv6 (a DHCP server supporting IPv6)
route [-f -p] add DestinationIP mask Netmask GatewayIP metric MetricValue if Interface
to add a route, the syntax for the Windows version of the tool is: The variables in the syntax are defined as: DestinationIP is a network or host address • Netmask is the subnet mask for DestinationIP. • GatewayIP is the router to use to contact the network or host. • MetricValue is the cost of the route. • Interface is the adapter the host should use (used if the host is multi-homed)
iptables -A INPUT -p tcp --dport [port #] -s [IP address]/[subnet] -m state -- state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport [port #] -d [IP address]/[subnet] -m state -- state ESTABLISHED -j ACCEPT
to allow a host to operate as an SSH server, configure the following rules:
unicast traffic, packet sniffer
to capture _____ intended for other hosts, the ____ needs to be connected to a suitably configured spanning port (mirrored port)
iptables -L -v
to view the current status of the iptables & the volume of traffic using the chains, use the command:
iptables -I INPUT -p tcp --dport [port #] -s [IP address] -m state -- state NEW,ESTABLISHED -j ACCEPT iptables -I OUTPUT -p tcp --sport [port #] -d [IP address] -m state -- state ESTABLISHED -j ACCEPT
use the following commands to whitelist your host machine (192.168.1.100 say) as the first rule (-I adds the rule to the top of the ACL):
TCP SYN (-sS) TCP connect (-sT) UDP scans (-sU) port range (-p)
what are the four main types of scanning that Nmap can perform?
INPUT, OUTPUT, FORWARD
what are the three main chains in iptables?
ifconfig can also be used to bind an address to an adapter interface, set up communications parameters, and enable or disable the adapter the Windows switches for configuring the adapter with DHCP and DNS are not supported by ifconfig the ifconfig command output does not show the default gateway (use route instead). it does show traffic statistics, though
what are three differences between the Windows & Linux ipconfig/ifconfig commands?
netstat -a
what command displays all connections (active TCP & UDP connectionless plus ports in the listening state)
netstat -p proto
what command displays connections by protocol (TCP or UDP or TCPv6/UDPv6)? when used with -s, this switch can also filter the statistics shown by IP, IPv6, ICMP, & ICMPv6
netstat -i
what command displays interface statistics (similar to -e on Windows)?
netstat -n
what command displays ports & addresses in numerical format? skipping name resolution speeds up each query
netstat -c
what command sets output to update continuously?
netstat -tu
what command shows Internet connections (TCP & UDP) only?
netstat -l
what command shows only ports in the listening state (omits established connections)?
netstat -s
what command shows per protocol statistics (such as packets received, errors, discards, unknown requests, port requests, failed connections, & so on)
netstat -o
what command shows the Process ID (PID) number that has opened the port?
netstat -b
what command shows the process name that has opened the port?
netstat -r
what command shows the routing table?
tcpdump -I eth0 "src host 10.1.0.100 and (dst port 53 or dst port 80)"
what is the command that filters frames to those with the source IP 10.1.0.100 & destination port 53 or 80?
-e, nn
what netstat command displays the Ethernet statistics & extra information? the utility can also be set to run in the background by entering netstat ___, where ___ is the refresh interval in seconds (press Ctrl+C to stop)
tcpdump -v, -vv, & -vvv
what tcpdump commands can be used to increasethe amount of detail shown about each frame while the -e switch shows the Ethernet header?
protocol
what tcpdump filter expression filters by a named protocol rather than port number (for example: arp, icmp, ip, ip6, tcp, udp, & so on)
type
what tcpdump filter expression filters by host, net, port, or portrange?
direction
what tcpdump filter expression filters by source (src) or destination (dst) parameters (host, network, or port)?
type, direction, & protocol
what three filter expressions are often used with tcpdump?
iptables -A INPUT -s [IP address] -j ACCEPT iptables -A INPUT -s [IP address]/[subnet] -j DROP
what two commands allow one IP address from a specific subnet to connect & block all others from the same subnet?
TCP SYN (-sS)
what type of Nmap scanning is a fast technique (also referred to as half-open scanning) as the scanning host requests a connection without acknowledging it? the target's response to the scan's ___ packet identifies the port state
TCP connect (-sT)
what type of Nmap scanning is a half-open scan that requires Nmap to have privileged access to the network driver so that it can craft packets? if privileged access is not available, Nmap must use the OS to attempt a full TCP connection this type of scan is less stealthy
UDP scans (-sU)
what type of Nmap scanning scans UDP ports? as these do not use ACKs, Nmap needs to wait for a response or timeout to determine the port state, so ____ can take a long time a ____ can be combined with a TCP scan
port range (-p)
what type of Nmap scanning, by default, can scan 1,000 commonly used ports use the ___ argument to specify a _____ you can also use --top-ports n, where n is the number of commonly used ports to scan
host discovery scan
when Namp completes a ____, it will report on the state of each port scanned for each IP address in the scope
-sV or -A
when services are discovered, you can use Nmap with the ___ or ___ switch to probe a host more intensively to discover the software or software version operating each port
Nmap, TCP ACK, 80 & 443
when used without switches like this, the default behavior of ____ is to ping & send a ____ packet to ports ___ and ___ to determine whether a host is present
fiber optic
when you are working with _____ cabling, it is important to understand that any mismatch between the cables coupled together will result in data loss this can occur if the _____ cables are not properly aligned, are different sizes, or may have suffered damage (broken/misshaped ____ strands) during transport
INPUT, OUTPUT
when you set least access rules (if both ___ & ___ default policy is set to deny all), you must set both ___ & ___ rules to allow most types of client/server traffic
continuity (open), short, & incorrect pin-out/incorrect termination/mismatched standards
wire map testers can identify the following three problems:
-d, -h, -w
you can use the ____ switch to suppress name resolution, ____ to specify the maximum number of hops (the default is 30), and ____ to specify a timeout in ms (the default is 4,000) with the tracert utility
spectrum analyzer
EMI can be detected by using a ____ unlike a wi-fi analyzer, a ____ must use a special radio receiver-- wi-fi adapters filter out anything that isn't a wi-fi signal they are usually supplied as handheld units with a directional antenna, so that the exact location of the interference can be pinpointed
DestinationIP, Netmask, GatewayIP, MetricValue, Interface
The variables in the syntax for how to add a route in Windows are defined as: _____ is a network or host address _____ is the subnet mask for DestinationIP _____ is the router to use to contact the network or host _____ is the cost of the route _____ is the adapter the host should use (used if the host is multi-homed)
ifconfig
UNIX and Linux hosts provide the ____ command which provides similar output to the Windows ipconfig program
filter syntax
____ can be made even more detailed by using parameters to group expressions
tracert
____ can be used with several switches, which must precede the target IP address or host
iptables
____ is a command line utility provided by many Linux distributions that allows administrators to edit the rules enforced by the Linux kernel firewall ____ works with the firewall chains, which apply to the different types of traffic passing through the system
tcpdump
____ is a command-line packet capture utility for Linux, though a port of the program is available for Windows the basic syntax is ____ -I eth0 -where eth0 is the interface to listen on (you can substitute with the keyword any to listen on all interfaces of a multi-homed host)
pathping
____ performs a trace route, then it pings each hop router a given number of times for a given period to determine the Round Trip Time (RTT) & measure link latency more accurately the output also shows packet loss at each hop
hardware sniffer
a ____ might be capable of tapping the actual network media in some way a ____ might be required to capture at wirespeed on 1+ Gbps links
bandwidth or broadband speed tester
a _____ is a website that measures the time taken to download & upload a randomized stream of data to a web host (selected on the basis of the subscriber's geographic location) ideally, the test should be run in isolation so that the link is not congested by traffic from other devices on the home network (other computers, smartphones, smart TVs, games consoles, and so on) if the bandwidth obtained is lower than expected, you could check the router's logs for line condition statistics, but as residential services are fully managed, it is best to contact the ISP
port scanner
a _____ is software designed to report on the status & activity of TCP & UDP ports some _____s work on the local machine; others are designed to probe remote hosts a _____ may be operated by malicious user attempting to discover hosts & services to exploit
protocol analyzer or packet analyzer
a _____ or _____ works in conjunction with a packet sniffer _____ can decode a captured frame to reveal its contents in a readable format you can either analyze a live capture or open a saved capture file (.pcap)
complex filter expression
a _____ should be enclosed by quotes
software-based sniffer
a basic ____ will simply interrogate the frames received by the network adapter by installing a special driver examples include libpcap (for UNIX & Linux) & its Windows verison wincap these software libraries allow the frames to be read from the network stack & saved to a file on disk
tone generator
a network _____ & probe are used to trace a cable from one end to the other the _____ is used to apply a signal on the cable to be traced where it is used to follow the cable over ceilings and through ducts
loopback adapter, loopback plug
a network _____ (or ____) is a specially wired RJ-45 plug with a 6" stub of cable
crimper
a patch cable is created using a wire or cable ____ this tool fixes a jack to a cable the tools are specific to the type of connector and cable, though some may have modular dies to support a range of RJ-type jacks
functions of a protocol analyzer
§ Filter traffic and capture packets meeting certain criteria (capturing traffic to and from a particular device, for instance) § Isolate hosts producing erroneous packets and rectify the problem § Identify malicious or unauthorized use of the network § Establish a network activity baseline · The baseline provides a comparison against activity when a problem is suspected or as a basis for network expansion plans § Identify the most active hosts on the network, which aids in balancing traffic on networks § Monitor bandwidth utilization by hosts, applications, and protocols § Trigger alarms when certain network conditions fall outside normal levels § Generate frames and transmit them onto the network to test network devices and cabling what are these?
