Advanced Networking Tools

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

57 minutes
Video Transcription
Welcome back in this lesson. We're gonna take a look at some more utilities with advanced networking tools
and this. Listen, we're gonna learn about the utilities nets, that route and net S H.
Our first command up is Net Stat, which stands for network statistics. This is going to display active connections honor system as well as the remote system that we're connected to.
This is a good way to verify if our local system is listening on a specific port or not.
For example, a Web server has port 80 open. We want to see what connections might be connecting to it over that I, p and port
and you can see here in our screenshot we have the local address in the foreign address and also a state.
In this case, we have established in time Wait, not time. Weight means the client recognizes that the connection is active, but no one is currently listening on that I p import
well so have established, which means that thesis server has exchanged a TCP three way handshake with the other system. And there is a session currently established
another state we're going to see inside of our demo is listening, Which means thes server is listening on that port and ready to accept any connections.
Our next commanders route in this displays are local I p routing table on the current host.
What this means is it shows the routes that network traffic is going to take and which network gateway it's going to send it over.
This is useful as you can add your own static routes to control where network traffic is sent.
This allows you to direct traffic to specific network gateway if needed inside of your network.
Next up, we have NET S H, which stands for Network Shell. This is used to displaying configure different network communications settings on the local host.
It can do quite a few different things like take a look at your DNS or D A GP settings, and you can even control Windows firewall rules using this command line interface
in this. Listen, we're going to learn about how to reset our network stack and case it gets corrupted.
That does it for a slides. Let's jump back out to our workstation and take a look at our new utilities.
Here we are on server 01 and just a quick reminder. It's running our Web server, and our email server lets get started looking at net staffed by running the command on its own.
First, we'll come up. We'll see the protocol TCP our local address along with some ports followed by it.
The foreign address, which means thier remote system that's connected to it. And our state, just like we talked about the slides established means we've completed a TCP three way handshake and we have an active session running between the two systems and time. Weight means there's just no session established
here. At the top, you can see our local addressed over Port 80 and our foreign address of W S 01 which is our workstation.
So it looks like our workstation has a website open on our web server on this system. Next, let's take a look at net staff. Dash F. What this command will do is try to resolve the foreign address the i P address into an EFC udn. You can see our foreign address was already w eso won, and we have these other two I p addresses,
but it looks like they didn't resolve
so one thing we could do is use in its look up to see if we can resolve them or not.
And using the public Google DNS. We can see that these I p addresses don't resolve to n f ked in next. Let's bring back our nets that command and change dash F to dash A.
This is going to display all connections and listening ports on our system, and you can see we get a lot more information back. Let's go and scroll up real quick to the top of our list. And here with local address we see 0.0 dot 0.0. This just simply means that the computer is listening on all I P addresses that are configured on the host. In our case, we only have one.
But using this notation means we can listen for all of them.
And the 1st 1 we have up there is Colin 25 which again is for our email server. And the state is listening. So our email server is listening on all I P addresses of the server over port 25 inches, waiting for a connection to come in,
scroll down a little bit further we see are established connections that we just looked at previously. When running net stat on its own, you see the brackets with the two Collins in the middle. This is the local loop back I p v six address. We have some mawr. All I p address listening is here.
We have won 27.0 dot 0.1, which is our loop back address, and we have some actual I P V six addresses down here.
Let's rerun this command bullets at another option in, and this is going to display addresses and port numbers. And we really don't see much of a change here because there were no addresses to list on the foreign address side of it.
Finally, let's add one more option. Oh, and this is going to display the process i d. For each connection, we scroll back to the top. We see we have another column here on the far right P i. D. That stands for process i D. This is showing the process i d. That is running under each connection. So let's take our top one here.
We already mentioned that Colin, 25 is for email server
in our process. I d is 17 40. So if I right click down here on the task bar and go into task manager,
I go over to the details tab and I make sure I'm sorted by the process. I d.
I can scroll down, find 17 40 see it's the Internet Information Services, which that's the service I'm using in order to provide email services. So here, if you look at your active connections using that stat and you want to know what process is listening on a particular port in I p address,
you can add the process I d. And then go look at your task manager to see what services running on that port
an I P. Address.
One other thing you can do is if you're getting a lot of connection attempts back and you don't want to scroll through them.
What some people do is they'll take the command, tailpipe it over to the command, find string and put in a filter or text that they're looking for. Out of all that, let's see if we can find Port 25 hear this greatly reduces the results of our command. Our top line there shows our email server listening,
and we happen to catch another one here just because it's Colon 25 35.
Let's go and do this for Port 80 so we can look at active connections to our Web server. And again, this greatly reduces our results so we can look at them a little bit better. That does it for the Nets stat command on her server. Let's flip back over to our workstation and take a look at the rest of our utilities.
The next command we want to take a look at is Route, so we can view the routes our system has for sending traffic to different Gateway's First Let's start off by running route print.
Let's go back to the top here of our results.
First, we're gonna get back an interface list, and over here on the left is our interface. I d are tough. One i d six is our local network adapter, and then one is our loop back in her face.
Scroll down a little bit further. We have our I P V four round table.
We currently have several different active routes. The network destination is the network address of the Destination Network.
The top line here 0.0 dot 0.0 Pretty much means all other traffic or Internet traffic. You can see it goes to our default Gateway 1 72 1631 off of our only interface, and we also have a metric. This just determines which route takes precedence over other routes. Lower numbers
have higher priority,
then down here at the bottom, we also have a persistent route again. It's the exact same one we see above in our active routes,
and we also have an I. P. V six round table.
Let's say we want to add our own route because we want to force traffic to a specific network destination through a gateway that we specify. We used the route add command,
and first you specify the I P address of the network that you want to control traffic. For
next you put in the network mask of that destination network.
After that, you put the gateway that you want to route it through,
and finally you give it a metric to set the precedence.
And after that you also need to specify the interface. I D and if you remember earlier are only interface that we have had an idea of six
here again, we run into an issue where this requires elevation. So let me copy our command.
Let's open up an admin command prompt.
Like to clear out the screen here a little bit. Let's paste in our route. Add command
and it was successful. Let's run route print again and view our new static entry.
We scroll back up,
we can see our new entry right here. About half way down the list.
We have our network destination, the network mask. What gateway we were in it to go out to and our metric.
Now, if you notice we have active routes up here and persistent routes with this route, we just added, If we were to reboot the system and run route print again, we would no longer see this because it's not gonna be a persistent route through reboots.
So what we need to do is rerun our command and make sure we make it as persistent. So it shows up down here at the bottom under persistent routes.
So first, let's go back and delete our entry.
We just run the route, delete command and specify the destination network.
And I'm going to up arrow to our previous command.
Go back to the beginning.
An ad dash P.
Let's round route print again.
If we go back up,
we could look in our active routes. It shouldn't be there, but it's now down here listed under our persistent routes.
So one of the reasons you might want to use this command is if you have a server with multiple network interfaces. Typically you only want one of those network interfaces to have a gateway address or a default gateway specified for it.
If you want a traffic to rout out one of the other network interfaces, this is where you would do it. You specify the network destination the gateway
and assign it to that interface. So goes out that network heart,
and this is also a good troubleshooting method. If you're seeing traffic being routed in an unexpected way, maybe using the trace route command, you can check your route table here just by Rennie Route print,
or if you temporarily need to sin traffic to another destination, add your own static route.
What's going to clear the screen.
Next. Let's take a look at that S H, which stands for our network show.
First, I'm going to run. That s H ford slash and a question mark to view the help text for it.
Like I mentioned, the net s H command does a lot of different things. You can work with your d HCP or DNS client or even managed really local windows firewall.
But the things I want to look at here is sometimes you run into issues where what pages aren't loading, even if you're on the network. Or maybe you just recovered from a network or malware that was infected on your system.
But your network settings or your network stack has been corrupted.
One of the command you can run his net S h wind sock reset.
And if you notice I stayed in my admin command prompt here, cause this command does require elevation.
Once that command is completed, you do have to restart the computer to complete the reset. I'm not gonna do that now, since we're not running to the issues, just know that's gonna be a requirement.
So this is a quick way is if you're on the network and everything looks good, but you're having issues. Like I said, loading a Web page or being able to access some services. This is a good troubleshooting, Commander Brown. And to get your system to reboot and see if that results the issue
that does it for our demo. Let's jump back to the slides and wrap this up.
All done with our demo again. Let's end with a quick quiz question.
What command and options can be used to view open connections in their associative process? I d
This is gonna be done through our nets that command using Dash A and O at the same time.
Then remember, you can use task manager to view the process i d and match it up with what service is being used on that I p import.
That is it for this lesson where we looked at viewing open ports and connections, using nets that command
viewing and modifying our static routes, using the route command
and then resetting our network stack with the net S H command
coming up. Next, we're going to take a look at how we can actually capture network traffic for analysis.
See you in the next episode.
Up Next