Command-Line Utilities

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 49 minutes
Difficulty
Beginner
CEU/CPE
10
Video Transcription
00:00
>> Those are your software-based application tools.
00:00
We also have a range of command line tools.
00:00
They love to bring these onto the exam.
00:00
Definitely take time with
00:00
your command line tools and know what they do,
00:00
and know any significant command you run with them too.
00:00
This is a pretty massive list.
00:00
Some things are obviously going to
00:00
be more testable than others.
00:00
If we start out, ping.
00:00
Ping is our friend.
00:00
We use ping on a daily basis with troubleshooting.
00:00
Ping uses the protocol ICMP.
00:00
An ICMP is frequently exploited.
00:00
It has no built-in security,
00:00
because there a lot of issues with ping.
00:00
We don't want to allow ping from
00:00
the outside of our router coming into our network.
00:00
But often we do allow ping onto our internal network.
00:00
This is an echoing utility
00:00
that when you send a ping to a certain address,
00:00
you get a reply back.
00:00
As long as you get that reply,
00:00
you know that you're not dealing with
00:00
a broken cable or a faulty network card.
00:00
You know that you have at least physical capability.
00:00
You've got pathping also,
00:00
and that traces the pocket
00:00
as it's moving through routers.
00:00
It's a little bit like a combination
00:00
of Ping and Traceroute.
00:00
Speaking of Traceroute and then Tracert.
00:00
These are T utilities that are very similar.
00:00
Tracert is Windows, Traceroute is Linux and Unix family.
00:00
These tests hops across the router.
00:00
I would use these tools if I can connect to a local host,
00:00
but cannot connect to a remote host.
00:00
That might tell me the problem could be
00:00
hops along the way or problems with routers.
00:00
Traceroute would be a good choice.
00:00
DNS. DNS is the root of all good and evil on a network.
00:00
If DNS is not working, nothing works.
00:00
We've got a couple of tools,
00:00
specifically, DIG is A Linux tool.
00:00
NSLookup is a DNS tool.
00:00
With NSLookup, you can determine
00:00
your authoritative server for a domain is.
00:00
You can have records transferred.
00:00
You can look at a zone information.
00:00
That's one use of NSLookup.
00:00
An attacker can also use it to footprint
00:00
that network and figure out where
00:00
your critical servers and services are.
00:00
We want to be careful with how much zone traffic
00:00
we allow on the NSLookup commands.
00:00
Most DNS utilities, if
00:00
you've got the DNS service and windows,
00:00
they usually come up with
00:00
diagnostic and troubleshooting utilities
00:00
that might be better than an NSLookup or a DIG,
00:00
because they'll cover a wider range of issues.
00:00
Our next utility is IPConfig and IFConfig.
00:00
IPConfig is Windows,
00:00
IFConfig is in Unix and Linux.
00:00
IF stands for interface config.
00:00
These are going to provide us with
00:00
information about our network connections.
00:00
With IPConfig, you're going to see
00:00
a couple of switches maybe show up on the exam.
00:00
If you type out IPConfig space slash all,
00:00
you get a lot of information.
00:00
Basically, IPConfig will tell you your IP address,
00:00
your mask, your default gateway.
00:00
But if you do an IPConfig alone,
00:00
all you'll see is your IPV6 information.
00:00
You'll see who the DHCP server is,
00:00
you'll see the DNS server listed, your MAC address.
00:00
There's a lot of information that you'll get,
00:00
and very comparable information
00:00
with the Unix, Linux with IFConfig.
00:00
A /displaydns will show you
00:00
your DNS cache and /flushdns will clear that cache.
00:00
If you'll remember, we said
00:00
earlier that cache can be
00:00
really susceptible to poisoning.
00:00
That really is a tool that
00:00
everybody uses at some point in time.
00:00
If you're going to be in networking and probably
00:00
on a daily basis and often many times a day,
00:00
this is a tool that I'm going to use to
00:00
check out any connectivity.
00:00
I like to know, if I can't reach a host
00:00
or if I'm having trouble accessing a share,
00:00
I'll do an IPConfig.
00:00
What I'm looking for, first of all,
00:00
is do I have valid IP address?
00:00
Many times there's an issue with the DHCP server.
00:00
I know that because when I do an IPConfig,
00:00
I get 169.254 address.
00:00
If you remember way back from Chapter 2,
00:00
which is the IP chapter,
00:00
when you have IP addresses,
00:00
that's 169.254, that tells you your setup to
00:00
obtain an IP address from DHCP, but they're unavailable.
00:00
Right off the bat, that could very well be
00:00
why I'm not connecting to hosts.
00:00
Drive the right default gateway set, that's my router.
00:00
A clue that might not be if I can ping localhost,
00:00
but I couldn't ping remotely.
00:00
Sometimes your subnet mask is off,
00:00
and you're not on the same network as the router
00:00
or as a host that's supposed to be local.
00:00
Ultimately, anytime you're having connectivity issues,
00:00
it's you're doing a quick IPConfig and making
00:00
sure that the information is
00:00
correct as far as you know it to be.
00:00
Make sure you have a DHCP server and a valid IP address.
00:00
See who your DNS server is listed,
00:00
and is that you're legitimate DNS server.
00:00
You can really detect a lot of issues just
00:00
with IPConfig and IFConfig.
00:00
IPTables.
00:00
This is a Linux utility and it's
00:00
a firewall utility that you can use to set up a rule set.
00:00
Firewalls use if slash then logic.
00:00
That's the way you work with IPTables.
00:00
If traffic is coming from this network, then block.
00:00
It's not a graphic interface.
00:00
It's not the easiest or necessarily most user-friendly,
00:00
but it is something that you can use to set
00:00
up rules that block or allow connectivity.
00:00
NetStat is another big one.
00:00
Network statistics.
00:00
You get lifetime monitoring of
00:00
information about my connections.
00:00
I want to know what ports are open,
00:00
what ports are listening,
00:00
any stats along network connectivity interfaces.
00:00
If you have a routing table configured,
00:00
what's going on there?
00:00
That's just a quick monitoring the
00:00
utility that you can use to view
00:00
network issues or network statistics, oddly enough.
00:00
TCPDump. This is a command line packet analyzer.
00:00
Basically, you can capture traffic.
00:00
You can analyze it,
00:00
but once again, it's not GUI.
00:00
It's not really user-friendly,
00:00
and it's not Wireshark.
00:00
If you can access a protocol analyzer,
00:00
that's a little bit more user-friendly.
00:00
You'll probably get further with it.
00:00
Nmap, network map or network mapper,
00:00
is going to discover
00:00
essentially the layout of my network.
00:00
It even has a topology mode where you can
00:00
just see the topology
00:00
of your network and a graphical view.
00:00
So that not really hits home.
00:00
Ultimately, it discovers with
00:00
services and hosts are on network,
00:00
what operating systems they are running,
00:00
where the surveys with a critical roles are.
00:00
There's a lot of information that comes with Nmap.
00:00
That information can be used for good or evil.
00:00
So we want to be careful.
00:00
When we use these tools,
00:00
we want to be careful that
00:00
the information that we collect is
00:00
protected and we want to keep on
00:00
the lookout for an attacker running these scans as well.
00:00
The route command. If I take
00:00
a system and I put another network card in it,
00:00
so I've got two network cards,
00:00
I can assign one interface to be on the 10 network.
00:00
Second interface would be on the 172 network.
00:00
I have essentially turned my machine into a router.
00:00
A two interfaces,
00:00
it's connecting two different networks.
00:00
I mean, some software to manage that router,
00:00
but usually it's pretty easy.
00:00
Microsoft has internet connection sharing.
00:00
There's routing and remote access services.
00:00
Really is pretty easy just to
00:00
turn a computer into a router.
00:00
When we do that, we need a way to build
00:00
a routing tables and the slash route
00:00
add command is going to be able to do that.
00:00
You can do slash route print also,
00:00
you can display what tables exist.
00:00
Again, these command line utilities can be tricky.
00:00
They take a little while to get used to.
00:00
ARP, address resolution protocol.
00:00
We've talked about ERP a number of times in this class.
00:00
We know that it is the protocol that
00:00
takes a known IP address,
00:00
sends out a broadcast so it can
00:00
learn an unknown MAC address.
00:00
It's really essential because in order for data
00:00
to be received on an Ethernet network,
00:00
there needs to be a destination MAC address.
00:00
The network cards examined the traffic
00:00
for that destination address.
00:00
If my NIC examines
00:00
and finds the address that matches its own,
00:00
pulls it off the network.
00:00
Otherwise, we leave that traffic on the network.
00:00
Without ARP, we don't get that address resolution.
00:00
Just wrapping things up.
00:00
We have a lot of different software tools.
00:00
This is really when we're looking
00:00
to troubleshoot application-based connectivity.
00:00
Usually, this is after I've done ping and some of
00:00
the hardware base utilities or pings command line.
00:00
When I've tested and I've got to degree of
00:00
confidence that the hardware isn't the problem,
00:00
for having delays in traffic,
00:00
you might use a packet sniffer
00:00
as vulnerability assessment,
00:00
and I might see what ports are open.
00:00
Wi-Fi analyzers will help me
00:00
know the strengths of signal.
00:00
Bandwidth is good to make
00:00
sure that you've got the upload and
00:00
download capabilities necessary
00:00
for whatever you're doing.
00:00
Then there's a whole slew of command line utilities.
00:00
Know those. They love to ask about those on the test.
00:00
Make sure not just that you can answer
00:00
the question about when you can use this tool,
00:00
but if you get a simulation
00:00
or a performance-based question,
00:00
that would help you to be able to say,
00:00
this is an IPConfig screen.
00:00
Here's what I'll find out on that screen.
00:00
These are really important,
00:00
not just for the test,
00:00
but certainly in the real-world,
00:00
as you begin working with troubleshooting.
Up Next