Command-Line Utilities

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

8 hours 19 minutes
Video Transcription
Those are your software based application tools.
We also have a range of command line tools. They love to bring these onto the exam. So I would definitely take time with their command line tools and know what they do. And no any sort of significant command. You run with them too.
This is a pretty massive list. Some things are obviously going to be more testable than others.
We start out. Ping
Ping is our friend. We use paying on a daily basis with troubleshooting.
Ping uses the protocol. ICMP
and ICMP is frequently exploited and has no built in security. So there are a lot of issues of paying. We don't want to allow Ping from the outside of our router coming into our network. But often we do allow Ping onto our eternal network.
This is sort of an echoing utility that when you send a ping to a certain address, you get a reply back
as long as you could not reply. You know that you're not dealing with a broken cable or a faulty network card.
You know that you have at least physical capability.
You've got path, ping also, and that traces the pocket as it's moving through routers. It's a little bit like a combination of ping and trace route.
Speaking of trees, fruits and then trees certain
these are two utilities that are very similar.
Tracer is Windows. Trace route is Lennox and units family.
These tests hops across the router.
I would use these tools if I can connect to a local host but cannot connect to a remote host
that might tell me the problem could be hops along the way or problems with routers, so trace route would be a good choice.
DNS. DNS is the root of all good and evil on a network.
If DNS is now again, nothing works. We've got a couple of tools specifically, Dig is in Lenox Tool.
And as look up, is a DNS tool
with the NS. Look up. You can determine here. Authoritative, sir. Very for a domain is you can have records transferred. You can look at his own information. So that's one use of Venice. Look up.
An attacker can also use it to footprint the network and figure out where your critical service and services are.
We want to be careful with how much zone traffic we allow on the NS. Look up commands most DNS utilities. If you've got the DNS service and Windows, they usually come up with diagnostic and troubleshooting utilities. That might be better than an NS look up or a dig because they'll cover a wider range of issues.
Our next utility is I p config and I f config
i p configures windows. I have confidence in UNIX and Lennox and I f stands for interface config.
These are going to provide us with information about our network connections
with I p config. You're going to see a couple switches, maybe show up on the exam. So if you type out i p config space satchel, you get a lot of information.
Basically, I p convict will tell you your i p address your mask, your default gateway. But if you do an I P conflict alone, all you'll see is your I P V six information. You'll see who the D H C P server is. You'll see. The DNS are relisted your Mac address, so there's a lot of information that you'll get
and very comparable information with the UNIX clinics with the convict
a slash display, DNS will show your DNS cache and slash flush DNS will clear that cash
if you'll remember. We said earlier that cash can be really susceptible to poisoning.
That really is a tool that everybody uses at some point in time. If you're going to be a networking and probably on a daily basis and often many times a day, this is a tool that I'm going to use to check out any sort of connectivity.
I like to know if I can't reach a host or if I'm having trouble accessing to share, I'll do an I p. Con fig.
What I'm looking for first of all is Do I have valid I p address many times? There's an issue with the D. A. T P server,
and I know that because when I do an I P convict, I get a 169.254 address. If you remember way back from Chapter two, which is the I P chapter when you have I P addresses, that's 169.254 that tells you your setup to obtain an I P address from D H C P.
But they're unavailable So right off the bat. That could very well be why I'm not connecting to hosts
Dr the Right Default Gateway set. That's my router. A clue that I might not going back.
a clear that might not be if I can ping local coasts, but I couldn't ping remotely.
Sometimes your sub net mask is off and you're not on the same network as a router or as a host that's supposed to be local.
Ultimately, any time you're having connectivity issues, it's your doing a quick I p convict and making sure that the information is correct as far as you know it to be.
Make sure you have a D h, C P server and a valid I P address. See who your DNS server is listed. And is that your legitimate DNS server?
You can really detect a lot of issues just with I p convict and I f convict
I p tables. This is a Lennox utility, and it's a firewall utility that you can use to set up a real set.
Firewalls use if slash then logic. That's kind of the way you work with I p tables. So if traffic is coming from this network, then block. It's not a graphic interface. It's not the easiest or necessarily most user friendly. But it is something that you can use to set up rules that block or allow connectivity.
Net sat is another Big one. Network statistics. You get lifetime monitoring of information about my connections. I want to know what ports are open, what ports are listening. Any sort of stats. Long network connectivity interfaces. If you have a routing table configured, what's going on there,
such as a quick monitoring utility that you can use to view network issues or network statistics? Oddly enough,
TCP dump.
This is a command line packet analyzer.
Basically, you can capture traffic. You can analyze it, but once again, it's not G U I. It's not really user friendly, and it's not wire shark.
If you can access a protocol analyzer that's a little bit more user friendly, you probably get further with it
and map network map or network mapper is going to discover essentially the layout of my network. And it even has a topology mode where you can just see the kind of topology of your network and a graphical view, so that kind of really hits home.
Ultimately, it discovers what services and hosts are on the network. What operating systems are running, where the service with the critical roles are. There's a lot of information that comes with end map that information can be used for good or evil, so we want to be careful
when we use these tools. We want to be careful that the information that we collect is protected. And we want to keep on the lookout for an attacker running these scans as well.
Uh huh,
the Route command
if I take a system and I put another network card in it, So I've got two network cards I can assign. One interface to be on the 10 network second interface would be on the 172 network. I have essentially turned my machine into a router as two interfaces. It's connecting to different networks. I mean, some sort of software to manage that router, but usually that's pretty easy.
Microsoft has Internet connection sharing. There's routing and remote access services. It really is pretty easy just to turn a computer into a router. When we do that, we need a way to build our routing tables and the slash root out command is going to be able to do that.
You can do slash route print also so you can display what tables exist
again. These command line utilities can be tricky. They take a little while to get used to
therapy. Address resolution protocol.
We talked about Air P a number of times in this class. We know that it is the protocol that takes a known I. P address sends out a broadcast so it can learn an unknown Mac address. It's really essential because in order for data to be received on either Net network, there needs to be a destination Mac address and the network cards exam in the traffic for that destination address. And if my n I C examines and finds the address that matches its own,
pulls it off the network. Otherwise, we leave that traffic on the network
without AARP. We don't get that address resolution just wrapping things up. We have a lot of different soft rituals, and this is really when we're looking to troubleshoot application based connectivity. Usually this is after I've done Ping and some of the hardware based utilities or pinks, command line
when I've tested. I've got a degree of confidence that the hardware isn't the problem
for having delays in traffic. You might use a packet sniffer as vulnerability assessment, and I might see what ports are open. Why, if I analyzers will help me know the strength of signal bandwidth is good to make sure that you've got the upload and download capabilities necessary for whatever you're doing. And then there's a whole slew of command line utilities. No those. They love to ask about those on the test, so make sure not just that. You can answer the question about when you can use this tool. But if you get assimilation or performance based question, that would help you to be able to say, Oh, this is an I P. Convex screen And here's what I find out on that screen.
These are really important, not just for the test, but certainly in the real world. As you begin working with troubleshooting
Up Next