Time
31 hours 29 minutes
Difficulty
Beginner
CEU/CPE
30

Video Description

Dig, Arp, nbt stat and netstat This lesson covers the following commands:

  • Dig: linux/unix version of NSlookup
  • Address Resolution Protocol (ARP): see the MAC address to IP address correlations
  • Nbt stat
  • Netstat

Video Transcription

00:04
next up, we have one of our UNIX Lennox commands, and that's going to be dig now. Big is going to be our UNIX Lennox's version of our s. Look up and it's gonna allow us to see things such as Look up, an I p. Look up our mail exchange or look up our name server of a particular I P address.
00:24
So we would just do run a command, such a CZ dig example dot com
00:28
and then a and we could look up just simply the basic i p address of that particular entry. We could look up the mail exchange for the mail exchange server for that host name, or we could look up the name server for that host name. So it's gonna be again. Are you Nick's Lennox equivalent? Sort of. Two are in us. Look up
00:49
next we have
00:50
our art command. Now art is going to stay in his stance for address resolution protocol, and it's going to allow us to see the Mac address to I p address correlations that we have on that we have in our our cash on our computer. So it's what we see when we're saying Okay,
01:10
Well, what Mac addresses correlate with what I p addresses on my that I'm connecting to when I'm sending out a message
01:15
to a particular I p address. What Mac address is that going to? And our dash A will show us all of those entries. So AARP Space Dash A will show us those entries. Now, maybe we want to see a little bit more information than what we're seeing in just the basic entry information.
01:33
So then we could do dash the fore ver bos mode. Now, whenever we're doing something in verbose mode, we're saying we want more details. We want
01:42
you think verbose, verbal someone. He was being very verbal who's talking a lot like me up here. And we do a dash V than
01:52
that's gonna give us more information than just a generic art. A generic art cash information would give us going to give us more detailed info.
02:00
And then lastly, we have our dash d switch. Now our dash D is going to allow us to delete the record we currently have for a specified Mac address or specify host. So say we we want to get a clean slate. We want to restart and have the correlation between a Mac address and a certain I p address renewed.
02:19
So we would do an AARP dash D and then specify which host we want to remove.
02:23
And then when we do that, then our cash won't have that entry in it any more, and it will renew its entry by doing an actual art look up and requesting out on the network. Hey, who has this I p address? Send me. Send me your Mac address, and then we'll get that response back from the particular host.
02:40
Next, we have our NBT stat. Now in BT Stat stands for our is our net biostatistics
02:49
and Arnett biostatistics. Net bias was a
02:53
was a way that we looked up host names to I p addresses before D N s was really in play and didn't really gain as much traction as V. N S. D. S has much more widespread. But our Net bios is still used in, um,
03:12
Windows systems is still used in when and Windows Network, so we still need to be aware of this command. NBT stat, Dash s will show us our current net bios connections will show us what's going on. What Net Bios connections were currently connected with
03:27
Our Dash C will show us our cash contents for our net bios. Cash again, much like our earnest look up cash will show us what What names? We've already resolved what our cash looks like. And then, lastly, we have our dash r and R Dash all really just shows us are statistics.
03:44
It shows us what? How many names that shows us the count of names
03:47
that we've resolved using that bias.
03:52
And next we have Nets stat Now nets. That is a very, very useful command for seeing what we're connected to, what our computer is currently connected to using its ports and using its I p connections. So if we run a net stat, just sustain a Net stat command by itself,
04:10
it's going to show us all of the current TCP connection active TCP connections
04:14
that we have with other compute with other devices, other computers. So say we're currently waiting for a response back from a Web page or we currently have a, um, active Web page in session with another computer, or maybe even have malware on our computer, which is trying to connect out with a with A with the mother ship with
04:33
and in Client, which is sending a command and control centre, which is sending commands back
04:39
to that malware. Then, if it's not being obscured by registered by certain registry settings or it's not being obscured through very advanced malware settings than that connection may show up in our in our nets that connections and we may be able to evaluate that connection.
04:55
So it's essentially going to show us what our computers trying to connect to what is currently connecting to.
05:00
Now if we run a Net Stat Dash, eh, that's going to show us our active TCP connections in our UDP listening ports. So our remember when we talked in previous modules, we talked about the difference between TCP and UDP connections, and we have a TCP connections which our handshake connections, which are established,
05:19
documented, rescind herbal connections. Where we send a packet,
05:24
we make sure that it gets there and if not weaken, do resending and our UDP is just going to be sending sentence and incidents and data. So if we are waiting for you tp response from somebody, we're not necessarily. We're not really sending anything back to them over that same UDP port. We're just getting information from them.
05:42
So that's why we're going to show our UDP listening ports
05:45
because we may not have. We may not even have an active connection over UDP. It's probably just a listening port, and we're just waiting for information to being sent to us.
05:55
Now our dash b is going to show us if we do a Nets, that *** be is going to show us the process name for current connections. So say we want we say Okay, well, it's great that I can see that I'm currently connected to this particular to this particular I p address or this particular host name. But
06:13
what is connecting that? What? What process name is connecting that well, a dash be with him to show us the process name for each connection. So if we do notice something that looks unusual, maybe we see we're connected to an I P address.
06:26
We go online to a quick research and we come back. And that's a known black listed bad I p address some malicious I p address. Well, then, maybe we don't want to run a dash B. C. What processes making that connection and we may be able to narrow down, and we may be able to find some malware or find something that's trying to connect back out.
06:46
Next, we have a dash E and that stat dash E will show us our network connections. Statistics it will show us are different packets sent and received. It'll show with some connection statistics as faras errors and dropped packets. So we'll be able to take a look at our network in general and see how our network connections how are sent in received has done in general
07:05
rather than actual individual
07:08
connections and individual ports.
07:11
And then lastly, we have our dash in, and our dash o r Dash in is going to say, Do not resolve I p addresses. If we just run a standard net stat command, then we're going to see that's gonna take a while because as we're going down to each connection, our computer again is gonna attempt to resolve the I P addresses,
07:28
which can take a long time, depending on how long it takes and how long it's gonna wait
07:31
for the I. P. addresses to come back. If we want it to be a lot quicker, or if we actually want to see the I P addresses rather than the host name, then we can run a net stat dash in and that dash in will say not resolve. Do not resolve those I p addresses to host names.
07:47
And then, lastly, we have our dash o much like our dash B R Dash O is going to show us the process i d. Number for that for a particular connection to an inn point. So if we run a nets, one of the commands that I like to run is a net stat dash in dash O
08:05
Net stash. It's just a really quick command where you can say, OK,
08:09
I want you to show me all the active connections. Don't resolve the I P addresses, though, and show me all the process of ideas for for all my connections.
08:18
So especially if you don't have an Internet Internet browser open and your computer seems like he's making a lot of network connections out and you want to see what's making those network connections, you can do a quick Net stat dash in dash Oh, and then say whoa, I've got about three or four here that are all under this process, I d Let me open the task manager on and
08:37
view my process i d columns
08:39
and see what process this is so I can narrow down and see if I want this to be making all these calls out. So, nets That is a very useful command for those of you that, like Thio, help like to track down and make sure that you don't have Maur talking out on your computer than necessary. Or maybe one track down some malicious software.
08:58
Or you may want you want to take a look and see if there's any connections out that really shouldn't be going on
09:03
the nets. That is very, very useful command, especially with the different switches that we have available. In order to really experience, extend the expense.
09:13
Expand the extensive bility of the nets that command to give us more information

Up Next

CompTIA Network+

This CompTIA Network+ certification training provides you with the knowledge to begin a career in network administration. This online course teaches the skills needed to create, configure, manage, and troubleshoot wireless and wired networks.

Instructed By

Instructor Profile Image
Anthony Harris
Systems Analyst and Administrator at SAIC
Instructor