TCPDUMP<\/strong> is a command line packet sniffer.<\/p>\n Wireshark and TCPDUMP and both built on the libcap library<\/p>\n <\/p>\n <\/p>\n Network scanning is used to detect active systems on the network.<\/p>\n This provides an important glimpse of network activity. It is particularly useful at detecting rogue systems. One of the most popular network mapping tools is NMAP (short for network mapper). It is a free download from nmap.org.<\/p>\n NMAP can scan your network and find a lot information such a<\/p>\n EXAM TIPS: get some hands on experience with NMAP<\/strong><\/em><\/p>\n <\/p>\n These are like hackers Swiss army knives. They contain the tools used to test vulnerabilities. They can be used for both evil and good.<\/p>\n This is one of the most common Exploitation Frameworks. It began as an open source project but was purchased the security firm Rapid 7. The Metasploit Community Edition is free, but the Pro version is a commercial product with some extra features.<\/p>\n With This software you can scan your network for devices. It will then give you information about these. It will tell you what services are running and on what port. An example might be SSH running on port 22. You can then search Metasploit for a “SSH exploit” module, this could be a login attack. You give it a list of usernames and passwords and it loops through them trying to connect. This can return some useful information like if a username actually exists on the system. From there you could carry out a bruteforce attack.<\/p>\n The system has lots of different modules for many different services and programs.<\/p>\n Exam TIP: get some hands on experience with Metasploit<\/strong><\/em><\/p>\n <\/p>\n <\/p>\n These are quick and easy way to view network configuration and troubleshooting information.<\/p>\n Ping helps you check if another system is accessible. It uses the Internet Control Message Protocol (ICMP).<\/p>\n The system that initiates the ping sends an “Are you there?” message. If the destination system is accessible it will send an “Yes I am here” response.<\/p>\n Troubleshooting with Ping<\/strong><\/p>\n Ping can be very useful for troubleshooting. EG: say you are having trouble hitting a web server. With you can:<\/p>\n NOTE:\u00a0<\/strong> some systems have ping blocked on the firewall. This is worth noting because if a system doesn’t reply it doesn’t mean its offline, it just might not be responding to pings.<\/p>\n This command allow you to trace the path between two hosts on the network.<\/p>\n On Linux the command is: traceroute Example of trace route on Windows: 1 2 ms 1 ms 2 ms 192-168-1-1.tpgi.com.au [192.168.1.1]<\/em> Trace complete.<\/em><\/p>\n You get a line for each system it hits on the way. If you get stars *** it means that system is not responding with information about itself.<\/p>\n This gives information about the network interface configuration on the local computer. It gives you MAC address, ip, subnet, gateway etc…<\/p>\n Windows: ipconfig You select a single interface by using the command \u00a0ifconfig en0<\/i><\/p>\n These commands can also modify the IP configuration, but we don’t need to know this for the exam.<\/p>\n This translates IP addresses used at the network layer and MAC addresses used at the ethernet layer. All operating systems in an IPv4\u00a0Ethernet\u00a0network keep an ARP cache. Every time a host requests a MAC address in order to send a\u00a0packet\u00a0to another host in the LAN, it checks its ARP cache to see if the IP to MAC address translation already exists. If it does, then a new ARP request is unnecessary. If the translation does not already exist, then the request for network addresses is sent and ARP is performed.<\/p>\n You can view the systems ARP cache using the arp <\/i>\u00a0command.<\/p>\n >arp -a<\/em><\/p>\n Interface: 192.168.1.13 — 0x9<\/em> This displays network statistic on Mac and Windows. It shows you what connections are open, what ports are being used, destination, state etc…<\/p>\n An example output:<\/p>\n >netstat<\/em><\/p>\n Active Connections<\/em><\/p>\n Proto Local Address Foreign Address State<\/em> On Linux you use SS to get this information<\/b><\/p>\n This command allows you to send and receive raw text on a network connection on Mac and Linux. This can be useful for troubleshooting, but can also be used by attackers to send raw malicious commands to a server.<\/p>\n You can open a connection to a server by doing the following:<\/p>\n Nc lynda.com<\/span><\/p>\n Then you can send commands:<\/p>\n Get \/<\/span><\/p>\n This will get the root and try and display the html<\/p>\n There is no NC equivalent on Windows.<\/span><\/p>\n <\/p>\n Doman Name Service translates between domain names and IP addresses.<\/p>\n This is the primary command for looking up DNS on Mac and Linux systems.<\/p>\n This is the Windows version of the dig command. It works on Mac and Linux too.<\/p>\n nslookup lynda.com<\/em> Non-authoritative answer:<\/em> The Whois utility can help you learn more about the ownership of domain names and IP addresses. There are many websites that offer Whois Lookups. An example is http:\/\/whois.domaintools.com\/<\/a> You can lookup a domain name here and it will give you lots of information like:<\/p>\n You can also use Whois Lookup for an IP address.<\/p>\n https:\/\/viewdns.info\/reversewhois\/<\/a> 2.6.1 Protocol Analysers Protocol Analysers allow administrators to peer into the packets travelling on a network and inspect them in deep detail. This is very useful when trying to troubleshoot network issues or investigate security incidents. Wireshark intercepts traffic and converts that binary traffic into human-readable format. This makes it easy to identify what traffic […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[11],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/262"}],"collection":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=262"}],"version-history":[{"count":3,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/262\/revisions"}],"predecessor-version":[{"id":269,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/262\/revisions\/269"}],"wp:attachment":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n2.6.2 Network Scanning<\/h2>\n
Network Mapping<\/h3>\n
\n
\n2.6.3 Exploitation frameworks<\/h2>\n
Metasploit https:\/\/www.metasploit.com\/<\/h3>\n
\n2.6.4 Command Line Network Tools<\/h2>\n
ICMP and Ping<\/h3>\n
![\"\"](\"http:\/\/www.spktechfit.com\/wp-content\/uploads\/2019\/11\/ping.png\")
<\/p>\n\n
Trace Route<\/h3>\n
\nOn Windows the command is: tracert<\/p>\n
\ntracert lynda.com<\/em>
\nTracing route to lynda.com [8.39.42.106]<\/em>
\nover a maximum of 30 hops:<\/em><\/p>\n
\n2 12 ms 10 ms 9 ms syd-sot-ken2-bras5-lo-20.tpgi.com.au [10.20.22.62]<\/em>
\n3 10 ms 12 ms 11 ms nme-sot-dry-wgw1-be-10.tpgi.com.au [203.219.155.8]<\/em>
\n4 51 ms 26 ms 22 ms nme-sot-dry-crt1-be-50.tpgi.com.au [203.219.107.237]<\/em>
\n5 24 ms 22 ms 23 ms nme-apt-bur-crt1-be-30.tpgi.com.au [202.7.173.21]<\/em>
\n6 28 ms 30 ms 22 ms syd-gls-har-crt1-be-10.tpgi.com.au [202.7.171.173]<\/em>
\n7 25 ms 22 ms 22 ms syd-gls-har-int2-be200.tpgi.com.au [203.221.3.68]<\/em>
\n8 176 ms 177 ms 177 ms equinix-ix.sjc1.us.voxel.net [206.223.116.4]<\/em>
\n9 219 ms 219 ms 225 ms bbr1.inapbb-dal-sje-1-2-4-6.dal006.pnap.net [64.95.158.182]<\/em>
\n10 221 ms 222 ms 220 ms bbr2.ae7.dal006.pnap.net [64.95.158.202]<\/em>
\n11 252 ms 254 ms 251 ms bbr1.xe-0-0-1.inapbb-wdc-dal-7.wdc002.pnap.net [64.95.158.210]<\/em>
\n12 259 ms 258 ms 259 ms core2.be-3.inapvox-9.wdc002.pnap.net [64.95.158.245]<\/em>
\n13 236 ms 238 ms 236 ms border12.xe-1-1-bbnet2.wdc002.pnap.net [216.52.127.67]<\/em>
\n14 236 ms 236 ms 236 ms lynda-3.border11.wdc002.pnap.net [69.25.40.38]<\/em>
\n15 239 ms 236 ms 241 ms 45-42-65-4.fwd.lynda.com [45.42.65.4]<\/em>
\n16 236 ms 237 ms 237 ms www.lynda.com [8.39.42.106]<\/em><\/p>\nIP Configuration<\/h3>\n
\nLinux and Mac: ifconfig<\/p>\nARP (Address Resolution Protocol)<\/h2>\n
\nInternet Address Physical Address Type<\/em>
\n192.168.1.1 84-9f-b5-57-f2-47 dynamic<\/em>
\n192.168.1.2 b0-2a-43-57-c3-64 dynamic<\/em>
\n192.168.1.255 ff-ff-ff-ff-ff-ff static<\/em>
\n224.0.0.22 01-00-5e-00-00-16 static<\/em>
\n224.0.0.251 01-00-5e-00-00-fb static<\/em>
\n224.0.0.252 01-00-5e-00-00-fc static<\/em>
\n239.255.255.250 01-00-5e-7f-ff-fa static<\/em>
\n255.255.255.255 ff-ff-ff-ff-ff-ff static<\/em><\/p>\nNetstat<\/h2>\n
\nTCP 192.168.1.13:2257 40.90.189.152:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2293 52.109.116.4:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2317 40.90.189.152:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2321 172.217.194.188:5228 ESTABLISHED<\/em>
\nTCP 192.168.1.13:2326 192-168-1-2:8009 ESTABLISHED<\/em>
\nTCP 192.168.1.13:2404 a184-26-33-55:https CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2405 a184-26-33-55:https CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2406 a184-26-33-55:https CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2411 a23-202-162-124:http CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2412 a23-202-162-124:http CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2413 a23-202-162-124:http CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2414 a23-202-162-124:http CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2415 a23-202-162-124:http CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2416 a23-202-162-124:http CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2417 nme-sot-dry-ak1-136:https CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2418 a184-26-33-55:https CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2419 a184-26-33-55:https CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2420 a184-26-33-55:https CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2426 a184-26-33-55:https CLOSE_WAIT<\/em>
\nTCP 192.168.1.13:2427 mia04-011:http ESTABLISHED<\/em>
\nTCP 192.168.1.13:2441 52.109.116.4:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2577 151.101.80.133:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2588 syd09s14-in-f14:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2592 syd09s17-in-f10:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2594 sin01s16-in-f4:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2600 52.98.4.82:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2609 syd09s13-in-f14:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2610 syd15s01-in-f14:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2611 syd15s03-in-f14:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2612 syd15s06-in-f14:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2613 searchsites:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2615 syd15s02-in-f10:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2618 server-52-85-45-50:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2621 syd15s06-in-f3:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2629 52.109.112.47:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2630 52.109.112.47:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2631 52.109.112.47:https ESTABLISHED<\/em>
\nTCP 192.168.1.13:2635 r-57-41-234-77:http FIN_WAIT_1<\/em>
\nTCP 192.168.1.13:2636 li1462-250:https ESTABLISHED<\/em><\/p>\nNC (Net Cap)<\/h3>\n
Command Summary<\/h3>\n
![\"\"](\"http:\/\/www.spktechfit.com\/wp-content\/uploads\/2019\/11\/CommandLine.png\")
<\/p>\n
\n2.6.5 DNS Harvesting<\/h2>\n
Dig command<\/h3>\n
![\"\"](\"http:\/\/www.spktechfit.com\/wp-content\/uploads\/2019\/11\/dig.png\")
<\/p>\nNSLOOKUP<\/h3>\n
\nServer: UnKnown<\/em>
\nAddress: fe80::1<\/em><\/p>\n
\nName: lynda.com<\/em>
\nAddress: 8.39.42.106<\/em><\/p>\nWhois Lookup<\/h3>\n
\n
\nReverse Whois<\/h3>\n
\nWith this you can enter an email address and it will return which domains are linked to this address. EG: if you put in hostmaster@linkedin.com it pulls up all the domains that have this address as the owner\/contact.<\/p>\n
\nComptia Security+ (SY0-501) Study Notes Menu<\/a><\/h4>\n","protected":false},"excerpt":{"rendered":"