Basic Command Line Tools - ASM , Rockville , Maryland

Basic Command Line Tools

CompTIA Security+ Objectives 2.2 –  CompTIA A+ Objectives Core 2 – 1.4

Ping

Ping is a command used to measure the latency between two devices on a network. The ping command is available on every operating systems and is a measure of the latency we feel in everything we do online, whether it’s clicking a link, posting a status update, sending a message, playing a game, uploading a file, streaming an online video, or anything else. If you’re using a website and it takes a long time to load a new page every time you click a link, you’re probably experiencing a high ping to that site. If it’s fast, you probably have a low ping.

Netstat

Netstat — derived from the words network and statistics — is a program that’s controlled via commands issued in the command line. It delivers basic statistics on all network activities and informs users on which portsand addresses the corresponding connections (TCP, UDP) are running and which ports are open for tasks.

In Windows operating systems, you can use the netstat services via the command line (cmd.exe). You can find them in the start menu under “All Programs” -> “Accessories” -> “Command Prompt”. Alternatively, you can search directly for “Command Prompt” in the start menu’s search field or start the command line via “Run” (Windows key + press “R” and enter “cmd”).

Tracert

The tracert command is a Command Prompt command that’s used to show several details about the path that a packet takes from the computer or device you’re on to whatever destination you specify.

You might also sometimes see the tracert command referred to as the trace route command or traceroute command.

Traceroute is a useful tool for determining the response delays and routing loops present in a network pathway across packet switched nodes. It also helps to locate any points of failure encountered while en route to a certain destination.

To run traceroute on Windows:

Open the command prompt.
>>Go to Start > Run.
>>Type cmd and press the Enter key.
>> In the command prompt, type:
tracert hostname
where hostname is the name of the server connection you are testing.

Nslookup/Dig

NsLookup/Dig (Microsoft Windows uses nslookup, while Mac OS X and Linux use dig.)  is a tool included in many operating systems that can look up IP addresses and perform other searches on DNS domains and servers. This resource is housed in a utility called nslookup.exe. NsLookup is a basic way to get fundamental DNS information quickly and easily.

nslookup/Dig is used to troubleshoot server connections or for security reasons. Such reasons include guard against phishing attacks, in which a domain name is altered — for example, by substituting the numeral 1 for a lowercase l — to make an unfriendly site look friendly and familiar (joes1owerprices.com vs. joeslowerprices.com).

DNS, or nslookup, also helps deter cache poisoning, in which data is distributed to caching resolvers, posing as an authoritative origin server.

ARP

ARP (Address Resolution Protocol) is a network protocol used to find out the hardware (MAC) address of a device from an IP address. It is used when a device wants to communicate with some other device on a local network (for example on an Ethernet network that requires physical addresses to be known before sending packets). The sending device uses ARP to translate IP addresses to MAC addresses. The device sends an ARP request message containing the IP address of the receiving device. All devices on a local network segment see the message, but only the device that has that IP address responds with the ARP reply message containing its MAC address. The sending device now has enough information to send the packet to the receiving device.

ipconfig

Internet Protocol Configuration (ipconfig) is a Windows console application that has the ability to gather all data regarding current Transmission Control Protocol/Internet Protocol (TCP/IP) configuration values and then display this data on a screen. Ipconfig also refreshes the Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) settings each time it is invoked. When invoked without additional parameters, ipconfig simply displays the IP address, default gateway and subnet mask for all available adapters.

Tcpdump

Tcpdump is a command line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues, as well as a security tool.

A powerful and versatile tool that includes many options and filters, tcpdump can be used in a variety of cases. Since it’s a command line tool, it is ideal to run in remote servers or devices for which a GUI is not available, to collect data that can be analyzed later. It can also be launched in the background or as a scheduled job using tools like cron.

Nmap

Network Mapped (Nmap) is a network scanning and host detection tool that is very useful during several steps of penetration testing. Nmap is not limited to merely gathering information and enumeration, but it is also powerful utility that can be used as a vulnerability detector or a security scanner. So Nmap is a multipurpose tool, and it can be run on many different operating systems including Windows, Linux, BSD, and Mac. Nmap is a very powerful utility that can be used to:

  • Detect the live host on the network (host discovery)
  • Detect the open ports on the host (port discovery or enumeration)
  • Detect the software and the version to the respective port (service discovery)
  • Detect the operating system, hardware address, and the software version
  • Detect the vulnerability and security holes (Nmap scripts)

Netcat

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.
It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

It provides access to the following main features:

1) Outbound and inbound connections, TCP or UDP, to or from any ports.
2) Featured tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.
3) Built-in port-scanning capabilities, with randomizer.
4) Advanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of trasmitted and received data.
5) Optional RFC854 telnet codes parser and responder.

 

Are you looking to break into the exciting field of cybersecurity? Join our 5-day CompTIA Security+ Bootcamp Training and build your cybersecurity knowledge and skills. 

Or

Become a certified ethical hacker! Our 5-day CEH Bootcamp is unlike other strictly theoretical training, you will be immersed in interactive sessions with hands-on labs after each topic. You can explore your newly gained knowledge right away in your classroom by pentesting, hacking and securing your own systems. Learn more