COMMAND LINE SECURITY TOOLS
If you have ever needed to test to see if another device was available on your network then you have probably used the ping command.
It can be used as one of your troubleshooting tools for security analysis. Ping is a relatively easy tool to use. You simply type ping and the address of the device that you would like to see is available.
How can you use ping?
At the prompt, type “ping” along with the URL or IP address you want to ping, and then hit Enter
Netstat is available on many operating systems. It stands for network statistics and it provides you with different views of what the statistics are for network communications on that particular device.
Type the following command to show all active TCP connections and press Enter:
Type the following command to display active connections showing numeric IP address and port number instead of trying to determine the names and press Enter
The netstat -a command displays all active and inactive connections, and the TCP and UDP ports the device is currently listening.
With this command, we can map out every single router along the way and effectively build a map that shows the route between your system and other devices. If you are running on Mac or Linux OS, the command is “traceroute”, On windows, it is “trace rt”.
In the Command Prompt window, type 'tracert' followed by the destination, either an IP Address or a Domain Name, and press Enter.
e.g. tracert google.co.nz
The command will return output indicating the hops discovered and time (in milliseconds) for each hop.
Whenever we put a name server into our browser, we do not even think about the IP addresses associated with the webserver. We leave it to the domain name services to be able to convert from a fully qualified domain name down to the IP address so that things can communicate from the network. From a security perspective, you may want to perform that lookup by yourself. A very common tool you could use to do that is “nslookup”. This is a tool where you can provide the IP address or the name of a device and it will either perform a lookup or a reverse lookup using the ns lookup utility. The updated utility is called dig. Dig stands for Domain information groper and this is going to provide you with a lot more detail about what it finds on that Domain name server.
Syntax: nslookup [exit | finger | help | ls | lserver | root | server | set | view] [options]
nslookup exit : Exits the nslookup command-line tool.
nslookup finger: Connects with the finger server on the current computer.
nslookup help: Displays a short summary of subcommands.
nslookup ls: Lists information for a DNS domain.
nslookup lserver: Changes the default server to the specified DNS domain.
nslookup root: Changes the default server to the server for the root of the DNS domain name space.
nslookup server: Changes the default server to the specified DNS domain.
arp is the address resolution protocol. It is used across our local network to be able to associate a local IP address with a MAC address of local devices. There is a cache of this that is stored on our computer in the arp cache and we are able to view this arp cache by using the arp command. On most operating systems we would view the arp cache by using the command arp -a. It allows us to verify that the IP an MAC address associations are correct for the devices that we are connecting to.
-a Displays current ARP entries by interrogating the current protocol data.
-g Same as -a
inet_addr Specifies an Internet address.
-N if_addr Displays the ARP entries for the network interface specified by if_addr.
-d Deletes the host specified by inet_addr.
ipconfig (standing for "Internet Protocol configuration") is a Windows command line utility that is used to manage the IP address assigned to the machine it is running in. Used without any additional parameters, it displays the computer's currently assigned IP, subnet mask and default gateway addresses. ipconfig has several command line switches (parameters) preceded with a slash (see list below). The Mac counterpart is ifconfig
ifconfig [...OPTIONS] [INTERFACE]
Newer versions of some Linux distributions don’t have ifconfig command pre-installed. So, in case, there is an error “ifconfig: command not found”, Then execute the following command to install ifconfig.
For Debian, Ubuntu, and related Linux distributions.
sudo apt-get install net-tools
Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. nmap is now one of the core tools used by network administrators to map their networks. The program can be used to find live hosts on a network, perform port scanning, ping sweeps, OS detection, and version detection. Nmap can be said to monitor single hosts as well as vast networks that encompass hundreds of thousands of devices and multitudes of subnets.
To run a ping scan, run the following command:
# nmap -sp 220.127.116.11/24
To run a host scan, use the following command:
# nmap -sp <target IP range>
Netcat or NC is a utility tool that uses TCP and UDP connections to read and write in a network. It can be used for both attacking and security. In the case of attacking. It helps us to debug the network along with investing it. It runs on all operating systems. NetCat is designed as a Dependable ‘back-end’ device that can be used directly or easily driven by other programs and scripts. The netcat utility is used to create client-to-server connections. It can fulfil both server and client role.
Netcat commands must start with the “netcat” identifier or “nc” as a shorter option. By default, the Netcat tool will assume you want to perform a port scan unless you indicate otherwise. Different option parameters can be used that include: “-u” for UDP traffic instead of TCP, “-v” for verbose output, “-p” to specify a specific port, and “-D” to turn on full debugging mode. Individual attributes within a Netcat command must be separated with a space