Search

COMMAND LINE SECURITY TOOLS

1. ping:

If you have ever needed to test to see if another device was available on your network then you have probably used the ping command.

It can be used as one of your troubleshooting tools for security analysis. Ping is a relatively easy tool to use. You simply type ping and the address of the device that you would like to see is available.

How can you use ping?

At the prompt, type “ping” along with the URL or IP address you want to ping, and then hit Enter

example :

ping www.thecyco.com

2. netstat:

Netstat is available on many operating systems. It stands for network statistics and it provides you with different views of what the statistics are for network communications on that particular device.

Type the following command to show all active TCP connections and press Enter:

netstat

Type the following command to display active connections showing numeric IP address and port number instead of trying to determine the names and press Enter

netstat -n

The netstat -a command displays all active and inactive connections, and the TCP and UDP ports the device is currently listening.


3. traceroute:

With this command, we can map out every single router along the way and effectively build a map that shows the route between your system and other devices. If you are running on Mac or Linux OS, the command is “traceroute”, On windows, it is “trace rt”.


In the Command Prompt window, type 'tracert' followed by the destination, either an IP Address or a Domain Name, and press Enter.

The command will return output indicating the hops discovered and time (in milliseconds) for each hop.

4. nslookup/dig:

Whenever we put a name server into our browser, we do not even think about the IP addresses associated with the webserver. We leave it to the domain name services to be able to convert from a fully qualified domain name down to the IP address so that things can communicate from the network. From a security perspective, you may want to perform that lookup by yourself. A very common tool you could use to do that is “nslookup”. This is a tool where you can provide the IP address or the name of a device and it will either perform a lookup or a reverse lookup using the ns lookup utility. The updated utility is called dig. Dig stands for Domain information groper and this is going to provide you with a lot more detail about what it finds on that Domain name server.

Syntax: nslookup [exit | finger | help | ls | lserver | root | server | set | view] [options]

PARAMETERS

nslookup exit : Exits the nslookup command-line tool.

nslookup finger: Connects with the finger server on the current computer.

nslookup help: Displays a short summary of subcommands.

nslookup ls: Lists information for a DNS domain.

nslookup lserver: Changes the default server to the specified DNS domain.

nslookup root: Changes the default server to the server for the root of the DNS domain name space.

nslookup server: Changes the default server to the specified DNS domain.


5. arp:

arp is the address resolution protocol. It is used across our local network to be able to associate a local IP address with a MAC address of local devices. There is a cache of this that is stored on our computer in the arp cache and we are able to view this arp cache by using the arp command. On most operating systems we would view the arp cache by using the command arp -a. It allows us to verify that the IP an MAC address associations are correct for the devices that we are connecting to.

syntax:

arp -a

-a Displays current ARP entries by interrogating the current protocol data.

-g Same as -a

inet_addr Specifies an Internet address.

-N if_addr Displays the ARP entries for the network interface specified by if_addr.

-d Deletes the host specified by inet_addr.

-s Adds the host and associates the Internet address inet_addr with the physical address eth_addr. eth_addr specifies a physical address.


6. ipconfig/ip/ifconfig: