Tools of the trade Flashcards
(31 cards)
What does the arp -a command show?
Shows all cached IP address/mac addresses used
What does Nmap do?
Scans network and looks at every IP to see what’s being used - used in command prompt
What is NMS
Network Management Station
Software for managing and configuring SNMP devices
TCP dump for linux is used for what?
Sniffing and collecting info on all incoming and outgoing packets
Netstat -n
Shows who I am talking to
SNMP uses what ports?
UDP port 161 or port 10161 when using TLS(transport layer security)
What are centralized logs?
Logs kept on a central server.
Can use SNMP
Log data should have all of the following…
Date, time, process/source, account, event number, event description
What are 3 types of logs?
Event
Security
Audit
What are two types of events?
Network
Non-network
What is SNMP?
Simple Network Management Protocol
SNMP managed devices run an agent that talks with a NMS
What does the nslookup command show?
Query’s the dns server
SNMPwalk
One command sends many “gets” at once
What is the ipconfig command in linux?
ip addr
SNMP term - Get
Sending query to device
SNMP term - Trap
Sends reply to NMS automatically when it hits certain values
What is Zenmap?
Its a graphical user interface version of Nmap to make it easier to read
Ping -t in windows
Ping in linux
Will keep pinging until you stop it
What does the dig command show in linux?
Ex: dig www.google.com
Shows server and cached info
What are decentralized logs?
Logs on a local machine
Wireshark allows us to filter the data by…
Services and protocols
What does sudo netcat -L 231 do?
Opens up port 231 as a listening port
-Used for pentesting and aggresive use
What two functions does a protocol analyzer have?
Sniffing and analyzing the data
What does the netstat command show?
Shows all connections and ports
