Week 05 - Network Analysis Tools 1 (L11-L13)

Question 1

What is the host file?

Answer 1

Local file that maps IP address to host names

Question 2

What is ping?

Answer 2

Windows command to check if host is alive. Sends ICMP packets

Question 3

What can be identified with port scanning?

Answer 3

Open ports of a system

Question 4

What does the arp command?

Answer 4

Shows local ARP table. MAC address to IP address. Two modes: static & dynamic

Question 5

Name ports for: http, smtp, telnet, dns, ftp, DHCP, ssh, imap, pop

Answer 5

80 (http), 25 (smtp), 21 (ftp), 53 (dns), 21 (ftp), 63 (dhcp), 22 (ssh), 143 (imap), 110 (pop)

Question 6

What are IPID?

Answer 6

IP Identification Number. Attacker might see how many packets are already sent.

Question 7

What are well known ports?

Answer 7

Reserved system ports defined by IANA. The first 1024 ports are reserved

Question 8

What is tracert?

Answer 8

Tracert shows route of an IP packet to his destination (hop by hop)

Question 9

What is ipconfig?

Answer 9

Windows command to configure NIC

Question 10

What is nslookup?

Answer 10

sends request to DNS to resolve either IP or domain name

Question 11

What is TTL? Why is it required?

Answer 11

Time To Live: Time a network packets will be send around in a network before it gets dropped.

Question 12

What is TCPview and Superscan?

Answer 12

Port scanning tools

Question 13

What is netstat?

Answer 13

Netstat shows all network connections which are currently open.

Question 14

Explain Stealth Scan and TCP Connect San?

Answer 14

Stealth Scan: sends SYN packet, host will respond with SYN-ACK. Full connection never established

TCP Connect Scan: This scan creates a connection. ACK will be send. Only works on open ports.

Question 15

What is NMAP?

Answer 15

Very powerful network scanner.