Chapter 16 - 02 - Learn Troubleshooting Basic Network Issues using Utilities and Tools - 02_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
2021
EC-Council
Tags
Related
- Chapter 16 - 01 - Discuss Network Troubleshooting - 01_ocred_fax_ocred.pdf
- Chapter 16 - 01 - Discuss Network Troubleshooting - 03_ocred_fax_ocred.pdf
- Chapter 16 - 01 - Discuss Network Troubleshooting - 04_ocred_fax_ocred.pdf
- Chapter 16 - 01 - Discuss Network Troubleshooting - 05_ocred_fax_ocred.pdf
- Chapter 16 - 01 - Discuss Network Troubleshooting - 06_ocred_fax_ocred.pdf
- Chapter 16 - 01 - Discuss Network Troubleshooting - 07_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting nslookup nslookup is a program that allows the administrator or system user to enter a host name and...
Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting nslookup nslookup is a program that allows the administrator or system user to enter a host name and retrieve the corresponding IP address or DNS record. It is also used for reverse DNS lookup to find the host name for a given IP address. The nslookup utility is used to look up a specific IP address or multiple IP addresses associated with a domain name(s) at a time. nslookup is used when a user can access a resource by specifying its IP address but not by specifying its domain name. nslookup safeguards against phishing attacks and prevents cache poisoning. The nslookup utility is used to resolve DNS address resolution issues. The nslookup command is executed in the command prompt to look up the IP address for a domain name. Subcommands can be used at the end of the nslookup command to perform queries or to set options. The optimal mail servers SMTP, Post Office Protocol (POP), and Internet Message Access Protocol (IMAP) for the desired domain can also be searched using nslookup. Searching for the Domain Name Using nslookup The user should enter the domain name into the command line to find the IP address or vice versa. nslookup gives the results shown in the screenshot below for google.com. Select Command Prompt — (I > Name : WwWw. g0 Addresses: 2404 : 142.250.196.68 Figure 16.61: Search Domain Name using “nslookup” Command The notification Non-authoritative answer indicates that the local DNS server failed to provide an answer to the query itself and contacted other name servers. The results of nslookup consist of IPv4 (four-figure) and IPv6 addresses (long and dived with colons) of the google domain. netstat The Linux/Windows utility Network Statistics (netstat) displays network connections (incoming and outgoing), network statistics, protocol statistics, and routing tables. It also displays connections that are not established properly and those that are being ended, and it helps solve slowdowns, bottlenecks, or outage problems in networks. Module 16 Page 1986 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam Exam 212-82 212-82 Network Troubleshooting Troubleshooting Steps to Use netstat Follow the steps below to list various listening ports. o Execute the netstat command without any parameters in the terminal to show the list of active connections. o Usethe netstat —e command to show the statistics of various protocols. Command Prompt C:\I Ea X tnetstat tnetstat -e -e Interface Statistics Received Sent Bytes 3850711362 49360888 Unicast packets 5477744 607283 Non-unicast packets Discards Errors Unknown protocols C:\L >> Figure 16.62: Using the netstat -e command in Windows L Parrot Terminal Terminal File File Edit View Edit Search Terminal Help #netstat #netstat -e -e Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State Inode Active UNIX domain sockets (w/o servers) RefCnt Flags Type State I-Node Path 18 [[ |] DGRAM 19719 /run/systemd/journal/dev-1log /run/systemd/journal/dev-log 3 DGRAM 19258 /run/systemd/notify DGRAM 19274 /run/systemd/journal/socket WWNWNNOD DGRAM 40599 /run/user/0/systemd/notify DGRAM 19678 /run/systemd/journal/syslog |g STREAM CONNECTED 42315 42315 @/tmp/dbus -02JM@bhFoQ {1 DGRAM 40772 - STREAM CONNECTED 44505 /run/user/0/bus STREAM CONNECTED 25563 Figure 16.63: Using Using the the netstat -e command command inin Linux Module 16 16 Page 1987 Certified Cybersecurity Certified Cybersecurity Technician Technician Copyright Copyright © by by EG-Gouncil EG-Council All Rights Reserved. Reproduction isis Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting o The command “netstat -a | more” lists all the listening ports of TCP and UDP connections. o0 Parrot Terminal File Edit View Search Terminal Help t@parrot )t@parrot |-~ |-~ #netstat -a | more]| more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address 0 0 0.0.0.0:ipsec-nat-t 0.0.0.0:* 0 0.0.0.0:isakmp 0.0.0.0:* 0 [::]:ipsec-nat-t B 0 [::]:isakmp [iig)* 1 Ko 0O [::]:ipv6-icmp 5 [::):% Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path i 19 [ ] E) DGRAM 19719 /run/systemd/journal/ ACC SEQPACKET LISTENING 19465 /run/udev/control ACC STREAM LISTENING 40981 /run/user/0/keyring/s STREAM LISTENING 40985 /run/user/0/keyring/p STREAM LISTENING 40971 @/tmp/.ICE-unix/1091 STREAM LISTENING 38031 @/tmp/.X11-unix/X0 DGRAM 19258 /run/systemd/notify STREAM LISTENING 19262 /run/systemd/private STREAM LISTENING 40957 @/tmp/dbus-02JM0bhFoQ @/tmp/dbus-02JMebhFoQ STREAM LISTENING 19270 /run/systemd/journal/ Figure 16.64: Listing Listing the the ports of TCP TCP and and UDP UDP connections o The command “netstat -at” lists TCP port connections. o Thecommand “netstat -au” lists UDP port connections. Oo0e Parrot Terminal Terminal File Edit View Search Terminal Help @parrot |-~~ #¥netstat #netstat -au Active Internet connections (servers and established) roto Recv-Q Send-Q Local Address Foreign Address dp 0 0 0.0.0.0:1ipsec-nat-t 0.0.0.0:ipsec-nat-t 0.0.0.0:* dp 0 0 0.0.0.0:isakmp 0.0.0.0:1isakmp dp6 0 O0 [::]:ipsec-nat-t dp6 0 0O [::]:isakmp Figure 16.65: Listing UPD port connections Module 16 Page 1988 Certified Cybersecurity Technician Copyright © by EG-Gouncil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting Follow the steps below to list various listening connections. o The command “netstat -1" lists all listening UDP connections. -1”" LN(N J Terminal Parrot Terminal File Edit View Search Terminal Help @parrot|—[~ |-/~ @parrot #netstat -1 Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address ign Address 0 0 0.0.0.0:ipsec-nat-t 8,001 0 0.0.0.0:isakmp.0.0.0:* 0 [::]:ipsec-nat-t [::]):ipsec-nat-t 1:): 0 [::]:isakmp 0 [::]:ipv6-icmp Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State - Path ix 2 [ ACC ] SEQPACKET LISTENING /run/udev/control [ ACC ] STREAM LISTENING /run/user/0/keyring/ssh [ ACC ] STREAM LISTENING /run/user/0/keyring/pkcsll /run/user/0/keyring/pkcs1l NNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNN [ ACC ] STREAM LISTENING @/tmp/.ICE-unix/1091 [ ACC ] STREAM LISTENING @/tmp/.X11-unix/X0 [ ACC ] STREAM LISTENING /run/systemd/private [ ACC ] STREAM LISTENING @/tmp/dbus -02JMObhFoQ @/tmp/dbus-02JMObhFoQ [ ACC ] STREAM LISTENING /run/systemd/journal/stdout [ ACC ACG) STREAM LISTENING /var/run/charon.ctl [I, ACC c ] STREAM LISTENING /run/uuidd/request [ ACC ] STREAM LISTENING /run/dbus/system bus_socket /run/dbus/system bus socket ([ ACC ] STREAM LISTENING /run/snapd.socket [ ACC ] STREAM LISTENING /run/snapd-snap.socket [( ACC ] STREAM LISTENING /run/pcscd/pcscd. comm [ ACC ] STREAM LISTENING /tmp/.X11-unix/X0 [ ACC ] STREAM LISTENING /run/lvm/lvmpolld. socket [ ACC ] STREAM LISTENING /run/user/0/systemd/private [ ACC ] STREAM LISTENING /run/user/0/gnupg/S.gpg-agen /run/user/0/gnupg/S.g Figure 16.66: Listing all listening connections o The command “netstat Thecommand -1t” lists all TCP listening ports. o The command “netstat -1u” lists all UDP listening ports. [( N J Parrot Terminal File Edit View Search Terminal Help @parrot |- |-~|~ #netstat -Llu -lu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address 0 0 0.0.0.0:ipsec-nat-t 0 0 0.0.0.0:1isakmp 0.0.0.0:isakmp 0 O [::]:ipsec-nat-t 06] 0OO [::]:isakmp Figure 16.67: Listing UDP listening ports Module 16 Page 1989 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting Follow the steps below to list statistics for different protocols. o The command “netstat -s” lists the statistics for all protocols. Parrot Terminal File Edit View Search Terminal Help Figure 16.68: Listing statistics for all protocols Module 16 Page 1990 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting o The command “netstat -st” lists statistics for TCP. o The command “netstat -su” lists statistics for UDP. The command “netstat -tp” displays the service name with PID. The command “netstat -x” -r” displays the kernel IP routing table. (o0 N ) Parrot Terminal Terminal File Edit View Search Terminal Help |#netstat -] |#netstat -r] ernel ernel IP IP routing routing table table estination Gateway Genmask Flags MSS Window irtt Iface Jefault 10.10.10.2 0.0.0.0 UG 00 0 etho 10.10.10.0 0.0.0.0 253:253: 2029314338 2558 U-1 00 0 etho @parrot it# Figure 16.69: Displaying the kernel IP routing table The command “netstat -i” displays network interface packet transactions. [o0 X J Parrot Terminal Terminal File Edit View Search Terminal Help [#netstat #netstat -i -i ernel Interface table MTU RX-0K RX-ERR RX-DRP RX-OVR RX-0OVR TX-0K TX-ERR TX-DRP TX-OVR Flg 1500 1706 [¢]0 00 120 [¢]0 [¢]0 0 BMRU 65536 88 0 00 88 0 0 0 LRU @parrot - [ Figure 16.70: Displaying network interface packet transactions The command “netstat -ie” displays the kernel interface table. The command “netstat -c” prints netstat information continuously. LN o0 ] Parrot Terminal File Edit View Search Terminal Help [#netstat_-c [#netstat -c Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State Active UNIX domain sockets (w/o servers) RefCnt Flags Type S State I-Node Path 18 [] DGRAM 19719 /run/systemd/journal/dev-log [ |] DGRAM 19258 /run/systemd/notify w [ ] DGRAM 19274 /run/systemd/journal/socket wNoNo O WWwWWwWwwWwwwwNhnwNeNe [ ] DGRAM 40599 /run/user/0/systemd/notify [ ] DGRAM 19678 /run/systemd/journal/syslog [ |] STREAM CONNECTED 42315 @/tmp/dbus-02JM0bhFoQ @/tmp/dbus-02JMebhFoQ [ ]] DGRAM DGRAM 40772 40772 ([ WWwWwwwwwwwN ] STREAM CONNECTED 44505 /run/user/0/bus [ ] STREAM CONNECTED 25563 ([ ]| STREAM CONNECTED 24687 /run/systemd/journal/stdout [ ] STREAM CONNECTED 41686 @/tmp/.X11-unix/X0 [ ] STREAM CONNECTED 40746 [ ] STREAM CONNECTED 41656 @/tmp/.ICE-unix/1091 [ ] STREAM CONNECTED 40963 ( ] STREAM CONNECTED 42325 /run/user/0/bus [ ] DGRAM 19261 Figure 16.71: Displaying netstat information continuously Module 16 Page 1991 Certified Cybersecurity Technician Copyright © by EG-Gouncil EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting The command “netstat -ap | grep http” lists listening programs. The command “netstat —-statistics --raw” displays raw network statistics. Figure 16.72: Displaying raw network statistics == PuTTY PuTTY The open-source graphical user interface (GUI) client PuTTY is a terminal emulator application that supports protocols such as SSH, Telnet, Rlogin, and serial for Windows and Unix-like operating systems (OSes). It helps in accessing and managing remote Linux servers. It is an FTP or SSH FTP (SFTP) client for transferring files. It generates hashes for passwords. PUTTY PUTTY Configuration Configu r (=] Category Basic options for your PUTTY session Specfy the destination you want to connect to Speafy Logging Host Name (or IP address) Port Terminal Terminal Keyboard Connection type: Bell gell Rawy Rawy Telnet Teinet Riogin Riogin ** 55H 5S5H Seqial Seqnal Features Load, save or delete a stored session Window Saved Sessions Appearance Appearance Behaviour Default Settings Load Translation aye M ye Selecuon Selection Delete Delet Colours Fonts Connection Data Proxy Close window on exit: Telnet * Always Never Only on clean exit Rlaain loa About Open Qpen Cancel Figure 16.73: Putty Configuration Module 16 Page 1992 Certified Cybersecurity Technician Copyright © by EG-Council EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.
