Chapter 16 - 02 - Learn Troubleshooting Basic Network Issues using Utilities and Tools - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting nslookup nslookup is a program that allows the administrator or system user to enter a host name and retrieve the corresponding IP address or DNS record. It is also used for reverse DNS lookup to find the host name for a given IP address. The nslookup utility is used to look up a specific IP address or multiple IP addresses associated with a domain name(s) at a time. nslookup is used when a user can access a resource by specifying its IP address but not by specifying its domain name. nslookup safeguards against phishing attacks and prevents cache poisoning. The nslookup utility is used to resolve DNS address resolution issues. The nslookup command is executed in the command prompt to look up the IP address for a domain name. Subcommands can be used at the end of the nslookup command to perform queries or to set options. The optimal mail servers SMTP, Post Office Protocol (POP), and Internet Message Access searched using nslookup. Protocol (IMAP) for the desired domain can also be Searching for the Domain Name Using nslookup The user should enter the domain name into the command line to find the IP address or vice versa. nslookup gives the results shown in the screenshot below for google.com. Select Command Prompt — (I > Name : WwWw. g0 Addresses: 2404 : 142.250.196.68 Figure 16.61: Search Domain Name using “nslookup” Command The notification Non-authoritative answer indicates that the local DNS server failed to provide an answer to the query itself and contacted other name servers. The results of nslookup consist of IPv4 (four-figure) and IPv6 addresses (long and dived with colons) of the google domain. netstat The Linux/Windows utility Network Statistics (netstat) displays network connections (incoming and outgoing), network statistics, protocol statistics, and routing tables. It also displays connections that are not established properly and those that are being ended, and it helps solve slowdowns, bottlenecks, or outage problems in networks. Module 16 Page 1986 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Troubleshooting Exam 212-82 Steps to Use netstat Follow the steps below to list various listening ports. o Execute the netstat command list of active connections. o Usethe netstat Command C:\I Interface without any parameters in the terminal to show the —e command to show the statistics of various protocols. Prompt tnetstat Statistics -e Received Bytes 3850711362 Unicast packets Non-unicast packets Discards Errors Unknown 5477744 protocols C:\L > Figure 16.62: Using the netstat -e command in Windows Parrot Terminal File Edit View #netstat Search Terminal Help -e Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Inode Active UNIX domain sockets (w/o servers) RefCnt Flags [ ] Type DGRAM DGRAM DGRAM DGRAM DGRAM STREAM DGRAM STREAM STREAM State Foreign Address I-Node 19719 19258 Path /run/systemd/journal/dev-1log /run/systemd/notify 40599 19678 42315 40772 44505 25563 /run/user/0/systemd/notify /run/systemd/journal/syslog @/tmp/dbus -02JM@bhFoQ 19274 CONNECTED CONNECTED CONNECTED Figure 16.63: Using the netstat -e command Module 16 Page 1987 State /run/systemd/journal/socket /run/user/0/bus |g 1 - in Linux Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting o The command “netstat -a | more” lists all the listening ports of TCP and UDP connections. o0 File Parrot Terminal Edit View Search Terminal Help )t@parrot |-~ #netstat -a | more Active Internet connections (servers and Proto Recv-Q Send-Q Local Address 0 0 0.0.0.0:ipsec-nat-t 0 0.0.0.0:isakmp 0 [::]:ipsec-nat-t 0 [::]:isakmp Active Proto UNIX domain RefCnt 0 [::]:ipv6-icmp sockets (servers Flags [ ] Type DGRAM ACC ACC and established) Foreign Address B [iig)* [::):% established) State I-Node 19719 Path /run/systemd/journal/ SEQPACKET LISTENING LISTENING 40981 19465 /run/udev/control STREAM LISTENING 40985 /run/user/0/keyring/p STREAM STREAM LISTENING LISTENING 40971 38031 @/tmp/.ICE-unix/1091 @/tmp/.X11-unix/X0 40957 @/tmp/dbus-02JMebhFoQ STREAM DGRAM STREAM STREAM STREAM 19258 19262 LISTENING LISTENING LISTENING 19270 /run/user/0/keyring/s /run/systemd/notify /run/systemd/private /run/systemd/journal/ Figure 16.64: Listing the ports of TCP and UDP connections o The command “netstat -at” lists TCP port connections. o Thecommand “netstat -au” lists UDP port connections. o0 File Parrot Terminal Edit View Search @parrot #netstat Terminal Help |-~ -au Active Internet connections (servers and roto Recv-Q Send-Q Local Address 0 0 0.0.0.0:1ipsec-nat-t 0 0 0.0.0.0:isakmp 0 0 O O established) Foreign Address 0.0.0.0:* [::]:ipsec-nat-t [::]:isakmp Figure 16.65: Listing UPD port connections Module 16 Page 1988 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Troubleshooting Exam 212-82 Follow the steps below to list various listening connections. o The command “netstat (N File -1" lists all listening UDP connections. J Parrot Terminal Edit View Search Terminal Help @parrot|—[~ #netstat -1 Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address 0 0 0.0.0.0:ipsec-nat-t 0 0.0.0.0:isakmp 0 [::]):ipsec-nat-t 0 [::]:isakmp 0 [::]:ipv6-icmp Active Proto domain 2 Flags sockets [ ACC [ ACC [ ACC NNNNNNNNNNNNNNNNNNN ix UNIX RefCnt (only Type ign Address 8,001.0.0.0:* 1:): servers) SEQPACKET STREAM STREAM State LISTENING - LISTENING Path /run/udev/control /run/user/0/keyring/ssh LISTENING /run/user/0/keyring/pkcsll [ ACC [ ACC STREAM STREAM LISTENING LISTENING @/tmp/.ICE-unix/1091 @/tmp/.X11-unix/X0 [ ACC STREAM LISTENING @/tmp/dbus-02JMObhFoQ [ ACC I, c STREAM STREAM LISTENING LISTENING /var/run/charon.ctl /run/uuidd/request [ ACC [ ACC [ [ [ ( [ [ [ [ ACC ACC ACC ACC ACC ACC ACC ACC STREAM LISTENING STREAM /run/systemd/private LISTENING STREAM STREAM STREAM STREAM STREAM STREAM STREAM STREAM /run/systemd/journal/stdout LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING /run/dbus/system bus socket /run/snapd.socket /run/snapd-snap.socket /run/pcscd/pcscd. comm /tmp/.X11-unix/X0 /run/lvm/lvmpolld. socket /run/user/0/systemd/private /run/user/0/gnupg/S.gpg-agen Figure 16.66: Listing all listening connections o The command “netstat -1t” lists all TCP listening ports. o The command “netstat -1u” lists all UDP listening ports. ( N File Parrot Terminal Edit View Search Terminal Help @parrot |-~ #netstat -Llu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address 0 0 0.0.0.0:ipsec-nat-t 0 0 0.0.0.0:1isakmp 0 O [::]:ipsec-nat-t 0O [::]:isakmp 0 Figure 16.67: Listing UDP listening ports Module 16 Page 1989 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Troubleshooting Exam 212-82 Follow the steps below to list statistics for different protocols. o The command “netstat -s” lists the statistics for all protocols. Parrot File Edit View Search Terminal Terminal Help Figure 16.68: Listing statistics for all protocols Module 16 Page 1990 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting o The command “netstat -st” lists statistics for TCP. o The command “netstat -su” lists statistics for UDP. The command “netstat -tp” displays the service name with PID. The command “netstat -r” displays the kernel IP routing table. o0 File Parrot Terminal Edit View Search Terminal |#netstat -r] Help ernel IP routing table Gateway @parrot # Genmask 10.10.10.2 0.0.0.0 Flags 0.0.0.0 2029314338 UG -1 MSS Window 00 00 irtt Iface 0 etho 0 etho Figure 16.69: Displaying the kernel IP routing table The command “netstat -i” displays network interface packet transactions. o0 File Parrot Terminal Edit View Search #netstat Terminal Help -i MTU 1500 65536 RX-0K 1706 88 @parrot RX-ERR RX-DRP RX-OVR 0 00 0 00 TX-0K TX-ERR TX-DRP TX-OVR Flg 120 0 0 0 BMRU 88 0 0 0 LRU - [ Figure 16.70: Displaying network interface packet transactions The command “netstat The command “netstat LN File -ie” displays the kernel interface table. -c” prints netstat information continuously. ] Edit Parrot Terminal View Search Terminal Help [#netstat_-c WWwWwwwwwwwN wNoNo O w Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Active UNIX domain sockets (w/o servers) RefCnt Flags Type State 18 [] DGRAM DGRAM [ | DGRAM [ ] [ [ [ [ ( [ ( [ [ [ [ ( [ ] ] | ] ] ] ] ] ] ] ] ] ] DGRAM Foreign Address I-Node 19719 19258 19274 Path /run/systemd/journal/dev-log /run/systemd/notify /run/systemd/journal/socket /run/systemd/journal/syslog @/tmp/dbus-02JM0bhFoQ /run/user/0/bus 40599 DGRAM STREAM CONNECTED 19678 42315 STREAM STREAM CONNECTED CONNECTED 44505 25563 DGRAM STREAM STREAM STREAM STREAM STREAM STREAM DGRAM CONNECTED CONNECTED CONNECTED CONNECTED CONNECTED CONNECTED State 40772 24687 41686 40746 41656 40963 42325 19261 /run/user/0/systemd/notify /run/systemd/journal/stdout @/tmp/.X11-unix/X0 @/tmp/.ICE-unix/1091 /run/user/0/bus Figure 16.71: Displaying netstat information continuously Module 16 Page 1991 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Troubleshooting The command Exam 212-82 “netstat The command “netstat -ap | grep http” lists listening programs. —-statistics --raw” displays raw network statistics. Figure 16.72: Displaying raw network statistics = PuTTY The open-source graphical user interface (GUI) client PuTTY is a terminal emulator application that supports protocols such as SSH, Telnet, Rlogin, and serial for Windows and Unix-like operating systems (OSes). It helps in accessing and managing remote Linux servers. It is an FTP or SSH FTP (SFTP) client for transferring files. It generates hashes for passwords. PUTTY Category Configu r (=] Basic options for your PUTTY session Specfy the destination you want to connect to Logging Host Name (or IP address) Port Terminal Keyboard gell Features Window Connection type: Rawy Teinet Riogin * 5S5H Seqnal Load, save or delete a stored session Saved Sessions Appearance Behaviour Default Settings Load Translation M ye Selection Delet Colours Fonts Connection Data Proxy Telnet Close window on exit: * Always Never Only on clean exit Rlaain About Open Cancel Figure 16.73: Putty Configuration Module 16 Page 1992 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.