Chapter 16 - 02 - Learn Troubleshooting Basic Network Issues using Utilities and Tools - 04_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
2020
EC-Council
Tags
Related
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting = speedtest.net The website speedtest.net is used to determine the available bandwidth for a host...
Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting = speedtest.net The website speedtest.net is used to determine the available bandwidth for a host at a point of time. It provides free analysis of Internet access performance metrics. For example, it provides metrics such as the connection data rate (speed) and latency (connection delay). For enhanced test accuracy, it uses TCP sockets and a custom protocol for communication between servers and users. The time taken to upload and download a file can also be determined using this website. All the tests performed by speedtest.net measure the data rate in the download direction (from the server to the user) and that in the upload direction (the user to the server). Result IlI () RESULTS SETTINGS 3 BI04 RTAT, VA 54219 % & PING ms (® (¥ DOWNLOAD Mbps (*) UPLOAD Mbps ACT Fibernet @ Figure 16.80: Working of “Speedtest.net” = pathping Source: https://docs.microsoft.com The pathping utility provides detailed information about the path characteristics from a specific host to a specific destination in a single picture by taking advantage of the ping and tracert/traceroute commands. It helps diagnose packet loss and slow speed faults. Initially, running pathping traces the route to a destination address and launches a 25-s test for each hop to show the pathping statistics on the data loss to each hop. pathping [/n] [/h ] [/g ] [/p ] [/q [/g [/w ] [/i ] [/4 ] [/6 ] [] Options Description /n Prevents the resolving of an IP address to a host name Defines the maximum number of hops for reaching the target (30 /hh / HIATROPSZ | by default) by default) Defines a loose source route through a specified hostlist in the IP /g /g. gy v header (maximum allowed list is 9) Module 16 Page 1997 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting /p Defines the wait time between pings (mostly in milliseconds) /q Defines the number of ICMP queries for each hop (100 by default) /w Defines the wait time for each ICMP reply (3000 ms, i.e., 3 s, by default) /i Defines the source address /4 Forces pathping to use only IPv4 /6 Forces pathping to use only IPv6 Defines the target or destination address that can be identified by the host name or IP address /? Displays all the available options on the command-line interface Table 16.3: pathping command options Steps to Use pathping for Networking Troubleshooting o Run the command pathping in Command Prompt. Interrupt pathping at any time by holding down ctrl + C. ¥ Command Prompt - pathping £.8.2.2 — (| x C:\ 1Ijpathping 8.8.8.8 Tracing route to dns.google [8.8.8 over a maximum of 3@ hops: Windows1e [1©.10.10.10] 10.10.10.2 192.168.1.1 100.64.63.254 192.168.34.201 192.168.48.6 192.168.48.2 192.168.48.49 nsg-corporate-229.104.185.122.airtel.in [122.185.104.229] 182.79.198.6 72.14.208.234 1©8.170©.234.3 142.251.55.227 dns.google [8.8.8.8] Computing statistics for 325 seconds... Figure 16.81: Running the command “pathping” Module 16 Page 1998 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting o Use the command pathping -n to show numeric IP numbers instead of DNS host names. B Command Prompt - pathping -n www.googl... — O x C:\u Trmimtandpathping -n www. 5 Tracing route to www.google.com [172. over a maximum of 3© hops: o 1©.106.10.10 1 2 192.1 3 100. 4 192.16 = 192. 6 192.16 7 192.: 8 122.1 9 182. 72.14.216.192 216.239.54.67 74.125.252.91 172.217.162.164 325 seconds... Figure 16.82: Displaying IP numbers instead of domain names route Source: https://docs.microsoft.com The route utility is used to show the ongoing status of and modifications to the routing table on the Windows host. It is useful when the host has multiple IPs and multiple hosts. Netmasks, network destinations, and gateways are displayed in the active routes section of the route utility. In Unix/Linux, the route command can be used without any command-line switches. The command shows similar outputs for both Windows and Unix/Linux. route [/f] [/p] [ [] [mask ] [] [metric ]] [if ]] Options Description /£ Wipes off all entries in the routing table /p Initializes the new routing table by adding a new route to the registry Defines the command to run (e.g., add, change, delete, or run) Defines the destination or target of the route mask Defines the subnet masks associated with the target Defines the next hop address or transmission metric | Defines the integer cost metric for the route (between 0 and 9999) Module 16 Page 1999 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting if Defines the interface index for reaching the destination /? Displays all the available options Table 16.4: route command options Steps to Use the route Command for Network Troubleshooting o In Windows, use the command route print to view the routing table (IPv4 and IPv6). ‘ Select Command Prompt - [} x Intel(R) 82574L Gigabit Network Connection Ipcap Loopback Adapter Software Loopback Interface ! 00 00 00 ¢ 00 e® Microsoft ISATAP Adapter. 00 00 00 00 e® Teredo Tunneling Pseudo-Interface 00 00 00 00 00 e0® Microsoft ISATAP Adapter #2 IPv4 Route Table Active Rou Network De Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.10.10.2 10.10.10.10 10.10.10.0. Oon-1link 10.10.10.10 10,10.10.10 25 Oon-link 10.10.10.10 10.10.10,255 :.2.. 25 On-link 10.10.10.,10 127. o € Oon-1link 127. 0.1 5 Oon-link 127.0.0.1 Oon-link 127.0.0.1 Oon-link E.178.123 On-link 5 3.123 on-link 169. 78.123 On-link.0.0.1 3 224.0.0.0 240.0.0.0 Oon-1link 169.254,. 3 266 224. 240.0.0.0 On-1link 10.10.10.10 266 On-link.0.1 306 Oon-1link 169.254.178.123 266 Oon-1link.10.10.10 266 Active Rout If Metric Netw < Destination 12 306 ::/ On-link 306 ::1/128 On-link 12 306 2001::/32 On-1link Figure 16.83: Viewing the routing table o To add, delete, or change a route entry, use the following command: route [/p] command dest [mask subnet] gateway [if interface] Example: C:\>route /p add 192.168.5.0 mask 255.255.255.0 192.168.1.500 C:\>route change 192.168.5.0 mask 255.255.255.0 192.168.1.542 C:\>route delete 192.168.5.0 Nmap Source: https://nmap.org Nmap (“Network Mapper”) is a security scanner for network exploration and hacking. It allows the discovery of hosts, ports, and services on a computer network, thus creating a “map” of the network. It sends specially crafted packets to the target host and then analyzes the responses to accomplish its goal. It scans vast networks of hundreds of Module 16 Page 2000 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting thousands of machines. Nmap includes many mechanisms for port scanning (TCP and UDP), OS detection, version detection, ping sweeps, and so on. Either a network administrator or an attacker can use this tool for their specific needs. Network administrators can use Nmap for maintaining network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap can also be used to extract information such as live hosts on the network, open ports, services (application name and version), type of packet filters/firewalls, MAC details, and OSes, along with their versions. Syntax: # nmap Host Discovery o Perform an ARP ping scan for discovering live hosts in the network. Use the -PR option to perform an ARP ping scan. # nmap -sn -PR “® Zenmaj Scan Tools Profile Help Target: | 10.10.10.13 ~ | Profile: ~ Scan Cancel Command: Inmap -sn -PR 10.10.10.13I Services_‘ Nmap Output Ports / Hosts Topology Host Details Scans 0S 4 Host ~ |nmap-sn-PR10.10.10.13 ~ Details #4 10.10.10.13 Starting Nmap 7.80 ( https://nmap.org ) at 2021-06-28 12:27 Standard Time map _scan _report for 10.10.10.13 (o.ees latency). MAC Address: ©00:0C:29:EB:CD:AF (VMware) Nmap done: 1 IP address (1 host up) scanned in ©.61 seconds Filter Hosts Figure 16.84: Screenshot of Nmap host discovery using an ARP ping scan o 0 Use the -PE option to perform the ICMP ECHO ping scan. Active hosts are displayed as “Host is up,” as shown in screenshot. # nmap -sn -PE < Zenmag Scan Tools Profile Help Target: | 10.10.10.13 ‘.v Profile: \.v ‘ Scan Cancel Command: [nmap -sn -PE 10.10.10.13 I Services | Nmap Output Ports / Hosts Topology Host Details Scans 0S 4 Host - nmap -sn -PE 10.10.10.13 ~ Details ® 10.10.10.13 Starting Nmap 7.8@ ( https://nmap.org ) at 2021-06-28 12:31 Standard Time Nmap scan report for 10.10.10.13 [Host 1z up](0.00s latency). MAC Address: ©00:0C:29:EB:CD:AF (VMware) v Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds Filter Hosts Figure 16.85: Screenshot of Nmap host discovery using an ICMP ECHO ping scan Module 16 Page 2001 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting o Use the -PE option with a list of IP addresses to perform an ICMP ECHO ping sweep. # nmap -sn -PR < Zenmap - 0 x Scan Tools Profile Help Target: | 10.10.10.0-15 ~ | profite: ~| [Scan] |cancel Command: [nmap -sn -PE 10.10.10.0-15I Services Nmap Output Ports / Hosts Topology Host Details Scans 0S 4 Host ~ nmap -sn-PE 10.10.10.0-15 ~] Details ® 10.10.10.1 Starting Nmap 7.8@ ( https://nmap.org ) at 2021-06-28 12:37 e Standard Time fes 10.10.10.2 map an_report for 10.10.10.1 ® 10.10.10.10 (e.00s latency). - MAC _Address: ©0:50:56:C0:00:08 (VMware) 10.10.10.13 Nmap _scan report for 10.10.10.2 (e.ees latency). MAC Address: ©0:50:56:FC:26:81 (VMware) Nmap scan report for 10.10.10.13 (e.00s latency). MAC Add i ©0:©C:29:EB:CD:AF (VMware) Nmap scan report for 10.10.10.10 Host is up. Nmap done: 16 IP addresses (4 hosts up) scanned in 8.80© seconds. Filter Hosts Figure 16.86: Screenshot of Nmap host discovery using an ICMP ECHO ping sweep o To scan the given subnet, use the following command without any switches. This command works similarly to the ping command in that it sends TCP ACK packets for the ports 80 and 443 to check whether the target host is alive. It also performs an ARP scan and neighbor discovery scan; if it finds that any host is alive, it starts performing port scanning to detect running services. # nmap Service and Version Discovery o Use the -p option to scan for specified ports numbers or a port range. # nmap -p - Zenmap - - x Scan JTools Profile Help Target: | 10.10.10.10 ~ | Profile: ~ Scan Cancel Command: I nmap -p 80 10.10.10.1(1 Services Nmap Output Ports / Hosts Topology Host Details Scans 0S 4 Host - nmap-p 80 10.10.10.10 Vi | Details #4 10.10.10.10 Starting Nmap 7.8@ ( https://nmap.org ) at 2021-06-28 12:49 Standard Time 4 10.10.10.13 Nmap scan report for 10.10.10.10 Host is up (€.€31s latency). PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in ©.25 seconds Filter Hosts Figure 16.87: Screenshot of Nmap service discovery using a scan for a specified port number Module 16 Page 2002 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting o Use the -sT option to scan for only TCP ports. # nmap -sT ¥ - Zenmap it - (=) a x Scan Jcols Profile Help Torget: | 10.10.10.16 ~ | Profile: ~| ~| [scan] |cancel Command: |nmap -sT -v 10.10.10.16 | : Services Nmap Output Ports / Hosts Topology Host Details Scans 0S ¢4 iost 08 [Host ~-~ |nmop-sT-v 10101076 |nmop-sT-v102101076 ~| & [Details 12:59 Imim Standard Time ~ Initiating ARP Ping Scan at 12:59 Scanning 10.10.10.16 [1 port) Completed ARP Ping Scan at 12:59, ©.06s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 12:59 Completed Parallel DNS resolution of 1 host. at 12:59, ©.05s elapsed Initiating Connect Scan at 12:59 Scanning 10.10.10.16 [1000 ports] Discovered open port 80/tcp 80@/tcp on 10.10.10.16 Discovered open port 139/tcp on 10.10.10.16 Discovered open port 135/tcp on 10.10.10.16 Discovered Dizcovered open port 3389/tcp on 10.10.10.16 Dizcovered open port 111/tcp on 10.10.10.16 Discovered open port 445/tcp on 10.10.10.16 Discovered open port S53/tcp on 10.10.10.16 53/tcp Discovered open port 1069/tcp on 10.10.10.16 Discovered open port 1072/tcp on 10.10.10.16 ;i About 15.60% done; ETC: 13:02 (©:02:48 remaining) Discovered open port 88/tcp on 10.10.10.16 Discovered open port 636/tcp on 10.10.10.16 : About 30.50% done; ETC: 13:02 (0:02:19 remaining) Discovered open port 2103/tcp on 10.10.10.16 - Discovered open port 389/tcp on 10.10.10.16 v Filter Hosts -o C * weoo *® *@ co co oo Figure 16.88: Screenshot of Nmap service discovery using a TCP scan “¥- Zenmap -_ — (] x Scan Jools Profile Help Torget: | 10.10.10.16 ~| Profite: '~| [scan]| [Concel Command: Inmap -sT -v 10.10.10.16 ] _ Services Nmap Output Ports / Hosts Topology Host Details Scans 05 ¢ Blost 0% Blogt ~ | nmap nmap -sT -v 10.10.10.16 ~] Details. ® 10.10.10.16 PORT STATE SERVICE ~ S53/tcp open domain B8O/tcp BO/tcp open http http B88/tcp B88/tcp open open kerberos-sec kerberos-sec 111/tcp open rpcbing 135/tcp open msrpc 139/tcp open netbios-ssn| 389/tcp open ldap 44S5/tcp open microsoft-ds 464/tcp open kpasswdS 593/tcp open http-rpc-epmap 636/tcp open ldapssl 1061/tcp open kiosk 1069/tcp open cognex-insight 1072/tcp open cardax 1801/tcp open msmq 2049/tcp open nfs 2103/tcp open zephyr-clt 2105/tcp open cklogin 2107/tcp open msmq-mgmt 2968/tcp open enpp 3268/tcp open globalcatLDAP 3269/tcp open globalcatlDAPssl 3389/tc ms-wbt -server VMware) i C:\Program Files (x86)\Nmap i 1 IP address (1 host up) scanned in 228.66 Filter H seconds v Figure 16.89: Screenshot of Nmap service discovery using a TCP scan Module 16 Page 2003 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting o Use the -sU option to scan for only UDP ports. “¥ “* Zenmap = O > Scan Scan Jools Jools Profile Profile Help Help Target: || 10.10.10.10 ~| | Profite: Profile: | i~ [se Cancel Command: [nmap 10.10.10.10 | -sU -v 10.10.10.10] \ 1 Services | Nmap Output Ports / Hosts Topology Host Details Scans OS 4¢ Host ~ nmap -sU -v 10.10.10.10 ~| ¢ |Details| #4 10.10.10.10 Initiating Parallel DNS resolution of 1 host. at 13:27 A Completed Parallel DNS resolution of 1 host. at 13:27, ©.42s elapsed Initiating UDP Scan at 13:27 Scanning 10.10.10.10 [1e€@ [1ee@ ports] Discovered open port 137/udp on 10.10.10.10 Completed UDP Scan at 13:27, 6.16s elapsed (10 (100 total ports) Nmap scan report for 10.10.10.10 Host is up (©.€0s (@.€@s latency). PORT STATE SERVICE 137 /udp open netbios-ns 138/udp 138/udp open|filtered netbios-dgm 50e/udp See/udp open|filtered isakmp 19e@/udp 1900/udp open|filtered upnp 3389/udp 3389/udp open|filtered ms-wbt-server ms-wbt-server 3702/udp open|filtered ws-discovery 4500/udp open|filtered nat-t-ike 5353/udp $353/udp open|filtered zeroconf $355/udp open|filtered llmnr 49173/udp open|filtered unknown ;: C:\Program Files (x86)\Nmap : 1 IP address (1 host up) scanned in 6.72 seconds Raw packets sent: 1319 (39.013KB) | Rcvd: 2363 (97.926KB) Filter Hosts Figure 16.90: Screenshot of Nmap service discovery using a UDP scan Module 16 Page 2004 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting o Use the -ss option to perform a stealth scan/TCP half-open scan. # nmap -sS