Learn Technology
Learn Technology
#whoami
Learning Cybersecurity from Scatch
Fundamentals Networking and Security Tools
The Bits and Bytes of Computer Networking
Become A Power Operating System User
Week 1 - Playing with CLI
CompTIA Security+ Notes
CompTIA Security+ Exam
Section 1: Overview of Security
Threats, Attacks and Vulnerabilities
Tools and Techniques
PowerShell for Hackers
PowerShell for Hackers #1
PowerShell for Hackers #2
PowerShell for Hackers #3
Docker for Hackers
Learning Docker #1
Email Header Analysis
Basics #1
Exploitation Basics
Reverse Shell vs. Bind Shell
Stages Vs. Non-Staged Payloads
Tutorials
How to compare hashes in Windows Powershell
VirtualBox gets stuck with a black screen.
Intro to MySQL
Basics of Databases and Setup
User Accounts and Grant Privileges
Git and Github
Git and Github
Powered by GitBook

Tools and Techniques

Ping command

​

Netstat

Netstat command allows you to view statistics for TCP/IP protocols on a system. Many attacks establish connections from an infected computer to a remote computer. If you suspect this, you can often identify these connections with netstat.

Windows: 

netstat /?    --> Get help
netstat -a    --> All TCP/UDP ports that a system is listening on.
netstat -e    --> Display details on network statistics, including how many bytes the system send and received
netstat -s    --> Display statistics of packets send and received for specific protocols such as IP, ICMP, TCP and UDP
netstat -n    --> Display addresses and port numbers in numerical order.
netstat -p protocol --> Statistics for a specific protocol. 'netstat -p tcp' shows only TCP statistics
netstat -b    --> Displays the executable involved in creating each connection or listening port.
netstat -o    --> Process ID

🧠 Imagine you want to see all the TCP connections with the port IDs and process IDs.

netstat -ponb tcp

You can see all the ESTABLISHED connections simply piping it:

Tracert

The Tracert command lists the routers between two systems. In this context, each router is referred to as a hop. Tracert identifies the IP address and sometimes the host name of each hop in addition to the round-trip times (RTTs) for each hop.

Windows -> Tracert,

Linux -> Traceroute

Scenario 1: Network administrators typically use tracert to identify faulty routers on the network. Ping tells them if they can reach a distant server. If the ping fails, they can use tracert to identify where the traffic stops. Some of the hops will succeed, but at some point, tracert will identify where packets are lost, giving them insight into where the problem has occurred. Other times, they will see where the RTTs increase as traffic is routed around a faulty router. Tracing a path is especially valuable when troubleshooting issues through a wide area network (WAN).

Scenario 2: From a security perspective, you can use tracert to identify modified paths. As an example, consider Figure 1.5. Users within the internal network normally access the Internet directly through Router 1. However, what if an attacker installed an unauthorized router between Router 1 and the Internet?

Tracing a path with tracert

Traffic will still go back and forth to the users. However, the attacker could capture the traffic with a protocol analyzer and view any data sent in clear-text.

Previous
4: Penetration Testing
Next - PowerShell for Hackers
PowerShell for Hackers #1
Last updated 8 months ago
Contents
Ping command
Netstat
Tracert