Alright yes! yes! yes!
The last time we go together I introduced you to the Linux terminal and how to find help using any Linux command.
Today we're going to investigate the top Linux commands you'll need to know for the SY0-501 exam.
Let's start with PING.
Using PING in Linux isn't all that different from using PING in Windows. But there are a few notable differences which we should get into.
The unique thing about PING in Linux is that it never stops until you explicitly tell it to stop.
So when I type:
My Linux box will continuously ping the target until I press Ctrl + c
There's a nice little trick to get around that though:
ping 10.1.30.16 -c 10
Using the "-c" command line switch I'm able to limit my pings to a count of exactly 10.
You can also specify the amount of time your Linux box should wait before sending the next PING packet (also known as an ICMP echo request).
By using the "-i" option, we can set the internal to 5 seconds.
ping 10.1.30.16 -i 5
Alternatively, if we want to flood the target with a prodigious sum of packets we can use the "-f" flag.
Just make sure you only use this command with the explicit written permission of an authorized individual in the target organization. If you don't have permission to run this command, don't do it.
I'm running it in a carefully controlled lab which I own.
After starting our ping flood, we can fire up the Task Manger on our Windows Server 2016 Domain Controller and immediately notice that the network adapter is almost completely pegged!
Alright so that was fun.
Let me show you how to check your IP address.
You can sit down at virtually any Linux terminal and type:
You'll quickly see the IP address and netmask of the system. The problem is that this command has been deprecated and is being phased out.
So you should use the ip command instead.
Here's how you can view your ip information using ip:
If I want to view my default gateway I can type:
The output below reveals that 10.1.20.1 is my default gateway.
Using netstat in Linux is almost identical to Windows.
The purpose of netstat is to reveal all established connections and listening services on a particular machine. It's great for an incident responder because if she notices a connection in an ESTABLISHED state to a foreign address assigned to a Iranian based IP, she might wonder what's going on there.
We can type:
This shows us all the TCP connection open on the local machine. In the graphic below you can see I'm listening on port 4444 and "http" which is 80 by default.
You can also use tracert to trace the router topology separating your local machine to your target.
Network administrators sometimes use this to troubleshoot network connectivity issues. Each IP in the tracert output is a router along the path to your target.
To get started simply type:
And now we have ARP.
The address resolution protocol is critical because without it, we couldn't communicate with other machines.
To learn more about ARP and (and networking fundamentals), sign-up for our n00b to Ninja online course. Trust me, you'll be glad you did.
In the meantime, back to Linux.
If we type arp here you can see our local arp cache.
This is the dynamic database of IP address to MAC address mappings.
The graphic below shows one mapping: 00:7d:e3:ec:dc:01 maps to the IP address of my default gateway (represented by _gateway)
But what the heck is the address of _gateway?
Remember, that's what "ip r" does:
Alright, so there you have it. If you want to watch me go into more detail with Linux commands, watch the short video below...
Oh, and don't forget to subscribe to our email news letter so you can get exclusive SY0-501 Security+ content delivered to your inbox!
Join our FREE mailing list to get FREE Security+ training online. You'll get tons of Security+ videos, braindump PDFs, lab simulations and more.
Pop in your first name and best email address and we'll send you:
The latest updates on the CompTIA Security+ SY0-501 exam
Proven tips and tricks for passing the exam
Hands on video labs with complete step-by-step walk-throughs
And don't forget to refresh your inbox. You should see us there in about 3 minutes.