Security+ Training Online | Lab | Linux Terminal (2/2)

Alright yes! yes! yes!

The last time we go together I introduced you to the Linux terminal and how to find help using any Linux command.

Today we're going to investigate the top Linux commands you'll need to know for the SY0-501 exam.

• ping
• ifconfig and ip
• netstat
• tracert
• arp

Let's start with PING.

Using PING in Linux

Using PING in Linux isn't all that different from using PING in Windows.  But there are a few notable differences which we should get into.

The unique thing about PING in Linux is that it never stops until you explicitly tell it to stop. 

So when I type:

ping 10.1.30.16

My Linux box will continuously ping the target until I press Ctrl + c

There's a nice little trick to get around that though:

Type:

ping 10.1.30.16 -c 10

Using the "-c" command line switch I'm able to limit my pings to a count of exactly 10.

You can also specify the amount of time your Linux box should wait before sending the next PING packet (also known as an ICMP echo request).

By using the "-i" option, we can set the internal to 5 seconds.

ping 10.1.30.16 -i 5

Alternatively, if we want to flood the target with a prodigious sum of packets we can use the "-f" flag.

Just make sure you only use this command with the explicit written permission of an authorized individual in the target organization.  If you don't have permission to run this command, don't do it.

I'm running it in a carefully controlled lab which I own.  

After starting our ping flood, we can fire up the Task Manger on our Windows Server 2016 Domain Controller and immediately notice that the network adapter is almost completely pegged!

Alright so that was fun.  

Let me show you how to check your IP address.

ifconfig vs ip

You can sit down at virtually any Linux terminal and type:

ifconfig

You'll quickly see the IP address and netmask of the system.  The problem is that this command has been deprecated and is being phased out.

So you should use the ip command instead.

Here's how you can view your ip information using ip:

ip a

If I want to view my default gateway I can type:

ip r

The output below reveals that 10.1.20.1 is my default gateway.

Using Netstat in Linux

Using netstat in Linux is almost identical to Windows.

The purpose of netstat is to reveal all established connections and listening services on a particular machine.  It's great for an incident responder because if she notices a connection in an ESTABLISHED state to a foreign address assigned to a Iranian based IP, she might wonder what's going on there.

We can type:

netstat -at

This shows us all the TCP connection open on the local machine.  In the graphic below you can see I'm listening on port 4444 and "http" which is 80 by default.

Using tracert

You can also use tracert to trace the router topology separating your local machine to your target. 

Network administrators sometimes use this to troubleshoot network connectivity issues. Each IP in the tracert output is a router along the path to your target.

To get started simply type:

tracert google.com

Arp like a dog!

And now we have ARP.

The address resolution protocol is critical because without it, we couldn't communicate with other machines.

To learn more about ARP and (and networking fundamentals), sign-up for our n00b to Ninja online course.  Trust me, you'll be glad you did.

In the meantime, back to Linux.

If we type arp here you can see our local arp cache.

This is the dynamic database of IP address to MAC address mappings.

The graphic below shows one mapping: 00:7d:e3:ec:dc:01 maps to the IP address of my default gateway (represented by _gateway)

But what the heck is the address of _gateway?

Remember, that's what "ip r" does:

ip r 

Alright, so there you have it.  If you want to watch me go into more detail with Linux commands, watch the short video below...

Oh, and don't forget to subscribe to our email news letter so you can get exclusive SY0-501 Security+ content delivered to your inbox!