Networks and ports are probably the first elements hackers enumerate. Let's see useful commands to analyze the situation.
netstat
netstat
shows open ports and connections (network statistics):
netstat -ano
With the above command, you can list active connections, state of the sockets, IP addresses, process IDs. It's available on Windows too.
nmap
The ultimate enumerator and probably the most popular: light, powerful, Swiss knife. The only inconvenience is the extensive range of options and modes that can be overwhelming for beginners, but there are lots of blog posts and documentations available:
nmap -O -sS TARGETED_MACHINE
-
-O
will determine the operating system, which is often needed during analysis -
-sS
is for TCP SYN Scan
arp
The command dumps the ARP cache, a dynamic list of IP and MAC addresses of the routers your computer communicated with recently:
arp -a
This cache is used by your machine to store information and prevent useless queries every time you communicate with other devices in the same network or external devices.
nslookup
nslookup
can query a domain server and resolve associated IP addresses:
nslookup wikipedia.org
ssh
OpenSSH ssh
allows you to connect to a remote host. It's said to be way more secure than the old telnet
that transmits all information in plain text.
It checks if the target host is up and encrypts communications. It's quite straightforward:
ssh user@IP
If your SSH keys (ls ~/.ssh
) are authorized on the remote host (cat ~/.ssh/authorized_keys
), you can connect without your password:
ssh -i ~/.ssh/YOUR_PRIVATE_KEY user@IP
ping
ping
uses ICMP (Internet Control Message Protocol) to send packets to a host and see if it replies:
ping -6 github.com
The above ping command will ping github.com and force IPv6 instead of IPv4.
traceroute
traceroute
is helpful to retrieve the whole path to a source server. It will also list all routers, also known as "hops," on the way.
Unlike ping
, the purpose of traceroute
is not to send a message to get an echo reply that confirms the host is up. Indeed, it's usually the command you use if ping
fails and to determine where packets are lost.
In a security perspective, it can spot anomalies such as unauthorized routers installed by hackers:
traceroute mozilla.org
N.B: tracert
is the equivalent in Windows.
Top comments (0)