Principles of Cybersecurity, 1st Edition page 277

Copyright Goodheart-Willcox Co., Inc. Chapter 8 Overview of Network Security and Network Threats 277 Quick Look 8.2.2 Continued 4. Launch a web browser, and navigate to a search engine. Enter the search phrase portable apps ping sweep software. Compare some of the software features between the different programs. 5. Discuss with your classmates the benefi ts of using some of these programs as a security technician and the potential hacking risks they represent. Netstat Command A helpful utility for displaying networking connection information with other computers is the netstat command. Netstat allows you to view TCP and UDP connections and to further fi lter the view to ICMP, IPv4 and IPv6. With this command, you can see statistics and which ports are open, closed, or listen- ing to incoming sessions. This may provide clues to the source if you are under attack. The Windows version of the netstat command has the switches shown in Figure 8-25. The syntax for the netstat command is to preface each switch with a dash (–). However, the interval value is not preceded by a dash. Multiple switches can be combined. For example: netstat –a –n 20 CompTIA Security+ 2.2 Goodheart-Willcox Publisher Figure 8-25. Command switches for the netstat command. Multiple switches can be used. Switch Definition a Active: this switch lists all active connections, which includes the listening ports. netstat –a e Ethernet statistics: this switch lists statistics of the Internet connection, which includes the number of packets that were sent, received, errors, etc. netstat –e n This switch lists the connections in numerical or IP form instead of seeing a web address by name, it is listed by its IP address. netstat –n o Owning process: this switch shows the active connection along with the process identification (PID) number. netstat –o p Protocols: this switch allows you to filter through the different protocols. netstat –p tcp (in place of TCP can be any of the protocols: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, UDPv6) r Routing table: this switch is the same as the route print command. netstat –r s Statistics: this switch lists statistics for each protocol (differs from the e switch). netstat –s This switch can be combined with the p switch to identify a specific protocol. netstat –sp udp f Fully qualified domain name: this switch displays the entire name of a foreign address. netstat –f Interval Use this value to give the computer a specific amount of time (in seconds) between the probing of active connections. netstat –an 20

Previous Page Next Page

Principles of Cybersecurity, 1st Edition Page 277 (289 of 634)

Resources and Downloads

Help