Principles of Cybersecurity, 1st Edition page 278

Copyright Goodheart-Willcox Co., Inc. 278 Principles of Cybersecurity The output screen will list data in columns: Proto (name of protocol), Local Address (the IP address and the port number), Foreign Address (the IP address and port number of the remote computer), and State. Figure 8-26 explains the dif- ferent values that may be listed in the State column. There will be different states of connections on the output. Due to the way TCP/IP communicates with other hosts, connections cannot be immediately closed. Packets may arrive out of order or be transmitted after the connection has been closed. This can result in a delay in closing the session. Goodheart-Willcox Publisher Figure 8-26. There are various states that may be listed with the netstat command. Connection State Definition Established Both hosts are connected. Closing The remote host has agreed to close its connection. Listening The local host is waiting to handle an incoming connection. Syn_rcvd A remote host has asked to start a connection. Syn_sent The local host has accepted to start a connection. Last_ack The local host needs to obliterate (erase from memory) the packets before closing the connection. Timed_wait The local host has closed the connection, but it is being kept around so any delayed packets can be matched to the connection and handled appropriately they will time out within four minutes. Close_wait The remote host is closing its connection with the local host, but it is being kept around so any delayed packets can be matched to the connection and handled appropriately they will time out within four minutes. Fin_Wait 1 A client is closing its connection. Fin_Wait 2 Both hosts have agreed to close the connection. Quick Look 8.2.3 Netstat Command The netstat command is useful in examining network connections. There are much data that the com- mand can provide. 1. Applying what you have learned, launch the Windows Command Prompt, and enter the netstat command. It will take a few minutes to collect and view the active connections. 2. Enter netstat –e to see a snapshot of statistics. 3. Enter netstat –a. How does the output with this switch differ from the command with no switches? Remote Connections A remote connection allows a person to use another computer or host, such as a router or switch, as if he or she is sitting in front of it. There are a couple of ways to establish remote connections across a network, such as Telnet and SSH. Remote connections present some security challenges since physical access to the machine cannot be controlled.

Previous Page Next Page

Principles of Cybersecurity, 1st Edition Page 278 (290 of 634)

Resources and Downloads

Help