Networks and ports are probably the first elements hackers enumerate. Let’s see useful commands to analyze the situation.
netstat shows open ports and connections (network statistics):
With the above command, you can list active connections, state of the sockets, IP addresses, process IDs. It’s available on Windows too.
The ultimate enumerator and probably the most popular: light, powerful, Swiss knife. The only inconvenience is the extensive range of options and modes that can be overwhelming for beginners, but there are lots of blog posts and documentations available:
nmap -O -sS TARGETED_MACHINE
-Owill determine the operating system, which is often needed during analysis
-sSis for TCP SYN Scan
The command dumps the ARP cache, a dynamic list of IP and MAC addresses of the routers your computer communicated with recently:
This cache is used by your machine to store information and prevent useless queries every time you communicate with other devices in the same network or external devices.
nslookup can query a domain server and resolve associated IP addresses:
ssh allows you to connect to a remote host. It’s said to be way more secure than the old
telnet that transmits all information in plain text.
It checks if the target host is up and encrypts communications. It’s quite straightforward:
If your SSH keys (
ls ~/.ssh) are authorized on the remote host (
cat ~/.ssh/authorized_keys), you can connect without your password:
ssh -i ~/.ssh/YOUR_PRIVATE_KEY user@IP
ping uses ICMP (Internet Control Message Protocol) to send packets to a host and see if it replies:
ping -6 github.com
The above ping command will ping github.com and force IPv6 instead of IPv4.
traceroute is helpful to retrieve the whole path to a source server. It will also list all routers, also known as “hops,” on the way.
ping, the purpose of
traceroute is not to send a message to get an echo reply that confirms the host is up. Indeed, it’s usually the command you use if
ping fails and to determine where packets are lost.
In a security perspective, it can spot anomalies such as unauthorized routers installed by hackers:
tracert is the equivalent in Windows.