Practical Exercise – Additional Command Line Tools

In this practical exercise, you will use four command line tools (not including the DNS command line, which was carried out in a previous lab).
Please read the information, open a command prompt in admin mode, and carry out the instructions given below.

Ping

Ping is a tool to test connectivity.
You can see in the first line below that DNS resolution has taken place and that there are 4 replies.
If you want continuous ping, use ping -t.
If your machine returns an IP version 6 address, you can use command ping packpub.com -4, and it will then return an IP version 4 address.

ping packtpub.com

Pinging www.packtpub.com [104.22.1.175] with 32 bytes of data:
Reply from 104.22.1.175: bytes=32 time=31ms TTL=48
Reply from 104.22.1.175: bytes=32 time=26ms TTL=48
Reply from 104.22.1.175: bytes=32 time=26ms TTL=48
Reply from 104.22.1.175: bytes=32 time=27ms TTL=48
Ping statistics for 104.22.1.175:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 31ms, Average = 27ms

Tracert

tracert www.packtpub.com

Tracing route to www.packtpub.com [104.22.1.175] over a maximum of 30 hops:

  1. <1 ms <1 ms <1 ms Linksys33577 [192.168.1.1]
  2. 2 ms 2 ms 2 ms 209.134-31-62.static.virginmediabusiness.co.uk [62.31.134.209]
  3. 21 ms 15 ms 14 ms brhm-core-2a-et-315-0.network.virginmedia.net [81.110.128.1]
  4. 26 ms 19 ms 20 ms tcma-ic-2-ae9-0.network.virginmedia.net [62.253.174.178]
  5. 28 ms 27 ms 29 ms 162.158.32.254
  6. 26 ms 29 ms 28 ms 162.158.32.11
  7. 26 ms 27 ms 27 ms 104.22.1.175

Trace complete.

Pathping

Pathping begins similarly to a tracert, but afterwards, it calculates the packet loss of the routers it crosses through.

pathping www.packtpub.com

Tracing route to www.packtpub.com [104.22.1.175]
over a maximum of 30 hops:
0 WIN-HB5RLG5VD60.Domain.local [192.168.1.173]
1 Linksys33577 [192.168.1.1]
2 209.134-31-62.static.virginmediabusiness.co.uk [62.31.134.209]
3 * * *
Computing statistics for 50 seconds…
3 * * *

Computing statistics for 50 seconds…
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 WIN-HB5RLG5VD60.Domain.local [192.168.1.173]
0/ 100 = 0% |
1 0ms 0/ 100 = 0% 0/ 100 = 0% Linksys33577 [192.168.1.1]
0/ 100 = 0% |
2 1ms 0/ 100 = 0% 0/ 100 = 0% 209.134-31-62.static.virginmediabusiness.co.uk [62.31.134.209]
Trace complete.

NETSTAT

Netstat is a tool that can show you the users that are connected, the listening ports established, and those in time wait and close wait.
Let us look at each of those in turn:
Listening: the application is running and waiting for a connection.
Established: this is someone connecting to your computer.
Time wait: the computer has finished the session and will disappear after 4 minutes.
Close wait: it has not yet been given the signal by the operating system to close the session.

netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:12993 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12995 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27275 0.0.0.0:0 LISTENING
TCP 127.0.0.1:32017 0.0.0.0:0 LISTENING
TCP 127.0.0.1:32018 0.0.0.0:0 LISTENING
TCP 127.0.0.1:51913 0.0.0.0:0 LISTENING
TCP 169.254.56.227:139 0.0.0.0:0 LISTENING
TCP 172.31.96.1:139 0.0.0.0:0 LISTENING
TCP 192.168.1.173:51823 5.62.54.83:80 ESTABLISHED
TCP 192.168.1.173:51835 5.62.54.83:443 ESTABLISHED
TCP 192.168.1.173:51852 5.62.54.83:443 ESTABLISHED
TCP 192.168.1.173:51853 5.45.62.54:80 ESTABLISHED
TCP 192.168.1.173:51879 20.54.37.73:443 ESTABLISHED
TCP 192.168.1.173:51918 5.62.54.89:80 ESTABLISHED
TCP 192.168.1.173:52087 2.22.17.206:443 CLOSE_WAIT
TCP 192.168.1.173:52088 88.221.18.124:80 CLOSE_WAIT
TCP 192.168.1.173:52089 88.221.18.124:80 CLOSE_WAIT
TCP 192.168.1.173:52090 88.221.18.124:80 CLOSE_WAIT
TCP 192.168.1.173:52091 88.221.18.124:80 CLOSE_WAIT
TCP 192.168.1.173:52092 88.221.18.124:80 ESTABLISHED
TCP 192.168.1.173:52093 88.221.18.124:80 CLOSE_WAIT
TCP 192.168.1.173:52097 51.143.111.143:443 CLOSE_WAIT
TCP 192.168.1.173:52098 51.143.111.143:443 CLOSE_WAIT
TCP 192.168.1.173:52099 51.143.111.143:443 CLOSE_WAIT
TCP 192.168.1.173:52100 51.143.111.143:443 CLOSE_WAIT
TCP 192.168.1.173:52101 51.143.111.143:443 CLOSE_WAIT

Count the number of connections for each category.
Reboot your computer and when you come back count the connections again.

In competing this exercise, you have used the tools ping, tracert, pathping, and netstat.

Check out the book CompTIA Security+: SY0-601 Certification Guide to help you pass on the first attempt.