WEBVTT - This file was automatically generated by VIMEO 0 00:00:00.600 --> 00:00:03.900 Hello and welcome to this. Cali fundamentals 1 00:00:03.900 --> 00:00:06.800 lesson. I'm your host Robert Smith, and 2 00:00:06.800 --> 00:00:09.900 I'm very excited to be here with you today. So you 3 00:00:09.900 --> 00:00:12.600 may have already seen some networking commands. You 4 00:00:12.600 --> 00:00:15.600 may be familiar with some networking commands, but maybe you're asking yourself. 5 00:00:15.600 --> 00:00:18.900 You know, what are some of the differences between Linux 6 00:00:18.900 --> 00:00:21.500 Cali and and windows with respect 7 00:00:21.500 --> 00:00:25.000 to like, you know with Windows systems the 8 00:00:24.500 --> 00:00:27.400 command to look at an interface may be different than 9 00:00:27.400 --> 00:00:30.200 that of a Linux system or I tried a few 10 00:00:30.200 --> 00:00:33.300 things on my Windows system that don't 11 00:00:33.300 --> 00:00:36.900 seem to work on Linux. That's 12 00:00:36.900 --> 00:00:39.400 what we're going to be looking at today. So when you walk away 13 00:00:39.400 --> 00:00:42.600 from this lesson, you should have a high level again 14 00:00:42.600 --> 00:00:45.300 a high level understanding of some key 15 00:00:45.300 --> 00:00:48.500 networking commands and the high level understanding of 16 00:00:48.500 --> 00:00:51.500 when these commands should be used based on our discussions and 17 00:00:51.500 --> 00:00:54.400 points here today. So let's go ahead and Jump Right In 18 00:00:55.300 --> 00:00:58.500 So I've just got a few commands here to get us started 19 00:00:58.500 --> 00:01:01.700 and some screenshots that will go over here together. So 20 00:01:01.700 --> 00:01:04.400 you've probably seen me using ping already and 21 00:01:04.400 --> 00:01:07.100 you probably have run into ping and use 22 00:01:07.100 --> 00:01:10.300 ping before in maybe school or maybe 23 00:01:10.300 --> 00:01:13.100 you know, you're working on the support desk or something 24 00:01:13.100 --> 00:01:16.700 like that or for an organization and you have to use ping essentially what 25 00:01:16.700 --> 00:01:19.100 Ping does here is it's the same thing as it 26 00:01:19.100 --> 00:01:23.700 is on a Windows system. It's just pinging an IP address or domain 27 00:01:22.700 --> 00:01:25.700 name. Now the primary difference 28 00:01:25.700 --> 00:01:28.100 to keep in mind between ping here is that if you get a 29 00:01:28.100 --> 00:01:31.300 response and you don't do a control C when 30 00:01:31.300 --> 00:01:34.400 you're using ping, it's just gonna continue to Ping until you 31 00:01:34.400 --> 00:01:37.200 stop it. So you the difference here's with Windows when 32 00:01:37.200 --> 00:01:40.500 you do a pain it'll ping a couple times and stop with a 33 00:01:40.500 --> 00:01:43.800 linen space system. It's going to continue to 34 00:01:43.800 --> 00:01:44.900 Ping until you stop it. 35 00:01:45.600 --> 00:01:48.300 Now if config is going to be the way 36 00:01:48.300 --> 00:01:52.400 that we look at interface information on Cali systems 37 00:01:52.400 --> 00:01:55.400 Linux systems and general as you can see here. It gives 38 00:01:55.400 --> 00:01:58.800 us a kind of layout on the interface IP 39 00:01:58.800 --> 00:02:01.500 address the network address broadcast address Etc 40 00:02:01.500 --> 00:02:05.100 gives us some packing information and additional stuff 41 00:02:04.100 --> 00:02:07.500 like that. And then that's your loop back interface 42 00:02:07.500 --> 00:02:10.400 there that's running on the system as 43 00:02:10.400 --> 00:02:13.100 well. Now a command I wanted to add in here 44 00:02:13.100 --> 00:02:16.400 because we're looking at you know, doing security testing and things 45 00:02:16.400 --> 00:02:19.800 of that nature is if config promisc now, 46 00:02:19.800 --> 00:02:23.400 there's a component in between the if 47 00:02:23.400 --> 00:02:27.100 config and promiscuous that's not listed here because it varies 48 00:02:26.100 --> 00:02:30.000 depending on what you want to make promiscuous now making an 49 00:02:29.500 --> 00:02:32.400 interface promiscuous is essentially going 50 00:02:32.400 --> 00:02:35.300 to mean that traffic it wouldn't otherwise pick up on or Listen 51 00:02:35.300 --> 00:02:38.600 to It's going to pick up on everything and listen to everything and 52 00:02:38.600 --> 00:02:41.100 this could be good for packet captures. You may notice when you 53 00:02:41.100 --> 00:02:45.200 use tools like Wireshark or something like that that it 54 00:02:44.200 --> 00:02:45.300 will 55 00:02:45.600 --> 00:02:48.500 Promiscuous mode and collect all of the data coming across an 56 00:02:48.500 --> 00:02:51.400 interface. So this is how you can manually turn 57 00:02:51.400 --> 00:02:54.800 promiscuous mode on which you'll do is you'll notice that it 58 00:02:54.800 --> 00:02:57.800 didn't have the interface information in between ifconfig 59 00:02:57.800 --> 00:03:00.300 and promiscuous. And so it didn't find a device 60 00:03:00.300 --> 00:03:03.300 when we add that ethernet 0 there like 61 00:03:03.300 --> 00:03:06.600 we saw in the ifconfig information. We then 62 00:03:06.600 --> 00:03:09.500 see after we do a quick check that it's running in 63 00:03:09.500 --> 00:03:12.200 promiscuous mode, which is what we've got here. If you need to 64 00:03:12.200 --> 00:03:15.800 turn that off you just add a minus sign in front of the premisk and 65 00:03:15.800 --> 00:03:18.600 you'll notice here that it's no longer running in promiscuous mode 66 00:03:18.600 --> 00:03:21.600 in that space like it was before now the other 67 00:03:21.600 --> 00:03:24.400 command that I have here is trace route and what that 68 00:03:24.400 --> 00:03:27.100 does is that's like a troubleshooting tool that can help 69 00:03:27.100 --> 00:03:30.500 you kind of map out a path or or see the route 70 00:03:30.500 --> 00:03:33.900 to a particular domain or 71 00:03:33.900 --> 00:03:35.800 maybe a particular internal system. 72 00:03:37.300 --> 00:03:40.100 Um, so in this case, I was just trying to get it to to look up 73 00:03:40.100 --> 00:03:43.200 my Google DNS but it didn't reach it because it's got 74 00:03:43.200 --> 00:03:46.300 a 30 hot Max. But in this case it would list out maybe 75 00:03:46.300 --> 00:03:49.700 on the internal systems the pathway that a 76 00:03:49.700 --> 00:03:52.900 route takes or that that it that the communications will 77 00:03:52.900 --> 00:03:55.700 take to get to an end system. So with 78 00:03:55.700 --> 00:03:58.300 those things in mind, let's do a quick check on 79 00:03:58.300 --> 00:04:01.100 learning. So which command allows you 80 00:04:01.100 --> 00:04:03.000 to set an interface to promiscuous mode? 81 00:04:05.200 --> 00:04:08.500 All right, so you may be thinking. Well, I 82 00:04:08.500 --> 00:04:11.400 know that if config is not the case because that shows 83 00:04:11.400 --> 00:04:14.400 me interface information. I know what Ping does definitely 84 00:04:14.400 --> 00:04:17.800 not ping ping doesn't do anything, but give us some feedback 85 00:04:17.800 --> 00:04:19.400 from an inner from a system. 86 00:04:20.500 --> 00:04:23.100 Promiscuous or promisc enabled is not 87 00:04:23.100 --> 00:04:27.700 the case because we don't have any way that we're identifying, you 88 00:04:26.700 --> 00:04:29.300 know, the interface that's going to run a 89 00:04:29.300 --> 00:04:32.600 promiscuous mode and it's missing a component and we 90 00:04:32.600 --> 00:04:36.000 didn't even use enabled when we were going through that together. So 91 00:04:35.300 --> 00:04:38.800 the likely Choice here is going to be if config 92 00:04:38.800 --> 00:04:41.300 you'll have an interface type with a number 93 00:04:41.300 --> 00:04:44.100 and promisc and that will enable promisc and 94 00:04:44.100 --> 00:04:47.200 remember if we want to disable promiscuous mode. We just put a 95 00:04:47.200 --> 00:04:50.300 minus out in front of the promisc command. So 96 00:04:50.300 --> 00:04:53.200 great job on that. Let's go ahead and jump into our next set 97 00:04:53.200 --> 00:04:53.700 of commands. 98 00:04:54.600 --> 00:04:57.400 Now these are a few additional commands that 99 00:04:57.400 --> 00:05:00.300 will help you in things like troubleshooting looking 100 00:05:00.300 --> 00:05:03.500 up domain information as well as looking up 101 00:05:03.500 --> 00:05:07.000 your wireless interface information. Now, I don't have any wireless 102 00:05:06.400 --> 00:05:09.300 cards or anything like that that are 103 00:05:09.300 --> 00:05:12.100 running on my instant. So you'll notice when you look at 104 00:05:12.100 --> 00:05:15.900 the IW config that it 105 00:05:15.900 --> 00:05:19.100 doesn't have any Wireless extensions. And so that's okay because 106 00:05:18.100 --> 00:05:21.300 I shouldn't I haven't said any of 107 00:05:21.300 --> 00:05:24.000 that up, but if you did and you were troubleshooting that you would be 108 00:05:24.200 --> 00:05:27.300 able to see here whether or not your instance was picking up your 109 00:05:27.300 --> 00:05:28.000 wireless information. 110 00:05:28.800 --> 00:05:31.300 Now as you get into security testing and 111 00:05:31.300 --> 00:05:34.900 as you get into working with this distribution net stat is a 112 00:05:34.900 --> 00:05:37.400 wonderful wonderful thing to know I actually 113 00:05:37.400 --> 00:05:40.500 don't have a switch on the end of this which is like a dash in 114 00:05:40.500 --> 00:05:43.600 a set of letters, but I love to use that's a 115 00:05:43.600 --> 00:05:46.400 horrible a a ntp which gives me 116 00:05:46.400 --> 00:05:49.300 several different outputs, but it's 117 00:05:49.300 --> 00:05:54.700 primarily going to focus on the listening and connected systems 118 00:05:52.700 --> 00:05:55.300 reports that 119 00:05:55.300 --> 00:05:59.100 are open and listening and what they're connected to the netstat 120 00:05:58.100 --> 00:06:01.300 in general is just going to give you a slew of 121 00:06:01.300 --> 00:06:04.300 information about the different things that are listening and running on a system 122 00:06:04.300 --> 00:06:07.300 but a great command to know when something you're gonna want to add to 123 00:06:07.300 --> 00:06:10.700 your toolbox in this look up now, you'll 124 00:06:10.700 --> 00:06:13.800 notice here that I used cybrary.it with this 125 00:06:13.800 --> 00:06:17.000 does is it's going to point out some internal 126 00:06:16.600 --> 00:06:19.900 systems that are handling DNS queries 127 00:06:19.900 --> 00:06:22.700 and then it's going to give me the responses from 128 00:06:22.700 --> 00:06:25.500 those systems like the Cyber systems. 129 00:06:25.500 --> 00:06:28.700 Now, of course, this is for educational purposes. 130 00:06:28.800 --> 00:06:32.000 Is this is you know the public DNS 131 00:06:31.300 --> 00:06:34.300 information but you don't want to go any further 132 00:06:34.300 --> 00:06:37.200 in doing any tool utilization or manipulation on these 133 00:06:37.200 --> 00:06:40.200 systems without explicit permission. But if 134 00:06:40.200 --> 00:06:43.300 you're doing some general troubleshooting internally, maybe you're trying 135 00:06:43.300 --> 00:06:46.600 to figure out if your DNS server is busted or you're not getting responses 136 00:06:46.600 --> 00:06:49.900 here or maybe you're not getting responses from here. That's a 137 00:06:49.900 --> 00:06:52.600 good way to start troubleshooting and checking some information out. 138 00:06:53.300 --> 00:06:57.700 An additional tool that you can use is called dig. It's a domain information 139 00:06:57.700 --> 00:07:00.900 grouper and that's going to provide these feedbacks 140 00:07:00.900 --> 00:07:03.300 over here and it's just a little bit more extensive. You'll see 141 00:07:03.300 --> 00:07:07.000 we got the same answers with respect to the cybery 142 00:07:06.800 --> 00:07:09.100 public DNS servers, you'll see 143 00:07:09.100 --> 00:07:13.000 here that we also got feedback from our 144 00:07:12.500 --> 00:07:15.200 internal DNS server. So this is just a 145 00:07:15.200 --> 00:07:18.300 little bit more verbose than dig, but it 146 00:07:18.300 --> 00:07:21.600 can definitely provide you some additional troubleshooting information as 147 00:07:21.600 --> 00:07:24.500 you're trying to figure out or work your way through issues. So 148 00:07:24.500 --> 00:07:28.200 with that in mind, let's do a check on learning which command 149 00:07:28.200 --> 00:07:30.700 could assist in DNS troubleshooting issues. 150 00:07:31.900 --> 00:07:34.700 Well, as we indicated earlier ping definitely, 151 00:07:34.700 --> 00:07:37.200 you know could be used to maybe ping a server or 152 00:07:37.200 --> 00:07:40.400 ping a DNS server and see if it responds that could be 153 00:07:40.400 --> 00:07:43.200 used but that's not specifically going to give us 154 00:07:43.200 --> 00:07:46.100 DNS information. If config, you know, 155 00:07:46.100 --> 00:07:49.300 that is if there's an interface issue and you know, 156 00:07:49.300 --> 00:07:53.300 that would not be directly related to DNS issues net stat 157 00:07:52.300 --> 00:07:55.700 works with us on connections and what's actively 158 00:07:55.700 --> 00:07:58.300 connected so dig again is 159 00:07:58.300 --> 00:08:01.200 the domain information groper which we could use for 160 00:08:01.200 --> 00:08:04.100 troubleshooting DNS issues. There are other tools that you could 161 00:08:04.100 --> 00:08:07.400 use but in the context of this question, that is the correct 162 00:08:07.400 --> 00:08:07.700 answer. 163 00:08:08.500 --> 00:08:11.600 So that's it. We did a very brief lesson 164 00:08:11.600 --> 00:08:14.600 today over some Network commands. We gave you a high 165 00:08:14.600 --> 00:08:18.500 level introduction to things like Ping and ifconfig traceroute. 166 00:08:17.500 --> 00:08:20.900 Netstat dig IW config. 167 00:08:20.900 --> 00:08:23.800 All of those things are going to be foundational As 168 00:08:23.800 --> 00:08:26.500 you move into troubleshooting your Linux 169 00:08:26.500 --> 00:08:29.000 distributions as you work on, you know, 170 00:08:29.300 --> 00:08:32.300 doing security testing and things of that nature and so with 171 00:08:32.300 --> 00:08:35.900 all of that in mind. I want to thank you for your time again today, and 172 00:08:35.900 --> 00:08:37.300 I look forward to seeing you soon.