For CNS (Cryptography and Network Security) practicals.
- Theory
- Tutorial: https://www.youtube.com/watch?v=vUT_wlLJ6x0&list=PLoemDQII_b-5BWi1q_H61nUSyoc1HxxQ_&index=28
-c
,-m
,-m -k
,-x -k
,-a -k
,-v(vv) -a -k
-
Multiple files
-
-O
,-b <log_path>
- Exploits TTL in ICMP.
- TTL is usually 64 and whatever val is displayed is usually the number of hops.
- https://www.youtube.com/watch?v=G05y9UKT69s
- https://www.youtube.com/watch?v=AGUrTwIX7b8
- https://www.youtube.com/watch?v=bzACzCTCTrU
- Sends ICMP echo req and destination sends ICMP echo reply.
- TTL is usually 64 and whatever val is displayed is usually the number of hops.
- The time is the round-trip time.
-c
,-i
(interval),-s
(bytes)
- DNS records: A (IPv4), AAAA (IPv6), CNAME, MX, TXT, SOA
- https://www.youtube.com/watch?v=0qnfKdduXu8
MX
,NS
, <>,+short
,any
,@
- https://www.youtube.com/watch?v=GH9qn_DBzCk
- Penetration testing and vulnerability scanner
-h
,-p
- https://www.youtube.com/watch?v=VytCL2ujjcA
- Penetration testing, passive reconnaissance (ie, uses publicly available info)
- e-mail search and subdomain gathering.
-d <domain> -l <val> -b <search_using>
,-d <domain> -l <val> -b all
- https://www.youtube.com/watch?v=z2EUhV11QB4
- Deepmagic Information Gathering Tool
- Passive reconnaissance
- e-mail search, whois lookup, subdomain gathering, TCP port scanning, etc.
-w
,-n
,-s
,-p
,-o
,-e
, combination of flags- Find domain
- https://www.youtube.com/watch?v=hWc-ddF5g1I
- Packet capture and analyzing tool
-h
,-D
,-i any -c 10 -n (-s)
,-w <file_name.ext> -v
,-n -r <file_name> | less
-i icmp
,"src 172.17.0.3
,(dst <ip> and icmp) and not (port 80 or port 443)"
- TCP flags:
S
(SYN
),.
(ACK
),P
(PSH
),R
(RST
),U
(URG
),F
(FIN
)
- College handout.
- Network Mapper
- Network exploration and security auditing.
- Port states:
open
,closed
,filtered
,unfiltered
,open|filtered
,closed|filtered
- Scans: TCP Connect() (
-sT
), TCP SYN (-sS
), TCP FIN (-sF
), TCP NULL (-sN
), TCP XMAS (-sX
), ACK (-sA
) - Ping sweep (
-sP
) - OS:
-sV
(version detection),-O