We had so much fun in the other episode talking about OSI utilities. I'm like, why don't we just keep going? Now keep in mind, I am going through the utilities that are specified in the CompTIA security plus s y 0501. So I'm not saying this is all there is, but these are definitely on the exam. So the next thing I think we should be talking about is really not just one utility, but a bunch of different utilities that kind of work the same way. So I'm just going to call this IP config.
There's a lot of scenarios in the IT security world where you have to answer one basic question, Who am I and how am I configured? So what I want to talk about real quick are really three different commands that do the same thing, IP config, the IP command, and the deprecated if config So actually, I'm just going to talk about two commands, IP config, which is a Windows tool. IP, which is a Linux tool, if config is, like I said, deprecated. Although there are ways if you actually want to install it and use it, you still can. The important thing is that the IP command does everything the if config command does, and a little bit more, so we'll just stick with that one. So let's go ahead and start with IP config.
So I'm just going to go ahead and run IP config here on my Windows system. Now, if I run it by itself, it gives me a lot of great information. In particular, I've got my ipv6 address. Now windows does temporary ipv6 addresses. So those change very, very quickly. I've got my link, local ipv6 address, I got my ipv4 address, my subnet mask, and my default gateway.
The big deal here is not that IP config is that unique of a command. What gets people in trouble is that you have to know your network for the IP config command to do you any good, for example, or the network ID that I'm doing this video shoot on is 192 168 four. And if we take a look up here, we'll see I have a 192 168 for address. So Life is good. Now I've also got a couple, I've got a virtual machine on here. And this is the Trudeau tunneling adapter, which you'll still see in Windows 10.
The only thing I'm really interested in right here is my Ethernet adapter. So IP config by itself is handy. But if you really want to get some good information, do an IP config slash Hall. And this is going to give you a lot of really detailed information. I need to warn you security plus, while comp Tia is a little bit notorious for taking questions from other types of certification and plopping them in the one certification. So a great example would be right here, where you might see a a plus type question where it's like, gee, how can you determine what your MAC addresses?
And the answer is, is that you have to type IP config slash all and if you look right there, there's my MAC address. So any type of scenario where you need to ask question, Who am I IP config is going to be Your go to tool. Now, the other thing I need to stress is that if you know your network, you can get great information here. Like for example, here's my ipv4 address, and it's 192 168, four dot 34. What if it suddenly became 169 254? Well, now you know I've got a DHCP problem, or what heaven forbid, becomes 10 dot 11 dot 13, or something like that, I might have a rogue DHCP server.
So the power of IP config is knowing your network and being able to make a quick snapshot and look for situations that might be causing problems. So what I want to do now is let's do this all over again, except this time, let's use the Linux IP command. So I'm going to type the most famous version of the IP command ip addr. And when I type this, you can see we've got a lot of great information. And now you'll notice I've got two adapters on here. One of them is just the loopback ello.
And right here is my actual Ethernet right here. So we take a look We've got examples, we've got our MAC address here, we've got our IP address, we've got our subnet mask is whack 24. We can see it's dynamic. There's a ton of information in here. Here's our link local address for ipv6. So I can go in here and get a quick snapshot of what's going on with my system, in particular, my MAC address, my IP configuration.
So that's why we put IP config and the IP command together. It's different operating systems, but they really do the same thing. Okay, that was fun. But I think it's time to start moving into the world of DNS. Anybody feeling like a little ns lookup. DNS problems can drive you absolutely bonkers.
And that's when we turn to tools like good ol ns lookup, and the slightly better dig now before I get started here, I need to warn you. DNS has been a problem now for years in terms of bad guys doing things, so on A lot of the query tools that we use, like ns lookup, and Digg, have been kind of well shut down. It's not that the tools don't know how to query, it just DNS servers have learned not to make responses to these types of tools. So a lot of the things we used to be able to do with ns lookup and dig are kind of gone. However, if you need to make queries to DNS servers, there are some things we can still do with these tools. And probably the most important one is, what is my DNS server?
You know what, let's make it the most important to what is my DNS server? And then the other question you could ask is, is this particular system a DNS server. So let's say you've got a scenario where your DNS simply isn't working. Ns lookup is going to be the tool to turn to to query your DNS server and check things. Now. I'm going to be using ns lookup in Windows.
But keep in mind that ns lookup also works just fine in Linux as well. So ns look up. Now. You can type it by itself. Put it into interactive mode. I personally don't like that.
So I'm going to do this left like this, I'm going to do ns look up www dot total sem calm. So what I'm doing right here is I've made a query and I want to know, what server Am I using for DNS? And then what is the IP address for www.hsn.com. And if you take a look, here, you'll see that my DNS servers currently this machine called Total Home DC to total home. And then the address is an internal address. So I know that I've got an internal DNS server, I'm just not using my Comcast DNS or whatever it might be.
And it does a query for me and it tells me the IP address. Now that's handy, but we can do a couple of other things too. For example, I am going to go to interactive mode. Now watch what happens. So it's just going to sit here like this, and I'm going to change my DNS server. So what I've done is I've said, I don't care what My DNS server normally is I want you to try a different one.
When you run into scenarios where you're worried that your DNS server might be the problem, running ns lookup, and just quickly just making a change, you go, well, let's try this server. And we can go ahead and see if things work better. Now, I have famous public DNS servers like 8888 memorized, but I can go ahead and just do little queries right here and see if anything comes up. So so you can see what I've done is I've queried total sem Comm. Again, I got the same IP address as I should, but you'll see that I'm using a different DNS server. Ns lookup is a great way.
Instead of going into your system and actually changing your DNS settings, you can just use ns lookup and go Look, my DNS server isn't working. Let me try another one and see if everything starts to suddenly work. So it does a really good job with that. Now, ns lookup used to be able to do a lot more but it's been pretty much shut down the DNS servers don't allow The types of queries that ns lookup does, however, there is one tool that's a little bit better than ns lookup. And that tool is called dig. Now there is not a native Windows version of Digg that I know of, there's third party tools that actually work great and even some graphical ones.
But if you really want to get into dig, we've got to go head over to Linux. Alright, so here I am in a Linux system. And I'm just going to run a couple of Digg command so you can get some idea of some of the power you can do. Now, Digg will work like ns lookup. So I've got a scenario where I'm worried about a particular system, I can go ahead and run dig and then whatever domain I want. Now, there's a couple of things that are interesting here, you can see that it resolves total sem.com just fine right here.
But notice what its server is, it's a local server. It's simply telling us that there's a cache on this. This system has been asking about www dot total seven.com so much that it had it locally and it's ready to rock and roll. So just like with ns lookup, if we Want to change the DNS server, it's no big deal. All we do is we type in an add sign, and then the IP address of whatever server we want to use. And you'll see that I get the same response as I should.
But notice down here, you'll see that the server has changed to reflect that I'm using a different box. Now there are a few small things you can do a dig that you cannot do with ns lookup. One of the things that's kind of interesting is that you can query certain records, for example, start of authority or MX records, say you're looking for a mail server, you can actually query a domain to determine things like that. So let's just do one example where I'm going to query total sem.com and find out what the mail server is. So I'll type Digg, and then MX. And then whatever I'm interested in, and you'll see what's happened here is that I now see the MX record.
Hey, looks like total seminars is using Office 365 it says outlook.com. So you can see Digg has a little bit more power than ns lookup in that it can query more public records like start of authority, name server, MX records, things like that. But you're not going to be able to use Digg to query things like a records where suddenly it discovers every host in your network because all your a records pop up. That stuff has been pretty well blocked off. Alright, that stuff was fun. But I've got one more very, very interesting tool I want to show you Netcat I wish I could talk for two hours about this one utility Netcat Netcat is the Swiss Army Knife does anything utility that runs on Linux systems, that gives you the opportunity to do stuff that's actually kind of fascinating Nick Because it's a Swiss Army Knife does so very many things that it's almost hard to wrap it up.
But let me get you through the security plus, basically, net cat can open and listen on ports. And it can also open and act as a client on just about any port you want. So let me give you a quick example here. So I'm going to type sudo Netcat, I'm going to type in minus L. And then I can just type in any arbitrary port that I want. Let's use something that's rare and weird. And what I've just done is I've opened up Port 231 on this system as a listening port.
So what I'm going to need to do is open up another terminal here. And on this terminal, I'm going to just run netstat just so we can see the results of this. Okay, back up towards the top. And if you see right there, you can see that this system is now listening on port 231. Now, the downside to this is that it's just an open port. So if I opened up a listening port on port 80, for example, I would take input from clients who were querying it.
Now, it's not a real web server, so it wouldn't be able to respond. But the important thing is, is that with Netcat, and this is the other part of Netcat. That's fun. I can open a port as a client. And by opening it as a client, I can just take a text file that's got all kinds of evil testing stuff and start attacking a particular web server, or I can do all kinds of strange queries. I can do all kinds of stuff.
Netcat is a tool for aggressive action, you're using Netcat because you're doing a vulnerability assessment, or you're doing some form of pen testing. And you want to do what's known as banner grabbing where you're just trying to get a server to respond to go, Oh, Hi, I am the HTTP server. In these types of situations. It gives you the ability to be able to do stuff Like if you opened up a web browser, I mean, things like Chrome, they're not going to let you type naughty things in because Google likes their product. But with Netcat, you can do stuff like that. Netcat can be used for so much more.
And I'm just barely touching this. You can do File Transfer with it, you can do just about anything. But remember, the most important thing about Netcat is it is a tool for aggressive use. It's not something that your administrator is going to be running on a daily basis. All right, well, I think we have finally covered all of the different OS utilities that you're going to be seen on the comp to security plus exam. Take some time, play with these tools, and most importantly, understand the scenarios where you're going to be applying them because you're going to see it on the exam.