Join Malcolm Shore for an in-depth discussion in this video Working with netstat, nbtstat, and arp, part of Penetration Testing Essential Training.
- [Instructor] Netstat and arp are two useful tools for viewing network connections, and these can be used to identify anomalies, and help focus testing on key areas of interest. Let's look at netstat first. Netstat is a tool to list protocol statistics in current network connections. By simply entering netstat we get the current TCP connections. We can see our TCP connections. The first column shows the protocol TCP. The next column shows the local address and port number used.
The next column shows the foreign address, and the final column, the connection state. We can get information on the executable which created the connections using the minus B switch. Here we can see the executable that tones the first of the TCP connections. Similarly, we can use the minus O switch to see the process owning the port. We can use the minus A switch to list all services of the directive, listing both TCP and UDP ports.
This shows the TCP ports that are established as well as both TCP and UDP ports that are open and listening. *.* in the foreign address indicates that a connection hasn't yet been made as would expect for UDP. Let's see how we get the protocol statistics. Here we can see the number of active and passive TCP ports, and failed and reset connections. We can also see a summary of UDP packets sent and received.
With the minus RN switches, we can see the interface tables with MAC addresses and the routing table in numeric IP form. Arp is the address resolution protocol utility, which associates numeric IP addresses with MAC addresses to enable ethernet routing. This is a table, which may be modified by an attacker in order to carry out a man-in-the-middle attack. We can display all address entries using the minus A switch.
We can add an address using the S switch and then we can review the table. With netstat and arp, we can get a good view of the network posture, without resorting to packet traces.
Cybersecurity expert Malcolm Shore reviews popular pen testing tools, as well as the Bash and Python scripting skills required to be able to acquire, modify, and re-use exploit code. He also provides a refresher on Kali Linux and introduces techniques for testing web services. At the end of this course, you'll be prepared to take more advanced training, and to pursue the popular Offensive Security Certified Professional (OSCP) certification.
- Pen testing overview
- Pen testing tools
- Bash scripting
- Python scripting
- Kali and Metasploit
- Web testing
- Finding exploit code