Cyber Security

LAB EXPERIMENT 1
1. Perform the following Networking commands using Linux (Kali or Parrot OS):
· Ifconfig
· Ip
· Traceroute
· Tracepath
· Ping
· Netstat
· Nslookup
· Route
· Host
· ARP
· Iwconfig
· Hostname
· Whois
Also Write the description of each command like Working for what purpose with all options for each,
illustrating the execution.

1. ifconfig

 Description:
ifconfig is used to configure, display, or manipulate network interfaces. It's primarily used in
older Linux distributions.
 Purpose: View or change IP addresses, netmask, broadcast address, or bring interfaces
up/down.
 Options:
o up: Activate an interface.
o down: Deactivate an interface.
o -a: Display all interfaces.
2. ip

 Description:
A modern replacement for ifconfig, used for showing/managing IP addresses and routing.

 Purpose: More powerful and versatile than ifconfig.

Options

 ip addr:

o Shows all network interfaces and their IP addresses.

o Includes both IPv4 (e.g., 192.168.1.10) and IPv6 (e.g., fe80::...)
addresses.

 ip link:

o Displays physical and virtual network interfaces.

o Shows operational state (e.g., UP, DOWN) and configuration (e.g., BROADCAST,
MULTICAST).

 ip route:

o Displays active routes.

o The default route shows where packets are forwarded if no specific route
matches.
o Subnet routes indicate local networks.

3. traceroute

 Description:
Traces the route packets take to a host, showing all intermediate routers.
  Purpose: Diagnose routing issues and measure latency.

 Options:

traceroute -I google.com : Uses ICMP echo requests instead of UDP packets.

traceroute -T google.com: Uses TCP packets instead of UDP.

traceroute -n google.com: Avoids DNS resolution (shows IP addresses only).

traceroute -m 5 google.com: Limit to 5 Hops

traceroute --mtu google.com: Displays the maximum transmission unit (MTU) for each hop.

4. tracepath

 Description:
Similar to traceroute, but doesn't require superuser privileges.
 Purpose: Traces the route to a host.
OPTIONS EXECUTION
tracepath -n: This option prints primarily IP
addresses numerically.

tracepath -b : This option print both of host

names and IP addresses.

tracepath -l : This option sets the initial packet

length to ‘pktlen’ instead of ‘65535’ for
‘tracepath’ or ‘128000’ for ‘tracepath6’.
 tracepath -m : This option will set maximum
hops (or maximum TTLs) to ‘max_hops’ instead
of 30.

tracepath -p : This option will set the initial

destination port to use.

5. ping

 Description:
Sends ICMP echo requests to test connectivity and measure round-trip time.

 Purpose: Test if a host is reachable.

 Options:

o -c <count> : Number of packets to send.

o -i <interval> : Interval between packets in seconds.
o -s <size> : Set the packet size in bytes.
o -t <ttl> : Set the Time-to-Live (TTL) for the packets. It specifies the number of hops
(routers) the packet can go through.
o -p <pattern>: Send a specific pattern of data in the packet. The pattern is
represented by hexadecimal digits.
o -f : Flood ping. It sends packets as fast as possible and is useful for testing the
network's ability to handle traffic. (Requires root privileges).
o -q : Quiet output. This option only shows the summary at the end.
o -v : Verbose output, gives detailed information about the packet and process.
o -W <timeout> : Set a timeout in seconds for each response.
o -a : Audible ping. It makes a sound for each packet received.
o -D : Print timestamp (UTC) for each packet sent and received.
o -L : Ping with "low level" data link layer options. This is often used for advanced
testing.

OPTIONS EXECUTION
-c <count> : Number of
packets to send.

-i <interval> : Interval
between packets in
seconds.

-s <size> : Set the packet

size in bytes.

-t <ttl> : Set the Time-to-

Live for the packets. It
specifies the number of
hops (routers) the packet
can go through.

-p <pattern>: Send a
specific pattern of data in
the packet. The pattern is
represented by
hexadecimal digits.

-f : Flood ping. It sends

packets as fast as possible
and is useful for testing
the network's ability to
handle traffic.
-q : Quiet output. This
option only shows the
summary at the end.
 -v : Verbose output, gives
detailed information
about the packet and
process.

-W <timeout> : Set a
timeout in seconds for
each response.

-a : Audible ping. It makes

a sound for each packet
received.

-D : Print timestamp (UTC)

for each packet sent and
received.

-L : Ping with "low level"

data link layer options.
This is often used for
advanced testing.

6. netstat

 Description:
Displays network connections, routing tables, and interface statistics.
Purpose: Monitor network activity.
OPTIONS EXECUTION
-h : Displays a help
menu showing all
available options
for the netstat
command.

-r : Displays the
routing table,
useful for
debugging routing
problems or
checking routes.
-i : Displays a list
of network
interfaces and
their statuses.
-g : Shows
multicast group
memberships for
network
interfaces.
-s : Displays
detailed network
statistics, broken
down by protocol
(e.g., TCP, UDP).

-v : Enables
verbose output,
showing
additional details
like unsupported
address families.

-w : Prevents
truncation of long
IP addresses or
hostnames.
-n : Displays
numeric IP
addresses and
ports instead of
resolving them to
hostnames and
service names.
--numeric-hosts :
Displays numeric
IP addresses but
resolves port and
user names.

-o : Displays timers
related to packet
retransmissions or
connection
timeouts.

-l : Lists only
listening sockets
(open ports).

-a : Displays all
sockets, including
connected and
disconnected
ones.

-t : Shows only
TCP connections.

-u : Displays only
UDP connections.

-c : Refreshes the
netstat output
continuously.
 -x : Displays UNIX
domain sockets.

7. nslookup

 Description:
Queries DNS servers to resolve domain names to IP addresses.
Purpose: Troubleshoot DNS issues.

OPTIONS EXECUTION
nslookup
<hostname>
Get IP address of a
domain.

nslookup <IP>
Get domain name
from an IP address.

nslookup -debug
<hostname>
Display additional
debugging info.
nslookup -type=A
<hostname>
Get IPv4 address
record.

nslookup -
type=AAAA
<hostname>
Get IPv6 address
record.

Nslookup type=MX
<hostname>
Get Mail Exchange
(MX) records.

nslookup -type=NS
<hostname>
Get Name Server
(NS) records.

nslookup -type=TXT
<hostname>
Get TXT records
(e.g., SPF, DKIM).
 nslookup -
type=SOA
<hostname>
Get Start of
Authority (SOA)
record.

nslookup -type=PTR
<IP>
Reverse lookup for
an IP.

nslookup -
type=ANY
google.com
Retrieves all
available DNS
records for a given
domain.

8. route

 Description:
Displays/manages the IP routing table.
Purpose: Manage how packets are routed.

OPTIONS EXECUTION
-n (Show
numerical
addresses)
Displays the
routing table with
IP addresses only
instead of
resolving
hostnames.
-v (Verbose mode)
Provides detailed
output.

-e (Use netstat
format)
Displays the
routing table in
netstat-style
formatting.
-ee (Extended
netstat format)
Provides even
more details than
-e.
-A family (Specify
Address Family)
Specifies IPv4
(inet) or IPv6
(inet6) routing
tables.

-F (Operate on FIB
- Forwarding
Information Base)
Displays FIB
(Kernel Routing
Table), which is
the default
behavior.
-C (Display the
routing cache)
Shows the routing
cache
 add
Adds a new route
to the routing
table.

del
Removes a route
from the routing
table.

9. host

 Description:
Performs DNS lookups and displays detailed information.
Purpose: Resolve domain names.

OPTIONS EXECUTION
host
domain_name: This
will print the IP
address details of the
specified domain.

host IP_Address: This

will display the
domain details of the
specified IP Address.

-a
Display all DNS
records
-v
Verbose mode
(detailed output)

-t : It is used to
specify the type of
query.

-C : In order to
compare the SOA
records on
authoritative
nameservers.

-R : In order to
specify the number
of retries you can do
in case one try fails.

-l :In order to list all

hosts in a domain.For
this command to
work you need to be
either an admin or a
node server.
 -W
Set wait time
(seconds)

-4
Force IPv4 query

-6
Force IPv6 query

10. arp

 Description:
Manipulates the system's ARP table, which maps IP addresses to MAC addresses.
Purpose: Inspect and manage ARP cache.

OPTIONS EXECUTION
-a
Displays the entire
ARP cache in a
human-readable
format.
-n
Shows the ARP
cache without
resolving hostnames
(numerical output).
-D
Uses a given IP
address as the
source when
searching the cache.
 -s hostname
hw_address
Manually create an
ARP address
mapping entry for
the host hostname
with its mac address
as hw_address.
-v, –verbose
This option shows
the verbose
information.
-H type
This tells arp which
class of entries it
should check for.
Default value is
ether.
-e
Shows the entries in
default(Linux) Style.

-i <interface>
Displays ARP entries
only for a specific
network interface.
-A <kernel-table>
Displays ARP entries
from a specified
kernel table.

11. iwconfig

 Description:
Configures wireless network interfaces.

 Purpose: Manage wireless settings.

OPTIONS EXECUTION
essid – Set the network
name

mode – Set the operating

mode

freq / channel – Set the

frequency or channel

ap – Force association
with a specific access
point

rate – Set the

transmission rate

txpower – Set
transmission power

power – Enable or disable

power management

key / enc – Set the

encryption key (WEP)

nwid – Set the network ID

(obsolete in most modern
networks)

nick – Set the nickname

of the wireless device
(ignored by most drivers)
 sens – Set sensitivity
threshold (not widely
supported)

retry – Set max

transmission retries

rts – Enable RTS

handshake

frag – Set fragmentation

threshold

modu – Force specific

modulations (rarely used)

commit – Apply all

pending changes

12. hostname

 Description:
Displays or sets the system's hostname.
Purpose: Identify the system on a network.

OPTIONS EXECUTION
-a : Shows the alias
name of the
hostname (if set).
-A : Shows all Fully
Qualified Domain
Names (FQDNs).
-b : Sets hostname
to default from
/etc/hostname at
boot.
-d : Displays the
domain name of
the system.
-f : Displays the
Fully Qualified
Domain Name
(FQDN).
-F : Reads
hostname from a
file.

-i : Shows the
primary IP address
of the system.

-I : Shows all IP
addresses
assigned to the
system.
-s : Displays only
the short
hostname
(without domain).

-y : Shows the
NIS/YP domain
name.

-V : Displays the
version of the
hostname
command.
 -h : Shows help
information.

13. whois

 Description:
Queries public WHOIS databases to retrieve domain information.
Purpose: Gather domain ownership details.

OPTIONS EXECUTION
-h HOST :
Specifies a
custom WHOIS
server.
-p PORT :
Connects to a
WHOIS server
on a specific
port.

--verbose :
Shows detailed
debugging
output.
--help : Displays
help
information.
-B, --raw :
Shows raw
WHOIS output
without
formatting.

--no-
recursion :
Disables
recursion,
preventing
whois from
querying
referral WHOIS
servers.
--force-lookup :
Forces whois to
query even if
local cache
exists.

-r : Disables
HTTP proxy
requests and
forces direct
WHOIS lookup.