[Part 4]Kali Linux Basics: Learn Common Network Commands with simple command line

This topic continue back from Part 3 Kali Linux Basics. In this lesson, we are going to be covering the common networks commands. Before we dive into the commands, I am going to talk about a little bit about networking. If you are not familiar with the networking, then now it’s the chances for you to become familiar and understand about networking. Personally, there are two things a person need before they can dive into penetration testing which is the Linux experience (most penetration testing is done in Linux) and another thing is to have a good network foundation/basics (you have to navigate around networks and understand where are you at in a network). Here, we are going to be using network commands as a pen tester and apply it.

Commands that we will learn in this lesson:

1. ifconfig
2. iwconfig
3. ping
4. arp
5. netstat
6. route

Now, let’s cover the network commands.

First command: ifconfig.

You maybe familiar with the window version of this command which is ipconfig whereas in the Kali Linux version is ifconfig. Both of them basically perform the same action. In the figure above, it shows you about the different interface types and the IP address associated with them. Here, eth0 illustrates the machine’s IP address(inet), netmask, broadcast address and mac address(ether) as well. In addition, we can find the loopback address here as well.

Next command: iwconfig

If your machine have wireless adapter or you need to perform a wireless penetration testing, then you are going to need to know about iwconfig. You should not expect to see anything here at the moment. Unless you are using a laptop then you might see a configuration in the terminal. If you somehow able to see something in the terminal, you probably will see a wlan0, wlan1, etc.

Another basic command: ping

Now, I’m going to ping my home router and get talking back. The ping here is going to be endless until we hit CTRL+C to stop it. In this ping, we get reply/information back and this is good. It means that we are talking to other machine.

If I tried to ping something that wasn’t in my network like a 192.168.0.2, you are going to see the result is totally different. In this ping, this machine is not talking back. It could mean that the machine is not on the network or the machine machine is just simply blocing the ICMP traffic (ICMP is another word for saying ping).

Next command: arp

ARP (address resolution protocol) is going to show you the IP address that it talks to and the MAC address that associated with. Thus, ARP is just a way of associating IP addresses with MAC addresses.

In analogy, if an IP address is a person A reaches out/talk to the another person B which is the machine router. Person A send out a message to everyone and say:“192.168.0.1(router) Who are you?”. It is going to send out a broadcast message routes to ask who has this IP address. Then, the person B that represented machine router that has the IP address (192.168.0.1) will respond: “I do” and send message to person A and say that this is my MAC address.

Next command: netstat

This is my another one of my favorite command. In the figure above, this shows the active connections that are running on your machine. You can just analyse what’s open and what’s taking here. All these can be really helpful on penetration testing because it can see whether a machine is communicating somebody else. In some point of view, it is pretty similar to ARP where you want the information about what a machine is associated with and communicating to who on a port.

Last command: route

When you type in the route, it’s going to print out the routing table. It is important because it tells you where your traffic exits. In my virtual machine traffic, it is exiting on 192.168.32.0. Thus, any traffic(in the range of 192.168.32.0) that goes out this 0.0.0.0 gateway is performing NAT (Network Address Translation) and it’s running off the virtual machine to my computer.

Extra Information:

It could be a machine that you are attacking has multiple routes. Then, you might see a 192.168.32.0 and 192.168.33.0 because it has a dual home NIC inside that machine. This is a completely different network where you didn’t know exist. You might be attacking one network that have the 32 range and another network with 33 range is still out there and this machine can talk to both. You basically have no idea about the another 33 range network. This is called pivoting when you switch your network from one to another but you are using a machine.

Thanks for reading.

To be continued… next lesson is about viewing, creating and editing files in Kali Linux.