Dig, a DNS Query Tool for Windows and Replacement for Nslookup 2008-04-15 15:29
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Understanding MPLS OAM Capabilities to Troubleshoot MPLS Networks
Understanding MPLS OAM capabilities to troubleshoot MPLS Networks Mukhtiar A. Shaikh ([email protected]) Moiz Moizuddin ([email protected]) 1 Agenda • MPLS Overview • Existing Ping/Trace Capabilities • LSP Ping/Trace –Theory of Operation –MPLS Echo Packet –Configuration and Troubleshooting Using LSP Ping/Trace •LSP Ping •LSP Trace –AToM VCCV • Summary 222 MPLS OAM Overview • Converged network implies a wide range of applications and OAM needs • IP Based Tools A flexible set of tools LSP Ping / Traceroute End-End OAM Attachment VC OAM’s MPLS OAM Attachment VC OAM’s Ingress Egress LSP Created by LDP and/or RSVP-TE CE PE PE CE PWE3 or VPN Label 333 Agenda • MPLS Overview • Existing Ping/Trace Capabilities • LSP Ping/Trace –Theory of Operation –MPLS Echo Packet –Configuration and Troubleshooting Using LSP Ping/Trace •LSP Ping •LSP Trace –AToM VCCV • Summary 444 IP Ping • PING makes use of the Internet Control Message Protocol (ICMP) protocol • Ping message of 2 types type=8: ICMP echo request messages type=0: ICMP echo reply message • Optional data field is used to store the time at which the ICMP echo request message has been send • The Round Trip Time (RTT) 555 IP Traceroute • Traceroute makes use of the Internet Control Message Protocol (ICMP) protocol and TTL field on the IP header • Traceroute is sent in a UDP packet encapsulated on an IP packet • TTL-field of an IP datagram is processed by each hop in two possible ways If a hop holds IP-datagram for more than one second, it decrements the TTL-field of that IP datagram by the number -
Windows Command Prompt Cheatsheet
Windows Command Prompt Cheatsheet - Command line interface (as opposed to a GUI - graphical user interface) - Used to execute programs - Commands are small programs that do something useful - There are many commands already included with Windows, but we will use a few. - A filepath is where you are in the filesystem • C: is the C drive • C:\user\Documents is the Documents folder • C:\user\Documents\hello.c is a file in the Documents folder Command What it Does Usage dir Displays a list of a folder’s files dir (shows current folder) and subfolders dir myfolder cd Displays the name of the current cd filepath chdir directory or changes the current chdir filepath folder. cd .. (goes one directory up) md Creates a folder (directory) md folder-name mkdir mkdir folder-name rm Deletes a folder (directory) rm folder-name rmdir rmdir folder-name rm /s folder-name rmdir /s folder-name Note: if the folder isn’t empty, you must add the /s. copy Copies a file from one location to copy filepath-from filepath-to another move Moves file from one folder to move folder1\file.txt folder2\ another ren Changes the name of a file ren file1 file2 rename del Deletes one or more files del filename exit Exits batch script or current exit command control echo Used to display a message or to echo message turn off/on messages in batch scripts type Displays contents of a text file type myfile.txt fc Compares two files and displays fc file1 file2 the difference between them cls Clears the screen cls help Provides more details about help (lists all commands) DOS/Command Prompt help command commands Source: https://technet.microsoft.com/en-us/library/cc754340.aspx. -
Unix/Linux Command Reference
Unix/Linux Command Reference .com File Commands System Info ls – directory listing date – show the current date and time ls -al – formatted listing with hidden files cal – show this month's calendar cd dir - change directory to dir uptime – show current uptime cd – change to home w – display who is online pwd – show current directory whoami – who you are logged in as mkdir dir – create a directory dir finger user – display information about user rm file – delete file uname -a – show kernel information rm -r dir – delete directory dir cat /proc/cpuinfo – cpu information rm -f file – force remove file cat /proc/meminfo – memory information rm -rf dir – force remove directory dir * man command – show the manual for command cp file1 file2 – copy file1 to file2 df – show disk usage cp -r dir1 dir2 – copy dir1 to dir2; create dir2 if it du – show directory space usage doesn't exist free – show memory and swap usage mv file1 file2 – rename or move file1 to file2 whereis app – show possible locations of app if file2 is an existing directory, moves file1 into which app – show which app will be run by default directory file2 ln -s file link – create symbolic link link to file Compression touch file – create or update file tar cf file.tar files – create a tar named cat > file – places standard input into file file.tar containing files more file – output the contents of file tar xf file.tar – extract the files from file.tar head file – output the first 10 lines of file tar czf file.tar.gz files – create a tar with tail file – output the last 10 lines -
Streamlining Integrated Infrastructure Implementation “Dig Once” Strategy Development Workshop June 9, 2016
Streamlining Integrated Infrastructure Implementation “Dig Once” Strategy Development Workshop June 9, 2016 Workshop Report February 2017 Sponsored By: Alliance for the Chesapeake Bay Local Government Advisory Committee (LGAC) Funding: National Fish & Wildlife Foundation (NFWF) Prepared By: Alliance for the Chesapeake Bay Hirschman Water & Environment, LLC 1. Workshop Overview and Focus The focus of this workshop was to explore better ways to integrate green infrastructure (GI) into other infrastructure projects, such as roads, school and park improvements, and other capital projects. The workshop was hosted by the Alliance for the Chesapeake Bay (ACB) in conjunction with the Local Government Advisory Committee to the Chesapeake Executive Council (LGAC), with funding from the National Fish & Wildlife Foundation (NFWF). Mary Gattis, Director of Local Government Programs for ACB, was the lead facilitator for the workshop. The workshop was held on June 9, 2016 at the Eisenhower Hotel in Gettysburg, Pennsylvania. The organizers targeted certain sector representatives for attendance in order to achieve the necessary cross-section of experiences and points of view. Figure 1 shows the breakdown of attendees by type of organization. A total of 58 individuals attended the 1-day workshop, 52 participants and six staff representatives. See Appendix A for a list of workshop participants. Prior to the workshop, the following problem statement and workshop goal Figure 1. Representation of 52 Workshop Attendees were sent to attendees as part of the agenda. This was done in order to maintain a clear focus for the workshop, as the topic of green infrastructure has many facets, each of which could fill the entire agenda for a one-day event. -
How to Investigate and Solve Cybercrime
1 DomainTools Cybercrime Investigation Connecting the Dots of Online DNA DOMAINTOOLS SOLUTION BRIEF WWW.DOMAINTOOLS.COM WWW.DOMAINTOOLS.COM 2 INTRODUCTION UNDERSTANDING THE DNA OF DNS DATA As anyone who has watched modern crime television knows, DNA of some form is often left behind at the scene of a crime. Similarly, when a cybercrime is perpetrated it is not unusual that traces of evidence are left behind in the form of Domain Name System (DNS) and Whois data. Cybercrime costs businesses billions every year. A 2012 Ponemon study found that cyber crime cost businesses on average $8.9 million each year (based on a study of 56 organizations), with a range of $1.4 million to $46 million. And attacks are becoming more frequent—The same study found that attacks were up 42% from the previous year. Whether it’s cybersquatting, the theft of valuable intellectual property, financial account hacking or the sale of counterfeit goods on a fraudulent domain, cybercriminals continue to grow more brazen and sophisticated in their tactics. To effectively combat this costly criminal behavior, cyber investigators must employ a range of new tools and techniques to quickly and proactively identify attackers. RESPONSE AND INVESTIGATION Whether you are attacked via a DDOS, phishing, malware or Advanced Persistent Threat tactics, one thing is consistent: in every case, there is a communication protocol applied. That is, all types of cyber attack involve sending information from one node on the Internet to another. DomainTools can help map these nodes and their connections, thereby providing investigators and response teams with the necessary information to stop further attacks and identify perpetrators. -
Unix/Linux Command Reference
Unix/Linux Command Reference .com File Commands System Info ls – directory listing date – show the current date and time ls -al – formatted listing with hidden files cal – show this month's calendar cd dir - change directory to dir uptime – show current uptime cd – change to home w – display who is online pwd – show current directory whoami – who you are logged in as mkdir dir – create a directory dir finger user – display information about user rm file – delete file uname -a – show kernel information rm -r dir – delete directory dir cat /proc/cpuinfo – cpu information rm -f file – force remove file cat /proc/meminfo – memory information rm -rf dir – force remove directory dir * man command – show the manual for command cp file1 file2 – copy file1 to file2 df – show disk usage cp -r dir1 dir2 – copy dir1 to dir2; create dir2 if it du – show directory space usage doesn't exist free – show memory and swap usage mv file1 file2 – rename or move file1 to file2 whereis app – show possible locations of app if file2 is an existing directory, moves file1 into which app – show which app will be run by default directory file2 ln -s file link – create symbolic link link to file Compression touch file – create or update file tar cf file.tar files – create a tar named cat > file – places standard input into file file.tar containing files more file – output the contents of file tar xf file.tar – extract the files from file.tar head file – output the first 10 lines of file tar czf file.tar.gz files – create a tar with tail file – output the last 10 lines -
Wireshark Lab: Getting Started SOLUTION
Wireshark Lab: Getting Started SOLUTION Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross © 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved Q1. List the 3 different protocols that appear in the protocol column in the unfiltered packet-listing window in step 7 above. Answer: Some of the protocols listed in the screenshot below are UDP, TCP, ARP, ICMP, MDNS, and STUN. (Note you weren’t asked to do a screenshot, but here is mine): ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. Q2. How long did it take from when the HTTP GET message was sent until the HTT OK reply was received? (By default, the value of the Time column in the packet listing window is the amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-of- day format, select the Wireshark View pull down menu, then select Time Display Format, then select Time-of-day.) Answer: As shown in the screen shot below (you didn’t have to provide this), the GET was sent at 11.300694 and the reply was received at 11.301658. The delay was thus 0.000964 secs ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. Q3. What is the Internet address of the gaia.cs.umass.edu (also known as wwwnet. cs.umass.edu)? What is the Internet address of your computer? Answer: As shown in the screen shot below (you didn’t have to provide this), the IP address of gaia.cs.umass.edu is 128,119.245.145; the IP address of my laptop is 128.119.66.142 Q4. -
Who Is .Com? Learning to Parse WHOIS Records
Who is .com? Learning to Parse WHOIS Records Suqi Liu Ian Foster Stefan Savage [email protected] [email protected] [email protected] Geoffrey M. Voelker Lawrence K. Saul [email protected] [email protected] Department of Computer Science and Engineering University of California, San Diego ABSTRACT 1. INTRODUCTION WHOIS is a long-established protocol for querying information about Most common Internet protocols today offer standardized syntax the 280M+ registered domain names on the Internet. Unfortunately, and schemas. Indeed, it is the ability to easily parse and normal- while such records are accessible in a “human-readable” format, ize protocol fields that directly enables a broad array of network they do not follow any consistent schema and thus are challeng- measurement research (e.g., comparing and correlating from dis- ing to analyze at scale. Existing approaches, which rely on manual parate data sources including BGP route tables, TCP flow data and crafting of parsing rules and per-registrar templates, are inherently DNS measurements). By contrast, the WHOIS protocol—the sole limited in coverage and fragile to ongoing changes in data repre- source of information mapping domain names to their rich owner- sentations. In this paper, we develop a statistical model for parsing ship and administrative context—is standard only in its transport WHOIS records that learns from labeled examples. Our model is mechanism, while the format and contents of the registration data a conditional random field (CRF) with a small number of hidden returned varies tremendously among providers. This situation sig- states, a large number of domain-specific features, and parameters nificantly hampers large-scale analyses using WHOIS data, and even that are estimated by efficient dynamic-programming procedures those researchers who do use it commonly document the complexi- for probabilistic inference. -
Getting Started with Domaintools for Cybercrime Investigation
Best Practices Guide: Getting Started with DomainTools for Threat Intelligence and Incident Forensics Common Attack Vectors Introduction Cybercrime represents a major threat to both government The following four methods represent the most common forms of cyber-attack: and businesses, costing the economy hundreds of billions of dollars in losses every year. Often, the most challenging part DDoS – Distributed Denial of Service: A form of for an investigator is discovering the who behind an attack. Is cyber attack meant to ‘take down’ a website. it a coordinated attack orchestrated by a criminal syndicate By flooding a webserver(s) with traffic from hundreds or thousands of IP addresses or an amateur hacker looking for a backdoor into your simultaneously, a DDoS attack can render a network? If the actual individual cannot be identified—as is webserver unable to respond to normal user too often the case—then investigators can build a Threat requests, effectively making a website Intelligence Profile on the suspect that uniquely “finger inaccessible. prints” the organization and how they act. Threat Phishing: A form of cyber-attack, normally investigators need to use all the tools at their disposal in administered via email, which attempts to trick order to identify the individuals and organizations involved a user into thinking the email is from a trusted in an online attack. DNS and Whois data is an essential tool source, and whose embedded links send a user that should be leveraged by every incident response team. to a fake site which hosts some kind of malware or nefarious attempt to capture the user’s login credentials. -
1. Run Nslookup to Obtain the IP Address of a Web Server in Europe
1. Run nslookup to obtain the IP address of a Web server in Europe. frigate:Desktop drb$ nslookup home.web.cern.ch Server: 130.215.32.18 Address: 130.215.32.18#53 Non-authoritative answer: home.web.cern.ch canonical name = drupalprod.cern.ch. Name: drupalprod.cern.ch Address: 137.138.76.28 Note that the #53 denotes the DNS service is running on port 53. 2. Run nslookup to determine the authoritative DNS servers for a university in Asia. frigate:Desktop drb$ nslookup -type=NS tsinghua.edu.cn Server: 130.215.32.18 Address: 130.215.32.18#53 Non-authoritative answer: tsinghua.edu.cn nameserver = dns2.tsinghua.edu.cn. tsinghua.edu.cn nameserver = dns.tsinghua.edu.cn. tsinghua.edu.cn nameserver = dns2.edu.cn. tsinghua.edu.cn nameserver = ns2.cuhk.edu.hk. Authoritative answers can be found from: dns2.tsinghua.edu.cn internet address = 166.111.8.31 ns2.cuhk.edu.hk internet address = 137.189.6.21 ns2.cuhk.edu.hk has AAAA address 2405:3000:3:6::15 dns2.edu.cn internet address = 202.112.0.13 dns.tsinghua.edu.cn internet address = 166.111.8.30 Note that there can be multiple authoritative servers. The response we got back was from a cached record. To confirm the authoritative DNS servers, we perform the same DNS query of one of the servers that can provide authoritative answers. frigate:Desktop drb$ nslookup -type=NS tsinghua.edu.cn dns.tsinghua.edu.cn Server: dns.tsinghua.edu.cn Address: 166.111.8.30#53 tsinghua.edu.cn nameserver = dns2.edu.cn. -
CMSC 331 Midterm Exam, Fall 2010 a 5 30
1 40/ 2 30/ 3 45/ 331Midterm Exam 01 November 2010 4 30/ CMSC 331 Midterm Exam, Fall 2010 a 5 30/ 6 30/ 7 20/ Name: _________________________________ -------------- UMBC username:_____________________________ 225/ You will have seventy-five (75) minutes to complete this closed book/notes exam. Use the backs of these pages if you need more room for your answers. Describe any assumptions you make in solv- ing a problem. We reserve the right to assign partial credit, and to deduct points for answers that are needlessly wordy. 1. True/False [40] For each of the following questions, circle T (true) or F (false). T F 1.1 COBOL was designed as a programming language for scientific and engineering applica- tions. FALSE T F 1.2 The procedural programming paradigm treats procedures as first class objects. FALSE T F 1.3 The “Von Neumann” computer architecture is still used as the basis for most computers today. TRUE T F 1.4 One of the advantages of interpreted over compiled languages is that they tend to offer more run time debugging support. TRUE T F 1.5 Any finite language can be defined by a regular expression. TRUE T F 1.6 Attribute grammars can specify languages that can not be specified using a context free grammar. TRUE T F 1.7 A recursive descent parser can not directly use a grammar that has right recursive rules. FALSE T F 1.8 The lexical structure of complex programming languages like Java can not be defined using regular expressions. FALSE T F 1.9 A non-deterministic finite automaton for a regular language is generally easier to write than a deterministic one, but harder to apply to a string to see if it matches. -
1206 FTP Software, Inc. FYI: 4 A. Marine Obsoletes: RFC 1177 SRI February 1991
Network Working Group G. Malkin Request for Comments: 1206 FTP Software, Inc. FYI: 4 A. Marine Obsoletes: RFC 1177 SRI February 1991 FYI on Questions and Answers Answers to Commonly asked "New Internet User" Questions Status of this Memo This FYI RFC is one of two FYI's called, "Questions and Answers" (Q/A), produced by the User Services Working Group of the Internet Engineering Task Force (IETF). The goal is to document the most commonly asked questions and answers in the Internet. This memo provides information for the Internet community. It does not specify any standard. Distribution of this memo is unlimited. Table of Contents 1. Introduction................................................. 1 2. Acknowledgements............................................. 2 3. Questions About the Internet................................. 2 4. Questions About TCP/IP....................................... 4 5. Questions About the Domain Name System....................... 4 6. Questions About Internet Documentation....................... 5 7. Questions about Internet Organizations and Contacts.......... 9 8. Questions About Services..................................... 13 9. Mailing Lists................................................ 16 10. Miscellaneous "Internet lore" questions..................... 17 11. Suggested Reading........................................... 18 12. References.................................................. 19 13. Condensed Glossary.......................................... 20 14. Security Considerations....................................