DOCSLIB.ORG

Netstatnetstat AA Network-Basednetwork-Based Intrusionintrusion Detectiondetection Approachapproach

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Netstatnetstat AA Network-Basednetwork-Based Intrusionintrusion Detectiondetection Approachapproach NetSTATNetSTAT AA Network-basedNetwork-based IntrusionIntrusion DetectionDetection ApproachApproach ACSAC ‘98 Giovanni Vigna and Richard A. Kemmerer Reliable Software Group University of California Santa Barbara >YLJQDNHPP@#FVXFVEHGX http://www.cs.ucsb.edu/~kemm/NetSTAT/ NetSTAT NetSTAT NetSTAT • Network-based real-time intrusion detection system • Extends the State Transition Analysis Technique to represent attacks in a networked environment • Uses Network Hypergraphs to represent the network topology and services • Customizes generic attack scenarios to a target network (what to look for and where to look for it) • Features distributed architecture with decentralized processing of events *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Overview NetSTAT Overview Network Fact Base State Transition Scenario Database Probe Network Security Officer Probe Probe Analyzer *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Network Fact Base NetSTAT Network Fact Base • Contains information about the network topology and the services deployed wilder kubrick fellini NFS: /home kurbick, wood i6i5 i4 /fs kubrick, wood L1 i33 chaplin i31 L2 i32 i91 L4 Outside i7 i8 i2 Internet i92 wood jackson bergman landis L5 L3 rlogin: wilder i0 i11 i10 i1 i1 1 carpenter lang 2 hitchcok *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Advantages NetSTAT Advantages • Provides well-defined semantics • Supports reasoning and automation • Models hosts and links in a uniform way (sets of interfaces) • Allows natural modeling of shared-bus links *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ StateState TransitionTransition ScenarioScenario NetSTAT DatabaseDatabase • Manages the state/transition representations of the intrusion scenarios to be detected • Representations based on the State Transition Analysis Technique (STAT) • STAT born to represent intrusions in host-based IDSs (USTAT) and extended to distributed IDSs (NSTAT) • Extended to represent intrusions in a networked environment • State Transition Diagram: from a safe state to a compromised state through a series of signature actions *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ State Transition Diagrams NetSTAT State Transition Diagrams signature actions compromised initial state state state assertions *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ States and Assertions NetSTAT States and Assertions • State of the network – Active connections (connection-oriented services) – State of interactions (connectionless services) – Tables • Assertions – Static assertions – Dynamic assertions *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ StaticStatic andand DynamicDynamic NetSTAT AssertionsAssertions • Static assertions – Verified by examining the Network Fact Base – Used to customize state transition representation for particular scenarios Service s in server.services | s.name == “www” and s.application.name == “CERN httpd”; • Dynamic assertions – Verified by examining the state of the network – Used to determine what relevant network state events should be monitored ConnectionEstablished(addr1, port1, addr2, port2) *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Signature Actions NetSTAT Signature Actions • Signature actions represent critical changes in the security state of the system • For NetSTAT signature actions leverage off of an event model • Basic event: link-level message Message m {i_x,i_y} | m.length > 512; • Composite events: – IP datagrams (sequence of link-level message used for delivery) – UDP datagrams and TCP segments (encapsulated in IP datagrams) – Application-level events (encapsulated in UDP datagrams or TCP streams) *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Examples NetSTAT Examples [IPDatagram d [UDPDatagram u [RPC r]]] {i_x, i_y} | d.dst == a_y and u.dst == 2049 and r.type == CALL and r.proc == MKDIR; TCPSegment t in [VirtualCircuit c] {i_x, i_y} | c.dstIP == a_y and c.dstPort == 80 and t.syn == true; *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Probes NetSTAT Probes • Responsible for analyzing the stream of network events • Configured and positioned by the Analyzer Probe Decision Responds to attacks (log, warn, reset Engine connections, etc.) Inference Checks for signature actions Engine Maintains track of STD evolution Selects messages of interest Filter Operates reassembling Interface Network Link *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Analyzer NetSTAT Analyzer • Takes as input the Network Fact Base and the State Transition Scenario Database • Determines: – Which events have to be monitored – Where the events have to be monitored – What information about the topology of the network is required to perform detection – What information about the state of the network must be maintained to be able to verify state assertions • Produces a set of probe configurations and a deployment plan *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ ConfigurationConfiguration andand NetSTAT DeploymentDeployment • NSO builds a database of attack scenarios using the State Transition Scenario Database • NSO builds a network description using the Network Fact Base • NSO selects a set of scenarios to be detected on the network • The Analyzer performs the analysis and customization process – Mostly automated – May require help from the NSO in specific situations • Configuration files are sent to probes *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Example:Example: NetSTAT UDPUDP spoofingspoofing • Service authentication based on source IP address • An attacker tries to access a UDP-based service by pretending to be one of its trusted clients • Attacker sends a forged UDP-over-IP datagram • Attack detectable in particular topologies only *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Sample Network NetSTAT Sample Network wilder kubrick fellini NFS: /home kurbick, wood /fs kubrick, wood i6i5 i4 L1 i31 i33 chaplin i32 L2 i91 L4 Outside i7 i8 i2 Internet i92 wood jackson bergman landis L5 L3 i0 i11 i10 carpenter lang i11 i12 hitchcok *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ AttackAttack NetSTAT RepresentationRepresentation Message m in [IPDatagram d [UDPDatagram u]] {i, a_v.interface}| d.src == a_t and d.dst == a_v and u.dst == s.port and not (Network.detachFromLink(m.src)). existsPath(m.src, d.src.interface); Host victim in ProtectedNetwork.hosts; Compromised Service s in victim.services | s.protocol == “UDP” and s.authentication == “IPaddress”; IPAddress a_v in s.addresses; IPAddress a_t in s.trustedAddr; Host attacker in Network.hosts | attacker != victim and not attacker.Ipaddresses.contains(a_t); Interface i in attacker.interfaces; *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ CustomizationCustomization toto NetSTAT TargetTarget NetworkNetwork victim s a_v a_t attacker i fellini NFS a4 a5 Outside i0 fellini NFS a4 a7 Outside i0 fellini NFS a4 a5 hitchcock i11 fellini NFS a4 a7 hitchcock i11 ………… … … fellini NFS a4 a5 lang i10 fellini NFS a4 a7 lang i10 fellini NFS a4 a5 carpenter i11 fellini NFS a4 a7 carpenter i11 *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ ProbeProbe placementplacement andand NetSTAT configurationconfiguration • For each scenario, the analyzer simulates the link-level messages that would be used to execute the attack • The messages are then matched against the predicates contained in the attack’s signature action • The messages that satisfy the predicate can be used as a basis for attack detection • One possible probe placement is chosen *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Example NetSTAT Example [i11, i92 [a7, a4]] wilder kubrick fellini No path between i11 and i7 in network with ⇒ i6i5 i4 L3 - i11 spoofed [i91 , i32 , [a7, a4]] No path between L1 i31 i3 i91 and i7 in network with 3 ⇒ chaplin L2 - i91 spoofed i32 L2 [i33 , i4, [a7, a4]] Exists path between i9 1 L4 i33 and i7 in network with bergman ⇒ i7 i8 i2 L2 - i33 can’t say i92 wood landis L5 L3 i0 i11 i10 Outside carpenter lang i11 i12 hitchcok Internet *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Conclusions NetSTAT Conclusions • Focused and efficient real-time network-based intrusion detection in complex topologies • Attacks represented as STDs • Networks represented as hypergraphs • Detection mechanisms highly tailored to target networks • Automated tool support for the Network Security Officer • Distributed, modular architecture with local processing • Scalable and interoperable *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ Status NetSTAT Status • Generic probe module completed • Automatic deployment mechanisms for dynamic probe configuration developed • More than 30 attacks analyzed and corresponding detection plug-ins developed • Recently successfully completed participation to LL/AFRL IDSs evaluation • People involved: – Richard Kemmerer, Steve Eckmann, Giovanni Vigna *9LJQDDQG5.HPPHUHU1HW67$7$&6$&¶ .
Load more

Recommended publications
  • Fundamentals of UNIX Lab 5.4.6 – Listing Directory Information (Estimated Time: 30 Min.)
    Fundamentals of UNIX Lab 5.4.6 – Listing Directory Information (Estimated time: 30 min.) Objectives: • Learn to display directory and file information • Use the ls (list files) command with various options • Display hidden files • Display files and file types • Examine and interpret the results of a long file listing • List individual directories • List directories recursively Background: In this lab, the student will use the ls command, which is used to display the contents of a directory. This command will display a listing of all files and directories within the current directory or specified directory or directories. If no pathname is given as an argument, ls will display the contents of the current directory. The ls command will list any subdirectories and files that are in the current working directory if a pathname is specified. The ls command will also default to a wide listing and display only file and directory names. There are many options that can be used with the ls command, which makes this command one of the more flexible and useful UNIX commands. Command Format: ls [-option(s)] [pathname[s]] Tools / Preparation: a) Before starting this lab, the student should review Chapter 5, Section 4 – Listing Directory Contents b) The student will need the following: 1. A login user ID, for example user2, and a password assigned by their instructor. 2. A computer running the UNIX operating system with CDE. 3. Networked computers in classroom. Notes: 1 - 5 Fundamentals UNIX 2.0—-Lab 5.4.6 Copyright 2002, Cisco Systems, Inc. Use the diagram of the sample Class File system directory tree to assist with this lab.
    [Show full text]
  • Windows Command Prompt Cheatsheet
    Windows Command Prompt Cheatsheet - Command line interface (as opposed to a GUI - graphical user interface) - Used to execute programs - Commands are small programs that do something useful - There are many commands already included with Windows, but we will use a few. - A filepath is where you are in the filesystem • C: is the C drive • C:\user\Documents is the Documents folder • C:\user\Documents\hello.c is a file in the Documents folder Command What it Does Usage dir Displays a list of a folder’s files dir (shows current folder) and subfolders dir myfolder cd Displays the name of the current cd filepath chdir directory or changes the current chdir filepath folder. cd .. (goes one directory up) md Creates a folder (directory) md folder-name mkdir mkdir folder-name rm Deletes a folder (directory) rm folder-name rmdir rmdir folder-name rm /s folder-name rmdir /s folder-name Note: if the folder isn’t empty, you must add the /s. copy Copies a file from one location to copy filepath-from filepath-to another move Moves file from one folder to move folder1\file.txt folder2\ another ren Changes the name of a file ren file1 file2 rename del Deletes one or more files del filename exit Exits batch script or current exit command control echo Used to display a message or to echo message turn off/on messages in batch scripts type Displays contents of a text file type myfile.txt fc Compares two files and displays fc file1 file2 the difference between them cls Clears the screen cls help Provides more details about help (lists all commands) DOS/Command Prompt help command commands Source: https://technet.microsoft.com/en-us/library/cc754340.aspx.
    [Show full text]
  • Your Performance Task Summary Explanation
    Lab Report: 11.2.5 Manage Files Your Performance Your Score: 0 of 3 (0%) Pass Status: Not Passed Elapsed Time: 6 seconds Required Score: 100% Task Summary Actions you were required to perform: In Compress the D:\Graphics folderHide Details Set the Compressed attribute Apply the changes to all folders and files In Hide the D:\Finances folder In Set Read-only on filesHide Details Set read-only on 2017report.xlsx Set read-only on 2018report.xlsx Do not set read-only for the 2019report.xlsx file Explanation In this lab, your task is to complete the following: Compress the D:\Graphics folder and all of its contents. Hide the D:\Finances folder. Make the following files Read-only: D:\Finances\2017report.xlsx D:\Finances\2018report.xlsx Complete this lab as follows: 1. Compress a folder as follows: a. From the taskbar, open File Explorer. b. Maximize the window for easier viewing. c. In the left pane, expand This PC. d. Select Data (D:). e. Right-click Graphics and select Properties. f. On the General tab, select Advanced. g. Select Compress contents to save disk space. h. Click OK. i. Click OK. j. Make sure Apply changes to this folder, subfolders and files is selected. k. Click OK. 2. Hide a folder as follows: a. Right-click Finances and select Properties. b. Select Hidden. c. Click OK. 3. Set files to Read-only as follows: a. Double-click Finances to view its contents. b. Right-click 2017report.xlsx and select Properties. c. Select Read-only. d. Click OK. e.
    [Show full text]
  • The Linux Command Line
    The Linux Command Line Fifth Internet Edition William Shotts A LinuxCommand.org Book Copyright ©2008-2019, William E. Shotts, Jr. This work is licensed under the Creative Commons Attribution-Noncommercial-No De- rivative Works 3.0 United States License. To view a copy of this license, visit the link above or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042. A version of this book is also available in printed form, published by No Starch Press. Copies may be purchased wherever fine books are sold. No Starch Press also offers elec- tronic formats for popular e-readers. They can be reached at: https://www.nostarch.com. Linux® is the registered trademark of Linus Torvalds. All other trademarks belong to their respective owners. This book is part of the LinuxCommand.org project, a site for Linux education and advo- cacy devoted to helping users of legacy operating systems migrate into the future. You may contact the LinuxCommand.org project at http://linuxcommand.org. Release History Version Date Description 19.01A January 28, 2019 Fifth Internet Edition (Corrected TOC) 19.01 January 17, 2019 Fifth Internet Edition. 17.10 October 19, 2017 Fourth Internet Edition. 16.07 July 28, 2016 Third Internet Edition. 13.07 July 6, 2013 Second Internet Edition. 09.12 December 14, 2009 First Internet Edition. Table of Contents Introduction....................................................................................................xvi Why Use the Command Line?......................................................................................xvi
    [Show full text]
  • NETSTAT Command
    NETSTAT Command | NETSTAT Command | Use the NETSTAT command to display network status of the local host. | | ┌┐────────────── | 55──NETSTAT─────6─┤ Option ├─┴──┬────────────────────────────────── ┬ ─ ─ ─ ────────────────────────────────────────5% | │┌┐───────────────────── │ | └─(──SELect───6─┤ Select_String ├─┴ ─ ┘ | Option: | ┌┐─COnn────── (1, 2) ──────────────── | ├──┼─────────────────────────── ┼ ─ ──────────────────────────────────────────────────────────────────────────────┤ | ├─ALL───(2)──────────────────── ┤ | ├─ALLConn─────(1, 2) ────────────── ┤ | ├─ARp ipaddress───────────── ┤ | ├─CLients─────────────────── ┤ | ├─DEvlinks────────────────── ┤ | ├─Gate───(3)─────────────────── ┤ | ├─┬─Help─ ┬─ ───────────────── ┤ | │└┘─?──── │ | ├─HOme────────────────────── ┤ | │┌┐─2ð────── │ | ├─Interval─────(1, 2) ─┼───────── ┼─ ┤ | │└┘─seconds─ │ | ├─LEVel───────────────────── ┤ | ├─POOLsize────────────────── ┤ | ├─SOCKets─────────────────── ┤ | ├─TCp serverid───(1) ─────────── ┤ | ├─TELnet───(4)───────────────── ┤ | ├─Up──────────────────────── ┤ | └┘─┤ Command ├───(5)──────────── | Command: | ├──┬─CP cp_command───(6) ─ ┬ ────────────────────────────────────────────────────────────────────────────────────────┤ | ├─DELarp ipaddress─ ┤ | ├─DRop conn_num──── ┤ | └─RESETPool──────── ┘ | Select_String: | ├─ ─┬─ipaddress────(3) ┬ ─ ───────────────────────────────────────────────────────────────────────────────────────────┤ | ├─ldev_num─────(4) ┤ | └─userid────(2) ─── ┘ | Notes: | 1 Only ALLCON, CONN and TCP are valid with INTERVAL. | 2 The userid
    [Show full text]
  • Useful Commands in Linux and Other Tools for Quality Control
    Useful commands in Linux and other tools for quality control Ignacio Aguilar INIA Uruguay 05-2018 Unix Basic Commands pwd show working directory ls list files in working directory ll as before but with more information mkdir d make a directory d cd d change to directory d Copy and moving commands To copy file cp /home/user/is . To copy file directory cp –r /home/folder . to move file aa into bb in folder test mv aa ./test/bb To delete rm yy delete the file yy rm –r xx delete the folder xx Redirections & pipe Redirection useful to read/write from file !! aa < bb program aa reads from file bb blupf90 < in aa > bb program aa write in file bb blupf90 < in > log Redirections & pipe “|” similar to redirection but instead to write to a file, passes content as input to other command tee copy standard input to standard output and save in a file echo copy stream to standard output Example: program blupf90 reads name of parameter file and writes output in terminal and in file log echo par.b90 | blupf90 | tee blup.log Other popular commands head file print first 10 lines list file page-by-page tail file print last 10 lines less file list file line-by-line or page-by-page wc –l file count lines grep text file find lines that contains text cat file1 fiel2 concatenate files sort sort file cut cuts specific columns join join lines of two files on specific columns paste paste lines of two file expand replace TAB with spaces uniq retain unique lines on a sorted file head / tail $ head pedigree.txt 1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 8 0 0 9 0 0 10
    [Show full text]
  • APPENDIX a Aegis and Unix Commands
    APPENDIX A Aegis and Unix Commands FUNCTION AEGIS BSD4.2 SYSS ACCESS CONTROL AND SECURITY change file protection modes edacl chmod chmod change group edacl chgrp chgrp change owner edacl chown chown change password chpass passwd passwd print user + group ids pst, lusr groups id +names set file-creation mode mask edacl, umask umask umask show current permissions acl -all Is -I Is -I DIRECTORY CONTROL create a directory crd mkdir mkdir compare two directories cmt diff dircmp delete a directory (empty) dlt rmdir rmdir delete a directory (not empty) dlt rm -r rm -r list contents of a directory ld Is -I Is -I move up one directory wd \ cd .. cd .. or wd .. move up two directories wd \\ cd . ./ .. cd . ./ .. print working directory wd pwd pwd set to network root wd II cd II cd II set working directory wd cd cd set working directory home wd- cd cd show naming directory nd printenv echo $HOME $HOME FILE CONTROL change format of text file chpat newform compare two files emf cmp cmp concatenate a file catf cat cat copy a file cpf cp cp Using and Administering an Apollo Network 265 copy std input to std output tee tee tee + files create a (symbolic) link crl In -s In -s delete a file dlf rm rm maintain an archive a ref ar ar move a file mvf mv mv dump a file dmpf od od print checksum and block- salvol -a sum sum -count of file rename a file chn mv mv search a file for a pattern fpat grep grep search or reject lines cmsrf comm comm common to 2 sorted files translate characters tic tr tr SHELL SCRIPT TOOLS condition evaluation tools existf test test
    [Show full text]
  • Introduction to Unix Shell
    Introduction to Unix Shell François Serra, David Castillo, Marc A. Marti- Renom Genome Biology Group (CNAG) Structural Genomics Group (CRG) Run Store Programs Data Communicate Interact with each other with us The Unix Shell Introduction Interact with us Rewiring Telepathy Typewriter Speech WIMP The Unix Shell Introduction user logs in The Unix Shell Introduction user logs in user types command The Unix Shell Introduction user logs in user types command computer executes command and prints output The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command computer executes command and prints output The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command computer executes command and prints output ⋮ user logs off The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command computer executes command and prints output ⋮ user logs off The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command computer executes command and prints output ⋮ user logs off shell The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command computer executes command and prints output
    [Show full text]
  • Lab Intro to Console Commands
    New Lab Intro to KDE Terminal Konsole After completing this lab activity the student will be able to; Access the KDE Terminal Konsole and enter basic commands. Enter commands using a typical command line interface (CLI). Explain the use of the following commands, ls, ls –al, dir, mkdir, whoami, Explain the directory structure of a typical user. This lab activity will introduce you to one of the many command line interfaces available in Linux/UNIX operating systems and a few of the most basic commands. The command line interface you will be using for this lab activity is the console called the Konsole and is also referred to as Terminal. Note: As you notice, in the KDE system many features are written with the capital letter “K” in place of the first letter or the utility to reflect the fact it was modified for the KDE system. The original UNIX system did not use a graphical user interface GUI but rather was a command line interface (CLI) similar to the command prompt in Windows operating systems. The command line interface is referred to as a shell. Even today the command line interface (the shell) is used to issue commands on a Linux server to minimize system resources. For example, there is no need to start the GUI on the server to add a new user to an existing system. Starting the GUI will reduce the system performance because it requires RAM to run the GUI. A GUI will affect the overall performance of the server when it is supporting many users (clients).
    [Show full text]
  • Respiratory Therapy Pocket Reference
    Pulmonary Physiology Volume Control Pressure Control Pressure Support Respiratory Therapy “AC” Assist Control; AC-VC, ~CMV (controlled mandatory Measure of static lung compliance. If in AC-VC, perform a.k.a. a.k.a. AC-PC; Assist Control Pressure Control; ~CMV-PC a.k.a PS (~BiPAP). Spontaneous: Pressure-present inspiratory pause (when there is no flow, there is no effect ventilation = all modes with RR and fixed Ti) PPlateau of Resistance; Pplat@Palv); or set Pause Time ~0.5s; RR, Pinsp, PEEP, FiO2, Flow Trigger, rise time, I:E (set Pocket Reference RR, Vt, PEEP, FiO2, Flow Trigger, Flow pattern, I:E (either Settings Pinsp, PEEP, FiO2, Flow Trigger, Rise time Target: < 30, Optimal: ~ 25 Settings directly or by inspiratory time Ti) Settings directly or via peak flow, Ti settings) Decreasing Ramp (potentially more physiologic) PIP: Total inspiratory work by vent; Reflects resistance & - Decreasing Ramp (potentially more physiologic) Card design by Respiratory care providers from: Square wave/constant vs Decreasing Ramp (potentially Flow Determined by: 1) PS level, 2) R, Rise Time (­ rise time ® PPeak inspiratory compliance; Normal ~20 cmH20 (@8cc/kg and adult ETT); - Peak Flow determined by 1) Pinsp level, 2) R, 3)Ti (shorter Flow more physiologic) ¯ peak flow and 3.) pt effort Resp failure 30-40 (low VT use); Concern if >40. Flow = more flow), 4) pressure rise time (¯ Rise Time ® ­ Peak v 0.9 Flow), 5) pt effort (­ effort ® ­ peak flow) Pplat-PEEP: tidal stress (lung injury & mortality risk). Target Determined by set RR, Vt, & Flow Pattern (i.e. for any set I:E Determined by patient effort & flow termination (“Esens” – PDriving peak flow, Square (¯ Ti) & Ramp (­ Ti); Normal Ti: 1-1.5s; see below “Breath Termination”) < 15 cmH2O.
    [Show full text]
  • Command-Line IP Utilities This Document Lists Windows Command-Line Utilities That You Can Use to Obtain TCP/IP Configuration Information and Test IP Connectivity
    Guide to TCP/IP: IPv6 and IPv4, 5th Edition, ISBN 978-13059-4695-8 Command-Line IP Utilities This document lists Windows command-line utilities that you can use to obtain TCP/IP configuration information and test IP connectivity. Command parameters and uses are listed for the following utilities in Tables 1 through 9: ■ Arp ■ Ipconfig ■ Netsh ■ Netstat ■ Pathping ■ Ping ■ Route ■ Tracert ARP The Arp utility reads and manipulates local ARP tables (data link address-to-IP address tables). Syntax arp -s inet_addr eth_addr [if_addr] arp -d inet_addr [if_addr] arp -a [inet_address] [-N if_addr] [-v] Table 1 ARP command parameters and uses Parameter Description -a or -g Displays current entries in the ARP cache. If inet_addr is specified, the IP and data link address of the specified computer appear. If more than one network interface uses ARP, entries for each ARP table appear. inet_addr Specifies an Internet address. -N if_addr Displays the ARP entries for the network interface specified by if_addr. -v Displays the ARP entries in verbose mode. -d Deletes the host specified by inet_addr. -s Adds the host and associates the Internet address inet_addr with the data link address eth_addr. The physical address is given as six hexadecimal bytes separated by hyphens. The entry is permanent. eth_addr Specifies physical address. if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used. Pyles, Carrell, and Tittel 1 Guide to TCP/IP: IPv6 and IPv4, 5th Edition, ISBN 978-13059-4695-8 IPCONFIG The Ipconfig utility displays and modifies IP address configuration information.
    [Show full text]
  • Command Reference Guide for Cisco Prime Infrastructure 3.9
    Command Reference Guide for Cisco Prime Infrastructure 3.9 First Published: 2020-12-17 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]