Assignment:
Remember to screenshot each step as well as the output of each step and paste your screenshots into a Word document.
1. From within your eLumin Sandbox, open the "Network Tools" VM, by clicking on Connect GUI.
2. Open the Windows menu, type "cmd", then hit enter, in order to open the Windows Command Prompt. (Alternatively, you can click to open the Windows menu, scroll down and open Windows System, then open Command Prompt). Then type "ipconfig /all". then enter:
1. Use this ipconfig tool on to determine the following:
- 1. Your MAC address (Physical Address)
- 2. Your Default Gateway
- 3. Your IP Address (IPV4 and IPV6)
- 4. Your Subnet Mask
- 5. Your DHCP Server
3. During troubleshooting for the St. Louis-based Studio X (studiox.us), you discover a couple of unrelated domains with alternative domain endings: studiox.com and studiox.bg.
1. What does the .bg represent?
2. Where did you go to look this up?
3. In the Command Prompt, type whois studiox.bg to determine:
1. The IP address for studiox.bg.
2. Who owns the domain you discovered?
3. Who is the registrant contact?
4. What is his email address?
4. How could these unrelated domains be potential security risks to the St. Louis-based company?
5. How could these potential risks be mitigated? Be creative and cite your sources!
4. In the command prompt, type netstat -o and hit enter to determine the following:
1. A list of all the active TCP ports your VM is listening on
2. What is the process ID (PID) for TCP port 3389?
3. What service runs on TCP port 3389? (Hint: you won't find this information in the netstat tool).
4. Open a browser and connect to amazon.com. Using netstat, capture the connection information. What source port are you using?
1. Hint: Consider using Task Manager as well to find the PID:
1. Open task manager by opening the Windows menu, clicking on Windows System and then Task Manager.
2. Click more details (at the bottom), then click the Details tab (near the top). Then find your browser. What is the PID of the browser (might have multiple PIDs)?
5. Typing netstat -o -t 5 I findstr [PID] . replacing PID with the PID of your browser will filter the Netstat output to show the connections from your browser, updating every 5 seconds? Explain what each one of the flags you're using accomplishes. Choose two other netstat flags (by typing in netstat -h and hitting enter in the Command Prompt) and explain what they do. What output would typing netstat -s -p tcp -f into the command prompt create?
5. From your VM. go to whatismyip.com in a browser.
1. Is your VM NAT'd? How do you know?
2. Use the tracert tool (by typing tracert into the command prompt and hitting enter) to go to the IP address shown on whatismyip.com. What are you trace routing to?
3. Do you notice anything interesting (Hint: maybe a loop of some sort) in the results? Explain.
4. What does the first IP address represent in the trace route?
5. Who owns the last IP address in the trace route?