troubleshooting cases, how to know recent connections ? Linux & Windows OS via CLI

Posted by

When you are troubleshooting some issues or even doing some security research on Windows OS or even Linux, one thing that will be good to know is the recent connections between the host you are checking and other devices in order to know the recent behavior of the host with that network.

Let’s see the specific command that helps you with that, this command can be used on both platforms,

Linux example,

[root@securitytweak ~]# arp -a

? (X.180.133.145) at 00:X:56:8a:38:f9 [ether] on eno16777728

? (15.X.133.1) at 00:10:f3:X:2d:ec [ether] on eno16777728

? (15.118.X.183) at 00:X:5:8a:5a:f4 [ether] on eno16777728

? ( at 00:0:X:8a::72 [ether] on eno16777728

? ( at 28:80:X:ab:b5:X [ether] on eno16777728

The command: arp -a, list the entire recent connections with other devices per interface, also on Windows will look like the following example:

C:\Users\securitytweak> arp -a

Interface: 192.168.0.X — 0xd

Internet Address Physical Address Type

192.X.0.X X-59-33-47-09-ee dynamic

192.X.0.255 ff-X-ff-ff-ff-ff static 01-Z0-Ce-00-00-16 static 01-00-De-00-00-fc static ff-X-ff-ff-ff-ff static

Interface: 16.X9.X.9 — 0x13

Internet Address Physical Address Type

15.X.133.80 02-00-85-50 dynamic

15.X.133.198 02-00-74-85-c6 dynamic

15.X.133.202 02-0f-74-85-ca dynamic

15.X.1.179 Z2-00-0f-78-01-b3 dynamic

15.X.32.67 C2-00-0f-78-20-43 dynamic

16.X.213.56 02-M0-10-6d-d5-38 static

Good information to know also the type of the configuration of the IP address. (dynamic or static) per host with recent connections to the compromised host.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s