search
Infiltr8ForumGitHub
githubEdit

Network Configuration

MITRE ATT&CK™ System Network Configuration Discovery - Technique T1016

hashtag
Theory

Understanding the target network configuration is a critical enumeration phase. Interfaces, routes, and active connections is pivotal for mapping out the network infrastructure and identifying potential points of entry or vulnerabilities.

This section will explore key commands used to enumerate and gather crucial network information, providing insights into how these commands aid in assessing and understanding the network environment.

hashtag
Practice

hashtag
Routing Table

The route print command may be used to display the routing table of a Windows system.

route print

hashtag
Network Interfaces

IPConfig is a versatile command that provides comprehensive information about the network interfaces, IP addresses, subnet masks, DNS configuration, MAC addresses, and more.

# Display network interface informations
ipconfig /all

# Display local DNS cache
ipconfig /all

hashtag
Display Connections

The netstat command may be used to displays active and listening network connections, including ports and associated processes.

hashtag
ARP Table

The arp command in Windows can be used to display the ARP cache, which contains the mapping of IP addresses to MAC addresses within the local network. This command provides a list of known devices and their corresponding MAC addresses connected to the network.

hashtag
NetBIOS Name Cache

The nbtstat command may be used to displays the NetBIOS name table cache, listing the NetBIOS names and their corresponding IP addresses cached on the local system.

hashtag
Resources

LogoSystem Network Configuration Discovery, Technique T1016 - Enterprise | MITRE ATT&CK®attack.mitre.orgchevron-right

Last updated