A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.
Which of the following commands would be the BEST to run to view only active Internet connections?
Exam CAS-004 All QuestionsBrowse all questions from this exam
Question 18
Correct Answer: E
B
Reference:
https://www.codegrepper.com/code-examples/shell/netstat+find+port
Discussion
zapatoOption: E
It cannot be B. the switch -l is used to list only listening connections so grep ESTABLISHED is doing nothing in this case. A (grep LISTEN) is filtering by listening connections too. C has the switch -l too. I think the answer is E as it shows all connections and filtering by TCP which is the goal.
twirlerrose
-l is not the only switch being used. The -t will go ahead and list all TCP connections, then the second half of the command "grep ESTABLISHED" will filter out the TCP connections that are just listening
fb2fcb1Option: E
E. sudo netstat -pnut | grep -P ^tcp The command "sudo netstat -pnut | grep -P ^tcp" would be the best option to view only active Internet connections on a Linux workstation. Explanation of the command: "sudo" is used to run the command with administrative privileges. "netstat" is the command-line utility for displaying network connections. "-pnut" displays active network connections (-t for TCP connections, -u for UDP connections, and -n for numerical addresses instead of resolving hostnames). The "-p" option shows the process ID and name associated with each connection. "grep -P ^tcp" filters the output to show only TCP connections. This command will provide a list of active TCP connections, including the process ID and name associated with each connection.
lordguckOption: E
E: as the netstat "u" parameter gives UDP connections, also and the grep "tcp" filters those out.
definitely
thanks this was a good simple explanation
adamwellaOption: E
Don't let B. trick you
adamwellaOption: E
The selected answer should be E.
RevZig67Option: E
I tried each command in an UBUNTU shell. Answer D gave the best results. Try it.
emaney
is the answer E or D?
Matty_B
Any update to which one is correct?
jhxetcOption: E
This is a very weird question. The question mentions that the analyst is looking for TCP connections, but then asks the BEST way to view "Active Internet Connections." Anyone who's ever run netstat, will know that it ALWAYS says "Active Internet Connections." So literally any of these commands could be interpreted as correct. If we are only truly interested in ESTABLISHED TCP connections - which can be interpreted as an "active" connection, B is the obvious answer. If we are interested in only outgoing connections for both protocols, then D is the best choice - however I am inclined to think that we only care about TCP. E seems silly since the better idea would be to just omit -u and not to the grep, however it does achieve only showing tcp connections, however it will include TIME_WAIT and CLOSED connections - which aren't considered "active" in some senses, however because of their word choice being the same word choice that netstat ALWAYS outputs, I would have to go with E.
FOURDUEOption: E
I tried both D & E commands. D's output yielded a UDP connection. E did not labadmin@labadmin-virtual-machine:~$ sudo netstat -pnut | grep -P ^tcp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 192.168.88.128:68 192.168.88.254:67 ESTABLISHED 705/Net orkManager labadmin@labadmin-virtual-machine:~$ E is the clear winner
FOURDUE
We are only concerned with examining the active TCP connections using the command line.
ukuwaiOption: E
Choice b will trick you and is not realistic since no one will use this command for this purpose. The answer is E.
23169fdOption: E
E is correct.
23169fd
e command sudo netstat -nlt -p | grep "ESTABLISHED" has a mistake due to the combination of options -l (for listening) and filtering for "ESTABLISHED" state. The -l option restricts the output to only listening sockets, which will never be in the "ESTABLISHED" state. Therefore, the command won't produce any meaningful results for active connections.
Delab202Option: E
To view only active Internet connections on a Linux workstation, the BEST command to run would be: E. sudo netstat -pnut | grep -P ^tcp
secdocOption: D
Has to be D, internet connections are absolutely both UDP and TCP based so we need to see both.
BiteSizeOption: E
Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
margomi86Option: E
E. sudo netstat -pnut | grep -P ^tcp This command displays active TCP connections and filters only those that are established (not listening or waiting) with the "grep" command. The "-p" option shows the process ID and name associated with each connection, and the "-n" option displays numerical addresses and ports instead of resolving them to names. The "^tcp" pattern filters only TCP connections, and the "-u" and "-t" options show only UDP and TCP connections, respectively. This command is the best option to view only active Internet connections on a Linux workstation.
OneSaintOption: D
Answer is D, the command displays "Active Internet sonnections" netstat -pnut -w | column -t -s $’\w’
PacKittyOption: D
Yes agreed with RevZig67 ' Option D' gives the best result, as the question clearly states "Active Internet Connection" no other commands state that in the output