LABORATORY EXERCISE: CYBER BASICS - Linux Networking and Command Line Tools

This laboratory exercise will expand your understanding of the Linux Terminal (sometimes called the “shell”, command-line, or CLI) and introduction to a powerful set of tools all cyber security professionals should fully embrace. Linux and UN*X based operating systems are comprised of thousands of “many small tools that do one thing well,” as the saying goes – a realization that only more seasoned experts fully appreciate. This “many small tools” concept is the foundation of the UN*X philosophy, and if fully embraced, greatly amplifies the user's ability to perform very complex operations. It represents much of the hidden power Linux users have access to.

For the purposes of this lab, we will be focusing on learning more Linux command line tools and how they work together to provide simple yet powerful functionality.

Faculty Instructions

Resources required

Recommend using the Virginia Cyber Range “Cyber Basics (2018)” environment, or in the very least, a Kali- Linux environment with multiple machines to scan (e.g. target.example.com). 

If you are using the Virginia Cyber Range “Cyber Basics (2018)” environment, this lab exercise requires an account on The Range.  To sign up for an account on The Range, please visit our Sign-Up page.  Your students will also require an account on the Virginia Cyber Range; this will be explained in the setup of your course.

Virtual Environment: This exercise works best using the Cyber Basics (2018) environment which contains four VMs. Click here for a detailed description of this environment. 

Linux Networking and Command Line Tools Lab Handout

Log In
to download materials

* NICE Cybersecurity Workforce Framework KSAs Addressed
  • K0001: * Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0129: Knowledge of Unix command line (e.g., mkdir, mv, ls, passwd, grep).
  • K0174: Knowledge of networking protocols.
  • K0177: Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).
  • K0303: Knowledge of the use of sub-netting tools.
  • K0332: Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0471: Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
  • K0555: Knowledge of TCP/IP networking protocols.
  • S0019: Skill in creating programs that validate and process multiple inputs including command line arguments, environmental variables, and input streams.
  • S0081: Skill in using network analysis tools to identify vulnerabilities.
  • S0264: Skill in recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, frequency in DNI behavior, mail servers, domain servers, SMTP header information).
  • S0267: Skill in remote command line and Graphic User Interface (GUI) tool usage.
  • A0107: Ability to think like threat actors.
* NSA/DHS Center of Excellence (CAE) KUs Addressed
  • Basic Networking (BNW)
  • Basic Scripting and Programming (BSP)
  • Linux System Administration (LSA)

* Most courseware content maps to NIST NICE Cybersecurity Workforce Framework (NCWF) Knowledge, Skills, and Abilities (KSAs) and/or NSA/DHS CAE Knowledge Units (KUs). For more information on KSAs and KUs, please visit:

KSAs: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

KUs: https://www.iad.gov/NIETP/documents/Requirements/CAE-CD_2019_Knowledge_Units.pdf