Certified Incident Handler (ECIH v3) — Question 59

What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

Answer options

• A. "arp" command
• B. "netstat ""an" command
• C. "dd" command
• D. "ifconfig" command

Correct answer: A

Explanation

The "arp" command is specifically designed to display the Address Resolution Protocol table, which lists IP addresses and their corresponding MAC addresses. The "netstat "an" command shows active connections and listening ports, but not MAC addresses. The "dd" command is used for copying and converting files, and "ifconfig" displays network interface configurations without showing the ARP table.