Which command would provide information on the active connections and ports in use on a suspected machine?

The command that provides information on the active connections and ports in use on a suspected machine is "netstat -ano." This command is highly valuable in network diagnostics and security assessments because it displays all active network connections, along with the process IDs (PIDs) of the applications owning those connections. By using the flags:

• "a" shows all connections and listening ports,

• "n" ensures that the addresses and port numbers are shown in numerical form instead of resolving hostnames,

• "o" displays the owning process ID associated with each connection.

This information is crucial for identifying unauthorized connections or potential malicious activity on a system, enabling forensic investigators to track down and analyze network traffic effectively.

The other commands serve different purposes. "ifconfig" is primarily used to configure network interfaces and view network configuration but does not provide information specifically on active connections. "ping" is used to test the reachability of a host on the network but does not reveal connection status or port usage. "traceroute" is utilized to determine the route packets take to reach a network destination and does not focus on active connections or listening ports.