Skip to main content
Engineering LibreTexts

1.14: Some Useful Utilities

  • Page ID
  • There exists a great variety of useful programs for probing and diagnosing networks. Here we list a few of the simpler, more common and available ones; some of these are addressed in more detail in subsequent chapters. Some of these, like ping, are generally present by default; others will have to be installed from somewhere.


    Ping is useful to determine if another machine is accessible, eg


    See 7.11   Internet Control Message Protocol for how it works. Sometimes ping fails because the necessary packets are blocked by a firewall.

    ifconfig, ipconfig, ip

    To find your own IP address you can use ipconfig on Windows, ifconfig on Linux and Macintosh systems, or the newer ip addr list on Linux. The output generally lists all active interfaces but can be restricted to selected interfaces if desired. The ip command in particular can do many other things as well. The Windows command netsh interface ip show config also provides IP addresses.

    nslookup, dig and host

    This trio of programs, all developed by the Internet Systems Consortium [], are all used for DNS lookups. They differ in convenience and options. The oldest is nslookup, the one with the most options (by a rather wide margin) is dig, and the newest and arguably most convenient for normal usage is host.

    Non-authoritative answer:
    ;; ANSWER SECTION: 86400 IN      A
    host has address has IPv6 address 2600:3c03::f03c:91ff:fe69:f438

    See 7.8.1   nslookup (and dig).


    This lists the route from you to a remote host:

     1 (  0.751 ms  0.753 ms  0.783 ms
     2 (  1.319 ms  1.286 ms  1.253 ms
     3 (  1.225 ms  1.231 ms  1.193 ms
     4 (  4.983 ms (  4.825 ms  4.812 ms
     5 (  4.926 ms  4.904 ms  4.888 ms
     6 (  5.043 ms (  5.343 ms  5.317 ms
     7 (  3.879 ms  18.347 ms (  2.987 ms
     8 (  2.344 ms  2.305 ms  2.409 ms
     9 (  24.065 ms (  24.986 ms (  23.158 ms
    10 (  23.557 ms  23.548 ms (  24.510 ms
    11 (  23.957 ms  24.382 ms  24.164 ms
    12 (  24.922 ms  24.737 ms  24.754 ms
    13 (  24.024 ms  24.249 ms  23.924 ms

    The last router (and itself) don’t respond to the traceroute packets, so the list is not quite complete. The Windows tracert utility is functionally equivalent. See 7.11.1   Traceroute and Time Exceeded for further information.

    Traceroute sends, by default, three probes for each router. Sometimes the responses do not all come back from the same router, as happened above at routers 4, 6, 7, 9 and 10. Router 9 sent back three distinct responses.

    On Linux systems the mtr [] command may be available as an alternative to traceroute; it repeats the traceroute at one-second intervals and generates cumulative statistics.

    route and netstat

    The commands route, route print (Windows), ip route show (Linux), and netstat -r (all systems) display the host’s local IP forwarding table. For workstations not acting as routers, this includes the route to the default router and, usually, not much else. The default route is sometimes listed as destination with netmask (equivalent to

    The command netstat -a shows the existing TCP connections and open UDP sockets.


    The netcat program, often called nc, allows the user to create TCP or UDP connections and send lines of text back and forth. It is seldom included by default. See 11.1.4   netcat and 12.6.2   netcat again.


    This is a convenient combination of packet capture and packet analysis, from []. See 12.4   TCP and WireShark and 8.11   Using IPv6 and IPv4 Together for examples.

    WireShark was originally named Etherreal. An earlier command-line-only packet-capture program is tcpdump [], though WireShark has greatly expanded support for packet-format decoding. Both WireShark and tcpdump support both live packet capture and reading from .pcap (packet capture) and .pcapng (next generation) files.

    WireShark is the only non-command-line program listed here. It is sometimes desired to monitor packets on a remote system. If X-windows is involved (eg on Linux), this can be done by logging in from one’s local system using ssh -X, which enables X-windows forwarding, and then starting wireshark (or perhaps sudo wireshark) from the command line. Other alternatives include tcpdump and tshark; the latter is part of the WireShark distribution and supports the same packet-decoding facilities as WireShark. Finally, there is termshark [], a frontend for tshark that offers a terminal-based interface reasonably similar to WireShark’s graphical interface.