Skip to main content
Engineering LibreTexts

1.14: Some Useful Utilities

  • Page ID
    11075
  • There exists a great variety of useful programs for probing and diagnosing networks. Here we list a few of the simpler, more common and available ones; some of these are addressed in more detail in subsequent chapters. Some of these, like ping, are generally present by default; others will have to be installed from somewhere.

    ping

    Ping is useful to determine if another machine is accessible, eg

    ping www.cs.luc.edu
    ping 147.126.1.230
    

    See 7.11   Internet Control Message Protocol for how it works. Sometimes ping fails because the necessary packets are blocked by a firewall.

    ifconfig, ipconfig, ip

    To find your own IP address you can use ipconfig on Windows, ifconfig on Linux and Macintosh systems, or the newer ip addr list on Linux. The output generally lists all active interfaces but can be restricted to selected interfaces if desired. The ip command in particular can do many other things as well. The Windows command netsh interface ip show config also provides IP addresses.

    nslookup, dig and host

    This trio of programs, all developed by the Internet Systems Consortium [http://isc.org], are all used for DNS lookups. They differ in convenience and options. The oldest is nslookup, the one with the most options (by a rather wide margin) is dig, and the newest and arguably most convenient for normal usage is host.

    nslookup intronetworks.cs.luc.edu
    
    Non-authoritative answer:
    Name:   intronetworks.cs.luc.edu
    Address: 162.216.18.28
    
    
    dig intronetworks.cs.luc.edu
    
    ...
    ;; ANSWER SECTION:
    intronetworks.cs.luc.edu. 86400 IN      A       162.216.18.28
    ...
    
    host intronetworks.cs.luc.edu
    
    intronetworks.cs.luc.edu has address 162.216.18.28
    intronetworks.cs.luc.edu has IPv6 address 2600:3c03::f03c:91ff:fe69:f438
    

    See 7.8.1   nslookup (and dig).

    traceroute

    This lists the route from you to a remote host:

     traceroute intronetworks.cs.luc.edu
    
     1  147.126.65.1 (147.126.65.1)  0.751 ms  0.753 ms  0.783 ms
     2  147.126.95.54 (147.126.95.54)  1.319 ms  1.286 ms  1.253 ms
     3  12.31.132.169 (12.31.132.169)  1.225 ms  1.231 ms  1.193 ms
     4  cr83.cgcil.ip.att.net (12.123.7.46)  4.983 ms cr84.cgcil.ip.att.net (12.123.7.170)  4.825 ms  4.812 ms
     5  cr83.cgcil.ip.att.net (12.123.7.46)  4.926 ms  4.904 ms  4.888 ms
     6  cr1.cgcil.ip.att.net (12.122.99.33)  5.043 ms cr2.cgcil.ip.att.net (12.122.132.109)  5.343 ms  5.317 ms
     7  gar13.cgcil.ip.att.net (12.122.132.121)  3.879 ms  18.347 ms ggr4.cgcil.ip.att.net (12.122.133.33)  2.987 ms
     8  chi-b21-link.telia.net (213.248.87.253)  2.344 ms  2.305 ms  2.409 ms
     9  nyk-bb2-link.telia.net (80.91.248.197)  24.065 ms nyk-bb1-link.telia.net (213.155.136.70)  24.986 ms nyk-bb2-link.telia.net (62.115.137.58)  23.158 ms
    10  nyk-b3-link.telia.net (62.115.112.255)  23.557 ms  23.548 ms nyk-b3-link.telia.net (80.91.248.178)  24.510 ms
    11  netaccess-tic-133837-nyk-b3.c.telia.net (213.248.99.90)  23.957 ms  24.382 ms  24.164 ms
    12  0.e1-4.tbr1.mmu.nac.net (209.123.10.101)  24.922 ms  24.737 ms  24.754 ms
    13  207.99.53.42 (207.99.53.42)  24.024 ms  24.249 ms  23.924 ms
    

    The last router (and intronetworks.cs.luc.edu itself) don’t respond to the traceroute packets, so the list is not quite complete. The Windows tracert utility is functionally equivalent. See 7.11.1   Traceroute and Time Exceeded for further information.

    Traceroute sends, by default, three probes for each router. Sometimes the responses do not all come back from the same router, as happened above at routers 4, 6, 7, 9 and 10. Router 9 sent back three distinct responses.

    On Linux systems the mtr [https://en.wikipedia.org/wiki/MTR_(software)] command may be available as an alternative to traceroute; it repeats the traceroute at one-second intervals and generates cumulative statistics.

    route and netstat

    The commands route, route print (Windows), ip route show (Linux), and netstat -r (all systems) display the host’s local IP forwarding table. For workstations not acting as routers, this includes the route to the default router and, usually, not much else. The default route is sometimes listed as destination 0.0.0.0 with netmask 0.0.0.0 (equivalent to 0.0.0.0/0).

    The command netstat -a shows the existing TCP connections and open UDP sockets.

    netcat

    The netcat program, often called nc, allows the user to create TCP or UDP connections and send lines of text back and forth. It is seldom included by default. See 11.1.4   netcat and 12.6.2   netcat again.

    WireShark

    This is a convenient combination of packet capture and packet analysis, from wireshark.org [http://wireshark.org]. See 12.4   TCP and WireShark and 8.11   Using IPv6 and IPv4 Together for examples.

    WireShark was originally named Etherreal. An earlier command-line-only packet-capture program is tcpdump [http://www.tcpdump.org/], though WireShark has greatly expanded support for packet-format decoding. Both WireShark and tcpdump support both live packet capture and reading from .pcap (packet capture) and .pcapng (next generation) files.

    WireShark is the only non-command-line program listed here. It is sometimes desired to monitor packets on a remote system. If X-windows is involved (eg on Linux), this can be done by logging in from one’s local system using ssh -X, which enables X-windows forwarding, and then starting wireshark (or perhaps sudo wireshark) from the command line. Other alternatives include tcpdump and tshark; the latter is part of the WireShark distribution and supports the same packet-decoding facilities as WireShark. Finally, there is termshark [https://termshark.io], a frontend for tshark that offers a terminal-based interface reasonably similar to WireShark’s graphical interface.