1.14: Some Useful Utilities
- Page ID
There exists a great variety of useful programs for probing and diagnosing networks. Here we list a few of the simpler, more common and available ones; some of these are addressed in more detail in subsequent chapters. Some of these, like
ping, are generally present by default; others will have to be installed from somewhere.
Ping is useful to determine if another machine is accessible, eg
ping www.cs.luc.edu ping 18.104.22.168
See 7.11 Internet Control Message Protocol for how it works. Sometimes
ping fails because the necessary packets are blocked by a firewall.
ifconfig, ipconfig, ip
To find your own IP address you can use
ipconfig on Windows,
ifconfig on Linux and Macintosh systems, or the newer
ip addr list on Linux. The output generally lists all active interfaces but can be restricted to selected interfaces if desired. The
ip command in particular can do many other things as well. The Windows command
netsh interface ip show config also provides IP addresses.
nslookup, dig and host
This trio of programs, all developed by the Internet Systems Consortium [http://isc.org], are all used for DNS lookups. They differ in convenience and options. The oldest is
nslookup, the one with the most options (by a rather wide margin) is
dig, and the newest and arguably most convenient for normal usage is
nslookup intronetworks.cs.luc.edu Non-authoritative answer: Name: intronetworks.cs.luc.edu Address: 22.214.171.124 dig intronetworks.cs.luc.edu ... ;; Answer SECTION: intronetworks.cs.luc.edu. 86400 IN A 126.96.36.199 ... host intronetworks.cs.luc.edu intronetworks.cs.luc.edu has address 188.8.131.52 intronetworks.cs.luc.edu has IPv6 address 2600:3c03::f03c:91ff:fe69:f438
See 7.8.1 nslookup (and dig).
This lists the route from you to a remote host:
traceroute intronetworks.cs.luc.edu 1 184.108.40.206 (220.127.116.11) 0.751 ms 0.753 ms 0.783 ms 2 18.104.22.168 (22.214.171.124) 1.319 ms 1.286 ms 1.253 ms 3 126.96.36.199 (188.8.131.52) 1.225 ms 1.231 ms 1.193 ms 4 cr83.cgcil.ip.att.net (184.108.40.206) 4.983 ms cr84.cgcil.ip.att.net (220.127.116.11) 4.825 ms 4.812 ms 5 cr83.cgcil.ip.att.net (18.104.22.168) 4.926 ms 4.904 ms 4.888 ms 6 cr1.cgcil.ip.att.net (22.214.171.124) 5.043 ms cr2.cgcil.ip.att.net (126.96.36.199) 5.343 ms 5.317 ms 7 gar13.cgcil.ip.att.net (188.8.131.52) 3.879 ms 18.347 ms ggr4.cgcil.ip.att.net (184.108.40.206) 2.987 ms 8 chi-b21-link.telia.net (220.127.116.11) 2.344 ms 2.305 ms 2.409 ms 9 nyk-bb2-link.telia.net (18.104.22.168) 24.065 ms nyk-bb1-link.telia.net (22.214.171.124) 24.986 ms nyk-bb2-link.telia.net (126.96.36.199) 23.158 ms 10 nyk-b3-link.telia.net (188.8.131.52) 23.557 ms 23.548 ms nyk-b3-link.telia.net (184.108.40.206) 24.510 ms 11 netaccess-tic-133837-nyk-b3.c.telia.net (220.127.116.11) 23.957 ms 24.382 ms 24.164 ms 12 0.e1-4.tbr1.mmu.nac.net (18.104.22.168) 24.922 ms 24.737 ms 24.754 ms 13 22.214.171.124 (126.96.36.199) 24.024 ms 24.249 ms 23.924 ms
The last router (and
intronetworks.cs.luc.edu itself) don’t respond to the traceroute packets, so the list is not quite complete. The Windows
tracert utility is functionally equivalent. See 7.11.1 Traceroute and Time Exceeded for further information.
Traceroute sends, by default, three probes for each router. Sometimes the responses do not all come back from the same router, as happened above at routers 4, 6, 7, 9 and 10. Router 9 sent back three distinct responses.
On Linux systems the mtr [en.Wikipedia.org/wiki/MTR_(software)] command may be available as an alternative to traceroute; it repeats the traceroute at one-second intervals and generates cumulative statistics.
route and netstat
route print (Windows),
ip route show (Linux), and
netstat -r (all systems) display the host’s local IP forwarding table. For workstations not acting as routers, this includes the route to the default router and, usually, not much else. The default route is sometimes listed as destination 0.0.0.0 with netmask 0.0.0.0 (equivalent to 0.0.0.0/0).
netstat -a shows the existing TCP connections and open UDP sockets.
netcat program, often called
nc, allows the user to create TCP or UDP connections and send lines of text back and forth. It is seldom included by default. See 11.1.4 netcat and 12.6.2 netcat again.
This is a convenient combination of packet capture and packet analysis, from wireshark.org [http://wireshark.org]. See 12.4 TCP and WireShark and 8.11 Using IPv6 and IPv4 Together for examples.
WireShark was originally named Etherreal. An earlier command-line-only packet-capture program is tcpdump [www.tcpdump.org/], though WireShark has greatly expanded support for packet-format decoding. Both WireShark and tcpdump support both live packet capture and reading from
.pcap (packet capture) and
.pcapng (next generation) files.
WireShark is the only non-command-line program listed here. It is sometimes desired to monitor packets on a remote system. If X-windows is involved (eg on Linux), this can be done by logging in from one’s local system using
ssh -X, which enables X-windows forwarding, and then starting
wireshark (or perhaps
sudo wireshark) from the command line. Other alternatives include tcpdump and tshark; the latter is part of the WireShark distribution and supports the same packet-decoding facilities as WireShark. Finally, there is termshark [https://termshark.io], a frontend for tshark that offers a terminal-based interface reasonably similar to WireShark’s graphical interface.