Network Tools

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 8

Network tools

ing
Article Table of contents

The Ping tool


"Ping" (short for Packet INternet Groper) is without a doubt the best-known network
administration tool. It is one of the simplest tools, because all it does is send packets to
check if a remote machine is responding and, by extension, if it is accessible over the
network.
The ping tool, then, is used to diagnose network connectivity using commands of the
type:
ping name.of.the.machine

name.of.the.machine represents the machine's IP address, or its name. It is generally


preferable to test it first using the machine's IP address.

How ping works


Ping relies on the ICMP protocol, which is used to diagnose transmission conditions. For
this reason, it uses two types of protocol messages (out of the 18 offered by ICMP):

Type 0, which corresponds to an "echo request" command, sent by the source


machine;
Type 8, which corresponds to an "echo reply" command, sent by the target
machine.

At regular intervals (by default, every second), the source machine (the one running the
ping command) sends an "echo request" to the target machine. When the "echo reply"
packet is received, the source machine displays a line containing certain information. If
the reply is not received, a line saying "request timed out" will be shown.

Ping results
Depending on the operating system, the results of the ping may be displayed somewhat
differently.
Here are the results of the command in GNU/Linux:

ping www.commentcamarche.net
PING www.commentcamarche.net (163.5.255.85): 56 data bytes
64 bytes from 163.5.255.85: icmp_seq=0 ttl=56 time=7.7 ms
64 bytes from 163.5.255.85: icmp_seq=1 ttl=56 time=6.0 ms
64 bytes from 163.5.255.85: icmp_seq=2 ttl=56 time=5.5 ms
64 bytes from 163.5.255.85: icmp_seq=3 ttl=56 time=6.0 ms
64 bytes from 163.5.255.85: icmp_seq=4 ttl=56 time=5.3 ms
64 bytes from 163.5.255.85: icmp_seq=5 ttl=56 time=5.6 ms
64 bytes from 163.5.255.85: icmp_seq=6 ttl=56 time=7.0 ms
64 bytes from 163.5.255.85: icmp_seq=7 ttl=56 time=6.0 ms
--- www.commentcamarche.net ping statistics --8 packets transmitted, 8 packets received, 0% packet loss
round-trip min/avg/max = 5.3/6.1/7.7 ms

Here are the results of the command in Windows:


ping www.commentcamarche.net
Pinging www.commentcamarche.net [163.5.255.85] with 32 bytes of data:
Reply from 163.5.255.85: bytes=32 time=34 ms TTL=54
Reply from 163.5.255.85: bytes=32 time=37 ms TTL=54
Reply from 163.5.255.85: bytes=32 time=32 ms TTL=54
Reply from 163.5.255.85: bytes=33 time=32 ms TTL=54
Ping statistics for 163.5.255.85:
Packets: sent = 4, received = 4, lost = 0 (loss 0%),
Approximate round trip times in milli-seconda:
Minimum = 32ms, Maximum = 37ms, Average = 34ms

Thus, the ping command's output gives:

The IP address which corresponds to the name of the remote machine;


The ICMP sequence number;
The packet's time to live (TTL). The time to live (TTL) field shows how many
routers the packet went through as it travelled between the two machines. Each IP
packet has a TTL field with a relatively high value. Each time it goes through a
router, the value is reduced. If this number ever reaches zero, the router interprets
this to mean that the packet is going around in circles, and terminates it;
The round-trip delay field corresponds to the length of time in milliseconds of a
round trip between the source and target machines. As a general rule, a packet
must have a delay no longer than 200 ms;
The number of lost packets.

Netstat
Article Table of contents

Introduction to Netstat
Netstat is a tool for identifying which TCP connections are active on the machine where
the command is run, listing all TCP and UDP ports that are open on that computer.

The command "netstat" is also used to retrieve statistics on a number of protocols


(Ethernet, IPv4, TCP, UDP, ICMP and IPv6).

Netstat command settings


When used with no arguments, the command netstat displays all connections which have
been opened by the machine. The command netstat has a number of optional settings.
The syntax is:
netstat [-a] [-e] [-n] [-o] [-s] [-p PROTO] [-r] [interval]

When used with the argument -a, the command netstat displays all connections and
listening ports on the machine.
When used with the argument -e, the command netstat displays Ethernet statistics.
When used with the argument -n, the command netstat displays the address and port
numbers in numerical form, without name lookup.
When used with the argument -o, the command netstat gives the number of the process
assigned to the connection.
When used with the argument -p followed by the name of the protocol (TCP, UDP or IP),
the command netstat displays the requested information concerning the specified
protocol.
When used with the argument -r, the command netstat displays the routing table.
When used with the argument -s, the command netstat displays detailed statistics for
each protocol.
Finally, an optional refresh interval (given as a number of seconds) can be used to set
how long to display the information before reloading it. By default, it is set to 1 second.

Traceroute
Article Table of contents

Introduction to Traceroute
Traceroute is a network diagnostic tool found on most operating systems, which is used
for determining which path a packet has taken. The traceroute command can be used to

draw up a map of the routers found between a source machine and a target machine. The
traceroute command is different on each operating system.

In UNIX/Linux, systems, the traceroute command is:


traceroute name.of.the.machine

In Windows systems, the traceroute command is:


tracert name.of.the.machine

Output of a traceroute
A traceroute's output describes the names and IP addresses of the chain of routers, each
preceded by a sequential number and minimum, average, and maximum response time.
Tracing a route to www.commentcamarche.net [163.5.255.85]
over a maximum of 30 hops:
1
33 ms
32 ms
33 ms raspail-2-81-57-234-254.fbx.proxad.net
[81.57.234.254]
2
33 ms
33 ms
33 ms vlq-6k-2-a5.routers.proxad.net
[213.228.4.254]
3
33 ms
33 ms
33 ms vlq-6k-2-v802.intf.routers.proxad.net
[212.27.50.46]
4
33 ms
33 ms
33 ms th1-6k-2-v806.intf.routers.proxad.net
[212.27.50.41]
5
32 ms
34 ms
34 ms cbv-6k-2-v802.intf.routers.proxad.net
[212.27.50.34]
6
34 ms
32 ms
33 ms ldc-6k-1-a0.routers.proxad.net
[213.228.15.67]
7
35 ms
35 ms
35 ms cogent.FreeIX.net [213.228.3.187]
8
36 ms
36 ms
35 ms NeufTelecom.demarc.cogentco.com
[130.117.16.22]
9
36 ms
36 ms
36 ms V3994.c1cbv.gaoland.net [212.94.162.209]
10
34 ms
34 ms
35 ms V4080.core3.cbv.gaoland.net
[212.94.161.129]
11
36 ms
35 ms
37 ms 212.94.164.210
12
36 ms
36 ms
36 ms nestor.commentcamarche.net [163.5.255.85]
Route traced.

How a traceroute works


Traceroute works thanks to the TTL field in IP packets. Each IP packet has a time to live
field (TTL) which is reduced each time it goes through a router When this field reaches
zero, the router determines that the packet has been going around in circles, terminates
this packet and sends an ICMP notification to the sender.
For this reason, traceroute sends packets to an unprivileged UDP port which is believed
to be unused (port 33434 by default) with a TTL set to 1. The first router encountered will
delete the packet and send an ICMP packet which includes the IP address of the router as
well as the loop delay. Traceroute then increases the TTL field by 1 at a time, so as to

obtain a reply from each router on the pathway, until it gets the reply "ICMP port
unreachable" from the target machine.

Nslookup
Article Table of contents

Introduction to nslookup
Nslookup (Name System Lookup) is a tool for querying a domain name server in order to
get information regarding a domain or host, and diagnosing any configuration problems
that may have arisen on the DNS.
When used without any arguments, the command nslookup displays the name and IP
address of the primary domain name server, as well as a command prompt for making
queries. Simply type the domain name at the prompt in order to display its characteristics.
You can also request information on a host by adding its name after the command
nslookup:
nslookup host.name

By default, the command nslookup queries the primary domain name server installed on
the machine. However, it is also possible to query a particular DNS by specifying it,
preceded by a minus sign, after the command:
nslookup host.name -server.name

You can also change the query mode for nslookup by using the argument set:

set type=mx is used for getting information regarding a domain's mail server(s).
set type=ns is used for getting information regarding the domain's name servers.
set type=a is used for getting information regarding a network host. It is the
default query mode.
set type=soa is used for displaying information in the SOA (Start Of Authority)
field.
set type=cname is used for displaying information regarding aliases.
set type=hinfo is used for displaying information regarding the host's hardware
and operating system, if this data has been made available.

To leave the command nslookup, simply type exit.

FTP commands
Article Table of contents

The FTP protocol


FTP (File Transfer Protocol) is a protocol — meaning a standard language that lets
two machines communicate — used so that computers of different types (or with
different operating systems) can transfer files over a network that uses TCP/IP.
FTP operates in a client/server environment, meaning that the remote machine is
configured as a server, and consequently waits for the other machine to request a service
from it. In UNIX, the service is provided by what is called a daemon, a small task that
runs in the background. The FTP daemon is called ftpd.
There are many FTP client programs, some of which are run from a command-line (such
as the command ftp, a standard installed in many operating systems), but a large majority
allow the user to manipulate files via a graphical interface (such as CuteFTP), which
makes file transfers more user-friendly.
The FTP protocol is used for transferring one file at a time, in either direction,
between the client machine (the one which initiated the connection, i.e. the calling
machine) and the server machine (which provided the FTP service, i.e. the called
machine). The FTP protocol can also perform other actions, such as creating and deleting
directories (only if they are empty), listing files, deleting and renaming files, etc.

Protocols and implementation


Do not confuse the separate concepts of the protocol and its implementation! A protocol
is a set of rules and procedures which have been defined in order to standardise
communications, while the implementation is software programming which follows
(more or less) the protocol's recommendations.
For this reason, the "ftp" command has been implemented across numerous platforms,
based on the specifications of the FTP protocol.

Logging in to an FTP server


The command "ftp" is available across various platforms, including UNIX, Windows and
Linux. The command initiates an FTP session, and is usually run as follows:
ftp server_name

server_name represents the name or IP address of the remote machine that the user wants
to connect to. The target machine must, of course, have an FTP service.

Once the connection has been initialised, a few lines of text appear on the screen. The
first line lets you know that you have connected to an FTP server, the next lines welcome
you to it, and may indicate which kind of FTP site it is (i.e, what sort of files it hosts or
which organisation owns it), or instructions for users.
In FTP, each line begins with a number that represents either success or failure. For a
welcome message, the line might be preceded by the number 220, which means "the
service is ready for the new user."
The server asks you to enter your user name (also called a login or identification), in
order to set access rights (such as read/write privileges). After the user name has been
accepted, a line beginning with the number 331 invites you to input your password,
which is masked, meaning that it doesn't appear on the screen.
In some cases the server may be public, in which case you can log in anonymously, and
you will therefore have to log in as "anonymous" (or "guest"). For public servers, custom
dictates that the user enters his/her email address as the password, but you can enter
whatever you choose.
Once the password has been accepted, a message will show if the connection has been
established or not, in which case a reason will be given (for example, the site may have
reached its maximum number of users allowed at a time, in which case the message "No
more users allowed" appears).
Once logged in, the FTP site waits for the user to enter commands describing actions to
perform.

FTP commands
The normal FTP commands are:
Order
Description
help Displays all commands supported by the FTP server.
status Used for showing some of the client machine's settings
This command switches you from ASCII mode (sending text documents) to binary
binary
mode (sending binary files, i.e. non-text files like images or programs)
ascii Switches from binary mode to ASCII mode. This is the default mode.
type Displays the current transfer mode (binary or ASCII)
Allows you to log in to the current FTP server again using a different user name.
user
You will then be requested to enter a new password.
Lists all files found in the current directory. The command "ls -l" gives additional
ls
information on the files.
pwd Displays the full name of the current directory
The command stands for change directory, and is used for changing to a different
CD
directory. The command "cd .." is used to access the parent directory

The command mkdir (in UNIX, or md in Microsoft) is used for creating a directory
mkdir within the current directory. The use of this command is reserved for users with
access allowing it.
The command rmdir (in UNIX, or rmd in Microsoft) is used for deleting a
rmdir directory within the current directory. The use of this command is reserved for
users with access allowing it.
This command is used to retrieve a file found on the server.
If the command is followed by a file name, the remote file will be
transferred to the local machine, into the current local directory
If the command is followed by two file names, the remote file (the first
get
name) is transferred to the local machine in the current local directory, with
the specified file name (the second name)

put

open
close
bye
quit

If the file name contains spaces, be sure to enter it within quote marks.
This command is used to send a local file to the server
If the command is followed by a file name, the local file will be transferred
to the remote machine, into the current remote directory
If the command is followed by two file names, the local file (the first
name) is transferred to the remote machine in the current remote directory,
with the specified file name (the second name)
If the file name contains spaces, be sure to enter it within quote marks.
Logs out and opens a new session on another FTP server
Logs out, leaving the FTP client active
Disconnects the FTP client from the server and puts it into inactive mode
Disconnects the FTP client from the server and puts it into inactive mode

You might also like