CLI tools for Network analysis 1

 Guides  Add comments
Sep 242010
 

networkIn two previous articles we saw two instruments that have as output of our analysis a graphic form (ntop and wireshark), but today we will see some tools you can use from the command line: Ping, telnet, dig, traceroute, whois, netstat, nmap, and mtr

PING

Ping is a computer network administration utility used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer. The name comes from active sonar terminology.




Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response. In the process it measures the time from transmission to reception (round-trip time)[1] and records any packet loss. The results of the test are printed in form of a statistical summary of the response packets received, including the minimum, maximum, and the mean round-trip times, and sometimes the standard deviation of the mean.

The use of a ping utility is usually described as pinging a computer.

Ping may be run using various options (command line switches) depending on the implementation that enable special operational modes, such as to specify the packet size used as the probe, automatic repeated operation for sending a specified count of probes, time stamping options, or to perform a ping flood. Flood pinging may be abused as a simple form of denial-of-service attack, in which the attacker overwhelms the victim with ICMP echo request packets.

basic syntax at it’s core: ping hostname|IP

Example:

ping www.linuxaria.com

PING linuxaria.com (66.7.205.168) 56(84) bytes of data.

64 bytes from solid.nseasy.com (66.7.205.168): icmp_seq=1 ttl=46 time=220 ms

64 bytes from solid.nseasy.com (66.7.205.168): icmp_seq=2 ttl=46 time=171 ms

64 bytes from solid.nseasy.com (66.7.205.168): icmp_seq=3 ttl=46 time=169 ms

64 bytes from solid.nseasy.com (66.7.205.168): icmp_seq=4 ttl=46 time=169 ms

64 bytes from solid.nseasy.com (66.7.205.168): icmp_seq=5 ttl=46 time=168 ms

^C

--- linuxaria.com ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4005ms

rtt min/avg/max/mdev = 168.906/179.895/220.449/20.297 ms

What the output means ?

“time=220ms” – this is the round trip time; the time between sending the “are you there?” and receiving the “yes I am!”. In this case, 220 milliseconds. Since the ping is repeated several times you can see that this time is fairly consistent, which is good. The time will vary depending on many factors including how close you are to the remote server, how many routers and other networking equipment are in between you and that server, and more.

“5 packets transmitted, 5 received” – one of the things that TCP/IP is designed to deal with is packet loss. Ideally, every packet you send should get to where it’s going, but for various reasons that doesn’t always happen. As long as the packets can get there after a retry or two, in normal usage you’d never notice. Ping sends multiple packets and reports specifically on the success rate, so that you can see if a particular connection is prone to packet loss.

“rtt min/avg/max/mdev” Approximate round trip times – while on average the same kind of packet sent to the same destination should take roughly the same amount of time, that’s also not always the case. Sometimes for reasons as diverse as the equipment and paths that the packets take, some take longer than others. Ping reports these statistics so that you can see if a particular connection is prone to this type of problem.

“RTT min/avg/max/mdev” Tempo approssimativo del percorso di andata e ritorno – mentre, in media, lo stesso tipo di pacchetto inviato per la stessa destinazione dovrebbe prendere circa la stessa quantità di tempo, anche quello non è sempre così. A volte per motivi diversi come le attrezzature ed i percorsi che i pacchetti di prendere, prendere alcuni più di altri. Ping segnala queste statistiche in modo che si può vedere se una particolare connessione è soggetta a questo tipo di problema.

More examples:

ping -c 5 -q 127.0.0.1

the option -c means send just 5 packets, option -q is used to view only the ping statistics summary.

for i in {1..254}; do ping -c 1 -W 1 192.168.0.$i | grep 'from' | cut -d' ' -f 4 | tr -d ':'; done

Ping scanning without nmap

Usefull for when you don’t have nmap and need to find a missing host.

Pings all addresses from 192.168.0.1 to 192.168.0.254, modify for your subnet.

Timeout set to 1 sec for speed, if running over a slow connection you should raise that to avoid missing replies.

ping -q -c1 -w3 www.linuxaria.com 2&>1 /dev/null || echo www.linuxaria.com ping failed | mail -ne -s'Server unavailable' [email protected]

Check a server is up. If it isn’t mail me.

Admin wants an email if the linuxaria server is down. Set a cron job for every 5 mins with this line and he gets an email when/if a ping takes longer than 3 seconds.

Check also Wikipedia

15 effective ping commands

Telnet

Telnet is a protocol which is part of the TCP/IP suite. It is quite similar to the UNIX rlogin program. Telnet allows you to control a remote computer from your own one. It is terminal emulation software. In the old days harddrives were humonguous and expensive (i am talking waY back here) and there were no personal computers. To make use of existing computers you had to lease hardrive space and use terminals to operate the system. For developers this was great because computing became lots cheaper. You needed a server and many connections could be made. With telnet u can emulate this type of distributed computing and for example operate a supercomputer from a distance.

TCP/IP works with ports and telnet has one also. It’s nr 23. It’s has several rfc’s. Nr 854 dates back to 1983 and is named telnet protocol specification.

With telnet you can do various things like send mail, log in to irc or proxy and even (though hardly anymore) view and modify websites. There are telnet services available allowing you to search through large databases using telnet. With this you use the remote computer’s power so it won’t presure your precious resources.

But let’s see what can we do with telnet now:

telnet < hostname > < ip >

Telnet will make a tcp connection to a remote ip/port to test connectivity. If it times out, it’s not reaching the host (maybe the firewall is blocking it). If connection is refused, it’s reaching the host, but either the service is not listening on that port, or it’s locked.

telnet www.linuxaria.com 80

Trying 66.7.205.168...

Connected to linuxaria.com.

Escape character is '^]'.

GET /index.php HTTP/1.1

HTTP/1.1 400 Bad Request

Date: Fri, 24 Sep 2010 21:02:46 GMT

Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.11

Content-Length: 422

Connection: close

Content-Type: text/html; charset=iso-8859-1

Use telnet to connect to a site on port 80 (http). After that give a GET command to retrieve a page, this can be an useful test to see if a server is reaching some remote website hosting server.

telnet towel.blinkenlights.nl

Watch Star Wars via telnet.

telnet towel.blinkenlights.nl 666

BOFH excuse generator.

DIG

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

Although dig is normally used with command-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command-line arguments and options is printed when the -h option is given. Unlike earlier versions, the BIND9 implementation of dig allows multiple lookups to be issued from the command line.

Unless it is told to query a specific name server, dig will try each of the servers listed in /etc/resolv.conf.

Basic syntax

dig @server name type

server is the name or IP address of the name server to query.
name is the name of the resource record that is to be looked up.

dig +short myip.opendns.com @resolver1.opendns.com


Get your outgoing IP address
Instead of opening your browser, googling “whatismyip” etc.
Also useful for scripts.

dig +short txt .wp.dg.cx


Query Wikipedia via console over DNS
Query Wikipedia by issuing a DNS query for a TXT record. The TXT record will also include a short URL to the complete corresponding Wikipedia entry
Example:

dig +short txt linux.wp.dg.cx


“Linux (commonly pronounced in English; variants exist) is a generic term referring to Unix-like computer operating systems based on the Linux kernel. Their development is one of the most prominent examples of free and open source software collaboration; t” “ypically all the underlying source code can be used, freely modified, and redistributed by anyone under the terms of the… http://a.vu/w:Linux”

Popular Posts:

    None Found

Flattr this!

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

CAPTCHA

*