Networking Commands

Data communication and networking

What is Traceroute & What is it For?
• Traceroute is a network diagnostic tool used to track in real-time the
pathway taken by a packet on an IP network from source to destination,
reporting the IP addresses of all the routers it pinged in between.
Traceroute also records the time taken for each hop the packet makes
during its route to the destination.
• Traceroute most commonly uses Internet Control Message Protocol (ICMP)
echo packets with variable time to live (TTL) values. The response time of
each hop is calculated. To guarantee accuracy, each hop is queried
multiple times (usually three times) to better measure the response of
that particular hop. Traceroute uses ICMP messages and TTL fields in the
IP address header to function. Traceroute tools are typically included as a
utility by operating systems such as Windows and Unix. Traceroute utilities
based on TCP are also available.
What is Traceroute Used For?

• Traceroute is a useful tool for determining the response delays and

routing loops present in a network pathway across packet switched
nodes. It also helps to locate any points of failure encountered while
en route to a certain destination.
• However, in the Internet, Traceroute messages are often blocked by
routers in various Autonomous Systems (AS), making Traceroute
highly inaccurate in many cases.
finger command
• It is very important to know about the system’s admin. You must have
all the information about the system user, who uses your Linux system,
or managing the system. Therefore, here is a command that is called a
finger.
• In the Linux operating system, a command-line utility known as “finger”
is used to display all available information about the system’s user.
• This guide will see how to get the system’s user information through
several finger command options.
• Syntax:
• Follow the below syntax:
• finger [ option ] [ username ]
More on finger command
• Finger command is a user information lookup command which gives
details of all the users logged in. This tool is generally used by system
administrators. It provides details like login name, user name, idle
time, login time, and in some cases their email address even. This tool
is similar to the Pinky tool but the Pinky tool is just the lightweight
version of this tool.
TELNET
• TELNET stands for Teletype Network. It is a type of protocol that
enables one computer to connect to local computer. It used as a
standard TCP/IP protocol for virtual terminal service which is provided
by ISO. The computer which starts the connection is known as the
local computer. The computer which is being connected to i.e. which
accepts the connection known as the remote computer. During telnet
operation, whatever is being performed on the remote computer will
be displayed by the local computer. Telnet operates on client/server
principle. The local computer uses telnet client program and the
remote computers uses telnet server program.
netstat Command
• Netstat is a command-line tool that displays active network
connections, routing tables, and other network interface information.
It can be used to troubleshoot problems on your computer or server,
or to identify security threats. we will discuss what netstat is used for,
how to run the netstat command, and what the netstat results mean.
What is netstat command used for?

• Netstat stands for "network statistics".  If you're having difficulties

accessing the internet, the netstat command can help you identify
where the problem lies. Netstat will display all of your computer's
active network connections and the status of those connections. If a
connection is not working, netstat can often provide more
information about why it is not working.
• Netstat can also be used to monitor your computer for security
threats. By default, netstat does not show listening ports, so you will
need to use the -l option to see them. If you discover any unusual or
unfamiliar listening ports, it's possible that someone is attempting to
gain access to your system without permission.
How do I run netstat command?

• To use netstat, open a command prompt or terminal window and

type "netstat" followed by the options you want to use. For example,
you can follow these steps to give netstat a try:
• Step 1: Open the start menu, type cmd into the search box, and press
Enter to launch the command prompt.
• Step 2: Type netstat at the prompt and press Enter. The netstat
command will now display a list of all active network connections.
• If you want to view all active network connections, just type netstat -
a. Many other netstat options allow you to customize its output; type
"netstat /?" for a full list at the command prompt.
• To stop netstat output, just press the Control + C keys to exit.
The netstat command shows active network connections
and displays information about them. It includes the status
of the connection, the networking protocol, local and
remote computer IP address, and more
.
Nslookup Commands
• Nslookup (stands for “Name Server Lookup”) is a useful command for
getting information from the DNS server. It is a network
administration tool for querying the Domain Name System (DNS) to
obtain domain name or IP address mapping or any other specific DNS
record. It is also used to troubleshoot DNS-related problems.

• Syntax:

• nslookup [option]
Options of nslookup command:
• nslookup google.com : 
nslookup followed by the domain name will display the “A Record” (IP
Address) of the domain. Use this command to find the address record
for a domain. It queries to domain name servers and gets the details. 
• nslookup 192.168.0.10: Reverse DNS lookup You can also do the
reverse DNS look-up by providing the IP Address as an argument to
nslookup. 
• nslookup -type=any google.com : Lookup for any record 
We can also view all the available DNS records using the -type=any
option. 
• nslookup -type=ns google.com : Lookup for an ns record 
NS (Name Server) record maps a domain name to a list of DNS servers
authoritative for that domain. It will output the name serves which
are associated with the given domain. 
route Command

• Purpose
• Manually manipulates the routing tables.
• Description
• The route command allows you to make manual entries into the
network routing tables. The route command distinguishes between
routes to hosts and routes to networks by interpreting the network
address of the Destination variable, which can be specified either by
symbolic name or numeric address. The route command resolves all
symbolic names into addresses, using either the /etc/hosts file or the
network name server.
• For a computer with more than one interface and that's configured to
work as a router, the routing table is often a major source of trouble.
Setting up the routing table properly is a key part of configuring a
router to work.
• Displaying the routing table

• To display the routing table (both IPv4 and IPv6) in Windows, use the
route print command. In Unix/Linux, you can just use route without
any command line switches. The output displayed by the Windows
and Unix/Linux commands are similar. Here's an example from a
typical Windows client computer:
• C:\>route print
• ==================================================================
• Interface List
• 8 ...00 12 3f a7 17 ba ...... Intel(R) PRO/100 VE Network Connection
• 1 ........................... Software Loopback Interface 1
• 9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
• 10 ...00 00 00 00 00 00 00 e0 isatap.{D0F85930-01E2-402F-B0FC-
• 31DFF887F06F}
• ==================================================================
• IPv4 Route Table
• ==================================================================
• Active Routes:
• Network Netmask Gateway Interface Metric
• Destination
• 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.110 276
• 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
• 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
• 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
• 192.168.1.0 255.255.255.0 On-link 192.168.1.110 276
• 192.168.1.110 255.255.255.255 On-link 192.168.1.110 276
• 192.168.1.255 255.255.255.255 On-link 192.168.1.110 276
• 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
• 224.0.0.0 240.0.0.0 On-link 192.168.1.110 276
• 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
• 255.255.255.255 255.255.255.255 On-link 192.168.1.110 276
WHOIS command
• WHOIS is a TCP-based query and response protocol that is commonly
used to provide information services to Internet users. It returns
information about the registered Domain Names, an IP address block,
Name Servers and a much wider range of information services.
• WHOIS is an Internet service and utility that shows additional
information about a domain, the registrar of the domain, and the
IP address. When trying to come up with a domain name for a new
website, performing a WHOIS lets you determine if that name is
registered or available.
• When a domain is registered though a domain name registrar, ICANN
requires that the registration information be made publicly available.
The WHOIS record must include the registrars name, the creation
date, updated date, and expiration date. Other information can
include the name servers and the registrant, admin, and technical
contact information.
• How to perform a domain WHOIS search
• When a WHOIS search is performed, the service queries several
domain registrars since there is no central database to display the
final results. A WHOIS can be done through the command line or an
online service. Below is a brief overview of how to use each of the
different WHOIS options.whois www.google.com
PathPing command

• What Does PathPing Mean?

• PathPing is a Windows utility allowing the user to reveal the path between
two hosts. Unlike other similar commands, with PathPing, each node is pinged
by the command. Pathping resembles some other commands such as one
called tracert that displays the trajectory of data packets and measures
delivery delays through an IP network.
• The PathPing tool is a route tracing tool that combines features of Ping and
Tracert with additional information that neither of those tools provides.
PathPing sends packets to each router on the way to a final destination over a
period of time, and then computes results based on the packets returned
from each hop. Since PathPing shows the degree of packet loss at any given
router or link, you can pinpoint which routers or links might be causing
network problems.
• Type "pathping YOURDOMAIN.COM" and hit enter.
Ipconfig command
• IPCONFIG stands for Internet Protocol Configuration. This is a
command-line application which displays all the current TCP/IP
(Transmission Control Protocol/Internet Protocol) network
configuration, refreshes the DHCP (Dynamic Host Configuration
Protocol) and DNS (Domain Name Server). It also displays IP address,
subnet mask, and default gateway for all adapters. It is available for
Microsoft Windows, ReactOS, and Apple macOS. ReactOS version was
developed by Ged Murphy and licensed under the General Public
License.
• In Windows and ReactOS it first force refreshes the DHCP IP address of the host computer and then requests a different
IP address. In macOS, IPCONFIG is used at the command-line interface to control the bootstrap protocol and DHCP
client.
• Characteristics
• IPCONFIG provides settings for the IPv4 IP layer for TCP/IP.
• The maximum length for the connection request queue is specified using IPCONFIG.
• All the updation in IP layer of TCP/IP is done using IPCONFIG.
• IPCONFIG is used to do checksum processing for IPv4 packets.
• Advantages
• It displays full configuration of the system.
• It can be used to refresh DHCP leases, reregister the DNS names and request new IP address.
• It displays DNS resolver cache information and can flush them too.
• It can display all the class id’s allowed.
• Disadvantages
• It is less efficient as it uses netlink socket to transfer information between kernel and user.
• Implementation is difficult as it is implemented on console.
• Memorization of commands is required, which is a tough task.
• Beginner’s may find it difficult to execute because of command line dependency.
ARP Commands
• The ARP commands to view, display, or modify the details/information
in an ARP table/cache.
• The ARP cache or table has the dynamic list of IP and MAC addresses
of those devices to which your computer has communicated recently
in a local network. The purpose of maintaining an ARP table is that
when you want to communicate with another device, your device
does not need to send the ARP request for the MAC address of that
device.
• The ARP commands also helps to find out the duplicate IP address
and invalid entries in an ARP table/cache.
Some ARP commands are given below:
• arp -a: This command is used to display the ARP table for a particular
IP address. It also shows all the entries of the ARP cache or table.
• arp -g: This command works the same as the arp -a command.
• arp -d: This command is used when you want to delete an entry from
the ARP table for a particular interface. To delete an entry, write arp -
d command along with the IP address in a command prompt you
want to delete.
• arp -d *: You can also delete all the entries from the ARP table. This
command will remove or flush all the entries from the table.
ifconfig command
• ifconfig (short for interface config) is a system administration utility in
Unix-like operating systems for network interface configuration.
• The utility is a command-line interface tool and is also used in the system
startup scripts of many operating systems. It has features for configuring,
controlling, and querying TCP/IP network interface parameters. Usage
• Common uses for ifconfig include setting the IP address and netmask of a
network interface and disabling or enabling an interface.[1] At boot time,
many Unix-like operating systems initialize their network interfaces with
shell scripts that call ifconfig. As an interactive tool, system
administrators routinely use the utility to display and analyze network
interface parameters. The following two examples show the output of
the tool when querying the state of a single active interface each on a
Linux-based host.