Experiment -

Aim: Study of Basic Networking Commands on Windows and Linux

based Systems.

Objective: 1. To learn basic networking commands

2. To understand their use in real time
3. To use and understand the importance of the networking
commands
Theory:
The basic networking commands are :
 Ping
 Nslookup
 Host
 Tracerouter
 ARP
 Netstat
 Ipconfig
 Nmap
 Kill

Ping: The ping command is one of the most often used networking
utilities for troubleshooting network problems.

You can use the ping command to test the availability of a networking
device (usually a computer) on a network.

When you ping a device you send that device a short message, which it
then sends back (the echo).
If you receive a reply then the device is working OK , if you don’t then:

 The device is faulty, disconnected, switched off, incorrectly

configured
 Your network or the device you are working on is not working
properly

Ping IP Address e.g. ping 192.169.0.1 or to ping a computer name:

ping computer name e.g. ping Computer1

The screen shot below shows how to use the command with an IP
address.

I have shown both a failed ping (192.168.0.1), and a successful ping

(192.168.1.1)

Nslookup:
nslookup is the name of a program that lets an Internet server
administrator or any computer user enter a host name (for example,
"whatis.com") and find out the corresponding IP address or domain
name system (DNS) record. The user can also enter a command for it to
do a reverse DNS lookup and find the host name for an IP address that is
specified.

Uses of nslookup

nslookup is used to troubleshoot server connections or for security

reasons. Such reasons include guard against phishing attacks, in which a
domain name is altered -- for example, by substituting the numeral 1 for
a lowercase l -- to make an unfriendly site look friendly and familiar
(joes1owerprices.com vs. joeslowerprices.com).

DNS, or nslookup, also helps deter cache poisoning, in which data is

distributed to caching resolvers, posing as an authoritative origin server.

Examples of nslookup commands

If "WhatIs.com” is entered into a nslookup program, the user would

receive the site’s IP address as a response, which happens to
be 65.214.43.37. If the user enters "65.214.43.37", it would return
"sites.techtarget.com".

Popular nslookup commands include:

 /name: queries the current name server for the specified name
 /server name: sets the current name server to the server the user
specifies
 /root: sets the root server as the current server
 /set type=x: specifies the type of records to be displayed, such as
A, CNAME, MX, NS, PTR or SOA. Specify ANY to display all records.
 /set debug: turns on debug mode, which displays detailed
information about each query
 /set recurse: tells the DNS name server to query other servers if it
does not have the information
 /exit: exits nslookup and returns the user to a command prompt
Host: host is a simple utility for performing DNS lookups. It is normally
used to convert names to IP addresses and vice versa.

When no arguments or options are given, host prints a short summary of

its command line arguments and options.

EXAMPLE-1:

Making simple query for any site say google.com using sitename

$ host google.com

output:

google.com has address 172.217.26.174

google.com has IPv6 address 2404:6800:4007:801::200e
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.

EXAMPLE-2:

Making host query using IP address:

$ host 172.217.26.174

output:
174.26.217.172.in-addr.arpa domain name pointer
maa03s22-in-f14.1e100.net.

EXAMPLE-3:

To display MX records for google.com domain

$ host -n -t mx google.com
output:
# host -n -t mx google.com
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.

EXAMPLE-4:

To find out the domain name servers

$ host -t ns google.com

output:
# host -t ns google.com
google.com name server ns3.google.com.
google.com name server ns1.google.com.
google.com name server ns2.google.com.
google.com name server ns4.google.com.

Tracerouter: traceroute command in Linux prints the route that a packet

takes to reach the host. This command is useful when you want to know
about the route and about all the hops that a packet takes. Below image
depicts how traceroute command is used to reach the
Google(172.217.26.206) host from the local machine and it also prints
detail about all the hops that it visits in between.

ARP: ARP stands for Address Resolution Protocol. This protocol is used
by network nodes to match IP addresses to MAC addresses. The
original specification was RFC 826. That has since been updated by RFC
5227, and RFC 5494.

The protocol functionally divided into two parts:

 One part determines a physical address when sending a packet

 Other part answers requests from other machines

So ARP provides method for hosts send message to destination address

on physical network. Ethernet hosts must convert a 32-bit IP address
into a 48-bit Ethernet address. The host checks its ARP cache to see if
address mapping from IP to physical address is known:

 If mapping is known, physical address is placed in frame and sent

 If mapping is not known, broadcast message is sent and awaits a
reply
  Target machine, recognizing IP address matches its own, returns
answer

ARP is transparent to bridging - bridging will send ARP

broadcasts. Routers do not propagate Ethernet broadcasts – a router is
Network Level device

Netstat: The netstat command, meaning network statistics, is a

Command Prompt command used to display very detailed information
about how your computer is communicating with other computers or
network devices.

Specifically, the netstat command can show details about individual

network connections, overall and protocol-specific networking statistics,
and much more, all of which could help troubleshoot certain kinds of
networking issues.
Ipconfig: ifconfig stands for "interface configuration." It is used to view
and change the configuration of the network interfaces on your system.

Running the ifconfig command with no arguments, like this:

Ifconfig

 eth0 is the first Ethernet interface. (Additional Ethernet interfaces

would be named eth1, eth2, etc.) This type of interface is usually a
NIC connected to the network by a category 5 cable.
 lo is the loopback interface. This is a special network interface that
the system uses to communicate with itself.
 wlan0 is the name of the first wireless network interface on the
system. Additional wireless interfaces would be named wlan1,
wlan2, etc.

These are the traditional naming conventions for network interfaces

under Linux; other operating systems may have different names. For
instance, under many BSD operating systems, Ethernet interfaces are
named em0, em1, etc. Check your configuration, or consult your
documentation, to determine the exact names of your interfaces.
Nmap: nmap ("Network Mapper") is an open source tool for network
exploration and security auditing. It was designed to rapidly scan large
networks, although it works fine to scan single hosts. nmap uses raw IP
packets in novel ways to determine what hosts are available on the
network, what services (application name and version) those hosts are
offering, what operating systems (and OS versions) they are running,
what type of packet filters/firewalls are in use, and dozens of other
characteristics. While nmap is commonly used for security audits, many
systems and network administrators find it useful for routine tasks such
as network inventory, managing service upgrade schedules, and
monitoring host or service uptime.

The output from nmap is a list of scanned targets, with supplemental

information on each depending on the options used. Key among that
information is the "interesting ports table". That table lists the port
number and protocol, service name, and state. The state is either open,
filtered, closed, or unfiltered.
Syntax

nmap [Scan Type...] [Options] {target specification}

Kill:kill command in Linux (located in /bin/kill), is a built-in command

which is used to terminate processes manually. kill command sends a
signal to a process which terminates the process. If the user doesn’t
specify any signal which is to be sent along with kill command then
default TERM signal is sent that terminates the process.

. kill -l :To display all the available signals you can use below command
option:

Syntax:

kill -l

2. kill pid : To show how to use a PID with the kill command.

Syntax:

$kill pid

3. kill -s : To show how to send signal to processes.

Syntax:
kill {-signal | -s signal} pid

4. kill -L :This command is used to list available signals in a table format.

Syntax:

kill {-l | --list[=signal] | -L | --table}