Project90.Probe Networks


Project 90. Probe Networks

"How do I discover more information about my network?"

This project provides some useful tricks for probing networks. It covers the commands ping, appleping, TRaceroute, netstat, and arp, and Apple's port scanner. Project 91 considers utilities for querying the Domain Name System, and Project 73 shows you how to manage network settings.

Unix Utilities Power Apple's Tools

Apple's Network Utility application provides several useful tools for probing and testing networks. It's actually a front end to the equivalent Unix command-line utilities, which we'll explore in this project. Network, for the purposes of these utilities, can mean anything from a two-machine home network to the Internet. The results you see from typing the examples will usually differ in the details from those shown in the book.

First, let's ping!

Ping a Host

The venerable ping utility sends network packets to a remote host and waits for a response. It's a handy way to check whether a particular host is responding to network connections or your own network connection is live.

In the example below, we ping apple.com. The fifth line of output marks where we pressed Control-c to stop ping; otherwise, it would have kept running forever. The response times give a good indication of the responsiveness of the connection between your machine and the destination host.

$ ping apple.com PING apple.com (17.254.3.183): 56 data bytes 64 bytes from 17.254.3.183: icmp_seq=0 ttl=41 time=177.021 ms 64 bytes from 17.254.3.183: icmp_seq=1 ttl=41 time=181.916 ms 64 bytes from 17.254.3.183: icmp_seq=2 ttl=41 time=181.250 ms ^C --- apple.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 177.021/180.062/181.916/2.168 ms


Tip

If no remote hosts respond when you ping them, the problem could be with the network or your chosen DNS servers. Try pinging a host by using its IP address instead of its hostname. Unless it's changed recently, Apple's IP address is shown in the ping example earlier. If you get a response from the IP address but not the hostname, you may have a DNS problem.


Use option -i to change the interval between ping transmissions and option -c to tell ping to send a specific number of packets before exiting. To ping your server once a minute (specified as 60 seconds) for 30 minutes, for example, type

$ ping -i 60 -c 30 myservername.local


Ping Bonjour (Rendezvous)

Here's a neat trick, but it'll only work only if you have a local network with several Macs connected and running Bonjour. Type the following command (for which you'll get different results from those shown).

$ ping 224.0.0.251 PING 224.0.0.251 (224.0.0.251): 56 data bytes 64 bytes from 217.155.168.146: ... time=0.213 ms 64 bytes from 217.155.168.149: ... time=0.553 ms (DUP!) 64 bytes from 217.155.168.150: ... time=0.855 ms (DUP!)


Why "Ping"?

The name ping comes from the sound of sonaranother method of gathering information by broadcasting a signal and waiting for it to bounce back.


You'll wonder what's responding to the IP address 224.0.0.251 and why three responses were received. This address is reserved for multicast DNS (Domain Name Server) queries. Apple's Bonjour technology uses this feature to resolve hostnames that end in .local into IP addresses. A machine running Bonjour may send a hostname such as sauron.local to this broadcast address, and the machine with that hostname will respond with its IP address. In our example, each Bonjour-enabled Mac on the local network has responded to the ping.

Tip

A host operating in stealth mode does not respond to pinging. If you run Mac OS X 10.4 (Tiger), set stealth mode from the Advanced button, located in the Firewall settings of System Preferences.


Ping All Hosts

Call all hosts on the local network by pinging the network's broadcast address. In this example, we have assumed that machines on the local network have IP addresses in the range 10.0.2.1 to 10.0.2.254 (typical of an AirPort network); therefore, the broadcast address is 10.0.2.255. This example won't work if your Mac is not part of a local network.

$ ping 10.0.2.255 PING 10.0.2.255 (10.0.2.255): 56 data bytes 64 bytes from 10.0.2.3: ... time=0.247 ms 64 bytes from 10.0.2.4: ... time=246.945 ms (DUP!) 64 bytes from 10.0.2.1: ... time=247.011 ms (DUP!)


Zero Configuration

Bonjour is Apple's proprietary implementation of an Internet standard called Zero Configuration Networking. Any machine that implements the technology should respond to the IP address 224.0.0.251.

Bonjour was called Rendezvous in versions of Mac OS X before 10.4 and wasn't available in versions of Mac OS X before 10.2.


The broadcast address is the highest IP address on the local network. If your IP address is in the range 192.168.x.x with a subnet mask of 255.255.0.0, for example, the broadcast address is 192.168.255.255. Similarly, for an IP address in the range 192.168.10.x with a subnet mask of 255.255.255.0, the broadcast address is 192.168.10.255.

Find the Router

Your router might respond to this ping.

$ ping 0 PING 0 (0.0.0.0): 56 data bytes 64 bytes from 217.155.168.150: ... time=1.234 ms


Tip

If you have older Macs still sharing over AppleTalk, use the command appleping instead of ping. Issued with no parameters, the command displays a quick use summary.


Use Bonjour Names

Every Bonjour-enabled Mac answers to its Bonjour hostname (local hostname), which looks like computername.local. Your Macs' local hostname is shown in the System Preferences Sharing pane, in the Services tab. We can use this local hostname in all the usual places. For example:

$ ping sauron.local PING sauron.local (10.0.2.3): 56 data bytes 64 bytes from 10.0.2.3: icmp_seq=0 ttl=64 time=1.571 ms


To browse a Mac that's running Personal Web Sharing, use an address such as http://sauron.local/ instead of its IP address. Bonjour operates over the local subnet only: Don't expect to be able to connect over the Internet by specifying a local hostname.

Local hostnames are resolved by mDNSResponder, the multicast DNS daemon (see "Ping Bonjour (Rendezvous)" earlier in this project). Check whether this daemon is running by typing

$ ps -auxww | grep mDNS root 39 0.0 0.1 28068 1200 ?? Ss Tue01PM 0:02.73 /usr/sbin/mDNSResponder -launchdaemon


Trace a Route

The traceroute command reports on the route a network packet may take when traveling from your machine to a destination host. It does so by sending the destination host control packets with a limited lifetime. The lifetime is measured in network hops (the number of nodes the packet must pass through to get to its destination). The first packet sent is given a lifetime of one hop. When the packet expires, the machine at which it expires (usually, a router) sends a control packet back to your machine to report the packet's demise. Each subsequent packet that's sent has a lifetime one hop greater than that of the previous packet, allowing traceroute to map the machines between your Mac and the destination. traceroute may or may not work, depending on how cooperative the intervening machines are in returning a response to an expired packet.

As an interesting exercise, use TRaceroute when you have a machine connected to a couple of local subnets (like a wired Ethernet and an AirPort network), and see what route packets are taking between your machine and the local server. For example:

$ traceroute carcharoth.mayo-family.com traceroute to carcharoth.mayo-family.com (217.155.168.149), 64 hops max, 40 byte packets  1  middle-earth (10.0.2.1)  3.855 ms  3.546 ms  2.116 ms  2  my.router (192.168.1.1)  7.483 ms  2.832 ms  2.018 ms ...


Examine Routing Tables

Your Mac maintains a network routing table for communication with other hosts on the local network. This table translates an IP address, which is the usual way of identifying another host, into an Ethernet address, which is how hosts are actually identified on the local network.

Tip

Use the netstat command to show many other network statistics besides Internet-to-Ethernet routining. Read its man page to discover a whole host of options.


The netstat Command

Check Internet-to-Ethernet routing by using the netstat command with option -r.

$ netstat -r Internet: Destination        Gateway          Flags Refs Use Netif  Exp default            valinor.mayo-fam  UGSc  10  325 en0 10.0.2/24          link#5            UCS    3    0 en1 middle-earth.wless 0:d:93:cd:be:74   UHLW   0    0 en1    723 sauron.wless       localhost         UHS    0   10 lo0 saruman.wless      0:10:a7:2e:b6:74  UHLW   0    3 en1   1045 ...


The arp Command

The arp command displays (and modifies) the Internet-to-Ethernet address translation tables. Use option -a to display all the current table entries. You'll probably never edit these tables unless you're a networking wizard!

$ arp -a middle-earth.wless (10.0.2.1) at 0:d:93:cd:be:74 on en1 [ethernet] saruman.wless (10.0.2.4) at 0:10:a7:2e:b6:74 on en1 [ethernet] smeagol.mayo-family.com (217.155.168.148) at 0:3:93:1b:fc:de on en0 [ethernet] carcharoth.mayo-family.com (217.155.168.149) at 0:3:93:1b:fc:de on en0 [ethernet] valinor.mayo-family.com (217.155.168.150) at 0:50:7f:6:82:34 on en0 [ethernet] ...


Scan Ports

Port scanning is a method of probing a host to find out what services it provides; an open port implies an active service. A host running a Web server, for example, will have port 80 open. Port scanning is often used to check for weaknesses in your own network, preferably before other people find them. Port scanning is also used by e-vandals with no social lives and, therefore, time on their hands to play at breaking into other people's computers.

Grab an Open-Source Port Scanner

One of the best network scanners (or mappers) is nmap from Insecure.org (www.insecure.org/nmap/). It's not supplied as standard in Mac OS X but can be built from scratch or installed from one of the popular ports such as Fink (http://fink.sourceforge.net/) or Darwin Ports (http://darwinports.opendarwin.org/).

Steal Apple's Port Scanner

Apple's Network Utility application includes a port scanner called stroke. It's possible to call this from the command line or copy it to a new file such as /usr/local/bin/portscan. Type the following to grab a copy.

$ sudo cp /Applications/Utilities/Network\ Utility.app/ ¬     Contents/Resources/stroke /usr/local/bin/portscan


To scan a machine, type portscan and the machine's hostname, followed by the start and end numbers (between 1 and 65,535) for the range of ports you want to scan.

$ portscan carcharoth.mayo-family.com 75 85 Port Scanning host: 217.155.168.149          Open TCP Port:     80          http





Mac OS X UNIX 101 Byte-Sized Projects
Mac OS X Unix 101 Byte-Sized Projects
ISBN: 0321374118
EAN: 2147483647
Year: 2003
Pages: 153
Authors: Adrian Mayo

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net