| This section lists some of the basic tools for analyzing networks and diagnosing network- related problems. Some of these tools come preinstalled on many systems; others must be downloaded and installed. For more information on using these tools, please see the comprehensive discussion of network configuration and troubleshooting in [Hunt 1998]. ping The ping utility, available as a preinstalled utility on all UNIX and Windows machines, is the single most useful network utility. It sends a series of ICMP "ping" messages to the remote IP address of your choice, and reports the number of responses the remote machine returns. ping can be used to test if a remote machine is up and reachable across the network. It can also be used to test network conditions by looking at the length of time between the outgoing ping and the incoming response, and the number of pings that have no response (due to either loss of the outgoing message or the incoming response). For example, this is how ping can be used to test connectivity to the machine at IP address 216.32.74.55 (which happens to be www.yahoo.com ): % ping 216.32.74.55 PING 216.32.74.55: 56 data bytes 64 bytes from 216.32.74.55: icmp_seq=0 ttl=245 time=41.1 ms 64 bytes from 216.32.74.55: icmp_seq=1 ttl=245 time=16.4 ms 64 bytes from 216.32.74.55: icmp_seq=2 ttl=245 time=16.3 ms ^C --- 216.32.74.55 ping statistics --- 4 packets transmitted, 3 packets received, 25% packet loss round-trip min/avg/max = 16.3/24.6/41.1 ms This session shows good connectivity. The average response time is a snappy 24 ms, and no packets were lost. You can also give ping a DNS name, in which case it will attempt to resolve the name before pinging the host. One thing to watch for is that some firewall systems are configured to block ping. In this case, the destination machine may be unpingable, although you can reach it via telnet or other means. There are many variants of ping, each with a different overlapping set of features. nslookup The nslookup utility, available on most UNIX systems, can be used to test and verify the DNS. It can be used interactively or as a one-shot command-line tool. To use it from the command line, call it with the DNS name of the host or domain you wish to look up. It will perform the DNS search, and return IP addresses and other DNS information corresponding to the name. For example: % nslookup www.yahoo.com Server: presto.lsjs.org Address: 64.7.3.44 Non-authoritative answer: Name: www.yahoo.akadns.net Addresses: 204.71.200.67, 204.71.200.68, 204.71.202.160, 204.71.200.74, 204.71.200.75 Aliases: www.yahoo.com This tells us that the host www.yahoo.com has a canonical name of www.yahoo.akadns.net , and has five IP addresses assigned to it. This is typical of a heavily loaded Web server, where multiple physical machines balance incoming requests by servicing them in a round- robin fashion. traceroute While ping tells you only whether a packet can get from A to B, the traceroute program displays the exact path a network packet takes to get there. Call it with the IP address of the destination. Each line of the response gives the address of a router along the way. For example: % traceroute www.yahoo.com traceroute to www.yahoo.akadns.net (216.32.74.52), 30 hops max, 40 byte packets 1 gw.lsjs.org (192.168.3.1) 2.52 ms 8.78 ms 4.85 ms 2 64.7.3.46 (64.7.3.46) 9.7 ms 9.656 ms 3.415 ms 3 mgp-gw.nyc.megapath.net (64.7.2.1) 19.118 ms 23.619 ms 16.601 ms 4 216.35.48.242 (216.35.48.242) 10.532 ms 10.515 ms 11.368 ms 5 dcr03-g2-0.jrcy01.exodus.net (216.32.222.121) 9.068 ms 9.369 ms 9.08 ms 6 bbr02-g4-0.jrcy01.exodus.net (209.67.45.126) 9.522 ms 11.091 ms 10.212 ms 7 bbr01-p5-0.stng01.exodus.net (209.185.9.98) 15.516 ms 15.118 ms 15.227 ms 8 dcr03-g9-0.stng01.exodus.net (216.33.96.145) 15.497 ms 15.448 ms 15.462 ms 9 csr22-ve242.stng01.exodus.net (216.33.98.19) 16.044 ms 15.724 ms 16.454 ms 10 216.35.210.126 (216.35.210.126) 15.954 ms 15.537 ms 15.644 ms 11 www3.dcx.yahoo.com (216.32.74.52) 15.644 ms 15.582 ms 15.577 ms traceroute can be invaluable for locating a network outage when a host can no longer be pinged. The listing will stop without reaching the desired destination, and the last item on the list indicates the point beyond which the breakage is occurring. As with ping, some firewalls can interfere with traceroute. Traceroute is preinstalled on most UNIX systems. netstat The netstat utility, preinstalled on UNIX and Windows NT/2000 systems, prints a snapshot of all active network services and connections. For example, running netstat on an active Web and FTP server produces the following display (abbreviated for space): % netstat -t Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 brie.cshl.org:www writer.loci.wisc.e:1402 ESTABLISHED tcp 0 0 brie.cshl.org:www 157-238-71-168.il.:1215 FIN_WAIT2 tcp 0 0 brie.cshl.org:www 157-238-71-168.il.:1214 FIN_WAIT2 tcp 0 0 brie.cshl.org:www 157-238-71-168.il.:1213 TIME_WAIT tcp 0 0 brie.cshl.org:6010 brie.cshl.org:2225 ESTABLISHED tcp 0 0 brie.cshl.org:2225 brie.cshl.org:6010 ESTABLISHED tcp 0 2660 brie.cshl.org:ssh presto.lsjs.org:64080 ESTABLISHED tcp 0 0 brie.cshl.org:www 206.169.243.7:1724 TIME_WAIT tcp 0 20 brie.cshl.org:ftp usr25-wok.cableine:2173 ESTABLISHED tcp 0 891 brie.cshl.org:www usr25-wok.cableine:2117 FIN_WAIT1 tcp 0 80 brie.cshl.org:ftp soa.sanger.ac.uk:49596 CLOSE The -t argument restricts the display to TCP connections. The Recv-Q and Send-Q columns show the number of bytes in the sockets' read and write buffers, respectively. The Local and Foreign Address columns show the name and port numbers of the local and remote peers, respectively, and the State column shows the current state of the connection. netstat can also be used to show services that are waiting for incoming connections, as well as UDP and UNIX-domain sockets. The netstat syntax on Windows systems is slightly different. To get a list of TCP connections similar to the one shown above, use the command netstat -p tcp. tcpdump The tcpdump utility, available preinstalled on many versions of UNIX, is a packet sniffer. It can be used to dump the contents of every packet passing by your network card, including those not directed to your machine. It features a powerful filter language that can be used to detect and display just those packets you are interested in, such as those using a particular protocol or directed toward a specific port. MacTCP Watcher MacTCP Watcher for the Macintosh combines the functionality of ping, dnslookup, and netstat into one user -friendly application. It can be found by searching the large shareware collection located at http://www.shareware.com/ scanner.exe For Windows 98/NT/2000 developers, the small scanner.exe utility, also available from http://www.shareware.com/ , combines the functionality of ping and dnslookup with the ability to scan a remote host for open ports. It can be used to determine the services a remote host provides. net-toolbox.exe This is a comprehensive set of Windows network utilities that include ping, dnslookup, tcpdump, and netstat functionality. It can be found by anonymous FTP to gatekeeper.dec.com in the directory /pub/micro/pc/winsite/win95/netutil/.  | 
