TCP/IP Tools for Linux
Click here to view exercise as a PDF instead.
The purpose of this exercise is to introduce Linux command line tools that can be used to obtain Transmission Control Protocol/Internet Protocol (TCP/IP)-based network information. These tools are essential for troubleshooting, analyzing and investigating network issues.
This exercise will provide a brief introduction to tools with which to learn information about a TCP/IP host, an IP address, and public information about a domain. This exercise will employ Linux-based tools.
In this exercise, you will employ Linux command line tools to determine a host's IP address and open ports, obtain domain information, and learn the route of a packet over a TCP/IP-based network.
Start your Kali VM and open a Terminal window. Note that some of the commands might need to run as superuser, thus might need to be preceded by sudo.
The ifconfig command provides addressing information about the Linux interfaces. Record your IP address and subnet mask.
Type ping followed by a host name. Choose some site on the Internet, ping it and record its IP address and whether it actually responds to the pings.
NOTE: The Unix/Linux standard default to ping forever until the user interrupts the program with a control-C (^C).
The nslookup command is used to obtain information from DNS name servers and works the same under Linux as Windows.
Perform the set of commands above for the domain of your choice and record the IP address of the Web server for that domain, as well as the mail servers for the domain.
The netstat command in Linux is similar in function to that of Windows although some of the command switches are different. Issue a netstat -t command to get a list of open TCP ports or man netstat for the help file. (Try some other combinations, too!)
The netstat command with the -r switch can be used to show the computer's routing table.
For an interesting test, do the following. Issue a netstat command, as above. Then, open up a second terminal window, and issue a telnet www.garykessler.net 80 command. This will attempt to open an HTTP (i.e., TCP port 80) connection to the host www.garykessler.net. Now, re-issue the netstat command in the first terminal window.
The screen shot above shows the "before" and "after" results from the netstat command. Note the last line of the second command; from using the nslookup command above, we know that 18.104.22.168 is the IP address of www.garykessler.net.
The traceroute command, like the Windows' tracert command, is used to display the route that packets take from this computer to another specified computer on the Internet. As before, the screen shot below shows a traceroute being executed to the host named www.cisco.com.
NOTE: As noted above, the traceroute program might fail to work on a particular computer because the Internet service provider might block the messages used by those programs. The result will usually be to see an asterisk (*) instead of the time and the intermediate IP address and host name will be missing.
CyberExplorations Exercises by Glenn S. Dardick is licensed under a Creative Commons Attribution 4.0 International License.