Lab Instructions

Computer
Networks
Products
Lecturer:
Dr. Hamidreza Bagheri

York St John University

School of Science, Technology and Health

2024-2025
 Basic Networking Commands
In this lab you learn the key commands in networking in UNIX-based format.

PING
The Ping command is one of the most basic and effective tools to resolve network
issues. It is most typically used to test network reachability to a specified
destination. It can use the computer’s name or IP address. Syntax for the ping
command, along with some of its commonly used parameters, is as follows:

ping [-c count] [-D] [-S srcaddr] target_name

Parameters:

• -c (count) This option specifies the number of pings to send.

• -D This option sets the “don’t fragment” bit in a packet’s header. If the packet
tries to cross a router that attempts to fragment the packet, the packet is
dropped and an ICMP error message is returned.
• -S (srcaddr) If the UNIX host from which you are issuing the ping command
has more than one interface, this option allows you to specify the source IP
address from which the ICMP echo messages should be sent.
• target_name This option specifies the name or the IP address of the device to
which you are sending ICMP echo messages.
Figure 1, 2, and 3 show outputs of ping command.

1|Page
 Figure 1. Simple PING command

Figure 2. PING command with i option

Figure 3. PING command with c option

IFCONFIG
The ifconfig command displays the host’s interfaces along with its TCP/IP
configuration including MAC address, maximum transmission unit (MTU), IPv4
address, and IPv6 address information. It could be also used to configure interface
parameters. Although many options are available (to see more details use man
command), the following syntax shows the common ifconfig command functions:

ifconfig [interface [inet ip_addr netmask netmask]]

Parameters:

• -an option display information of all network interfaces, both active or inactive,
on the computer.
• -s This is the “short listing” option, which shows a one-line summarized listing
of data about each interface. The information returned is about interface
activity, and not configuration. The output will be identical to what is returned
by the netstat -i command.
2|Page
• -v This “verbose” option returns extra information when there are certain
types of error conditions to help with troubleshooting.
• [int] Simply follow up your ifconfig command with the name of an interface
to get only information about that interface. For instance, you could issue the
command ifconfig eth0 if you only wanted information about the eth0
interface, and not the loopback interface. Additionally, there are several options
that require specifying the interface you wish to configure or get information
about.
• up/down This activates/deactivates an interface.
• [addr] Simply specifying an address with an interface name, as in ifconfig
eth0 192.168.2.103, will set that interface’s IP address.
• netmask [addr] Using the “netmask” option allows you to set the network
mask for a given interface. For instance, setting the network mask for eth0 could
be done by entering ifconfig eth0 netmask 255.255.255.0.
• broadcast [addr] When the “broadcast” option is accompanied by an
address argument, as in ifconfig eth0 broadcast 192.168.2.255,
then the broadcast address for the specified interface will be set.

Beyond the above-mentioned information, the ifconfig command can also configure
interface parameters. The following syntax shows how ifconfig can be used to
configure a network interface.

ifconfig [interface [inet ip_addr netmask netmask]]

For example, if you want to configure interface en0 with an IP address of

192.168.1.26 and a subnet mask of 255.255.255.0, you could issue the following
command:

ifconfig en0 inet 192.168.1.26 netmask 255.255.255.0

To verify the result of ifconfig command, we can use ifconfig command.

Figure 4 and 5 show results of ifconfig command.

3|Page
 Figure 4. IFCONFIG command

Figure 5. IFCONFIG command with s option

ARP
The ARP command is used to manipulate or display the address of a network
neighbour for a given IPv4 address. It is a networking tool that converts the IP
address of any machine into its MAC address. The syntax of the ARP command is as
follows:

arp [-a]
arp [-n] [-i interface] -a

4|Page
arp -s hostname ether_addr [temp] [reject] [blackhole]
[ifscope interface]
arp -d hostname [ifscope interface]
arp -d [-i interface] -a
arp -f filename

Parameters:

• -a This option displays current ARP entries in a UNIX host’s ARP table.
• -n This option displays network addresses as numbers instead of symbols.
• -i (interface) This option specifies that the ARP command should be limited to
a specified interface.
• -d An ARP entry for a host can be deleted with this option, in combination with
the inet_addr parameter. A wildcard * can delete all host entries.
• -s This option, used in conjunction with the hostname and eth_addr
parameters, statically adds a host entry in the ARP table.
• ifscope interface This option indicates that the ARP command should be
limited to a specified interface.
• hostname This option is the IP address of the host to be associated with a
specified MAC address.
• eth_addr This parameter specifies a 48-bit MAC address.
• temp Used in conjunction with the -s option, the temp option says that the
static ARP entry is only temporary, as opposed to the default of being
permanent.
• reject Used in conjunction with the -s option, this option says that traffic to
the destination specified in the static ARP entry will be rejected, and the sender
will be notified that the host is unreachable.
• blackhole Similar to the reject option, the blackhole option says that
traffic to the destination specified in the static ARP entry will be rejected.
However, the sender is not notified.
• -f (filename) This option allows an external file to be used to import a

5|Page
collection of ARP entries. The entries in the external file should be in the following
format:

hostname ether_addr [temp] [ifscope interface]

Figure 6 and 7 show results of ARP command.

Figure 6. ARP command with s option

Figure 7. ARP command with v option

6|Page
TRACEROUTE
The traceroute command in UNIX-based systems can be used to isolate which
router hops along the path from a source device to a destination device is having
issues. Also, based on the roundtrip response time information reported for each
hop, you can better determine which network segment might be causing excessive
delay because of congestion.

traceroute [options] host_Address [pathlength]

Options:
• -4/6: Use ip version 4/6 i.e. use IPv4/IPv6
• -F: Do not fragment packet.
• -f (first_ttl): Start from the first_ttl hop (instead from 1)
• -g (gate): Route the packet through gate.
• -m (max_ttl): Set the max number of hops for the packet to reach the
destination.Default value is 30.
• -n: Do not resolve IP addresses to their domain names.
• -p (port): Set the destination port to use. Default is 33434.
• -q(nqueries): Set the number of probes per each hop. Default is 3.

Similar to the traceroute options for IPv4, the IPv6 path through a network can be
verified with traceroute for IPv6. Depending on the vendor and platform, this may
be done by using traceroute destination-IPv6-address, traceroute6 destination-
IPv6-address, traceroute -6 destination-IPv6-address, or some variant specific to
the vendor and product being used.

DIG and NSLOOKUP

The dig (Domain Information Groper) command in UNIX-based systems is used to
gather DNS information. It can also be used for troubleshooting DNS problems.
The nslookup command is an administrative tool for testing and troubleshooting
DNS servers. It can be run in Interactive and Non-Interactive modes.

7|Page
Note that the dig command offers more information than the nslookup command.

Figures 8, 9, and 10 illustrate results from dig and nslookup commands.

Figure 8. DIG command!

Figure 9. NSLOOKUP command

8|Page
 Figure 10. NSLOOKUP command with query

HOST
Host command in UNIX-based system is used to find the IP address of a particular
DNS. It can also be used to find more specific details of a domain by specifying the
corresponding option along with the domain name. The host command offers a
variety of options, and you can find their details by man command. As mentioned
earlier, the dig and nslookup commands can resolve DNS issues, host
command can resolved domain issues and return mail server information as well.

host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t

type] [-W wait] [-m flag] [-4] [-6] {name} [server]

Options

• -a The -a (all) option is equivalent to setting the -v option and asking host to

9|Page
 make a query of type ANY.
• -C When the -C option is used, the host attempts to display the SOA records for
zone name from all the listed authoritative name servers for that zone. The list
of name servers is defined by the NS records that are found for the zone.
• -c class The -c option instructs the host to make a DNS query of class class.
This can lookup Hesiod or Chaosnet class resource records. The default class is
IN (Internet).
• -d Verbose output is generated by host when the -d or -v option is used. The
two options are equivalent. They are provided for backward compatibility. In
previous versions, the -d option switched on debugging traces and -v enabled
verbose output.
• -l List mode is selected by the -l option. This makes the host perform a zone
transfer for zone name. Transfer the zone printing out the NS, PTR, and address
records (A/AAAA). If combined with -a, all records are printed.
• -i This option specifies that reverse lookups of IPv6 addresses should use the
IP6.INT domain as defined in RFC1886. The default is to use IP6.ARPA.
• -N (ndots) It sets the number of dots that must be in name to be considered
absolute. The default value is defined using the ndots statement in
/etc/resolv.conf, or 1 if no ndots statement is present. Names with fewer dots
are interpreted as relative names and are searched for in the domains listed in
the search or domain directive in /etc/resolv.conf.
• -R The number of UDP retries for a lookup can be changed with the -R option.
number indicates how many times the host repeats a query that does not get
answered. The default number of retries is 1. If the number is negative or zero,
the number of retries defaults to 1.
• -r non-recursive queries can be made via the -r option. Setting this option
clears the RD ("recursion desired") bit in the query which host makes. This
should mean the name server receiving the query does not attempt to resolve
the name. The -r option enables the host to mimic the behavior of a name server
by making non-recursive queries and expecting to receive answers to those

10 | P a g e
 queries that are usually referrals to other name servers.
• -T host by default, uses UDP when making queries. The -T option makes it use
a TCP connection when querying the name server.
• -4/6 The -4/-6 option forces the host to only use IPv4/IPv6 query transport.
• -t (type) It is used to select the query type. The type can be any recognized
query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is
specified, the host automatically selects an appropriate query type. By default,
it looks for A, AAAA, and MX records, but if the -C option was given, queries are
made for SOA records, and if name is a dotted-decimal IPv4 address or colon-
delimited IPv6 address, host queries for PTR records.
• -W (wait) The time to wait for a reply can be controlled through the -W and -w
options. The -W option makes the host wait for wait seconds. If the wait is less
than 1, the wait interval is set to one second. When the -w option is used, the
host effectively waits forever for a reply. The time to wait for a response is set
to the number of seconds given by the hardware's maximum value for an integer
quantity.
• -s It tells the host not to send the query to the next nameserver if any server
responds with a SERVFAIL response, which is the reverse of normal stub
resolver behavior.
• -m flag It can set the memory usage debugging flags record, usage and trace.

Figure 11. HOST command

11 | P a g e
TCPDUMP
The tcpdump command is used to print out the headers of packets on a network
interface that match a Boolean expression. The most common format and options
for the tcpdump command are shown here:

tcpdump [-adeflnNOpqRStuvxX] [-c count] [-C file_size]

[-F file] [-i interface] [-m module] [-r file] [-s snaplen]
[-T type] [-U user] [-w file] [-E algo:secret] [expression]

Options:

• -A shows each packet (minus its link level header) in ASCII.

• -c Exit after receiving count packets.
• -C Before writing a raw packet to a savefile, check whether the file is currently
larger than file_size and, if so, close the current savefile and open a new one.
• -d Dump the compiled packet-matching code in a human readable form to
standard output and stop. -dd Dump packet-matching code as a C program
fragment. -ddd Dump packet-matching code as decimal numbers (preceded
with a count).
• -D displays the list of the network interfaces available on the system and on
which tcpdump can capture packets. For each network interface, a number and
an interface name, possibly followed by a text description of the interface, is
printed. The interface name or the number can be supplied to the -i flag to
specify an interface on which to capture.
• -e Print the link-level header on each dump line.
• -E Use spi@ipaddr algo:secret for decrypting IPsec ESP packets that are
addressed to addr and contain Security Parameter Index value spi. This
combination may be repeated with comma or newline seperation.
• -f Print ‘foreign’ IPv4 addresses numerically rather than symbolically (this
option is intended to get around serious brain damage in Sun’s NIS server —
usually it hangs forever translating non-local internet numbers).

12 | P a g e
• -F Use file as input for the filter expression.
• -i Listen on interface. If unspecified, tcpdump searches the system interface
list for the lowest numbered, configured up interface (excluding loopback).
• -l Make stdout line buffered. Useful if you want to see the data while capturing
it.
• -L List the known data link types for the interface and exit.
• -m Load SMI MIB module definitions from file module. This option can be used
several times to load several MIB modules into tcpdump.
• -M Use secret as a shared secret for validating the digests found in TCP
segments with the TCP-MD5 option (RFC 2385), if present.
• -n Don’t convert host addresses to names and avoid DNS lookups. -nn Don’t
convert protocol and port numbers etc. to names either.
• -N Don’t print domain name qualification of host names. E.g., if you give this flag
then tcpdump will print ‘‘nic’’ instead of ‘‘nic.ddn.mil’’.
• -O Do not run the packet-matching code optimizer. This is useful only if you
suspect a bug in the optimizer.
• -p Don’t put the interface into promiscuous mode. Note that the interface might
be in promiscuous mode for some other reason; hence, ‘-p’ cannot be used as an
abbreviation for ‘ether host {local-hw-addr} or ether broadcast’.
• -q Quick output. Print less protocol information so output lines are shorter.
• -R Assume ESP/AH packets to be based on old specification (RFC1825 to
RFC1829).
• -r Read packets from file (which was created with the -w option). Standard
input is used if the file is ‘‘-’’.
• -S Print absolute, rather than relative, TCP sequence numbers.
• -s Snarf snaplen bytes of data from each packet rather than the default of 68
(with SunOS’s NIT, the minimum is actually 96).
• -T Force packets selected by "expression" to be interpreted the specified type.
• -t Don’t print a timestamp on each dump line. -tt Print an unformatted
timestamp on each dump line. -ttt Print a delta (in micro-seconds)

13 | P a g e
 between current and previous line on each dump line. -tttt Print a
timestamp in default format proceeded by date on each dump line.
• -u Print undecoded NFS handles.
• -U Make output saved via the -w option ‘‘packet-buffered’’; i.e., as each packet
is saved, it will be written to the output file, rather than being written only when
the output buffer fills.
• -v When parsing and printing, produce (slightly more) verbose output. -vv
Even more verbose output. For example, additional fields are printed from
NFS reply to packets, and SMB packets are fully decoded. -vvv Even more
verbose output. For example, telnet SB ... SE options are printed in full. With -X
Telnet options are printed in hex as well.
• -w Write the raw packets to file rather than parsing and printing them out. They
can later be printed with the -r option.
• -W Used in conjunction with the -C option, this will limit the number of files
created to the specified number, and begin overwriting files from the beginning,
thus creating a ’rotating’ buffer. In addition, it will name the files with enough
leading 0s to support the maximum number of files, allowing them to sort
correctly.
• -x Print each packet (minus its link level header) in hex. The smaller of the
entire packet or snaplen bytes will be printed. -xx Print each packet, including
its link level header, in hex.
• -X Print each packet (minus its link level header) in hex and ASCII. This is very
handy for analysing new protocols. -XX Print each packet, including its link
level header, in hex and ASCII.
• -y Set the data link type to use while capturing packets to datalinktype.
• -Z Drops privileges (if root) and changes user ID to user and the group ID to
the primary group of users.

Source:
• Justin Hutchens (2014), Kali Linux Network Scanning Cookbook, Packt Publishing Ltd.

14 | P a g e