An Introduction to Tiger Terminal, Part 3
Pages: 1, 2
nslookup
dig, host, and nslookup (name server lookup) are tools that directly query the DNS service. nslookup checks the DNS server set in your Network preferences and then looks up the IP address for the domain name you specify. However, nslookup is considered a flawed tool and, in fact, if you run nslookup on www.apple.com, you'll get this message:
Figure 9: nslookup www.apple.com
Trying to pull up the man pages for nslookup from the terminal will produce this: "No manual entry for nslookup." And if you try to run it from the lookup tab in the Network Utility.app, you'll see:
Figure 10: lookup in Network Utility.app
In Tiger, the checkbox "use dig instead of nslookup" is gone because we see that dig has officially replaced nslookup in the Network Utility.app. Let's take a brief look at what information dig gives us and also look at a companion tool, host. Running dig apple.com at the command line will return the domain IP address, its name servers, and their IP addresses:
Figure 11: dig apple.com
If you just want to return the IP address for the domain you're querying, you would run host:
Figure 12: host www.apple.com
If you have an IP address and you want to find out what name that translates into, you can use a dig -x to reverse search and find out that it's apple.com:
Figure 13: dig -x 17.254.3.183
traceroute
traceroute is a TCP/IP utility that records the route through the Internet between a client machine and a specified destination computer. It reports the IP addresses of all the routers in between, and calculates and displays the amount of time each hop took. This is useful in diagnosing where a network problem might be happening. Here is an example of running traceroute between my computer and my university server, www.uchsc.edu:
Figure 14: traceroute www.uchsc.edu
Note that I'm connected from home via VPN (virtual private network).
whois
Now, let's use whois to find out more information about www.apple.com:
tiger12:~ norburym$ whois apple.com
Whois Server Version 1.3
[...]
Domain Name: APPLE.COM
Registrar: EMARKMONITOR INC. DBA MARKMONITOR
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NSERVER2.APPLE.COM
Name Server: NSERVER.EURO.APPLE.COM
Name Server: NSERVER.APPLE.COM
Name Server: NSERVER.ASIA.APPLE.COM
Name Server: NSERVER3.APPLE.COM
Name Server: NSERVER4.APPLE.COM
Status: REGISTRAR-LOCK
Updated Date: 20-may-2004
Creation Date: 19-feb-1987
Expiration Date: 20-feb-2007
>>> Last update of whois database: Thu, 30 Jun 2005 04:15:05 EDT <<<
[...]
Registrant:
Apple Computer, Inc. (DOM-417477)
1 Infinite Loop Cupertino, CA 95014 US
Domain Name: apple.com
Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com
Administrative Contact:
Kenneth Eddings (KE557) (NIC-14211601) Apple Computer, Inc.
1 Infinite Loop M/S 60-DR Cupertino CA 95014 US
eddingsk@apple.com +1.4089744286 Fax- -
Technical Contact, Zone Contact:
NOC Apple (NA4189-ORG) (NIC-14211609) Apple Computer, Inc.
1 Infinite Loop M/S 60-DR Cupertino CA 95014 US
Apple-NOC@APPLE.COM +1.4089961010 Fax- +1.4089741560
Created on..............: 1987-Feb-19.
Expires on..............: 2007-Feb-20.
Record last updated on..: 2004-May-20 12:16:06.
Domain servers in listed order:
NSERVER.APPLE.COM
NSERVER2.APPLE.COM
NSERVER.EURO.APPLE.COM
NSERVER3.APPLE.COM
NSERVER4.APPLE.COM
NSERVER.ASIA.APPLE.COMThe whois command queries the Network Information Center (NIC) database to display a registration record's matching name. It returns who owns the domain name, contact information, what their name servers are, and creation and expiration dates.
finger
The finger protocol is used to return basic information on users who have accounts on a specific host. Information returned is often minimal. Here is what finger returns for my login to my local machine:
Figure 15: finger norburym
The finger service runs on port 79, which is often blocked due to past problems with the protocol; in the late '80s a worm exploited an error in the finger daemon and the protocol was also used by crackers to get detailed information about server users.
stroke and netstat
In the Network Utility.app, Apple includes a port scan tool. Port scanning can be very helpful in determining what vulnerabilities exist on your system (or systems, if you manage client and server machines). It can also help you check whether a computer on your network is available for remote connections like ssh or sftp, which we looked at in Part Two of this series. The command line equivalent of the GUI port scan utility is called stroke
and it's hidden inside the package contents of the Network Utility.app. The path to stroke is:
/Applications/Utilities/Network\ Utility.app/Contents/Resources/stroke
and the syntax of the command is:
stroke host start_port end_portRemember how we dealt with spaces in file names in Part Two of this series? Network Utility.app has a space in the file name so we use a backslash character immediately before the space to make it command line friendly. We can also use another shortcut that we learned in Part One of this series: navigating to the location of the file in the GUI and dragging the file directly to the waiting command line. In this case, we open the Utilities folder in the Applications folder, we control click (or right click with a two button mouse) on the Network Utility.app icon and choose Show Package Contents from the menu that appears. A new window will open, with a folder called Contents. Open the Contents folder and open the Resources folder. You'll see this:
Figure 16: /Applications/Utilities/Network\ Utility.app/Contents/Resources
Drag the stroke application icon directly to your terminal window. The path will fill in for you. Now, you simply need to add the rest of the command syntax in the format of host start_port end_port:
Figure 17: complete stroke command
In this example, I'm using my host machine (10.0.1.5) and am asking to scan ports between 1 and 3000. The output lists the port number and the service running on that port. Another way to check for open ports is to use the netstat -a command, which is easily accessed via the CLI:
Figure 18: netstat -a
This is just a partial screenshot of the output of netstat -a. The interesting bits are the states listed as LISTEN or ESTABLISHED. In this example, several services are running: ssh, ftp, svrloc (server location), and afpovertcp (AppleShare over TCP). My mail.app connection is also open.
Phew!
That covers the CLI equivalents of the Network Utility.app. Mac OS X comes with a very neat GUI front end to some of the most useful tools for keeping an eye on your network. However, I hope I've shown how you can get more power and flexibility from the command line. There are lots of other tools out there (lsof and tcpdump just to name two) and mastering some of the common ones will give way to further exploration.
|
Related Reading Learning Unix for Mac OS X Tiger |
Mary Norbury-Glaser is the IT director at a University of Colorado affiliate center. She has over 15 years of experience in cross-platform systems administration in the education sector. She loves fast cars and geocaching.
Return to the Mac DevCenter
-
netstat is showing a strange ESTABLISHED connection.
2005-07-12 04:24:52 rbannon@mac.com [View]
- Trackback from http://www.ogadei.com/node/using-mac-os-x-tiger-terminal/782
Using Mac OS X Tiger Terminal
2005-07-06 17:05:53 [View]
-
Small fix
2005-07-06 12:52:01 hexghost [View]
-
Small fix
2005-07-06 20:38:33 norburym [View]
-
thanks
2005-07-06 12:17:14 regulus6633 [View]
-
thanks
2005-07-06 19:56:06 norburym [View]
-
ifconfig annoyance
2005-07-06 10:30:18 Thrint [View]
-
ifconfig annoyance
2005-07-06 20:22:18 norburym [View]
-
dns-sd
2005-07-06 04:01:07 Daniel H. Steinberg |
[View]
-
dns-sd
2005-07-06 19:54:01 norburym [View]
