At first, I was going to write about all the different diagnostic command-line utilities, but after a thorough reflection, I realized how exhaustive that would be. For that reason, I’ve decided to restrict this post to network command-line tools only. Here are a few of the network commands every network tech should know.
1. ipconfig, ifconfig, and iwconfig
Window’s ipconfig and UNIX/Linux’s ifconfig are two networking commands that display information about a computer’s IP settings. Typing ipconfig alone yields basic results for every network interface on the computer, such as the domain-suffix of your DNS server, your IPv6 address globally-routable addresses, your IPv6 link-local address, IPv4 address, subnet mask, and the IP address of your default gateway. If you append the /all switch at the end of ipconfig on a Windows system, you get additional information, such as the name of your network adapter, MAC Address, DHCP information, your IP address leasing details, and the IP addresses of your DNS servers. The iwconfig command is UNIX/Linux’s version of ifconfig dedicated to wireless interfaces.
2. tracert and traceroute
Window’s tracert and UNIX/Linux’s traceroute are pretty much identical. The traceroute command checks the connectivity of a device and displays the path through the routers that the ICMP packet took. It also displays the IP address of each router and the time in milliseconds that it took to reach each router. Just type tracert [IP address or domain name]. Since some routers block ICMP packets, it helps that UNIX/Linux’s traceroute can send UDP packets in addition to the standard ICMP packets.
3. ping
The ping command tests if a system if reachable. Just type ping [IP address or domain name]. For example, you can do ping 8.8.8.8 or ping google.com. Ping defaults to IPv4. Both Windows and UNIX/Linux versions of ping are somewhat the same, but if you want to switch to IPv6, you can use the -6 switch for Windows systems or type ping6 for UNIX/Linux systems. Windows systems also send 4 pings by default, whereas UNIX/Linux send continuous pings unless your specify otherwise.
4. arping
The arping command is similar to ping except it uses ARP instead of ICMP. But, because ARP is a layer 2 protocol, it’s not going to pass through any routers. If you want to use arping on a UNIX/Linux system, it will have to stay in the broadcast domain.
5. pathping and mtr
Window’s pathping combines the ping and tracert commands. The pathping command takes a little longer to complete, but it yields additional results, such as the degree of packet loss at each router. This might help you pinpoint exactly where connection problems are occurring. UNIX/Linux’s My Traceroute, or mtr, does the same thing.
6. arp -a and arp -n
The arp -a command displays the ARP table for the system. This identifies MAC addresses and their corresponding IP addresses. For UNIX/Linux systems, you can use arp -a or arp -n.
7. nslookup and dig
Window’s nslookup is used to “interrogate” DNS servers in order to diagnose DNS problems. It will give you the hostname and IP address of the particular DNS server your are querying. You can obtain additional information in hopes that you can resolve any name resolution errors on your network. UNIX/Linux’s dig command is the same thing, but it yields additional results in favor of nslookup.
8. nbtstat
The nbtstat commands are for Windows systems only and it’s used to troubleshoot NetBIOS name resolution. The most useful switch for nbtstat is -n. By typing nbtstat -n, you can see the local NetBIOS names or the systems on your Windows network.
9. netstat and ss
The Windows netstat command stands for “Network Statistics.” If you run netstat without a switch, you’ll see a list of active connections by protocol (TCP or UDP), source IP address and port number, destination IP address and port number, and the state of the connection (e.g., listening, closed_wait, or established). It’s common to run netstat with a switch. The netstat -a displays all connections and listening ports. The netstat -b command displays the executable (name of the program) involved in creating each connection or listening port. The netstat -n command displays addresses and port numbers in numerical form. And, the netstat -o command displays the owning process ID associated with each connection. You can even combine these switches too, such as netstat -ano. The netstat command can even display the routing table by using the netstat -r command. The ss command is UNIX/Linux’s version of netstat.
10. netsh
The netsh utility is a little more advanced, but it allows you to locally (or even remotely) modify network settings. The netsh /? command displays the different options available for the netsh utility.
The Cybersecurity Man 