Network Software Tools and Commands

Software Tools

WiFi analyzer

• Determines the signal strength and configurations of wireless networks.

Protocol analyzer/packet capture

• Provides in-depth information found within network packets. 

• Wireshark - https://www.wireshark.org/ 

• TCPdump - A command-line packet capturing tool and analyzer.

• sudo tcpdump -i <interface> > capture.txt

• less capture.txt

Bandwidth speed tester

• Determines the current network bandwidth.

• https://www.speedtest.net/ 

Port scanner

• Used to identify open service ports on a device.

• Nmap and Zenmap - https://nmap.org/ 

• nmap <IP address of host or network>

iperf 

• This is a tool used to test the raw throughout between devices over a network.

• https://iperf.fr/ 

NetFlow analyzers

• Used to determine the types of traffic on a network based on the 5-Tuples.

• https://www.solarwinds.com/netflow-traffic-analyzer 

Trivial File Transfer Protocol (TFTP) server

• Allows you to backup a device's configurations over a network using TFTP.

• https://www.solarwinds.com/free-tools/free-tftp-server 

Terminal emulator

• This is an application which allows you to connect to a device using Serial, Telnet and/or SSH.

• Putty - https://www.putty.org/

• Windows Terminal

IP scanner

• Allows you to scan a network and determine the live hosts on a network.

• Nmap and Zenmap - https://nmap.org/ 

Command line tool

Ping

• Test end to end connectivity between devices using Internet Control Message Protocol (ICMP) messages.

• Ping the loopback address - ping 127.0.0.1.

• Ping a local host on the same network.

• Ping the default gateway.

• Ping a remote host (beyond the default gateway).

• Response messages:

  • Request timeout - The destination host has ICMP disabled or the ICMP messages are unable to return to the sender.

  • Destination host/network unreachable - The sender or default gateway is unable to reach the destination host, possibly due to a missing route.

  • Expired in transit - The Time To Live (TTL) has expired (reached 0) before arriving at the destination host.

traceroute/tracert

• Displays the path packets take between a source and destination.

• Validates the number of hops, Layer 3 devices along the way to the destination host.

• Verifies the latency between each hop.

• On Windows systems, use the tracert <destination IP address> command.

• On Linux, use the traceroute <destination IP address> command.

ipconfig/ifconfig/ip

• The ipconfig command is used on Windows operating systems to determine the current IP configurations of the system.

• The following are various ipconfig commands:

  • ipconfig /all - Display full configuration information.

  • ipconfig /release - Release the IPv4 address for the specified adapter.

  • ipconfig /release6 - Release the IPv6 address for the specified adapter.

  • ipconfig /renew - Renew the IPv4 address for the specified adapter.

  • ipconfig /renew6 - Renew the IPv6 address for the specified adapter.

  • ipconfig /flushdns - Purges the DNS Resolver cache.

  • ipconfig /registerdns - Refreshes all DHCP leases and re-registers DNS names

  • ipconfig /displaydns - Display the contents of the DNS Resolver Cache.

• The ifconfig command is used on Linux-based operating systems to verify the current IP configurations on the system.

• The ip addr command is used on Linux-based systems to view the IP addresses on the interfaces.

• The ip route show command displays the default gateway on a Linux-based system.

• The route add default gw <gateway address> command allows you to manually insert a default route on a Linux device.

• The ip route add default via <destination-network/mask> dev <interface-ID> command allows you to manually insert a static route in the routing table of the Linux system

• dhclient -r - Used to release a DHCP address on a Linux-based system.

nslookup/dig

• The nslookup (Windows and Linux) and dig (Linux) tools is used to troubleshoot DNS issues.

• The ipconfig /all command will display the currently configured DNS servers on the local device.

• The following are various DNS record types:

  • A - Resolves a hostname to an IPv4 address.

  • AAAA - Resolves a hostname to an IPv6 address.

  • MX - Resolves the Mail Exchanger records for a domain.

  • NS - Resolves the Name Servers records for a domain.

  • CNAME - Resolves the Canonical Name (Alias) for a hostname.

  • PTR - Resolves and IP address to a hostname.

  • RP - Displays the Responsible Person for a domain.

  • TXT - Displays the text records for a domain.

• Performing a DNS lookup:

  1. nslookup

  2. set type=<record type>

  3. domain-name

• dig <domain-name> <DNS record type>

arp

• The arp -a command displays the ARP cache.

• Displays the IP address to MAC address mappings.

• The entries in the ARP cache is valid for the last 5 minutes.

• The ARP cache will only display the hosts which exchanged messages with the local system.

netstat

• The netstat command displays the current network statistics.

• The following are various netstat commands and their purpose:

  • netstat -a - Displays all connections and listening ports.

  • netstat -e - Displays Ethernet statistics. This may be combined with the -s option.

  • netstat -f - Displays Fully Qualified Domain Names (FQDN) for foreign addresses.

  • netstat -n - Displays addresses and port numbers in numerical form.

  • netstat -o - Displays the owning process ID associated with each connection.

  • netstat -p proto - Shows connections for the protocol specified by protocol (IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6).

  • netstat -q - Displays all connections, listening ports, and bound nonlistening TCP ports. Bound nonlistening ports may or may not be associated with an active connection.

  • netstat -r - Displays the routing table.

  • netstat -s - Displays per-protocol statistics.

  • netstat -t - Displays the current connection offload state.

  • netstat -x - Displays NetworkDirect connections, listeners, and shared endpoints.

  • netstat -y - Displays the TCP connection template for all connections. Cannot be combined with the other options.

Route

• The route print command on Windows displays the routing table.

• The route add <networkID> mask <netmask> <gateway address> command allows you to add a route within the Windows operating system.

• The route and the ip route list command displays the routing table on Linux-based systems.

Basic network platform commands

show interface

• The show interface command is used on Cisco IOS devices that displays the interface IP address and statistics information.

show config

• On Cisco IOS devices, the show running-config command displays the current, running configurations of the device.

• On Cisco IOS devices, the show startup-config command displays the configurations that will be loaded into RAM when the system boots.

show route

• The show ip route command is used on Cisco IOS routers to display the routing table.