Six of my top networking tools
I find it interesting to see what tools others in the industry use, and have discovered many useful tools by watching others on YouTube or reading their blogs. Here I'm going to look at six of the tools I use regularly, and I recommend them to you if you work in networking or cyber security.
I'm going to start with some less technical tools that are, nonetheless, indispensable for my day job.
Nslookup
nslookup
is used to translate a Domain Name System (DNS) name into an Internet Protocol (IP) address that's actually used by computers to route traffic. If you cannot resolve (translate) a DNS name then you won't be able to access the resource - simple.
By using nslookup
it's possible to check the DNS name is actually valid based on your current network configuration. Most often I'm using this to check an address I've just created on my DNS server, or I'm checking an address I've been passed is correct before proceeding with a support ticket.
> nslookup blog.jonsdocs.org.uk
Server: 100.115.92.193
Address: 100.115.92.193#53
Non-authoritative answer:
Name: blog.jonsdocs.org.uk
Address: 104.31.86.17
Name: blog.jonsdocs.org.uk
Address: 104.31.87.17
There's a new tool, dig
, that replaces nslookup
and can give more detail, however, nslookup
is still more widely available (it's built in to a lot of Operating Systems (OS) by default).
Ping
Ping, the "Packet INternet Groper", is a basic utility used to check communication between two networked devices. Issuing a simple ping
command will immediately tell you if the remote host is alive, well, almost.
> ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=53 time=14.4 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=53 time=14.7 ms
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 14.402/14.598/14.794/0.196 ms
To be accurate, ping
will tell you if the remote device responds to ping - that's not the same thing as whether or not the remote device is alive. The additional information provided in the ping response can also tell us something about the remote device - more on that another time.
Usefully, ping
will look at the system's hosts
file before it performs a DNS lookup. To give a bit of history, before DNS existed services were located by looking up addresses in a list, the hosts
file. As you can imagine, this soon became unmanageable but the file still exists ( /etc/hosts
on Linux and C:\windows\system32\drivers\etc\hosts
on Windows). Because ping
looks in the hosts
file we can easily check for a difference between DNS and our local system (our system's DNS lookup for a service may have been overridden by a hosts
file entry).
Tracert / traceroute
These are the same tool, but on different OSes. Windows calls the tool tracert
whereas Linux uses traceroute
but in each case the purpose is to show how traffic gets from the device you run the command on to a remote device.
By using traceroute I can check to see if traffic is flowing as designed (or as expected) on my network. Sometimes when a link goes down we'll lose access to a particular destination and traceroute can be really handy for showing that, especially if the traffic is sent back and forth between the same two points.
Wireshark
Wireshark is a network traffic protocol analyser and is available free from their website plus in numerous Linux distribution repositories. If you remember Ethereal from days gone by, this is the same tool following a rename.
During investigation of problems I find Wireshark is my go-to tool. If I'm receiving reports that a firewall rule I've created doesn't work I'll temporarily install Wireshark on the destination server to prove if the traffic is, or isn't, getting there. It's also possible to filter the view to show a specific conversation, so I can focus on a particular exchange.
I've blogged about using Wireshark for troubleshooting before.
Nmap
Nmap is a fantastic tool for port scanning an IP range, but its uses don't just stop there. By extending functionality with the Nmap Scripting Engine (based on Lua) it's possible to make Nmap do much more, and there's plenty of scripts included in the base distribution. Want to enumerate shares on a Windows file server? No problem, there's a script for that.
Before I issue an IP to a device I use Nmap to scan for that IP first, to check it really is free. Ping isn't going to cut it here, as the device might simply not respond to ping, so I use a TCP SYN scan to attempt a connection to a number of ports known to be in use in our environment. My example is below<
Nmap is open source, available from its website and in many Linux distribution software repositories.
HE tools on Android
On occasion, the only computing device I have with me is my mobile phone. Typically these times are when I need to check something out (a DNS record or firewall rule for example). HE Tools for Android are really handy because they allow me to conduct all sorts of tests from my phone:
- DNS lookups (essentially
nslookup
) - TCP port scans (like
nmap
) - Ping
- Trace route
- plus others
Additionally, my phone isn't on my office's corporate LAN so I can run a test from a different network without having to disconnect my laptop.
If you're a network engineer you'll find these tools really helpful, so I highly recommend adding them to your toolkit.
Banner image: Wireshark in use.