Basic Network Tools
What is Traceroute & What is it For?
Traceroute is a network diagnostic tool used to track in real-time the pathway taken by a packet on an IP network from source to destination, reporting the IP addresses of all the routers it pinged in between. Traceroute also records the time taken for each hop the packet makes during its route to the destination.
Traceroute most commonly uses Internet Control Message Protocol (ICMP) echo packets with variable time to live (TTL) values. The response time of each hop is calculated. To guarantee accuracy, each hop is queried multiple times (usually three times) to better measure the response of that particular hop. Traceroute uses ICMP messages and TTL fields in the IP address header to function. Traceroute tools are typically included as a utility by operating systems such as Windows and Unix. Traceroute utilities based on TCP are also available.
What is Traceroute Used For?
Traceroute is a useful tool for determining the response delays and routing loops present in a network pathway across packet switched nodes. It also helps to locate any points of failure encountered while en route to a certain destination.
However, in the Internet, Traceroute messages are often blocked by routers in various Autonomous Systems (AS), making Traceroute highly inaccurate in many cases.
Use Case
To use traceroute or my traceroute (mtr) on the PBXware, you would need to ssh to system in question from which you wish to run a trace from and execute the command below:
- mtr IP
Where IP is the actual IP address of destination you are trying to perform the traceroute to.
Example:
- mtr 8.8.8.8
Ping
Ping is a command-line program designed to allow network admins to track the availability status of different devices in a network. It also helps discover network connectivity and latency issues.
How does ping work?
Ping is essentially a combination of Internet Control Message Protocol (ICMP) echo requests and response messages. When a network administrator inputs a ping command on the command prompt, an echo request—a small data packet of up to 64 bytes—is sent to the target device or a specified IP address. The local computer that sent the request then waits for the response of the remote host. If available or online, the target computer sends an echo response packet back to the originating computer. Generally, multiple echo requests are sent in a ping network test to assess the remote host's availability. For instance, in Windows, the usual number of echo requests sent to an IP address is four. The command prompt displays the result of every request and helps network admins determine whether it got a response. It also shows the total number of bytes sent/received and time-to-live, an indicator of a packet’s life span in a network before getting rejected.
The absence of ping response despite robust network connectivity indicates the target device is unavailable or offline. If the ping network test results show packet loss, poor network connectivity can be a possible reason. Similarly, having frequent echo request timeouts in a ping network test is often due to incorrect IP address entry.
How to use ping commands
To run the ping utility, a user should enter the ping command followed by the target device's hostname or IP address into a command-line interface. Here’s the basic syntax of this command and some examples:
Syntax:
- ping <space> <IP address or hostname>
Example:
- ping 127.0.0.1
- ping google.com
The ping utility was initially developed for the Unix OS. Later, most operating systems started supporting ping, but unfortunately, they introduced their own customizable parameters lacking consistency. To set the number of echo requests in a ping network test, for example, Windows uses the -n (number) option, whereas Unix leverages the -c (count) parameter.
Example:
- Windows: ping -n 5 google.com
- Unix: ping -c 4 google.com
Wireshark: Packet analyzer
The Wireshark analysis tool is a free and open-source program primarily used to capture and analyze packets of data moving through a network. Wireshark was created back in 1998 by Gerald Combs, but don’t let the age of Wireshark fool you, because it’s just as useful today as when it was created. Wireshark enables network engineers to put network interface controllers (NICs) into promiscuous mode to observe most traffic, even Unicast traffic which is not sent to a controller’s MAC address. All versions of Wireshark and the source code are fully open source and can be downloaded for free.
This is a tool that is used for opening pcap files that you are ought to capture with the sngrep, the tool used for such a purpose on the PBXware itself. Once you capture a trace, download the same, you can open it in the wireshark for further inspection.
Nmap: Network mapping
Nmap, short for Network Mapping, is a free and open source tool used for vulnerability checking, port scanning and network mapping. It’s a powerful tool that is often able to discover hidden vulnerabilities in networks that are missed by other programs. There is a large community that supports Nmap today, including the original developer, Gordon Lyon. The tool, which anyone can get for free, is downloaded several thousand times every week according to the community that maintains it. It’s available for Windows, Mac and Linux.
Syntax:
- nmap <flag> <IP/hostname>
Example:
- nmap -Pn google.com