The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

    • RT @nadineswagerman: Iemand mailde me dat een 13-jarig meisje mijn novelle had uitgekozen om te lezen/bespreken op school. Het boek bevat 9… 3 hours ago
    • RT @jilles_com: Afgelopen 10 dagen hebben we door NL gereisd, elke dag een nieuw hotel en op heel veel locaties gegeten. In 60% van de geva… 3 hours ago
    • RT @FTM_nl: Sywert van Lienden plaatste bewust een serie tweets om het ministerie onder druk te zetten om de omstreden mondkapjesdeal met h… 3 hours ago
    • RT @ArmsControlWonk: China just used a rocket to put a space plane in orbit and the space plane glided back to earth. Orbital bombardment i… 3 hours ago
    • RT @shossontwits: O jee. Nu dit weer. 4 hours ago
  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,482 other followers

Archive for the ‘dig’ Category

56 Linux Networking commands and scripts

Posted by jpluimers on 2021/01/25

Back in 2019, there were 56 commands and scripts covered. I wonder how many there are now.

An ongoing list of Linux Networking Commands and Scripts. These commands and scripts can be used to configure or troubleshoot your Linux network.

Source: [WayBack55 Linux Networking commands and scripts

List back then (which goes beyond just built-in commands: many commands from optional packages are here as well):

  1. arpwatch – Ethernet Activity Monitor.
  2. bmon – bandwidth monitor and rate estimator.
  3. bwm-ng – live network bandwidth monitor.
  4. curl – transferring data with URLs. (or try httpie)
  5. darkstat – captures network traffic, usage statistics.
  6. dhclient – Dynamic Host Configuration Protocol Client
  7. dig – query DNS servers for information.
  8. dstat – replacement for vmstat, iostat, mpstat, netstat and ifstat.
  9. ethtool – utility for controlling network drivers and hardware.
  10. gated – gateway routing daemon.
  11. host – DNS lookup utility.
  12. hping – TCP/IP packet assembler/analyzer.
  13. ibmonitor – shows bandwidth and total data transferred.
  14. ifstat –  report network interfaces bandwidth.
  15. iftop – display bandwidth usage.
  16. ip (PDF file) – a command with more features that ifconfig (net-tools).
  17. iperf3 – network bandwidth measurement tool. (above screenshot Stacklinux VPS)
  18. iproute2 – collection of utilities for controlling TCP/IP.
  19. iptables – take control of network traffic.
  20. IPTraf – An IP Network Monitor.
  21. iputils – set of small useful utilities for Linux networking.
  22. jwhois (whois) – client for the whois service.
  23. “lsof -i” – reveal information about your network sockets.
  24. mtr – network diagnostic tool.
  25. net-tools – utilities include: arp, hostname, ifconfig, netstat, rarp, route, plipconfig, slattach, mii-tool, iptunnel and ipmaddr.
  26. ncat – improved re-implementation of the venerable netcat.
  27. netcat – networking utility for reading/writing network connections.
  28. nethogs – a small ‘net top’ tool.
  29. Netperf – Network bandwidth Testing.
  30. netsniff-ng – Swiss army knife for daily Linux network plumbing.
  31. netstat – Print network connections, routing tables, statistics, etc.
  32. netwatch – monitoring Network Connections.
  33. ngrep – grep applied to the network layer.
  34. nload – display network usage.
  35. nmap – network discovery and security auditing.
  36. nslookup – query Internet name servers interactively.
  37. ping – send icmp echo_request to network hosts.
  38. route – show / manipulate the IP routing table.
  39. slurm – network load monitor.
  40. snort – Network Intrusion Detection and Prevention System.
  41. smokeping –  keeps track of your network latency.
  42. socat – establishes two bidirectional byte streams and transfers data between them.
  43. speedometer – Measure and display the rate of data across a network.
  44. speedtest-cli – test internet bandwidth using speedtest.net
  45. ss – utility to investigate sockets.
  46. ssh –  secure system administration and file transfers over insecure networks.
  47. tcpdump – command-line packet analyzer.
  48. tcptrack – Displays information about tcp connections on a network interface.
  49. telnet – user interface to the TELNET protocol.
  50. tracepath – very similar function to traceroute.
  51. traceroute – print the route packets trace to network host.
  52. vnStat – network traffic monitor.
  53. wget –  retrieving files using HTTP, HTTPS, FTP and FTPS.
  54. Wireless Tools for Linux – includes iwconfig, iwlist, iwspy, iwpriv and ifrename.
  55. Wireshark – network protocol analyzer.

Via:

–jeroen

Posted in *nix, *nix-tools, cURL, dig, nmap, Power User, ssh/sshd, tcpdump, Wireshark | Leave a Comment »

Find the TTL for a domain and subdomain by getting to the authoritative nameserver first

Posted by jpluimers on 2018/11/15

Lets find the authoritative name server and TTL (time to live) for the example.org domain and www.example.org subdomain.

Notes:

1a: get parents of name servers

First start with a root server (dig: getting the list of root servers) to get parents of the name servers for example.org (don’t you love indirection!):

$ dig +norecurse +noall +authority @f.root-servers.net. example.org.
org.            172800  IN  NS  a0.org.afilias-nst.info.
org.            172800  IN  NS  a2.org.afilias-nst.info.
org.            172800  IN  NS  b0.org.afilias-nst.org.
org.            172800  IN  NS  b2.org.afilias-nst.org.
org.            172800  IN  NS  c0.org.afilias-nst.info.
org.            172800  IN  NS  d0.org.afilias-nst.org.

You can repeat this query for 2 more root servers to ensure they are in sync.

1b: get authoritative name servers from the parents

Now repeat with at least 3 of these to ensure they give matching results for the name servers for example.org:

$ dig +norecurse +noall +authority @b0.org.afilias-nst.info. example.org.
example.org.        86400   IN  NS  b.iana-servers.net.
example.org.        86400   IN  NS  a.iana-servers.net.
$ dig +norecurse +noall +authority @c0.org.afilias-nst.info. example.org.
example.org.        86400   IN  NS  a.iana-servers.net.
example.org.        86400   IN  NS  b.iana-servers.net.
$ dig +norecurse +noall +authority @a0.org.afilias-nst.info. example.org.
example.org.        86400   IN  NS  a.iana-servers.net.
example.org.        86400   IN  NS  b.iana-servers.net.

2a: getting the domain name servers from a public name server

A query to a public DNS server will also return a name server list, but then you would need to know that name server first. In addition, you can not ask for +authority; you have to ask for +answer NS in stead:

$ dig +norecurse +noall +answer NS @8.8.8.8 example.org.
example.org.        55312   IN  NS  a.iana-servers.net.
example.org.        55312   IN  NS  b.iana-servers.net.

The name servers on the list are not guaranteed to be authoritative, as this query returns an empty result:

$ dig +norecurse +noall +authority @8.8.8.8 example.org.

2b. ensuring the name servers are authoritative name servers

From the name servers returned, you can now check if the servers themselves return the same name servers. If so, then you are sure they are authoritative:

$ dig +norecurse +noall +authority @a.iana-servers.net. example.org.
example.org.        86400   IN  NS  a.iana-servers.net.
example.org.        86400   IN  NS  b.iana-servers.net.
$ dig +norecurse +noall +authority @b.iana-servers.net. example.org.
example.org.        86400   IN  NS  b.iana-servers.net.
example.org.        86400   IN  NS  a.iana-servers.net.

3: get the actual TTL

With the authoritative name servers, you can get the actual TTL:

$ dig +norecurse +noall +answer SOA @a.iana-servers.net. example.org.
example.org.        3600    IN  SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600
$ dig +norecurse +noall +multiline +answer SOA @a.iana-servers.net. example.org.
example.org.        3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. (
                2017042729 ; serial
                7200       ; refresh (2 hours)
                3600       ; retry (1 hour)
                1209600    ; expire (2 weeks)
                3600       ; minimum (1 hour)
                )

I got the +multiline trick from [WayBackHOWTO: Using dig(1) to Find DNS Time to Live (TTL) Values – A-Team Systems.

4: get the count down TTL from a local name server

You can repeat the above process with a non-authoritative name server a few times to see the TTL decrease:

$ dig +norecurse +noall +answer SOA example.org.
example.org.        322 IN  SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600
$ dig +norecurse +noall +answer SOA example.org.
example.org.        321 IN  SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600

This is for instance what is returned by [WayBackexample.org DNS information – who.is example.org DNS information. DNS records such SOA, TTL, MX, TXT and more.

Public DNS servers having multiple servers per IP can even run disperse TTL numbers, for instance Google DNS at 8.8.8.8 does this:

$ dig +norecurse +noall +answer SOA @8.8.8.8 example.org.
example.org.        13  IN  SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600
$ dig +norecurse +noall +answer SOA @8.8.8.8 example.org.
example.org.        1388    IN  SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600
$ dig +norecurse +noall +answer SOA @8.8.8.8 example.org.
example.org.        10  IN  SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600

Note that +nssearch does not work for me

Using +nssearch as per [WayBackHow to find what Authoritative Name Server provided the answer using dig? – Server Fault fails for me:

$ dig +nssearch example.org
SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600 from server 199.43.135.53 in 83 ms.
SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600 from server 199.43.133.53 in 144 ms.
;; connection timed out; no servers could be reached

This reveals this in the bold values:

  • The authoritative nameserver sns.dns.icann.org is not publicly accessible.
  • TTL 7200 (7200 seconds is 2 hours).

Future research

Authoritative answers might not be present in dig queries on some platforms. I need to dig deeper into [WayBackterminal – Dig not returning authority section? – Ask Different to see why.

Glue records are always tricky to get right: [WayBackHow to check domain NS glue records using dig « Admins eHow

–jeroen

Posted in *nix, *nix-tools, bash, Development, dig, DNS, Internet, Power User, Scripting, Software Development | Leave a Comment »

 
%d bloggers like this: