Fundamental network tools
Grzegorz Piechnik
Posted on December 4, 2023
Most of a non-functional tester’s work is based on working with the network. To be able to work more efficiently, we have prepared an overview of the most commonly used tools and explained how to use them in a basic way.
ping
Ping is one of the basic Internet programs that allows you to check whether the target IP address or a domain exists and accepts network requests. Another reason to use “ping” is to check whether the host computer you want to communicate with is working. An example command to check the connection to the target address could look like the following:
$ ping google.com
If you get a response like in the example below, it means that it is possible to reach the host computer.
$ ping google.com
Pinging google.com [142.250.75.14] with 32 bytes of data:
Reply from 142.250.75.14: bytes=32 time=28ms TTL=58
Reply from 142.250.75.14: bytes=32 time=84ms TTL=58
Reply from 142.250.75.14: bytes=32 time=10ms TTL=58
telnet
The telnet command uses the TCP protocol for a remote session (replaced by ssh due to telnet’s lack of encryption). Telnet, because of its simplicity, is often used to check if a connection to a particular port is possible.
Example usage:
$ telnet google.com 443
When the port is closed, we get a notification like at the bottom.
$ telnet google.com 44332
Connecting To google.com...Could not open connection to the host, on port 44332: Connect failed
traceroute / tracert / tracepath
Traceroute (also known as tracert or tracepath) is used to retrieve information about the path through which a transmitted packet passes. We get this information by asking each router along the way for a response. This is how we get the path a packet travels on its way to its destination. Ultimately, traceroute is supposed to help us understand where network problems occur.
$ tracert google.com
Tracing route to google.com [142.250.75.14]
over a maximum of 30 hops:
1 1 ms 5 ms 2 ms netiaspot.home [192.168.1.254]
2 10 ms 10 ms 12 ms 83.238.252.80
3 5 ms 8 ms 9 ms wrocc002rt09.inetia.pl [83.238.113.28]
4 12 ms 14 ms 14 ms POZNH002RT09.inetia.pl [83.238.248.22]
5 18 ms 16 ms 31 ms WARSC001RT06.inetia.pl [83.238.248.16]
6 20 ms 16 ms 13 ms 72.14.203.16
7 12 ms 10 ms 12 ms 142.250.227.13
8 11 ms 17 ms 12 ms 142.250.238.1
9 10 ms 19 ms 19 ms waw07s03-in-f14.1e100.net [142.250.75.14]
Trace complete.
ipconfig
To display all configured network interfaces, their ip addresses, dns servers and other information, we use the ipconfig (windows) or ifconfig (Linux) command, depending on the operating system you are using.
Another interesting option ipconfig (on windows) is the ability to release and renew a new ip address. How to do it: First use the command ipconfig /release
and then ipconfig /renew.
Then, in the event that we want to force windows to clear the DNS cache, use the command ipconfig /flushdns
.
netstat
The netstat command displays incoming and outgoing network connections and network information. To check all connections we will use the netstat -a
command.
$ netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 DESKTOP-9P879SS:0 LISTENING
TCP 0.0.0.0:445 DESKTOP-9P879SS:0 LISTENING
TCP 0.0.0.0:1042 DESKTOP-9P879SS:0 LISTENING
TCP 0.0.0.0:1043 DESKTOP-9P879SS:0 LISTENING
TCP 0.0.0.0:3306 DESKTOP-9P879SS:0 LISTENING
We can use netstat to display information about the programs that are making connections. We will use the netstat -b
command for this.
$ netstat -b
Active Connections
Proto Local Address Foreign Address State
TCP 127.0.0.1:1042 kubernetes:49718 ESTABLISHED
[asus_framework.exe]
TCP 127.0.0.1:1042 kubernetes:49719 ESTABLISHED
[asus_framework.exe]
TCP 127.0.0.1:9012 kubernetes:49725 ESTABLISHED
[ArmourySocketServer.exe]
TCP 127.0.0.1:17532 kubernetes:49720 ESTABLISHED
[ArmouryCrate.Service.exe]
TCP 127.0.0.1:49671 kubernetes:49672 ESTABLISHED
[mysqld.exe]
TCP 127.0.0.1:49672 kubernetes:49671 ESTABLISHED
[mysqld.exe]
nmap
Nmap is a tool used to scan ports and network services. To check which ports are open (from o 0 to 65535) we will use the nmap -p- 192.168.0.1
command. However, this is a long process. If we want to check the opening of only the most frequently used ports, we will use the nmap -F 192.168.0.1
command. On the other hand, to check a specific port, we will define the p
argument: nmap -p 80 192.168.0.1
.
Nmap is a powerful tool and gives us the ability to scan after a TCP connection, SYN or even provide scripts to detect network vulnerabilities. However, these are advanced aspects of using nmap, which we will describe in the future.
Posted on December 4, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.