Useful Network Tools (See Appendix C of Textbook)

·  Arp

·  Ping

·  Lsof

·  Truss

·  Tcpdump

·  Stevens’s sock program

Arp

% arp –a

Shows the current content of the ARP Cash.

% arp -a | grep dhcp-128

If it is not in the cash, type

% sudo tcpdump | grep ARP

and

go to another window and type:

% telnet dhcp-128

Then type:

% arp –a | grep dhcp-128

and you will find it in the cash.

Ping

echo request & echo reply

% ping cash

% sudo tcpdump | grep echo

Lsof

Netstat tells us which IP addresses and ports are in use but it does not identify the processes. Lsof (list open files) helps us find which process has a socket open on a specific IP address or port.

% sock -s 12345 &

% netstat -a | grep 12345

*.12345 *.* 0 0 49152 0 LISTEN

% sudo lsof | grep 12345

Password:

sock 12840 cs779 3u IPv4 0x300037720c0 0t0 TCP *:12345 (LISTEN)

% sudo lsof | grep TCP

sshd 715 root 3u IPv6 0x300036ac000 0t0 TCP *:ssh (LISTEN)

sshd 12721 root 6u IPv6 0x300037732c0 0t385696 TCP somethingmore.cs.odu.edu:ssh->dhcp-128.cs.odu.edu:3998 (ESTABLISHED)

sshd 12724 cs779 4u IPv6 0x300037732c0 0t385696 TCP somethingmore.cs.odu.edu:ssh->dhcp-128.cs.odu.edu:3998 (ESTABLISHED)

sock 12840 cs779 3u IPv4 0x300037720c0 0t0 TCP *:12345 (LISTEN)

Truss

Traces the activities on file descriptors associated with a socket:

% cd /home/cs476/public_html/SocketProgramming/c

% truss -v accept tcpServer0 &

% truss –v connect tcpClient0 localhost

% truss –v accept tcpServ0 &

% truss –v connect tcpClient0 localhost

Tcpdump

Reads packets from a network and prints lost of information about the packets.

Examples:

% sudo tcpdump icmp

% sudo tcpdump udp

% sudo tcpdump tcp

% sudo tcpdump tcp and port 80 &

% telnet cash 80

Sock

Some examples:

% sock -s 12345 & // start tcp server

% sock localhost 12345 // start tcp client

% sock -s -u 12345 & // start udp server

% sock -u localhost 12345 // start udp client