Commands and Links

As part of the 2 day November TCP-IP course presented by Rob Bradshaw of Daresbury laboratory, have been given the job of finding equivalent PC and UNIX commands forexamining the network. (results follow).

Be wary that un-restrained used of the following tools might be considered as attempted probing/hacking/"Denial of Service" attempts on remote networks.

Description	PC-DOS/Windows	UNIX
Overall Summary	Many User-Friendly Windows Utilities are available that can do powerful network analysis via GUI interfaces and be going in a few minutes. To find these tools, check out the relevant shareware/freeware archives under Networking/Internet tools. http://www.winfiles.com/apps/98/ - Winfiles http://www.32bit.com/software/ - 32bit.com http://www.download.com/ - Download.com http://www.zdnet.com/swlib/internet.html - Znet software archive http://www.tucows.com/ - Tucows http://www.simtel.net/simtel.net/ - Simtel.net	Getting the corresponding UNIX tools going can take a few hours to a few days.
Netstat Test for connected ports and status	In DOS Window - type netstat GUI Net_Stat for Windows 95 - http://www.jjsoftware.com/ GUI NetScanTools for Windows 95 - http://www.nwpsw.com/nstmain.html Port Flash - http://www.webroot.com/pflash.htm	/usr/etc/netstat -n | grep ESTABLISHED (look for Denial of Service type attacks) /usr/etc/netstat -n -p tcp (summary of tcp stats) /usr/etc/netstat -a (connected ports) Look at the help file for a full list of tcpdump functionality.
Traceroute Find route to a computer	In DOS Window - type tracert www.ccp14.ac.uk GUI NetScanTools for Windows 95 - http://www.nwpsw.com/nstmain.html GUI Visualroute for Windows 95 (displays results on a world map) - http://www.visualroute.com/	/usr/etc/traceroute www.ccp14.ac.uk
Ping Test if computer is alive	In DOS Window - type ping www.ccp14.ac.uk GUI NetScanTools for Windows 95 - http://www.nwpsw.com/nstmain.html	/usr/etc/ping www.ccp14.ac.uk
nslookup Resolve IP address to name and visa-versa	Does not exist as command but available as part of freeware/shareware windows utilities. GUI NetScanTools for Windows 95 - http://www.nwpsw.com/nstmain.html	/usr/sbin/nslookup 193.62.124.194
tcpdump Look at invidual packets	From comp.security.misc newsgroup - "NT has a built-in sniffer called Network Monitor"(?)	Available for compiling from ftp://ftp.ee.lbl.gov/ When combined with AWK scripts and programs like xgraph and tcpshow (can look at everything including data in a nice format); tdumpweb.pl (corellates TCPdump IP addresses with web server filenames); can so some nifty stuff for interogating what is happening on your network. /usr/local/sbin/tcpdump -s 1500 -lenx | /usr/local/bin/tcpshow -cooked > doobry.txt /usr/local/sbin/tcpdump -s 1500 -lenx | /usr/local/bin/tcpshow -cooked -data > doobry2.txt /usr/local/sbin/tcpdump | grep 150.108.74 | tee doobry.log /usr/local/sbin/tcpdump | grep 207.134.96 | tee doobry.log awk -f /usr/local/sbin/stime.awk http120.txt | /usr/local/bin/xgraph awk -f /usr/local/sbin/stime.awk http4.txt | /usr/local/bin/xgraph awk -f /usr/local/sbin/stime.awk filename.txt | /usr/local/bin/xgraph awk -f /usr/local/sbin/stime.awk filename.txt | /usr/local/bin/xgraph awk -f /usr/local/sbin/stime.awk filename.txt | /usr/local/bin/xgraph /usr/local/sbin/tcpdump | grep ftp > filename.txt /usr/local/sbin/tcpdump | grep http >filename.txt
Speed of Network	Anyspeed - http://www.pysoft.com/anyspeed_fr.html	???
IP Subnet Calculator	IP Subnet Calculator - http://www.net3group.com/download.html-ssi	???