Useful Unix networking commands

whois [-h registrar] domain

See also page on whois.

$ whois columbia.edu
Whois Server Version 1.3

Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: COLUMBIA.EDU
   Registrar: NETWORK SOLUTIONS, INC.
   Whois Server: whois.networksolutions.com
   Referral URL: www.networksolutions.com
   Name Server: CUNIXD.CC.COLUMBIA.EDU
   Name Server: DNS2.ITD.UMICH.EDU
   Updated Date: 05-jul-2000
>>> Last update of whois database: Thu, 15 Feb 2001 07:11:44 EST <<<
Thus, we go look in the whois.networksolutions.com server:
$ whois -h whois.networksolutions.com columbia.edu
Registrant:
Columbia University (COLUMBIA-DOM)
   612 West 115th Street
   New York, NY 10025
   US

   Domain Name: COLUMBIA.EDU

   Administrative Contact:
      Columbia University Computer Operations  (CU-NOC) net-trouble@columbia.edu
      [No address]
      (212) 854-2652
   Technical Contact:
      Columbia University Hostmaster  (CU239-ORG) hostmaster@COLUMBIA.EDU
      Columbia University
      612West 115th Street
      New York, NY 10025
      USA
      212-854-1919 Fax- 212-662-6442
   Billing Contact:
      AcIS Department Administrator  (AD9603-ORG) acis-deptadmin@COLUMBIA.EDU
      Columbia University Academic Information
      Systems
      612 West 115th Street
      New York, NY 10025 US
      (212) 854-7707 Fax- - (212) 662-6442

   Record last updated on 27-Sep-1999.
   Record expires on 13-May-2001.
   Record created on 05-Jul-1985.
   Database last updated on 15-Feb-2001 20:35:21 EST.

   Domain servers in listed order:

   CUNIXD.CC.COLUMBIA.EDU       128.59.35.142
   DNS2.ITD.UMICH.EDU           141.211.125.15

dt>nslookup

Looks up host names.
$ nslookup
Default Server:  cs.columbia.edu
Address:  128.59.16.20

> set query=mx
> yahoo.com
Server:  cs.columbia.edu
Address:  128.59.16.20

Non-authoritative answer:
yahoo.com       preference = 6, mail exchanger = mx6.mail.yahoo.com
yahoo.com       preference = 1, mail exchanger = mx1.mail.yahoo.com
yahoo.com       preference = 3, mail exchanger = mx3.mail.yahoo.com
yahoo.com       preference = 5, mail exchanger = mx5.mail.yahoo.com
yahoo.com       preference = 4, mail exchanger = mx4.mail.yahoo.com
yahoo.com       preference = 2, mail exchanger = mx2.mail.yahoo.com

Authoritative answers can be found from:
yahoo.com       nameserver = NS3.EUROPE.yahoo.com
yahoo.com       nameserver = NS1.yahoo.com
yahoo.com       nameserver = NS5.DCX.yahoo.com
mx6.mail.yahoo.com      internet address = 128.11.22.90
mx6.mail.yahoo.com      internet address = 216.136.129.12
mx6.mail.yahoo.com      internet address = 128.11.69.53
mx6.mail.yahoo.com      internet address = 216.136.129.17
mx6.mail.yahoo.com      internet address = 216.115.107.17
mx6.mail.yahoo.com      internet address = 216.136.129.15
mx6.mail.yahoo.com      internet address = 216.136.129.16
mx6.mail.yahoo.com      internet address = 128.11.68.59
mx6.mail.yahoo.com      internet address = 128.11.22.89
mx6.mail.yahoo.com      internet address = 216.136.129.18
mx6.mail.yahoo.com      internet address = 216.136.129.13
mx6.mail.yahoo.com      internet address = 216.136.129.14
NS3.EUROPE.yahoo.com    internet address = 217.12.4.71
NS1.yahoo.com   internet address = 204.71.200.33
NS5.DCX.yahoo.com       internet address = 216.32.74.10

The hinfo query can be used to retrieve information about the hardware and operating system of a host:

bart:~> nslookup
Default Server:  cs.columbia.edu
Address:  128.59.16.20

> set type=hinfo
> cs.columbia.edu
Server:  cs.columbia.edu
Address:  128.59.16.20

cs.columbia.edu CPU = Sun-Ultra-5       OS = Unix
Finding www.fokus.gmd.de, as a packet trace

ifconfig -a
Determines the local IP configuration. The interface with the address 127.0.0.1 is the "loopback" interface.
$ ifconfig -a
lo0: flags=1000849 mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
hme0: flags=1000843 mtu 1500 index 2
        inet 128.59.19.191 netmask fffff800 broadcast 128.59.23.255

tcpdump
Dump packet headers for IP traffic, e.g.,
tcpdump -v port 80

21:52:13.264419 bart.cs.columbia.edu.46265 > cosmos.cs.columbia.edu.www: S 2297001649:2297001649(0) win 24820  (DF) (ttl 64, id 20015)
21:52:13.264736 cosmos.cs.columbia.edu.www > bart.cs.columbia.edu.46265: S 2401444389:2401444389(0) ack 2297001650 win 33580  (DF) (ttl 255, id 31155)
21:52:13.264772 bart.cs.columbia.edu.46265 > cosmos.cs.columbia.edu.www: . ack 1 win 24820 (DF) (ttl 64, id 20016)
21:52:13.299825 bart.cs.columbia.edu.46265 > cosmos.cs.columbia.edu.www: P 1:938(937) ack 1 win 24820 (DF) (ttl 64, id 20017)
21:52:13.300355 cosmos.cs.columbia.edu.www > bart.cs.columbia.edu.46265: . ack 938 win 33580 (DF) (ttl 255, id 31156)
21:52:13.302642 cosmos.cs.columbia.edu.www > bart.cs.columbia.edu.46265: P 1:388(387) ack 938 win 33580 (DF) (ttl 255, id 31157)
21:52:13.302897 cosmos.cs.columbia.edu.www > bart.cs.columbia.edu.46265: F 388:388(0) ack 938 win 33580 (DF) (ttl 255, id 31158)
21:52:13.302931 bart.cs.columbia.edu.46265 > cosmos.cs.columbia.edu.www: . ack 388 win 24820 (DF) (ttl 64, id 20018)
21:52:13.302942 bart.cs.columbia.edu.46265 > cosmos.cs.columbia.edu.www: . ack 389 win 24820 (DF) (ttl 64, id 20019)
21:52:13.338110 bart.cs.columbia.edu.46265 > cosmos.cs.columbia.edu.www: F 938:938(0) ack 389 win 24820 (DF) (ttl 64, id 20020)
21:52:13.338353 cosmos.cs.columbia.edu.www > bart.cs.columbia.edu.46265: . ack 939 win 33580 (DF) (ttl 255, id 31159)
dumps HTTP traffic.

The general format of a tcp protocol line is:

src > dst: flags data-seqno ack window urgent options
Src and dst are the source and destination IP addresses and ports. Flags are some combination of S (SYN), F (FIN), P (PUSH) or R (RST) or a single `.' (no flags). Data-seqno describes the portion of sequence space covered by the data in this packet; in all but S packets this is relative to the initial sequence number. Ack is sequence number of the next data expected the other direction on this connection. Window is the number of bytes of receive buffer space available the other direction on this connection. Urg indicates there is `urgent' data in the packet. Options are tcp options enclosed in angle brackets (e.g., ). Src, dst and flags are always present. The other fields depend on the contents of the packet's tcp protocol header and are output only if appropriate.

DF, ttl and id are from the IP layer and can be ignored.


Internet Technical Notes and Resources
Last updated by Henning Schulzrinne