Network Tools FAQ

• What is DNS Lookup?
• What is Finger?
• What is Name Lookup?
• What is Ping?
• What is Port Scan?
• What is Throughput?
• What is Trace Route?
• What is Whois?

What is DNS Lookup?
DNS stands for Domain Name Service. Every computer that is connected to the Internet is assigned an IP address, whether it accepts connections or not. If you want to connect to that computer, you have to know it's IP address. This is what host names are for. Host names are simple names for IP addresses in the human language. Every host name can be translated into an IP address or vice-versa. DNS Lookup means to identify the IP address of a given host name. The DNS Lookup tool offers considerable flexibility in tailoring queries to retrieve any of the information kept by Domain Name Servers on the Internet.

[top]

What is Finger?
Finger is a utility that allows you to see information about another Internet user. Finger may or may not be allowed, depending on the host. The Finger tool queries Remote User Information Protocol (RUIP) servers for information about users who may be logged on to a particular host. To get a list of all users currently logged in to a particular host, enter that host name. To get more detail on a particular user, specify the username and host in the same form as an email address: username@domain.dom. You may also check the checkbox to Request long response format from the RUIP server. Finger returns information about the specified user of the sort that might be useful to a co-worker on the same UNIX host: when the user last logged in (and from where), when they last checked their mail, if they have mail waiting, what UNIX shell program they are using, what their login name is, and so forth. If the user has set up a .plan file or a .project file (small text files in the user's home directory), Finger will display their contents as well. Finger is a reminder of the days when Internet was a small and very collegial place.

[top]

What is Name Lookup?
Name Lookup resolves a host name to an IP address or IP address to a host name.

Name Scan

Name Scan performs a Name Lookup for each address in a specified range of IP addresses. You may also use domain names as the argument, but they will be resolved to IP addresses and checked to make sure the starting address is smaller than the ending address before the rest of the lookup is performed. Results display lists only the IP addresses which have a name.

[top]

What is Ping?
Ping utility is a tool that is used to see if a computer is operating and also to see if network connections are intact. Ping uses the Internet Control Message Protocol (ICMP) Echo function. A small packet is sent through the network to a particular IP address. The computer that sent the packet then waits (or 'listens') for a return packet. If the connections are good and the target computer is up, a good return packet will be received. PING can also tell the user the number of hops that lie between two computers and the amount of time it takes for a packet to make the complete trip. The time it takes for the packet to get to the target computer and back again is known as the round trip time. If this takes an extended period of time, it is indicative that something may be wrong.

Ping Scan

The purpose of this tool is to discover active nodes on a given network. Similar to the Ping tool, Ping Scan uses the ICMP protocol to send ECHO REQUESTS to a range of IP Addresses. This query can be executed at different times when new machines are added or removed from the network.

[top]

What is Port Scan?
Port Scan queries a specified range of ports on a single host, searching for available services. Many versions of UNIX, Windows, and other operating systems activate multiple ports by default on installation. While this is convenient for machines on a secure network, it can pose risks for machines accessible from the Internet. A typical use of Port Scan is to test for open ports so they may be closed or explicitly secured.

Service Scan

Service Scan tests for services being offered on a particular port by any hosts within a specified range of IP addresses.

[top]

What is Throughput?
On the Internet, throughput measures the speed of a communications channel or connection. A connection's throughput is the number of bytes per second it can transfer. The Throughput tool measures the rate at which files are downloaded from specified HTTP or FTP servers. The Throughput tool allows you to test the performance of two of the most important server types on the Internet on their most critical capability: their ability to serve files quickly. The Throughput tool can also be used to create a data stream to be analyzed by EtherPeek and other network diagnostic tools.

[top]

What is Trace Route?
Trace Route tells you how data gets from your computer to an Internet server. It also provides time information showing where the slow parts of the path are. Trace route is a standard part of the Internet Protocol suite, and should be included with all modern operating systems, such as Windows, Linux, or Unix. MacOS does not include a trace route utility, but several are available for download on the Internet.

Trace Route records packets' path through the Internet as they move between your computer and a specified destination IP address. If there are multiple hops (passes through routers) Trace Route calculates and displays the round-trip time required for each hop. If the routers have DNS entries, their names are also displayed. As the Trace Route progresses, the records are displayed hop by hop. Each hop is measured the number of times specified in the Count parameter.

Here is an example of a traceroute run to www.berkeley.edu:

traceroute to arachne.berkeley.edu (169.229.131.109), 30 hops max, 38 byte packets
1 207.44.218.1 (207.44.218.1) 5.481 ms 6.085 ms 3.681 ms
2 twhou-ni-1.ev1.net (207.218.245.9) 31.658 ms 0.609 ms 5.553 ms
3 289.ge-3-2-0.mpr2.iah1.us.mfnx.net (216.200.251.51) 1.455 ms 1.191 ms 1.354 ms
4 so-0-0-0.mpr1.iah1.us.mfnx.net (64.125.31.61) 1.020 ms 1.009 ms 1.130 ms
5 pos2-0.er1.atl4.us.mfnx.net (64.125.31.26) 13.691 ms 13.647 ms 13.693 ms
6 so-5-0-0.cr2.dca2.us.mfnx.net (208.185.0.229) 35.139 ms 27.385 ms 27.324 ms
7 so-6-0-0.cr2.iad1.us.mfnx.net (208.184.233.130) 25.022 ms 65.972 ms 25.065 ms
8 so-1-0-0.pr1.iad1.us.mfnx.net (208.185.0.145) 25.184 ms 25.107 ms 25.040 ms
9 qwest-iad-oc12.iad.above.net (208.184.233.34) 25.588 ms 25.778 ms 25.645 ms
10 dca-core-01.inet.qwest.net (205.171.9.13) 31.918 ms 31.942 ms 32.572 ms
11 svl-core-02.inet.qwest.net (205.171.8.202) 75.472 ms 75.440 ms 75.465 ms
12 svl-core-01.inet.qwest.net (205.171.14.117) 75.235 ms 75.271 ms 75.126 ms
13 svl-edge-09.inet.qwest.net (205.171.14.94) 75.197 ms 75.461 ms 75.171 ms
14 65.113.32.210 (65.113.32.210) 75.291 ms 75.208 ms 75.157 ms
15 QSV-M10-C2.GE.calren2.net (137.164.12.166) 72.823 ms 72.822 ms 76.177 ms
16 atm0-1-0dot1.inr-666-doecev.Berkeley.EDU (128.32.0.65) 74.612 ms 74.571 ms 74.342 ms
17 vlan195.inr-201-eva.Berkeley.EDU (128.32.0.250) 74.852 ms 79.708 ms 74.842 ms
18 vlan209.inr-203-eva.Berkeley.EDU (128.32.255.2) 75.238 ms 74.701 ms 75.218 ms
19 arachne.Berkeley.EDU (169.229.131.109) 74.952 ms 74.924 ms 74.626 ms

[top]

What is Whois?
Whois is a protocol used to find information about networks, domains and hosts. The whois records normally include data on the organizations and the contacts associated with these networks and domains. Whois services operate through a whois server. Any one can connect to a whois server and send a query. The whois server will then respond to the query and close the connection. Any one can run a whois server. For example a company could run a whois server that provides information about its various departments and employees.

The most common use of whois is for finding information about domain names. For example, you can find information on a domain (eg: microsoft.com) by querying the appropriate whois server.

[top]