| Previous | Contents | Index |
This example shows how to display the routing tables with network addresses.
Queries Internet name servers interactively.
nslookup [-option ...] [host_to_find | - [server] ]
The nslookup command is a program that is used to query Internet domain name servers. The nslookup command has two modes: noninteractive and interactive.Noninteractive mode
Noninteractive mode is used to display just the name and requested information for a host or domain. Noninteractive mode is invoked when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
Interactive mode
Interactive mode allows the user to query name servers for information about various hosts and domains or to display a list of hosts in a domain. Interactive mode is invoked when you specify nslookup without arguments (the default name server will be used), or when the first argument you specify is a hyphen (-) and the second argument is the host name or IP address of a name server.
The options listed under the set command can be specified in the .nslookuprc file in the user's home directory if they are listed one per line. Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen (-). For example, to change the default query type to host information, and the initial time out to 10 seconds, enter the following command:
$ nslookup -query=hinfo -timeout=10Interactive commands
Commands can be interrupted at any time by pressing Ctrl/C. To exit, press Ctrl/D (EOF) or type exit . The command line length must be less than 256 characters. To treat a built-in command as a host name, prefix it with an escape character (^) plus a backslash (\). Note that an unrecognized command will be interpreted as a host name.
host [server]
Looks up information for the host using either the current default server or the specified server. If host is an IP address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the default domain name is appended to the name. (This behavior depends on the state of the set options domain , srchlist , defname , and search .) To look up a host not in the current domain, append a dot (.) to the end of the domain name.
server domain
Changes the default server to domain . The lserver command uses the initial server to look up information about domain , while the server command uses the current default server. If an authoritative answer cannot be found, the names of servers that might have the answer are returned.
lserver domainroot
Changes the default server to the server for the root of the domain name space. Currently, the host ns.internic.net is used. (This command is a synonym for lserver ns.internic.net. ) The name of the root server can be changed with the set root command.finger [name] [> filename]
Connects with the finger server on the current host. The current host is defined when a previous lookup for a host was successful and returned address information (see the set querytype=A command). The redirection symbols (> and >>) can be used to redirect output in the usual manner.
finger [name] [>> filename]ls [option] domain [> filename]
Lists the information available for domain, optionally creating or appending to filename. The default output contains host names and their IP addresses. The value for option can be one of the following:
ls [option] domain [>> filename]
Option Description -t querytype Lists all records of the specified type. (See querytype in Table A-2.) -a Lists aliases of hosts in the domain. This option is a synonym for -t CNAME . -d Lists all records for the domain. This option is a synonym for -t ANY . -h Lists CPU and operating system information for the domain. This option is a synonym for -t HINFO . -s Lists well-known services of hosts in the domain. This option is a synonym for -t WKS . When output is directed to a file, a pound sign (#) is displayed for every 50 records received from the server. view filename
Sorts and lists the output of previous ls commands.help
Displays a brief summary of commands.exit
Exits the program.set keyword [=value]
Use the command to change state information that affects the lookups. Table A-2 lists the valid keywords.
Table A-2 Options to the nslookup set Command Keyword Function ALL Displays the current values of the options you can set as well as information about the current default server. For example: > set all
class= value Changes the query class to one of the following:
- IN --- The internet class (default)
- CHAOS --- The chaos class
- ANY --- Wildcard
The class specifies the protocol group of the information. You abbreviate this keyword to cl .
This command tells nslookup to resolve both in and chaos class queries (you can enter in and chaos ):> set class=ANY
querytype Specifies the type of information you want. For example: > set querytype=A
> set querytype=ANY
Valid types are:
SOA Start of authority. Marks the beginning of a zone's data and defines parameters that affect the entire zone. NS Name server. Identifies a domain's name server. A Address. Maps a host name to an address. ANY Defines all available resource records for a given name. PTR Pointer. Maps an address to a host name. MX Identifies where to deliver mail for a given domain. CNAME Defines an alias host name. HINFO Host information. Describes a host's hardware and operating system. WKS Well-known service. Advertises network services. [no]debug Turns on debugging (default is nodebug ). nslookup displays detailed information about the packet sent to the server and the answer. For example: > set debug
You can use the abbreviations nodeb and deb .
[no]d2 Returns all-inclusive debugging information (default is nod2 ). Displays all the fields of every packet. For example: > set d2
recurse Tells the BIND server to contact other servers if it does not have the information you want. The servers carry out a complete (recursive) resolution for each query. For example: > set recurse
retry Number of times that nslookup attempts to contact a BIND server if repeated tries fail. For example: > set retry=8
timeout Length of time to wait for a reply from each attempt. For example: > set timeout=9
root= value Changes the root server. For example, the following command changes the root server to ns.nasa.gov . > set root=ns.nasa.gov
ignoretc Tells nslookup to ignore packet truncation errors. For example: > set ignoretc
domain name Changes the default domain to the domain you specify.
The settings of the defname and search options control how the default domain name is appended to lookup requests. The domain search list contains the parents of the default domain if the default domain has at least two components in its name.
The default value is set in the TCP/IP configuration database. To specify the default, type the abbreviation do .
For example, if the default domain is CC.Berkeley.EDU , the search list is CC.Berkeley.EDU and Berkeley.EDU.srchlist If set, nslookup appends each of the domain names specified in the srchlist option to an unqualified host name and performs a query until an answer is received. srchlist= names Changes the default domain name to the first name you specify, and changes the domain search list to all the names you specify. Specify a maximum of six names separated by slashes (/).
In the following example, the command sets the default domain to lcs.MIT.EDU and changes the search list to the three specified domains. The command overrides the default domain name and associated search list for the set domain command.> set srchlist=lcs.MIT.EDU/ai.MIT.EDU/MIT.EDU
The default is the domain name specified in the TCP/IP configuration database. The abbreviated form of the command is srchl .[no]defname Tells nslookup to append a default domain name to a lookup request if the specified DNS name is not fully qualified. 1 The abbreviated form is [no]def .
For example, an nslookup query for the host rainy becomes rainy.cc.berkeley.edu .[no]search Tells nslookup to append the search list domain names to the lookup request domain name if the lookup request domain name is not fully qualified. 1 The default is search . The abbreviated form is [no]sea .
The following example shows how to use nslookup interactively.
| #1 |
|---|
$ nslookup
Default Server: condor.lgk.dec.com
Address: 16.99.208.53
> set all
Default Server: condor.lgk.dec.com
Address: 16.99.208.53
Set options:
nodebug defname search recurse
nod2 novc noignoretc port=53
querytype=A class=IN timeout=4 retry=4
root=a.root-servers.net.
domain=xyz.prq.dec.com
srchlist=xyz.prq.dec.com
|
Send ICMP ECHO_REQUEST packets to network hosts.
ping [-dfnqruvR] -c count [-i wait] [-l preload] [-p pattern] [-s packetsize] host
The ping command uses the ICMP (Internet Control Message Protocol) mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE message from the specified host or gateway host. ECHO_REQUEST datagrams ( ping ) have an IP (Internet Protocol) and ICMP header, followed by a struct timeval and then an arbitrary number of pad bytes used to fill out the packet.When using ping for fault isolation, first run the command on the local host to verify that the local network interface is up and running. Then, hosts and gateways further and further away should be sent the ping command. Round-trip times and packet loss statistics are computed. If duplicate packets are received, they are not included in the packet loss calculations, although the round-trip time of these packets is used in calculating the minimum, average, and maximum round-trip time numbers. When the specified number of packets have been sent (and received), or if the program is terminated with a SIGINT, a brief summary is displayed.
This program is intended for use in network testing, measurement, and management. Because of the load it can impose on the network, it is unwise to use ping during normal operations or from automated scripts.
ICMP packet details
An IP header without options is 20 bytes. An ICMP ECHO_REQUEST packet contains an additional 8 bytes worth of ICMP header followed by an arbitrary amount of data. When a packetsize is given, this indicates the size of this extra piece of data (the default is 56). Thus, the amount of data received inside of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space (the ICMP header).
If the data space is at least 8 bytes large, ping uses the first 8 bytes of this space to include a timestamp, which it uses in the computation of round-trip times. If less than 8 bytes of pad are specified, no round-trip times are given.
Duplicate and damaged packets
The ping command will report duplicate and damaged packets. Duplicate packets should never occur, and seem to be caused by inappropriate link-level retransmissions. Duplicates can occur in many situations and are rarely (if ever) a good sign, although the presence of low levels of duplicates can not always be cause for alarm.
Damaged packets are obviously serious cause for alarm and often indicate broken hardware somewhere in the ping packet's path (in the network or in the hosts).
Different data patterns
The network layer should never treat packets differently depending on the data contained in the data portion. Unfortunately, data-dependent problems have been known to invade networks and remain undetected for long periods of time. In many cases the problematic pattern does not have sufficient transitions, such as all ones (1) or all zeros (0), or has a pattern at the right, such as almost all zeros (0). It is not necessarily enough to specify a data pattern of all zeros on the command line because the problematic pattern of interest is at the data-link level, and the relationship between what you enter and what the controllers transmit can be complicated.
Data-dependent problems can be identified only by extensive testing. If you are lucky, you can manage to find a file that either cannot be sent across your network or that takes much longer to transfer than other files of similar length. You can then examine this file for repeated patterns that you can test by using the -p option to the ping command.
TTL details
The TTL value of an IP packet represents the maximum number of IP routers that the packet can go through before being thrown away. You can expect each router in the Internet to decrement the TTL field by exactly one.
The maximum possible value of this field is 255, and most UNIX compatible systems set the TTL field of ICMP ECHO_REQUEST packets to 255. This is why you can use the ping command on some hosts but not reach them with TELNET or FTP .
In normal operation, ping displays the TTL value from the packet it receives. When a remote system receives a ping packet, it can do one of three things with the TTL field in response:
- Not change the field. This is what Berkeley UNIX compatible systems did before BSD Version 4.3. In this case, the TTL value in the received packet will be 255 minus the number of routers in the round-trip path.
- Set the field to 255. This is what current Berkeley UNIX compatible systems do. In this case, the TTL value in the received packet will be 255 minus the number of routers in the path from the remote system to the host that received the ping commands.
- Set the field to some other value. Some machines use the same value for ICMP packets that they use for TCP packets; for example, either 30 or 60. Others may use completely wild values.
Many hosts and gateways ignore the RECORD_ROUTE option.Flooding and preloading the ping command is generally not recommended, and flooding ping messages on the broadcast address should be done only under very controlled conditions.
-c count
Stops after sending (and receiving) the specified number (count) of ECHO_RESPONSE packets.-d
Sets the SO_DEBUG option on the socket being used.-f
Floods ping . Outputs packets as fast as they come back or 100 times per second, whichever is more. For every ECHO_REQUEST sent, a dot (.) is displayed, while for every ECHO_REPLY received a backspace is used. This provides a rapid display of how many packets are being dropped. You must have system privileges to use this option. Using the -f flag can be very hard on a network and should be used with caution.-i wait
Waits the specified number of seconds between sending each packet. The default is to wait for 1 second between each packet. This option is incompatible with the -f option.-l preload
If preload is specified, ping sends that many packets as fast as possible before falling into its normal mode of behavior. You must have system privileges to use this option. Using the -l option can be very hard on a network and should be used with caution.-n
Numeric output only. No attempt is made to look up symbolic names for host addresses. This occurs only when displaying ICMP packets other than ECHO_RESPONSE.-p pattern
Specifies up to 16 pad bytes to fill out the packet you send. This is useful for diagnosing data-dependent problems in a network. For example, -p ff will cause the sent packet to be filled with all ones (1).-q
Suppresses output. Nothing is displayed except the summary lines at startup time and at completion.-R
Records route. Includes the RECORD_ROUTE option in the ECHO_REQUEST packet and displays the route buffer on returned packets. Note that the IP header is large enough for only nine such routes. Many hosts ignore or discard this option.-r
Bypasses the normal routing tables and sends directly to a host on an attached network. If the host is not on a directly attached network, an error is returned. This option can be used to send ping to a local host through an interface that has no route through it (for example, after the interface was dropped by ROUTED).-s packetsize
Specifies the number of data bytes to be sent. The default is 56, which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP header data.-u
Displays the time in microseconds (three decimal places). In order to ensure this microsecond precision, the NTP_TIME and MICRO_TIME kernel options must be on. By default, NTP_TIME and MICRO_TIME kernel options are off. If these kernel options are off and this flag is used, the time is displayed to three decimal places, but in milliseconds.-v
Specifies detailed output. ICMP packets other than ECHO_RESPONSE that are received are listed.
The following example shows how to use the ping command.
| #1 |
|---|
TCPIP> ping
PING rufus.lkg.dec.com (10.10.2.4): 56 data bytes
64 bytes from 10.10.2.4: icmp_seq=0 ttl=64 time=30 ms
64 bytes from 10.10.2.4: icmp_seq=1 ttl=64 time=0 ms
64 bytes from 10.10.2.4: icmp_seq=2 ttl=64 time=0 ms
64 bytes from 10.10.2.4: icmp_seq=3 ttl=64 time=0 ms
----rufus.lkg.dec.com PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/8/30 ms
|
| Previous | Next | Contents | Index |