TL;DR

The most commonly used tools are ping and nslookup.

1. ping: Tests basic network connectivity. Pong!

2. nslookup: Checks if DNS is correctly set up, checking if a domain is reachable from your location

3. If you're not feeling overwhelmed yet.. 👇👇

Overall Table

OSI Layer Reference:

1. OSI 7: Application Layer (Note: In TCP/IP, layers 5, 6, and 7 are combined)

2. OSI 4: Transport Layer

3. OSI 3: Network Layer

dig

"Go Deeper!" - dig provides detailed DNS information.

dig can query specific record types: TXT, A, etc. dig soa.yourdomain.com

$  dig sub.yourdomain.com 

; <<>> DiG 9.10.6 <<>> sub.yourdomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43138
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;sub.yourdomain.com.		IN	A

;; ANSWER SECTION:
sub.yourdomain.com.	60	IN	A	13.35.7.119
sub.yourdomain.com.	60	IN	A	13.35.7.54
sub.yourdomain.com.	60	IN	A	13.35.7.39
sub.yourdomain.com.	60	IN	A	13.35.7.51

;; Query time: 20 msec
;; SERVER: 2001:b000:168::1#53(2001:b000:168::1)
;; WHEN: Sun Sep 22 19:19:33 CST 2024
;; MSG SIZE  rcvd: 109

dig +trace

Adding +trace to the dig command shows the full DNS resolution path from root servers to the final answer:

1. .

2. com.

3. yordomain.com.

4. sub.yourdomain.com.

$  dig +trace sub.yourdomain.com
# [Output truncated for brevity]

nslookup/host

1. host is essentially a simplified version of nslookup.

2. nslookup can query specific record types: TXT, A, etc.

$  nslookup sub.yourdomain.com
# [Output shows IP addresses]

$  nslookup -type=ns sub.yourdomain.com
# [Output shows nameservers]

host

The host command provides a quick way to perform DNS lookups:

$  host sub.yourdomain.com                                                                               on  main
# [Output shows IP addresses]

telnet/ssh

• ssh: Provides secure access to a remote host shell, e.g., to set up nginx on an EC2 instance.

• telnet: Insecure, uses plain text (not recommended).

• Both require the target system to allow incoming connections.

chmod 400 ~/Downloads/[your-ssh.pem]

# using a key to ssh your instance
ssh -i ~/[your-ssh.pem] ec2-user@[ec2.dns]

# just going to your instance
telnet [ec2.dns]

ping

A normally functioning server should respond to ping requests. However, ping may be unreliable due to:

1. Security measures: Security groups or NACLs might block ICMP traffic.

2. Low priority: ICMP traffic often has lower priority than other types of network traffic.

Despite these limitations, ping remains a commonly used tool for basic connectivity tests.

traceroute (hop, hop, hop…)

tracking the path a packet takes from your computer to a destination host. It works by sending packets with incrementally increasing Time To Live (TTL) values, revealing each router (hop) along the path.

traceroute google.com

dscacheutil

1. Returns your local DNS cache. For hosted websites, it may return the Name servers registered in your DNS backend.

2. For services like AWS, it may return associated A records (after passing through Cloudfront).

 $  sudo dscacheutil -q host -a name aws.yourdomain.com
# [Output shows IP addresses, maybe also ipv6's]

$  sudo dscacheutil -q host -a name mysubpage.yourdomain.com
# [Output shows IP addresses]

netcat/nc

Netcat is a versatile networking utility:

# Expose your port 5000 at 192.168.0.x
nc -l 5000

# Access from another device
nc 192.168.0.x 5000

# Now the other device can send data to the listening device

netstat

Netstat provides various network-related information

1. you want you

# output every 5 seconds
netstat -c 5

# List your Network Interface Controllers (NICs)
netstat -i

# Check if anything is listening on port 3000
$  netstat -ant | grep 3000
# tcp46      0      0  *.3000                 *.*                    LISTEN

# Count "established" connections
netstat -ant | grep ESTABLISHED | wc -l

curl

Client URL

// too common

Refer to online documentation for specific usage examples.

All about DNS

• dscacheutil: local DNS cache

• host: simple DNS

• nslookup

• dig: detailed DNS

traceroute Issues

If traceroute stops before reaching the destination, possible reasons include:

• Routers configured not to respond to traceroute requests

• Firewalls blocking responses

• Network congestion or packet loss

$  traceroute aws.yourdomain.com                                                                    on  main
# [Output shows the route taken to reach the destination]

DNS TTL (Time To Live)

Different levels of domains often have different TTL values. Generally, TTL increases as you move towards the root, but this isn't a strict rule. Each level's TTL operates independently.

For services like AWS CloudFront, "invalidation" is used to force edge locations to delete cached copies, allowing for quick updates.

Multiple DNS Query Results

When a DNS query returns multiple results, it often indicates:

1. The website is hosted, and the results point to the name servers configured in your DNS backend. Maybe the domain is using round-robin DNS or load balancing techniques.

 $  sudo dscacheutil -q host -a name google.com
ipv6_address: 2404:6800:4012:5::200e

name: google.com
ip_address: 172.217.163.46 # only one here


 $  sudo dscacheutil -q host -a name yourdomain.com                                                  on  main
name: yourdomain.com
ip_address: 185.199.110.153 # many here
ip_address: 185.199.111.153
ip_address: 185.199.109.153
ip_address: 185.199.108.153

Chrome-specific DNS Caching

Chrome may continue to access a website even after DNS settings have been removed, while other browsers show the DNS failure. This is due to Chrome's aggressive caching mechanisms.

// TBD 🤔

References

https://study-ccna.com/telnet-ssh/

https://stackoverflow.com/questions/59615814/how-to-list-all-processes-services-running-on-different-ports

https://repost.aws/questions/QUTZ-MGNKRSCG3KOeH2qqyFg/how-do-you-create-a-instance-that-allows-telnet