Netstat command introduction

Netstat Command Overview:

Netstat is a very useful tool for monitoring TCP/IP networks, which can display routing tables, actual TCP network connections, TCP and UDP snooping, process memory management, and status information for each network interface device. The netstat is used to display statistics related to IP, TCP, UDP, and ICMP protocols, and is typically used to verify the network connectivity of each port on the machine, letting users know which network connections are in operation.

If your computer sometimes receives data packets that cause error data or failures, you don't have to be surprised that TCP/IP can tolerate these types of errors and be able to automatically re-send packets. But if the cumulative number of errors accounts for a significant percentage of the IP datagram received, or if its number is increasing rapidly, then you should use Netstat to find out why these situations occur.

Nslookup Interactive mode:

Nslookup subcommand:

• NAME: Print information about the default server's host/domain name;
• NAME1 NAME2: ibid., but will NAME2 as a server;
• Help or? : print information about commonly used commands;
• Set All: lists the current setting values for the common options of the Nslookup tool;
• Set debug: open Debug mode, the full response package and the interaction package are displayed during the query; default is Nodebug (off)
• set D2: turns on advanced debug mode, which outputs a lot of information about the internal work of Nslookup, including many function call information. Default value is NOD2 (off)
• set Defname: attaches the domain name to each query (appends the default domain name to a single component of the query request (without a period request), and the default value is Defname (append) to append the default domain Name System (DNS) domain name to a single components lookup request. A single component refers to a component that does not contain any composite. ）
• set Recurse: queries the recursive response of the query (notifies the name server to query other servers if there is no information.) Default value is Recurse)
• set Serach: appends the Domain Name System (DNS domain name) in the DNS domain search list to the request until an answer is received. The command applies to the following scenarios:
  • When the set and find request contains at least one period, but not at the end of the tracking period. If set search is in place, when the query string contains only a period, and the end is not a period, Nslookup appends the domain set field to the tail of the query string to try the query;
• Set VC: sending requests to the server always uses the virtual circuit. The default value is NOVC (no virtual circuit).
• Set Domain=name: Set the default domain name to name (for not including ".") Query request, it will automatically trace this field at the tail end). The Default domain name is appended to the query request, depending on the status of the Defname and search options. If the search list contains at least two parts of its name, the domain search list contains the parent domain of the default domain.
• Set srchlist=name1/name2/... : Change the Default domain name to the value specified by the Name1 parameter, and change the domain search list to Name1, Name2 ... The name specified by the parameter. You can specify the maximum value of six names that are separated by a slash. Use the set all command to display a list of names. The default value is the value specified in the system's hostname,/etc/resolv.conf, or localdomain files. Note: This command overrides the search list for the default domain name and set domain command options.
• Set root=name: Sets the root server to NAME, and the default value is Ns.nic.ddn.mil.
• Set retry=x: Sets the retry count to X (when the requested answer is not received within the timeframe specified by the set timeout command, the timeout period is doubled and the request is resent.) This subcommand controls the number of times a request is sent before timing out. The default value is 4. ）
• Set timeout=x: Sets the initial time-out interval to X seconds, and the default value is 5 seconds.
• Set type=x: Sets the default value for the query type (such as a, AAAA, a+aaaa, Any, CNAME, MX, NS, PTR, SOA, and SRV) is a.
• set class= "X": Change the query class, which specifies the protocol group for the information. Different classes set different protocol families. In :Internet Class (default),CH:Chaos class,HS:Hesiod class, any specifies any wildcard characters previously listed. Generally we use in for the longest . Hesiod was used only in m.i.t (Massachusetts Institute of Technology, MIT), and is now even used by no one. And chaos is almost extinct, once bind set with Chaos to help check version number information.
• set MSXFR: use MS Fast zone transfer.
• set Ixfrver=x: The current version for IXFR transfer request;
• Set port = X: The default service port for DNS is 53, which can be used when certain special circumstances require this port to be changed;
• server name: changes the default server to the specified domain Name System (DNS) domain, using the current default server;
• lserver Name: Sets the default server to name, using the initial server;
• Root: Change the default server to the root server for the domain Name System (DNS) domain name space (typically using the Ns.nic.ddn.mil name server. This command is synonymous with lserver ns.nic.ddn.mil. You can use the set root command to change the root server name).
• View file: sort the LS output file and use PG to view it;
• Set [No]ignore: ignores packet truncation errors;
• set querytype=x: same as type=x, case insensitive.

A	Host's Internet address (IPV4)
Aaaa	Host's Internet address (IPV6)
Adsdb	Andrew File system database server records
ATMA	Atma Address record
Any	Set the query criteria for all types of records.
CNAME	Official name corresponding to the alias
HINFO	The host CPU and operating system (the RFC-1700 reserved string type that describes the CPU type and operating system type that is mapped to a specific DNS host name, this information can be used by the application communication protocol. )
Isdn	ISDN number for the domain name
KEY	Security key Record
MINFO	Mailbox or mailing list information
MG	Mailing Group Records
MR	Renamed Mailbox Records
MB	The server that holds the specified mailbox
Mx	Mail Exchanger Information
Ns	Named server for the specified zone
Ptr	If you are querying the Internet address, point to the host name; otherwise, point to other information
Sig	Signature record
Rp	Domain Owner Information
Soa	Start-of-authority Information for a domain
Txt	Text information
Uinfo	User Information
SRV	TCP Server information logging
WKS	Support for well-known services
X25	X. Address records corresponding to the domain name

• ls:  {ls [opt] DOMAIN [> FILE] | ls [opt] DOMAIN [> >file]}; Lists the available information for the specified DOMAIN, optionally creating or appending output to the file specified by the FileName parameter. The default output contains host names and their Internet addresses, listing addresses in domain (Optional: output to file)

-T QueryType	Lists all records of the specified type. For specific meanings of querytype, see "12.3.3.5.14, set Querytype=x"
-A	List canonical names and aliases
-D	List all records
-H	List CPU and operating system information in the domain (synonymous with the-t HINFO option)
-S	List the well-known host services in the domain (synonymous with the-t WKS option)

Nslookup Interactive Mode example:

1. Resolve the domain name to an IP address:

Nslookup Enter set qt=a enter the domain name to resolve

2. Reverse the "IP address" to "Domain name"

Nslookup Enter set qt=ptr enter the IP address to resolve note: qt must be lowercase

3. Query directly from another name server

To query another name server directly, use the server or lserver command to switch to that name server. The lserver command uses the local server to obtain the address of the switch destination server, and the server command uses the current default server to obtain the address.

4. Use Nslookup to transfer entire area

By using the LS command, the Nslookup can be used to transfer the entire region. This is useful if you want to view all hosts in the remote domain. The syntax for the LS command is as follows:

ls [-a | d | t type] domain [> filename]

Using the LS command without parameters will return a list of all address and name server data. The-a switch returns the alias and canonical name, and-D returns all data, and-T is filtered by type.

Zones can be transferred by block in a DNS server so that only authorized addresses and networks can perform this operation. If zone security is set, the following error is returned:

Can ' t list domain Example.com.:query refused

5. List the current setting values for the common options for the Nslookup tool;

6, enter the debug mode, the query process will show the full response package and the interaction package;

Set Nodebug

Set Debug

7, turn on advanced debugging mode, will output many nslookup internal work information, including many function call information.

8. Modify the Default domain name to 8.8.8.8

Restore default settings for domain names: set domain=.

9. Change the default server to the specified domain Name System (DNS) domain, using the current default server.

Nslookup Non-interactive mode:

  Non-interactive mode is useful for finding only one piece of data. The syntax is as follows:

nslookup [-option] [hostname] [Server]

• Option: Specify one or more nslookup subcommands as command-line options; note: The "-" between subcommands must exist and be separated by "" (space).

C:\Windows\system32>nslookup -qt=A -timeout=7 www.baidu.com
Server: djins
Address: 10.15.1.41

Non-authoritative response:
Name: www.a.shifen.com
Addresses: 14.215.177.39
           14.215.177.38
Aliases: www.baidu.com

C:\Windows\system32>

• Hostname: If no other server is specified, the current default DNS name server is used to consult the Hostname information. To find computers that are not in the current DNS domain, attach a period to the name.
• Server: Type the DNS server name or address, if default server is used by default

Nslookup Non-interactive mode example:

1. Resolve the domain name to an IP address

Nslookup   -qt=a domain Nslookup   domain name specifies the DNS server address for Domain name resolution

2. Reverse the "IP address" to "Domain name"

Nslookup–qt=ptr  IP Address

3, query the mail server information: The domain administrator sometimes want to view the domain mail server information, you can use the following command

4. View the named server ns: NS is a domain name corresponding to multiple servers, which server to the domain name and sub-records to parse.

5. Check the cache time of the domain name

nslookup-d[other parameters] target domain name

We ignore the other, see got answer a few lines later, including a TTL value. This value is the lifetime of the domain name record.

6. Resolve the domain name, and set the timeout to 10s, and turn on advanced debugging information

NSLOOKUP-QT=A-TIMEOUT=10-D2  Domain Name

7. Change the default query type to host information (HINFO) and initialize the timeout time to 10S

nslookup-query=hinfo-timeout=10

8. Set the domain and search list to three names, LCS. mit.edu, Ai. Mit.edu and mit.edu

Nslookup -set srchlist=lcs.MIT.EDU/ai.MIT.EDU/MIT.EDU
# This command overrides the search list of the default domain name and the set domain command. Use the set all command to display the list.

9. Determine if the name specifies a host, domain, or other entity

Nslookup -querytype=ANY austin.ibm.com
The nslookup command returns all available information about the name austin.ibm.com, including the permission statement (SOA), name server, mail exchanger, and host Internet address information, as follows:
C:\Windows\system32>nslookup -querytype=ANY austin.ibm.com
Server: djins
Address: 10.15.1.41

Non-authoritative response:
Austin.ibm.com MX preference = 5, mail exchanger = mx0a-001b2d01.pphosted.com
Austin.ibm.com MX preference = 5, mail exchanger = mx0b-001b2d01.pphosted.com
Austin.ibm.com
        Primary name server = asia3.akam.net
        Responsible mail addr = dnsteam.us.ibm.com
        Serial = 2013120610
        Refresh = 3600 (1 hour)
        Retry = 600 (10 mins)
        Expire = 604800 (7 days)
        Default TTL = 21600 (6 hours)
Austin.ibm.com nameserver = ns1-206.akam.net
Austin.ibm.com nameserver = usc3.akam.net
Austin.ibm.com nameserver = asia3.akam.net
Austin.ibm.com nameserver = eur2.akam.net
Austin.ibm.com nameserver = ns1-99.akam.net
Austin.ibm.com nameserver = eur5.akam.net
Austin.ibm.com nameserver = usc2.akam.net
Austin.ibm.com nameserver = usw2.akam.net

Austin.ibm.com nameserver = usw2.akam.net
Austin.ibm.com nameserver = usc3.akam.net
Austin.ibm.com nameserver = ns1-206.akam.net
Austin.ibm.com nameserver = eur2.akam.net
Austin.ibm.com nameserver = asia3.akam.net
Austin.ibm.com nameserver = usc2.akam.net
Austin.ibm.com nameserver = ns1-99.akam.net
Austin.ibm.com nameserver = eur5.akam.net
Mx0a-001b2d01.pphosted.com internet address = 148.163.156.1
Mx0b-001b2d01.pphosted.com internet address = 148.163.158.5
Ns1-99.akam.net internet address = 193.108.91.99

C:\Windows\system32>

Troubleshooting:

  1. Default Server timeout

# When launching the Nslookup.exe utility, the following error may occur:
*** Can't find server name for address w.x.y.z:Timed out
#Note: w.x.y.z is the first DNS server listed in the DNS service search order list.
*** Can't find server name for address 127.0.0.1: Timed out
#the 1st error indicates that the DNS server could not be connected or the service is not running on this computer. To correct this problem, start the DNS service on this server or check for possible connectivity issues.
#the 2nd error indicates that no servers have been defined in the DNS service search order list. To correct this problem, add the IP address of a valid DNS server to this list.
#For additional information, please see the following Microsoft Knowledge Base article: 172060
#(http://support.microsoft.com/kb/172060/en-us/ )

  2. Server name not found for address 127.0.0.1

Server name not found when starting Nslookup.exe
When launching the Nslookup.exe utility, the following error may occur:
*** Can't find server name for address w.x.y.z:Non-existent domain
This error occurs if there is no PTR record for the name server IP address. When you start Nslookup.exe, it performs a reverse search to get the name of the default server. This error message is returned if there is no PTR data. To correct this problem, make sure there is a reverse lookup zone with a PTR record for the name server.
For additional information, please see the following Microsoft Knowledge Base article: 172953
(http://support.microsoft.com/kb/172953/en-us/ )
How to install and configure a Microsoft DNS server

  3. Nslookup cannot be executed on a subdomain

Nslookup may return the following error when making a query on a subdomain or performing a zone transfer:
*** ns.domain.com can't find child.domain.com.:Non-existent domain
*** Can't list domain child.domain.com.:Non-existent domain
In the DNS Manager, you can add a new domain under the main zone, which creates a subdomain. Creating a subdomain in this way 
does not create a separate db file for that domain, so querying the domain or performing a zone transfer there will generate 
the above error. Running a zone transfer on a parent domain lists both the parent domain and the child domain's data. To resolve 
this issue, create a new primary zone for this subdomain on the DNS server. 

Netstat command introduction