Check and verification tools |
There are several check and verification tools on the net. For example you can check the network status, you can check whether a host is working or it is down, you can know information about a registered domain, you can know information about a registered user, and so on. Let's see these tools.WhoisBefore talking about WHOIS, you have to know more about the domain name system. Ok, first of all you have to know that any machine on the net has its own address to be reached from another machine. That address is called IP (Internet Protocol) address. The IP address is something like this: 123.123.123.123. In other words a set of 4 numbers separated by dots. Any computer is reachable by means of the IP address. The main problem is: you can't remember IP addresses, so an alternative system is needed. For this reason IP addresses are translated into more intelligible text strings, such as cs.yale.edu or sun.com. For example, cs.yale.edu means: Computer-Science.YALE.EDUcational or, in other words, the computer science department of the Yale university. At the age of ARPANET there was just one file called 'host.txt' where all IP addresses (with their names) were listed. Every night all computers connected to the net would fetch it from the site where it was kept. Little by little the number of the connected hosts increased, so the size of that file became too large, and such system became really inefficient. For this reason, the DNS (Domain Name System) was invented. The Domain Name System (defined in RFCs 1034 and 1035) is a hierarchical domain-based structure. According to the Domain Name System, the Internet is divided into several pieces called domains. There are top-level domains and subdomains. Each domain cover many hosts. There are 2 types of top-level domains: generic and countries. The generic domains are com (commercial), edu (educational institution), gov (the U.S. federal government), int (international institutions), mil (military institutions), net (network institutions) and org (nonprofit organizations). The country domains are one for each country (for example UK stands for United Kingdom, CA stands for Canada, AU stands for Australia and so on) as defined in ISO 3166. Each top-level domain is divided into several subdomains. For example the edu domain covers all educational institutions and it has to know all universities (Yale, Utah, Ucla and so on). In other words each domain control its own subdomains (for example UK and JP have 2 typical subdomain: AC and CO which mean respectively ACademic and COmmercial). Each domain has a particular computer named DNS (Domain Name Server). Do not be confused between 'system' and 'server'. This server holds a table containing all IP addresses and domain names belonging to its domain. Ok, now you know more about domains (therefore you know more about URLs). Well, there is an organization who holds a database containing all registered domains in all over the world. This organization is called INTERNIC. You can query its database by means of WHOIS. There are several organizations running their whois databases, but the Internic is the main database. In other words any company or institution or organization who wants to have its own domain, has to register it to the Internic. If you want to try this service look at: http://ds.internic.com or at http://rs.internic.com. However there are many whois server, for example there is an European whois database at RIPE (Reseaux IP Europeans, Amsterdam), you can find it at: http://whois.ripe.net. As I said, there are many organizations running their own databases. For this reason if you are searching for James Kirk, you could find several James Kirk querying the Internic database or even you could find nothing. For example the company xyz could have its own whois database and you could find James Kirk there. You can use the whois command via telnet (telnetting to a host offering the whois service) or querying the Internic's whois database via web or you could query the Internic database via e-mail, sending an e-mail to mailserv@ds.internic.net (just put your query into the body of the message, for example: whois James Kirk. If you send an email with 'whois help' as text, you will receive a list of commands allowed). You can search for domain, host, network, name and mailbox. You have to specify a keyword: do (domain), ho (host), ne (network), pe (name), user_name@ or @host_name (mailbox). If you are using telnet remember that usually whois server listen the port number 43. For example, suppose you want to query the Indiana university whois database. You have to connect to its whois server via telnet: telnet indiana.edu 43 Finally you can use a client to query a whois database. A great freeware program is 'Cyberkit' by Luc Neijens. Look at http://www.ping.be/cyberkit/index.html. FingerFINGER allows you to find information about people or hosts. You can use FINGER via telnet, via web gateway, via email or, of course, on Unix systems just typing 'finger'. You can type: finger user_name or finger email_address. If you want to use a web interface, you can look at http://www.ecl.wustl.edu/bin/share/finger. If you want to use the finger command via email, you can send a message to b.liddicott@ic.ac.uk with PingPing is helpful for testing, measuring, and managing networks. Ping send a packet and wait for its return. Ping is used by network administrator for diagnostic problems. So if you aren't a network administrator, you shouldn't use it. However ping is helpful to verify wheter a host is working. Usually ping send 3 packets. If you want to try ping you have several possibilities: if you are using Windows95, just open a MS-Dos window (Start/Programs/MS-DOS Prompt) then type 'ping host_name' (where host_name is the name of host you want to check to). If you type 'ping' you will get somethink like this: C:\WINDOWS>ping TracerouteFirst of all you have to know that all data sent or received on the Internet are just little pieces of the original data. For example, when you visit a site, you are retrieving a web page. The server of that site, receive your request and send the web page to you. However you won't receive the whole page in one go, in fact the web page will be divided into little pieces called packets. Well, these packets reach you traveling through the net and they pass through several computers along their own way. Each packet is like a letter: it has a sender and a recipient. Computers connected to the Internet use a technique called 'packet switching' to transfer packets from one computer to another computer. This technique is used by the IP protocol. The packet is handled as a 'hot potato': the sending computer (e.g., the server of the site you are visiting) send it to the nearest computer. The nearest computer receive the packet and look at the recipient address. If it is the recipient of that packet, ok, no problem, otherwise it send it again to its nearest computer. The nearest computer receive the packet and look at the recipient address and so on, until the packet reaches the real recipient. For example, suppose you are located in London, and you want to retrieve a web page of a site located in France. Well that page will pass through computers located in several countries before reaching you. For example it could pass through Canada, Texas, Island, Portugal, Spain and finally France. Ok, this 'path' is quite improbable, but you can never know where 'your page' will pass through. Besides if some computers along this path are down, the 'web page' will have to choose another path. You can't know that. If you are lucky your page will cross only two countries: France and England. On the other hand, if you are not lucky, your page will pass through several countries. Obviously it depends of course, by the topology of the net. Furthermore, some computers can be busy or crowded so they will take a while to reply. For this reason someone invented the Traceroute program. Traceroute is a tool helpful to check the 'path' that one packet follows. You can use traceroute to discover the path and most of all, you can see *how long* it takes to reach you. Ok, now we can see how traceroute works. Each IP packet contains a field named TTL (Time To Live) which contains a value from 0 to 255. Each router (machine) receiving the packet look at that value and subtract 1 from it. This happens until the contents of the TTL field reaches the value 0 or 1. When the TTL field reaches 0, the router *kills* it! Such mechanism is needed, otherwise a packet could travel forever because it can't find 'its' recipient. When the router kills the packet, it send back a control message called ICMP (Internet Control Message Protocol) containing a message of Time Exceeded In Transit to the host which sent the packet. Well, when traceroute send a packet (usually it send 3 packets) the first time it sets the TTL value to 1. So, when the packet reaches the first router, it subtracts 1 from the TTL value which reaches 0, kills the packet and send back an ICMP message. Oh, traceroute writes a timestamp value into the packet before sending it. When the receiving router send back the ICMP message, it writes that timestamp into the message. At this point, when traceroute receive the ICMP message it compute a difference between the timestamp information sent (found into the ICMP message) and the time the ICMP packet was received. The result is called round trip transit time (computed in milliseconds). Now traceroute sets the TTL value to 2 and sends another packet. But now the first router look at the TTL value, subtract 1 from it and forwards the packet (in fact 2-1=1). The second router now kills the packet (because 1-1=0). So the second router send back an ICMP message. Next time traceroute set the TTL value to 3 and this cycle go on until the packet reaches the recipient host (its address is written into the packet). When the packet reaches the final host, a strange thing happens: that host discover an incredible port number: 33,434! It can't reach that port, because it doesn't exist! Real port number are 21, 25 or 80. So it send back an ICMP message containing 'Port Unreachable'. Traceroute read this and display 'trace complete'. If you want to try traceroute you have several possibilities: if you are using Windows95, just open a MS-Dos window (Start/Programs/MS-DOS Prompt) then type 'tracert' (notice, 'tracert' and not 'traceroute'). So you will get somethink like this: C:\WINDOWS>tracert However, you should type 'tracert domain_name' (so you will see what path your data follow. Domain_name is a domain name, but you can also use an IP adress). If you don't use Windows95, you could use one of several web sites offering traceroute. If you are using Unix or Linux, just type 'traceroute domain_name' (notice, here you have to type 'traceroute' and not 'tracert'). By means of traceroute you can get some indication of how busy the Internet is, simply looking at roundtrip times. Remember that you can trace the route *your* packets follow, but you can't trace the reverse path. In fact packet sent by you follow one path, while packets sent back by the site you are visiting can follow a very different path. For this reason some site offering traceroute service allow you to perform traceroute in both of way. Besides you can use some options. For example, if you are on Windows95 you can use the -J option (on Unix is '-g') to enter up to 9 intermediate routers to 'define a path' through the net: tracert -J 123.123.123.123 111.10.1.124 In the above example, you are tracing the route between the router 123.123.123.123 and the router 111.10.1.124. Look at this list of sites offering the traceroute service. You can also use my 'meta-traceroute' to launch up to 6 traceroute for the same host. Documentation:
|
Index Home Back About Contact us!
Copyright (c) 1998-2006 Wowarea