This document provides instructions for using the TRACE.BAT utility to trace network information for a given IP address, hostname, email address, or URL. It runs on Windows 95, 98, and ME and generates a text report with details like IP address, hostname, domain registration, and more. The report is opened automatically in Notepad.
This presentation describes the term firewall and it's concepts and provides basic information about it's unix-based software implementations: ebtables, arptables and iptables. This document is a part of a powerpoint presentation which I also uploaded. Made as a project for university course
This presentation includes basic information related to sockets ,socket-buffer,cliet-server programs and relationship between them
The files included in the ppt for the variables are taken from linux-2.6.10.
In case of any queriers.
contact souravpunoriyar@gmail.com
NAT and firewall presentation - how setup a nice firewallCassiano Campes
This is a presentation I did during my internship @ PARKS in 2014. It shows how to configure NAT & firewall rules using IPTABLES.
I hope this can be useful to somebody in the future.
Netfilter: Making large iptables rulesets scalebrouer
Howto make large iptables firewall rulesets scale under Linux.
Presentation given at OpenSourceDays 2008 (and similar at Netfilter Developers Workshop 2008).
Training on Koha Integrated Library System (ILS)
Organized by BALID
3-7 September 2013
Installation of Koha on Debian
Post Installation of Koha
OPAC Customization
Some Important Commands of Mysql
Prepared By
Nur Ahammad
Junior Assistant Librarian
Independent University, Bangladesh
Overview of RARP, BOOTP, DHCP and PXE protocols for dynamic IP address assignment.
Dynamic IP address assignment to a host (or interface) is a common problem in TCP/IP based networks.
Manual and static assignment of IP addresses does not scale well and becomes a labor intensive task with a growing number of hosts.
An early approach for dynamic IP address assignment was RARP (Reverse ARP) which ran directly on the Ethernet protocol layer.
The many problems of RARP such as the inability to be routed between subnets were solved with BOOTP (Bootstrap Protocol).
BOOTP, however, ended to have its own set of limitations like lack of a lease time for IP addresses.
DHCP (Dynamic Host Configuration Protocol) was therefore defined as an extension to BOOTP.
DHCP is backward compatible with BOOTP thus allowing some degree of interoperability between the 2 protocols.
The state-of-the-art protocol for dynamic IP address assignment is, however, is DHCP.
DHCPv6 is an adaption of DHCP for IPv6 based networks.
This presentation describes the term firewall and it's concepts and provides basic information about it's unix-based software implementations: ebtables, arptables and iptables. This document is a part of a powerpoint presentation which I also uploaded. Made as a project for university course
This presentation includes basic information related to sockets ,socket-buffer,cliet-server programs and relationship between them
The files included in the ppt for the variables are taken from linux-2.6.10.
In case of any queriers.
contact souravpunoriyar@gmail.com
NAT and firewall presentation - how setup a nice firewallCassiano Campes
This is a presentation I did during my internship @ PARKS in 2014. It shows how to configure NAT & firewall rules using IPTABLES.
I hope this can be useful to somebody in the future.
Netfilter: Making large iptables rulesets scalebrouer
Howto make large iptables firewall rulesets scale under Linux.
Presentation given at OpenSourceDays 2008 (and similar at Netfilter Developers Workshop 2008).
Training on Koha Integrated Library System (ILS)
Organized by BALID
3-7 September 2013
Installation of Koha on Debian
Post Installation of Koha
OPAC Customization
Some Important Commands of Mysql
Prepared By
Nur Ahammad
Junior Assistant Librarian
Independent University, Bangladesh
Overview of RARP, BOOTP, DHCP and PXE protocols for dynamic IP address assignment.
Dynamic IP address assignment to a host (or interface) is a common problem in TCP/IP based networks.
Manual and static assignment of IP addresses does not scale well and becomes a labor intensive task with a growing number of hosts.
An early approach for dynamic IP address assignment was RARP (Reverse ARP) which ran directly on the Ethernet protocol layer.
The many problems of RARP such as the inability to be routed between subnets were solved with BOOTP (Bootstrap Protocol).
BOOTP, however, ended to have its own set of limitations like lack of a lease time for IP addresses.
DHCP (Dynamic Host Configuration Protocol) was therefore defined as an extension to BOOTP.
DHCP is backward compatible with BOOTP thus allowing some degree of interoperability between the 2 protocols.
The state-of-the-art protocol for dynamic IP address assignment is, however, is DHCP.
DHCPv6 is an adaption of DHCP for IPv6 based networks.
c bstatC nslookupDefault Server pdc.corp.example.comAdd.pdfannaelctronics
c:\ bstat
C:\\> nslookup
Default Server: pdc.corp.example.com
Address: 192.168.6.13
> server 10.255.255.255
Default Server: dns1.example.com
Address: 10.255.255.255
> set q=mx
> contoso.com.
At a command prompt, type Nslookup, and then press ENTER.
Type server , where IP address is the IP address of your external DNS server.
Type set q=MX, and then press ENTER.
Type , where domain name is the name of an external mail domain, and then press ENTER. The
mail exchanger (MX) resource record for the domain that you entered should be displayed. If the
MX record is not displayed, DNS is not configured to resolve external domain names.
Tracert a command-line utility that you can use to trace the path that an Internet Protocol (IP)
packet takes to its destination C;\\ tracert mediacollege.com Tracing a route to
mediacollege.comToolGeneral Job DescriptionExample CommandExample Specific
DescriptionHostnameHostname is the program that is used to either set or display the current
host, domain or node name of the system. These names are used by many of the networking
programs to identify the machine. The domain name is also used by NIS/YP.C:\\> hostnametype
hostname at the command prompt to see the hostnameIpconfigA console application that
displays all current TCP/IP network configuration values and can modify Dynamic Host
Configuration Protocol DHCP and Domain Name System DNS settings IPCONFIG /all
Display full configuration information Nbtstata diagnostic tool for NetBIOS over TCP/IP.Its
primary design is to help troubleshoot NetBIOS name resolution problems
c:\ bstatDisplay protocol statistics and current TCP/IP connections using NBTNetdiagNetdiag is
a set of pre-defined commands that can be used from the console of the K1000 that can be used
by support and customers to help troubleshoot issues regarding the appliance.netdiag [/q] [/v]
[/l] [/debug] [/d:DomainName] [/fix] [/DcAccountEnum] [/test:TestName] [/skip:TestName]
[/?]/q : Specifies quiet output and displays error only
/v : Specifies verbose output.
/l : Sends the output of the Netdiag results to a Netdiag.log file
/d:domain_name: Used to locate domain controllers in a specified domain
/fix:This parameter detects and correct issues with DNS.
/dcaccountenum: Enumerates the computer accounts of the domain controller
/test: TestName : Specific the test to perform. Types of available tests have been described
above.
/skip: testName : To skip any type of test.Netstata useful tool for checking your network
configuration and activity netstat -a list out all the current connectionsNslookupa network
administration tool for querying the Domain Name System (DNS) to obtain domain name or IP
address mapping or any other specific DNS record
C:\\> nslookup
Default Server: pdc.corp.example.com
Address: 192.168.6.13
> server 10.255.255.255
Default Server: dns1.example.com
Address: 10.255.255.255
> set q=mx
> contoso.com.
At a command prompt, type Nslookup, and then press ENTER.
Type server , where IP address is .
CSS L17 - DOS COMMANDS IN COMPUTER NETWORKINGMarvin Bronoso
CSS L17 - DOS COMMANDS IN COMPUTER NETWORKING
After this learning module the learners will be able to . . .
○ Apply the DOS commands in computer networking
○ Check network connectivity using PING command.
○ Checking the default gateway and IP address
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay using BGP EVPN
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
Arp Dan Ipconfig Syntax
1. ARP.exe
ARP - Address Resolution Protocol
http://www.ss64.com/nt/arp.html
Display and modify the IP-to-Physical address translation tables used by address
resolution protocol.
syntax
View the contents of the local ARP cache table
ARP -a [ip_addr] [-N if_addr]
Add a static Arp entry for frequent accessed hosts
ARP -s ip_addr eth_addr [if_addr]
Delete an entry
ARP -d ip_addr [if_addr]
key
-a Display current ARP entries.
May include more than one network interface.
If ip_addr is specified, the IP and Physical
addresses for only the specified computer are
displayed.
-g Same as -a.
-N if_addr Display the ARP entries for the network interface
specified
by if_addr.
-d ip_addr Delete the host specified by ip_addr.
-d * will delete all hosts.
-s Add the host and associates the Internet address ip_addr
with the Physical address eth_addr. The Physical
address is
given as 6 hexadecimal bytes separated by hyphens. The
entry
is permanent.
eth_addr Specifies a physical address.
if_addr If present, this specifies the Internet address of the
interface whose address translation table should be
modified.
If not present, the first applicable interface will be
used.
If two hosts on the same sub-net cannot ping each other successfully, try running
ARP -a to list the addresses on each computer to see if they have the correct
MAC addresses.
A host's MAC address can be checked using IPCONFIG. If another host with a
duplicate IP address exists on the network, the ARP cache may have had the
MAC address for the other computer placed in it. ARP -d is used to delete an
2. entry that may be incorrect.
Related Commands:
ROUTE - Manipulate network routing tables
Q199773 - Behaviour of Gratuitous ARP
Q140859 - Win NT TCP/IP Routing Basics
Equivalent Linux BASH commands:
IPCONFIG
Configure IP.
syntax
IPCONFIG /all Display full configuration information.
IPCONFIG /release [adapter]
Release the IP address for the specified
adapter.
IPCONFIG /renew [adapter]
Renew the IP address for the specified adapter.
IPCONFIG /flushdns Purge the DNS Resolver cache. ##
IPCONFIG /registerdns Refresh all DHCP leases and re-register DNS
names. ##
IPCONFIG /displaydns Display the contents of the DNS Resolver Cache.
##
IPCONFIG /showclassid adapter
Display all the DHCP class IDs allowed for
adapter. ##
IPCONFIG /setclassid adapter [classid]
Modify the dhcp class id. ##
## = New option in Win 2K/XP
If the Adapter name contains spaces, use quotes: "Adapter Name"
wildcard characters * and ? allowed, see the examples below
The default is to display only the IP address, subnet mask and default gateway
for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
3. For Setclassid, if no ClassId is specified, then the ClassId is removed.
Examples:
> ipconfig ... Show information.
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"
> ipconfig /setclassid "Local Area Connection" TEST
... set the DHCP class ID for the
named adapter to = TEST
"Life is a grand adventure - or it is nothing." - Helen Keller
Related Commands:
BROWSTAT - Get domain, browser and PDC info
NETSTAT - Display networking statistics (TCP/IP)
NETSH - Configure interfaces, routing protocols, filters, routes, RRAS
PATHPING - IP trace utility
PING - Test a network connection
Q192064 - Locate multiple preferred logon servers
Q813878 - How to block specific network protocols and ports.
Q313190 - Use IPSec IP Filter Lists
The Inq/Jon Honeyball - Routing to harden machines against attack
NTFAQ - How to disable automatic private IP addressing (2K and XP)
Equivalent Linux BASH commands:
ping - Test a network connection
trace - Find the IP address of a remote host.
BROWSTAT.exe (Resource Kit)
Get domain, browser and PDC info.
syntax:
BROWSTAT sta : Status Displays Transport,Primary DNS
and Backup DNS servers.
BROWSTAT sta -v domain : Status Display (Verbose): includes
Server OS
and active browsers.
4. BROWSTAT gp Transport Domain : List the PDC name (using NetBIOS)
BROWSTAT gm Transport Domain : List the remote Master Browser
name(using NetBIOS)
BROWSTAT gb Transport : List list of backup DNS Servers
BROWSTAT wfw : List WFW servers that are running
browser.
BROWSTAT sts ServerName : Dump browser statistics
BROWSTAT TICKLE : Force remote master to stop.
BROWSTAT ELECT : Force election on remote domain
The VIEW options below can enumerate all the server services
running across a server or domain:
BROWSTAT vw Transport
BROWSTAT vw Transport domain
BROWSTAT vw Transport Server
BROWSTAT vw Transport Server /DOMAIN DomainToQuery
In the list displays, the following flags are used:
W = Workstation NT = Windows NT
S = Server W95 = Windows95
SQL = SQLServer WFW = WindowsForWorkgroups
SS = StandardServer MFPN= MS Netware
PDC = PrimaryDomainController NV = Novell
BDC = BackupDomainController XN = Xenix
TS=TimeSource
MBC=MemberServer
PQ=PrintServer
DL=DialinServer
AFP=AFPServer
OSF=OSFServer
VMS=VMSServer
PBR=PotentialBrowser
BBR=BackupBrowser,
MBR=MasterBrowser
DMB=DomainMasterBrowser
DFS=DistributedFileSystem
A mission statement is defined as "a long awkward sentence that demonstrates
management's inability to think clearly." All good companies have one. - Scott
Adams The Dilbert Principle, 1996
Related Commands:
Q188305 - Troubleshooting the Browser Service
DNSSTAT - DNS Statistics
NETSTAT - Display networking statistics (TCP/IP)
SETPRFDC - Set preferred Domain Controller
5. Equivalent Linux BASH commands:
NETSH (Win2k Resource Kit, standard command in
XP)
Configure interfaces, routing protocols, filters, routes, RRAS, .
syntax
NETSH [-r router name] [-a AliasFile] [-c Context] [Command | -f
ScriptFile]
key
context may be any of:
DHCP, ip, ipx, netbeui, ras, routing,
autodhcp, dnsproxy, igmp, mib, nat, ospf, relay, rip, wins.
Under Windows XP the available contexts are:
AAAA, DHCP, DIAG, IP, RAS, ROUTING, WINS
To display a list of commands that can be used in a context, type
the
context name followed by a space and a ? at the netsh> command
prompt.
e.g.
netsh> routing ?
command may be any of:
/exec script_file_name
Load the script file and execute commands from it.
/offline
Set the current mode to offline.
changes made in this mode are saved, but require a
"commit"
or "online" command to be set in the router.
/online
Set the current mode to online.
Changes in this mode are immediately reflected in the
router.
/commit Commit any changes made in the offline mode to the
router.
/popd Pop a context from the stack.
/pushd Push current context onto the stack.
/set mode [mode =] online | offline
Set the current mode to online or offline.
6. /abort Discard changes made in offline mode.
/add helper DLL-name
Install the helper .dll file in netsh.exe.
/delete helper .dll file name
Remove the helper .dll file from Netsh.exe.
/show alias list all defined aliases.
/show helper list all top-level helpers.
/show mode show the current mode.
/alias List all aliases.
/alias [alias_name]
Display the string value of the alias.
/alias [alias_name] [string1] [string2 ...]
Set alias_name to the specified strings.
/unalias alias_name
Delete an alias.
/dump - file name
Dump or append configuration to a text file.
/bye Exit NETSH
/exit Exit NETSH
/quit Exit NETSH
/h Display help
/help Display help
/? Display help
"Once you eliminate your #1 problem, #2 gets a promotion" - Gerald Weinberg,
"The Secrets of Consulting"
Related commands:
Q242468 - How to Use the Netsh.exe Tool
Q257748 - Change from Static IP Address to DHCP with NETSH
Q140859 - Win NT TCP/IP Routing Basics
ROUTE - Manipulate network routing tables
Equivalent Linux BASH commands:
route -
PATHPING (Windows 2000 only)
IP trace utility.
syntax
PATHPING [-n] [-h max_hops] [-g host-list] [-p period]
7. [-q num_queries] [-w timeout] [-t] [-R] [-r] target_name
key
-n Don't resolve addresses to hostnames
-h max_hops Max number of hops to search
-g host-list Loose source route along host-list
-p period Wait between pings (milliseconds)
-q num_queries Number of queries per hop
-w timeout Wait timeout for each reply (milliseconds)
-T Test each hop with Layer-2 priority tags
-R Test if each hop is RSVP aware
Related Commands:
BROWSTAT - Get domain, browser and PDC info
IPCONFIG - IP Configuration
NETSTAT - Display networking statistics (TCP/IP)
PING - Test a network connection
TRACERT - Trace route to a remote host
Equivalent Linux BASH commands:
ping - Test a network connection
trace - Find the IP address of a remote host.
TRACERT
Trace Route - Find the IP address of any remote host. TRACERT is useful for
troubleshooting large networks where several paths can be taken to arrive at the
same point, or where many intermediate systems (routers or bridges) are
involved.
syntax
TRACERT [options] target_name
key
target_name The HTTP or UNC name of the host
Options:
-d Do not resolve addresses to hostnames.
(avoids performing a DNS lookup)
-h max_hops Maximum number of hops to search for target.
-j host-list Trace route along given host-list.
-w timeout Wait timeout milliseconds for each reply.
The functionality of TRACERT is the same under all versions of windows but the
output is cosmetically improved under XP.
Tracert uses the IP TTL field and ICMP error messages to determine the route
from one host to another through a network. However, care must be taken when
8. using this utility as it shows the optimal route, not necessarily the actual route. To
be accurate, it is possible to ping from a UNIX machine back to the PC using the
-R option to record the route taken - but only if the particular network devices
support it.
Examples
TRACERT www.doubleclick.net
TRACERT 123.45.67.89
TRACERT local_server
Get your kicks on ROUTE 66 - Jack Kerouac.
Related Commands:
NSLOOKUP - Name server lookup
PING - Test a network connection
PATHPING - Route Tracing tool (Windows 2000)
ROUTE - Manipulate network routing tables
Q162326 - Using TRACERT to Troubleshoot TCP/IP Problems
tip 4723 - A better description from JSIinc
TRACE.BAT - handy report on any given Internet address
tracert.com - trace routes from remote locations
Equivalent Linux BASH commands:
trace - Find the IP address of a remote host.
ROUTE.exe
Manipulate network routing tables. Route packets of network traffic from one
subnet to another by modifying the route table.
syntax
Display route details:
ROUTE [-f] PRINT [destination_host] [MASK subnet_mask_value]
[gateway]
[METRIC metric] [IF interface_no.]
Add a route:
ROUTE [-f] [-p] ADD [destination_host] [MASK subnet_mask_value]
[gateway]
[METRIC metric] [IF interface_no.]
Change a route:
ROUTE [-f] CHANGE [destination_host] [MASK subnet_mask_value]
[gateway]
[METRIC metric] [IF interface_no.]
9. Delete a route:
ROUTE [-f] DELETE [destination_host] [MASK subnet_mask_value]
[gateway]
[METRIC metric] [IF interface_no.]
key
-f Clear (flush) the routing tables of all gateway entries.
If this is
used in conjunction with one of the commands, the tables
are
cleared prior to running the command.
destination_host
The address (or set of addresses) that you want to reach.
-p Create a persistent route - survives system reboots.
(not supported in Windows 95)
subnet_mask_value
The subnet mask value for this route entry.
This defines how many addresses are there.
If not specified, it defaults to 255.255.255.255.
gateway The gateway.
interface The interface number (1,2,...) for the specified route.
If the option `IF interface_no` is not given, ROUTE will
try
to find the best interface available.
METRIC The metric, ie. cost for the destination.
Note that routes added to the table are not made persistent unless the -p switch
is specified. Non-persistent routes only last until the computer is rebooted.
Symbolic names used for Destination_Host are looked up in the network
database file NETWORKS.
The symbolic names for gateway are looked up in the host name database file
HOSTS.
If the command is PRINT or DELETE. Destination or gateway can be a wildcard
('*'), or the gateway argument may be omitted.
An IP address mask of 0.0.0.0 means everything. (rather like the *.* wildcard). In
other words it says, “when matching this pattern, don’t worry about matching any
of the bits - everything matches.
If Destination_Host contains a * or ?, it is treated as a shell pattern, and only
matching destination routes are printed. The '*' matches any string, and '?'
matches any one char.
Examples:
157.*.1
157.*
10. 127.*
*224*
Get your kicks on ROUTE 66 - Jack Kerouac.
Related Commands:
NETSTAT-rn - Display TCP/IP network connections, routing and protocol
statistics
TRACERT - Trace route to a remote host
Q140859 - Win NT TCP/IP Routing Basics
Equivalent Linux BASH commands:
ping - Test a network connection
trace - Find the IP address of a remote host.
PCHelp's
Network Tracer
Download TRACE.ZIP
Introduction Purposes What It Finds Disclaimer Install & Use Notes Glossary
Introduction
TRACE.BAT is an MS-DOS batch process which uses standard network query
utilities to work up a handy report on a given Internet address. It does so
automatically and fairly quickly, in a simple format and in a logical sequence. It
provides a report in plain text which it opens in Notepad when done. It gives
some screen feedback while in process.
All the user needs is one of the following: an IP address , a hostname , an
email address or a URL .
Because the Tracer performs extended domain registration lookups,
encompassing the shared .COM, .NET and .ORG registries and more than 70
countries, it is a sort of super-WHOIS utility.
It runs easily and quickly from the desktop Run dialog, and requires no familiarity
with MS-DOS.
11. TRACE.BAT works with Windows 95, Windows 98 and Windows ME.
NT Version
I have not adapted the Tracer to NT, but someone else has. Simon Daykin of
Byte-Sized.com sent me an NT-adapted Tracer 'way back in November '99. I
provide here a copy of that modified version, which reportedly functions well. I
should have posted it long ago (it's now October 2000; I never carried out my
own plan to adapt the script, which plan was the reason I didn't publish Simon's
version). I apologize to the many NT users who might have benefited by Simon's
work.
I can't promise any kind of support of this version, and I'm reluctant to takeon the
task of maintaining it with updates as I do the Win9x Tracer. But I'll take an
interest in any problems and I'll do whatever I reasonably can. I'd particularly be
interested to know if it works under Windows 2000. I suspect it will, since Win2K
is basically a version of NT.
Users of the NT Tracer must first install the regular Tracer, omitting only
NSLOOKUP.EXE (NT has its own); then replace the file trace.bat with
traceNT.bat (which I advise renaming to trace.bat). I look forward to hearing how
it performs.
Origins
(Note: there's a glossary of terms below.)
Over the years, in my efforts to better understand the workings of the Net, I
gradually became familiar with a number of the longtime-standard command-line
tools that reveal the nuts and bolts of the Internet. With names like PING,
WHOIS, NSLOOKUP, and TRACEROUTE, these tools allow one to peek into
basic network functions and structure. I refer to them as "network query utilities"
because that's what they do. In a variety of ways, they ask systems and servers
on the network for information.
And information they do receive. It's often amazing to people just how much the
Net will reveal about itself if one only asks.
Most of my early experience with such utilities was on a Unix shell account. *nix
users have practically always had lots of good network tools available. But
finding implementations of those programs for use under Windows was a real
challenge even just a few years ago.
With the arrival of Windows 95 the situation improved; but though a few decent
network query utilities exist in all Windows 9x installations, they are generally
unknown to the average user and most of them are DOS-based. Nowadays,
Windows users usually haven't the first clue how to use the totally textual DOS
command-line interface. The upshot of it is, where their network's nuts and bolts
are concerned, Windows users have generally been left out in the cold and dark.
12. But with time, practically every useful Unix network tool has been adapted to
DOS. My many searches of the Net have gradually yielded a fine collection of
these powerful, simple tools.
Bringing The Tools Together
MS-DOS has a handy "batch" language of its own which allows the use of scripts
to execute a series of DOS commands. This has particular advantages where a
collection of text-based programs is concerned; it allows a degree of integration
of otherwise disconnected processes.
Somewhere early on, I began producing batchfiles to make my own use of the
various network query tools more convenient.
Things really fell into line when I found an excellent NSLOOKUP (Name Server
Lookup) tool in BINDNT. Though a bit arcane, NSLOOKUP is a very powerful
tool where IP networking is concerned. It wasn't long before I had put together a
number of batchfiles that took advantage of NSLOOKUP, some in conjunction
with other utilities such as WHOIS.
Finally I decided to come up with something really comprehensive; a batch
process that would assemble information from every network query type I could
muster up, and deliver the lot to the Windows desktop in a textfile. This Tracer
was the result. Augmented and adapted many times, it grew into a utility I could
hardly do without.
What makes the Tracer special? Except for its unique vendor code lookups and
its extensive coverage of country domains -- nothing much! It's using utilities that
are very ordinary to most professionals, and it's a batchfile of all things, which
isn't exactly whizbang high-tech programming. The key is that it brings it all
together in a single report and using one simple command.
Use of the Tracer is almost ridiculously easy. One types "trace [address]" in the
Run dialog while online; without further ado it does all it can with the address,
and then up pops Notepad with the results.
I realized anyone at all could now use it. It was time to let others in on the fun.
What The Tracer Is For
A few uses for the Network Tracer:
• Identifying the owners and/or hosts of websites and domain names
• Tracking down the source of unwanted email (Example: http://www.pc-help.org/
members/spamalysis/sa37.htm)
• Identifying and tracing the host in an obscured URL.
13. • Interpreting your website access logs (Example: http://pc-
help.org/members/logfun/govlogs.htm)
• Tracing suspicious connections reported by your firewall or port monitor
• Finding what others can learn from your IP address
• Checking out chat partners (I would consider this a must for the ladies).
What The Tracer Finds
If the user-provided address is an email address or a URL, TRACE.BAT will
attempt to extract the IP address or hostname portion, and will then restart itself
using that address as its point of reference.
TRACE.BAT uses PING to firmly establish the validity of the user-provided name
or address. PING will also reveal whether the address is occupied by a
responding system. In the process, if given an IP address in a format other than
dotted-decimal, the Tracer takes advantage of PING's ability to convert that
address to the dotted-decimal format (nnn.nnn.nnn.nnn).
If a Win9x machine is online at the address, and if your machine is set up to use
NetBIOS over TCP, TRACE will often obtain a NetBIOS name table. The name
table often reveals specifics about the computer and/or its user. NT machines
and other platforms may also support NetBIOS.
The MAC address of a NetBIOS host reveals information about the hardware
(network adapter) in use on that machine. A lookup table has been incorporated
into TRACE.BAT which identifies the adapter if possible. This particular
feature is, so far as I know, completely unique to this utility. To
implement this lookup, I had to create what I believe is the single most extensive
listing of vendor codes in public existence. At this writing, it's still a work in
progress.
If TRACE.BAT sees a NetBIOS server listed in the remote name table, it will
attempt to use the net view command to retrieve a listing of the resources shared
by the remote machine. The list can be interesting and may reveal still more
about that system and its user, by way of the names and comments assigned to
the shared resources. (Many, probably most Windows machines aren't
configured to use this feature, but there's a good chance it will work for you if
your system is on a LAN.)
Occasionally you may encounter shared files which the remote user intentionally
leaves open to access; but if there's any doubt, I caution you not to attempt to
access remote shares without permission. The Tracer is not intended to facilitate
intrusions. For more on NetBIOS and sharing, see:
http://www.nwi.net/~pchelp/security/issues/sharing.htm.
NSLOOKUP is used to identify the IP address of a name and vice versa. The
name info so obtained usually identifies the domain name associated with a
given address. Lookups are done both ways (address-to-name and name-to-
14. address) in order to spot forged and bogus names. If reverse DNS shows a
discrepancy, it is noted. See definitions below.
If a name is found for the address (or initially provided), the domain name portion
of the hostname is is parsed and any available domain registration record is
looked up using the WHOIS utility.
The whois server at the Network Abuse Clearinghouse is consulted for an abuse
contact address; if one is found it is noted in the report.
The new competitive registry scheme adds some complications to WHOIS
lookups of domains in the shared TLDs (top level domains). But TRACE.BAT
deals with it. The Network Solutions database is checked first in the interest of
efficiency; the vast majority of domains are still listed there. If no domain record is
found in the Network Solutions database, TRACE.BAT will identify the applicable
registry, if any, using the NSI Registry database at whois.crsnic.net; and repeat
its query using that registry's server. (This makes the Tracer quite useful to verify
the availability of a desired name.)
Because of the large number of WHOIS servers/databases that must be
consulted in order to retrieve records on the various country domains and other
top-level domains (TLDs), implementing domain lookup fully has proven to be a
real challenge. It's been a slow process to install support for each and every
country domain; the server address and the query format must be found for every
individual TLD. There exist few resources which assemble this information in one
place, and none of them is fully complete or current. There are about 250 top-
level domains. The list of the Tracer's supported domains is constantly growing.
Where a standard WHOIS server is not available for a supported domain, usually
there is a WHOIS gateway (web page) available at the website of the applicable
Network Information Center (NIC). If such a gateway exists, the URL of the
gateway is provided in the trace report and in console feedback. Where a
suitable URL can be constructed, TRACE.BAT will helpfully open the applicable
record in your default browser.
The ARIN database is queried, which will identify the entity(ies) to which the IP
address is registered. This may not identify the domain name owner but it will
locate the domain's upline provider(s).
IP addresses falling outside the ARIN regions (ARIN generally covers North and
South America and sub-Saharan Africa) are on record in either the European
RIPE database or in the APNIC (Asia Pacific) database. As appropriate, these
are queried.
Using Netcat, the Tracer then performs RWHOIS queries for information about
the IP address. This usually yields the same information as the
ARIN/RIPE/APNIC queries described above, just in a different format. But on
occasion it will find useful additional information.
As a final step, a traceroute is performed, which will sometimes help to identify
the domain associated with an address, and/or its physical location. This is
particularly useful if the name server lookups were unsuccessful.
15. (There is more the Tracer could do, and I'm considering several additions. And
by the way, it changes constantly. If you wind up using it frequently, I strongly
recommend you obtain the latest version at intervals.)
How Long It Takes
Domain-only queries typically take about 15 seconds. Except for the traceroute,
the full "trace" usually requires only a little more than 30 seconds. Including the
traceroute (which can be optionally excluded or interrupted manually),
TRACE.BAT usually does its work in one or two minutes. Delays or failures may
sometimes happen during any of the queries. Traceroute is typically the slowest
query and can occasionally require many minutes. Start and finish times are
logged.
The Tracer pauses when finished, offering the user 10 seconds to accept or
decline the display of its report. Given no response, it will open Notepad with the
text.
Disclaimer
NOTICE: No warranty is expressed or implied. You use TRACE.BAT entirely at
your own risk.
TRACE.BAT is virtually incapable of doing significant damage under any
circumstances and it is unlikely to malfunction in any serious way; but no
computer process is ever completely foolproof.
TRACE.BAT may fail, partially or entirely, to obtain the desired information due to
network congestion, remote system failures, dropped connections, user attitude,
house fires, sabotage, teenagers, whimsy, my stupid mistakes, or any number of
other causes, real or imagined. You agree to endure all failures with infinite
patience.
Polite complaints will be received with interest, all others will be ignored or met
with sarcasm.
The Tracer's process relies on tools over which I have no direct control. Those
tools must be present and correctly functional. For your information, they are:
• MS-DOS 7.0+ with long filenames enabled (Win9x/NT)
• NBTSTAT.EXE (Win 9x/NT)
• TRACERT.EXE (Win 9x/NT)
• CHOICE.COM (Win9x) or CHOICE.EXE (NT)
• FIND.EXE (Win9x/NT)
• NSLOOKUP.EXE (freeware: BINDNT version 4.9.7)
• WHOIS.EXE (freeware: http://www.kiraly.com/software/utilities/whois)
16. • BFR.EXE (freeware:
http://www.voiceinfo.com/Commerce/DownLoad/Arc_S2.asp)
• NC.EXE (Netcat) (freeware: http://pc-help.org/trace/netcat.txt)
You don't have to retrieve any of these items. The freeware .EXE's are included
with TRACE.BAT in TRACE.ZIP.
Other tools similar to the included ones might work and they might not.
It might or might not work on later Windows versions than 95/98. Reports indicate
that it works well under WinME.
TRACE.BAT does not presently work on NT. I don't have an NT box and so
haven't been able to make rapid progress adapting to that platform. There are
some differences in NT's handling of certain batch commands. CHOICE.EXE is
apparently absent in most NT systems, but available in the NT Resource Kit.
NT's own NSLOOKUP seems to work OK. At this point I believe I have most of
the information I need to make TRACE.BAT usable on NT, but it's going to take
some more time. I welcome further input from NT users, and I heartily thank
those who've already contributed a great deal, especially Nils and Simon.
The Tracer creates temporary files, and capture files which are retained, using a
directory (folder) and filenames which are unlikely to be used by any other
application. Only in the extremely unlikely event of a folder and filename
collision could it cause data loss. In that event, it may remove, overwrite or alter
an existing file.
Use of the Tracer sometimes shocks the hell out of someone you traced, who
na ïvely believed him/herself to be entirely anonymous or invisible. You agree to
accept full responsibility for all consequences, including resuscitation of the
victim, time wasted convincing the poor sod you're not a hacker, and the slow,
painful restoration of confidence following shattered illusions. You further agree
to publicly assign me full credit each time the Tracer helps you cure some
insufferable creep of the belief he could lie to people, cheat them, insult them, or
abuse their mailboxes or computers, without being held personally responsible.
Such is the price you pay for free software.
Installation And Use
Place TRACE.BAT and its companion files (the whole contents of TRACE.ZIP) in
the Windows directory. That's directly in the Windows directory (folder). Not in a
sub-folder or anywhere else.
If you have no utility that opens .ZIP archives, I recommend Winzip, available at
www.winzip.com. But if you have PKUNZIP.EXE anywhere on your system
(many people do, as it accompanies any number of applications unannounced),
and if you know how to use a DOS command line, that's all you should need.
17. To run a trace from Windows, simply click on Start ... Run ... and in the resulting
dialog box, type:
trace [Address]
Then hit Enter. A DOS window will open and display progress details as
TRACE.BAT works. Then Notepad will open, displaying the report. The DOS
window will close.
Some Tips:
• A faster way to open the Run dialog is to press the Windows key (it's between
Ctrl and Alt), then "R".
• At present, TRACE.BAT itself must exist in the Windows directory. If you dislike
cluttering your Windows directory, you may wish to place the .EXE files
elsewhere, but they must be somewhere on the "path" as defined by the %path%
variable; otherwise DOS can't find them when required, and TRACE.BAT will
not function.
o View the path by typing at a DOS prompt: echo %path%
o You can add directories to the path using the PATH= line in autoexec.bat.
Example:
PATH=c:misctrace;c:whatever;c:andsoon
TRACE.BAT --*# PCHelp's Network Tracer #*-- _ 1999, 2000
SYNTAX: TRACE Address [-n] [-t] [-d] [-s] [-x]
OR: TRACE setnameserver Address
Where Address = an IP address in any format;
or, a valid hostname;
or, an email address;
or, a URL.
Options:
-n = skip NetBIOS queries
-t = skip Traceroute
-d = perform domain record lookup only
-a = skip abuse.net query during domain lookup
-s = suppress capture file display
-x = no trace if previously done
setnameserver = reconfigure the NSLOOKUP Name Server to
Address
checkns = verify function of current nameserver
Examples (try 'em): trace 64.87.72.249 -a -n -t
trace abcnews.go.com
trace http://www.state.nh.us/nhdoj/ -n -t
Read TRACE.BAT in any text editor for further information.
18. A Few Notes
Although the Tracer does accept URLs and email addresses, it extracts and
traces only the hostname or IP address; the username in an email address is not
traced, nor are any other parts of a URL.
The Tracer's reports are retained in the directory c:misctrace with filenames
in the form of: [IPAddress].txt. The directory (folder) is created if it doesn't
exist already. If there is no known IP address, the filename of the capture file will
be [name].txt using whatever name you entered. The same applies when the -
d option is used. If no IP address and no domain name record is found, the
textfile, presumably useless, is deleted. If any useful information is found, the file
is retained. Be aware that over time a very large number of files could
accumulate in this directory.
If a former trace of the same IP address exists, the existing text is immediately
opened in Notepad for the user's reference. Meanwhile (unless the -x option is
used) the new trace continues, appending its results to the file. When done, it will
open the updated capture file in a new Notepad window. (It's then necessary to
scroll down to see the new trace.)
Date and time are recorded in the capture file, including start and finish times.
Multiple traces of a name or address can therefore produce a useful record of
changes.
It is possible to do multiple simultaneous traces. I specifically adapted
TRACE.BAT for this purpose. Its several temporary files are named uniquely
using the hundreths-of-seconds digits of the time it starts; so collisions of two
simultaneous traces are a mere 1-in-100 probability; even less likely, in fact,
since there are only brief moments when use of the same filenames would be a
problem. However: two simultaneuous traces of the same address will collide
because they'll use the same capture file. The result of any such collisions will be
error messages and a likelihood of a damaged or incomplete report; nothing
more serious than that.
If interrupted, TRACE.BAT may leave temporary files in its folder. They harm
nothing, and consume little space. All start with the symbol $ so they percolate to
the top of a sorted listing and are easily deleted. Once in a long while,
TRACE.BAT will clean these up on its own, using a secret process known only to
God and people who read the batchfile.
TRACE.BAT uses environment variables. These are data stored by MS-DOS in a
limited memory space. In most Windows systems, DOS environment variables
aren't heavily used, but if they are, sometimes there's not enough memory
allocated for storage of the Tracer's many variables. In order to avoid this
problem, the batchfile creates a new instance of command.com with an
environment of ample size. Even so, it checks at a variety of points to be sure
variables have been successfully stored, and will usually alert the user if there's
any problem.
19. For some of its functions, TRACE.BAT must be located in the Windows directory,
as defined by the %windir% variable. If it's not found there, TRACE.BAT will
attempt to place a copy of itself in that directory.
To interpret results, TRACE.BAT relies on searches for, and handling of, certain
texts in the responses output by the various utilities it runs. Because this output
varies, it is possible you may see errors or misinterpretations on rare occasions.
Name servers vary especially widely in their responses, so this is more likely with
name server lookup data than with anything else.
If a name rather than an IP address is initially provided to TRACE.BAT, the
name's IP address is resolved, the name is stored as a variable, and
TRACE.BAT is restarted using the IP address as its principal point of reference.
In such a case, the name may sometimes be an alias, but it will be a valid
hostname, not a forged or bogus name assignment. That user-provided name,
rather than any canonical or primary name associated with the address, will then
be the basis of the domain name record lookup. Because of this, you may find it
useful to do additional queries for the domain records of other name(s) you may
find listed in the report. Simply run TRACE.BAT again using the canonical name
with the -d option; or using the IP address alone.
TRACE.BAT will attempt to look up a domain name record, even if the name
server lookup yields no IP address. It will attempt to parse whatever hostname is
provided by the user to extract the domain name portion. So even an improbable
or nonexistent hostname like flibberdegibbet.microsoft.com will yield a
domain registration record if it uses a valid domain name. This parsing of the
name will still occur if the -d parameter is used.
Unless it's performing a domain-record-only lookup (using the -d switch),
TRACE.BAT will PING the address; this is not merely done to find a live remote
system; it's also necessary to check for a valid address. Anyone at that address
with a firewall will be able to see that you pinged their system. Also, NBTSTAT
contacts the remote system for its NetBIOS nametable. Using the -n parameter
will disable NBTSTAT activity but the ping will still occur. So if you're trying to be
stealthy, just don't use TRACE.BAT.
The batchfile is heavily commented. Everything it does is wide open to
inspection, and for the most part it's painstakingly explained. For those interested
in MS-DOS batch programming, it's probably full of interesting tidbits.
For those who aren't into the technical aspects, TRACE.BAT is still fairly
readable and may prove enlightening. I invite you to take a look, using Wordpad
or any plain-text editor (it's too big for Notepad).
If you decide to modify the batchfile, fine; but please do so only for your own use;
don't remove my copyright notice; and include comments that indicate what
changes were made and by whom. Also, Do not distribute an altered
TRACE.BAT. If you think I should change something, let me know. If I use your
idea, I'll give you credit.
I would appreciate all possible input from users of this utility. Please email me
anytime and tell me how it's working for you. I welcome suggestions.
21. NSLOOKUP Name Server Lookup. An IP networking
utility which queries name servers to
correlate names to IP addresses and to
fetch related information.
DNS Domain Name System. This is the "distributed
database" which associates human-readable
names with IP addresses and related informa-
tion, allowing computers to find one another
on the Net using names recognizable to their
human users.
REVERSE DNS The usual "forward" use of DNS is to find the
address for a name. Reverse DNS (rDNS) goes
the other way; it asks the specific server
associated with an address for the name _it_
assigns to that IP address. Name-to-address
information comes from a centralized source.
Address-to-name information comes from name
servers under localized control.
FORGED NAME When a reverse DNS lookup produces a name, one
can then consult the presumably correct and
authoritative DNS system for the name's IP
address. If this shows a different address
for the name than the remote server provided,
the name is "forged." This is usually an error
or an outdated record, but it can sometimes be
a deliberate forgery. It will usually affect
only those who rely on the errant name server.
BOGUS NAME Like a forged name, but a DNS lookup of the
name fails to find any address. It could be
intentional or an error. It's a common
occurrence.
WHOIS A standard which implements online access to
database-type information. It is used by
most of the various IP allocation and domain
registration organizations to provide DNS
information, as well as by some businesses
and universities for user directories.
RWHOIS Referral WHOIS. An extension of the WHOIS
standard. RWHOIS servers provide referrals to
other servers. The scheme allows for expanded
access to numerous databases. Presently it is
most useful to find network number assignments
and domain records in the generic TLDs.
ARIN American Registry for Internet Numbers. One
of the three regional Internet registries
which control IP address block assignments.
The other two are RIPE and APNIC.
http://www.arin.net/
22. RIPE Reseaux IP Europeens (European IP Networks)
"RIPE provides technical and administrative
coordination for IP networking in Europe."
http://www.ripe.net/
APNIC Asia Pacific Network Information Centre
http://www.apnic.net/
TRACEROUTE An IP network utility which identifies
machine names and addresses along the path
between two points on the network, and
gauges response times.
Supported domains*
In alphabetical order:
AC Ascension Island
AD Andorra
AE United Arab Emirates
AF Afghanistan
AI Anguilla
AL Albania
AM Armenia
AR Argentina
AS American Samoa
AT Austria
AU Australia
BA Bosnia and Herzegowina
BD Bangladesh
BE Belgium
BG Bulgaria
BH Bahrain
BR Brazil
BT Bhutan
CA Canada
CC Cocos (Keeling) Islands
CH Switzerland
CN China
COM (Generic: Commercial)
CR Costa Rica
DE Germany
DK Denmark
DO Dominican Republic
DZ Algeria
EC Ecuador
EDU (Generic: Educational Institution)
EG Egypt
FI Finland
FR France
GOV (Generic: US Government)
GR Greece
GU Guam
HK Hong Kong
ID Indonesia
IE Ireland
23. IN India
INT (Generic: International)
IS Iceland
IT Italy
JP Japan
KR Korea, Republic of
KZ Kazakhstan
LB Lebanon
LI Liechtenstein
LK Sri Lanka
LU Luxembourg
MD Republic of Moldova
MIL (Generic: US Military)
MM Myanmar
MN Mongolia
MO Macau
MX Mexico
MY Malaysia
NC New Caledonia
NET (Generic: Networks)
NG Nigeria
NL Netherlands
NO Norway
NZ New Zealand
ORG (Generic: Organizations)
PF French Polynesia
PG Papua New Guinea
PH Philippines
PK Pakistan
PR Puerto Rico
PT Portugal
RU Russian Federation
SE Sweden
SG Singapore
SO Somalia
ST Sao Tome and Principe
TH Thailand
TJ Tajikistan
TM Turkmenistan
TW Taiwan, Republic of China
UK United Kingdom
US United States
VN Viet Nam
WS Samoa
ZA Republic of South Africa
ZW Zimbabwe
*By "supported" is meant, all possible support has been provided:
• Most country domains allow direct WHOIS lookups, and in those cases
TRACE.BAT will attempt to obtain the record from the appropriate server.
• Some NICs provide only a Web-based lookup. In those cases, TRACE.BAT tells
you where to find that service. In some instances, such as NZ and PK, a Web
address can be constructed that will produce the exact record. Your default
browser will be invoked to display the domain record.
24. • Some domains are virtually undeveloped, or for whatever reason may provide no
domain registration information of any kind. In those cases, all TRACE.BAT can
do is tell you so. Usually there is at least a NIC website.
• Each and every time I have encountered a top-level domain for which I can find
no whois service, I have gone to huge effort to make completely sure I'm not
missing anything before conceding defeat. I've occasionally even scanned very
large netblocks for whois servers. I've emailed any contacts I could find, searched
the Web on numerous engines, and more. But I'm sure there will be some
resources I haven't found.
• The Net is constantly evolving. It's unlikely I can ever keep TRACE.BAT totally
current with respect to domain lookups. If you discover any new (or vanished)
WHOIS servers or NIC resources, I invite you to inform me.
Last updated 18 December 2000
TRACE.BAT update status: http://www.pc-help.org/trace/updates.txt
Download TRACE.ZIP