Tracking E-mail – Part 2
Using e-mail header information to track the sender
Ping sends an ICMP (Internet Control Message Protocol) Echo packet to a specified host, and waits for a response. It reports success or failure and statistics about its operation. Ping is useful for testing and debugging networks
It’s also useful for determining the IP (Internet Protocol) address from a domain name. To determine the domain name from an IP address you must use nslookup.
Ping (UNIX help file)
/usr/etc/ping host [ timeout ] /usr/etc/ping [ -s ] [ -lrRv ] host [ packetsize ] [ count ] When the -s flag is specified, ping sends one datagram per second, and prints one line of output for every ECHO_RESPONSE that it receives. No output is produced if there is no response. In this second form, ping computes round trip times and packet loss statistics; it displays a summary of this information upon termination or timeout. The default datagram packet size is 64 bytes, or you can specify a size with the packetsize command-line argument. If an optional count is given, ping sends only that number of requests. When using ping for fault isolation, first `ping' the local host to verify that the local network interface is running. OPTIONS -l Loose source route. Use this option in the IP header to send the packet to the given host and back again. Usu- ally specified with the -R option. -r Bypass the normal routing tables and send directly to a host on an attached network. If the host is not on a directly-attached network, an error is returned. This option can be used to ping a local host through an interface that has been dropped by the router daemon, see routed(8C). -R Record route. Sets the IP record route option, which will store the route of the packet inside the IP header. The contents of the record route will only be printed if the -v option is given, and only be set on return packets if the target host preserves the record route option across echos, or the -l option is given. -v Verbose output. List any ICMP packets, other than ECHO_RESPONSE, that are received.
Example UNIX ping
no2:/opt2/home3/expita>/usr/sbin/ping -s yahoo.com PING yahoo.com: 56 data bytes 64 bytes from img5.yahoo.com (18.104.22.168): icmp_seq=0. time=63. ms 64 bytes from img5.yahoo.com (22.214.171.124): icmp_seq=1. time=63. ms 64 bytes from img5.yahoo.com (126.96.36.199): icmp_seq=2. time=63. ms 64 bytes from img5.yahoo.com (188.8.131.52): icmp_seq=3. time=63. ms ^C ----yahoo.com PING Statistics---- 4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 63/63/63
Ping (Windows help file)
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] destination-list Options: -t Ping the specifed host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. [count range is 1 to 4294967295] -l size Send buffer size. [size range is from 0 to 65500] -f Set Don't Fragment flag in packet. -i TTL Time To Live. [TTL range is from 1 to 255] -v TOS Type Of Service. -r count Record route for count hops. [count range is 0 to 9] -s count Timestamp for count hops. [count range is 1 to 4] -j host-list Loose source route along host-list. -k host-list Strict source route along host-list. -w timeout Timeout in milliseconds to wait for each reply.
Example Windows ping
C:\WINDOWS> ping yahoo.com Pinging yahoo.com [184.108.40.206] with 32 bytes of data: Reply from 220.127.116.11: bytes=32 time=31ms TTL=242 Reply from 18.104.22.168: bytes=32 time=31ms TTL=242 Reply from 22.214.171.124: bytes=32 time=32ms TTL=242 Reply from 126.96.36.199: bytes=32 time=30ms TTL=242 Ping statistics for 188.8.131.52: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 30ms, Maximum = 32ms, Average = 31ms
Notice that the time is about half for Windows ping versus UNIX ping. The reason for this is that my Windows ping is traveling from Earthlink (my ISP located in Pasadena, CA) to Yahoo (located in Santa Clara, CA) whereas my UNIX ping is traveling from my domain hosting site at Superb.Net (located in Vancouver, Canada) to Yahoo which is about half the distance.
- www.gsl.net (GlobalOne Customer Assistance, Reston, VA) TestPing
- www.gsl.net (GlobalOne Customer Assistance, Reston, VA) Ping
- SiteSpeed Meter CNET’s SiteSpeed Meter tests your Web site
Traceroute attempts to trace the route an IP packet would follow to some internet host by launching UDP (User Datagram Protocol) probe packets with a small TTL (time to live) then listening for an ICMP (Internet Control Message Protocol) “time exceeded” reply from a gateway.
Traceroute is used to get a list of sites handling e-mail between you and each of the host domains that MTA’s use to route e-mail. Ideally traceroute should be from your e-mail host to the site that sent you e-mail. The last entry in the results list should be the host domain you’re querying. The next-to-last should be the ISP (Internet Service Provider) for the queried host domain. The second-to-last entry should be the ISP for the next-to-last ISP and so forth.
The format of the output (UNIX version) is:
hop count - gateway name - (gateway IP address) - round trip time for each packet (usually three are sent)
We start our probes with a time-to-live (TTL) of one and increase by one until we get an ICMP “port unreachable” (which means we got to the “host”) or hit a maximum number of “hops” (which defaults to 30). Three probes (the default value) are sent at each TTL setting and a line is printed showing the TTL, address of the gateway and round trip time of each probe. If the probe answers come from different gateways, the address of each responding system will be printed. If there is no response within a 3 second time out interval (the default value), an asterisk (“*”) is printed for that probe.
When traceroute fails to get packets through to the remote end system, the trace trails off, displaying a series of three asterisks (* * *) at each hop count until the count reaches 30.
Some of the individual packets in each hop may also fail to be sent in which case a (*) will appear in the packet arrival times.
no2:/opt2/home3/expita>traceroute newcomm.net traceroute to newcomm.net (184.108.40.206), 30 hops max, 40 byte packets 1 vlan20-gw.acc.dca1.hopone.net (220.127.116.11) 1 ms 1 ms 1 ms 2 ge1-0.core2.dca1.hopone.net (18.104.22.168) 1 ms 1 ms 0 ms 3 s10-1-0.ar1.WDC2.gblx.net (22.214.171.124) 2 ms 6 ms 2 ms 4 126.96.36.199 (188.8.131.52) 2 ms 2 ms 2 ms 5 pos1-0-622M.cr1.NYC2.gblx.net (184.108.40.206) 6 ms 6 ms 6 ms 6 pos0-0-2488M.br2.NYC2.gblx.net (220.127.116.11) 5 ms 10 ms 6 ms 7 bellcanada.pos12-0-0-155M.br1.nyc2.gblx.net (18.104.22.168) 6 ms 8 ms 7 ms 8 core1-newyork83-srp6-0.in.bellnexxia.net (22.214.171.124) 11 ms 5 ms 6 ms 9 core2-toronto63-pos1-0.in.bellnexxia.net (126.96.36.199) 47 ms 47 ms 48 ms 10 torcorr02-pos1-1-0.in.bellnexxia.net (188.8.131.52) 49 ms 48 ms 48 ms 11 tordisr04-fe0-0-0.in.bellnexxia.net (184.108.40.206) 49 ms 52 ms 52 ms 12 220.127.116.11 (18.104.22.168) 108 ms 109 ms 109 ms 13 22.214.171.124 (126.96.36.199) 62 ms 62 ms 63 ms 14 voyager.newcomm.net (188.8.131.52) 67 ms 64 ms 73 ms
We travel from my hosting domain at Superb.Net located in Vancouver, Canada to HopOne.Net (also located in Vancouver) to Global Crossing (gblx.net located in Rochester, NY) via Bell Canada (bellnexxia.net located in Montreal, Quebec, Canada) to Newcomm.Net (located in St. John’s, Newfoundland, Canada).
Notice the slight delay of 36 milliseconds between hop 8 (New York) and hop 9 (Toronto). There is also another delay of 59 milliseconds between hop 11 and hop 12.
Alternatively, if you’re running Windows, run tracert in an MS-DOS window. The format for the MS version is:
hop count - round trip time for each packet (usually three are sent) - gateway name (if one) - [gateway IP address]
E:\Expita> tracert newcomm.net Tracing route to newcomm.net [184.108.40.206] over a maximum of 30 hops: 1 26 ms 32 ms 32 ms hsa001.pool012.at101.earthlink.net [220.127.116.11] 2 20 ms 18 ms 18 ms 18.104.22.168 3 17 ms 19 ms 18 ms f5-1-0-cr02-pas.neteng.itd.earthlink.net [22.214.171.124] 4 16 ms 16 ms 19 ms ge-1-0-0-br03-pas.neteng.itd.earthlink.net [126.96.36.199] 5 49 ms 45 ms 41 ms 500.POS3-2.GW4.LAX4.ALTER.NET [188.8.131.52] 6 35 ms 40 ms 42 ms 166.ATM2-0.XR2.LAX4.ALTER.NET [184.108.40.206] 7 41 ms 41 ms 41 ms 192.at-1-1-0.TR2.LAX9.ALTER.NET [220.127.116.11] 8 71 ms 72 ms 74 ms 131.at-6-0-0.TR2.CHI4.ALTER.NET [18.104.22.168] 9 67 ms 70 ms 67 ms 298.ATM7-0.XR2.CHI6.ALTER.NET [22.214.171.124] 10 69 ms 75 ms 78 ms 190.ATM10-0-0.GW3.CHI6.ALTER.NET [126.96.36.199] 11 475 ms 493 ms 494 ms belladvanced1-gw.customer.ALTER.NET [188.8.131.52] 12 619 ms 616 ms 599 ms core1-chicago23-pos10-0.in.bellnexxia.net [184.108.40.206] 13 671 ms 655 ms 666 ms core2-toronto63-pos3-0.in.bellnexxia.net [220.127.116.11] 14 564 ms 567 ms 627 ms torcorr01-pos1-1-0.in.bellnexxia.net [18.104.22.168] 15 634 ms 597 ms 596 ms tordisr04-fe0-0-0.in.bellnexxia.net [22.214.171.124] 16 618 ms 638 ms 635 ms 126.96.36.199 17 631 ms 610 ms 593 ms 188.8.131.52 18 600 ms 591 ms 596 ms newcomm.net [184.108.40.206] Trace complete.
In this case, we travel from Earthlink (my ISP located in Pasadena, CA) to Alter.Net (located in Falls Church, VA) then to Bell Canada (bellnexxia.net located in Montreal, Quebec, Canada) to Newcomm.Net (located in St. John’s, Newfoundland, Canada).
Note the long delay (406 milliseconds) between hop 10 and hop 11. This is where e-mail would be delayed. So my path from Earthlink (Pasadena, CA) is much much slower (more than should be for the difference in distance) than from my domain in Vancouver, Canada.
Ping and traceroute work together to determine how e-mail flows from point to point. These two commands can also be used to determine where “bottlenecks” are occurring that may delay e-mail.
- Traceroute Hack (bs.mit.edu) (MIT, Cambridge, MA) Traces to your site, then allows you to trace somewhere else
- Traceroute from www.his.com (HIS, Washington, DC) Traces to any site, allows options
- Darkstar/Missing Link Web Traceroute (Santa Clara, CA)
- Traceroute (nic.mit.edu) (MIT, Cambridge, MA)
- MAE-East++ Looking Glass (DIGEX, Maryland) access-list, bgp, summary, bgp dampened-paths, environmental, bgp flap-statistics, mroute summary, ping, and trace
- MAE-West++ Looking Glass (DIGEX, Maryland) access-list, bgp, summary, bgp dampened-paths, environmental, bgp flap-statistics, mroute summary, ping, and trace
- PAIX Looking Glass (DIGEX, Maryland) access-list, bgp, summary, bgp dampened-paths, environmental, bgp flap-statistics, mroute summary, ping, trace, and trac from nitrous
- Sprint NAP Looking Glass (DIGEX, Maryland) access-list, bgp, summary, bgp dampened-paths, environmental, bgp flap-statistics, mroute summary, ping, and trace
- sitka.triumf.ca (TRIUMF, Vancouver, BC) Traces to the site, then gives you a table of the connections along the way. Each one has an HTML link to a network information tool, which will do an nslookup, visual ping, 10-packet ping, fast traceroute, traceroute, or link to a web page (if available). It will also do a bankwidth test on each of the connections (bing). A tableless version is also available. This site will normally trace to you, but you can add a question mark (“?”) and a site name to the end of the URL to make it trace somewhere else.
- Tracer (in German) ping, traceroute, mail verify, mail expand, finger, and WWW ping
- NetTools (Vancouver Webpages, Vancouver, BC) visual ping, e-mail verifier, spam checker, DNS, traceroute, ping, finger, whois, domain lookup, digger
- Traceroute VOA (HIS, Washington, DC)
- Public Traceroute (Belnet, BE)
- Traceroute Service (www.infn.it)
- Traceroute Service (wwwcs.cern.ch)
- Remote traceroute (www.ntua.gr)
- Traceroute Gateway (www.switch.ch)
- Traceroute (www.efrei.fr) (in French)
- debug.net traceroute (was www.carpe.net)
- Traceroute (www.fr.net) (in French)
- Traceroute (www.nic.fr) (in French) (Afnic, FR)
- Traceroute (www.skynet.be) (Skynet Internet Service Provider, Brussels, BE)
- (intersight.be) only traces from your site to Intersight
- SDSC Traceroute (www.sdsc.edu)
- Traceroute from Tallinn, Estonia (cache.online.ee) (Microlink Online), several options to modify the trace
- Internet Access, Inc. Traceroute (www.getnet.com) (GetNet, Phoenix, AZ)
- Traceroute (www.cbl.com.au)
- wwww.technet.nm.org (New Mexico Technet, NM) Whois, Traceroute, Ping, NSLookupMX, NSLookup, Finger, ARIN
- Traceroute from www.ibm.net.il only traces to your site
- Traceroute (Bungi, San Jose, CA)
- Web Traceroute (Call America/GST, San Luis Obispo, CA)
- Trace Route (CalWeb, Sacramento, CA)
- Traceroute (in French) (Efrei, Paris, FR) Traces to any site, options for timeout, and TTL
- Traceroute (Brainstorm, Paris, FR)
- Traceroute (Puerto Rico Internet, Guaynabo, PR)
- Traceroute (Berkeley, CA)
- Network Traceroute from hepnrc.hep.net (HEP Lab, Batavia, IL) Traces to any site, option to have tablular output
- Traceroute from LavaNet (LavaNet, Honolulu, HW)
- Traceroute (MagNet, Prince George, BC)
- Traceroute Gateway (UWM, Madison, WI)
- Missing Link Web Traceroute (Concentric Newtork Corporation – Santa Clara, CA)
- Traceroute (San Francisco Online, CA)
- Traceroute Gateway (www.net.cmu.edu) (Carnegie Mellon University, Pittsburgh, PA) – NOT FOUND 27Jan00
- Novagate Traceroute (www.novagate.com) (Novagate, Chicago, IL)
- Club TraceRoute (Novia Internetworking, Omaha, NE)
- Traceroute Gateway (NTRnet Systems, Durham, NC)
- Traceroute Output(www.pcslink.com) (PCSLINK, Phoenix, AZ) Traces to only back to originating host
- SDSC Traceroute (SDSC, San Diego, CA)
- Web Traceroute (TechMart, Los Altos, CA)
- Traceroute from www.io.com (Turning Point Information Services, Austin, TX)
- Traceroute (www.wiskit.com) (Kitchen Wisdom, Portland, OR) Network diagnosis on trace to you. Results include traceroute, whois, and ident with explanations
- Traceroute (Lyceum Internet, Atlanta, GA)
- Host name to Latitude/Longitude IP locator shows Latitude /longitude of IP address
- GlobalOne Traceroute (GlobalOne Customer Assistance, Reston, VA) Trace from GlobalOne to somewhere else
- GlobalOne Traceroute (GlobalOne Customer Assistance, Reston, VA) Trace from GlobalOne to somewhere else
- www.gsl.net (GlobalOne Customer Assistance, Reston, VA) Ping
- www.gsl.net (GlobalOne Customer Assistance, Reston, VA) Nslookup
- www.gsl.net (GlobalOne Customer Assistance, Reston, VA) Start of Authority
- www.gsl.net (GlobalOne Customer Assistance, Reston, VA) Nameservers for a domain
- www.gsl.net (GlobalOne Customer Assistance, Reston, VA) MailExhangers for a domain
- www.gsl.net (GlobalOne Customer Assistance, Reston, VA) Whois second level
Nslookup is used to map a FQDN (Fully Qualified Domain Name) to an IP address (or vice versa) via asking a DNS (Domain Name System or Server) to supply the answer.
Example nslookup by domain name
no2:/opt2/home3/expita>nslookup yahoo.com Server: ns1.superb.net Address: 220.127.116.11 Non-authoritative answer: Name: yahoo.com Addresses: 18.104.22.168, 22.214.171.124
NOTE: The “Non-authoritative” answer means my local server (ns1.superb.net with IP address 126.96.36.199) is answering using previously cached data. It will cache the results in case someone else who shares the same server with me wants to look at the same resource. Since this information is a subset of the available information, and since it is cached and can go out of date, it is marked as non-authoritative.
If it doesn’t say “Non-authoritative”, then either the server is actually authoritative for the domain in question, or it just looked up the answer from some other server that is. The name servers that provide the lookup between names and IP addresses (and vice versa) don’t want you bothering them all the time so they cache the data. Hence, the non-authoritative answer. If the DNS has to actually go to a name server to do the lookup you will see:
Example nslookup by IP address
no2:/opt2/home3/expita>nslookup 188.8.131.52 Server: ns1.superb.net Address: 184.108.40.206 Name: pop03.earthlink.net Address: 220.127.116.11
Notice in this case the authoriative answer. Superb.Net will retain this information in the cache for a period of up to several days. Much of this information called the TTL (Time To Live) data can be found by looking at the SOA (Start Of Authority) record for the host DNS.
Example nslookup query SOA by domain
no2:/opt2/home3/expita>nslookup -q=soa world.std.com Server: localhost Address: 127.0.0.1 std.com origin = world.std.com mail addr = netadmin.world.std.com serial = 2001032400 refresh = 43200 (12H) retry = 3600 (1H) expire = 1728000 (2w6d) minimum ttl = 86400 (1D)
The important parts here are the serial number, which shows that the information for domain world.std.com.com was last revised on 2001/03/24 at midnight (00) (DNS admins don’t have to follow such a convention for serial numbers, but most do, and it’s helpful for this sort of thing) the expire time and minimum TTL.
What those expire time and minimum time-to-live numbers say is that once another DNS server has obtained any piece of information from the world.std.com domain — say, the IP address of www.world.std.com — it may keep it as valid data for up to 20 days, and should keep it at least 1 day(s).
- refresh = 43200 seconds (12 hours)
- Means that any secondary DNS’s for this zone should check with the primary server once every 12 hours to see if there is a new zone file.
- retry = 3600 seconds (1 hour)
- When they check, if they can’t contact the primary server, they should try again every hour until they succeed.
- expire = 1728000 seconds (20 days or 2 weeks and 6 days)
- If they go 20 days without contacting the primary, they should throw away the old information that they’ve been maintaining, and consider themselves no longer authoritative for the domain in question.
- minimum ttl = 86400 seconds (1 day)
- Names within this zone have a minimum (and default) TTL of 1 day(s), meaning that when other DNS servers get information about a name within this zone, it should be held for 20 days (longer if the TTL for that specific name is configured to be longer than 20 days).
Example nslookup query SOA by domain
no2:/opt2/home3/expita>nslookup -q=earthlink.net Server: localhost Address: 127.0.0.1 Non-authoritative answer: earthlink.net origin = ns1.earthlink.net mail addr = dns-admin.earthlink.net serial = 2001032101 refresh = 86400 (1D) retry = 300 (5M) expire = 2592000 (4w2d) minimum ttl = 1800 (30M) Authoritative answers can be found from: earthlink.net nameserver = ns1.earthlink.net earthlink.net nameserver = ns2.earthlink.net earthlink.net nameserver = ns3.earthlink.net earthlink.net nameserver = ns4.earthlink.net ns1.earthlink.net internet address = 18.104.22.168 ns2.earthlink.net internet address = 22.214.171.124 ns3.earthlink.net internet address = 126.96.36.199 ns4.earthlink.net internet address = 188.8.131.52
NOTE: The “Non-authoritative” answer means my local server (localhost with IP address 127.0.0.1) is answering using previously cached data. It will cache the results in case someone else who shares the same server with me wants to look at the same resource. Since this information is a subset of the available information, and since it is cached and can go out of date, it is marked as non-authoritative.
- NSLookup Gateway Red Bank, New Jersey
- nslookup Gateway , Austrailia
- Nslookup Cal State University – Dominguez
- NSLookup Gateway InterNetworks, Florida
- NSLookup Research Library Group, California
- Nslookup Gateway Australia
- Local NSLookup Gateway Worcester Polytechnic Institute, Massachusetts
- nslookup (www.infobear.com)
- NameSpace nslookup
Whois is used to look up domain records at one of the Registrar databases. These organizations are in charge of keeping track of internet addresses and who they belong to.
Use whois to find the owner, administrative and technical contacts for the hosts/domains/IP address ranges that you are interested in. You can search by:
The UNIX version of the whois command is:
usage: whois [ -h host ] name where host is any whois server and name is the domain name
Example whois search using a specific whois server
no2:/opt2/home3/expita>whois -h 'whois.networksolutions.com' psinet.net | more [snip] Registrant: PSINet Inc. (PSINET10-DOM) 210 Huntmar Park Drive Herndon, VA 22070 US Domain Name: PSINET.NET Administrative Contact, Technical Contact: Administration, PSINet Domain (PDA4) psinet-domain-admin@PSI.COM PSINet, Inc. 510 Huntmar Park Drive Herndon, VA 22070 (703) 904-4100 (FAX) (703) 904-4200 Billing Contact: Bursar, PSINet Domain (KA16) domain-fee-contact@PSI.COM PSINet, Inc. 44983 Knoll Square Ashburn, VA 20147 (703) 904-4100 Record last updated on 07-Dec-2000. Record expires on 09-Dec-2002. Record created on 09-Dec-1998. Database last updated on 26-Feb-2001 08:31:31 EST. Domain servers in listed order: NS.PSI.NET 184.108.40.206 NS2.PSI.NET 220.127.116.11
The web-based versions of whois allow more options like:
- NIC handle (or contact), type “handle WA3509″
- name, type “name lastname, firstname”
- company name, type “name The Sample Corporation”
- domain.name, type “example.com”
- IP address, type “host 18.104.22.168″
- host or name server name, type “host ns1.worldnic.com”
This will give more contact information including e-mail addresses. If there is more than one whois entry for the domain you have entered, you will get a list of abbreviated entries (e.g. NSI yields NSI.ORG, NSI.COM, NSI.NET and NSI.EDU). To get full information, use the full domain name (e.g. NSI.ORG). You may need to strip off one more left elements of each domain before you get a domain that whois knows about (e.g. eng.rtfm.mit.edu -> rtfm.mit.edu -> mit.edu). Similarly, you may need to strip off one or more right elements of each IP address range before you get an IP address range that whois knows about (e.g. 22.214.171.124 -> 207.228.225 -> 207.228 -> 207).
- Search Whois Network Solutions
- Registry Whois Search InterNic
- ARIN Whois Database Search American Registry for Internet Numbers
- APNIC Whois Search Asia-Pacific Network Information Centre
- RIPE Whois Query RIPE (Reseaux IP Europeens)
- MIL Whois Search US DOD Network Information Center
- Government-Wide Whois Search GOV top level whois
- SWITCH Whois query 7 whois servers OK by E-mail
- Whois Lookup Interlinks whois server
- Whois query service Network Management Center, query 8 whois servers OK by E-mail
- Whois.Net Domain Based Research Services
- Smart Whois NetNation Communication Inc.
- Whois Report Domain Name Search Engine.
By default, finger displays information about each logged-in user, including his or her: login name, full name, terminal name (prepended with a ‘*’ if write-permission is denied), idle time, login time, and location (comment field in /etc/ttytab for users logged in locally, hostname for users logged in remotely) if known.
Idle time is minutes if it is a single integer, hours and minutes if a ‘:’ is present, or days and hours if a d is present.
Example default finger
no2:/opt2/home3/expita>finger Login Name TTY Idle When Where root Super-User console 37d Sat 15:48 gboyd ??? pts/5 Tue 17:34 hsa086.pool012.at101 tbennick Trevor Bennicke pts/1 3:02 Tue 11:06 6532169hfc155.tampab gbaratto Gustavo Baratto pts/6 6 Sat 15:06 fw.yvr1.superb.net lvo Lu Vo pts/3 1:06 Fri 15:11 fw.yvr1.superb.net tbennick Trevor Bennicke pts/7 3:03 Tue 11:11 6532169hfc155.tampab tbennick Trevor Bennicke pts/10 2:59 Tue 11:39 6532169hfc155.tampab tbennick Trevor Bennicke pts/11 2:59 Tue 11:48 6532169hfc155.tampab
When one or more name arguments are given, more detailed information is given for each name specified, whether they are logged in or not. A name may be a first or last name, or an account name. Information is presented in a multi-line format, and includes, in addition to the information mentioned above:
- the user’s home directory and login shell
- the time they logged in if they are currently logged in, or the time they last logged in if they are not, as well as the terminal or host from which they logged in and, if a terminal, the comment field in /etc/ttytab for that terminal
- the last time they received mail, and the last time they read their mail
- any plan contained in the file .plan in the user’s home directory an any project on which they are working described in the file .project (also in that directory)
Example finger a particular user
no2:/opt2/home3/expita>finger lvo Login name: lvo In real life: Lu Vo Directory: /home2/lvo Shell: /bin/bash On since Mar 2 15:11:24 on pts/3 from fw.yvr1.superb.net 1 hour 10 minutes Idle Time New mail received Fri Mar 23 08:22:07 2001; unread since Sat Feb 10 17:33:51 2001 Plan: -- Lu Vo <firstname.lastname@example.org> Superb Internet - "Ahead of the Rest." http://www.superb.net "I am easily satisfied by the very best" - Winston Churchill </email@example.com>
If a name argument contains an at-sign(“@”) then a connection is attempted to the machine named after the at-sign, and the remote finger daemon is queried. The data returned by that daemon is printed.
Finger will display a greater detail of information for users than have a UNIX .plan or .project file on their ISPs server.
Example finger user at another site
no2:/opt2/home3/expita>finger firstname.lastname@example.org [mit.edu] Student data loaded as of Mar 27, Staff data loaded as of Mar 27. URL data loaded once a month. Notify Personnel or use WebSIS as appropriate to change your information. Our on-line help system describes How to change data, how the directory works, where to get more info. For a listing of help topics, enter finger email@example.com. Try finger firstname.lastname@example.org to read about how the directory works. Please see email@example.com for questions about the new URL field. There was 1 match to your request. name: SPECIAL COMMUNITY SERVICES, OFFICE OF phone: (617) 253-7914 Fax: (617) 253-8006 address: 50-005 department: Office of Special Community Services url: http://mit.edu/campus-activities/www/scs/index.html phone book: http://mit.edu/communications/bp/s/F15060.html alias: O-specialcommunityservices
NOTE: Most ISPs have diasabled the finger dameon and usually all you will see is:
no2:/opt2/home3/expita>finger firstname.lastname@example.org [newcomm.net] connect: Connection refused
- MIT Finger Gateway http://www.mit.edu:email@example.com
- The WWWW to Finger Gateway with support for faces http://www.cs.indiana.edu:firstname.lastname@example.org
- The Finger Gateway http://email@example.com
- EUPTC user search http://firstname.lastname@example.org
- Finger Gateway http://email@example.com
- Finger Gateway http://firstname.lastname@example.org
- Finger Gateway http://email@example.com
- Finger Gateway http://firstname.lastname@example.org
- UNIX network uilities page Kiev, Ukraine http://email@example.com
- UNIX Finger Gateway http://firstname.lastname@example.org
- UNIX Finger Gateway http://email@example.com
- Finger Gateway best.com
- CCS Users Information Gateway http://firstname.lastname@example.org
- Finger Gateway http://email@example.com
- ECE Finger Gateway http://firstname.lastname@example.org
- Glue Finger Gateway http://email@example.com
- Informatik Finger Gateway http://firstname.lastname@example.org
- ITS WWW Server Finger Gateway http://email@example.com
- Finger Gateway http://firstname.lastname@example.org
- finger http://email@example.com
- Finger Gateway http://firstname.lastname@example.org
- Nucleus WWW Finger Gateway http://email@example.com
- Project Vincent finger gateway http://firstname.lastname@example.org
- Finger Gateway @ pvv.ntnu.no http://email@example.com
- Finger Gateway http://firstname.lastname@example.org
- Brett’s Finger Gateway Rickman information services
- Finger Gateway http://email@example.com
- Finger Gateway http://firstname.lastname@example.org
- Finger http://email@example.com
- Finger Gateway http://firstname.lastname@example.org
- FingerGate @WWW.Gamers.Org http://www.gamers.org/cgi/FingerGate?type=default&format;=hyper&addr;=email@example.com
- Gateways Finger, NSlookup, Ping, Whois, Host, Calendar, Traceroute, Man pages
- Finger Gateway University of Iowa – protected access10Aug99
DiG (Domain Internet Groper) queries domain name servers for information about the host/domain names. It gives a lot of information, most of which you can safely ignore. You’re not normally interested in addresses associated with the site where DiG was run and you’re also not interested in the NS and other records of the name servers that supplied the information, just the info related to the host/domain you queried. This is in the ;; ANSWER SECTION: and is the A internet IP address records, the MX mail exchanger records and the PTR pointer to host name records. If they don’t exist then the ;; ANSWER SECTION: will be empty or non-existent. The ;; AUTHORITY SECTION: and ;; ADDITIONAL SECTION: tell you what domain name server[s] are responsible for the part of the domain name system (DNS) you have queried.
Dig has two modes: simple interactive mode which makes a single query, and batch which executes a query for each in a list of several query lines. All query options are accessible from the command line.
DIG provides a lot information, most of which you can ignore. You’re not normally interested in addresses associated with the site where DIG was run and you’re also not interested in the NS and other records of the name servers that supplied the information, just the info related to the host/domain you queried. This is in the ;; ANSWERS: section and is the A internet IP address records, the MX mail exchanger records and the PTR pointer to host name records. If they don’t exist then the ;; ANSWERS: section will be empty or
non-existent. The ;; AUTHORITY RECORDS: and ;; ADDITIONAL RECORDS: sections tell you what domain name server[s] are responsible for the part of the domain name system (DNS) you have queried.
dig host-name causes dig to return the IP addresses (if any) for the given host or domain name. If problems occur, the status field in the first line of dig’s output will be something other than ‘NOERROR’. For example:
Example dig on domain
no2:/opt2/home3/expita>dig earthlink.net | more ; <<>> DiG 8.3 <<>> earthlink.net ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; earthlink.net, type = A, class = IN ;; ANSWER SECTION: earthlink.net. 21m44s IN A 126.96.36.199 earthlink.net. 21m44s IN A 188.8.131.52 earthlink.net. 21m44s IN A 184.108.40.206 earthlink.net. 21m44s IN A 220.127.116.11 earthlink.net. 21m44s IN A 18.104.22.168 earthlink.net. 21m44s IN A 22.214.171.124 earthlink.net. 21m44s IN A 126.96.36.199 earthlink.net. 21m44s IN A 188.8.131.52 earthlink.net. 21m44s IN A 184.108.40.206 ;; AUTHORITY SECTION: earthlink.net. 21m44s IN NS ns1.earthlink.net. earthlink.net. 21m44s IN NS ns2.earthlink.net. earthlink.net. 21m44s IN NS ns3.earthlink.net. earthlink.net. 21m44s IN NS ns4.earthlink.net. ;; ADDITIONAL SECTION: ns1.earthlink.net. 22h18m27s IN A 220.127.116.11 ns2.earthlink.net. 22h18m27s IN A 18.104.22.168 ns3.earthlink.net. 1d8h6m6s IN A 22.214.171.124 ns4.earthlink.net. 22h18m27s IN A 126.96.36.199 ;; Total query time: 2 msec ;; FROM: no2 to SERVER: default -- 188.8.131.52 ;; WHEN: Mon Feb 26 18:07:44 2001 ;; MSG SIZE sent: 31 rcvd: 311
Host command prints information about specified hosts in DNS. Hosts may be IP addresses of hostnames; host converts IP addresses to hostnames by default, and appends the local domain to hosts without a trailing dot. Default servers are determined in /etc/resolv.conf.
Host (UNIX help file)
Usage: host [-adlrwv] [-t querytype] [-c class] host [server] -a is equivalent to '-v -t *' -c class to look for non-Internet data -d to turn on debugging output -l to turn on 'list mode' -r to disable recursive processing -s recursively chase signature found in answers -t querytype to look for a specific type of information -v for verbose output -w to wait forever until reply
Example host on domain
no2:/opt2/home3/expita>host earthlink.net earthlink.net has address 184.108.40.206 earthlink.net has address 220.127.116.11 earthlink.net has address 18.104.22.168 earthlink.net has address 22.214.171.124 earthlink.net has address 126.96.36.199 earthlink.net has address 188.8.131.52 earthlink.net has address 184.108.40.206 earthlink.net has address 220.127.116.11 earthlink.net has address 18.104.22.168 earthlink.net has address 22.214.171.124 earthlink.net has address 126.96.36.199 earthlink.net mail is handled (pri=5) by mx01.earthlink.net earthlink.net mail is handled (pri=5) by mx02.earthlink.net earthlink.net mail is handled (pri=5) by mx00.earthlink.net