Scribd
Upload
3 views

Python ping, Traceroute, Netstat, Windump & Proc

The document provides an overview of various networking tools including Python Ping, Traceroute, and Netstat, detailing their functionalities and usage. Python Ping allows sending ICMP probes to remote devices, Traceroute helps visualize the path of packets through servers, and Netstat displays network connections and statistics. Additionally, it explores the Linux /proc filesystem, which offers insights into system processes and hardware information.

Uploaded by

Balwinder Singh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

Python ping, Traceroute, Netstat, Windump & Proc

The document provides an overview of various networking tools including Python Ping, Traceroute, and Netstat, detailing their functionalities and usage. Python Ping allows sending ICMP probes to remote devices, Traceroute helps visualize the path of packets through servers, and Netstat displays network connections and statistics. Additionally, it explores the Linux /proc filesystem, which offers insights into system processes and hardware information.

Uploaded by

Balwinder Singh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Python Ping, Traceroute, Netstat,

Windump & Proc

CS307: Systems Practicum Lecture-3


Prof. Varun Dutt, IIT Mandi 16th Feb 2023
Python Ping
Python Ping is simple way to ping in Python. With it, you can send ICMP Probes to remote devices like you would
do from the terminal. Python Ping is modular, so that you can run it in a script as a standalone function, or
integrate its components in a fully-fledged application

Basic Usage

The simplest usage of Python Ping is in a script. You can use the ping function to ping a target. If you want to
see the output immediately, emulating what happens on the terminal, use the verbose flag as below.

Regardless of the verbose mode, the ping function will always


return a ResponseList object. This is a special iterable object,
containing a list of Response items. In each response, you can
find the packet received and some meta information, like the
time it took to receive the response and any error message.
Traceroute
Why perform a traceroute?

The objective of a graphical traceroute is to discover each server relaying your IP packet from
point to another, and to measure the return-trip delay between the probing host (here G
Suite.Tools; https://gsuite.tools/traceroute) and each relay on the packet path.

G Suite.Tools' visual traceroute online app makes it easy to precisely pinpoint weak nodes
impacting your global network performance. In addition to determining the response time of each
hop the packet is travelling through, you're now able to visualize in full screen the path of each
probe ping between our server and the tested IP address within Google Maps in a instant.
Traceroute
The traceroute tool will then send from 1 to 30 IP packets to
the target, incrementing the Time-To-Live (TTL) for each
probe ping, starting from TTL 1.

In this networking context, the TTL defines the maximum


number of hops a packet can be relayed through during its
travel over the Internet.

Thus, each probe will incrementally reach one relay further


than the previous ping. When a packet reaches a network
node and gets its TTL credit down to 0, it will stop there and
elicit a TIME_EXCEEDED response to be sent back to the
ping's origin (G Suite.Tools).

That's how our tool can measure the response time of each
node within the path of an IP packet.
Netstat: Introduction
It's a command-line tool that you can use in Command Prompt to display statistics for all network
connections. It allows you to understand open and connected ports to monitor and troubleshoot networking
problems for system or applications.

When using this tool, you can list active networks (incoming and outgoing) connections and listening ports.
You can view network adapter statistics as well as statistics for protocols (such as IPv4 and IPv6). You can
even display the current routing table, and much more.

we'll walk you through the steps to use the netstat command to examine connections to discover open and
connected network ports.
How to use netstat on Windows 10
To get started with netstat, use these steps:

1. Open Start.
2. Search for Command Prompt, right-click the
top result, and select the Run as
administrator option.
3. Type the following command to show all
active TCP connections and press
Enter:netstat
How to use netstat on Windows 10
4. Type the following command to display active connections showing numeric IP address and port
number instead of trying to determine the names and press Enter:netstat -n
How to use netstat on Windows 10
5. (Optional) Type the following command to refresh the information at a specific interval and press
Enter:netstat -n INTERVAL. In the command, make sure to replace INTERVAL for the number
(in seconds) you want to redisplay the information.This example refreshes the command in question
every five seconds:netstat -n 5. Quick note: When using the interval parameter, you can
terminate the command using the Ctrl + C keyboard shortcut in the console.
How to use netstat on Windows 10
Once you execute the command, it'll return a list of all active connections in four columns, including:

● Proto: Shows the connection protocol (TCP or UDP).


● Local Address: Shows the computer's IP address followed by a semicolon with a port number of the
connection. The double-semicolon inside brackets indicates the local IPv6 address, and "0.0.0.0"
refers to the local address too.
● Foreign Address: Lists the remote device's IP (or FQDN) address with the port number after
semicolon port name (for example, https, http, microsoft-ds, wsd).
● State: Indicates where the connection is active (established), the local port has been closed
(time_wait), and the program hasn't closed the port (close_wait). Other status include, closed,
fin_wait_1, fin_wait_2, last_ack, listen, syn_received, syn_send, and timed_wait.
Show active and inactive connections

The command displays all active and


inactive connections, and the TCP and
UDP ports the device is currently
listening.
Show executable information
The command lists all the executables
(applications) associated with each connection.
Sometimes, applications may open multiple
connections.
Show network adapter statistics
The command generates a statistic of the network interface, which shows information like the number of
bytes, unicast and non-unicast sent and received packets. You can also see discarded packets and errors
and unknown protocols, which can you troubleshoot networking problems.
Show FQDNS for foreign addresses
The command shows the fully qualified domain name
(FQDN) for foreign addresses. For example,
"server-54-230-157-50.otp50.r.cloudfront.net:http"
instead of "server-54-230-157-50:http" or
"54.230.157.50".
Show numerical form
The command displays the addresses and
ports in numerical form. For example,
54.230.157.50:443.
Show process ID

The command shows all active TCP connections like,


but with the difference that adds a fifth column to
display the Process ID (PID) for each connection. The
processes available in this view are the same in the
"Details" tab of Task Manager, which also reveals the
application using the connection.
Show connections by Protocol

Above can be used to display connections


per-protocol that you have to specify using

next to the command. For example, you can use


the to view a list of TCP connections.
Show statistics by Protocol
The shows network statistics for all available
protocols, including TCP, UDP, ICMP, and IP
protocols (version 4 and 6).

If you want to see all the available parameters and


additional help, you can always use the command.
Win Dump
Exploring the Linux /proc filesystem

● The /proc filesystem appears to always exist because it's built at boot time and is
removed at shutdown, but it is actually a virtual filesystem that contains a lot of relevant
information about your system and its running processes.
● Note: I'm accessing files and directories under /proc as a standard user and not as root
unless otherwise noted.
● If you look at the files under /proc, you'll see a lot of them (150+), depending on how
many processes you have running.
Exploring the Linux /proc filesystem

● The numbered files are directories that correspond to process numbers or process IDs
(PIDs).
● For example, in the first column, there are processes with the numbers 1, 10, 1055, 1057,
1059, and so on.
● Inside those process-numbered directories, there are more files that have to do with the
processes themselves. Below is a listing of the /proc/411 directory.

Exploring the Linux /proc filesystem

● You'll notice that a long listing (ls -l


/proc) reveals that the regular text files
have a size of 0.
● Ordinarily, a zero-sized file means that it
contains no content. However, these
/proc files, like the /proc filesystem
itself (procfs), are virtual.
● This file contains information about your
CPU(s). Many of the regular text type
files contain hardware and system
information and you may cat them as
you would any other text file.
Remember to ignore that zero file size
References
● https://pypi.org/project/pythonping/
● https://www.educative.io/answers/how-to-ping-multiple-ip-addresses-using-python-script
● https://python.plainenglish.io/python-traceroute-with-a-visualization-like-in-the-hacker-movie-scene-
179abcb74dc8
● https://www.windowscentral.com/how-use-netstat-command-windows-10
● https://www.youtube.com/watch?v=oCOJBDFRnro
● https://www.redhat.com/sysadmin/linux-proc-filesystem

You might also like