6) Tips & Tricks

Command Line Tools: Network

Below you find a list of helpful command-line tools that are either already in OS X or are easy to install. All of the described tools also exist for other operating systems, please keep in mind that the syntax varies depending on the OS (RTFM).

nmap: (you find the nmap suite installer for OS X here)
Description (taken from nmap.org): nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line nmap executable, the nmap suite includes an advanced GUI and results viewer (Zenmap),a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Examples:
‘nmap -v -A 192.168.0.X’
‘nmap -sP 192.168.0.0/24’
Type ‘nmap –help’ for more information (two dashes before help)

netstat (network statistics, https://en.wikipedia.org/wiki/Netstat) is a command-line tool that displays network connections for the Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics. It is available on Unix-like operating systems including OS X, Linux, Solaris, and BSD, and is available on Windows NT-based operating systems including Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10.

It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.
Examples:
‘netstat -i’
‘netstat -na -p tcp’
Type ‘man netstat’ for more information.

tcpdump is a packet analyzer that runs under the command line in unix like operating systems. It allows to intercept and display TCP/IP and other packets being transmitted or received over a network. Especially for troubleshooting network related issues this free software (BSD license) is a great tool. Below a few helpful examples of tcpdump commands for OS X. You find more information at Wikipedia and this excellent site.
Apple’s support site covers tcpdump as well.

‘tcpdump -D’ print the list of available network interfaces on the system
‘tcpdump -i any -c 10’ captures 10 packets from all interfaces
‘tcpdump -i any -c 10 -n’ same as above, but omits DNS lookups (without the -n option tcpdump itself triggers DNS lookups)

‘tcpdump -i any -w captured.cap -v’ saves the output to a file called captured.cap until interrupted by Ctrl + C.
‘tcpdump -i any -w captured.cap -v -c30’ stops writing to the output file after 30 packets.
‘tcpdump -i any -i en0 -n host 192.168.0.123 -c 15’ captures only traffic coming from or going to host 192.168.0.123 and stops after 15 packets
‘tcpdump -i any -i en0 -n src host 192.168.0.123 -c 15’
‘tcpdump -i any -i en0 -n dst host 192.168.0.123 -c 15’ only one direction of the traffic is seen
‘tcpdump -i any -i en0 -n host 192.168.0.123 and host 192.168.0.150 -c 15’ shows only traffic between host 192.168.0.123 and 192.168.0.150 stopping after 15 packets.
‘tcpdump -i any -i en0 -n host 192.168.0.123 and port 53 -c 15’ shows only traffic from 192.168.0.123 and port 53