When you have an IP address or domain name that you want to know more about, there are different commands and tools you can use depending on what you want to know about that IP address or domain name. The way you get information might vary depending on the operating system you are using. Some of these methods are used to troubleshoot connectivity issues or might be used to investigate a security incident. These are command line commands which are used exclusively on a command line. Here are some methods used to get information about an IP address or domain name:
Ping
The ping command is used to send ICMP packets to a target IP address to check if the target IP is accessible from the sender device. It will sometimes confirm whether the target is active and responsive.Usually used to check whether the target is up or down while troubleshooting. It retrieves the IP address of a domain if a domain name is used.
Usage:
ping <Target_Name>
Output
ping google.ca
PING google.ca (172.217.1.3): 56 data bytes
64 bytes from 172.217.1.3: icmp_seq=0 ttl=112 time=71.659 ms
64 bytes from 172.217.1.3: icmp_seq=1 ttl=112 time=70.451 ms
64 bytes from 172.217.1.3: icmp_seq=2 ttl=112 time=70.876 ms
64 bytes from 172.217.1.3: icmp_seq=3 ttl=112 time=73.760 ms
Traceroute/tracert
Used to trace the route that packets take to reach the target IP address.Shows a list of intermediate routers or nodes the packet goes through
Usage:
tracert <Target_Name>
traceroute <Target_Name>
Output
traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
1 router1 (192.168.1.1) 1.245 ms 1.232 ms 1.123 ms
2 ISP-Gateway (203.0.113.1) 8.567 ms 7.890 ms 9.112 ms
3 isp-router (198.51.100.1) 15.678 ms 16.543 ms 14.890 ms
4 core-router (203.0.113.10) 22.567 ms 21.890 ms 23.112 ms
5 border-router (192.0.2.1) 30.567 ms 31.123 ms 29.890 ms
6 example.com (93.184.216.34) 36.112 ms 35.890 ms 37.123 ms
Nslookup
This is used to retrieve DNS information about the target IP or the IP address associated with the DNS name. Usually provides the DNS name associated with the IP address and the DNS server used to get that information.
Usage:
nslookup <Target_Name>
nslookup google.ca;
Output
Server: dnsipaddress
Address: dnsipaddress#53
Non-authoritative answer:
Name: google.ca
Address: 142.251.33.99
Whois
This provides more extensive details about the target including the owner, country, organization and contact information regarding the domain or IP. This can be used when investigating a domain or IP address to gather as much information as possible about that target
Usage:
whois <Target_Name>
whois example.com
Output:
Domain Name: EXAMPLE.COM
Registrar: Some Registrar, Inc.
Registration Date: 2022-01-01
Expiration Date: 2023-01-01
Registrant:
Name: John Doe
Organization: Example Company
Address: 123 Main St, City, Country
Email: john.doe@example.com
Admin Contact:
Name: Jane Smith
Organization: Example Company
Address: 456 Admin St, City, Country
Email: jane.smith@example.com
Tech Contact:
Name: Tech Support
Organization: Example Company
Address: 789 Tech St, City, Country
Email: tech.support@example.com
Name Servers:
ns1.example.com
ns2.example.com
Dig
This mainly provides DNS-related information about a domain name or IP Address.This information includes but is not limited to the different types of DNS records that exist that are related to the target eg, A record, or AAAA records
Usage:
dig <Target_Name>
dig google.ca
Output:
; <<>> DiG 9.10.6 <<>> google.ca
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52140
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.ca. IN A
;; ANSWER SECTION:
google.ca. 148 IN A 142.251.33.99
;; Query time: 28 msec
;; SERVER: dnsipaddress#53(dnsipaddress)
;; WHEN: Mon Jan 29 21:37:07 PST 2024
;; MSG SIZE rcvd: 54
In conclusion, when seeking information about an IP address, various commands and tools are available, each serving distinct purposes based on the desired details. The choice of method may depend on the specific operating system in use. Whether troubleshooting connectivity problems or investigating security incidents, these command-line tools offer a direct and efficient means to gather information. These methods can be used to get information of both an IP address and a Domain name when needed.