This week, we take a quick look at a Mac tool that provides one-stop access to pinging, route tracing or domain investigating.
What’s the first thing you do when you try to connect to a server, download your mail or visit a Web page and you get nothing but connection errors or long delays? Folks who came to the Mac from Windows or some Unix variant or another might say “pop open a terminal and run ping or traceroute!” That’s a fine answer, but this week we’ve got a quick look at a Mac tool that provides one-stop access to those venerable utilities and several more.
Like OS X’s Terminal app, Network Utility is buried down in Applications/Utilities, along with other programs that aren’t your Web browser, mail client or Photoshop: like ODBC Administrator.app, ColorSync Utility.app or perennial “Just migrated from Linux and you’ll never get me to give up GNOME!” gearhead favorite, X11.app. Unlike those, though, you’ll probably use this one a lot if you do a lot of pinging, route tracing or domain investigating.
Network Utility presents a simple window with nine tabs. Each tab represents a GUI version of some command line tool you’re probably familiar with if you’ve ever done any network troubleshooting, or wanted to know who to contact so you could make an offer to take over “robotfancy.com” and really do something great with it. It also provides some system information that isn’t bad to have around. Here are some of the highlights:
The Info tab tells you the basics of your Mac’s networking interfaces, including what, exactly they are (a gigabit ethernet adapter or an Airport card, for instance), what their MAC addresses are (define), and what their assigned IP addresses are (define).
What can you do with this information? Some consumer-grade routers allow you to do stuff like filter which machines are allowed to use their wireless connection or manage their configuration by MAC address. The information’s right there in the default tab of Network Utility (though it refers to the MAC address as the “Hardware Address”), and you can copy/paste it with the mouse instead of typing in 12 characters of hex.
The Netstat tab offers several preset versions of reports from the shell utility of the same name. You can take a look at comprehensive stats network traffic to and from your Mac by protocol and take a look at the routing table. The report I find most interesting to run from time to time is the “Display the state of all current socket connections” item, which lets you see which hosts your machine is connecting to over the network by port and domain name. This is a great tool for learning about any applications you have that might be calling home, or which host an app is really trying to connect to when it mysteriously fails.
The Whois tab provides a simple interface to the whois entry (define) for a given domain. If you’ve ever gone shopping for a good domain name and been inundated with a registrar’s sketchy banner ads and other attempts to grab your eyeballs (with the attendant frustration of long page loads for each query you make), you’ll probably enjoy the relative simplicity of Network Utility’s approach. If you’re used to using the whois command line tool’s arguments to specify which whois database to consult, take note of the dropdown menu, which provides access to the common databases.
The Lookup tab provides a graphical interface to the “dig” command. If you need information like what’s acting as the mail host for a given domain, what the IP address is for a given host, what the hostname is for a given address, or which nameservers are handling DNS records for a domain. Dig is a pretty powerful utility, and its graphical representation within Network Utility highlights some of the limitations of putting a GUI on a command line tool: You lose a number of options in the name of keeping the interface simple and manageable.
Finally, the Port Scan tool does just what it says, taking a quick look at a given host, and seeing which ports are listening (and, by inference, which services are available). Unlike the other tools in Network Utility, the Port Scan tool isn’t a front end for a familiar application like dig or ping, but for a small executable named “stroke” bundled in Network Utility itself.
There are two kinds of networkers who find the sort of information this tool provides useful: Malicious folks who’re out to see if you’ve got an exploitable service running, and the rest of us, who want to take a quick look at a system we’re responsible for to make sure there’s nothing open to the world we didn’t mean to leave open, or who are trying to figure out why a network-dependent app we’re running isn’t working.
As port scanning tools go, this one is pretty simple. You can specify the range of ports to scan (good if you know exactly what you’re looking for), but that’s the only option. Its output is sparse, too, telling you only which ports are open by number, not by the service they typically represent. If you don’t know the difference between ports 22 and 25, check out the list at ISS.net, which provides links to descriptions of each port and service, as well as informative articles about how vulnerabilities in those services are exploited. If you’re scanning your own Mac, you’ll probably find Apple’s own support document on well known ports and services pretty useful, too, since it’s written with Mac users in mind.
One other thing to keep in mind: The port scanning tools black hats prefer are generally a lot more subtle when they go about their business, because scanning just any old host is considered by many to be rude, if not outright belligerent. A columnist once described port scanning as “similar to a thief going through your neighborhood and checking every door and window on each house to see which ones are open and which ones are locked,” and a lot of cautious administrators take the same view. Network Utility wasn’t designed for you to stealth around the ‘net rattling doorknobs, so using it to give random sites the once-over will probably notify any applications looking out for that kind of behavior, some of which will raise alarms with security admins or take measures to block further traffic from your network outright.
Just use the Port Scan tool to survey your own systems, and you’ll be fine.
I didn’t cover all the functionality, because ping and traceroute are pretty well understood, finger is becoming a pretty rare service to find, and because AppleTalk is getting pretty rare, too. The next time I touch on Mac networking, it will be to look at ways to get network utilities Apple didn’t bundle with OS X onto your Mac.
