LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Basic command to resolve ip to hostname (http://www.linuxquestions.org/questions/linux-newbie-8/basic-command-to-resolve-ip-to-hostname-582026/)

daemonkl 09-04-2007 01:33 AM

Basic command to resolve ip to hostname
 
hi!

i'm just wondering if in a shell we can do name resolving from IP address to hostname

in Windows, usually I performed:

C:\ ping -a 64.233.189.104
Pinging www.google.com [64.233.189.104] with 32 bytes of data:
Reply from 64.233.189.104: bytes=32 time=46ms TTL=245

but when I tried the same in linux shell:

$ ping -a 64.233.189.104
PING 64.233.189.104 (64.233.189.104): 56 data bytes
64 bytes from 64.233.189.104: icmp_seq=0 ttl=237 time=223.405 ms

any idea how do i get ping to resolve hostname working in linux?

appreciate your advice.. thanks!

chrism01 09-04-2007 01:48 AM

nslookup <ip>

daemonkl 09-04-2007 02:17 AM

Quote:

Originally Posted by chrism01 (Post 2880482)
nslookup <ip>

so there is no similarities to ping in Linux & windows
have to use nslookup instead?

nx5000 09-04-2007 05:35 AM

Yep. Ping is used for checking a host, not for resolving its name.
You can also use 2 commands:
* host
* dig

restless 09-05-2007 08:38 AM

and there is also the command resolveip (at least there is in debian)

farslayer 09-05-2007 08:58 AM

learn dig, it's the most versatile and useful, imho.

Code:

it-etch:~# dig -x 64.233.189.104

; <<>> DiG 9.3.4 <<>> -x 64.233.189.104
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41992
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;104.189.233.64.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
104.189.233.64.in-addr.arpa. 86400 IN  PTR    hk-in-f104.google.com.

;; Query time: 144 msec
;; SERVER: 192.168.0.25#53(192.168.0.25)
;; WHEN: Wed Sep  5 09:56:34 2007
;; MSG SIZE  rcvd: 80


halbert5150 12-17-2008 09:12 AM

Gatcha's for dig
 
By the way unless your dns server has reverse dns lookup implemented dig will not get the infomation your looking for. This is quite likely the case if your using a windows server with the out of the box implementation of dns running. Up to server 2003 versions. I dont know about server 08 Im not running that one in my organization at all.

nslookup %ip address% will still resolve the hostname for you though.

I know this is an old post but I was looking for information and this page cam up. Thought others might want to know why dig has add results at times.

Hal

farslayer 12-17-2008 10:45 AM

If you configured DNS properly on your Windows 2K+ server it handles reverse lookups just fine. If your Windows DNS server is not handling rDNS then it's configuration is either wrong or incomplete.

The DNS server queried in my example 192.168.0.25 is a Windows 2003 Server, and it does rDNS for both internal zones and external zones.

Dig provides much better and more complete results than nslookup ever did imho.

bit_head 12-17-2008 07:16 PM

All of the solutions propsoed so far presume the answer is held in DNS. What the questioner was really asking though, is how to do the equivalent of a NETBIOS broadcast for an IP host name. Of course there a slight problem with that, i.e. there ain't no NETBIOS here! I suppose the equivalent would be...

Given an ip address which is not present in your local hosts file and is not in your DNS server's database, is there a way to query a machine for it's hostname?

That is a question I would like to know the answer to, and is the question that brought me to this thread.

--bh

farslayer 12-17-2008 08:40 PM

This may be a place for you to start..


nmbd(8) - Linux man page

nmbd - NetBIOS name server to provide NetBIOS over IP naming services to clients

http://linux.die.net/man/8/nmbd

bit_head 12-18-2008 08:36 AM

Thanks for the nmbd reference, though it's not quite what I'm after. What I'm trying to determine is whether there is a way to do this without adding a new protocol to the mix.

It seems that the ip suite, sans NBT, does not offer anything like NBT's broadcast-based name to IP address resolution (or the reverse). Looking at nsswitch.conf seems to support this, as all proposed name resolution techniques require the use of local or server-based files.

Here's the scenario that prompted the question...

I'm in a classroom with 20+ Linux installations. All machines get addresses from a DHCP server which no one in the classroom has admin access to, and which does not register leases with a DNS server. All students are using the same root password, thereby enabling the instructor to access their machines when necessary. All machines are configured with unique host names which can be used to identify the location of the PC in the classroom, and consequently the student sitting there.

A student learns about ssh and starts messing with his classmates' machines. In the victims' machines, the ip address of the attacker is viewable in the log files, but there is no way to easily determine which machine the ip address belongs to. In this situation with no NBT and no local DNS already in place, the only way I can see to find the attacker is to use arp to determine the machine's hardware address, then go to each machine and do a PC by PC search for it.

In that scenario, is there a better (more efficient) way to find the attacker?

farslayer 12-18-2008 08:43 AM

Yes install italc on the teachers machine and then they can monitor what the students are doing.

Have the IT department implement dDNS on their network to resolve the name resolution issues,
quit handing out the root passwords for machines.
give all students a unique login.

Looks to me like the problem is being caused by the way the implementation was done, and unless you actually address the root cause you won't solve your security issues. .

That is surely less work for the IT department as opposed to repairing machines that have had their configurations 'modified' by students.

lazlow 12-18-2008 11:08 AM

You can also setup a quasi static addresses on the machines. This will mean no changes on the server end and only a minor edit to each machine's /etc/sysconfig/networking/devices/ifcfg-eth0 (assuming eth0).

Freedeveloper 08-29-2011 02:25 AM

Basic command to resolve ip to hostname
 
list of commands to gather information about the host:
#complete list of ports & macaddress
nmap -v 10.10.10.5
nmap -sP 10.10.10.5
# ms-info ;)
smbclient -L 10.10.10.5
....Usually lack information .. ;)

jefro 08-29-2011 07:22 PM

Get out of the habit of using ping for anything is my vote.

The above help needs to be viewed as two parts basically. One is the normal Fully Qualified Domain Name and the other help is for MS client names. There are also other names that have ways to resolve depending on what you need.


All times are GMT -5. The time now is 11:41 PM.