Basic command to resolve ip to hostname
hi!
i'm just wondering if in a shell we can do name resolving from IP address to hostname in Windows, usually I performed: C:\ ping -a 64.233.189.104 Pinging www.google.com [64.233.189.104] with 32 bytes of data: Reply from 64.233.189.104: bytes=32 time=46ms TTL=245 but when I tried the same in linux shell: $ ping -a 64.233.189.104 PING 64.233.189.104 (64.233.189.104): 56 data bytes 64 bytes from 64.233.189.104: icmp_seq=0 ttl=237 time=223.405 ms any idea how do i get ping to resolve hostname working in linux? appreciate your advice.. thanks! |
nslookup <ip>
|
Quote:
have to use nslookup instead? |
Yep. Ping is used for checking a host, not for resolving its name.
You can also use 2 commands: * host * dig |
and there is also the command resolveip (at least there is in debian)
|
learn dig, it's the most versatile and useful, imho.
Code:
it-etch:~# dig -x 64.233.189.104 |
Gatcha's for dig
By the way unless your dns server has reverse dns lookup implemented dig will not get the infomation your looking for. This is quite likely the case if your using a windows server with the out of the box implementation of dns running. Up to server 2003 versions. I dont know about server 08 Im not running that one in my organization at all.
nslookup %ip address% will still resolve the hostname for you though. I know this is an old post but I was looking for information and this page cam up. Thought others might want to know why dig has add results at times. Hal |
If you configured DNS properly on your Windows 2K+ server it handles reverse lookups just fine. If your Windows DNS server is not handling rDNS then it's configuration is either wrong or incomplete.
The DNS server queried in my example 192.168.0.25 is a Windows 2003 Server, and it does rDNS for both internal zones and external zones. Dig provides much better and more complete results than nslookup ever did imho. |
All of the solutions propsoed so far presume the answer is held in DNS. What the questioner was really asking though, is how to do the equivalent of a NETBIOS broadcast for an IP host name. Of course there a slight problem with that, i.e. there ain't no NETBIOS here! I suppose the equivalent would be...
Given an ip address which is not present in your local hosts file and is not in your DNS server's database, is there a way to query a machine for it's hostname? That is a question I would like to know the answer to, and is the question that brought me to this thread. --bh |
This may be a place for you to start..
nmbd(8) - Linux man page nmbd - NetBIOS name server to provide NetBIOS over IP naming services to clients http://linux.die.net/man/8/nmbd |
Thanks for the nmbd reference, though it's not quite what I'm after. What I'm trying to determine is whether there is a way to do this without adding a new protocol to the mix.
It seems that the ip suite, sans NBT, does not offer anything like NBT's broadcast-based name to IP address resolution (or the reverse). Looking at nsswitch.conf seems to support this, as all proposed name resolution techniques require the use of local or server-based files. Here's the scenario that prompted the question... I'm in a classroom with 20+ Linux installations. All machines get addresses from a DHCP server which no one in the classroom has admin access to, and which does not register leases with a DNS server. All students are using the same root password, thereby enabling the instructor to access their machines when necessary. All machines are configured with unique host names which can be used to identify the location of the PC in the classroom, and consequently the student sitting there. A student learns about ssh and starts messing with his classmates' machines. In the victims' machines, the ip address of the attacker is viewable in the log files, but there is no way to easily determine which machine the ip address belongs to. In this situation with no NBT and no local DNS already in place, the only way I can see to find the attacker is to use arp to determine the machine's hardware address, then go to each machine and do a PC by PC search for it. In that scenario, is there a better (more efficient) way to find the attacker? |
Yes install italc on the teachers machine and then they can monitor what the students are doing.
Have the IT department implement dDNS on their network to resolve the name resolution issues, quit handing out the root passwords for machines. give all students a unique login. Looks to me like the problem is being caused by the way the implementation was done, and unless you actually address the root cause you won't solve your security issues. . That is surely less work for the IT department as opposed to repairing machines that have had their configurations 'modified' by students. |
You can also setup a quasi static addresses on the machines. This will mean no changes on the server end and only a minor edit to each machine's /etc/sysconfig/networking/devices/ifcfg-eth0 (assuming eth0).
|
Basic command to resolve ip to hostname
list of commands to gather information about the host:
#complete list of ports & macaddress nmap -v 10.10.10.5 nmap -sP 10.10.10.5 # ms-info ;) smbclient -L 10.10.10.5 ....Usually lack information .. ;) |
Get out of the habit of using ping for anything is my vote.
The above help needs to be viewed as two parts basically. One is the normal Fully Qualified Domain Name and the other help is for MS client names. There are also other names that have ways to resolve depending on what you need. |
Using ping still seems a way to resolve a hostname, following the systems nsswitch.conf order. That is, checking hosts file first. dig, nslookup and host command all go straight to DNS and bypass hosts file.
Another command for this is: Code:
getent hosts <domain> |
All times are GMT -5. The time now is 06:22 PM. |