Network and system analysis crib sheet

This crib sheet contains common commands I can use to analyse the network on Unix-like systems.

Network Interface

Check the available network interfaces
Use the Network Utility under /Applications/Utilities and select the Info tab (Mac OS X).
OR
ifconfig -a

Network Connections

Display active TCP connections
netstat -i

Display all open connections
netstat -r -n -a

-r show routing table
-n don't lookup hostnames
-a show all open connections

Display open connections to or from a specific IP Address
lsof -i@<IP Address>

Display all open TCP connections
lsof -i tcp

Show information about packets in the network
netstat -I <ethernet device> -w <seconds>

example:
netstat -I en0 -w 5

-r show routing table

Check for open ports
netstat -a
OR
/Applications/Utilities/Network\ Utility.app/Contents/Resources/stroke start_port end_port

Domain Name

Get IP Address and nameservers
dig <domain name>

Translate IP address to domain name
dig -x <IP Address>

Translate domain name to IP address
host <domain name>

Misc

Display packets from machine
tcpdump -i <ethernet device> dst port <port number>

example:
tcpdump -i en0 dst port 80

Find which process has opened a file
/usr/sbin/lsof <filesystem>

example:
/usr/sbin/lsof /mnt/cdrom
Checks if any processes have opened files in the CD-ROM drive