site - Better than traceroute / nslookup

06
2014-04
  • Marcuz

    Im searching for a command that shows all IP addresses that you get in status bar when you connect to site.

    Example: ebuddy.com, is not ony ebuddy.com, but varnish.ebuddy.com bsvc.ebuddy.com web.ebuddy.com

    and so on. Does anyone know?

    (Linux Mint, based on Ubuntu packages)

    • Answers
  • ntv1000

    Those are not IP addresses, but subdomains and there is no easy way to find all subdomains associated with a site other than brute-forcing.

    If it helps: you can google for "site:ebuddy.com -inurl:www" to see some subdomains, but it is not very practical.


    • Related Question

    How does traceroute with ports work?
  • zneak

    I was reading the manpage for traceroute, and I noticed it accepts a port argument.

    I thought traceroute worked only with ICMP. What does it do with the port?


    • Related Answers
  • Slartibartfast

    Traceroute (classical mode) works by sending UDP packets to a high, theoretically unused UDP port, changing the time to live (TTL) for each packet so that routers along the way notice that it has timed out and return ICMP time exceeded messages. Traceroute then prints those messages out until it gets a message from the destination host denying the connection.

    You can change the port in case the default port is in use (thus preventing that last hop from working because the packet is silently accepted).

    There is a wealth of information in the man page for traceroute on your standard Linux distro.

  • Kenny Rasschaert

    That's in case ICMP is blocked somewhere along the way.

    You could for example use port 80 (http) because almost any firewall will allow it to pass through.