Quick Host Info Lookup: Tools, Commands, and TipsWhen you need to gather information about a host — a server, workstation, or network device — having a concise set of tools, commands, and practical tips speeds troubleshooting, security checks, and inventory tasks. This guide covers common techniques for collecting host information, both from the perspective of quick local inspections and remote lookups. It’s designed for system administrators, security practitioners, and power users who want reliable, repeatable steps.
What “Host Info” Usually Means
Host information can include:
- Hostname and fully qualified domain name (FQDN)
- IP addresses (IPv4 and IPv6) and subnet details
- Operating system and kernel version
- Open ports and listening services
- Running processes and resource usage
- Network configuration and routing table
- Hardware info (CPU, memory, disks)
- Installed packages and patch level
- DNS records and reverse DNS (PTR)
- Certificates (TLS/SSL) and expiry details
Local Commands (Linux / macOS / Windows)
Below are fast commands to run on the host you’re investigating. Prefix with sudo where required.
Linux / macOS:
- Hostname and FQDN:
- hostname
- hostname -f
- IP addresses:
- ip addr show
- ifconfig (legacy)
- Default route / routing table:
- ip route show
- netstat -rn
- DNS resolver config:
- cat /etc/resolv.conf
- OS and kernel:
- uname -a
- lsb_release -a (Linux)
- sw_vers (macOS)
- Open/listening ports:
- ss -tuln
- netstat -tuln
- Active connections:
- ss -tunap
- Processes and resource usage:
- top or htop
- ps aux –sort=-%mem | head
- Disk usage:
- df -h
- lsblk
- Hardware info:
- lscpu
- free -h
- Installed packages:
- dpkg -l (Debian/Ubuntu)
- rpm -qa (RHEL/CentOS)
- System logs:
- journalctl -xe (systemd systems)
- /var/log/*
Windows (PowerShell / CMD):
- Hostname:
- hostname
- $env:COMPUTERNAME
- IP and interfaces:
- ipconfig /all
- Get-NetIPAddress
- Routes:
- route print
- OS and edition:
- systeminfo | findstr /B /C:“OS Name” /C:“OS Version”
- Listening ports:
- netstat -ano
- Get-NetTCPConnection -State Listen
- Processes:
- tasklist
- Get-Process | Sort-Object CPU -Descending
- Disk usage:
- Get-PSDrive -PSProvider FileSystem
- Installed software:
- Get-WmiObject -Class Win32_Product
- Event logs:
- Get-EventLog -LogName System -Newest 50
Remote Lookups and Network Tools
For remote hosts, use these tools to discover DNS, reachability, and services.
- ping — basic reachability and round-trip time.
- traceroute / tracert — path to the host and hops.
- dig / nslookup — DNS records (A, AAAA, MX, TXT, SOA, PTR).
- Example: dig +short example.com A
- Example: dig -x 1.2.3.4 (reverse DNS)
- whois — domain and IP ownership and registration metadata.
- nmap — port scanning and service detection.
- Quick scan: nmap -sS -F target
- Service/version detection: nmap -sV -p- target
- OS detection (use carefully): nmap -O target
- curl / wget — fetch HTTP headers, test TLS and redirects.
- Example: curl -I https://example.com
- sslyze / openssl s_client — inspect TLS configurations and certificates.
- openssl s_client -connect example.com:443 -servername example.com
- masscan — very fast large-scale port scanning (use responsibly).
- Shodan / Censys — internet-wide search engines for exposed services (use for reconnaissance only with permission).
DNS-specific Checks
DNS often explains why a host is reachable or not:
- A / AAAA records: where the domain points.
- CNAME: aliases and chain lengths can cause delays.
- MX: mail servers for the domain.
- TXT: SPF, DKIM, DMARC, and arbitrary metadata.
- PTR: reverse lookup mapping IP → name (can affect mail deliverability).
- SOA: authoritative nameserver and TTL values.
Example dig commands:
- dig example.com A +short
- dig example.com MX
- dig +trace example.com
- dig -x 203.0.113.5
TLS/SSL and Certificate Inspection
Check certificate validity and chain:
- openssl s_client -connect host:443 -servername host
- curl -vI https://host
- Online/CLI tools like sslyze or testssl.sh for deeper configuration checks (protocol support, ciphers, weak options).
Look for:
- Expiry date (avoid expired certs)
- Hostname mismatch
- Weak ciphers / TLS 1.0/1.1 support
- Incomplete chains
Quick Scripts / One-liners
A few handy one-liners:
Get public IP:
- curl ifconfig.me
- curl -s https://ipinfo.io/ip
Quick port check:
- bash: (echo > /dev/tcp/host/80) && echo “open” || echo “closed”
Fetch HTTP headers:
- curl -I https://example.com
Simple nmap scan:
- nmap -Pn -p 1-1024 –open -T4 target
Interpreting Results and Next Steps
- Unresponsive host: verify network path (ping/traceroute), firewall rules, and local service state.
- Unexpected open ports: identify process (ss/netstat) and validate legitimacy.
- DNS mismatch: check authoritative nameservers and TTLs; confirm registrar settings.
- Expired or mismatched certs: renew or fix certificate configuration; ensure full chain served.
- High resource usage: inspect processes, logs, and recent changes or updates.
Security and Ethics
- Always have authorization before scanning or probing systems you do not own or manage. Unauthorized scanning can be considered hostile and illegal.
- For production environments, prefer low-impact checks or scheduled maintenance windows.
- Keep tools updated; attackers and defenders both evolve techniques.
Quick Reference Checklist
- Confirm hostname and FQDN.
- Verify IP addresses and routes.
- Check DNS records (A/AAAA, PTR, MX, TXT).
- Scan open ports and identify services.
- Inspect TLS certificates if applicable.
- Review OS, patches, and running processes.
- Check system and application logs for anomalies.
Useful Resources and Tools (short list)
- Built-in: ping, traceroute, dig/nslookup, curl, openssl, netstat/ss
- Scanners: nmap, masscan
- TLS/test: sslyze, testssl.sh
- Asset search: Shodan, Censys
- System info: lscpu, lshw, systeminfo, journalctl
Collecting host information is often iterative: start with quick, nonintrusive checks, then escalate to deeper inspection as needed. With the tools and commands above you can rapidly build a clear picture of a host’s network identity, services, and health.
Leave a Reply