If you’re like most people, you’ve never taken a look at Network Utility (/Applications/Utilities), one of the free applications that comes with Mac OS X. But for geeks, it can be a useful diagnostic tool, whether you’re trying to figure out who really sent that e-mail message or you’re having trouble getting a Web page to load. Here’s a practical look at four of Network Utility’s features.
Whois it from?
When you get an e-mail message that includes a Web address, do you ever wonder whether the URL is legitimate or fake—part of a phishing expedition to con you out of your money? With whois, you can find out. Launch Network Utility and follow these steps:
1. Click on the Whois tab in Network Utility.
2. Enter the suspicious domain name (without http:// or www.) in the text field.
3. Select whois.internic.net from the Please Enter Or Select A Whois Server To Search drop-down menu.
4. Click on the Whois button.
5. If the name and address information you’re seeking is listed, you’re done. Otherwise, you still have more work to do. Locate the Whois Server line of the output and note the domain name listed. This is the server where the domain name is registered. Copy this name and paste it into the Whois Server To Search text field, replacing
Note that occasionally you might see more than one domain name variant listed. A quick whois search of Microsoft.com, for instance, brings up a long list of (sometimes humorous) variants. In this case, you won’t see a whois server name in the output. To fix this, put an equal sign (=) in front of the domain name in the Please Enter A Domain Address text field and then click on Whois again. The resulting output should show the whois server name for each of the variants. Locate the one you want and, as before, copy and paste the whois server name into the Whois Server text field. Delete the equal sign before the domain name before you go on to the next step.
6. Click on the Whois button again.
This time you will likely get the desired results, including the name, the address, and possibly the e-mail address of the person or company who owns the Web domain (see “Who Is It?”). If the registrant isn’t whomever you were expecting, you’re probably dealing with a fraudulent URL.
Pinging for problems
If a Web page just won’t load, your inquiring mind might want to know why. If the loading problem is restricted to just the one site, you can use Network Utility to determine whether the likely cause is at your end (perhaps you’re using an incompatible browser) or at the site’s end.
To do this, you ping the site. A ping sends a signal (called a packet ) to a site and waits for an echo (a response). If you get a response, the site is up and running. Here’s how to go about it:
1. Click on the Ping tab in Network Utility.
2. In the Network Address To Ping field, type the domain name for the site (such as
3. Click on the Ping button.
By default, the tool sends ten pings. The output indicates the response from each ping and how long it took to arrive. If some pings don’t come back or take a long time, this suggests the Web site will load more slowly than expected or perhaps not at all. No successful pings means the site is probably down.
There’s just one problem with all of this—and it’s a doozy. Because malicious excessive pinging can overwhelm a server, some sites (Macworld.com, for instance) block the ping command and refuse to send an echo back. Unfortunately, it can be hard to distinguish whether a failure has occurred because the site is down or because it’s blocking pings. (You can also use ping to find local network devices.)
Trace it to the source
Like ping, the traceroute command can help you diagnose site-loading woes. Whereas ping tells you whether your requests are making it to the server, traceroute takes a look at the path your requests travel through the Internet. The command provides a list of all the hops a data packet takes from one router point (or node ) to another en route to its destination. In other words, it can show you where your data is getting lost. To use traceroute, do the following:
1. Click on the Traceroute tab in Network Utility.
2. Enter the domain name in the text field.
3. Click on Trace.
In the output, you’ll see a numbered list of all the nodes along the route from your computer to your destination (the domain name you entered). The nodes at the top of the list are geographically closer to your computer. Nodes near the bottom are closer to the destination. Sometimes you’ll find that the node names give a further indication of their geographic location. For example, my Comcast cable node is located in Pinole, California, and is listed as ge-1-1-ur03.pinole.ca.sfba.comcast.net (126.96.36.199).
If a traceroute request dies near its origin, it suggests the connection problem is at your end (either with your personal Internet connection or with your ISP). That means it’s time to contact your ISP. Conversely, if the traceroute dies at the opposite end, it indicates a likely problem at the destination site. In that case, contact the Web site.
In the unlikely event that a traceroute request dies somewhere in the middle of its route, the Internet itself might be having a problem, which means that you’ll probably have to wait it out. You can go to a Web site such as www.internettrafficreport.com (assuming you can get there) to view the current Internet traffic conditions across the country.
Sometimes you’ll see a series of asterisk rows at the end of your traceroute output. It means that the destination site itself blocked your request in order to prevent potential mischief. If this is the case, often the last line of output will end in !X, which means the site administrator has prohibited communication.
Make sure the ports are open
Can’t share your iTunes library or get an instant-messaging application to connect? In cases like these, a required network port may be closed or blocked.
Unlike the actual ports on the exterior of your Mac, these network ports are virtual. Each different type of Internet task uses a separate port number. For example, Web traffic to your Mac almost always uses port 80. If this port isn’t open, no Web pages will load. (For a list of common port assignments, see Apple’s guide.)
OS X usually handles routing things to the correct port behind the scenes, but if you’re hav-ing trouble getting network-related software to work, you may want to check that its port is open. Don’t know what port to check? That’s where Port Scan comes in:
1. Click on the Port Scan tab in Network Utility.
2. Enter your local address in the text box. For your own Mac, you can typically enter 127.0.0.1 or name of your computer .local. (To find your computer’s name, go to the Sharing preference pane and click on Edit. Its name is in the Local Hostname field.)
3. Click on the Scan button.
Repeat the scan before and after launching the problem application (see “Port of Call”). If a port appears only in the latter list, that’s the one you need to check. In particular, you want to make sure your firewall isn’t blocking access to the port. To see if it is, go to the Sharing preference pane and click on Firewall. If it’s on, click on Stop to turn the firewall off. Now check the problem software. If the problem is gone, then the firewall was the likely cause.
To get your software to work and keep your firewall on, you need to tell the firewall to leave the necessary port open. To do this, add a new entry to the firewall’s Allow list:
1. In the Firewall section of the Sharing preference pane, click on the New button.
2. In the sheet that appears, select Other from the Port Name pop-up menu.
3. Type the port number that you found into the appropriate Port Number(s) text field (either TCP or UDP, as indicated in the Port Scan output).
4. Assign a port name (whatever you like) in the Description text box and click on OK.
5. Click on the Start button to turn the firewall back on. Your software should work properly now.
If the problem is with OS X bundled software, there might be an even simpler solution. For example, iTunes Music Sharing requires that port 3689 be open. To do this, you don’t need to create a new entry. Instead, scroll down the items already in the Firewall tab’s Allow list until you find iTunes Music Sharing, and select this option.
[Macworld Senior Contributor and MacFixIt Contributing Editor Ted Landau has been solving networking problems since the days when the word routes referred only to the Interstate Highway System. ]Who Is It? A Whois search will show you whether a Web site is legitimate by revealing the owner’s name, address, and more. Port of Call: Running Port Scan before (left) and after (right) launching iTunes (with Music Sharing enabled) reveals that the Music Sharing feature accesses port 3689. If your firewall is blocking that port, you can’t share music.