Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I need a tool or script to parse Cisco IPS configuration,I know there is a tool called nipper for parsing firewall and switch configuration , but i doesn't support Cisco IPS , and I google it but there is no good result.
You should use ciscoconfparse.
The following example uses a Cisco configuration below... I can't use an IPS config unless the OP posts one... this uses a Cisco IOS configuration...
The following script will load a configuration file from /tftpboot/bucksnort.conf and use CiscoConfParse.find_lines() to parse it for the names of all serial interfaces. Note that the ^ symbol at the beginning of the search string is a regular expression; ^interface Serial tells python to limit it’s search to lines that begin with interface Serial.
[mpenning#typo tmp]$ python
Python 2.6.6 (r266:84292, Sep 11 2012, 08:34:23)
[GCC 4.4.6 20120305 (Red Hat 4.4.6-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from ciscoconfparse import CiscoConfParse
>>> parse = CiscoConfParse("/tftpboot/bucksnort.conf")
>>> serial_intfs = parse.find_lines("^interface Serial")
>>>
>>> serial_intfs
['interface Serial1/0', 'interface Serial1/1', 'interface Serial1/2']
>>>
>>> qos_intfs = parse.find_parents_w_child( "^interf", "service-policy output QOS_1" )
>>> qos_intfs
['interface Serial1/1']
! Filename: /tftpboot/bucksnort.conf
!
policy-map QOS_1
class GOLD
priority percent 10
class SILVER
bandwidth 30
random-detect
class default
!
interface Ethernet0/0
ip address 1.1.2.1 255.255.255.0
no cdp enable
!
interface Serial1/0
encapsulation ppp
ip address 1.1.1.1 255.255.255.252
!
interface Serial1/1
encapsulation ppp
ip address 1.1.1.5 255.255.255.252
service-policy output QOS_1
!
interface Serial1/2
encapsulation hdlc
ip address 1.1.1.9 255.255.255.252
!
class-map GOLD
match access-group 102
class-map SILVER
match protocol tcp
!
access-list 101 deny tcp any any eq 25 log
access-list 101 permit ip any any
!
access-list 102 permit tcp any host 1.5.2.12 eq 443
access-list 102 deny ip any any
!
logging 1.2.1.10
logging 1.2.1.11
logging 1.2.1.12
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed last month.
Improve this question
System: Host: rpi32 Kernel: 5.15.56-v7+ armv7l bits: 32 Console: tty 0 Distro: Raspbian GNU/Linux 11 (bullseye)
Machine: Type: ARM Device System: Raspberry Pi 3 Model B Rev 1.2 details: BCM2835 rev: a22082 serial: 000000009a5073f1
I had a working machine before the upgrade, ntp, dhcp (is actually isc-dhcpserver), dns all working.
Then upgraded the OS (to Bullseye) and could no longer connect to the rPi.
dmesg revealed that eth0 could not be connected to.
The interface was identified as enxb827eb5073f1. en = Ethernet plus MAC address.
Some research revealed that what I am seeing is called "Predictable Network Interface Names".
It said this is the new standard/approach, due to multi-interface machines not necessarily assigning the interface name at kernel boot; e.g., it could be eth0 on one boot, and eth1 during another; not good for firewalls, etc.
So I changed the following config files to get dhcp working:
/etc/default/isc-dhcp-server
/etc/network/interfaces
/etc/dhcp/dhcpd.conf
... and changed eth0 to enxb827eb5073f1.
No luck.
sudo service dhcpcd status
● dhcpcd.service - dhcpcd on all interfaces
Loaded: loaded (/lib/systemd/system/dhcpcd.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/dhcpcd.service.d
└─wait.conf
Active: failed (Result: exit-code) since Fri 2022-08-19 15:04:18 AEST; 28min ago
Process: 859 ExecStart=/usr/lib/dhcpcd5/dhcpcd -q -w (code=exited, status=6)
CPU: 11ms
Aug 19 15:04:18 rpi32 systemd[1]: Starting dhcpcd on all interfaces...
Aug 19 15:04:18 rpi32 dhcpcd[859]: Not running dhcpcd because /etc/network/interfaces
Aug 19 15:04:18 rpi32 dhcpcd[859]: defines some interfaces that will use a
Aug 19 15:04:18 rpi32 dhcpcd[859]: DHCP client or static address
Aug 19 15:04:18 rpi32 systemd[1]: dhcpcd.service: Control process exited, code=exited, status=6/NOTCONFIGURED
Aug 19 15:04:18 rpi32 systemd[1]: dhcpcd.service: Failed with result 'exit-code'.
Aug 19 15:04:18 rpi32 systemd[1]: Failed to start dhcpcd on all interfaces.
and
dhcpd -t /etc/dhcp/dhcpd.conf
/etc/dhcp/dhcpd.conf: interface name too long (is 20)
Researching this topic pointed to incorrect dhcpd config, pointing to udev rules, and I do not understand, and from what I could see, did not contain interface reference.
I read here: https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ that this naming scheme can be reverted by adding this: net.ifnames=0 to the kernel command line (/boot/cmdline.txt).
This is what I did. I reverted all changes in the three config files listed above, plus in the cmdline.txt.
(I rebooted as required after these changes.)
and dhcpd -t /etc/dhcp/dhcpd.conf still returns:
/etc/dhcp/dhcpd.conf: interface name too long (is 20)
All services work, except dhcp (ntp is back up as well, as no changes where made here WRT eth0 changes).
Now I wonder what else I need to do to get dhcp working again.
Config files:
ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.8 netmask 255.255.255.0 broadcast 192.168.1.255
ether b8:27:eb:50:73:f1 txqueuelen 1000 (Ethernet)
RX packets 14682 bytes 1148952 (1.0 MiB)
RX errors 0 dropped 3460 overruns 0 frame 0
TX packets 7079 bytes 1063400 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 105 bytes 10173 (9.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 105 bytes 10173 (9.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
cat /etc/default/isc-dhcp-server
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
#INTERFACESv4="enxb827eb5073f1"
INTERFACESv4="eth0"
#INTERFACESv6=""
cat /etc/dhcpcd.conf
# A sample configuration for dhcpcd.
# Inform the DHCP server of our hostname for DDNS.
hostname
# Use the hardware address of the interface for the Client ID.
clientid
# Persist interface configuration when dhcpcd exits.
persistent
# Rapid commit support.
option rapid_commit
# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu
# Most distributions have NTP support.
#option ntp_servers
# A ServerID is required by RFC2131.
require dhcp_server_identifier
# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private
cat /etc/dhcp/dhcpd.conf
# 190803-1530 installed DHCP server on rPi32
#
# 170611-1933 MaxG: changed from none to interim
#ddns-update-style none;
ddns-update-style interim;
# 170612-2300 MaxG: added based on
# https://blog.bigdinosaur.org/running-bind9-and-isc-dhcp/
ddns-updates on;
update-static-leases on;
ddns-domainname "argylecourt.lan";
ddns-rev-domainname "in-addr.arpa.";
authoritative;
# 190804-1424 MaxG: added key and 2 zones
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
# Important: Replace this key with your generated key.
# Also note that the key should be surrounded by quotes.
secret "someKeyBlah";
};
zone argylecourt.lan. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
# 150301 MaxG - added to shut up Windows PC from clogging
# syslog with DHCPACK and DHCPINFORM msgs (WPAD)
option wpad-url code 252 = text;
# my subnet specifications
subnet 192.168.1.0 netmask 255.255.255.0 {
#interface enxb827eb5073f1;
# pool range; can have multiple ranges in this file
range 192.168.1.50 192.168.1.199;
option subnet-mask 255.255.255.0;
option routers 192.168.1.1;
ddns-domainname "argylecourt.lan";
ddns-rev-domainname "in-addr.arpa";
option broadcast-address 192.168.1.255;
option domain-name "argylecourt.lan";
option domain-name-servers 192.168.1.8;
option ntp-servers 192.168.1.8; # Default NTP server to be used by DHCP clients
default-lease-time 86400; # 1 day
max-lease-time 604800; # 7 days
option wpad-url "\n";
}
# reservations; must NOT be in pool
# sorted by assinged IP address
host maxg-x570 {
# MaxG's PC -- x570
# added 20220409-2106
hardware ethernet 04:42:1a:95:2b:37;
fixed-address 192.168.1.13;
}
host brother-mfc {
# Brother Network Printer -- BRN_368926
hardware ethernet 00:80:77:36:89:26;
fixed-address 192.168.1.33;
ddns-hostname "brothermfc8820d";
}
I ran into the same situation and was not able to tell where the mistake was.
try $ dhcpd /etc/dhcp/
this will search the whole file and will point directly where the mistake is
Well, well... how embarrassing!
The solution is simple:
sudo service isc-dhcp-server start
Start the correct service. It is not dhcp, it is isc-dhcp-server!
What I do not understand is why this service was no longer auto-starting.
Anyway, problem, or rather stupidity solved.
I am trying to detect packets with a VLAN tag. I have some PCAP files to containing VLAN tagged packets to test. A Wireshark screenshot of a sample packet:
After reading some tutorials, I wrote the following code:
#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/in.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_endian.h>
#define bpf_printk(fmt, ...) \
({ \
char ____fmt[] = fmt; \
bpf_trace_printk(____fmt, sizeof(____fmt), \
##__VA_ARGS__); \
})
SEC("xdpvlan")
int myxdpprogram(struct xdp_md *ctx) {
void *data = (void *)(long)ctx->data;
void *data_end = (void *)(long)ctx->data_end;
struct ethhdr *eth = data;
if ((void*)eth + sizeof(*eth) <= data_end) {
bpf_printk("h_proto is: 0x%x, ETH_P_8021Q is: 0x%x\n", bpf_ntohs(eth->h_proto), ETH_P_8021Q);
}
return XDP_PASS;
}
char _license[] SEC("license") = "GPL";
The output in /sys/kernel/debug/tracing/trace is like this:
bpf_trace_printk: h_proto is: 0x800, ETH_P_8021Q is: 0x8100
I expected:
bpf_trace_printk: h_proto is: 0x8100, ETH_P_8021Q is: 0x8100
I am using Fedora 34 to test, kernel version: 5.11.12-300.fc34.x86_64.
Why the h_proto is not equal to 0x8100?
Update
I have two VMs, and I am using tcpreplay to send packets (PCAP file) from one VM to the other VM that has the eBPF program. VMs are connected through a host-only interface. I load the program using:
ip link set dev ens37 xdpgeneric obj xdp_vlan_kern.o sec xdpvlan
[EDIT] Not sure this answer is correct, have a look at the comments for details.
Generic XDP, or SKB-mode XDP, is an XDP mode that was primarily added for experimenting with XDP (and to provide a model for future driver-based implementations). Given that it requires no support from the NIC driver, it is easier to use, but has lower performance than the other modes (driver/native XDP or XDP hardware offload).
One consequence of not having driver support is that the hook for generic XDP is necessarily higher in the networking stack when compared with native XDP. Generic XDP runs after the socket buffer (SKB) has been allocated. This means that some processing may already have occurred on your packets. In your case, the networking stack has already decapsulated the packets from their VXLAN headers, so you just observe regular IP packets.
Switching to driver-level XDP, providing your hardware (or virtual interface) uses a driver that supports it, should allow you to process your packets before they are sent to the kernel stack and before the VXLAN are removed.
I faced the same problem when running xdp in xdpdrv mode.
In this tutorial I found notes about VLAN offloads on NIC interface:
Since XDP needs to see the VLAN headers as part of the packet headers, it is important to turn off VLAN hardware offload (which most hardware NICs support), since that will remove the VLAN tag from the packet header and instead communicate it out of band to the kernel via the packet hardware descriptor. The testenv script already disables VLAN offload when setting up the environment, but for reference, here is how to turn it off for other devices, using ethtool:
# Check current setting:
ethtool -k DEV | grep vlan-offload
# Disable for both RX and TX
ethtool --offload DEV rxvlan off txvlan off
# Same as:
# ethtool -K DEV rxvlan off txvlan off
I tried to use driver-mode as #Qeole, suggested. I created a pair of virtual interfaces because my NIC's driver didn't support driver specific hook.
ip link add dev veth1 type veth peer name veth2
The I loaded the program:
ip link set dev veth1 xdpdrv obj xdp_vlan_kern.o sec xdpvlan
And the replayed the PCAP file (on the same VM):
tcpreplay -i veth2 vlan.pcap
The output was as I expected:
bpf_trace_printk: h_proto is: 0x8100, ETH_P_8021Q is: 0x8100
Roman Sokolov's answer is correct.
Disabling txvlan on the sending side fixed the error.
ip link add veth0 type veth peer name veth1
ip link add link veth0 name veth0.100 type vlan id 100
ip link set veth0 up
ip link set veth1 up
ip link set veth0.100 up
ip addr add 10.100.0.4/24 dev veth0.100
ethtool -K veth0 txvlan off
Attaching ebpf program on veth1 using SKB mode, injecting packets into veth0.100 (simply run arping would be enough), then I can get packets with vlan tags in my ebpf program.
However it didn't solve the problem when I only disable rxvlan on veth1.
I didn't test this on a physical device yet, I'll try it later and modify this answer.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
I have an ansible host file (called my_host_file) similar to this:
[my_group_name]
MY_PUBLIC_IP_FOR_VM_XYZ
Then I am attempting a few different approaches in a YAML playbook (called my_playbook.yml) similar to this:
---
- hosts: my_group_name
sudo: yes
tasks:
- debug: var=hostvars
- setup:
register: allfacts
- debug: var=allfacts
- debug: var=ansible_default_ipv4.address
- debug: var=ansible_hostname
- command: bash -c "dig +short myip.opendns.com #resolver1.opendns.com"
register: my_public_ip_as_ansible_var
I run everything like this: ansible-playbook -v -i my_host_file my_playbook.yml
I would like to get the public IP address in the my_host_file file (MY_PUBLIC_IP_FOR_VM_XYZ) at runtime in a different way than using the dig command combined with opendns then storing that into the variable my_public_ip_as_ansible_var.
After all, this has been used by ansible itself to establish the SSH session, so it may be stored somewhere.
I can not find this information either:
in the hostvars (actually here I can find it here, but I can also see all the other hosts, so I have no way to recognize the current SSH session from the group of hosts)
in the allfacts (using setup: [...]) variable (only the IP address in the private network, among many useful info about that VM like disk size, networking, OS kernel version etc.)
in ansible_default_ipv4.address (this is the IP of the private network)
in ansible_hostname (this is the host name, not the public IP I've used in my_host_file)
Is there a cleaner way / more ansible-ish way of getting the host used during the SSH session that comes from my_host_file?
inventory_hostname : host name declared in your inventory (can be the IP, the DNS or a logical name)
inventory_hostname_short : the same but with removing everything after the first dot
ansible_nodename : hostname of the host (result of the commande hostname)
ansible_hostname : short hostname of the host (result of command hostname --short)
ansible_fqdn : full hostname of the host (with domain) (result of command hostname --fqdn)
ansible_default_ipv4.address : IPv4 address to access 8.8.8.8 from the host
ansible_ethX.ipv4.address : IPV4 address of ethX interface of the host
ansible_ssh_host : hostname or IP used to access the host with SSH if defined in the inventory
Example :
# hosts
[mygroup]
myremote.foo.bar ansible_ssh_host=my-machine.mydomain.com
inventory_hostname: myremote.foo.bar
inventory_hostname_short: myremote
ansible_nodename: my-host
ansible_hostname: my-host
ansible_fqdn: my-host.domain.local
ansible_default_ipv4.address: 1.2.3.4
ansible_eth1.ipv4.address: 5.6.7.8
ansible_ssh_host: my-machine.mydomain.com
To get host alias from inventory file you would use inventory_hostname variable.
There is also ansible_host variable, because inventory alias and actual host may differ.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have a YARN cluster running in EMR. When ssh into the master node and run nmap 10.0.0.254 I get the following result
Starting Nmap 5.51 ( http://nmap.org ) at 2015-06-10 00:17 UTC
Nmap scan report for ip-10-0-0-254.ec2.internal (10.0.0.254)
Host is up (0.00045s latency).
Not shown: 987 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
8443/tcp open https-alt
8649/tcp open unknown
8651/tcp open unknown
8652/tcp open unknown
9000/tcp open cslistener
9101/tcp open jetdirect
9102/tcp open jetdirect
9103/tcp open jetdirect
9200/tcp open wap-wsp
14000/tcp open scotty-ft
I know the YARN resource manager is running on 10.0.0.254:9026, but I do not see it in the result above, however when I run nmap -p 9026 10.0.0.254 I get
Starting Nmap 5.51 ( http://nmap.org ) at 2015-06-10 00:18 UTC
Nmap scan report for ip-10-0-0-254.ec2.internal (10.0.0.254)
Host is up (0.000055s latency).
PORT STATE SERVICE
9026/tcp open unknown
Why does nmap not include the service running on 9026 when I run the first command?
By default, Nmap scans the most common 1,000 ports for each protocol (TCP in your case) 9026 is not one of the most common.
Here's how to specify ports to scan:
http://nmap.org/book/man-port-specification.html
i need to find the host name of a UNIX host whose IP is known with out login to that UNIX host
Use nslookup
nslookup 208.77.188.166
...
Non-authoritative answer:
166.188.77.208.in-addr.arpa name = www.example.com.
You can do a reverse DNS lookup with host, too. Just give it the IP address as an argument:
$ host 192.168.0.10
server10 has address 192.168.0.10
Another NS lookup utility that can be used for reversed lookup is dig with the -x option:
$ dig -x 72.51.34.34
; <<>> DiG 9.9.2-P1 <<>> -x 72.51.34.34
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12770
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1460
;; QUESTION SECTION:
;34.34.51.72.in-addr.arpa. IN PTR
;; ANSWER SECTION:
34.34.51.72.in-addr.arpa. 42652 IN PTR sb.lwn.net.
;; Query time: 4 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Fri Jan 25 21:23:40 2013
;; MSG SIZE rcvd: 77
or
$ dig -x 127.0.0.1
; <<>> DiG 9.9.2-P1 <<>> -x 127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11689
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 10 IN PTR localhost.
;; Query time: 2 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Fri Jan 25 21:23:49 2013
;; MSG SIZE rcvd: 63
Quoting from the dig manpage:
Reverse lookups -- mapping addresses to names -- are simplified by the
-x option. addr is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no
need to provide the name, class and type arguments. dig automatically
performs a lookup for a name like 11.12.13.10.in-addr.arpa and sets
the query type and class to PTR and IN respectively.
For Windows ping -a 10.10.10.10
For Windows, try:
NBTSTAT -A 10.100.3.104
or
ping -a 10.100.3.104
For Linux, try:
nmblookup -A 10.100.3.104
They are almost same.
It depends on the context. I think you're referring to the operating system's hostname (returned by hostname when you're logged in). This command is for internal names only, so to query for a machine's name requires different naming systems. There are multiple systems which use names to identify hosts including DNS, DHCP, LDAP (DN's), hostname, etc. and many systems use zeroconf to synchronize names between multiple naming systems. For this reason, results from hostname will sometimes match results from dig (see below) or other naming systems, but often times they will not match.
DNS is by far the most common and is used both on the internet (like google.com. A 216.58.218.142) and at home (mDNS/LLMNR), so here's how to perform a reverse DNS lookup: dig -x <address> (nslookup and host are simpler, provide less detail, and may even return different results; however, dig is not included in Windows).
Note that hostnames within a CDN will not resolve to the canonical domain name (e.g. "google.com"), but rather the hostname of the host IP you queried (e.g. "dfw25s08-in-f142.1e100.net"; interesting tidbit: 1e100 is 1 googol).
Also note that DNS hosts can have more than one name. This is common for hosts with more than one webserver (virtual hosting), although this is becoming less common thanks to the proliferation of virtualization technologies. These hosts have multiple PTR DNS records.
Finally, note that DNS host records can be overridden by the local machine via /etc/hosts. If you're not getting the hostname you expect, be sure you check this file.
DHCP hostnames are queried differently depending on which DHCP server software is used, because (as far as I know) the protocol does not define a method for querying; however, most servers provide some way of doing this (usually with a privileged account).
Note DHCP names are usually synchronized with DNS server(s), so it's common to see the same hostnames in a DHCP client least table and in the DNS server's A (or AAAA for IPv6) records. Again, this is usually done as part of zeroconf.
Also note that just because a DHCP lease exists for a client, doesn't mean it's still being used.
NetBIOS for TCP/IP (NBT) was used for decades to perform name resolution, but has since been replaced by LLMNR for name resolution (part of zeroconf on Windows). This legacy system can still be queried with the nbtstat (Windows) or nmblookup (Linux).
python -c "import socket;print(socket.gethostbyaddr('127.0.0.1'))"
if you just need the name, no additional info, add [0] at the end:
python -c "import socket;print(socket.gethostbyaddr('8.8.8.8'))[0]"
The other answers here are correct - use reverse DNS lookups.
If you want to do it via a scripting language (Python, Perl) you could use the gethostbyaddr API.
If you are specifically looking for a Windows machine, try below command:
nbtstat -a 10.228.42.57
You can use traceroute command as well.
http://linux.die.net/man/8/traceroute
just use the traceroute it will show you the routing path with host names (IPs resolved)
In most cases, traceroute command works fine. nslookup and host commands may fail.