linux
Table of Content

109.3 Basic network troubleshooting

Weight: 4

Description: Candidates should be able to troubleshoot networking issues on client hosts.

Key Knowledge Areas:

  • Manually and automatically configure network interfaces and routing tables to include adding, starting, stopping, restarting, deleting or reconfiguring network interfaces
  • Change, view, or configure the routing table and correct an improperly set default route manually
  • Debug problems associated with the network configuration

Terms and Utilities:

ifconfig
ip
ifup
ifdown
route
host
hostname
dig
netstat
ping
ping6
traceroute
traceroute6
tracepath
tracepath6
netcat

ping/ping6

oldhorse@dclab:~$ ping -c 4 google.ca
PING google.ca (172.217.1.67) 56(84) bytes of data.
64 bytes from lga15s44-in-f3.1e100.net (172.217.1.67): icmp_seq=1 ttl=128 time=26.3 ms
64 bytes from lga15s44-in-f3.1e100.net (172.217.1.67): icmp_seq=2 ttl=128 time=25.1 ms
64 bytes from lga15s44-in-f3.1e100.net (172.217.1.67): icmp_seq=3 ttl=128 time=32.8 ms
64 bytes from lga15s44-in-f3.1e100.net (172.217.1.67): icmp_seq=4 ttl=128 time=25.8 ms

--- google.ca ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 25.169/27.568/32.846/3.081 ms

oldhorse@dclab:~$ ping6 -c 4 fe80::20c:29ff:fe8f:55f8%eth1
PING fe80::20c:29ff:fe8f:55f8%eth1(fe80::20c:29ff:fe8f:55f8) 56 data bytes
64 bytes from fe80::20c:29ff:fe8f:55f8: icmp_seq=1 ttl=64 time=0.102 ms
64 bytes from fe80::20c:29ff:fe8f:55f8: icmp_seq=2 ttl=64 time=0.068 ms
64 bytes from fe80::20c:29ff:fe8f:55f8: icmp_seq=3 ttl=64 time=0.066 ms
64 bytes from fe80::20c:29ff:fe8f:55f8: icmp_seq=4 ttl=64 time=0.060 ms

--- fe80::20c:29ff:fe8f:55f8%eth1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.060/0.074/0.102/0.016 ms

traceroute

oldhorse@dclab:~$ traceroute6 fe80::20c:29ff:fe8f:55f8%eth1
traceroute: unknown host fe80::20c:29ff:fe8f:55f8%eth1

cannot route link-local

tracepath/tracepath6

similar to traceroute, only does not require superuser privileges

oldhorse@dclab:~$ tracepath 192.168.100.1
 1?: [LOCALHOST]                                         pmtu 1500
 1:  192.168.100.1                                         0.425ms reached
 1:  192.168.100.1                                         0.210ms reached
     Resume: pmtu 1500 hops 1 back 1 

oldhorse@dclab:~$ tracepath6 fe80::20c:29ff:fe8f:55f8
 1?: [LOCALHOST]                        0.056ms pmtu 65536
 1:  fe80::20c:29ff:fe8f:55f8%eth1                         0.277ms reached
 1:  fe80::20c:29ff:fe8f:55f8%eth1                         0.130ms reached
     Resume: pmtu 65536 hops 1 back 1

netstat

--interface or -i  // similar ifconfig

oldhorse@dclab:~$ netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0       150      0      0 0           201      0      0      0 BMRU
eth1       1500 0       113      0      0 0           115      0      0      0 BMRU
lo        65536 0      1704      0      0 0          1704      0      0      0 LRU

--route or -r  // routing table, like route

oldhorse@dclab:~$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.100.2   0.0.0.0         UG        0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
192.168.100.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.126.0   0.0.0.0         255.255.255.0   U         0 0          0 eth1

--program or -p  // programs that are using network connections

oldhorse@dclab:~$ netstat -p|grep ssh
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0     52 192.168.126.51:ssh      192.168.126.1:50062     ESTABLISHED -               
oldhorse@dclab:~$ netstat -a|grep ssh
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0     52 192.168.126.51:ssh      192.168.126.1:50062     ESTABLISHED
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN

tcpdump

oldhorse@dclab:~$ sudo tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
07:20:29.762688 IP6 fe80::580c:78ac:d815:dff5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
07:20:30.402033 IP 192.168.100.128.39240 > 192.168.100.2.domain: 42130+ PTR? 2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
07:20:30.480135 IP 192.168.100.2.domain > 192.168.100.128.39240: 42130 NXDomain 0/1/0 (160)
07:20:30.480668 IP 192.168.100.128.46327 > 192.168.100.2.domain: 26211+ PTR? 5.f.f.d.5.1.8.d.c.a.8.7.c.0.8.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
07:20:30.571508 IP 192.168.100.2.domain > 192.168.100.128.46327: 26211 NXDomain 0/1/0 (125)
07:20:31.396976 IP 192.168.100.128.40275 > 192.168.100.2.domain: 42540+ PTR? 2.100.168.192.in-addr.arpa. (44)
07:20:31.480933 IP 192.168.100.2.domain > 192.168.100.128.40275: 42540 NXDomain 0/1/0 (121)
07:20:31.481424 IP 192.168.100.128.57386 > 192.168.100.2.domain: 3018+ PTR? 128.100.168.192.in-addr.arpa. (46)
07:20:31.572881 IP 192.168.100.2.domain > 192.168.100.128.57386: 3018 NXDomain 0/1/0 (123)
07:20:33.765073 IP6 fe80::580c:78ac:d815:dff5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
07:20:35.412745 ARP, Request who-has 192.168.100.2 tell 192.168.100.128, length 28
07:20:35.412958 ARP, Reply 192.168.100.2 is-at 00:50:56:fe:ed:ca (oui Unknown), length 46
07:20:41.765701 IP6 fe80::580c:78ac:d815:dff5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit