109.3. Basic network troubleshooting
Weight: 4
Description: Candidates should be able to troubleshoot networking issues on client hosts.
Key Knowledge Areas:
Manually and automatically configure network interfaces and routing tables to include adding, starting, stopping, restarting, deleting or reconfiguring network interfaces
Change, view, or configure the routing table and correct an improperly set default route manually
Debug problems associated with the network configuration
Terms and Utilities:
ifconfig
ip
ifup
ifdown
route
host
hostname
dig
netstat
ping
ping6
traceroute
traceroute6
tracepath
tracepath6
netcat
Till now we have learned about fundamentals of internet protocols and we have get familiar with some of network configuration files and utilities. The truth is that some times things doesn't work as we expected and need troubleshooting. In this section we try to show some steps to resolve the problem, additionally some new commands will be introduced.
ifconfig & ip (interface or ip address problems)
The first command we have learned is ifconfig . Some times there might be an inactive interface which doesn't appear in results:
use -a with ifconfig or ip command instead:
Bring up the interface with ifup ens33
or ifconfig ens33
up , and next check for your ip address.
You can check your ip address either from GUI or trough config files.If you are on Automatic ip assignment use
dhclient -r
anddhclient
to release and renew your ip address.
ping (detecting the problem)
ping is our best friend when we are troubleshooting network problems.
Check whether you can ping another computer in the same network?
from a simple ping command we can determine whether the target is up and running or not. Also there might be a firewall in your network, which filters out ICMP packets, check for host firewall first and then hardware firewall if there are any.
Some times you might ping a wrong ip address or the server might have two interfaces or two ip adresses.
ping6
Regular ping command only works with IPv4 address. Use ping6 command to send ICMPv6 ECHO_REQUEST packets to network hosts from a host or gateway.
route (gateway and routing problems)
If you cant reach any network except computers you are in the same subnet with, you should doubt about you gateway.
we can also use netstat -rn command to see current gateway:
If there were no default gate way, you should use route add default gw x.x.x.x
to add a default gateway. Next check the gate way, and make sure packets are going out from the right interface:
Every thing seems okey, but you cant reach specific ip address in another building. Hmm there might be routing problems in physical routers! how to check that?
traceroute
The traceroute command maps the journey that a packet of information undertakes from its source to its destination. This tool uses ICMP messages, but unlike ping, identifies every router in the path. traceroute is useful when troubleshooting network problems because it can help you to localize problems in network connectivity (you might need to install it apt install traceroute
):
use -i to Specifies the interface through which traceroute should send packets.
traceroute6
traceroute with option -6
supports ipv6, instead we can use traceroute6 command.
What is MTU ? , the maximum transmission unit is the size of the largest protocol data unit that can be communicated in a single network layer transaction.
tracepath
Tracepath traces a path to a designated network address, reporting on the "time to live" or TTL lag and maximum transmission units (MTU) along the way. This command can be run by any user other with access to the command line prompt.
Traceroute is essentially the same as Tracepath except that by default, it will only give the TTL value.
tracepath6
tracepath6 is good replacement for traceroute6.
dig
Dig stands for (Domain Information Groper) is a network administration command-line tool for querying Domain Name System (DNS) name servers. It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups and displays the answers that are returned from the name server that were queried.
By default, dig sends the DNS query to name servers listed in the resolver(/etc/resolv.conf) unless it is asked to query a specific name server.
The dig command output has several sections sections , to have just Answer section use +short switch :
to query specific Name server use @NameServerIP
:
netstat
netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, number of network interface and even network protocol statistics.
By default, netstat displays a list of open sockets .( A socket is one end-point of a two-way communication link between two programs running on the network.) as an example X11:
So we usually use a combination of switches with netstat :
netstat command example | usage |
netstat -a | Listing all the LISTENING Ports of TCP and UDP connections |
netstat -na | all LISTENING ports, but shows numerical addresses |
netstat -at | Listing TCP Ports connections |
netstat -au | Listing UDP Ports connections |
netstat -l | Listing all LISTENING(TCP&UDP) Connections |
netstat -s | Showing Statistics by Protocol(TCP&UDP&...) |
netstat -tp | Displaying Service name with PID |
netstat -rn | Displaying Kernel IP routing |
use netstat in conjunction with grep to get a better results.
netcat
The nc
(or netcat) utility is used for just about anything under the sun involving TCP or UDP. It can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4 and IPv6. Unlike telnet, nc scripts nicely, and separates error messages onto standard error instead of sending them to standard output, as telnet does with some.
The -l parameter means that netcat is in listen (server) mode, and 8888 is the port it listens to; netcat will create a socket server and wait for connections on port 8888 . The terminal will remain on hold for a client to connect to the open server with netcat. We can verify that a host service listens on port 8888.We need to open a new terminal to the host station and run the command:
.
.
.
https://www.cyberciti.biz/faq/howto-test-ipv6-network-with-ping6-command/
https://www.lifewire.com/traceroute-linux-command-4092586
https://geek-university.com/linux/traceroute-command/
https://www.techwalla.com/articles/differences-between-traceroute-tracepath
http://journals.ecs.soton.ac.uk/java/tutorial/networking/sockets/definition.html
https://www.geeksforgeeks.org/netstat-command-linux/
https://www.tecmint.com/20-netstat-commands-for-linux-network-management/
https://linux.die.net/man/1/nc
https://www.mvps.net/docs/what-is-netcat-and-how-to-use-it/
.
Last updated