LPIC1 Exam Guide
Search…
109.3. Basic network troubleshooting
Weight: 4
Description: Candidates should be able to troubleshoot networking issues on client hosts.
Key Knowledge Areas:
- Manually and automatically configure network interfaces and routing tables to include adding, starting, stopping, restarting, deleting or reconfiguring network interfaces
- Change, view, or configure the routing table and correct an improperly set default route manually
- Debug problems associated with the network configuration
Terms and Utilities:
- ifconfig
- ip
- ifup
- ifdown
- route
- host
- hostname
- dig
- netstat
- ping
- ping6
- traceroute
- traceroute6
- tracepath
- tracepath6
- netcat
Till now we have learned about fundamentals of internet protocols and we have get familiar with some of network configuration files and utilities. The truth is that some times things doesn't work as we expected and need troubleshooting. In this section we try to show some steps to resolve the problem, additionally some new commands will be introduced.
ifconfig & ip (interface or ip address problems)
The first command we have learned is ifconfig . Some times there might be an inactive interface which doesn't appear in results:
1
[email protected]:~# ifconfig
2
lo Link encap:Local Loopback
3
inet addr:127.0.0.1 Mask:255.0.0.0
4
inet6 addr: ::1/128 Scope:Host
5
UP LOOPBACK RUNNING MTU:65536 Metric:1
6
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
7
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
8
collisions:0 txqueuelen:1000
9
RX bytes:318 (318.0 B) TX bytes:318 (318.0 B)
Copied!
use -a with ifconfig or ip command instead:
1
[email protected]:~# ifconfig -a
2
ens33 Link encap:Ethernet HWaddr 00:0c:29:e2:1b:3e
3
BROADCAST MULTICAST MTU:1500 Metric:1
4
RX packets:44 errors:0 dropped:0 overruns:0 frame:0
5
TX packets:113 errors:0 dropped:0 overruns:0 carrier:0
6
collisions:0 txqueuelen:1000
7
RX bytes:5169 (5.1 KB) TX bytes:12521 (12.5 KB)
8
​
9
lo Link encap:Local Loopback
10
inet addr:127.0.0.1 Mask:255.0.0.0
11
inet6 addr: ::1/128 Scope:Host
12
UP LOOPBACK RUNNING MTU:65536 Metric:1
13
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
14
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
15
collisions:0 txqueuelen:1000
16
RX bytes:318 (318.0 B) TX bytes:318 (318.0 B)
17
​
18
[email protected]:~# ip a s
19
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
20
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
21
inet 127.0.0.1/8 scope host lo
22
valid_lft forever preferred_lft forever
23
inet6 ::1/128 scope host
24
valid_lft forever preferred_lft forever
25
2: ens33: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
26
link/ether 00:0c:29:e2:1b:3e brd ff:ff:ff:ff:ff:ff
27
​
Copied!
Bring up the interface with
ifup ens33 or ifconfig ens33 up , and next check for your ip address. 1
[email protected]:~# ifup ens33
Copied!
You can check your ip address either from GUI or trough config files.If you are on Automatic ip assignment usedhclient -randdhclientto release and renew your ip address.
ping (detecting the problem)
ping is our best friend when we are troubleshooting network problems.
Check whether you can ping another computer in the same network?
1
[email protected]:~# ping 172.16.43.127 -c 2
2
PING 172.16.43.127 (172.16.43.127) 56(84) bytes of data.
3
64 bytes from 172.16.43.127: icmp_seq=1 ttl=64 time=0.748 ms
4
64 bytes from 172.16.43.127: icmp_seq=2 ttl=64 time=0.755 ms
5
​
6
--- 172.16.43.127 ping statistics ---
7
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
8
rtt min/avg/max/mdev = 0.748/0.751/0.755/0.027 ms
Copied!
from a simple ping command we can determine whether the target is up and running or not. Also there might be a firewall in your network, which filters out ICMP packets, check for host firewall first and then hardware firewall if there are any.
1
[email protected]:~# ping 172.16.43.126 -c 2
2
PING 172.16.43.126 (172.16.43.126) 56(84) bytes of data.
3
From 172.16.43.135 icmp_seq=1 Destination Host Unreachable
4
From 172.16.43.135 icmp_seq=2 Destination Host Unreachable
5
​
6
--- 172.16.43.126 ping statistics ---
7
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1007ms
8
pipe 2
Copied!
Some times you might ping a wrong ip address or the server might have two interfaces or two ip adresses.
ping6
Regular ping command only works with IPv4 address. Use ping6 command to send ICMPv6 ECHO_REQUEST packets to network hosts from a host or gateway.
route (gateway and routing problems)
If you cant reach any network except computers you are in the same subnet with, you should doubt about you gateway.
1
[email protected]:~# route
2
Kernel IP routing table
3
Destination Gateway Genmask Flags Metric Ref Use Iface
4
default 172.16.43.2 0.0.0.0 UG 0 0 0 ens33
5
link-local * 255.255.0.0 U 1000 0 0 ens33
6
172.16.43.0 * 255.255.255.0 U 0 0 0 ens33
Copied!
we can also use netstat -rn command to see current gateway:
1
[email protected]:~# netstat -rn
2
Kernel IP routing table
3
Destination Gateway Genmask Flags MSS Window irtt Iface
4
0.0.0.0 172.16.43.2 0.0.0.0 UG 0 0 0 ens33
5
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens33
6
172.16.43.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
Copied!
If there were no default gate way, you should use
route add default gw x.x.x.x to add a default gateway. Next check the gate way, and make sure packets are going out from the right interface:1
[email protected]:~# ping -c 3 172.16.43.2
2
PING 172.16.43.2 (172.16.43.2) 56(84) bytes of data.
3
64 bytes from 172.16.43.2: icmp_seq=1 ttl=128 time=0.434 ms
4
64 bytes from 172.16.43.2: icmp_seq=2 ttl=128 time=0.379 ms
5
64 bytes from 172.16.43.2: icmp_seq=3 ttl=128 time=0.166 ms
6
​
7
--- 172.16.43.2 ping statistics ---
8
3 packets transmitted, 3 received, 0% packet loss, time 2025ms
9
rtt min/avg/max/mdev = 0.166/0.326/0.434/0.116 ms
Copied!
Every thing seems okey, but you cant reach specific ip address in another building. Hmm there might be routing problems in physical routers! how to check that?
traceroute
The traceroute command maps the journey that a packet of information undertakes from its source to its destination. This tool uses ICMP messages, but unlike ping, identifies every router in the path. traceroute is useful when troubleshooting network problems because it can help you to localize problems in network connectivity (you might need to install it
apt install traceroute):1
[email protected]:~# traceroute google.com
2
traceroute to google.com (172.217.18.142), 30 hops max, 60 byte packets
3
1 172.16.43.2 (172.16.43.2) 0.272 ms 0.329 ms 0.172 ms
4
2 172.16.130.1 (172.16.130.1) 0.969 ms 1.183 ms 1.128 ms
5
3 192.168.1.66 (192.168.1.66) 0.448 ms 0.574 ms 0.655 ms
6
4 192.168.66.41 (192.168.66.41) 5.123 ms 4.924 ms 7.027 ms
7
5 * * *
8
6 * * *
9
7 10.10.53.93 (10.10.53.93) 14.334 ms 14.304 ms 14.256 ms
10
8 10.201.147.214 (10.201.147.214) 19.629 ms 19.580 ms 21.650 ms
11
9 10.21.21.22 (10.21.21.22) 19.445 ms 16.203 ms 16.131 ms
12
10 10.21.21.22 (10.21.21.22) 13.911 ms 13.793 ms 13.723 ms
13
11 213.202.4.172 (213.202.4.172) 48.527 ms 48.476 ms 48.416 ms
14
12 134.0.220.62 (134.0.220.62) 48.361 ms 48.285 ms 47.198 ms
15
13 108.170.246.113 (108.170.246.113) 49.444 ms 49.409 ms 108.170.240.49 (108.170.240.49) 49.677 ms
16
14 172.253.51.137 (172.253.51.137) 52.925 ms 46.305 ms 45.917 ms
17
15 arn02s05-in-f142.1e100.net (172.217.18.142) 45.783 ms 45.708 ms 4
Copied!
use -i to Specifies the interface through which traceroute should send packets.
traceroute6
traceroute with option
-6 supports ipv6, instead we can use traceroute6 command.What is MTU ? , the maximum transmission unit is the size of the largest protocol data unit that can be communicated in a single network layer transaction.
tracepath
Tracepath traces a path to a designated network address, reporting on the "time to live" or TTL lag and maximum transmission units (MTU) along the way. This command can be run by any user other with access to the command line prompt.
1
[email protected]:~# tracepath google.com
2
1?: [LOCALHOST] pmtu 1500
3
1: 172.16.43.2 0.148ms
4
1: 172.16.43.2 0.139ms
5
2: 172.16.130.1 4.944ms asymm 1
6
3: 192.168.1.66 1.224ms asymm 1
7
4: 192.168.66.41 8.198ms asymm 1
8
5: 192.168.198.169 5.567ms asymm 1
9
6: 192.168.0.254 5.923ms asymm 1
10
7: 10.10.53.93 10.018ms asymm 1
11
8: 10.201.147.214 11.534ms asymm 1
12
9: 10.21.21.22 15.286ms asymm 1
13
10: 10.21.21.22 11.588ms asymm 1
14
11: 213.202.4.172 43.501ms asymm 1
15
12: no reply
16
...
17
30: no reply
18
Too many hops: pmtu 1500
19
Resume: pmtu 1500
20
​
Copied!
Traceroute is essentially the same as Tracepath except that by default, it will only give the TTL value.
tracepath6
tracepath6 is good replacement for traceroute6.
dig
Dig stands for (Domain Information Groper) is a network administration command-line tool for querying Domain Name System (DNS) name servers. It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups and displays the answers that are returned from the name server that were queried.
By default, dig sends the DNS query to name servers listed in the resolver(/etc/resolv.conf) unless it is asked to query a specific name server.
1
[email protected]:~# dig aol.com
2
​
3
; <<>> DiG 9.10.3-P4-Ubuntu <<>> aol.com
4
;; global options: +cmd
5
;; Got answer:
6
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51870
7
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
8
​
9
;; OPT PSEUDOSECTION:
10
; EDNS: version: 0, flags:; udp: 512
11
;; QUESTION SECTION:
12
;aol.com. IN A
13
​
14
;; ANSWER SECTION:
15
aol.com. 587 IN A 188.125.72.165
16
aol.com. 587 IN A 66.218.87.12
17
aol.com. 587 IN A 67.195.231.10
18
aol.com. 587 IN A 124.108.115.87
19
aol.com. 587 IN A 106.10.218.150
20
​
21
;; Query time: 46 msec
22
;; SERVER: 8.8.8.8#53(8.8.8.8)
23
;; WHEN: Mon Feb 24 16:12:46 +0330 2020
24
;; MSG SIZE rcvd: 116
Copied!
The dig command output has several sections sections , to have just Answer section use +short switch :
1
[email protected]:~# dig aol.com +short
2
124.108.115.87
3
66.218.87.12
4
188.125.72.165
5
106.10.218.150
6
67.195.231.10
Copied!
to query specific Name server use
@NameServerIP :1
[email protected]:~# dig aol.com @64.6.65.6 +short
2
106.10.218.150
3
188.125.72.165
4
66.218.87.12
5
124.108.115.87
6
67.195.231.10
Copied!
netstat
netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, number of network interface and even network protocol statistics.
By default, netstat displays a list of open sockets .( A socket is one end-point of a two-way communication link between two programs running on the network.) as an example X11:
1
[email protected]:~# netstat | grep X11 | head -n3
2
unix 3 [ ] STREAM CONNECTED 34942 @/tmp/.X11-unix/X0
3
unix 3 [ ] STREAM CONNECTED 33525 @/tmp/.X11-unix/X0
4
unix 3 [ ] STREAM CONNECTED 32753 @/tmp/.X11-unix/X0
5
​
Copied!
So we usually use a combination of switches with netstat :
netstat command example
usage
netstat -a
Listing all the LISTENING Ports of TCP and UDP connections
netstat -na
all LISTENING ports, but shows numerical addresses
netstat -at
Listing TCP Ports connections
netstat -au
Listing UDP Ports connections
netstat -l
Listing all LISTENING(TCP&UDP) Connections
netstat -s
Showing Statistics by Protocol(TCP&UDP&...)
netstat -tp
Displaying Service name with PID
netstat -rn
Displaying Kernel IP routing
use netstat in conjunction with grep to get a better results.
netcat
The
nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP. It can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4 and IPv6. Unlike telnet, nc scripts nicely, and separates error messages onto standard error instead of sending them to standard output, as telnet does with some.1
[email protected]:~# netcat -l 8888
Copied!
The -l parameter means that netcat is in listen (server) mode, and 8888 is the port it listens to; netcat will create a socket server and wait for connections on port 8888 . The terminal will remain on hold for a client to connect to the open server with netcat. We can verify that a host service listens on port 8888.We need to open a new terminal to the host station and run the command:
1
[email protected]:~# netstat -na | grep 8888
2
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
Copied!
​
​
.
.
.
.
Last modified 2yr ago