• Recently Written

  • VI Basic Movement
  • Fun With Rsync - Part I
  • How to Remove Linux and Install Windows XP
  • Calculate big using bc
  • What’s wrong with NSOL?
  • to HUP or nohup?
  • Getting started with Ruby
  • Long live FreeBSD
  • What happened to LXPages?
  • Gmail is ridiculous!

• Archives

  • July 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006

• Blogroll

  • Agriculture
  • Business Services
  • Community Services
  • Construction
  • Education
  • Finance
  • Food & Dining
  • Government
  • Health & Medical
  • Industry
  • LXPages.com
  • Manufacturing
  • Motorized Vehicle
  • Personal Services
  • Professional
  • Real Estate
  • Shopping & Shopping Services
  • Transportation
  • Travel & Tourism

  Search

Subscribe

So you’re happily browsing the web, sipping a chai and then of all a sudden you can’t hit any more Youtube videos. What happened? Did your Internet go down? It’s time to start troubleshooting. And here we list the Top 10 Linux Network Commands For Absolute Newbies.

1) ifconfig

Use this command to configure your network interface and check its status. The type of things you can see when you run this command are IP, netmask, link status (up or down) among other things.

To check the status of all configured interfaces use

[root@enterprise ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:12:33:61:AD:55
inet addr:10.98.254.21 Bcast:10.98.254.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23985807 errors:0 dropped:0 overruns:0 frame:0
TX packets:13710965 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2024609785 (1.8 GiB) TX bytes:79281812 (75.6 MiB)
Base address:0xc8c0 Memory:ddee0000-ddf00000

Looks like greek to you? It certainly shows more information than you care for. But you should note at least 3 important points.

A) inet addr:10.98.254.21 - This is obviously the IP address. Right? Remember, your interface needs an IP address to be able to do anything meaningful.

B) Mask:255.255.255.0 - What does this mean? It’s the netmask, most probably your netmask is this, but you should check with your Network administrator or your ISP or your router settings.

C) UP - If you don’t see this, it means your interface is down. And if you’re not able to browse the Internet, then this is probably why.

2) netstat

This command is your eyes into who you’re linux box is talking to. Basically, it lists the currently active network connections, it can show routes, lists interface stats among other things. How do you use this command? A book can actually be written in all the different ways you may use this command. Here we list just a few

To view active connections

[root@enterprise ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 es-10-98-255-157.es1:http viborgDHCP-29.64-179-1:1522 TIME_WAIT
tcp 0 0 es-10-98-255-157.es1:http viborgDHCP-29.64-17:support TIME_WAIT
tcp 0 0 es-10-98-255-157.es1:http viborgDHCP-29.64-179-1:1518 TIME_WAIT
tcp 0 0 es-10-98-255-157.es1:http viborgDHCP-29.64-179-1:1514 TIME_WAIT
tcp 0 52 mexica.intexxow.com:ssh ::ffff:64.241.37.140:59722 ESTABLISHED
tcp 0 0 es-10-98-255-157.ev1:http c-17-160-86-240.hsd1.w:1650 ESTABLISHED

TIME_WAIT means that your box and the remote box just finished talking and are about to walk away. ESTABLISHED means that the two boxes are currently communicating.

There’s actually information about the “Active UNIX domain sockets� listed in the output which is beyond the scope of this article. Perhaps in a different and more comprehensive article.

3) route

Your linux box is a lonely box if it can’t talk beyond its network. Use route to tell your linux box how to talk to external networks.

To check the status of your route table, run

[root@enterprise ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.98.254.0 * 255.255.255.0 U 0 0 0 eth0
default 10.98.255.1 0.0.0.0 UG 0 0 0 eth0

If you don’t have a default route entry, and you’re having trouble connecting to the Internet. This means that you’re machine doesn’t know how to talk to anything beyond the network that it sits on. And this is the purpose of the default route.

The following is how you may add a default route via the command line.

[root@enterprise ~]# route add default gw 10.98.255.1

Of course, you have to save this in the /etc/sysconfig/network file. Make sure you update the GATEWAY field with the default route IP address.

4) arp

So you know you have a route out to the internet because you printed that using the route command. You ping it and receive no response? Is it even on the network? This is where the arp command comes in handy, you can use it to see if that router is publishing it’s mac address on the local network. Use it after you’ve used ping or have sent some other kind of network traffic to it because arp entries expire in seconds.

To check arp entries on the network, run

[root@enterprise ~]# arp -an
? (10.98.255.1) at 00:E0:52:0C:89:92 [ether] on eth0

If you don’t see an arp entry and you see something like the output below, then you’ve got a problem. Check to see that you have physical connectivity by checking your cables.

[root@enterprise ~]# arp -an
? (10.98.255.1) at on eth0

5) mii-tool

Another common network problem is duplex mismatching. Most network interface cards are sensitive about this and will not pass traffic or simply pass it with lots of errors. When this happens you either won’t have any Internet connection or have an extremely slow connection. A way to check what your duplex settings are to run the mii-tool command.

[root@enterprise sysconfig]# mii-tool
eth0: negotiated 100baseTx-FD flow-control, link ok

Whenever you see negotiated, this means that your interface duplex and speed setting is set to Auto and not hard carded. Auto means that your interface card and the switch port that it’s connected negotiates on what the duplex and speed should be. The link ok status means that things are fine and dandy. However, if you don’t see this then there could be a problem and it’s time to check your router/switch port settings.

6) ping

This command is like tapping someone on the shoulder and asking, “Are you alive?�. It’s kind of a disturbing analogy, but that’s the best thing I could come up with. In technical terms, when you run ping, it sends out a ICMP ECHO_REQUEST to a destination IP or network address. That IP if its “alive� will send back an ICMP ECHO_REPLY. With it will come some metrics such as how long it took for the request and reply to go and come back.

A success ping will look like this,

[root@enterprise ~]# ping 10.98.255.1
PING 10.98.255.1 (66.98.255.1) 56(84) bytes of data.
64 bytes from 10.98.255.1: icmp_seq=0 ttl=64 time=0.308 ms
64 bytes from 10.98.255.1: icmp_seq=1 ttl=64 time=0.286 ms
64 bytes from 10.98.255.1: icmp_seq=2 ttl=64 time=0.625 ms
64 bytes from 10.98.255.1: icmp_seq=3 ttl=64 time=0.468 ms

A unsuccessful ping will look like this,

[root@enterprise sysconfig]# ping 10.98.255.233
PING 10.98.255.233 (66.98.255.233) 56(84) bytes of data.
— 10.98.255.233 ping statistics —
3 packets transmitted, 0 received, 100% packet loss, time 1999ms

You see that 3 packets were transmitted, and 0 received. So there was 100 % packet loss. Which means that in ping terms, the IP 10.98.255.233 is dead on the network. A word of caution, if there is a firewall or some kind of screen device between your machine and this target IP, it could be that ICMP ECHO_REQUEST and ECHO_REPLY is blocked. So this is not the most accurate command. But if you are certain that there is no filtering between your IP and the destination IP, then this command will be very useful.

7) traceroute

As you all know, there’s usually more than one path to a website from your ISP link which is why the Internet is so resilient. And here we have a tool called traceroute that will basically print the route that your packets take to its destination host. Why is this useful? Say for example, you have access to yahoo.com, but you can’t access youtube.com. You send a traceroute to youtube.com and you notice that at some point, your packet times out. This means that there is probably some kind of problem at your ISP level and it’s time to call them for assistance.

A successful traceroute will look like this

[root@enterprise ~]# traceroute www.yahoo.com
traceroute to www.yahoo-ht2.akadns.net (209.191.93.52), 30 hops max, 38 byte packets
1 gphou-10-98-255-1 (10.98.255.1) 0.319 ms 0.190 ms 0.243 ms
2 gphou-10-98-241-4 (10.98.241.4) 0.355 ms 0.448 ms 0.612 ms
3 gphou-10-98-240-11 (10.98.240.11) 0.486 ms 0.449 ms 0.486 ms
4 f0-4.na21.b015619-0.iah01.atlas.cogentco.com (38.112.25.157) 0.861 ms 1.820 ms 0.862 ms
5 g0-1.core01.iah01.atlas.cogentco.com (66.28.64.61) 1.485 ms 1.569 ms 1.360 ms
6 p5-0.core01.dfw01.atlas.cogentco.com (66.28.4.97) 6.482 ms 9.188 ms 6.232 ms
7 t3-1.mpd01.dfw01.atlas.cogentco.com (154.54.2.94) 6.232 ms 6.434 ms 6.358 ms
8 t4-4.mpd01.dfw03.atlas.cogentco.com (154.54.6.66) 6.737 ms 8.438 ms 7.855 ms
9 yahoo.dfw03.atlas.cogentco.com (154.54.10.6) 6.857 ms 6.818 ms 6.732 ms
10 ge-0-1-0-p111.msr2.mud.yahoo.com (216.115.104.103) 8.730 ms ge-0-1-0-p101.msr1.mud.yahoo.com (216.115.104.99) 7.446 ms ge-1-1-0-p111.msr2.mud.yahoo.com (216.115.104.111) 7.449 ms
11 te-8-1.bas-c2.mud.yahoo.com (68.142.193.7) 7.692 ms te-9-1.bas-c2.mud.yahoo.com (68.142.193.11) 7.947 ms te-8-1.bas-c2.mud.yahoo.com (68.142.193.7) 7.697 ms
12 f1.www.vip.mud.yahoo.com (209.191.93.52) 7.847 ms 7.571 ms 7.980 ms

Notice that the IP in the last line (209.191.93.52) matches the IP of the host you ran the traceroute on. This is a proof that your traceroute was successful, and subsequently a check that the routes are working properly. Also notice that every hop is unique, if you saw that there was a duplicate entry every 2 hops, this would indicate a loop of some sort.

nslookup

So you still have trouble browsing or getting out to the web, but you’ve checked all your IP network settings and your physical connectivity. A possibility now is your DNS settings. An unsung hero in the world of browsers, and high end routers/switches, web 2.0, your DNS servers are the real enablers of your convenient online lifestyle. Imagine, typing http://69.147.114.210/ instead of http://www.yahoo.com. That’s the benefit of DNS, it translates those easy to remember names into IP addresses. And when you have a misconfigured DNS, you can get no where fast. That’s where nslookup comes in. It’s a builtin tool that allows you to query your Internet name servers interactively.

To query your nameservers for a website, use the following

[root@enterprise ~]# nslookup www.yahoo.com
Server: 207.218.192.38
Address: 207.218.192.38#53

Non-authoritative answer:
www.yahoo.com canonical name = www.yahoo-ht2.akadns.net.
Name: www.yahoo-ht2.akadns.net
Address: 209.191.93.52

We see that this command produced an answer, which indicates that DNS is working correctly on our machine. If however, we receive the following,

[root@enterprise ~]# nslookup www.yahoo.com
;; connection timed out; no servers could be reached

This tells us that DNS is not properly configured and that the /etc/resolv.conf file should be updated with the correct DNS servers. The DNS server information should be given by your ISP.

9) telnet

Besides being used as a tool to login to a telnet server, the telnet command is a great troubleshooting command for TCP based services. We know that almost all webservers run on TCP port 80. Therefore, we can telnet to port 80 of a web server to test connectivity. To mimic a browser, type in HEAD / HTTP and hit enter. Now you get a response back from the web server with some content.

[root@enterprise ~]# telnet www.yahoo.com 80
Trying 209.191.93.52…
Connected to www.yahoo.com (209.191.93.52).
Escape character is ‘^]’.
HEAD / HTTP
HTTP/1.1 400 Bad Request
Date: Sun, 04 Mar 2007 15:36:32 GMT
Connection: close
Content-Type: text/html; charset=iso-8859-1
Connection closed by foreign host.

Why is this useful? Say, you can actually telnet to port 80 on www.yahoo.com but you can’t pull it up on your browser. This could mean something is wrong with your browser settings. Use this command to impress your friends and your future geek wife.

10) tcpdump

We could go on and list more commands, but my hands are getting too tired. So we’ll end it with the tcpdump command. This command will produce a lot of information, but you’ll need to know how to interpret it. It can also be dangerous if you run it without piping (|) it to the more command.

So to understand tcpdump, you’ll need to understand at least TCP and UDP. So here’s my 10 second TCP and UDP tutorials.

A) TCP

TCP is a connection based protocol. It’s reliable and ordered. Web traffic (HTTP) is based on this. A communication between IP A and B starts out like this.

IP A – SYN
IP B – SYN ACK
IP A – ACK

B) UDP

UDP is a simple connectionless based protocol. It’s unreliable and unordered. It’s like throwing popcorn into your mouth one after the other. So it can be pretty fast because you’re not verifying and ordering the packets.

So how do we use this? Because you can pass bolean expressions, you can pass some pretty complicated options. But in our case, we want to troubleshoot our web connection to youtube.com which translates into 208.65.153.251. So we run the tcpdump that we should listen to the eth0 interface and look for the host 208.65.153.251. The result of the command is as follows

[root@enterprise ~]# tcpdump -i eth0 host 208.65.153.251
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:40:27.762271 IP blog.lxpages.com.37670 > 208.65.153.251.http: S 536184889:536184889(0) win 5840
10:40:27.809184 IP 208.65.153.251.http > blog.lxpages.com.37670: S 283485771:283485771(0) ack 536184890 win 8190
10:40:27.809196 IP blog.lxpages.com.37670 > 208.65.153.251.http: . ack 1 win 5840

Because this is a TCP based connection, let us recall from our TCP tutorial that this connection should start with a handshake. We see that in these 3 lines, an illustration of the 3 way handshake. In line 1, there is the SYN represented by S, in line 2 there is the SYN ACK represented by S and ack and in line 3 there is the ACK represented by ack.

If this connection did not go through, we would see something like this

[root@enterprise ~]# tcpdump -i eth0 host 208.65.153.251
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:47:38.322846 IP blog.lxpages.com.37946 > 208.65.153.251.http: S 995240639:995240639(0) win 5840
10:47:41.323078 IP blog.lxpages.com.37946 > 208.65.153.251.http: S 995240639:995240639(0) win 5840
10:47:47.321887 IP blog.lxpages.com.37946 > 208.65.153.251.http: S 995240639:995240639(0) win 5840

We see here that our host sends 3 SYNs without an SYN ACK, which indicates that we cannot reach the host on that port.

So there we have it, 10 network commands that we may use in Linux to troubleshoot our connections. These commands should definitely give you the ability to troubleshoot and gather information about your network troubles. For those who want a more basic tutorial on linux, check out Top 10 Linux Commands For Absolute Newbies.

Comments

• Categories

  • General
  • Health
  • Linux
  • PHP
  • Politics
  • Ruby
  • Security
  • SEO
  • Technology
  • Video Games
  • Web Design

• Sponsors