TimeLinux1

Friday, October 1, 2010

Linux HowTo: Common Network Diagnostic Tools


Here is a short description of five common network diagnosing tools available in Linux:
       . ping           - simple icmp pkt to check n/w conn
       . traceroute  - sends a series of 3 test packets to each host en route between two hosts.
       . tracepath   - similar to traceroute but produces one line for each pkt so more verbose.
       . netstat       - useful for several places (see below)
       . tcpdump    - a packet sniffer, ie intercepts n/w pkts and log them or display them
-Examples
        # ping -c 10 ms_comp                          - c = count
        # traceroute -n ms_comp                      - n = numeric ip instead of hostnames - useful when dns has probs.
        # netstat -i ethn                                   - interface ethernet status
        # netstat -r                                           - routing table; combine with -n (eg netstat -rn) for numeric IP report
        # netstat -M                                         - show ip masquerading info.
        # netstat -a                                           - shows all ports, esp open ports
Note:
          -if local ping is successful but no response from destn => router prob. 
          -if hostname resolve not happening                              => dns prob.
          -if times are highly variable or missed times                => busy router or physical dist bet routers too great.
          -if lost pkt in first hop                                                  => local prob. if lost pkt in last hop => remote prob.
          -if ping works but traceroute doesnt                            => router is programed to drop traceroute pkts.

-tcpdump  - Dumps TCP/IP Traffic between hosts
           -tcpdump - low level packet sniffer. to be used with care after permissions from your manager as it can sniff sensitive data.
           -tcpdump is run as root.
           -tcpdump outputs one line for each packet it monitors. sometimes the lines are long and wrap around on the screen.
-eg:     # tcpdump [-c n]                            - count n packets
           # tcpdump -v                                 - verbose or -vv for very verbose


Note: 
- Like tcpdump, there is a graphical alternative called wireshark. Wireshark can read and graph tcpdump output.
- Packet Sniffers like tcpdump and wireshark can work even if they not running on sender / recvr. This means anyone having access to your network can sniff packets between any two nodes. So some organizations forbid running packet sniffers altogether--so take permission from your manager before you run tcpdump, wireshark, nmap etc.
Posted by Unknown at 6:58 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)