Friday, August 26, 2011

Basic Linux Networking Tools

Verify Network Connection

Most people, who have been around redhat linux for a while, know how to check the IP address, and MAC address using ifconfig. Next, they would typically use route -n (or netstat -r) to find the gateway, and then ping it to verify a connection. Then maybe check duplex and speed using ethtool.

Check the IP Address

# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:15:17:C1:54:D4
inet addr:10.10.5.67 Bcast:10.10.5.255 Mask:255.255.255.0
inet6 addr: fe80::215:17ff:fec1:54d4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:342967 errors:0 dropped:0 overruns:0 frame:0
TX packets:353260 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64963573 (61.9 MiB) TX bytes:262444897 (250.2 MiB)
Memory:b8820000-b8840000


Discover the Gateway Address

Then, it is common to check the default route with route -n, or netstat -nr.

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
239.0.0.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth2
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.10.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3
0.0.0.0 10.10.5.1 0.0.0.0 UG 0 0 0 eth0


Then to verify the connection, look for the default gateway, and try to ping the router. Note that the default gateway has the Destination listed as 0.0.0.0. The Gateway is listed in the next column. In this example we use 10.10.5.1. The default gateway is also the router for the subnet we are connected to, so we should be able to ping it.

# ping 10.10.5.1
PING 10.10.5.1 (10.10.5.1) 56(84) bytes of data.
64 bytes from 10.10.5.1: icmp_seq=1 ttl=255 time=0.765 ms
64 bytes from 10.10.5.1: icmp_seq=2 ttl=255 time=0.649 ms
64 bytes from 10.10.5.1: icmp_seq=3 ttl=255 time=5.27 ms
64 bytes from 10.10.5.1: icmp_seq=4 ttl=255 time=0.738 ms
64 bytes from 10.10.5.1: icmp_seq=5 ttl=255 time=0.732 ms
64 bytes from 10.10.5.1: icmp_seq=6 ttl=255 time=0.542 ms
^C
--- 10.10.5.1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5144ms
rtt min/avg/max/mdev = 0.542/1.450/5.276/1.712 m



Check Network Mode and Speed

An easy way to verify the network connection speed is to use ethtool.

# ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pumbag
Wake-on: g
Current message level: 0x00000001 (1)
Link detected: yes


Notice that this is a way to verify that the connection is indeed using 1Gb Ethernet, and Full Duplex.

Configure the Network

Beyond these basic checks, there are files to configure, and services to start, if changes are needed.

Redhat has the command: system-config-network, but it may not put exactly what you want in the configuration files -- especially if there is more than one network interface.

Configure as a DHCP Client


/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=abc-01

/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
DHCP_HOSTNAME=abc-01


Configure With a Static IP Address


cat /etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=no
HOSTNAME=abc-01
GATEWAY=10.1.2.1
GATEWAYDEV=eth0

cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT="yes"
BOOTPROTO="none"
NETWORK=10.1.2.0
NETMASK=255.255.255.0
IPADDR=10.1.2.75


Notice that the hostname is set in a different place depending on whether the host is a DHCP client, or not. For static hosts, an entry is also added to /etc/hosts.

/etc/hosts
10.10.1.75 abc-01.example.com abc-01


After modifying these files, run:

service network restart

Other Troubleshooting Tools

Traceroute

Another utility used to verify network connectivity is traceroute. People often use traceroute with a well known site, e.g.

traceroute google.com

This will show the number of hops, or routers, as well as how many milliseconds it takes to reach each one.

If the hostname does not resolve, then it is time to troubleshoot DNS.

DNS Troubleshooting
The nameserver information is stored in /etc/resolv.conf, which looks something like this:

search example.com
nameserver 10.10.5.6
nameserver 10.10.7.8


nslookup

Another important command to help troubleshoot DNS is nslookup. In newer versions of linux, it has been replaced with the "host" and "dig" commands, but nslookup continues to work on some linux systems, and also works in Windows.


arp

Arp is used to map physical address (MAC address) to network address (IP address). Sometimes it is useful to find the MAC address of hosts on the network. To do that, simply ping a host, and then immediately run arp -a. We do this because the arp cache is temporary, and will only contain entries for hosts is has communicated with recently.