LPI Linux Certification in a Nutshell (62 page)
Read LPI Linux Certification in a Nutshell Online
Authors: Adam Haeder; Stephen Addison Schneiter; Bruno Gomes Pessanha; James Stanger
Tags: #Reference:Computers
Network Troubleshooting (Topic 109.3)
Even the simplest of network installations will at times require
troubleshooting. Every Linux system administrator needs to understand not
only where to start the troubleshooting process but also what tools are
available to aid in this endeavor. This chapter covers the following
Objective:
- Objective 3: Basic Network
Troubleshooting Candidates should be able to perform basic
troubleshooting steps in diagnosing network connectivity issues and
configuration. This Objective includes tools that show information
about local computer configuration and the testing communication with
computers on local network and remote connections. Some of these tools
may also be used for network configuration, as discussed in the
previous Objective. Candidates should be able to view, change, and
verify configuration settings and operational status for various
network interfaces. Weight: 4.
One important part of an administrator’s role is troubleshooting
connectivity issues and tracking down sources of problems. Many of the
tools introduced earlier in this book may also be used as troubleshooting
tools to assist in this process. This objective revisits some of these
commands and discusses how they may be used as diagnostic resources in
addition to configuration resources.
ping
ping [options]destination
Send an ICMPECHO_REQUESTdatagram todestination, expecting an ICMPECHO_RESPONSE.
ping
is
frequently used to test basic network connectivity. See
Objective 1: Fundamentals of Internet Protocols
for a more
complete description.
host
host [options]name[server]
Look up the system with IP address ornameon the DNSserver.
- -l
List the entire domain, dumping all hosts registered on
the DNS server (this can be very long).- -v
Set verbose mode to view output.
$host oreilly.comoreilly.com has address 208.201.239.37
oreilly.com has address 208.201.239.36
$host -v oreilly.comTrying "oreilly.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60189
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;oreilly.com. IN A
;; ANSWER SECTION:
oreilly.com. 877 IN A 208.201.239.100
oreilly.com. 877 IN A 208.201.239.101
Received 61 bytes from 192.168.1.220#53 in 0 ms
Trying "oreilly.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1045
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;oreilly.com. IN AAAA
;; AUTHORITY SECTION:
oreilly.com. 3577 IN SOA nsautha.oreilly.com. \
nic-tc.oreilly.com. 86 600 1800 604800
Received 80 bytes from 192.168.1.220#53 in 0 ms
Trying "oreilly.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18547
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;oreilly.com. IN MX
;; ANSWER SECTION:
oreilly.com. 3577 IN MX 20 smtp1.oreilly.com.
oreilly.com. 3577 IN MX 20 smtp2.oreilly.com.
;; ADDITIONAL SECTION:
smtp1.oreilly.com. 3577 IN A 209.204.146.22
smtp2.oreilly.com. 3577 IN A 216.204.211.22
Received 105 bytes from 192.168.1.220#53 in 0 ms
traceroute
traceroute [options]destination
Display the route that packets take to reachdestination, showing intermediate gateways
(routers). There is no direct way to make this determination, so
traceroute
uses a trick to obtain as much
information as it can. By using the time-to-live (TTL) field in the IP
header,
traceroute
stimulates error responses
from gateways. The time-to-live field specifies the maximum number of
gateway hops until the packet should expire. That number is
decremented at each gateway hop, with the result that all packets will
die at some point and stop roaming the Internet. To get the first
gateway in the route,
traceroute
sets the
time-to-live parameter to 1. The first gateway in the route todestinationdecrements the counter, and
finding a zero result, reports an ICMPTIME_EXCEEDEDmessage back to the sending
host. The second gateway is identified by setting the initial
time-to-live value to 2, and so on. This continues until aPORT_UNREACHABLEmessage is returned,
indicating that the host has been contacted. To account for the
potential for multiple gateways at any one hop count, each probe is
sent three times.
The display consists of lines showing each gateway, numbered for
the initial time-to-live value. If no response is seen from a
particular gateway, an asterisk is printed. This happens for gateways
that don’t return “time exceeded” messages, or do return them but set
a very low time-to-live on the response. Transit times for each probe
are also printed.
- -f
ttl Set the initial probe’s time-to-live value to
ttl, instead of 1.- -n
Display numeric addresses instead of names.
- -v
Use verbose mode.
- -w
secs Set the timeout on returned ICMP packets to
secs, instead of 5.
$
traceroute lpi.org
traceroute to lpi.org (24.215.7.162), 30 hops max, 40 byte packets
1 96.64.11.1 (96.64.11.1) 12.689 ms 5.018 ms 9.861 ms
2 ge-1-28-ur01.east.tn.knox.comcast.net (68.85.206.181) \
8.712 ms * 10.868 ms
3 te-8-1-ar01.bluelight.tn.knox.comcast.net (68.86.136.30) \
15.109 ms 6.932 ms 24.996 ms
4 * te-0-8-0-4-crs01.b0atlanta.ga.atlanta.comcast.net (68.85.232.97) \
41.966 ms 51.914 ms
5 pos-1-4-0-0-cr01.atlanta.ga.ibone.comcast.net (68.86.90.121) \
38.775 ms 26.511 ms 32.650 ms
6 68.86.86.86 (68.86.86.86) 41.428 ms 40.369 ms 46.387 ms
7 75.149.230.74 (75.149.230.74) 56.789 ms 29.051 ms 28.835 ms
8 xe-5-3-0.chi10.ip4.tinet.net (89.149.185.37) 84.556 ms \
123.707 ms 123.579 ms
9 peer1-gw.ip4.tinet.net (77.67.71.22) 70.550 ms 39.203 ms 39.795 ms
10 oc48-po1-0.tor-1yg-cor-1.peer1.net (216.187.114.142) \
52.049 ms 80.272 ms 68.667 ms
11 10ge.xe-0-0-0.tor-151f-cor-1.peer1.net (216.187.114.134) \
67.809 ms 45.667 ms 45.157 ms
12 oc48-po7-0.tor-151f-dis-1.peer1.net (216.187.114.149) \
97.586 ms 48.451 ms 45.559 ms
13 peer1-tor-gw.colosseum (66.199.142.250) \
56.156 ms 93.090 ms 78.800 ms
14 core-main.mountaincable.net (24.215.3.185) \
59.369 ms 52.889 ms 111.326 ms
15 24.215.7.110 (24.215.7.110) 50.487 ms 114.975 ms 44.655 ms
16 clark.lpi.org (24.215.7.162) 54.705 ms 84.838 ms 46.562 ms
In this example, there are 15 hops to
http://www.lpi.org
, reached with a time-to-live value
of 16. All three probes of all time-to-live counts are
successful.
netstat
netstat [options]
Depending on options,
netstat
displays network connections, routing tables, interface statistics,
masqueraded connections, and multicast memberships. Much of this is
beyond the scope of the LPIC Level 1 Exams, but you must be aware of
the command and its basic use.
- -c
Continuous operation. This option yields a
netstat
display every second until
interrupted with Ctrl-C.- -i
Display a list of interfaces.
- -n
Numeric mode. Display addresses instead of host, port, and
usernames.- -p
Programs mode. Display the process ID (PID) and process
name.- -r
Routing mode. Display the routing table in the format of
the
route
command.- -v
Verbose mode.
Display the interfaces table and statistics (the example output
is truncated):
#netstat -iKernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK
eth0 1500 0 1518801 37 0 0 713297
lo 3924 0 365816 0 0 0 365816
To show all current connections without resolving hostnames and
protocol names:
#netstat -an --tcpActive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:34031 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 1 0 10.41.81.148:59667 10.41.0.47:3268 CLOSE_WAIT
tcp 0 0 10.41.81.148:45449 64.4.34.61:1863 ESTABLISHED
tcp 0 0 10.41.81.148:53284 10.41.0.32:143 ESTABLISHED
tcp 0 0 10.41.81.148:33722 10.41.0.38:22 ESTABLISHED
tcp 0 0 10.41.81.148:42261 74.125.77.83:443 ESTABLISHED
tcp 0 0 10.41.81.148:54879 83.85.96.153:3490 ESTABLISHED
tcp 0 0 10.41.81.148:42262 74.125.77.83:443 ESTABLISHED
tcp 0 0 10.41.81.148:34054 195.86.128.44:22 ESTABLISHED
tcp 0 0 10.41.81.148:46150 212.100.160.43:5222 ESTABLISHED
tcp 0 0 :::6000 :::* LISTEN
udp 0 0 127.0.0.1:46958 0.0.0.0:*
udp 0 0 0.0.0.0:34031 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
To show the PID and name of the process to which each socket
belongs, to identify what could be causing a problem:
$netstat -p(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address \
State PID/Program name
tcp 0 0 server01.domain.:60032 ew-in-f18.1e100.n:https \
ESTABLISHED 4698/firefox-bin
tcp 0 0 server01.domain.:40343 messaging.n:xmpp-client \
ESTABLISHED 4680/pidgin
tcp 0 0 server01.domain.:53533 srdc-mail-01 :imap \
ESTABLISHED 4679/evolution
tcp 0 0 server01.domain.:40292 195.86.25.214:http \
ESTABLISHED 4698/firefox-bin
tcp 0 0 server01.domain.:60209 ew-in-f147.1e100.n:http \
ESTABLISHED 4698/firefox-bin
tcp 0 0 server01.domain.:60031 ew-in-f18.1e100.n:https \
TIME_WAIT -
tcp 0 0 server01.domain.:55647 ew-in-f83.1e100.n:https \
ESTABLISHED 4698/firefox-bin
tcp 0 0 server01.domain.:35718 ew-in-f102.1e100.n:http \
ESTABLISHED 4698/firefox-bin
tcp 0 0 server01.domain.:57265 sn1msg2010707.phx.:1863 \
TIME_WAIT - netstat
tcp 0 0 server01.domain.:58931 195.86.25.214:http \
ESTABLISHED 4698/firefox-bin
tcp 0 0 server01.domain.:47146 backup2. :ssh \
ESTABLISHED 5113/ssh
tcp 0 0 server01.domain.:52707 g199040.upc-g.chel:4130 \
ESTABLISHED 4682/skype
tcp 0 0 server01.domain.:56608 bay5-terminal.bay5:1863 \
ESTABLISHED 4680/pidgin
tcp 1 0 server01.domain.:51980 server02 :3268 \
CLOSE_WAIT 4709/evolution-data
tcp 0 0 server01.domain.:36070 195.86.25.214:http \
ESTABLISHED 4698/firefox-bin
tcp 0 0 server01.domain.:60212 ew-in-f147.1e100.n:http \
ESTABLISHED 4698/firefox-bin
On the Exam
While the creation of complete network management scripts from
scratch is beyond the scope of the LPIC Level 1 Exams, you must be
familiar with these commands individually, their functions, how they
are used, and when to use them. For example, you must be familiar
with
route
and its use in establishing routes
to the loopback device, the localhost, and the gateway machine, and
the creation of the default gateway route. A general understanding
of the routing table display is also required. Questions may ask you
to determine the cause of a network problem based on the routing
configuration (such as a missing default route).
Network interfaces are established in the kernel at boot
time by probing Ethernet hardware. As a result, these interfaces always
exist unless the hardware or kernel module is removed. The interfaces
are transient and exist only when they are in use.
To list interface parameters, use
ifconfig
with the interface name:
#ifconfig eth0eth0 Link encap:Ethernet HWaddr 00:A0:24:D3:C7:21
inet addr:192.168.1.30 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:1857128 errors:46 dropped:0 overruns:0 frame:46
TX packets:871709 errors:0 dropped:0 overruns:0 carrier:0
collisions:2557 txqueuelen:100
Interrupt:10 Base address:0xef00
If you run
ifconfig
without any parameters,
it displays all active interfaces, including the loopback interface
lo
and perhaps a PPP interface if a modem is dialed
into a service provider or a wireless interface such as
ath0
if you have an active wireless card.
To shut down a network interface that is currently running, simply
use
ifconfig
with the
down
keyword:
#ifconfig eth0 down
When the interface goes down, any routes associated with it are
removed from the routing table. For a typical system with a single
Ethernet interface, this means that the routes to both the interface and
the default gateway will be lost. Therefore, to start a previously
configured network interface,
ifconfig
is used with
up
, followed by the necessary
route
commands. For example:
#ifconfig eth0 up#route add -host 192.168.1.30 eth0#route add default gw 192.168.1.1 eth0
To reconfigure interface parameters, follow those same procedures
and include the changes. For example, to change to a different IP
address, the address is specified when bringing up the interface and
adding the interface route:
#ifconfig eth0 down#ifconfig eth0 192.168.1.60 up#route add -host 192.168.1.60 eth0#route add default gw 192.168.1.1 eth0
Your distribution probably supplies scripts to handle some of
these chores. For example, Red Hat systems come with scripts such as
ifup
and
ifdown
, which handle
all the details necessary to get an interface and its routes up and
running, based on configuration files in
/etc/sysconfig/network-scripts/
.
On the Exam
Be prepared to answer questions on the use of
ifconfig
and
route
for basic
interface manipulation. Also remember that scripts that use these
commands, both manually and automatically, are usually available at
boot time.
dig
is the most complete and powerful
DNS utility and is available in most Unix/Linux systems. The tool will
use the default nameservers defined in the
resolv.conf
file:
#dig www.oreilly.com; <<>> DiG 9.4.3-P1 <<>> www.oreilly.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17863
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.oreilly.com. IN A
;; ANSWER SECTION:
www.oreilly.com. 161 IN CNAME oreilly.com.
oreilly.com. 448 IN A 100.201.239.100
oreilly.com. 448 IN A 100.201.239.101
;; Query time: 4 msec
;; SERVER: 100.100.0.43#53(100.100.0.43)
;; WHEN: Mon Dec 14 14:48:55 2009
;; MSG SIZE rcvd: 79
Sometimes it’s also useful to query nameservers other than the
default. This can be done without changing the default address in
resolv.conf
, by using
@
plus
the nameserver’s IP address:
#dig @10.20.10.10 www.oreilly.com; <<>> DiG 9.4.3-P1 <<>> www.oreilly.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17863
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.oreilly.com. IN A
;; ANSWER SECTION:
www.oreilly.com. 161 IN CNAME oreilly.com.
oreilly.com. 448 IN A 100.201.239.100
oreilly.com. 448 IN A 100.201.239.101
;; Query time: 4 msec
;; SERVER: 10.20.10.10#53(10.20.10.10)
;; WHEN: Mon Dec 14 14:48:55 2009
;; MSG SIZE rcvd: 79
If PTR (reverse) records are missing, this can affect many network
services that rely on these records, such as SSH. PTR records provide a
way to map an IP address back to a fully qualified domain name. All
reverse lookups should be configured when adding new addresses or
changing addresses on the server.
dig
can be used
to validate the presence of the PTR records:
#dig –x 208.201.239.100; <<>> DiG 9.4.3-P1 <<>> -x 208.201.239.100
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28685
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;100.239.201.208.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.239.201.208.in-addr.arpa. 3600 IN PTR oreilly.com.
;; Query time: 298 msec
;; SERVER: 10.20.10.10#53(10.20.10.10)
;; WHEN: Mon Dec 14 15:01:01 2009
;; MSG SIZE rcvd: 71
The mail exchange (MX) record for a domain defines the server that
accepts SMTP email for that domain. To search for the MX records for a
specific domain, use:
#dig mx www.oreilly.com; <<>> DiG 9.4.3-P1 <<>> mx oreilly.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31415
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;oreilly.com. IN MX
;; ANSWER SECTION:
oreilly.com. 3600 IN MX 20 smtp10.oreilly.com.
oreilly.com. 3600 IN MX 20 smtp20.oreilly.com.
;; Query time: 153 msec
;; SERVER: 10.20.10.10#53(10.20.10.10)
;; WHEN: Mon Dec 14 15:08:19 2009
;; MSG SIZE rcvd: 73
On the Exam
Be familiar with the basics of the
dig
syntax and how it’s used to query DNS
information
.
