4.5. Common Network Tools

4.5. Common Network Tools
Prev	Chapter 4. Network Configuration	Next

Here is a short list of tools helpful when troubleshooting network connections.

4.5.1. ping

This tool sends an ICMP ECHO_REQUEST datagram to a host and expects an ICMP ECHO_RESPONSE.

Table 4.1. Options for ping

`-b`	ping a broadcast address
`-c N`	send `N` packets
`-q`	quiet mode: display only start and end messages

4.5.2. tcpdump

This is a tool used to analyse network traffic by capturing network packets. The following commands illustrate some options:

## Let tcpdump autodetect network interface
tcpdump 

##Specify a network interface to capture packets from
tcpdump -i wlan0

##Give an expression to match
tcpdump host 192.168.10.1 and port 80

Notice that in a switched environment the switch may be configured to send packets to a given network interface only if those packets were addressed to that interface. In that case it is not possible to monitor the whole network.

4.5.3. netstat

You may get information on current network connections, the routing table or interface statistics depending on the options used.

Table 4.2. Options for netstat

`-r`	same as /sbin/route
`-I`	display list of interfaces
`-n`	don't resolve IP addresses
`-p`	returns the PID and names of programs (only for root)
`-v`	verbose
`-c`	continuous update

Example 4.4. Output of netstat -inet -n

	Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address       Foreign Address         
tcp        0      0 192.168.1.10:139   192.168.1.153:1992      
tcp        0      0 192.168.1.10:22    192.168.1.138:1114     
tcp        0      0 192.168.1.10:80    192.168.1.71:18858

In the above listing you can see that the local host has established connections on ports 139, 22 and 80.

4.5.4. arp

This command will display the kernel address resolution cache where an interfaces hardware address is mapped to an IP.

At the network layer an interface is identified by its harware address (MAC address for Ethernet networks). The ARP protocol is used to resolve IPs (needed by the application protocol) to harware addresses (needed by the network protocol)

A tcpdump output

11:25:13.070528 arp who-has 10.1.1.1 tell ws1.example.com
11:25:13.070545 arp reply 10.1.1.1 is-at 00:0e:35:82:9c:04

Table 4.3. Main options for arp

`-n`	do not resolve IPs
`-d``HOSTNAME`	delete the entry for `HOSTNAME`. This may be needed if the same IP has been assigned to several network interfaces
`-s` `HOSTNAME HW_ADDR`	add an entry mapping for `HOSTNAME` with hardware address `HW_ADDR`

Example:

# arp
Address          HWtype  HWaddress            Iface
192.168.1.71     ether   00:04:C1:D7:CA:2D    eth0

4.5.5. traceroute

Displays the route taken from the local host to the destination host. Traceroute forces intermediate routers to send back error messages (ICMP TIME_EXCEEDED) by deliberately setting the TTL (time to live) value too low. After each TIME_EXEEDED notification traceroute increments the TTL value, forcing the next packet to travel further, until it reaches its destination.

Table 4.4. Options for traceroute

`-f TTL`	change the initial time to live value to TTL instead of 1
`-n`	do not resolve IP numbers
`-v`	verbose
`-w sec`	set the timeout on returned packets to sec

Prev	Up	Next
4.4. Routing	Home	4.6. Exercises and Summary