By Heike Jurzik
Getting help can be expensive if your Internet connection unexpectedly fails, or if you can't access the computers on your local network. Various command line tools can help you troubleshoot your network. ping and traceroute check the availability of other computers; you can contact nameservers with host and dig, and netstat helps you discover what is happening on your system.
The ifconfig tool lets you check your own computer's network interface. This practical utility not only outputs information for your current configuration, but also helps you set up the interface. To display the current settings, just run /sbin/ifconfig without any parameters. As the program resides in /sbin, which is not typically in the user's $PATH, you will need to specify the full path.
Listing 1 shows the command and the output for each interface in a separate section. The computer in this example has a network card (eth0) with an IP address of (inet addr) 10.195.34.14. You can also see details of the broadcast address (Bcast), and the netmask (Mask). The UP tag shows that the interface is active; RX shows the number of received, and TX the number of transmitted packets.
Additionally, the loopback interface (lo) is configured. This is the interface that gives users internal access to the machine via the 127.0.0.1 IP address and the localhost name. The third interface in this listing is a DSL connection, ppp0; the computer has an Internet address of 11.22.33.44.
| Listing 1: ifconfig Output |
01 $ /sbin/ifconfig 02 eth0 Link encap:Ethernet HWaddr 00:30:48:70:4B:40 03 inet addr:10.195.34.14 Bcast:10.195.34.255 Mask:255.255.255.0 04 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 05 (...) 06 RX packets:1162180567 errors:0 dropped:449 overruns:0 frame:0 07 TX packets:2046191782 errors:0 dropped:0 overruns:0 carrier:0 08 (...) 09 lo Link encap:Local Loopback 10 inet addr:127.0.0.1 Mask:255.0.0.0 11 (...) 12 ppp0 Link encap:Point-Point Protocol 13 inet addr:11.22.33.44 P-t-P:11.22.33.55 Mask:255.255.255.0 14 (...) |
Thanks to a practical invention called the Domain Name Service, nobody is forced to remember complex IP addresses; instead you can use domain names to contact computers. dig or host at the command line will let you check whether your DNS configuration is working properly. Both tools expect either a domain name or an IP address as an argument, and name resolution works in both directions.
Listing 2 has an example of a dig query. Besides the QUESTION SECTION, dig also outputs an ANSWER SECTION. The IP address for the domain name passed to dig follows the A. To resolve in the opposite direction, that is from an IP address to a domain name, you need to specify the -x option.
| Listing 2: dig Query Example |
01 $ dig www.linux-magazine.com 02 ; <<>> DiG 9.2.4 <<>> www.linux-magazine.com 03 ;; global options: printcmd 04 ;; Got answer: 05 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15715 06 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1 07 ;; QUESTION SECTION: 08 ;www.linux-magazine.com. IN A 09 ;; ANSWER SECTION: 10 www.linux-magazine.com. 73628 IN A 87.106.38.241 11 (...) |
The host tool does not need a parameter to specify the resolver direction; although it does not give you quite as much information as dig, it will accept IPs and domain names without protest. There is an example in Listing 3: several domain names often share the same IP address - when a webserver hosts different pages, for example. At the same time, a domain name can resolve to multiple IP addresses: heavily used websites, such as Google or eBay, use multiple webservers for performance reasons.
| Listing 3: Domain Name with Multiple IPs |
01 $ host www.google.com 02 www.google.com is an alias for www.l.google.com. 03 www.l.google.com has address 66.102.9.104 04 www.l.google.com has address 66.102.9.147 05 www.l.google.com has address 66.102.9.99 |
If your computer is not directly connected to the Internet, but uses a router instead, you can run the route command to output your routing table. Again you need to enter the full path for this command. To output the IP addresses instead of hostnames, additionally set the -n parameter.
The output from this command is a table with the target as the first column header (Destination). The last column contains the interface forwarding the packets. In our example (Listing 4), all packets sent to IP addresses that start with 10.195.34. use the network interface eth0. The Internet connection is shown in the second line: if the target address does not start with 10.195.34., the packet is first sent to 10.195.34.5 (the router), which will take care of forwarding.
| Listing 4: Routing Table |
01 $ /sbin/route -n 02 Kernel IP routing table 03 Destination Gateway Genmask Flags Metric Ref Use Iface 04 10.195.34.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 05 0.0.0.0 10.195.34.5 0.0.0.0 UG 0 0 0 eth0 |
The ping command lets you check if a machine is reachable. The program expects an IP address or hostname as input, and measures the target's response. To test if your Internet connection is working, you can ping a computer outside of your own network, such as ping -c 8 www.google.com.
The program sends ICMP packets to the specified computer, which will typically respond with ICMP packets. If you do not specify any additional parameters, the test will continue until you quit ping by pressing the [Ctrl]+[C] keyboard shortcut. The -c number option lets you restrict the number of packets to exchange. After completing the packet exchange, ping outputs statistics with the round trip times that additionalyl tell you how many packets have been lost (Figure 1).
ping is a great way to isolate various common errors:
Although ping tells you whether you can reach a server, it does not tell you what path the packets took across the network. To find that out, you need the traceroute tool. Again, you need to pass an IP address or hostname to the tool (Figure 2).
Just like ping, traceroute sends trace packets across the network. The packets have a kind of "best by" stamp (TTL = "Time To Live"). When an "out of date" packet reaches a host, the host sends an error message to the source machine and discards the packet. If the packet is valid, it decrements the TTL and forwards the packet to the next station en route.
The error messages trace the route. traceroute increases the TTL for each step to let the packets travel one station further. A packet with a TTL of 2 will reach the second intermediate address. TTL 3 reaches the third station, and so on. traceroute repeats this transmissionthree times for each machine, and waits three seconds for the individual machines to respond.
traceroute can take different paths - if you trace the same machine twice, and see different intermediate addresses, there is no need to worry. If you see asterisks as in Figure 2, you have probably reached a firewall en route, although packets can simply disappear.
traceroute uses UDP packets by default, although you can specify the -I option to use ICMP packets instead. If the output contains an unusually large number of asterisks, you can assume that the tool has tripped up over all those the firewalls. In this case, you might like to try tcptraceroute, a program that transmits TCP packets configured to use port 80, the port on which most web servers listen. If you know the target does not run a web service, just specify the port. To contact a machine via port 22 (SSH), type the following:
$ tcptraceroute target 22
mtr is a neat combination of ping and traceroute. You need to specify the target machine when you launch mtr. The resulting output shows the changing path taken by the packets, displaying the individual stations and continuing to ping until you quit by pressing [Q]. As an alternative, you can specify a limited number of packets; for example mtr -c 12 targets quits mtr after sending a dozen packets to the target.
netstat is another program that lets you discover errors in your network configuration. Without any parameters, netstat returns the status of open sockets.
The -e gives you additional information about the UID; -p provides information about the PID and the name of the program that opened the socket. The -a outputs all services, either active services or server sockets listening for connections. If you are only interested in TCP connections, you can additionally specify the -t option. The example in Listing 5 shows both the FTP and SMTP services running. One user has opened an FTP connection to the machine, and another is surfing the web.
| Listing 5: netstat Output |
01 $ netstat -atp | less 02 Active Internet connections (servers and established) 03 Proto Recv-Q Send-Q Local Address Foreign Address State 04 (...) 05 tcp 0 0 *:ftp *:* LISTEN - 06 tcp 0 0 *:smtp *:* LISTEN - 07 (...) 08 tcp 0 0 <rechner>:ftp host217-36-121-129:1543 ESTABLISHED- 09 tcp 0 83308 <rechner>:www ppp117-248.lns1.bn:2963 ESTABLISHED- |