Linux Network Tools

From Dave-Wiki

Linux Network Troubleshooting Tools

Introduction

Linux provides a comprehensive set of tools to diagnose and troubleshoot network issues. These tools help in monitoring network traffic, checking connectivity, resolving DNS issues, and debugging network configurations.

Basic Connectivity Tools

ping

  • Used to check the reachability of a host on a network.
  • It sends ICMP Echo Request packets to the target and waits for an Echo Reply.
  • Can help detect packet loss and latency issues.
  • Example: `ping -c 4 8.8.8.8` (sends 4 packets instead of continuously pinging).

traceroute

  • Traces the path packets take to reach a destination, showing each hop along the route.
  • Helps diagnose routing issues and network latency problems.
  • Can be affected by ICMP blocking on intermediate nodes.
  • Example: `traceroute -n example.com` (avoids DNS resolution to speed up output).

mtr

  • Combines the functionality of `ping` and `traceroute`.
  • Continuously monitors network conditions and updates results in real-time.
  • Useful for identifying intermittent network problems.
  • Example: `mtr --report example.com` (runs a report and exits).

netstat

  • Displays active connections, routing tables, and network statistics.
  • Helps identify open ports and their associated processes.
  • Can show which services are actively listening.
  • Example: `netstat -tulnp` (shows active TCP/UDP listening ports and the associated processes).

ss

  • A faster alternative to `netstat` for displaying socket statistics.
  • Provides detailed socket connection information, including TCP states.
  • More efficient in large-scale environments.
  • Example: `ss -s` (summarizes socket statistics).

DNS and Name Resolution

nslookup

  • Queries domain name servers to obtain domain-related information.
  • Can query different DNS servers for troubleshooting purposes.
  • Example: `nslookup example.com 8.8.8.8` (queries Google's DNS server directly).

dig

  • Provides more detailed DNS lookup information compared to `nslookup`.
  • Can be used to check record types like A, MX, TXT, etc.
  • Example: `dig +short example.com` (displays only the resolved IP address).

host

  • Simple command for DNS lookup.
  • Can be used to find reverse DNS records.
  • Example: `host 8.8.8.8` (resolves an IP address to a hostname if available).

Network Interface and Configuration

ip

  • Displays and manipulates network interfaces, routing, and addresses.
  • Successor to `ifconfig`, offering more capabilities.
  • Example: `ip route show` (displays current routing table).

ifconfig (deprecated)

  • Older command for configuring network interfaces.
  • Still present on some older Linux distributions.
  • Example: `ifconfig eth0 down && ifconfig eth0 up` (restarts an interface).

ethtool

  • Displays and modifies Ethernet device settings such as speed and duplex mode.
  • Useful for diagnosing link speed and auto-negotiation issues.
  • Example: `ethtool eth0 | grep Speed` (checks the current speed of an interface).

iwconfig

  • Configures wireless network interfaces.
  • Useful for checking signal strength, frequency, and mode.
  • Example: `iwconfig wlan0` (displays wireless interface details).

Packet Analysis and Monitoring

tcpdump

  • Captures and analyzes network packets in real time.
  • Useful for diagnosing low-level network issues.
  • Example: `tcpdump -i eth0 port 80` (captures HTTP traffic on eth0).

tshark

  • Command-line version of Wireshark for packet analysis.
  • Supports detailed packet inspection and filtering.
  • Example: `tshark -i eth0 -Y "http.request"` (filters only HTTP requests).

iperf

  • Measures network bandwidth and performance between two endpoints.
  • Supports TCP and UDP throughput testing.
  • Example: `iperf -c server_address -p 5201` (tests bandwidth to the given server on port 5201).

nmap

  • Scans networks for open ports, services, and vulnerabilities.
  • Can identify the operating system and firewall rules of a host.
  • Example: `nmap -A example.com` (aggressive scan including OS detection and service enumeration).

netcat (nc)

  • Reads and writes data across networks, functioning as a port scanner, file transfer tool, or backdoor.
  • Example: `nc -lvp 1234` (sets up a listening server on port 1234).

Firewall and Security Tools

ufw

  • Simplifies firewall management, primarily used with Ubuntu and Debian-based distributions.
  • Example: `ufw allow 22/tcp` (allows SSH traffic).

iptables

  • Configures packet filtering rules for firewall management.
  • Example: `iptables -A INPUT -p tcp --dport 22 -j ACCEPT` (allows incoming SSH connections).

nftables

  • Successor to `iptables` for managing firewall rules.
  • More efficient and user-friendly than `iptables`.
  • Example: `nft list ruleset` (displays the current firewall ruleset).

Logs and Diagnostics

journalctl

  • Views system logs, including network-related logs.
  • Can filter logs based on time, service, or priority.
  • Example: `journalctl -u NetworkManager.service --since today` (shows today's logs for NetworkManager).

dmesg

  • Displays kernel ring buffer messages, useful for troubleshooting driver and hardware issues.
  • Example: `dmesg | grep eth` (filters logs for Ethernet-related messages).

systemctl

  • Manages system services, including networking services.
  • Can start, stop, and check the status of network services.
  • Example: `systemctl restart networking.service` (restarts networking services).

Conclusion

Understanding and using these tools effectively can help diagnose and resolve network issues on Linux systems efficiently. Mastery of these commands is essential for network administrators and IT professionals, ensuring smooth network operations and quick issue resolution.