Computing co-exists with networking. Thus to operate a Linux
system you’ll find yourself very often involved with network operations. Those
operations may be between your system and the outside world (whether is a LAN
or the Internet) but they may also be inside your own kernel network stack.
One of my favorite packages ever is the net-tools package.
It is a set of very useful tools for configuring and gathering information
about your network resources.
So let’s start by installing the package, I’ll use my centos
7 server for the demonstration
Now let’s find and inspect the package to see what we got:
#rpm -qa | grep net-tools
Which gives the exact version of the package (net-tools-2.0-0.22.20131004git.el7.x86_64
)
To inspect that we give:
#rpm -ql net-tools-2.0-0.22.20131004git.el7.x86_64
Here we get a long file list with man pages, language files,
services etc, but we will focus on some binaries of the output list of the previous command:
/bin/netstat
/sbin/arp
/sbin/ifconfig
/sbin/iptunnel
/sbin/route
My favorite here is Netstat.
This command operates like a radar for your system, monitoring every single incoming
and outgoing network connection. So let’s play with that by giving:
#netstat –an
By examining the output, we spot two sections. The first
section displays the “Active Internet connections (servers and established)”
which is obviously the connections in and out of the machine.
Proto Recv-Q Send-Q Local
Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
Proto is the protocol type it can be tcp or udp, Recv-Q Send-Q is the
count of bytes in queue ready to be received or sent accordingly, for
this particular socket. Local address is the address of our machine and foreign
address is the address of the remote connected machine. In this example is zero
because the socket is in listening mode, this you can check by the last column
“State” which displays the TCP protocol state the time you hit the command.
Local address can be 127.0.0.1 or the machine’s unique local ip or machine’s
one of multiple ip addresses.
The second section of the output has the pattern:
ProtoRefCnt Flags Type State
I-Node Path
unix 2 [ ACC ]
STREAM LISTENING 17930 /var/run/lsm/ipc/sim
Here the Protocol column is always UNIX which represents a
UNIX socket. This kind of socket is used only for process interconnection and
not for external networking. The “Flags” column lists the opening TCP Flag of
the connection, the “Type” states if the connection is a stream or a datagram, “State” is the
current TCP state, next column is the I-node number where the process file is
located, and “Path” is the path of the process file.
Arp is a tool to
get information about the apr table on the machine, just for the redord ARP
stands for Addresss Resolution Protocoll and is basically maps an ip address to
a physical MAC address. So by giving:
#arp
We get the following structure
Address
HWtype HWaddress Flags
Mask Iface
gateway
ether d1:68:0a:4a:f2:da C enp1s0
Here we can see this mapping the MAC address (HWaddress) of
the gateway connected to our Ethernet (HWtype ) interface enp1s0 (Iface).
Ifconfgig is an
interface manipulation tool. With this you can change the IP settings (address ,netmask
,broadcast etc),enable or disable the interface, enter promiscuous mode or add
an alias.
So lets give:
#ifconfig virbr0-nic
virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether
52:54:00:0f:48:4d txqueuelen 1000 (Ethernet)
RX packets
0 bytes 0 (0.0 B)
RX errors
0 dropped 0 overruns 0
frame 0
TX packets
0 bytes 0 (0.0 B)
TX errors
0 dropped 0 overruns 0 carrier 0
collisions 0
“virbr0-nic” is the virtual bridge interface of my KVM
Hypervisor. Here we can see the type of the interface the MAC address and some
statistics about packet transmission.
Iptunnel is a
tool to create tunnels for ipv4 packet encapsulation. The use of it is a bit
complicated and I hope I can cover it in a future article
Route is a tool
to examine and manipulate your machines routing table. Giving
# route
We have the following output:
Destination Gateway
Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100
0 0 enp1s0
10.0.81.0 0.0.0.0 255.255.255.0 U 100
0 0 enp1s0
This is basically the kernel routing table which shows the
network path that a packet follows to reach its destination. The first line is
the default route which is the route the packet follows when no other path is
specified. Now by analyzing the columns of the routing table we can get
information about each route:
Destination is
the host or network address the packet is finally destined to, Gateway is the node that each packet
uses in order to reach an outside network, Genmask
is the netmask of the network, the Flags
column indicates information about the state or type of route, Metric is the distance of the target, Ref the number of references to this
route, Use is the count of lookups
for the route and iface the network
interface.
At last, of course I can’t exclude from the article traceroute and dig, although they’re not in network-tools packet.
So if we traceroute
a host we get a numbered list of hostnames which are simply the hops the packet
passes through in order to reach the final host destination.
Dig is a very
powerful tool which gives detailed dns information about an internet address,
Bonus command:
which gives us our external IP address
Of course there are many other network commands and tools,
but using the commands mentioned above is a very good toolset that will help
you to identify your network surroundings and troubleshoot possible anomalies.
