TCP/IP Network Diagnostics

Looking at Network Interface Status

Use the /sbin/ifconfig command to view the currently configured network interfaces. The ifconfig command is used to configure a network interface (that is, to associate an IP address with a network device). If you run ifconfig without any command-line arguments, the command displays information about the current network interfaces. The following is a typical invocation of ifconfig and the resulting output:

/sbin/ifconfig
eth0      Link encap:Ethernet  HWaddr 02:60:8C:8E:C6:A9
          inet addr:192.168.0.4  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING  MTU:1500  Metric:1
          RX packets:2738 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1397 errors:0 dropped:0 overruns:0 carrier:0
          collisions:6
          RX bytes:638288 (623.3 Kb)  TX bytes:575658 (562.1 Kb)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:3148 (3.0 Kb)  TX bytes:3148 (3.0 Kb)

This output shows that two interfaces—the loopback interface (lo) and an Ethernet card (eth0)—are currently active on this system. For each interface, you can see the IP address, as well as statistics on packets delivered and sent. If the Red Hat Linux system had a dial-up PPP link up and running, you’d also see an item for the ppp0 interface in the output.

Viewing the IP Routing Table

The other network configuration command, /sbin/route, also provides status information when it is run without any command-line argument. If you are having trouble checking a connection to another host (that you specify with an IP address), check the IP routing table to see whether a default gateway is specified. Then check the gateway’s routing table to ensure that paths to an outside network appear in that routing table.

A typical output from the /sbin/route command looks like the following:

/sbin/route
Kernel IP routing table
Destination    Gateway        Genmask         Flags Metric Ref  Use Iface
192.168.0.0    *              255.255.255.0   U     0      0      0 eth0
127.0.0.0      *              255.0.0.0       U     0      0      0 lo
default        192.168.0.1    0.0.0.0         UG    0      0      0 eth0 

As this routing table shows, the local network uses the eth0 Ethernet interface, and the default gateway is also that Ethernet interface. The default gateway is a routing device that handles packets addressed to any network, other than the one in which the Linux system resides. In this example, packets addressed to any network address other than ones that begin with 192.168.0 are sent to the gateway—192.168.0.1. The gateway forwards those packets to other networks (assuming, of course, that the gateway is connected to another network).

Checking Connectivity to a Host

To check for a network path to a specific host, use the ping command. Ping is a widely used TCP/IP tool that uses a series of Internet Control Message Protocol (ICMP, often pronounced as eye-comp) messages. (ICMP provides for an Echo message to which every host responds.) Using the ICMP messages and replies, Ping can determine whether or not the other system is alive and can compute the round-trip delay in communicating with that system.

The following example shows how I run Ping to see whether or not one of the systems on my network is alive:

ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) from 192.168.0.4 : 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=0 ttl=254 time=2.116 msec
64 bytes from 192.168.0.1: icmp_seq=1 ttl=254 time=1.770 msec
64 bytes from 192.168.0.1: icmp_seq=2 ttl=254 time=1.759 msec
64 bytes from 192.168.0.1: icmp_seq=3 ttl=254 time=1.778 msec

--- 192.168.0.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/mdev = 1.759/1.855/2.116/0.159 ms

In Red Hat Linux, Ping continues to run until you press Ctrl+C to stop it, then it displays summary statistics showing the typical time it takes to send a packet between the two systems. On some systems, Ping simply reports that a remote host is alive. However, you can still get the timing information with appropriate command-line arguments.

You can also use the traceroute command to check connectivity to a host and more. The traceroute command prints the route that packets take from your system to another system on the Internet. For example, here is an example of using traceroute to print the route from a system to www.noaa.gov:

traceroute www.noaa.gov
traceroute to www.noaa.gov (192.64.69.81), 30 hops max, 38 byte packets
 1  192.168.0.1 (192.168.0.1)  1.509 ms  1.431 ms  4.980 ms
 2  10.75.216.1 (10.75.216.1)  11.286 ms  11.882 ms  9.594 ms
 3  172.30.103.65 (172.30.103.65)  11.734 ms  10.752 ms  9.883 ms
 4  172.30.103.131 (172.30.103.131)  10.438 ms  10.372 ms  14.481 ms
 5  172.30.100.186 (172.30.100.186)  11.101 ms  11.662 ms  12.423 ms
 6  68.48.0.174 (68.48.0.174)  10.901 ms  9.610 ms  9.946 ms
 7  12.126.168.5 (12.126.168.5)  11.715 ms  11.852 ms  11.880 ms
 8  * * *
 9  ggr1-p3100.wswdc.ip.att.net (12.122.11.238)  12.151 ms  12.659 ms  11.249 ms
10  dca-brdr-02.inet.qwest.net (205.171.1.137)  16.740 ms  28.900 ms  15.532 ms
11  dca-core-02.inet.qwest.net (205.171.9.57)  17.833 ms  14.777 ms  16.378 ms
12  dca-edge-03.inet.qwest.net (205.171.9.62)  17.521 ms  17.292 ms  17.737 ms
13  65.125.14.202 (65.125.14.202)  16.435 ms  15.841 ms  15.776 ms
14  140.90.76.106 (140.90.76.106)  15.904 ms  16.826 ms  17.882 ms
15  140.90.111.36 (140.90.111.36)  18.668 ms  17.289 ms  16.816 ms
16  rainbow.hpcc.noaa.gov (192.64.69.81)  17.532 ms  19.369 ms  19.142 ms

Checking Network Status

To check the status of the network, use the netstat command. This command displays the status of network connections of various types (such as TCP and UDP connections). You can view the status of the interfaces quickly with the -i option, as follows:

netstat -i
Kernel Interface table
Iface   MTU Met RX-OK RX-ERR RX-DRP RX-OVR   TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0   1500   0  2963      0      0      0    1531      0      0      0 BNRU
lo    16436   0    48      0      0      0      48      0      0      0 LRU

In this case, the output shows the current status of the loopback and Ethernet interfaces. Table 6-1 describes the meanings of the columns.

Another useful netstat option is -t, which shows all active TCP connections. Following is a typical result of netstat -t on one of my Linux PCs:

netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 dhcppc3:ftp             192.168.0.2:1454        ESTABLISHED
tcp        0      0 dhcppc3:ftp-data        192.168.0.2:1455        TIME_WAIT
tcp        0    138 dhcppc3:telnet          192.168.0.2:1250        ESTABLISHED
tcp        0      0 dhcppc3:1054            ftp25c.newaol.com:ftp   ESTABLISHED
tcp        0      1 dhcppc3:1055            ftp25c.newaol.com:59095 LAST_ACK

In this case, the output columns show the protocol (Proto), the number of bytes in the receive and transmit queues (Recv-Q, Send-Q), the local TCP port in hostname:service format (Local Address), the remote port (Foreign Address), and the state of the connection.

netstat -tn

Using the ip Command

The Linux kernel comes with a powerful IP routing engine together with an ip command that looks similar to the command with the same name that Cisco IOS supports (Cisco IOS is the operating system that runs on Cisco routers). You can use the ip command to manage or get information about network objects. The general syntax of the ip command is as follows:

ip [options] OBJECT [command [arg1 arg2 ...]]

where options are flags that modify the behavior of the command, OBJECT is the network object you want to manage or view, and command is the action you want to perform. The command may take zero or more arguments, as indicated by arg1, arg2, . . . in the syntax.

The objects you can manage or view with the ip command are the following:

• link—Refers to network devices such as eth0 and ppp0

• address—Refers to the IP or IPv6 address of a network device

• neighbor—Refers to an entry in the Address Resolution Protocol (ARP) that associates an IP address to a physical Ethernet address

• route—Refers to entries in the routing table

• rule—Refers to rules in the routing policy database

• maddress—Refers to multicast address

• mroute—Refers to entries in the multicast routing cache

• tunnel—Refers to a tunnel over IP

To view information about the network interfaces, use the following ip command:

ip address show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:08:74:e5:eb:56 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.7/24 brd 192.168.0.255 scope global eth0

This tells you that the eth0 interface is associated with the inet address 192.168.0.7/24. The /24 stands for the number of bits that are in the network address. There are 32 bits, of which 24 are network address, so there are 8 bits left for the hosts in this network.

To see routes, type ip route show. Here is a typical example of the output of that command:

192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.7
169.254.0.0/16 dev eth0  scope link
127.0.0.0/8 dev lo  scope link
default via 192.168.0.1 dev eth0

You can try out ip to view the other network objects, but the greatest power of ip is in configuring the network objects to turn your Linux system into a sophisticated router.