Troubleshooting Your LAN

Troubleshooting Your LAN

After your LAN has been set up, your Ethernet cards installed, and host names and addresses added, there are several methods you can use to check that everything is up and working. Some troubleshooting techniques are shown in the following sections.

Did Linux find your Ethernet driver at boot time?

Type the following right after you boot your computer to check that Linux found your card and installed the Ethernet interface properly:

dmesg | grep eth

The dmesg command lists all the messages that were output by Linux at boot time. The grep eth command causes only those lines that contain the word eth to be printed. The first message shown below appeared on my laptop computer with the Netgear card. The second example is from my computer with the EtherExpress Pro/100 card:

eth0: NE2000 Compatible: port 0x300, irq3, hw_addr 00:80:C8:8C:8E:49
eth0: OEM i82557/i82558 10/100 Ethernet at 0xccc0, 00:90:27:4E:67:35, IRQ 17.

The message in the first example shows that a card was found at IRQ3 with a port address of 0x300 and an Ethernet hardware address of 00:80:C8:8C:8E:49. In the second example, the card is at IRQ 17, the port address is 0xccc0, and the Ethernet address is 00:90:27:4E:67:35.


If the eth0 interface is not found, but you know that you have a supported Ethernet card, check that your Ethernet card is properly seated in its slot.

Can you reach another computer on the LAN?

Try communicating with another computer on the LAN. The ping command can be used to send a packet to another computer and to ask for a packet in return. You could give ping either a host name (pine) or an IP address ( For example, to ping a computer on the network called pine, type the following command:

# ping pine

If the computer can be reached, the output will look similar to the following:

PING pine ( 56(84) data bytes
64 bytes from pine ( icmp_seq=1 ttl=255 time=0.351 ms
64 bytes from pine ( icmp_seq=2 ttl=255 time=0.445 ms
64 bytes from pine ( icmp_seq=3 ttl=255 time=0.409 ms
64 bytes from pine ( icmp_seq=4 ttl=255 time=0.457 ms
64 bytes from pine ( icmp_seq=5 ttl=255 time=0.401 ms
64 bytes from pine ( icmp_seq=6 ttl=255 time=0.405 ms
64 bytes from pine ( icmp_seq=7 ttl=255 time=0.443 ms
64 bytes from pine ( icmp_seq=8 ttl=255 time=0.384 ms
64 bytes from pine ( icmp_seq=9 ttl=255 time=0.365 ms
64 bytes from pine ( icmp_seq=10 ttl=255 time=0.367 ms
--- pine ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss, time 9011ms
rtt min/avg/max/mdev = 0.351/0.402/0.457/0.042 ms

A line of output is printed each time a packet is sent and received in return. It shows how much data was sent and how long it took for each package to be received. After you have watched this for a while, type Ctrl+C to stop ping. At that point, you will see statistics on how many packets were transmitted, received, and lost

If you don't see output that shows packets have been received, it means you are not contacting the other computer. Try to verify that the names and addresses of the computers that you want to reach are in your /etc/hosts file or that your DNS server is accessible. Next, confirm that the names and IP addresses you have for the other computers you are trying to reach are correct (the IP addresses are the most critical).

Is your Ethernet connection up?

Using the ifconfig command, you can determine whether your Ethernet (and other network interfaces) are up and running. Type the following command:

# ifconfig

The output that appears is similar to the following:

eth0 Link encap:Ethernet HWaddr 00:90:27:4E:67:35
     inet addr: Bcast: Mask:
     RX packets:156 errors:0 dropped:0 overruns:0 frame:0
     TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100
     RX bytes:20179 (19.7 Kb)   TX bytes:19960 (19.4 Kb)
     Interrupt:11 Base address:0xe000 Memory:ff8ff000-ff8ff038
lo   Link encap:Local Loopback
     inet addr: Mask:
     UP LOOPBACK RUNNING MTU:3924 Metric:1
     RX packets:56 errors:0 dropped:0 overruns:0 frame:0
     TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:3148 (3.0 Kb)  TX bytes:3148 (3.0Kb)

In this example, two network interfaces are up on the current computer. The first section shows your Ethernet interface (eth0), and its Ethernet hardware address, IP address (inet addr), broadcast address, and network mask. The next lines provide information on packets that have been sent, along with the number of errors and collisions that have occurred.


The lo entry is for loopback. This enables you to run TCP/IP commands on your local system without having a physical network up and running.

If your eth0 interface does not appear, it may still be configured properly, but not running at the moment. Try to start the eth0 interface by typing the following:

# ifconfig eth0 up

After this, type ifconfig again to see if eth0 is now running. If it is, it may be that eth0 is simply not configured to start automatically at boot time. You can change it so Ethernet starts at boot time (which I recommend), using the Network Configuration window described earlier in this chapter.


If your network interfaces are not running at all, you can try to start them from the network initialization script. This interface reads parameters and basically runs ifconfig for all network interfaces on your computer. Type the following to restart your network:

# /etc/init.d/network restart

Another way to see statistics for your Ethernet driver is to list the contents of the process pseudo file system for network devices. To do that, type the following:

# cat /proc/net/dev

The output should look like this:

Inter-|  Receive                                              |Transmit
face  |bytes packets errs drop fifo frame compressed multicast|bytes
   lo:  5362   64  0  0  0   0     0     0   5362   64  0  0  0   0
 eth0:  3083   35  0  0  0   0     0     0   3876   31  0  0  0   0

The output is a bit hard to read (our book isn't wide enough to show it without wrapping around, so the output was truncated at the right). With this output, you can see Receive and Transmit statistics for each interface. This output also shows you how many Receive and Transmit errors occurred in communication. (Transmit information is cut off in this example.)

For a more detailed look at your network, you can use the Ethereal window. Ethereal is described in the "Watching LAN traffic with Ethereal" section later in this chapter.

Troubleshooting a wireless LAN

If you set up your two (or more) wireless LAN cards to enable Red Hat Linux systems to communicate, and they are not communicating, you can troubleshoot the problem in several different ways.

Checking wireless settings

You can use the iwlist and iwconfig commands to check your wireless settings. The iwconfig command provides a quick overview of your wireless settings, while the iwlist command shows you information about parameters that you specify.

Use the iwconfig command, along with the name of the wireless LAN interface, to see information about that interface. For example, if the wireless interface were eth1, you could type the following:

# iwconfig eth1
eth0    IEEE 802.11-DS  ESSID:"Homelan"  Nickname:"pine"
        Mode:Ad-Hoc  Frequency:2.412GHz  Cell: 02:02:2D:2D:3B:30
        Bit Rate=11Mb/s   Tx-Power=15 dBm   Sensitivity:1/3
        RTS thr:off   Fragment thr:off
        Encryption key:7365-6375-31
        Power Management:off
        Link Quality:0/92  Signal level:-102 dBm  Noise level:-102 dBm
        Rx invalid nwid:0  invalid crypt:0  invalid misc:0

With iwconfig, you can see details about the wireless aspects of the Ethernet interface. In this example, the network name (ESSID) is Homelan, and the station name (Nickname) is pine. The interface is operating in Ad hoc mode on channel 1 (frequency of 2.412 GHz). Transmission rates are at the maximum speed of 11 Mbps. The encryption key that must be used by every node the card connects with is 7365-6375-31. Other settings describe the link and signal quality.

The iwlist command lets you request specific information about the wireless LAN interface. The syntax is to follow the iwlist command with the interface name and the information you are interested in. For example:

# iwlist eth0 freq
eth 0     14 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz

The freq parameter displays the available frequencies (and channels) available for communication. Note that all the available frequencies are in the 2.4 GHz range.

# iwlist eth0 rate
eth0      4 available bit-rates :
          1 Mb/s
          2 Mb/s
          5.5 Mb/s
          11 Mb/s

The preceding rate parameter displays the transmission rates available for the wireless interface. You can see that 1, 2, 5.5, and 11 Mbps rates are available for the current interface.

# iwlist eth0 keys
eth0      2 key sizes : 40, 104bits
          4 keys available :
                [1] 7365-6375-31 (40 bits)
                [2] off
                [3] off
                [4] off
          Current Transmit Key: [1]

The keys parameter lets you see the encryption keys available with the interface. It also shows the key sizes currently available. Because the card reflected in the preceding example supports 64- and 128-bit encryption, the key sizes available are 40 and 104 bits. (The encryption algorithm automatically generates the last 24 bits of each key.)

If you are troubleshooting your wireless LAN connection, some settings are more likely than others to cause problems. It is important to set the following wireless LAN settings properly — if you don't, they may keep your network from working:

  • Network ID (ESSID) — You may not be able to communicate among peer computers if the Network ID (ESSID) doesn't match on each of them. Case is important — for example, Mylan is not the same as MyLAN.

  • Encryption key — Having encryption keys that don't match is like trying to log in to Linux with the wrong password. Check that all nodes are using the same key.

  • Mode — If you are communicating through an access point, your mode should be set to Managed and you must provide the MAC address for that access point. In most single-cell networks, you should set all nodes to Ad hoc. The Ad hoc mode allows all nodes to communicate directly to each other as peers.

  • Channel or frequency — The channel and frequency options are just two different means of setting the same value. For example, setting the channel to 1 is the same as setting the frequency to 2.412G (GHz). Make sure that the nodes on your network are able to communicate on the same frequency.

Checking TCP/IP

To ensure that your wireless LAN is communicating with its peers, use the ping command (as described earlier in this chapter). If you believe that your cards are working properly, but the ping command continues to give you a "Network Unreachable" message, you may have a problem with your TCP/IP configuration. Here are some items you can check from the Network Configuration window:

  • IP address — Know the correct IP address of the peer you are trying to reach.

  • Host name — If you ping the peer computer by name, make sure that your computer can properly resolve that name into the correct IP address, or have the peer's host name and IP address properly listed in the /etc/hosts file locally. The former option will probably require that you have one or more DNS servers identified to resolve the name.

If you can reach another computer on the wireless LAN, but not computers outside of that LAN (such as Internet addresses), check that you have properly identified the location of your gateway. If the gateway address is correct, and you can reach that gateway, it may be that the gateway itself is not configured to allow packet forwarding.

If you found that any of the preceding information needed to be changed and you changed it, you should restart the wireless LAN interface. One way to do that is to restart the PCMCIA interface and the network interfaces as follows:

# /etc/init.d/pcmcia restart
# /etc/init.d/network restart

Adapting to poor reception

Your wireless LAN might be working fine while your two wireless computers are sitting on the same desk. But if performance degrades when you separate the computers, you may need to identify any potential obstructions. Then you must decide how to get around them. For desktop systems, a small indoor antenna can bring the signal out from under a desk or out of a closet. For adjacent buildings, a roof antenna might be the answer.

In cities or other congested areas, many people and pieces of equipment can be competing for the 2.4 GHz range. You may want to move a microwave oven or high-end remote phone that may be interfering with your wireless LAN. These settings might help adapt to poor reception:

  • Reduce transmission rate — Instead of using 11 Mbps, you can explicitly ramp down to 5.5, 2, or 1 Mbps. Slower rates can mean more efficient operation in noisy places.

  • Use smaller fragment sizes — Though there is more total overhead to transmitting packets broken up into smaller fragments, they can often provide better overall performance in noisy environments. Change the frag parameter to reduce fragment sizes.

  • Use different frequencies — By specifically requesting that certain frequencies (or channels) be used for transmission, you can avoid congested channels.

Use debugging tools

Because most wireless LAN cards were created for Windows systems, debugging tools from the manufacturers are available only on those systems. If your computer is a dual-boot system (Windows and Linux), try booting in Windows to test the quality of your wireless network.

In Red Hat Linux, you can use many of the tools you use for wired Ethernet networks and other TCP/IP network interfaces. Here are a couple of examples:

  • Ethereal — The Ethereal window (type ethereal as the root user from a Terminal window) lets you watch Ethernet frames being sent and received by your wireless LAN interface. For example, the output of Ethereal can tell you whether a failed connection reflects a lack of reception or rejected requests. (Ethereal is described in the next section.)

  • /var/log/messages — When the wireless LAN interface starts up, messages related to that startup are sent to the /var/log/messages file. In some cases, these messages will reflect improper options being set for the wireless LAN module.

Watching LAN Traffic with Ethereal

If you really want to understand the coming and going of information on your LAN, you need a tool that analyzes network traffic. Ethereal is a graphical tool for capturing and displaying the packets being sent across your network interfaces. Using filters to select particular hosts, protocols, or direction of data, you can monitor activities and track problems on your network.

In addition to reading Ethernet packet data gathered by Ethereal, the Ethereal window can be used to display captured files from LanAlyzer, Sniffer, Microsoft Network Monitor, Snoop, and a variety of other tools. These files can be read from their native formats or after being compressed with gzip (.gz).

Ethereal can track more than 100 packet types (representing different protocols). It can also display specific fields related to each protocol, such as various data sizes, source and destination addresses, port numbers and other values.

Starting Ethereal

To start Ethereal, type the following (as root user) from a Terminal window:

# ethereal &

The Ethereal window appears, as shown in Figure 15-12. (If the ethereal command is not found, the package is probably not installed. You can install the ethereal and ethereal-gnome packages from installation CD #1 and CD #2, respectively.)

Click To expand
Figure 15-12: Configure your Ethernet card for TCP/IP during installation.

The primary function of Ethereal is to take a snapshot of the packets coming across your network interfaces and display that data in the Ethereal window. You can filter the data based on a variety of filter primitives. When the capture is done, you can step through and sort the data based on the values in different columns. Optionally, you can save the captured data to a file to study the data at a later time.


If you can't use Ethereal because you don't have a GUI available, you can use the tcpdump command from the shell. It is not as friendly as Ethereal, but it supports the same filtering syntax. Because tcpdump can produce a lot of output, you will probably want to use some form of filtering and/or direct the output of the command to a file. (Type man tcpdump for information on filter options.)

Capturing Ethernet data

With the Ethereal window displayed, you can capture data relating to packet activities on any of your Ethernet network interfaces by doing the following:

  1. Click Capture.

  2. Click Start. An Ethereal Capture Options window appears.

  3. Click the down arrow next to the Interface box, to see what interfaces are available, and select one. If you have only one Ethernet card installed, select eth0 to choose to capture data for packets being sent across that card. You can also choose to monitor the lo interface, to watch the loopback driver. (By choosing lo, you can see requests from local users for local TCP/IP services).

  4. Choose other options relating to what data is captured:

    • Limit each packet to: Limits the size of each packet to a maximum number of bytes.

    • Capture packets in promiscuous mode: Any computer on a LAN can see all packets that traverse the LAN, except those packets intended for switched portions of the LAN. With this on, all packets seen by your network interface are captured. With this mode off, only packets intended specifically for your network interface (including multicast and broadcast packets) are captured. In other words, turn on promiscuous mode to monitor the whole LAN and turn it off to monitor only your interface.

    • Filter: This optional field lets you enter a filter that can be used to filter capture data. You can type in filters individually or click the Filter button to use a filter you have stored earlier.


      Filtering is one of the most powerful features of Ethereal. See the sidebar "Using Ethereal Filters" for further information on how to enter filters into the Filter field.

    • Capture file(s): Enter the name of a file in which you want to capture the data gathered. If you don't enter a filename, the information will be displayed on the Ethereal window without being saved to a file.

    • Use ring buffer (Number of files): Select this option to have packets captured in a set number of files. To use this feature, you must also specify a filename (such as /tmp/abc) and a file size. Data will be put into files you chose, named from the root filename you have provided. Once the files fill up, Ethereal will go back and write to the first file again and continue filling up the files. When you stop the capture, you are left with the number of capture files you chose, containing the most recent data.

    • Update list of packets in real time: Select this option to have packet information appear in the Ethereal window as each packet crosses the interface. With this option off, the information is displayed after you stop capturing it.

    • Automatic scrolling in live capture: If you are updating packets in real time, select this option to have packet information scroll up after the screen fills. With this off, you just see the first screen of packets and have to scroll down manually to see the rest.

    • Stop capture after X packets captured: By default, Ethereal will capture data from the moment you click OK until you click Stop (with this value set to 0). Or, click here and type a number to capture only that number of packets. Other fields let you capture a certain number of kilobytes of data or for a set number of seconds. Once the limit is reached, capture stops and the file is stored in /tmp/etherXXXX???????, where ??????? is replaced by a string of characters.

    • Enable MAC/network/transport name resolution: With any of these three options on, names are displayed instead of addresses (if possible). For example, for transport names, Source and Destination IP addresses are displayed as host names (if they can be resolved from /etc/hosts or DNS). With this off, IP addresses appear in the Source and Destination columns.

  5. Click OK. Ethereal begins gathering data on packets encountered by the interface.

    The Ethereal Capture window displays information on how many incoming and outgoing packets have crossed the interface since the capture began. The number of packets that are associated with each protocol Ethereal monitors is displayed, along with the percentage of total packets associated with each protocol.

  6. Click Stop (or the capture might stop automatically, if it has reached a size or time limit set by you). The snapshot of data you just took will appear on the Ethereal window. Packets are displayed in the order in which they traversed the interface.

  7. If you did not already ask to save the capture data to a file, you may do so now by choosing File ? Save As.

At this point, you can start interpreting the data.

Interpreting captured Ethernet data

With the captured data displayed in your Ethereal window, you can get a detailed view of the network traffic that your computer is exposed to. The Ethereal window is divided into three parts. The top part contains a scrollable list of packets. The protocol tree for the current packet appears in the middle part of the display. A hexadecimal dump of the entire contents of the packet appears in the bottom part.

You can sort data in different ways from the top part of the window by clicking on the column headings. To see more details relating to different items in the protocol tree for the current packet, you can click the plus sign next to the protocol information that interests you.

The following are some tips that will help you interpret what the data means:

  • The Source and Destination columns show where each packet came from and where it went. If the Enable name resolution option is on (which is recommended), the host name associated with IP packets is displayed. This makes it much easier to see which computer is communicating with you.

  • To see all activity associated with a particular location, click the Source or Destination column. Packets will be sorted alphabetically, making it easier for you to scroll through activity for the location that interests you.

  • If you are trying to debug a particular feature, click the Protocol column to gather activities based on protocol. For example, if you were trying to get Samba to work (for Windows file or printer sharing), sorting by protocol would enable you to see all NetBIOS and NBNS (NetBIOS name server) requests that came to your computer.

  • To mark a packet of interest to you, click the middle mouse button. This will highlight the packet, making it easier to find later. (If you only have a two-button mouse, and you indicated during installation that it should emulate a three-button mouse, you can click both mouse buttons together to emulate the middle mouse button.)

The Info column gives you details about the intention of the packet. For example, you can see the type of service that was requested (such as http for Web service or FTP for file transfer). You can see what information is being broadcast and determine when attempts to find particular host computers are failing. If you believe someone is using your network improperly, you can see which sites they are visiting and the services they are requesting.

Another handy option is one that lets you follow the stream of TCP information. Click Tools ? Follow TCP Stream. The Contents of TCP stream window that appears lets you see the total output of the HTTP, SMTP, or other protocol being used.

Part IV: Red Hat Linux Network and Server Setup