Network configuration and troubleshooting

Computers are connected in a network to exchange data and resources with each other using a data link. Maintaining network up and running is a task of Network Administrator’s job.

Before configurations, we should know about some important files and directories.

/etc/resolv.conf is a file which keeps the address of DNS server to which the clients will be accessing to resolve IP to hostname and hostname to IP.

# cat /etc/resolv.conf
# Generated by NetworkManager
domain localdomain
search localdomain
nameserver 192.168.32.128
#

/etc/hosts is file which is responsible for resolving hostname into IP locally, in other word it acts as local DNS if DNS server is not accessible.

# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.32.128 learndba learndba.com
#

For Red Hat/Fedora/CentOS

/etc/sysconfig/network is file which keeps the information about the hostname assigned to the system. If you want to change the hostname permanently, you need to change the hostname in this file.

# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=learndba
#

/etc/sysconfig/network-scripts/ is the directory which keeps the configuration of network devices connected to the system.

# cd /etc/sysconfig/network-scripts/
# ll

For debian/Ubuntu

/etc/network/interfaces is a file which keeps the information about network configuration and devices. ex. Static IP and info, DHCP, etc.

# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
#

Static IP address assignment

Command Line

# ifconfig eth0 192.168.32.10 netmask 255.255.255.0 broadcast 192.168.32.255

Network IP aliasing

Assign more than one IP address to one ethernet card.

# ifconfig eth0 192.168.32.10 netmask 255.255.255.0 broadcast 192.168.32.255

# ifconfig eth0:0 192.168.32.20 netmask 255.255.255.0 broadcast 192.168.32.255

# ifconfig eth0:1 192.168.32.30 netmask 255.255.255.0 broadcast 192.168.32.255

Check with ifcofig command

# inconfig

Changing the host name

# hostname
learndba
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=learndba
#
# vi /etc/sysconfig/network

Change HOSTNAME value

# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=linuxlearning
#

Restart the system with init 6 command and check hostname.

# init 6

# hostname
linuxlearning

Network configuration utility

setup or $ system-config- network commands will open a text base utility.

# setup

Step1

Move the cursor to Network configuration and press Enter

Step2

Move the cursor to Device configuration and press Enter

Step3

Note : If system-config-network command is used, it will directly take you to above position.

Now select the NIC adapter i.e and press Enter

Step4

Assign IP address and other details per your requirement , move cursor to OK and press Enter.

Step5

Move the cursor to Save and press Enter to save the changes in device configuration.

Step6

Once again move cursor to Save&Quit and press Enter.

Step7

Finally move the cursor to Quit and press enter to quit the utility.

Step8

Now restart the network service and check IP address.

# service network restart

If the changes are not reflected with above service restart, restart network manager.

# service NetworkManager restart

Check IP address with ifconfig command.

If the server is in the remote location, use mii-tool to check the cable is connected or not.

# mii-tool eth0
eth0: negotiated 100baseTx-FD, link ok

To know more about the NIC card/adapter, use below command.

# ethtool eth0

Below are the commands to troubleshoot network on linux servers.

ping

You can test network connection. ping is also can be used for basic DNS diagnostics, we can ping host by IP address or by its hostname and then decide if DNS works at all.

ifconfig

Ifconfig is used to configure the kernel-resident network interfaces. It is used at boot time to set up interfaces as necessary. After that, it is usually only needed when debugging or when system tuning is needed. If no arguments are given, ifconfig displays the status of the currently active interfaces. If a single interface argument is given, it displays the status of the given interface only; if a single -a argument is given, it displays the status of all interfaces, even those that are down. Otherwise, it configures an interface.

traceroute

traceroute tracks the route packets taken from an IP network on their way to a given host. It utilizes the IP protocol’s time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host.

tracepath

It traces path to destination discovering MTU along this path. It uses UDP port port or some random port. It is similar to traceroute, only does not not require superuser privileges and has no fancy options.

tracepath6 is good replacement for traceroute6 and classic example of application of Linux error queues. The situation with tracepath is worse, because commercial IP routers do not return enough information in icmp error messages. Probably, it will change, when they will be updated. For now it uses Van Jacobson’s trick, sweeping a range of UDP ports to maintain trace history.

dig – DNS lookup utility

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

nslookup

Nslookup is a program to query Internet domain name servers. Nslookup has two modes: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain.

dmesg

dmesg is used to examine or control the kernel ring buffer. The program helps users to print out their bootup messages. Instead of copying the messages by hand, the user need only: dmesg > boot.messages and mail the boot.messages file to whoever can debug their problem.

dmesg | less or dmesg | tail or dmesg | grep -i error – for understanding what the Linux kernel thinks about some trouble.

netstat

Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument, as follows:

 (none)
  By default, netstat displays a list of open sockets. If you don’t specify any address families, then the active sockets of all configuredaddress families will be printed.

 --route , -r

   Display the kernel routing tables.

 --groups , -g

   Display multicast group membership information for IPv4 and IPv6.

 --interfaces=iface , -I=iface , -i

   Display a table of all network interfaces, or the specified iface.

 --masquerade , -M

   Display a list of masqueraded connections.

 --statistics , -s

   Display summary statistics for each protocol.

ss

Another utility to investigate sockets.
ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state information than other tools.

iptables

Administration tool for IPv4 packet filtering and NAT
Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. Several different tables may be defined.
Each table contains a number of built-in chains and may also contain user-defined chains. Each chain is a list of rules which can match a set of packets.
Each rule specifies what to do with a packet that matches. This is called a ‘target’, which may be a jump to a user-defined chain in the same table.

To investigate firewall issues on Linux: iptables -nvL shows how many packets are matched by each rule (iptables -Z to zero the counters). The LOG target inserted in the firewall chains is useful to see which packets reach them and how they have already been transformed when they get there. To get further NFLOG (associated with ulogd) will log the full packet.

iptables-save

iptables-save is used to dump the contents of an IP Table in easily parseable format to STDOUT. Use I/O-redirection provided by your shell to write to a file.

ethtool

ethtool is used to query and control network device driver and hardware settings, particularly for wired Ethernet devices. devname is the name of the network device on which ethtool should operate.

openssl

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

The openssl program is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for

  • Creation and management of private keys, public keys and parameters
  • Public key cryptographic operations
  • Creation of X.509 certificates, CSRs and CRLs
  • Calculation of Message Digests
  • Encryption and Decryption with Ciphers
  • SSL/TLS Client and Server Tests
  • Handling of S/MIME signed or encrypted mail
  • Time Stamp requests, generation and verification

arp

Arp manipulates the kernel’s ARP cache in various ways. The primary options are clearing an address mapping entry and manually setting up one. For debugging purposes, the arp program also allows a complete dump of the ARP cache.

route

Route manipulates the kernel’s IP routing tables. Its primary use is to set up static routes to specific hosts or networks via an interface after it has been configured with the ifconfig(8) program.

When the add or del options are used, route modifies the routing tables. Without these options, route displays the current contents of the routing tables.

strace

strace is a useful diagnostic, instructional, and debugging tool. System administrators, diagnosticians and trouble-shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them.
Students, hackers and the overly-curious will find that a great deal can be learned about a system and its system calls by tracing even ordinary programs. And programmers will find that since system calls and signals are events that happen at the user/kernel interface, a close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race conditions.

tcpdump

Tcpdump prints out a description of the contents of packets on a network interface that match the Boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.

Advertisements