mirror of
https://github.com/Brandon-Rozek/website.git
synced 2024-11-09 10:40:34 -05:00
New Post
This commit is contained in:
parent
2a9c127365
commit
6bddaa849f
1 changed files with 160 additions and 0 deletions
160
content/blog/networkdebugging.md
Normal file
160
content/blog/networkdebugging.md
Normal file
|
@ -0,0 +1,160 @@
|
|||
---
|
||||
title: "Common Network Debugging Commands"
|
||||
date: 2022-01-02T15:17:02-05:00
|
||||
draft: false
|
||||
tags: ["Networking"]
|
||||
math: false
|
||||
---
|
||||
|
||||
Below are list of commands that I use to debug common issues in a network. There is a wonderful tool called Wireshark which you can use to sniff packets in a network and filter by a wide range of options, but we'll mainly focus on simple tools that you can use in the terminal.
|
||||
|
||||
## `ping`
|
||||
|
||||
The most commonly used networking command is `ping`. This allows you to see the time it takes to send and receive an ICMP packet from/to a specified address. Most people use Google's DNS server `8.8.8.8` as a quick test to see if they have access to the Internet.
|
||||
|
||||
```bash
|
||||
ping 8.8.8.8
|
||||
```
|
||||
|
||||
```
|
||||
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
|
||||
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=267 ms
|
||||
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=74.9 ms
|
||||
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=34.7 ms
|
||||
64 bytes from 8.8.8.8: icmp_seq=4 ttl=117 time=298 ms
|
||||
```
|
||||
|
||||
Press CTRL-C when you are done looking at the output. Here is a list of common flags used in the ping command.
|
||||
|
||||
| Flag | Description |
|
||||
| ------------ | ------------------------------------------------------------ |
|
||||
| `-c NUM` | Only send/receive an ICMP packet `NUM` number of times |
|
||||
| `-D` | Print the timestamp along with the roundtrip time |
|
||||
| `-W timeout` | Waits a `timeout` amount of seconds for the response before moving on to the next ICMP roundtrip |
|
||||
|
||||
Example:
|
||||
|
||||
```bash
|
||||
ping -c3 -D -W1 1.1.1.1
|
||||
```
|
||||
|
||||
```
|
||||
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
|
||||
[1641156381.342990] 64 bytes from 1.1.1.1: icmp_seq=1 ttl=57 time=52.6 ms
|
||||
[1641156382.555358] 64 bytes from 1.1.1.1: icmp_seq=2 ttl=57 time=263 ms
|
||||
[1641156383.327286] 64 bytes from 1.1.1.1: icmp_seq=3 ttl=57 time=34.3 ms
|
||||
|
||||
--- 1.1.1.1 ping statistics ---
|
||||
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
|
||||
rtt min/avg/max/mdev = 34.275/116.670/263.116/103.823 ms
|
||||
|
||||
```
|
||||
|
||||
## `ip route`
|
||||
|
||||
Without any extra flags or subcommands this will give you a view of your routing table. A routing table specifies for a given address range, which device to send the network traffic over. Normally you see a large routing table inside businesses (or if you access a lot of VPNs at once). Here is an example of a typical one in a household.
|
||||
|
||||
```bash
|
||||
ip route
|
||||
```
|
||||
|
||||
```bash
|
||||
default via 192.168.0.1 dev wlan0 proto dhcp metric 600
|
||||
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.2 metric 600
|
||||
```
|
||||
|
||||
This says that any address between 192.168.0.1-254 goes over the `wlan0` device which on some computers denote WiFi. The first line shows what the default entry/gateway is, that is if the ip address you're trying to access is not listed in the table it will go through the IP listed in that row first.
|
||||
|
||||
You can manually add and remove entries in the routing table as well.
|
||||
|
||||
Example:
|
||||
|
||||
```bash
|
||||
sudo ip route add 192.168.1.0/24 dev wlan0
|
||||
```
|
||||
|
||||
```bash
|
||||
sudo ip route del 192.168.1.0/24 dev wlan0
|
||||
```
|
||||
|
||||
## `traceroute`
|
||||
|
||||
This command is more useful if you have multiple segmented networks and you're trying to figure out at which layer the connection failed. Recently I used this to debug some directional WiFi extenders.
|
||||
|
||||
```bash
|
||||
traceroute 8.8.8.8
|
||||
```
|
||||
|
||||
```bash
|
||||
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max
|
||||
1 192.168.0.1 2.051ms 2.003ms 1.278ms
|
||||
2 192.168.2.1 5.743ms 5.647ms 3.592ms
|
||||
3 192.168.5.1 5.754ms 63.285ms 7.187ms
|
||||
4 72.126.142.1 96.056ms 101.861ms 14.547ms
|
||||
5 103.51.11.206 87.273ms 16.617ms 72.810ms
|
||||
6 170.222.220.217 13.745ms 101.122ms 16.402ms
|
||||
7 201.149.23.6 85.738ms 102.977ms 100.974ms
|
||||
8 107.150.228.33 15.111ms 87.467ms 103.076ms
|
||||
9 12.21.20.233 100.755ms 102.000ms 102.352ms
|
||||
10 8.8.8.8 102.505ms 102.085ms 101.762ms
|
||||
|
||||
```
|
||||
|
||||
## `dig`
|
||||
|
||||
We've been talking about IP addresses with the last few commands, but there can be problems in the domain name resolution as well. A domain name is what you commonly type in the browser such as `duckduckgo.com`. Your computer will then ask the DNS server it knows about what the IP of that address is.
|
||||
|
||||
```bash
|
||||
dig duckduckgo.com
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
; <<>> DiG <<>> duckduckgo.com
|
||||
;; global options: +cmd
|
||||
;; Got answer:
|
||||
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36469
|
||||
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
|
||||
|
||||
;; OPT PSEUDOSECTION:
|
||||
; EDNS: version: 0, flags:; udp: 65494
|
||||
;; QUESTION SECTION:
|
||||
;duckduckgo.com. IN A
|
||||
|
||||
;; ANSWER SECTION:
|
||||
duckduckgo.com. 149 IN A 52.149.246.39
|
||||
|
||||
;; Query time: 88 msec
|
||||
;; SERVER: 127.0.0.53#53(127.0.0.53)
|
||||
;; WHEN: Sun Jan 02 16:06:23 EST 2022
|
||||
;; MSG SIZE rcvd: 59
|
||||
|
||||
```
|
||||
|
||||
Most linux systems have a DNS cache server setup which makes it difficult to figure out what the upstream DNS server that it's querying is. Mainly because it can be configured a myriad of ways. If you are using NetworkManager you can use the following command:
|
||||
|
||||
```bash
|
||||
nmcli dev show | grep DNS
|
||||
```
|
||||
|
||||
In some other cases it would be in `/etc/resolv.conf`
|
||||
|
||||
```bash
|
||||
cat /etc/resolv.conf
|
||||
```
|
||||
|
||||
## `arp`
|
||||
|
||||
Lastly at the lowest level, arp will tell you the MAC addresses of IP addresses you have communicated with before.
|
||||
|
||||
```bash
|
||||
arp
|
||||
```
|
||||
|
||||
```
|
||||
Address HWtype HWaddress Flags Mask Iface
|
||||
192.168.0.1 ether 10:1d:b1:1d:1f:91 C wlan0
|
||||
192.168.0.11 ether 72:25:22:2c:72:72 C wlan0
|
||||
192.168.0.111 ether 03:33:34:3b:23:39 C wlan0
|
||||
```
|
||||
|
Loading…
Reference in a new issue