UNIX Network Diagnostics
Networks
Networks
getent networks
default 0.0.0.0loopback 127.0.0.0link-local 169.254.0.0
Protocols
Protocols
getent protocols
Services
Services
getent services | grep oracle
IP Address
IP Address
ip address
or
ip a
To see IP address information for a specified interface...
ip a show eth0
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:50:56:b9:22:7a brd ff:ff:ff:ff:ff:ff inet 10.150.5.10/24 brd 10.150.5.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:feb9:227a/64 scope link valid_lft forever preferred_lft forever3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:bb:72:f3 brd ff:ff:ff:ff:ff:ff inet 192.158.122.1/24 brd 192.158.122.255 scope global virbr0 valid_lft forever preferred_lft forever4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:bb:72:f3 brd ff:ff:ff:ff:ff:ff
ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.150.5.10 netmask 255.255.255.0 broadcast 10.150.5.255 inet6 fe80::250:56ff:feb9:227a prefixlen 64 scopeid 0x20<link> ether 00:50:56:b9:22:7a txqueuelen 1000 (Ethernet) RX packets 372128312 bytes 295996526254 (275.6 GiB) RX errors 0 dropped 516 overruns 0 frame 0 TX packets 212037208 bytes 66137805478 (61.5 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 1857787860 bytes 1032127740064 (961.2 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1857787860 bytes 1032127740064 (961.2 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.158.122.1 netmask 255.255.255.0 broadcast 192.158.122.255 ether 52:54:00:bb:72:f3 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 52:54:00:bb:72:f3 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 1857787860 bytes 1032127740064 (961.2 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1857787860 bytes 1032127740064 (961.2 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.158.122.1 netmask 255.255.255.0 broadcast 192.158.122.255 ether 52:54:00:bb:72:f3 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 52:54:00:bb:72:f3 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
External IP
External IP
To see your external IP address...
curl -s http://whatismyip.akamai.com/
You can also use dig to see your external IP address...
dig +short myip.opendns.com @resolver1.opendns.com
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
dig = Domain Information Groper
Connection Monitoring
Connection Monitoring
To determine if a connection is using a TCP/IP connection or a UNIX Socket use...
netstat -ln | grep 'mysql'
To count connections on default MySQL Port...
netstat -an | grep 3306
netstat -an | grep 3306 | wc -l
netstat -an | grep 3306 | grep ESTABLISHED | wc -l
netstat -an | grep 3306 | grep TIME_WAIT | wc -l
netstat -an | grep 3306 | grep CLOSE | wc -l
To kill connections in CLOSE-WAIT state...
ss --tcp state CLOSE-WAIT --kill
netstat-l Show listening sockets-a Show listening and non-listening sockets.-n Show numerical addresses
ss--tcp Display TCP Sockets
Packet Monitoring
Packet Monitoring
tcpdump --list-interfaces
tcpdump --interface eth0
tcpdump host 10.1.0.6
tcpdump -c 5
tcpdump -n
tcpdump -nn
To see list of interfaces you can filter by
To see network packets on a specific interface
To see network packets from a specific host on any interface
Stop reporting after 5 packets
Disable name resolution
Disable name and port resolution
tcpdump example typical output format breakdown...
(with each piece of whitespace replaced with a linefeed, carriage return for readability)10:55:31.186895
IP
10.1.6.10.40050
>
10.2.7.15.1521:
Flags
[P.],
seq 82:123,
ack 455,
win 32661,
options
[nop,nop,TS val 1681688067 ecr 1664080743],
length 41
Timestamp HH:MI:SS.ms
Protocol. Generally IP or IP6
Source IP (or hostname) and Port (or Port name)
Direction
Target IP (or hostname) and Port (or Port name)
TCP Flags
S(SYN) F(FIN) P(PUSH) R(RST) .(ACK)
Sequence# (byte 82 through to byte 123 in this example)
1 if sending, otherwise the next expected byte (data)
bytes available in the receiving buffer
TCP Options
length, in bytes, of the payload data
TCP Flags
SYN = Connection StartFIN = Connection FinishPUSH = Data PushRST = Connection ResetACK = AcknowledgementTCP Options
nop = No OperationTS val = (TSVal) Timestamp value of the sending TCPecr = (TSecr) Echo Reply Timestampmss = Max Segment Sizewscale = Window Scale (host buffer space for receiving data)unknown-33 = unknown-14 =Routing
Routing
Default Gateway
Default Gateway
lsconf | grep -i gateway
Gateway: 10.150.5.1
netstat -rn
Routing tablesDestination Gateway Flags Refs Use If Exp Groups
Route Tree for Protocol Family 2 (Internet):default 10.150.5.1 UG 35 3049766438 en0 - -10.150.5.0 10.150.5.28 UHSb 0 0 en0 - - =>10.150.5/24 10.150.5.28 U 5 19052965 en0 - -10.150.5.28 127.0.0.1 UGHS 135 165720577 lo0 - -10.150.5.255 10.150.5.28 UHSb 2 268502 en0 - -127/8 127.0.0.1 U 110 93391577 lo0 - -
Route Tree for Protocol Family 24 (Internet v6):::1%1 ::1%1 UH 8 1848342 lo0 - -
Route Tree for Protocol Family 2 (Internet):default 10.150.5.1 UG 35 3049766438 en0 - -10.150.5.0 10.150.5.28 UHSb 0 0 en0 - - =>10.150.5/24 10.150.5.28 U 5 19052965 en0 - -10.150.5.28 127.0.0.1 UGHS 135 165720577 lo0 - -10.150.5.255 10.150.5.28 UHSb 2 268502 en0 - -127/8 127.0.0.1 U 110 93391577 lo0 - -
Route Tree for Protocol Family 24 (Internet v6):::1%1 ::1%1 UH 8 1848342 lo0 - -
Route Testing
Route Testing
i.e. can mybox001 talk to mybox002 on a particular port?
From mybox001...
ping mybox002
ping uses ICMP and does not use any porttraceroute mybox002
By default traceroute uses ICMPtraceroute -p 3306 -T mybox002
This tells traceroute to use port 3306 over TCP.This is useful if firewalls are preventing ICMP traffic with only specifc TCP ports open.The -T option is not available in the standard AIX implementation of traceroute.telnet mybox002 3306
This opens a connection on the specified port.nc mybox002 3306
Ncat works in a similar way to telnetSee also: prettyping, mtr, oping
Port Testing
Port Testing
Show Listening Ports
Show Listening Ports
To show listening ports on current server....
netstat --listening --numeric --programs | grep '\bLISTEN\b'
To limit to MySQL ports only...
netstat --listening --numeric --programs | grep '\bLISTEN\b' | grep -E '/ndb|/mysqld'
tcp6 0 0 :::33060 :::* LISTEN 14192/mysqldtcp6 0 0 :::3306 :::* LISTEN 14192/mysqld
List Open Ports
List Open Ports
To list open ports for a target server...
In this example the target server is 172.16.16.4 (you can use a hostname instead)nmap 172.16.16.4
Starting Nmap 7.70 ( https://nmap.org ) at 2021-06-01 21:55 BSTNmap scan report for 172.16.16.4Host is up (0.00030s latency).Not shown: 991 closed portsPORT STATE SERVICE135/tcp open msrpc139/tcp open netbios-ssn445/tcp open microsoft-ds1433/tcp open ms-sql-s49152/tcp open unknown49153/tcp open unknown49154/tcp open unknown49155/tcp open unknown49156/tcp open unknownMAC Address: 08:00:27:8E:B8:20 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 3.15 seconds
Nmap done: 1 IP address (1 host up) scanned in 3.15 seconds
To get some limited version information...
nmap -sV 172.16.16.4
Note how much longer this takes; not a problem but be aware.Starting Nmap 7.70 ( https://nmap.org ) at 2021-06-02 13:29 BSTNmap scan report for 172.16.16.4Host is up (0.00042s latency).Not shown: 991 closed portsPORT STATE SERVICE VERSION135/tcp open msrpc Microsoft Windows RPC139/tcp open netbios-ssn Microsoft Windows netbios-ssn445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012 microsoft-ds (workgroup: MYDOMAIN)1433/tcp open ms-sql-s Microsoft SQL Server 2012 11.00.700149152/tcp open unknown49153/tcp open unknown49154/tcp open unknown49155/tcp open unknown49156/tcp open unknownMAC Address: 08:00:27:8E:B8:20 (Oracle VirtualBox virtual NIC)Service Info: Host: SQL01; OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 40.47 seconds
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 40.47 seconds
To get more information...
nmap -p 1433 -A 172.16.16.4
Starting Nmap 7.70 ( https://nmap.org ) at 2021-06-01 21:56 BSTNmap scan report for 172.16.16.4Host is up (0.00082s latency).
PORT STATE SERVICE VERSION1433/tcp open ms-sql-s Microsoft SQL Server 2012 11.00.7001.00; SP3+| ms-sql-ntlm-info: | Target_Name: MYDOMAIN| NetBIOS_Domain_Name: MYDOMAIN| NetBIOS_Computer_Name: SQL01| DNS_Domain_Name: mydomain.local| DNS_Computer_Name: SQL01.mydomain.local| DNS_Tree_Name: mydomain.local|_ Product_Version: 6.3.9600| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback| Not valid before: 2021-06-01T20:20:11|_Not valid after: 2051-06-01T20:20:11|_ssl-date: 2021-06-01T20:56:50+00:00; 0s from scanner time.MAC Address: 08:00:27:8E:B8:20 (Oracle VirtualBox virtual NIC)Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed portDevice type: general purposeRunning: Microsoft Windows 2012|7|8.1OS CPE: cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_7:::ultimate cpe:/o:microsoft:windows_8.1OS details: Microsoft Windows Server 2012 R2 Update 1, Microsoft Windows 7, Windows Server 2012, or Windows 8.1 Update 1Network Distance: 1 hopService Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:| ms-sql-info: | 172.16.16.4:1433: | Version: | name: Microsoft SQL Server 2012 SP3+| number: 11.00.7001.00| Product: Microsoft SQL Server 2012| Service pack level: SP3| Post-SP patches applied: true|_ TCP port: 1433
TRACEROUTEHOP RTT ADDRESS1 0.82 ms 172.16.16.4
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 13.95 seconds
PORT STATE SERVICE VERSION1433/tcp open ms-sql-s Microsoft SQL Server 2012 11.00.7001.00; SP3+| ms-sql-ntlm-info: | Target_Name: MYDOMAIN| NetBIOS_Domain_Name: MYDOMAIN| NetBIOS_Computer_Name: SQL01| DNS_Domain_Name: mydomain.local| DNS_Computer_Name: SQL01.mydomain.local| DNS_Tree_Name: mydomain.local|_ Product_Version: 6.3.9600| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback| Not valid before: 2021-06-01T20:20:11|_Not valid after: 2051-06-01T20:20:11|_ssl-date: 2021-06-01T20:56:50+00:00; 0s from scanner time.MAC Address: 08:00:27:8E:B8:20 (Oracle VirtualBox virtual NIC)Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed portDevice type: general purposeRunning: Microsoft Windows 2012|7|8.1OS CPE: cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_7:::ultimate cpe:/o:microsoft:windows_8.1OS details: Microsoft Windows Server 2012 R2 Update 1, Microsoft Windows 7, Windows Server 2012, or Windows 8.1 Update 1Network Distance: 1 hopService Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:| ms-sql-info: | 172.16.16.4:1433: | Version: | name: Microsoft SQL Server 2012 SP3+| number: 11.00.7001.00| Product: Microsoft SQL Server 2012| Service pack level: SP3| Post-SP patches applied: true|_ TCP port: 1433
TRACEROUTEHOP RTT ADDRESS1 0.82 ms 172.16.16.4
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 13.95 seconds
Speed Testing
Speed Testing
speedtest
speedtest-cli is an open-source command line interface for testing internet bandwidth using speedtest.netNote that "Selecting best server based on ping..." can take some time, be patient.Initial testing suggests the download speed is accurate but the upload speed is inaccurate. Two tests to the same host gave ~3.4Mbps/CLI and ~18.43Mbps/Web (speedtest.net).Install with...sudo apt install speedtest-cli
Retrieving speedtest.net configuration...Testing from Plusnet (xxx.xxx.xxx.xxx)...Retrieving speedtest.net server list...Selecting best server based on ping...Hosted by Mauritius Telecom Ltd (London) [2.56 km]: 16.328 msTesting download speed................................................................................Download: 71.90 Mbit/sTesting upload speed......................................................................................................Upload: 3.37 Mbit/s
Bibliography
Bibliography
https://en.wikipedia.org/wiki/Internet_Control_Message_Protocolhttps://man7.org/linux/man-pages/man1/getent.1.htmlhttps://www.thegeekdiary.com/which-ports-are-used-by-mysqld-ndb_mgmd-and-ndbd-ndbmtd-in-a-mysql-cluster-installation/
netstathttps://linux.die.net/man/8/netstat
nmaphttps://opensource.com/article/21/5/linux-security-toolshttps://www.redhat.com/sysadmin/using-nmap-harden-systemshttps://www.cyberciti.biz/networking/nmap-command-examples-tutorials/
pinghttps://en.wikipedia.org/wiki/Ping_(networking_utility)http://denilson.sa.nom.br/prettyping/ (prettyping is a wrapper around the standard ping tool, making the output prettier, more colorful, more compact, and easier to read)https://www.bitwizard.nl/mtr/ (mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool)https://github.com/traviscross/mtrhttps://noping.cc/ https://github.com/octo/liboping/
sshttps://man7.org/linux/man-pages/man8/ss.8.htmlhttps://linux.die.net/man/8/sshttps://www.linux.com/topic/networking/introduction-ss-command/https://www.tecmint.com/ss-command-examples-in-linux/
tcpdumphttps://opensource.com/article/18/10/introduction-tcpdumphttps://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtmlhttps://linux.die.net/man/8/tcpdumphttps://www.tcpdump.org/manpages/tcpdump.1.htmlhttps://stackoverflow.com/questions/50886544/tcpdump-how-does-tcpdump-get-the-hostname-details
traceroutehttps://en.wikipedia.org/wiki/Traceroutehttps://www.bitwizard.nl/mtr/ (mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool)https://www.bitwizard.nl/mtr/screenshots.htmlhttps://github.com/traviscross/mtr
dighttps://en.wikipedia.org/wiki/Dig_(command)https://www.cyberciti.biz/faq/how-to-find-my-public-ip-address-from-command-line-on-a-linux/https://unix.stackexchange.com/questions/22615/how-can-i-get-my-external-ip-address-in-a-shell-scripthttps://ss64.com/bash/dig.html
speedtesthttps://itsfoss.com/network-speed-monitor-linux/
netstathttps://linux.die.net/man/8/netstat
nmaphttps://opensource.com/article/21/5/linux-security-toolshttps://www.redhat.com/sysadmin/using-nmap-harden-systemshttps://www.cyberciti.biz/networking/nmap-command-examples-tutorials/
pinghttps://en.wikipedia.org/wiki/Ping_(networking_utility)http://denilson.sa.nom.br/prettyping/ (prettyping is a wrapper around the standard ping tool, making the output prettier, more colorful, more compact, and easier to read)https://www.bitwizard.nl/mtr/ (mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool)https://github.com/traviscross/mtrhttps://noping.cc/ https://github.com/octo/liboping/
sshttps://man7.org/linux/man-pages/man8/ss.8.htmlhttps://linux.die.net/man/8/sshttps://www.linux.com/topic/networking/introduction-ss-command/https://www.tecmint.com/ss-command-examples-in-linux/
tcpdumphttps://opensource.com/article/18/10/introduction-tcpdumphttps://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtmlhttps://linux.die.net/man/8/tcpdumphttps://www.tcpdump.org/manpages/tcpdump.1.htmlhttps://stackoverflow.com/questions/50886544/tcpdump-how-does-tcpdump-get-the-hostname-details
traceroutehttps://en.wikipedia.org/wiki/Traceroutehttps://www.bitwizard.nl/mtr/ (mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool)https://www.bitwizard.nl/mtr/screenshots.htmlhttps://github.com/traviscross/mtr
dighttps://en.wikipedia.org/wiki/Dig_(command)https://www.cyberciti.biz/faq/how-to-find-my-public-ip-address-from-command-line-on-a-linux/https://unix.stackexchange.com/questions/22615/how-can-i-get-my-external-ip-address-in-a-shell-scripthttps://ss64.com/bash/dig.html
speedtesthttps://itsfoss.com/network-speed-monitor-linux/