Monday, January 31, 2011

Commonly Used Network Monitoring Commands in Linux

Flexibility and usability of networking commands is one of the major strengths of UNIX like Operating System. Network administrators can quickly identify and fix the problem using these commands very effectively. In this article I mentioned some of the basic commands available in most of the UNIX like operating systems, also I gave small brief about some of the commonly used options for each commands. More details  of each commands is available in Linux man page. I explained few commands here in Part – I and the remaining commands will be explained in the next parts of this article.

# ping

This command is used to find if the end system is reachable from the current system or not. It sends ICMP ECHO_REQUEST packet to the specified system/server/gateway/network element to get the ECHO_RESPONSE packet.
Note: ping uses 28 byte of data for header information.
In Linux it usually send infinite number of packets unless you specify -c option. To quit ping command press ctrl+c key.
Basic syntax for ping command is:
ping

for example      ping google.com

ping 0/ping localhost/ping 127.0.0.1 – checks if the local interface is working
commonly used options for ping are
-i wait n seconds between sending each packet.
ping -i 5 192.168.0.3 will send ping requests every 5 seconds
ping -i 0.1 192.168.0.3 will send 100 ms interval time.
Note: Only super user can send ping packets lesser than 200 ms

-c sends n packets and terminate.
ping -c 3 192.168.0.3

-f flood ping. If  interval is not given, it sets interval to zero and outputs packets as fast as they come back or  one  hundred  times  per second, whichever is more.  Only the super-user may use this option with zero interval.
-a Audible ping. Beep when the remote machine is reachable
Note: This option don’t work in gnome-terminals

-q print only summary. This option will not print ping details of every packet. This option will print only the summary at the end.
-s change the default packet size (56) to n byte.
-w terminate after n seconds. This tells how many seconds it should send the packets. After n seconds ping will terminate automatically. If you use both -c and -w whatever happens first will terminate the ping command.
ctrl + | (control key and pipe) Whenever you ctrl+i while ping is running it will print the summary. It will not terminate the ping, but just prints the summary and continue pinging till you press ctrl+c or -w or -c which comes first.
ping 192.168.0.1 10.0.0.1 62.1.2.89 will send ping request to 62.1.2.89 through 192.168.0.1 and 10.0.0.1. If one hop is not reachable in the middle the total result will be considered as failed ping.
-R record and print the route of the ping
-t specifies the Time to Live. If n is 5 ping will succeed only if the destination host is within 5 hops from the source.


# traceroute

This command prints the details of each host it passes through when it tries to reach the destination host
the basic syntax of the command is
traceroute 62.1.2.89.
-4 or -6 forcing IPv4 or IPv6 respectively.
-I uses ICMP ECHO when sends the packets
-T uses TCP SYN to send packets.
-U uses UDP for traceroute packets.
Note: Traceroute uses UDP Datagrams by default for probes.

-f tells TTL (Time to Live) to start. By default it is 1.
-i This option explicitly tells the interface to use when sending the packets. If this option is not mentioned, interface will be selected based on the routing table.
-m This option tells maximum number of hops to try before reaching the destination. Default value is 30
-N This option tells simultaneous probe packets to send. Default value is 15
-n is used to avoid a request to a name server. It will print just the ipaddress of the hops.
-w specifies the time to wait in seconds for each packet. Default value is 5 seconds
-q sends n packets to each hop. Default value is 3
-r option tells to bypass the routing table. If the destination host is not in the same network traceroute will not succeed.
-s uses an alternative source address.

Note: you must select the address of one of the interfaces


# tracepath

It discovers the MTU(Maximum Transmitting Unit) along with the path. Unlike traceroute even non super users can also run this command.

# host

This command is used for reverse lookup of an ipaddress.
-W wait time to get the response.
-t used to specify the query type. query type can be one of CNAME, NS, SOA, SIG, KEY, AXFR, etc. If query type is not mentioned then host automatically selects an appropriate query type. By default it looks for A records, if the -C option is specified queries look for SOA records.
Note: If name is an ipaddress then this will look for PTR records instead of A records.


-4 or -6 forces IPv4 or IPv6 respectively.
-a will make a query for type ANY
-T forces to use TCP when querying the name server. By default it uses UDP.
-R specifies the number of retries. Default value is 1
-d/-v verbose output
# host -v wiki.linuxquestions.org
Query about wiki.linuxquestions.org for record types A
Trying wiki.linuxquestions.org …
Query done, 1 answer, status: no error
The following answer is not authoritative:
wiki.linuxquestions.org 12857   IN      A       209.152.163.16
Authority information:
linuxquestions.org      12857   IN      NS      ns2.linuxquestions.org
linuxquestions.org      12857   IN      NS      ns1.linuxquestions.net
linuxquestions.org      12857   IN      NS      ns1.linuxquestions.org
Additional information:
ns1.linuxquestions.net  77279   IN      A       64.179.4.147

# nslookup

This command used to get the name servers for the specified server.
It runs in both interactive and non-interactive modes. If the first argument is – or no server name is mentioned it will go to interactive mode.
To get single data use non interactive mode as shown below.
nslookup 204.228.4.243

Use interactive mode if you want to get more than one data from the server.
use exit command to quit from the interactive mode
This command works both windows and linux.

More details : http://www.linuxmanpages.com/man1/nslookup.1.php


# dig

This command dig (domain information groper) is a great tool to get DNS name servers. This is one of the very commonly used tool by network administrators.
This command uses all servers listed in /etc/resolv.conf by default. It can be overridden by specifying them as an argument to dig command. Users can set their own configurations in ~/.digrc file. But command line arguments have more precedence than the .digrc file.
Common syntax
dig @server name type

server – name/ipaddress of the server where dig command to query. Default value will be taken from /etc/resolv.conf
name – is the name to be looked for.
type – query type options are ANY, A, MX, SIG, etc., default is A
-b source ip address, it should be one of the ipaddress of your server’s interfaces.
-f read names from
more details : http://www.linuxmanpages.com/man1/dig.1.php

# telnet

This command allows you to log in from one computer to another computer as you are sitting in that remote computer and working. Once the user enters correct username and password telnet will allow you to use linux shell. You can use all commands whatever you can use from your computer.
Syntax for telent
telnet [port]
By default telnet runs at port 23. So when you run the following command, it will connect to the port 23 from your client.
telnet 192.168.0.8
telnet command can be used to test other ports also. If you want to test the status of HTTP in port 80 just run
telnet 192.168.0.8 80

if the port is not opened you will get the following error.
# telnet 192.168.0.8 80
Trying 192.168.0.8…
telnet: connect to address 192.168.0.8: Connection refused
The same way you test other ports like SMTP, POP3, etc., also.
Note : telnet doesnt not encrypt the data when it sends across the internet.
For more options visit : http://www.linuxmanpages.com/man1/telnet.1.php

# ifconfig

One of the most commonly used command to get the ipaddress of the system
Basic syntax:
ifconfig
-a to list all active and inactive interfaces
ifconfig will print only the details of the specified ethernet

# ifconfig eth0 down will disable the ethernet eth0

# ifconfig eth0 192.168.0.8 [up] will assign ipaddess to eth0

# ifconfig eth0 netmask 255.255.255.0 will set netmask for eth0
# ifconfig eth0 broadcast 192.168.2.255 sets the broadcast address for eth0
# ifconfig eth0 192.168.2.2 netmask 255.255.255.0 broadcast 192.168.2.255 will do all at the same time
# ifconfig eth0 mtu N – changes the (MTU) Maximum Transmision Unit to N
# ifconfig eth0 promisc – sets promiscuous mode. Usually when network card receives the packet it will check if it is for that ethernet. If not it will drop it. In promiscuous mode it will accept all packets.
Note: Only super user can do this
# ifconfig eth0 –promisc – back to normal mode

# route

Prints/Add/Delete the routing table entries.
# route prints the routing table
-n prints 0.0.0.0 instead of * and prints ipaddress for names
route add default gw 10.0.0.2 sets the default gateway as 10.0.0.1
route del default gw 10.0.0.2 deletes the default gateway

# netstat

This prints variuos network related information like network connections, routing tables, interface statistics, masquerade connections, and multicast memberships, etc.
Basic syntax
# netstat
-a lists all ports both listening and non-listening.
-t consider only tcp ports
-u consider udp ports
-l lists all listerning sockets
-p display PID of the program. “PID/Program Name”

-an prints ipaddress, portnumber and userid instead of hostname, port name(using /etc/services) and username
–numeric-ports,  –numeric-hosts and –numeric-users to print only port number, host ip and userid respectively
-c will continuously print the data
-r prints the routing table
-i will print list of all network interfaces
-ie similar output as ifconfig
–protocol= separated list of address family keywords like inet, unix, ipx, ax25, netrom, and ddp. It will be same as –inet, –unix (-x), –ipx, –ax25, –netrom, and –ddp options
-s shows summary of all ports

# wall

This command sends message to all logged in users.
wall
-n prints the messae without banner
More details: http://www.linuxmanpages.com/man1/wall.1.php

# write

This command sends message to the specified user in the specified tty
write [tty]
Sends message to the specified username in the specified tty. If tty is not mentioned the most recently used tty will get the message.
After typing the message press enter to send it. To quit from write press ctrl+D
More details : http://www.linuxmanpages.com/man1/write.1.php

# talk

This command used for chatting with the specified user.
Syntax:
talk [tty]
For more details : http://www.linuxmanpages.com/man1/talk.1.php
Part -2:
In part – II i will discuss about the basic usage of the following commands.
# whois
# arp
# rarp
# mail
# fping
# named
# tcpdump
# iptraf
# iptables/ipchains
# ssh/rsync/nc
# wget/lynx etc.,
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)