Troubleshooting network issues
When troubleshooting network issues from host A to host B, check the following:
Do you have connectivity?
Ensure network interface has an IP with /sbin/ifconfig
Network interfaces are configured at: /etc/sysconfig/network-scripts/ifcfg-<interface>
If you modify the config restart with:
sudo service network restart
Does it have a path to the local network?
Check if default gateway is present:
[vagrant@centos-5 ~]$ /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
Note: the -n
option stops the command from attempting to resolve the IPs to hostname
Ping the gateway If you can’t ping it could just mean ICMP packets have been blocked. or (If ICMP isn’t blocked) your switch port on your host could be set to the wrong VLAN.
Check DNS
Perform a nslookup to check if it resolves the IP.
If a name server is not configured check /etc/resolv.conf
Connectivity Matrix
|-- can_ping_host
| `-- not_responding
| `-- is_the_remote_port_open?
`-- cannot_ping_host
|-- different_subnet?
| `-- is_there_a_route_to_remote_host?
`-- same_subnet?
`-- is_the_nameserver_down?
Is there a route to the remote host?
Perform a traceroute
. If ping works but traceroute doesn’t it could be because UDP is blocked.
Is the port open?
Perform a telnet
test. If it fails either the remote machine is not listening on that port or the firewall is blocking it.
Check if the port on the remote machine is open by running nestat
locally on the remote machine:
netstat -nlp
If the port is blocked by firewall check the firewall rule with iptables
Packet Captures
Suitable to investigate intermittent issues
# See traffic coming from a host
sudo /usr/sbin/tcpdump -nA host [source-host]
# Filter traffic to and from a specific port
sudo /usr/sbin/tcpdump -n port [port-number]
# Multiple ports
sudo /usr/sbin/tcpdump -n port [port-number] or [port-number]
# Write to file and to standard output
sudo /usr/sbin/tcpdump -l host [host] | tee outputfile
ifconfig
(orip link
,ip addr
) - for obtaining information about network interfacesping
- for validating, if target host is accessible from my machine. ping is also could be used for basic DNS diagnostics - we could ping host by IP-address or by its hostname and then decide if DNS works at all. And then traceroute or tracepath or mtr to look what's going on on the way to there.dig
- diagnose everything DNSdmesg | less or dmesg | tail or dmesg | grep -i error
- for understanding what the Linux kernel thinks about some trouble.netstat -antp + | grep smth
- my most popular usage of netstat command, which shows information about TCP connections. Often I perform some filtering using grep. See also the new ss command (from iproute2 the new standard suite of Linux networking tools) and lsof as inlsof -ai tcp -c some-cmd
.telnet <host> <port>
- is very useful for communicating with various TCP-services(e.g. on SMTP, HTTP protocols), also we could check general opportunity to connect to some TCP port.iptables-save
(on Linux) - to dump the full iptables tablesethtool
- get all the network interface card parameters (status of the link, speed, offload parameters...)socat
- the swiss army tool to test all network protocols (UDP
,multicast
,SCTP
...). Especially useful (more so than telnet) with a few-d
options.iperf
- to test bandwidth availabilityopenssl
(s_client
,ocsp
,x509
...) to debug all SSL/TLS/PKI issues.wireshark
- the powerful tool for capturing and analyzing network traffic, which allows to analyze and catch many network bugs.iftop
- show big users on the network/router.iptstate
(on Linux) - current view of the firewall's connection tracking.arp
(or the new (Linux)ip neigh
) - show the ARP-table status.route
or the newer (on Linux)ip route
- show the routing table status.strace
(ortruss
,dtrace
ortusc
depending on the system) - is useful tool which shows what system calls does the problem process, it also shows error codes(errno) when system calls fails. This information often says enough for understanding the system behavior and solving a problem. Alternatively, using breakpoints on some networking functions in gdb can let you find out when they are made and with which arguments.- to investigate firewall issues on Linux:
iptables -nvL
shows how many packets are matched by each rule (iptables -Z
to zero the counters). TheLOG
target inserted in the firewall chains is useful to see which packets reach them and how they have already been transformed when they get there. To get furtherNFLOG
(associated withulogd
) will log the full packet.