LPI 101-500 – 109.3: Basic Network Troubleshooting
- ifconfig, hostname
This chapter is called Basic Network Troubleshooting. The description says candidates should be able to solve network problems on client computers. That sounds worse than it is. You won’t find a bug in the exam that you need to fix. You just need to know the tools that could fix them. And of course you need to know how to use them. And there are different programs here that can take on different tasks. The tasks in this area would be general connectivity routing and the connections themselves. The program ifconfig belongs, for example, to general connectivity with ifconfig. You can display the correct settings of the corresponding network adapters and configure them.
In my case, ifconfig is not pre installed, which is why I will now install it quickly. The package in which ifconfig is located is called net Tools. Install net tools. And now we can use ifconfig. Let’s enter it without options. And here we see our network interfaces and the corresponding data. And here we can, for example, read off the assigned IP address and use it to determine whether everything is okay. Here, if we have no connection to the network and we see an IP address, for example, or no reference to an IP address at all, something has gone wrong here, and we know directly from which direction the error is coming. As you can see here, only this connection here is active for me.
So it’s a enp zero s three. So I can only display this data because of a better overview. Copy this and for example Efconfig. So we have a better overview now, because it has shown us only this one here. With Efconfig, you can not only see the IP address, but also reconfigure it. So let’s enter the following pseudofconfig and then entry new IP address. And then 48. Let’s use 23, for example, and net mark three times 255 and zero at the end. So I have assigned the IP address 192, 168, 178, 23 and the network mask 255, 255, 2550 to my interface enp. How is the result? And the result is that the IP address has changed to the one that was just configured manually.
You can also switch the entire adapter with ifconfig. It works like this pseudo ifconfig MP zero s three and then just down. And if we now run ifconfig without an option, we can see that our enp three adapter is missing. If we call if, we use the name of the adapter, then we can find something. But you see, there is no IP address or anything relevant for us to switch it on. Again, we choose you probably already guessed it pseudo fconfig enp three. And then up we check again whether everything is okay. And here we have the confirmation. The adapter is back online and it has probably received a new IP address, namely this one here and also IP six addresses.
If an IP address has been properly assigned and you have no access to the network or the Internet. You could first check whether there is even a connection to the router. The Ping tool is primarily used for this. With Ping, you send a request to a certain address and see if you get an answer. So if there is a connection, for example, ping the IP address of my router is this one here, and we see there is a connection. We get responses from the router. With control C, we can end the output and if we don’t do that, it will go on forever. We can also instruct Ping to send only three requests, or five requests or ten requests. For this we use the option C, ping C three, and then again the IP address and C only three times. Let’s take a closer look at the output.
The data packets are sent and received are 64 bytes in size. This is followed by the IP address that we ping. And then we see ECMP. That is the corresponding protocol that Ping uses. That Ttl value means time to live. 64 is always the value. When pinging a device in the same network that is not running through a router, the starting value, so to speak. Assuming the packet goes through a single router, the 64 is reduced by one number. Then the result would be 63. If we would see a TTL value of 34, we know that the data packet has passed through 30 routers. If zero is reached, the packet is discarded. This is to prevent a misconfigured network or a misconfigured router from causing a packet to travel forever.
To ping an IP six address, we should use the program Ping Six, ping Six and then the IP six address and so on. I don’t have an IP address which I could ping now. So just keep in mind for IP six addresses you need to use Ping Six, because Ping doesn’t work here. We already talked about the Hostname tool in the last chapter. As a reminder, Hostname shows the host name of the local computer. In my case manual box, Hostname actually has a few options. With Hostname capital I, for example, the local IP address is displayed hostname I and here you can see the local IP address. This one here, hostname F shows the FQDN. So the fully qualified domain name of this computer, in this case, it is the same as the normal Hostname.
- route, traceroute, tracepath
We come to routing. First, let’s take a look at the route program. This also belongs to the previously installed net Tools socalled routing tables can be checked with root if it is not yet clear what routing exactly is, I will try to explain it briefly. As mentioned several times before, there is usually a sender and a receiver. Sender and receiver can communicate directly with each other if they are in the same network. If they are in different networks, the data packets are forwarded to another network via at least one router. Usually there are several routers, so if you enter an Internet address in your browser, you will be directed through several routers until you are finally on the website.
And that is exactly what is called routing. Of course, our operating system must know how to handle data packets that are addressed to a computer outside of our own network. This is where the root command comes into play. Root, called without options, shows the so called routing table of the local computer in which it is specified how the routing should take place. That’s our routing table here. In order to also see an IP address here with default or at link local, we use root with the option n. This means that all host names, FQDNs, et cetera, are also displayed as IP addresses. Root n let’s take a closer look at this routing table.
On the far left we find the column that describes the destination so the destination network to which a data packet is to be sent. Next to it we have the router column. In some Linux distributions or in other languages gateway gateway can be used here instead of router, so in some Linux versions you will find gateway, and in other versions you will find router. The third column, called Gen mask, is the network mask of the corresponding network. In the fourth column you will find the so called Flex. In the first line we see the abbrevation UG. In this case, U stands for up the root or the corresponding entry for routing is therefore active.
The G stands for gateway and means that the defined gateway in this case 192, 168, 178 one is used. By the way, we don’t see a G on the other three lines, so no gateway or router is used here. The other columns are rather unimportant and probably too detailed for the Epic One exam. So let’s look at the last line of the routing tables. This one here. This means that all data packets that are sent to the destination 192, 168, 1780, so to my home network do not have to be rooted. We can see this from the fact that the value entered for router is, and that no G here for gateway appears in the column flags. Same with the second line here c no G here no router address.
And the third line too. The first line says that if the destination is which in this case can be understood as everything else. So not the networks from line two, line three or line four. Then the data packet should go to the router with the address 192, 168, 178 one. The router itself has its own routing tables and then forwards the data accordingly, which is not the subject of the Epic One exam. Incidentally, if there were no IP address under router, but only an Asterisk, this would mean that no router or standard gateway was configured. There are certainly computers within a network that should not have any connections to the outside. In such a case, they wouldn’t have that either.
With root you can or you could then also configure a standard gateway. The command would look like this pseudo root at default GW. It’s the abbreviation for gateway. And then 192, 168, 178, 200, which is definitely not the IP address of my router. This now means that I no longer have a connection to the Internet logically. So I’m going to change it right back with pseudo root at default gateway 192, 168, 178 and one. Let’s check the result route n and here we see peculiarity of route. The gateway is not changed every time, but they are added additionally. That’s why I now have three standard gateways. See here the first gateway, then the second and the third.
Accordingly, I would like to delete two of them with pseudo root dell default gateway and then 192, 168, 178, 201 gateway with the one at the end, route n and now the routing table looks like it did before. Very good. Of course, we can also set manual routes ourselves. This is actually not necessary in a private network, but something like this can be necessary in a company network. Corresponding command could look something like this pseudo root at net or 92 168 10 net mask this one and gateway this one. This is an example that has just been arbitrarily thought up. So if we have data packets that are sent to the target network 192, 168 10 the standard gateway with the address 192, 168, one one should be used.
The route is checked immediately after it has been entered and we see we receive a message that the network cannot be reached. Accordingly, there is no entry in the routing table. Incidentally, changes made by us are lost when the system is restarted. Here you would have to create a script that automatically makes the changes after every restart, but only by the way, let’s look at the Traceroot command. Traceroot shows us the individual routers that a data packet passes through to get to its destination. Traceroot is a little bit older, which is why it is not installed by default on my Ubuntu. So I install traceroute with pseudoapt install traceroot the ttl value is very important for Traceroute.
Do you remember the ttl value we looked at when we discussed the Pin command? To repeat again ttl means time to live. In the case of a Ping, this always starts with Ttl value 64. If the value remains at 64, we know that the data packet did not go through a router. If the value at Ping is 60, we know that the data packet has passed through four routers. Actually, we could check it out. We just didn’t do that at all. So let me just ping a website. For example, ping C one and then Linux course. It’s a German word for courses. So one ping here we got an answer, and we see that the Ttl value is 54. So ten routers were run through until we got to this website here.
In the case of Traceroot, the Ttl value is also used. But the other way around, traceroot starts with a Ttl value of one. So the program only reaches the first router. Then it outputs the time it took the router to respond. Next, he sends out another request, this time with a Ttl value two. So the data packet reaches the second router. The reaction time of the second router is also displayed here, and the game continues until the goal has been reached. Okay, let’s take a look at this Traceroute. com. Based on the results, we can now see which path our data package took to reach its destination. But what is even more important, we can see the router response times.
In a huge company network, where you want to send something from department A to department B, you may have to go through several routers. If you find out that it takes ages for the data to arrive there, you could use Trace Route to see what the router response times are and possibly identify the culprit, which takes significantly longer than all other routers. District Root traceroot understands the N option, which ensures that names are converted into IP addresses. So Trace root N and for example, Google De first destination is my router, and then here you have the other routers, and here you have the times.
And as with Ping and Ping six, there is also a trace route six version with trace route. This is of course, if you want to follow a corresponding routing via IP six addresses. Since the operation here is the same as with Traceroot, we do not need to go into it here the program trace Path and Trace Path Six are alternatives to Traceroute. Trace path google de. There are some routine problems. Seems so. Okay, let’s try another site, Tracepartgoogle. com. Maybe Google restricts this software. Let’s try and that’s it. The output is selfexplanatory and does not need to be commented at this point. So see you in the next lesson.
- netstat, nc
We come to the Netstat command, you will most likely be confronted with this in a professional environment. You can also expect one or two questions on this topic in the exam, netstat is very extensive, which is why it is definitely worth taking a look at the man page man Netstat and you will see what Netstat can do. Print network connections, routing tables, interface statistics, miscreate connections and multicast memberships. Ton of options. Here you should definitely take a close look at these options. For example, the R option displays the routing table. Let’s start R. Does this table sound looks familiar to you? It is in fact almost the same table as the one we see with Root.
In my professional environment I often use Netstat to check whether an installed web server is ready for use. A website that is hosted within apache can be reached via port 80 if only Http is used. If you use Https, so the secure variant of Http, it would be port four, four three. So I check with Netstat whether the port is listening, so whether the port can be reached. To do this, use Netstat with various options combined with one another. Of course it’s all a matter of taste, but the following command has saddled in me atop the A stands for all. So all connections should be displayed. The T stands for TCP connections that should be displayed.
The O stands for the so called timer information. So that’s this one here, the last column, and the P stands for the program name and the corresponding process ID. So here at this point so here we see TCP connections and the corresponding program names and the info whether the port is actually connected or just listening. Here state listen. So if I know that apache is listening on port at, I could of course combine Netstat with grep, for example, Netstat atop and then pipe grep and then for example 80. So in this case no result because no apache is installed here. But if I had just installed one and there was no result, then I would know that apache is not working correctly or the website is not configured correctly.
So by the way, you should of course use Netstat with pseudo rights. Then you have a few more information. Here the process ID and the program name of course. See here we have an nginx process ID 772. State is listen. And here we have lxd process on the process ID 2079, which is listening. And the local port is 8443. The command very similar to the Netstat command is the ss command. ss running without options brings us the following results as with Netstat, we again have the option to adapt the table output to our needs. For example, again ss atop the options are for the most part identical to the Netstat options.
The difference between Netstat and ssr, the sources from which the two commands get the data netstat uses the prox file system and ss contacts the kernel directly. The next tool on the list would be netcat, or the short form nc. Either can be used. Netcat is a very big and powerful tool. So let’s take a look at the man page. Arbitrary TCP and udp connections. And listens. The nc or Netcat utility is useful just about anything under the sun involving TCP, udp or unix domain sockets. It can open TCP connections, send udp packets, listen on arbitrary TCP and ustp ports, do port scanning, and deal with both IP four and IP six. Unlike telnet, nc scripts nicely and separates error messages on standard error instead of sending them to standard output, as telnet does with some.
And here, of course, you can see again some options. A simple task that netcat can perform is to open any free port. So you could establish a direct connection between two computers in the network. So let’s try with nc or netcat. It is the same nclp, and then the port number 1234. P describes the source port, and L stands for list. So listening is then carried out on the corresponding port. Okay, to see if it worked, we have to open another terminal. So new window. And now we can query port 1234 has been opened and we can see that it is listening here, listening and waiting for a connection.
We could now establish a connection from another computer in the network via this port. We would also use Netcat for this. To do this, I will now start up a second linux system and try it out. So I will pause this video until my second linux system is online. Okay, I’m now logged into my second system. You can see it here on the host name virtualbox two. The other one was just virtualbox. And now I reestablished the connection with the command netcat followed by the IP address, or the hostname followed by the port number. So netcat. So now I need the IP address. Let me switch back to the other system, to the first one.
And now I use the same command as before, the Netstat command and grab to the port 1234. And we see here we have a little listener here. And here you see there is an established connection. So it seems like the connections between these two linux systems are established. But we still have a much easier way to determine whether a connection exists. Namely by writing something in one of the two connected terminals. theoretically, this should then also be displayed in the other terminal. So for example, test. And here you can see test. So that worked wonderfully.
- ip
We come to the last command in this lesson, namely the IP command. Similar to ifconfig, IP can be used to display and reconfigure various network settings. To display the IP addresses of the network adapters, use IP with the additions Address and Show. So IP Address Show this gives us the same information as before with if confcon or if config with IP, we can shorten the following commands and options, as long as they still are unique. Instead of IP Address Show, we could also write iPadR Show for example. The result is the same. We can also shorten Show in this case iPad Show. So even the following command still works in this case apas. In order to only display a certain network interface, you simply specify this in the command just like with ifconfig now I have to look again.
I wanted to look for this here so IPAs and then EMP three and then we only see the information of this interface here. To see what other objects are still available for IP, it is best to consult the IP Man page and IP. And here we see a whole range of objects that we can use in connection with IP. For example, here link address, root rule, tunnel monitor, and so on. Of course, we cannot discuss every single object here, which is why we limit ourselves to the important ones. We have already mentioned IP Address IP and here Address IP Address IP Root would be another interesting example. So IP root Show so perhaps a little less nicely displayed, but the result is the same as that of route N.
IP also offers the option of displaying IP to Mac Address assignments with IP Neighbor Show. And here you see the IP addresses and the Mac addresses. Of course, with IP we can not only display IP addresses, but also change them. Here is an example of how you can set a new IP Address pseudo IP Address Change and then for example 192-16-8178 and two to two and 24 the Net mask and we have to enter the broadcast. I’ve forgotten the name. I have to look at it. Sorry about that. Ipasenp zero s three and we see here our new IP address 192, 168, 178 222 to remove the IP address again, we choose the following command pseudoip dell and then the IP Address and the device name.
We have a little warning here. You can ignore this and you can see our IP Address is deleted. As with ifconfig, you can also switch off an entire interface with IP. So, for example, pseudo IP link set down and then EMP three. We check it out and at the first glance it looks like nothing happened. But we can clearly see that the status is down. So let’s activate the interface again with pseudo IP Link set up and let’s check that again. And we see that the state is back to up and we have an IP Address also, for the IP command, I recommend reading the manual page, the main page again. But I think we have talked about the most important options here.