Network Testing and Fault Diagnosis Methods and tools v0.1b

1. Network debugging tool overview;

If we connect a machine to the network and configure the network configuration tool, we need to use the network debugging tool to determine whether the machine has been connected to the network and whether the network connection is normal. The common network configuration tools used in various releases are ifconfig and netconfig. Of course, the major releases of Linux have their own configuration tools, these special configuration tools for specific releases are very effective, mostly graphical interfaces, and easy to operate.

For network configuration tools, see:

Linux network interface configuration file and related tools
Tools for changing the speed and negotiation of network interfaces miitool and ethtool

In network configuration, network-related configuration files are important. For Network-related configuration files, see:

Linux Network Basics
Linux network interface configuration file and related tools

Network debugging tool is used to test whether the network is normal after the network is configured. Network debugging tools include network testing tools and troubleshooting tools.

The network configuration process is as follows:

Physical hardware connection-> network configuration (via network configuration tool)-> network test-> Network diagnosis-> success

2. network testing tools and methods;

2.1 network test tool Ping:

If we want to know whether the network of a host is normal, we need to use Ping, which is our most commonly used network testing tool. Based on the host Ping results, we can determine whether the host is normal on the network. If the connection fails or packet loss occurs (except for the network where the firewall blocks the ICMP response), we need to use the network configuration tool or diagnostic tool to locate the problem. In general, network connectivity may be related to the network connection we have made, and sometimes it is related to whether the network devices such as switches or my hubs are normal, sometimes we need to redo the network cable or change the switch (or hub) interface.

Ping usage

Ping usage, etony brother onceLinux Network BasicsFor ping, we can simply use it;

Ping [parameter] host or IP address

Note:Ping can directly connect to the Host Name, domain name, or IP address without the option;

Here, I will explain some usage of Ping in the form of an instance. If you want to know the ping instruction manual, please refer to the etony elder brother document I mentioned earlier. Thank you;

Instance 1:The simplest use and explanation of Ping;

[root@localhost ~]# ping linuxsir.org 

PING linuxsir.org (211.93.98.20) 56(84) bytes of data.
64 bytes from 211.93.98.20: icmp_seq=1 ttl=64 time=1.51 ms
64 bytes from 211.93.98.20: icmp_seq=2 ttl=64 time=0.323 ms
64 bytes from 211.93.98.20: icmp_seq=3 ttl=64 time=0.318 ms
64 bytes from 211.93.98.20: icmp_seq=4 ttl=64 time=0.317 ms
64 bytes from 211.93.98.20: icmp_seq=5 ttl=64 time=0.321 ms
64 bytes from 211.93.98.20: icmp_seq=6 ttl=64 time=0.218 ms
64 bytes from 211.93.98.20: icmp_seq=7 ttl=64 time=0.312 ms
64 bytes from 211.93.98.20: icmp_seq=8 ttl=64 time=0.316 ms
64 bytes from 211.93.98.20: icmp_seq=9 ttl=64 time=0.309 ms
64 bytes from 211.93.98.20: icmp_seq=10 ttl=64 time=0.318 ms

--- 211.93.98.20 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9001ms
rtt min/avg/max/mdev = 0.218/0.426/1.513/0.363 ms

Explanation:

1] Ping can be used to connect the host name, domain name, or IP address. In the LAN, can the host and host of the same network segment communicate with each other through the host name? There are currently two methods, one is to create a DNS server (see "DNS server configuration and application", and the other is to modify/etc/hosts (see: linux host name. You must configure routes for communication between hosts in different CIDR blocks. For more information, seeLinux Network Basics

2] Ping linuxsir.org. We can see that the packet size returned by Pi for the ICMP echo response result is 64 bytes. Of course, we can use the-s option to specify the packet size. Icmp_seq = x (x is an integer greater than 1) is the serial number of the response packet. If the serial number is continuous under normal network conditions, packet loss may occur on the network. Packet loss may be caused by physical hardware, but may also be caused by IP conflicts, or may be caused by network interfaces.

3] in this example, we also see that the TTL value is 64. What is TTL? Time to live can be translated into TTL, that is, the survival time after the package is sent. There are many articles on the Internet that use TTL values to determine the operating system type. For example, in Linux, the default TTL value is 64, and in windows, the default value is 128 or 32, the number of UNIX classes is 255. According to my test results, it is not necessarily true that the TTL of ipvs SP2 in my LAN is also 64. You have to test whether this statement is true.

4] time = xxx MS indicates the time required for data packet return;

5] When the Ping is terminated, press Ctrl + C. We can check the ping result statistics, such as how many packets are transmitted, how many packets are returned, how many packets are lost, and how much time is consumed ...... it is similar to the following;

--- 211.93.98.20 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9001ms
rtt min/avg/max/mdev = 0.218/0.426/1.513/0.363 ms

Example 2:Ping parameter usage;

-S indicates the data packet size in bytes. The default value is 56. When combined with 8 bytes of ICMP header data, it is converted into 64 bytes of ICMP data;
-L how many preload packets can be sent as quickly as possible before entering the normal behavior mode
-C count: stops sending (receiving) count data packets;
-I: The time interval between sent packets;
-F: The ping packet is continuously sent and generated, and the instantaneous value is extremely large. Be careful when using DDoS attacks. This option can only be executed by the root user;
-R bypasses the route table and sends it directly to the network host;

Example:

[root@cuc03 beinan]# ping -l 10 192.168.1.5
[root@cuc03 beinan]# ping -i 3 192.168.1.5
[root@cuc03 beinan]# ping -f 192.168.1.5
[root@cuc03 beinan]# ping -r 192.168.1.5
[root@cuc03 beinan]# ping -s 128 192.168.1.5

Through the example above, if you are interested, check the result;

2.2 Other methods for testing network availability;

It is worth noting that the Ping is used in a network where the firewall or router disables the imcp response. In such a network, the ping cannot be achieved. If you are in such a network, if you want to make the ping take effect, you must adjust the firewall or router.

In addition, we can also test the network availability through tools at the application layer, such as SSH, telnet, FTP, or HTTP. These are relatively simple. You can test them by setting up the corresponding server on one side;

3. network fault diagnosis tools and methods;

The ping tool and application testing method only provide a simple network-based host, but do not know the specific problem. Therefore, it is necessary to introduce the concept of fault diagnosis. Next we will talk about the process of fault diagnosis;

Fault diagnosis process:

* Whether the network cable is standardized. In the Ethernet, you must know that the cross-line and parallel-line practices apply to different networks;
* The network interface configuration is correct;
* The DNS Client configuration file is correct;
* Can ping the loopback address 127.0.0.1;
* Can I use IP addresses to ping hosts on the network;
* Can you ping hosts in other network segments? You need to add routes for communication between hosts in different networks;
* Can I use Telnet, HTTP, FTP, or SSH to access services on other hosts;

Traceroute is a routing tool used to track the route through which data packets arrive at the network host;

Traceroute is a gateway tool used to send packets between the host and the target host. The principle of traceroute is to try to send a test packet with the smallest TTL to track the gateway that the data packet passes through to the target host, and then listen for a response from the gateway ICMP. The default size of the sent data packet is 38 bytes.

Traceroute [Parameter options] hostname, domain name or IP address
Parameter options:
-I indicates the network interface, which is useful for multiple network interfaces. For example,-I eth1 or-I ppp1;
-M sets the maximum lifetime used in the test package to max-TTL forwarding. The default value is 30;
-N: the IP address is displayed. The host name is not checked. This parameter is often used when DNS does not work;
-Set the basic UDP port used by the P port test package to port. The default value is 33434.
-Q n sets the number of probe packages to N each time it sets the lifetime. The default value is 3;
-R bypasses the normal route table and directly sends it to the host connected to the network;
-W n sets the wait time for response of the external probe package to n seconds. The default value is 3 seconds;

Instance 1:Traceroute is a simple and most commonly used method.

Is followed by an IP address, hostname, or domain name. For example, the following example;

[root@localhost ~]# traceroute linuxsir.org
traceroute to linuxsir.org (211.93.98.20), 30 hops max, 40 byte packets
 1 sir01.localdomain (192.168.1.1) 0.151 ms 0.094 ms 0.146 ms
 2 221.201.88.1 (221.201.88.1) 5.867 ms 7.588 ms 5.178 ms
 3 218.25.158.149 (218.25.158.149) 6.546 ms 6.230 ms 8.297 ms
 4 218.25.138.133 (218.25.138.133) 7.129 ms 7.644 ms 8.311 ms
......

Note:In this example, the record starts from 1 by serial number, each record is a hop, each hop represents a gateway, we see that each row has three times, the unit is MS, it is actually the default parameter of-Q. The time that the gateway returns after the detection packet sends three data packets to each gateway. If you use traceroute-Q 4 linuxsir.org, four data packets are sent to each gateway;

Sometimes when we traceroute a host, we will see some rows represented by asterisks. In this case, the firewall may block ICMP return information, so we cannot get any related data packets to return data.

Sometimes we have a long latency at a certain gateway, which may be caused by a blocking of a gateway or physical device. Of course, if a DNS server encounters a problem and the host name or domain name cannot be resolved, there will also be a long delay. You can add the-n parameter to avoid DNS resolution and output data in IP Format;

If the network segments in the LAN are different, we can use traceroute to troubleshoot the problem, whether it is a host problem or a gateway problem. If a problem occurs when we remotely access a server, we use the gateway that traceroute traces the data packet and submits it to the IDC service provider, which also helps solve the problem; however, it seems that it is difficult to solve such problems in China, that is, we find that the problem is located, and the IDC service provider cannot help us solve it. Why? Because China north and China South Telecom are independent of each other. In the past, it was a single network, and now it is two networks, which is smooth. We can only look at the Internet to sigh;

Example 2:Some parameter usage examples;

[Root @ localhost ~] # Traceroute-M 10 linuxsir.org sets the number of hops to 10;
[Root @ localhost ~] # Traceroute-N linuxsir.org note: the IP address is displayed and the host name is not checked.
[Root @ localhost ~] # Traceroute-P 6888 linuxsir.org note: the Basic UDP port used by the probe package is set to 6888.
[Root @ localhost ~] # Traceroute-Q 4 linuxsir.org Note: set the number of probe packages to 4;
[Root @ localhost ~] # Traceroute-r linuxsir.org Note: attackers can bypass normal route tables and directly send them to connected hosts;
[Root @ localhost ~] # Traceroute-W 3 linuxsir.org Note: Set the waiting response time of the external probe package to 5 seconds;

4. About this article;

I do not know whether to write this article, but it is still easy to write. I wanted to write in detail the classification of network tools. The result is written like this, and it is a bit disappointing. However, since it has been written, it will be sent for approval. It mainly describes some methods for determining network troubleshooting. I feel that it is not very useful. This article has made some mistakes. I have to work hard next time ....

5. Update logs;

2006/08/22 v0.1b completion text;

6. references;

Man and help;

7. related documents;

Linux Network Basics
Linux network interface configuration file and related tools
Tools for changing the speed and negotiation of network interfaces miitool and ethtool
TCP/IP network Basics

By North South at-| Network Base | Linux | comments | 8864

Ping linuxsir.org

Ping linuxsir.org (211.93.98.20) 56 (84) bytes of data.
64 bytes from 211.93.98.20: icmp_seq = 1 TTL = 64 time = 1.51 MS

It means that brother beinan is sitting in the same segment of the server and pinging it.

If you can explain hping better, it has more powerful functions.

By Anonymous at Friday,-| the reply was awesome.

The network is complex, and there are a wide variety of network tools. It is impossible for the North and South Brother to explain/explain a lot in detail in such a small space ~,
I have been reading this document for a year ~, Roar

By the fire of loneliness at Friday,-|

I also read it carefully and it is worth remembering. In particular, the layout is quite comfortable.

By Anonymous (not verified) at Tuesday, | Reply to netstat

I think netstat is also a good tool.

Of course, the link status miI-tool is also available.

I almost forgot about lsof.