MAC OS x Network Diagnostics command

Here are some of the network Diagnostics commands commonly used under Mac OS x. They can help us discover network problems. The Protocol and network communication principles mentioned in this paper can be referenced in the protocol forest .

Some tools, such as arping, Arp-scan, need to be installed with homebrew.

Basic Tools

The first step in Network Diagnostics is to understand your device, such as which interfaces are available, and what IP addresses are.

Ifconfig

Displays network interface (interface) information. such as the interface name, the interface type, the IP address of the interface, the MAC address of the hardware, etc.

ARP

The ARP protocol is used inside the local area network (LAN). By borrowing the ARP protocol, the device can know the Ip-mac correspondence within the same LAN. When we access a local IP address, the device communicates with the corresponding MAC address according to the corresponding relationship. Through the ARP tool, we can know whether the communication within the LAN is normal.

Arp-a

Show Ip-mac correspondence for local storage

sudo arping-i eth0 192.168.1.1

Via Eth0 interface, send ARP request, query IP for 192.168.1.1 device MAC address

sudo arp-scan-l

Querying the corresponding MAC address of all IP addresses within the entire LAN

sudo tcpdump-i en0 ARP

Listening for ARP protocol communication on the En0 interface

Network Layer

The network layer is a wide-area internet, the Internet equipment with IP address identification. Ping is a echo_request request to send an ICMP protocol to an IP address. The device that receives the request will return an ICMP reply. If you ping an IP address, the device that describes the IP address can be successfully reached through the network layer.

Ping 192.168.1.1

Sends an ICMP request to the IP address 192.168.1.255. If the ICMP of the address is not disabled, then the device on that network will reply.

Ping 192.168.1.255

Sends an ICMP request to the broadcast (broadcast) address 192.168.1.255. If ICMP is not disabled, then the device on that network will reply.

It is important to note that many devices disable ICMP. If you do not ping a device, it is not necessarily a network layer failure.

If two devices have the same IP address, it will cause an IP conflict. Many networks are automatically assigned IP addresses by DHCP protocols, which can greatly reduce the likelihood of IP collisions. The DHCP server and the device agree that the device will occupy an IP address for a certain amount of time, and the DHCP server no longer assigns that IP address to someone else.

sudo ipconfig set en0 DHCP

Update the DHCP lease. The device will release the IP address and then regain the IP address from the DHCP server.

sudo ipconfig set en0 INFORM 192.168.0.120

Set the interface en0 to a static IP address.

Routing

LAN through routers, access to wide-area Internet. Communication over the Internet is often relayed through multiple routers. The failure of the router on the way can cause Internet access anomalies.

Netstat-nr

Displays the route table. From the routing table, you can find the gateway. A gateway is an exit to a wider-area network.

Traceroute 74.125.128.99

Tracks the full route to the IP destination.

traceroute-i 74.125.128.99

Routes are traced through the ICMP protocol. The ICMP protocol is often disabled, so the string "*" is returned.

sudo traceroute-t-p 74.125.128.99

Through the TCP protocol, the route is traced via Port 80. The default port 80 for the TCP protocol is rarely disabled.

Network Monitoring

Tcpdump is a network grab kit. It can listen to different layers of network interface communication, and filter out specific content, such as a specific protocol, a specific port and so on. We have already used tcpdump to listen for ARP protocol communication. Here we look at more listening methods.

sudo tcpdump-i en0

Listen to all communications on the En0 interface

sudo tcpdump-a-i en0

Displaying the communication content of the En0 interface using ASCII

sudo tcpdump-i en0 ' port 8080 '

8080-port communication showing the En0 interface

sudo tcpdump-i eth1 src 192.168.1.200

Display eth1 interface, communication from 192.168.1.200

sudo tcpdump-i eth1 DST 192.168.1.101 and Port

Display ETH1 interface 80 port, destination for 192.168.1.101 communication

sudo tcpdump-w record.pcap-i lo0

The communication of the Lo0 interface is stored in the file Record.pcap

Domain Name Resolution

DNS is the translation between the domain name and the IP. A DNS failure can cause us to be unable to access a URL through a domain name.

Host www.sina.com.cn

DNS domain name resolution. Returns the IP address of the domain name

MAC OS x Network Diagnostics command