Measure the test taker's knowledge about Solaris network management tools (I)

Article title: complete understanding of Solaris network management tools (I ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

At present, due to the many advantages of the UNIX operating system, the mainstream ISP basically uses UNIX as the system platform to provide services, among which Solaris accounts for a large proportion? Network management tools are widely used. in this article, network management tools are divided into different classes based on functions, and then these software tools are classified and described? The difficulty of using the tool varies greatly. Considering the length of the tool, I will only give a brief introduction here? First, we will introduce the tool software that Solaris 10 carries?

　　I. status monitoring tools

1. ifconfig

Ifconfig is provided in UNIX operating systems and is generally used for setting? Query the network interface parameters or status? When you use it to query the configuration information of each interface, you must use the-a option? Check the output result of the command to check whether the interface is working (UP). if there is no UP, it indicates that the interface is disabled? You can also check the maximum transmission unit (MTU) (for Ethernet, generally B). does BROADCAST support BROADCAST )? SIMPLEX (unicast) and MULTICAST (MULTICAST or MULTICAST) or their combination methods?

2. ping and its replacement tool

The ping command is used to check whether the target node can be reached, whether the target responds, and the round-trip time required to receive the response? If an error occurs during transmission, the ping command displays the error message? Ping is provided in multiple operating systems (Windows and UNIX )? Ping sends an ICMPECHO request packet to the target. If an ICMPECHO response packet is received, the target is active. Otherwise, the target node is not online? An error occurred while setting the network route or some filters were used to filter icmp echo packets? Similar to ping, there is also fping, which can be parallel? Check multiple hosts at the same time. The main feature is that the list of target devices can be stored in a file and then controlled using a file? In special cases, arping can be used to detect ARP requests and responses, so it will not be blocked. of course, it only applies to local networks? Using arping, you can quickly find the MAC address corresponding to an IP address or reverse query?

3. nslookup? Dig and host

Can these commands be used in UNIX and linux systems for domain name resolution? Does nslookup use the interactive method to query the ing between domain names and IP addresses? The dig function is to send domain name query information to the domain name server and obtain the result? Dig has two working modes: simple interaction mode and batch processing mode? The simple interaction mode is used for simple queries, while the batch processing mode is used to query the list containing multiple query entries? The host command queries the domain name server to obtain the domain name of the local machine or other hosts?

　II. Traffic Monitoring Tools

1. snoop command

This tool captures network groups and then displays or outputs these groups in different forms? The first step in network fault diagnosis is to collect information? Which of the following information is collected from the user to reflect the nature of the problem, and also from the network? Success depends largely on the efficiency of information collection and the quality of the collected information? Group capturing and analysis are the final and most complex methods for fault diagnosis. by collecting group data in real time and analyzing traffic, you can understand what happened inside the network? Improper use may also pose a threat to system security because these tools may obtain sensitive information?

These tools have different names, such as PacketSniffer )? PacketAnalyzer )? Protocol Analyzer and traffic monitor? The main difference between them is the amount of analysis on the captured groups? For example, the packet sniffer is the tool with the least workload, and the protocol analyzer is the tool with the most workload. is the packet analyzer tool between the two? The traffic monitor mainly provides statistics, and sometimes it may also provide raw group data? Snoop is a group sniffer, tcpdump is a group analyzer, and ethereal is a protocol analyzer?

Solaris provides snoop or etherfind. The former is an alternative to the latter, and the latter is provided in earlier versions of SunOS? Below is the output after snoop is run,-1.

 

　　

Figure 1 snoop command output

 

Snoop itself can run in the solaris system in an Ethernet environment, and then read all the data packets flowing through the network in the network adapter's hybrid mode. of course, this depends on the network must be a shared Ethernet (using a hub), or configure the SPAN function on the switch to mirror all traffic to the machine running snoop. If the network is running on an exchange network other than the preceding two, snoop can only obtain broadcast data and data sent to the host.

[1] [2] Next page