SYSTEMS ADMIN TRAINING WORKSHOP

Mr. Mturi Elias

University Computing Centre

SYSTEMS ADMIN TRAINING WORKSHOP

Mr. Mturi Elias

OverviewIntroductionDoing Basic Cable and Link TestsTesting Your NICTesting Network ConnectivityDetecting Network CongestionPacket CapturingBasic DNS Troubleshooting

Mr. Mturi Elias

IntroductionTwo Network related problems

Network Slowness Lack of Connectivity

Sources of Network Slowness NIC duplex and speed incompatibilities Network congestion Poor routing Bad cabling Electrical interference

Mr. Mturi Elias

Introduction

Sources of Network Slowness An overloaded server at the remote end of the

connection Misconfigured DNS .

Sources of a Lack of Connectivity The cables are bad. The switch or router to which the server is

connected is powered down. The cables aren't plugged in properly. The remote server or an application on the

remote server being shut down.

Mr. Mturi Elias

Doing Basic Cable and Link Tests

NIC’s “link” light is on: indicates the link is functioning properly.

In most cases a lack of link is due to the wrong cable type being used.

There are two types of Ethernet cables crossover and straight-through.

Always make sure you are using the correct type.

Mr. Mturi Elias

Testing Your NIC

Viewing Your Activated Interfaces [root@rdu root]# ifconfig

Viewing All Interfaces The ifconfig -a command provides all the network

interfaces, whether they are functional or not.

Testing Link Status from the Command Line. Both the mii-tool and ethtool commands command

will provide reports on the link status and duplex settings for supported NIC

Mr. Mturi Elias

Testing Your NIC (2)

Testing Link Status from the Command Line. Link Status Output from mii-tool

[root@rdu root]# mii-tool -veth0: negotiated 100baseTx-FD, link ok product info: vendor 00:08:18, model 25 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-

control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HDeth1: no link product info: vendor 00:08:18, model 25 rev 0 basic mode: autonegotiation enabled basic status: no link capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-

control

Mr. Mturi Elias


Testing Link Status from the Command Line. Link Status Output from ethtool [root@rdu root]# ethtool eth0Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full Advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: on Supports Wake-on: g Wake-on: d Link detected: yes

Mr. Mturi Elias


Viewing NIC Errors ifconfig ethtool –S eth0

Mr. Mturi Elias

Testing Your Network Connectivity

Using Ping To Test Connectivity ping sends ICMP echo packets that

request a corresponding ICMP echo-reply response from the device at the target address.

Because most servers will respond to a ping query it becomes a very handy tool.

Mr. Mturi Elias

Testing Your Network Connectivity (2)

Using Ping To Test Connectivity A lack of response could be due to: 1. A server with that IP address doesn't exist 2. The server has been configured not to respond

to pings 3. A firewall or router along the network path is

blocking ICMP traffic 4. You have incorrect routing. 5. Either the source or destination device having an

incorrect IP address or subnet mask.

Mr. Mturi Elias


Using Ping To Test Connectivity [root@rdu root]# ping -c 2 www.udsm.ac.tz PING websvr.udsm.ac.tz (196.44.161.110) 56(84) bytes

of data. 64 bytes from websvr.udsm.ac.tz (196.44.161.110):

icmp_seq=0 ttl=254 time=0.588 ms 64 bytes from websvr.udsm.ac.tz (196.44.161.110):

icmp_seq=1 ttl=254 time=0.470 ms

--- websvr.udsm.ac.tz ping statistics --- 2 packets transmitted, 2 received, 0% packet loss,

time 1007ms rtt min/avg/max/mdev = 0.470/0.529/0.588/0.059 ms,

pipe 2

Mr. Mturi Elias


You may get a "Destination Host Unreachable" message. There are a number of reasons for this:

1. The server might be down, or disconnected for the network.

2. Your NIC might not have the correct duplex settings; you may verify this with the mii-tool command.

3. You might have the incorrect type of cable connecting your Linux box to the network.

4. In the case of a wireless network, your SSID or encryption keys might be incorrect.

Mr. Mturi Elias


Using netstat Command to test the connections:

1. Displays network connections, routing tables, interface statistics, masquerade connections, netlink messages, and multicast memberships.

2. Can be used to check for open ports, an important security issue.

Mr. Mturi Elias


Using netstat Command to test the connections:

[root@rdu root]# netstat -an Active Internet connections (servers and

established)Proto Recv-Q Send-Q Local Address Foreign

Address State tcp 0 0 0.0.0.0:32768 0.0.0.0:*

LISTEN tcp 0 0 127.0.0.1:32769 0.0.0.0:*

LISTEN

Mr. Mturi Elias


Using traceroute to Test Connectivity

Prints the route packets take to get to a particular network host.

This helps you verify that routing over the networks in between is correct.

Uses UDP packets by default.

Mr. Mturi Elias


[root@rdu root]# traceroute www.yahoo.comtraceroute to www.yahoo-ht2.akadns.net (209.73.186.238), 30

hops max, 38 byte packets 1 82.206.143.66 (82.206.143.66) 0.802 ms 0.729 ms 0.677 ms 2 10.103.160.1 (10.103.160.1) 1.393 ms 1.713 ms 1.213 ms 3 172.17.7.7 (172.17.7.7) 533.409 ms 520.447 ms 786.705 ms 4 172.17.7.17 (172.17.7.17) 576.658 ms 519.385 ms 515.692

msc 5 fus-rt002-LANB.core.globalconnex.net (80.255.48.2) 523.617

ms 519.992 ms 514.423 mscc 6 80.255.35.162 (80.255.35.162) 624.555 mscc 624.800 msc

626.754 ms

Mr. Mturi Elias

Testing Your Network Congention

Using MTR To Detect Network Congestion Matt's Traceoute is an application you can

use to do a repeated traceroute in real time. It dynamically shows the round-trip time to

reach each hop along the traceroute path. The constant updates enable you not only to

visually determine which hops are slow and when are they slow.

Mr. Mturi Elias


Mr. Mturi Elias

PACKET CAPTURING

Sniffer, tcpdump, Ethereal, ntop

Mr. Mturi Elias

What is Packet Capture?

Real time collection of data as it travels over networks

Tools called: packet sniffers packet analysers protocol analysers, and sometimes even traffic monitors

Mr. Mturi Elias

When Packet Capture?

Most powerful technique

When need to see what client and server are actually saying to each other

When need to analyse type of traffic on network

Requires understanding of network protocols to use effectively

Mr. Mturi Elias

How to use tcpdump

Can just type its name (as root):

$ tcpdump

...but get a huge amount of data!

Can restrict the data collected using a filter

A filter may select addresses, protocols, port numbers,...

Mr. Mturi Elias

tcpdump: some options

-c n — capture a count of n packets then stop-w file — write raw data to file.

Very useful — can filter and analyse this later with tcpdump, ethereal or other tools

but you cannot see what you are capturing till later!

-i interface — collect from interface instead of lowest numbered network interface-s bytes — collect no more than bytes of data from each packet instead of default 68 bytes

-e — show link level info, e.g., Ethernet addresses-x — gives a hexadecimal dump of packets

excluding link level data

-X — display ASCII as well as hexadecimal if have –x option tooMany more options: man tcpdump

Mr. Mturi Elias

tcpdump Filters: host and portShow all network traffic to and from 192.168.0.1:

tcpdump host 192.168.0.1Show packets to 192.168.0.1:

tcpdump dst 192.168.0.1Show packets to port 68 on 192.168.0.1:

tcpdump dst 192.168.0.1 and port 68

Mr. Mturi Elias

tcpdump filters: networks

Capture traffic to or from 205.153.60/24:

tcpdump net 172.19.64/18

can specify network as source or destination:

tcpdump src net 205.153.60/24

tcpdump dst net 172.19.64/18

Mr. Mturi Elias

tcpdump filters: protocol

tcpdump ip

tcpdump tcp

tcpdump ip proto ospf

This will catch DNS name lookups, but not zone transfers (which use tcp):

tcpdump udp port 53

Mr. Mturi Elias

Ethereal

King of the Packet Analysers!

Available for Linux, Unix, Windows

Mr. Mturi Elias

Ethereal

Ethereal can read data captured by tcpdump, e.g.,

$ ethereal –r tcpdump.pcap

or File -> Open

Can capture data itself

Uses same filter language as tcpdump

Mr. Mturi Elias

Mr. Mturi Elias

Mr. Mturi Elias

You can expand any protocol:

If we click on the + next to Bootstrap Protocol, we can see the details of the DHCP Request:

Mr. Mturi Elias

Mr. Mturi Elias

Ethereal (Continued)

Text based ethereal called tethereal:

If you machine does not have GUI or you are using a remote server/computer tethereal is the best for you.

Just type tethereal in your command prompt

Mr. Mturi Elias

Ethereal (Continued)

Mr. Mturi Elias

Basic DNS Troubleshooting

Sometimes the source of problems can be due to misconfigured DNS rather than poor network connectivity.

DNS is the system that helps map an IP address to your Web site's domain name and your site may suddenly become unavailable if the mapping is incorrect

Mr. Mturi Elias

Basic DNS Troubleshooting (2)

Using nslookup to Test DNS The nslookup command can be used to

get the associated IP address for your domain and vice versa.

Mr. Mturi Elias

Basic DNS Troubleshooting (3)

Using nslookup To Check Your IP Address

Mr. Mturi Elias


Using the host Command to Test DNS

Mr. Mturi Elias


Using the dig Command to Test DNS

Mr. Mturi Elias

Mr. Mturi Elias

Conclusion

Lest Know When You Have Problem

You Need To Be Proactive.

Documents

SYSTEMS ADMIN TRAINING WORKSHOP