Ubuntu Linux Toolbox: 1000+ Commands for Power Users (2013)
Chapter 11
Managing Network Connections
IN THIS CHAPTER
· Using ethtool and mii-tool to work with network interface cards
· Getting network statistics with netstat
· Starting network devices
· Viewing Ethernet information with ifconfig and ip
· Managing wireless cards with iwconfig
· Checking DNS name resolution with dig, host, and hostname
· Checking connectivity with ping and arp
· Tracing connections with traceroute, route, and ip
· Watching the network with netstat, tcpdump, and nmap
Connecting to a network from Linux is often as easy as turning on your computer. Your wired or wireless network interfaces should just start up and immediately let you connect to other computers on your local network or the Internet. However, if your network interface doesn’t come up or requires some manual setup, there are many commands available for configuring network interfaces, checking network connections, and setting up special routing.
This chapter covers many useful commands for configuring and working with your network interface cards (NICs), such as ethtool, mii-tool, and ifconfig. More specifically, it covers ways of configuring wired and wireless Ethernet connections. With your hardware connected and network interfaces in place, the chapter describes commands such as netstat, dig, ip, and ping for getting information about your network.
Configuring Networks from the GUI
When you first install Ubuntu, the installer lets you configure any wired Ethernet cards attached to your computer with the use of a DHCP server detected on your network. The DHCP server can assign an IP address to your computer’s network interface, as well as assign a default gateway (to access the Internet or other remote networks), DNS server (for name to address resolution), and possibly a hostname.
Alternatively, you can set a static IP address, along with your hostname and IP addresses for your gateway machine and name servers. After installation, there are also graphical tools for configuring your network interfaces.
For Ubuntu desktop systems, the NetworkManager application manages your network interfaces. To change your network connections, either type Network Connections from the Dashboard or select the network icon (it looks like a pie slice) from the top bar. Then select Edit Connections from the menu. From the Network Connections window that appears, you can configure both wired and wireless network connections. Select the connection you are interested in and, if you choose, you can change the dynamic (DHCP) configuration to static IP addresses.
In some cases, however, your network interfaces may not be working, or you may want to work with your network interfaces in ways that are not supported from the GUI. For those cases, the following sections describe how to work with your network interfaces from the command line.
Managing Network Interface Cards
If the network hardware on your computer didn’t immediately come up and let you connect to the Internet, there are some steps you should go through to troubleshoot the problem:
· For a wired NIC, verify that it is properly installed and that the cable is connected to your network (ISP’s DSL, switch, and so on).
· After the cable is connected, make sure you have a link with no speed or duplex mismatches.
· Make sure that the cable is firmly seated in the NIC (it should click when it goes in). For wireless NICs, if there is no indication that the wireless card exists, but you know that your laptop has a wireless card, check for a small switch on the side of the laptop. On several occasions, I’ve seen that switch turned off by mistake, which prevents the wireless card from appearing at all on your list of available network interface cards.
To check your link from Linux, and to set speed and duplex, there are two commands you can use: the older mii-tool (net-tools package) and the newer ethtool (ethtool package). Use ethtool unless you have a very old NIC and NIC driver that are not compatible with the ethtool command.
To install the ethtool package and then view the syntax of the ethtool command, type the following:
$ sudo apt-get remove ethtool
$ ethtool -h | less View options to the ethtool command
The ethtool command outputs its built-in help to stderr. To be able to page through that help with less, you redirect stderr to stdout.
To display settings for a specific Ethernet card, add the interface name to the command. For example, to view card information for eth0, type the following:
$ sudo ethtool eth0 See settings for NIC at eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
MDI-X: off
Supports Wake-on: plumbg
Wake-on: g
Current message level: 0x00000001 (1)
drv
Link detected: yes
You will need root permissions to acquire information about the Ethernet interface, hence the use of the sudo command in the previous example.
To find out about the driver being used for a particular network card, use the -i option:
$ sudo ethtool -i eth0 Display driver information for NIC
driver: e1000e
version: 1.5.1-k
firmware-version: 0.5-7
bus-info: 0000:01:00.0
Use the -S option to display detailed statistics for a NIC:
$ sudo ethtool -S eth0 Show statistics for NIC at eth0
NIC statistics:
rx_packets: 1326384
tx_packets: 773046
rx_bytes: 1109944723
tx_bytes: 432773480
rx_errors: 5
tx_errors: 2
rx_dropped: 0
tx_dropped: 0
multicast: 0
collisions: 0
rx_length_errors: 0
rx_over_errors: 0
rx_crc_errors: 5
rx_frame_errors: 0
rx_fifo_errors: 0
rx_missed_errors: 0
tx_aborted_errors: 0
tx_carrier_errors: 2
...
The ethtool command can be used to change NIC settings as well as display them. To turn off auto-negotiation and hard-set the NIC to 100 Mbps, full duplex, type this:
$ sudo ethtool -s eth0 speed 100 duplex full autoneg off Change NIC
To turn off auto-negotiation and hard-set the speed to 10 Mbps, half-duplex, type this:
$ sudo ethtool -s eth0 speed 10 duplex half autoneg off Change NIC
The changes just made to your NIC settings are good for the current session. When you reboot, however, those setting will be lost. To make these settings stick at the next reboot or network restart, you need to create a new script to be executed at boot time. The following steps describe how to do this.
1. Choose a name for your new script, such as eth_options, and then create the script in the /etc/init.d directory:
$ sudo vi /etc/init.d/eth_options
2. Insert the following text into this new script:
#!/bin/sh
ETHTOOL="/usr/sbin/ethtool"
ETHTOOL_OPTS="speed 10 duplex half autoneg off"
DEV="eth0"
case "$1" in
start)
echo -n "Setting $DEV options to $ETHTOOL_OPTS...";
$ETHTOOL -s $DEV $ETHTOOL_OPTS;
echo " done.";;
stop)
;;
esac
exit 0
3. The specific settings you desire should be placed into the variable ETHTOOL_OPTS. For example:
ETHTOOL_OPTS="speed 10 duplex half autoneg off"
You can also change the DEV variable, which points to the first Ethernet interface, eth0.
4. Set up the script as an executable file:
$ sudo chmod +x /etc/init.d/eth_options
5. Set up the symbolic links to run your new script under the different runlevels:
$ sudo update-rc.d eth_options defaults
Adding system startup for /etc/init.d/eth_options ...
/etc/rc0.d/K20eth_options -> ../init.d/eth_options
/etc/rc1.d/K20eth_options -> ../init.d/eth_options
/etc/rc6.d/K20eth_options -> ../init.d/eth_options
/etc/rc2.d/S20eth_options -> ../init.d/eth_options
/etc/rc3.d/S20eth_options -> ../init.d/eth_options
/etc/rc4.d/S20eth_options -> ../init.d/eth_options
/etc/rc5.d/S20eth_options -> ../init.d/eth_options
You can run your script with the following command:
$ sudo /etc/init.d/eth_options start
Note You can find tips similar to this at the nixCraft site at www.cyberciti.biz/tips/.
As mentioned earlier, ethtool may not work on some older NICs. So if you have an older NIC, try using mii-toolas follows:
$ sudo mii-tool Show negotiated speed, link status of old NIC
eth0: negotiated 100baseTx-FD flow-control, link ok
This example was taken from the same machine as the preceding examples, with the NIC auto-negotiating at 1000 Mbps, full-duplex. The mii-tool command is misreading the speed setting. This is why I recommend using mii-tool only as a last resort if ethtool doesn’t work with your old NIC.
To display the mii-tool output with more verbosity, use the -v option:
$ sudo mii-tool -v Show verbose settings output for old NIC
eth0: negotiated 100baseTx-FD flow-control, link ok
product info: Yukon-EC 88E1111 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 1000baseT-FD 100baseTx-FD 100baseTx-HD
10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD
10baseT-HD flow-control
link partner: 1000baseT-FD 100baseTx-FD 100baseTx-HD
10baseT-FD 10baseT-HD flow-control
In the example just shown, you can see that each mode (100baseTx and 10baseT) supports both half-duplex (HD) and full duplex (FD). The 1000baseT, however, supports only full duplex. To disable auto-negotiation and force a particular setting, use the -F option as follows:
$ sudo mii-tool -F 10baseT-FD eth0 Force speed/duplex to 10baseT-FD
If you change your mind and later want to re-enable auto-negotiation, use the -r option:
$ sudo mii-tool -r eth0 Enable auto-negotiation for an old NIC
restarting autonegotiation...
mii-tool does not provide a capability to save settings like ethtool does, so you have to run it after every reboot. This can be done by adding it at the end of /etc/rc.local.
The netstat command provides another way to get network interface statistics:
$ netstat -i Get network interface statistics for eth0
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 1757208 6 0 0 996834 4 0 0 BMRU
Use the -c option to get netstat to refresh network interface statistics every second:
$ netstat -ic Refresh network statistics every second
You can get cleaner (screen-oriented) refreshed output from netstat by combining it with the watch command as follows:
$ watch netstat -i Refresh network stats (screen oriented)
Every 2.0s: netstat -i Wed May 29 01:55:48 2013
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 1757208 6 0 0 996834 4 0 0 BMRU
As the output indicates, the netstat statistics are updated every 2.0 seconds.
Managing Network Connections
Starting and stopping the network interfaces for your wired Ethernet connections to your LAN or the Internet are usually handled automatically at the time you boot and shut down your Ubuntu system. However, you can use the commands in /etc/init.d to start and stop your network interfaces any time you want or update-rc.d to configure whether your network starts automatically.
The ifconfig and ip commands can also be used to configure, activate, and deactivate interfaces. However, on Ubuntu and other Debian derivatives, the commands in the /etc/init.d directory provide simpler tools to start and stop network interfaces. Therefore, in most cases, you should only use ifconfig and ip commands to gather information about your Ethernet interfaces and NICs (as shown later in this section).
Starting and Stopping Ethernet Connections
Your wired Ethernet interfaces just come up in many cases when you boot Ubuntu because the network service is set to be on when the system enters the common boot run levels. There is a set of underlying configuration files and scripts that make that happen and a few simple commands that enable you to control it.
For Ubuntu, control scripts and configuration files are located in the /etc/network/ directory. NICs are configured by editing /etc/network//interfaces. The file looks like the following:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet dhcp
auto eth2
iface eth2 inet dhcp
auto ath0
iface ath0 inet dhcp
auto wlan0
iface wlan0 inet dhcp
To get more information on this file, type the following:
$ less /usr/share/doc/network-manager/README.Debian
If you change the interfaces file, and are using NetworkManager to manage your network interfaces, you need to run the following command:
$ sudo service network-manager restart
The script that starts the configured network-scripts files is /etc/init.d/network. As with other Linux services, you can start and stop the network service using the /etc/init.d/networking command.
To take all NICs offline and then bring them back online, allowing any change to the network scripts to take effect, type the following:
$ sudo /etc/init.d/networking restart Restart network interfaces
* Reconfiguring network interfaces...
...
You may see errors for extra interfaces defined but not available on your system, such as wireless interfaces. You can ignore any error that refers to a networking device you have not installed.
Use the start and stop options to start and stop your network interfaces, respectively:
$ sudo /etc/init.d/networking stop Shutdown network interfaces
$ sudo /etc/init.d/networking start Bring up network interfaces
To check the status of your network interfaces, type the following:
$ ifconfig Check network interface status
eth0 Link encap:Ethernet HWaddr 00:19:D1:5A:A9:E2
inet addr:192.168.1.106 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::219:d1ff:fe5a:a9e2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14442 errors:0 dropped:0 overruns:0 frame:0
TX packets:13080 errors:0 dropped:0 overruns:0 carrier:0
collisions:434 txqueuelen:1000
RX bytes:3732823 (3.5 MiB) TX bytes:1142020 (1.0 MiB)
Interrupt:16 Memory:fe9e0000-fea00000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2121 (2.0 KiB) TX bytes:2121 (2.0 KiB)
If you have multiple network interfaces, you may want to just bring one interface up or down. To do that, use the ifup and ifdown commands:
$ sudo ifdown eth0 Take the eth0 network interface offline
$ sudo ifup eth0 Bring the eth0 network interface online
When your network interfaces are up, there are tools you can use to view information about those interfaces and associated NICs.
Viewing Ethernet Connection Information
To view the media access control (MAC) address for your NIC and IP address for your TCP/IP connections, you can use the ifconfig command. The following command line shows the address information and status of your eth0 Ethernet interface:
$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:D0:B7:79:A5:35
inet addr:10.0.0.155 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::2d0:b7ff:fe79:a535/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1413382 errors:6 dropped:0 overruns:0 frame:6
TX packets:834839 errors:4 dropped:0 overruns:0 carrier:4
collisions:0 txqueuelen:1000
RX bytes:1141608691 (1.0 GiB) TX bytes:470961026 (449.1 MiB)
In this example, the eth0 interface is the first Ethernet interface on the computer. The MAC address (HWaddr) of the NIC is 00:D0:B7:79:A5:35. You can see eth0’s IP address (10.0.0.155), broadcast address (10.0.0.255), and subnet mask (255.255.255.0). Other information includes the number of packets received and transmitted, as well as problems (errors, dropped packets, and overruns) that occurred on the interface.
To get information on both active and inactive NICs, use the -a option:
$ ifconfig -a
Instead of using ifconfig (and several other commands described in this chapter), you can use the newer ip command. The ip command was made to show information about your network interfaces, as well as to change settings for network devices, routing, and IP tunnels. Here, the ip command is used to show information about the eth0 interface:
$ ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP>
mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:d0:b7:79:a5:35 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.155/24 brd 10.0.0.255 scope global eth0
inet6 fe80::2d0:b7ff:fe79:a535/64 scope link
valid_lft forever preferred_lft forever
The ip command allows for shorthand syntax. If you’re familiar with the Cisco IOS command line interface, the ip command works the same way. For example, instead of typing ip addr show, you could type the following to see information on all interfaces:
$ ip a
The ip command can operate on multiple network components, known as objects. One of these objects is addr, which allows ip to configure network addresses. I cover other objects of the ip command in the next examples.
To see how the ip command is used, use the help option. Along with the help option, you can identify an ip object to get information on using that object:
$ ip help View ip usage statement
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] [-batch filename
where OBJECT := { link | addr | route | rule | neigh | ntable |
tunnel| tuntap | maddr | mroute | mrule |
monitor | xfrm | netns }
OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] |
-f[amily] { inet | inet6 | ipx | dnet | link } |
-l[oops] { maximum-addr-flush-attempts } |
-o[neline] | -t[imestamp] | -b[atch] [filename] |
-rc[vbuf] [size]}
$ ip addr help View help for the addr object
$ ip route help View help for the route object
$ ip tunnel help View help for the tunnel object
Subnetwork masks can be confusing if you’re not used to them. You may find ipcalc (from the ipcalc package) useful to calculate a host computer’s netmask from its CIDR IP address:
$ ipcalc -bn 192.168.1.100/27
Address: 192.168.1.100
Netmask: 255.255.255.224 = 27
Wildcard: 0.0.0.31
=>
Network: 192.168.1.96/27
HostMin: 192.168.1.97
HostMax: 192.168.1.126
Broadcast: 192.168.1.127
Hosts/Net: 30 Class C, Private Internet
In the example just shown, the netmask (which indicates which part of an IP address represents the network and which represents the host) is 255.255.255.224. That was derived from the /27 value at the end of the IP address 192.168.1.100.
Using Wireless Connections
Setting up wireless connections in Linux has been tricky in the past, primarily because open source drivers were not available for many of the first wireless LAN cards. More recent releases of Ubuntu have shown a marked improvement.
For basic wireless configuration, I suggest you use the GUI tools (in particular, the Network Configuration window described earlier in this chapter, or Network Manager).
In rare cases, you may need to add wireless tools packages to get your wireless interfaces to work, such as wireless-tools and bcm43xx-fwcutter packages, which are available from the Ubuntu repositories. Likewise, you may need firmware that is available in the following packages: ipw2100-source, ipw2200-firmware, and zd1211-firmware.
If you are not able to configure your wireless LAN card using the Network Configuration window, you might be able to get your wireless card working using drivers and tools available from Atheros (www.atheros.com), the MadWifi (www.madwifi.org) project, or the Ndiswrapper project (ndiswrapper.sourceforge.net). Many packages of software from those projects are available from the standard Ubuntu repositories, described in Chapter 2.
If you need help determining exactly what wireless card you have, type the following:
$ dmesg | grep -i wireless Search for wireless PCI cards
Intel(R) Wireless WiFi Link AGN driver for Linux, in-tree:
Assuming that your wireless card is up and running, there are some useful commands in the wireless-tools package you can use to view and change settings for your wireless cards. In particular, the iwconfig command can help you work with your wireless LAN interfaces. The following scans your network interfaces for supported wireless cards and lists their current settings:
$ iwconfig
eth0 no wireless extensions.
eth1 IEEE 802.11-DS ESSID:"Mylan"
Mode:Managed Frequency:2.437 GHz Access Point: 43:5A:29:E7:95:75
Bit Rate:54 Mb/s Tx-Power=15 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:off
Wireless interfaces may be named wlanX or ethX, depending on the hardware and driver used. You may be able to obtain more information after setting the link up on the wireless interface:
$ ip link set eth1 up
$ iwconfig eth1
eth1 IEEE 802.11abgn ESSID:"Mylan"
Mode:Managed Frequency:2.437 GHz Access Point: 43:5A:29:E7:95:7
Bit Rate:54 Mb/s Tx-Power=15 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=70/70 Signal level=-39 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
The settings just shown can be modified in a number of ways. Here are some ways to use iwconfig to modify your wireless interface settings. The following examples operate on a wireless interface named wlan0. These operations may or may not be supported, depending on which wireless card and driver you are using.
$ sudo iwconfig wlan0 essid "MyWireless" Set essid to MyWireless
$ sudo iwconfig wlan0 channel 3 Set the channel to 3
$ sudo iwconfig wlan0 mode Ad-Hoc Change Managed to Ad-Hoc mode
$ sudo iwconfig wlan0 ap any Use any access point
$ sudo iwconfig wlan0 sens -50 Set sensitivity to -50
$ sudo iwconfig wlan0 retry 20 Set MAC retransmissions to 20
$ sudo iwconfig wlan0 key 1234-5555-66 Set key to 1234-5555-66
The essid is sometimes called the Network Name or Domain ID. You use it as the common name that identifies your wireless network. Setting the channel lets your wireless LAN operate on that specific channel.
With Ad-Hoc mode, the network is composed of only interconnected clients with no central access point. In Managed/Infrastructure mode, by setting ap to a specific MAC address, you can force the card to connect to the access point at that address, or you can set ap to any and allow connections to any access point.
If you have performance problems, try adjusting the sensitivity (sens) to either a negative value (which represents dBm) or positive value (which is either a percentage or a sensitivity value set by the vendor). If you get retransmission failures, you can increase the retry value so your card can send more packets before failing.
You use the key option to set an encryption key. You can enter hexadecimal digits (XXXX-XXXX-XXXX-XXXX or XXXXXXXX). By adding an s: in front of the key, you can enter an ASCII string as the key (as in s:My927pwd).
Checking Name Resolution
Because IP addresses are numbers, and people prefer to address things by name, TCP/IP networks (such as the Internet) rely on DNS to resolve hostnames into IP addresses. Ubuntu provides several tools for looking up information related to DNS name resolution.
When you first installed Ubuntu, you either identified Domain Name System (DNS) servers to do name resolution or had them assigned automatically from a DHCP server. That information is then stored in the /etc/resolv.conffile, looking something like the following:
domain example.com
search example.com example.net
nameserver 11.22.33.44
nameserver 22.33.44.55
If present, the domain line identifies the local domain. This allows you to identify a machine by its base name and the DNS lookup assumes you mean the local domain. So, if you request a host named abc, your system will look up abc.example.com. The search line lets you identify several domains to be searched.
The numbers just shown in the /etc/resolv.conf file are replaced by real IP addresses of computers that serve as DNS name servers. When you can connect to working DNS servers, there are commands you can use to query those servers and look up host computers.
The dig command (which should be used instead of the deprecated nslookup command) can be used to look up information from a DNS server. The host command can be used to look up address information for a hostname or domain name.
To search your DNS servers for a particular hostname (www.turbosphere.com in the following examples), use the dig command as follows:
$ dig www.turbosphere.com Search DNS servers in /etc/resolv.conf
Instead of using your assigned name server, you can query a specific name server. The following example queries the DNS server at 4.2.2.1:
$ dig www.turbosphere.com @4.2.2.1
Using dig, you can also query for a specific record type:
$ dig turbosphere.com mx Queries for the mail exchanger
$ dig turbosphere.com ns Queries for the authoritative name servers
Use the +trace option to trace a recursive query from the top-level DNS servers down to the authoritative servers:
$ dig +trace www.turbosphere.com Recursively trace DNS servers
If you just want to see the IP address of a host computer, use the +short option:
$ dig +short www.turbosphere.com Display only name/IP address pair
turbosphere.com.
66.113.99.70
You can use digto do a reverse lookup to find DNS information based on an IP address:
$ dig -x 66.113.99.70 Get DNS information based on IP address
You can use hostto do a reverse DNS lookup as well:
$ host 66.113.99.70
70.99.133.66.in-addr.arpa domain name pointer boost.turbosphere.com.
To get hostname information for the local machine, use the hostname and dnsdomainname commands:
$ hostname View the local computer's full DNS host name
boost.turbosphere.com
You can also use hostname to set the local hostname temporarily (until the next reboot). Here’s an example:
$ sudo hostname server1.example.com Set local hostname
Changing the hostname of a running machine may adversely affect some running daemons. Instead, I recommend you set the local hostname so it is set each time the system starts up. Edit the first line in the /etc/hostname file. Here is an example:
server1.example.com
Troubleshooting Network Problems
Troubleshooting networks is generally done from the bottom up. As discussed at the beginning of the chapter, the first step is to make sure that the physical network layer components (cables, NICs, and so on) are connected and working. Next, check that the links between physical nodes are working. After that, there are lots of tools for checking the connectivity to a particular host.
Checking Connectivity to a Host
When you know you have a link and no duplex mismatch, the next step is to ping your default gateway. You should have either configured the default gateway (gw) in the /etc/network/interfaces file or let the system set up the default gateway from a service such as DHCP. To check your default gateway in the actual routing table, use the ip command as follows:
$ ip route
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.155
169.254.0.0/16 dev eth0 scope link
default via 10.0.0.1 dev eth0
The gateway for the default route in this example is 10.0.0.1. To make sure there is IP connectivity to that gateway, use the ping command as follows, passing the address for your default gateway:
$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.382 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.313 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.360 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=1.43 ms
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.313/0.621/1.432/0.469 ms
By default, ping continues until you press Ctrl+c. Other ping options include the following:
$ ping -a 10.0.0.1 Add an audible ping as ping progresses
$ ping -c 4 10.0.0.1 Ping 4 times and exit (default in Windows)
$ ping -q -c 5 10.0.0.1 Show summary of pings (works best with -c)
$ sudo ping -f 10.0.0.1 Send a flood of pings (must be root)
$ ping -i 3 10.0.0.1 Send packets in 3-second intervals
$ sudo ping -I eth0 10.0.0.1 Set source to eth0 (use if multiple NICs)
PING 10.0.0.1 (10.0.0.1) from 10.0.0.155 eth0: 56(84) bytes of data.
$ sudo ping -I 10.0.0.155 10.0.0.1 Set source to 10.0.0.155
PING 10.0.0.1 (10.0.0.1) from 10.0.0.155 : 56(84) bytes of data.
$ ping -s 1500 10.0.0.1 Set packet size to 1500 bytes
PING 10.0.0.1 (10.0.0.1) 1500(1528) bytes of data.
Use the pingflood option with caution. By default, ping sends small packets (56 bytes). Large packets (such as the 1500-byte setting just shown) are good to make faulty NICs or connections stand out.
Checking Address Resolution Protocol
If you’re not able to ping your gateway, you may have an issue at the Ethernet MAC layer. The Address Resolution Protocol (ARP) can be used to find information at the MAC layer. To view and configure ARP entries, use the arpor ip neighbor command. This example shows arp listing computers in the ARP cache by hostname:
$ arp -v List ARP cache entries by name
Address HWtype HWaddress Flags Mask Iface
ritchie ether 00:10:5A:AB:F6:A7 C eth0
einstein ether 00:0B:6A:02:EC:98 C eth0
Entries: 1 Skipped: 0 Found: 1
In this example, you can see the names of other computers that the local computer’s ARP cache knows about and the associated hardware type and hardware address (MAC address) of each computer’s NIC. You can disable name resolution to see those computers’ IP addresses instead:
$ arp -vn List ARP cache entries by IP address
Address HWtype HWaddress Flags Mask Iface
10.0.0.1 ether 00:10:5A:AB:F6:A7 C eth0
10.0.0.50 ether 00:0B:6A:02:EC:98 C eth0
Entries: 1 Skipped: 0 Found: 1
To delete an entry from the ARP cache, use the -d option:
$ sudo arp -d 10.0.0.50 Delete address 10.0.0.50 from ARP cache
Instead of just letting ARP dynamically learn about other systems, you can add static ARP entries to the cache using the -s option:
$ sudo arp -s 10.0.0.51 00:0B:6A:02:EC:95 Add IP/MAC addresses to ARP
To do the same actions with the ip command that you just did with the arp command, use the neighbor object (note that neighbor, nei, and n objects can be used interchangeably):
$ ip neighbor
10.0.0.1 dev eth0 lladdr 00:10:5a:ab:f6:a7 DELAY
10.0.0.50 dev eth0 lladdr 00:0b:6a:02:ec:98 REACHABLE
# ip nei del 10.0.0.50 dev eth0
# ip n add 10.0.0.51 lladdr 00:0B:6A:02:EC:95 dev eth0
To query a subnet to see if an IP is already in use, and to find the MAC address of the device using it, use the arping command. The arping command is used by ifup to avoid IP conflicts when bringing an Ethernet NIC up. Here are examples:
$ arping 10.0.0.50 Query subnet to see if 10.0.0.50 is in use
ARPING 10.0.0.50 from 10.0.0.195 eth0
Unicast reply from 10.0.0.50 [00:0B:6A:02:EC:98] 0.694ms
Unicast reply from 10.0.0.50 [00:0B:6A:02:EC:98] 0.683ms
$ sudo arping -I eth0 10.0.0.50 Specify interface to query from
Like the ping command, the arping command (from the iputils-arping package) continuously queries for the address until the command is ended when you type Ctrl+c. Typically, you just want to know if the target is alive, so you can run one of the following commands:
$ arping -f 10.0.0.50 Query 10.0.0.50 and stop at the first reply
$ arping -c 2 10.0.0.51 Query 10.0.0.50 and stop after 2 counts
Tracing Routes to Hosts
After verifying that you can ping your gateway and even reach machines that are outside of your network, you may still have issues reaching a specific host or network. If that’s true, you can use traceroute (from the traceroute package) to find the bottleneck or point of failure:
$ traceroute boost.turbosphere.com Follow the route taken to a host
traceroute to boost.turbosphere.com (66.113.99.70),
30 hops max,40 byte packets
1 10.0.0.1 (10.0.0.1) 0.281 ms 0.289 ms 0.237 ms
2 tl-03.hbci.com (64.211.114.1) 6.213 ms 6.189 ms 6.083 ms
3 172.17.2.153 (172.17.2.153) 14.070 ms 14.025 ms 13.974 ms
4 so-0-3-2.ar2.MIN1.gblx.net (208.48.1.117) 19 ms 19 ms 19 ms
5 so1-0-0-2488M.ar4.SEA1.gblx.net(67.17.71.210)94.6 ms 94.6 ms 94.6ms
6 64.215.31.114 (64.215.31.114) 99.643 ms 101.647 ms 101.577 ms
7 dr02-v109.tac.opticfusion.net(209.147.112.50)262.301ms 233.316ms 233.153 ms
8 dr01-v100.tac.opticfusion.net (66.113.96.1) 99.3 ms 99.4 ms 99.3 ms
9 boost.turbosphere.com (66.113.99.70) 99.25 ms 96.21 ms 100.22 ms
As you can see, the longest hop is between 4 (Global Crossing probably in Minneapolis) and 5 (GC in Seattle). That gap is not really a bottleneck; it just reflects the distance between those hops. Sometimes, the last hops look like this:
28 * * *
29 * * *
30 * * *
The lines of asterisks (*) at the end of the trace can be caused by firewalls that block traffic to the target. However, if you see several asterisks before the destination, those can indicate heavy congestion or equipment failures and point to a bottleneck.
By default, traceroute uses UDP packets, which provide a more realistic performance picture than ICMP. That’s because some Internet hops will give lower priority to ICMP traffic. If you’d still like to trace using ICMP packets, try the following command:
$ traceroute -I boost.turbosphere.com Use ICMP packets to trace a route
By default, traceroute connects to port 80. You can set a different port using the -p option:
$ traceroute -p 25 boost.turbosphere.com Connect to port 25 in trace
You can view IP addresses instead of hostnames by disabling name resolution of hops:
$ traceroute -n boost.turbosphere.com Disable name resolution in trace
An alternative to traceroute is the tracepath command, which also uses UDP to perform the trace:
$ tracepath boost.turbosphere.com Use UDP to trace the route
To view and manipulate the kernel’s routing table, the route command used to be the tool of choice. This is slowly being replaced by the ip route command. For the most part, the Ubuntu network scripts rely on ip route. But it doesn’t hurt to be familiar with both commands because route is still quite commonly used.
You can use the old route command to display your local routing table. Here are two examples of the route command, with and without DNS name resolution:
$ route Display local routing table information
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
default ritchie 0.0.0.0 UG 0 0 0 eth0
$ route -n Display routing table without DNS lookup
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
You can add a default gateway using the gw option:
$ sudo route add default gw 10.0.0.2 Add 10.0.0.2 as default gateway
You can add a new route to your network by specifying either the interface (eth0) or IP address of the gateway (such as gw 10.0.0.100):
$ sudo route add -net 192.168.0.0 netmask 255.255.255.0 eth0
$ sudo route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.100
You can delete a route using the del option:
$ sudo route del -net 192.168.0.0 netmask 255.255.255.0 Delete a route
Using the newer ip command, you can do the same activities just shown with the route command. Here are three different ways to show the same basic routing information:
$ ip route show Display basic routing information
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.195
169.254.0.0/16 dev eth0 scope link
default via 10.0.0.1 dev eth0
$ ip route Display basic routing (example #2)
$ ip r Display basic routing (example #3)
The following are some examples of adding and deleting routes with ip:
$ sudo ip r add 192.168.0.0/24 via 10.0.0.100 dev eth0 Add route to eth0
$ sudo ip r add 192.168.0.0/24 via 10.0.0.100 Add route no interface
$ sudo ip r del 192.168.0.0/24 Delete route
To make a new route permanent, edit the /etc/network/interfaces file and place the information about the new route in that file. For example, to add the route added with the preceding ip command, add the following lines to /etc/network/interfaces:
iface eth0 inet static
address 192.168.0.0
netmask 255.255.255.0
gateway 10.0.0.100
Displaying netstat Connections and Statistics
The tools shown in the preceding sections cover network troubleshooting mostly at the network layer (layer 3). To display information about packets sent between transport-layer protocols (TCP and UDP), and ICMP, you can use the netstat command:
$ netstat -s | less Show summary of TCP, ICMP, UDP activities
You can see a list of all TCP connections, including which process is handling the connection:
$ sudo netstat -tanp View active TCP connections
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2039/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2088/sendmail
...
You can also view active UDP connections as follows:
$ sudo netstat -uanp View active UDP connections
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:631 0.0.0.0:* 2039/cupsd
udp 0 0 192.168.122.1:123 0.0.0.0:* 2067/ntpd
...
To narrow your output from netstat to daemons bound to a TCP port, look for the word listen. For example:
$ sudo netstat -tanp | grep -i listen View daemons on a port
The command just shown is a great way to resolve port usage conflicts between daemons.
Other Useful Network Tools
If you’d like to see header information about packets as they are sent and received by your system, use tcpdump. The tcpdump command has a lot of advanced features, most of which revolve around filtering and finding a needle in a haystack of packets. If you run tcpdump on a remote machine, your screen will be flooded with all the SSH traffic between your client and the remote machine. To get started without having to learn too much about how tcpdumpfiltering works, run the following command:
$ sudo tcpdump | grep -v ssh Find packets not associated with ssh
If you’d like to dig deeper into packet-level traffic, use wireshark (formerly known as ethereal). Install the wireshark package. You can run wireshark with X over SSH on a remote machine. Wireshark is a very powerful packet sniffer that rivals the best commercial tools.
To explore networks and remote machines and see what services they offer, use nmap. The nmap command (from the nmap package) is the most common port scanner. It was even featured in the movie The Matrix Reloaded! Make sure that you are explicitly authorized to scan the systems or networks you are scanning. The nmap command is part of the nmap package and can be run as a user, but several scan types require root privileges.
Here’s how to do a basic host scan with nmap:
$ sudo nmap 10.0.0.1 Scan ports on computer at 10.0.0.1
To get maximum verbosity from nmap, use the -vv option:
$ sudo nmap -vv 10.0.0.1 Show maximum verbosity from nmap output
To use nmap to scan an entire network, use the network address as an argument. In the following example, you can add the -sP option to tell nmap to perform a simple ping sweep:
$ sudo nmap -vv -sP 10.0.0.0/24 Scan hosts on an entire network
You can be very specific about the information that nmap gathers for you. In the following example, the -P0 option tells nmap not to use ping (this is good for scanning machines that don’t respond to ping). The -O option displays OS fingerprinting for the machine you are scanning. The -p 100-200 option tells nmap to scan only ports 100 through 200:
$ sudo nmap -vv -P0 -O -p 100-200 10.0.0.1 No ping, OS fp, ports 100-200
The nmap command has many more options for advanced usage. Refer to the nmap man page (man nmap) for further information.
Summary
Nearly every aspect of the network connections from your Ubuntu system can be configured, checked, and monitored using command-line tools. You can view and change settings of your NICs using ethtool and mii-toolcommands. You can view network statistics with netstat.
To start and stop your network, commands such as service, ifup, and ifdown are easy to manage. When a connection is established, you can see statistics about that connection using ifconfig and ip commands.
Besides using wired Ethernet cards, other network hardware such as wireless LAN cards are supported in Linux. Use commands such as iwconfig to work with wireless interfaces.
To check DNS name resolution, use the dig, host, and hostname commands. Commands for checking connectivity and routes to a host include ping, arp, traceroute, and ip.