Linux Network Administration Commands

Basics

  • Resolve a name via nsswitch
    getent hosts <host name>
  • CloudShark: Sharing network traces

Configuration

  • ethtool - Usage
    ethtool eth0                       # Print general info on eth0
    ethtool -i eth0                    # Print kernel module info
    ethtool -S eth0                    # Print eth0 traffic statistics
    ethtool -a eth0                    # Print RX, TX and auto-negotiation settings
    
    # Changing NIC settings...
    ethtool -s eth0 speed 100
    ethtool -s eth0 autoneg off
    ethtool -s eth0 duplex full
    ethtool -s eth0 wol g               # Turn on wake-on-LAN
    

    Do not forget to make changes permanent in e.g. /etc/network/interfaces.

  • miitool - Show Link Infos
    # mii-tool -v
    eth0: negotiated 100baseTx-FD flow-control, link ok
      product info: vendor 00:07:32, model 17 rev 4
      basic mode:   autonegotiation enabled
      basic status: autonegotiation complete, link ok
      capabilities: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
      advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
      link partner: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
    
  • Enable Jumbo Frames
    ifconfig eth1 mtu 9000
  • ipsets - Using IP sets for simpler iptables rules
    ipset create smtpblocks hash:net counters
    ipset add smtpblocks 27.112.32.0/19
    ipset add smtpblocks 204.8.87.0/24
    iptables -A INPUT -p tcp --dport 25 -m set --match-set smtpblocks src -j DROP
    
  • iptables - Loopback Routing:
    iptables -t nat -A POSTROUTING -d <internal web server IP> -s <internal network address> -p tcp --dport 80 -j SNAT --to-source <external web server IP>
  • NFS - Tuning Secrets: SGI Slides on NFS Performance

Troubleshooting

  • Black Hole Route: To block IPs create route on loopback
    route add -net 91.65.16.0/24 gw 127.0.0.1 lo   # for a subnet
    route add  91.65.16.4 gw 127.0.0.1 lo   # for a single IP
  • Quick Access Log IP Top List
    tail -100000 access.log | awk '{print $1}' | sort | uniq -c |sort -nr|head -25
  • Find out if IP is used before configuring it
    arping <IP>
  • Traceroute with AS and network name lookup
    lft -AN www.google.de
  • Manually lookup AS
  • dailychanges.com: Tracks DNS changes

Measuring

  • vnstat - Short term measurement bytes/packets min/avg/max:
    vnstat -l      # Live listing until Ctrl-C and summary
    vnstat -tr     # 5s automatic traffic sample
  • vnstat - Long term statistics:
    vnstat -h      # last hours (including ASCII graph)
    vnstat -d      # last days
    vnstat -w      # last weeks
    vnstat -m     # last months
    
    vnstat -t       # top 10 days

Discovery

  • nmap commands
    # Network scan
    nmap -sP 192.168.0.0/24
    
    # Host scan
    nmap <ip>
    nmap -F <ip>      # fast
    nmap -O <ip>     # detect OS
    nmap -sV <ip>     # detect services and versions
    nmap -sU <ip>     # detect UDP services
    
    # Alternative host discovery
    nmap -PS <ip>     # TCP SYN scan
    nmap -PA <ip>     # TCP ACK scan
    nmap -PO <ip>     # IP ping
    nmap -PU <ip>     # UDP ping
    
    # Alternative service discovery
    nmap -sS <ip>      
    nmap -sT <ip>
    nmap -sA <ip>
    nmap -sW <ip>
    
    # Checking firewalls
    nmap -sN <ip>
    nmap -sF <ip>
    nmap -sX <ip>
    

Debugging

  • X-Trace - Multi-protocol tracing framework
  • iptraf - Real-time statistics in ncurses interfaces
  • mtr - Debug routing/package loss issues
  • netstat - The different modes
    # Typically used modes
    netstat -rn          # List routes
    netstat -tlnp       # List all open TCP connections
    netstat -tlnpc      # Continuously do the above
    netstat -tulpen    # Extended connection view
    netstat -a           # List all sockets
    
    # And more rarely used
    netstat -s            # List per protocol statistics
    netstat -su          # List UDP statistics
    netstat -M           # List masqueraded connections
    netstat -i            # List interfaces and counters
    netstat -o           # Watch time/wait handling
    
  • nttcp - TCP performance testing
    # On sending host
    nttcp -t -s
    
    # On receiving host
    nttcp -r -s
    
  • List Kernel Settings
    sysctl net
  • tcpdump - Be verbose and print full package hex dumps:
     tcpdump -i eth0 -nN -vvv -xX -s 1500 port <some port>
  • SNMP - Dump all MIBs: When you need to find the MIB for an object known only by name try
    snmpwalk -c public -v 1 -O s <myhost> .iso | grep <search string>
  • Hurricane Electric - BGP Tools: Statistics on all AS as well as links to their looking glasses.
  • tcpdump - Tutorial: Many usage examples.
    # Filter port
    tcpdump port 80
    tcpdump src port 1025 
    tcpdump dst port 389
    tcpdump portrange 21-23
    
    # Filter source or destination IP
    tcpdump src 10.0.0.1
    tcpdump dest 10.0.0.2
    
    # Filter  everything on network 
    tcpdump net 1.2.3.0/24
    
    # Logically operators
    tcpdump src port 1025 and tcp 
    
    # Provide full hex dump of captured HTTP packages
    tcpdump -s0 -x port 80
    
    # Filter TCP flags (e.g. RST)
    tcpdump 'tcp[13] & 4!=0'
    


NFS Administration Commands

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

To prevent automated spam submissions leave this field empty.
Syndicate content