Linux network administration commands

Basics

• Resolve a name via nsswitch

  getent hosts <host name>

• CloudShark: Sharing network traces

Configuration

• ethtool - Usage

  ethtool eth0                       # Print general info on eth0
  ethtool -i eth0                    # Print kernel module info
  ethtool -S eth0                    # Print eth0 traffic statistics
  ethtool -a eth0                    # Print RX, TX and auto-negotiation settings
  
  # Changing NIC settings...
  ethtool -s eth0 speed 100
  ethtool -s eth0 autoneg off
  ethtool -s eth0 duplex full
  ethtool -s eth0 wol g               # Turn on wake-on-LAN
  

  Do not forget to make changes permanent in e.g. /etc/network/interfaces.
• miitool - Show Link Infos

  # mii-tool -v
  eth0: negotiated 100baseTx-FD flow-control, link ok
    product info: vendor 00:07:32, model 17 rev 4
    basic mode:   autonegotiation enabled
    basic status: autonegotiation complete, link ok
    capabilities: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
    advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
    link partner: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  

• Enable Jumbo Frames

  ifconfig eth1 mtu 9000

• ipsets - Using IP sets for simpler iptables rules

  ipset create smtpblocks hash:net counters
  ipset add smtpblocks 27.112.32.0/19
  ipset add smtpblocks 204.8.87.0/24
  iptables -A INPUT -p tcp --dport 25 -m set --match-set smtpblocks src -j DROP
  

• iptables - Loopback Routing:

  iptables -t nat -A POSTROUTING -d <internal web server IP> -s <internal network address> -p tcp --dport 80 -j SNAT --to-source <external web server IP>

• NFS - Tuning Secrets: SGI Slides on NFS Performance

Troubleshooting

• Black Hole Route: To block IPs create route on loopback

  route add -net 91.65.16.0/24 gw 127.0.0.1 lo   # for a subnet
  route add  91.65.16.4 gw 127.0.0.1 lo   # for a single IP

• Quick Access Log IP Top List

  tail -100000 access.log | awk '{print $1}' | sort | uniq -c |sort -nr|head -25

• Find out if IP is used before configuring it

  arping <IP>

• Traceroute with AS and network name lookup

  lft -AN www.google.de

• Manually lookup AS
• dailychanges.com: Tracks DNS changes

Measuring

• vnstat - Short term measurement bytes/packets min/avg/max:

  vnstat -l      # Live listing until Ctrl-C and summary
  vnstat -tr     # 5s automatic traffic sample

• vnstat - Long term statistics:

  vnstat -h      # last hours (including ASCII graph)
  vnstat -d      # last days
  vnstat -w      # last weeks
  vnstat -m     # last months
  
  vnstat -t       # top 10 days

Discovery

• nmap commands

  # Network scan
  nmap -sP 192.168.0.0/24
  
  # Host scan
  nmap <ip>
  nmap -F <ip>      # fast
  nmap -O <ip>     # detect OS
  nmap -sV <ip>     # detect services and versions
  nmap -sU <ip>     # detect UDP services
  
  # Alternative host discovery
  nmap -PS <ip>     # TCP SYN scan
  nmap -PA <ip>     # TCP ACK scan
  nmap -PO <ip>     # IP ping
  nmap -PU <ip>     # UDP ping
  
  # Alternative service discovery
  nmap -sS <ip>      
  nmap -sT <ip>
  nmap -sA <ip>
  nmap -sW <ip>
  
  # Checking firewalls
  nmap -sN <ip>
  nmap -sF <ip>
  nmap -sX <ip>
  

Debugging

• X-Trace - Multi-protocol tracing framework
• iptraf - Real-time statistics in ncurses interfaces
• mtr - Debug routing/package loss issues
• netstat - The different modes

  # Typically used modes
  netstat -rn          # List routes
  netstat -tlnp       # List all open TCP connections
  netstat -tlnpc      # Continuously do the above
  netstat -tulpen    # Extended connection view
  netstat -a           # List all sockets
  
  # And more rarely used
  netstat -s            # List per protocol statistics
  netstat -su          # List UDP statistics
  netstat -M           # List masqueraded connections
  netstat -i            # List interfaces and counters
  netstat -o           # Watch time/wait handling
  

• nttcp - TCP performance testing

  # On sending host
  nttcp -t -s
  
  # On receiving host
  nttcp -r -s
  

• List Kernel Settings

  sysctl net

• tcpdump - Be verbose and print full package hex dumps:

   tcpdump -i eth0 -nN -vvv -xX -s 1500 port <some port>

• SNMP - Dump all MIBs: When you need to find the MIB for an object known only by name try

  snmpwalk -c public -v 1 -O s <myhost> .iso | grep <search string>

• Hurricane Electric - BGP Tools: Statistics on all AS as well as links to their looking glasses.
• tcpdump - Tutorial: Many usage examples.

  # Filter port
  tcpdump port 80
  tcpdump src port 1025 
  tcpdump dst port 389
  tcpdump portrange 21-23
  
  # Filter source or destination IP
  tcpdump src 10.0.0.1
  tcpdump dest 10.0.0.2
  
  # Filter  everything on network 
  tcpdump net 1.2.3.0/24
  
  # Logically operators
  tcpdump src port 1025 and tcp 
  
  # Provide full hex dump of captured HTTP packages
  tcpdump -s0 -x port 80
  
  # Filter TCP flags (e.g. RST)
  tcpdump 'tcp[13] & 4!=0'
  

NFS Administration Commands