This article describes commands and configuration files for checking network status. This information is useful when you cannot connect to the server or want to know which ports are open.
ifconfig
Check NIC Information
Check network interface (NIC) information.
$ ifconfig -a
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0
inet6 addr: XXXX::XXXX:XXXX:XXXX:XXXX/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1
RX packets:1725009881 errors:0 dropped:0 overruns:0 frame:0
TX packets:1576295375 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1131524713824 (1.0 TiB) TX bytes:339718712460 (316.3 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:352348 errors:0 dropped:0 overruns:0 frame:0
TX packets:352348 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:34172732 (32.5 MiB) TX bytes:34172732 (32.5 MiB)| terminology | Summary |
|---|---|
| HWaddr | Mac Address |
| UP | Means it is operating normally. |
| MTU | maximum transfer unit |
| RX | Received packets (statistics)*1 |
| TX | Transmitted packets (statistics)*1 |
※1
Statistics show, from left to right, the number of packets sent/received, error packets, discarded packets, and overrun packets.
When ifconfig is not installed
The ip command is now available as an alternative to ifconfig. If you want to use ifconfig, install the package net-tools.
apt update
apt install -y net-toolsip
Check NIC Information
The same information as ifconfig can be found with ip a(ip addr).
(The ip command is included in a package called iproute2).
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
84: eth0@if85: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet XX.XX.XX.XX/XX brd XX.XX.XX.XX scope global eth0
valid_lft forever preferred_lft forever$ ip -s a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
RX: bytes packets errors dropped missed mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
84: eth0@if85: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet XX.XX.XX.XX/XX brd XX.XX.XX.XX scope global eth0
valid_lft forever preferred_lft forever
RX: bytes packets errors dropped missed mcast
10383166 7134 0 0 0 0
TX: bytes packets errors dropped carrier collsns
137171 2474 0 0 0 0 ping
Check connection status and response speed
Check network connection status and response time.
$ ping youtube.com
PING youtube.com (172.217.25.238) 56(84) bytes of data.
64 bytes from nrt12s14-in-f14.1e100.net (172.217.25.238): icmp_seq=1 ttl=40 time=1.65 ms
64 bytes from nrt12s14-in-f238.1e100.net (172.217.25.238): icmp_seq=2 ttl=40 time=1.62 ms
64 bytes from nrt12s14-in-f14.1e100.net (172.217.25.238): icmp_seq=3 ttl=40 time=1.66 ms
64 bytes from nrt12s14-in-f238.1e100.net (172.217.25.238): icmp_seq=4 ttl=40 time=1.64 ms
^C
--- youtube.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.620/1.645/1.660/0.043 msPossible reasons for the disconnection include.
- The destination PC is not running.
- Hardware failure of NIC.
- Ping packets are not allowed to be sent or received.
- DNS misconfiguration (when the connection is established by specifying the IP address, but not by specifying the host)
If the connection does not work, ping the devices in order of proximity to your host to see where the connection becomes disconnected.
traceroute
Check network routing
$ traceroute youtube.com
traceroute to youtube.com (172.217.26.46), 30 hops max, 60 byte packets
1 XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) 13.357 ms XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) 14.113 ms XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) 13.336 ms
2 XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) 19.895 ms XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) 17.325 ms XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) 19.223 msFrom left to right: 1st response time, 2nd response time, 3rd response time.
nc
Port Scanning
Ping can check ip communication, but cannot check if the port is open or not. There are several methods of port scanning, but I think nc(netcat) is the easiest.
nc -v -w 1 127.0.0.1 -z 80nc -zv 127.0.0.1 1-65535 2>&1 |grep succeeded$ nc -v -w 1 127.0.0.1 -z 80
Connection to 127.0.0.1 80 port [tcp/http] succeeded!Note that port scanning should not be performed on external servers, as it may be considered an attack.
dig
Check if name resolution is possible
It queries the DNS server to see if it can resolve the name of the server to which you are connecting (converting it to an IP address). Unlike nslookup, response information is displayed with almost no processing.
$ dig www.google.co.jp
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.56.amzn1 <<>> www.google.co.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32448
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.co.jp. IN A
;; ANSWER SECTION:
www.google.co.jp. 11 IN A 172.217.25.195
;; Query time: 0 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Wed Nov 21 21:41:39 2018
;; MSG SIZE rcvd: 50By default, A record is retrieved; if you want to query for a record other than A, specify the record type as follows.
$ dig us-west-2.amazonses.com TXT | grep "QUESTION SECTION" -A 7
;; QUESTION SECTION:
;us-west-2.amazonses.com. IN TXT
;; ANSWER SECTION:
us-west-2.amazonses.com. 888 IN TXT "google-site-verification=WT9AchziKw_G7Kulcs8qKOMG_h1O_HTtalB4JYKECXo"
us-west-2.amazonses.com. 888 IN TXT "v=spf1 include:amazonses.com -all"
us-west-2.amazonses.com. 888 IN TXT "spf2.0/pra include:amazonses.com -all"nslookup
Check if name resolution is possible
It queries the DNS server to see if it can resolve the name of the server to which you are connecting (converting it to an IP address).
Unlike dig, response information is processed and displayed.
$ nslookup www.google.co.jp
Server: 10.0.0.2
Address: 10.0.0.2#53
Non-authoritative answer:
Name: www.google.co.jp
Address: 172.217.26.35curl
HTTP Client
$ curl -v https://www.google.co.jp
* Rebuilt URL to: https://www.google.co.jp/
* Trying 172.217.27.67...
* TCP_NODELAY set
* Connected to www.google.co.jp (172.217.27.67) port 443 (#0)
(omission)# method specification
curl -X PUT URL
# POST form data
curl -X POST -d param1=xxx -d param2=yyy URL
# JSON request (request including JSON data in the request body)
curl -X POST \
-H 'Content-Type:application/json' \
-d '{"param1":"xxx","param2":"yyy"}' \
URL
# Display ResponseHeader and ResponseBody
curl -i URL
# Display only ResponseHeader
curl -I URL
# Display only ResponseBody
curl URL
# Display RequestHeader, ResponseHeader and ResponseBody
curl -v URL
# Set Cookie in RequestHeader
curl -b 'name1=value1; name2=value2' URLMore detailed usage is covered in the following pages.
httpie
HTTP Client
httpie will format and display json.
$ http -b http://weather.livedoor.com/forecast/webservice/json/v1?city=400040
{
"copyright": {
"image": {
"height": 26,
"link": "http://weather.livedoor.com/",
"title": "livedoor 天気情報",
"url": "http://weather.livedoor.com/img/cmn/livedoor.gif",
"width": 118
},
"link": "http://weather.livedoor.com/",
(omission)# method specification
http PUT URL
# POST form data
http -f POST URL param1=xxx param2=yyy
# Display ResponseHeader and ResponseBody
http URL
# Display only ResponseHeader
http -h URL
# Display only ResponseBody
http -b URL
# Display RequestHeader, ResponseHeader and ResponseBody
http -v URLcurl ifconfig.io
Confirm Global IP
The following command will access ifconfig.io to check the global IP used by your server.
curl ifconfig.ionetstat
Check connection status and statistics
You can check what servers are running and what ports they are using.
$ netstat -anp
(No info could be read for "-p": geteuid()=500 but you should be root.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:1025 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:44356 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN -
(omission) | Option | Summary |
|---|---|
| -a | Displays all connections (even those in the LISTEN state). |
| -p | Displays the “PID/Program name” to which each socket belongs. |
| -n | Display by numeric address without resolving names of hosts, ports, users, etc. |
netstat -rYou can check the routing table with the -r option. The routing table is described in the route command.
When netstat is not installed
The ss command is now available as an alternative to netstat. If you want to use netstat, install the package net-tools.In the case of apt.
apt update
apt install -y net-toolsss
Check connection status and statistics
The same information as netstat can be viewed with ss. (The ss command is included in a package called iproute2).
$ ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 0 [::ffff:172.21.0.2]:3306 [::ffff:172.21.0.1]:60030
tcp ESTAB 0 0 [::ffff:172.21.0.2]:3306 [::ffff:172.21.0.1]:60124 $ ss -s
Total: 7
TCP: 13 (estab 2, closed 9, orphaned 0, timewait 0)
Transport Total IP IPv6
RAW 0 0 0
UDP 1 1 0
TCP 4 1 3
INET 5 2 3
FRAG 0 0 0 lsof
Check the port number on which the process is open
lsof is a command that checks for open files in a process.
$ ps -ef|grep nginx
root 2707 1 0 22:07 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx 2712 2707 0 22:07 ? 00:00:00 nginx: worker process
vagrant 5727 5568 0 22:22 pts/0 00:00:00 grep nginx
$
$
$ sudo lsof -n -P -p 2707
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 2707 root cwd DIR 253,0 4096 2 /
nginx 2707 root rtd DIR 253,0 4096 2 /
nginx 2707 root txt REG 253,0 1227152 1053732 /usr/sbin/nginx
nginx 2707 root mem REG 253,0 66432 1703967 /lib64/libnss_files-2.12.so
nginx 2707 root mem REG 253,0 122056 1704020 /lib64/libselinux.so.1
(omission)You can check the port numbers that the server has open by doing the following.
$ sudo lsof -n -P | grep TCP
rpcbind 1198 rpc 8u IPv4 10878 0t0 TCP *:111 (LISTEN)
rpcbind 1198 rpc 11u IPv6 10881 0t0 TCP *:111 (LISTEN)
rpc.statd 1220 rpcuser 9u IPv4 10968 0t0 TCP *:44356 (LISTEN)
rpc.statd 1220 rpcuser 11u IPv6 10974 0t0 TCP *:36835 (LISTEN)
redis-ser 1255 redis 6u IPv4 11090 0t0 TCP 127.0.0.1:6379 (LISTEN)
sshd 1360 root 3u IPv4 11249 0t0 TCP *:22 (LISTEN)
sshd 1360 root 4u IPv6 11254 0t0 TCP *:22 (LISTEN)
master 2571 root 12u IPv4 13907 0t0 TCP 127.0.0.1:25 (LISTEN)Second from the left is the PID. Third from the left is the user name. On the far right, you can see the open port number and connection status (LISTEN ESTABLISHED, etc.).
| Option | Summary |
|---|---|
| -n | Do not convert IPs to hostnames. |
| -P | Do not convert port numbers to port names. |
route
Check routing table
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.30.0 * 255.255.255.0 U 0 0 0 eth1
10.0.2.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth1
default 10.0.2.2 0.0.0.0 UG 0 0 0 eth0If Destination is on the same network, the Gateway is marked with an * (asterisk). Since they are on the same network, they can be accessed from their own interface without going through a router.
tcpdump
packet capture
tcpdump -Xvv -s 2048 -i eth1 [expression]| Option | Summary |
|---|---|
-Xvv | Displays detailed information in hexadecimal. Use when you want to see not only the header but also the contents of the packet. |
-s | Specifies the data length of the packet to be retrieved. (default byte length of snaplen of 68 bytes) |
-i | Specify an interface. To specify all interfaces, use “-i any”. |
expression specifies the type of packets to dump.
| Designated Pattern | Input Example | Supplement |
|---|---|---|
<type> <id> | host 192.168.1.1 | Communication with 192.168.1.1 |
<dir> <type> <id> | src host 192.168.1.1 | Packets originating from 192.168.1.1 |
<proto> <type> <id> | udp and host 192.168.1.1 | |
<proto> <dir> <type> <id> | udp and src host 192.168.1.1 |
The target packet type is specified in type.
host 192.168.1.1
net 192.168
port 80dir specifies the communication direction.
src, dstSpecify a specific protocol for proto.
tcp, udp, etc.Network-related files
- /etc/services
- You can check the correspondence between port numbers and services.
- /etc/networks
- Describes the correspondence between network names and network addresses.
- /etc/hostname
- Describe the host name.
- /etc/hosts
- Describes the correspondence between the host name and IP address and performs name resolution.
- /etc/host.conf
- Describes the query order for name resolution.
- You may see the “/etc/host.conf” file in older libraries, but nowadays the following “/etc/nsswitch.conf” file is mostly used.
- /etc/nsswitch.conf
- Describes the query order for name resolution.
- Set the reference order on the “hosts:” line.
- For example, if you write “hosts: files dns”, it will first check “/etc/hosts” and if it does not resolve, it will check the DNS server.
- /etc/resolv.conf
- Describes DNS server and domain name settings.
- /etc/sysconfig/network
- Describe settings such as “use/non-use of network functions,” “host name,” “default gate address,” etc.
- Files under /etc/sysconfig/network-scripts directory
- Configure and check the network interface.
$ cat /etc/sysconfig/network-scripts/ifcfg-eth1
NM_CONTROLLED=no
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.30.30
NETMASK=255.255.255.0
DEVICE=eth1
PEERDNS=noBelow are the main setting items and an overview.
| Setting items | Summary |
|---|---|
| DEVICE | NWI/F name (e.g. eth0) |
| IPADDR | IP address of I/F |
| NETMASK | NETMASK |
| NETWORK | Network address belonging to |
| ONBOOT | Enable/disable network interface at startup |
special address
Below are the special addresses you need to know to check your network.
- broadcast address
- All host address parts are 1
- network address
- Host address part is all 0
- loopback address
- 127.0.0.1
