Linux networking tools can be used to analyze network connectivity and performance. Tools like ifconfig show interface configurations, route displays routing tables, arp shows the ARP cache, dig/nslookup resolve DNS, and traceroute traces the network path. Nmap scans for open ports, ping checks latency, and tcpdump captures traffic. Iperf3 and wrk2 can load test throughput and capacity, while tcpreplay replays captured traffic. These CLI tools provide essential network information and testing capabilities from the command line.
3. “AGH! I can’t reach my website.”
“Can my service handle this load?”
“Hmm. Why is my droplet unable to reach the public
internet?”
Why should I care?
7. whois
# whois google.com
...
whois.markmonitor.com
Registrar Registration Expiration Date: 2028-09-13T00:00:00-0700
Registrar: MarkMonitor, Inc.
...
Registrant Organization: Google LLC
Registrant State/Province: CA
Registrant Country: US
Registrant Email: Select Request Email Form at
https://domains.markmonitor.com/whois/google.com
Admin Organization: Google LLC
Admin State/Province: CA
Admin Country: US
Admin Email: Select Request Email Form at https://domains.markmonitor.com/whois/google.com
Tech Organization: Google LLC
Tech State/Province: CA
Tech Country: US
Tech Email: Select Request Email Form at https://domains.markmonitor.com/whois/google.com
Name Server: ns4.google.com
...
Registrar
Site Owner
DNS name server
10. traceroute
$ traceroute google.com
traceroute to google.com (172.217.3.110), 64 hops max, 52 byte packets
1 192.168.1.254 (192.168.1.254) 11.341 ms 10.841 ms 12.064 ms
2 76.231.80.1 (76.231.80.1) 44.314 ms 24.790 ms 27.105 ms
3 71.151.198.49 (71.151.198.49) 22.981 ms 25.255 ms 23.239 ms
4 12.240.210.50 (12.240.210.50) 35.620 ms 36.686 ms 41.612 ms
5 gar10.cgcil.ip.att.net (12.122.133.45) 36.803 ms 36.962 ms 41.038 ms
...
13 108.170.248.97 (108.170.248.97) 49.285 ms
108.170.248.33 (108.170.248.33) 48.675 ms 77.627 ms
14 209.85.244.65 (209.85.244.65) 65.286 ms
209.85.253.189 (209.85.253.189) 59.646 ms 45.536 ms
15 lga34s18-in-f14.1e100.net (172.217.3.110) 49.734 ms 46.053 ms 48.990 ms
Routing Information
11. Now you can answer:
What is my service’s IP address?
What DNS nameserver is providing this IP addressing information?
What is a packet’s next-hop to get to this service?
whois
dig
nslookup
traceroute
13. nmap
root@ubuntu-s-1vcpu-1gb-fra1-01:~# nmap -sS localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-18 15:33 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
root@ubuntu-s-1vcpu-1gb-fra1-01:~# nmap -sU localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-18 15:33 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000050s latency).
All 1000 scanned ports on localhost (127.0.0.1) are closed
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
port scanning
(TCP, UDP)
14. ping/ping6
$ ping google.com
PING google.com (172.217.17.142) 56(84) bytes of data.
64 bytes from ams15s30-in-f14.1e100.net (172.217.17.142): icmp_seq=1 ttl=115 time=7.28 ms
64 bytes from ams15s30-in-f14.1e100.net (172.217.17.142): icmp_seq=2 ttl=115 time=6.86 ms
64 bytes from ams15s30-in-f14.1e100.net (172.217.17.142): icmp_seq=3 ttl=115 time=6.80 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 6.801/6.977/7.275/0.211 ms
$ ping6 google.com
PING6(56=40+8+8 bytes) 2600:1702:3940:1120:743c:2d7d:8ee7:7826 --> 2607:f8b0:4000:813::200e
16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=0 hlim=114 time=55.132 ms
16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=1 hlim=114 time=78.742 ms
16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=2 hlim=114 time=58.874 ms
16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=3 hlim=114 time=53.585 ms
^C
--- google.com ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 53.585/61.583/78.742/10.091 ms
sending icmp pings
checking latency
16. telnet checking connections
Server
# nc -l 80
hi!
this is dog.
Client
# telnet 157.230.80.127
80
Trying 157.230.80.127...
Connected to
157.230.80.127.
Escape character is '^]'.
hi!
this is dog.
18. Now you can answer:
Which TCP or UDP ports are open?
Is service X at IP address Y receiving and responding to ICMP pings?
Can I open a TCP connection to this destination IP?
nmap
netcat
telnet
ping
ping6
20. tcpdump
Traffic capture
Uses bpf filters
Ethertype IP
root@techtalk-server:~# tcpdump -i eth0 src 68.183.27.77
tcpdump: verbose output suppressed, use-v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:25:53.469595 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 1, length 64
20:25:54.470449 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 2, length 64
20:25:55.474789 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 3, length 64
20:25:56.498852 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 4, length 64
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel
# tcpdump -i eth0 -vvv -d dst 157.230.80.127
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 4
(002) ld [30]
(003) jeq #0x9de6507f jt 8jf 9
(004) jeq #0x806 jt 6jf 5
(005) jeq #0x8035 jt 6jf 9
(006) ld [38]
(007) jeq #0x9de6507f jt 8jf 9
(008) ret #262144
(009) ret #0
Ethertype ARP
Ethertype RARP
21. Now you can answer:
Am I receiving traffic on this interface of type x?
What does my bpf filter look like in bytecode or what is the actual parser doing?
tcpdump
wireshark
24. route routing info
~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 67.205.128.1 0.0.0.0 UG 0 0 0 eth0
10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.136.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
67.205.128.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
25. arp check arp cache
root@ubuntu-s-1vcpu-1gb-nyc1-01:~# arp -a
_gateway (67.205.128.1) at fe:00:00:00:01:01 [ether] on eth0
26. ip
see arp cache,
see neighbor table,
add routes
~# ip neigh show
67.205.128.1 dev eth0 lladdr fe:00:00:00:01:01 REACHABLE
2604:a880:400:d0::1 dev eth0 lladdr fe:00:00:00:01:01 REACHABLE
~# ip -6 neigh show
2604:a880:400:d0::1 dev eth0 lladdr fe:00:00:00:01:01 REACHABLE
~# ip route
default via 67.205.128.1 dev eth0 proto static
10.10.0.0/16 dev eth0 proto kernel scope link src 10.10.0.10
10.136.0.0/16 dev eth1 proto kernel scope link src 10.136.161.195
67.205.128.0/20 dev eth0 proto kernel scope link src 67.205.137.40
~# ip route add 169.254.169.254 via 67.205.128.1
~# ip route show 169.254.169.254
169.254.169.254 via 67.205.128.1 dev eth0
27. Now you can answer:
What are the network interfaces, ip addresses, subnet, and broadcast address of
my droplet?
What is the internet gateway?
What is the corresponding hardware address for a particular IP?
How can I add a route?
ifconfig
route
arp
ip
33. Now you can answer:
What is the max throughput I can send through an interface?
What is the UDP jitter experienced with max UDP throughput?
What is latency of requests when my service is under load?
How many requests/sec can my service handle?
What is the max number of connections I can send traffic through?
tcpreplay
wrk2
iperf3
nuttcp
35. There are numerous linux CLI networking utilities.
All open-source!
Useful for virtual machines (check routing information, open
ports, interfaces, neighbor tables, add routes) and
microservices (capture traffic and load test)!