SlideShare a Scribd company logo

Handy Networking Tools and How to Use Them

Sneha Inguva
Sneha Inguva

Linux networking tools can be used to analyze network connectivity and performance. Tools like ifconfig show interface configurations, route displays routing tables, arp shows the ARP cache, dig/nslookup resolve DNS, and traceroute traces the network path. Nmap scans for open ports, ping checks latency, and tcpdump captures traffic. Iperf3 and wrk2 can load test throughput and capacity, while tcpreplay replays captured traffic. These CLI tools provide essential network information and testing capabilities from the command line.

Software
1 of 36
Download to read offline
Handy Networking Tools (and how to use them)
@snehainguva network engineer
“AGH! I can’t reach my website.” “Can my service handle this load?” “Hmm. Why is my droplet unable to reach the public internet?” Why should I care?
LINUX NETWORKING CLI TOOLS
Accessing a service DNS and Routing Load Testing Traffic Capture Network Stack Management Network Probing
Accessing a service whois dig nslookup traceroute
whois # whois google.com ... whois.markmonitor.com Registrar Registration Expiration Date: 2028-09-13T00:00:00-0700 Registrar: MarkMonitor, Inc. ... Registrant Organization: Google LLC Registrant State/Province: CA Registrant Country: US Registrant Email: Select Request Email Form at https://domains.markmonitor.com/whois/google.com Admin Organization: Google LLC Admin State/Province: CA Admin Country: US Admin Email: Select Request Email Form at https://domains.markmonitor.com/whois/google.com Tech Organization: Google LLC Tech State/Province: CA Tech Country: US Tech Email: Select Request Email Form at https://domains.markmonitor.com/whois/google.com Name Server: ns4.google.com ... Registrar Site Owner DNS name server
dig $ dig google.com ; <<>> DiG 9.10.6 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40737 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 49 IN A 172.217.12.174 ;; Query time: 48 msec ;; SERVER: 10.254.0.3#53(10.254.0.3) ;; WHEN: Sat Oct 17 19:57:55 EDT 2020 ;; MSG SIZE rcvd: 65 Nameservers IP-address
nslookup $ nslookup google.com Server: 10.254.0.3 Address: 10.254.0.3#53 Non-authoritative answer: Name: google.com Address: 172.217.3.110 Nameservers IP-address
traceroute $ traceroute google.com traceroute to google.com (172.217.3.110), 64 hops max, 52 byte packets 1 192.168.1.254 (192.168.1.254) 11.341 ms 10.841 ms 12.064 ms 2 76.231.80.1 (76.231.80.1) 44.314 ms 24.790 ms 27.105 ms 3 71.151.198.49 (71.151.198.49) 22.981 ms 25.255 ms 23.239 ms 4 12.240.210.50 (12.240.210.50) 35.620 ms 36.686 ms 41.612 ms 5 gar10.cgcil.ip.att.net (12.122.133.45) 36.803 ms 36.962 ms 41.038 ms ... 13 108.170.248.97 (108.170.248.97) 49.285 ms 108.170.248.33 (108.170.248.33) 48.675 ms 77.627 ms 14 209.85.244.65 (209.85.244.65) 65.286 ms 209.85.253.189 (209.85.253.189) 59.646 ms 45.536 ms 15 lga34s18-in-f14.1e100.net (172.217.3.110) 49.734 ms 46.053 ms 48.990 ms Routing Information
Now you can answer: What is my service’s IP address? What DNS nameserver is providing this IP addressing information? What is a packet’s next-hop to get to this service? whois dig nslookup traceroute
Network Probing nmap netcat telnet ping ping6
nmap root@ubuntu-s-1vcpu-1gb-fra1-01:~# nmap -sS localhost Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-18 15:33 UTC Nmap scan report for localhost (127.0.0.1) Host is up (0.0000040s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds root@ubuntu-s-1vcpu-1gb-fra1-01:~# nmap -sU localhost Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-18 15:33 UTC Nmap scan report for localhost (127.0.0.1) Host is up (0.0000050s latency). All 1000 scanned ports on localhost (127.0.0.1) are closed Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds port scanning (TCP, UDP)
ping/ping6 $ ping google.com PING google.com (172.217.17.142) 56(84) bytes of data. 64 bytes from ams15s30-in-f14.1e100.net (172.217.17.142): icmp_seq=1 ttl=115 time=7.28 ms 64 bytes from ams15s30-in-f14.1e100.net (172.217.17.142): icmp_seq=2 ttl=115 time=6.86 ms 64 bytes from ams15s30-in-f14.1e100.net (172.217.17.142): icmp_seq=3 ttl=115 time=6.80 ms ^C --- google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 6.801/6.977/7.275/0.211 ms $ ping6 google.com PING6(56=40+8+8 bytes) 2600:1702:3940:1120:743c:2d7d:8ee7:7826 --> 2607:f8b0:4000:813::200e 16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=0 hlim=114 time=55.132 ms 16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=1 hlim=114 time=78.742 ms 16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=2 hlim=114 time=58.874 ms 16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=3 hlim=114 time=53.585 ms ^C --- google.com ping6 statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 53.585/61.583/78.742/10.091 ms sending icmp pings checking latency
netcat checking connections Server # nc -l 80 sdf asdf hi Client # nc 157.230.80.127 80 sdf asdf hi
telnet checking connections Server # nc -l 80 hi! this is dog. Client # telnet 157.230.80.127 80 Trying 157.230.80.127... Connected to 157.230.80.127. Escape character is '^]'. hi! this is dog.
Demo!
Now you can answer: Which TCP or UDP ports are open? Is service X at IP address Y receiving and responding to ICMP pings? Can I open a TCP connection to this destination IP? nmap netcat telnet ping ping6
Traffic Capture tcpdump wireshark
tcpdump Traffic capture Uses bpf filters Ethertype IP root@techtalk-server:~# tcpdump -i eth0 src 68.183.27.77 tcpdump: verbose output suppressed, use-v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 20:25:53.469595 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 1, length 64 20:25:54.470449 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 2, length 64 20:25:55.474789 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 3, length 64 20:25:56.498852 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 4, length 64 ^C 4 packets captured 4 packets received by filter 0 packets dropped by kernel # tcpdump -i eth0 -vvv -d dst 157.230.80.127 (000) ldh [12] (001) jeq #0x800 jt 2 jf 4 (002) ld [30] (003) jeq #0x9de6507f jt 8jf 9 (004) jeq #0x806 jt 6jf 5 (005) jeq #0x8035 jt 6jf 9 (006) ld [38] (007) jeq #0x9de6507f jt 8jf 9 (008) ret #262144 (009) ret #0 Ethertype ARP Ethertype RARP
Now you can answer: Am I receiving traffic on this interface of type x? What does my bpf filter look like in bytecode or what is the actual parser doing? tcpdump wireshark
Network Stack Management ifconfig route arp ip
ifconfig network interface info ~# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 67.205.137.40 netmask 255.255.240.0 broadcast 67.205.143.255 inet6 2604:a880:400:d0::1bcd:5001 prefixlen 64 scopeid 0x0<global> inet6 fe80::647d:a8ff:fe83:4f29 prefixlen 64 scopeid 0x20<link> ether 66:7d:a8:83:4f:29 txqueuelen 1000 (Ethernet) RX packets 1185 bytes 358649 (358.6 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 866 bytes 124061 (124.0 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.136.161.195 netmask 255.255.0.0 broadcast 10.136.255.255 inet6 fe80::d0af:f2ff:fef3:456b prefixlen 64 scopeid 0x20<link> ether d2:af:f2:f3:45:6b txqueuelen 1000 (Ethernet) RX packets 16 bytes 1084 (1.0 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13 bytes 1006 (1.0 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ...
route routing info ~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 67.205.128.1 0.0.0.0 UG 0 0 0 eth0 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 10.136.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 67.205.128.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
arp check arp cache root@ubuntu-s-1vcpu-1gb-nyc1-01:~# arp -a _gateway (67.205.128.1) at fe:00:00:00:01:01 [ether] on eth0
ip see arp cache, see neighbor table, add routes ~# ip neigh show 67.205.128.1 dev eth0 lladdr fe:00:00:00:01:01 REACHABLE 2604:a880:400:d0::1 dev eth0 lladdr fe:00:00:00:01:01 REACHABLE ~# ip -6 neigh show 2604:a880:400:d0::1 dev eth0 lladdr fe:00:00:00:01:01 REACHABLE ~# ip route default via 67.205.128.1 dev eth0 proto static 10.10.0.0/16 dev eth0 proto kernel scope link src 10.10.0.10 10.136.0.0/16 dev eth1 proto kernel scope link src 10.136.161.195 67.205.128.0/20 dev eth0 proto kernel scope link src 67.205.137.40 ~# ip route add 169.254.169.254 via 67.205.128.1 ~# ip route show 169.254.169.254 169.254.169.254 via 67.205.128.1 dev eth0
Now you can answer: What are the network interfaces, ip addresses, subnet, and broadcast address of my droplet? What is the internet gateway? What is the corresponding hardware address for a particular IP? How can I add a route? ifconfig route arp ip
Load Testing tcpreplay wrk2 iperf3 nuttcp
tcpreplay Replays traffic from packet capture fire Server Client # tcpdump -i eth0 -w traffic.pcap # tcpreplay -i eth0 httptraffic.pcap ... Statistics for network device: eth0 Successful packets: 291 Failed packets: 3 Truncated packets: 0 Retried packets (ENOBUFS): 0 Retried packets (EAGAIN): 0
wrk2 Send HTTP load Server Client # wrk2 -t1 -c10 -d60s -R100 -L http://157.230.80.127:80 Running 1m test @ http://157.230.80.127:80 1 threads and 10 connections Thread calibration: mean lat.: 1.460ms, rate sampling interval: 10ms Thread Stats Avg Stdev Max +/- Stdev Latency 1.45ms 483.34us 11.84ms 72.24% Req/Sec 106.69 104.46 400.00 29.94%
iperf3 Send TCP or UDP traffic Server # iperf3 -s --------------------- Server listening on 5201 --------------------- Client # iperf3 -c 157.230.80.127 5201 Connecting to host 157.230.80.127, port 5201 … [ ID] Interval Transfer Bandwidth Retr [ 4] 0.00-10.00 sec 2.25 GBytes 1.93 Gbits/sec 224850 sender [ 4] 0.00-10.00 sec 2.24 GBytes 1.93 Gbits/sec receiver
Demo!
Now you can answer: What is the max throughput I can send through an interface? What is the UDP jitter experienced with max UDP throughput? What is latency of requests when my service is under load? How many requests/sec can my service handle? What is the max number of connections I can send traffic through? tcpreplay wrk2 iperf3 nuttcp
To summarize...
There are numerous linux CLI networking utilities. All open-source! Useful for virtual machines (check routing information, open ports, interfaces, neighbor tables, add routes) and microservices (capture traffic and load test)!
Questions? !

Recommended

Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Jim Clausing
 
7.protocols 2
7.protocols 27.protocols 2
7.protocols 2Marian Marinov
 
7. protocols
7. protocols7. protocols
7. protocolsMarian Marinov
 
(NET404) Making Every Packet Count
(NET404) Making Every Packet Count(NET404) Making Every Packet Count
(NET404) Making Every Packet CountAmazon Web Services
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2Zobair Khan
 
Day2
Day2Day2
Day2Jai4uk
 
Network commands
Network commandsNetwork commands
Network commandsDr. Mahadev Gawas
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 

Recommended

Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Jim Clausing
 
7.protocols 2
7.protocols 27.protocols 2
7.protocols 2Marian Marinov
 
7. protocols
7. protocols7. protocols
7. protocolsMarian Marinov
 
(NET404) Making Every Packet Count
(NET404) Making Every Packet Count(NET404) Making Every Packet Count
(NET404) Making Every Packet CountAmazon Web Services
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2Zobair Khan
 
Day2
Day2Day2
Day2Jai4uk
 
Network commands
Network commandsNetwork commands
Network commandsDr. Mahadev Gawas
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3Nutan Kumar Panda
 
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...sonjeku1
 
Wireshar training
Wireshar trainingWireshar training
Wireshar trainingLuke Luo
 
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networksPLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networksPROIDEA
 
DMVPN
DMVPNDMVPN
DMVPNNetProtocol Xpert
 
Stu t17 a
Stu t17 aStu t17 a
Stu t17 aSelectedPresentations
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file serverTola LENG
 
2 netcat enum-pub
2 netcat enum-pub2 netcat enum-pub
2 netcat enum-pubCassio Ramos
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pubCassio Ramos
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
Network configuration
Network configurationNetwork configuration
Network configurationengshemachi
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networkingSreenatha Reddy K R
 
Linux networking commands
Linux networking commandsLinux networking commands
Linux networking commandsSayed Ahmed
 
F5 tcpdump
F5 tcpdumpF5 tcpdump
F5 tcpdumpalex wade
 
Incident Response: Tunnelling
Incident Response: TunnellingIncident Response: Tunnelling
Incident Response: TunnellingNapier University
 
SIEM
SIEMSIEM
SIEMNapier University
 
Incident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsIncident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsNapier University
 
SSL Web VPN
SSL Web VPNSSL Web VPN
SSL Web VPNNetwax Lab
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
9 ipv6-routing
9 ipv6-routing9 ipv6-routing
9 ipv6-routingOlivier Bonaventure
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)Amazon Web Services
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 

More Related Content

What's hot

us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...sonjeku1
 
Wireshar training
Wireshar trainingWireshar training
Wireshar trainingLuke Luo
 
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networksPLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networksPROIDEA
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file serverTola LENG
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pubCassio Ramos
 
Network configuration
Network configurationNetwork configuration
Network configurationengshemachi
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networkingSreenatha Reddy K R
 
Linux networking commands
Linux networking commandsLinux networking commands
Linux networking commandsSayed Ahmed
 
Incident Response: Tunnelling
Incident Response: TunnellingIncident Response: Tunnelling
Incident Response: TunnellingNapier University
 
Incident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsIncident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsNapier University
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 

What's hot (20)

Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
 
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
 
Wireshar training
Wireshar trainingWireshar training
Wireshar training
 
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networksPLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
 
DMVPN
DMVPNDMVPN
DMVPN
 
Stu t17 a
Stu t17 aStu t17 a
Stu t17 a
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file server
 
2 netcat enum-pub
2 netcat enum-pub2 netcat enum-pub
2 netcat enum-pub
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
Network configuration
Network configurationNetwork configuration
Network configuration
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networking
 
Linux networking commands
Linux networking commandsLinux networking commands
Linux networking commands
 
F5 tcpdump
F5 tcpdumpF5 tcpdump
F5 tcpdump
 
Incident Response: Tunnelling
Incident Response: TunnellingIncident Response: Tunnelling
Incident Response: Tunnelling
 
SIEM
SIEMSIEM
SIEM
 
Incident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsIncident response: Advanced Network Forensics
Incident response: Advanced Network Forensics
 
SSL Web VPN
SSL Web VPNSSL Web VPN
SSL Web VPN
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
9 ipv6-routing
9 ipv6-routing9 ipv6-routing
9 ipv6-routing
 

Similar to Handy Networking Tools and How to Use Them

AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)Amazon Web Services
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commandstmavroidis
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Ex no1 (1)
Ex no1 (1)Ex no1 (1)
Ex no1 (1)basramya
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVROpenStack Korea Community
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)Security Date
 
Troubleshooting TCP/IP
Troubleshooting TCP/IPTroubleshooting TCP/IP
Troubleshooting TCP/IPvijai s
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...CODE BLUE
 
dokumen.tips_linux-networking-commands.ppt
dokumen.tips_linux-networking-commands.pptdokumen.tips_linux-networking-commands.ppt
dokumen.tips_linux-networking-commands.pptThorOdinson55
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch어형 이
 
Multicloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRPMulticloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRPBob Melander
 

Similar to Handy Networking Tools and How to Use Them (20)

AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPF
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1
 
Linux networking
Linux networkingLinux networking
Linux networking
 
RAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LISTRAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LIST
 
Ex no1 (1)
Ex no1 (1)Ex no1 (1)
Ex no1 (1)
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR
 
Linux router
Linux routerLinux router
Linux router
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)
 
Pycon - Python for ethical hackers
Pycon - Python for ethical hackers Pycon - Python for ethical hackers
Pycon - Python for ethical hackers
 
Troubleshooting TCP/IP
Troubleshooting TCP/IPTroubleshooting TCP/IP
Troubleshooting TCP/IP
 
Unix 4 en
Unix 4 enUnix 4 en
Unix 4 en
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
 
dokumen.tips_linux-networking-commands.ppt
dokumen.tips_linux-networking-commands.pptdokumen.tips_linux-networking-commands.ppt
dokumen.tips_linux-networking-commands.ppt
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
Multicloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRPMulticloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRP
 

More from Sneha Inguva

Networking and Go: An Engineer's Journey (Strangeloop 2019)
Networking and Go: An Engineer's Journey (Strangeloop 2019)Networking and Go: An Engineer's Journey (Strangeloop 2019)
Networking and Go: An Engineer's Journey (Strangeloop 2019)Sneha Inguva
 
MicroCPH: Observability and Product Release
MicroCPH: Observability and Product ReleaseMicroCPH: Observability and Product Release
MicroCPH: Observability and Product ReleaseSneha Inguva
 
[Power To Fly Webinar] Observability at a Cloud Provider
[Power To Fly Webinar] Observability at a Cloud Provider[Power To Fly Webinar] Observability at a Cloud Provider
[Power To Fly Webinar] Observability at a Cloud ProviderSneha Inguva
 
Containers: What are they, Really?
Containers: What are they, Really?Containers: What are they, Really?
Containers: What are they, Really?Sneha Inguva
 
Networking and Go: An Epic Journey
Networking and Go: An Epic JourneyNetworking and Go: An Epic Journey
Networking and Go: An Epic JourneySneha Inguva
 
observability pre-release: using prometheus to test and fix new software
observability pre-release: using prometheus to test and fix new softwareobservability pre-release: using prometheus to test and fix new software
observability pre-release: using prometheus to test and fix new softwareSneha Inguva
 
Observability and Product Release
Observability and Product ReleaseObservability and Product Release
Observability and Product ReleaseSneha Inguva
 
Prometheus Everything, Observing Kubernetes in the Cloud
Prometheus Everything, Observing Kubernetes in the CloudPrometheus Everything, Observing Kubernetes in the Cloud
Prometheus Everything, Observing Kubernetes in the CloudSneha Inguva
 
Observability in a Dynamically Scheduled World
Observability in a Dynamically Scheduled WorldObservability in a Dynamically Scheduled World
Observability in a Dynamically Scheduled WorldSneha Inguva
 
Containers: The What, Why, and How
Containers: The What, Why, and HowContainers: The What, Why, and How
Containers: The What, Why, and HowSneha Inguva
 

More from Sneha Inguva (10)

Networking and Go: An Engineer's Journey (Strangeloop 2019)
Networking and Go: An Engineer's Journey (Strangeloop 2019)Networking and Go: An Engineer's Journey (Strangeloop 2019)
Networking and Go: An Engineer's Journey (Strangeloop 2019)
 
MicroCPH: Observability and Product Release
MicroCPH: Observability and Product ReleaseMicroCPH: Observability and Product Release
MicroCPH: Observability and Product Release
 
[Power To Fly Webinar] Observability at a Cloud Provider
[Power To Fly Webinar] Observability at a Cloud Provider[Power To Fly Webinar] Observability at a Cloud Provider
[Power To Fly Webinar] Observability at a Cloud Provider
 
Containers: What are they, Really?
Containers: What are they, Really?Containers: What are they, Really?
Containers: What are they, Really?
 
Networking and Go: An Epic Journey
Networking and Go: An Epic JourneyNetworking and Go: An Epic Journey
Networking and Go: An Epic Journey
 
observability pre-release: using prometheus to test and fix new software
observability pre-release: using prometheus to test and fix new softwareobservability pre-release: using prometheus to test and fix new software
observability pre-release: using prometheus to test and fix new software
 
Observability and Product Release
Observability and Product ReleaseObservability and Product Release
Observability and Product Release
 
Prometheus Everything, Observing Kubernetes in the Cloud
Prometheus Everything, Observing Kubernetes in the CloudPrometheus Everything, Observing Kubernetes in the Cloud
Prometheus Everything, Observing Kubernetes in the Cloud
 
Observability in a Dynamically Scheduled World
Observability in a Dynamically Scheduled WorldObservability in a Dynamically Scheduled World
Observability in a Dynamically Scheduled World
 
Containers: The What, Why, and How
Containers: The What, Why, and HowContainers: The What, Why, and How
Containers: The What, Why, and How
 

Recently uploaded

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 

Recently uploaded (20)

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 

Handy Networking Tools and How to Use Them

  • 1. Handy Networking Tools (and how to use them)
  • 3. “AGH! I can’t reach my website.” “Can my service handle this load?” “Hmm. Why is my droplet unable to reach the public internet?” Why should I care?
  • 5. Accessing a service DNS and Routing Load Testing Traffic Capture Network Stack Management Network Probing
  • 7. whois # whois google.com ... whois.markmonitor.com Registrar Registration Expiration Date: 2028-09-13T00:00:00-0700 Registrar: MarkMonitor, Inc. ... Registrant Organization: Google LLC Registrant State/Province: CA Registrant Country: US Registrant Email: Select Request Email Form at https://domains.markmonitor.com/whois/google.com Admin Organization: Google LLC Admin State/Province: CA Admin Country: US Admin Email: Select Request Email Form at https://domains.markmonitor.com/whois/google.com Tech Organization: Google LLC Tech State/Province: CA Tech Country: US Tech Email: Select Request Email Form at https://domains.markmonitor.com/whois/google.com Name Server: ns4.google.com ... Registrar Site Owner DNS name server
  • 8. dig $ dig google.com ; <<>> DiG 9.10.6 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40737 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 49 IN A 172.217.12.174 ;; Query time: 48 msec ;; SERVER: 10.254.0.3#53(10.254.0.3) ;; WHEN: Sat Oct 17 19:57:55 EDT 2020 ;; MSG SIZE rcvd: 65 Nameservers IP-address
  • 9. nslookup $ nslookup google.com Server: 10.254.0.3 Address: 10.254.0.3#53 Non-authoritative answer: Name: google.com Address: 172.217.3.110 Nameservers IP-address
  • 10. traceroute $ traceroute google.com traceroute to google.com (172.217.3.110), 64 hops max, 52 byte packets 1 192.168.1.254 (192.168.1.254) 11.341 ms 10.841 ms 12.064 ms 2 76.231.80.1 (76.231.80.1) 44.314 ms 24.790 ms 27.105 ms 3 71.151.198.49 (71.151.198.49) 22.981 ms 25.255 ms 23.239 ms 4 12.240.210.50 (12.240.210.50) 35.620 ms 36.686 ms 41.612 ms 5 gar10.cgcil.ip.att.net (12.122.133.45) 36.803 ms 36.962 ms 41.038 ms ... 13 108.170.248.97 (108.170.248.97) 49.285 ms 108.170.248.33 (108.170.248.33) 48.675 ms 77.627 ms 14 209.85.244.65 (209.85.244.65) 65.286 ms 209.85.253.189 (209.85.253.189) 59.646 ms 45.536 ms 15 lga34s18-in-f14.1e100.net (172.217.3.110) 49.734 ms 46.053 ms 48.990 ms Routing Information
  • 11. Now you can answer: What is my service’s IP address? What DNS nameserver is providing this IP addressing information? What is a packet’s next-hop to get to this service? whois dig nslookup traceroute
  • 13. nmap root@ubuntu-s-1vcpu-1gb-fra1-01:~# nmap -sS localhost Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-18 15:33 UTC Nmap scan report for localhost (127.0.0.1) Host is up (0.0000040s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds root@ubuntu-s-1vcpu-1gb-fra1-01:~# nmap -sU localhost Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-18 15:33 UTC Nmap scan report for localhost (127.0.0.1) Host is up (0.0000050s latency). All 1000 scanned ports on localhost (127.0.0.1) are closed Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds port scanning (TCP, UDP)
  • 14. ping/ping6 $ ping google.com PING google.com (172.217.17.142) 56(84) bytes of data. 64 bytes from ams15s30-in-f14.1e100.net (172.217.17.142): icmp_seq=1 ttl=115 time=7.28 ms 64 bytes from ams15s30-in-f14.1e100.net (172.217.17.142): icmp_seq=2 ttl=115 time=6.86 ms 64 bytes from ams15s30-in-f14.1e100.net (172.217.17.142): icmp_seq=3 ttl=115 time=6.80 ms ^C --- google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 6.801/6.977/7.275/0.211 ms $ ping6 google.com PING6(56=40+8+8 bytes) 2600:1702:3940:1120:743c:2d7d:8ee7:7826 --> 2607:f8b0:4000:813::200e 16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=0 hlim=114 time=55.132 ms 16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=1 hlim=114 time=78.742 ms 16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=2 hlim=114 time=58.874 ms 16 bytes from 2607:f8b0:4000:813::200e, icmp_seq=3 hlim=114 time=53.585 ms ^C --- google.com ping6 statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 53.585/61.583/78.742/10.091 ms sending icmp pings checking latency
  • 15. netcat checking connections Server # nc -l 80 sdf asdf hi Client # nc 157.230.80.127 80 sdf asdf hi
  • 16. telnet checking connections Server # nc -l 80 hi! this is dog. Client # telnet 157.230.80.127 80 Trying 157.230.80.127... Connected to 157.230.80.127. Escape character is '^]'. hi! this is dog.
  • 17. Demo!
  • 18. Now you can answer: Which TCP or UDP ports are open? Is service X at IP address Y receiving and responding to ICMP pings? Can I open a TCP connection to this destination IP? nmap netcat telnet ping ping6
  • 20. tcpdump Traffic capture Uses bpf filters Ethertype IP root@techtalk-server:~# tcpdump -i eth0 src 68.183.27.77 tcpdump: verbose output suppressed, use-v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 20:25:53.469595 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 1, length 64 20:25:54.470449 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 2, length 64 20:25:55.474789 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 3, length 64 20:25:56.498852 IP 68.183.27.77 > techtalk-server: ICMP echo request, id 14790, seq 4, length 64 ^C 4 packets captured 4 packets received by filter 0 packets dropped by kernel # tcpdump -i eth0 -vvv -d dst 157.230.80.127 (000) ldh [12] (001) jeq #0x800 jt 2 jf 4 (002) ld [30] (003) jeq #0x9de6507f jt 8jf 9 (004) jeq #0x806 jt 6jf 5 (005) jeq #0x8035 jt 6jf 9 (006) ld [38] (007) jeq #0x9de6507f jt 8jf 9 (008) ret #262144 (009) ret #0 Ethertype ARP Ethertype RARP
  • 21. Now you can answer: Am I receiving traffic on this interface of type x? What does my bpf filter look like in bytecode or what is the actual parser doing? tcpdump wireshark
  • 23. ifconfig network interface info ~# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 67.205.137.40 netmask 255.255.240.0 broadcast 67.205.143.255 inet6 2604:a880:400:d0::1bcd:5001 prefixlen 64 scopeid 0x0<global> inet6 fe80::647d:a8ff:fe83:4f29 prefixlen 64 scopeid 0x20<link> ether 66:7d:a8:83:4f:29 txqueuelen 1000 (Ethernet) RX packets 1185 bytes 358649 (358.6 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 866 bytes 124061 (124.0 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.136.161.195 netmask 255.255.0.0 broadcast 10.136.255.255 inet6 fe80::d0af:f2ff:fef3:456b prefixlen 64 scopeid 0x20<link> ether d2:af:f2:f3:45:6b txqueuelen 1000 (Ethernet) RX packets 16 bytes 1084 (1.0 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13 bytes 1006 (1.0 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ...
  • 24. route routing info ~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 67.205.128.1 0.0.0.0 UG 0 0 0 eth0 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 10.136.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 67.205.128.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
  • 25. arp check arp cache root@ubuntu-s-1vcpu-1gb-nyc1-01:~# arp -a _gateway (67.205.128.1) at fe:00:00:00:01:01 [ether] on eth0
  • 26. ip see arp cache, see neighbor table, add routes ~# ip neigh show 67.205.128.1 dev eth0 lladdr fe:00:00:00:01:01 REACHABLE 2604:a880:400:d0::1 dev eth0 lladdr fe:00:00:00:01:01 REACHABLE ~# ip -6 neigh show 2604:a880:400:d0::1 dev eth0 lladdr fe:00:00:00:01:01 REACHABLE ~# ip route default via 67.205.128.1 dev eth0 proto static 10.10.0.0/16 dev eth0 proto kernel scope link src 10.10.0.10 10.136.0.0/16 dev eth1 proto kernel scope link src 10.136.161.195 67.205.128.0/20 dev eth0 proto kernel scope link src 67.205.137.40 ~# ip route add 169.254.169.254 via 67.205.128.1 ~# ip route show 169.254.169.254 169.254.169.254 via 67.205.128.1 dev eth0
  • 27. Now you can answer: What are the network interfaces, ip addresses, subnet, and broadcast address of my droplet? What is the internet gateway? What is the corresponding hardware address for a particular IP? How can I add a route? ifconfig route arp ip
  • 29. tcpreplay Replays traffic from packet capture fire Server Client # tcpdump -i eth0 -w traffic.pcap # tcpreplay -i eth0 httptraffic.pcap ... Statistics for network device: eth0 Successful packets: 291 Failed packets: 3 Truncated packets: 0 Retried packets (ENOBUFS): 0 Retried packets (EAGAIN): 0
  • 30. wrk2 Send HTTP load Server Client # wrk2 -t1 -c10 -d60s -R100 -L http://157.230.80.127:80 Running 1m test @ http://157.230.80.127:80 1 threads and 10 connections Thread calibration: mean lat.: 1.460ms, rate sampling interval: 10ms Thread Stats Avg Stdev Max +/- Stdev Latency 1.45ms 483.34us 11.84ms 72.24% Req/Sec 106.69 104.46 400.00 29.94%
  • 31. iperf3 Send TCP or UDP traffic Server # iperf3 -s --------------------- Server listening on 5201 --------------------- Client # iperf3 -c 157.230.80.127 5201 Connecting to host 157.230.80.127, port 5201 … [ ID] Interval Transfer Bandwidth Retr [ 4] 0.00-10.00 sec 2.25 GBytes 1.93 Gbits/sec 224850 sender [ 4] 0.00-10.00 sec 2.24 GBytes 1.93 Gbits/sec receiver
  • 32. Demo!
  • 33. Now you can answer: What is the max throughput I can send through an interface? What is the UDP jitter experienced with max UDP throughput? What is latency of requests when my service is under load? How many requests/sec can my service handle? What is the max number of connections I can send traffic through? tcpreplay wrk2 iperf3 nuttcp
  • 35. There are numerous linux CLI networking utilities. All open-source! Useful for virtual machines (check routing information, open ports, interfaces, neighbor tables, add routes) and microservices (capture traffic and load test)!