Introduction
There is no easy path to understanding TCP/IP network communication. Experienced system programmers spend hours each year tuning and improving the basic communication protocols that connect the internet. IT administrators spend thousands of hours configuring hosts, servers, switches, routers, and optimizing network architecture to maximize network throughput. Many of us who simply use applications and programming languages don't dig to deeply into these areas. However, TCP/IP communication makes everything work. Without imbibing some understanding and network troubleshooting techniques, your career as a JavaScript programmer will suffer frustration. As a programmer or IT administrator, you really can't get TCP/IP network administration without using administrative commands from the shell. Graphical suites that help troubleshoot network connectivity are not always available and sometimes they provide more information than needed. The official internet STDs and RFCs represent an authoritative starting point for greater understanding of TCP/IP; but the internet is awash in tutorials on these subjects. I recommend finding something authoritative.
Commands and arguments will be in bold. Screen examples and output will print in blue. Choices will be [enclosed in brackets delineated by commas]. To complete this exercise, start an Xll Terminal on your MAC, UNIX, or Cygwin emulation. For Windows cmds, please start an administrative cmd sessions. If possible, it may be helpful to open multiple terminals or Xterms; one in which to practice the commands, the other in which to run man or info commands to further understand specific arguments. UNIX is at all times cap sensitive.
UNIX commands run under an Operating System shell whose opening prompt will be delineated by a character(s) like #, $, or bash-. The presence of such a prompt means your are in that particular shell. Normally, you will recognize your shell type by the prompt. You can use the command echo $SHELL to return the shell type. The bash command will take you to a bash shell which is the most popular and powerful of administrative UNIX shells. Issuing exit will leave your shell. To run the commands as a particular user, change to appropriate directory (e.g. cd /home/rferrisx ), issue an su username command and provide a password. The whoami command will tell you what user you are logged in as. Some commands may require a login with administrative or root privileges to run successfully.
Some examples:
whoami
[root]
cd /home/rferrisx
su rferrisx
whoami
[rferrisx]
The command clear will erase your screen. Your previously typed commands can be found by using the up or down arrows. The keystroke combination CTRL-C will terminate most commands. Start an X11 Terminal. Lowercase q will terminate pagination. Space and Enter advance pagination on a command by one screen or one line respectively. With all UNIX commands, the less and more commands can be appended and used to page through output. PageUp, PageDown, Enter,Space provide keystroke control pagination for long output. The size of the X11 font can usually be adjusted by holding down the CTRL key and right-clicking your mouse. The properties menu of the application control panel of a cmd or Powershell console provides for similar configuration.
Generic Commands
man man describes how to access help for any UNIX cmd.man 'command name' accesses help for any command
man -k keyword -s section number provides a keyword search on for a particular section. Sections 1 or 8 describe most system tools or administrative commands. Lowercase q will end pagination.
A popular alternative to man pages is the info command. Type info info to learn more.
Windows command help can generally be obtaining by appending /? or -? to the end of any command. Powershell cmds accept the man argument (e.g. man gc -full ) . Certain commands are essential to navigating all command or cmd shells, although the specific arguments and format may differ between Operating Systems and respective shells. Some of these commands are:
- echo (UNIX, Windows cmd)
- cat (UNIX)
- grep or sls (UNIX, Powershell)
- less (UNIX)
- gawk (UNIX but available for Windows cmd)
- vi (UNIX)
- more (UNIX, Windows cmd, Powershell)
- findstr (Windows cmd only)
- gc (Powershell only)
Network Commands: Parsing network address information
Understanding your local network information allows you to see what interfaces your server and client are using to communicate. Without appropriate configuration for address, gateways, and routes to local or internet hosts, network communication fails.
On UNIX and MAC:
ifconfig 'interface name' will expose the configuration for that interface.
ifconfig 'interface name' [up,down] will change the state of the interface.
UNIX commands can be piped together to send the output from one command to the input of another. For example, when used with the grep ("generalized regular expression parser") command, specific data for the IPv4 connection will be printed on single line. Please spend some time with 'man grep'.
ifconfig iwn0 | grep -w inet
inet 192.168.0.24 netmask 0xffffff00 broadcast 192.168.0.255
The output from this command lists the IP Address, broadcast address and netmask attached to the iwn0 network interface. The IP Address indicates that your machine is addressed. A similar set of commands can be issued at an administrative Windows cmd prompt, Powershell Prompt, or NT Cygwin prompt with:
ipconfig /all
ipconfig /all | findstr Address
ipconfig /all | findstr Gateway
ipconfig /all | findstr Mask
[ or ]
echo Address > search.txt & echo Gateway >> search.txt & echo Mask >> search.txt
ipconfig /all | findstr /g:search.txt
Physical Address. . . . . . . . . : [deleted]
Physical Address. . . . . . . . . : [deleted]
IPv4 Address. . . . . . . . . . . : 192.168.200.124(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.200.1
Physical Address. . . . . . . . . : 00-24-BE-65-6D-59
Multiple examples of increasing address and host network detail from Windows Powershell:
- gwmi -class Win32_NetworkAdapterConfiguration | % {if ($_.IPAddress -ne $null) {$input}}
- gwmi -class Win32_NetworkAdapterConfiguration | % {if ($_.IPAddress -ne $null) {$input}} | fl *
- gwmi -class Win32_NetworkAdapterConfiguration | % {if ($_.IPAddress -ne $null) {$input | Select -ea 0 IP,DHCP,DNS,WINS}}
PS C:\Windows\system32> gwmi -class Win32_NetworkAdapterConfiguration | % {if ($_.IPAddress -ne $null) {$input}}
DHCPEnabled : True
IPAddress : {192.168.200.124}
DefaultIPGateway : {192.168.200.1}
DNSDomain :
ServiceName : NETwNs64
Description : Intel(R) Centrino(R) Advanced-N 6200 AGN
Index : 11
or
- netsh interface ipv4 show addresses
- netsh interface ipv6 show addresses
Configuration for interface "Local Area Connection 3"
DHCP enabled: Yes
InterfaceMetric: 30
Configuration for interface "Wireless Network Connection"
DHCP enabled: Yes
IP Address: 192.168.200.124
Subnet Prefix: 192.168.200.0/24 (mask 255.255.255.0)
Default Gateway: 192.168.200.1
Gateway Metric: 0
InterfaceMetric: 25
Configuration for interface "Local Area Connection"
DHCP enabled: No
InterfaceMetric: 5
Configuration for interface "Loopback Pseudo-Interface 1"
DHCP enabled: No
IP Address: 127.0.0.1
Subnet Prefix: 127.0.0.0/8 (mask 255.0.0.0)
InterfaceMetric: 50
Network Commands: Parsing connections states and endpoint information
Network endpoints couple foreign IP addresses and ports with your local hosts. They tell you what services on your host or server are connected with their analogs on foreign hosts. An understanding of application service port mapping is important but won't be covered here. More information is readily available on internet (e.g. see http://www.rfc-editor.org/std/std1.txt ). The curious may type:
On UNIX and MAC:
cat /etc/services
cat /etc/services | wc -l
On Windows from Powershell 3.0:
gc C:\Windows\System32\drivers\etc\services | get-unique
(gc C:\Windows\System32\drivers\etc\services | get-unique ).count
On Windows from the cmd line:
more C:\Windows\System32\drivers\etc\services
netstat -an -p [TCP,UDP] will show you foreign IP Addresses and their connected states to your TCP stack for all of Windows, UNIX, MAC. The formats will be slightly different:
On UNIX or MAC:
netstat -an -p TCP
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 192.168.0.24.38895 173.194.33.37.443 ESTABLISHED
tcp 0 0 192.168.0.24.14948 173.194.39.111.80 ESTABLISHED
tcp 0 0 192.168.0.24.27910 173.194.39.111.80 ESTABLISHED
tcp 0 0 192.168.0.24.16910 173.194.39.111.80 ESTABLISHED
tcp 0 0 192.168.0.24.15600 173.194.39.111.80 ESTABLISHED
...On Windows:
netstat -an -p TCP
....
TCP 192.168.200.124:139 0.0.0.0:0 LISTENING
TCP 192.168.200.124:61442 74.125.139.125:5222 ESTABLISHED
TCP 192.168.200.124:61447 173.194.33.30:443 ESTABLISHED
TCP 192.168.200.124:61459 69.171.246.16:443 ESTABLISHED
TCP 192.168.200.124:61499 173.194.33.54:443 ESTABLISHED
...If installed on MAC or UNIX, the lsof -i -NR gives even clearer information on connected internet services and applications.
lsof -i -NR
COMMAND PID PPID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dhclient 6101 1 _dhcp 8u IPv4 0xd9d4f000 0t0 HOPOPTS *:*
Xorg 8579 31013 _x11 5u IPv6 0xd9c32334 0t0 TCP *:6000 (LISTEN)
Xorg 8579 31013 _x11 7u IPv4 0xd9c324cc 0t0 TCP *:6000 (LISTEN)
....
lsof -i -NR | gawk '{print $1" "$10}' | grep mrs02s04
chrome 192.168.0.24:5894->mrs02s04-in-f15.1e100.net:www
chrome 192.168.0.24:44445->mrs02s04-in-f15.1e100.net:www
chrome 192.168.0.24:25086->mrs02s04-in-f15.1e100.net:www
chrome 192.168.0.24:18018->mrs02s04-in-f15.1e100.net:www
....The fstat command on OpenBSD can deliver similar information. Note how grep is used her twice to filter information:
# fstat | grep "internet stream" | grep 443
rferrisx chrome 27185 73* internet stream tcp 0xd9c32664 192.168.0.24:9109 --> 173.194.33.22:443
rferrisx chrome 27185 85* internet stream tcp 0xd9c32994 192.168.0.24:1033 --> 173.194.79.125:443
rferrisx chrome 27185 94* internet stream tcp 0xd987e804 192.168.0.24:27012 --> 23.3.68.112:443
rferrisx chrome 27185 95* internet stream tcp 0xd988a338 192.168.0.24:9914 --> 173.194.33.4:443
...On Windows the netsh cmd prompt (here used inside Powershell) delivers similar endpoint information:
PS C:\Windows\system32> netsh interface ipv4 show tcpconnections
MIB-II TCP Connection Entrynetsh
Local Address Local Port Remote Address Remote Port State
-----------------------------------------------------------------------
0.0.0.0 135 0.0.0.0 0 Listen
192.168.200.124 139 0.0.0.0 0 Listen
0.0.0.0 2345 0.0.0.0 0 Listen
127.0.0.1 4573 127.0.0.1 49167 Established
127.0.0.1 49167 127.0.0.1 4573 Established
127.0.0.1 61190 0.0.0.0 0 Listen
192.168.200.124 61442 74.125.139.125 5222 Established
192.168.200.124 61447 173.194.33.30 443 Established
...
This windows command will show all open IPv4 connections that have an established state that are not connected to the local loopback:
netsh interface ipv4 show tcpconnections | findstr Established | findstr /v 127.0.0.1
PS C:\Windows\system32> netsh interface ipv4 show tcpconnections | findstr Established | findstr /v 127.0.0.1
192.168.200.124 61442 74.125.139.125 5222 Established
192.168.200.124 61447 173.194.33.30 443 Established
192.168.200.124 61459 69.171.246.16 443 Established
192.168.200.124 61618 31.13.76.8 443 Established
192.168.200.124 61794 23.33.254.226 443 Established
192.168.200.124 61795 23.33.254.226 443 Established
...
Troubleshooting techniques for Network Administration
(Section Under Construction) Common shell commands for troubleshooting networks include:
For UNIX, MAC, Windows:
- arp : Adress Resolution Protocol - shows foreign address resolutionApplications available for installation on all platforms
- ping : packet internetwork generation -sends ICMP packets to foreign hosts
- route : delineates and modies routing tables
- traceroute, tracert : sends communication test paths to hosts to determine path and latency
- nslookup : finds nameserver information
For Windows
- pathping : cmd line utility provides enhanced ping and tracert functionality
- Test-connection: Cmdlet provides connection testing functionality - Powershell 3.0 only
- Invoke-WebRequest : Cmdlet provides web testing functionality - Powershell 3.0 only
- dig : finds nameserver information
- strace : traces system information
Applications available for installation on all platforms:
- ssh : secure shell provides default remote administration terminal for almost all UNIX based systems
- netcat : provides socket connection test functionality
- wget: provides web connection test functionality
- nmap : provides network scanning functionality
- tcpdump, windump
- snort
Next up: How to troubleshoot network and application connectivity issues
No comments:
Post a Comment