With this fifth course in our Linux Server Professional LPIC-1 certification series, you will learn about network configuration and management, including the basics of TCP/IP, effective IP addressing, network protocols, and ports. You will also learn about how to properly set up DNS client services, aliases and hosts, and network interfaces using the ifconfig tool and its replacement, ip. Perhaps most important of all, you will discover some of Linux's powerful network troubleshooting tools, like netstat, netcat, and traceroute.
If you have thoughts or suggestions for this course, please contact Cloud Academy at firstname.lastname@example.org.
In previous videos from this course, we discussed how to identify, configure, and start network interfaces. Now it's time to learn about troubleshooting connections when things don't work. So we'll assume that our interface shows up in dmesg, as it should, and that ifconfig or ip a reports that it has an appropriate IP address. We'll also assume that the route command shows a working route to a live network gateway. But you're still not sure that you're properly connected. Does Linux offer any diagnostic tools? You bet it does. A whole whack of them.
Using ping, route, traceroute, tracepath, and netcat to troubleshoot Linux network problems
The first weapon you should pull out is the simplest, ping. As we've mentioned before, ping sends very small data packets to an address you specify, using the ICMP protocol, and requests that the packets are echoed back. When they are, then we'll know two things: that the host you're accessing is, in fact, available, but also that you have network connectivity, at least that far. You should first try an internet-based host, like Google.com. Or if you're not sure you've got DNS service, and easy to remember IP address, like 18.104.22.168, which happens to be Google's name server. If either of these work, then you'll know that connectivity is not your problem. If they don't work, then it's time for plan B, identifying the shaky link in the network. You could try pinging your gateway address, meaning the address of the device, like a router linking you to the larger network. If you don't know your gateway address, you can usually figure it out by looking at your own system IP address, using ifconfig or ip a.
In my case, if the IP address is 10.0.3.133, then the gateway is probably 10.0.3.1. You can run route to confirm this. Now let's ping 10.0.3.1. If that works, then the problem most likely exists somewhere between the router and your internet provider.
If you can't ping your router, then you should check the hardware connection, whether wired or wireless, that connects your PC to the router. It can't hurt to confirm that the router is plugged in and powered on. Believe me, you wouldn't be the first guy to miss that one. You can also use trace route against a network address to display information about each step packets take along their journey.
Traceroute, or its newer cousin, trace path will often show you exactly where connectivity breaks down. Incidentally, ping, traceroute, and tracepath all have special versions for handling IPv6 connectivity, called appropriately enough, ping6, traceroute6, and tracepath6.
Actually, getting your system ready for IPv6 can be a bit complicated, and is beyond the scope of the LPIC-1 exam. Now what if you've got all of the network and internet connectivity you need, but you're having trouble accessing a particular host that's supposed to be available. Or what if somebody's having trouble accessing your service. You should test to make sure the necessary ports are open. From a different computer or network, you can use a terrific little tool called netcat.
While you should bear in mind that netcat, which can also be used as NC, is not at all secure, it can be used to create quick host client network connections for communications or even streaming files, but it can also be used to test for open ports. Here, we'll run it with -Z and -V against Google.com to see if the http port 80 is open. If the port you need was not open, this test would fail and you'd be much closer to figuring out your problem.
You can also run netcat against a range of ports, but that can take a very long time. Netstat can check for listening and non-listening sockets, to confirm that the sockets you need are accessible. Finally, netstat -s can show you a really useful diagnostic data for each network protocol.
Let's review. You can use ping to test for connectivity to specified hosts, route to display your gateway address, trace route or trace path to track packets along their network journey, netcat to check for open ports, and netstat to check for listening and non-listening sockets. You should be aware that ping6, traceroute6, and tracepath6 are all versions of those tools, meant for IPv6 systems.
David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.
Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.
Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.
His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.