COVER STORY Networking tools
Networking Tools 101 The Networker Networked machines offer huge benefits, but they also mean added responsi- bilities. From the moment you connect your machine to the network, you are not only expected to know all about your machine, but also about the way it communicates with the outside world. Standard tools can help you cope.
BY NICO LUMMA
computer without a connection transmitted via wireless to the outside world seems like a components or FDDI lines, Athrowback to a previous age. and an FDDI line does not Although today’s Linux distributions need to know whether the typically handle the installation of the bits it is transporting basic networking components, adminis- belong to HTML files, trators then assume responsibility – and MP3s, or videos, network in some cases their training may not experts use a layered have covered networking techniques. In model to describe com- this scenario it makes sense to gain as puter networks. Each layer Figure 1:The mass of data for “ip addr” includes critical informa- much knowledge as possible about the builds up on the underly- tion on your current IP address, and “inet” indicates the netmask. things computers get up to on a network. ing layer, but apart from Networks can become unresponsive, that, the layers work independently of includes the addresses of the sender and or a single machine (such as the Web one another. receiver. When a Web page is served up, server) may become unreachable. Major The application layer, as the name sug- the packets may take different routes. Linux distributions have tools to handle gests, defines how the applications After accepting packets, the receiving all of these tasks. themselves, such as browsers, or mail end has to ensure that they are reassem- programs, talk to Web or mail servers. bled in the right order. Beside the Networking Basics Exactly how that occurs depends on the Internet Protocol itself, the network layer Unfortunately, most of these tools application. For example, the HyperText has protocols such as the Internet Con- assume that you know exactly how a Transfer Protocol, HTTP, is used on the trol Message Protocol, ICMP, for control computer network works. TCP/IP is the Web, whereas file downloads often use messages (such as error messages), the basic component of the Internet and the File Transfer Protocol. Address Resolution Protocol, ARP, which many local networks. A combination of The transport layer resides below the maps IP addresses to hardware (MAC) the Transmission Control Protocol and application layer. This layer sets up con- addresses, and its counterpart RARP (the the Internet Protocol, this protocol suite nections between computers, allowing Reverse Address Resolution Protocol). specifies how computers on a network them to exchange data. TCP provides a The lowest layer of the OSI layered communicate and exchange data. reliable data stream between the end- model is the Physical layer. At this level As a Web browser does not need to points (for the HTTP, SSH, POP, or SMTP we are concerned with the transmission know whether the information is being application protocols) and ensures that of bits and the standarization of proto- dropped packets are re-transmitted. The cols for dealing with electrical, GLOSSARY other major protocol at this level is the mechanical and signaling interfaces. DNS: DNS servers have databases that they User Datagram Protocol, UDP, which can This includes RS-232 standards and X.21. can use to map IP addresses to Internet drop packets (and is used by Real Audio Network components are identified by names (and vice versa).They refer to their streams, for example). their IP address. TCP can retransmit databases to answer queries sent by browsers Things start to get really interesting in packets ensuring that eventually the and Internet applications unbeknown to their users. A user who types the underlying network layer. This is receiver has a full set. The application www.google.com is actually formulating a where data packets (irrespective of their protocols at the highest level rely on this query that returns the IP address content) are placed on the wire, and service. Without some knowledge of 216.239.39.99. It is to this address that the attempt to find the best route to the tar- these layers, many network tools will not browser will actually open a connection. get. To simplify this task, each packet make a lot of sense.
20 May 2004 www.linux-magazine.com COVER STORY Networking tools
Figure 2:“ip route” provides a clearer view of IP information. Figure 3:The target machine, 192.168.1.1, responded to all five pings.
Status Check for the WLAN – and so on). This shows a target, and displays the time it takes for Before you start analyzing network traf- the IP address of the computer the response to reach your computer – fic, it is important to make sure that your (192.168.1.245 in Figure 1), the netmask assuming that the target answers at all. computer is actually using the network (/24), the broadcast address (192.168. The last section is a group of statistics as it should be. 1.255) and the name of the network that tell you how many packets ping To make a long story short, each interface, eth0. transmitted (five in Figure 3), how many machine needs a unique IP address to The output from ip route is easier to replies came back (again five), and how be able to communicate with other read (see Figure 2). The first line shows long this took (4002 milliseconds). If machines on the network. The gateway the network (the network address in our packets are dropped, they are shown in address allows data packets destined for example is 192.168.1.0) and netmask the packet loss section. If the target is the world to leave the local network. /24, the network interface, and finally unreachable, nothing happens for a The ip command provides details of the data source (src stands for “source”), while, as ping waits for replies. your current settings. Older systems may that is the IP address (192.168.1.245). ping hostname pings the target until only have the ifconfig and route com- The second line details the default gate- you press [Ctrl-c]. You can specify ping -c mands, which output the same way, 192.168.1.1. 10 hostname instead, to transmit 10 information, but in a slightly different If critical information, such as the IP pings and then stop pinging. format. If the shell tells you that it can- address and gateway are missing here, not locate these commands, it may be that could explain why your computer is Routes because they have been installed in not behaving as it should on the net- While ping simply tells you if the target /sbin, which is not typically in the work. In this case, launch your distro’s is responsive, traceroute (typically: /usr/ search path. In this case, simply add the configuration tool (for example YaST for sbin/traceroute) shows the route that the full path (e.g. /sbin/ip). Suse), and double-check your settings. data packets have taken to the target The addr option tells ip to output the machine (see Figure 4). The asterisks details of the network adapter. The line Ping-Pong (***) are indicative of an error that with eth0 at the end refers to the first ping is a simple, but extremely practical occurred en route, or that a firewall has adapter in the system (eth0 is the first network analysis tool. It transmits ICMP refused to allow this type of IP packet to Ethernet card, eth1 the second – possibly data packets from your own computer to pass. Incidentally, you can specify the -n
Figure 4:“traceroute” showing the route to “linux-magazine.com”. Figure 5:“mtr” combines the output of “traceroute” and “ping”.
22 May 2004 www.linux-magazine.com Networking tools COVER STORY
Figure 6:“iptraf” is useful, even without a separate configuration and filter. Figure 7: How many packets are going to and from what address? option to avoid displaying the host will display the network hostnames. traffic for the targethost. mtr targethost (typically: /usr/sbin/mtr) provides a Quo Vadis? clearer view (see Figure 5), as It makes sense to install spe- it tells you exactly where the cialized tools to avoid losing data packets are getting stuck, track. iptraf is one example. provided you do not press [q]. It tells you exactly what is For each hop en route, the happening on a network tool discovers what is happen- adapter, which protocols are ing to the data packets. Thus, currently being used, and to mtr can be viewed as a combi- which machines the target is nation of ping and traceroute. currently talking. Typing [q] [Enter] quits the tool. mtr -c 10 --report The main menu (see Figure targethost 6) has an IP Traffic Monitor Figure 8:“iptraf” provides detailed network statistics. item (see Figure 7) that gives tells mtr to stop after transmit- an overview of incoming and ting 10 pings, and then report on its local network. This may allow the user outgoing traffic, allowing you to find findings. to read other people’s passwords. points where load is occurring. The HOST column tells you exactly A call to tcpdump outputs any data In contrast, the Detailed Interface Sta- where the data packet is, LOSS outputs packets that the network adapter sees: tistics (see Figure 8) do not tell you the percentage of dropped packets, which machines are exchanging data, RCVD and SENT tell you how many data 11:56:27.833598 192.168.1.245U but analyze the traffic flows by protocol. packets were received and sent, and the .ssh > 192.168.1.20.39258: P U This provides useful throughput data, BEST, AVG , and WORST columns tell you 1392512:1392720(208) ack 1201 U and indicates bottlenecks. For example, how long the data packets took. win 9120
www.linux-magazine.com May 2004 23