CMSC 691x UNIX System Administration
Presentation of Chapter 14 TCP/IP and Routing
by Kejian Hu
14.9 Network Debugging
Most tools give low-level information, so you have to understand the main ideas of TCP/IP and routing in order to use them.
Ping: Check if a host is alive
ICMP:
Ping command uses the ICMP protocol's ECHO_REQUEST datagram to force a response from a particular machine.
Low_level protocol:
1. server is not involvedTwo types of Ping:
2. doesn't mean that the highlevel services are running
1. Old type:Usage:% ping tigger /* old- ping style */
tigger is aliveorinoco[112] ping lady2. New type:
I pinged from one cs machine to another cs machine.
orinoco[112] ping lady
PING lady.cs.umbc.edu (130.85.100.70): 56 data bytes
64 bytes from 130.85.100.70: icmp_seq=0 ttl=255 time=2.793 ms
64 bytes from 130.85.100.70: icmp_seq=1 ttl=255 time=1.239 ms
64 bytes from 130.85.100.70: icmp_seq=2 ttl=255 time=1.339 ms
64 bytes from 130.85.100.70: icmp_seq=3 ttl=255 time=1.302 ms
64 bytes from 130.85.100.70: icmp_seq=4 ttl=255 time=1.319 ms
64 bytes from 130.85.100.70: icmp_seq=5 ttl=255 time=1.308 ms
64 bytes from 130.85.100.70: icmp_seq=6 ttl=255 time=1.339 ms
^C /* type control+c here to stop */----lady.cs.umbc.edu PING Statistics----
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max = 1.239/1.520/2.793 ms
1. Check if the host is alivefor instance:
2. Verify configuration of network involving ARP, routing and gateway
use ICMP sequence number to detect unusual status of networknetstat: Gob's Status
e.g. one channel doesn't work properly in multiplex channels.
-- display various network-related status information.
There are four most common uses of netstat:
-- displaying the active tcp and udp ports.
orinoco[118] netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address
Foreign Address (state)
udp 0
0
orinoco.cs.umbc..ntp
0.0.0.0.*
tcp 0
0
localhost.1055
localhost.1028
ESTABLISHED
2. Inspecting interface configuration information:
-- showing the network interfaces.
orinoco[120] netstat -i
Name Mtu Network Address
Ipkts Ierrs
Opkts Oerrs Coll
ec0 1500 130.85.100 orinoco.cs.umbc
14293904 0 4156010
484 0
lo0 8304 loopback
localhost
135739 0
135739 0
0
3. Examining the routing table:
orinoco[122] netstat -r
Routing tables
Internet:
Destination
Gateway
Netmask Flags Refs
Use Interface
default
rsm1.umbc.edu
UG 3
83260 ec0
localhost
localhost
UH 16 132306
lo0
130.85.100
orinoco.cs.umbc. 0xffffff00 U
16 640135
ec0
orinoco.cs.umbc. localhost
UGHS 2 3364
lo0
130.85.101
mctr-gw.umbc.edu 0xffffff00 UG
0 0
ec0
224
orinoco.cs.umbc. 0xf0000000 US
1 121
ec0
Flags: U,G,H
You can also check the routing table by command netstat -r- n.
In this case, the Destination and Gateway parts above will be presented
by decimal-dotted IP address.
4. Getting operational statistics for various network protocol:
by command netstat -s
orinoco[131] netstat -s
udp:
6040166 total datagrams
received
0 with incomplete header
0 with bad data length field
0 with bad checksum
2142 datagrams dropped due
to no socket
971204 broadcast/multicast
datagrams dropped due to no socket
0 datagrams dropped due
to full socket buffers
5066820 datagrams delivered
2976635 datagrams output
tcp:
334110 packets sent
87988 data packets (38055743 bytes)
902 data packets (302320 bytes) retransmitted
149170 ack-only packets (67565 delayed)
0 URG only packets
18 window probe packets
31671 window update packets
64380 control packets
362560 packets received
.
.
igmp:
0 messages received
0 messages received with
too few bytes
0 messages received with
bad checksum
0 membership queries received
0 membership queries received
with invalid field(s)
0 membership reports received
0 membership reports received
with invalid field(s)
0 membership reports received
for groups to which we belong
0 membership reports sent
icmp:
2142 calls to icmp_error
0 errors not generated 'cuz
old message was icmp
Output histogram:
echo reply : 66
destination unreachable : 2142
2 messages with bad code
fields
0 messages < minimum
length
0 bad checksums
0 messages with bad length
Input histogram:
echo reply : 72
destination unreachable : 168
echo : 66
time exceeded : 15
address mask request : 1
address mask reply : 1
66 message responses generated
ip:
7870549 total packets received
0 bad header checksums
0 with size smaller than
minimum
0 with data size < data
length
0 with header length <
data size
0 with data length <
header length
0 with bad options
1396785 fragments received
0 fragments dropped (dup
or out of space)
33 fragments dropped after
timeout
6420057 packets for this
host
257 packets recvd for unknown/unsupported
protocol
0 packets forwarded
(forwarding enabled)
309255 packets not forwardable
0 redirects sent
3314567 packets sent from
this host
0 output packets dropped
due to no bufs, etc.
51850 output packets discarded
due to no route
218741 datagrams fragmented
1028476 fragments created
0 datagrams that can't be
fragmented
traceroute: Trace IP Packets
--lets you discover the sequence of gateways through which an
IP packet travels to reach its destination.
Instance by trace gl from a cs machine:
orinoco[134] traceroute gl.umbc.edu
traceroute to gl.umbc.edu (130.85.60.8), 30 hops max, 40 byte packets
1 rsm1.umbc.edu (130.85.100.1) 3 ms 1 ms
1 ms
2 umbc8.umbc.edu (130.85.60.8) 3 ms 4 ms
2 ms
Another instance to www.waterhouse.com:
orinoco[147] traceroute www.waterhouse.com
traceroute to www.waterhouse.com (208.240.92.105), 30 hops max,
40 byte packets
1 rsm1.umbc.edu (130.85.100.1) 2 ms 3 ms
5 ms
2 bigdog-gw.umbc.edu (130.85.14.1) 5 ms 2 ms
1 ms
3 1.atm8-0-0.umab-gw.net.ums.edu (131.118.255.129)
3 ms 3 ms 3 ms
4 206.181.226.97 (206.181.226.97) 17 ms 22
ms 24 ms
5 dca1-core3-h4-0.atlas.digex.net (165.117.51.70)
31 ms 33 ms 42 ms
6 dca1-core5-fa6-0-0.atlas.digex.net (165.117.16.5)
45 ms 44 ms 31 ms
7 dca1-core10-pos1-1.atlas.digex.net (165.117.59.1)
32 ms 60 ms 62 ms
8 dca6-core1-pos1-3.atlas.digex.net (165.117.51.190)
76 ms 59 ms 44 ms
9 dca5-core3-pos1-0.atlas.digex.net (165.117.51.1)
50 ms 63 ms 68 ms
10 dca5-core1-pos8-0-0.atlas.digex.net (165.117.51.101)
84 ms 90 ms (ttl=249!) 77 ms
11 Hssi3-1-0.BR1.DCA1.ALTER.NET (209.116.159.98) 181 ms
179 ms 271 ms
12 101.ATM3-0.XR2.DCA1.ALTER.NET (146.188.160.230) 64 ms
(ttl=247!) 77 ms (ttl=247!) 86 ms (ttl=247!)
13 194.ATM10-0-0.GW1.DCA1.ALTER.NET (146.188.161.21) 77
ms 92 ms 73 ms
14 u10260-UUNET.COM (157.130.33.222) 57 ms (ttl=245!)
34 ms (ttl=245!) 26 ms (ttl=245!)
15 www2.waterhouse.com (208.240.92.105) 28 ms (ttl=240!)
23 ms (ttl=240!) 29 ms (ttl=240!)
tcpdump, etherfind, and snoop: Monitor Traffic
-- These are called packet sniffers. They liston to the traffic on a network and record or print the packet that meet certain criteria specified by user.
tcpdump is distributed with OSF/1 and BSDI.
etherfind is SUN's clone of tcpdump distributed with SunOS.
snoop is distributed with SUN Solaris.
tcpdump is not supported at orinoco.cs.umbc.edu.
arp: Insepct and manage address mappings
-- it accesses the kernel table that maps IP address into hardware addresses.
-- don't require administration on ethernet.
dumping the content of mapping talbe:
orinoco[187] arp -a
lady.cs.umbc.edu (130.85.100.70) at 8:0:69:7:6c:47
retriever.cs.umbc.edu (130.85.100.32) at 8:0:69:8:b3:e7
actaeon.cs.umbc.edu (130.85.100.119) at 8:0:20:a2:67:5b
wyrsa.cs.umbc.edu (130.85.100.164) at 0:60:f5:1:b:17
rsm1.umbc.edu (130.85.100.1) at 0:e0:34:a0:30:0
deletes an entry:
arp -d hostname
adds an entry:
arp -s hostname address
14.10 - 14.11 Other Protocols, AppleTalk
AppleTalk:
developed by Apple including a full complement of networking facilities.
Configuration:
1. little is needed for end-user machine
2. elaborate configuration is needed for AppleTalk routers.
Working medium:
serial cables ( LocalTalk ), Ethernet (EtherTalk)
MacTCP : implementation of TCP/IP protocols for Macintosh.
EtherTalk: AppleTalk protocols running on ethernet is called
EtherTalk.
LocalTalk: low-cost system that uses twisted-pair serial cables.
AppleTalk Addressing: network number + node number
AppleTalk Naming: /object/type/zone triplet
Zone: devices at an AppleTalk are grouped into "zones" to make
easier to locate them.
object name and type name: for each apple entity.
14.12 IPX
(Internetworking Packet Exchange) is a protocol developed by Novell in its product NetWare.
Derived from IDP(internetworking Datagram Protocol).
Sitting on top of IPX are protocols including :
DECnet Addressing:
independent to transport medium
area( 1byte)/node(2 bytes)
DECnet Routing:
Using static tables till Phase V, so it was only useable for small and
mid-sized networks.
14.14 Recommended reading
Stevens, Richard: TCP/IP Illustrated, Volume one: the protocols
Comer,Douglas: Internetworking with TCP/IP Volume one:
Principles, Protocols and Architecture.