Network Troubleshooting

July 1, 2020 Linux 2 minutes, 21 seconds

Check alos dnsmasq and /etc/resolv.conf

nslookup DOMAIN.TLD # A record
nslookup IP # rDNS
nslookup -query=any DOMAIN.TLD # query all DNS records

dig DOMAIN.tld [+short]
dig -x IP +short # rDNS
dig DOMAIN.tld TTL # TTL record
dig DOMAIN.tld ANY +noall +answer # query all DNS records

traceroute www.google.com # uses UDP data on random port
traceroute -I www.google.com # uses ICMP data
traceroute -T -p 80 www.google.com # fix TCP port to test path to services to bypass firewalls
tracepath www.google.com # similar to traceroute but does not require root priviledge as it does not manipulate raw packages
mtr -rw www.google.com #send 10 packets and generate report

dhcpdump -i INTERFACE
# udp 67 server, udp 68 client
tcpdump -i INTERFACE port 67 or port 68 -e -n

On your server start

iperf -s -p SERVERPORT

On your client

iperf -c SERVERIP -p SERVERPORT -t 15 -i 1 -f m
  • -t 15 runs for 15 secons
  • -l 1 shows output every second
  • -f m shows rate in Mbps

ip a
ifconfig # deprecated

List routes

ip r
route -n # deprecated

Add default gateway

ip route add default via GATEWAYIP
route add default gw GATEWAYIP # deprecated

local

lsof -i -P -n [ | grep LISTEN]
ss -tulpen
netstat -tulpen # deprecated

on remote

telnet HOST PORT
nc -zv HOST PORT[-][PORT]
nmap -source-port PORT HOST

on remote with minimal tools

awk 'function hextodec(str,ret,n,i,k,c){
    ret = 0
    n = length(str)
    for (i = 1; i <= n; i++) {
        c = tolower(substr(str, i, 1))
        k = index("123456789abcdef", c)
        ret = ret * 16 + k
    }
    return ret
}
function getIP(str,ret){
    ret=hextodec(substr(str,index(str,":")-2,2));
    for (i=5; i>0; i-=2) {
        ret = ret"."hextodec(substr(str,i,2))
    }
    ret = ret":"hextodec(substr(str,index(str,":")+1,4))
    return ret
}
NR > 1 {{if(NR==2)print "Local - Remote";local=getIP($2);remote=getIP($3)}{print local" - "remote}}' /proc/net/tcp

origin

programmatically

#!/bin/bash
ip=$1
ports=( 5443 3443 6443 8443 7443 22 23 7079 8079 80 8080 )
for port in "${ports[@]}"
do
  nc -z -v -w5 $ip $port
done

iftop -i INTERFACE
nethogs device INTERFACE

nmap -p 1-100 # scan ports
nmap -p- # scan all ports
nmap -sT # use  TCP connect
nmap -sS # use TCP SYN
nmap -sU # scan UDP
nmap -A # OS and service detection
nmap -sV [--version-intensity 5] # Standard service detection (increased agressivity
nmap -oX outputfile.xml # save as XML
nmap -oG outputfile.txt # save for grep
nmap -sV -sC # use default save scripts
locate nse | grep script # list available scripts

Analyze nmap output with NetworkScanViewer