Troubleshooting and tools

Tools

ifconfig

Similar to ipconfig on Windows. It allows the following:

  • Enable/disable network adapters
  • Assign IP address and netmask details
  • Show current network interface configuration

iwconfig

Similar to ifconfig and ethtool for wireless cards. They also view and set the basic WiFi network details.

netstat

Displays the active TCP connections and ports on which the computer is listening; Ethernet statistics; the IP routing table; statistics for the IP; ICMP; TCP and UDP protocols. It comes with a number of options for displaying a variety of properties of the network and TCP connections

nslookup

A command line administrative tool for testing and troubleshooting DNS servers.

traceroute / tracert

This tool sends packets with TTL values that gradually increase from packet to packet, starting with a TTL value of one. The routers decrement TTL values of packets by one when routing and discard packets whose TTL value has reasched zero, returning the ICMP error message ICMP Time Exceeded.

  1. Build a packet up to layer 4. UDP can be used for the layer 4 protocol. IPv4 used at layer 3. The source address is the machine running the traceroute programme.
  2. For the first packet, make sure tTL is set to 1 in the IPv4 header.
    The first router on the path receives the packet, decrements the TTL value and drops the packet because it then has TTL value zero.
    Protocol rules say the router must send an ICMP Time Exceeded message back to the source address.

However, many network administrators now block ICMP packets passing through their routers for security reasons, Router A may be block the ICMP time exceeded from router B, so nothing reaches the final server, resulting in a request timed out error in the traceroute utility output.

tcptraceroute

Opening a TCP connection requires a TCP packet with the SYN flag to be sent. Such packets are unlikely to be blocked through intermediate routers, otherwise you could never establish a TCP connection with a remote site.

TCP connections to specific ports could be blocked, but there is probably at least one port open.

tcptraceroute never completely establishes a TCP connection with the destination host. If the remote end is not listening for incoming connections on the destination port used, it will respond with an RST indicating that the prot is closed.

If the remote end responds with a SYN|ACK, the port is known to be open. The local machine sends an RST to tear down the connection without completely three-way handshakes.

Closing a TCP connection

Three scenarios where a FSM could get stuck in CLOSE_WAIT: The client initiates by telling the TCP FSM at the remote side to close the connection; The remote side initiates by sending a FIN control signal; Both ends issue a CLOSE simultaneously.