Appendix G. Diagnostic Tools

Table of Contents

G.1. ping
G.1.1. Using ping to test reachability
G.1.2. Using ping to stress a network
G.1.3. Recording a network route with ping
G.1.4. Setting the TTL on a ping packet
G.1.5. Setting ToS for a diagnostic ping
G.1.6. Specifying a source address for ping
G.1.7. Summary on the use of ping
G.2. traceroute
G.2.1. Using traceroute
G.2.2. Telling traceroute to use ICMP echo request instead of UDP
G.2.3. Setting ToS with traceroute
G.2.4. Summary on the use of traceroute
G.3. mtr
G.4. netstat
G.4.1. Displaying socket status with netstat
G.4.2. Displaying the main routing table with netstat
G.4.3. Displaying network interface statistics with netstat command
G.4.4. Displaying network stack statistics with netstat
G.4.5. Displaying the masquerading table with netstat
G.5. tcpdump
G.5.1. Using tcpdump to view ARP messages
G.5.2. Using tcpdump to see ICMP unreachable messages
G.5.3. Using tcpdump to watch TCP sessions
G.5.4. Reading and writing tcpdump data
G.5.5. Understanding fragmentation as reported by tcpdump
G.5.6. Other options to the tcpdump command
G.6. tcpflow
G.7. tcpreplay

Now that we have covered most of the basic tools for management of routes, IP addresses, and a few Ethernet tools, we come to a set of tools which are used primarily to help you figure out what is wrong in your network, where a route is broken, or even, simply, whether a host is reachable.

Some of these tools are available on other platforms, but may have different command line switches or may use different packet signatures than those described here. The concepts in many cases, transfer, but, of course, the command line options may be different.

We are going to start with one of the first networking tools that many people learn, ping and we'll move along to the common traceroute, which maps out a route from one host to another, mtr, which represents traceroute-type information in a richer format, netstat, for examining sockets (and routes) in use, and finally, the indispensable tcpdump, which reports on all traffic passing through a device.

By learning both how and when to use these tools, but even more importantly, how to read their output, you can perform a tremendous amount of reconnaisance on your own network and frequently quickly isolate problems and identify error conditions. These tools are some of the core tools of any linux administrator who is responsible for an IP network.