Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Classic Network Utilities

News See Also Recommended Links Recommended Articles Reference Network Troubleshooting Tools TCPreplay
Linux ip command nmcli ntop nmap ngrep -- searching network packets like Unix grep ethtool tcpdump
ifconfig ethtool ndd solaris route Linux route command netstat Wireshark
ping traceroute mtr Snoop Tcpdump ngrep netcat
httping Tcpreplay rsync snort Packet Generation Tools Humor Etc

There are at lease a dozen of classic network tools. Among them are:

Several network utilities are can pipable (netcat can create pipelines across network):

In Jan 2007 I added the page about TCP/IP troubleshooting tools to complement this page

A very good list of free network tools can be found at Top 100 Network Security Tools

Dr. Nikolai Bezroukov


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Jun 26, 2021] 20 Netstat Commands for Linux Network Management

Jun 24, 2021 | www.tecmint.com

1. Listing all the LISTENING Ports of TCP and UDP connections

Listing all ports (both TCP and UDP) using netstat -a option.

# netstat -a | more

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0     52 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED
tcp        1      0 192.168.0.2:59292           www.gov.com:http            CLOSE_WAIT
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0      0 *:59482                     *:*                         LISTEN
udp        0      0 *:35036                     *:*
udp        0      0 *:npmp-local                *:*

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     16972  /tmp/orbit-root/linc-76b-0-6fa08790553d6
unix  2      [ ACC ]     STREAM     LISTENING     17149  /tmp/orbit-root/linc-794-0-7058d584166d2
unix  2      [ ACC ]     STREAM     LISTENING     17161  /tmp/orbit-root/linc-792-0-546fe905321cc
unix  2      [ ACC ]     STREAM     LISTENING     15938  /tmp/orbit-root/linc-74b-0-415135cb6aeab
2. Listing TCP Ports connections

me title=

Listing only TCP ( Transmission Control Protocol ) port connections using netstat -at .

# netstat -at

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:ipp               *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0     52 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED
tcp        1      0 192.168.0.2:59292           www.gov.com:http            CLOSE_WAIT
3. Listing UDP Ports connections

Listing only UDP ( User Datagram Protocol ) port connections using netstat -au .

# netstat -au

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0      0 *:35036                     *:*
udp        0      0 *:npmp-local                *:*
udp        0      0 *:mdns                      *:*
4. Listing all LISTENING Connections

Listing all active listening ports connections with netstat -l .

# netstat -l

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:58642                     *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
udp        0      0 *:35036                     *:*
udp        0      0 *:npmp-local                *:*

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     16972  /tmp/orbit-root/linc-76b-0-6fa08790553d6
unix  2      [ ACC ]     STREAM     LISTENING     17149  /tmp/orbit-root/linc-794-0-7058d584166d2
unix  2      [ ACC ]     STREAM     LISTENING     17161  /tmp/orbit-root/linc-792-0-546fe905321cc
unix  2      [ ACC ]     STREAM     LISTENING     15938  /tmp/orbit-root/linc-74b-0-415135cb6aeab
5. Listing all TCP Listening Ports

Listing all active listening TCP ports by using option netstat -lt .

# netstat -lt

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:dctp                      *:*                         LISTEN
tcp        0      0 *:mysql                     *:*                         LISTEN
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:munin                     *:*                         LISTEN
tcp        0      0 *:ftp                       *:*                         LISTEN
tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN
tcp        0      0 localhost.localdomain:smtp  *:*                         LISTEN
tcp        0      0 *:http                      *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 *:https                     *:*                         LISTEN
6. Listing all UDP Listening Ports

Listing all active listening UDP ports by using option netstat -lu .

# netstat -lu

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0      0 *:39578                     *:*
udp        0      0 *:meregister                *:*
udp        0      0 *:vpps-qua                  *:*
udp        0      0 *:openvpn                   *:*
udp        0      0 *:mdns                      *:*
udp        0      0 *:sunrpc                    *:*
udp        0      0 *:ipp                       *:*
udp        0      0 *:60222                     *:*
udp        0      0 *:mdns                      *:*
7. Listing all UNIX Listening Ports

Listing all active UNIX listening ports using netstat -lx .

# netstat -lx

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     4171   @ISCSIADM_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     5767   /var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     7082   @/tmp/fam-root-
unix  2      [ ACC ]     STREAM     LISTENING     6157   /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     6215   @/var/run/hald/dbus-IcefTIUkHm
unix  2      [ ACC ]     STREAM     LISTENING     6038   /tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     6175   /var/run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING     4157   @ISCSID_UIP_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     60835836 /var/lib/mysql/mysql.sock
unix  2      [ ACC ]     STREAM     LISTENING     4645   /var/run/audispd_events
unix  2      [ ACC ]     STREAM     LISTENING     5136   /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     6216   @/var/run/hald/dbus-wsUBI30V2I
unix  2      [ ACC ]     STREAM     LISTENING     5517   /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     5531   /var/run/pcscd.comm
8. Showing Statistics by Protocol

Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP protocols. The -s parameter can be used to specify a set of protocols.

# netstat -s

Ip:
    2461 total packets received
    0 forwarded
    0 incoming packets discarded
    2431 incoming packets delivered
    2049 requests sent out
Icmp:
    0 ICMP messages received
    0 input ICMP message failed.
    ICMP input histogram:
    1 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 1
Tcp:
    159 active connections openings
    1 passive connection openings
    4 failed connection attempts
    0 connection resets received
    1 connections established
    2191 segments received
    1745 segments send out
    24 segments retransmited
    0 bad segments received.
    4 resets sent
Udp:
    243 packets received
    1 packets to unknown port received.
    0 packet receive errors
    281 packets sent
9. Showing Statistics by TCP Protocol

Showing statistics of only TCP protocol by using option netstat -st .

# netstat -st

Tcp:
    2805201 active connections openings
    1597466 passive connection openings
    1522484 failed connection attempts
    37806 connection resets received
    1 connections established
    57718706 segments received
    64280042 segments send out
    3135688 segments retransmited
    74 bad segments received.
    17580 resets sent
10. Showing Statistics by UDP Protocol
# netstat -su

Udp:
    1774823 packets received
    901848 packets to unknown port received.
    0 packet receive errors
    2968722 packets sent
11. Displaying Service name with PID

Displaying service name with their PID number, using option netstat -tp will display "PID/Program Name".

# netstat -tp

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED 2179/sshd
tcp        1      0 192.168.0.2:59292           www.gov.com:http            CLOSE_WAIT  1939/clock-applet
12. Displaying Promiscuous Mode

Displaying Promiscuous mode with -ac switch, netstat print the selected information or refresh screen every five second. Default screen refresh in every second.

# netstat -ac 5 | grep tcp

tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:58642                     *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:ipp               *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        1      0 192.168.0.2:59447           www.gov.com:http            CLOSE_WAIT
tcp        0     52 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:ipp               *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0      0 *:59482                     *:*                         LISTEN
13. Displaying Kernel IP routing

Display Kernel IP routing table with netstat and route command.

# netstat -r

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     *               255.255.255.0   U         0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth0
default         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
14. Showing Network Interface Transactions

Showing network interface packet transactions including both transferring and receiving packets with MTU size.

# netstat -i

Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0     4459      0      0      0     4057      0      0      0 BMRU
lo        16436   0        8      0      0      0        8      0      0      0 LRU
15. Showing Kernel Interface Table

Showing Kernel interface table, similar to ifconfig command.

# netstat -ie

Kernel Interface table
eth0      Link encap:Ethernet  HWaddr 00:0C:29:B4:DA:21
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:feb4:da21/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4486 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4077 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2720253 (2.5 MiB)  TX bytes:1161745 (1.1 MiB)
          Interrupt:18 Base address:0x2000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:480 (480.0 b)  TX bytes:480 (480.0 b)
16. Displaying IPv4 and IPv6 Information

Displays multicast group membership information for both IPv4 and IPv6.

# netstat -g

IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      all-systems.mcast.net
eth0            1      224.0.0.251
eth0            1      all-systems.mcast.net
lo              1      ff02::1
eth0            1      ff02::202
eth0            1      ff02::1:ffb4:da21
eth0            1      ff02::1
17. Print Netstat Information Continuously

To get netstat information every few second, then use the following command, it will print netstat information continuously, say every few seconds.

# netstat -c

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 tecmint.com:http   sg2nlhg007.shr.prod.s:36944 TIME_WAIT
tcp        0      0 tecmint.com:http   sg2nlhg010.shr.prod.s:42110 TIME_WAIT
tcp        0    132 tecmint.com:ssh    115.113.134.3.static-:64662 ESTABLISHED
tcp        0      0 tecmint.com:http   crawl-66-249-71-240.g:41166 TIME_WAIT
tcp        0      0 localhost.localdomain:54823 localhost.localdomain:smtp  TIME_WAIT
tcp        0      0 localhost.localdomain:54822 localhost.localdomain:smtp  TIME_WAIT
tcp        0      0 tecmint.com:http   sg2nlhg010.shr.prod.s:42091 TIME_WAIT
tcp        0      0 tecmint.com:http   sg2nlhg007.shr.prod.s:36998 TIME_WAIT
18. Finding non supportive Address

Finding un-configured address families with some useful information.

# netstat --verbose

netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
19. Finding Listening Programs

Find out how many listening programs running on a port.

# netstat -ap | grep http

tcp        0      0 *:http                      *:*                         LISTEN      9056/httpd
tcp        0      0 *:https                     *:*                         LISTEN      9056/httpd
tcp        0      0 tecmint.com:http   sg2nlhg008.shr.prod.s:35248 TIME_WAIT   -
tcp        0      0 tecmint.com:http   sg2nlhg007.shr.prod.s:57783 TIME_WAIT   -
tcp        0      0 tecmint.com:http   sg2nlhg007.shr.prod.s:57769 TIME_WAIT   -
tcp        0      0 tecmint.com:http   sg2nlhg008.shr.prod.s:35270 TIME_WAIT   -
tcp        0      0 tecmint.com:http   sg2nlhg009.shr.prod.s:41637 TIME_WAIT   -
tcp        0      0 tecmint.com:http   sg2nlhg009.shr.prod.s:41614 TIME_WAIT   -
unix  2      [ ]         STREAM     CONNECTED     88586726 10394/httpd
20. Displaying RAW Network Statistics
# netstat --statistics --raw

Ip:
    62175683 total packets received
    52970 with invalid addresses
    0 forwarded
Icmp:
    875519 ICMP messages received
        destination unreachable: 901671
        echo request: 8
        echo replies: 16253
IcmpMsg:
        InType0: 83
IpExt:
    InMcastPkts: 117

That's it, If you are looking for more information and options about netstat command, refer netstat manual docs or use man netstat command to know all the information. If we've missed anything in the list, please inform us using our comment section below. So, we could keep updating this list based on your comments.

[Jun 12, 2021] 7 'dmesg' Commands for Troubleshooting and Collecting Information of Linux Systems

Jun 09, 2021 | www.tecmint.com

List all Detected Devices

To discover which hard disks has been detected by kernel, you can search for the keyword " sda " along with " grep " like shown below.

[root@tecmint.com ~]# dmesg | grep sda

[    1.280971] sd 2:0:0:0: [sda] 488281250 512-byte logical blocks: (250 GB/232 GiB)
[    1.281014] sd 2:0:0:0: [sda] Write Protect is off
[    1.281016] sd 2:0:0:0: [sda] Mode Sense: 00 3a 00 00
[    1.281039] sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[    1.359585]  sda: sda1 sda2 < sda5 sda6 sda7 sda8 >
[    1.360052] sd 2:0:0:0: [sda] Attached SCSI disk
[    2.347887] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null)
[   22.928440] Adding 3905532k swap on /dev/sda6.  Priority:-1 extents:1 across:3905532k FS
[   23.950543] EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
[   24.134016] EXT4-fs (sda5): mounted filesystem with ordered data mode. Opts: (null)
[   24.330762] EXT4-fs (sda7): mounted filesystem with ordered data mode. Opts: (null)
[   24.561015] EXT4-fs (sda8): mounted filesystem with ordered data mode. Opts: (null)

NOTE : The "˜sda' first SATA hard drive, "˜sdb' is the second SATA hard drive and so on. Search with "˜hda' or "˜hdb' in the case of IDE hard drive.

[May 29, 2021] How to monitor Socket connections using ss command

May 25, 2021 | www.2daygeek.com

ss (socket statistics) is a command line tool that monitors socket connections and displays the socket statistics of the Linux system. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and much more.

This replaces the deprecated netstat command in the latest version of Linux. The ss command is much faster and prints more detailed network statistics than the netstat command.

If you are familiar with the netstat command, it will be easier for you to understand the ss command as it uses similar command line options to display network connections information.

Refer the following link to see other network command tutorials.

1) List all socket connections

The basic ss command without any arguments, which displays all the socket or network connections as shown below:

$ ss

Understanding the output header:

The default output shows thousands of lines at once and part of the output will be not visible on the terminal, so use the "˜less' command for page-wise reporting.

$ ss | less

Netid State      Recv-Q  Send-Q            Local Address:Port            Peer Address:Port           
u_seq ESTAB      0       0                        @0000d 54585                      * 54586          
u_seq ESTAB      0       0                        @0000e 54587                      * 54588          
u_seq ESTAB      0       0                        @0000f 55132                      * 55133          
u_seq ESTAB      0       0                        @00010 55134                      * 55135          
u_str ESTAB      0       0                             * 439093                     * 442955         
u_str ESTAB      0       0                             * 260423                     * 260424         
u_seq ESTAB      0       0                             * 153096                     * 153095         
u_str ESTAB      0       0                             * 57451                      * 57450          
u_str ESTAB      0       0                             * 55382                      * 49033          
u_str ESTAB      0       0                             * 41956                      * 41957          
u_seq ESTAB      0       0                             * 41936                      * 41935          
u_str ESTAB      0       0            /run/user/1000/bus 39750                      * 35633
2) View all socket connections

List all listening and non-listening sockets connections on your Linux system, run:

$ ss -a
3) View all listening socket

Display only listening sockets connections on your Linux system, run:

$ ss -l

Netid          State           Recv-Q          Send-Q         Local Address:Port                         Peer Address:Port           
nl             UNCONN          0               0                       rtnl:chrome/3578                              *               
nl             UNCONN          0               0                       rtnl:kernel                                   *               
nl             UNCONN          0               0                       rtnl:chrome/3618                              *               
nl             UNCONN          0               0                       rtnl:mission-control/2102                     *               
nl             UNCONN          0               0                       rtnl:atom/3381                                *               
nl             UNCONN          0               0                       rtnl:goa-daemon/2107                          *               
nl             UNCONN          0               0                       rtnl:firefox/2979                             *               
nl             UNCONN          0               0                       rtnl:evolution-calen/2207                     *               
nl             UNCONN          0               0                       rtnl:nscd/1262                                *               
nl             UNCONN          0               0                       rtnl:gnome-software/2229                      *               
nl             UNCONN          0               0                       rtnl:avahi-daemon/1184                        *               
nl             UNCONN          0               0                       rtnl:evolution-addre/2329                     *               
nl             UNCONN          0               0                       rtnl:wpa_supplicant/1547                      *
4) Display TCP socket connections

Display only TCP sockets connections on your Linux system, run:

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7730570141079407&output=html&h=280&slotname=3265433976&adk=708086233&adf=3690472008&pi=t.ma~as.3265433976&w=336&lmt=1621992982&psa=0&format=336x280&url=https%3A%2F%2Fwww.2daygeek.com%2Flinux-ss-command-monitor-socket-network-connections%2F&flash=0&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMCIsIng4NiIsIiIsIjkwLjAuODE4LjY2IixbXV0.&dt=1621992982495&bpp=1&bdt=213&idt=98&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C336x280&correlator=1670244224942&frm=20&pv=1&ga_vid=1530848990.1621992982&ga_sid=1621992983&ga_hid=972479207&ga_fc=0&u_tz=-240&u_his=1&u_java=0&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_nplug=3&u_nmime=4&adx=392&ady=3179&biw=1903&bih=937&scr_x=0&scr_y=0&eid=182982000%2C182982200&oid=3&pvsid=3028194719633990&pem=410&wsm=1&ref=https%3A%2F%2Fwww.linuxtoday.com%2F&eae=0&fc=640&brdim=1920%2C0%2C1920%2C0%2C1920%2C0%2C1920%2C1040%2C1920%2C937&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=G9W7JNxJPC&p=https%3A//www.2daygeek.com&dtd=100

$ ss -t

State        Recv-Q   Send-Q                              Local Address:Port                                                Peer Address:Port                   
 ESTAB        0        0                                    192.168.43.4:38658                                              142.250.183.2:https                  
 ESTAB        0        0                                    192.168.43.4:47464                                            142.250.182.227:https                  
 ESTAB        0        0                                    192.168.43.4:40184                                              34.102.149.62:https                  
 ESTAB        0        0                                    192.168.43.4:34546                                              23.211.105.67:https                  
 ESTAB        0        0                                    192.168.43.4:41188                                              52.37.132.164:https                  
 ESTAB        0        0                                    192.168.43.4:34548                                              23.211.105.67:https                  
 ESTAB        0        0                                    192.168.43.4:57118                                             142.250.196.34:https                  
 ESTAB        0        0                                    192.168.43.4:59392                                               35.244.159.8:https                  
 ESTAB        0        0                                    192.168.43.4:49948                                               94.237.76.92:ssh                    
 ESTAB        0        0                                    192.168.43.4:52680                                              142.250.77.34:https

By default the "t" option reports only the tcp sockets that are "established" or CONNECTED", and doesn't report the tcp sockets that are "LISTENING". Use the "˜-a' option together with "˜-t', if you want to view them all at once.

$ ss -ta

State        Recv-Q   Send-Q                              Local Address:Port                                                Peer Address:Port                   
 LISTEN       0        128                                       0.0.0.0:ssh                                                      0.0.0.0:*                      
 LISTEN       0        5                                       127.0.0.1:ipp                                                      0.0.0.0:*                      
 LISTEN       0        100                                     127.0.0.1:smtp                                                     0.0.0.0:*                      
 LISTEN       0        10                                        0.0.0.0:daap                                                     0.0.0.0:*                      
 ESTAB        0        0                                    192.168.43.4:38658                                              142.250.183.2:https                  
 ESTAB        0        0                                    192.168.43.4:47464                                            142.250.182.227:https                  
 ESTAB        0        0                                    192.168.43.4:40184                                              34.102.149.62:https                  
 ESTAB        0        0                                    192.168.43.4:45086                                             182.161.72.132:https                  
 ESTAB        0        0                                    192.168.43.4:41188                                              52.37.132.164:https                  
 ESTAB        0        0                                    192.168.43.4:59392                                               35.244.159.8:https                  
 ESTAB        0        0                                    192.168.43.4:49948                                               94.237.76.92:ssh
4-a) Display UDP socket connections
$ ss -ua

State              Recv-Q              Send-Q                                                    Local Address:Port                                           Peer Address:Port               
 UNCONN             0                   0                                                          192.168.43.4:46312                                               0.0.0.0:*                  
 UNCONN             0                   0                                                           224.0.0.251:mdns                                                0.0.0.0:*                  
 UNCONN             0                   0                                                           224.0.0.251:mdns                                                0.0.0.0:*                  
 UNCONN             0                   0                                                               0.0.0.0:mdns                                                0.0.0.0:*                  
 UNCONN             0                   0                                                               0.0.0.0:47347                                               0.0.0.0:*                  
 UNCONN             0                   0                                                          192.168.43.4:56078                                               0.0.0.0:*                  
 ESTAB              0                   0                                                    192.168.43.4%wlan0:bootpc                                         192.168.43.1:bootps             
 UNCONN             0                   0                                                                  [::]:mdns                                                   [::]:*                  
 UNCONN             0                   0                                [2402:3a80:462:e78:e4ca:8bb:a7ae:8888]:40157                                                  [::]:*                  
 UNCONN             0                   0                                                                  [::]:48993                                                  [::]:*                  
 UNCONN             0                   0                                [2402:3a80:462:e78:e4ca:8bb:a7ae:8888]:33353                                                  [::]:*                  
 ESTAB              0                   0                                [2402:3a80:462:e78:e4ca:8bb:a7ae:8888]:33597                            [2404:6800:4009:809::2004]:https
4-b) Display UNIX socket connections
$ ss -xa

Netid State  Recv-Q Send-Q                                  Local Address:Port                                 Peer Address:Port                                
 u_str LISTEN 0      128                       /run/systemd/journal/stdout 13825                                           * 0                                   
 u_str LISTEN 0      128                               /tmp/.ICE-unix/1989 36552                                           * 0                                   
 u_dgr UNCONN 0      0                         /run/systemd/journal/socket 13827                                           * 0                                   
 u_str LISTEN 0      5                               /tmp/.esd-1000/socket 40072                                           * 0                                   
 u_str LISTEN 0      1                                   /tmp/.X11-unix/X0 37262                                           * 0                                   
 u_str LISTEN 0      128                       /run/user/1000/keyring/.ssh 514311                                          * 0                                   
 u_str LISTEN 0      128                              @/tmp/.ICE-unix/1989 36551                                           * 0                                   
 u_str LISTEN 0      10                          /run/mcelog/mcelog-client 28958                                           * 0                                   
 u_str LISTEN 0      128                              /var/run/nscd/socket 29728                                           * 0                                   
 u_str LISTEN 0      1                                  @/tmp/.X11-unix/X0 37261                                           * 0
4-c) Display RAW socket connections
$ ss -wa

State                    Recv-Q                   Send-Q                                     Local Address:Port                                           Peer Address:Port                   
 UNCONN                   0                        0                                                      *:ipv6-icmp                                                 *:*
5) Print only listening TCP socket connections

To print only listening TCP socket connections, run:

$ ss -ltn

State                     Recv-Q                    Send-Q                                       Local Address:Port                                       Peer Address:Port                   
 LISTEN                    0                         128                                                0.0.0.0:22                                              0.0.0.0:*                      
 LISTEN                    0                         5                                                127.0.0.1:631                                             0.0.0.0:*                      
 LISTEN                    0                         100                                              127.0.0.1:25                                              0.0.0.0:*                      
 LISTEN                    0                         10                                                 0.0.0.0:3689                                            0.0.0.0:*                      
 LISTEN                    0                         128                                                   [::]:22                                                 [::]:*                      
 LISTEN                    0                         5                                                    [::1]:631                                                [::]:*                      
 LISTEN                    0                         100                                                  [::1]:25                                                 [::]:*                      
 LISTEN                    0                         10                                                    [::]:3689                                               [::]:*
6) List IPv4 and Ipv6 socket connections

To display only IPv4 socket connections, run:

$ ss -4

Netid               State                    Recv-Q               Send-Q                                  Local Address:Port                                 Peer Address:Port                
 udp                 ESTAB                    0                    0                                  192.168.43.4%wlan0:bootpc                               192.168.43.1:bootps              
 tcp                 ESTAB                    0                    0                                        192.168.43.4:41188                               52.37.132.164:https               
 tcp                 ESTAB                    0                    0                                        192.168.43.4:59392                                35.244.159.8:https               
 tcp                 ESTAB                    0                    0                                        192.168.43.4:49948                                94.237.76.92:ssh                 
 tcp                 CLOSE-WAIT               1                    0                                        192.168.43.4:50232                              35.244.247.133:https               
 tcp                 ESTAB                    0                    0                                        192.168.43.4:51714                               142.250.77.34:https               
 tcp                 ESTAB                    0                    0                                        192.168.43.4:51724                               142.250.77.34:https               
 tcp                 ESTAB                    0                    0                                        192.168.43.4:56566                               13.227.129.99:https               
 tcp                 ESTAB                    0                    0                                        192.168.43.4:48470                              142.250.183.98:https               
 tcp                 ESTAB                    0                    0                                        192.168.43.4:56718                               216.58.196.66:https

To list only IPv4 listening TCP socket connections, run:

$ ss -tl4

State                     Recv-Q                    Send-Q                                       Local Address:Port                                       Peer Address:Port                   
 LISTEN                    0                         128                                                0.0.0.0:ssh                                             0.0.0.0:*                      
 LISTEN                    0                         5                                                127.0.0.1:ipp                                             0.0.0.0:*                      
 LISTEN                    0                         100                                              127.0.0.1:smtp                                            0.0.0.0:*                      
 LISTEN                    0                         10                                                 0.0.0.0:daap                                            0.0.0.0:*

For IPv6, run:

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7730570141079407&output=html&h=184&slotname=5150237910&adk=3227626808&adf=587896717&pi=t.ma~as.5150237910&w=735&fwrn=4&lmt=1621992996&rafmt=11&psa=0&format=735x184&url=https%3A%2F%2Fwww.2daygeek.com%2Flinux-ss-command-monitor-socket-network-connections%2F&flash=0&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMCIsIng4NiIsIiIsIjkwLjAuODE4LjY2IixbXV0.&dt=1621992982496&bpp=1&bdt=214&idt=101&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D978f749437e7819d-22708b627e7a0028%3AT%3D1621992981%3AS%3DALNI_MY13eSRitp4LepWeDwTwXyjwdeREg&prev_fmts=728x90%2C336x280%2C336x280%2C300x600%2C345x280%2C0x0&nras=1&correlator=1670244224942&frm=20&pv=1&ga_vid=1530848990.1621992982&ga_sid=1621992983&ga_hid=972479207&ga_fc=0&rplot=4&u_tz=-240&u_his=1&u_java=0&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_nplug=3&u_nmime=4&adx=392&ady=6594&biw=1903&bih=937&scr_x=0&scr_y=2895&eid=182982000%2C182982200&oid=3&psts=AGkb-H9VxlsClLEA5oM4jzsUHdzBWHbU9rn3W2K7M9EOxzB2KoPU-IRemT72ux9sbPY-uxfMuQ5UycbfFQ%2CAGkb-H-eNAW05xqOhehFq2PjIRsx7AgHO8qmWMS-Kjv3XuH1h-sgRizEkzx-8eZ6_rldekRb7niSwlf44MA%2CAGkb-H-x8SRukWZnetyugYrxhDpXzEA7Po1HMx2e0AXO0lqBXf587C5R4oOm_LPtS0p9IVc---INB_7BUYaxrA%2CAGkb-H-De9aQ5VF3PKA1I_er1DvW3TNuqMQybo3dw75IRjolm2tis4g5GY885CVkNbugu7x8QZcfqnbkXTrRvQ%2CAGkb-H-qNUbHeI8A7E6X2Bx2Yq33kk_fyi1F0aaZzO5VYHVXV6lENKWAp0N5W2CCmga8H-lN5dOsHwJU7xk&pvsid=3028194719633990&pem=410&wsm=1&ref=https%3A%2F%2Fwww.linuxtoday.com%2F&eae=0&fc=896&brdim=1920%2C0%2C1920%2C0%2C1920%2C0%2C1920%2C1040%2C1920%2C937&vis=1&rsz=%7Cm%7CpeEbr%7Cp&abl=XS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=HGY50pEdeJ&p=https%3A//www.2daygeek.com&dtd=14265

$ ss -6
$ ss -tl6
7) Print process name and pid with ss command

To list process name and pid associated to the network connections, run: Make a note, you need to run this command with sudo privilege to view all process name and associated pid.

$ sudo ss -ltp

[sudo] password for root: 
 State             Recv-Q             Send-Q                         Local Address:Port                         Peer Address:Port                                                              
 LISTEN            0                  128                                  0.0.0.0:ssh                               0.0.0.0:*                users:(("sshd",pid=1338,fd=3))                   
 LISTEN            0                  5                                  127.0.0.1:ipp                               0.0.0.0:*                users:(("cupsd",pid=1260,fd=7))                  
 LISTEN            0                  100                                127.0.0.1:smtp                              0.0.0.0:*                users:(("master",pid=1630,fd=13))                
 LISTEN            0                  10                                   0.0.0.0:daap                              0.0.0.0:*                users:(("rhythmbox",pid=16209,fd=18))            
 LISTEN            0                  128                                     [::]:ssh                                  [::]:*                users:(("sshd",pid=1338,fd=4))                   
 LISTEN            0                  5                                      [::1]:ipp                                  [::]:*                users:(("cupsd",pid=1260,fd=6))                  
 LISTEN            0                  100                                    [::1]:smtp                                 [::]:*                users:(("master",pid=1630,fd=14))                
 LISTEN            0                  10                                      [::]:daap                                 [::]:*                users:(("rhythmbox",pid=16209,fd=19))
8) Show timer information of socket connections

To show how long the socket connection is alive, run:

me marginwidth=

$ ss -tn -o

State           Recv-Q       Send-Q                                      Local Address:Port                                        Peer Address:Port                                          
 ESTAB           0            0                                            192.168.43.4:41188                                      52.37.132.164:443        timer:(keepalive,9min54sec,0)      
 ESTAB           0            0                                            192.168.43.4:59392                                       35.244.159.8:443                                           
 ESTAB           0            0                                            192.168.43.4:50678                                       103.43.90.19:443        timer:(keepalive,9.512ms,0)        
 ESTAB           0            0                                            192.168.43.4:49948                                       94.237.76.92:22         timer:(keepalive,38min,0)          
 ESTAB           0            0                                            192.168.43.4:36528                                     182.161.72.130:443                                           
 ESTAB           0            0                                            192.168.43.4:48704                                     142.250.192.66:443                                           
 ESTAB           0            0                                            192.168.43.4:38544                                        103.43.89.4:443        timer:(keepalive,8sec,0)           
 ESTAB           0            517                                          192.168.43.4:57978                                     182.161.72.137:443        timer:(on,288ms,0)
9) Print summary statistics

To view overall summary of all socket connections, run: It prints the results in a tabular format, which including the number of TCP & UDP, IPv4 and IPv6 socket connections.

$ ss -s

Total: 1278
TCP:   35 (estab 10, closed 11, orphaned 0, timewait 2)
Transport Total     IP        IPv6
RAW       1         0         1        
UDP       11        7         4        
TCP       24        13        11       
INET      36        20        16       
FRAG      0         0         0
10) View extended output of socket connections

To view extended output of socket connections, run. The extended output will display the uid of the socket and socket's inode number.

$ ss -lte

State              Recv-Q             Send-Q                           Local Address:Port                           Peer Address:Port                                                         
 LISTEN             0                  128                                    0.0.0.0:ssh                                 0.0.0.0:*                 ino:27515 sk:4dc <->                       
 LISTEN             0                  5                                    127.0.0.1:ipp                                 0.0.0.0:*                 ino:30778 sk:4dd <->                       
 LISTEN             0                  100                                  127.0.0.1:smtp                                0.0.0.0:*                 ino:34118 sk:4de <->                       
 LISTEN             0                  10                                     0.0.0.0:daap                                0.0.0.0:*                 uid:1000 ino:442177 sk:586 <->             
 LISTEN             0                  128                                       [::]:ssh                                    [::]:*                 ino:27517 sk:4f3 v6only:1 <->              
 LISTEN             0                  5                                        [::1]:ipp                                    [::]:*                 ino:30777 sk:4f4 v6only:1 <->              
 LISTEN             0                  100                                      [::1]:smtp                                   [::]:*                 ino:34119 sk:4f5 v6only:1 <->              
 LISTEN             0                  10                                        [::]:daap                                   [::]:*                 uid:1000 ino:442178 sk:587 v6only:1 <->
11) Display memory usage of socket connections

To view how much memory is consumed by a socket connection, run:

$ ss -ltm

State            Recv-Q           Send-Q                     Local Address:Port                       Peer Address:Port                                                                       
 LISTEN           0                128                              0.0.0.0:ssh                             0.0.0.0:*              
      skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)           
 LISTEN           0                5                              127.0.0.1:ipp                             0.0.0.0:*              
      skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)           
 LISTEN           0                100                            127.0.0.1:smtp                            0.0.0.0:*              
      skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)           
 LISTEN           0                10                               0.0.0.0:daap                            0.0.0.0:*              
      skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)           
 LISTEN           0                128                                 [::]:ssh                                [::]:*              
      skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)           
 LISTEN           0                5                                  [::1]:ipp                                [::]:*              
      skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)           
 LISTEN           0                100                                [::1]:smtp                               [::]:*              
      skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)           
 LISTEN           0                10                                  [::]:daap                               [::]:*              
      skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)
12) Filter Connections with ss command

The ss command allows advanced filtering that can be used to filter specific connections or stat or port or address or service, etc,.

12-a) Filtering socket connections by socket states
Syntax: ss [option] [state] [name of the socet state]

To display all tcp sockets that are in "listening" state, run:

$ ss -lt state established

Recv-Q                 Send-Q                                                          Local Address:Port                                                  Peer Address:Port                  
 0                      0                                                                192.168.43.4:39008                                                142.250.192.2:https                 
 0                      0                                                                192.168.43.4:41188                                                52.37.132.164:https                 
 0                      0                                                                192.168.43.4:59392                                                 35.244.159.8:https                 
 0                      0                                                                192.168.43.4:49948                                                 94.237.76.92:ssh                   
 0                      0                                                                192.168.43.4:48704                                               142.250.192.66:https                 
 0                      0                                                                192.168.43.4:51714                                                142.250.77.34:https

The other common state can be:

  • listening
  • closed
  • syn-sent
  • syn-recv
  • fin-wait-1
  • time-wait
  • close-wait
  • connected
  • synchronized
12-b) Filtering socket connections by port number
Syntax:
ss [option] dport = :[port number]
ss [option] sport = :[port number]
ss [option] '( dport = :[port number] or sport = :[port number] )'

To filter sockets based on the port number, run. For instance, to filter ssh service, you can run the following commands as needed.

$ ss -at dport = :22

State                    Recv-Q                    Send-Q                                       Local Address:Port                                        Peer Address:Port                   
 ESTAB                    0                         0                                             192.168.43.4:49948                                       94.237.76.92:ssh
$ ss -lt sport = :22

State                     Recv-Q                    Send-Q                                       Local Address:Port                                       Peer Address:Port                   
 LISTEN                    0                         128                                                0.0.0.0:ssh                                             0.0.0.0:*                      
 LISTEN                    0                         128                                                   [::]:ssh                                                [::]:*
$ ss -at dst :22

State                    Recv-Q                    Send-Q                                       Local Address:Port                                        Peer Address:Port                   
 ESTAB                    0                         0                                             192.168.43.4:49948                                       94.237.76.92:ssh
$ ss -at src :22

State                     Recv-Q                    Send-Q                                       Local Address:Port                                       Peer Address:Port                   
 LISTEN                    0                         128                                                0.0.0.0:ssh                                             0.0.0.0:*                      
 LISTEN                    0                         128                                                   [::]:ssh                                                [::]:*
$ ss -at '( dport = :22 or sport = :22 )'

State                    Recv-Q                    Send-Q                                       Local Address:Port                                        Peer Address:Port                   
 LISTEN                   0                         128                                                0.0.0.0:ssh                                              0.0.0.0:*                      
 ESTAB                    0                         0                                             192.168.43.4:49948                                       94.237.76.92:ssh                    
 LISTEN                   0                         128                                                   [::]:ssh                                                 [::]:*

To filter multiple ports at once, run:

$ ss -nt '( dst :443 or dst :22 )'

State                 Recv-Q            Send-Q                                                Local Address:Port                                                  Peer Address:Port           
 ESTAB                 0                 0                                                      192.168.43.4:41188                                                52.37.132.164:443            
 ESTAB                 0                 0                                                      192.168.43.4:44970                                                 103.43.90.20:443            
 ESTAB                 0                 0                                                      192.168.43.4:59392                                                 35.244.159.8:443            
 ESTAB                 0                 0                                                      192.168.43.4:43254                                                  34.95.69.49:443            
 SYN-SENT              0                 1                                                      192.168.43.4:58884                                               182.161.72.137:443            
 ESTAB                 0                 0                                                      192.168.43.4:49948                                                 94.237.76.92:22             
 CLOSE-WAIT            1                 0                                                      192.168.43.4:50232                                               35.244.247.133:443
12-c) Filtering socket connections by service name

Similarly you can filter sockets connections based on the service name, run.

$ ss -at dport = :ssh

State                    Recv-Q                    Send-Q                                       Local Address:Port                                        Peer Address:Port                   
 ESTAB                    0                         0                                             192.168.43.4:49948                                       94.237.76.92:ssh
$ ss -lt sport = :ssh

State                     Recv-Q                    Send-Q                                       Local Address:Port                                       Peer Address:Port                   
 LISTEN                    0                         128                                                0.0.0.0:ssh                                             0.0.0.0:*                      
 LISTEN                    0                         128                                                   [::]:ssh                                                [::]:*
$ ss -at dst :https

State                Recv-Q            Send-Q                                                Local Address:Port                                                  Peer Address:Port            
 ESTAB                0                 0                                                      192.168.43.4:45084                                                 103.43.90.20:https           
 ESTAB                0                 0                                                      192.168.43.4:45076                                                 103.43.90.20:https           
 ESTAB                0                 0                                                      192.168.43.4:41188                                                52.37.132.164:https           
 ESTAB                0                 0                                                      192.168.43.4:59392                                                 35.244.159.8:https           
 ESTAB                0                 0                                                      192.168.43.4:43254                                                  34.95.69.49:https
$ ss -at src :ssh

 State                     Recv-Q                    Send-Q                                       Local Address:Port                                       Peer Address:Port                   
 LISTEN                    0                         128                                                0.0.0.0:ssh                                             0.0.0.0:*                      
 LISTEN                    0                         128                                                   [::]:ssh                                                [::]:*
$ ss -at '( dport = :ssh or sport = :ssh )'

State                    Recv-Q                    Send-Q                                       Local Address:Port                                        Peer Address:Port                   
 LISTEN                   0                         128                                                0.0.0.0:ssh                                              0.0.0.0:*                      
 ESTAB                    0                         0                                             192.168.43.4:49948                                       94.237.76.92:ssh                    
 LISTEN                   0                         128                                                   [::]:ssh                                                 [::]:*
$ ss -at '( dst :https or dst :ssh )'

State                Recv-Q            Send-Q                                                Local Address:Port                                                  Peer Address:Port            
 ESTAB                0                 0                                                      192.168.43.4:41188                                                52.37.132.164:https           
 ESTAB                0                 0                                                      192.168.43.4:59392                                                 35.244.159.8:https           
 ESTAB                0                 0                                                      192.168.43.4:49948                                                 94.237.76.92:ssh             
 CLOSE-WAIT           1                 0                                                      192.168.43.4:50232                                               35.244.247.133:https           
 ESTAB                0                 0                                                      192.168.43.4:51714                                                142.250.77.34:https
$ ss -at '( dst :https or src :ssh )'

State                Recv-Q            Send-Q                                                Local Address:Port                                                  Peer Address:Port            
 LISTEN               0                 128                                                         0.0.0.0:ssh                                                        0.0.0.0:*               
 ESTAB                0                 0                                                      192.168.43.4:41188                                                52.37.132.164:https           
 ESTAB                0                 0                                                      192.168.43.4:59392                                                 35.244.159.8:https           
 CLOSE-WAIT           1                 0                                                      192.168.43.4:50232                                               35.244.247.133:https           
 ESTAB                0                 0                                                      192.168.43.4:51714                                                142.250.77.34:https
$ ss -at '( src :smtp or src :ssh )'

State                     Recv-Q                    Send-Q                                       Local Address:Port                                       Peer Address:Port                   
 LISTEN                    0                         128                                                0.0.0.0:ssh                                             0.0.0.0:*                      
 LISTEN                    0                         100                                              127.0.0.1:smtp                                            0.0.0.0:*                      
 LISTEN                    0                         128                                                   [::]:ssh                                                [::]:*                      
 LISTEN                    0                         100                                                  [::1]:smtp                                               [::]:*
12-d) Filtering socket connections by IP address

To list connections to a specific destination IP address, run:

Syntax: ss [option] dst [IP Address]

For instance, to view a list of connection established to a specific IP address, run:

$ ss -at dst 192.168.43.40

State                    Recv-Q                    Send-Q                                       Local Address:Port                                        Peer Address:Port                   
 ESTAB                    0                         0                                             192.168.43.4:49948                                       192.168.43.40:ssh
ss command man page

If you want to explore any other options that are not available in this guide, visit ss command man page.

$ man ss
or
$ ss --help
Conclusion

In this guide, we have shown you how to use ss command in Linux with several examples, including various filtering options.

If you have any questions or feedback, feel free to comment below.


[Apr 19, 2021] 6 advanced tcpdump formatting options - Enable Sysadmin

Apr 19, 2021 | www.redhat.com

6 advanced tcpdump formatting options The final article in this three-part tcpdump series covers six more tcpdump packet capturing trick options.

Posted: April 15, 2021 | by Kedar Vijay Kulkarni (Red Hat, Sudoer)

Image
Image by InspiredImages from Pixabay
Great DevOps Downloads

This article is the final part of my three-part series covering 18 different tcpdump tips and tricks where I continue to demonstrate features that help you filter and organize the information returned by tcpdump . I recommend reading parts one and two before continuing with the content below.

[ You might also enjoy: An introduction to Wireshark ]

13. TCP flags-based filters

It is possible to filter TCP traffic based on various tcp flags. Here's an example that is filtering based on tcp-ack flag.

# tcpdump -i any  "tcp[tcpflags] & tcp-ack !=0" -c3
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:01:26.064889 wlp0s20f3 In  IP ec2-54-227-95-54.compute-1.amazonaws.com.https > kkulkarni.attlocal.net.37834: Flags [P.], seq 1819770188:1819770212, ack 92255846, win 530, options [nop,nop,TS val 2380606750 ecr 2653646722], length 24
21:01:26.065072 wlp0s20f3 Out IP kkulkarni.attlocal.net.37834 > ec2-54-227-95-54.compute-1.amazonaws.com.https: Flags [P.], seq 1:29, ack 24, win 501, options [nop,nop,TS val 2653656956 ecr 2380606750], length 28
21:01:26.066067 wlp0s20f3 In  IP ec2-54-227-95-54.compute-1.amazonaws.com.https > kkulkarni.attlocal.net.37834: Flags [P.], seq 0:24, ack 1, win 530, options [nop,nop,TS val 2380607026 ecr 2653646722], length 24
3 packets captured
5 packets received by filter
0 packets dropped by kernel
14. Formatting

The tcpdump can also adjust output formats by using -X for hex or -A for ASCII.

# tcpdump -i any -c4 -X
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:03:17.917658 wlp0s20f3 In  IP ec2-18-211-133-65.compute-1.amazonaws.com.https > kkulkarni.attlocal.net.36676: Flags [P.], seq 493377705:493378516, ack 1627250260, win 14, options [nop,nop,TS val 885998040 ecr 2038075821], length 811
    0x0000:  456c 035f c3f4 4000 2f06 2a23 12d3 8541  El._..@./.*#...A
    0x0010:  c0a8 0159 01bb 8f44 1d68 58a9 60fd de54  ...Y...D.hX.`..T
    0x0020:  8018 000e d2f8 0000 0101 080a 34cf 41d8  ............4.A.
    0x0030:  797a 91ad 1703 0303 2609 56db 0bfc cdbf  yz......&.V.....
    0x0040:  2ab1 86eb 197c 2a34 f20f 58fa 9318 156e  *....|*4..X....n
    0x0050:  2719 ba42 b498 b32c c9c3 69e1 7de3 6070  '..B...,..i.}.`p
    0x0060:  a785 80f5 adee a501 6374 e5f9 61c3 2b6e  ........ct..a.+n
    0x0070:  edde e3ff 2abe 0198 226a 6729 f325 8f4a  ....*..."jg).%.J
    0x0080:  af0b d865 e44a e941 b03e fda7 501c 3de7  ...e.J.A.>..P.=.
    0x0090:  28d9 58f9 be3f 9cd8 64aa 8701 f45b a280  (.X..?..d....[..
    0x00a0:  9f19 ed22 9646 2f19 9f49 226a d55e 33bf  ...".F/..I"j.^3.
    0x00b0:  ed13 e2cb ef26 bc37 f4d8 0a6e 7534 e278  .....&.7...nu4.x
    0x00c0:  e6b6 60b1 1abe 6457 efc6 eaf3 03ad 3b50  ..`...dW......;P
    0x00d0:  e98f 2751 2680 f3c6 c562 3b81 437b be3d  ..'Q&....b;.C{.=
    0x00e0:  9e36 0a8f 3cf2 3b5e 4569 7e4c 7c94 844c  .6..<.;^Ei~L|..L
    0x00f0:  5925 614e b8b1 a79e 0abb 9818 ff29 1b08  Y%aN.........)..
    0x0100:  5e43 83fc 0049 5a08 a085 aec5 09fb 3277  ^C...IZ.......2w
    0x0110:  c971 db88 4fc4 0d27 b418 1dfe 946e 3c83  .q..O..'.....n<.
    0x0120:  d6f6 4ff1 9e7e 5c86 b4e6 e0e5 dd82 8827  ..O..~\........'
    0x0130:  6ba6 46d1 2374 a1af 412a 1687 24cc 0c04  k.F.#t..A*..$...
    0x0140:  2179 5293 67f4 14f0 b502 935a 86e5 f8bc  !yR.g......Z....
    0x0150:  83be e285 941e 0bec d022 5cdb 2cc2 db13  ........."\.,...
    0x0160:  a186 8ce0 300e 6893 a0f1 4906 7b67 7848  ....0.h...I.{gxH
    0x0170:  cc28 286d 5ceb c468 17f1 4ed4 7a4e e88a  .((m\..h..N.zN..
    0x0180:  e71a 95b2 15c2 7a76 94da 1568 239e 5078  ......zv...h#.Px
    0x0190:  d264 8b40 d2d3 ba9a 6818 9871 8875 3ad0  .d.@....h..q.u:.
    0x01a0:  abac f776 0a22 b788 4acf 81ac 72d2 146c  ...v."..J...r..l
    0x01b0:  2c12 bc52 de57 fa96 66d5 c6cd f9b6 c428  ,..R.W..f......(
    0x01c0:  f7c8 f3ad 5b06 7da5 b7cf 15a7 7ac4 9760  ....[.}.....z..`
    0x01d0:  0e70 cf36 e4ed d3b3 0e18 3046 5e9f 1dee  .p.6......0F^...
    0x01e0:  6277 c53b e38d ecf0 db89 7d19 32f2 1bed  bw.;......}.2...
    0x01f0:  6bb3 0ab5 0cb6 6b77 a40e 7bf5 5de3 7d4b  k.....kw..{.].}K
    0x0200:  0b96 474d 66f4 9589 39a4 d2ff 6c08 36aa  ..GMf...9...l.6.
    0x0210:  3fe9 89f5 6603 9f61 16ce 8cb9 e9c6 8d67  ?...f..a.......g
    0x0220:  0b22 5ebc 39f3 50c2 cd70 08c3 01c6 2feb  ."^.9.P..p..../.
    0x0230:  dbdc ba44 e091 8a8d e5b2 82c7 23ad c496  ...D........#...
    0x0240:  7199 f3d1 34bf cff3 e51a 1d12 83ad 46ff  q...4.........F.
    0x0250:  e93c 0975 729e ed82 3461 73dc c2ca abc1  .<.ur...4as.....
    0x0260:  3e88 260d 1129 1777 2d0c 1a76 5234 123b  >.&..).w-..vR4.;
    0x0270:  cef3 ef26 b12d 1eeb 82c2 554f 2112 18e9  ...&.-....UO!...
    0x0280:  ff14 a65d f7ae 2e53 8c9b 909c 9d32 4fab  ...]...S.....2O.
    0x0290:  2fc1 9154 ea1e 2318 06da 0f8e 07f0 555e  /..T..#.......U^
    0x02a0:  686b 9396 bfed 6771 d813 d32f f1ad 690e  hk....gq.../..i.
    0x02b0:  22b6 ea49 df3f 68ee a78b bdc5 bcca c6ac  "..I.?h.........
    0x02c0:  9c01 90fd 9c74 1a46 8981 dfe3 1492 9a2e  .....t.F........
    0x02d0:  67bc b4c2 f65f 0422 4f9c 1fad 86d3 1a4d  g...._."O......M
    0x02e0:  c282 e510 88f9 dda8 9c0c c2c9 c114 59ab  ..............Y.
    0x02f0:  92a9 9f22 6cd8 0176 fd2b 7ce6 57ed 6849  ..."l..v.+|.W.hI
    0x0300:  7214 c31a 49c1 46fe c980 01db 0fcb 5ddf  r...I.F.......].
    0x0310:  a8d6 0b4f ea6a 6fa3 d359 04fb bcfa 7fde  ...O.jo..Y......
    0x0320:  6c6e 920a f40a fc41 7890 97af 2b5a 516c  ln.....Ax...+ZQl
    0x0330:  7b9f 3dbd 17ed a472 0d87 9897 9570 0a49  {.=....r.....p.I
    0x0340:  84d6 b180 1c23 39f0 610b d6a8 a0ef 5e5c  .....#9.a.....^\
    0x0350:  fa24 d1ef 6343 4d8a 1242 3a9a b25e b3    .$..cCM..B:..^.
21:03:17.917688 wlp0s20f3 Out IP kkulkarni.attlocal.net.36676 > ec2-18-211-133-65.compute-1.amazonaws.com.https: Flags [.], ack 811, win 2033, options [nop,nop,TS val 2038075901 ecr 885998040], length 0
    0x0000:  4500 0034 eba9 4000 4006 f504 c0a8 0159  E..4..@.@......Y
    0x0010:  12d3 8541 8f44 01bb 60fd de54 1d68 5bd4  ...A.D..`..T.h[.
    0x0020:  8010 07f1 5a3c 0000 0101 080a 797a 91fd  ....Z<......yz..
    0x0030:  34cf 41d8                                4.A.
21:03:17.948052 wlp0s20f3 In  IP ovpn-rdu2.redhat.com.https > kkulkarni.attlocal.net.49254: UDP, length 76
    0x0000:  4500 0068 68eb 4000 3211 f29c 42bb e840  E..hh.@.2...B..@
    0x0010:  c0a8 0159 01bb c066 0054 36c8 4800 06ee  ...Y...f.T6.H...
    0x0020:  0032 9be8 f4aa ee8b 7e67 daa5 f3d2 a602  .2......~g......
    0x0030:  67d0 8ca8 8c61 f4b2 12b2 47cd 6e96 661d  g....a....G.n.f.
    0x0040:  57f1 59be bdfc a1a6 a589 cde5 f027 d6b0  W.Y..........'..
    0x0050:  1b57 72f9 348c 7735 03ca 8eb3 1dcd 8ef1  .Wr.4.w5........
    0x0060:  c8bd aec5 8442 f2cb                      .....B..
21:03:17.948133 tun0  In  IP 10.0.115.119.https > kkulkarni.33082: Flags [.], ack 4094910727, win 400, options [nop,nop,TS val 3391720680 ecr 1350874080], length 0
    0x0000:  4500 0034 6b11 4000 3606 db5f 0a00 7377  E..4k.@.6.._..sw
    0x0010:  0a0a 76d2 01bb 813a c602 1989 f413 6107  ..v....:......a.
    0x0020:  8010 0190 63c6 0000 0101 080a ca29 8ce8  ....c........)..
    0x0030:  5084 b3e0                                P...
4 packets captured
328 packets received by filter
0 packets dropped by kernel

With the -A option, ASCII is displayed.

# tcpdump -i any -c4 -A
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:03:21.363917 wlp0s20f3 Out IP6 kkulkarni > ff02::1:ff0e:bfb6: ICMP6, neighbor solicitation, who has kkulkarni, length 32
`.... :.........Q{AZq..w.................................r.pm.....`.b...
21:03:21.363953 lo    In  IP6 kkulkarni.45656 > kkulkarni.hostmon: Flags [S], seq 3428690149, win 65476, options [mss 65476,sackOK,TS val 1750938785 ecr 0,nop,wscale 7,tfo  cookiereq,nop,nop], length 0
`....,...........r.pm............r.pm....X...].....................
h]4........."...
21:03:21.363972 lo    In  IP6 kkulkarni.hostmon > kkulkarni.45656: Flags [S.], seq 3072789718, ack 3428690150, win 65464, options [mss 65476,sackOK,TS val 1750938785 ecr 1750938785,nop,wscale 7], length 0
`....(...........r.pm............r.pm......X.'...].................
h]4.h]4.....
21:03:21.363988 lo    In  IP6 kkulkarni.45656 > kkulkarni.hostmon: Flags [.], ack 1, win 512, options [nop,nop,TS val 1750938785 ecr 1750938785], length 0
`.... ...........r.pm............r.pm....X...]...'.......w.....
h]4.h]4.
4 packets captured
173 packets received by filter
0 packets dropped by kernel
15. Options for extra verbosity

With some Linux programs, it's sometimes useful to have more verbose output. tcpdump uses -v , -vv , or -vvv to provide different levels of verbosity. See below for examples with no verbosity to three levels of verbosity.

Default verbosity:

# tcpdump -i any -c1
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:06:00.903186 lo    In  IP kkulkarni.39876 > kkulkarni.hostmon: Flags [S], seq 1718143023, win 65495, options [mss 65495,sackOK,TS val 1879208671 ecr 0,nop,wscale 7,tfo  cookiereq,nop,nop], length 0
1 packet captured
100 packets received by filter
0 packets dropped by kernel

Using the -v option:

# tcpdump -i any -c1 -v
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:06:04.209638 lo    In  IP6 (flowlabel 0xd17f0, hlim 1, next-header TCP (6) payload length: 44) kkulkarni.33022 > kkulkarni.hostmon: Flags [S], cksum 0x0d5b (incorrect -> 0x6c92), seq 2003870985, win 65476, options [mss 65476,sackOK,TS val 3266653263 ecr 0,nop,wscale 7,tfo  cookiereq,nop,nop], length 0
1 packet captured
20 packets received by filter
0 packets dropped by kernel

Here is the -vv option:

# tcpdump -i any -c1 -vv
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:06:05.916423 tun0  Out IP (tos 0x0, ttl 64, id 22069, offset 0, flags [DF], proto TCP (6), length 1360)
    kkulkarni.37152 > 10.0.115.119.https: Flags [.], cksum 0xe218 (correct), seq 168413028:168414336, ack 944490821, win 502, options [nop,nop,TS val 1351042119 ecr 3391883323], length 1308
1 packet captured
235 packets received by filter
0 packets dropped by kernel

Finally, display the highest level of detail with the -vvv option:

# tcpdump -i any -c1 -vvv
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:06:08.076276 wlp0s20f3 B   ifindex 3 cc:ab:2c:60:a4:a8 (oui Unknown) ethertype Unknown (0x7373), length 127:
    0x0000:  1211 0000 0043 d3ea bdb4 5baf 9b3e 309c  .....C....[..>0.
    0x0010:  f09c 490e b239 17dc be94 cffa 6e3e 5756  ..I..9......n>WV
    0x0020:  9c35 702f fe49 0000 0201 8003 06cc ab2c  .5p/.I.........,
    0x0030:  60a4 a104 0104 0701 071b 0100 0806 ccab  `...............
    0x0040:  2c60 a4a8 0901 030e 1800 0000 0000 0000  ,`..............
    0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
    0x0060:  0019 087f 8d75 d5a4 8508 b3              .....u.....
1 packet captured
5 packets received by filter
0 packets dropped by kernel
16. Filter by protocol

You can use protocol names to filter packets for a particular protocol.

In this example, the command filters by UDP:

# tcpdump udp -i wlp0s20f3 -c2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlp0s20f3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:10:01.108588 IP kkulkarni.attlocal.net.49254 > ovpn-rdu2.redhat.com.https: UDP, length 108
21:10:01.178840 IP kkulkarni.attlocal.net.55267 > dsldevice.attlocal.net.domain: 55685+ PTR? 89.1.168.192.in-addr.arpa. (43)
2 packets captured
9 packets received by filter
0 packets dropped by kernel

In this case, the filter displays TCP data:

# tcpdump tcp -i wlp0s20f3 -c2

dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlp0s20f3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:10:05.614912 IP ec2-18-211-133-65.compute-1.amazonaws.com.https > kkulkarni.attlocal.net.36676: Flags [P.], seq 493594593:493594680, ack 1627254976, win 16, options [nop,nop,TS val 886099951 ecr 2038478733], length 87
21:10:05.615050 IP kkulkarni.attlocal.net.36676 > ec2-18-211-133-65.compute-1.amazonaws.com.https: Flags [.], ack 87, win 2033, options [nop,nop,TS val 2038483598 ecr 886099951], length 0
2 packets captured
2 packets received by filter
0 packets dropped by kernel
17. Low verbosity output

If you want the opposite of verbosity, use -q to provide quieter output (low verbosity).

# tcpdump tcp -i wlp0s20f3 -c2 -q

dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlp0s20f3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:10:54.022506 IP kkulkarni.attlocal.net.37762 > whatsapp-cdn-shv-02-atl3.fbcdn.net.https: tcp 39
21:10:54.070360 IP whatsapp-cdn-shv-02-atl3.fbcdn.net.https > kkulkarni.attlocal.net.37762: tcp 39
2 packets captured
3 packets received by filter
0 packets dropped by kernel
18. Timestamp options

Some of the common options to print timestamps is to use:

Remove timestamps

The -t option removes timestamps.

# tcpdump tcp -i wlp0s20f3 -c2 -t  

dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlp0s20f3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
IP kkulkarni.attlocal.net.36748 > lga15s49-in-f14.1e100.net.https: Flags [P.], seq 1609781320:1609781672, ack 1533085267, win 2318, options [nop,nop,TS val 1144363923 ecr 1220239837], length 352
IP kkulkarni.attlocal.net.36748 > lga15s49-in-f14.1e100.net.https: Flags [P.], seq 352:530, ack 1, win 2318, options [nop,nop,TS val 1144363924 ecr 1220239837], length 178
2 packets captured
4 packets received by filter
0 packets dropped by kernel
Difference in the consecutive packets

The -ttt option shows the differences among packets. This information is used to see spikes/slow down in the packets.

# tcpdump tcp -i wlp0s20f3 -c2 -ttt

dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlp0s20f3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
 00:00:00.000000 IP kkulkarni.attlocal.net.36676 > ec2-18-211-133-65.compute-1.amazonaws.com.https: Flags [P.], seq 1627256885:1627256944, ack 493640277, win 2033, options [nop,nop,TS val 2038675951 ecr 886146249], length 59
 00:00:00.002185 IP kkulkarni.attlocal.net.36686 > ec2-18-211-133-65.compute-1.amazonaws.com.https: Flags [P.], seq 158675267:158675326, ack 3869427473, win 501, options [nop,nop,TS val 2038675953 ecr 242652703], length 59
2 packets captured
8 packets received by filter
0 packets dropped by kernel

[Mar 01, 2021] Using the Linux arping command to ping local systems - Network World

Mar 01, 2021 | www.networkworld.com

The arping command is one of the lesser known commands that works much like the ping command.

The name stands for "arp ping" and it's a tool that allows you to perform limited ping requests in that it collects information on local systems only. The reason for this is that it uses a Layer 2 network protocol and is, therefore, non-routable. The arping command is used for discovering and probing hosts on your local network.

[Get regularly scheduled insights by signing up for Network World newsletters.]

If arping isn't installed on your system, you should be able take care of that with one of these commands:

$ sudo apt install arping -y
$ sudo yum install arping -y

You can use it much like ping and, as with ping , you can set a count for the packets to be sent using -c (e.g., arping -c 2 hostname) or allow it to keep sending requests until you type ^c . In this first example, we send two requests to a system:

https://imasdk.googleapis.com/js/core/bridge3.444.1_en.html#goog_2056425971

me width=

$ arping -c 2 192.168.0.7
ARPING 192.168.0.7 from 192.168.0.11 enp0s25
Unicast reply from 192.168.0.7 [20:EA:16:01:55:EB]  64.895ms
Unicast reply from 192.168.0.7 [20:EA:16:01:55:EB]  5.423ms
Sent 2 probes (1 broadcast(s))
Received 2 response(s)

Note that the response shows the time it takes to receive replies and the MAC address of the system being probed.

If you use the -f option, your arping will stop as soon as it has confirmed that the system is responding. That might sound efficient, but it will never get to the stopping point if the system -- possibly some non-existent or shut down system -- fails to respond. Using a small value is generally a better approach. In this next example, the command tried 83 times to reach the remote system before I killed it with a ^c , and it then provided the count.

$ arping -f 192.168.0.77
ARPING 192.168.0.77 from 192.168.0.11 enp0s25
^CSent 83 probes (83 broadcast(s))
Received 0 response(s)

For a system that is up and ready to respond, the response is quick.

$ arping -f 192.168.0.7
ARPING 192.168.0.7 from 192.168.0.11 enp0s25
Unicast reply from 192.168.0.7 [20:EA:16:01:55:EB]  82.963ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
Broadcast – send out for all to receive

The ping command can reach remote systems easily where arping tries but doesn't get any responses. Compare the responses below.

Oracle Cloud VMware Solution's killer advantage

SponsoredPost Sponsored by VMware & Oracle

Oracle Cloud VMware Solution's killer advantage

Only Oracle Cloud VMware Solution provides you with exactly the same experience as running VMware on-premises. And when they say "the same", they really mean literally the same.

$ arping -c 2 world.std.com
ARPING 192.74.137.5 from 192.168.0.11 enp0s25
Sent 2 probes (2 broadcast(s))
Received 0 response(s)

$ ping -c 2 world.std.com
PING world.std.com (192.74.137.5) 56(84) bytes of data.
64 bytes from world.std.com (192.74.137.5): icmp_seq=1 ttl=48 time=321 ms
64 bytes from world.std.com (192.74.137.5): icmp_seq=2 ttl=48 time=331 ms

 -- - world.std.com ping statistics  -- -
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 321.451/326.068/330.685/4.617 ms

Clearly, arping cannot collect information on the remote server.

If you want to use arping for a range of systems, you can use a command like the following, which would be fairly quick because it only tries once to reach each host in the range provided.

$ for num in {1..100}; do arping -c 1 192.168.0.$num; done
ARPING 192.168.0.1 from 192.168.0.11 enp0s25
Unicast reply from 192.168.0.1 [F8:8E:85:35:7F:B9]  5.530ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
ARPING 192.168.0.2 from 192.168.0.11 enp0s25
Sent 1 probes (1 broadcast(s))
Received 0 response(s)
ARPING 192.168.0.3 from 192.168.0.11 enp0s25
Unicast reply from 192.168.0.3 [02:0F:B5:22:E5:90]  76.856ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
ARPING 192.168.0.4 from 192.168.0.11 enp0s25
Unicast reply from 192.168.0.4 [02:0F:B5:5B:D9:66]  83.000ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

Notice that we see some responses that show one response was received and others for which there were no responses.

Here's a simple script that will provide a list of which systems in a network range respond and which do not:

Providing End User Device Maintenance During a Pandemic: IT Needs Help

SponsoredPost Sponsored by HPI

Providing End User Device Maintenance During a Pandemic: IT Needs Help

HP Care Pack services offer aid to taxed IT groups, with remote device management, coverage for accidental damage, and on-site support.

#!/bin/bash

for num in {1..255}; do
    echo -n "192.168.0.$num "
    arping -c 1 192.168.0.$num | grep "1 response"
    if [ $? != 0 ]; then
        echo ""
    fi
done

Change the IP address range in the script to match your local network. The output should look something like this:

$ ./detectIPs
192.168.0.1 Received 1 response(s)
192.168.0.2 Received 1 response(s)
192.168.0.3 Received 1 response(s)
192.168.0.4 Received 1 response(s)
192.168.0.5
192.168.0.6 Received 1 response(s)
192.168.0.7 Received 1 response(s)
192.168.0.8
192.168.0.9 Received 1 response(s)
192.168.0.10
192.168.0.11 Received 1 response(s)

If you only want to see the responding systems, simplify the script like this:

#!/bin/bash

for num in {1..30}; do
    arping -c 1 192.168.0.$num | grep "1 response" > /dev/null
    if [ $? == 0 ]; then
        echo "192.168.0.$num "
    fi
done

Below is what the output will look like with the second script. It lists only responding systems.

$ ./detectIPs
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.6
192.168.0.7

The arping command makes checking a range of systems on a network quick and easy, and can be helpful when you want to create a map of your network.

[Jan 02, 2021] Linux troubleshooting: Setting up a TCP listener with ncat by Ken Hess

Sep 08, 2020 | www.redhat.com

Network troubleshooting sometimes requires tracking specific network packets based on complex filter criteria or just determining whether a connection can be made.

... ... ...

Using the ncat command, you will set up a TCP listener, which is a TCP service that waits for a connection from a remote system on a specified port. The following command starts a listening socket on TCP port 9999.

$ sudo ncat -l 9999

This command will "hang" your terminal. You can place the command into background mode, to operate similar to a service daemon using the & (ampersand) signal. Your prompt will return.

$ sudo ncat -l 8080 &

From a remote system, use the following command to attempt a connection:

$ telnet <IP address of ncat system> 9999

The attempt should fail as shown:

Trying <IP address of ncat system>...
telnet: connect to address <IP address of ncat system>: No route to host

This might be similar to the message you receive when attempting to connect to your original service. The first thing to try is to add a firewall exception to the ncat system:

$ sudo firewall-cmd --add-port=9999/tcp

This command allows TCP requests on port 9999 to pass through to a listening daemon on port 9999.

Retry the connection to the ncat system:

$ telnet <IP address of ncat system> 9999

Trying <IP address of ncat system>...
Connected to <IP address of ncat system>.
Escape character is '^]'.

This message means that you are now connected to the listening port, 9999, on the remote system. To disconnect, use the keyboard combination, CTRL + ] . Type quit to return to a prompt.

$ telnet <IP address of ncat system> 9999

Trying <IP address of ncat system>...
Connected to <IP address of ncat system>.
Escape character is '^]'.
^]
telnet>quit
Connection closed.
$

Disconnecting will also kill the TCP listening port on the remote (ncat) system, so don't attempt another connection until you reissue the ncat command. If you want to keep the listening port open rather than letting it die each time you disconnect, issue the -k (keep open) option. This option keeps the listening port alive. Some sysadmins don't use this option because they might leave a listening port open potentially causing security problems or port conflicts with other services.

$ sudo ncat -k -l 9999 &
What ncat tells you

The success of connecting to the listening port of the ncat system means that you can bind a port to your system's NIC. You can successfully create a firewall exception. And you can successfully connect to that listening port from a remote system. Failures along the path will help narrow down where your problem is.

What ncat doesn't tell you

Unfortunately, there's no solution for connectivity issues in this troubleshooting technique that isn't related to binding, port listening, or firewall exceptions. This is a limited scope troubleshooting session, but it's quick, easy, and definitive. What I've found is that most connectivity issues boil down to one of these three. My next step in the process would be to remove and reinstall the service package. If that doesn't work, download a different version of the package and see if that works for you. Try going back at least two revisions until you find one that works. You can always update to the latest version after you have a working service.

Wrap up

The ncat command is a useful troubleshooting tool. This article only focused on one tiny aspect of the many uses for ncat . Troubleshooting is as much of an art as it is a science. You have to know which answers you have and which ones you don't have. You don't have to troubleshoot or test things that already work. Explore ncat 's various uses and see if your connectivity issues go away faster than they did before.

[Jan 02, 2021] Execute remote operations

Jan 02, 2021 | www.redhat.com

I use Telnet, netcat, Nmap, and other tools to test whether a remote service is up and whether I can connect to it. These tools are handy, but they aren't installed by default on all systems.

Fortunately, there is a simple way to test a connection without using external tools. To see if a remote server is running a web, database, SSH, or any other service, run:

$> timeout 3 bash -c '</dev/tcp/remote_server/remote_port' || echo "Failed to connect"

For example, to see if serverA is running the MariaDB service:

$> timeout 3 bash -c '</dev/tcp/serverA/3306' || echo "Failed to connect"

If the connection fails, the Failed to connect message is displayed on your screen.

Assume serverA is behind a firewall/NAT. I want to see if the firewall is configured to allow a database connection to serverA , but I haven't installed a database server yet. To emulate a database port (or any other port), I can use the following:

[serverA ~]# nc -l 3306

On clientA , run:

[clientA ~]# timeout 3 bash -c '</dev/tcp/serverA/3306' || echo "Failed"

While I am discussing remote connections, what about running commands on a remote server over SSH? I can use the following command:

$> ssh remotehost <<EOF  # Press the Enter key here
> ls /etc
EOF

This command runs ls /etc on the remote host.

I can also execute a local script on the remote host without having to copy the script over to the remote server. One way is to enter:

$> ssh remote_host 'bash -s' < local_script

Another example is to pass environment variables locally to the remote server and terminate the session after execution.

$> exec ssh remote_host ARG1=FOO ARG2=BAR 'bash -s' <<'EOF'
> printf %s\\n "$ARG1" "$ARG2"
> EOF
Password:
FOO
BAR
Connection to remote_host closed.

There are many other complex actions I can perform on the remote host.

[Jan 01, 2021] Netcat - The swiss Army knife You must have - The Linux Juggernaut

Jan 01, 2021 | www.linuxnix.com

NETCAT : THE SWISS ARMY KNIFE YOU MUST HAVE

Posted by Ruwantha Nissanka | Dec 23, 2020 | Basics | 0 |

Netcat (also known as 'nc') is a networking tool used for reading or writing from TCP and UDP sockets using an easy interface. It is designed as a dependable 'back-end' device that can be used directly or easily driven by other programs and scripts. Therefore, this tool is a treat to network administrators, programmers, and pen-testers as it's a feature rich network debugging and investigation tool.

To open netcat simply go to your shell and enter 'nc':

#nc

Netcat command

CONNECTING TO A HOST WITH NETCAT

Use the -u option to start a TCP connection to a specified host and port:

#nc -u <host_ip> <port>

Connecting to a host with Netcat

LISTEN TO INBOUND CONNECTIONS

You can set nc to listen on a port using -l option

#nc -l <port>

Listen to inbound connections with netcat

SCAN PORTS WITH NETCAT

This can easily be done using the '-z' flag which instructs netcat not to initiate a connection but just check if the port is open. For example, In the following command we instruct netcat to check which ports are open between 80 and 100 on ' localhost '

#nc -z <host_ip> <port_range>

Scan ports with Netcat

ADVANCED PORT SCAN

To run an advanced port scan on a target, use the following command

#nc -v -n -z -w1 -r <target_ip>

Advanced port scan with netcat

This command will attempt to connect to random ports (-r) on the target ip running verbosely (-v) without resolving names (-n). without sending any data (-z) and waiting no more than 1 second for a connection to occur (-w1)

TCP BANNER GRABBING WITH NETCAT

You can grab the banner of any tcp service running on an ip address using nc:

#echo "" | nc -v -n -w1 <target_ip> <port_range>

TCP banner grabbing With Netcat

TRANSFER FILES WITH NETCAT

For this, you should have nc installed on both sending and receiving machines. First you have to start the nc in listener mode in receiving host

#nc -l <port> > file.txt

Transfer Files with Netcat

Now run the following command on the sending host:

#nc <target_ip> <port> --send-only < data.txt

In conclusion, Netcat comes with a lot of cool features that we can use to simplify our day-to-day tasks. Make sure to check out this article to learn some more interesting features in this tool.

[Sep 19, 2020] Setting up port redirects in Linux with ncat - Enable Sysadmin

Sep 15, 2020 | www.redhat.com
Learn how ncat is an essential power tool for debugging and other network activities in Linux.

Posted: | by Ken Hess (Red Hat)

Image
Image by sdmacdonaldmiller from Pixabay
More Linux resources

As you know from my previous two articles, Linux troubleshooting: Setting up a TCP listener with ncat and The ncat command is a problematic security tool for Linux sysadmins , netcat is a command that is both your best friend and your worst enemy. And this article further perpetuates this fact with a look into how ncat delivers a useful, but potentially dangerous, option for creating a port redirection link. I show you how to set up a port or site forwarding link so that you can perform maintenance on a site while still serving customers.

The scenario

You need to perform maintenance on an Apache installation on server1 , but you don't want the service to appear offline for your customers, which in this scenario are internal corporate users of the labor portal that records hours worked for your remote users. Rather than notifying them that the portal will be offline for six to eight hours, you've decided to create a forwarding service to another system, server2 , while you take care of server1 's needs.

This method is an easy way of keeping a specific service alive without tinkering with DNS or corporate firewall NAT settings.

Server1: Port 8088

Server2: Port 80

The steps

To set up this site/service forward, you need to satisfy the following prerequisites:

  1. ncat-nmap package (should be installed by default)
  2. A functional duplicate of the server1 portal on server2
  3. Root or sudo access to servers 1 and 2 for firewall changes

If you've cleared these hurdles, it's time to make this change happen.

The implementation

Configuring ncat in this way makes use of named pipes, which is an efficient way to create this two-way communication link by writing to and reading from a file in your home directory. There are multiple ways to do this, but I'm going to use the one that works best for this type of port forwarding.

Create the named pipe

Creating the named pipe is easy using the mkfifo command.

$ mkfifo svr1_to_svr2

$ file svr1_to_svr2
svr1_to_svr2: fifo (named pipe)

I used the file command to demonstrate that the file is there and it is a named pipe. This command is not required for the service to work. I named the file svr1_to_svr2 , but you can use any name you want. I chose this name because I'm forwarding from server1 to server2 .

Create the forward service

Formally, this was called setting up a Listener-to-Client relay , but it makes a little more sense if you think of this in firewall terms, hence my "forward" name and description.

$ ncat -k -l 8088 < svr1_to_svr2 | ncat 192.168.1.60 80 > svr1_to_svr2 &

Issuing this command drops you back to your prompt because you put the service into the background with the & . As you can see, the named pipe and the service are both created as a standard user. I discussed the reasons for this restriction in my previous article, The ncat command is a problematic security tool for Linux sysadmins .

Command breakdown

The first part of the command, ncat -k -l 8088 , sets up the listener for connections that ordinarily would be answered by the Apache service on server1 . That service is offline, so you create a listener to answer those requests. The -k option is the keep-alive feature, meaning that it can serve multiple requests. The -l is the listen option. Port 8088 is the port you want to mimic, which is that of the customer portal.

The second part, to the right of the pipe operator ( | ), accepts and relays the requests to 192.168.1.60 on port 80. The named pipe (svr1_to_svr2 ) handles the data in and out.

The usage

Now that you have your relay set up, it's easy to use. Point your browser to the original host and customer portal, which is http://server1:8088 . This automatically redirects your browser to server2 on port 80. Your browser still displays the original URL and port.

I have found that too many repetitive requests can cause this service to fail with a broken pipe message on server1 . This doesn't always kill the service, but it can. My suggestion is to set up a script to check for the forward command, and if it doesn't exist, restart it. You can't check for the existence of the svr1_to_svr2 file because it always exists. Remember, you created it with the mkfifo command.

The caveat

The downside of this ncat capability is that a user could forward traffic to their own duplicate site and gather usernames and passwords. The malicious actor would have to kill the current port listener/web service to make this work, but it's possible to do this even without root access. Sysadmins have to maintain vigilance through monitoring and alerting to avoid this type of security loophole.

The wrap up

The ncat command has so many uses that it requires one article per feature to describe each one. This article introduced you to the concept of Listener-to-Client relay, or service forwarding, as I call it. It's useful for short maintenance periods but should not be used for permanent redirects. For those, you should edit DNS and corporate firewall NAT rules to send requests to their new destinations. You should remind yourself to turn off any ncat listeners when you're finished with them as they do open a system to compromise. Never create these services with the root user account.

[ Make managing your network easier than ever with Network automation for everyone , a free book from Red Hat. ] Check out these related articles on Enable Sysadmin

[Sep 12, 2020] Linux troubleshooting- Setting up a TCP listener with ncat

Sep 08, 2020 | www.redhat.com
Is it the firewall or something more sinister that's blocking your access to a service?

Posted: | by Ken Hess (Red Hat)

Image
Image by Huda Nur from Pixabay
More Linux resources

The life of a sysadmin is hectic, rushed, and often frustrating. So, what you really need is a toolbox filled with tools that you easily recognize and can use quickly without another learning curve when things are going bad. One such tool is the ncat command.

ncat - Concatenate and redirect sockets

The ncat command has many uses, but the one I use it for is troubleshooting network connectivity issues. It is a handy, quick, and easy to use tool that I can't live without. Follow along and see if you decide to add it to your toolbox as well.

From the ncat man page :

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project and is the culmination of the currently splintered family of Netcat incarnations. It is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.

Among Ncat's vast number of features there is the ability to chain Ncats together; redirection of TCP, UDP, and SCTP ports to other sites; SSL support; and proxy connections via SOCKS4, SOCKS5 or HTTP proxies (with optional proxy authentication as well).

Firewall problem or something else?

You've just installed <insert network service here>, and you can't connect to it from another computer on the same network. It's frustrating. The service is enabled. The service is started. You think you've created the correct firewall exception for it, but yet, it doesn't respond.

Your troubleshooting life begins. In what can stretch from minutes to days to infinity and beyond, you attempt to troubleshoot the problem. It could be many things: an improperly configured (or unconfigured) firewall exception, a NIC binding problem, a software problem somewhere in the service's code, a service misconfiguration, some weird compatibility issue, or something else unrelated to the network or the service blocking access. This is your scenario. Where do you start when you've checked all of the obvious places?

The ncat command to the rescue

The ncat command should be part of your basic Linux distribution, but if it isn't, install the nmap-ncat package and you'll have the latest version of it. Check the ncat man page for usage, if you're interested in its many capabilities beyond this simple troubleshooting exercise.

Using the ncat command, you will set up a TCP listener, which is a TCP service that waits for a connection from a remote system on a specified port. The following command starts a listening socket on TCP port 9999.

$ sudo ncat -l 9999

This command will "hang" your terminal. You can place the command into background mode, to operate similar to a service daemon using the & (ampersand) signal. Your prompt will return.

$ sudo ncat -l 8080 &

From a remote system, use the following command to attempt a connection:

$ telnet <IP address of ncat system> 9999

The attempt should fail as shown:

Trying <IP address of ncat system>...
telnet: connect to address <IP address of ncat system>: No route to host

This might be similar to the message you receive when attempting to connect to your original service. The first thing to try is to add a firewall exception to the ncat system:

$ sudo firewall-cmd --add-port=9999/tcp

This command allows TCP requests on port 9999 to pass through to a listening daemon on port 9999.

Retry the connection to the ncat system:

$ telnet <IP address of ncat system> 9999

Trying <IP address of ncat system>...
Connected to <IP address of ncat system>.
Escape character is '^]'.

This message means that you are now connected to the listening port, 9999, on the remote system. To disconnect, use the keyboard combination, CTRL + ] . Type quit to return to a prompt.

$ telnet <IP address of ncat system> 9999

Trying <IP address of ncat system>...
Connected to <IP address of ncat system>.
Escape character is '^]'.
^]
telnet>quit
Connection closed.
$

Disconnecting will also kill the TCP listening port on the remote (ncat) system, so don't attempt another connection until you reissue the ncat command. If you want to keep the listening port open rather than letting it die each time you disconnect, issue the -k (keep open) option. This option keeps the listening port alive. Some sysadmins don't use this option because they might leave a listening port open potentially causing security problems or port conflicts with other services.

$ sudo ncat -k -l 9999 &
What ncat tells you

The success of connecting to the listening port of the ncat system means that you can bind a port to your system's NIC. You can successfully create a firewall exception. And you can successfully connect to that listening port from a remote system. Failures along the path will help narrow down where your problem is.

What ncat doesn't tell you

Unfortunately, there's no solution for connectivity issues in this troubleshooting technique that isn't related to binding, port listening, or firewall exceptions. This is a limited scope troubleshooting session, but it's quick, easy, and definitive. What I've found is that most connectivity issues boil down to one of these three. My next step in the process would be to remove and reinstall the service package. If that doesn't work, download a different version of the package and see if that works for you. Try going back at least two revisions until you find one that works. You can always update to the latest version after you have a working service.

Wrap up

The ncat command is a useful troubleshooting tool. This article only focused on one tiny aspect of the many uses for ncat . Troubleshooting is as much of an art as it is a science. You have to know which answers you have and which ones you don't have. You don't have to troubleshoot or test things that already work. Explore ncat 's various uses and see if your connectivity issues go away faster than they did before.

[ Network getting out of control? Check out Network automation for everyone , a free book from Red Hat. ]

[Jul 09, 2020] My Favourite Secret Weapon strace

Jul 09, 2020 | zwischenzugs.com

Why strace ?

I'm often asked in my technical troubleshooting job to solve problems that development teams can't solve. Usually these do not involve knowledge of API calls or syntax, rather some kind of insight into what the right tool to use is, and why and how to use it. Probably because they're not taught in college, developers are often unaware that these tools exist, which is a shame, as playing with them can give a much deeper understanding of what's going on and ultimately lead to better code.

My favourite secret weapon in this path to understanding is strace.

strace (or its Solaris equivalents, trussdtruss is a tool that tells you which operating system (OS) calls your program is making.

An OS call (or just "system call") is your program asking the OS to provide some service for it. Since this covers a lot of the things that cause problems not directly to do with the domain of your application development (I/O, finding files, permissions etc) its use has a very high hit rate in resolving problems out of developers' normal problem space.

Usage Patterns

strace is useful in all sorts of contexts. Here's a couple of examples garnered from my experience.

My Netcat Server Won't Start!

Imagine you're trying to start an executable, but it's failing silently (no log file, no output at all). You don't have the source, and even if you did, the source code is neither readily available, nor ready to compile, nor readily comprehensible.

Simply running through strace will likely give you clues as to what's gone on.

$  nc -l localhost 80
nc: Permission denied

Let's say someone's trying to run this and doesn't understand why it's not working (let's assume manuals are unavailable).

Simply put strace at the front of your command. Note that the following output has been heavily edited for space reasons (deep breath):

 $ strace nc -l localhost 80
 execve("/bin/nc", ["nc", "-l", "localhost", "80"], [/* 54 vars */]) = 0
 brk(0)                                  = 0x1e7a000
 access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f751c9c0000
 access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
 open("/usr/local/lib/tls/x86_64/libglib-2.0.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
 stat("/usr/local/lib/tls/x86_64", 0x7fff5686c240) = -1 ENOENT (No such file or directory)
 [...]
 open("libglib-2.0.so.0", O_RDONLY)      = -1 ENOENT (No such file or directory)
 open("/etc/ld.so.cache", O_RDONLY)      = 3
 fstat(3, {st_mode=S_IFREG|0644, st_size=179820, ...}) = 0
 mmap(NULL, 179820, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f751c994000
 close(3)                                = 0
 access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
 open("/lib/x86_64-linux-gnu/libglib-2.0.so.0", O_RDONLY) = 3
 read(3, "\177ELF\2\1\1\3>\1\320k\1"..., 832) = 832
 fstat(3, {st_mode=S_IFREG|0644, st_size=975080, ...}) = 0
 mmap(NULL, 3072520, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f751c4b3000
 mprotect(0x7f751c5a0000, 2093056, PROT_NONE) = 0
 mmap(0x7f751c79f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xec000) = 0x7f751c79f000
 mmap(0x7f751c7a1000, 520, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f751c7a1000
 close(3)                                = 0
 open("/usr/local/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
[...]
 mmap(NULL, 179820, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f751c994000
 close(3)                                = 0
 access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
 open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY) = 3
 read(3, "\177ELF\2\1\1\3>\1\20\""..., 832) = 832
 fstat(3, {st_mode=S_IFREG|0644, st_size=51728, ...}) = 0
 mmap(NULL, 2148104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f751b8b0000
 mprotect(0x7f751b8bc000, 2093056, PROT_NONE) = 0
 mmap(0x7f751babb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x7f751babb000
 close(3)                                = 0
 mprotect(0x7f751babb000, 4096, PROT_READ) = 0
 munmap(0x7f751c994000, 179820)          = 0
 open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
 fcntl(3, F_GETFD)                       = 0x1 (flags FD_CLOEXEC)
 fstat(3, {st_mode=S_IFREG|0644, st_size=315, ...}) = 0
 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f751c9bf000
 read(3, "127.0.0.1\tlocalhost\n127.0.1.1\tal"..., 4096) = 315
 read(3, "", 4096)                       = 0
 close(3)                                = 0
 munmap(0x7f751c9bf000, 4096)            = 0
 open("/etc/gai.conf", O_RDONLY)         = 3
 fstat(3, {st_mode=S_IFREG|0644, st_size=3343, ...}) = 0
 fstat(3, {st_mode=S_IFREG|0644, st_size=3343, ...}) = 0
 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f751c9bf000
 read(3, "# Configuration for getaddrinfo("..., 4096) = 3343
 read(3, "", 4096)                       = 0
 close(3)                                = 0
 munmap(0x7f751c9bf000, 4096)            = 0
 futex(0x7f751c4af460, FUTEX_WAKE_PRIVATE, 2147483647) = 0
 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
 connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
 getsockname(3, {sa_family=AF_INET, sin_port=htons(58567), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
 close(3)                                = 0
 socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3
 connect(3, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
 getsockname(3, {sa_family=AF_INET6, sin6_port=htons(42803), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
 close(3)                                = 0
 socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 3
 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
 bind(3, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EACCES (Permission denied)
 close(3)                                = 0
 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
 bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EACCES (Permission denied)
 close(3)                                = 0
 write(2, "nc: ", 4nc: )                     = 4
 write(2, "Permission denied\n", 18Permission denied
 )     = 18
 exit_group(1)                           = ?

To most people that see this flying up their terminal this initially looks like gobbledygook, but it's really quite easy to parse when a few things are explained.

For each line:

open("/etc/gai.conf", O_RDONLY)         = 3

Therefore for this particular line, the system call is open , the arguments are the string /etc/gai.conf and the constant O_RDONLY , and the return value was 3 .

How to make sense of this?

Some of these system calls can be guessed or enough can be inferred from context. Most readers will figure out that the above line is the attempt to open a file with read-only permission.

In the case of the above failure, we can see that before the program calls exit_group, there is a couple of calls to bind that return "Permission denied":

 bind(3, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EACCES (Permission denied)
 close(3)                                = 0
 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
 bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EACCES (Permission denied)
 close(3)                                = 0
 write(2, "nc: ", 4nc: )                     = 4
 write(2, "Permission denied\n", 18Permission denied
 )     = 18
 exit_group(1)                           = ?

We might therefore want to understand what "bind" is and why it might be failing.

You need to get a copy of the system call's documentation. On ubuntu and related distributions of linux, the documentation is in the manpages-dev package, and can be invoked by eg ​​ man 2 bind (I just used strace to determine which file man 2 bind opened and then did a dpkg -S to determine from which package it came!). You can also look up online if you have access, but if you can auto-install via a package manager you're more likely to get docs that match your installation.

Right there in my man 2 bind page it says:

ERRORS
EACCES The address is protected, and the user is not the superuser.

So there is the answer – we're trying to bind to a port that can only be bound to if you are the super-user.

My Library Is Not Loading!

Imagine a situation where developer A's perl script is working fine, but not on developer B's identical one is not (again, the output has been edited).
In this case, we strace the output on developer B's computer to see how it's working:

$ strace perl a.pl
execve("/usr/bin/perl", ["perl", "a.pl"], [/* 57 vars */]) = 0
brk(0)                                  = 0xa8f000
[...]fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
fstat(3, {st_mode=S_IFREG|0664, st_size=14, ...}) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
brk(0xad1000)                           = 0xad1000
read(3, "use blahlib;\n\n", 4096)       = 14
stat("/space/myperllib/blahlib.pmc", 0x7fffbaf7f3d0) = -1 ENOENT (No such file or directory)
stat("/space/myperllib/blahlib.pm", {st_mode=S_IFREG|0644, st_size=7692, ...}) = 0
open("/space/myperllib/blahlib.pm", O_RDONLY) = 4
ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffbaf7f090) = -1 ENOTTY (Inappropriate ioctl for device)
[...]mmap(0x7f4c45ea8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x4000) = 0x7f4c45ea8000
close(5)                                = 0
mprotect(0x7f4c45ea8000, 4096, PROT_READ) = 0
brk(0xb55000)                           = 0xb55000
read(4, "swrite($_[0], $_[1], $_[2], $_[3"..., 4096) = 3596
brk(0xb77000)                           = 0xb77000
read(4, "", 4096)                       = 0
close(4)                                = 0
read(3, "", 4096)                       = 0
close(3)                                = 0
exit_group(0)                           = ?

We observe that the file is found in what looks like an unusual place.

open("/space/myperllib/blahlib.pm", O_RDONLY) = 4

Inspecting the environment, we see that:

$ env | grep myperl
PERL5LIB=/space/myperllib

So the solution is to set the same env variable before running:

export PERL5LIB=/space/myperllib
Get to know the internals bit by bit

If you do this a lot, or idly run strace on various commands and peruse the output, you can learn all sorts of things about the internals of your OS. If you're like me, this is a great way to learn how things work. For example, just now I've had a look at the file /etc/gai.conf , which I'd never come across before writing this.

Once your interest has been piqued, I recommend getting a copy of "Advanced Programming in the Unix Environment" by Stevens & Rago, and reading it cover to cover. Not all of it will go in, but as you use strace more and more, and (hopefully) browse C code more and more understanding will grow.

Gotchas

If you're running a program that calls other programs, it's important to run with the -f flag, which "follows" child processes and straces them. -ff creates a separate file with the pid suffixed to the name.

If you're on solaris, this program doesn't exist – you need to use truss instead.

Many production environments will not have this program installed for security reasons. strace doesn't have many library dependencies (on my machine it has the same dependencies as 'echo'), so if you have permission, (or are feeling sneaky) you can just copy the executable up.

Other useful tidbits

You can attach to running processes (can be handy if your program appears to hang or the issue is not readily reproducible) with -p .

If you're looking at performance issues, then the time flags ( -t , -tt , -ttt , and -T ) can help significantly.

vasudevram February 11, 2018 at 5:29 pm

Interesting post. One point: The errors start earlier than what you said.There is a call to access() near the top of the strace output, which fails:

access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)

vasudevram February 11, 2018 at 5:29 pm

I guess that could trigger the other errors.

Benji Wiebe February 11, 2018 at 7:30 pm

A failed access or open system call is not usually an error in the context of launching a program. Generally it is merely checking if a config file exists.

vasudevram February 11, 2018 at 8:24 pm

>A failed access or open system call is not usually an error in the context of launching a program.

Yes, good point, that could be so, if the programmer meant to ignore the error, and if it was not an issue to do so.

>Generally it is merely checking if a config file exists.

The file name being access'ed is "/etc/ld.so.nohwcap" – not sure if it is a config file or not.

[Jul 01, 2020] Use curl to test an application's endpoint or connectivity to an upstream service endpoint

Notable quotes:
"... The -I option shows the header information and the -s option silences the response body. Checking the endpoint of your database from your local desktop: ..."
Jul 01, 2020 | opensource.com

curl

curl transfers a URL. Use this command to test an application's endpoint or connectivity to an upstream service endpoint. c url can be useful for determining if your application can reach another service, such as a database, or checking if your service is healthy.

As an example, imagine your application throws an HTTP 500 error indicating it can't reach a MongoDB database:

$ curl -I -s myapplication: 5000
HTTP / 1.0 500 INTERNAL SERVER ERROR

The -I option shows the header information and the -s option silences the response body. Checking the endpoint of your database from your local desktop:

$ curl -I -s database: 27017
HTTP / 1.0 200 OK

So what could be the problem? Check if your application can get to other places besides the database from the application host:

$ curl -I -s https: // opensource.com
HTTP / 1.1 200 OK

That seems to be okay. Now try to reach the database from the application host. Your application is using the database's hostname, so try that first:

$ curl database: 27017
curl: ( 6 ) Couldn 't resolve host ' database '

This indicates that your application cannot resolve the database because the URL of the database is unavailable or the host (container or VM) does not have a nameserver it can use to resolve the hostname.

[Jun 28, 2020] Getting started with socat, a multipurpose relay tool for Linux - Enable Sysadmin

Jun 28, 2020 | www.redhat.com

The socat utility is a relay for bidirectional data transfers between two independent data channels.

There are many different types of channels socat can connect, including:

This tool is regarded as the advanced version of netcat . They do similar things, but socat has more additional functionality, such as permitting multiple clients to listen on a port, or reusing connections.

Why do we need socat?

There are many ways to use socate effectively. Here are a few examples:

How do we use socat?

The syntax for socat is fairly simple:

socat [options] <address> <address>

You must provide the source and destination addresses for it to work. The syntax for these addresses is:

protocol:ip:port
Examples of using socat

Let's get started with some basic examples of using socat for various connections.

1. Connect to TCP port 80 on the local or remote system:

# socat - TCP4:www.example.com:80

In this case, socat transfers data between STDIO (-) and a TCP4 connection to port 80 on a host named www.example.com.

2. Use socat as a TCP port forwarder:

For a single connection, enter:

# socat TCP4-LISTEN:81 TCP4:192.168.1.10:80

For multiple connections, use the fork option as used in the examples below:

# socat TCP4-LISTEN:81,fork,reuseaddr TCP4:TCP4:192.168.1.10:80

This example listens on port 81, accepts connections, and forwards the connections to port 80 on the remote host.

# socat TCP-LISTEN:3307,reuseaddr,fork UNIX-CONNECT:/var/lib/mysql/mysql.sock

The above example listens on port 3307, accepts connections, and forwards the connections to a Unix socket on the remote host.

3. Implement a simple network-based message collector:

# socat -u TCP4-LISTEN:3334,reuseaddr,fork OPEN:/tmp/test.log,creat,append

In this example, when a client connects to port 3334, a new child process is generated. All data sent by the clients is appended to the file /tmp/test.log . If the file does not exist, socat creates it. The option reuseaddr allows an immediate restart of the server process.

4. Send a broadcast to the local network:

# socat - UDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0

In this case, socat transfers data from stdin to the specified multicast address using UDP over port 6666 for both the local and remote connections. The command also tells the interface eth0 to accept multicast packets for the given group.

Practical uses for socat

Socat is a great tool for troubleshooting. It is also handy for easily making remote connections. Practically, I have used socat for remote MySQL connections. In the example below, I demonstrate how I use socat to connect my web application to a remote MySQL server by connecting over the local socket.

1. On my remote MySQL server, I enter:

# socat TCP-LISTEN:3307,reuseaddr,fork UNIX-CONNECT:/var/lib/mysql/mysql.sock &

This command starts socat and configures it to listen by using port 3307.

2. On my webserver, I enter:

# socat UNIX-LISTEN:/var/lib/mysql/mysql.sock,fork,reuseaddr,unlink-early,user=mysql,group=mysql,mode=777 TCP:192.168.100.5:3307 &

The above command connects to the remote server 192.168.100.5 by using port 3307.

However, all communication will be done on the Unix socket /var/lib/mysql/mysql.sock , and this makes it appear to be a local server.

Wrap up

socat is a sophisticated utility and indeed an excellent tool for every sysadmin to get things done and for troubleshooting. Follow this link to read more examples of using socat .

[Feb 04, 2019] How to detect duplicate IP address on network in Linux

Feb 04, 2019 | www.thegeekdiary.com

By admin

"Error, some other host already uses address" is printed when running 'service network restart' or 'ifup ethX' command on a CentOS/RHEL system. How to check for a duplicate IP address in the network?

Using arping Command Run the arping command with the -D switch to enable Duplicate Address

Detection. In the following example, substitute the address that you believe has been duplicated, and the interface that address is on.

# arping -D -w 5 -I ethX IP.ADDRESS.TO.TEST # echo $? The 'echo

[Read more...] about How to detect duplicate IP address on network in Linux

[Dec 28, 2018] Linux ip Command Examples

Dec 28, 2018 | www.cyberciti.biz

The ip command is used to assign an address to a network interface and/or configure network interface parameters on Linux operating systems. This command replaces old good and now deprecated ifconfig command on modern Linux distributions.

ip command details
Description Network configuration
Category Network Utilities
Difficulty Intermediate
Root privileges Yes
Estimated completion time 20m
Contents
It is used for the following purposes:
  1. Find out which interfaces are configured on the system.
  2. Query the status of a IP interface.
  3. Configure the local loop-back, Ethernet and other IP interfaces.
  4. Mark the interface as up or down.
  5. Configure and modify default and static routing.
  6. Set up tunnel over IP.
  7. Show ARP or NDISC cache entry.
  8. Assign, delete, set up IP address, routes, subnet and other IP information to IP interfaces.
  9. List IP Addresses and property information.
  10. Manage and display the state of all network.
  11. Gather multicast IP addresses info.
  12. Show neighbor objects i.e. ARP cache, invalidate ARP cache, add an entry to ARP cache and more.
  13. Set or delete routing entry.
  14. Find the route an address (say 8.8.8.8 or 192.168.2.24) will take.
  15. Modify the status of interface.
Purpose

Use this command to display and configure the network parameters for host interfaces.

Syntax

ip OBJECT COMMAND
ip [options] OBJECT COMMAND
ip OBJECT help

Understanding ip command OBJECTS syntax

OBJECTS can be any one of the following and may be written in full or abbreviated form:

Object Abbreviated form Purpose
link l Network device.
address a
addr
Protocol (IP or IPv6) address on a device.
addrlabel addrl Label configuration for protocol address selection.
neighbour n
neigh
ARP or NDISC cache entry.
route r Routing table entry.
rule ru Rule in routing policy database.
maddress m
maddr
Multicast address.
mroute mr Multicast routing cache entry.
tunnel t Tunnel over IP.
xfrm x Framework for IPsec protocol.

To get information about each object use help command as follows:

ip OBJECT help
ip OBJECT h
ip a help
ip r help

Warning : The commands described below must be executed with care. If you make a mistake, you will loos connectivity to the server. You must take special care while working over the ssh based remote session.

ip command examples

Don't be intimidated by ip command syntax. Let us get started quickly with examples.

Displays info about all network interfaces

Type the following command to list and show all ip address associated on on all network interfaces:
ip a
OR
ip addr
Sample outputs:

Fig.01 Showing IP address assigned to eth0, eth1, lo using ip command
Fig.01 Showing IP address assigned to eth0, eth1, lo using ip command

You can select between IPv4 and IPv6 using the following syntax:
### Only show TCP/IP IPv4  ##
ip -4 a
 
### Only show TCP/IP IPv6  ###
ip -6 a

It is also possible to specify and list particular interface TCP/IP details:

### Only show eth0 interface ###
ip a show eth0
ip a list eth0
ip a show dev eth0
 
### Only show running interfaces ###
ip link ls up

Linux ip command examples for sysadmin

Assigns the IP address to the interface

The syntax is as follows to add an IPv4/IPv6 address:
ip a add {ip_addr/mask} dev {interface}
To assign 192.168.1.200/255.255.255.0 to eth0, enter:
ip a add 192.168.1.200/255.255.255.0 dev eth0
OR
ip a add 192.168.1.200/24 dev eth0

ADDING THE BROADCAST ADDRESS ON THE INTERFACE

By default, the ip command does not set any broadcast address unless explicitly requested. So syntax is as follows to set broadcast ADDRESS:
ip addr add brd {ADDDRESS-HERE} dev {interface}
ip addr add broadcast {ADDDRESS-HERE} dev {interface}
ip addr add broadcast 172.20.10.255 dev dummy0

It is possible to use the special symbols such as + and - instead of the broadcast address by setting/resetting the host bits of the interface pre x. In this example, add the address 192.168.1.50 with netmask 255.255.255.0 (/24) with standard broadcast and label "eth0Home" to the interface eth0:
ip addr add 192.168.1.50/24 brd + dev eth0 label eth0Home
You can set loopback address to the loopback device lo as follows:
ip addr add 127.0.0.1/8 dev lo brd + scope host

Remove / Delete the IP address from the interface

The syntax is as follows to remove an IPv4/IPv6 address:
ip a del {ipv6_addr_OR_ipv4_addr} dev {interface}

To delete 192.168.1.200/24 from eth0, enter:
ip a del 192.168.1.200/24 dev eth0

Flush the IP address from the interface

You can delete or remote an IPv4/IPv6 address one-by-one as described above . However, the flush command can remove as flush the IP address as per given condition. For example, you can delete all the IP addresses from the private network 192.168.2.0/24 using the following command:
ip -s -s a f to 192.168.2.0/24
Sample outputs:

2: eth0    inet 192.168.2.201/24 scope global secondary eth0
2: eth0    inet 192.168.2.200/24 scope global eth0

*** Round 1, deleting 2 addresses ***
*** Flush is complete after 1 round ***

You can disable IP address on all the ppp (Point-to-Point) interfaces:
ip -4 addr flush label "ppp*"

Here is another example for all the Ethernet interfaces:
ip -4 addr flush label "eth*"

How do I change the state of the device to UP or DOWN?

The syntax is as follows:
ip link set dev {DEVICE} {up|down}
To make the state of the device eth1 down, enter:
ip link set dev eth1 down
To make the state of the device eth1 up, enter:
ip link set dev eth1 up

How do I change the txqueuelen of the device?

You can set the length of the transmit queue of the device using ifconfig command or ip command as follows:
ip link set txqueuelen {NUMBER} dev {DEVICE}
In this example, change the default txqueuelen from 1000 to 10000 for the eth0:
ip link set txqueuelen 10000 dev eth0
ip a list eth0

How do I change the MTU of the device?

For gigabit networks you can set maximum transmission units (MTU) sizes (JumboFrames) for better network performance. The syntax is:
ip link set mtu {NUMBER} dev {DEVICE}
To change the MTU of the device eth0 to 9000, enter:
ip link set mtu 9000 dev eth0
ip a list eth0

Sample outputs:

2: eth0:  mtu 9000 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:08:9b:c4:30:30 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global eth1
    inet6 fe80::208:9bff:fec4:3030/64 scope link 
       valid_lft forever preferred_lft forever
Display neighbour/arp cache

The syntax is:
ip n show
ip neigh show

Sample outputs (note: I masked out some data with alphabets):

74.xx.yy.zz dev eth1 lladdr 00:30:48:yy:zz:ww REACHABLE
10.10.29.66 dev eth0 lladdr 00:30:48:c6:0a:d8 REACHABLE
74.ww.yyy.xxx dev eth1 lladdr 00:1a:30:yy:zz:ww REACHABLE
10.10.29.68 dev eth0 lladdr 00:30:48:33:bc:32 REACHABLE
74.fff.uu.cc dev eth1 lladdr 00:30:48:yy:zz:ww STALE
74.rr.ww.fff dev eth1 lladdr 00:30:48:yy:zz:ww DELAY
10.10.29.65 dev eth0 lladdr 00:1a:30:38:a8:00 REACHABLE
10.10.29.74 dev eth0 lladdr 00:30:48:8e:31:ac REACHABLE

The last field show the the state of the " neighbour unreachability detection " machine for this entry:

  1. STALE – The neighbour is valid, but is probably already unreachable, so the kernel will try to check it at the first transmission.
  2. DELAY – A packet has been sent to the stale neighbour and the kernel is waiting for confirmation.
  3. REACHABLE – The neighbour is valid and apparently reachable.
Add a new ARP entry

The syntax is:
ip neigh add {IP-HERE} lladdr {MAC/LLADDRESS} dev {DEVICE} nud {STATE}
In this example, add a permanent ARP entry for the neighbour 192.168.1.5 on the device eth0:
ip neigh add 192.168.1.5 lladdr 00:1a:30:38:a8:00 dev eth0 nud perm
Where,

neighbour state (nud) meaning
permanent The neighbour entry is valid forever and can be only be removed administratively
noarp The neighbour entry is valid. No attempts to validate this entry will be made but it can be removed when its lifetime expires.
stale The neighbour entry is valid but suspicious. This option to ip neigh does not change the neighbour state if it was valid and the address is not changed by this command.
reachable The neighbour entry is valid until the reachability timeout expires.
Delete a ARP entry

The syntax to invalidate or delete an ARP entry for the neighbour 192.168.1.5 on the device eth1 is as follows.
ip neigh del {IPAddress} dev {DEVICE}
ip neigh del 192.168.1.5 dev eth1

CHANGE ARE STATE TO REACHABLE FOR THE NEIGHBOUR 192.168.1.100 ON THE DEVICE ETH1

ip neigh chg 192.168.1.100 dev eth1 nud reachable

Flush ARP entry

This flush or f command flushes neighbour/arp tables, by specifying some condition. The syntax is:
ip -s -s n f {IPAddress}
In this example, flush neighbour/arp table
ip -s -s n f 192.168.1.5
OR
ip -s -s n flush 192.168.1.5

ip route: Routing table management commands

Use the following command to manage or manipulate the kernel routing table.

Show routing table

To display the contents of the routing tables:
ip r
ip r list
ip route list
ip r list [options]
ip route

Sample outputs:

default via 192.168.1.254 dev eth1 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.10

Display routing for 192.168.1.0/24:
ip r list 192.168.1.0/24
Sample outputs:

192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.10
Add a new route

The syntax is:
ip route add {NETWORK/MASK} via {GATEWAYIP}
ip route add {NETWORK/MASK} dev {DEVICE}
ip route add default {NETWORK/MASK} dev {DEVICE}
ip route add default {NETWORK/MASK} via {GATEWAYIP}

Add a plain route to network 192.168.1.0/24 via gateway 192.168.1.254 :
ip route add 192.168.1.0/24 via 192.168.1.254
To route all traffic via 192.168.1.254 gateway connected via eth0 network interface:
ip route add 192.168.1.0/24 dev eth0

Delete a route

The syntax is as follows to delete default gateway:
ip route del default
In this example, delete the route created in previous subsection :
ip route del 192.168.1.0/24 dev eth0

Old vs. new tool

Deprecated Linux command and their replacement cheat sheet:

Old command (Deprecated) New command
ifconfig -a ip a
ifconfig enp6s0 down ip link set enp6s0 down
ifconfig enp6s0 up ip link set enp6s0 up
ifconfig enp6s0 192.168.2.24 ip addr add 192.168.2.24/24 dev enp6s0
ifconfig enp6s0 netmask 255.255.255.0 ip addr add 192.168.1.1/24 dev enp6s0
ifconfig enp6s0 mtu 9000 ip link set enp6s0 mtu 9000
ifconfig enp6s0:0 192.168.2.25 ip addr add 192.168.2.25/24 dev enp6s0
netstat ss
netstat -tulpn ss -tulpn
netstat -neopa ss -neopa
netstat -g ip maddr
route ip r
route add -net 192.168.2.0 netmask 255.255.255.0 dev enp6s0 ip route add 192.168.2.0/24 dev enp6s0
route add default gw 192.168.2.254 ip route add default via 192.168.2.254
arp -a ip neigh
arp -v ip -s neigh
arp -s 192.168.2.33 1:2:3:4:5:6 ip neigh add 192.168.3.33 lladdr 1:2:3:4:5:6 dev enp6s0
arp -i enp6s0 -d 192.168.2.254 ip neigh del 192.168.2.254 dev wlp7s0
Category List of Unix and Linux commands
File Management cat
Network Utilities dig • host • ip •
Package Manager apk • apt
Processes Management bg • chroot • disown • fg • jobs • kill • killall • pwdx • time • pidof • pstree
Searching whereis • which
User Information id • groups • last • lastcomm • logname • users • w • who • whoami • lid/libuser-lid • members

SHARE ON Facebook Twitter

me width=

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter . GOT FEEDBACK? CLICK HERE TO JOIN THE DISCUSSION

Start the discussion at www.nixcraft.com Historical Comment Archive 8 comment

  1. Alyson Calhoun says: January 24, 2014 at 2:05 pm

    Great information. Thank you!

  2. Zhi says: January 25, 2014 at 1:07 am

    what's the command to set the interface to use DHCP?

    1. Nix Craft says: January 25, 2014 at 7:09 am

      Use dhclient command .

  3. Girish says: June 2, 2014 at 3:35 am

    Can you please comment if it is possible to configure a point-to-point interface using the "ip" command set? I am especially looking to change the broadcast nature of an eth interface (the link encap and network type) to behave as point-to-point link. At the same time I don't want to use the PPP, or ay other protocol.

  4. positive says: November 15, 2014 at 8:09 pm

    good job mate

  5. Kuba says: December 2, 2014 at 10:46 am

    Is it possible to make permanent changes using ip command (boot persistent)?

  6. zed says: September 5, 2015 at 9:29 am

    How save configuration for after reboot?
    there are for example ip route save, but its in binary and mostly useless.
    ip command need to have ip xxx dump, with make valid ip calls to make same configuration. same as iptables have iptables-save.
    now, in ages of cloud, we need json interface, so we can all power of ip incorporate in couble easy steps to REST interface.

  7. Ernest says: June 14, 2017 at 11:56 am

    Helpful article
    Thank You

Have a question? Post it on our forum!

Tagged as: Tags ip command , Intermediate , Network Utilities

[Nov 15, 2018] 10 Linux Commands For Network Diagnostics - LinuxAndUbuntu - Linux News FOSS Reviews Linux Tutorials HowTo

Nov 15, 2018 | www.linuxandubuntu.com
10 Linux Commands For Network Diagnostics

15/11/2018

Comments 10 Linux Commands For Network Diagnostics It is difficult to find a Linux computer that is not connected to the network , be it server or workstation. From time to time it becomes necessary to diagnose faults, intermittence or slowness in the network. In this article, we will review some of the Linux commands most used for network diagnostics. 10 Linux Commands For Network Diagnostics 1. ping One of the first commands, if not the first one, when diagnosing a network failure or intermittence. The ping tool will help us determine if there is a connection in the network, be it local or the Internet.

[root @ horla] # ping www.linuxandubuntu.com
PING www.linuxandubuntu.com (173.274.34.38) 56 (84) bytes of data.
64 bytes from r4-nyc.webserversystems.com (173.274.34.38): icmp_seq = 1 ttl = 59 time = 2.52 ms
64 bytes from r4-nyc.webserversystems.com (173.274.34.38): icmp_seq = 2 ttl = 59 time = 2.26 ms
64 bytes from r4-nyc.webserversystems.com (173.274.34.38): icmp_seq = 3 ttl = 59 time = 2.31 ms
64 bytes from r4-nyc.webserversystems.com (173.274.34.38): icmp_seq = 4 ttl = 59 time = 2.36 ms
64 bytes from r4-nyc.webserversystems.com (173.274.34.38): icmp_seq = 5 ttl = 59 time = 2.33 ms
64 bytes from r4-nyc.webserversystems.com (173.274.34.38): icmp_seq = 6 ttl = 59 time = 2.24 ms
64 bytes from r4-nyc.webserversystems.com (173.274.34.38): icmp_seq = 7 ttl = 59 time = 2.35 ms
2. traceroute This command allows us to see the jumps that are needed to reach a destination. In this case, we see the jumps that are required to reach our website. This test was done from a laptop with Linux. In the example, we make a traceroute to our website, www.linuxandubuntu.com.
horla @ horla-ProBook: ~ $ traceroute www.linuxandubuntu.com
traceroute to www.linuxandubuntu.com (173.274.34.38), 30 hops max, 60 byte packets
 1 linuxandubuntu.com (192.168.1.1) 267,686 ms 267,656 ms 267,616 ms
 2 10.104.0.1 (10.104.0.1) 267.630 ms 267.579 ms 267.553 ms
 3 10,226,252,209 (10,226,252,209) 267,459 ms 267,426 ms 267,396 ms
 4 * * *
 5 10,111.2,137 (10,111.2,137) 266,913 ms 10,111.2,141 (10,111.2,141) 266,784 ms 10,111.2,101 (10,111.2,101) 266,678 ms
 6 5.53.0.149 (5.53.0.149) 266.594 ms 104.340 ms 104.273 ms
 7 5.53.3.155 (5.53.3.155) 135.133 ms 94.142.98.147 (94.142.98.147) 135.055 ms 176.52.255.35 (176.52.255.35) 135.069 ms
 8 94,142,127,229 (94,142,127,229) 197,890 ms 5.53.6.49 (5.53.6.49) 197,850 ms 94,142,126,161 (94,142,126,161) 223,327 ms
 9 ae-11.r07.nycmny01.us.bb.gin.ntt.net (129.250.9.1) 197.702 ms 197.715 ms 180.145 ms
10 * * *
11 csc180.gsc.webair.net (173.239.0.26) 179.719 ms 149.475 ms 149.383 ms
12 dsn010.gsc.webair.net (173.239.0.34) 149.288 ms 168.309 ms 168.202 ms
13 r4-nyc.webserversystems.com (173.274.34.38) 168.086 ms 168.105 ms 142.733 ms
horla @ horla-ProBook: ~ $
3. route This command allows us to see the route that our Linux team uses to connect to the network, in this case. Our equipment leaves through router 192.168.1.1.
horla @ horla-ProBook: ~ $ route -n 
Core IP route table
Destination Gateway Genmask Indic Metric Ref Use Interface
0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlo1
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlo1
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlo1
horla @ horla-ProBook: ~ $
4. dig This command allows us to verify if the DNS is working correctly, before that, we must verify which DNS we have in the network configuration. In this example, we want to see the IP address of our website, www.linuxandubuntu.com which returns us 173.274.34.38.
horla-ProBook: ~ $ dig www.linuxandubuntu.com
; << >> DiG 9.10.3-P4-Ubuntu << >> www.linuxandubuntu.com ;; global options: + cmd ;; Got answer: ;; - >> HEADER << - opcode: QUERY, status: NOERROR, id: 12083 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:; www.linuxandubuntu.com. IN A
;; ANSWER SECTION: www.linuxandubuntu.com. 2821 IN A 173.274.34.38
;; Query time: 21 msec ;; SERVER: 127.0.1.1 # 53 (127.0.1.1) ;; WHEN: Wed Nov 7 19:58:30 PET 2018 ;; MSG SIZE rcvd: 51
horla @ horla-ProBook: ~ $
5. ethtool This tool is a replacement for mii-tool. It comes from CentOS6 onwards and allows to see if the network card is physically connected to the network, that is. We can diagnose if the network cable is actually connected to the switch.
# ethtool eth0
Settings for eth0: Supported ports: [] 
Supported link modes: Not reported 
Supported pause frame use: No 
Supports auto-negotiation: No Advertised 
link modes: Not reported 
Advertised pause frame use: No 
Advertised auto-negotiation: No 
Speed: Unknown! Duplex: Unknown! (255)
Port: Other PHYAD: 0 
Transceiver: internal 
Auto-negotiation: off 
Link detected: yes
6. IP ADDR LS Another of the specific tools of Linux that allows us to list the network cards and their respective IP addresses. This tool is very useful when you have several IP addresses configured.
[root@linux named]# ip addr ls
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
2: eth6:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
 link/ether 00:15:5d:a0:f6:05 brd ff:ff:ff:ff:ff:ff
 inet 193.82.34.169/27 brd 190.82.35.192 scope global eth6
 inet 192.168.61.10/24 brd 192.168.61.255 scope global eth6:1
 inet6 fe80::215:5dff:fea0:f605/64 scope link 
 valid_lft forever preferred_lft forever
7. ifconfig As essential as the previous ones, ifconfig allows us to see the network configuration of the cards installed in our team. In this case, 1 physical network card disconnected in p37s0, the local network card or localhost lo and the wireless network card wlo1 which is connected to the network is shown. We intentionally highlight the installed cards and the assigned IP addresses.
horla @ horla-ProBook: ~ $ ifconfig
 enp37s0 Link encap: Ethernet addressHW 2c: 41: 38: 15: 4b: 0e
 ACTIVE MULTICAST MTU DISTRIBUTION: 1500 Metric: 1
 RX packages: 0 errors: 0 lost: 0 overruns: 0 frame: 0
 TX packages: 0 errors: 0 lost: 0 overruns: 0 carrier: 0
 collisions: 0 long.colaTX: 1000 
 Bytes RX: 0 (0.0 B) TX bytes: 0 (0.0 B)

lo Link encap: Local loop
 Direc. inet: 127.0.0.1 Másc: 255.0.0.0
 Inet6 address: :: 1/128 Scope: Host
 ACTIVE LOOP RUNNING MTU: 65536 Metric: 1
 RX packages: 19095 errors: 0 lost: 0 overruns: 0 frame: 0
 TX packages: 19095 errors: 0 lost: 0 overruns: 0 carrier: 0
 Collisions: 0 long.colaTX: 1 
 Bytes RX: 1716020 (1.7 MB) TX bytes: 1716020 (1.7 MB)

wlo1 Link encap: Ethernet addressHW 20: 10: 7a: fc: b1: 44
 Direc. inet: 192.168.1.102 Difus.:192.168.1.255 Masc: 255.255.255.0
 Inet6 address: fe80 :: 2b5d: 1b14: 75a: e095 / 64 Scope: Link
 ACTIVE DIFFUSION FUNCTIONING MULTICAST MTU: 1500 Metric: 1
 RX packages: 1660063 errors: 0 lost: 0 overruns: 0 frame: 0
 TX packages: 1285046 errors: 0 lost: 0 overruns: 0 carrier: 0
 collisions: 0 long.colaTX: 1000 
 Bytes RX: 966719020 (966.7 MB) TX bytes: 209302107 (209.3 MB)

horla @ horla-ProBook: ~ $
8. mtr Another one of our favorite tools MTR or My Traceroute allows us to see the router jumps and ping each one. This is very useful to determine which of these routers are those that have delays in network traffic.
                              My traceroute [v0.75]                                                               

 My traceroute [v0.75] router02 (0.0.0.0) Nov 7 20:19:24 2018Resolver: Received error response 2. (server failure) er of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 
1. router2-linuxandubuntu.com 0.0% 11 0.7 0.7 0.6 0.8 0.1 
2. 173.255.239.16 0.0% 11 0.8 0.9 0.8 1.6 0.2 
3. 173.255.239.8 0.0% 11 2.9 3.2 0.8 7.8 2.1 
4. ??? 
5. es0.nyc4.webair.net 0.0% 10 2.0 2.6 1.8 7.7 1.8 
6. csc180.gsc.webair.net 0.0% 10 2.6 2.6 2.6 2.7 0.1 
7. dsn010.gsc.webair.net 0.0% 10 2.2 2.2 2.1 2.3 0.1 
8. r4-nyc.webserversystems.com 0.0% 10 2.3 2.4 2.2 2.5 0.1

9. nslookup Another tool to know the IP address of the host we want to reach. In this case, we want to know the IP of our website, www.linuxandubuntu.com.
# nslookup www.linuxandubuntu.com
Server: 127.0.0.1
Address: 127.0.0.1 # 53
Non-authoritative answer:
Name: www.linuxandubuntu.com
Address: 173.274.34.38
10. nmtui-edit Network Manager Text User Interface (nmtui or Network Manager based on command line). It uses ncurses and allows us to easily configure from the terminal and without additional dependencies. It offers a graphical interface, based on text, so that the user makes those modifications. Conclusion With these networking commands , we will have the opportunity to perform a much more direct and precise management on the various parameters of the network in Linux environments. Also With the mtr command as we mention above, we can have a simpler control over the state of our network and check in a much more central way its different aspects focused on its optimization. Thanks for reading.

[Oct 14, 2018] There're a metric fuckton of reports of systemd killing detached/nohup'd processes

Notable quotes:
"... Reading stuff in /proc is a standard mechanism and where appropriate, all the tools are doing the same including 'ss' that you mentioned (which is btw very poorly designed) ..."
Oct 14, 2018 | linux.slashdot.org
Andrew Gryaznov ( 4260673 ) #56684222 )

Total nonesense ( Score: 3 , Interesting)

I am Linux kernel network and proprietary distributions developer and have actually read the code.

Reading stuff in /proc is a standard mechanism and where appropriate, all the tools are doing the same including 'ss' that you mentioned (which is btw very poorly designed)

Also there are several implementations of the net tools, the one from busybox probably the most famous alternative one and implementations don't hesitate changing how, when and what is being presented.

What is true though is that Linux kernel APIs are sometimes messy and tools like e.g. pyroute2 are struggling with working around limitations and confusions. There is also a big mess with the whole netfilter package as the only "API" is the iptables command-line tool itself.

Linux is arguably the biggest and most important project on Earth and should respect all views, races and opinions. If you would like to implement a more efficient and streamlined network interface (which I very much beg for and may eventually find time to do) - then I'm all in with you. I have some ideas of how to make the interface programmable by extending JIT rules engine and making possible to implement the most demanding network logic in kernel directly (e.g. protocols like mptcp and algorithms like Google Congestion Control for WebRTC).

adosch ( 1397357 ) , Sunday May 27, 2018 @04:04PM ( #56684724 )
Thats... the argument? FML ( Score: 4 , Interesting)

The OP's argument is that netlink sockets are more efficient in theory so we should abandon anything that uses a pseudo-proc, re-invent the wheel and move even farther from the UNIX tradition and POSIX compliance? And it may be slower on larger systems? Define that for me because I've never experienced that. I've worked on single stove-pipe x86 systems, to the 'SPARC archteciture' generation where everyone thought Sun/Solaris was the way to go with single entire systems in a 42U rack, IRIX systems, all the way on hundreds of RPM-base linux distro that are physical, hypervised and containered nodes in an HPC which are LARGE compute systems (fat and compute nodes).

That's a total shit comment with zero facts to back it up. This is like Good Will Hunting 'the bar scene' revisited...

OP, if you're an old hat like me, I'd fucking LOVE to know how old? You sound like you've got about 5 days soaking wet under your belt with a Milkshake IPA in your hand. You sound like a millennial developer-turned-sysadmin-for-a-day who's got all but cloud-framework-administration under your belt and are being a complete poser. Any true sys-admin is going to flip-their-shit just like we ALL did with systemd, and that shit still needs to die. There, I got that off my chest.

I'd say you got two things right, but are completely off on one of them:

* Your description of inefficient is what you got right: you sound like my mother or grandmother describing their computing experiences to look at Pintrest on a web brower at times. You mind as well just said slow without any bearing, education guess or reason. Sigh...

* I would agree that some of these tools need to change, but only to handle deeper kernel containerization being built into Linux. One example that comes to mind is 'hostnamectl' where it's more dev-ops centric in terms of 'what' slice or provision you're referencing. A lot of those tools like ifconfig, route and alike still do work in any Linux environment, containerized or not --- fuck, they work today .

Anymore, I'm just a disgruntled and I'm sure soon-to-be-modded-down voice on /. that should be taken with a grain of salt. I'm not happy with the way the movements of Linux have gone, and if this doesn't sound old hat I don't know what is: At the end of the day, you have to embrace change. I'd say 0.0001% of any of us are in control of those types of changes, no matter how we feel about is as end-user administrators of those tools we've grown to be complacent about. I got about 15y left and this thing called Linux that I've made a good living on will be the-next-guys steaming pile to deal with.

Greyfox ( 87712 ) writes:
Re: ( Score: 3 )

Yeah. The other day I set up some demo video streaming on a Linux box. Fire up screen, start my streaming program. Disconnect screen and exit my ssh system, and my streaming freezes. There're a metric fuckton of reports of systemd killing detached/nohup'd processes, but I check my config file and it's not that. Although them being that willing to walk away from expected system behavior is already cause to blow a gasket. But no, something else is going on here. I tweak the streaming code to catch all catchab

jgotts ( 2785 ) writes: < jgottsNO@SPAMgmail.com > on Sunday May 27, 2018 @06:17PM ( #56685380 )
Some historical color ( Score: 4 , Interesting)

Just to give you guys some color commentary, I was participating quite heavily in Linux development from 1994-1999, and Linus even added me to the CREDITS file while I was at the University of Michigan for my fairly modest contributions to the kernel. [I prefer application development, and I'm still a Linux developer after 24 years. I currently work for the company Internet Brands.]

What I remember about ip and net is that they came about seemingly out of nowhere two decades ago and the person who wrote the tools could barely communicate in English. There was no documentation. net-tools by that time was a well-understood and well-documented package, and many Linux devs at the time had UNIX experience pre-dating Linux (which was announced in 1991 but not very usable until 1994).

We Linux developers virtually created Internet programming, where most of our effort was accomplished online, but in those days everybody still used books and of course the Linux Documentation Project. I have a huge stack of UNIX and Linux books from the 1990's, and I even wrote a mini-HOWTO. There was no Google. People who used Linux back then may seem like wizards today because we had to memorize everything, or else waste time looking it up in a book. Today, even if I'm fairly certain I already know how to do something, I look it up with Google anyway.

Given that, ip and net were downright offensive. We were supposed to switch from a well-documented system to programs written by somebody who can barely speak English (the lingua franca of Linux development)?

Today, the discussion is irrelevant. Solaris, HP-UX, and the other commercial UNIX versions are dead. Ubuntu has the common user and CentOS has the server. Google has complete documentation for these tools at a glance. In my mind, there is now no reason to not switch.

Although, to be fair, I still use ifconfig, even if it is not installed by default.

[Oct 14, 2018] The problem isn't so much new tools as new tools that suck

Systemd looks OK until you get into major troubles and start troubleshooting. After that you are ready to kill systemd developers and blow up Red Hat headquarters ;-)
Notable quotes:
"... Crap tools written by morons with huge egos and rather mediocre skills. Happens time and again an the only sane answer to these people is "no". Good new tools also do not have to be pushed on anybody, they can compete on merit. As soon as there is pressure to use something new though, you can be sure it is inferior. ..."
Oct 14, 2018 | linux.slashdot.org

drinkypoo ( 153816 ) writes: < martin.espinoza@gmail.com > on Sunday May 27, 2018 @11:14AM ( #56683018 ) Homepage Journal

Re:That would break scripts which use the UI ( Score: 5 , Informative)
In general, it's better for application programs, including scripts to use an application programming interface (API) such as /proc, rather than a user interface such as ifconfig, but in reality tons of scripts do use ifconfig and such.

...and they have no other choice, and shell scripting is a central feature of UNIX.

The problem isn't so much new tools as new tools that suck. If I just type ifconfig it will show me the state of all the active interfaces on the system. If I type ifconfig interface I get back pretty much everything I want to know about it. If I want to get the same data back with the ip tool, not only can't I, but I have to type multiple commands, with far more complex arguments.

The problem isn't new tools. It's crap tools.

gweihir ( 88907 ) , Sunday May 27, 2018 @12:22PM ( #56683440 )
Re:That would break scripts which use the UI ( Score: 5 , Insightful)
The problem isn't new tools. It's crap tools.

Crap tools written by morons with huge egos and rather mediocre skills. Happens time and again an the only sane answer to these people is "no". Good new tools also do not have to be pushed on anybody, they can compete on merit. As soon as there is pressure to use something new though, you can be sure it is inferior.

Anonymous Coward , Sunday May 27, 2018 @02:00PM ( #56684068 )
Re:That would break scripts which use the UI ( Score: 5 , Interesting)
The problem isn't new tools. It's crap tools.

The problem isn't new tools. It's not even crap tools. It's the mindset that we need to get rid of an ~70KB netstat, ~120KB ifconfig, etc. Like others have posted, this has more to do with the ego of the new tools creators and/or their supporters who see the old tools as some sort of competition. Well, that's the real problem, then, isn't it? They don't want to have to face competition and the notion that their tools aren't vastly superior to the user to justify switching completely, so they must force the issue.

Now, it'd be different if this was 5 years down the road, netstat wasn't being maintained*, and most scripts/dependents had already been converted over. At that point there'd be a good, serious reason to consider removing an outdated package. That's obviously not the debate, though.

* Vs developed. If seven year old stable tools are sufficiently bug free that no further work is necessary, that's a good thing.

locofungus ( 179280 ) , Sunday May 27, 2018 @02:46PM ( #56684296 )
Re:That would break scripts which use the UI ( Score: 4 , Informative)
If I type ifconfig interface I get back pretty much everything I want to know about it

How do you tell in ifconfig output which addresses are deprecated? When I run ifconfig eth0.100 it lists 8 global addreses. I can deduce that the one with fffe in the middle is the permanent address but I have no idea what the address it will use for outgoing connections.

ip addr show dev eth0.100 tells me what I need to know. And it's only a few more keystrokes to type.

Anonymous Coward , Sunday May 27, 2018 @11:13AM ( #56683016 )
Re:So ( Score: 5 , Insightful)

Following the systemd model, "if it aint broken, you're not trying hard enough"...

Anonymous Coward , Sunday May 27, 2018 @11:35AM ( #56683144 )
That's the reason ( Score: 5 , Interesting)

It done one thing: Maintain the routing table.

"ip" (and "ip2" and whatever that other candidate not-so-better not-so-replacement of ifconfig was) all have the same problem: They try to be the one tool that does everything "ip". That's "assign ip address somewhere", "route the table", and all that. But that means you still need a complete zoo of other tools, like brconfig, iwconfig/iw/whatever-this-week.

In other words, it's a modeling difference. On sane systems, ifconfig _configures the interface_, for all protocols and hardware features, bridges, vlans, what-have-you. And then route _configures the routing table_. On linux... the poor kids didn't understand what they were doing, couldn't fix their broken ifconfig to save their lives, and so went off to reinvent the wheel, badly, a couple times over.

And I say the blogposter is just as much an idiot.

Per various people, netstat et al operate by reading various files in /proc, and doing this is not the most efficient thing in the world

So don't use it. That does not mean you gotta change the user interface too. Sheesh.

However, the deeper issue is the interface that netstat, ifconfig, and company present to users.

No, that interface is a close match to the hardware. Here is an interface, IOW something that connects to a radio or a wire, and you can make it ready to talk IP (or back when, IPX, appletalk, and whatever other networks your system supported). That makes those tools hardware-centric. At least on sane systems. It's when you want to pretend shit that it all goes awry. And boy, does linux like to pretend. The linux ifconfig-replacements are IP-only-stack-centric. Which causes problems.

For example because that only does half the job and you still need the aforementioned zoo of helper utilities that do things you can have ifconfig do if your system is halfway sane. Which linux isn't, it's just completely confused. As is this blogposter.

On the other hand, the users expect netstat, ifconfig and so on to have their traditional interface (in terms of output, command line arguments, and so on); any number of scripts and tools fish things out of ifconfig output, for example.

linux' ifconfig always was enormously shitty here. It outputs lots of stuff I expect to find through netstat and it doesn't output stuff I expect to find out through ifconfig. That's linux, and that is NOT "traditional" compared to, say, the *BSDs.

As the Linux kernel has changed how it does networking, this has presented things like ifconfig with a deep conflict; their traditional output is no longer necessarily an accurate representation of reality.

Was it ever? linux is the great pretender here.

But then, "linux" embraced the idiocy oozing out of poettering-land. Everything out of there so far has caused me problems that were best resolved by getting rid of that crap code. Point in case: "Network-Manager". Another attempt at "replacing ifconfig" with something that causes problems and solves very few.

locofungus ( 179280 ) , Sunday May 27, 2018 @03:27PM ( #56684516 )
Re:That's the reason ( Score: 4 , Insightful)
It done one thing: Maintain the routing table.

Should the ip rule stuff be part of route or a separate command?

There are things that could be better with ip. IIRC it's very fussy about where the table selector goes in the argument list but route doesn't support this at all.

I also don't think route has anything like 'nexthop dev $if' which is a godsend for ipv6 configuration.

I stayed with route for years. But ipv6 exposed how incomplete the tool is - and clearly nobody cares enough to add all the missing functionality.

Perhaps ip addr, ip route, ip rule, ip mroute, ip link should be separate commands. I've never looked at the sourcecode to see whether it's mostly common or mostly separate.

Anonymous Coward writes:
Re: That's the reason ( Score: 3 , Informative)

^this^

The people who think the old tools work fine don't understand all the advanced networking concepts that are only possible with the new tools: interfaces can have multiple IPs, one IP can be assigned to multiple interfaces, there's more than one routing table, firewall rules can add metadata to packets that affects routing, etc. These features can't be accommodated by the old tools without breaking compatibility.

DamnOregonian ( 963763 ) , Sunday May 27, 2018 @09:11PM ( #56686032 )
Re:That's the reason ( Score: 3 )
Someone cared enough to implement an entirely different tool to do the same old jobs plus some new stuff, it's too bad they didn't do the sane thing and add that functionality to the old tool where it would have made sense.

It's not that simple. The iproute2 suite wasn't written to *replace* anything.
It was written to provide a user interface to the rapidly expanding RTNL API.
The net-tools maintainers (or anyone who cared) could have started porting it if they liked. They didn't. iproute2 kept growing to provide access to all the new RTNL interfaces, while net-tools got farther and farther behind.
What happened was organic. If someone brought net-tools up to date tomorrow and everyone liked the interface, iproute2 would be dead in its tracks. As it sits, myself, and most of the more advanced level system and network engineers I know have been using iproute2 for just over a decade now (really, the point where ifconfig became on incomplete and poorly simplified way to manage the networking stack)

DamnOregonian ( 963763 ) , Monday May 28, 2018 @02:26AM ( #56686960 )
Re:That's the reason ( Score: 4 , Informative)

Nope. Kernel authors come up with fancy new netlink interface for better interaction with the kernel's network stack. They don't give two squirts of piss whether or not a user-space interface exists for it yet. Some guy decides to write an interface to it. Initially, it only support things like modifying the routing rule database (something that can't be done with route) and he is trying to make an implementation of this protocal, not try to hack it into software that already has its own framework using different APIs.
This source was always freely available for the net-tools guys to take and add to their own software.
Instead, we get this. [sourceforge.net]
Nobody is giving a positive spin. This is simply how it happened. This is what happens when software isn't maintained, and you don't get to tell other people to maintain it. You're free, right now, today, to port the iproute2 functionality into net-tools. They're unwilling to, however. That's their right. It's also the right of other people to either fork it, or move to more functional software. It's your right to help influence that. Or bitch on slashdot. That probably helps, too.

TeknoHog ( 164938 ) writes:
Re: ( Score: 2 )
keep the command names the same but rewrite how they function?

Well, keep the syntax too, so old scripts would still work. The old command name could just be a script that calls the new commands under the hood. (Perhaps this is just what you meant, but I thought I'd elaborate.)

gweihir ( 88907 ) , Sunday May 27, 2018 @12:18PM ( #56683412 )
Re:So ( Score: 4 , Insightful)
What was the reason for replacing "route" anyhow? It's worked for decades and done one thing.

Idiots that confuse "new" with better and want to put their mark on things. Because they are so much greater than the people that got the things to work originally, right? Same as the systemd crowd. Sometimes, they realize decades later they were stupid, but only after having done a lot of damage for a long time.

TheRaven64 ( 641858 ) writes:
Re: ( Score: 2 )

I didn't RTFA (this is Slashdot, after all) but from TFS it sounds like exactly the reason I moved to FreeBSD in the first place: the Linux attitude of 'our implementation is broken, let's completely change the interface'. ALSA replacing OSS was the instance of this that pushed me away. On Linux, back around 2002, I had some KDE and some GNOME apps that talked to their respective sound daemon, and some things like XMMS and BZFlag that used /dev/dsp directly. Unfortunately, Linux decided to only support s

zippthorne ( 748122 ) writes:
Re: ( Score: 3 )

On the other hand, on most systems, vi is basically an alias to vim....

goombah99 ( 560566 ) , Sunday May 27, 2018 @11:08AM ( #56682986 )
Bad idea ( Score: 5 , Insightful)

Unix was founded on the ideas of lots os simple command line tools that do one job well and don't depend on system idiosyncracies. If you make the tool have to know the lower layers of the system to exploit them then you break the encapsulation. Polling proc has worked across eons of linux flavors without breaking. when you make everthing integrated it creates paralysis to change down the road for backward compatibility. small speed game now for massive fragility and no portability later.

goombah99 ( 560566 ) writes:
Re: ( Score: 3 )

Gnu may not be unix but it's foundational idea lies in the simple command tool paradigm. It's why GNU was so popular and it's why people even think that Linux is unix. That idea is the character of linux. if you want an marvelously smooth, efficient, consistent integrated system that then after a decade of revisions feels like a knotted tangle of twine in your junk drawer, try Windows.

llamalad ( 12917 ) , Sunday May 27, 2018 @11:46AM ( #56683198 )
Re:Bad idea ( Score: 5 , Insightful)

The error you're making is thinking that Linux is UNIX.

It's not. It's merely UNIX-like. And with first SystemD and now this nonsense, it's rapidly becoming less UNIX-like. The Windows of the UNIX(ish) world.

Happily, the BSDs seem to be staying true to their UNIX roots.

petes_PoV ( 912422 ) , Sunday May 27, 2018 @12:01PM ( #56683282 )
The dislike of support work ( Score: 5 , Interesting)
In theory netstat, ifconfig, and company could be rewritten to use netlink too; in practice this doesn't seem to have happened and there may be political issues involving different groups of developers with different opinions on which way to go.

No, it is far simpler than looking for some mythical "political" issues. It is simply that hackers - especially amateur ones, who write code as a hobby - dislike trying to work out how old stuff works. They like writing new stuff, instead.

Partly this is because of the poor documentation: explanations of why things work, what other code was tried but didn't work out, the reasons for weird-looking constructs, techniques and the history behind patches. It could even be that many programmers are wedded to a particular development environment and lack the skill and experience (or find it beyond their capacity) to do things in ways that are alien to it. I feel that another big part is that merely rewriting old code does not allow for the " look how clever I am " element that is present in fresh, new, software. That seems to be a big part of the amateur hacker's effort-reward equation.

One thing that is imperative however is to keep backwards compatibility. So that the same options continue to work and that they provide the same content and format. Possibly Unix / Linux only remaining advantage over Windows for sysadmins is its scripting. If that was lost, there would be little point keeping it around.

DamnOregonian ( 963763 ) , Sunday May 27, 2018 @05:13PM ( #56685074 )
Re:The dislike of support work ( Score: 5 , Insightful)

iproute2 exists because ifconfig, netstat, and route do not support the full capabilities of the linux network stack.
This is because today's network stack is far more complicated than it was in the past. For very simple networks, the old tools work fine. For complicated ones, you must use the new ones.

Your post could not be any more wrong. Your moderation amazes me. It seems that slashdot is full of people who are mostly amateurs.
iproute2 has been the main network management suite for linux amongst higher end sysadmins for a decade. It wasn't written to sate someone's desire to change for the sake of change, to make more complicated, to NIH. It was written because the old tools can't encompass new functionality without being rewritten themselves.

Craig Cruden ( 3592465 ) , Sunday May 27, 2018 @12:11PM ( #56683352 )
So windowification (making it incompatible) ( Score: 5 , Interesting)

So basically there is a proposal to dump existing terminal utilities that are cross-platform and create custom Linux utilities - then get rid of the existing functionality? That would be moronic! I already go nuts remoting into a windows platform and then an AIX and Linux platform and having different command line utilities / directory separators / etc. Adding yet another difference between my Linux and macOS/AIX terminals would absolutely drive me bonkers!

I have no problem with updating or rewriting or adding functionalities to existing utilities (for all 'nix platforms), but creating a yet another incompatible platform would be crazily annoying.

(not a sys admin, just a dev who has to deal with multiple different server platforms)

Anonymous Coward , Sunday May 27, 2018 @12:16PM ( #56683388 )
Output for 'ip' is machine readable, not human ( Score: 5 , Interesting)

All output for 'ip' is machine readable, not human.
Compare
$ ip route
to
$ route -n

Which is more readable? Fuckers.

Same for
$ ip a
and
$ ifconfig
Which is more readable? Fuckers.

The new commands should generally make the same output as the old, using the same options, by default. Using additional options to get new behavior. -m is commonly used to get "machine readable" output. Fuckers.

It is like the systemd interface fuckers took hold of everything. Fuckers.

BTW, I'm a happy person almost always, but change for the sake of change is fucking stupid.

Want to talk about resolv.conf, anyone? Fuckers! Easier just to purge that shit.

SigmundFloyd ( 994648 ) , Sunday May 27, 2018 @12:39PM ( #56683558 )
Linux' userland is UNSTABLE ! ( Score: 3 )

I'm growing increasingly annoyed with Linux' userland instability. Seriously considering a switch to NetBSD because I'm SICK of having to learn new ways of doing old things.

For those who are advocating the new tools as additions rather than replacements: Remember that this will lead to some scripts expecting the new tools and some other scripts expecting the old tools. You'll need to keep both flavors installed to do ONE thing. I don't know about you, but I HATE to waste disk space on redundant crap.

fluffernutter ( 1411889 ) , Sunday May 27, 2018 @12:46PM ( #56683592 )
Piss and vinigar ( Score: 5 , Interesting)

What pisses me off is when I go to run ifconfig and it isn't there, and then I Google on it and there doesn't seem to be *any* direct substitute that gives me the same information. If you want to change the command then fine, but allow the same output from the new commands. Furthermore, another bitch I have is most systemd installations don't have an easy substitute for /etc/rc.local.

what about ( 730877 ) , Sunday May 27, 2018 @01:35PM ( #56683874 ) Homepage
Let's try hard to break Linux ( Score: 3 , Insightful)

It does not make any sense that some people spend time and money replacing what is currently working with some incompatible crap.

Therefore, the only logical alternative is that they are paid (in some way) to break what is working.

Also, if you rewrite tons of systems tools you have plenty of opportunities to insert useful bugs that can be used by the various spying agencies.

You do not think that the current CPU Flaws are just by chance, right ?
Immagine the wonder of being able to spy on any machine, regardless of the level of SW protection.

There is no need to point out that I cannot prove it, I know, it just make sense to me.

Kjella ( 173770 ) writes:
Re: ( Score: 3 )
It does not make any sense that some people spend time and money replacing what is currently working with some incompatible crap. (...) There is no need to point out that I cannot prove it, I know, it just make sense to me.

Many developers fix problems like a guy about to lose a two week vacation because he can't find his passport. Rip open every drawer, empty every shelf, spread it all across the tables and floors until you find it, then rush out the door leaving everything in a mess. It solved HIS problem.

WaffleMonster ( 969671 ) , Sunday May 27, 2018 @01:52PM ( #56684010 )
Changes for changes sake ( Score: 4 , Informative)

TFA is full of shit.

IP aliases have always and still do appear in ifconfig as separate logical interfaces.

The assertion ifconfig only displays one IP address per interface also demonstrably false.

Using these false bits of information to advocate for change seems rather ridiculous.

One change I would love to see... "ping" bundled with most Linux distros doesn't support IPv6. You have to call IPv6 specific analogue which is unworkable. Knowing address family in advance is not a reasonable expectation and works contrary to how all other IPv6 capable software any user would actually run work.

Heck for a while traceroute supported both address families. The one by Olaf Kirch eons ago did then someone decided not invented here and replaced it with one that works like ping6 where you have to call traceroute6 if you want v6.

It seems anymore nobody spends time fixing broken shit... they just spend their time finding new ways to piss me off. Now I have to type journalctl and wait for hell to freeze over just to liberate log data I previously could access nearly instantaneously. It almost feels like Microsoft's event viewer now.

DamnOregonian ( 963763 ) , Sunday May 27, 2018 @05:30PM ( #56685130 )
Re:Changes for changes sake ( Score: 4 , Insightful)
TFA is full of shit. IP aliases have always and still do appear in ifconfig as separate logical interfaces.

No, you're just ignorant.
Aliases do not appear in ifconfig as separate logical interfaces.
Logical interfaces appear in ifconfig as logical interfaces.
Logical interfaces are one way to add an alias to an interface. A crude way, but a way.

The assertion ifconfig only displays one IP address per interface also demonstrably false.

Nope. Again, your'e just ignorant.

root@swalker-samtop:~# tunctl
Set 'tap0' persistent and owned by uid 0
root@swalker-samtop:~# ifconfig tap0 10.10.10.1 netmask 255.255.255.0 up
root@swalker-samtop:~# ip addr add 10.10.10.2/24 dev tap0
root@swalker-samtop:~# ifconfig tap0:0 10.10.10.3 netmask 255.255.255.0 up
root@swalker-samtop:~# ip addr add 10.10.1.1/24 scope link dev tap0:0
root@swalker-samtop:~# ifconfig tap0 | grep inet
inet 10.10.1.1 netmask 255.255.255.0 broadcast 0.0.0.0
root@swalker-samtop:~# ifconfig tap0:0 | grep inet
inet 10.10.10.3 netmask 255.255.255.0 broadcast 10.10.10.255
root@swalker-samtop:~# ip addr show dev tap0 | grep inet
inet 10.10.1.1/24 scope link tap0
inet 10.10.10.1/24 brd 10.10.10.255 scope global tap0
inet 10.10.10.2/24 scope global secondary tap0
inet 10.10.10.3/24 brd 10.10.10.255 scope global secondary tap0:0

If you don't understand what the differences are, you really aren't qualified to opine on the matter.
Ifconfig is fundamentally incapable of displaying the amount of information that can go with layer-3 addresses, interfaces, and the architecture of the stack in general. This is why iproute2 exists.

JustNiz ( 692889 ) , Sunday May 27, 2018 @01:55PM ( #56684030 )
I propose a new word: ( Score: 5 , Funny)

SysD: (v). To force an unnecessary replacement of something that already works well with an alternative that the majority perceive as fundamentally worse.
Example usage: Wow you really SysD'd that up.

[Jul 16, 2018] netstat to find ports which are in use on linux server

Another example of more or less complex pipeline using cat
Oct 02, 2008 | midnight-cafe.co.uk

Below is command to find out number of connections to each ports which are in use using netstat & cut.

netstat -nap | grep 'tcp\|udp' | awk '{print $4}' | cut -d: -f2 | sort | uniq -c | sort -n

Below is description of each commands ::

Netstat command is used to check all incoming and outgoing connections on linux server. Using Grep command you can sort lines which are matching pattern you defined.

AWk is very important command generally used for scanning pattern and process it. It is powerful tool for shell scripting. Sort is used to sort output and sort -n is for sorting output in numeric order.

Uniq -c this help to get uniq output by deleting duplicate lines from it.

[Jul 16, 2018] Listing TCP apps listening on ports

Jun 13, 2018 | www.fredshack.com

netstat -nltp

[Jan 14, 2018] Using telnet to debug connection problems

Jan 14, 2018 | bash-prompt.net

Telnet, the protocol and the command line tool, were how system administrators used to log into remote servers. However, due to the fact that there is no encryption all communication, including passwords, are sent in plaintext meant that Telnet was abandoned in favour of SSH almost as soon as SSH was created.

For the purposes of logging into a remote server, you should never, and probably have never considered it. This does not mean that the telnet command is not a very useful tool when used for debugging remote connection problems.

In this guide, we will explore using telnet to answer the all too common question, "Why can't I ###### connect‽".

This frustrated question is usually encountered after installing a application server like a web server, an email server, an ssh server, a Samba server etc, and for some reason, the client won't connect to the server.

telnet isn't going to solve your problem but it will, very quickly, narrow down where you need to start looking to fix your problem.

telnet is a very simple command to use for debugging network related issues and has the syntax:

telnet <hostname or IP> <port>

Because telnet will initially simply establish a connection to the port without sending any data it can be used with almost any protocol including encrypted protocols.

There are four main errors that you will encounter when trying to connect to a problem server. We will look at all four, explore what they mean and look at how you should fix them.

For this guide we will assume that we have just installed a Samba server at samba.example.com and we can't get a local client to connect to the server.

Error 1 - The connection that hangs forever

First, we need to attempt to connect to the Samba server with telnet . This is done with the following command (Samba listens on port 445):

telnet samba.example.com 445

Sometimes, the connection will get to this point stop and hang indefinitely:

telnet samba.example.com 445
Trying 172.31.25.31...

This means that telnet has not received any response to its request to establish a connection. This can happen for two reasons:

  1. There is a router down between you and the server.
  2. There is a firewall dropping your request.

In order to rule out 1. run a quick mtr samba.example.com to the server. If the server is accessible then it's a firewall (note: it's almost always a firewall).

Firstly, check if there are any firewall rules on the server itself with the following command iptables -L -v -n , if there are none then you will get the following output:

iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

If you see anything else then this is likely the problem. In order to check, stop iptables for a moment and run telnet samba.example.com 445 again and see if you can connect. If you still can't connect see if your provider and/or office has a firewall in place that is blocking you.

Error 2 - DNS problems

A DNS issue will occur if the hostname you are using does not resolve to an IP address. The error that you will see is as follows:

telnet samba.example.com 445
Server lookup failure:  samba.example.com:445, Name or service not known

The first step here is to substitute the IP address of the server for the hostname. If you can connect to the IP but not the hostname then the problem is the hostname.

This can happen for many reasons (I have seen all of the following):

  1. Is the domain registered? Use whois to find out if it is.
  2. Is the domain expired? Use whois to find out if it is.
  3. Are you using the correct hostname? Use dig or host to ensure that the hostname you are using resolves to the correct IP.
  4. Is your A record correct? Check that you didn't accidentally create an A record for something like smaba.example.com .

Always double check the spelling and the correct hostname (is it samba.example.com or samba1.example.com ) as this will often trip you up especially with long, complicated or foreign hostnames.

Error 3 - The server isn't listening on that port

This error occurs when telnet is able to reach to the server but there is nothing listening on the port you specified. The error looks like this:

telnet samba.example.com 445
Trying 172.31.25.31...
telnet: Unable to connect to remote host: Connection refused

This can happen for a couple of reasons:

  1. Are you sure you're connecting to the right server?
  2. Your application server is not listening on the port you think it is. Check exactly what it's doing by running netstat -plunt on the server and see what port it is, in fact, listening on.
  3. The application server isn't running. This can happen when the application server exits immediately and silently after you start it. Start the server and run ps auxf or systemctl status application.service to check it's running.
Error 4 - The connection was closed by the server

This error happens when the connection was successful but the application server has a built in security measure that killed the connection as soon as it was made. This error looks like:

telnet samba.example.com 445
Trying 172.31.25.31...
Connected to samba.example.com.
Escape character is '^]'.
Connection closed by foreign host.

The last line Connection closed by foreign host. indicates that the connection was actively terminated by the server. In order to fix this, you need to look at the security configuration of the application server to ensure your IP or user is allowed to connect to it.

A successful connection

This is what a successful telnet connection attempt looks like:

telnet samba.example.com 445
Trying 172.31.25.31...
Connected to samba.example.com.
Escape character is '^]'.

The connection will stay open for a while depending on the timeout of the application server you are connected to.

A telnet connection is closed by typing CTRL+] and then when you see the telnet> prompt, type "quit" and hit ENTER i.e.:

telnet samba.example.com 445
Trying 172.31.25.31...
Connected to samba.example.com.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
Conclusion

There are a lot of reasons that a client application can't connect to a server. The exact reason can be difficult to establish especially when the client is a GUI that offers little or no error information. Using telnet and observing the output will allow you to very rapidly narrow down where the problem lies and save you a whole lot of time.

[Jun 10, 2010] Deep-protocol analysis of UNIX networks

[Jun 08, 2010 | developerWorks
Parsing the raw data to understand the content

Another way to process the content from tcpdump is to save the raw network packet data to a file and then process the file to find and decode the information that you want.

There are a number of modules in different languages that provide functionality for reading and decoding the data captured by tcpdump and snoop. For example, within Perl, there are two modules: Net::SnoopLog (for snoop) and Net::TcpDumpLog (for tcpdump). These will read the raw data content. The basic interfaces for both of these modules is the same.

To start, first you need to create a binary record of the packets going past on the network by writing out the data to a file using either snoop or tcpdump. For this example, we'll use tcpdump and the Net::TcpDumpLog module: $ tcpdump -w packets.raw.

Once you have amassed the network data, you can start to process the network data contents to find the information you want. The Net::TcpDumpLog parses the raw network data saved by tcpdump. Because the data is in it's raw binary format, parsing the information requires processing this binary data. For convenience, another suite of modules, NetPacket::*, provides decoding of the raw data.

For example, Listing 8 shows a simple script that prints out the IP address information for all of the packets.

Listing 8. Simple script that prints out the IP address info for all packets
use Net::TcpDumpLog;
    
use NetPacket::Ethernet;
    
use NetPacket::IP;

    
my $log = Net::TcpDumpLog->new();
 
$log->read("packets.raw");
 
 
foreach my $index ($log->indexes)
       
{
    
    my $packet = $log->data($index);
           

    my $ethernet = NetPacket::Ethernet->decode($packet);

  
    if ($ethernet->{type} == 0x0800)
       
    {
    
        my $ip = NetPacket::IP->decode($ethernet->{data});
          

    
        printf("  %s to %s protocol %s \n",
               $ip->{src_ip},$ip->{dest_ip},$ip->{proto});
   }

} 
The first part is to extract each packet. The Net::TcpDumpLog module serializes each packet, so that we can read each packet by using the packet ID. The data() method then returns the raw data for the entire packet.

As with the output from snoop, we have to extract each of the blocks of data from the raw network packet information. So in this example, we first need to extract the ethernet packet, including the data payload, from the raw network packet. The NetPacket::Ethernet module does this for us.

Since we are looking for IP packets, we can check for IP packets by looking at the Ethernet packet type. IP packets have an ID of 0x0800.

The NetPacket::IP module can then be used to extract the IP information from the data payload of the Ethernet packet. The module provides the source IP, destination IP and protocol information, among others, which we can then print.

Using this basic framework you can perform more complex lookups and decoding that do not rely on the automated solutions provided by tcpdump or snoop. For example, if you suspect that there is HTTP traffic going past on a non-standard port (i.e., not port 80), you could look for the string HTTP on ports other than 80 from the suspected host IP using the script in Listing 9.


Listing 9. Looking for strong HHTP on ports other than 80
use Net::TcpDumpLog;
    
use NetPacket::Ethernet;
    
use NetPacket::IP;
    
use NetPacket::TCP;
    

    
my $log = Net::TcpDumpLog->new();
       
$log->read("packets.raw");
       

    
foreach my $index ($log->indexes)
       
{
    
    my $packet = $log->data($index);
       

    
    my $ethernet = NetPacket::Ethernet->decode($packet);
       

    
    if ($ethernet->{type} == 0x0800)
       
    {
    
        my $ip = NetPacket::IP->decode($ethernet->{data});
          

    
        if ($ip->{src_ip} eq '192.168.0.2')
       
        {
    
            if ($ip->{proto} == 6)
       
            {
    
                my $tcp = NetPacket::TCP->decode($ip->{data});
       
                if (($tcp->{src_port} != 80) &&
               
                    ($tcp->{data} =~ m/HTTP/))
       
                {
    
                    print("Found HTTP traffic on non-port 80\n");
    
                    printf("%s (port: %d) to %s (port: %d)\n%s\n",
    
                           $ip->{src_ip},
       
                           $tcp->{src_port},
       
                           $ip->{dest_ip},
       
                           $tcp->{dest_port},
       
                           $tcp->{data});
 
                }
    
            }
    
        }
    
   }
    
}

Running the above script on a sample packet set returned the following shown in Listing 10.


Listing 10. Running the script on a sample packet set
$ perl http-non80.pl
Found HTTP traffic on non-port 80
192.168.0.2 (port: 39280) to 168.143.162.100 (port: 80)
GET /statuses/user_timeline.json HTTP/1.1
Found HTTP traffic on non-port 80
192.168.0.2 (port: 39282) to 168.143.162.100 (port: 80)
GET /statuses/friends_timeline.json HTTP/1

In this particular case we're seeing traffic from the host to an external website (Twitter).

Obviously, in this example, we are dumping out the raw data, but you could use the same basic structure to decode and the data in any format using any public or proprietary protocol structure. If you are using or developing a protocol using this method, and know the protocol format, you could extract and monitor the data being transferred.

Using a protocol analyzer

Although, as already mentioned, tools like tcpdump, iptrace and snoop provide basic network analysis and decoding, there are GUI-based tools that make the process even easier. Wireshark is one such tool that supports a vast array of network protocol decoding and analysis.

One of the main benefits of Wireshark is that you can capture packets over a period of time (just as with tcpdump) and then interactively analyze and filter the content based on the different protocols, ports and other data. Wireshark also supports a huge array of protocol decoders, enabling you to examine in minute detail the contents of the packets and conversations.

You can see the basic screenshot of Wireshark showing all of the packets of all types being listed in Figure 1. The window is divided into three main sections: the list of filtered packets, the decoded protocol details, and the raw packet data in hex/ASCII format.

[Aug 6, 2009] Xplico 0.5.2

The goal of Xplico is to extract the applications data from an Internet traffic capture. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each... VoIP call (SIP), and so on. Xplico isn't a packet sniffer or a network protocol analyzer; it's an IP/Internet traffic decoder or network forensic analysis tool (NFAT).

[Jan 2, 2008] vnStat

About:
vnStat is a console-based network traffic monitor that keeps a log of hourly, daily, and monthly network traffic for the selected interface(s). However, it isn't a packet sniffer. The traffic information is analyzed from the /proc filesystem. That way, vnStat can be used even without root permissions.

Release focus: Minor bugfixes

Changes:
This release fixes a bug that caused a segmentation fault if the environment variable "HOME" wasn't defined, which in turn caused most PHP/CGI scripts using vnStat to malfunction. Some minor feature enhancements are also included.

[Apr 15, 2007] freshmeat.net Project details for Tcpreplay by Aaron Turner

Tcpreplay 3.0.RC1 (stable)

This release improves OpenBSD, HP-UX, Cygwin/Win32, x86_64, and little endian support. Enhancements were made to allow editing packets with tcpreplay. libpcap detection was improved.

[Mar 24, 2007] freshmeat.net Project details for Tcpreplay

Tcpreplay 3.0.beta13 released

Tcpreplay is a set of Unix tools which allows the editing and replaying of captured network traffic in pcap (tcpdump) format. It can be used to test a variety of passive and inline network devices, including IPS's, UTM's, routers, firewalls, and NIDS.

Release focus: Major bugfixes

Changes:
This release fixes some serious regression bugs that prevented tcprewrite from editing most packets on Intel and other little-endian systems. Some smaller bugfixes and tweaks to improve replay performance were made.

Author:
Aaron Turner [contact developer]

[Mar 3rd 2006 ] freshmeat.net Project details for netrw by Jiri Denemark

netrw 1.3.1

About: netrw is a simple (but powerful) tool for transporting data over the Internet. Its main purpose is to simplify and speed up file transfers to hosts without an FTP server. It can also be used for uploading data to some other user. It is something like one-way netcat (nc) with some nice features concerning data transfers. It can compute and check message digest (MD5, SHA-1, and some others) of all the data being transferred. It can also print information on progress and average speed. At the end, it sums up the transfer.

Changes: A bug causing netread to sometimes end up in an endless loop after receiving all data was fixed.

Recommended Links

Top 100 Network Security Tools



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: January, 02, 2021