Wednesday, May 18, 2011

Network Administration, troubleshooting from Linux #1 Ping

Linux has dozens of tools for network troubleshooting, among them the famous Ping, the preferred tool that comes to my mind for any kind of IP connectivity related issue. This post is to explain basic information for people who would like to know its usage.

Ping is a well know tool to test the IP connectivity of a host in a network. When we execute ping followed by the host name/IP it sends Echo packets to the target until we press the Ctrl+C, in Linux.

Ex:

Number of Echo requests can be controlled using the switch -c as below.

ping -c5 localhost

bvkmohan, bvkmohan.blogspot.in, linux, ping, network troubleshooting

As seen, it sent 5 Echos and received 5 Replies.

The output from this simple command gives us several useful information about the status of the network or the target host, some of the information include the target host name resolved when pinged using an IP, number of bytes transferred, TTL and the network latency. Above I’ve used it on localhost so the delay times will be very less, let us try something else like facebook.com which sits somewhere in the Internet.

bvkmohan, bvkmohan.blogspot.in, linux, ping, network troubleshooting

As we can see the delay times here went up to an average of 250ms due to the delay in the transfer of packets back and forth from my machine to the Facebook's server, also the name resolved is called FQDN (fully qualified domain name) which is www-11-01-ash2.facebook.com with an IP address of 69.63.189.16, and if any of the icmp_req miss the sequence then it could be due to the several reasons, could be due to network latency. If we get messages like Destination Host Unreachable then it means the destination host is not reachable from the Gateway device, this message is in fact sent to the source by the Gateway. In some cases if we are able to ping a host using its IP but not through its assigned host name it points out to the DNS problem, this is due to DNS server down or unsuccessful name resolution.

There is another option where we can increase the packet size to a max of 2^16 bytes.

ping -c4 -s 65000 facebook.com 

bvkmohan, bvkmohan.blogspot.in, linux, ping, network troubleshooting

As we can see, all the transferred packets are lost, this could be due to the a policy which would consider a 65,000 icmp packet as an anomaly, because, you really don't have to send an Echo request of 65,000 bytes to troubleshoot a network issue. This was used in old days as DoS attack called ping of death.
by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)