Contents
Table of contents
Bonding
Using ethtool
Checking Link status
Of physical interfaces
$ ethtool eth0 Settings for eth0: Supported ports: [ FIBRE ] Supported link modes: 1000baseT/Full 2500baseX/Full 10000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 1000baseT/Full 2500baseX/Full 10000baseT/Full Advertised auto-negotiation: Yes Speed: Unknown! Duplex: Full Port: FIBRE PHYAD: 16 Transceiver: internal Auto-negotiation: on Supports Wake-on: g Wake-on: g Current message level: 0x00000000 (0) Link detected: no
However, for bonded interfaces (to see extra detail)
# cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v3.4.0-1 (October 7, 2008) Bonding Mode: adaptive load balancing Primary Slave: None Currently Active Slave: eth1 MII Status: up MII Polling Interval (ms): 80 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth0 MII Status: down Speed: Unknown Duplex: Unknown Link Failure Count: 3 Permanent HW addr: 00:26:55:21:fe:b0 Slave Interface: eth1 MII Status: up Speed: 1000 Mbps Duplex: full Link Failure Count: 2 Permanent HW addr: 00:26:55:21:fe:b4 [root@app012 ~]# ethtool -i eth0 driver: bnx2x version: 1.70.00-0 firmware-version: bc 5.2.7 phy baa0.105 bus-info: 0000:02:00.0 [root@app012 ~]# ethtool -i eth1 driver: bnx2x version: 1.70.00-0 firmware-version: bc 5.2.7 phy baa0.105 bus-info: 0000:02:00.1
Checking driver versions
# ethtool -i eth1 driver: bnx2x version: 1.70.00-0 firmware-version: bc 5.2.7 phy baa0.105 bus-info: 0000:02:00.1
Using ip command
show interface status
# ip addr show bond0 4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue link/ether 00:26:55:21:fe:b0 brd ff:ff:ff:ff:ff:ff inet 172.16.28.140/25 brd 172.16.28.255 scope global bond0
down and up
$ ip link set eth0 down
$ ip link set eth0 up
Checking the status of connections
Using nmap
- detailed broadcast ping*
nmap -sP 80.40.105.174/28''
netstat, sockstat and ss
- shows if something uses a port*
$ netstat –an | grep <port_num>
With ss, show the process (needs to be root)
$ ss -nlp | grep <port_num>
sockstat – show current connections and relating process. Tcpkill can be used to drop these connections.
$ ss -o state established '( dport = :ssh or sport = :ssh )' Recv-Q Send-Q LocalAddress:Port Peer Address:Port 0 0 ::1:ssh ::1:52114 timer:(keepalive,118min,0) 0 48 ::1:52114 ::1:ssh timer:(on,200ms,0)
$ ss -s Total: 503 (kernel 529) TCP: 37 (estab 7, closed 2, orphaned 0, synrecv 0, timewait 1/0), ports 0 Transport Total IP IPv6 * 529 - - RAW 0 0 0 UDP 26 22 4 TCP 35 28 7 INET 61 50 11 FRAG 0 0 0
Using nc
root@host01 ~# nc -vzuw1 192.168.121.139 514
Connection to 192.168.121.139 514 port udp/syslog succeeded!
‘’UDP port scans will always succeed (i.e. report the port as open), rendering the -uz combination of flags rela-
tively useless.’’ However, if there is access to the remote machine some checks can be made.
The following example sends a test message to the remote syslog server.
root@host01 ~# echo ‘<0>Test Message Gareth’ | nc -vvvzw 1 -u 192.168.121.139 514
tcpdump
create a raw dump for Wireshark
tcpdump -s0 -i <interface> host <hostname> -w <filename.dmp>
Output readable text
tcpdump -AXvv src host <hostname>
Check for acknowledgements
tcpdump "tcp[tcpflags] & (tcp-syn|tcp-ack) != 0" and host <hostname>
tshark
monitor network retransmits
tshark -i eth0 -R tcp.analysis.retransmission