cPanelResources

Tutorial Basic Networking Tools

Introduction
Although we do not generally support networking on servers, we want to help you with networking issues that can sometimes occur. Here are some basic server-level tools that system and network administrators can use to troubleshoot networking issues. These tools either come with the server's operating system, or you can install them via yum.

Note: This article focuses specifically on tools for IPv4 networks.

ip add
This command shows you the IP addresses on the server, along with their subnet masks, broadcast addresses, and interfaces. In this example, "lo" is the loopback address that has the server's localhost IP address, and "eth0" is the interface for the server's routable IP address:
Code:
[server ~]# ip add | grep "inet "
    inet 127.0.0.1/8 scope host lo
    inet 172.16.1.7/24 brd 172.16.1.255 scope global eth0

route -n
You can view the contents of a server's routing table with this command. You can use this command to show the server's default gateway, as well as to show routes for particular networks.

In this example, the server's routing table shows that the default gateway is 172.16.1.1 because it has the "0.0.0.0" entry under the Destination field. The table also shows the routes to the 172.16.1.0 network for the server's routable IP address, as well as a host route to the default DHCP address, 169.254.169.254:
Code:
[server ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
169.254.169.254 172.16.1.1      255.255.255.255 UGH   0      0        0 eth0
172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         172.16.1.1      0.0.0.0         UG    0      0        0 eth0
curl
In some network configurations, the server's outbound IP address is different from the IP address that you set on the server, which can sometimes cause licensing issues. You can use this command to check the server's outbound IP address:
Code:
[server ~]# curl -w '\n' -s http://myip.cpanel.net/v1.0/
123.123.123.1
You can also use curl to test command-line connectivity to a website, for example:
Code:
[server ~]# curl -Is https://example.com
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Thu, 29 Aug 2019 04:15:32 GMT
Etag: "1541025663"
Expires: Thu, 05 Sep 2019 04:15:32 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Server: ECS (dab/4A9A)
X-Cache: HIT
Content-Length: 606
ping
ping is a useful tool that allows you to test if an IP address is reachable, as well as if packet loss occurs when reaching that IP address. In the example below, the average round-trip time for packets sent from the server to example.com is about 7.8 ms, and the connection shows no packet loss:
Code:
[server ~]# ping example.com
PING example.com (93.184.216.34) 56(84) bytes of data.
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=1 ttl=53 time=7.80 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=2 ttl=53 time=7.82 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=3 ttl=53 time=7.82 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=4 ttl=53 time=7.81 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=5 ttl=53 time=8.30 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=6 ttl=53 time=7.77 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=7 ttl=53 time=7.89 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=8 ttl=53 time=7.89 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=9 ttl=53 time=7.81 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=10 ttl=53 time=7.85 ms
^C
--- example.com ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9015ms
rtt min/avg/max/mdev = 7.777/7.879/8.305/0.175 ms
In this example, we try to ping the example.org host, but cannot reach it from our server, and we get 100% packet loss:
Code:
[server ~]# ping example.org
PING example.org (1.2.3.4) 56(84) bytes of data.
^C
--- example.org ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms
You can use the traceroute tool discussed in the next section to find out where the packets are stopping.

traceroute
traceroute is another useful utility that shows the path packets take between your server and a remote server. You can use traceroute if your server is unable to reach a remote site, and the output from traceroute will show you where the network packets are stopping.

In the example above, we used ping to test the connection to a remote site, example.org, that we could not reach. A traceroute to example.org shows that the packets are stopping after the router at IP 4.5.6.7 (Hop 12) so we need to contact the network administrator for that router:
Code:
[server ~]# traceroute example.org
traceroute to example.org (11.22.33.44), 64 hops max, 52 byte packets
1  192.168.0.1 (192.168.0.1)  2.661 ms  1.558 ms  2.602 ms
2  hostname3.example (1.2.1.50)  5.234 ms  3.985 ms  4.937 ms
3  hostname4.example (1.2.1.60)  5.725 ms  4.344 ms  4.934 ms
4  hostname5.example (1.2.1.90)  53.379 ms  55.082 ms  53.084 ms
5  1.2.5.100 (1.2.5.100)  53.223 ms  51.678 ms  53.534 ms
6  1.2.1.110 (1.2.1.110)  53.753 ms
     1.2.1.111 (1.2.1.111)  53.219 ms
     1.2.1.112 (1.2.1.112)  53.365 ms
7  1.2.3.125 (1.2.3.125)  53.279 ms
     1.2.3.126 (1.2.3.126)  52.564 ms
     1.2.3.127 (1.2.3.127)  52.193 ms
8  * * *
9   2.3.4.1 (2.3.4.1)  108.640 ms
     2.3.4.3 (2.3.4.3)  106.246 ms *
10  * 2.3.4.5 (2.3.4.5)  85.775 ms *
11  * * *
12  4.5.6.150 (4.5.6.150)  100.801 ms
      4.5.6.160 (4.5.6.160)  73.908 ms
      4.5.6.7 (4.5.6.7)  77.999 ms
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
Note: The IP addresses included in the output are examples and will not resemble the actual IP addresses you'll see when running the command from your server.

whois
whois tells you the registration information for a domain or IP address, including its nameservers, technical, and administrative contacts. In the previous example, our traceroute stopped at the router at 4.5.6.7, so we need to use whois to find the technical contact for that IP address:
Code:
[server ~]# whois 4.5.6.7 | grep Tech
Organization:   Organization Here
OrgName:        Organization Name Here
OrgTechHandle: Organization Tech Handle Here
OrgTechName:   Organization Tech Name Here
OrgTechPhone:  +1-555-555-5555
OrgTechEmail:  [email protected]
OrgTechRef:    https://rdap.arin.net/registry/entity/ANO24-ARIN
You may see an "Operation not permitted" error like this one when you use traceroute:
Code:
[server ~]# traceroute example.com
traceroute to 1.2.3.4 (1.2.3.4), 30 hops max, 40 byte packets
send failed: Operation not permitted
send failed: Operation not permitted
send failed: Operation not permitted
send failed: Operation not permitted
This means that your server's firewall is blocking outbound traceroute packets, so you will need to make sure that the firewall allows outbound traceroute.

telnet
You can use the telnet utility to test connectivity to a particular port. For example, to test outbound connectivity to the default SMTP port, use this command:
Code:
[server ~]# telnet example.com 25
Trying 93.184.216.34...
Connected to example.com.
Escape character is '^]'.
220-example.com ESMTP Exim 4.92 #2 Tue, 14 May 2019 22:35:11 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
The output above shows that the remote server is accessible and listening on port 25.

telnet can also tell you if a port is not reachable or if a service is not running on a specified port. For example, the output from the following command shows that the remote server is not reachable on port 25:
Code:
[server ~]# telnet example.com 25
Trying 93.184.216.34...
telnet: connect to address 93.184.216.34: Connection timed out
And this output indicates that the remote server is reachable, but is not listening on the specified port:
Code:
[server ~]# telnet example.com 666
Trying 93.184.216.34...
telnet: connect to address 93.184.216.34: Connection refused
dig
dig is a utility you can use to perform DNS queries and resolve hostnames to their IP addresses. You can use dig to perform a general query to resolve a hostname, for example:
Code:
[server ~]# dig +short example.com
93.184.216.34
You can also use dig to query a specific nameserver for a domain. This is useful when domains are not resolving due to propagation. Use the "@" to query a specific nameserver, for example:
Code:
[[email protected] ~]# dig +short example.com @8.8.8.8
93.184.216.34

tcpdump
tcpdump is a utility you can use to monitor network packets and show data between two servers. In this example, start a ping session to example.com, and run tcpdump on the connection. The output shows ping sending ICMP requests and responses between the source and destination servers:
Code:
[server ~]# ping example.com > /dev/null &
[1] 15993

[server ~]# tcpdump -n host example.com
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
01:18:21.608436 IP 172.16.1.7 > 93.184.216.34: ICMP echo request, id 31038, seq 37, length 64
01:18:21.609635 IP 93.184.216.34 > 172.16.1.7: ICMP echo reply, id 31038, seq 37, length 64
01:18:22.609907 IP 172.16.1.7 > 93.184.216.34: ICMP echo request, id 31038, seq 38, length 64
01:18:22.610901 IP 93.184.216.34 > 172.16.1.7: ICMP echo reply, id 31038, seq 38, length 64
01:18:23.611168 IP 172.16.1.7 > 93.184.216.34: ICMP echo request, id 31038, seq 39, length 64
01:18:23.613632 IP 93.184.216.34 > 172.16.1.7: ICMP echo reply, id 31038, seq 39, length 64
01:18:24.612868 IP 172.16.1.7 > 93.184.216.34: ICMP echo request, id 31038, seq 40, length 64
01:18:24.614417 IP 93.184.216.34 > 172.16.1.7: ICMP echo reply, id 31038, seq 40, length 64
01:18:25.614681 IP 172.16.1.7 > 93.184.216.34: ICMP echo request, id 31038, seq 41, length 64
01:18:25.615495 IP 93.184.216.34 > 172.16.1.7: ICMP echo reply, id 31038, seq 41, length 64
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel
iperf
iperf is a tool you can use to test network bandwidth between two servers. You can use it if you suspect there is a slowdown in the network between the servers.

You will need root access to each server in order to install the software and perform the test. On one of the servers, run iperf in server mode with the "-s" option, and on the other server, run iperf in client mode with the "-c" option. The output shows the amount of network bandwidth between the two servers:
Code:
[server ~]# iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 172.16.1.12 port 5001 connected with 1.2.3.4 port 43474
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-10.0 sec  3.77 GBytes  3.23 Gbits/sec

[server2 ~]# iperf -c 1.2.3.4
------------------------------------------------------------
Client connecting to 1.2.3.4, TCP port 5001
TCP window size:  104 KByte (default)
------------------------------------------------------------
[  3] local 172.16.1.9 port 43474 connected with 1.2.3.4 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  3.77 GBytes  3.23 Gbits/sec
Additional Questions / Feedback
Feel free to click on the Discussion tab to let us know if you have any questions or feedback about the information in this tutorial.
Author
cPanelResources
Views
268
First release
Last update