LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue96/dorgan1.html

232 lines
9.4 KiB
HTML
Raw Permalink Blame History

<!--startcut ==============================================-->
<!-- *** BEGIN HTML header *** -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML><HEAD>
<title>Quick and dirty guide to debugging tcp/ip LG #96</title>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
ALINK="#FF0000">
<!-- *** END HTML header *** -->
<!-- *** BEGIN navbar *** -->
<A HREF="pramode.html">&lt;&lt;&nbsp;Prev</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="index.html">TOC</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../index.html">Front Page</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue96/dorgan1.html">Talkback</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../faq/index.html">FAQ</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="dorgan2.html">Next&nbsp;&gt;&gt;</A>
<!-- *** END navbar *** -->
<!--endcut ============================================================-->
<TABLE BORDER><TR><TD WIDTH="200">
<A HREF="http://www.linuxgazette.com/">
<IMG ALT="LINUX GAZETTE" SRC="../gx/2002/lglogo_200x41.png"
WIDTH="200" HEIGHT="41" border="0"></A>
<BR CLEAR="all">
<SMALL>...<I>making Linux just a little more fun!</I></SMALL>
</TD><TD WIDTH="380">
<CENTER>
<BIG><BIG><STRONG><FONT COLOR="maroon">Quick and dirty guide to debugging tcp/ip</FONT></STRONG></BIG></BIG>
<BR>
<STRONG>By <A HREF="../authors/dorgan.html">David Dorgan</A></STRONG>
</CENTER>
</TD></TR>
</TABLE>
<P>
<!-- END header -->
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Quick and dirty guide to debugging tcp/ip</title>
<meta name="GENERATOR" content="amaya 5.1" />
<style type="text/css">
<!--
.header {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 24px;
font-weight: bold;
color: #999999;
}
.author {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-style: italic;
color: #666666;
margin-left: 25px;
}
.disclaimer {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
color: #CCCCCC;
margin-left: 50px;
}
.cvsinfo {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
color: #CCCCCC;
}
.body {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
margin-left: 50px;
}
-->
</style>
</head>
<body>
<p class="header">A quick and dirty guide to debugging tcp/ip</p>
<p class="author">David Dorgan.</p>
<p class="disclaimer">This is a small guide I wrote into debugging TCP/IP networks. It assumes
you are using linux, or other unix like o/s.</p>
<p></p>
<p class="body">So it's 5pm on a Friday, a user says he/she cannot connect to
$some-web-site, What do you do? There are a few paths, often internal and
external sites will require a different approach.</p>
<p></p>
<p class="body">Some things won't change, think if it this way, if layer 1 (physical)
isn't working, everything on top of that isn't going to work, it's a good
idea to use a number of tools, like telnet, ping, traceroute, tracepath
etc... to see where the problem is, and if you can, what layer it's ok. Say
if you can ping and traceroute fine to a host, you can get to port 25, but
not port 80, then the chances are it's just their webserver dying. Say you
can't get past your local gateway, but you can ping you local gateway, it
could be the case that it's not forwarding, it's a firewall configuration
issue etc...</p>
<p></p>
<p class="body">Try and telnet to thesite.com on port 80, to see if you can connect, if
you get connection refused and you don't have any firewalls or proxys
blocking outbound communication, the chances are they are having some sort of
service outage. If it just stays there for a while and then says 'cannot
connect' then continue.</p>
<p class="body">Try and ping the remote side, although this is very useful, some places do
block ICMP (they must be under the impression that while creating tcp/ip, for
the first six days most of the work was done, and they had nothing to do on
Sunday, so they invented ICMP as a joke), so you could try a traceroute, once
again this could be blocked, but it'll generally give you a picture of where
the problem is. At this point, look at see where it stops, you should see
your local gateway and maybe some internal routers of gateway devices, after
this you should see it going through ISP networks, if you don't see your ISP
anywhere and it stops on the first few hops, it could be a problem with the
link to your ISP, if it shows your ISP and then shows an outage just after
your ISP's name, maybe the ISP has lost the link to one of their upstreams
and the old paths are still valid so packets are being stopped there. Finally
you may see it go all the way to the other side, and finish totally, or stop
on somecompany-gw.customer.isp.net, in which case the other side may be
blocking inbound ICMP.</p>
<p class="body">If they can't seem to connect to anything, ask them to try with an IP, if
this works, get them to check their DNS settings.</p>
<p></p>
<p class="body">Some common traits of certain events.</p>
<p></p>
<p class="body">A service dying but the network being fine: If you can ping and traceroute
fine, and you can connect to other open ports, say the machine does mail and
remote access, if you can get to port 22 (ssh) fine but not port 25 (smtp)
there could be a problem with the MTA only.</p>
<p class="body">A firewall blocking a port: This doesn't work so well when routers or
firewalls have a 'deny all' by default, but most people don't do that. Let's
say you can't get to port 25 on this machine, when you telnet, it just times
out, but you know it's a mailserver, try to telnet to a few ports, just
random high number ports, like 8274 or 9274 and see if you get connection
refused. If you get connection refused, the chances are the firewall is just
blocking port 25 due to your IP, because the machine responded that you
couldn't get on those ports.</p>
<p class="body">The link to your ISP is dead: Try and traceroute to anywhere, and you will
see that the last hop that doesn't time out is an internal one from your
company, and that you never see anything with link-whatever.isp.net.</p>
<p class="body">The link is gone on the other side: In this case, maybe you know they
don't block traceroute packets, so when you do traceroute, it goes through
your isp, to a carrier, to their isp and then stops on what is normally their
ISP's link.</p>
<p class="body">Your ISP is having a routing issue: This often happens with some providers
*ahem*, I have accounts on a few machines, based in physically different
locations and using different providers, so if I can't get to a resource I
want, ill try and traceroute it from a machine hanging straight off LINX and
a few just off some US ISP's, if they all seem to work from there, and a
traceroute from you shows timeouts or unusually high latency in say
london.isp.net, then their links to london maybe overused or having
issues.</p>
<p class="body">It's taking about two minutes to login to a machine: When you do login,
type w or who, and check to see if it says you are coming from an IP or
hostname? It shouldn't say hostname, basically it's waiting that long on DNS,
it should use an internal DNS server that will reply quickly, or else you
should use reverse lookups for IP addresses.</p>
<p class="body">Somebody is complaining they can't connect to a service, you try
a manual connection from an outside host and it doesn't work. Then go onto the machine
and try and telnet to the port or do an netstat -an | grep LISTEN and look for the port
number it should be listening on. If it is there, it could be filtered somewhere along the
path, or even at the local host. If it isn't listen, then doing an fstat or lsof and
and grepping for the process name may show IPv4 or internet entry, showing
the ip address and host it's listening on.</p>
<p></p>
<p></p>
<p class="cvsinfo">$Id: debugging-tcpip.html,v 1.5 2003/09/18 18:33:47 davidd Exp $</p>
</body>
</html>
<!-- *** BEGIN author bio *** -->
<P>&nbsp;
<P>
<!-- *** BEGIN bio *** -->
<P>
<img ALIGN="LEFT" ALT="[BIO]" SRC="../gx/2002/note.png">
<em>
David has been a very productive writer and plans to contribute more of his
work in the future.
</em>
<br CLEAR="all">
<!-- *** END bio *** -->
<!-- *** END author bio *** -->
<!-- *** BEGIN copyright *** -->
<hr>
<CENTER><SMALL><STRONG>
Copyright &copy; 2003, David Dorgan.
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
Published in Issue 96 of <i>Linux Gazette</i>, November 2003
</STRONG></SMALL></CENTER>
<!-- *** END copyright *** -->
<HR>
<!--startcut ==========================================================-->
<CENTER>
<!-- *** BEGIN navbar *** -->
<A HREF="pramode.html">&lt;&lt;&nbsp;Prev</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="index.html">TOC</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../index.html">Front Page</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue96/dorgan1.html">Talkback</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../faq/index.html">FAQ</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="dorgan2.html">Next&nbsp;&gt;&gt;</A>
<!-- *** END navbar *** -->
</CENTER>
</BODY></HTML>
<!--endcut ============================================================-->
Reference in New Issue View Git Blame Copy Permalink