1
00:00:00,000 --> 00:00:10,560
To troubleshoot networking, there's a couple of utilities that can be used.

2
00:00:10,560 --> 00:00:15,000
We have already seen quite a few of them, here is a list of all the utilities and how

3
00:00:15,000 --> 00:00:16,480
you can use them.

4
00:00:16,480 --> 00:00:20,000
Nmap, to start with, can be used to analyze open ports.

5
00:00:20,000 --> 00:00:25,719
And you have learned how Nmap can be considered a hostile utility by network administrators,

6
00:00:25,719 --> 00:00:27,840
so be careful if you use it.

7
00:00:28,160 --> 00:00:33,959
Netstat, which is legacy and its modern counterpart, SS, can be used to provide a list of local

8
00:00:33,959 --> 00:00:38,240
ports, so that you can figure out what is listening where.

9
00:00:38,240 --> 00:00:44,439
iFtop gives a live overview of network traffic on all local interfaces.

10
00:00:44,439 --> 00:00:48,799
Route is the legacy tool used to manipulate the routing table.

11
00:00:48,799 --> 00:00:52,599
On modern Linux you would use iproute instead.

12
00:00:52,599 --> 00:00:59,119
iperf is a utility that you can install on server and client to measure network throughput.

13
00:00:59,119 --> 00:01:02,320
And tcpdump is used to analyze network traffic.

14
00:01:02,320 --> 00:01:07,879
It will be dumped on your screen and you can read it or redirect it to a PCAP file, which

15
00:01:07,879 --> 00:01:11,080
is a packet capture file.

16
00:01:11,080 --> 00:01:16,320
Wireshark is a graphical utility, and you can use it to analyze packet capture files,

17
00:01:16,320 --> 00:01:23,599
for instance, or monitor live traffic passing by based on specific input filters.

18
00:01:23,599 --> 00:01:28,720
Netcat is also known as the Swiss army knife for networking, and it contains many tools.

19
00:01:28,720 --> 00:01:35,559
The main command is nc, and nc is commonly used to test availability of ports.

20
00:01:35,559 --> 00:01:41,120
Traceroute is what allows administrators to analyze the path between source and destination.

21
00:01:41,120 --> 00:01:44,160
And tracepath is giving similar output.

22
00:01:44,480 --> 00:01:50,199
MRT combines the functionality of traceroute and ping in one utility.

23
00:01:50,199 --> 00:01:55,279
ARP is what is showing the IP address to MAC address resolution tables.

24
00:01:55,279 --> 00:02:01,639
And nslookup is the old utility with its modern counterpart, dig, which are used for DNS name

25
00:02:01,639 --> 00:02:06,720
lookup and checking if your DNS lookup is doing all right.

26
00:02:06,720 --> 00:02:12,160
Whois is used to query a DNS domain and request advanced information.

27
00:02:12,199 --> 00:02:15,160
And ping is used to test connectivity.

28
00:02:15,160 --> 00:02:20,399
And finally, the IP utility is the overall management utility that allows you to do a

29
00:02:20,399 --> 00:02:27,559
runtime configuration of your network and to check current settings in your network stack.

30
00:02:27,559 --> 00:02:29,800
Let's check a couple of these.

31
00:02:29,800 --> 00:02:35,039
So let's ping to nu.nl to start with the basic utility.

32
00:02:35,039 --> 00:02:40,679
I like nu.nl because it's short to type and it's convenient.

33
00:02:40,679 --> 00:02:42,919
So we can see the ICMP package.

34
00:02:42,919 --> 00:02:44,639
These are the packages that are sent.

35
00:02:44,639 --> 00:02:50,039
TTL is the maximum number of hops between the local location and the destination.

36
00:02:50,039 --> 00:02:58,919
And time is around trip time, 18.9 milliseconds, which for internet-based traffic is not bad at all.

37
00:02:58,919 --> 00:03:06,679
Now, if I would want to see the current route to this nu.nl, I can try a utility like tracepath.

38
00:03:06,720 --> 00:03:14,000
And there I can see all the information about what is between my host and the remote host.

39
00:03:14,000 --> 00:03:20,240
But the disappointing thing about it is that many hosts in between are hiding their answer

40
00:03:20,240 --> 00:03:24,440
because for security purposes, they don't want to reveal themselves.

41
00:03:24,440 --> 00:03:30,759
And that makes tracepath as well as traceroute of limited use nowadays.

42
00:03:30,759 --> 00:03:32,960
Completely different utility is arb.

43
00:03:32,960 --> 00:03:38,000
Use arb-a to get an overview of the arb table.

44
00:03:38,000 --> 00:03:42,880
And the arb table is a match between IP addresses and MAC addresses.

45
00:03:42,880 --> 00:03:45,839
Sometimes there might be a problem of a double MAC address.

46
00:03:45,839 --> 00:03:51,000
And if you have a double MAC address, which means two nodes that are using the same MAC address,

47
00:03:51,000 --> 00:03:53,440
that is going to confuse your networking.

48
00:03:53,440 --> 00:03:56,919
And arb is going to figure that out for you.

49
00:03:56,919 --> 00:04:02,240
And if ever you want to delete one of them, well, you can just use arb-d.

50
00:04:02,240 --> 00:04:06,039
And that will delete the selected entry for you.

51
00:04:06,039 --> 00:04:14,440
So, arb-d on 192.168.29.145 is going to remove the entry.

52
00:04:14,440 --> 00:04:19,839
And then when I'm using ping on, well, this IP address again,

53
00:04:19,839 --> 00:04:23,799
in order to get an answer, we do need the MAC address again.

54
00:04:23,799 --> 00:04:29,600
And behind the scene, the ping command is triggering a Whois request

55
00:04:29,600 --> 00:04:33,839
to figure out the MAC address behind this IP address.

56
00:04:33,839 --> 00:04:40,079
I also like the dig utility, dig on not-existing.com.

57
00:04:40,079 --> 00:04:42,440
That is, I think it's not existing.

58
00:04:42,440 --> 00:04:47,399
And if it's not existing, we should be able to confirm using dig.

59
00:04:47,399 --> 00:04:50,880
nx-domain, that's the output that I'm looking for.

60
00:04:50,880 --> 00:04:54,720
If ever you see nx-domain, that stands for no such domain.

61
00:04:54,720 --> 00:05:01,239
And that means, my friend, you are trying to reach a host that doesn't exist.

62
00:05:01,239 --> 00:05:06,799
If, however, you would use dig-nu.nl, then we can see a status of no error.

63
00:05:06,799 --> 00:05:10,559
And we can see the question section,

64
00:05:10,559 --> 00:05:14,839
which is we're asking for the IP address of nu.nl.

65
00:05:14,839 --> 00:05:20,440
And here we can see the answer section, which is revealing a couple of IP addresses.

66
00:05:20,440 --> 00:05:23,600
And that should prove that the host that you are trying to reach

67
00:05:23,600 --> 00:05:25,399
is reachable by DNS.