Diagnostic Tools - SSH Clients for Non-Unix Platforms

SSH Clients for Non-Unix Platforms

6.5 Diagnostic Tools

netstat is one of the most basic network serv ice debugging tools, telling you what ports are open and whether any programs are listening on ports. For example, if you want to view all open TCP ports, run this command:

netstat -t

Table 6-2 lists the netstat options.

Table 6-2: netstat Options Option Description

-t Prints TCP port information -u Prints UDP port information -l Prints listening ports -a Prints every active port

-n Disables name lookups (useful if DNS isn't working)

Being able to list open and listening ports is good, but our good old friend lsof can go one step further.

6.5.1 lsof

In Section 4.8.1 you saw how lsof can track open files, but lsof can also list the programs currently using or listening to ports. For a complete list, run this command:

lsof -i

The output should look something like this:

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME portmap 520 daemon 3u IPv4 150 UDP *:sunrpc

portmap 520 daemon 4u IPv4 151 TCP *:sunrpc (LISTEN) inetd 522 root 4u IPv4 188 TCP *:discard (LISTEN) inetd 522 root 5u IPv4 189 UDP *:discard

inetd 522 root 6u IPv4 190 TCP *:daytime (LISTEN) inetd 522 root 7u IPv4 191 UDP *:daytime

inetd 522 root 8u IPv4 192 TCP *:time (LISTEN) inetd 522 root 9u IPv4 193 UDP *:time

inetd 522 root 11u IPv4 195 TCP *:auth (LISTEN) sshd 853 root 3u IPv4 696 TCP *:ssh (LISTEN) X 900 root 1u IPv4 791 TCP *:6000 (LISTEN)

If you're looking for one port in particular (that is, if you know that a process is using a particular port and you want to know what that process is), use this v ersion of the command:

lsof -i :port

The full syntax is

lsof -i protocol@host:port

How Linux Works: What Every Super-User Should Know

by Brian Ward ISBN:1593270356

This guide describes the inner workings of a Linux system beginning with the file system and boot process and covering advanced topics such as networking, firewalls, development tools, device management, shell scripts, and sharing printers with Samba.

Table of Contents

How Linux Works—What Every Super-User Should Know Chapter 1 - The Basics

Chapter 2 - Devices, Disks, Filesystems, and the Kernel Chapter 3 - How Linux Boots

Chapter 4 - Essential System Files, Servers, and Utilities Chapter 5 - Configuring Your Network

Chapter 6 - Network Services

Chapter 7 - Introduction to Shell Scripts Chapter 8 - Development Tools

Chapter 9 - Compiling Software From Source Code Chapter 10- Maintaining the Kernel

Chapter 11- Configuring and Manipulating Peripheral Devices Chapter 12- Printing

Chapter 13- Backups

Chapter 14- Sharing Files with Samba Chapter 15- Network File Transfer Chapter 16- User Environments Chapter 17- Buying Hardware for Linux Chapter 18- Further Directions Appendix A- Command Classification Bibliography

Index List of Figures List of Tables List of Sidebars

protocol, @host, and :port are all optional. Specifying any of these parameters filters the lsof output accordingly. As with most other network utilities, host and port can be either names or numbers.

You can disable host-name resolution with the -n option. Finally, lsof -P forces numeric port listings.

Note If you don't have lsof on your system, you can run netstat -p to get the processes associated with ports. This is a Linux-specific netstat feature, but lsof is still far more flexible.

6.5.2 tcpdump

If you need to know what's happening on your network, tcpdump puts your network interface card into promiscuous mode and reports on ev ery packet that crosses the wire.

tcpdump with no arguments produces output resembling the following sample, which includes an ARP request and Web connection:

tcpdump: listening on eth0

20:36:25.771304 arp who-has mikado.example.com tell duplex.example.com 20:36:25.774729 arp reply mikado.example.com is-at 0:2:2d:b:ee:4e 20:36:25.774796 duplex.example.com.48455 > mikado.example.com.www: S

3200063165:3200063165(0) win 5840 <mss 1460,sackOK,timestamp 38815804[|tcp]>

(DF)

20:36:25.779283 mikado.example.com.www > duplex.example.com.48455: S

3494716463:3494716463(0) ack 3200063166 win 5792 <mss 1460,sackOK,timestamp 4620[|tcp]> (DF)

20:36:25.779409 duplex.example.com.48455 > mikado.example.com.www: . ack 1 win 5840 <nop,nop,timestamp 38815805 4620> (DF)

20:36:25.779787 duplex.example.com.48455 > mikado.example.com.www: P 1:427(426) ack 1 win 5840 <nop,nop,timestamp 38815805 4620> (DF)

20:36:25.784012 mikado.example.com.www > duplex.example.com.48455: . ack 427 win 6432 <nop,nop,timestamp 4620 38815805> (DF)

20:36:25.845645 mikado.example.com.www > duplex.example.com.48455: P 1:773(772) ack 427 win 6432 <nop,nop,timestamp 4626 38815805> (DF)

20:36:25.845732 duplex.example.com.48455 > mikado.example.com.www: . ack 773 win 6948 <nop,nop,timestamp 38815812 4626> (DF)

9 packets received by filter 0 packets dropped by kernel

You can tell tcpdump to be more specific by adding some filtering arguments. You can filter based on source and destination hosts, networks, Ethernet addresses, protocols at many different layers in the network model, and much more. Among the many packet protocols that tcpdump recognizes are ARP, RARP, ICMP, TCP, UDP, IP, IPv 6, AppleTalk, and IPX packets. For example, if you want tcpdump to output only TCP packets, run this command:

tcpdump tcp

If you want to see W eb packets and UDP packets, use this command:

tcpdump udp or port 80

In the preceding examples, tcp, udp, and port 80 are called primitives. The most important primitives are in Table 6-3:

Table 6-3: tcpdump Primitives

How Linux Works: What Every Super-User Should Know

by Brian Ward ISBN:1593270356

Table of Contents

How Linux Works—What Every Super-User Should Know Chapter 1 - The Basics

Chapter 2 - Devices, Disks, Filesystems, and the Kernel Chapter 3 - How Linux Boots

Chapter 4 - Essential System Files, Servers, and Utilities Chapter 5 - Configuring Your Network

Chapter 6 - Network Services

Chapter 7 - Introduction to Shell Scripts Chapter 8 - Development Tools

Chapter 9 - Compiling Software From Source Code Chapter 10- Maintaining the Kernel

Chapter 11- Configuring and Manipulating Peripheral Devices Chapter 12- Printing

Chapter 13- Backups

Index List of Figures List of Tables List of Sidebars

Primitive Packet Specification

tcp TCP packets

udp UDP packets

port port TCP and/or UDP packets to/from port port host host Packets to or from host

net network Packets to or from network

As you saw in the example, or is an operator. Other operators include and and !; you may use

parentheses for grouping. If you're going to do any serious work with tcpdump, make sure that you read the manual page, especially the section that describes the primitives.

Note Use good judgment when using tcpdump. The output shown earlier in this section includes only packet TCP (transport layer) and IP (Internet layer) header information, but you can also make tcpdump print the entire packet contents. Ev en though many network operators make it far too easy to look at their network packets, it doesn't mean that you should. Don't snoop around on networks other than the ones you own, unless you happen to be in the espionage business and understand the risks of having sensitive wiretapped data.

If you find that you need to do a lot of packet sniffing, you should probably consider a GUI alternative to tcpdump named Ethereal.

6.5.3 Netcat

If you need more flexibility in connecting to a remote host than a command such as telnet host port allows, use netcat (or nc). Netcat can connect to remote TCP/UDP ports, specify a local port, listen on ports, scan ports, redirect standard I/O to and from network connections, and more.

To open a TCP connection to a port, run this command:

netcat host port

netcat does not terminate until the other side of the connection ends the connection. This can confuse you if you redirect standard input to netcat. You can end the connection at any time by pressing CONTROL-C.

To listen on a port, run this command:

netcat -l -p port

Note There are two versions of netcat. The somewhat quirky original has just one executable name, nc, with a final version number of around 1.10. Howev er, there is a newer GNU v ersion using the name netcat, though the current version numbers are lower than the original. The new version includes several improvements, not the least of which is a manual page.

The netcat utility is v ery specific in its treatment of the network connection; in particular, it does not like to exit until the network connection has terminated. If this behavior doesn't suit your application (in particular, if you'd like the program and network connection to terminate based on the standard input stream), try the sock program instead.

How Linux Works: What Every Super-User Should Know

by Brian Ward ISBN:1593270356

Table of Contents

How Linux Works—What Every Super-User Should Know Chapter 1 - The Basics

Chapter 2 - Devices, Disks, Filesystems, and the Kernel Chapter 3 - How Linux Boots

Chapter 4 - Essential System Files, Servers, and Utilities Chapter 5 - Configuring Your Network

Chapter 6 - Network Services

Chapter 7 - Introduction to Shell Scripts Chapter 8 - Development Tools

Chapter 9 - Compiling Software From Source Code Chapter 10- Maintaining the Kernel

Chapter 11- Configuring and Manipulating Peripheral Devices Chapter 12- Printing

Chapter 13- Backups

Index List of Figures List of Tables List of Sidebars

No documento Introduction to Shell ScriptsChapter 8 (páginas 127-130)