Network Command and Shell Script

NE1. Checking the ARP Tables

Command mostly used for checking existing Ethernet connectivity and IP address.
On some occasions, it is useful to view or alter the contents of the kernel's ARP tables, for example when you suspect a duplicate Internet address is the cause for some intermittent network problem. The arp tool was made for situations like this. Its command-line options are:

arp [-v] [-t hwtype] -a [hostname]
arp [-v] [-t hwtype] -s hostname hwaddr
arp [-v] -d hostname [hostname…]

$ arp -a
IP address HW type HW address
172.16.1.3 10Mbps Ethernet 00:00:C0:5A:42:C1
172.16.1.2 10Mbps Ethernet 00:00:C0:90:B3:42
172.16.2.4 10Mbps Ethernet 00:00:C0:04:69:AA

2. ifconfig

Command line tool to configure or check all network cards/interfaces
ifconfig - the ubiquitous command bundled with any Unix/Linux OS is used to setup any/all the network interfaces such as ethernet, wireless, modem and so on that are connected to your computer. ifconfig command provides a wealth of knowledge to any person who takes the time to look at its output. Commonly, the ifconfig command is used for the following tasks:

a. Configuring an interface
For example, in its simplest form, to set up the IP address of your ethernet card, you pass the necessary options to the ifconfig command as follows:

Code:
# ifconfig eth0 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 up

Where the 192.168.0.1 number pertains to the IP address of your machine. I have used a private IP address. 255.255.255.0 denotes the network mask which decides the potential size of your network and the number 192.168.0.255 denotes the broadcast address and lastly, the 'up' keyword is the flag which loads the module related to this particular ethernet card and makes it ready to receive and send data.

b. Gathering data related to the network off which our computer is a part.
When used without any parameters, the command ifconfig shows details of the network interfaces that are up and running in your computer. In my machine which has a single ethernet card and a loop back interface, I get the following output.

Code:
eth0 Link encap:Ethernet HWaddr 00:70:40:42:8A:60
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:160889 errors:0 dropped:0 overruns:0 frame:0
TX packets:22345 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33172704 (31.6 MiB) TX bytes:2709641 (2.5 MiB)
Interrupt:9 Base address:0xfc00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3176 (3.1 KiB) TX bytes:3176 (3.1 KiB)

3. netstat

Summary of network connections and status of sockets
Most common uses: netstat and also netstat |head and also netstat -r

Netstat command simply displays all sockets and server connections. The top few lines are usually most helpful regarding webserver administration. Therefore if you are doing basic webserver work, you can quickly read the top lines of the netstat output by including the |head (pipe and head commands). Using the -r option gives you a very good look at the network routing addresses. This is directly linked to the route command.

To display the routing table, type the following:

netstat -rn

Output similar to the following is displayed:

Routing tables
Destination Gateway Flags Refs Use If PMTU Exp Groups

Route Tree for Protocol Family 2 (Internet):
default 9.3.149.65 UG 0 24 en0 - -
9.3.149.64 9.3.149.88 UHSb 0 0 en0 - -
9.3.149.64/27 9.3.149.88 U 1 0 en0 - -
9.3.149.88 127.0.0.1 UGHS 0 1 lo0 - -
9.3.149.95 9.3.149.88 UHSb 0 0 en0 - -
127/8 127.0.0.1 U 11 174 lo0 - -

Route Tree for Protocol Family 24 (Internet v6):
::1 ::1 UH 0 0 lo0 - -

4. nslookup

Checks the domain name and IP information of a server
Most common use: nslookup www.hostname.com

You are bound to need this command for one reason or another. When performing server installation and configuration this command gives you the existing root server IP and DNS information and can also provide details from other remote servers. Therefore, it is also a very useful security command where you can lookup DNS information regarding a particular host IP that you may see showing up on your server access logs. There is a lot more to this command and using the man pages will get you the details by typing: man nslookup

5. route

Lists the routing tables for your server.The route command allows you to make manual entries into the network routing tables.

a. To establish a route so that a computer on one network can send a message to a computer on a different network, enter:

#route add 192.100.201.7 192.100.13.7

The 192.100.201.7 address is that of the receiving computer (the Destination parameter). The 192.100.13.7 address is that of the routing computer (the Gateway parameter).

b. To establish a route so you can send a message to any user on a specific network, enter:

#route add -net 192.100.201.0 192.100.13.7

The 192.100.201.0 address is that of the receiving network (the Destination parameter). The 192.100.13.7 address is that of the routing network (the Gateway parameter).

c. To establish a default gateway, enter:

#route add 0 192.100.13.7

The value 0 or the default keyword for the Destination parameter means that any packets sent to destinations not previously defined and not on a directly connected network go through the default gateway. The 192.100.13.7 address is that of the gateway chosen to be the default.

d. To clear the host gateway table, enter:

#route -f

5. traceroute


Traces the existing network routing for a remote or local server

Most common use: traceroute hostname