Difference between revisions of "Solaris Network Troubleshooting"

From PeformIQ Upgrade
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
=Solaris: Network Troubleshooting=


<html>
Extracted from http://www.skywayradio.com/tech/sun/troubleshooting.html
<CENTER> <P> </P></CENTER>
<FONT class="grey2">


</FONT><BLOCKQUOTE>
<BLOCKQUOTE>
<FONT class="grey2">
</FONT><P><FONT class="grey2"> </FONT></P>
<CENTER>
<H1><FONT class="grey2"> Solaris: Network Troubleshooting </FONT></H1>
</CENTER>


<P> </P><HR></HR>
==Overview==


One of the first signs of trouble on the network is a loss of communications by one or more <A href="http://XXX/sun/commands/hosts.html">hosts</A>. If a <A href="http://XXX/sun/config.html#hosts">host</A> refuses to come up at all the first time it is added to the network, the problem might lie in one of the configuration files, or in the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interface</A>. If a single host suddenly develops a problem, the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interface</A> might be the cause. If the <A href="http://XXX/sun/commands/hosts.html">hosts</A> on a network can communicate with each other but not with other <A href="http://XXX/pages/commands/networks.html">networks</A>, the problem could lie with the <A href="http://XXX/sun/planning.html#routers">router</A>, or it could lie in another network.


<P><FONT class="grey2"> </FONT></P><H2><FONT class="grey2">Overview</FONT></H2>


<P><FONT class="grey2">One of the first signs of trouble on the network is a loss of communications by one or more <A href="http://esbinfo:8090/sun/commands/hosts.html">hosts</A>. If a <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> refuses to come up at all the first time it is added to the network, the problem might lie in one of the configuration files, or in the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interface</A>. If a single host suddenly develops a problem, the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interface</A> might be the cause. If the <A href="http://esbinfo:8090/sun/commands/hosts.html">hosts</A> on a network can communicate with each other but not with other <A href="http://esbinfo:8090/pages/commands/networks.html">networks</A>, the problem could lie with the <A href="http://esbinfo:8090/sun/planning.html#routers">router</A>, or it could lie in another network.
You can use the <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> program to obtain information on <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interfaces</A> and <A href="http://XXX/sun/commands/netstat.html">netstat</A> to display routing tables and protocol statistics. Third-party network diagnostic programs provide a number of troubleshooting utilities. Refer to third-party documentation for information.


Less obvious are the causes of problems that degrade performance on the network. For example, you can use tools like <A href="http://XXX/pages/commands/ping.html">ping</A> to quantify problems like the loss of packets by a <A href="http://XXX/sun/config.html#hosts">host</A>.


</FONT></P><P><FONT class="grey2">You can use the <A href="http://esbinfo:8090/pages/commands/ifconfig.html">ifconfig</A> program to obtain information on <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interfaces</A> and <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> to display routing tables and protocol statistics. Third-party network diagnostic programs provide a number of troubleshooting utilities. Refer to third-party documentation for information.


</FONT></P><P><FONT class="grey2">Less obvious are the causes of problems that degrade performance on the network. For example, you can use tools like <A href="http://esbinfo:8090/pages/commands/ping.html">ping</A> to quantify problems like the loss of packets by a <A href="http://esbinfo:8090/sun/config.html#hosts">host</A>.




</FONT></P><P><FONT class="grey2"> </FONT></P>


<P> </P><HR></HR>
<A class name="software"></A>==Running Software Checks==
<FONT class="grey2"><A class name="software"></A></FONT><H2><FONT class="grey2">Running Software Checks</FONT></H2>


<P><FONT class="grey2">If the network has trouble, some actions that you can take to diagnose and fix software-related problems include:
If the network has trouble, some actions that you can take to diagnose and fix software-related problems include:


</FONT></P><OL>
*Using the <A href="http://XXX/sun/commands/netstat.html">netstat</A> command to display network information.


<P> </P><FONT class="grey2"><LI>Using the <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> command to display network information.


*Checking the <A href="http://XXX/sun/commands/hosts.html">hosts</A> database (and ipnodes if you are using <A href="http://www.skywayradio.com/tech/ebooks/networking/dns/ch10_14.htm">IPv6</A>) to make sure that the entries are correct and up to <A href="http://XXX/sun/commands/date.html">date</A>.


<P> </P></LI><LI>Checking the <A href="http://esbinfo:8090/sun/commands/hosts.html">hosts</A> database (and ipnodes if you are using <A href="http://www.skywayradio.com/tech/ebooks/networking/dns/ch10_14.htm">IPv6</A>) to make sure that the entries are correct and up to <A href="http://esbinfo:8090/sun/commands/date.html">date</A>.




*If you are running RARP, checking the Ethernet addresses in the <A href="http://XXX/pages/commands/ethers.html">ethers</A> database to make sure that the entries are correct and up to <A href="http://XXX/sun/commands/date.html">date</A>.


<P> </P></LI><LI>If you are running RARP, checking the Ethernet addresses in the <A href="http://esbinfo:8090/pages/commands/ethers.html">ethers</A> database to make sure that the entries are correct and up to <A href="http://esbinfo:8090/sun/commands/date.html">date</A>.


*Trying to connect by <A href="http://XXX/pages/commands/telnet.html">telnet</A> to the local <A href="http://XXX/sun/config.html#hosts">host</A>.


<P> </P></LI><LI>Trying to connect by <A href="http://esbinfo:8090/pages/commands/telnet.html">telnet</A> to the local <A href="http://esbinfo:8090/sun/config.html#hosts">host</A>.


*Ensuring that the network daemon <A href="http://XXX/pages/commands/inetd.html">inetd</A> is running. To do this, <A href="http://XXX/sun/commands/log.html">log</A> in as superuser and type:


<P> </P></LI><LI>Ensuring that the network daemon <A href="http://esbinfo:8090/pages/commands/inetd.html">inetd</A> is running. To do this, <A href="http://esbinfo:8090/sun/commands/log.html">log</A> in as superuser and type:




<P> </P><BLOCKQUOTE>
# <A href="http://XXX/sun/commands/ps.html">ps</A> -ef | <A href="http://XXX/pages/commands/grep.html">grep</A> <A href="http://XXX/pages/commands/inetd.html">inetd</A>
# <A href="http://esbinfo:8090/sun/commands/ps.html">ps</A> -ef | <A href="http://esbinfo:8090/pages/commands/grep.html">grep</A> <A href="http://esbinfo:8090/pages/commands/inetd.html">inetd</A>
 
</BLOCKQUOTE>
 
Here is an example of output displayed if the <A href="http://XXX/pages/commands/inetd.html">inetd</A> daemon is running:


<P> Here is an example of output displayed if the <A href="http://esbinfo:8090/pages/commands/inetd.html">inetd</A> daemon is running:


</P><P> </P><BLOCKQUOTE>


root 57 1 0 Apr 04 ? 3:19 /usr/sbin/inetd -s
root 57 1 0 Apr 04 ? 3:19 /usr/sbin/inetd -s
root 4218 4198 0 17:57:23 pts/3 0:00 <A href="http://esbinfo:8090/pages/commands/grep.html">grep</A> <A href="http://esbinfo:8090/pages/commands/inetd.html">inetd</A>
root 4218 4198 0 17:57:23 pts/3 0:00 <A href="http://XXX/pages/commands/grep.html">grep</A> <A href="http://XXX/pages/commands/inetd.html">inetd</A>
</BLOCKQUOTE>
 
 
<A class name="ping"></A>==ping Command==
 
Use the <A href="http://XXX/pages/commands/ping.html">ping</A> command to <A href="http://XXX/sun/commands/find.html">find</A> out whether there is IP connectivity to a particular <A href="http://XXX/sun/config.html#hosts">host</A>. The basic syntax is:
 
 
 
/usr/sbin/ping <A href="http://XXX/sun/config.html#hosts">host</A> [timeout]
 
 
where <A href="http://XXX/sun/config.html#hosts">host</A> is the host name of the machine in question. The optional timeout argument indicates the time in seconds for <A href="http://XXX/pages/commands/ping.html">ping</A> to keep trying to reach the machine-20 seconds by default. The <A href="http://XXX/pages/commands/ping.html">ping</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A> describes additional syntaxes and options.
 
When you run <A href="http://XXX/pages/commands/ping.html">ping</A>, the <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> protocol sends a datagram to the <A href="http://XXX/sun/config.html#hosts">host</A> you specify, asking for a response. (<A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> is the protocol responsible for error handling on a TCP/IP network. See ICMP Protocol for details.)
 
 
 
 
 
===How to Determine if a Host Is Running===
 
On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.
 
 
 
% <A href="http://XXX/pages/commands/ping.html">ping</A> <A href="http://XXX/pages/commands/hostname.html">hostname</A>
 
 
 
If <A href="http://XXX/sun/config.html#hosts">host</A> <A href="http://XXX/pages/commands/hostname.html">hostname</A> is up, this message is displayed:
 
 
 
 
hostname is alive
 
 
 
This indicates that <A href="http://XXX/pages/commands/hostname.html">hostname</A> responded to the <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> request. However, if <A href="http://XXX/pages/commands/hostname.html">hostname</A> is down or cannot receive the ICMP packets, you receive the following response from <A href="http://XXX/pages/commands/ping.html">ping</A>:
 
 


</LI></FONT></OL>


<P><FONT class="grey2"> </FONT></P>
no answer from <A href="http://XXX/pages/commands/hostname.html">hostname</A>
<P> </P><HR></HR>
<FONT class="grey2"><A class name="ping"></A></FONT><H2><FONT class="grey2">ping Command</FONT></H2>


<P><FONT class="grey2">Use the <A href="http://esbinfo:8090/pages/commands/ping.html">ping</A> command to <A href="http://esbinfo:8090/sun/commands/find.html">find</A> out whether there is IP connectivity to a particular <A href="http://esbinfo:8090/sun/config.html#hosts">host</A>. The basic syntax is:




</FONT></P><P> </P><BLOCKQUOTE>
<FONT class="grey2">/usr/sbin/ping <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> [timeout]
</FONT></BLOCKQUOTE>


<FONT class="grey2">where <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> is the host name of the machine in question. The optional timeout argument indicates the time in seconds for <A href="http://esbinfo:8090/pages/commands/ping.html">ping</A> to keep trying to reach the machine-20 seconds by default. The <A href="http://esbinfo:8090/pages/commands/ping.html">ping</A>(1M) <A href="http://esbinfo:8090/sun/commands/man.html">man</A> <A href="http://esbinfo:8090/sun/commands/page.html">page</A> describes additional syntaxes and options.


When you run <A href="http://esbinfo:8090/pages/commands/ping.html">ping</A>, the <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> protocol sends a datagram to the <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> you specify, asking for a response. (<A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> is the protocol responsible for error handling on a TCP/IP network. See ICMP Protocol for details.)
===How to Determine if a Host Is Losing Packets===


If you suspect that a machine might be losing packets even though it is running, you can use the s option of <A href="http://XXX/pages/commands/ping.html">ping</A> to try to detect the problem.  On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.






</FONT><P><FONT class="grey2"> </FONT></P>
% <A href="http://XXX/pages/commands/ping.html">ping</A> -s <A href="http://XXX/pages/commands/hostname.html">hostname</A>
<H3><FONT class="grey2">How to Determine if a Host Is Running</FONT></H3>


<FONT class="grey2">On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type the following command.




</FONT><P> </P><BLOCKQUOTE>
<FONT class="grey2">% <A href="http://esbinfo:8090/pages/commands/ping.html">ping</A> <A href="http://esbinfo:8090/pages/commands/hostname.html">hostname</A>
</FONT></BLOCKQUOTE>
<FONT class="grey2">


</FONT><P><FONT class="grey2">If <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> <A href="http://esbinfo:8090/pages/commands/hostname.html">hostname</A> is up, this message is displayed:
<A href="http://XXX/pages/commands/ping.html">ping</A> continually sends packets to <A href="http://XXX/pages/commands/hostname.html">hostname</A> until you send an interrupt character or a timeout occurs. The responses on your screen will resemble:






</FONT></P><P> </P><BLOCKQUOTE>
<PRE>PING elvis: 56 data bytes<BR></BR>64 bytes from 129.144.50.21: icmp_seq=0. time=80. ms<BR></BR>64 bytes from 129.144.50.21: icmp_seq=1. time=0. ms<BR></BR>64 bytes from 129.144.50.21: icmp_seq=2. time=0. ms<BR></BR>64 bytes from 129.144.50.21: icmp_seq=3. time=0. ms<BR></BR>.<BR></BR>.<BR></BR>.<BR></BR>----elvis PING Statistics----<BR></BR>4 packets transmitted, 4 packets received, 0% packet loss<BR></BR>round-trip (ms) min/avg/max = 0/20/80  <BR></BR></PRE>
<FONT class="grey2">hostname is alive
</FONT></BLOCKQUOTE>
<FONT class="grey2">


</FONT><P><FONT class="grey2">This indicates that <A href="http://esbinfo:8090/pages/commands/hostname.html">hostname</A> responded to the <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> request. However, if <A href="http://esbinfo:8090/pages/commands/hostname.html">hostname</A> is down or cannot receive the ICMP packets, you receive the following response from <A href="http://esbinfo:8090/pages/commands/ping.html">ping</A>:




</FONT></P><P> </P><BLOCKQUOTE>
The packet-loss statistic indicates whether the <A href="http://XXX/sun/config.html#hosts">host</A> has dropped packets.


<FONT class="grey2">no answer from <A href="http://esbinfo:8090/pages/commands/hostname.html">hostname</A>
</FONT></BLOCKQUOTE>
<FONT class="grey2">


If <A href="http://XXX/pages/commands/ping.html">ping</A> fails, check the status of the network reported by <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> and <A href="http://XXX/sun/commands/netstat.html">netstat</A>, as described in ifconfig Command and <A href="http://XXX/sun/commands/netstat.html">netstat</A> Command


</FONT><P><FONT class="grey2"> </FONT></P>
<H3><FONT class="grey2">How to Determine if a Host Is Losing Packets</FONT></H3>


<P><FONT class="grey2">If you suspect that a machine might be losing packets even though it is running, you can use the s option of <A href="http://esbinfo:8090/pages/commands/ping.html">ping</A> to try to detect the problem.  On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type the following command.




</FONT></P><P> </P><BLOCKQUOTE>
<A class name="ifconfig"></A>==ifconfig Command==
<FONT class="grey2">% <A href="http://esbinfo:8090/pages/commands/ping.html">ping</A> -s <A href="http://esbinfo:8090/pages/commands/hostname.html">hostname</A>


</FONT></BLOCKQUOTE>
The <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> command displays information about the configuration of an interface that you specify. (Refer to the <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A> for details.) The syntax of ifconfig is:
<FONT class="grey2">


</FONT><P><FONT class="grey2"><A href="http://esbinfo:8090/pages/commands/ping.html">ping</A> continually sends packets to <A href="http://esbinfo:8090/pages/commands/hostname.html">hostname</A> until you send an interrupt character or a timeout occurs. The responses on your screen will resemble:


<A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> interface-name [protocol_family]


</FONT></P><P> </P><BLOCKQUOTE>
<PRE><FONT class="grey2">PING elvis: 56 data bytes<BR></BR>64 bytes from 129.144.50.21: icmp_seq=0. time=80. ms<BR></BR>64 bytes from 129.144.50.21: icmp_seq=1. time=0. ms<BR></BR>64 bytes from 129.144.50.21: icmp_seq=2. time=0. ms<BR></BR>64 bytes from 129.144.50.21: icmp_seq=3. time=0. ms<BR></BR>.<BR></BR>.<BR></BR>.<BR></BR>----elvis PING Statistics----<BR></BR>4 packets transmitted, 4 packets received, 0% packet loss<BR></BR>round-trip (ms) min/avg/max = 0/20/80  <BR></BR></FONT></PRE>
</BLOCKQUOTE>
<FONT class="grey2">


</FONT><P><FONT class="grey2">The packet-loss statistic indicates whether the <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> has dropped packets.




</FONT></P><P><FONT class="grey2">If <A href="http://esbinfo:8090/pages/commands/ping.html">ping</A> fails, check the status of the network reported by <A href="http://esbinfo:8090/pages/commands/ifconfig.html">ifconfig</A> and <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A>, as described in ifconfig Command and <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> Command
===How to Get Information About a Specific Interface===


*Become superuser.


</FONT></P><P><FONT class="grey2"> </FONT></P>
*On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.
<P> </P><HR></HR>
<FONT class="grey2"><A class name="ifconfig"></A></FONT><H2><FONT class="grey2">ifconfig Command</FONT></H2>


<P><FONT class="grey2">The <A href="http://esbinfo:8090/pages/commands/ifconfig.html">ifconfig</A> command displays information about the configuration of an interface that you specify. (Refer to the <A href="http://esbinfo:8090/pages/commands/ifconfig.html">ifconfig</A>(1M) <A href="http://esbinfo:8090/sun/commands/man.html">man</A> <A href="http://esbinfo:8090/sun/commands/page.html">page</A> for details.) The syntax of ifconfig is:


</FONT></P><P> </P><BLOCKQUOTE>
<FONT class="grey2"><A href="http://esbinfo:8090/pages/commands/ifconfig.html">ifconfig</A> interface-name [protocol_family]
</FONT></BLOCKQUOTE>


# <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> interface


<P><FONT class="grey2"> </FONT></P>
<H3><FONT class="grey2">How to Get Information About a Specific Interface</FONT></H3>


<OL>


<P> </P><FONT class="grey2"><LI>Become superuser.


<P> </P></LI><LI>On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type the following command.
For an le0 interface, your output resembles the following:




<P> </P><BLOCKQUOTE>
# <A href="http://esbinfo:8090/pages/commands/ifconfig.html">ifconfig</A> interface


</BLOCKQUOTE>
<PRE>le0: flags=863<UP> mtu 1500<BR></BR>  <A href="http://XXX/sun/commands/inet.html">inet</A> 129.144.44.140 <A href="http://XXX/sun/config.html#netmasks">netmask</A> ffffff00 broadcast 129.144.44.255<BR></BR>ether 8:0:20:8:el:fd<BR></BR></UP></PRE>




<P>For an le0 interface, your output resembles the following:


The flags section just given shows that the interface is configured "up," capable of broadcasting, and not using "trailer" <A href="http://XXX/pages/commands/link.html">link</A> level encapsulation. The mtu field tells you that this interface has a maximum transfer size of 1500 octets. Information on the second <A href="http://XXX/sun/commands/line.html">line</A> includes the IP address of the <A href="http://XXX/sun/config.html#hosts">host</A> you are using, the <A href="http://XXX/sun/config.html#netmasks">netmask</A> being currently used, and the IP broadcast address of the interface. The third line gives the machine address (Ethernet, in this case) of the <A href="http://XXX/sun/config.html#hosts">host</A>.


</P><P> </P><BLOCKQUOTE>
<PRE>le0: flags=863<UP> mtu 1500<BR></BR>  <A href="http://esbinfo:8090/sun/commands/inet.html">inet</A> 129.144.44.140 <A href="http://esbinfo:8090/sun/config.html#netmasks">netmask</A> ffffff00 broadcast 129.144.44.255<BR></BR>ether 8:0:20:8:el:fd<BR></BR></UP></PRE>
</BLOCKQUOTE>




<P>The flags section just given shows that the interface is configured "up," capable of broadcasting, and not using "trailer" <A href="http://esbinfo:8090/pages/commands/link.html">link</A> level encapsulation. The mtu field tells you that this interface has a maximum transfer size of 1500 octets. Information on the second <A href="http://esbinfo:8090/sun/commands/line.html">line</A> includes the IP address of the <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> you are using, the <A href="http://esbinfo:8090/sun/config.html#netmasks">netmask</A> being currently used, and the IP broadcast address of the interface. The third line gives the machine address (Ethernet, in this case) of the <A href="http://esbinfo:8090/sun/config.html#hosts">host</A>.
===How to Get Information About All Interfaces on a Network===
A useful <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> option is -a, which provides information on all interfaces on your network.


</P></LI></FONT></OL>
*Become superuser.


<P><FONT class="grey2"> </FONT></P>
*On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.
<H3><FONT class="grey2">How to Get Information About All Interfaces on a Network</FONT></H3>
<FONT class="grey2">A useful <A href="http://esbinfo:8090/pages/commands/ifconfig.html">ifconfig</A> option is -a, which provides information on all interfaces on your network.


</FONT><OL>
<P> </P><FONT class="grey2"><LI>Become superuser.


<P> </P></LI><LI>On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type the following command.


# <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> -a interface


<P> </P><BLOCKQUOTE>
# <A href="http://esbinfo:8090/pages/commands/ifconfig.html">ifconfig</A> -a interface


</BLOCKQUOTE>




Line 196: Line 175:




<P> </P><BLOCKQUOTE>
<PRE>le0:  flags=49<UP> mtu 8232<BR></BR>    <A href="http://esbinfo:8090/sun/commands/inet.html">inet</A> 127.144.44.140 <A href="http://esbinfo:8090/sun/config.html#netmasks">netmask</A> ff000000 <BR></BR>le0:flags=863<UP> mtu 1500<BR></BR>    <A href="http://esbinfo:8090/sun/commands/inet.html">inet</A> 129.144.44.140 <A href="http://esbinfo:8090/sun/config.html#netmasks">netmask</A> ffffff00 broadcast 129.144.44.255<BR></BR>ether 8:0:20:8:el:fd<BR></BR><BR></BR></UP></UP></PRE>
</BLOCKQUOTE>


<P>Output that indicates an interface is not running might mean a problem with that interface. In this case, see the <A href="http://esbinfo:8090/pages/commands/ifconfig.html">ifconfig</A>(1M) <A href="http://esbinfo:8090/sun/commands/man.html">man</A> <A href="http://esbinfo:8090/sun/commands/page.html">page</A>.
<PRE>le0:  flags=49<UP> mtu 8232<BR></BR>    <A href="http://XXX/sun/commands/inet.html">inet</A> 127.144.44.140 <A href="http://XXX/sun/config.html#netmasks">netmask</A> ff000000 <BR></BR>le0:flags=863<UP> mtu 1500<BR></BR>    <A href="http://XXX/sun/commands/inet.html">inet</A> 129.144.44.140 <A href="http://XXX/sun/config.html#netmasks">netmask</A> ffffff00 broadcast 129.144.44.255<BR></BR>ether 8:0:20:8:el:fd<BR></BR><BR></BR></UP></UP></PRE>
 
 
Output that indicates an interface is not running might mean a problem with that interface. In this case, see the <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A>.
 
 


<A class name="netstat"></A>==netstat Command==


The <A href="http://XXX/sun/commands/netstat.html">netstat</A> command generates displays that show network status and protocol statistics. You can display the status of <A href="http://XXX/network/index.html#TCP">TCP</A> and <A href="http://XXX/network/index.html#UDP">UDP</A> endpoints in table format, routing table information, and interface information.


</P></LI></FONT></OL>
<A href="http://XXX/sun/commands/netstat.html">netstat</A> displays various types of network data depending on the command <A href="http://XXX/sun/commands/line.html">line</A> option selected. These displays are the most useful for system administration. The syntax for this form is:




<P><FONT class="grey2"> </FONT></P>
<P> </P><HR></HR>
<FONT class="grey2"><A class name="netstat"></A></FONT><H2><FONT class="grey2">netstat Command</FONT></H2>


<P><FONT class="grey2">The <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> command generates displays that show network status and protocol statistics. You can display the status of <A href="http://esbinfo:8090/network/index.html#TCP">TCP</A> and <A href="http://esbinfo:8090/network/index.html#UDP">UDP</A> endpoints in table format, routing table information, and interface information.
<A href="http://XXX/sun/commands/netstat.html">netstat</A> [-m] [-n] [-s] [-i | -r] [-f address_family]


</FONT></P><P><FONT class="grey2"><A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> displays various types of network data depending on the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A> option selected. These displays are the most useful for system administration. The syntax for this form is:


The most frequently used options for determining network status are: s, r, and i. See the <A href="http://XXX/sun/commands/netstat.html">netstat</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A> for a description of the options.


</FONT></P><P> </P><BLOCKQUOTE>
<FONT class="grey2"><A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> [-m] [-n] [-s] [-i | -r] [-f address_family]
</FONT></BLOCKQUOTE>


<P><FONT class="grey2">The most frequently used options for determining network status are: s, r, and i. See the <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A>(1M) <A href="http://esbinfo:8090/sun/commands/man.html">man</A> <A href="http://esbinfo:8090/sun/commands/page.html">page</A> for a description of the options.






===How to Display Statistics by Protocol===


</FONT></P><P><FONT class="grey2"> </FONT></P>
The <A href="http://XXX/sun/commands/netstat.html">netstat</A> -s option displays per protocol statistics for the <A href="http://XXX/network/index.html#UDP">UDP</A>, <A href="http://XXX/network/index.html#TCP">TCP</A>, <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A>, and IP <A href="http://XXX/pages/commands/protocols.html">protocols</A>.
<H3><FONT class="grey2">How to Display Statistics by Protocol</FONT></H3>


<P><FONT class="grey2">The <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> -s option displays per protocol statistics for the <A href="http://esbinfo:8090/network/index.html#UDP">UDP</A>, <A href="http://esbinfo:8090/network/index.html#TCP">TCP</A>, <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A>, and IP <A href="http://esbinfo:8090/pages/commands/protocols.html">protocols</A>.
On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.


</FONT></P><P><FONT class="grey2">On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type the following command.




</FONT></P><P> </P><BLOCKQUOTE>


<FONT class="grey2">% <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> -s
% <A href="http://XXX/sun/commands/netstat.html">netstat</A> -s
</FONT></BLOCKQUOTE>
<FONT class="grey2">


</FONT><P><FONT class="grey2">The result resembles the display shown in the example below. (Parts of the output have been truncated.) The information can indicate areas where a protocol is having problems. For example, statistical information from <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> can indicate where this protocol has found errors.




</FONT></P><P> </P><BLOCKQUOTE>
The result resembles the display shown in the example below. (Parts of the output have been truncated.) The information can indicate areas where a protocol is having problems. For example, statistical information from <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> can indicate where this protocol has found errors.
<PRE><FONT class="grey2"><A href="http://esbinfo:8090/network/index.html#UDP">UDP</A><BR></BR>      udpInDatagrams      =  39228    udpOutDatagrams    =  2455  <BR></BR>      udpInErrors        =    0<BR></BR> <A href="http://esbinfo:8090/network/index.html#TCP">TCP</A><BR></BR><BR></BR>      tcpRtoAlgorithm    =    4      tcpMaxConn          =    -1<BR></BR>      tcpRtoMax          = 60000      tcpPassiveOpens    =    2<BR></BR>      tcpActiveOpens      =    4      tcpEstabResets      =    1<BR></BR>      tcpAttemptFails    =    3      tcpOutSegs          =  315<BR></BR>  .<BR></BR>  .<BR></BR>IP<BR></BR>      ipForwarding        =    2      ipDefaultTTL        =  255<BR></BR>      ipInReceives        =  4518      ipInHdrErrors      =    0<BR></BR>  .<BR></BR>  . <BR></BR><A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A><BR></BR>      icmpInMsgs          =    0      icmpInErrors        =    0<BR></BR>      icmpInCksumErrs    =    0      icmpInUnknowns      =    0<BR></BR>  .<BR></BR>  . <BR></BR> <A href="http://esbinfo:8090/docu/multicast.html#IGMP">IGMP</A>:<BR></BR> 0 messages received<BR></BR>0 messages received with too few bytes<BR></BR>0 messages received with bad checksum<BR></BR>0 membership queries received<BR></BR>0 membership queries received with invalid field(s)<BR></BR>0 membership reports received<BR></BR>0 membership reports received with invalid field(s)<BR></BR>0 membership reports received for <A href="http://esbinfo:8090/pages/commands/groups.html">groups</A> to which we belong<BR></BR>0 membership reports sent<BR></BR></FONT></PRE>
</BLOCKQUOTE>
<FONT class="grey2">




</FONT><P><FONT class="grey2"> </FONT></P>
<H3><FONT class="grey2">How to Display Network Interface Status</FONT></H3>


<P><FONT class="grey2">The i option of <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> shows the state of the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interfaces</A> that are configured with the machine where you ran the command.  On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type the following command:
<PRE><A href="http://XXX/network/index.html#UDP">UDP</A><BR></BR>      udpInDatagrams      =  39228    udpOutDatagrams    =  2455  <BR></BR>      udpInErrors        =    0<BR></BR> <A href="http://XXX/network/index.html#TCP">TCP</A><BR></BR><BR></BR>      tcpRtoAlgorithm    =    4      tcpMaxConn          =    -1<BR></BR>      tcpRtoMax          = 60000      tcpPassiveOpens    =    2<BR></BR>      tcpActiveOpens      =    4      tcpEstabResets      =    1<BR></BR>      tcpAttemptFails    =    3      tcpOutSegs          =  315<BR></BR>  .<BR></BR>  .<BR></BR>IP<BR></BR>      ipForwarding        =    2      ipDefaultTTL        =  255<BR></BR>      ipInReceives        =  4518      ipInHdrErrors      =    0<BR></BR>  .<BR></BR>  . <BR></BR><A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A><BR></BR>      icmpInMsgs          =    0      icmpInErrors        =    0<BR></BR>      icmpInCksumErrs    =    0      icmpInUnknowns      =    0<BR></BR>  .<BR></BR>  . <BR></BR> <A href="http://XXX/docu/multicast.html#IGMP">IGMP</A>:<BR></BR> 0 messages received<BR></BR>0 messages received with too few bytes<BR></BR>0 messages received with bad checksum<BR></BR>0 membership queries received<BR></BR>0 membership queries received with invalid field(s)<BR></BR>0 membership reports received<BR></BR>0 membership reports received with invalid field(s)<BR></BR>0 membership reports received for <A href="http://XXX/pages/commands/groups.html">groups</A> to which we belong<BR></BR>0 membership reports sent<BR></BR></PRE>




</FONT></P><P> </P><BLOCKQUOTE>
<FONT class="grey2">% <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> -i
</FONT></BLOCKQUOTE>
<FONT class="grey2">




</FONT><P><FONT class="grey2">Here is a sample display produced by <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> -i:


===How to Display Network Interface Status===


The i option of <A href="http://XXX/sun/commands/netstat.html">netstat</A> shows the state of the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interfaces</A> that are configured with the machine where you ran the command.  On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command:


</FONT></P><P> </P><BLOCKQUOTE>
<PRE><FONT class="grey2">Name Mtu  Net/Dest    Address  Ipkts    Ierrs Opkts    Oerrs  Collis  Queue<BR></BR>le0  1500 b5-spd-2f-cm tatra    14093893 8492  10174659 1119  2314178  0<BR></BR>lo0  8232 loopback    localhost 92997622 5442  12451748 0      775125    0<BR></BR></FONT></PRE>
</BLOCKQUOTE>
<FONT class="grey2">


</FONT><P><FONT class="grey2">Using this display, you can <A href="http://esbinfo:8090/sun/commands/find.html">find</A> out how many packets a machine thinks it has transmitted and received on each network. For example, the input packet count (Ipkts) displayed for a server can increase each time a client tries to <A href="http://esbinfo:8090/pages/commands/boot.html">boot</A>, while the output packet count (Opkts) remains steady. This suggests that the server is seeing the <A href="http://esbinfo:8090/pages/commands/boot.html">boot</A> request packets from the client, but does not realize it is supposed to respond to them. This might be caused by an incorrect address in the <A href="http://esbinfo:8090/sun/commands/hosts.html">hosts</A>, ipnodes, or <A href="http://esbinfo:8090/pages/commands/ethers.html">ethers</A> database.


% <A href="http://XXX/sun/commands/netstat.html">netstat</A> -i


</FONT></P><P><FONT class="grey2">On the other hand, if the input packet count is steady over time, it means that the machine does not see the packets at all. This suggests a different type of failure, possibly a hardware problem.




</FONT></P><P><FONT class="grey2"> </FONT></P>
<H3><FONT class="grey2">How to Display Routing Table Status</FONT></H3>


<P><FONT class="grey2">The -r option of <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> displays the IP routing table.  On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type the following command.
Here is a sample display produced by <A href="http://XXX/sun/commands/netstat.html">netstat</A> -i:




</FONT></P><P> </P><BLOCKQUOTE>
<FONT class="grey2">% <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> -r
</FONT></BLOCKQUOTE>


<FONT class="grey2">


</FONT><P><FONT class="grey2">Here is a sample display produced by <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> -r run on machine tenere:
<PRE>Name Mtu  Net/Dest    Address  Ipkts    Ierrs Opkts    Oerrs  Collis  Queue<BR></BR>le0  1500 b5-spd-2f-cm tatra    14093893 8492  10174659 1119  2314178  0<BR></BR>lo0  8232 loopback    localhost 92997622 5442  12451748 0      775125    0<BR></BR></PRE>




</FONT></P><P> </P><BLOCKQUOTE>
<PRE><FONT class="grey2">Routing tables<BR></BR>Destination  Gateway Flags Refcnt Use  Interface<BR></BR>temp8milptp  elvis  UGH  0      0 <BR></BR>irmcpeb1-ptp0 elvis  UGH  0      0 <BR></BR>route93-ptp0  speed  UGH  0      0 <BR></BR>mtvb9-ptp0    speed  UGH  0      0 <BR></BR>              .<BR></BR>mtnside      speed  UG    1      567 <BR></BR>ray-net      speed  UG    0      0 <BR></BR>mtnside-eng  speed  UG    0      36 <BR></BR>mtnside-eng  speed  UG    0      558 <BR></BR>mtnside-eng  tenere  U    33    190248  le0<BR></BR></FONT></PRE>
</BLOCKQUOTE>
<FONT class="grey2">


</FONT><P><FONT class="grey2">The first column shows the destination network, the second the <A href="http://esbinfo:8090/sun/planning.html#routers">router</A> through which packets are forwarded. The U flag indicates that the <A href="http://esbinfo:8090/sun/commands/route.html">route</A> is up; the G flag indicates that the route is to a <A href="http://esbinfo:8090/pages/commands/gateway.html">gateway</A>. The H flag indicates that the destination is a fully qualified <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> address, rather than a network.
Using this display, you can <A href="http://XXX/sun/commands/find.html">find</A> out how many packets a machine thinks it has transmitted and received on each network. For example, the input packet count (Ipkts) displayed for a server can increase each time a client tries to <A href="http://XXX/pages/commands/boot.html">boot</A>, while the output packet count (Opkts) remains steady. This suggests that the server is seeing the <A href="http://XXX/pages/commands/boot.html">boot</A> request packets from the client, but does not realize it is supposed to respond to them. This might be caused by an incorrect address in the <A href="http://XXX/sun/commands/hosts.html">hosts</A>, ipnodes, or <A href="http://XXX/pages/commands/ethers.html">ethers</A> database.




</FONT></P><P><FONT class="grey2">The Refcnt column shows the number of active uses per <A href="http://esbinfo:8090/sun/commands/route.html">route</A>, and the Use column shows the number of packets sent per <A href="http://esbinfo:8090/sun/commands/route.html">route</A>. Finally, the Interface column shows the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interface</A> that the <A href="http://esbinfo:8090/sun/commands/route.html">route</A> uses.
On the other hand, if the input packet count is steady over time, it means that the machine does not see the packets at all. This suggests a different type of failure, possibly a hardware problem.






</FONT></P><P><FONT class="grey2"> </FONT></P>
===How to Display Routing Table Status===
<P> </P><HR></HR>
<FONT class="grey2"><A class name="log"></A></FONT><H2><FONT class="grey2">How to Log Network Problems</FONT></H2>


<OL>
The -r option of <A href="http://XXX/sun/commands/netstat.html">netstat</A> displays the IP routing table.  On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.


<P> </P><FONT class="grey2"><LI>Become superuser.


<P> </P></LI><LI>Create a <A href="http://esbinfo:8090/sun/commands/log.html">log</A> file of routing daemon actions by typing the following command at a command <A href="http://esbinfo:8090/sun/commands/line.html">line</A> prompt.
 
% <A href="http://XXX/sun/commands/netstat.html">netstat</A> -r
 
 
 
 
Here is a sample display produced by <A href="http://XXX/sun/commands/netstat.html">netstat</A> -r run on machine tenere:
 
 
 
<PRE>Routing tables<BR></BR>Destination  Gateway Flags Refcnt Use  Interface<BR></BR>temp8milptp  elvis  UGH  0      0 <BR></BR>irmcpeb1-ptp0 elvis  UGH  0      0 <BR></BR>route93-ptp0  speed  UGH  0      0 <BR></BR>mtvb9-ptp0    speed  UGH  0      0 <BR></BR>              .<BR></BR>mtnside      speed  UG    1      567 <BR></BR>ray-net      speed  UG    0      0 <BR></BR>mtnside-eng  speed  UG    0      36 <BR></BR>mtnside-eng  speed  UG    0      558 <BR></BR>mtnside-eng  tenere  U    33    190248  le0<BR></BR></PRE>
 
 
 
The first column shows the destination network, the second the <A href="http://XXX/sun/planning.html#routers">router</A> through which packets are forwarded. The U flag indicates that the <A href="http://XXX/sun/commands/route.html">route</A> is up; the G flag indicates that the route is to a <A href="http://XXX/pages/commands/gateway.html">gateway</A>. The H flag indicates that the destination is a fully qualified <A href="http://XXX/sun/config.html#hosts">host</A> address, rather than a network.
 
 
The Refcnt column shows the number of active uses per <A href="http://XXX/sun/commands/route.html">route</A>, and the Use column shows the number of packets sent per <A href="http://XXX/sun/commands/route.html">route</A>. Finally, the Interface column shows the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interface</A> that the <A href="http://XXX/sun/commands/route.html">route</A> uses.
 
 
 
 
 
<A class name="log"></A>==How to Log Network Problems==
 
*Become superuser.
 
*Create a <A href="http://XXX/sun/commands/log.html">log</A> file of routing daemon actions by typing the following command at a command <A href="http://XXX/sun/commands/line.html">line</A> prompt.
 




<P> </P><BLOCKQUOTE>
# /usr/sbin/in.routed /var/logfilename
# /usr/sbin/in.routed /var/logfilename
</BLOCKQUOTE>
<P>Caution: On a busy network, this can generate almost continuous output.




</P></LI></FONT></OL>
Caution: On a busy network, this can generate almost continuous output.




<A class name="packet"></A>==Displaying Packet Contents==


<P><FONT class="grey2"> </FONT></P>
You can use <A href="http://XXX/sun/commands/snoop.html">snoop</A> to capture network packets and display their contents. Packets can be displayed as soon as they are received, or saved to a file. When snoop writes to an intermediate file, packet loss under busy trace conditions is unlikely. snoop itself is then used to interpret the file. For information about using the snoop command, <A href="http://XXX/sun/commands/refer.html">refer</A> to the <A href="http://XXX/sun/commands/snoop.html">snoop</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A>.
<P> </P><HR></HR>
<FONT class="grey2"><A class name="packet"></A></FONT><H2><FONT class="grey2">Displaying Packet Contents</FONT></H2>


<P><FONT class="grey2">You can use <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> to capture network packets and display their contents. Packets can be displayed as soon as they are received, or saved to a file. When snoop writes to an intermediate file, packet loss under busy trace conditions is unlikely. snoop itself is then used to interpret the file. For information about using the snoop command, <A href="http://esbinfo:8090/sun/commands/refer.html">refer</A> to the <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A>(1M) <A href="http://esbinfo:8090/sun/commands/man.html">man</A> <A href="http://esbinfo:8090/sun/commands/page.html">page</A>.


The <A href="http://XXX/sun/commands/snoop.html">snoop</A> command must be run by root (#) to capture packets to and from the default interface in <A href="http://www.skywayradio.com/tech/network/network_interface.html#promiscuous">promiscuous mode</A>. In summary form, only the data pertaining to the highest-level protocol is displayed. For example, an NFS packet only displays NFS information. The underlying RPC, <A href="http://XXX/network/index.html#UDP">UDP</A>, IP, and Ethernet frame information is suppressed but can be displayed if either of the verbose options is chosen.


</FONT></P><P><FONT class="grey2">The <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> command must be run by root (#) to capture packets to and from the default interface in <A href="http://www.skywayradio.com/tech/network/network_interface.html#promiscuous">promiscuous mode</A>. In summary form, only the data pertaining to the highest-level protocol is displayed. For example, an NFS packet only displays NFS information. The underlying RPC, <A href="http://esbinfo:8090/network/index.html#UDP">UDP</A>, IP, and Ethernet frame information is suppressed but can be displayed if either of the verbose options is chosen.
The <A href="http://XXX/sun/commands/snoop.html">snoop</A> capture file format is described in RFC 1761. To access, use your favorite web browser with the URL: http://ds.internic.net/rfc/rfc1761.txt.


</FONT></P><P><FONT class="grey2">The <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> capture file format is described in RFC 1761. To access, use your favorite web browser with the URL: http://ds.internic.net/rfc/rfc1761.txt.
<A href="http://XXX/sun/commands/snoop.html">snoop</A> server client <A href="http://XXX/pages/commands/rpc.html">rpc</A> rstatd collects all RPC traffic between a client and server, and filters it for rstatd.


</FONT></P><P><FONT class="grey2"><A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> server client <A href="http://esbinfo:8090/pages/commands/rpc.html">rpc</A> rstatd collects all RPC traffic between a client and server, and filters it for rstatd.




Line 341: Line 308:




</FONT></P><P><FONT class="grey2"> </FONT></P>
===How to Check All Packets from Your System===
<H3><FONT class="grey2">How to Check All Packets from Your System</FONT></H3>


<OL>
*Become superuser.
<P> </P><FONT class="grey2"><LI>Become superuser.


<P> </P></LI><LI>Type the following command at the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A> prompt to <A href="http://esbinfo:8090/sun/commands/find.html">find</A> the interfaces attached to the system.
*Type the following command at the command <A href="http://XXX/sun/commands/line.html">line</A> prompt to <A href="http://XXX/sun/commands/find.html">find</A> the interfaces attached to the system.




<P> </P><BLOCKQUOTE>
# <A href="http://esbinfo:8090/sun/commands/netstat.html">netstat</A> -i


</BLOCKQUOTE>
# <A href="http://XXX/sun/commands/netstat.html">netstat</A> -i




<P>Snoop normally uses the first non-loopback device (le0).


</P><P> </P></LI><LI>Type <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A>.  Use Ctl-C to <A href="http://esbinfo:8090/pages/commands/halt.html">halt</A> the process.


<P> </P><BLOCKQUOTE>
Snoop normally uses the first non-loopback device (le0).
<PRE># <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A><BR></BR>Using device /dev/le (<A href="http://www.skywayradio.com/tech/network/network_interface.html#promiscuous">promiscuous mode</A>)<BR></BR>    maupiti -> atlantic-82  NFS C GETATTR FH=0343<BR></BR> atlantic-82 -> maupiti      NFS R GETATTR OK<BR></BR>    maupiti -> atlantic-82  NFS C GETATTR FH=D360<BR></BR> atlantic-82 -> maupiti      NFS R GETATTR OK<BR></BR>    maupiti -> atlantic-82  NFS C GETATTR FH=1A18<BR></BR> atlantic-82 -> maupiti      NFS R GETATTR OK<BR></BR>    maupiti -> (broadcast)  ARP C Who is 120.146.82.36, npmpk17a-82 ?<BR></BR><BR></BR></PRE>
</BLOCKQUOTE>


*Type <A href="http://XXX/sun/commands/snoop.html">snoop</A>.  Use Ctl-C to <A href="http://XXX/pages/commands/halt.html">halt</A> the process.


<P> </P></LI><LI> Interpret the results.


<P>In the example, client maupiti transmits to server atlantic-82 using NFS file handle 0343. atlantic-82 acknowledges with OK. The conversation continues until maupiti broadcasts an ARP request asking who is 120.146.82.36?
<PRE># <A href="http://XXX/sun/commands/snoop.html">snoop</A><BR></BR>Using device /dev/le (<A href="http://www.skywayradio.com/tech/network/network_interface.html#promiscuous">promiscuous mode</A>)<BR></BR>    maupiti -> atlantic-82 NFS C GETATTR FH=0343<BR></BR> atlantic-82 -> maupiti      NFS R GETATTR OK<BR></BR>    maupiti -> atlantic-82  NFS C GETATTR FH=D360<BR></BR> atlantic-82 -> maupiti      NFS R GETATTR OK<BR></BR>    maupiti -> atlantic-82  NFS C GETATTR FH=1A18<BR></BR> atlantic-82 -> maupiti      NFS R GETATTR OK<BR></BR>    maupiti -> (broadcast)  ARP C Who is 120.146.82.36, npmpk17a-82 ?<BR></BR><BR></BR></PRE>


</P><P>This example demonstrates the format of <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A>. The next step is to filter <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> to capture packets to a file.


</P><P>Interpret the capture file using details described in RFC 1761. To access, use your favorite web browser with the URL: http://ds.internic.net/rfc/rfc1761.txt


</P></LI></FONT></OL>
* Interpret the results.


In the example, client maupiti transmits to server atlantic-82 using NFS file handle 0343. atlantic-82 acknowledges with OK. The conversation continues until maupiti broadcasts an ARP request asking who is 120.146.82.36?


<P><FONT class="grey2"> </FONT></P>
This example demonstrates the format of <A href="http://XXX/sun/commands/snoop.html">snoop</A>. The next step is to filter <A href="http://XXX/sun/commands/snoop.html">snoop</A> to capture packets to a file.


<H3><FONT class="grey2">How to Capture <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> Results to a File</FONT></H3>
Interpret the capture file using details described in RFC 1761. To access, use your favorite web browser with the URL: http://ds.internic.net/rfc/rfc1761.txt


<OL>


<P> </P><FONT class="grey2"><LI>Become superuser.
===How to Capture <A href="http://XXX/sun/commands/snoop.html">snoop</A> Results to a File===


On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type the following command.


*Become superuser.


<P> </P><BLOCKQUOTE>
On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.
# <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> -o <A href="http://www.skywayradio.com/tech/ebooks/unix/upt/Filenames.html">filename</A>


</BLOCKQUOTE>




<P>For example:
# <A href="http://XXX/sun/commands/snoop.html">snoop</A> -o <A href="http://www.skywayradio.com/tech/ebooks/unix/upt/Filenames.html">filename</A>




</P><P> </P><BLOCKQUOTE>
<PRE># <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> -o /tmp/cap<BR></BR>Using device /dev/le (<A href="http://www.skywayradio.com/tech/network/network_interface.html#promiscuous">promiscuous mode</A>)<BR></BR>30 <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A>: 30 packets captured<BR></BR></PRE>
</BLOCKQUOTE>




<P>This has captured 30 packets in a file /tmp/cap. The file can be anywhere with enough disk space. The number of packets captured is displayed on the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, enabling you to press Ctl-C to abort at any time.
For example:




</P><P><A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> creates a noticeable networking load on the <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> machine, which can distort the results. To see reality at work, run <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> from a third system, (see the next section).


</P><P>On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type the following command to inspect the file.
<PRE># <A href="http://XXX/sun/commands/snoop.html">snoop</A> -o /tmp/cap<BR></BR>Using device /dev/le (<A href="http://www.skywayradio.com/tech/network/network_interface.html#promiscuous">promiscuous mode</A>)<BR></BR>30 <A href="http://XXX/sun/commands/snoop.html">snoop</A>: 30 packets captured<BR></BR></PRE>




</P><P> </P><BLOCKQUOTE>
# <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> -i <A href="http://www.skywayradio.com/tech/ebooks/unix/upt/Filenames.html">filename</A>


</BLOCKQUOTE>
This has captured 30 packets in a file /tmp/cap. The file can be anywhere with enough disk space. The number of packets captured is displayed on the command <A href="http://XXX/sun/commands/line.html">line</A>, enabling you to press Ctl-C to abort at any time.




<P>For example:
<A href="http://XXX/sun/commands/snoop.html">snoop</A> creates a noticeable networking load on the <A href="http://XXX/sun/config.html#hosts">host</A> machine, which can distort the results. To see reality at work, run <A href="http://XXX/sun/commands/snoop.html">snoop</A> from a third system, (see the next section).


On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command to inspect the file.


</P><P> </P><BLOCKQUOTE>
<PRE># <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> -i /tmp/cap<BR></BR> 1  0.00000 frmpk17b-082 -> 224.0.0.2    IP  D=224.0.0.2 S=129.146.82.1 LEN=32, ID=0<BR></BR>2  0.56104        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>3  0.16742  atlantic-82 -> (broadcast)  ARP C Who is 129.146.82.76, honeybea ?<BR></BR>4  0.77247        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>5  0.80532 frmpk17b-082 -> (broadcast)  ARP C Who is 129.146.82.92, holmes ?<BR></BR>6  0.13462        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>7  0.94003        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>8  0.93992        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>9  0.60887        towel -> (broadcast)  ARP C Who is 129.146.82.35, udmpk17b-82 ?<BR></BR>10 0.86691  nimpk17a-82 -> 129.146.82.255 RIP R (1 destinations)<BR></BR></PRE>
</BLOCKQUOTE>




<P>Refer to specific protocol documentation for detailed analysis and recommended parameters for ARP, IP, RIP and so forth. Searching the Web is a good place to <A href="http://esbinfo:8090/sun/commands/look.html">look</A> at RFCs.
# <A href="http://XXX/sun/commands/snoop.html">snoop</A> -i <A href="http://www.skywayradio.com/tech/ebooks/unix/upt/Filenames.html">filename</A>


</P></LI></FONT></OL>




<P><FONT class="grey2"> </FONT></P>
<H3><FONT class="grey2">How to Check Packets Between Server and Client</FONT></H3>
<FONT class="grey2">Establish a <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> system off a hub connected to either the client or server.


</FONT><P><FONT class="grey2">The third system (the <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> system) sees all the intervening traffic, so the snoop trace reflects reality on the wire.
For example:


</FONT></P><OL>
<P> </P><FONT class="grey2"><LI>Become superuser.


<P> </P></LI><LI>On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> with options and save to a file.


<PRE># <A href="http://XXX/sun/commands/snoop.html">snoop</A> -i /tmp/cap<BR></BR> 1  0.00000 frmpk17b-082 -> 224.0.0.2    IP  D=224.0.0.2 S=129.146.82.1 LEN=32, ID=0<BR></BR>2  0.56104        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>3  0.16742  atlantic-82 -> (broadcast)  ARP C Who is 129.146.82.76, honeybea ?<BR></BR>4  0.77247        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>5  0.80532 frmpk17b-082 -> (broadcast)  ARP C Who is 129.146.82.92, holmes ?<BR></BR>6  0.13462        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>7  0.94003        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>8  0.93992        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>9  0.60887        towel -> (broadcast)  ARP C Who is 129.146.82.35, udmpk17b-82 ?<BR></BR>10 0.86691  nimpk17a-82 -> 129.146.82.255 RIP R (1 destinations)<BR></BR></PRE>


<P> </P></LI><LI>Inspect and interpret results.


<P>Look at RFC 1761 for details of the <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> capture file. To access, use your favorite web browser with the URL: http://ds.internic.net/rfc/rfc1761.txt


</P><P>Use <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A> frequently and consistently to get a feel for normal system behavior. For assistance in analyzing packets, <A href="http://esbinfo:8090/sun/commands/look.html">look</A> for recent white papers and RFCs, and seek the advice of an expert in a particular area, such as NFS or YP. For details on using snoop and its options, <A href="http://esbinfo:8090/sun/commands/refer.html">refer</A> to the <A href="http://esbinfo:8090/sun/commands/snoop.html">snoop</A>(1M) <A href="http://esbinfo:8090/sun/commands/man.html">man</A> <A href="http://esbinfo:8090/sun/commands/page.html">page</A>.
Refer to specific protocol documentation for detailed analysis and recommended parameters for ARP, IP, RIP and so forth. Searching the Web is a good place to <A href="http://XXX/sun/commands/look.html">look</A> at RFCs.


===How to Check Packets Between Server and Client===


</P></LI></FONT></OL>
Establish a <A href="http://XXX/sun/commands/snoop.html">snoop</A> system off a hub connected to either the client or server.


The third system (the <A href="http://XXX/sun/commands/snoop.html">snoop</A> system) sees all the intervening traffic, so the snoop trace reflects reality on the wire.


*Become superuser.
*On the command <A href="http://XXX/sun/commands/line.html">line</A>, type <A href="http://XXX/sun/commands/snoop.html">snoop</A> with options and save to a file.
*Inspect and interpret results.


<P><FONT class="grey2"> </FONT></P>
Look at RFC 1761 for details of the <A href="http://XXX/sun/commands/snoop.html">snoop</A> capture file. To access, use your favorite web browser with the URL: http://ds.internic.net/rfc/rfc1761.txt
<P> </P><HR></HR>
<FONT class="grey2"><A class name="routing"></A></FONT><H2><FONT class="grey2">Displaying Routing Information</FONT></H2>


<P><FONT class="grey2">Use the <A href="http://esbinfo:8090/sun/commands/traceroute.html">traceroute</A> utility to trace the <A href="http://esbinfo:8090/sun/commands/route.html">route</A> an IP packet follows to some internet <A href="http://esbinfo:8090/sun/config.html#hosts">host</A>. The traceroute utility utilizes the IP protocol  time(to live) ttl field and attempts to elicit an <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> TIME_EXCEEDED response from each <A href="http://esbinfo:8090/pages/commands/gateway.html">gateway</A> along the path, and the response PORT_UNREACHABLE (or <A href="http://www.skywayradio.com/tech/ebooks/networking/tshoot/ch03_03.htm">ECHO_REPLY</A>) from the destination host. The traceroute utility starts sending probes with a ttl of one and increases by one until it gets to the intended <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> or has passed through a maximum number of intermediate <A href="http://esbinfo:8090/sun/commands/hosts.html">hosts</A>.
Use <A href="http://XXX/sun/commands/snoop.html">snoop</A> frequently and consistently to get a feel for normal system behavior. For assistance in analyzing packets, <A href="http://XXX/sun/commands/look.html">look</A> for recent white papers and RFCs, and seek the advice of an expert in a particular area, such as NFS or YP. For details on using snoop and its options, <A href="http://XXX/sun/commands/refer.html">refer</A> to the <A href="http://XXX/sun/commands/snoop.html">snoop</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A>.




</FONT></P><P><FONT class="grey2">The <A href="http://esbinfo:8090/sun/commands/traceroute.html">traceroute</A> utility is especially useful for determining routing misconfiguration and routing path failures. If a particular <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> is unreachable, you can use the traceroute utility to see what path the packet follows to the intended host and where possible failures might occur.
<A class name="routing"></A>==Displaying Routing Information==


</FONT></P><P><FONT class="grey2">The <A href="http://esbinfo:8090/sun/commands/traceroute.html">traceroute</A> utility also displays the round trip time for each <A href="http://esbinfo:8090/pages/commands/gateway.html">gateway</A> along the path to the target <A href="http://esbinfo:8090/sun/config.html#hosts">host</A>. This information can be useful for analyzing where traffic is slow between the two <A href="http://esbinfo:8090/sun/commands/hosts.html">hosts</A>.
Use the <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> utility to trace the <A href="http://XXX/sun/commands/route.html">route</A> an IP packet follows to some internet <A href="http://XXX/sun/config.html#hosts">host</A>. The traceroute utility utilizes the IP protocol  time(to live) ttl field and attempts to elicit an <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> TIME_EXCEEDED response from each <A href="http://XXX/pages/commands/gateway.html">gateway</A> along the path, and the response PORT_UNREACHABLE (or <A href="http://www.skywayradio.com/tech/ebooks/networking/tshoot/ch03_03.htm">ECHO_REPLY</A>) from the destination host. The traceroute utility starts sending probes with a ttl of one and increases by one until it gets to the intended <A href="http://XXX/sun/config.html#hosts">host</A> or has passed through a maximum number of intermediate <A href="http://XXX/sun/commands/hosts.html">hosts</A>.




The <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> utility is especially useful for determining routing misconfiguration and routing path failures. If a particular <A href="http://XXX/sun/config.html#hosts">host</A> is unreachable, you can use the traceroute utility to see what path the packet follows to the intended host and where possible failures might occur.


</FONT></P><P><FONT class="grey2"> </FONT></P>
The <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> utility also displays the round trip time for each <A href="http://XXX/pages/commands/gateway.html">gateway</A> along the path to the target <A href="http://XXX/sun/config.html#hosts">host</A>. This information can be useful for analyzing where traffic is slow between the two <A href="http://XXX/sun/commands/hosts.html">hosts</A>.
<H3><FONT class="grey2">How to Run the Traceroute Utility</FONT></H3>


<P><FONT class="grey2">On the command <A href="http://esbinfo:8090/sun/commands/line.html">line</A>, type the following command.




</FONT></P><P> </P><BLOCKQUOTE>
<FONT class="grey2">% <A href="http://esbinfo:8090/sun/commands/traceroute.html">traceroute</A> destination-hostname
</FONT></BLOCKQUOTE>
<FONT class="grey2">


===How to Run the Traceroute Utility===


On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.


</FONT><P><FONT class="grey2"> </FONT></P>
<H3><FONT class="grey2">Example--traceroute Utility</FONT></H3>


<P><FONT class="grey2">The following sample of the <A href="http://esbinfo:8090/sun/commands/traceroute.html">traceroute</A> command shows the 7-hop path a packet follows from the <A href="http://esbinfo:8090/sun/config.html#hosts">host</A> istanbul to the host sanfrancisco along with the times for a packet to traverse each hop.


% <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> destination-hostname


</FONT></P><P> </P><BLOCKQUOTE>
<PRE><FONT class="grey2">istanbul% <A href="http://esbinfo:8090/sun/commands/traceroute.html">traceroute</A> sanfrancisco<BR></BR> <A href="http://esbinfo:8090/sun/commands/traceroute.html">traceroute</A>: Warning: Multiple interfaces found; using 172.31.86.247 @ le0<BR></BR> <A href="http://esbinfo:8090/sun/commands/traceroute.html">traceroute</A> to sanfrancisco (172.29.64.39), 30 hops max, 40 byte packets<BR></BR>  1  frbldg7c-86 (172.31.86.1)  1.516 ms  1.283 ms  1.362 ms<BR></BR>  2  bldg1a-001 (172.31.1.211)  2.277 ms  1.773 ms  2.186 ms<BR></BR>  3  bldg4-bldg1 (172.30.4.42)  1.978 ms  1.986 ms  13.996 ms<BR></BR>  4  bldg6-bldg4 (172.30.4.49)  2.655 ms  3.042 ms  2.344 ms<BR></BR>  5  ferbldg11a-001 (172.29.1.236)  2.636 ms  3.432 ms  3.830 ms<BR></BR>  6  frbldg12b-153 (172.29.153.72)  3.452 ms  3.146 ms  2.962 ms<BR></BR>  7  sanfrancisco (172.29.64.39)  3.430 ms  3.312 ms  3.451 ms<BR></BR><BR></BR></FONT></PRE>
</BLOCKQUOTE>
<FONT class="grey2">






</FONT><P> </P><HR></HR>


</BLOCKQUOTE>
</BLOCKQUOTE>
<FONT class="grey2">
</FONT><CENTER><FONT class="grey2">
<BR></BR>


===Example -- traceroute Utility===


The following sample of the <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> command shows the 7-hop path a packet follows from the <A href="http://XXX/sun/config.html#hosts">host</A> istanbul to the host sanfrancisco along with the times for a packet to traverse each hop.




</FONT></CENTER><FONT class="grey2">
<PRE>
istanbul% <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> sanfrancisco
<A href="http://XXX/sun/commands/traceroute.html">traceroute</A>: Warning: Multiple interfaces found; using 172.31.86.247 @ le0
<A href="http://XXX/sun/commands/traceroute.html">traceroute</A> to sanfrancisco (172.29.64.39), 30 hops max, 40 byte packets<BR></BR>  1  frbldg7c-86 (172.31.86.1)  1.516 ms  1.283 ms  1.362 ms
  2  bldg1a-001    (172.31.1.211)  2.277 ms  1.773 ms  2.186 ms
  3  bldg4-bldg1    (172.30.4.42)  1.978 ms  1.986 ms  13.996 ms
  4  bldg6-bldg4    (172.30.4.49)  2.655 ms  3.042 ms  2.344 ms
  5  ferbldg11a-001 (172.29.1.236)  2.636 ms  3.432 ms  3.830 ms
  6  frbldg12b-153  (172.29.153.72) 3.452 ms  3.146 ms  2.962 ms
  7  sanfrancisco  (172.29.64.39)  3.430 ms  3.312 ms  3.451 ms
</PRE>


</FONT>
$
</html>

Latest revision as of 15:06, 25 January 2008

Solaris: Network Troubleshooting

Extracted from http://www.skywayradio.com/tech/sun/troubleshooting.html


Overview

One of the first signs of trouble on the network is a loss of communications by one or more <A href="http://XXX/sun/commands/hosts.html">hosts</A>. If a <A href="http://XXX/sun/config.html#hosts">host</A> refuses to come up at all the first time it is added to the network, the problem might lie in one of the configuration files, or in the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interface</A>. If a single host suddenly develops a problem, the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interface</A> might be the cause. If the <A href="http://XXX/sun/commands/hosts.html">hosts</A> on a network can communicate with each other but not with other <A href="http://XXX/pages/commands/networks.html">networks</A>, the problem could lie with the <A href="http://XXX/sun/planning.html#routers">router</A>, or it could lie in another network.


You can use the <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> program to obtain information on <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interfaces</A> and <A href="http://XXX/sun/commands/netstat.html">netstat</A> to display routing tables and protocol statistics. Third-party network diagnostic programs provide a number of troubleshooting utilities. Refer to third-party documentation for information.

Less obvious are the causes of problems that degrade performance on the network. For example, you can use tools like <A href="http://XXX/pages/commands/ping.html">ping</A> to quantify problems like the loss of packets by a <A href="http://XXX/sun/config.html#hosts">host</A>.



<A class name="software"></A>==Running Software Checks==

If the network has trouble, some actions that you can take to diagnose and fix software-related problems include:

*Using the <A href="http://XXX/sun/commands/netstat.html">netstat</A> command to display network information.


*Checking the <A href="http://XXX/sun/commands/hosts.html">hosts</A> database (and ipnodes if you are using <A href="http://www.skywayradio.com/tech/ebooks/networking/dns/ch10_14.htm">IPv6</A>) to make sure that the entries are correct and up to <A href="http://XXX/sun/commands/date.html">date</A>.


*If you are running RARP, checking the Ethernet addresses in the <A href="http://XXX/pages/commands/ethers.html">ethers</A> database to make sure that the entries are correct and up to <A href="http://XXX/sun/commands/date.html">date</A>.


*Trying to connect by <A href="http://XXX/pages/commands/telnet.html">telnet</A> to the local <A href="http://XXX/sun/config.html#hosts">host</A>.


*Ensuring that the network daemon <A href="http://XXX/pages/commands/inetd.html">inetd</A> is running. To do this, <A href="http://XXX/sun/commands/log.html">log</A> in as superuser and type:


  1. <A href="http://XXX/sun/commands/ps.html">ps</A> -ef | <A href="http://XXX/pages/commands/grep.html">grep</A> <A href="http://XXX/pages/commands/inetd.html">inetd</A>


Here is an example of output displayed if the <A href="http://XXX/pages/commands/inetd.html">inetd</A> daemon is running:


root 57 1 0 Apr 04 ? 3:19 /usr/sbin/inetd -s root 4218 4198 0 17:57:23 pts/3 0:00 <A href="http://XXX/pages/commands/grep.html">grep</A> <A href="http://XXX/pages/commands/inetd.html">inetd</A>


<A class name="ping"></A>==ping Command==

Use the <A href="http://XXX/pages/commands/ping.html">ping</A> command to <A href="http://XXX/sun/commands/find.html">find</A> out whether there is IP connectivity to a particular <A href="http://XXX/sun/config.html#hosts">host</A>. The basic syntax is:


/usr/sbin/ping <A href="http://XXX/sun/config.html#hosts">host</A> [timeout]


where <A href="http://XXX/sun/config.html#hosts">host</A> is the host name of the machine in question. The optional timeout argument indicates the time in seconds for <A href="http://XXX/pages/commands/ping.html">ping</A> to keep trying to reach the machine-20 seconds by default. The <A href="http://XXX/pages/commands/ping.html">ping</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A> describes additional syntaxes and options.

When you run <A href="http://XXX/pages/commands/ping.html">ping</A>, the <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> protocol sends a datagram to the <A href="http://XXX/sun/config.html#hosts">host</A> you specify, asking for a response. (<A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> is the protocol responsible for error handling on a TCP/IP network. See ICMP Protocol for details.)



How to Determine if a Host Is Running

On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.


% <A href="http://XXX/pages/commands/ping.html">ping</A> <A href="http://XXX/pages/commands/hostname.html">hostname</A>


If <A href="http://XXX/sun/config.html#hosts">host</A> <A href="http://XXX/pages/commands/hostname.html">hostname</A> is up, this message is displayed:



hostname is alive


This indicates that <A href="http://XXX/pages/commands/hostname.html">hostname</A> responded to the <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> request. However, if <A href="http://XXX/pages/commands/hostname.html">hostname</A> is down or cannot receive the ICMP packets, you receive the following response from <A href="http://XXX/pages/commands/ping.html">ping</A>:



no answer from <A href="http://XXX/pages/commands/hostname.html">hostname</A>



How to Determine if a Host Is Losing Packets

If you suspect that a machine might be losing packets even though it is running, you can use the s option of <A href="http://XXX/pages/commands/ping.html">ping</A> to try to detect the problem. On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.


% <A href="http://XXX/pages/commands/ping.html">ping</A> -s <A href="http://XXX/pages/commands/hostname.html">hostname</A>



<A href="http://XXX/pages/commands/ping.html">ping</A> continually sends packets to <A href="http://XXX/pages/commands/hostname.html">hostname</A> until you send an interrupt character or a timeout occurs. The responses on your screen will resemble:


PING elvis: 56 data bytes<BR></BR>64 bytes from 129.144.50.21: icmp_seq=0. time=80. ms<BR></BR>64 bytes from 129.144.50.21: icmp_seq=1. time=0. ms<BR></BR>64 bytes from 129.144.50.21: icmp_seq=2. time=0. ms<BR></BR>64 bytes from 129.144.50.21: icmp_seq=3. time=0. ms<BR></BR>.<BR></BR>.<BR></BR>.<BR></BR>----elvis PING Statistics----<BR></BR>4 packets transmitted, 4 packets received, 0% packet loss<BR></BR>round-trip (ms) min/avg/max = 0/20/80   <BR></BR>


The packet-loss statistic indicates whether the <A href="http://XXX/sun/config.html#hosts">host</A> has dropped packets.


If <A href="http://XXX/pages/commands/ping.html">ping</A> fails, check the status of the network reported by <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> and <A href="http://XXX/sun/commands/netstat.html">netstat</A>, as described in ifconfig Command and <A href="http://XXX/sun/commands/netstat.html">netstat</A> Command



<A class name="ifconfig"></A>==ifconfig Command==

The <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> command displays information about the configuration of an interface that you specify. (Refer to the <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A> for details.) The syntax of ifconfig is:


<A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> interface-name [protocol_family]



How to Get Information About a Specific Interface

*Become superuser.
*On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.


  1. <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> interface



For an le0 interface, your output resembles the following:


le0: flags=863<UP> mtu 1500<BR></BR>  <A href="http://XXX/sun/commands/inet.html">inet</A> 129.144.44.140 <A href="http://XXX/sun/config.html#netmasks">netmask</A> ffffff00 broadcast 129.144.44.255<BR></BR>ether 8:0:20:8:el:fd<BR></BR></UP>


The flags section just given shows that the interface is configured "up," capable of broadcasting, and not using "trailer" <A href="http://XXX/pages/commands/link.html">link</A> level encapsulation. The mtu field tells you that this interface has a maximum transfer size of 1500 octets. Information on the second <A href="http://XXX/sun/commands/line.html">line</A> includes the IP address of the <A href="http://XXX/sun/config.html#hosts">host</A> you are using, the <A href="http://XXX/sun/config.html#netmasks">netmask</A> being currently used, and the IP broadcast address of the interface. The third line gives the machine address (Ethernet, in this case) of the <A href="http://XXX/sun/config.html#hosts">host</A>.


How to Get Information About All Interfaces on a Network

A useful <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> option is -a, which provides information on all interfaces on your network.

*Become superuser.
*On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.


  1. <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A> -a interface



This produces, for example:


le0:  flags=49<UP> mtu 8232<BR></BR>     <A href="http://XXX/sun/commands/inet.html">inet</A> 127.144.44.140 <A href="http://XXX/sun/config.html#netmasks">netmask</A> ff000000 <BR></BR>le0:flags=863<UP> mtu 1500<BR></BR>     <A href="http://XXX/sun/commands/inet.html">inet</A> 129.144.44.140 <A href="http://XXX/sun/config.html#netmasks">netmask</A> ffffff00 broadcast 129.144.44.255<BR></BR>ether 8:0:20:8:el:fd<BR></BR><BR></BR></UP></UP>


Output that indicates an interface is not running might mean a problem with that interface. In this case, see the <A href="http://XXX/pages/commands/ifconfig.html">ifconfig</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A>.


<A class name="netstat"></A>==netstat Command==

The <A href="http://XXX/sun/commands/netstat.html">netstat</A> command generates displays that show network status and protocol statistics. You can display the status of <A href="http://XXX/network/index.html#TCP">TCP</A> and <A href="http://XXX/network/index.html#UDP">UDP</A> endpoints in table format, routing table information, and interface information.

<A href="http://XXX/sun/commands/netstat.html">netstat</A> displays various types of network data depending on the command <A href="http://XXX/sun/commands/line.html">line</A> option selected. These displays are the most useful for system administration. The syntax for this form is:


<A href="http://XXX/sun/commands/netstat.html">netstat</A> [-m] [-n] [-s] [-i | -r] [-f address_family]


The most frequently used options for determining network status are: s, r, and i. See the <A href="http://XXX/sun/commands/netstat.html">netstat</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A> for a description of the options.



How to Display Statistics by Protocol

The <A href="http://XXX/sun/commands/netstat.html">netstat</A> -s option displays per protocol statistics for the <A href="http://XXX/network/index.html#UDP">UDP</A>, <A href="http://XXX/network/index.html#TCP">TCP</A>, <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A>, and IP <A href="http://XXX/pages/commands/protocols.html">protocols</A>.

On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.



% <A href="http://XXX/sun/commands/netstat.html">netstat</A> -s


The result resembles the display shown in the example below. (Parts of the output have been truncated.) The information can indicate areas where a protocol is having problems. For example, statistical information from <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> can indicate where this protocol has found errors.


<A href="http://XXX/network/index.html#UDP">UDP</A><BR></BR>       udpInDatagrams      =  39228     udpOutDatagrams     =  2455  <BR></BR>      udpInErrors         =     0<BR></BR> <A href="http://XXX/network/index.html#TCP">TCP</A><BR></BR><BR></BR>       tcpRtoAlgorithm     =     4      tcpMaxConn          =    -1<BR></BR>      tcpRtoMax           = 60000      tcpPassiveOpens     =     2<BR></BR>      tcpActiveOpens      =     4      tcpEstabResets      =     1<BR></BR>      tcpAttemptFails     =     3      tcpOutSegs          =   315<BR></BR>   .<BR></BR>   .<BR></BR>IP<BR></BR>       ipForwarding        =     2      ipDefaultTTL        =   255<BR></BR>      ipInReceives        =  4518      ipInHdrErrors       =     0<BR></BR>   .<BR></BR>   . <BR></BR><A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A><BR></BR>       icmpInMsgs          =     0      icmpInErrors        =     0<BR></BR>      icmpInCksumErrs     =     0      icmpInUnknowns      =     0<BR></BR>   .<BR></BR>   . <BR></BR> <A href="http://XXX/docu/multicast.html#IGMP">IGMP</A>:<BR></BR> 0 messages received<BR></BR>0 messages received with too few bytes<BR></BR>0 messages received with bad checksum<BR></BR>0 membership queries received<BR></BR>0 membership queries received with invalid field(s)<BR></BR>0 membership reports received<BR></BR>0 membership reports received with invalid field(s)<BR></BR>0 membership reports received for <A href="http://XXX/pages/commands/groups.html">groups</A> to which we belong<BR></BR>0 membership reports sent<BR></BR>



How to Display Network Interface Status

The i option of <A href="http://XXX/sun/commands/netstat.html">netstat</A> shows the state of the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interfaces</A> that are configured with the machine where you ran the command. On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command:


% <A href="http://XXX/sun/commands/netstat.html">netstat</A> -i



Here is a sample display produced by <A href="http://XXX/sun/commands/netstat.html">netstat</A> -i:



Name Mtu  Net/Dest     Address   Ipkts    Ierrs Opkts    Oerrs  Collis  Queue<BR></BR>le0  1500 b5-spd-2f-cm tatra     14093893 8492  10174659 1119   2314178   0<BR></BR>lo0  8232 loopback     localhost 92997622 5442  12451748 0      775125    0<BR></BR>


Using this display, you can <A href="http://XXX/sun/commands/find.html">find</A> out how many packets a machine thinks it has transmitted and received on each network. For example, the input packet count (Ipkts) displayed for a server can increase each time a client tries to <A href="http://XXX/pages/commands/boot.html">boot</A>, while the output packet count (Opkts) remains steady. This suggests that the server is seeing the <A href="http://XXX/pages/commands/boot.html">boot</A> request packets from the client, but does not realize it is supposed to respond to them. This might be caused by an incorrect address in the <A href="http://XXX/sun/commands/hosts.html">hosts</A>, ipnodes, or <A href="http://XXX/pages/commands/ethers.html">ethers</A> database.


On the other hand, if the input packet count is steady over time, it means that the machine does not see the packets at all. This suggests a different type of failure, possibly a hardware problem.


How to Display Routing Table Status

The -r option of <A href="http://XXX/sun/commands/netstat.html">netstat</A> displays the IP routing table. On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.


% <A href="http://XXX/sun/commands/netstat.html">netstat</A> -r



Here is a sample display produced by <A href="http://XXX/sun/commands/netstat.html">netstat</A> -r run on machine tenere:


Routing tables<BR></BR>Destination   Gateway Flags Refcnt Use   Interface<BR></BR>temp8milptp   elvis   UGH   0      0 <BR></BR>irmcpeb1-ptp0 elvis   UGH   0      0 <BR></BR>route93-ptp0  speed   UGH   0      0 <BR></BR>mtvb9-ptp0    speed   UGH   0      0 <BR></BR>               .<BR></BR>mtnside       speed   UG    1      567 <BR></BR>ray-net       speed   UG    0      0 <BR></BR>mtnside-eng   speed   UG    0      36 <BR></BR>mtnside-eng   speed   UG    0      558 <BR></BR>mtnside-eng   tenere  U     33     190248  le0<BR></BR>


The first column shows the destination network, the second the <A href="http://XXX/sun/planning.html#routers">router</A> through which packets are forwarded. The U flag indicates that the <A href="http://XXX/sun/commands/route.html">route</A> is up; the G flag indicates that the route is to a <A href="http://XXX/pages/commands/gateway.html">gateway</A>. The H flag indicates that the destination is a fully qualified <A href="http://XXX/sun/config.html#hosts">host</A> address, rather than a network.


The Refcnt column shows the number of active uses per <A href="http://XXX/sun/commands/route.html">route</A>, and the Use column shows the number of packets sent per <A href="http://XXX/sun/commands/route.html">route</A>. Finally, the Interface column shows the <A href="http://www.skywayradio.com/tech/network/network_interface.html">network interface</A> that the <A href="http://XXX/sun/commands/route.html">route</A> uses.



<A class name="log"></A>==How to Log Network Problems==

*Become superuser.
*Create a <A href="http://XXX/sun/commands/log.html">log</A> file of routing daemon actions by typing the following command at a command <A href="http://XXX/sun/commands/line.html">line</A> prompt.


  1. /usr/sbin/in.routed /var/logfilename


Caution: On a busy network, this can generate almost continuous output.


<A class name="packet"></A>==Displaying Packet Contents==

You can use <A href="http://XXX/sun/commands/snoop.html">snoop</A> to capture network packets and display their contents. Packets can be displayed as soon as they are received, or saved to a file. When snoop writes to an intermediate file, packet loss under busy trace conditions is unlikely. snoop itself is then used to interpret the file. For information about using the snoop command, <A href="http://XXX/sun/commands/refer.html">refer</A> to the <A href="http://XXX/sun/commands/snoop.html">snoop</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A>.


The <A href="http://XXX/sun/commands/snoop.html">snoop</A> command must be run by root (#) to capture packets to and from the default interface in <A href="http://www.skywayradio.com/tech/network/network_interface.html#promiscuous">promiscuous mode</A>. In summary form, only the data pertaining to the highest-level protocol is displayed. For example, an NFS packet only displays NFS information. The underlying RPC, <A href="http://XXX/network/index.html#UDP">UDP</A>, IP, and Ethernet frame information is suppressed but can be displayed if either of the verbose options is chosen.

The <A href="http://XXX/sun/commands/snoop.html">snoop</A> capture file format is described in RFC 1761. To access, use your favorite web browser with the URL: http://ds.internic.net/rfc/rfc1761.txt.

<A href="http://XXX/sun/commands/snoop.html">snoop</A> server client <A href="http://XXX/pages/commands/rpc.html">rpc</A> rstatd collects all RPC traffic between a client and server, and filters it for rstatd.




How to Check All Packets from Your System

*Become superuser.
*Type the following command at the command <A href="http://XXX/sun/commands/line.html">line</A> prompt to <A href="http://XXX/sun/commands/find.html">find</A> the interfaces attached to the system.


  1. <A href="http://XXX/sun/commands/netstat.html">netstat</A> -i



Snoop normally uses the first non-loopback device (le0).

*Type <A href="http://XXX/sun/commands/snoop.html">snoop</A>.  Use Ctl-C to <A href="http://XXX/pages/commands/halt.html">halt</A> the process.


# <A href="http://XXX/sun/commands/snoop.html">snoop</A><BR></BR>Using device /dev/le (<A href="http://www.skywayradio.com/tech/network/network_interface.html#promiscuous">promiscuous mode</A>)<BR></BR>     maupiti -> atlantic-82  NFS C GETATTR FH=0343<BR></BR> atlantic-82 -> maupiti      NFS R GETATTR OK<BR></BR>     maupiti -> atlantic-82  NFS C GETATTR FH=D360<BR></BR> atlantic-82 -> maupiti      NFS R GETATTR OK<BR></BR>     maupiti -> atlantic-82  NFS C GETATTR FH=1A18<BR></BR> atlantic-82 -> maupiti      NFS R GETATTR OK<BR></BR>     maupiti -> (broadcast)  ARP C Who is 120.146.82.36, npmpk17a-82 ?<BR></BR><BR></BR>


* Interpret the results.

In the example, client maupiti transmits to server atlantic-82 using NFS file handle 0343. atlantic-82 acknowledges with OK. The conversation continues until maupiti broadcasts an ARP request asking who is 120.146.82.36?

This example demonstrates the format of <A href="http://XXX/sun/commands/snoop.html">snoop</A>. The next step is to filter <A href="http://XXX/sun/commands/snoop.html">snoop</A> to capture packets to a file.

Interpret the capture file using details described in RFC 1761. To access, use your favorite web browser with the URL: http://ds.internic.net/rfc/rfc1761.txt


How to Capture <A href="http://XXX/sun/commands/snoop.html">snoop</A> Results to a File

*Become superuser.

On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.


  1. <A href="http://XXX/sun/commands/snoop.html">snoop</A> -o <A href="http://www.skywayradio.com/tech/ebooks/unix/upt/Filenames.html">filename</A>



For example:


# <A href="http://XXX/sun/commands/snoop.html">snoop</A> -o /tmp/cap<BR></BR>Using device /dev/le (<A href="http://www.skywayradio.com/tech/network/network_interface.html#promiscuous">promiscuous mode</A>)<BR></BR>30 <A href="http://XXX/sun/commands/snoop.html">snoop</A>: 30 packets captured<BR></BR>


This has captured 30 packets in a file /tmp/cap. The file can be anywhere with enough disk space. The number of packets captured is displayed on the command <A href="http://XXX/sun/commands/line.html">line</A>, enabling you to press Ctl-C to abort at any time.


<A href="http://XXX/sun/commands/snoop.html">snoop</A> creates a noticeable networking load on the <A href="http://XXX/sun/config.html#hosts">host</A> machine, which can distort the results. To see reality at work, run <A href="http://XXX/sun/commands/snoop.html">snoop</A> from a third system, (see the next section).

On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command to inspect the file.


  1. <A href="http://XXX/sun/commands/snoop.html">snoop</A> -i <A href="http://www.skywayradio.com/tech/ebooks/unix/upt/Filenames.html">filename</A>



For example:


# <A href="http://XXX/sun/commands/snoop.html">snoop</A> -i /tmp/cap<BR></BR> 1  0.00000 frmpk17b-082 -> 224.0.0.2    IP  D=224.0.0.2 S=129.146.82.1 LEN=32, ID=0<BR></BR>2  0.56104        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>3  0.16742  atlantic-82 -> (broadcast)  ARP C Who is 129.146.82.76, honeybea ?<BR></BR>4  0.77247        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>5  0.80532 frmpk17b-082 -> (broadcast)  ARP C Who is 129.146.82.92, holmes ?<BR></BR>6  0.13462        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>7  0.94003        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>8  0.93992        scout -> (broadcast)  ARP C Who is 129.146.82.63, grail ?<BR></BR>9  0.60887        towel -> (broadcast)  ARP C Who is 129.146.82.35, udmpk17b-82 ?<BR></BR>10 0.86691  nimpk17a-82 -> 129.146.82.255 RIP R (1 destinations)<BR></BR>


Refer to specific protocol documentation for detailed analysis and recommended parameters for ARP, IP, RIP and so forth. Searching the Web is a good place to <A href="http://XXX/sun/commands/look.html">look</A> at RFCs.

How to Check Packets Between Server and Client

Establish a <A href="http://XXX/sun/commands/snoop.html">snoop</A> system off a hub connected to either the client or server.

The third system (the <A href="http://XXX/sun/commands/snoop.html">snoop</A> system) sees all the intervening traffic, so the snoop trace reflects reality on the wire.

*Become superuser.
*On the command <A href="http://XXX/sun/commands/line.html">line</A>, type <A href="http://XXX/sun/commands/snoop.html">snoop</A> with options and save to a file.
*Inspect and interpret results.

Look at RFC 1761 for details of the <A href="http://XXX/sun/commands/snoop.html">snoop</A> capture file. To access, use your favorite web browser with the URL: http://ds.internic.net/rfc/rfc1761.txt

Use <A href="http://XXX/sun/commands/snoop.html">snoop</A> frequently and consistently to get a feel for normal system behavior. For assistance in analyzing packets, <A href="http://XXX/sun/commands/look.html">look</A> for recent white papers and RFCs, and seek the advice of an expert in a particular area, such as NFS or YP. For details on using snoop and its options, <A href="http://XXX/sun/commands/refer.html">refer</A> to the <A href="http://XXX/sun/commands/snoop.html">snoop</A>(1M) <A href="http://XXX/sun/commands/man.html">man</A> <A href="http://XXX/sun/commands/page.html">page</A>.


<A class name="routing"></A>==Displaying Routing Information==

Use the <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> utility to trace the <A href="http://XXX/sun/commands/route.html">route</A> an IP packet follows to some internet <A href="http://XXX/sun/config.html#hosts">host</A>. The traceroute utility utilizes the IP protocol time(to live) ttl field and attempts to elicit an <A href="http://en.wikipedia.org/wiki/ICMP">ICMP</A> TIME_EXCEEDED response from each <A href="http://XXX/pages/commands/gateway.html">gateway</A> along the path, and the response PORT_UNREACHABLE (or <A href="http://www.skywayradio.com/tech/ebooks/networking/tshoot/ch03_03.htm">ECHO_REPLY</A>) from the destination host. The traceroute utility starts sending probes with a ttl of one and increases by one until it gets to the intended <A href="http://XXX/sun/config.html#hosts">host</A> or has passed through a maximum number of intermediate <A href="http://XXX/sun/commands/hosts.html">hosts</A>.


The <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> utility is especially useful for determining routing misconfiguration and routing path failures. If a particular <A href="http://XXX/sun/config.html#hosts">host</A> is unreachable, you can use the traceroute utility to see what path the packet follows to the intended host and where possible failures might occur.

The <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> utility also displays the round trip time for each <A href="http://XXX/pages/commands/gateway.html">gateway</A> along the path to the target <A href="http://XXX/sun/config.html#hosts">host</A>. This information can be useful for analyzing where traffic is slow between the two <A href="http://XXX/sun/commands/hosts.html">hosts</A>.



How to Run the Traceroute Utility

On the command <A href="http://XXX/sun/commands/line.html">line</A>, type the following command.


% <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> destination-hostname




Example -- traceroute Utility

The following sample of the <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> command shows the 7-hop path a packet follows from the <A href="http://XXX/sun/config.html#hosts">host</A> istanbul to the host sanfrancisco along with the times for a packet to traverse each hop.


istanbul% <A href="http://XXX/sun/commands/traceroute.html">traceroute</A> sanfrancisco
 <A href="http://XXX/sun/commands/traceroute.html">traceroute</A>: Warning: Multiple interfaces found; using 172.31.86.247 @ le0
<A href="http://XXX/sun/commands/traceroute.html">traceroute</A> to sanfrancisco (172.29.64.39), 30 hops max, 40 byte packets<BR></BR>  1  frbldg7c-86 (172.31.86.1)  1.516 ms  1.283 ms  1.362 ms
  2  bldg1a-001     (172.31.1.211)  2.277 ms  1.773 ms   2.186 ms
  3  bldg4-bldg1    (172.30.4.42)   1.978 ms  1.986 ms  13.996 ms
  4  bldg6-bldg4    (172.30.4.49)   2.655 ms  3.042 ms   2.344 ms
  5  ferbldg11a-001 (172.29.1.236)  2.636 ms  3.432 ms   3.830 ms
  6  frbldg12b-153  (172.29.153.72) 3.452 ms  3.146 ms   2.962 ms
  7  sanfrancisco   (172.29.64.39)  3.430 ms  3.312 ms   3.451 ms

$