Narzędzia diagnostyczne w sieciach komputerowych

  1. Diagnostyka warstwy aplikacji
  2. netstat

    Opcje polecenia netstat:
    -l   - wyspiuje tylko nasłuchujące porty
    -n   - wypiuje wartość numeryczne (bez odwzorowania na nazwy dns czy protok.)
    -u   - wypisuje tylko połączenia udp
    -t   - wypisuje tylko połączenia tcp
    -a   - wypisuje zarazem otwarte połączenia jak i nasłuchujące porty
    -p   - wypisuje aplikację powiązaną z połączeniem
    
    test:~# netstat -i
    Kernel Interface table
    Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
    eth0       1300 0   7668113      0      0 0       6352378      0      0      0 BPRU
    lo        16436 0    279164      0      0 0        279164      0      0      0 LRU
    test:~#
    
    Ip:
        5278738 total packets received
        548 with invalid addresses
        0 forwarded
        0 incoming packets discarded
        5260461 incoming packets delivered
        3934818 requests sent out
        1444 outgoing packets dropped
    Icmp:
        711 ICMP messages received
        23 input ICMP message failed.
        ICMP input histogram:
        destination unreachable: 46
        timeout in transit: 564
        echo requests: 34
        echo replies: 67
        1822 ICMP messages sent
        0 ICMP messages failed
        ICMP output histogram:
        destination unreachable: 1000
        echo request: 195
        echo replies: 15
    IcmpMsg:
        InType0: 67
        InType3: 46
        InType8: 34
        InType11: 564
        OutType0: 15
        OutType3: 1000
        OutType8: 195
        OutType69: 612
    Tcp:
        42112 active connections openings
        224780 passive connection openings
        5691 failed connection attempts
        43357 connection resets received
        1 connections established
        5341542 segments received
        4088404 segments send out
        84836 segments retransmited
        0 bad segments received.
        37091 resets sent
    Udp:
        14204 packets received
        994 packets to unknown port received.
        0 packet receive errors
        14502 packets sent
    UdpLite:
    TcpExt:
        352 resets received for embryonic SYN_RECV sockets
        3 packets pruned from receive queue because of socket buffer overrun
        9 ICMP packets dropped because they were out-of-window
        100797 TCP sockets finished time wait in fast timer
        1 time wait sockets recycled by time stamp
        179 packets rejects in established connections because of timestamp
        38797 delayed acks sent
        69 delayed acks further delayed because of locked socket
        Quick ack mode was activated 5774 times
        4404 packets directly queued to recvmsg prequeue.
        237728 bytes directly in process context from backlog
        3245 bytes directly received in process context from prequeue
        1067134 packet headers predicted
        173 packets header predicted and directly queued to user
        1381983 acknowledgments not containing data payload received
        1524044 predicted acknowledgments
        20 times recovered from packet loss due to fast retransmit
        8971 times recovered from packet loss by selective acknowledgements
        53 bad SACK blocks received
        Detected reordering 82 times using FACK
        Detected reordering 29 times using SACK
        Detected reordering 4 times using reno fast retransmit
        Detected reordering 110 times using time stamp
        142 congestion windows fully recovered without slow start
        1261 congestion windows partially recovered using Hoe heuristic
        5652 congestion windows recovered without slow start by DSACK
        1380 congestion windows recovered without slow start after partial ack
        20699 TCP data loss events
        TCPLostRetransmit: 601
        1 timeouts after reno fast retransmit
        3127 timeouts after SACK recovery
        388 timeouts in loss state
        25588 fast retransmits
        3784 forward retransmits
        7498 retransmits in slow start
        23964 other TCP timeouts
        3 classic Reno fast retransmits failed
        684 SACK retransmits failed
        809 packets collapsed in receive queue due to low socket buffer
        6509 DSACKs sent for old packets
        13482 DSACKs received
        27 DSACKs for out of order packets received
        15972 connections reset due to unexpected data
        18221 connections reset due to early user close
        4789 connections aborted due to timeout
        6 times unabled to send RST due to no memory
        TCPSACKDiscard: 5
        TCPDSACKIgnoredOld: 5181
        TCPDSACKIgnoredNoUndo: 2139
        TCPSpuriousRTOs: 286
    IpExt:
        InMcastPkts: 33
        InBcastPkts: 156694
    
    test:~# netstat -lpnt
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1270/mysqld
    tcp        0      0 150.254.78.79:53        0.0.0.0:*               LISTEN      22161/named
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      22161/named
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2198/sshd
    tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      22161/named
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2485/master
    tcp6       0      0 :::80                   :::*                    LISTEN      18794/apache2
    tcp6       0      0 :::53                   :::*                    LISTEN      22161/named
    tcp6       0      0 :::22                   :::*                    LISTEN      2198/sshd
    tcp6       0      0 ::1:953                 :::*                    LISTEN      22161/named
    test:~#
    
    test:~# netstat -r
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    150.254.78.64   *               255.255.255.192 U         0 0          0 eth0
    default         gw-v5.core.wmi. 0.0.0.0         UG        0 0          0 eth0
    test:~#
    
    test:~# netstat -tl
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State
    tcp        0      0 localhost:mysql         *:*                     LISTEN
    tcp        0      0 (ukryte).wmi.amu:domain *:*                     LISTEN
    tcp        0      0 localhost:domain        *:*                     LISTEN
    tcp        0      0 *:ssh                   *:*                     LISTEN
    tcp        0      0 localhost:953           *:*                     LISTEN
    tcp        0      0 *:smtp                  *:*                     LISTEN
    tcp6       0      0 [::]:www                [::]:*                  LISTEN
    tcp6       0      0 [::]:domain             [::]:*                  LISTEN
    tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
    tcp6       0      0 localhost:953           [::]:*                  LISTEN
    test:~# netstat -tln
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State
    tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
    tcp        0      0 150.254.78.79:53        0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
    tcp6       0      0 :::80                   :::*                    LISTEN
    tcp6       0      0 :::53                   :::*                    LISTEN
    tcp6       0      0 :::22                   :::*                    LISTEN
    tcp6       0      0 ::1:953                 :::*                    LISTEN
    test:~#
    
    

    telnet

    Polecenie telnet służyło początkowo do połączenia ze zdalnym terminalem znakowym. Dane przesyłane przez telnet były niezaszyfrowane. Polecenie telnet umożliwia również wykonanie połączenia TCP na wskazany adres i port. Poniżej znajduje się zrzut komunikacji z serwerem www.kalkowski.name (port 80 odpowiada według standardu za port serwerów www). Polecenie GET i Host: wpisuje użytkownik, po czym wciska dwa razy enter. Serwer zwraca stronę www znajdującą się pod wskazanym hostem i adresem.
    test:~# telnet www.kalkowski.name 80
    Trying 193.142.112.94...
    Connected to www.kalkowski.name.
    Escape character is '^]'.
    GET /dydaktyka/2011-2012-L/SIK/pliki/malastrona.html http/1.1
    Host: www.kalkowski.name
    
    HTTP/1.1 200 OK
    Date: Wed, 15 Feb 2012 22:14:01 GMT
    Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7m
    Last-Modified: Wed, 15 Feb 2012 22:12:51 GMT
    ETag: "47445b1-6f-4b908032f7e40"
    Accept-Ranges: bytes
    Content-Length: 111
    Content-Type: text/html
    
    
    
    to jest testowa strona pobrana prez telnet na cwiczeniach z sieci komputerowych.
    
    
    Connection closed by foreign host.
    test:~#
    
    
    Połączenie na port 22. Serwer melduje się, użytkownik wciska Ctrl-] i przechodzi do tryb poleceń w telnet. Wpisujemy exit, aby wyłączyć telnet (nie jesteśmy w stanie komunikować się w sposób szyfrowany przy pomocy klawiatury).
    test:~# telnet www.kalkowski.name 22
    Trying 193.142.112.94...
    Connected to www.kalkowski.name.
    Escape character is '^]'.
    SSH-2.0-OpenSSH_5.2
    ^]
    telnet> exit
    ?Invalid command
    telnet>
    

    lsof

    Polecenie lsof wypisuje otwarte pliki w systemie operacyjnym. Dodając opcję "-i" wypisuje tylko otwarte deskryptory socket.
    test:~# lsof -i
    COMMAND   PID     USER   FD   TYPE DEVICE SIZE NODE NAME
    mysqld   1270    mysql   10u  IPv4 217731       TCP localhost:mysql (LISTEN)
    sshd     2198     root    3u  IPv6   5164       TCP *:ssh (LISTEN)
    sshd     2198     root    4u  IPv4   5166       TCP *:ssh (LISTEN)
    master   2485     root   12u  IPv4   5794       TCP *:smtp (LISTEN)
    apache2 18794 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    apache2 21181     root    3u  IPv6 836016       TCP *:www (LISTEN)
    apache2 21298 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    apache2 21300 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    apache2 21575 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    apache2 21584 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    apache2 21617 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    apache2 21677 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    named   22161     bind   20u  IPv6 921527       TCP *:domain (LISTEN)
    named   22161     bind   21u  IPv4 921532       TCP localhost:domain (LISTEN)
    named   22161     bind   23u  IPv4 921535       TCP localhost:953 (LISTEN)
    named   22161     bind   24u  IPv6 921536       TCP localhost:953 (LISTEN)
    named   22161     bind  512u  IPv6 921526       UDP *:domain
    named   22161     bind  513u  IPv4 921531       UDP localhost:domain
    apache2 22281 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    apache2 22286 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    apache2 22750 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    apache2 22751 www-data    3u  IPv6 836016       TCP *:www (LISTEN)
    sshd    22806     root    3r  IPv4 923051       TCP (domenaukryta).edu.pl:ssh->(domenaukryta).innyadres.pl:30378 (ESTABLISHED)
    sshd    22809   kalkos    3u  IPv4 923051       TCP (domenaukryta).edu.pl:ssh->(domenaukryta).innyadres.pl:30378 (ESTABLISHED)
    test:~#
    

    nmap

    test:~# nmap localhost
    
    Starting Nmap 4.62 ( http://nmap.org ) at 2012-02-15 23:04 CET
    Interesting ports on localhost (127.0.0.1):
    Not shown: 1709 closed ports
    PORT     STATE SERVICE
    22/tcp   open  ssh
    25/tcp   open  smtp
    53/tcp   open  domain
    80/tcp   open  http
    953/tcp  open  rndc
    3306/tcp open  mysql
    
    Nmap done: 1 IP address (1 host up) scanned in 0.071 seconds
    test:~#
    
    test:~# nmap -O labs.wmi.amu.edu.pl
    
    Starting Nmap 4.62 ( http://nmap.org ) at 2012-02-15 23:11 CET
    Warning: Hostname labs.wmi.amu.edu.pl resolves to 2 IPs. Using 150.254.78.7.
    All 1715 scanned ports on dc2.labs.wmi.amu.edu.pl (150.254.78.7) are filtered
    Device type: general purpose
    Running: Microsoft Windows 2000|2003|2008|Longhorn|Vista|XP
    Too many fingerprints match this host to give specific OS details
    
    OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 37.449 seconds
    test:~#
    
    test:~# nmap -O localhost
    
    Starting Nmap 4.62 ( http://nmap.org ) at 2012-02-15 23:12 CET
    Interesting ports on localhost (127.0.0.1):
    Not shown: 1709 closed ports
    PORT     STATE SERVICE
    22/tcp   open  ssh
    25/tcp   open  smtp
    53/tcp   open  domain
    80/tcp   open  http
    953/tcp  open  rndc
    3306/tcp open  mysql
    Device type: general purpose
    Running: Linux 2.6.X
    OS details: Linux 2.6.17 - 2.6.21
    Uptime: 172.988 days (since Sat Aug 27 00:30:28 2011)
    Network Distance: 0 hops
    
    OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 1.492 seconds
    test:~#
    
    test:/etc/bind# nmap -p 19-24 localhost
    
    Starting Nmap 4.62 ( http://nmap.org ) at 2012-02-15 23:15 CET
    Interesting ports on localhost (127.0.0.1):
    PORT   STATE  SERVICE
    19/tcp closed chargen
    20/tcp closed ftp-data
    21/tcp closed ftp
    22/tcp open   ssh
    23/tcp closed telnet
    24/tcp closed priv-mail
    
    Nmap done: 1 IP address (1 host up) scanned in 0.042 seconds
    test:/etc/bind# 
    

    netcat

    test:~# netcat -l -p 6666
    to jest testowy tekst wpisany przez uzytkownika, ktory zostanie odebrany przez nasluchujacego netcat.
    test:~#
    
    test:~# netcat localhost 6666
    to jest testowy tekst wpisany przez uzytkownika, ktory zostanie odebrany przez nasluchujacego netcat.
    ^C
    test:~#
    
    test:/etc/bind# netcat www.kalkowski.name 80
    GET /dydaktyka/2011-2012-L/SIK/pliki/malastrona.html http/1.1
    Host: www.kalkowski.name
    
    HTTP/1.1 200 OK
    Date: Wed, 15 Feb 2012 22:40:54 GMT
    Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7m
    Last-Modified: Wed, 15 Feb 2012 22:12:51 GMT
    ETag: "47445b1-6f-4b908032f7e40"
    Accept-Ranges: bytes
    Content-Length: 111
    Content-Type: text/html
    
    
    
    to jest testowa strona pobrana prez telnet na cwiczeniach z sieci komputerowych.
    
    
    test:/etc/bind#
    
    

    netris

    Sprawdź jak działa polecenie netris :)

    /etc/services

    bash-3.2$ cat /etc/services |head -30
    # See also: services(5), http://www.sethwklein.net/projects/iana-etc/
    #
    # PORT NUMBERS
    #
    # (last updated 2006-11-13)
    #
    # The port numbers are divided into three ranges: the Well Known Ports,
    # the Registered Ports, and the Dynamic and/or Private Ports.
    #
    # The Well Known Ports are those from 0 through 1023.
    #
    # DCCP Well Known ports SHOULD NOT be used without IANA registration.
    # The registration procedure is defined in [RFC4340], Section 19.9.
    #
    # The Registered Ports are those from 1024 through 49151
    #
    # DCCP Registered ports SHOULD NOT be used without IANA registration.
    # The registration procedure is defined in [RFC4340], Section 19.9.
    #
    # The Dynamic and/or Private Ports are those from 49152 through 65535
    #
    #
    #
    # ************************************************************************
    # * PLEASE NOTE THE FOLLOWING:                                           *
    # *                                                                      *
    # * 1. UNASSIGNED PORT NUMBERS SHOULD NOT BE USED.  THE IANA WILL ASSIGN *
    # * THE NUMBER FOR THE PORT AFTER YOUR APPLICATION HAS BEEN APPROVED.    *
    # *                                                                      *
    # * 2. ASSIGNMENT OF A PORT NUMBER DOES NOT IN ANY WAY IMPLY AN          *
    # * ENDORSEMENT OF AN APPLICATION OR PRODUCT, AND THE FACT THAT NETWORK  *
    # * TRAFFIC IS FLOWING TO OR FROM A REGISTERED PORT DOES NOT MEAN THAT   *
    # * IT IS "GOOD" TRAFFIC. FIREWALL AND SYSTEM ADMINISTRATORS SHOULD      *
    # * CHOOSE HOW TO CONFIGURE THEIR SYSTEMS BASED ON THEIR KNOWLEDGE OF    *
    # * THE TRAFFIC IN QUESTION, NOT WHETHER THERE IS A PORT NUMBER          *
    # * REGISTERED OR NOT.                                                   *
    # ************************************************************************
    #
    #
    # WELL KNOWN PORT NUMBERS
    #
    # The Well Known Ports are assigned by the IANA and on most systems can
    # only be used by system (or root) processes or by programs executed by
    # privileged users.
    #
    # Ports are used in the TCP [RFC793] to name the ends of logical
    # connections which carry long term conversations.  For the purpose of
    # providing services to unknown callers, a service contact port is
    # defined.  This list specifies the port used by the server process as
    # its contact port.  The contact port is sometimes called the
    # "well-known port".
    #
    # To the extent possible, these same port assignments are used with the
    # UDP [RFC768].
    #
    # The range for assigned ports managed by the IANA is 0-1023.
    #
    # Port Assignments:
    #
    # Keyword         Decimal    Description                     References
    #
    # Keyword         Decimal    Description                     References
    # -------         -------    -----------                     ----------
    #                 0/tcp    Reserved
    #                 0/udp    Reserved
    #                          Jon Postel 
    tcpmux            1/tcp    # TCP Port Service Multiplexer
    tcpmux            1/udp    # TCP Port Service Multiplexer
    #                          Mark Lottor 
    compressnet       2/tcp    # Management Utility
    compressnet       2/udp    # Management Utility
    compressnet       3/tcp    # Compression Process
    compressnet       3/udp    # Compression Process
    #                          Bernie Volz 
    #                 4/tcp    Unassigned
    #                 4/udp    Unassigned
    rje               5/tcp    # Remote Job Entry
    rje               5/udp    # Remote Job Entry
    #                          Jon Postel 
    #                 6/tcp    Unassigned
    #                 6/udp    Unassigned
    echo              7/tcp    # Echo
    echo              7/udp    # Echo
    #                          Jon Postel 
    #                 8/tcp    Unassigned
    #                 8/udp    Unassigned
    discard           9/tcp sink null    # Discard
    discard           9/udp sink null    # Discard
    #                          Jon Postel 
    discard           9/dccp sink null   # Discard SC:DISC
    #                          IETF dccp WG, Eddie Kohler , [RFC4340]
    #                10/tcp    Unassigned
    
    (.....)
    
    ftp-data         20/tcp    # File Transfer [Default Data]
    ftp-data         20/udp    # File Transfer [Default Data]
    ftp              21/tcp    # File Transfer [Control]
    ftp              21/udp    # File Transfer [Control]
    #                          Jon Postel 
    ssh              22/tcp    # SSH Remote Login Protocol
    ssh              22/udp    # SSH Remote Login Protocol
    
    (.....)
    
    #                          Christopher Leong 
    finger           79/tcp    # Finger
    finger           79/udp    # Finger
    #                          #                          David Zimmerman 
    http             80/tcp www www-http    # World Wide Web HTTP
    http             80/udp www www-http    # World Wide Web HTTP
    
    (.....)