TODO(risk): write up tcpdump.
Often, we'll have configuration and networking issues….
There are several basic things that can help to keep in mind when troubleshooting networking.
1. Most people think of networks as collections of connections, think of packets instead.
Network engineers more often think of networks as streams of packets. Each packet is just a collection of bytes, almost always the first couple of bytes, the header, are packet destination and source.
2. Every host on the network, even your laptop and your phone, is also a router (a very simple one).
For example, when they want to start talking to the internet, they create a packet, and then they need to make a decision where to route that packet (to which physical network interface).
3. Every host on the network, even your laptop and your phone, is also a firewall (a very simple one).
For example, they look at a packet and make some decisions whether to take it or reject it.
todo(risk): find some 1-2 minute crashcourse videos, e.g. what a subnet is, what's a hub/switch, what's a gateway route .. what's a route …
@risk: A video like this one? http://warriorsofthe.net/
One thing you can always fall back to is looking at the packets as they come into the network interface, and as they go out.
Even if you can't understand the contents, having the contents and showing it to someone who can understand it, is usually enough to figure out how to get things working again.
In some cases, looking at even a single incoming packet is enough to detect "evil ISP" behavior.
To capture the contents, so either you, or a friend can look at it, you can use tools such as tcpdump, or even linux firewall itself through iptables -j LOG.
tcpdump -ni eth0.2 port 53
Refer to this diagram to see how packets traverse the linux firewall: – http://www.linuxhomenetworking.com/wiki/images/f/f0/Iptables.gif
to enable logging of outgoing dns udp packets:
iptables -A POSTROUTING -t nat -i eth0.2 -p udp --dst-port 53 -j LOG
to enable logging of incomding dns udp packets:
iptables -I PREROUTING -t mangle -i eth0.2 -p udp --src-port 53 -j LOG
to view logs use
to generate internet packets / requests, in order to capture packets
ping www.google.com # or nslookup www.google.com 220.127.116.11
to disable logging:
iptables -D POSTROUTING -t nat -i eth0.2 -p udp --dst-port 53 -j LOG iptables -D PREROUTING -t mangle -i eth0.2 -p udp --src-port 53 -J LOG