Network Tools

May 15, 2021

Almost every user sooner or later faces network problems, so it’s essential to have at least a basic understanding of network troubleshooting. In this article, I’d like to overview tools I use to explore network configuration and solve network issues on the Ubuntu desktop. Most of these applications can be used on a server but some of them are specific to desktop systems.

ip and NetworkManager

ip is a tool that allows to show or manipulate routing and network devices. Older Ubuntu distributions used the ifconfig for the same purpose. There are some commands I use in everyday life:

• ip addr — show system IP and MAC addresses;
• ip route — show routing table;
• ip addr show docker0 | grep -Po 'inet \K[\d.]+' — print Docker host address.

ip has a lot more options described on man page. Even though ip allows to manipulate network settings I prefer to avoid it because it’s a temporary solution and all modifications will be lost after a reboot.

Netplan is a default tool for network configuration in Ubuntu 20.04. It allows to create declarative representation of complex networks. Netplan does not configure the network itself but generates configs for the underlying backend. It supports two backends: NetworkManager (usually used on desktops) and systemd-networkd (usually used on servers). There is more explanation about why Ubuntu switched from ifupdown to Netplan on MigratingToNetplan page.

Although Netplan may be convenient for complex solutions like clouds or enterprise networks, for my desktop is a bit overkill. So I prefer to configure NetworkManager directly. All config files of NetowkManager are stored in /etc/NetworkManager directory. It’s possible to modify configs by hand but I prefer to use nmcli utility. E.g. to make static IP ethernet connection with preconfigured DNS address I use these commands:

# eno1 - my network interface
nmcli con mod eno1 ipv4.addresses 192.168.2.10/24
nmcli con mod eno1 ipv4.gateway 192.168.2.1
nmcli con mod eno1 ipv4.dns "8.8.8.8"
nmcli con mod eno1 ipv4.method manual
nmcli con up eno1

One more useful command is nmcli general status. It prints the current network status including information about network connectivity.

ss

ss is a utility for sockets investigation. It dumps socket statistics of the system and shows information similar to netstat. Some examples:

• sudo ss -ltpn '( sport = :8080 )' — show the process listening port 8080 (it helps me with errors like “Address already in use”)
• ss -s — show connections statistics.

traceroute and mtr

Sometimes network request is executed slowly or even fails. traceroute can help to find out what is going on. It’s a network diagnostic tool that tracks the path of IP packets using ICMP and different TTL values. It also measures transit delays for every host in a chain so it’s possible to determine which host causes problems. The most common use case for me looks like traceroute example.com.

It’s also possible to use mtr instead of traceroute. It works almost the same but has more user-friendly output and allows to export statistics into XML file what is convenient for scripting purposes.

System administrators may disable ICMP for security reasons that is why even if network connections work properly traceroute and mtr may not work at all or at least show incomplete information.

DNS: dig and systemd-resolved

Hostname resolution is an important part of the network configuration. During network issues debugging there are two common tasks: resolving a hostname and checking system DNS configuration.

For resolving a hostname I use dig utility. It’s a powerful command-line tool for querying DNS servers. E.g. dig example.com uses the default system DNS server to find and show all records for example.com.

In Ubuntu 20.04 DNS is managed by systemd-resolved. resolvectl status gives details about the uplink DNS servers currently in use.

iptables

iptables is an application that allows creating rules for the kernel that controls network traffic. It acts as a firewall that examines and directs packets based on address, port, and other criteria. iptables is a sophisticated tool, so it’s a good idea to read some tutorials explaining how to use it (e.g. tutorial from archlinux wiki).

I usually check iptables rules when network configuration looks OK but some applications can’t establish network connections or Docker containers can’t access the external network. First of all, I type sudo iptables -L to find out what is going on.

tcpdump and wireshark

Network debugging becomes easier when you can capture and analyze the traffic going through the system. tcpdump can help with this task. This utility reads packets from the network interface that match the boolean expression and then prints them on the screen or stores them in a file.

I have two use cases for tcpdump:

• check if some packets match an expression like tcp and port 80 (I use it when an application is not working as expected and I want to make sure that it receives or sends any data; I don’t need to store these packets anywhere);
• write all packets into a file to analyze it in more detail later.

Using tcpdump can be suitable not only for troubleshooting but also for network exploration.

On the desktop, it can be more convenient to use Wireshark. It’s a GUI that uses the same mechanisms as a tcpdump.

Conclusion

There are a lot of articles and tutorials on the Internet about each of these tools, so check it if you need more info. Described tools always give me a clue to what is wrong with the network configuration and then I can decide what to do to fix a problem.