Tools to analyze and monitor

Linux comes with many tools to monitor networking tasks.

ifconfig
We used the ifconfig command above to see the status of the ethernet card. However, ifconfig can configure devices as well as report on them. Suppose you want to set up a temporary network configuration for testing. You could edit the configuration through the distribution tool, but you would need to note all of the settings to put it back when you're done. By using ifconfig, we can configure the card quickly without touching the saved settings:

ifconfig eth0 192.168.13.13 netmask 255.255.255.0 up

The command above will set eth0 to the address 192.168.13.13 with a Class C IP address and make sure that it is up.

ifconfig eth0 down

The command above will shut down the eth0 device. See the info ifconfig page for full details on using ifconfig.

ifup/ifdown
To activate and deactivate network devices using their saved configurations, use ifup and ifdown, respectively.

# Bring up eth0 using the saved configuration
ifup eth0

# Shut down eth0
ifdown eth0

netstat
Use the netstat console command to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. netstat has several command line switches to control its function. Here are some of the common ones:

Printing network status

Here's an example of netstat -tp:

[root@cmw-t30 root]# netstat -tp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
PID/Program name
tcp        0      0 localhost.localdo:29000 *:*                     LISTEN
2389/attvpnctl
tcp        0      0 *:10000                 *:*                     LISTEN
5945/perl
tcp        0      0 *:x11                   *:*                     LISTEN
1120/X
tcp        0      0 *:ftp                   *:*                     LISTEN
724/xinetd
tcp        0      0 *:ssh                   *:*                     LISTEN
710/sshd
tcp        0      0 *:ipp                   *:*                     LISTEN
797/cupsd
tcp        0      0 *:505                   *:*                     LISTEN
1043/rcd
tcp        0      0 localhost.localdoma:ipp localhost.localdo:32772 ESTABLISHED
797/cupsd
tcp        0      0 sig-9-65-39-140.m:44916 sdoprods2.austin.i:1352 TIME_WAIT
-
tcp        0      0 10.100.100.101:33020    64.12.29.100:5190       ESTABLISHED
1433/gaim
tcp        0      0 localhost.localdo:44954 localhost.localdoma:ipp TIME_WAIT
-
tcp        0      0 localhost.localdo:44955 localhost.localdoma:ipp TIME_WAIT
-
tcp        0      0 localhost.localdo:44897 localhost.localdoma:ipp TIME_WAIT
-
tcp        0      0 localhost.localdo:44902 localhost.localdoma:ipp TIME_WAIT
-
tcp        0      0 localhost.localdo:44903 localhost.localdoma:ipp TIME_WAIT
-
tcp        0      0 localhost.localdo:44900 localhost.localdoma:ipp TIME_WAIT
-
tcp        0      0 localhost.localdo:44901 localhost.localdoma:ipp TIME_WAIT
-
tcp        0      0 10.100.100.101:44888    cs9336-61.austin.r:pop3 TIME_WAIT
-
tcp        0      0 localhost.localdo:32772 localhost.localdoma:ipp ESTABLISHED
1246/gnome-cups-man
tcp        1      0 localhost.localdo:32774 localhost.localdoma:ipp CLOSE_WAIT
1246/gnome-cups-man
tcp        0      0 10.100.100.101:33019    cs46.msg.sc5.yahoo:5050 ESTABLISHED
1433/gaim
tcp        0      0 sig-9-65-39-140.m:35061 d03nm119.boulder.i:1352 CLOSE_WAIT
1720/wineserver
tcp        0      0 10.100.100.101:33021    64.12.30.4:5190         ESTABLISHED
1433/gaim

I use netstat most often to view connections that are in the LISTEN or ESTABLISHED states. LISTEN are the services on your system that are accepting connections from other machines. ESTABLISHED are the active connections between your machine and others. Make sure you know all of the LISTEN programs that are running. If you see something you don't recognize, it could be a security concern. netstat has many options. Type info netstat at the command line for details.

route
The route console command lets you show and manipulate the IP routing table.

[root@cmw-t30 plugins]# route|grep -v ipsec
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
204.146.24.42   10.100.100.1    255.255.255.255 UGH   0      0        0 eth1
10.100.100.0    *               255.255.255.0   U     0      0        0 eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         10.100.100.1    0.0.0.0         UG    0      0        0 eth1

Running route with no switches will show the current routing table. You can make very elaborate changes to the routing table using route.

route add default gw 10.10.10.1

The above command adds a default route (which will be used if no other route matches). All packets using this route will be gatewayed through "10.10.10.1". The device that will actually be used for that route depends on how we can reach "10.10.10.1" -- the static route to "10.10.10.1" will have to be set up before.

route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0

The above command adds a route to the network 192.56.76.x via "eth0." The Class C netmask modifier is not really necessary here because 192.* is a Class C IP address. The word "dev" can be omitted here.

Routing is a very deep subject. Full information about the route options is available with info route.

Summary

Linux was designed for networking from the start. It has built into it sophisticated functions that were previously found only on high-end enterprise offerings. However, even with all of this power, configuration of Linux networking is no more complex than configuration in Windows. Tools such as Webmin, redhat-config-network, and YAST allow graphical configuration. Tools such as ifconfig and route allow viewing and modification of network parameters from the console or scripts. Tools such as netstat allow viewing of individual network connections and show their relationships to running processes.