tech:notes_diag_reseau
Ceci est une ancienne révision du document !
Table des matières
Notes diag réseau
Commande ip https://access.redhat.com/sites/default/files/attachments/rh_ip_command_cheatsheet_1214_jcs_print.pdf
Diag
ifstat ss -s ss -peaonmi # sar -n DEV sar -n ALL networkctl
networkctl list
ip -4 -o addr
Only up
$ ip link ls up
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
$ ip -0 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 14:da:e9:a6:da:ca brd ff:ff:ff:ff:ff:ff
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 74:2f:68:4b:6c:41 brd ff:ff:ff:ff:ff:ff
# cat /sys/class/net/eth0/speed 1000
# cat /sys/class/net/eth0/duplex full
Lister toutes les interfaces branchées
# grep 1 /sys/class/net/*/carrier /sys/class/net/eth0/carrier:1 /sys/class/net/eth1/carrier:1 /sys/class/net/eth2/carrier:1 /sys/class/net/eth3/carrier:1 /sys/class/net/lo/carrier:1
ethtool eth0
Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full Supported pause frame use: No Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full Advertised pause frame use: Symmetric Receive-only Advertised auto-negotiation: Yes Speed: 10Mb/s Duplex: Half Port: MII PHYAD: 0 Transceiver: internal Auto-negotiation: on Supports Wake-on: pumbg Wake-on: d Current message level: 0x00000033 (51) drv probe ifdown ifup Link detected: no
Si pas de ethtool, essayer mii-tool
# mii-tool eth0 eth0: no link
On arrête le “network-manager” car nous allons configurer le réseau manuellement
service network-manager stop
Demande d'un bail DHCP (DHCP OFFER)
dhclient eth0
Parfois il faut faire un dhclient -r avant pour que ça fonctionne.
dhclient -r eth0
dhclient eth0
Si rien ne se passe Ctrl + c. C'est qu'on ne parviens pas à avoir une réponse du serveur DHCP.
Statistic
ip -s link show eth0
Changer l'adresse ip avec iproute2 (ip)
Effacement de l’ancienne adresse ipv4
ip -4 a del dev eth0
Nous pouvons définir manuellement l'adresse IP :
#ifconfig eth0 192.168.1.12 netmask 255.255.255.0 up ip addr add 192.168.1.12/24 dev eth0 ip link set eth0 up
Définir la route / passerelle par défaut
Voir la table de routage
ip r ip route show table all #ip r show table all |egrep -v "^unreachable|^local|^broadcast"
Ajouter une route
ip route add default via 192.168.1.1
Supprimer une passerelle par défaut
ip route del 0.0.0.0/0 via 192.168.1.1
Test / diag / debug du routage
ip route get 8.8.8.8
Traceroute
Voir :
- tracepath
Voir aussi : https://en.wikipedia.org/wiki/Source_routing
Traceroute avec MTR
$ mtr -c 10 --udp 10.33.133.246 -P 88 -rn Start: 2023-07-11T16:55:56+0200 HOST: websrv1 Loss% Snt Last Avg Best Wrst StDev 1.|-- 10.230.223.1 0.0% 10 0.2 0.3 0.2 1.0 0.2 2.|-- 10.255.183.12 0.0% 10 0.6 3.1 0.6 11.0 4.3 3.|-- 10.255.29.2 0.0% 10 0.7 1.0 0.6 2.2 0.6 4.|-- 10.154.254.1 0.0% 10 25.4 25.6 25.4 27.1 0.5 5.|-- 10.133.4.178 0.0% 10 25.4 25.6 25.3 26.1 0.3 6.|-- 10.133.4.38 0.0% 10 26.7 26.8 25.7 34.4 2.7 7.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
Connaître l'adresse MAC d'origine / permanente
Certains types d’agrégation de liens (bonding) utilise le changement d'adresse MAC.
Il peut être utile de retrouver l'@MAC original de la carte.
# cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: fault-tolerance (active-backup) Primary Slave: None Currently Active Slave: eno50 MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eno49 MII Status: down Speed: Unknown Duplex: Unknown Link Failure Count: 0 Permanent HW addr: 5c:b9:01:d0:06:d0 Slave queue ID: 0 Slave Interface: eno50 MII Status: up Speed: 10000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 5c:b9:01:d0:06:d8 Slave queue ID: 0
# ethtool -P eno50 Permanent address: 5c:b9:01:d0:06:d8
ou (si supporté)
# cat /sys/class/net/eno50/phys_port_id 5cb901d006d8
Alors que l'adresse actuelle définie (spoofé) est :
# cat /sys/class/net/eno50/address 5c:b9:01:d0:06:d0
# ip a show dev eno50
3: eno50: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP qlen 1000
link/ether 5c:b9:01:d0:06:d0 brd ff:ff:ff:ff:ff:ff
Exemple conf Debian
- /etc/network/interfaces
source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 192.168.56.12 netmask 255.255.255.0 gateway 192.168.56.1 allow-hotplug eth2 iface eth2 inet static address 10.240.100.101 netmask 255.255.255.0 network 10.240.100.0 broadcast 10.240.100.255 gateway 10.240.100.250 # dns-* options are implemented by the resolvconf package, if installed dns-search localdomain dns-nameservers 8.8.8.8 8.8.4.4
#systemctl restart networking ifdown eth0 ifup eth0
Exemple conf RedHat
Notes :
- A partir de RHEL9 keyfile remplace ifcfg
- /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet BOOTPROTO=dhcp #DEFROUTE=no #PEERDNS=no IPV6INIT=no IPV4_FAILURE_FATAL=no NAME=eth0 DEVICE=eth0 ONBOOT=yes NM_CONTROLLED=no
- /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1 BOOTPROTO=none ONBOOT=yes TYPE=Ethernet IPV6INIT=no HWADDR=00:50:56:c4:8d:ae NETMASK=255.255.255.0 IPADDR=192.168.10.101 GATEWAY=192.168.10.1 #MTU=1450
#systemctl restart network ifdown eth0 ifup eth0
Bonding
ip a |grep bond0 cat /proc/net/bonding/bond0
Suppression agrégation de liens
ip link set dev bond0 down ip link del dev bond0
Netplan
- /etc/network/interfaces
# ifupdown has been replaced by netplan(5) on this system. See # /etc/netplan for current configuration. # To re-enable ifupdown on this system, you can run: # sudo apt install ifupdown
- /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system # For more information, see netplan(5). network: version: 2 renderer: networkd ethernets: ens192: dhcp4: no dhcp6: no addresses: - 10.15.65.5/24 gateway4: 10.15.65.254 nameservers: addresses: [192.168.130.11,192.168.131.75] ens160: dhcp4: no dhcp6: no addresses: - 192.168.1.105/24 - 2a01:4588:0:fd::109/64 gateway4: 192.168.1.1 gateway6: 2a01:4580:0:fd::1 nameservers: addresses: - 46.18.130.11 - 46.18.131.75 routes: - to: 192.168.255.0/24 via: 192.168.1.1
Pour vérifier la config
netplan try # Rien de sera appliqué si --debug netplan --debug apply
Si OK pour appliquer
netplan apply
netplan generate: Use /etc/netplan to generate the required
configuration for the renderers.
netplan apply: Apply all configuration for the renderers,
restarting them as necessary.
# pour vérifier que la syntaxe était bonne, puis netplan --debug generate netplan generate netplan apply man 5 netplan
Network-Manager UI
Liste :
- connman / cmst
- wicd
- nm-tray / network-manager
Promiscuous mode
ip link set eth0 promisc on
Autres
Voir :
/etc/resolvconf/resolv.conf.d/head
Perte de paquets ?
netstat -s | grep retransmitted
368644 segments retransmitted
netstat -s | grep segments
149840 segments received
150373 segments sent out
161 segments retransmitted
13 bad segments received
Err
# systemctl restart network RTNETLINK answers: File exists
Solution
systemctl stop NetworkManager #ip addr flush dev eth1 #ps -ef |grep -i net
tech/notes_diag_reseau.1742825205.txt.gz · Dernière modification : de 127.0.0.1