week06-02_Verifying connectivity

Verifying connectivity

Table of Contents

Ping: Internet Control Message Protocol

When network problems come up the most common issue you'll run into is the inability to establish a connection with something. It could be a server you can't reach at all, or a website that isn't loading. Maybe you can only reach your resource on your LAN and can't connect to anything on the Internet. Whatever the problem is, being able to diagnose connectivity issues is an important part of network troubleshooting.By the end of this lesson you'll be able to use a number of important troubleshooting tools to help resolve these issues.

When a network error occurs the device that detects it needs some way to communicate this to the source of the problematic traffic. It could be that a router doesn't know how to route to a destination, or that a certain port isn't reachable. It could even be that the TTL of an IP datagram expired and no further router hops will be attempted.

For all of these situations and more ICMP or Internet control message protocol is used to communicate these issues. ICMP is mainly used by a router or remote host to communicate why a transmission has failed back to the origin of the transmission.

The makeup of an ICMP packet is pretty simple, it has a header with a few fields, and a data section that's used by host to figure out which of their transmissions generated the error.

The first field is the type field 8 bits along which specifies what type of message is being delivered. Some examples are destination unreachable, or time exceeded. Immediately after this is the code field which indicates a more specific reason for the message than just the type, for example of the destination unreachable type there are individual codes for things like destination network unreachable, and destination port unreachable. After this is a 16 bit checksum that works like every other checksum field we've covered so far.

Next up is a 32 bit field with an uninspired name, rest of header. You think they could come up with something a bit more interesting, but I can't really think of anything good so who am I to judge? Anyway this field is optionally used by some of the specific types and codes to send more data. After this is the data payload for an ICMP packet.

The payload for an ICMP packet exists entirely so that the recipient of the message knows which of their transmissions cause the error being reported.

It contains the entire IP header, and the first 8 bytes of the data payload section of the offending packet. ICMP wasn't really developed for humans to interact with. The point is so that these sorts of error messages can be delivered between networked computers automatically. But there's also a specific tool and two message types that are very useful to human operators. This tool is called ping. Some version of it exists on just about every operating system and has for a very long time.

Ping is a super simple program and the basics are the same no matter which operating system you're using.

Ping let's you send a special type of ICMP message called an echo request. An ICMP echo request essentially just asks a destination, hey are you there?

If the destination is up and running and able to communicate on the network, it will send back an ICMP echo reply message type.

You can invoke the Ping Command from the command line of any modern operating system. In its most basic use you just type ping and a destination IP or a fully qualified domain name. If you don't know how to use a command line in an operating system, don't worry you will soon we'll cover that in another course.

Output of the Ping Command is very similar across each of the different operating systems. Every line of output will generally display the adverse sending the ICMP Echo reply, and how long it took for the round trip communications. It will also have the TTL remaining and how large the ICMP message is in bytes.

Once the command ends, there will also be some statistics displayed, like percentage of packets transmitted and received, the average round trip time, and a couple other things like that.

On Linux and Mac OS, the Ping Command will run until it's interrupted by an end user sending an interrupt event. They do this by pressing the control key and the C key at the same time. On Windows, Ping defaults to only sending 4Echo requests.

In all environments PING supports a number of command line flags that let you change its behavior like the number of echo request to send, how large they should be, and how quickly they should be sent. Check out the documentation for your operating system to learn a little bit more.

Traceroute

With ping, you now have a way to determine if you can reach a certain computer from another one. You can also understand the general quality of the connection. But communications across networks, especially across the Internet usually, cross lots of intermediary nodes.

Sometimes, you need a way to determine where in the long chain of router hops the problems actually are. Traceroute to the rescue.

Traceroute is an awesome utility that lets you discover the paths between two nodes, and gives you information about each hop along the way.

The way traceroute works, is through a clever manipulation technique of the TTL field at the IP level. We learned earlier that the TTL field is decremented by one, by every router that forwards the packet. When the TTL field reaches zero, the packet is discarded and an ICMP Time Exceeded message is sent back to the originating host. Traceroute uses the TTL field by first setting it to one for the first packet, then two for the second, three for the third and so on. By doing this clever little action, traceroute makes sure that the very first packet sent will be discarded by the first router hop.

This results in an ICMP Time Exceeded message, the second packet will make it to the second router, the third will make it to the third, and so on. This continues until the packet finally makes it all the way to its destination. For each hop, traceroute will send three identical packets.

Just like with ping, the output of a traceroute command is pretty simple. On each line, you'll see the number of the hop and the round trip time for all three packets. You will also see the IP of the device at each hop, and a host name if traceroute can resolve one.

On Linux and MacOS, traceroute sends UDP packets to very high port numbers. On Windows, the command has a shortened name tracert, and defaults to using ICMP echo request.

On all platforms, traceroute has more options than can be specified using command line flags. Two more tools that are similar to traceroute are mtr on Linux and MacOS and pathping on Windows. Refers. These two tools act as long running traceroutes. So you can better see how things change over a period of time. Mtr works in real time and will continually update its output with all the current aggregate data about the traceroute. You can compare this with pathping, which runs for 50 seconds and then displays the final aggregate data all at once.

Testing Port Connectivity

We've covered a bunch of ways to test connectivity between machines at the network layer. But sometimes, you need to know if things are working at the transport layer. For this, there are two super powerful tools at your disposal. Netcat on Linux and Mac OS and Test-NetConnection on Windows.

The Netcat tool can be run through the command nc, and has two mandatory arguments, a host and a port. Running nc google.com 80 would try to establish a connection on port 80 to google.com. If the connection fails, the command will exit. If it succeeds, you'll see a blinking cursor, waiting for more input.

This is a way for you to actually send application layered data to the listening service from your own keyboard. If you're really only curious about the status of a port, you can issue the command, with a -Z flag, which stands for Zero Input/Output Mode. A -V flag, which stands for Verbose, is also useful in this scenario. This makes the commands output useful to human eyes as opposed to non-verbose output, which is best for usage in scripts. Side note, verbose basically means talking too much. So, while I bet you want to throw up a flag on me and my jabbering, we still have lots to get through. Okay, so by issuing the Netcat command with the -Z and -V flags, the command's output will simply tell you if a connection to the port in question is possible or not.

On Windows, Test-NetConnection is a command with some of the similar functionality. If you run Test-NetConnection with only a host specified, it will default to using an ICMP echo request, much like the program ping. But, it will display way more data, including the data link layer protocol being used.

When you issue Test-NetConnection with the -port flag, you can ask it to test connectivity to a specific port. It's important to call out that both Netcat and Test-NetConnection are way more powerful than the brief port connectivity examples we've covered here. In fact, they're such complex tools that covering all of their functionality would be too much for one video. You should read up about all of the other things these super powerful tools can do. We've provided a few in the supplementary readings.

Supplemental Reading for Testing Port Connectivity

Sometimes, you need to know if network connectivity is working at the transport layer. For this, there are two super powerful tools at your disposal: Netcat (nc) on Linux and macOS, and Test-NetConnection on Windows.

The Netcat tool can be run through the command nc, and has two mandatory arguments, a host and a port. Running this command would try to establish a connection on port 80 to google.com:

If the connection fails, the command will exit. If it succeeds, you'll see a blinking cursor, waiting for more input. This is a way for you to actually send application layer data to the listening service from your own keyboard. If you're really only curious about the status of a report, you can issue the command, with a -z flag, which stands for zero input/output mode. A -v flag, which stands for verbose, is also useful in this scenario. So now, the command looks like this:

By issuing the netcat command with the -Z and -V flags, the command's output will simply tell you if a connection to the port in question is possible or not, like this:

On Windows, Test-NetConnection is a command with some similar functionality. If you run Test-NetConnection with only a host specified, it will default to using an ICMP echo request, much like the program ping. But, it will display way more data, including the data link layer protocol being used. When you issue Test-NetConnection with the -Port flag, you can ask it to test connectivity to a specific port. For example, this command tests a TCP connection to google.com:

Test-NetConnection will return output that looks something like this:

It's important to call out that both netcat and Test-NetConnection are way more powerful than the brief port connectivity examples we've covered here. In fact, they're such complex tools that covering all of their functionality would be too much for one video. You should read up about all of the other things these super powerful tools can do in the Wikipedia article for Netcat (nc), and in the documentation for Test-NetConnection.

Reference:

©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 212,332评论 6 493
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,508评论 3 385
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 157,812评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,607评论 1 284
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,728评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 49,919评论 1 290
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,071评论 3 410
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,802评论 0 268
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,256评论 1 303
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,576评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,712评论 1 341
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,389评论 4 332
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,032评论 3 316
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,798评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,026评论 1 266
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,473评论 2 360
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,606评论 2 350

推荐阅读更多精彩内容