Académique Documents
Professionnel Documents
Culture Documents
A network connects computers, mobile phones, peripherals and IoT devices, providing
communication between them. It also facilitates communication between different networks
and even with the Internet. So you must try and get to know it better.
For better understanding of the configuration of the computer network surrounding you,
you should start from the machine that you are currently logged in to. This will give you all
the necessary network configuration parameters, like the IP address of the present host,
the DNS configuration, and which other machines are connected to and can communicate
with your network.
In a UNIX platform, the easiest way to identify the basic configuration of a host is to use
hostname, ifconfig and netstate commands. A few system text files are also useful to find
out details about the internal configuration. These include /etc/nsswitch.conf,
/etc/resolv.conf , and so on. Using this information, you can directly determine the identity
of your machine and its location.
A little study of the ifconfig command can provide you with lots of basic network
configuration and communication information of the connected network devices. For
example, the following listing of the ifconfig –a command gives the Internet address and
netmask of the connected network device and can explore the underlying network
Of ine
configuration. If the host machine has multiple network interfaces, then for each device it
will show the corresponding device network information.
>ifconfig -a
From the above listing, one can identify some of the basic network configuration elements,
as shown below:
IP/netmask: 172.16.4.120/22
Mask: 255:255:252.0
Broadcast: 172.16.7.255
Maximum Subnets: 64
The netmask parameter is particularly important, since it alone can tell you the size of your
immediate network. In this case, 255.255.252.0 equates to four Class B addresses,
because the difference of maximum number of hosts (256) and the number of masked
hosts (252) is four. By combining the netmask with the configured IP address, it is possible
to guess the range of the IP addresses in the local network. Because IP blocks are usually
divided by whole groups and in sequence, you can tell that the IP address span of the
network is from 172.16.4.1 to 172.16.7.254. The network and broadcast addresses are
172.16.4.0 and 177.16.7.255, respectively. A possible schematic diagram of the network is
shown in Figure 1.
If there are multiple network devices, then ifconfig will return information for each device in
the output, and from each interface it is possible to reach all the connecting networks and
analyse all of them.
A few UNIX files are also useful to investigate a network. These contain the network
information required to understand and explore the configuration. /etc/nsswitch.conf and
/etc/resolv.conf are two useful configuration system text files and can be viewed using the
cat command call. Both the files reside on the /etc directory. A listing of different files
containing the data to resolve network configuration is available in the nsswitch.conf file,
whereas DNS name server information is available in the resolv.conf file.
>cat /etc/nisswitch.conf
…..
………..
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
publickey: nisplus
automount: files
>cat /etc/resolv.conf
# Generated by NetworkManager
search ism.int
nameserver 172.16.8.9
nameserver 202.56.230.2
nameserver 8.8.8.8
After getting to know the configuration of your own network, it is essential to go beyond
and learn about what is within the network, and how to reach there. Networks outside your
masked network may be within your own organisation, in different sections or
departments; or on outside public networks such as the Internet. To view your network and
beyond, it is necessary to see the router table, for which netstat –r is a good option.
Here is an example of the netstat –r command on a CentOS platform. The default router
shows the gateway used to route packets to the outside network. In the absence of the
proper functioning of the present name server, the gateway option shows the IP addresses
instead of the complete qualified route. In the following example, netstat –r is showing the
IP router table of the above mentioned network.
>netstat -r
The above output of netstat –r with IP addresses indicates that the name server of the
target network is not functioning properly or has some configuration issues.
After finding out the basic configuration, one can explore all the connected hosts with
respect to each subnet identified by the router table entries. There are two useful
commands, ip and arp, with the help of which it is possible to get data on all the close
neighbours, along with their respective MAC addresses. The administrative command ip is
so powerful that it is also possible to use it for manipulating routing devices, and editing
routing and tunnelling policies. While arp is good to identify the connected hosts with their
MAC addresses and connection types, ip can show you the status of the connections.
>arp
The network management command ip with the option neigh provides more detailed
information than the other network management and exploration commands.
>ip neigh
REACHABLE
The above table provides a neighbourhood host reachability status as well. It classifies the
reachability in four classes – valid permanent connection, valid but not further tested,
reachable but with the reachable timeout limit, and suspicious. With all these, it is possible
to get a good understanding of your neighbourhood to investigate the performance of the
network, if required.
To understand which services are running within your server and expecting outside hosts to
cater their services to them, you need to go through the currently running services and
examine their status. Naturally, these include DNS, NFS, Web services and other distributed
services within the network. A close look at this data can help a network analyst or security
expert to easily identify the possible sources of performance bottlenecks and external
attacks. The information is based upon the ports that are open and in the listening state,
waiting for a client’s connections, or to those that are already open and communicating
with a client.
Sockets
Performance issues affect the reliability of applications running in the system as well as the
reliability of the entire environment. In most cases, a decline in performance is related
either to latency or to bandwidth and hardware.
Since we cannot exceed the physical limit of the network environment, it is necessary to
address performance issues with respect to specific service protocols and services like NFS,
DNS, HTTP, etc. The limiting factors of the network and other related hardware provide the
base line for the performance study. Once the base line is known, it is comparatively easy
to identify the performance issues related to different service protocols.
Figure 3: Tabular outputs of netstat-antpIF command
After the correct diagnosis, one can identify related issues and the correct course of action
can be taken.
The statistical data analysis of different log tables is helpful in this regard. Both predictive
and deterministic analyses are used to precisely locate performance issues. If an issue is
not creating a major performance bottleneck, a system study and analysis can identify the
problem and solve it.
The client-to-server data exchange takes place when a client connects to the server
through a socket. A socket pair, in this case, consists of a client IP address, a client port
number, a server IP address, and a server port number. Querying information by the socket
therefore lets you zero-in quickly on a specific service running at a specific IP address.
$ netstat –antplF
# R language script
netstat<- read.table(“netstat_2_csv.csv”,header=TRUE,sep=”,”)
head(netstat)
detach(netstat)
attach(netstat)
barplot(
table(d),
beside = TRUE,
A summary report of the above log is helpful to gain an in-depth understanding of the
system. Figure 4 gives an R summary report of the above netstat status log.
If an application is behind a firewall and is in the idle state, then there is a possibility that
the firewall may drop the idle TCP connection after a given amount of time. Since there is
no way to know the invalid connection, the system will keep the connection forever, and
when the client tries to use that connection again, it will be unresponsive.
Share this:
Dipankar Ray
The author is a member of IEEE, IET, with more than 20 years of experience in open source versions of
UNIX operating systems and Sun Solaris. He is presently working on data analysis and machine learning
using a neural network and different statistical tools. He has also jointly authored a textbook called
‘MATLAB for Engineering and Science’. He can be reached at dipankarray@ieee.org.