Troubleshooting - jhu-information-security-institute/infrastructure GitHub Wiki

Tools

  • ip: Show / manipulate routing, devices, policy routing and tunnels.
  • ifconfig: "Interface config" is used to configure the kernel-resident network interfaces. It is used at boot time to set up interfaces as necessary. After that, it is usually only needed when debugging or when system tuning is needed.
  • nmap: “Network Mapper” is an open-source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
  • netstat: "Network Statistics" is used to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
  • ss: Socket statistics allows showing information similar to netstat. It can display more TCP and state information.
  • dhclient: Dynamic Host Configuration Protocol Client provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address.
  • nslookup: Name server lookup is a program to query Internet domain name servers.
  • dig: Domain information groper is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried.
  • traceroute: Print the route packets trace to network host.
  • tcpdump: Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression.

Routing

  • Do you have connectivity from host1 to host2? E.g., can you ping from host1 and get a response from host2? If not, where is the connection breaking when you use traceroute from host1 to host2?

Domain name resolution

  • Is DNS resolution working for the subnet of interest? E.g., what DNS server is being used for resolution when you query a particular hostname from that subnet via dig or nslookup? Is the DNS server running without error?

IP addresses

  • Is the IP address properly configured for the host of interest? E.g., is DHCP properly setting a specific address for the hostname per the MAC address of the network adapter or interest or is it properly setting an IP address from the general pool of addresses in the subnet? If not, what DHCP server is being used and is it running without error? Is it setup with the proper MAC addresses for each network adapter that is not initializing properly? Is the IP address setup properly in DNS server if it is providing the addresses to the DHCP server?

Servers

  • Is the server you are attempting to use running on host2? E.g., can you netstat on host2 and see the port listed as actively listening? Is the server process running without errors when you check its status via systemctl or journalctl? Is there a firewall that is actively blocking the listening port?