Networking Debug tools

Earlier, I had written a blog on tools that I used with Opendaylight. In that blog, I covered Mininet, dpctl, packeth, Wireshark, Postman. I covered traffic generation tool Ostanito in another blog. There are few other miscellaneous networking tools that I use and I am planning to cover them in this blog. I will try to keep this blog updated as I come across more tools. I will cover the following tools in this blog.

iperf is used for tcp and udp performance measurement.
Unicast TCP performance:


iperf -s


iperf -c 

Unicast UDP performance:

iperf -us


iperf -uc 

Multicast UDP performance:

iperf -s -u -B  -i 1

Server sends igmp joins towards client. When we do “Ctrl-C”, Server sends igmp leave.

iperf -c  -u --ttl 5 -t 100

Client sends UDP multicast traffic towards the server.
We need to add route entry for multicast address to corresponding interface so that multicast packets from client and server goes out in the correct interface.


tcpdump is a nice and simple command-line packet capture and analysis tool. It uses the pcap fileformat for packet capture. For more information on pcap fileformat, this is a good link. I refer to these links(1, 2) as quick reference of examples for tcpdump.
Following is 1 example :

tcpdump -c 5 -tttt -n -i eth0 tcp and src

The options above gives proper timestamp, count of 5 packets, ip address format, interface eth0 and filters tcp and src ip address=


tshark is a command-line for Wireshark and is used to capture and analyze packets. Filtering uses the same syntax as the GUI tool. Following are some examples that I use:

Check packet detail and raw packet from pcap file:

tshark -r pkt5.pcap -V
tshark -r pkt5.pcap -x

Read 500 packets and write to pcap file:

tshark -c 500 -w pkt5.pcap

Filter with a particular source and destination ip address. For more details on Wireshark/tshark filters, please refer here.

tshark -i eth4 -R ip.src== && ip.src==

netstat, ss:

Both of the above tools are useful to display socket connection details. netstat reads from /proc files, ss reads directly from kernel, so ss is much faster. Following are some examples:
All proto stats:

netstat -s

Display route table:

netstat -r

Display listening tcp sockets:

netstat -lt

Following links gives quick reference to examples for Netstat(1, 2) and ss.


iptables are used to manage Linux firewall or ACL rules. There are 4 main tables: Filter, NAT, Mangle, Raw. Each table has set of chains and each chain has a bunch of rules and actions. Following link covers the basics of iptables. I use this link(1, 2) for quick examples.

Following are some examples:
List filter table(Default is filter):

iptables --list

List NAT table:

iptables -t nat --list

Add rule to reject http traffic:

iptables -A INPUT -i eth1 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j REJECT

Delete the previous reject rule

iptables -D INPUT -i eth1 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j REJECT

View rule statistics:

iptables -nvL

Watch counter changes:

watch -d -n 2 iptables -nvL


Editcap is part of Wireshark distribution. Its a command line tool to edit pcap files.
Following example takes packet number 5,6 in test.pcap and saves it to pkt56.pcap:

editcap -r ~/test.pcap ~/pkt56.pcap 5-6

brctl and ovs-vsctl:

brctl and ovs-vsctl are tools to create and manage Linux and OVS bridges.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s