Earlier, I had written a blog on tools that I used with Opendaylight. In that blog, I covered Mininet, dpctl, packeth, Wireshark, Postman. I covered traffic generation tool Ostanito in another blog. There are few other miscellaneous networking tools that I use and I am planning to cover them in this blog. I will try to keep this blog updated as I come across more tools. I will cover the following tools in this blog.
iperf is used for tcp and udp performance measurement.
Unicast TCP performance:
Unicast UDP performance:
Multicast UDP performance:
iperf -s -u -B -i 1
Server sends igmp joins towards client. When we do “Ctrl-C”, Server sends igmp leave.
iperf -c -u --ttl 5 -t 100
Client sends UDP multicast traffic towards the server.
We need to add route entry for multicast address to corresponding interface so that multicast packets from client and server goes out in the correct interface.
tcpdump is a nice and simple command-line packet capture and analysis tool. It uses the pcap fileformat for packet capture. For more information on pcap fileformat, this is a good link. I refer to these links(1, 2) as quick reference of examples for tcpdump.
Following is 1 example :
tcpdump -c 5 -tttt -n -i eth0 tcp and src 192.168.0.101
The options above gives proper timestamp, count of 5 packets, ip address format, interface eth0 and filters tcp and src ip address=192.168.0.101
tshark is a command-line for Wireshark and is used to capture and analyze packets. Filtering uses the same syntax as the GUI tool. Following are some examples that I use:
Check packet detail and raw packet from pcap file:
tshark -r pkt5.pcap -V tshark -r pkt5.pcap -x
Read 500 packets and write to pcap file:
tshark -c 500 -w pkt5.pcap
Filter with a particular source and destination ip address. For more details on Wireshark/tshark filters, please refer here.
tshark -i eth4 -R ip.src==192.168.56.101 && ip.src==192.168.56.102
Both of the above tools are useful to display socket connection details. netstat reads from /proc files, ss reads directly from kernel, so ss is much faster. Following are some examples:
All proto stats:
Display route table:
Display listening tcp sockets:
iptables are used to manage Linux firewall or ACL rules. There are 4 main tables: Filter, NAT, Mangle, Raw. Each table has set of chains and each chain has a bunch of rules and actions. Following link covers the basics of iptables. I use this link(1, 2) for quick examples.
Following are some examples:
List filter table(Default is filter):
List NAT table:
iptables -t nat --list
Add rule to reject http traffic:
iptables -A INPUT -i eth1 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j REJECT
Delete the previous reject rule
iptables -D INPUT -i eth1 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j REJECT
View rule statistics:
Watch counter changes:
watch -d -n 2 iptables -nvL
Editcap is part of Wireshark distribution. Its a command line tool to edit pcap files.
Following example takes packet number 5,6 in test.pcap and saves it to pkt56.pcap:
editcap -r ~/test.pcap ~/pkt56.pcap 5-6