Gentoo for Network Admins
This article hosts a guide for forging Gentoo into a fully-fledged, network-debugging Swiss army knife. This guide might be useful for:
- NOC engineers
- network admins
- site reliability engineers
- devops/netops engineers
This guide assumes the reader is familiar with the networking terminology and will therefore not go into detailed explaining of common acronyms or concepts. For example: defining DNS, IP addresses, OSI layers, et. al.
Useful tools
HTTP(S) debugging
root #emerge --ask net-misc/curlsimple HTTPS verification:
user $curl -Is https://www.example.comHTTP/2 200 date: Mon, 08 Jan 2024 09:53:11 GMT server: Apache/2.4 last-modified: Sat, 06 Jan 2024 05:43:21 GMT vary: Accept-Encoding x-frame-options: SAMEORIGIN content-type: text/html content-language: en age: 66 etag: W/"1968a-15ag718a56dfa-gzip" accept-ranges: bytes content-length: 123574
DNS debugging
net-dns/bind-tools contains most of the DNS debugging tools such as nslookup, dig, and host.
root #emerge --ask net-dns/bind-toolsSSL/TLS/PKI troubleshooting
The s_client, ocsp, x509 commands and others are included in the dev-libs/openssl package.
root #emerge --ask dev-libs/opensslPort knocking/scanning
Most popular command for netcat is nc -zv <host> <port>
root #emerge --ask net-analyzer/openbsd-netcatCheck which ports are open, which services are running with nmap.
root #emerge --ask net-analyzer/nmapTraffic analyzers
Listen on an interface and show src/dest traffic and speed:
root #emerge --ask net-analyzer/iftopInspect incoming/outgoing packets:
root #emerge --ask net-analyzer/tcpdumpInspect incoming/outgouing packets when net-analyzer/wireshark is available, using tshark:
user $tshark -i eth0Automate network testing when net-analyzer/wireshark is availble, using sharkd using python scripts. For unix and TCP sockets. Starting a spawnd instance:
user $spawnd -Hello in child.
Network bandwidth measurement
iperf has many use cases. It can for example stress test a network by running
user $iperf -c qa2IP troubleshooting (L3)
MyTraceroute does a traceroute by probing with ICMP packets:
root #emerge --ask net-analyzer/mtrIn case ICMP is blocked by some firewall on the LAN, try tcptraceroute:
root #emerge --ask net-analyzer/tcptraceroutelft Layer four traceroute, traceroute using TCP:
root #emerge --ask net-analyzer/lftL2 troubleshooting
Directly connected neighbor detection, capabilities, connected port etc:
root #emerge --ask net-misc/lldpdL1 troubleshooting
Link detection, WOL support, link modes et. al.:
root #emerge --ask sys-apps/ethtoolOthers
xlip
x11-misc/xclip can be used to copy logs, file contents, etc. without leaving the terminal. For example:
user $cat /var/log/emerge.log | xclip -sel clipopenssl
Use openssl for random generation instead of a dedicated tool or script:
user $openssl rand -hex 1671cb1117861f4a8cf08489b9f8cd6b73
net-misc/telnet-bsd - a working telnet client is a useful tool for troubleshooting networks.
See also
- Recommended tools — lists system-administration related tools recommended for use in a shell environment (terminal/console)