Monday, December 8, 2008

simple command for troubleshoot the network applications

most of time i do troubleshooting on the network application, these are few command i will use it with log as well.

1st, netstat
2nd, lsof

From server itself, you can use the below command
1st, netstat
[root@www errs]# netstat -an|grep 3306
tcp 0 0* LISTEN

note: see the port is opening :P

2nd, lsof
[root@www errs]# lsof -i tcp:3306
mysqld 7472 mysql 10u IPv4 12294 TCP *:mysql (LISTEN)

see, you can see those port 3306 is used by service, mysqld
and its PID is 7472
then is USER is mysql and etc.

especially lsof, it will tell you which application are bonded with the particular port.
explore lsof more :P you will get more with this command

from client you can try by localhost see whether the firewall is block it or not :P
C:\Documents and Settings\a13x>telnet 3306
Connecting To not open connection to the host, on port
3306: Connect failed

see, it is failed to connect. i believe is my firewall block it.

Let see the log form server.
Dec 8 17:56:11 www kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:1e:68:9a:f6:19:00:13:7f:c4:47:1a:08:00 SRC= DST= LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=40540 DF PROTO=TCP SPT=50960 DPT=3306 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 8 17:56:15 www psad: scan detected: -> tcp: [3306] flags: SYN tcp pkts: 1 DL: 1
see the log, the destination port is 3306 :P
that mean my firewall block it :P

so, the conclusion is mysql port 3306 only accessible by localhost or certain IP addresses :P

that's all for this part. Once you know what is the root cause, then only you can perform the troubleshooting.

another way , use sniffer like wireshark or tcpdump to troubleshoot it :P
you can get more :P but i dont plan to teach as im not really good in wireshark and this is dangerous tools for people who have evil mindset :P