{{tag>Brouillon Réseau}}

= Notes diag réseau

Commande **ip** https://access.redhat.com/sites/default/files/attachments/rh_ip_command_cheatsheet_1214_jcs_print.pdf

Diag

<code bash>
ifstat
ss -s
ss -peaonmi
# sar -n DEV
sar -n ALL
networkctl
</code>

<code bash>
networkctl list
</code>

<code bash>
ip -4 -o addr
</code>

Only up
<code ->
$ ip link ls up

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
</code>

<code ->
$ ip -0 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 14:da:e9:a6:da:ca brd ff:ff:ff:ff:ff:ff
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 74:2f:68:4b:6c:41 brd ff:ff:ff:ff:ff:ff
</code>

<code ->
# cat /sys/class/net/eth0/speed
1000
</code>


<code ->
# cat /sys/class/net/eth0/duplex
full
</code>


Lister toutes les interfaces branchées 
<code ->
# grep 1 /sys/class/net/*/carrier
/sys/class/net/eth0/carrier:1
/sys/class/net/eth1/carrier:1
/sys/class/net/eth2/carrier:1
/sys/class/net/eth3/carrier:1
/sys/class/net/lo/carrier:1
</code>

<code bash>
ethtool eth0
</code>

<code ->
Settings for eth0:
	Supported ports: [ TP MII ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Half 1000baseT/Full 
	Supported pause frame use: No
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Half 1000baseT/Full 
	Advertised pause frame use: Symmetric Receive-only
	Advertised auto-negotiation: Yes
	Speed: 10Mb/s
	Duplex: Half
	Port: MII
	PHYAD: 0
	Transceiver: internal
	Auto-negotiation: on
	Supports Wake-on: pumbg
	Wake-on: d
	Current message level: 0x00000033 (51)
			       drv probe ifdown ifup
	Link detected: no
</code>

Si pas de ''ethtool'', essayer ''mii-tool''

<code bash>
# mii-tool eth0
eth0: no link
</code>

On arrête le "network-manager" car nous allons configurer le réseau manuellement
<code bash>
service network-manager stop
</code>

Demande d'un bail DHCP (DHCP OFFER)
<code bash>
dhclient eth0
</code>

Parfois il faut faire un ''dhclient -r'' avant pour que ça fonctionne.
<code bash>
dhclient -r eth0
dhclient eth0
</code>

Si rien ne se passe ''Ctrl + c''. C'est qu'on ne parviens pas à avoir une réponse du serveur DHCP.

Statistic
<code bash>
ip -s link show eth0
</code>



== Changer l'adresse ip avec iproute2 (ip)



Effacement de l’ancienne adresse ipv4 
<code bash>
ip -4 a del dev eth0
</code>

Nous pouvons définir manuellement l'adresse IP :
<code bash>
#ifconfig eth0 192.168.1.12 netmask 255.255.255.0 up
ip addr add 192.168.1.12/24 dev eth0
ip link set eth0 up
</code>


== Définir la route / passerelle par défaut

Voir la table de routage
<code bash>
ip r
ip route show table all
#ip r show table all |egrep -v "^unreachable|^local|^broadcast"
</code>

Ajouter une route
<code bash>
ip route add default via 192.168.1.1
</code>

Supprimer une passerelle par défaut

<code bash>
ip route del 0.0.0.0/0 via 192.168.1.1
</code>

Test / diag / debug du routage
<code bash>
ip route get 8.8.8.8
</code>

=== Traceroute

Voir :
* tracepath
* https://www.cloudflare.com/fr-fr/learning/network-layer/what-is-mtr/
* https://www.cloudflare.com/learning/network-layer/what-is-mtr/

Voir aussi : https://en.wikipedia.org/wiki/Source_routing

Traceroute avec MTR
<code ->
$ mtr -c 10 --udp 10.33.133.246 -P 88 -rn
Start: 2023-07-11T16:55:56+0200
HOST: websrv1                     Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 10.230.223.1               0.0%    10    0.2   0.3   0.2   1.0   0.2
  2.|-- 10.255.183.12              0.0%    10    0.6   3.1   0.6  11.0   4.3
  3.|-- 10.255.29.2                0.0%    10    0.7   1.0   0.6   2.2   0.6
  4.|-- 10.154.254.1               0.0%    10   25.4  25.6  25.4  27.1   0.5
  5.|-- 10.133.4.178               0.0%    10   25.4  25.6  25.3  26.1   0.3
  6.|-- 10.133.4.38                0.0%    10   26.7  26.8  25.7  34.4   2.7
  7.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
</code>



=== Connaître l'adresse MAC d'origine / permanente

Certains types d’agrégation de liens (bonding) utilise le changement d'adresse MAC. \\
Il peut être utile de retrouver l'@MAC original de la carte.

<code ->
# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eno50
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eno49
MII Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: 5c:b9:01:d0:06:d0
Slave queue ID: 0

Slave Interface: eno50
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 5c:b9:01:d0:06:d8
Slave queue ID: 0
</code>


<code ->
# ethtool -P eno50
Permanent address: 5c:b9:01:d0:06:d8
</code>

ou (si supporté)

<code ->
# cat /sys/class/net/eno50/phys_port_id
5cb901d006d8
</code>

Alors que l'adresse actuelle définie (spoofé) est :
<code ->
# cat /sys/class/net/eno50/address
5c:b9:01:d0:06:d0
</code>

<code ->
# ip a show dev eno50
3: eno50: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP qlen 1000
    link/ether 5c:b9:01:d0:06:d0 brd ff:ff:ff:ff:ff:ff
</code>


== Exemple conf Debian

''/etc/network/interfaces''
<code ->
source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
        address 192.168.56.12
        netmask 255.255.255.0
        gateway 192.168.56.1
        
allow-hotplug eth2
iface eth2 inet static
        address 10.240.100.101
        netmask 255.255.255.0
        network 10.240.100.0
        broadcast 10.240.100.255
        gateway 10.240.100.250
        # dns-* options are implemented by the resolvconf package, if installed
        dns-search localdomain
        dns-nameservers 8.8.8.8 8.8.4.4
</code>

<code bash>
#systemctl restart networking
ifdown eth0
ifup eth0
</code>


== Exemple conf RedHat

Notes : 
* A partir de RHEL9 **keyfile** remplace **ifcfg**

''/etc/sysconfig/network-scripts/ifcfg-eth0''
<code ini>
TYPE=Ethernet
BOOTPROTO=dhcp
#DEFROUTE=no
#PEERDNS=no
IPV6INIT=no
IPV4_FAILURE_FATAL=no
NAME=eth0
DEVICE=eth0
ONBOOT=yes
NM_CONTROLLED=no
</code>


''/etc/sysconfig/network-scripts/ifcfg-eth1''
<code ini>
DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
HWADDR=00:50:56:c4:8d:ae
NETMASK=255.255.255.0
IPADDR=192.168.10.101
GATEWAY=192.168.10.1
#MTU=1450
</code>

<code bash>
#systemctl restart network
ifdown eth0
ifup eth0
</code>


== Bonding

<code bash>
ip a |grep bond0
cat /proc/net/bonding/bond0
</code>


Suppression agrégation de liens

<code bash>
ip link set dev bond0 down
ip link del dev bond0
</code>


== Netplan

''/etc/network/interfaces''
<code ->
# ifupdown has been replaced by netplan(5) on this system.  See
# /etc/netplan for current configuration.
# To re-enable ifupdown on this system, you can run:
#    sudo apt install ifupdown
</code>


''/etc/netplan/01-netcfg.yaml''
<code yaml>
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    ens192:
      dhcp4: no
      dhcp6: no
      addresses:
      - 10.15.65.5/24
      gateway4: 10.15.65.254
      nameservers:
        addresses: [192.168.130.11,192.168.131.75]
    ens160:
      dhcp4: no
      dhcp6: no
      addresses:
      - 192.168.1.105/24
      - 2a01:4588:0:fd::109/64
      gateway4: 192.168.1.1
      gateway6: 2a01:4580:0:fd::1
      nameservers:
        addresses:
        - 46.18.130.11
        - 46.18.131.75
      routes:
      - to: 192.168.255.0/24
        via: 192.168.1.1
</code>

Pour vérifier la config
<code bash>
netplan try

# Rien de sera appliqué si --debug
netplan --debug apply
</code>

Si OK pour appliquer
<code bash>
netplan apply
</code>


<code ->
     netplan generate: Use /etc/netplan to generate the required
configuration for the renderers.
     netplan apply: Apply all configuration for the renderers,
restarting them as necessary.
</code>

<code bash>
# pour vérifier que la syntaxe était bonne, puis
netplan --debug generate

netplan generate 
netplan apply

man 5 netplan
</code>


== Network-Manager UI

Liste :
* connman / cmst
* wicd
* nm-tray / network-manager


== Promiscuous mode

<code bash>
ip link set eth0 promisc on
</code>


== Autres 

Voir :
* ''/etc/resolvconf/resolv.conf.d/head''


== Perte de paquets ?


<code ->
netstat -s | grep retransmitted
     368644 segments retransmitted

netstat -s | grep segments
         149840 segments received
         150373 segments sent out
         161 segments retransmitted
         13 bad segments received
</code>


== Err

<code ->
# systemctl restart network
RTNETLINK answers: File exists
</code>

Solution
<code bash>
systemctl stop NetworkManager
#ip addr flush dev eth1
#ps -ef |grep -i net
</code>