Blog
Fixing Errors After a Linux Update: Common Problems and Practical Solutions in the Terminal
Mastering the Linux network stack requires more than just checking an IP. It’s about knowing exactly where the packet drops.
1. Layer 3: Addressing and Routing Logic
Advanced users don’t just check for an IP; they analyze how the kernel handles packet forwarding and routing tables.
- Extended Interface Stats:
ip -s -s link show eth0– Reveals precise counters for discards, collisions, and window errors. - Route Selection Debugging:
ip route get 1.1.1.1– Shows exactly which gateway, interface, and source IP the kernel will select for a specific destination. - Event Monitoring:
ip monitor all– A live feed of all network configuration changes (links, addresses, and routes).
2. High-Performance Socket Analysis with ss
The ss tool queries the kernel directly, making it significantly faster and more powerful than netstat for high-concurrency servers.
- Filtering by TCP State:
ss -t state syn-sent– Identify processes struggling to establish outbound connections. - Socket Memory Pressure:
ss -tmp– Displays the memory buffers used by each socket, essential for tuning high-load web servers. - Complex Expressions:
ss -nt dst 192.168.1.0/24– View all TCP connections to a specific subnet.
3. DNS Propagation and Path Latency
Beyond simple connectivity, we must identify packet loss at specific hops and verify DNS integrity.
- MTR (My Traceroute):
mtr -rw google.com– Provides a wide, comprehensive report of packet loss and jitter across the entire network path. - Iterative DNS Discovery:
dig +trace example.com– Bypasses local resolvers to query the DNS hierarchy from the Root servers down to the Authoritative ones.
4. Deep Packet Inspection: tcpdump
When the application layer fails, you must inspect the raw frames. tcpdump allows for granular filtering using BPF (Berkeley Packet Filter) syntax.
Filtering for specific TCP flags (e.g., ACK/RST):sudo tcpdump -i eth0 'tcp[tcpflags] & (tcp-ack|tcp-rst) != 0'
Inspecting HTTP Headers in real-time:sudo tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
Advanced Commands Summary
| Task | Command | Expert Use Case |
|---|---|---|
| ARP Cache | ip neigh |
Detecting IP spoofing or MAC address changes. |
| Port Readiness | nc -zv [ip] [port] |
Verifying firewall rules without full scans. |
| Bandwidth Testing | iperf3 -s / -c |
Benchmarking throughput between two nodes. |
| Flow Monitoring | nload |
Visualizing inbound/outbound traffic load per interface. |