Gentoo for Network Admins

From Gentoo Wiki
Jump to: navigation, search

This article hosts a guide for fellow UNIX Network Admins/SRE/DevOps into configuring a fully-fledged Swiss army knife Gentoo in order to make network debugging much easier.

This guide assumes the reader is already familiar with the networking terminology and therefore will not go into further detail in explaining common acronyms or concepts. For example: defining DNS, IP addresses, OSI layers, et. al.

Useful tools

DNS debugging

net-dns/bind-tools contains most of the DNS debugging tools such as nslookup, dig, and host.

root #emerge --ask net-dns/bind-tools

SSL/TLS/PKI troubleshooting

The s_client, ocsp, x509 commands and others:

root #emerge --ask dev-libs/openssl

Port knocking/scanning

Most popular command for netcat is nc -zv <host> <port>

root #emerge --ask net-analyzer/netcat

Check which ports are open, which services are running with nmap.

root #emerge --ask net-analyzer/nmap

Traffic analyzers

Listen on an interface and show src/dest traffic and speed:

root #emerge --ask net-analyzer/iftop

Inspect incoming/outgoing packets:

root #emerge --ask net-analyzer/tcpdump

Network bandwidth measurement

iperf has many use cases. It can for example stress test a network by running iperf -c qa2

root #emerge --ask net-misc/iperf

IP troubleshooting (L3)

MyTraceroute does a traceroute by probing with ICMP packets:

root #emerge --ask net-analyzer/mtr

In case ICMP is blocked by some firewall on the LAN, try tcptraceroute:

root #emerge --ask net-analyzer/tcptraceroute

lft Layer four traceroute, traceroute using TCP:

root #emerge --ask net-analyzer/lft

L1 troubleshooting

Link detection, WOL support, link modes et. al.:

root #emerge --ask sys-apps/ethtool

Directly connected neighbor detection, capabilities, connected port etc:

root #emerge --ask net-misc/lldpd


Copy logs, file contents, et. al. without leaving terminal cat /var/log/emerge.log | xclip -sel clip

root #emerge --ask x11-misc/xclip

External resources