Madhav Kobal's Blog

This blog will be dedicated to Linux, Open Source and Technology news, affairs, how-tos and virtually EVERYTHING in these domains.

Posts Tagged ‘Networking’

resolv.conf – “options rotate” discovery of ISP DNS

Posted by madhavkobal on 03/10/2009

From the  manpage of resolv.conf. While reading it I saw the following really nice option:

rotate               sets  RES_ROTATE  in _res.options, which causes round robin selection of name‐
                     servers from among those listed.  This has the effect of spreading  the  query
                     load  among  all  listed servers, rather than having all clients try the first
                     listed server first every time.

Since then my /etc/resolv.conf on both Gentoo and Debian looks like that:
options rotate

(I prefer using GrNET’s DNS servers than any others in Greece, especially for my laptop configuration. Since they allow recursion I can use them to avoid lousy DNS services provided by lousy DSL routers regardless of the ISP I am currently using, when I am “mobile” with my laptop.)

While using the following config I issued a ping command on a teminal and a tcpdump command on another to see what was actually happening. The result looked like this:
root@lola:~# tcpdump -ni eth1 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
11:20:46.405694 IP > 39212+ A? (25)
11:20:46.444266 IP > 39212* 1/5/8 A (319)
11:20:46.484490 IP > 50452+ PTR? (46)
11:20:46.584171 IP > 50452 ServFail 0/0/0 (46)
11:20:46.584449 IP > 50452+ PTR? (46)
11:20:46.624179 IP > 50452 1/7/6 (357)
11:20:47.484420 IP > 33179+ PTR? (46)
11:20:47.524176 IP > 33179 1/7/6 (357)
11:20:48.484483 IP > 21949+ PTR? (46)
11:20:48.524184 IP > 21949 1/3/6 (271)
11:20:49.487610 IP > 8619+ PTR? (46)
11:20:49.534204 IP > 8619 ServFail 0/0/0 (46)
11:20:49.534429 IP > 8619+ PTR? (46)
11:20:49.574138 IP > 8619 1/7/6 (357)
11:20:50.494537 IP > 3415+ PTR? (46)
11:20:50.534145 IP > 3415 1/7/6 (357)
11:20:51.494552 IP > 4504+ PTR? (46)
11:20:51.534205 IP > 4504 1/3/6 (271)
11:20:52.494554 IP > 48450+ PTR? (46)
11:20:52.544197 IP > 48450 ServFail 0/0/0 (46)
11:20:52.544409 IP > 48450+ PTR? (46)
11:20:52.584232 IP > 48450 1/7/6 (357)

People who are used to reading tcpdump output will immediately point out the ServFail entries of the log. Server refused to provide proper results for the PTR query of

Further investigation of the problem:

root@lola:~# dig ptr @
;  IN  PTR

root@lola:~# dig ptr @
;  IN  PTR

root@lola:~# dig ptr @
;  IN  PTR

It was obvious that 2 out of 3 DNS servers responded as they should and the other did not.

Original Author : kargig


Posted in Uncategorized | Tagged: , | Leave a Comment »

ss – Another Utility to Investigate Sockets

Posted by madhavkobal on 20/09/2009

After configuring services on the network in Linux system, it’s important for you to keep tabs on the ports that are actually listening on the system’s network interfaces. This is all more important because open ports are evidence of an intrusion. There are a Linux monitoring tools that will allow you the knowledge of open ports. There are some basic approaches for listing the ports that are listening on the network. Let’s have a look at one of the most easiest reliable ones.

We would like to show you the ss command to inspect the socket statistics. This is more reliable command that displays more TCP and state information than any other tools.

The ss command provides information about

  • All TCP sockets.
  • All UDP sockets.
  • All established ssh / ftp / http / https connections.
  • All local processes connected to X server.
  • All the tcp sockets in state FIN-WAIT-1 and much more.

ss  is  used  to  dump socket statistics. It allows showing information similar to netstat.  It can display more TCP and state informations than other tools

To display Socket Summary type this in the terminal

# ss -s

Sample Output


Display all the open ports

# ss -l

Sample Output


To see the process names using open socket type this command

# ss -pl

Track who is responsible for opening socket/port

# ss -lp | grep

To show all the TCP sockets

# ss -t -a

To display all UDP sockets

# ss -u -a

Posted in Uncategorized | Tagged: , | 2 Comments »