Solaris Network FAQ
Author: Todd Murchison
Last Updated:
07/16/2001
Version: 1.0
Q. How can I check the status and/or settings of a network interface?
prompt> ifconfig -a
lo0:
flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
inet 127.0.0.1 netmask ff000000
hme1:
flags=862<BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
inet 10.16.0.240 netmask ffffff00 broadcast 10.16.0.255
ether 8:0:20:a2:a9:be
hme0:
flags=843<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.16.0.240 netmask ffffff00 broadcast 10.16.0.255
ether 8:0:20:a2:a9:be
Q. How can I shutdown or bring up an interface?
Shutdown interface hme0:
ifconfig
hme0 down
Bring up interface hme1:
ifconfig
hme1 up
Note: Changing the status of a
network interface should be done from the system console.
Q. How can I check an interface for errors and/or collisions?
Check interface hme0 for errors every 5 seconds:
prompt> netstat -I
hme0 -i 5
input hme0 output input (Total) output
packets errs packets errs colls packets errs packets errs colls
815260790 2 733431285 0 0 1746886768
82 1683234017 0 0
649 0
478 0 0
649 0 478
0 0
234 0
114 0 0
234 0 114
0 0
246 0
114 0 0
246 0 114
0 0
258 0
143 0 0
258 0 143
0 0
209 0
123 0 0
209 0 123
0 0
234 0
111 0 0
234 0 111 0
0
^C
Q. How can I change the netmask on an interface?
Change the netmask of hme0 to a /24 mask:
ifconfig
hme0 netmask 255.255.255.0
Change the netmask of hme0 to a /25 mask:
ifconfig hme0 netmask
255.255.255.128
Q. How can I tell if an interface is set for auto negotiation or not?
Check interface hme0:
prompt> ndd
-set /dev/hme instance 0
prompt> ndd
-get /dev/hme adv_autoneg_cap
0
Check interface hme1:
prompt> ndd
-set /dev/hme instance 1
prompt> ndd
-get /dev/hme adv_autoneg_cap
0
Note: A value of 0 (zero) equals “off” and a value of 1 (one) equals “on.” In the above example, auto negotiation is set to “off” on both interfaces.
Q. How can I turn auto negotiation off on an interface?
For interface hme0:
ndd -set /dev/hme instance
0
ndd -set /dev/hme adv_autoneg_cap 0
For interface hme1:
ndd -set /dev/hme instance
1
ndd -set /dev/hme adv_autoneg_cap 0
Q. How can I check the duplex setting on a network interface?
Check interface hme0:
prompt> ndd
-set /dev/hme instance 0
prompt>
ndd -get /dev/hme adv_100hdx_cap
0
prompt>
ndd -get /dev/hme adv_100fdx_cap
1
Check interface hme1:
prompt> ndd
-set /dev/hme instance 1
prompt>
ndd -get /dev/hme adv_100hdx_cap
0
prompt>
ndd -get /dev/hme adv_100fdx_cap
1
Note: A value of 0 (zero) equals “off” and a value of 1 (one) equals “on.” In the examples above, 100hdx or half duplex is set to “off” and 100fdx or full duplex is set to “on.”
Q. How can I hard-code the duplex setting on an interface to full?
On interface hme0:
ndd -set /dev/hme instance 0
ndd -set /dev/hme adv_100hdx_cap 0
ndd -set /dev/hme adv_100fdx_cap 1
On interface hme1:
ndd -set /dev/hme instance 1
ndd -set /dev/hme adv_100hdx_cap 0
ndd -set /dev/hme adv_100fdx_cap 1
Q. How can I look at the routing table on a Solaris host?
prompt> netstat -rn
Routing Table:
Destination Gateway
Flags Ref Use
Interface
-------------------- --------------------
----- ----- ------ --------
10.16.0.0 10.16.0.240
U 26733078 hme0
192.168.51.0 10.16.0.3
UG 0 203
10.9.0.0 10.16.0.3
UG 0 647309
172.28.0.0 10.16.0.3
UG 0 37
default 10.16.0.1
UG 0 789311
127.0.0.1 127.0.0.1 UH 04134239 lo0
Q. How can I add a route on a Solaris host?
Adding a network route:
route add
-net 10 10.16.0.3 1
Adding a host route:
route add
10.128.101.1 10.16.0.3 1
Q. How can I delete a route from a Solaris host?
Removing a network route:
route
delete -net 10 10.16.0.3
Removing a host route:
route
delete 10.128.101.1 10.16.0.3
Q. How can I check the (TCP & UDP) connections on a Solaris host?
prompt> netstat -an
UDP
Local Address Remote Address
State
--------------------
-------------------- -------
*.sunrpc Idle
*.* Unbound
*.32771 Idle
*.32774 Idle
TCP
Local Address
Remote Address Swind Send-Q
Rwind Recv-Q State
--------------------
-------------------- ----- ------ ----- ------ -------
*.*
*.* 0 0
0 0 IDLE
*.sunrpc *.* 0
0 0 0 LISTEN
*.*
*.* 0 0
0 0 IDLE
*.32771
*.* 0 0
0 0 LISTEN
*.lockd
*.* 0 0 0
0 LISTEN
*.22
*.* 0 0
0 0 LISTEN
10.16.0.240.1014 10.16.0.245.1013 8760 0 8760 0 CLOSE_WAIT
10.16.0.240.1013 10.9.106.72.513 8760 0 8760
0 ESTAB
10.16.0.240.995 10.16.0.22.514 8760 0 8760
0 FIN_WAIT_2
10.16.0.240.994 10.16.0.22.1021 8760 0 8760 0 ESTAB
Q. How can I tell if something is listening at a specific port?
Check port 80 (HTTP) on the local machine:
prompt> telnet
localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
telnet> quit
Connection closed.
Check port 25 (SMTP) on the local machine:
prompt> telnet
localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220
mn-sc-0.itn.net ESMTP Sendmail 8.9.3/8.9.3; Mon, 16 Jul 2001 06:54:18 -0700
(PDT)
telnet> quit
Connection closed.
Note: Also see the `netstat –an` command.
Check port 80 (HTTP) on a remote host:
prompt> telnet ww-sc-9
80
Trying 10.16.0.29...
Connected to ww-sc-9.itn.net.
Escape character is '^]'.
telnet> quit
Connection closed.
Q. How can I issue an extended (ICMP) ping command?
prompt>
ping -s 10.16.1.1
PING 10.16.1.1: 56 data bytes
64 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=0.
time=0. ms
64 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=1.
time=0. ms
64 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=2.
time=0. ms
64 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=3.
time=0. ms
64 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=4.
time=0. ms
64 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=5.
time=1. ms
64 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=6.
time=0. ms
64 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=7.
time=0. ms
64 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=8.
time=0. ms
64 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=9.
time=0. ms
^C
----10.16.1.1 PING Statistics----
10 packets transmitted, 10 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/1
Q. How can I change the ICMP packet size using the ping command?
prompt>
ping -s 10.16.1.1 1016
PING 10.16.1.1: 1016 data bytes
1024 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=0.
time=1. ms
1024 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=1.
time=1. ms
1024 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=2.
time=2. ms
1024 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=3.
time=2. ms
1024 bytes from fw-sc-0.itn.net (10.16.1.1): icmp_seq=4.
time=1. ms
^C
----10.16.1.1 PING Statistics----
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 1/1/2
Note: The ping command adds 8 bytes to the packet size
you specify on the command line. (1016 + 8 = 1024 bytes)
Q. How can I trace packets through the network?
prompt>
traceroute 10.9.106.5
traceroute to 10.9.106.5 (10.9.106.5), 30 hops max, 40 byte
packets
1 rt-sc-3.itn.net (10.16.0.5) 0.847 ms
0.405 ms 0.359 ms
2 10.4.12.2 (10.4.12.2) 4.004 ms
3.748 ms 3.716 ms
3 10.9.104.3 (10.9.104.3) 4.950 ms
3.441 ms 3.333 ms
4 10.9.106.5 (10.9.106.5) 18.086 ms 10.788 ms 12.043 ms
Q. How can I find the IP address of a host?
prompt>
nslookup fw-sc-0
Server: localhost
Address: 127.0.0.1
Name: fw-sc-0.itn.net
Address: 10.16.1.1
Q. I know the IP address. How can I find the host it’s assigned to?
prompt>
nslookup 10.16.1.1
Server: localhost
Address: 127.0.0.1
Name:
fw-sc-0.itn.net
Address: 10.16.1.1
Q. Can I make Solaris act like a sniffer and view packets on an interface?
Yes.
prompt>
snoop –v
ETHER:
----- Ether Header -----
ETHER:
ETHER: Packet 120
arrived at 0:54:50.94
ETHER: Packet size
= 60 bytes
ETHER: Destination
= 8:0:20:a2:a9:be, Sun
ETHER: Source = 8:0:20:c4:c3:30, Sun
ETHER: Ethertype =
0800 (IP)
ETHER:
IP: ----- IP
Header -----
IP:
IP: Version = 4
IP: Header length
= 20 bytes
IP: Type of
service = 0x00
IP: xxx.
.... = 0 (precedence)
IP: ...0
.... = normal delay
IP: .... 0... = normal throughput
IP: ....
.0.. = normal reliability
IP: Total length =
40 bytes
IP: Identification
= 62805
IP: Flags = 0x0
IP: .0..
.... = may fragment
IP: ..0.
.... = last fragment
IP: Fragment offset
= 0 bytes
IP: Time to live =
255 seconds/hops
IP: Protocol = 6
(TCP)
IP: Header
checksum = b13c
IP: Source address
= 10.16.0.46, ww-sc-26.itn.net
IP: Destination
address = 10.16.0.240, prompt
IP: No options
IP:
TCP: ----- TCP
Header -----
TCP:
TCP: Source port =
514
TCP: Destination
port = 973
TCP: Sequence
number = 985735507
TCP:
Acknowledgement number = 389504632
TCP: Data offset =
20 bytes
TCP: Flags = 0x10
TCP: ..0.
.... = No urgent pointer
TCP: ...1
.... = Acknowledgement
TCP: ....
0... = No push
TCP: ....
.0.. = No reset
TCP: ....
..0. = No Syn
TCP: ....
...0 = No Fin
TCP: Window = 8760
TCP: Checksum =
0xa0cc
TCP: Urgent pointer
= 0
TCP: No options
TCP:
RSHELL: -----
RSHELL: -----
RSHELL:
RSHELL:
""
Other variations of the snoop command:
snoop –V -less verbose output
snoop –v 10.16.0.20 -view packets to/from host 10.16.0.20
snoop –v src 10.16.0.20 -view packets with source address 10.16.0.20
snoop –v dst 10.16.0.20 -view packets with destination address 10.16.0.20
snoop –v tcp -capture TCP packets only
snoop –d hme1 –v -capture packets on interface hme1
Q. How can I find out if a server is running it’s own DNS process?
prompt>
ps -ef | grep named | grep -v grep
root 10269 1 0 May 25 ? 3:05 /usr/sbin/in.named
Note: “in.named” is the DNS
(BIND) process. In the above example, the system is running it’s own DNS
server.
Q. How can I check the ARP cache on a Solaris host?
prompt> netstat -pn
Net to Media Table
Device
IP Address
Mask Flags Phys Addr
------ --------------------
--------------- ----- ---------------
hme0
10.16.0.27
255.255.255.255
08:00:20:a2:a8:91
hme0
10.16.0.25 255.255.255.255
08:00:20:a2:a8:1e
hme0 10.16.0.30 255.255.255.255 08:00:20:a2:a8:68
--OR—
prompt> arp -a
Net to Media Table
Device
IP Address
Mask Flags Phys Addr
------ -------------------- ---------------
----- ---------------
hme0
ww-sc-6.itn.net
255.255.255.255
08:00:20:a2:a7:a7
hme0
ww-sc-7.itn.net
255.255.255.255
08:00:20:a2:a8:91
hme0
ww-sc-5.itn.net
255.255.255.255
08:00:20:a2:a8:1e
Q. Where are the (important) Solaris network files located?
/etc/inet/hosts
/etc/inet/netmasks
/etc/inet/services
/etc/inet/inetd.conf
/etc/resolv.conf
/etc/defaultrouter
/etc/nsswitch.conf
Q. How can I find out more about the Solaris commands in this FAQ?
View the manual page for the snoop command (for example):
man
snoop