Saturday, January 29, 2011

How to determine which NIC data/traffic is using?

How to determine which NIC data/traffic is using? To make sure routing is correct.

From serverfault mattlandis

  • You can use IPTRAF, which I've found is nice, and will let you see the data that is traveling between each device in real-time.

    Farseeker : Worth noting that IPTRAF is *nix only, AFAIK
    From JPerkSter

  • To find out which route the traffic is taking to a certain address over TCP, use the 'Trace Route' tool.

    For Windows, the command is:

    tracert [host]

    Where [host] is what you want to check, say google.com or mymachine.domain.local.

    By looking at the first hop, you'll know where it went. For example:

    C:\Users\Mark>tracert google.com

Tracing route to google.com [66.102.11.104]
over a maximum of 30 hops:

  1    14 ms    13 ms    14 ms  nexthop.nsw.iinet.net.au [203.55.231.88]

    Tells me that my traffic to Google is going over my iiNet NIC, but if I tracert 118.82.45.35 (where I have a static route going to a different NIC) I see:

    Tracing route to 118.82.45.35 over a maximum of 30 hops

  1     1 ms    <1 ms    <1 ms  192.168.161.1
  2    29 ms    28 ms    28 ms  lns20.syd6.internode.on.net [150.101.199.159]

    Which tells me that it's going to a different gateway (and different NIC), and over my Internode internet connection.

    -- Update --

    If this is not enough evidence, or the first hops are the same, then your only option will be to do as Zoredache said, and use WireShark and watch the actual packets flow through the NIC.

    mattlandis : this doesn't tell me what nic it left my pc on. Or am i missing something?
    Farseeker : You can tell which NIC by looking at the first hop. Each NIC will have a different gateway (and if they don't, they should), so you should see the gateway's IP address there.
    mattlandis : I just checked and tracert does not help me at all.
    Farseeker : If you hve two nics on differet subnets, then there should be a clear difference between the two traces, unless your network is configured in a highly peculiar manner.
    From Farseeker

  • How to determine which NIC data/traffic is using?

    If I was in doubt, I would check the routing tables and things like other people mentioned, but then I would fire up my sniffer (wireshark, tcpdump) and perform a capture on the interface in question while I generate some traffic to actually determine if it is doing what it is supposed to be doing.

    From Zoredache

  • Zoredache comment about sniffer is, I think, the gold standard.

    Another options: use the ifconfig command to see if the number of transmitted and received packets on the interface is increasing. Also, can see if any other interfaces are being used.

    For shell scripts, you may be able to query the proc data structures directly.

    Farseeker : Note also IFCONFIG is also a *nix utiltity, for future reference
    From EricJLN
Posted by Ku XI at 5:34 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)