[Linux] 네트워크 통신 문제 해결 가이드

1. 하드웨어 상태 점검

1.1 물리적 연결 확인

• 모든 케이블이 제대로 연결되었는지 확인
• 네트워크 인터페이스 카드(NIC)의 LED가 정상적으로 깜박이는지 확인
• 케이블에 손상이 의심된다면 교체 추천

1.2 링크 상태 확인

• 링크가 감지되었는지, 속도 및 듀플렉스 설정이 올바른지 확인합니다.

# ethtool eth0
Settings for eth0:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Supported pause frame use: No
        Supports auto-negotiation: Yes
        Supported FEC modes: Not reported
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Advertised pause frame use: No
        Advertised auto-negotiation: Yes
        Advertised FEC modes: Not reported
        Speed: 1000Mb/s
        Duplex: Full
        Auto-negotiation: on
        Port: Twisted Pair
        PHYAD: 1
        Transceiver: internal
        MDI-X: on (auto)
        Supports Wake-on: pumbg
        Wake-on: g
        Current message level: 0x00000007 (7)
                               drv probe link
        Link detected: yes

• 링크가 활성 상태인지 확인합니다.

# mii-tool eth0
eth0: negotiated 1000baseT-FD flow-control, link ok

 

2. 시스템 수준 진단

2.1 네트워크 인터페이스 확인

• 활성 인터페이스에 IP 주소가 설정되어 있는지 확인합니다.
• 출력에서 오류, 드롭된 패킷, 충돌 여부를 확인합니다.

# ifconfig -a
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:21ff:fe87:aeb  prefixlen 64  scopeid 0x20<link>
        ether 02:42:21:87:0a:eb  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 36  bytes 5955 (5.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.207.10  netmask 255.255.255.0  broadcast 192.168.207.255
        inet6 fe80::460e:904b:d395:cb6a  prefixlen 64  scopeid 0x20<link>
        ether d0:50:99:a5:82:33  txqueuelen 1000  (Ethernet)
        RX packets 112763656  bytes 64222745390 (59.8 GiB)
        RX errors 3  dropped 421  overruns 0  frame 2
        TX packets 65293795  bytes 29591807775 (27.5 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf3100000-f3120000

 

또는

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether d0:50:99:a5:82:33 brd ff:ff:ff:ff:ff:ff
    altname enp0s25
    inet 192.168.207.10/24 brd 192.168.207.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::460e:904b:d395:cb6a/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:21:87:0a:eb brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:21ff:fe87:aeb/64 scope link
       valid_lft forever preferred_lft forever
5: veth296af2e@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether 7e:62:f2:e3:04:92 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::7c62:f2ff:fee3:492/64 scope link
       valid_lft forever preferred_lft forever

 

2.2 네트워크 서비스 재시작

# systemctl restart network
# systemctl restart NetworkManager

 

3. 연결 테스트

3.1 Ping Test

• 물리적으로 연결되어 있는 서버 혹은 게이트웨이 등 에 Ping Test를 한다.
• 외부망이 연결되어 있다면 ping 8.8.8.8 혹의 ping google.com으로 Ping Test 한다.

# ping 192.168.207.11
# ping 192.168.207.254

3.2 경로 추적

• 원격 호스트로 가는 경로 확인

# traceroute 192.168.207.254
traceroute to 192.168.207.254 (192.168.207.254), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *

 

# tracepath 192.168.207.254
 1?: [LOCALHOST]                      pmtu 1500
 1:  no reply
 2:  no reply
 3:  no reply
 4:  no reply
 5:  no reply

 

4. 포트 및 서비스 점검

4.1 Listening 포트 확인

• 프로세스와 함께 TCP Listening 포트를 확인합니다.

# netstat -tlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:radan-http    0.0.0.0:*               LISTEN      1240/influxd
tcp        0      0 Master10:origo-native   0.0.0.0:*               LISTEN      1250/etcd

 

4.2 열린 포트 확인

# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:8088          0.0.0.0:*               LISTEN      1240/influxd
tcp        0      0 192.168.207.10:3001     0.0.0.0:*               LISTEN      1250/etcd
tcp        0      0 0.0.0.0:60889           0.0.0.0:*               LISTEN      1245/rpc.statd
tcp        0      0 0.0.0.0:40187           0.0.0.0:*               LISTEN      -

 

4.3 서비스별 테스트

# curl -I localhost
HTTP/1.1 200 OK
Date: Wed, 22 Jan 2025 00:59:12 GMT
Server: Apache
Set-Cookie: PHPSESSID=heo4pem5fvpiaqvb868kkkn5c6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=heo4pem5fvpiaqvb868kkkn5c6; path=/
Set-Cookie: PHPSESSID=heo4pem5fvpiaqvb868kkkn5c6; path=/
Content-Type: text/html; charset=UTF-8

 

# nslookup naver.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   naver.com
Address: 223.130.200.219
Name:   naver.com
Address: 223.130.192.248
Name:   naver.com
Address: 223.130.200.236
Name:   naver.com
Address: 223.130.192.247

 

# dig naver.com

; <<>> DiG 9.11.36-RedHat-9.11.36-14.el8_10 <<>> naver.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15465
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;naver.com.                     IN      A

;; ANSWER SECTION:
naver.com.              43      IN      A       223.130.192.247
naver.com.              43      IN      A       223.130.192.248
naver.com.              43      IN      A       223.130.200.219
naver.com.              43      IN      A       223.130.200.236

;; Query time: 37 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jan 22 10:00:06 KST 2025
;; MSG SIZE  rcvd: 102

 

5. 라우팅 진단

5.1 라우팅 테이블 확인

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.207.250 0.0.0.0         UG    100    0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.207.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0

 

6. ARP 테이블 점검

6.1 ARP 엔트리 확인

# arp -a
? (192.168.207.254) at 00:25:90:94:0c:4e [ether] on eth0
? (192.168.207.210) at 00:50:56:b6:1e:91 [ether] on eth0
? (192.168.207.230) at 00:50:56:b6:e7:ed [ether] on eth0
? (192.168.207.3) at d0:50:99:9d:dd:b6 [ether] on eth0
? (192.168.207.224) at 1c:69:7a:92:0e:15 [ether] on eth0
node41 (192.168.207.41) at 00:50:56:b6:b9:a9 [ether] on eth0
node42 (192.168.207.42) at 00:50:56:b6:40:a8 [ether] on eth0
_gateway (192.168.207.250) at 00:50:56:a7:a8:94 [ether] on eth0

 

# ip neigh
192.168.207.254 dev eth0 lladdr 00:25:90:94:0c:4e STALE
192.168.207.210 dev eth0 lladdr 00:50:56:b6:1e:91 STALE
192.168.207.230 dev eth0 lladdr 00:50:56:b6:e7:ed STALE
192.168.207.3 dev eth0 lladdr d0:50:99:9d:dd:b6 STALE
192.168.207.224 dev eth0 lladdr 1c:69:7a:92:0e:15 REACHABLE
192.168.207.41 dev eth0 lladdr 00:50:56:b6:b9:a9 REACHABLE
192.168.207.42 dev eth0 lladdr 00:50:56:b6:40:a8 REACHABLE
192.168.207.250 dev eth0 lladdr 00:50:56:a7:a8:94 REACHABLE

 

6.2 ARP 캐시 지우기

# ip neigh flush all

 

7. 방화벽 및 보안 설정

7.1 방화벽 규칙 확인

• iptables

# sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  !docker0 docker0  0.0.0.0/0            172.17.0.2           tcp dpt:5000

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

 

• firewalld

# firewall-cmd --list-all

 

7.2 방화벽 임시 비활성화

• 방화벽 문제를 배제하기 위해

# systemctl stop firewalld

 

8. DNS 문제 해결

8.1 DNS 해석 확인

# nslookup estar987.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
estar987.com    canonical name = host.tistory.io.
host.tistory.io canonical name = blog-tistory-l51ybqnn.kgslb.com.
Name:   blog-tistory-l51ybqnn.kgslb.com
Address: 27.0.236.139

# dig estar987.com

; <<>> DiG 9.11.36-RedHat-9.11.36-14.el8_10 <<>> estar987.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33703
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;estar987.com.                  IN      A

;; ANSWER SECTION:
estar987.com.           1800    IN      CNAME   host.tistory.io.
host.tistory.io.        300     IN      CNAME   blog-tistory-l51ybqnn.kgslb.com.
blog-tistory-l51ybqnn.kgslb.com. 10 IN  A       27.0.236.139

;; Query time: 302 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jan 22 10:07:55 KST 2025
;; MSG SIZE  rcvd: 128

 

8.2 DNS 서버 업데이트 또는 테스트

# vi /etc/resolv.conf

nameserver 8.8.8.8 //추가

 

9. 고급 도구 활용

9.1 tcpdump를 이용한 네트워크 분석

# tcpdump -i eth0

 

9.2 nmap으로 테스트

# nmap -sT 192.168.207.210

 

 

10. 로그 및 시스템 정보 확인

10.1 시스템 로그 확인

# journalctl -u network
-- Logs begin at Mon 2025-01-20 18:04:01 KST, end at Wed 2025-01-22 10:12:20 KST. --
-- No entries --

 

# cat /var/log/messages | grep -i network
Jan 20 21:12:51 Master10 NetworkManager[914]: <info>  [1737375171.4551] audit: op="connection-update" uuid="d3c90e6e-06b4-3862-8dd2-f2a5244c83f0" name="Wired connection 1" args="connection.timestamp" pid=277982 uid=0 result="success"

 

# dmesg | grep -i eth

 

10.2 네트워크 드라이버 확인

# lspci -v | grep -i net
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection I217-V (rev 05)