Network Diagnostics
Users in the admin or System Admins group can run some network diagnostics to determine availability and latency of internet connections to external hosts. These network diagnostics emulate ping, netcat (checkport), traceroute, and nslookup. As well, you can return information about a network interface.
The following network diagnostics are available in the CLI and the API:
network interfaces list
ping
traceroute
checkport
lookup
Note
Connection Manager also allows a basic connection test for new and existing connections, which indicates availability.
The ksadmin can manage network interfaces for some deployments using the nmcli tool through an SSH session to CipherTrust Manager. Use the cloud provider's tools to manage network interfaces for Virtual CipherTrust Manager appliances deployed on public clouds.
network interfaces list
You can list all the network interfaces on the CipherTrust Manager. The interface name is returned, which can be used in the other network diagnostic commands. The method, IP address, gateway, and netmask IPv4 and IPv6 values are returned. The dns is returned for IPv4 only.
network interfaces list Command Syntax
ksctl network interfaces list
network interfaces list Example Response
{
"skip": 0,
"limit": 0,
"total": 1,
"resources": [
{
"name": "ens5",
"inet": {
"method": "dhcp",
"ip": "172.30.1.79",
"gateway": "172.30.1.1",
"netmask": "255.255.255.0",
"dns": [
"172.30.0.2"
]
},
"inet6": {
"method": "auto",
"ip": "2600:1f18:4ad:3400:1d5a:c254:8197:e7d9",
"gateway": "fe80::c91:46ff:fe5c:d40d",
"netmask": 128
}
}
]
}
ping
Ping a remote host. The destination is required as a domain name or IP address.
The response contains the IP address of the destination, number of sent, received, and lost packets, as well as minimum, maximum, and average round trip time (RTT).
You can optionally specify:
count- The number of packets to send.interface- The CipherTrust Manager network interface to communicate on. Available interfaces can be found with network interfaces list command.ipv4- Use IPv4 only for communication. Cannot be used withipv6.ipv6- Use IPv6 only for communication. Cannot be used withipv4.timeout-secs- Time to wait for a response from the host system in seconds.
ping Command Syntax
ksctl network ping --destination <IP_address_or_domain_name> [--interface <cm_interface>] [--count <integer>] [--timeout-secs <integer>] [--ipv6|--ipv4]
ping Example Response
{
"ip_address": "2607:f8b0:4004:c09::68",
"packets_sent": 1,
"packets_received": 1,
"packets_lost": 0,
"min_rtt": 2.369,
"max_rtt": 2.369,
"avg_rtt": 2.369
}
traceroute
Return the traceroute to a specified destination. The destination is required as a domain name or IP address.
The response contains each hop number, the domain name and IP address of each hop, and the RTT values for probe for each hop.
You can optionally specify:
first- Start from the first_ttl hop.interface- The CipherTrust Manager network interface to communicate on. Available interfaces can be found with network interfaces list command.ipv4- Use IPv4 only for communication. Cannot be used withipv6.ipv6- Use IPv6 only for communication. Cannot be used withipv4.max-hops- Maximum number of hops to search for in target.port- Post to access.queries- Set the number of probes per each hop.send-wait- Minimum time interval between probes in milliseconds.tcp- Use TCP SYN for tracerouting.udp- Use UDP to particular port for tracerouting.
traceroute Command Syntax
ksctl network traceroute --destination <IP_address_or_domain_name> [--first <integer>] [--interface <cm_interface>] [--ipv6|--ipv4] [--max-hop <number_of-hops>] [--port <port_number>] [--queries <number_of_probes_per_hop>] [--send-wait <minimum_time_interval_between_probes_in_ms>] [--tcp] [--udp]
traceroute Example Response
{
"response": [
"traceroute to www.google.com (172.253.122.147), 5 hops max, 60 byte packets",
" 1 244.5.2.217 (244.5.2.217) 2.513 ms ec2-3-236-63-27.compute-1.amazonaws.com (3.236.63.27) 7.604 ms ec2-3-236-62-5.compute-1.amazonaws.com (3.236.62.5) 4.526 ms",
" 2 240.0.56.66 (240.0.56.66) 0.252 ms 240.0.56.98 (240.0.56.98) 0.331 ms 240.0.224.64 (240.0.224.64) 0.284 ms",
" 3 240.0.224.80 (240.0.224.80) 0.299 ms 240.3.84.90 (240.3.84.90) 0.246 ms 240.3.84.81 (240.3.84.81) 0.267 ms",
" 4 240.0.56.51 (240.0.56.51) 0.246 ms 240.3.84.52 (240.3.84.52) 0.219 ms 240.0.56.29 (240.0.56.29) 0.261 ms",
" 5 240.0.224.34 (240.0.224.34) 0.275 ms 240.0.36.12 (240.0.36.12) 0.358 ms 240.0.40.13 (240.0.40.13) 0.784 ms"
]
}
checkport
Attempt a connection to a specified port on the remote host.
The required flags are:
destination- remote host destination provided as a domain name or IP address.port- remote host port number
You can optionally specify:
interface- The CipherTrust Manager network interface to communicate on. Available interfaces can be found with network interfaces list command.ipv4- Use IPv4 only for communication. Cannot be used withipv6.ipv6- Use IPv6 only for communication. Cannot be used withipv4.timeout-secs- Time to wait for a response from the host system in seconds.
checkport Command Syntax
ksctl network checkport --destination <destination_IP_or_domain_name> --port <remote_host_port_to_access> [--interface <cm_interface>] [--ipv6|--ipv4] [--timeout-secs <time_to_wait_for_response>]
checkport Example Response
{
"response": "connection successful"
}
lookup
Look up a specific IP address or hostname. The IP address can be IPv4 or IPv6. When looking up a host name, a list of IP addresses associated with the host name are returned. When looking up an IP address, a list of host names associated with the IP address are returned.
The target IP address or hostname is required.
lookup Command Syntax
ksctl network lookup --target <IP_address_or_hostname>
lookup Example Response
"response": {
"hosts": [
"www.abc.com",
"www.def.com"
]
}
