Monday 13 April 2020

strace vs netstat

A look on the relationship between strace and netstat to diagnose network traffic.

I trying to download blog at via python, but `requests.get()` keep stuck until timeout specified, but it able to get response data after timeout.

But curl is working, why?

After dig into strace socket/connect syscalls, I eventually realized that syscalls showing two critical familly, INET and INET6 which represents ipv4 and ipv6 respectively. But INET only run after INET6/timeout.

And I also noticed curl calls both syscalls at sequence without blocking, so it seems at least one is success is fine.

So the solution is monkey-patching the python code to ignore ipv6(or ipv4 if ipv4 not working next time), either or are works.

Anyway, I subscribed mobile network and it changed to ipv6 now, so I can't reproduce anymore ipv4 not working to call ipv6 address at the time of writing.

p/s:  net-tools has been unmaintained for years, and so netstat was deprecated, and you should use `ss` as replacement . --inet/inet6 need replaced by -f inet/inet6 or simply -4/6, but I noticed can't use both -4/-6 same time except not put family options at all. Also need -H do not always shows header which can different width/position and creates unnecessary diff.  And you might want `| column -t` piped from ss.

ss useful to include udp/icmp's ping traffic listed with ip which can't be done in netstat. But still the output columns too messy/wide to see in a glance.