After a server restart, the server is unable to obtain an IP address through a wired ethernet interface, neither automatically nor manually.
However the green light on the back of the machine where the ethernet cable is attached, indicating activity, continues to blink at a very fast and steady rate (eg. as if some large file transfer was being made).
Obtaining an IP address has never been an issue before, and I find this very strange. Whereas normally network manager would obtain an IP automatically, this time it did not, and dhclient -v eth0 fails to get a DHCP offer.
I would like to determine at a low level what kind of traffic is going through the ethernet port, since I'm now concerned about malicious code having been inserted into the server.
How can I determine what kind of traffic is going through the device, at a low level?
I have tried nethogs, but this evidently is not the appropriate tool.
Could tcpdump or wireshark show all the traffic going through the interface? Since the server is offline, haven't been able to test this since I would have to download the appropriate dependencies via another system.
Since I did disable some seemingly non-essential services (and I suspect this is most likely the culprit), are there any services necessary for obtaining an IP address from a wired ethernet?
I've produced a pastebin of a session at the machine in question, including the outputs of ifconfig, the running services, and the failed attempt to obtain an IP through dhclient.
Edit:
To rule out a possible router issue, I tried to verify that I could get an IP using the same ethernet cable into another machine, connected wirelessly to the same router, but in fact, the same problem occurs. So this seems to be an issue with the router's ethernet ports and not in the server configuration, and thus the question is possibly out of the scope of this forum.
I will try restarting the router through the wireless interface, but since I'm clueless about how to debug a router problem, are there any tools or expected behaviour I can use to break down this problem?
Best Answer
It's possible you have a faulty network port, I've seen the exact same thing happen on a server due to a power surge (same symptoms of steady link light, and no connectivity). I'd suggest confirming this by setting a static address on the interface, and then seeing if you can pass traffic once it's connected.
Something like (for example):
auto eth0 iface eth0 inet static address 10.0.0.20 netmask 255.255.255.0 gateway 10.0.0.1And then:
ifdown eth0 && ifup eth0(as root)Then try and ping the gateway or another machine on the network. Although this is not necessarily a definite way of determining whether it is a fauly port/card, it should help you narrow it down.