14 network tools
DESCRIPTION
Unix / Linux FundamentalsTRANSCRIPT
Network Tools
Network Basics• Host – is a computer system on the network.• Server – provides resources to clients via the network.• Client – uses services from servers on the network.• Protocol – a globally defined way for clients and servers
to communicate a service
• With Linux and Unix systems most tools are basing data transfer on Network transport. The most outstanding example of this is the X Server and Clients. These initialize Network connection to provide a GUI
Telnet• telnet is an application that enables users to connect to
a remote system• The telnet server simulates a terminal to allow you to
connect to and work on a remote system, including:– Operating a session on a remote machine.– Alternating between the remote session and the local
session.– Accessing machines that do not run under the Unix
environment, and vice versa• Telnet protocol is very simple – it transfers every key
typed. For this reason the telnet program is sometimes used to debug problems with servers by emulating protocols manually
Ftp
• The ftp program is a command line interface to the ftp protocol for file transfer.
• ftp uses a set of commands to connect, authenticate and view and transfer files
• The ftp server allows access to the file system of the host, under certain limits. Ftp allows to transfer files to and from the remote host.
• Many implementations of ftp exists, including the web browsers.
• It is much less common today to use the ftp program, but the ftp protocol is in very common use on the internet
Wget and curl• In today’s computing world, the internet speaks mainly
http.• Besides its use as the html protocol, it is now used as a
downloading protocol, besides ftp• Getting files from the internet can be done with a browser• But on a server when you don’t have a GUI, a browser is
not available• There is an exception: the lynx text based browser
displays can be used in terminal windows• But, if all you want is to download a file when you have a
url, all you need is wget or curl, two tools that will act as ftp or http clients and will do all that is necessary to connect, authenticate and deliver the file to your local system
SSH- secure connection
• SSH is the secured alternative to both trust and telnet• All traffic in ssh is encrypted, so it cannot be
eavesdropped• It is very simple to set up a password-less authentication
using a key-pair. There is no way for a third party to pose as client
SSH- secure connection
• Ssh has a set of utilities for various needs:– ‘ssh’ remote connect to a system (open a shell by
default, or execute any command using –c)– ‘scp’ copy files between systems in a format similar to
cp$ scp fromhost:/frompath tohost:topath
– ‘sftp’ ftp like interactive program with enhanced security
– SSH tunneling: transfer any protocol over an ssh connection, securing it
SSH- secure connection
• Linux uses SSH as the main transport for Graphical Display data, in case these are needed on a remote machine.
• SSH Tunneling is being used in order to transfer the data, instead of the older method of working directly with the X Server
• In order for ssh to support getting the Display data from a remote hosts, it should be invoked with the ‘-X’ flag
@ Copyrights InterBit LTD.
Networking Subsystem• NIC configuration entity is called an interface. • Interface configuration files are located in:
/etc/sysconfig/network-scripts• NIC drivers need to be compiled into kernel or
loaded as modules.• Interfaces have names based on their types:
– Ethernet – eth0,eth1,eth2….– PPP – ppp0,ppp1….– etc..
@ Copyrights InterBit LTD.
ifconfig• General network interface configuration
and debugging utility.• Used to set up network interfaces during boot
time and runtime.• Supports multiple address families – ipv4, ipv6
@ Copyrights InterBit LTD.
ifconfig• Interface specific tuning – txqueue length, MTU,
etc..• Query interface network statistics – packets
tx/rx,packet loss,etc…• Configuring eth0 interface using ifconfig can be
as easy as: $ ifconfig eth0 10.0.0.1 up
• Ifconfig will derive the netmask, broadcast address based on the ip given.
@ Copyrights InterBit LTD.
ifconfig• Queriying newly set interface eth0:
$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:01:02:F3:36:83 inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:50 TX bytes:124 Interrupt:20 Base address:0x2280
@ Copyrights InterBit LTD.
Routing• Routing table is manipulated using /sbin/route.• Setting default gateway:
$ /sbin/route add default gw 10.0.0.138
• Setting route to specific network:$ /sbin/route add –net 172.16.0.0 gw \ 10.0.0.254
• Set a route permanent by either /etc/sysconfig/route
or by adding the route command to/etc/rc.d/rc.local
• Removing routing entry:$ /sbin/route del –net 172.16.0.0 gw \ 10.0.0.254
@ Copyrights InterBit LTD.
Viewing network connections• ‘netstat’ prints network connections, routing
table, interface statistics.• Printing routing table: $ netstat –rKernel IP routing tableDestination Gateway Genmask Flags MSS Window Iface212.150.51.136 * 255.255.255.248 U 40 eth0default 212.150.51.137 0.0.0.0 UG 40 eth0
@ Copyrights InterBit LTD.
Viewing network connections• Listing open connections and their state:
$ netstat –nProto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 32803 212.150.53.141:6881 80.162.21.171:63273 ESTABLISHED tcp 0 0 212.150.53.141:6882 219.93.56.246:2214 ESTABLISHED tcp 0 81 212.150.53.141:4982 81.86.150.228:4891 ESTABLISHED tcp 0 0 212.150.53.141:49525 82.42.56.48:4662 TIME_WAIT
• Printing Varios protocol specific statistics: $ netstat –s
@ Copyrights InterBit LTD.
Persistent Network config• Network startup script uses configuration files
to set up networking upon boot. • Network configuration files are located under
‘/etc/sysconfig/’.• ‘/etc/sysconfig/network’ file defines non
interface specific network configuration:– NETWORKING=<YES|NO>.– GATEWAY=<default gateway ip>.– GATEWAYDEV=<default gateway interface>.
@ Copyrights InterBit LTD.
Persistent Network config• Interface specific configuration files located in
‘/etc/sysconfig/network-scripts’.
• Each interface has a corresponding config file of the following scheme:
ifcfg-<interface>
@ Copyrights InterBit LTD.
Persistent Network config• Sample
/etc/sysconfig/network-scripts/ifcfg-eth0:
DEVICE=eth0 BOOTPROTO=none # valid values are dhcp,none,bootpONBOOT=yes NETWORK=10.0.1.0 NETMASK=255.255.255.0 IPADDR=10.0.1.27 USERCTL=no # can be controlled by non root
@ Copyrights InterBit LTD.
IP Aliasing• Method of specifying multiple ip addresses for
a single NIC is called ip aliasing.• In order to use ip aliasing, a kernel must be
compiled with ip aliasing support.• Ip aliasing is configured by specifying an
interface of the following form:
<first interface on a nic>:’n’ – where n is a number
@ Copyrights InterBit LTD.
IP Aliasing• Example: $ ifconfig eth0 172.16.3.1 up $ ifconfig eth0:1 172.16.3.10 $ ifconfig –a
eth0 Link encap:10Mbps Ethernet HWaddr 00:8E:B8:83:19:20 inet addr:172.16.3.1 Bcast:172.16.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:334036 errors:0 dropped:0 overruns:0 TX packets:11605 errors:0 dropped:0 overruns:0 Interrupt:7 Base address:0x378 eth0:1 Link encap:10Mbps Ethernet HWaddr 00:8E:B8:83:19:20 inet addr:172.16.3.10 Bcast:172.16.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 TX packets:0 errors:0 dropped:0 overruns:0
@ Copyrights InterBit LTD.
IP Aliasing• Defining boot time ip aliased interfaces is done
similarly to regular interfaces.
• Example: /etc/sysconfig/network-scripts/ifcfg-eth0:1
DEVICE=eth0:1BOOTPROTO=none ONBOOT=yes NETWORK=172.16.3.0 NETMASK=255.255.255.0 IPADDR=172.16.3.10 USERCTL=no
@ Copyrights InterBit LTD.
NIC link configuration • Most current NICs and network devices support
auto- negotiation of speed and duplex.• ‘/sbin/ethtool’ is used to view, manage NIC
auto- negotiation.• Disabling auto-negotiation and forcing 100Mbit
Full Duplex mode: $ /sbin/ethtool eth0 –s autoneg off speed 100 duplex full
• Use ethtool eth0 to view current link configuration.
@ Copyrights InterBit LTD.
NIC link configuration# ethtool eth0Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Advertised auto-negotiation: Yes Speed: 10Mb/s Duplex: Half Port: MII PHYAD: 1 Transceiver: internal Auto-negotiation: on Supports Wake-on: g Wake-on: g Current message level: 0x00000007 (7) Link detected: yes
@ Copyrights InterBit LTD.
Network kernel parameters • Network related tunable parameters located in
‘/proc/sys/net’ • Ip forwarding enabled/disabled by
‘/proc/sys/net/ipv4/ip_forward’• Interface specific kernel tunables located at:
‘/proc/sys/net/ipv4/conf/<interface>’
@ Copyrights InterBit LTD.
Network Tracing• tcpdump is a network tracing tool. It connects
to a network interface, and print out information about every packet going through this interface
• Syntax:tcpdump [options]
• Options:– -i interface trace packets on interface– -w file write data to file
@ Copyrights InterBit LTD.
Network Tracing– -r file get data from file
Note: tcpdump output data files are written in PCAP format, which is the same format that is used by tools like ethereal and wireshark