Chapter 12 NM Tools and Systems
Download
Report
Transcript Chapter 12 NM Tools and Systems
Network Management Tools
ifConfig (UNIX)
• Used to assign/read an address to/of an interface
• Option -a is to display all interfaces
• Notice two interface loop-back (lo0) and Ethernet (hme0)
[/home/staff/ycchen]ifconfig -a
lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST>
mtu 8232
inet 127.0.0.1 netmask ff000000
hme0:
flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MUL
TICAST> mtu 1500
inet 163.22.20.16 netmask ffffff00 broadcast 163.22.20.255
ifconfig le0 down
ifconfig le0 163.22.20.16 netmask 255.255.255.0 broadcast 163.22.20.255
ipconfig (Windows)
ipconfig (internet protocol configuration)
ipconfig /?
/?
/all
/release
/release6
/renew
/renew6
/flushdns
/registerdns
/displaydns
help
顯示完整設定資訊
釋放 IPv4 位址
釋放IPv6 位址
更新 IPv4 位址
更新Pv6 位址
清除 DNS 解析快取
重新整理 DHCP 租用並重新登錄 DNS
顯示 DNS 解析快取內容
ipconfig
無線區域網路介面卡 無線網路連線:
連線特定 DNS 尾碼 . . . . . . . . :
連結-本機 IPv6 位址 . . . . . . . : fe80::19e4:8b36:e72b:2cf%11
IPv4 位址 . . . . . . . . . . . . : 192.168.0.107
子網路遮罩 . . . . . . . . . . . .: 255.255.255.0
預設閘道 . . . . . . . . . . . . .: 192.168.0.1
ipconfig /all
無線區域網路介面卡 無線網路連線:
連線特定 DNS 尾碼 . . . . . . . . :
描述 . . . . . . . . . . . . . . .: Atheros AR5BWB225 Wireless Network Adapter
實體位址 . . . . . . . . . . . . .: 74-DE-2B-CB-49-0C
DHCP 已啟用 . . . . . . . . . . . : 是
自動設定啟用 . . . . . . . . . . .: 是
連結-本機 IPv6 位址 . . . . . . . : fe80::19e4:8b36:e72b:2cf%11(偏好選項)
IPv4 位址 . . . . . . . . . . . . : 192.168.0.107(偏好選項)
子網路遮罩 . . . . . . . . . . . .: 255.255.255.0
租用取得 . . . . . . . . . . . . .: 2013年4月5日 下午 07:58:09
租用到期 . . . . . . . . . . . . .: 2013年4月6日 下午 07:59:14
預設閘道 . . . . . . . . . . . . .: 192.168.0.1
DHCP 伺服器 . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 292871723
DHCPv6 用戶端 DUID. . . . . . . . : 00-01-00-01-17-23-19-FF-74-DE-2B-CB-49-0C
DNS 伺服器 . . . . . . . . . . . .: 192.168.0.1
NetBIOS over Tcpip . . . . . . . .: 啟用
手動設定IP位址
NAT - Network Address Translation
© 2011 Pearson Education, Inc.
Publishing as Prentice Hall
9
http://www.whatismyip.com/
Address Resolution Protocol
RFC 826
To map network addresses to the
hardware addresses used by a data link
protocol
To translate IP addresses to Ethernet MAC
addresses
Use data-link broadcast
ARP Request, ARP Reply
ARP Announcement
Gratuitous ARP
ARP Spoofing (ARP Poisoning)
Send fake, or 'spoofed', ARP messages to an
Ethernet LAN.
Generally, to associate the attacker's MAC
address with the IP address of another node
(such as the default gateway).
Passive sniffing, Man-in-the-middle attack,
Denial-of-service attack
http://www.oxid.it/downloads/apr-intro.swf
ARP Cache
Default cache time-outs:
arp
arp
arp
arp
-a
-d 10.10.34.235
-d *
–s 157.55.85.212
C:\>arp -a
Interface: 10.10.34.169
Internet Address
10.10.34.231
10.10.34.234
10.10.34.235
10.10.34.254
Two-minute (unused entries)
Ten-minute (used entries)
00-aa-00-62-c6-09
--- 0x2
Physical Address
00-12-cf-28-cd-20
00-12-cf-29-c6-80
00-12-cf-28-1e-20
00-08-e3-dd-b3-1f
Type
dynamic
dynamic
dynamic
dynamic
C:\>arp -s 10.10.34.235 00-12-cf-28-1e-20
C:\>arp –a
Interface: 10.10.34.169
Internet Address
10.10.34.235
10.10.34.254
--- 0x2
Physical Address
00-12-cf-28-1e-20
00-08-e3-dd-b3-1f
Type
static
dynamic
Routing information
route print
route -4 print
route -6 print
route add 163.22.16.0 mask 255.255.255.0 192.168.0.254 metric 100 if 11
route add 163.22.16.0 mask 255.255.255.0 192.168.0.254 metric 100
route change 163.22.16.0 mask 255.255.255.0 192.168.0.254 metric 130
route delete 163.22.16.0
netstat -r
領域名稱系統(DNS)
提供主機名稱與IP位址之轉換
www.im.ncnu.edu.tw
163.22.20.16
由DNS伺服器提供
RR-DNS (Round Robin DNS)
www.yahoo.com: (8台伺服器)
66.218.71.90, 66.218.71.80, 66.218.71.95, …
DDNS (Dynamic DNS)
主機名稱
浮動IP位址
ipconfig /displaydns
ipconfig /flushdns
nslookup
C:\>nslookup
Default Server: academic.ncnu.edu.tw
Address: 163.22.2.1
> www.cnn.com
Server: academic.ncnu.edu.tw
Address: 163.22.2.1
Non-authoritative answer:
Name:
www.cnn.com
Addresses: 64.236.29.120, 64.236.91.21, 64.236.16.20, 64.236.16.52
64.236.16.84, 64.236.24.12, 64.236.24.20, 64.236.24.28
> 163.22.20.16
Server: academic.ncnu.edu.tw
Address: 163.22.2.1
Name:
euler.im.ncnu.edu.tw
Address: 163.22.20.16
Aliases: 16.20.22.163.in-addr.arpa
>
nslookup
• An interactive program for querying Internet
Domain Name System servers
• Converts a hostname into an IP address and
vice versa querying DNS
• Useful to identify the subnet a host or node
belongs to
• Lists contents of a domain, displaying DNS
record
DNS Lookup
Ping
Most basic tool for internet management
Based on ICMP ECHO_REQUEST message
Available on all TCP/IP stacks
Useful for measuring
•
Connectivity
•
Packet Loss
•
Round Trip Time
Can do auto-discovery of TCP/IP equipped stations on
single segment
ping
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] destination-list
Options:
-t
-a
-n
-l
-f
-i
-v
-r
-s
-j
-k
-w
count
size
TTL
TOS
count
count
host-list
host-list
timeout
Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
Resolve addresses to hostnames.
Number of echo requests to send.
Send buffer size.
Set Don't Fragment flag in packet.
Time To Live.
Type Of Service.
Record route for count hops.
Timestamp for count hops.
Loose source route along host-list.
Strict source route along host-list.
Timeout in milliseconds to wait for each reply.
Example
C:\>ping -n 10 -l 256 www.im.ncnu.edu.tw
Pinging euler.im.ncnu.edu.tw [163.22.20.16] with 256 bytes of data:
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Reply
from
from
from
from
from
from
from
from
from
from
163.22.20.16:
163.22.20.16:
163.22.20.16:
163.22.20.16:
163.22.20.16:
163.22.20.16:
163.22.20.16:
163.22.20.16:
163.22.20.16:
163.22.20.16:
bytes=256
bytes=256
bytes=256
bytes=256
bytes=256
bytes=256
bytes=256
bytes=256
bytes=256
bytes=256
time=1ms
time=1ms
time=1ms
time=1ms
time=1ms
time=1ms
time=1ms
time=1ms
time=1ms
time=1ms
TTL=253
TTL=253
TTL=253
TTL=253
TTL=253
TTL=253
TTL=253
TTL=253
TTL=253
TTL=253
Ping statistics for 163.22.20.16:
Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
traceroute/tracert
tracert www.hinet.net
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout]
target_name
Options:
-d
Do not resolve addresses to hostnames.
-h maximum_hops
Maximum number of hops to search for target.
-j host-list
Loose source route along host-list.
-w timeout
Wait timeout milliseconds for each reply.
C:\>tracert www.facebook.com
在上限 30 個躍點上
追蹤 star.c10r.facebook.com [31.13.82.1] 的路由:
1
2
3
4
5
6
7
8
9
10
11
12
8 ms
8 ms
9 ms
11 ms
16 ms
11 ms
12 ms
96 ms
97 ms
97 ms
97 ms
99 ms
8 ms
8 ms h254.s98.ts.hinet.net [168.95.98.254]
8 ms
8 ms 168.95.220.98
8 ms
8 ms NTNK-3101.hinet.net [220.128.21.110]
11 ms 11 ms tchn-3011.hinet.net [220.128.16.98]
14 ms 14 ms TPDT-3011.hinet.net [220.128.16.6]
12 ms 11 ms r4103-s2.tp.hinet.net [220.128.7.29]
13 ms 12 ms r4003-s2.tp.hinet.net [220.128.7.229]
96 ms 96 ms 211-72-233-77.HINET-IP.hinet.net [211.72.233.77]
97 ms 97 ms ae-5.r00.tokyjp03.jp.bb.gin.ntt.net [129.250.5.29]
98 ms 97 ms ae-0.facebook.tokyjp03.jp.bb.gin.ntt.net [61.213.145.74]
97 ms 97 ms po126.msw01.01.nrt1.tfbnw.net [31.13.27.221]
99 ms 99 ms edge-star-ecmp-01-nrt1.facebook.com [31.13.82.1]
http://www.visualroute.com/
netstat
C:\>netstat -n -a
Active Connections
Proto Local Address
Foreign Address
State
TCP 0.0.0.0:21
0.0.0.0:0
LISTENING
TCP 0.0.0.0:135
0.0.0.0:0
LISTENING
TCP 0.0.0.0:445
0.0.0.0:0
LISTENING
TCP 0.0.0.0:1234
0.0.0.0:0
LISTENING
TCP 0.0.0.0:1235
0.0.0.0:0
LISTENING
TCP 0.0.0.0:1236
0.0.0.0:0
LISTENING
TCP 163.31.153.68:1234 163.22.3.4:80
ESTABLISHED
TCP 163.31.153.68:1235 163.22.4.67:80
ESTABLISHED
TCP 163.31.153.68:1236 163.22.4.67:80
SYN_SENT
UDP 0.0.0.0:135
*:*
UDP 0.0.0.0:445
*:*
UDP 0.0.0.0:38037
*:*
UDP 127.0.0.1:1230
*:*
UDP 163.31.153.68:500
*:*
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a
-e
Displays all connections and listening ports.
Displays Ethernet statistics. This may be combined with the -s
option.
-n
Displays addresses and port numbers in numerical form.
-p proto
Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r
Displays the routing table.
-s
Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the -p option may be used to specify
a subset of the default.
interval
Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
TCP Connection Monitoring
netstat –p TCP
netstat –b –p TCP
netstat -e
Network Management Tools
•
SNMP command tools
• MIB Walk
• MIB Browser
SNMP Command Tools
• snmptest
• snmpget
• snmpgetnext
• snmpset
• snmptrap
• snmpwalk
• snmpnetstat
Network Status
• Command: snmpnetstat host community
• Useful for finding status of network connections
% snmpnetstat noc5 public
Active Internet Connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0
*.*
*.*
CLOSED
tcp 0 0 localhost.46626 localhost.3456 ESTABLISHED
tcp 0 0 localhost.46626 localhost.3712 ESTABLISHED
tcp 0 0 localhost.46626 localhost.3968 ESTABLISHED
tcp 0 0 localhost.46626 localhost.4224 ESTABLISHED
tcp 0 0 localhost.3456 localhost.46626 ESTABLISHED
tcp 0 0 localhost.3712 localhost.46626 ESTABLISHED
tcp 0 0 localhost.3968 localhost.46626 ESTABLISHED
tcp 0 0 localhost.4224 localhost.46626 ESTABLISHED
tcp 0 0 noc5.41472
noc5.4480
ESTABLISHED
tcp 0 0 noc5.41472
noc5.4736
ESTABLISHED
tcp 0 0 noc5.4480
noc5.41472
ESTABLISHED
tcp 0 0 noc5.4736
noc5.41472
ESTABLISHED
SNMP Browser
• Command: snmpwalk host community [variable
name]
• Uses Get Next Command
• Presents MIB Tree
Protocol Analyzer
Data
Capture
Device
PROTOCOL
ANALYZER
Raw data transf erred on
Modem / WAN or LAN Link
LAN
• Analyzes data packets on any transmission
line including LAN
• Measurements Figure
made12.13
locally
orAnalyze
remotely
Protocol
r Bas ic Configuration
• Probe (data capture device) captures data and
transfers to the protocol analyzer (no storage)
• Data link between probe and protocol analyzer
either dial-up or dedicated link or LAN
• Protocol analyzer analyzes data at all protocol levels
RMON Probe
PROTOCOL
ANALYZER
SNMP
Traffic
Router
BACKBONE
NETWORK
Router
SNMP
Traffic
RMON
Probe
LAN
Communication between probe and analyzer
is using SNMP
Figure
Protocol
w ith RMON Probe
• Data gathered
and12.14
stored
forAnalyzer
an extended
period
of time and analyzed later
• Used for gathering traffic statistics and used for
configuration management for performance tuning
Network Monitoring with RMON Probe
Ethernet
Probe
Protocol
Analyzer
Ethernet LAN
Router
Backbone
Netw ork
FDDI LAN
Router
Router
FDDI Probe
Token Ring
LAN
Token Ring
Probe
Backbone
Probe
Network Statistics
•
•
•
•
Protocol Analyzers
RMON Probe / Protocol analyzer
MRTG (Multi router traffic grouper)
Home-grown program using tcpdump
Traffic Load:
Source
HostTopN
Host 1
Host 2
Host 3
Host 4
Host 5
Host 6
Host 7
Host 8
Host 9
Host 10
0
100
200
Giga Octets
300
400
Traffic Load: Source/Destination
Protocol Distribution
Network Monitoring
•
•
•
•
By polling
By traps (notifications)
Failure indicated by pinging or traps
Ping frequency optimized for network load vs.
quickness of detection
• trap messages: linkdown, linkUp,
coldStart, warmStart, etc.
• Network topology discovered by auto-discovery
Global View
Domain View
Segment View
Node Discovery In a Network
Node Discovery
Given an IP Address with its subnet mask,
find the nodes in the same network.
Two Major Approaches:
Use ICMP ECHO to query all the possible IP
addresses.
Use SNMP to query the ARP Cache of a node
known
Use ICMP ECHO
Eg: IP address: 163.25.147.12
Subnet mask: 255.255.255.0
All possible addresses:
163.25.147.1 ~ 163.25.147.254
For each of the above addresses, use ICMP
ECHO to inquire the address
If a node replies (ICMP ECHO Reply), then
it is found.
Use SNMP
Find a node which supports SNMP
The given node, default gateway, or router
Or try a node arbitrarily
Query the ipNetToMediaTable in MIB-II IP
group
ipNetToMediaPhysAddress
ipNetToMediaType
ipNetToMediaIfIndex
ipNetToMediaNetAddress
1
2
00:80:43:5F:12:9A
00:80:51:F3:11:DE
163.25.147.10 dynamic(3)
163.25.147.11 dynamic(3)
Network Discovery
Network Discovery
Find the networks to be managed with their
interconnections
Given a network, find the networks which
directly connect with it.
Recall that networks are connected via
routers.
Major Approach
Use SNMP
Discovering Networks
163.25.145.0 163.25.146.0
140.112.8.0
140.112.6.0
163.25.148.0
163.25.147.0
140.112.5.0
192.168.13.0
192.168.12.0
A Network Discovery Algorithm
1. First use a node discovery algorithm to find all
the nodes in the network.
2. For each discovered node, use SNMP to query
the ipAddrTable of MIB-II IP group
ipAdEntIfIndex
ipAdEntBcastAddr
ipAdEntAddr
ipAdEntNetMask
163.25.145.254
1 255.255.255.0 163.25.145.255 …
162.25.146.254
2 255.255.255.0 163.25.146.255 …
162.25.147.254
3 255.255.255.0 163.25.147.255 …
3. Query the corresponding entries in ipRouteTable
to verify the above addresses
ipRouteTable