Unix Networking - bhecker.com • Index page

Download Report

Transcript Unix Networking - bhecker.com • Index page 

UNIX Networking
1
Section Overview
TCP/IP Basics
TCP/IP Configuration
TCP/IP Network Testing
Dynamic Host Config Protocol (DHCP)
Wireless Networking
2
TCP/IP Protocol Stack
Application (FTP, HTTP, DNS)
Transport Layer (TCP,UDP)
Network Layer (IP)
Link Layer (Device Drivers)
Physical Layer (media)
3
TCP/IP Packet Encapsulation
Service
Data
TCP/UDP
IP
Ethernet/PPP
E
T/U
Data
IP T/U
Data
IP T/U
Data
E
UTP/PSTN
4
Connecting to a Network
Hostname and IP Address assignment
Configuration of hardware
Default route (gateway) assignment
Name Service Configuration
Testing and troubleshooting
5
Hostnames
Uniquely identifies each system
Fully Qualified Domain Name





hostname.site.domain[.country]
Country: 2 letter identifier for country
Domain: Type of site (edu, com, org)
Site: Unique name of organization
Hostname: Unique name of system
hostname: Display or set system name
6
IP Addresses
Unique for each connection (interface)
Consists of 4 octets (#.#.#.#)


Network portion
Host portion
Special Addresses


Network Address
Broadcast Address
7
IP Address Classes
Class
A
B
C
1st Byte
0 – 126
128 – 191
192 – 239
D
E
224 – 239
240 – 254
Format
Total Hosts
N.H.H.H 16 Million
N.N.H.H 64 Thousand
N.N.N.H 254
-
(Multicast)
(Experimental)
8
Subnet Masks
Splits networks into subnetworks
Separates address into 2 parts


1’s – Network Portion
0’s – Host Portion
Example: Class C Network



Address: N.N.N.H
Mask: 255.255.255.0 (255 = 11111111)
CIDR Notation: N.N.N.H/24
9
Interface Configuration
Hardware to connect to network
Common interfaces


Ethernet
Modem
Loopback (lo) Interface
ifconfig – View/Configure interface
10
Ethernet Addressing
Assigned by manufacturer (hardware)
Must be absolutely unique
Address format



6 octets in hex (#:#:#:#:#:#)
First 3 octets: Manufacturer Identifier
Last 3 octets: Card serial number
Used for local network communication
11
Address Resolution Protocol
Translates IP addresses to Ethernet
(MAC) addresses
Who is 10.0.0.3?
I am (1:2:3:7:8:9)
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
arp –a: View the cache
12
Default Gateways
Connects Networks together
If destination not on local network,
packets sent through gateway
route: Display/configure routing
13
RedHat Network Files
/etc/sysconfig/network
HOSTNAME
/etc/sysconfig/network-scripts/
ifcfg-[interface]
BOOTPROTO
IPADDR
USERCTL
NETWORK
ONBOOT
GATEWAY
NETMASK
BROADCAST
ifup/ifdown [interface]
14
Name Services
/etc/hosts


Local configuration
Localhost – 127.0.0.1
/etc/resolv.conf



Domain Name Service (DNS) lookup
search: domains to search if not FQDN
nameserver (3): Nameservers to consult
/etc/nsswitch.conf
15
DNS Name Resolution
Root Server
Non-Recursive
2
3
1
4
5
Recursive
8
host.domain.com
7
dns.domain.com
6
dns.iupui.edu
dns.cs.iupui.edu
16
Network Testing
Localhost reachability
Hostname reachability
Local network reachability
Internet network reachability
DNS resolution
17
Network tools
ping – Reachability test
traceroute – Routing performance
netstat – Network performance stats
tcpdump – Packet sniffing
nslookup/dig – DNS Queries
Configuration tools (already discussed)
18
Dynamic Host Config Protocol
Client broadcasts a request for an IP
address and network information
Server leases address to client
Lease must be renewed periodically
Easy to make global network changes
Linux: BOOTPROTO=dhcp
19
Wireless Networks
Extend the network
Included in many devices now



Laptops
PDAs
DSL/Cable Modems
Bandwidth (YMMV!)


802.11b – 11 Mbps
802.11g – 54 Mbps
Set Service Identifier (SSID)


Shared “key” between clients and Access Point (AP)
Automatically detected vs. assigned
20
Wireless Security Issues
Sniffing / War Driving
Bandwidth stealing
Access to private resources
Security Measures



Non-broadcasting SSIDs
MAC Access Control Lists (ACLs)
WEP?
21
RedHat ifcfg- Additions
TYPE=Wireless
ESSID=[ssid name]
CHANNEL=[1-11]
MODE=[Auto|Managed|Ad-hoc]
Can set manually with /sbin/iwconfig
22
Virtual Private Networks
VPN
Server
Internet
Application
Server
Virtual Private Network
23
Point to Point Tunneling Protocol
Based on


Point to Point Protocol (PPP)
Generic Routing Encapsulation (GRE)
IP Hdr
GRE Hdr
Encrypted
GRE Body
PPP
IP TCP
Data
 Weaknesses
 Poor Encryption
 Session handshaking done in clear
24
IPSec
Part of IPv6 Spec
Authentication Header (AH)
IPv4 Hdr
Auth Hdr
TCP/UDP Hdr & Data
 Encapsulating Security Payload (ESP)
IPv4 Hdr
ESP Hdr
Encrypted
TCP Hdr
DataPayload
ESP Tlr
ESP Auth
 Modes: Transport and Tunnel
25