Unix Networking - bhecker.com • Index page
Download
Report
Transcript Unix Networking - bhecker.com • Index page
UNIX Networking
1
Section Overview
TCP/IP Basics
TCP/IP Configuration
TCP/IP Network Testing
Dynamic Host Config Protocol (DHCP)
Wireless Networking
2
TCP/IP Protocol Stack
Application (FTP, HTTP, DNS)
Transport Layer (TCP,UDP)
Network Layer (IP)
Link Layer (Device Drivers)
Physical Layer (media)
3
TCP/IP Packet Encapsulation
Service
Data
TCP/UDP
IP
Ethernet/PPP
E
T/U
Data
IP T/U
Data
IP T/U
Data
E
UTP/PSTN
4
Connecting to a Network
Hostname and IP Address assignment
Configuration of hardware
Default route (gateway) assignment
Name Service Configuration
Testing and troubleshooting
5
Hostnames
Uniquely identifies each system
Fully Qualified Domain Name
hostname.site.domain[.country]
Country: 2 letter identifier for country
Domain: Type of site (edu, com, org)
Site: Unique name of organization
Hostname: Unique name of system
hostname: Display or set system name
6
IP Addresses
Unique for each connection (interface)
Consists of 4 octets (#.#.#.#)
Network portion
Host portion
Special Addresses
Network Address
Broadcast Address
7
IP Address Classes
Class
A
B
C
1st Byte
0 – 126
128 – 191
192 – 239
D
E
224 – 239
240 – 254
Format
Total Hosts
N.H.H.H 16 Million
N.N.H.H 64 Thousand
N.N.N.H 254
-
(Multicast)
(Experimental)
8
Subnet Masks
Splits networks into subnetworks
Separates address into 2 parts
1’s – Network Portion
0’s – Host Portion
Example: Class C Network
Address: N.N.N.H
Mask: 255.255.255.0 (255 = 11111111)
CIDR Notation: N.N.N.H/24
9
Interface Configuration
Hardware to connect to network
Common interfaces
Ethernet
Modem
Loopback (lo) Interface
ifconfig – View/Configure interface
10
Ethernet Addressing
Assigned by manufacturer (hardware)
Must be absolutely unique
Address format
6 octets in hex (#:#:#:#:#:#)
First 3 octets: Manufacturer Identifier
Last 3 octets: Card serial number
Used for local network communication
11
Address Resolution Protocol
Translates IP addresses to Ethernet
(MAC) addresses
Who is 10.0.0.3?
I am (1:2:3:7:8:9)
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
arp –a: View the cache
12
Default Gateways
Connects Networks together
If destination not on local network,
packets sent through gateway
route: Display/configure routing
13
RedHat Network Files
/etc/sysconfig/network
HOSTNAME
/etc/sysconfig/network-scripts/
ifcfg-[interface]
BOOTPROTO
IPADDR
USERCTL
NETWORK
ONBOOT
GATEWAY
NETMASK
BROADCAST
ifup/ifdown [interface]
14
Name Services
/etc/hosts
Local configuration
Localhost – 127.0.0.1
/etc/resolv.conf
Domain Name Service (DNS) lookup
search: domains to search if not FQDN
nameserver (3): Nameservers to consult
/etc/nsswitch.conf
15
DNS Name Resolution
Root Server
Non-Recursive
2
3
1
4
5
Recursive
8
host.domain.com
7
dns.domain.com
6
dns.iupui.edu
dns.cs.iupui.edu
16
Network Testing
Localhost reachability
Hostname reachability
Local network reachability
Internet network reachability
DNS resolution
17
Network tools
ping – Reachability test
traceroute – Routing performance
netstat – Network performance stats
tcpdump – Packet sniffing
nslookup/dig – DNS Queries
Configuration tools (already discussed)
18
Dynamic Host Config Protocol
Client broadcasts a request for an IP
address and network information
Server leases address to client
Lease must be renewed periodically
Easy to make global network changes
Linux: BOOTPROTO=dhcp
19
Wireless Networks
Extend the network
Included in many devices now
Laptops
PDAs
DSL/Cable Modems
Bandwidth (YMMV!)
802.11b – 11 Mbps
802.11g – 54 Mbps
Set Service Identifier (SSID)
Shared “key” between clients and Access Point (AP)
Automatically detected vs. assigned
20
Wireless Security Issues
Sniffing / War Driving
Bandwidth stealing
Access to private resources
Security Measures
Non-broadcasting SSIDs
MAC Access Control Lists (ACLs)
WEP?
21
RedHat ifcfg- Additions
TYPE=Wireless
ESSID=[ssid name]
CHANNEL=[1-11]
MODE=[Auto|Managed|Ad-hoc]
Can set manually with /sbin/iwconfig
22
Virtual Private Networks
VPN
Server
Internet
Application
Server
Virtual Private Network
23
Point to Point Tunneling Protocol
Based on
Point to Point Protocol (PPP)
Generic Routing Encapsulation (GRE)
IP Hdr
GRE Hdr
Encrypted
GRE Body
PPP
IP TCP
Data
Weaknesses
Poor Encryption
Session handshaking done in clear
24
IPSec
Part of IPv6 Spec
Authentication Header (AH)
IPv4 Hdr
Auth Hdr
TCP/UDP Hdr & Data
Encapsulating Security Payload (ESP)
IPv4 Hdr
ESP Hdr
Encrypted
TCP Hdr
DataPayload
ESP Tlr
ESP Auth
Modes: Transport and Tunnel
25