UNIX Networking

Download Report

Transcript UNIX Networking

Networking in UNIX
Basic Networking Concepts: TCP/IP
TCP/IP stands for Transfer Control Protocol over Internet Protocol,
the language used for 2 computers communicating to each other
– initially developed on and for the UNIX platform in 1983
– message broken up into packets
– each packet contains a packet sequence number, a checksum,
plus a header that contains at least a sender address & one or
more recipient addresses
– no dedicated connections between sender and receiver
– transferred through network via routers – intelligent devices
that inspect each packet and decide what to do next (deliver
packet locally or forward it to another router.)
Basic Networking Concepts: Identifying Computers
Each computer in network has a host name and IP address
• a host name may be simple, e.g., sodapop,or a Fully Qualified
Domain Name (FQDN), e.g. sodapop.brookdalecc.edu
• an IP address is a set of 4 dot delimited octets, e.g.
127.212.109.37 Each octet has a maximum value of 255.
•
only IP addresses are routable. FQDN’s must be converted to IP
addresses for a router to evaluate.
Mapping Domain Names to/from IP Addresses
• /etc/host file
– good for small networks
– holds name to address mappings in small networks.
– each computer must maintain its copy and keep it in sync with
the other computers on the network.
• DNS (Domain Name Service)
– used in larger networks
– distributed database that provides name to address mapping
service
– hostnames organized hierarchically
– delegation of authority at individual levels in hierarchy
The DNS Hierarchy
Authority delegated to levels in hierarchy falls to organization’s network
administration. A zone is an organization’s level(s) of authority.
The Client-Server Paradigm in UNIX
One entity makes a request, another party services the request
Request
Server
Client
Response
Server programs in UNIX are called daemons
• Run in background. Listen for input from clients
• Examples:
– httpd – listens for requests for web pages
– sendmail – handles email
– inetd – handles ftp and telnet requests
Ports
• Communication on a computer is through a port
• Many ports are predefined including:
Service
Client Program
server Port #
FTP
ftp
21
SSH
ssh, scp, sftp, slogin
22
TELNET
telnet
23
SMTP
mailx, netscape
25
HTTP
netscape, mozila,
80
firefox, opera, chrome
POP3
fetchmail
110
A complete list ports that UNIX listens on found in /etc/services
Testing Connectivity: ping
• used to test if a machine is on a network. ping uses no daemon
• ping sends 56 byte packets to remote whose NIC card answers back
$ ping sodapop
PING sodapop: 56 data bytes
64 bytes from sodapop.brookdalecc.edu (172.17.1.243):
icmp_seq=0. time=0. ms
64 bytes from sodapop.brookdalecc.edu (172.17.1.243):
icmp_seq=. time=0. ms
64 bytes from sodapop.brookdalecc.edu (172.17.1.243):
icmp_seq=. time=0. ms
64 bytes from sodapop.brookdalecc.edu (172.17.1.243):
icmp_seq=. time=0. ms
^C
--- sodapop PING statistics --4 packets transmitted, 4 packets received, 0% packet loss
round trip (ms) min/avg/max/stddev = 0.010/0.031/0.006
Remote Login: telnet
log in to a remote machine over an IP network using: telnet ip address
$ telnet 127.0.0.1
Trying 127.0.0.1...
or
telnet
Connected to localhost.
o 127.0.0.1
Escape character is '^]'.
User (rbournique):
telnet is not secure. User ID and password are transmitted in clear text
local machine acts like a dumb terminal: Echoes to terminal what is sent
and what is received
\
Transferring Files: ftp
• ftp lets a user log into a remote machine over an IP network to
transfer files. Users may log into remote machine as:
• an authorized remote user (user has own id and password)
• an anonymous user (user id= anonymous, pwd=user’s e-mail
address)
• transfers may be ASCII (text files) or BINARY (e..g. programs)
• whole set of commands to allow user to navigate to proper files on
the remote machine and download them
ftp Commands to Use on Remote System
!
$
account
append
ascii
bell
binary
bye
case
cd
cdup
chmod
close
cr
get
mdir
nlist
put
debug
glob
mget
nmap
pwd
delete
hash mkdir
ntrans quit
dir
help
mls
open
quote
disconnect
idle
mlsd
page
umask
edit
image mlst
passive rcvbuf
epsv4
lcd
mode
pdir
recv
exit
less
modtime pls
reget
features lpage more
pmlsd remopts
fget
lpwd mput
preserve rename
form
ls
mreget progress reset
ftp
macdef msend prompt restart
gate
mdelete
newer proxy
rmdir
rstatus
runique
send
rate
tenex
throttle
trace
type
sendport
set
site
size
sndbuf
status
struct
sunique
rhelp
unset
usage
user
verbose
xferbuf
?
system
Secure Remote Login: ssh
• ssh lets a user securely log in to a remote machine over an IP network
• developed to replace telnet
• encryption/decryption provides data confidentiality and data integrity
over an insecure network
• data is encrypted by sender, and decrypted by recipient using a key
• uses public key (asymmetric) cryptographic algorithms to generate a
mathematically related public-private key pair
• key pair is used to
— establish trust, i.e., authenticate user and host
— encrypt/decrypt the user’s passwords & data
Asymmetric Cryptography
 Advantage: key management
 Disadvantage: Complex mathematical algorithm
Diagnosing Network Problems: netstat
• netstat is used to help diagnose a network problem. For example,
$ netstat -i
Name Mtu
Network
eg1 1500 204.89.162
eg0 1500 38.254.211
loop 1536 loopback-net
#
Name =
Mtu =
Network=
Address=
Ipkts=
Opkts=
Odrop=
Address
dxi4.dxi.com
dxifour.dxi.com
localhost
Ipkts
2275517
4716968
0
Opkts
3783974
2862227
0
Odrop
0
0
0
the name of the interface. It identifies a particular Ethernet board
the maximum transfer unit or maximum packet size for this interface
the network to which this interface is connected
the address of this interface on Internet
# of input packets received by this interface since system was booted
# of output packets sent by this interface since system was booted
# of packets that were dropped without reaching destination
More netstat Examples
netstat
Displays generic net statistics of the host you are currently connected to
netstat –an
Shows all connections to the server including the source and destination
ips and ports if you have proper permissions
netstat -an |grep :80 |wc –l
Display a count of the amount of active connections on port 80
netstat –natp
Displays active Internet connections
The X Window System on a Network
• X Window uses a reverse client-server paradigm:
– the application runs on the client
– the display is handled by the server
• To run a client on a remote machine and still have the display show
up on the local machine:
– on the local machine, run xhost +<remote machine name>
which tells the local machine it’s OK to run X Window
applications from another remote machine
– on the remote machine, run
export DISPLAY=<local machine name>:0.0
which directs the remote machine output to the local machine