HALP! Something is in my tubes!

Download Report

Transcript HALP! Something is in my tubes! 

HALP! Something is in my tubes!
Part I by
Jason Testart, IST
Overview
 OSI Model
 Review of Ethernet, IP and common transport
protocols
 A quick look at DHCP & DNS
 Scenarios we’ll cover:




No DHCP
No DNS
Routing Problems
Problem accessing a specific service on a specific server
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
OSI Model
Layer 7
Application
Presentation
SMTP
SSL
Session
Transport
Layer 1
TCP
Network
IP
Data Link
Ethernet
Physical
1000BASE-T
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Our Focus
Application
Presentation
SMTP
SSL
Session
Layer 4
Transport
Layer 3
Network
IP
Layer 2
Data Link
Ethernet
Physical
TCP
1000BASE-T
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Ethernet




Layer 2
Shared Medium
Addressing using a 48-bit “MAC” address
MAC address represented using 6 groups of 2 hex
digits delimited by a ‘:’ or a ‘-’
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Internet Protocol
 Layer 3
 Encapsulate data from a higher layer
 Routers are computers that span several layer 2
networks
 A router forwards packets from one network to
another based on rules it has.
 It’s all about addressing.
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
One Layer-3 Network
Four Layer-2 Networks (shown)
We don’t care about what’s in the cloud.
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Layer 4 protocols





UDP
TCP
ICMP (ping/traceroute)
IGMP (multicast group management)
ESP (IPSec VPN)
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
UDP





Connectionless
Order not guaranteed
Unreliable
Uses ports, like TCP
DNS, NTP, DHCP
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
TCP





Connection oriented
Ordered
Reliable
Uses ports (0 to 65535)
SMTP, HTTP, IMAP
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
DHCP
 A means of getting an IP address assigned
 http://en.wikipedia.org/wiki/Dhcp#DHCP_acknowl
edgement
 On Windows, use “ipconfig /all | more”
 On Unix/Linux, use “ifconfig –a | more”
 169.254.X.Y means trouble
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Output of ifconfig (Linux)
[jatestar@wiretap ~]$ /sbin/ifconfig -a
eth0
Link encap:Ethernet HWaddr 00:50:56:80:17:EB
inet addr:129.97.85.179 Bcast:129.97.85.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe80:17eb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5219908 errors:0 dropped:0 overruns:0 frame:0
TX packets:3462430 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1024059373 (976.6 MiB) TX bytes:2395847731 (2.2 GiB)
Interrupt:177 Base address:0x1424
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Extract of ipconfig output
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix
Description . . . . . . . . . .
Physical Address. . . . . . . .
DHCP Enabled. . . . . . . . . .
Autoconfiguration Enabled . . .
Link-local IPv6 Address . . . .
IPv4 Address. . . . . . . . . .
Subnet Mask . . . . . . . . . .
Lease Obtained. . . . . . . . .
Lease Expires . . . . . . . . .
Default Gateway . . . . . . . .
DHCP Server . . . . . . . . . .
DNS Servers . . . . . . . . . .
NetBIOS over Tcpip. . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
:
:
:
:
:
:
:
:
:
:
:
:
:
:
uwaterloo.ca
Intel(R) Wireless WiFi Link 4965AGN
00-1F-3B-7B-31-A1
Yes
Yes
fe80::d173:7c70:199c:98f1%10(Preferred)
192.168.46.14(Preferred)
255.255.255.0
November-27-08 8:25:24 PM
November-27-08 8:45:24 PM
192.168.46.1
192.168.46.1
192.168.46.1
Enabled
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
What if DHCP doesn’t work?





Check the cable.
Is there a link light?
VLAN setting OK in ONA?
Linux firewall too secure?
Call for help.
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
DNS





Name lookup can fail, but network is OK
Check your DNS resolver settings
Look for stale host table entries
Clear any DNS caching
Check connectivity using IP addresses
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Handy IP addresses to
memorize




129.97.128.10 (nameserver)
129.97.129.10 (nameserver)
129.97.128.40 (www.uwaterloo.ca)
Your favourite off-campus site
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Resolver settings
 On *nix: /etc/resolv.conf
 On Windows: Run nslookup (or ipconfig)
C:\Users\jatestart>nslookup www.uwaterloo.ca
Server: UnKnown
Address: 192.168.46.1
Non-authoritative answer:
Name:
info.uwaterloo.ca
Address: 129.97.128.40
Aliases: www.uwaterloo.ca
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Hosts Table
 *nix: /etc/hosts
 Windows: hosts or lmhosts somewhere under
System32 directory
 Vista: drivers\etc\hosts
 Keep only ‘localhost’ definitions in there, otherwise
should be empty
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
DNS Caching
 Caching to improve performance
 Windows: “ipconfig /flushdns”
 *nix: Do you have “nscd” running?
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
What if DNS doesn’t work?
 Is the network OK?
 Can you ping “129.97.128.40”?
 Can you ping your fav site? (they allow ping,
right?)
 If network OK, complain that DNS is broken.
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
General Network Problems:
Things to look for
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Gateway
 Need a gateway (router) to access the big bad
Internet.
 Does the computer know it?
 If so, is it the correct one?
 Can you ping the gateway?
 Check all interfaces (wired & wireless)
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Routing tables
[jatestar@wiretap ~]$ netstat -nr
Kernel IP routing table
Destination
Gateway
Genmask
129.97.85.0
0.0.0.0
255.255.255.0
169.254.0.0
0.0.0.0
255.255.0.0
0.0.0.0
129.97.85.1
0.0.0.0
Flags
U
U
UG
MSS
0
0
0
Window
0
0
0
irtt
0
0
0
Iface
eth0
eth0
eth0
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination
Netmask
Gateway
Interface Metric
0.0.0.0
0.0.0.0
192.168.46.1
192.168.46.14
25
127.0.0.0
255.0.0.0
On-link
127.0.0.1
306
127.0.0.1 255.255.255.255
On-link
127.0.0.1
306
127.255.255.255 255.255.255.255
On-link
127.0.0.1
306
192.168.46.0
255.255.255.0
On-link
192.168.46.14
281
192.168.46.14 255.255.255.255
On-link
192.168.46.14
281
192.168.46.255 255.255.255.255
On-link
192.168.46.14
281
224.0.0.0
240.0.0.0
On-link
127.0.0.1
306
224.0.0.0
240.0.0.0
On-link
192.168.46.14
281
255.255.255.255 255.255.255.255
On-link
127.0.0.1
306
255.255.255.255 255.255.255.255
On-link
192.168.46.14
281
===========================================================================
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Multiple default gateways?
 Disable all but one network adapter
 Wireless + wired can be problematic
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
No default gateway?
 Are you sure DHCP is working?
 Reboot.
 If problem persists, call for help.
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Can’t ping the gateway?
 Use “arp” command to see if you have
communicated.
[jatestar@wiretap ~]$ /sbin/arp -an
? (129.97.85.1) at 00:0D:ED:C0:1F:C2 [ether] on eth0
C:\Users\jatestart>arp -a
Interface: 192.168.46.14 --- 0xa
Internet Address
Physical Address
192.168.46.1
00-05-5d-2d-0a-37
224.0.0.22
01-00-5e-00-00-16
224.0.0.252
01-00-5e-00-00-fc
Type
dynamic
static
static
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Client-Server Issues:
Can’t access a specific service on a specific server?
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
What about that service?




Does the service use UDP or TCP?
What ‘port’ does the service use on the server?
Is there a specific port used on the client?
What’s the IP address of the server?
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
A word about ports
Privileged ports (1-1023)
 Most Operating systems
won’t let just anyone bind
to privileged ports
 Notice most “servers” are
on privileged ports?
Ephemeral ports
(typically 1024-65535)
 Ports that clients bind to
when talking to servers
 Ephemeral port range
varies from OS to OS and
may be customized
http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
What’s connected?
 Need to be privileged
 On Windows: netstat –bn
 On *nix: lsof -i -a -n
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
netstat on Windows
C:\Windows\system32>netstat -bn
Active Connections
TCP
TCP
192.168.46.14:49222
192.168.46.14:49347
129.97.128.141:993
192.168.46.1:22
ESTABLISHED
ESTABLISHED
[thunderbird.exe]
[SshClient.exe]
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
lsof on Linux
COMMAND
PID
USER
FD
TYPE DEVICE SIZE NODE NAME
ntpd
5250
ntp
16u IPv4 13035
UDP *:ntp
sshd
6337
root
3u IPv6 14240
TCP *:ssh (LISTEN)
sshd
11337
root
3r IPv6 311941
TCP 192.168.46.1:ssh>192.168.46.14:49347 (ESTABLISHED)
sshd
11339 jatestar
3u IPv6 311941
TCP 192.168.46.1:ssh>192.168.46.14:49347 (ESTABLISHED)
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Can you connect to the port?
 Use telnet to try connecting
 Example: telnet 129.97.128.10 25
 3 outcomes possible
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Connected
 You’re in!
 If there’s a problem, it’s likely something other
than the network
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Connection Refused
 You can connect to the host, but it’s telling you the
service is not there.
 Service is likely not running
 Could be “tcp-wrapped” or application access
control
 Don’t blame the firewall!
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Timeout
 Connection attempt is hanging, or timed out
 If you know your network is OK, and the server is
OK, then something might be blocking you!
 Host-based firewall?
 IPSec Local Security Policy?
 Router ACL?
 Network firewall?
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Turning it over to Mike....
THANK YOU
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!