1. Chapter 12
Linux Networking

2. https://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet

3. What happens when I click on
?????

4. Step 1: Firefox figures out what to do with the URL “http://www. ee
Three components in the URL:
Where?
What? /~tthomas
How? Through the HTTP protocol.
Talk to the http (apache) daemon using the HTTP protocol on to get file /~tthomas (index.html).
Firefox finds out what is the network address of

5. finding out the network address of “www.ee.cooper.edu”
Firefox goes to a domain name server (DNS) to find out the IP address of “
host = gethostbyname(“
DNS server in our department:
NS1.COOPER.EDU  
How does Firefox know the address of the DNS server?
Hard-coded at system (network) configuration. E.g. /etc/resolv.conf in Linux systems.

6. Step 1: Get the IP address from the DNS server.
Call its UDP protocol entity to talk to port 53
UDP protocol calls IP to send a datagram to
Turns out that is on the same Ethernet domain, can send directly via the Ethernet.
Needs to find out the Ethernet address of
uses ARP protocol, sends an ARP packet over the network
What is the address of ?
result: 08:00:20:FC:EF:6D.
IP asks Ethernet to send an Ethernet frame to 08:00:20:FC:EF:6D.
Ethernet on receives an Ethernet frame, turns out to be an IP packet, pass it to the IP module.
IP module finds out that it is a UDP packet and passes it to the UDP module.
UDP realizes that a process is listening to port 53, notifies the process.

7. Step 1: How to get the IP address from the DNS server? (continued)
Firefox calls the UDP protocol entity to send a message to /53
The UDP message to the DNS server is “What is the IP address of
The DNS server sends a message back:

8. Step 2: Set up a TCP connection to the remote (199. 98. 16
Step 2: Set up a TCP connection to the remote ( ) http daemon.
Calls TCP entity to set up a connection to /80
TCP protocol calls IP to send a datagram to
turns out that ( and this machine are directly connected.
Find the Ethernet address of using arp
…...
receives a packet.

9. Step 4: Firefox displays the file in the window.
Step 3: Talk to the http daemon on using the http protocol.
Use TCP to send strings (following the HTTP protocol): “get /~tthomas HTTP/1.1\nHost:
TCP entity calls IP to send a datagram
…..
responses with the content of /~tthomas (my index.html)
Step 4: Firefox displays the file in the window.

10. Networking Machine Name: the name you wish to call your machine.
IP number: a unique number used to identify your machine.
Netmask: a number that defines the scope of your local network.
Default gateway: the gateway out of your subnet.
Nameserver: the system that resolves machine names to IP address.

11. Layers and Protocols What were we using? What did it look like?
IP, the Internet Protocol, which routes data packets from one machine to another (RFC791)
ICMP, the Internet Control Message Protocol, which provides several kinds of low-level support for IP, including error messages, routing assistance, and debugging help (RFC792)
ARP, the Address Resolution Protocol, which translates IP addresses to hardware addresses (RFC826)
UDP, the User Datagram Protocol, which provides unverified, one way data delivery (RFC768)
TCP, the Transmission Control Protocol, which implements reliable, full duplex, flow-controlled, error-corrected conversations (RFC793)

12. IP Networking
A presence on the Internet is identified by an “IP address”. A good analogy is that the IP address of a machine is its phone number.
Along with a machine’s phone number (IP address) comes a set of “port numbers” which are similarly analogous to telephone extension numbers. An IP network connection is uniquely defined by the “tuple” of the IP address and port number at either end.
Clearly the two machines at either end of the connection must agree about what ports are involved.
Note that a single port on a single IP address can conduct communications with more than one other end, so long as they have different (IP address, port number) pairs.

13. Network Listeners
Network connections can be set up by prior agreement at both ends to determine port numbers.
However, this is not what happens in practice and the common way network connections are set up is (somewhat simplified) as follows.
One system, the “server”, sets up something that is almost, but not quite, a network connection.
The local ends are its own IP address and a port number, but the two remote elements of the tuple are set to values that mean “anything”. No actual data is emitted by the machine at this point, but one end of a connection exists on a machine.
This is called a “listener”.

14. Network Listeners
Another system, the “client”, selects a (typically) random local port number and sets up a connection to the port on the server.
Because the server already has half of a connection established the connection attempt succeeds.
Conversely, if the server had not been running a listener on that port the connection attempt would have been refused.
Once the client has established a connection the server has two tuples in hand: the “half defined” listener tuple and a fully defined 4-tuple carrying the server’s IP address and port and the client’s IP address and port.
At this point the Linux process responsible for this listener “forks”. This means that it splits into two copies of itself that are identical save for one of them knowing it is the parent and the other knowing it is the child. No data should be sent from the client while the network connection is in this state.
Note that it has to know the server port number in advance and we will return to this issue soon.

15. Network Listeners
The parent then closes the connection corresponding to the fully defined tuple and the child closes the connection corresponding to the half defined tuple.
The parent then goes back to waiting for more incoming connections and the child carries on with the actual business of communicating with the client.
The child server typically starts by sending some data to the client so that the client now knows it is safe to send data itself.
Because the parent and child are separate processes, no amount of catastrophic failure in the child should be able to influence the behaviour of the parent’s listener.

16. ICMP: Internet Control Message Protocol
Control messages
source quench, too many packets (choke packet)
time exceeded: TTL zero,(wandering for too long)
destination unreachable
fragmentation required: MTU too small.
parameter problem: header invalid
For information messages:
echo request/reply
timestamp request/reply
Two programs that use the ICMP protocol:
ping and traceroute

17. The Address Resolution Protocol (arp)
Some control protocols used by IP
ARP: address resolution protocol
find out the Ethernet address for an IP address
a host broadcast to everyone asking “who owns IP address xxx.xxx.xxx.xxx”
The host with that IP address response with its Ethernet address.
RARP: reverse address resolution protocol.
Find out a host’s IP address.
The host broadcast to everyone asking “My Ethernet address is ?????????, who knows my IP address?”
The RARP server looks up the configuration file and reply with its IP address.

18. ARP Cont’
The lookup from IP address to ethernet address is only kept for a few minutes after it is last used in a table called the “MAC table” or the “ARP cache”. To get at it directly use the arp command.

19. TCP and UDP Not all protocols use true connections.
TCP (“transmission control protocol”) defines a full connection between the two machines. Delivery of data from one end of the connection to the other is guaranteed (by retransmission if necessary) and either end knows if the other has closed the connection.
UDP (“user datagram protocol”) does not bother with the overhead of a connection. It consists simply of packets of data sent from one machine’s port to another with no guarantee of arrival.

20. Network Interfaces
The configuration files for network interfaces are located in the /etc/sysconfig/network-scripts/ directory.
The scripts used to activate and deactivate these network interfaces are also located here.
Although the number and type of interface files can differ from system to system, there are three categories of files that exist in this directory:
Interface configuration files
Interface control scripts
Network function files
The files in each of these categories work together to enable various network devices.

21. Network Interfaces Cont’d
The primary network configuration files are as follows:
/etc/hosts The main purpose of this file is to resolve host names that cannot be resolved any other way. (i.e. no DNS server)
Regardless of the type of network the computer is on, this file should contain a line specifying the IP address of the loopback device ( ) as localhost.localdomain.
/etc/resolv.conf This file specifies the IP addresses of DNS servers and the search domain.
Unless configured to do otherwise, the network initialization scripts populate this file.
/etc/sysconfig/network This file specifies routing and host information for all network interfaces. It is used to contain directives which are to have global effect and not to be interface specific
/etc/sysconfig/network-scripts/ifcfg-interface-name For each network interface, there is a corresponding interface configuration script.

22. Local Domain Resolution
Lists hosts to be resolved locally (not by DNS).
Edit the /etc/hosts file!!!!
File: /etc/hosts - locally resolve node names to IP addresses
your-node-name.your-domain.com localhost.localdomain localhost
XXX.XXX.XXX.XXX node-name

23. /etc/sysconfig/network
For example:
NETWORKING=yes
HOSTNAME=penguin.example.com
GATEWAY=
This is used as the default gateway when there is no GATEWAY directive in an interface's ifcfg file.

24. Enabling Networking Upon Bootup
vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=none
DEVICE=eth0
IPADDR= # your IP address NETMASK= # your netmask
ONBOOT=yes
USERCTL=no

25. Network Service and NetworkManager
if you look at /etc/sysconfig/network-scripts "service network stop/start" will run these scripts.
“systemctl restart network”

26. Well Known Ports
Classic Internet services listen on “well known ports”.
These are listed in the file /etc/services.
The first word on the line is the official name of the service.
The second is the port and the protocol. Often there is both a TCP and UDP entry. The port has been assigned for both but only one is typically used.
Next come any aliases for the service. The hash character (“#”) introduces
any comments which run to the end of the line.

27. The Portmapper
Not all permanent network services listen on well known ports. Some use a different scheme where they listen on
an arbitrary port and register this port with a service, called the portmapper, which does listen on a well known
port (number 111).

28. The Portmapper
This scheme is used by the “RPC” (remote procedure call) services.
When an RPC client wants to connect to an RPC service it first connects to the portmapper service, queries it for the port number of the service it is actually interested in and then connects to the service it wants.
RPC services can be run over TCP or UDP and the portmapper listens for queries both by UDP and TCP.
The two most famous RPC services are NIS and NFS.

29. Interface Configuration ifconfig: configure network interfaces
ifconfig enables or disables a network interface, sets its IP address and subnet mask, and sets various other options and parameters. (common parameters include: -a (all interfaces, up/down, netmask)

30. Ifconfig examples Change IP address Change Subnetmask
ifconfig eth
Change Subnetmask
ifconfig eth0 netmask
Take interface down
ifconfig eth0 down
*Bring interface up (NOTE you still have to restart network services or NetworkManager)
ifconfig eth up

31. ip examples Assign/change an ip address
ip addr add dev eth1
Change Subnetmask
ip addr add /24 dev eth0
Take interface down
ip link set eth0 down
*Bring interface up
ip link set eth0 up

32. static routes
Use the ip route command to display the IP routing table.
If static routes are required, they can be added to the routing table by means of the
ip route add command
removed using the
ip route del command.
To add a static route to a host address, that is to say to a single IP address, issue the following command as root: ip route add X.X.X.X where X.X.X.X is the IP address of the host in dotted decimal notation.
To add a static route to a network, that is to say to an IP address representing a range of IP addresses, issue the following command as root: ip route add X.X.X.X/Y where X.X.X.X is the IP address of the network in dotted decimal notation and Y is the network prefix.
]# ip route add via [dev ifname]

33. Static Routes Cont’d
Static route configuration can be stored per-interface in a /etc/sysconfig/network-scripts/route-interface file. For example, static routes for the eth0 interface would be stored in the /etc/sysconfig/network-scripts/route-eth0 file.
route command - Older command line utility to show or manipulate the Linux kernel routing table. This command exists for historical and compatibility reasons only.

34. Static Routes Cont’d
You need to edit the following configuration files for static route configuration :
/etc/sysconfig/network - Edit this file to set default gateway IP address.
/etc/sysconfig/network-scripts/route-ethX - Edit this file to set additional static gateway IP address.
CentOS: Displaying current routing table
Type any one of the following command: # netstat -nr # route -n # ip route list
# route add default gw eth0 OR # ip route add /24 dev eth0

35. Netstat netstat – network statistics tool Common parameters include:
Collects LOTS of networking information about your system
Common parameters include:
-i displays information about your network interfaces
-a shows processes that are actively communicating and inactively “listening” on communication ports
-p shows specific process associated with each port
-s gives statistics

36. Netstat

37. More Linux Networking Tools
Wireshark
Ping
Traceroute
SSH
SCP

38. Wireshark

39. ping
Sends ICMP ECHO_REQUEST packets to network hosts.

40. Traceroute
There are scenarios in which one would like to know the route which a connection follows.
IP addresses of all the forwarding entities (routers in between).
No guarantee that the route will remain same for all the packets of a connection but usually it is same.
This route related information can be very handy while debugging network related issues.
traceroute utility prints out complete route to a particular destination

41. traceroute

42. SSH (secure shell)
sshd (SSH Daemon) is the daemon program for ssh, provides secure encrypted communications between two untrusted hosts over an insecure network.
sshd is the daemon that listens for connections from clients.
Useful options:
-p <port> connect to the remote sshd on the specified port
-f tells ssh to go into the background just before it executes the command.
-L local-port:host:remote-port. (binds)
-N instructs OpenSSH to not execute a command on the remote system.

43. Secure Copy (scp)
Copies files over the network securely; uses ssh for data transfer, using the same authentication and providing the same security as ssh.
scp [-p] [-v] [-r] ...
Example usage:
scp -P 2222 linuxadmin-chap3-4.ppt

44. Network Management Best Practices:
Make one change at a time. Test each change to make sure that it had the effect you intended.
Document every change you make along the way.
Use monitoring tools like netstat and wireshark to capture relevant system information
Start at one end of a system or network and work through the system’s network layers and finally, check the server’s physical connections and software configuration.
Communicate regularly to users

45. Network Management cont’
Work as a team. Years of experience show that people make fewer mistakes if they have a peer helping out. If the problem has any visibility, management will also want to be involved.
Take advantage of managers‘interest to get technical people from other groups on board and to cut through red tape where necessary.

46. In Class Exercise Installing and configuring wireshark
Start a capture using wireshark
While wireshark is capturing, use your browser to connect to
Stop the wireshark capture
View the contents of the capture using wireshark.

47. Cron Cron daemon – controls periodic processes in the Linux system
Reads one or more configuration files containing lists of command lines and times they are to run.
crontab aka “cron table” – cron configuration file
Cron wakes and sleeps every minute to check all configuration files, reloads any files that have changed, and executes any that are scheduled.

48. Cron locations
Each user in the system can store their own cron file in /var/spool/cron
System maintenance files located /etc/cron.d and /etc/crontab
Generally /etc/crontab is the file sys admins change by hand
/etc/cron.d is the location software packages can install crontab entires

49. Cron File Format # designates comments
minute hour day month weekday [username] command
First 6 fields separated by whitespace
Username found only in /etc/crontab and /etc/cron.d

50. Cron details Each of the time-related fields may contain:
A star, which matches everything
A single integer, which matches exactly
Two integers separated by a dash, matching a range of values
A range followed by a slash and a step value, e.g., 1-10/2 (Linux only)
A comma-separated list of integers or ranges, matching any value

51. Cron Examples
* * 1-5
Means to run every Monday through Friday at 10:45am
* * 0-3, 6 /staff/trent/bin/checkservers
Means to run checkservers command everday at 11:55pm except Thursdays and Fridays

52. Crontab Management
crontab filename installs filename as your crontab replacing any previous version.
crontab arguments:
e checks out a copy of your crontab for editing
l lists crontab contents
r removes crontab
u username (used by root to edit or view a users crontab file)
/etc/cron.allow and /etc/cron.deny
If netiher file exists only root can submit crontabs

53. Common Uses for Cron Why would this be useful?
Automated system backups
Automated cleaning of tmp files or log files
Automated system usage reports
Automated reports of failed logins