Basic Networking Admin Material

Basic Networking Admin Material (top level)

Fundamentals: this module assumes you are familiar with the background presented in Modules 4 and 5

Module 4- Internet and Sockets Overview
Module 5 - Networking Concepts applied to Linux Network Programming
- Updates on IP addressing - subnets, supernets, IPV6 addressing

The material we plan to cover in the Unix Sys Admin ed 5 text related to network sys admin on Linux includes:

Chapters 13-19 cover networking.
The list of topics below will be filled out with pointers to material located elsewhere....much of which will be contained in the Learning Modules:
- 1-9, 11-13, 25, 29. Not all sections will be covered in class. We do not cover the sections of the text that are specific to non-Linux systems. Other sections of the book are covered later in our course, see the network and the security top level pages.

Note that we cover network topics that are related to security in LinuxSystemSecurity.

The following topics provide the basics of Unix network administration.. The majority of concepts are applicable to all types of Unix systems - further detals related to Linux are presented as well.

TCP/IP Networking - ch 13
Physical Networking - ch 14
IP Routing - ch15
DNS - ch16
Web Hosting - ch19

Additional Topics:

Awesome source of info related to network performance and tools such as iperfx, tcpdump - https://fasterdata.es.net/performance-testing/
Ubuntu network configuration
Apache -
- https://help.ubuntu.com/lts/serverguide/httpd.html

ssh,scp and openssh
- https://help.ubuntu.com/lts/serverguide/openssh-server.html

VNC - remote display/control
- https://www.realvnc.com/docs/

Linux commands and popular tools:

Changes to network commands for Ubuntu 16.04 and newer releases
- ifconfig (and other less used commands like iptunnel) replaced by ip
- netstat replaced by ss
Programs/tools related to networking that you are likely to see:
- ping, ping6
- traceroute
- wget
- curl
- iperf, iperf3
  - https://fasterdata.es.net/performance-testing/
- nmap
- nc
- packet tracing:
  - tcpdump - packet sniffer
    - example : sudo tcpdump -i eth0 -s 1500 'icmp' -w mytrace.dmp
      - #captures all icmp packets flowing in/out of eth0- saves in a binary file mytrace.dmp. The -s param says to capture up to 1500 bytes of each packet. For large traces, typically use 64 or 128 byrtes.
    - example sudo tcpdump -nn -tt -X -r mytrace.dmp > mytrace.trace #translates the raw trace info to human readable format
      - -nn : turns off dns lookups - in large traces this is recommended to reduce time to process
      - -tt : puts timestamp in slightly more useful format
      - -X : dumps the data in hex and ascii format.
  - wireshark (need to install with apt-get)
    - GUI to tcpdump
    - install on ubuntu:
      - sudo dpkg-reconfigure wireshark-common
    - install on centos
      - yum install wireshark-gnome (or remove gnome if just want command line tools)
    - Default trace file format Pcap-NG
  - tcptrace / xplot - analyzes tcpdump trace files
  - Convert from Pcap-NG trace format (wireshark's default) to tcpdump pcap using editcap
    - To install editcap, install wireshark command line tools
    - Issue editcap -F to list available formats
    - editcap -F libpcap dump.pcapng dump.pcap
- DNS tools
  - whois
  - dig
- snmp - system to remotely monitor computing and networking systems
  - Try this: cat /proc/net/snmp - lists snmp MIBs tracked by each networking layer

Commands/tools that are interfaces to unix network things...
- ip - try opcodes: address, link, route
- arp - user interface to the arp client
- lshw - shows hardware on the machine
  - $sudo lshw -class network
- ss (no longer use netstat)
- iptables - command line interface to the Linux firewall , refer to this tutorial
  - If you hear of ipfw, this is the firewall used in BSD (FreeBSD) unix systems...
    - See https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html
  - Linux used to use something called IP Masquerade for NAT.... NAT is now integrated withing iptables.
    - Decent tutorial on NAT
  - fwbuilder is a widely used tool that effectively provides a GUI on top of iptables- if you are the sysadmin for a production system (even just your own router in your home), I highly recommend using fwbuilder rather than a script you develop the issues iptable commands.
    - Nice tutorial on fwbuilder
- tc - traffic control - can rate limit flows, emulate loss and latency. It uses iptables.
  - paper "Back from the Dead: Simple Bash for complex DdoS"
  - tc and netem
    - TC Readme
    - HOWTO document
    - tc HOWTO documentation: http://linux-ip.net/articles/Traffic-Control-HOWTO/
      - PDF located here- See Ch9 of Linux Routing Guide
    - tc-htb : http://lartc.org/manpages/tc-htb.html
    - tc-tbf: http://linux.die.net/man/8/tc-tbf
    - netem: note that netem and htb will not work together!!! See http://man7.org/linux/man-pages/man8/tc-netem.8.html
- iwconfig (if you have linux running on your laptop- this is an ifconfig equivalent for wireless networks) (There might be an update in latest ubuntu ???)
- packet tracing
  - tcpdump - packet sniffer
    - example : sudo tcpdump -i eth0 -s 1500 'icmp' -w mytrace.dmp
      - #captures all icmp packets flowing in/out of eth0- saves in a binary file mytrace.dmp. The -s param says to capture up to 1500 bytes of each packet. For large traces, typically use 64 or 128 byrtes.
    - example sudo tcpdump -nn -tt -X -r mytrace.dmp > mytrace.trace #translates the raw trace info to human readable format
      - -nn : turns off dns lookups - in large traces this is recommended to reduce time to process
      - -tt : puts timestamp in slightly more useful format
      - -X : dumps the data in hex and ascii format.
  - wireshark (need to install with apt-get)
    - GUI to tcpdump
    - install on ubuntu:
      - sudo dpkg-reconfigure wireshark-common
    - install on centos
      - yum install wireshark-gnome (or remove gnome if just want command line tools)
    - Default trace file format Pcap-NG
  - tcptrace / xplot - analyzes tcpdump trace files
  - Convert from Pcap-NG trace format (wireshark's default) to tcpdump pcap using editcap
    - To install editcap, install wireshark command line tools
    - Issue editcap -F to list available formats
    - editcap -F libpcap dump.pcapng dump.pcap

Linux specific config examples and related discussion

Either Linux network is managed/configured through the linux network manager, or the network manager is disabled. If you manually configure an interface in /etc/network/interfaces, the network manager will not manage it. Another way to stop network manager:

sudo /etc/init.d/network-manager stop

and then add /etc/network/interfaces

auto eth0
iface eth0 inet static
address 10.0.1.69
netmask 255.255.255.0
gateway 10.0.1.1
dns-search example.com dns-namervers 10.0.1.8 10.0.1.9

Or....if want dhcp:

iface eth0 inet dhcp

Three ways to restart networking:

old way: sudo service network-manager restart
new way: sudo systemctl restart NetworkManager.service
oldest way: sudo /etc/init.d/networking restart

The main network config file is /etc/network/interfaces. On my VM1, I see:

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

NOTE: As of 3/25/2018 I have not updated the info below to reflect the 'correct' way to do things in Ubuntu 16.04. These all work....at least some are considered to be old and should be done with newer commands. I'll try to update this soon!

Add calls to ethtool in this file: $cat /etc/network/interfaces. The following is an example of how the interface identified as eth0 could be permanently configured with a port speed of 1000Mb/s running in full duplex mode.

auto eth0  iface eth0 inet static  pre-up /sbin/ethtool -s eth0 speed 1000 duplex full

To temporarily configure an IP address, you can use the ifconfig command in the following manner. Just modify the IP address and subnet mask to match your network requirements.

sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0

To verify the IP address configuration of eth0, you can use the ifconfig command in the following manner.

ifconfig eth0  eth0      Link encap:Ethernet  HWaddr 00:15:c5:4a:16:5a              inet addr:10.0.0.100  Bcast:10.0.0.255  Mask:255.255.255.0            inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1            RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0            TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0            collisions:0 txqueuelen:1000             RX bytes:2574778386 (2.5 GB)  TX bytes:1618367329 (1.6 GB)            Interrupt:16

To configure a default gateway, you can use the route command in the following manner. Modify the default gateway address to match your network requirements.

sudo route add default gw 10.0.0.1 eth0

To verify your default gateway configuration, you can use the route command in the following manner.

route -n  Kernel IP routing table  Destination     Gateway         Genmask         Flags Metric Ref    Use Iface  10.0.0.0        0.0.0.0         255.255.255.0   U     1      0        0 eth0  0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 eth0

If you require DNS for your temporary network configuration, you can add DNS server IP addresses in the file /etc/resolv.conf. In general, editing /etc/resolv.conf directly is not recommanded, but this is a temporary and non-persistent configuration. The example below shows how to enter two DNS servers to /etc/resolv.conf, which should be changed to servers appropriate for your network. A more lengthy description of the proper persistent way to do DNS client configuration is in a following section.

nameserver 8.8.8.8  nameserver 8.8.4.4

If you no longer need this configuration and wish to purge all IP configuration from an interface, you can use the ip command with the flush option as shown below.

ip addr flush eth0

Flushing the IP configuration using the ip command does not clear the contents of /etc/resolv.conf. You must remove or modify those entries manually, or re-boot which should also cause /etc/resolv.conf, which is actually now a symlink to /run/resolvconf/resolv.conf, to be re-written.

Dynamic IP Address Assignment (DHCP Client)

To configure your server to use DHCP for dynamic address assignment, add the dhcp method to the inet address family statement for the appropriate interface in the file /etc/network/interfaces. The example below assumes you are configuring your first Ethernet interface identified as eth0.

auto eth0  iface eth0 inet dhcp

By adding an interface configuration as shown above, you can manually enable the interface through the ifup command which initiates the DHCP process via dhclient.

sudo ifup eth0

To manually disable the interface, you can use the ifdown command, which in turn will initiate the DHCP release process and shut down the interface.

sudo ifdown eth0

Static IP Address Assignment

To configure your system to use a static IP address assignment, add the static method to the inet address family statement for the appropriate interface in the file /etc/network/interfaces. The example below assumes you are configuring your first Ethernet interface identified as eth0. Change the address, netmask, and gateway values to meet the requirements of your network.

auto eth0  iface eth0 inet static  address 10.0.0.100  netmask 255.255.255.0  gateway 10.0.0.1

By adding an interface configuration as shown above, you can manually enable the interface through the ifup command.

sudo ifup eth0

To manually disable the interface, you can use the ifdown command.

sudo ifdown eth0

last updated: 3/25/2018