UNIX Networking

1

UNIX Networking

2

Section Overview

TCP/IP Basics

TCP/IP Configuration

TCP/IP Network Testing

Dynamic Host Config Protocol (DHCP)

Wireless Networking

3

TCP/IP Protocol Stack

Physical Layer (media)Physical Layer (media)

Link Layer (Device Drivers)Link Layer (Device Drivers)

Network Layer (IP)Network Layer (IP)

Transport Layer (TCP,UDP)Transport Layer (TCP,UDP)

Application (FTP, HTTP, DNS)Application (FTP, HTTP, DNS)

4

EE IPIP T/UT/U

TCP/IP Packet Encapsulation

UTP/PSTNUTP/PSTN

Ethernet/PPPEthernet/PPP

IPIP

TCP/UDPTCP/UDP

ServiceService DataData

DataData

T/UT/U DataData

IPIP T/UT/U DataData

EE

5

Connecting to a Network

Hostname and IP Address assignmentConfiguration of hardwareDefault route (gateway) assignmentName Service ConfigurationTesting and troubleshooting

6

Hostnames

Uniquely identifies each systemFully Qualified Domain Name hostname.site.domain[.country] Country: 2 letter identifier for country Domain: Type of site (edu, com, org) Site: Unique name of organization Hostname: Unique name of system

hostname: Display or set system name

7

IP Addresses

Unique for each connection (interface)Consists of 4 octets (#.#.#.#) Network portion Host portion

Special Addresses Network Address Broadcast Address

8

IP Address Classes

ClassClass 11stst Byte Byte FormatFormat Total HostsTotal Hosts

A 0 – 126 N.H.H.H 16 Million

B 128 – 191

N.N.H.H 64 Thousand

C 192 – 239

N.N.N.H 254

D 224 – 239

- (Multicast)

E 240 – 254

- (Experimental)

9

Subnet Masks

Splits networks into subnetworksSeparates address into 2 parts 1’s – Network Portion 0’s – Host Portion

Example: Class C Network Address: N.N.N.H Mask: 255.255.255.0 (255 =

11111111) CIDR Notation: N.N.N.H/24

10

Interface Configuration

Hardware to connect to networkCommon interfaces Ethernet Modem

Loopback (lo) Interfaceifconfig – View/Configure interface

11

Ethernet Addressing

Assigned by manufacturer (hardware)Must be absolutely uniqueAddress format 6 octets in hex (#:#:#:#:#:#) First 3 octets: Manufacturer Identifier Last 3 octets: Card serial number

Used for local network communication

12

Translates IP addresses to Ethernet (MAC) addressesTranslates IP addresses to Ethernet (MAC) addresses

Address Resolution Protocol

Who is 10.0.0.3?Who is 10.0.0.3?

10.0.0.110.0.0.1 10.0.0.210.0.0.2 10.0.0.310.0.0.3 10.0.0.410.0.0.4

I am (1:2:3:7:8:9)I am (1:2:3:7:8:9)

arp –a: View the cache

13

Connects Networks togetherIf destination not on local network, packets sent through gateway

Default Gateways

route: Display/configure routing

14

RedHat Network Files

/etc/sysconfig/networkHOSTNAME

/etc/sysconfig/network-scripts/ ifcfg-[interface]

BOOTPROTO ONBOOTIPADDR GATEWAYUSERCTL NETMASKNETWORK BROADCAST

ifup/ifdown [interface]

15

Name Services

/etc/hosts Local configuration Localhost – 127.0.0.1

/etc/resolv.conf Domain Name Service (DNS) lookup search: domains to search if not FQDN nameserver (3): Nameservers to consult

/etc/nsswitch.conf

16

DNS Name Resolution

11

22

33

44 55

667788

host.domain.comhost.domain.com dns.domain.comdns.domain.com dns.iupui.edudns.iupui.edu dns.cs.iupui.edudns.cs.iupui.edu

Root ServerRoot Server Non-RecursiveNon-Recursive

RecursiveRecursive

17

Network Testing

Localhost reachabilityHostname reachabilityLocal network reachabilityInternet network reachabilityDNS resolution

18

Network tools

ping – Reachability testtraceroute – Routing performancenetstat – Network performance statstcpdump – Packet sniffingnslookup/dig – DNS QueriesConfiguration tools (already discussed)

19

Dynamic Host Config Protocol

Client broadcasts a request for an IP address and network informationServer leases address to clientLease must be renewed periodicallyEasy to make global network changesLinux: BOOTPROTO=dhcp

20

Wireless Networks

Extend the networkIncluded in many devices now

Laptops PDAs DSL/Cable Modems

Bandwidth (YMMV!) 802.11b – 11 Mbps 802.11g – 54 Mbps

Set Service Identifier (SSID) Shared “key” between clients and Access Point (AP) Automatically detected vs. assigned

21

Wireless Security Issues

Sniffing / War DrivingBandwidth stealingAccess to private resourcesSecurity Measures Non-broadcasting SSIDs MAC Access Control Lists (ACLs) WEP?

22

RedHat ifcfg- Additions

TYPE=Wireless

ESSID=[ssid name]

CHANNEL=[1-11]

MODE=[Auto|Managed|Ad-hoc]

Can set manually with /sbin/iwconfig

23

Virtual Private Networks

Virtual Private NetworkVirtual Private Network

VPNVPNServerServer

ApplicationApplicationServerServer

InternetInternet

24

Point to Point Tunneling Protocol

Based on Point to Point Protocol (PPP) Generic Routing Encapsulation (GRE)

IP HdrIP Hdr GRE HdrGRE Hdr Encrypted GRE BodyEncrypted GRE BodyPPPPPP DataDataTCPTCPIPIP

WeaknessesWeaknesses Poor EncryptionPoor Encryption Session handshaking done in clearSession handshaking done in clear

25

IPSec

Part of IPv6 SpecAuthentication Header (AH)

IPv4 HdrIPv4 Hdr Auth HdrAuth Hdr TCP/UDP Hdr & DataTCP/UDP Hdr & Data

Encapsulating Security Payload (ESP)Encapsulating Security Payload (ESP)

IPv4 HdrIPv4 Hdr ESP HdrESP Hdr Encrypted PayloadEncrypted PayloadDataDataTCP HdrTCP Hdr ESP AuthESP AuthESP TlrESP Tlr

Modes: Transport and TunnelModes: Transport and Tunnel