Networking Basics with Linux

Editor's Notes

• #4: A protocol is a set of standards for communication between network hosts. Protocols often provide services, such as email or file transfer. Most protocols are not intended to be used alone, but instead rely on and interact with other dependent or complimentary protocols. A group of protocols that is intended to be used together is called a protocol suite.
• #5: Internet Protocol (IP) IP is the main protocol used on the Internet. It is a connectionless protocol that makes routing path decisions. It also handles logical addressing issues through the use of IP addresses. Transmission Control Protocol (TCP) TCP provides services that ensure accurate and timely delivery of network communications between two hosts. TCP is a connection-oriented protocol. TCP provides the following services to ensure message delivery: Sequencing of data packets Flow control Error checking User Datagram Protocol (UDP) UDP is a connectionless protocol. UDP is a host-to-host protocol like TCP. However, it does not include mechanisms for ensuring timely and accurate delivery. Because it has less overhead, it offers fast communications, but at the expense of possible errors or data loss. Internet Control Message Protocol (ICMP) ICMP works closely with IP in providing error and control information, by allowing hosts to exchange packet status information, which helps move the packets through the internetwork. Two common management utilities, ping and traceroute, use ICMP messages to check network connectivity. ICMP also works with IP to send notices when destinations are unreachable, when devices' buffers overflow, the route and hops packets take through the network, and whether devices can communicate across the network. Internet Group Membership Protocol (IGMP) IGMP is a protocol for defining host groups. All group members can receive broadcast messages intended for the group (called multicasts). Multicast groups can be composed of devices within the same network or across networks (connected with a router). HyperText Transfer Protocol (HTTP) HTTP is used by Web browsers and Web servers to exchange files (such as Web pages) through the World Wide Web and intranets. HTTP can be described as an information requesting and responding protocol. It is typically used to request and send Web documents, but is also used as the protocol for communication between agents using different IP protocols. HTTP over SSL (HTTPS) HTTPS is a secure form of HTTP that uses SSL to encrypt data before it is transmitted. Secure Sockets Layer (SSL) SSL secures messages being transmitted on the Internet. It uses RSA for authentication and encryption. Web browsers use SSL (Secure Sockets Layer) to ensure safe Web transactions. URLs that begin with https:// trigger your Web browser to use SSL. Transport Layer Security (TLS) TLS is an improved version of SSL. It ensures that messages being transmitted on the Internet are private and tamper proof. TLS is implemented through two protocols: TLS Record provides connection security with encryption (e.g., with DES). TLS Handshake provides mutual authentication and choice of the encryption method. File Transfer Protocol (FTP) FTP provides a generic method of transferring files. It can include file security through usernames and passwords, and it allows file transfer between dissimilar computer systems. FTP can transfer both binary and text files, including HTML, to another host. FTP URLs are preceded by ftp:// followed by the address of the FTP server. To log in to an FTP server, use ftp://username@servername. Trivial File Transfer Protocol (TFTP) TFTP is similar to FTP. It lets you transfer files between a host and an FTP server. However, it provides no user authentication and no error detection. Because it does not perform error detection, TFTP is faster than FTP, but might be subject to transmission errors.
• #6: Secure File Transfer Protocol (SFTP) SFTP is a secure version of FTP that uses Secure Shell (SSH) to encrypt data transfers. SSH ensures that SFTP transmissions use encrypted commands and data which prevent data from being transmitted over the network in clear text. Secure Copy Protocol (SCP) SCP is used to copy files between systems. Like SFTP, SCP relies on SSH to ensure that data and passwords are not transmitted over the network in clear text. Simple Mail Transfer Protocol (SMTP) SMTP is used to route electronic mail through the internetwork. SMTP is used: Between mail servers for sending and relaying mail. By all email clients to send mail. Internet Message Access Protocol (IMAP) IMAP is an email retrieval protocol designed to enable users to access their email from various locations without the need to transfer messages or files back and forth between computers. Messages remain on the remote mail server and are not automatically downloaded to a client system. An email client that uses IMAP for receiving mail uses SMTP for sending mail. Post Office Protocol 3 (POP3) POP3 is used to retrieve email from a remote server to a local client over a TCP/IP connection. With POP3, email messages are downloaded to the client. An email client that uses POP3 for receiving mail uses SMTP for sending mail. Dynamic Host Configuration Protocol (DHCP) DHCP is a protocol that automatically assigns addresses and other configuration parameters to network hosts. Using a DHCP server, hosts receive configuration information at startup, reducing the amount of manual configuration required on each host. Domain Name System (DNS) DNS is a system that is distributed throughout the internetwork to provide address and name resolution. For example, the name www.mydomain.com would be identified with a specific IP address. Network Time Protocol (NTP) NTP is used to communicate time synchronization information between systems on a network. Lightweight Directory Access Protocol (LDAP) LDAP is used to allow searching and updating of a directory service. The LDAP directory service follows a client/server model. One or more LDAP servers contain the directory data, the LDAP client connects to an LDAP server to make a directory service request. Simple Network Management Protocol (SNMP) SNMP is a protocol designed for managing complex networks. SNMP lets network hosts exchange configuration and status information. This information can be gathered by management software and used to monitor and manage the network. Remote Terminal Emulation (Telnet) Telnet allows an attached computer to act as a dumb terminal, with data processing taking place on the TCP/IP host computer. Telnet uses insecure data transmissions and should be avoided. SSH provides the same functionality but does so securely using encryption. Secure Shell (SSH) SSH allows for secure interactive control of remote systems. SSH is a secure and acceptable alternative to Telnet. SSH uses public key cryptography for both connection and authentication.
• #7: Network ports are logical connections provided by the TCP or UDP protocols. The IP protocol stack uses port numbers to determine what protocol incoming traffic should be directed to. ICANN specifies three categories for ports: Well-known ports range from 0 to 1023 and are assigned to common protocols and services. Registered ports range from 1024 to 49151 and are assigned by ICANN to a specific service. Dynamic (also called private or high) ports range from 49,152 to 65,535 and can be used by any service on an ad hoc basis. Ports are assigned when a session is established, and released when the session ends.
• #16: Prefix The first 64-bits is known as the prefix. The 64-bit prefix can be divided into various parts, with each part having a specific meaning. Parts in the prefix can identify the geographic region, the ISP, the network, and the subnet. The prefix length identifies the number of bits in the relevant portion of the prefix. To indicate the prefix length, add a forward slash (/) followed by the prefix length number. Full quartets with trailing 0s in the prefix address can be omitted (for example, 2001:0DB8:4898:DAFC::/64). Because addresses are allocated based on physical location, the prefix generally identifies the location of the host. The 64-bit prefix is often referred to as the global routing prefix. Interface ID The last 64-bits is the interface ID. This is the unique address assigned to an interface. Addresses are assigned to interfaces (network connections), not to the host. Technically, the interface ID is not a host address. In most cases, individual interface IDs are not assigned by ISPs, but are rather generated automatically or managed by site administrators. Interface IDs must be unique within a subnet, but can be the same if the interface is on different subnets. On Ethernet networks, the interface ID can be automatically derived from the MAC address. Using the automatic host ID simplifies administration.
• #17: There are no broadcast addresses in IPv6. IPv6 multicast addresses are used instead of broadcast addresses.
• #18: Static full assignment Static full assignment is where the entire 128-bit IPv6 address and all other configuration information is statically assigned to the host. Static partial assignment Static partial assignment is where the prefix is statically assigned and the interface ID uses the modified EUI-64 format derived from the MAC address. Stateless autoconfiguration Stateless autoconfiguration is where clients automatically generate the interface ID and learn the subnet prefix and default gateway through the Neighbor Discovery Protocol (NDP). NDP uses the following messages for autoconfiguration: Router solicitation (RS) is a message sent by the client to request that the routers respond. Router advertisement (RA) is a message sent by the router periodically and in response to RS messages to inform clients of the IPv6 subnet prefix and the default gateway address. NDP is also used by hosts to discover the address of other interfaces on the network, replacing the need for Address Resolution Protocol (ARP). Even though NDP provides enough information for the addressing of the client and for clients to learn the addresses of other clients on the network, it does not provide the client with DNS server information or other IP configuration information besides the IP address and the default gateway. DHCPv6 IPv6 uses an updated version of DHCP (called DHCPv6) that operates in one of two different modes: Stateful DHCPv6 is used when the DHCP server provides each client with the IP address, default gateway, and other IP configuration information (such as the DNS server IP address). The DHCP server tracks the status (or state) of the client. Stateless DHCPv6 does not provide the client an IP address and does not track the status of each client, but rather is used to supply the client with the DNS server IP address. Stateless DHCPv6 is most useful when used in conjunction with stateless autoconfiguration.
• #19: A router is a device that sends packets from one network to another network. Routers receive packets, read their headers to find addressing information, and send them on to their correct destination on the network or Internet. Routers can forward packets through an internetwork by maintaining routing information in a database called a routing table.
• #20: Every Linux system maintains a routing table in RAM that it uses to determine where to send data on a network.
• #22: The default router IP address: Must be configured on each host to allow inter-network communication. Without the default router, hosts will only be able to communicate with devices within the same subnet. Must be on the same subnet as the host computer. Routers have multiple network interface cards attached to multiple networks. When configuring the default router, choose the address on the local subnet. Is stored in the /etc/sysconfig/network/routes or the /etc/sysconfig/network-scripts/route-interface file, depending upon the distribution. Changes to this file will not take effect until the network interface is restarted.
• #24: Name resolution services resolve easy to remember host and domain names into IP addresses. The following table lists the files that administrators use to configure name resolution settings on Linux. /etc/hosts Map host names to their associated IP addresses. Each record in this file line contains an IP address along with the hostname that should be resolved to that IP address. It may optionally contain an alias that also maps to that same IP address. When a host needs to resolve a hostname into an IP address, this file is read first by default. If a mapping for the hostname is found, it is used, and the name resolution process ends. If a mapping is not found in this file, then the name resolution request is sent to a DNS server. /etc/resolv.conf Provide the system with the address of a DNS server that can be used for name resolution. Up to three servers can be listed, and the servers are accessed in the order specified. The file can also specify a fully qualified domain name that will be appended to hostnames that are missing a domain name.
• #26: 1. Identify the symptoms and potential causes When identifying the problem and potential causes: Ask the user to describe the problem. Check for error messages. Recreate the problem. Identify the affected area. Determine how large the problem is. For example, fixes for one client workstation would likely be very different than fixes for an entire network segment. 2. Establish what has changed Ask questions to discover what might have changed that could have caused the problem. Problems are frequently caused by a change to the system, such as: Adding new hardware Installing new software Making configuration changes 3. Create a hypothesis Create a hypothesis by reviewing the list of potential causes and selecting the most probable cause. Look for common errors or solutions that can be tried quickly. 4. Create an action plan Create an action plan and account for side effects of the proposed plan. The plan might require purchases that need approval before proceeding. In addition, the plan might involve taking services offline for a period of time. Identifying the effects ahead of time helps put measures into place to eliminate or reduce any potential negative consequences. 5. Implement the fix Implement the fix, and then make sure that the solution has fully fixed the issue and has not caused any other problems. If necessary, implement additional steps to correct the problem if the first solution did not work. 6. Ensure user satisfaction Ensuring user satisfaction may include educating the user, such as explaining what the problem was, the solution, and how to avoid the problem in the future. 7. Document the solution Document the solution to the problem. If problems occur in the future, check the documentation first to see what has changed or to recall the solution to common problems.
• #27: Physical issues The best way to verify if a connection is valid is to check the link light on both the workstation and the switch. If the link light is unlit, try the following: Swap the cables. This will help determine whether the cable is the problem. Try using a different switch port for the connection. Make sure that the card is properly seated. Use loopback plugs to test network cards and cable testing devices to test network cables. Interference Interference is caused by electromagnetic fields or radio frequency interference. Check the following: For wired cables, make sure wires are not routed next to motors or fluorescent lights that can cause interference. For wireless devices, make sure there are no other devices in the area transmitting on the same frequency and channel (e.g., microwaves or cordless phones). Check to make sure that the cable is not kinked or worn. Cables should be routed through walls or ceilings, not strung across the floor. If a cable must run across the floor, encase the cable to prevent wear and secure the cable in place to prevent tripping accidents. Worn cables might introduce some interference, or simply prevent signals from being sent properly. Network issues If the device and its connection appear to be working correctly, check the following: Check firewalls on both end devices to see if communications are being blocked by a host-based firewall. Check the service on the target device to make sure that it is running and is properly configured.
• #28: ping Verify connectivity between hosts within the network. Ping a host using its IP address. If there is no response, try to ping another host. If your computer cannot communicate with any other computer, check the network cable, the network interface card, or the IP address configuration on your computer. If your computer can communicate with computers on the local network, but can't communicate with remote computers (such as the Internet), verify the default gateway configuration on your computer. If all computers on the local network cannot communicate with any remote computer, troubleshoot the router's connection to the remote network. Ping a host using its DNS name. If a ping by IP address works, but a ping by DNS name fails, then there is probably a name resolution problem. Use the -c option to specify how many ICMP echo requests to send to the destination. IPv6 communications can be tested using ping, but the ping6 command must be used. netstat Display a list of network connections (e.g., sockets), the routing table, and information about the network interface. A socket is an endpoint of a bidirectional communication flow across a computer network. Use the following options for additional information: -a lists both listening and non-listening ports. -i displays a table of all network interfaces. -l lists listening sockets. -s displays statistics for each protocol. -r displays the routing table, which includes the IP address of the default gateway. nc Test communications between network hosts. The netcat (nc) command establishes a TCP or UDP connection between two computers. The procedure for using nc is to: Open a listening TCP or UDP socket on one host. The syntax is nc -l port_number. The -l option tells netcat to wait and listen for incoming connections. If no protocol is specified, then TCP is used by default. To use UDP instead of TCP, include the -u option in the command. Connect to the listening socket on the first host from another host. The syntax is nc ip_address port_number. After the connection is established, text entered at the prompt of the second computer should appear on the screen of the first computer. You must open the appropriate ports in the host firewalls of both systems. traceroutetracepath Test connectivity between devices, show the path between the two devices. traceroute: Can help track down which router (known as a hop) in the route is not working correctly. Displays the Round Trip Time (RTT) for each hop. The RTT is the time difference between when the probe was sent from traceroute and the time the response arrived for each packet. tracepath is similar to traceroute, but does not require super user privileges. To test IPv6 routing, use the traceroute6 or the tracepath6 commands instead of traceroute. nslookup Send a name resolution request. To use nslookup: Enter nslookup at the shell prompt. Enter the hostname or IP address, such as 192.168.1.1. The DNS server should respond with the requested mapping. Enter exit when finished. dig Send a name resolution request and receive extensive information about the hostname or IP address. Consider the following options: a resolves a record information. ptr resolves a ptr record. cname resolves cname record information. p queries a specific port on the host. in resolves Internet record information. mx resolves mx record information. soa resolves start of authority information.