Understanding TCP/IP Networking Tools in Linux Administration

The iproute2 software suite in Linux provides utilities for network control and monitoring, replacing legacy tools like ifconfig, netstat, route, and arp. This lesson delves into displaying information about network interfaces, network addresses (IP addresses), routing tables, assigned DNS servers, and hardware addresses. It outlines the functionalities of key networking tools in Linux administration.

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

• Linux administration
• TCP/IP networking
• iproute2
• network interfaces
• routing tables

abraxas Follow

Uploaded on May 12, 2024 | 0 Views

Presentation Transcript

1. USTM17 Linux Network Administration Lesson 4: TCP/IP Networking Tools Peter CHUNG (cspeter@cse.ust.hk) USTM17 Linux Network Administration - Peter Chung (cspeter) 1

2. Introduction The iproute2 software suite is a collection of utilities providing user control and monitoring networking in Linux kernel It supersedes many legacy utilities tools that may not be available anymore in latest Linux distributions: ifconfig, netstat, route, arp, USTM17 Linux Network Administration - Peter Chung (cspeter) 2

3. Display Information about Network Interfaces # ip link A list of network interfaces is shown In the lab machines, you should see two network interfaces lo is the loopback interface enpXsY is the network interface for the link to CSE network (and Internet) Depending on your machine configuration, you may have more than two network interfaces USTM17 Linux Network Administration - Peter Chung (cspeter) 3

4. Display Network Address (IP Address) # ip address (Or # ip addr) 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever For the loopback interface, the IPv4 address is 127.0.0.1. The IPv6 address is ::1 USTM17 Linux Network Administration - Peter Chung (cspeter) 4

5. Display Information in the Routing Table # ip route The routing table describes how packets should be forwarded The entry default via X is the default entry. X is the default gateway All packets by default are sent to this default gateway USTM17 Linux Network Administration - Peter Chung (cspeter) 5

6. Display Currently Assigned DNS Server Open /etc/resolv.conf nameserver X. X is the currently assigned DNS server DNS server provides domain name to network address resolution cse.ust.hk 143.89.41.177 USTM17 Linux Network Administration - Peter Chung (cspeter) 6

7. Hardware Address and ARP Result of ip link 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:cd:61:5d brd ff:ff:ff:ff:ff:ff The hardware address of the interface is highlighted For packets to be received by a network interface, hardware address must be specified Address Resolution Protocol (ARP) is the protocol to resolve network address into hardware address for IPv4 In IPv6, it is replaced by the Neighborhood Discovery Protocol (NDP) USTM17 Linux Network Administration - Peter Chung (cspeter) 7

8. Hardware Address and ARP Since this is done frequently (for each packet sent), the ARP results are cached in the ARP table # ip neigh Queries the ARP table 10.0.2.2 dev enp0s3 lladdr 52:54:00:12:35:02 REACHABLE This stores the mapping of 10.0.0.2 52:54:00:12:35:02 for the network interface enp0s3 REACHABLE is the status meaning that the entry is still valid USTM17 Linux Network Administration - Peter Chung (cspeter) 8

9. Hardware Address and ARP To flush the ARP table (remove all entries): # ip neigh flush dev enp0s3 USTM17 Linux Network Administration - Peter Chung (cspeter) 9

10. Modifying the Routing Table We can add or delete entries from the routing table This adds the route: For the network 143.89.44.0/24, send to 143.89.44.0/24 # ip route add 143.89.44.0/24 via 143.89.130.254 dev enp0s3 This deletes the default route # ip route del default via 143.89.130.254 dev enp0s3 You may need to change the network interface USTM17 Linux Network Administration - Peter Chung (cspeter) 10

11. Traceroute In IPv4 packets, the Time-to-Live (TTL) field specifies how many time the packet can be forwarded If a packet is forwarded by a router, TTL decreases by 1 When TTL reaches 0, the packet is dropped (not forwarded) The router may return an ICMP (Internet Control Message Protocol) packet to the sender that the packet was not forwarded traceroute is an utility that send series of packets with increasing TTL: TTL=1, TTL=2, TTL=3, So the intermediate routers leading to the destination can be discovered USTM17 Linux Network Administration - Peter Chung (cspeter) 11

12. Traceroute # traceroute -I www.google.com Trace route to www.google.com For security concerns, organizations may not reply ICMP packets when TTL reaches 0. In this case, * * * is observed USTM17 Linux Network Administration - Peter Chung (cspeter) 12

13. Wireshark Wireshark is a useful utility for capturing and showing network traffic (packets). The command-line program is tshark USTM17 Linux Network Administration - Peter Chung (cspeter) 13

14. Wireshark Capture and display all packets from an interface # tshark -i enp0s3 By default, the following information is shown Frame number Time Source IP address Destination IP address Protocol Length USTM17 Linux Network Administration - Peter Chung (cspeter) 14

15. Wireshark Switch to another terminal using ALT+Left Arrow or ALT+Right Arrow Generate network traffic by ping (ICMP) or wget (HTTP) Press CTRL+C to stop USTM17 Linux Network Administration - Peter Chung (cspeter) 15

16. Wireshark Limit the number of packets to capture # tshark -i enp0s3 -c 10 Save the capture to a file # tshark -i enp0s3 -c 10 -w /tmp/capture.pcap Read the capture from a file # tshark -r /tmp/capture.pcap USTM17 Linux Network Administration - Peter Chung (cspeter) 16

17. Filtering It is not helpful if all kinds of packet are captured and displayed Setup capture filters using -f option Only packets matching the capture filters would be captured https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters USTM17 Linux Network Administration - Peter Chung (cspeter) 17

18. Filtering Filter only ICMP packets # tshark -i enp0s3 -f "icmp" Filter only HTTP traffic # tshark -i enp0s3 -f "tcp port 80" USTM17 Linux Network Administration - Peter Chung (cspeter) 18

19. Output Customization To display specific information from the captured packets Use -T fields to tell wireshark to display the fields, and Use -e to specify the fields https://gitlab.com/wireshark/wireshark/-/wikis/DisplayFilters USTM17 Linux Network Administration - Peter Chung (cspeter) 19

20. Output Customization Example fields Field Description frame.time_relative Relative time of capture ip.src Source IP address ip.dst Destination IP address tcp.srcport Source TCP port tcp.dstport Destination TCP port Display the relative time and source and destination IP address only # tshark -i enp0s3 -T fields -e frame.time_relative -e ip.src -e ip.dst USTM17 Linux Network Administration - Peter Chung (cspeter) 20

21. Output Customization Control printing option using -E option -E header=y Print the field names as the first line of the output -E separator=/t Use tab as the separator characters between fields (default) -E separator=/s Use space as the separator characters between fields USTM17 Linux Network Administration - Peter Chung (cspeter) 21

22. Any questions so far? USTM17 Linux Network Administration - Peter Chung (cspeter) 22