Scribd
Upload
29 views9 pages

14 Labo Linux

Uploaded by

mohamedmosaid12345
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
29 views9 pages

14 Labo Linux

Uploaded by

mohamedmosaid12345
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

14.

1 Introduction
This is Lab 14: Network Configuration. By performing this lab, students will learn about the
configuration of their computers on the network.
In this lab, you will perform the following tasks:
 Examine network configuration information

14.2 Exploring the Network


In this task, you will execute several commands and examine several files to display your network
configuration.

14.2.1 Step 1
In order to determine your Internet Protocol (IP) address, execute the ifconfig command:

sysadmin@localhost:~$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet [Link] netmask [Link] broadcast [Link]
inet6 fe80::42:c0ff:fea8:102 prefixlen 64 scopeid 0x20<link>
ether [Link] txqueuelen 0 (Ethernet)
RX packets 11 bytes 878 (878.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536


inet [Link] netmask [Link]
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 1 bytes 49 (49.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 49 (49.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

The output shows two main blocks of information. The first block, indented by eth0, reflects
information about your first Ethernet network card. The second block, indented by lo, reflects
information about the loopback or internal network interface.
The second line in each block contains the pertinent information for version 4 of the Internet
Protocol (called IPv4) while the third line has the information for version 6 of the Internet Protocol
(IPv6). IPv4 is an older method of identifying machines with a series of numbers. It is still widely
used today despite the fact that the improved IPv6 method has been available for many years.
The IPv4 addresses are displayed as four decimal numbers ranging from 0 to 255 separated by
periods.
The IPv6 addresses are 128-bit numbers which are displayed as hexadecimal digits ranging
from 0 to f. The hexadecimal digits are generally organized into groups of four digits separated
by colons. If a number of consecutive hexadecimal digits have the value of zero, then they are
replaced with two colons.

14.2.2 Step 2
Having an IP address will allow your system to communicate with other systems on the same
network. With routing devices, you are able to communicate with systems on other networks. To
view the table of routing information, use the route command:

route
sysadmin@localhost:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
default [Link] [Link] UG 0 0 0
eth0
[Link] [Link] [Link] U 0 0 0
eth0

When connecting to other computers, either an IP address or a hostname may be used.


Hostnames can be used if they are entered into the /etc/hosts file along with their associated
IP address or if a Domain Name Server (DNS) provides IP address to host name translation.
A couple of names that are commonly in the /etc/hosts file are localhost,
and [Link], both of which are used to refer to the current machine

14.2.3 Step 3
Verify that the IP address [Link] has an entry in the /etc/hosts file:

grep [Link] /etc/hosts

The output should appear as follows, defining the localhost names:

sysadmin@localhost:~$ grep [Link] /etc/hosts


[Link] localhost

The ping command may be used to tell if a system is presently connected to a network.
Sometimes, a system may be configured to not respond to ping requests. Therefore, the lack of
a response to a ping command does not mean a system is not connected to a network. A quick
response to a ping command does indicate, however, that a system is connected to a network.

14.2.4 Step 4
Test to see if the localhost machine will respond to four ping requests:
ping -c4 localhost
sysadmin@localhost:~$ ping -c4 localhost
PING localhost(localhost (::1)) 56 data bytes
64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.032 ms
64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.035 ms
64 bytes from localhost (::1): icmp_seq=3 ttl=64 time=0.029 ms
64 bytes from localhost (::1): icmp_seq=4 ttl=64 time=0.035 ms

--- localhost ping statistics ---


4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.029/0.032/0.035/0.007 ms

Unlike the ping command that is available in the Microsoft Windows operating system, the
Linux ping command does not stop making requests by default. If you forget to specify the -
c option, then you will have to manually stop the command by holding the Control key and
pressing C (CTRL+C).
Hostnames can also be used if they are registered with a Domain Name System (DNS) server. If
your system is connected to a network with DNS servers, then the nameserver entry in
the /etc/[Link] file configures your system to use these servers to resolve hostnames
into IP addresses.

14.2.5 Step 5
View the /etc/[Link] file to see if any nameserver entries exists:

cat /etc/[Link]

The output should show one nameserver entry:

sysadmin@localhost:~$ cat /etc/[Link]


search [Link]
nameserver [Link]
options ndots:0

14.2.6 Step 6
Use the dig command to resolve the [Link] name to an IP address:

dig [Link]
sysadmin@localhost:~$ dig [Link]

; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> [Link]


;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56461
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 0708514fa6562be38505ea9d6000c50b4aea1805343782f8 (good)
;; QUESTION SECTION:
;[Link]. IN A

;; ANSWER SECTION:
[Link]. 86400 IN A [Link]

;; AUTHORITY SECTION:
localdomain. 86400 IN NS [Link].

;; Query time: 1 msec


;; SERVER: [Link]#53([Link])
;; WHEN: Thu Feb 22 [Link] UTC 2024
;; MSG SIZE rcvd: 108 l

Notice the output shows that the first nameserver that was listed in
the /etc/[Link] file is the one that responded with the answer in the output (;;
SERVER: [Link]#53([Link]).
Note
If the above command does not execute successfully, execute the following command before re-
attempting the dig command above. When prompted for a password, type netlab123:
sudo /etc/init.d/bind9 restart

14.2.7 Step 7
You can use the dig command to resolve other fully-qualified domain names. Use
the dig command to resolve the [Link] hostname to an IP address:

dig [Link]
sysadmin@localhost:~$ dig [Link]

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> [Link]


;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25402
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c33d9913b915efc1e055c1575c006fe19ca3975ce1951a1c (good)
;; QUESTION SECTION:
;[Link]. IN A

;; ANSWER SECTION:
[Link]. 86400 IN A [Link]

;; AUTHORITY SECTION:
[Link]. 86400 IN NS [Link].

;; ADDITIONAL SECTION:
[Link]. 86400 IN A [Link]

;; Query time: 0 msec


;; SERVER: [Link]#53([Link])
;; WHEN: Thu Feb 22 [Link] UTC 2024
;; MSG SIZE rcvd: 122

A fully-qualified domain name (FQDN) includes not just the hostname, but also the domain that
the hostname is "in". For the FQDN [Link], cserver is the hostname
and [Link] is the domain.

14.2.8 Step 8
Use the dig command to resolve the IP address [Link] to a hostname:

dig -x [Link]
sysadmin@localhost:~$ dig -x [Link]

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> -x [Link]


;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59190
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;[Link].[Link]. IN PTR

;; ANSWER SECTION:
[Link].[Link]. 600 IN PTR 84a6444e-f044-4754-98e6-
64cc9f7d
[Link].

;; Query time: 0 msec


;; SERVER: [Link]#53([Link])
;; WHEN: Thu Feb 22 [Link] UTC 2024
;; MSG SIZE rcvd: 159

The hostname can be found in the ANSWER SECTION of the output of the dig command. The
hostname in the example above looks like the following:
;; ANSWER SECTION:
[Link].[Link]. 600 IN PTR 84a6444e-f044-4754-98e6-
[Link].

Although it may seem like a long hostname, this is detectable as a hostname in our virtual
environment. An example of a more simple hostname may look like the following:
;; ANSWER SECTION:
[Link]. 8640 IN PTR

14.2.9 Step 9
The netstat command performs a large variety of tasks related to networking. To get an idea of
some of its capabilities, execute the command with the --help option:

netstat --help
sysadmin@localhost:~$ netstat --help
usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--
help}
netstat [-vWnNcaeol] [<Socket> ...]
netstat { [-vWeenNac] -i | [-cnNe] -M | -s [-6tuw] }

-r, --route display routing table


-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections

-v, --verbose be verbose


-W, --wide don't truncate IP addresses
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-o, --timers display timers
-c, --continuous continuous listing

-l, --listening display listening server sockets


-a, --all display all sockets (default: connected)
-F, --fib display Forwarding Information Base
(default)
-C, --cache display routing cache instead of FIB
-Z, --context display SELinux security context for
sockets

<Socket>={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw}


{-x|--unix} --ax25 --ipx --netrom
<AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)

One of the common uses of netstat is to determine which services are listening to or waiting for
an incoming connection. For example, a service that is used to allow users to perform remote or
network logins is called Secure SHell or SSH. SSH normally will listen to TCP port 22.
Well-known ports are the port numbers in the range of 0-1023, typically used by system
processes to provide network services. A list of service names and associated port numbers can
be found in the /etc/services file.
14.2.10 Step 10
Use the netstat command to see if the TCP port 22, for ssh, has a process listening:

netstat -tl
netstat -tln
sysadmin@localhost:~$ netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:domain [Link]:* LISTEN
tcp 0 0 [Link]:ssh [Link]:* LISTEN
tcp 0 0 localhost:domain [Link]:* LISTEN
tcp 0 0 localhost:953 [Link]:* LISTEN
tcp 0 0 [Link]:38453 [Link]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:domain [::]:* LISTEN
sysadmin@localhost:~$ netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 [Link]:53 [Link]:* LISTEN
tcp 0 0 [Link]:22 [Link]:* LISTEN
tcp 0 0 [Link]:53 [Link]:* LISTEN
tcp 0 0 [Link]:953 [Link]:* LISTEN
tcp 0 0 [Link]:38453 [Link]:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::53

14.2.11 Step 11
The -t option to the netstat command limits the listing to TCP ports; the -l option limits the
output to ports with listening services; the -n shows the network addresses numerically:

sysadmin@localhost:~$ netstat -ltn


Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 [Link]:22 [Link]:* LISTEN
tcp 0 0 [Link]:53 [Link]:* LISTEN
tcp 0 0 [Link]:53 [Link]:* LISTEN
tcp 0 0 [Link]:953 [Link]:* LISTEN
tcp 0 0 [Link]:44441 [Link]:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::53

14.2.12 Step 12
A more modern approach is to use the ss command to view which connections are currently
established between the local machine and remote machines, statistics about those connections,
etc.
Similar to the netstat command, you can get a great deal of useful information from
the ss command by itself, as shown in the example below. We will use a simple script to generate
some traffic first:

start_webserver
sysadmin@localhost:~$ start_webserver
Connecting ...
Connecting ...
Connecting ...
Connecting ...

Then we will use the ss command to display network statistics:

ss
sysadmin@localhost:~$ ss
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
tcp CLOSE-WAIT 116 0 [Link]:58006
[Link]:8000
tcp CLOSE-WAIT 116 0 [Link]:58010
[Link]:8000
tcp FIN-WAIT-2 0 0 [Link]:8000
[Link]:58014
tcp CLOSE-WAIT 116 0 [Link]:58014
[Link]:8000
tcp FIN-WAIT-2 0 0 [Link]:8000
[Link]:58010
tcp FIN-WAIT-2 0 0 [Link]:8000
[Link]:58006

The script started a webserver and created the traffic which is displayed by the ss command.
This is one way the ss command can be used for troubleshooting

You might also like