LL8 – Networking

Required reading

The Linux Command Line by Shotts – 3.16

In addition to researching the commands below, please review the textbook’s networking chapter as necessary.

 

Introduction

First, note that today’s Internet can trace its history, technology and functionality to Unix and Linux is of course a direct descendent of Unix (as is Mac OS). I can’t echo the importance of this area strongly enough as everything done in Business today has a Web component or impact and the Internet and Web in turn effects every business. Think about this, every organization is a hacking target and how do hackers gain access and do damage => through the network.  To prepare you, below you will learn commands to both test your connectivity as well as to perform basic research verifying identity and in today’s world of aliasing, spoofing and identity theft this is very important.

It should be noted that Mac and Windows support networking functionality (networking is core OS functionality) through Mac’s Terminal (Linux based so identical) and the Windows command prompt (cmd.exe) and this uses Windows syntax which is slightly different.  To this extent I recommend you try some of these commands in your Mac Terminal or Windows cmd.exe (e.g. try ping, etc.).  Note Mac is ~Linux so every command below will work in the Mac Terminal but Windows has some differences and the Windows Command Line Reference is here: http://technet.microsoft.com/en-us/library/bb490890.aspx

You will also see a lot of acronyms used in networking so look them up as necessary and you should of course try and research the commands in this lab in further detail as before.

 

Intro ScreenShot

Open or launch your SSH application (e.g. Mac Terminal or Win PuTTy). Please resize your Terminal to make it larger to capture as much as possible but note you may not capture everything and this will be fine. If possible just take a screenshot/picture of your open terminal as if you include other items the text in the Terminal can be very small making it harder for me to see your commands. Paste this screenshot into your correctly named pdf document and label or title this screenshot “Intro Screenshot”.

 

8.1 hostname 

hostname shows/returns the system’s hostname

$ hostname # try this

 

8.2 finger

finger displays information about a single user or all users logged on the system (or a remote system). Typically shows full name, last login time, idle time, terminal line, and terminal location (where applicable).  Let’s see this in action.

$ finger

and then

$ finger j.looby #or another user you see online from your finger command

The chfn command allows you to change your finger information but this requires root or super user(su) authorization and we of course do not have root authorization. As an example I would set mine to be: $ chfn -f “Prof James G. Looby” -r “Brahan 206” -w “629-7269”. Finger may also display a plan file left by the user that displays the contents of a .plan file in the user’s home directory. Note .plan is a system file so the name must be exactly “.plan”. Here is a good finger resource: http://www.ghacks.net/2009/04/05/old-school-linux-solutions-finger/

Please create a .plan file in your home directory using vim.  The .plan can be empty so you just need to create it and verify its presence with a complete listing. I will verify plans later in the semester.

Exercise 8.2: Take a screenshot and paste it into your submission document with the appropriate heading.

Please clear your screen after taking your screenshot and before continuing.

 

8.3 mail 

We’re not going to cover this as as proper mail configuration requires that directories and permissions be created and modified.  While the world has moved to Webmail, command line mail is still important as system administrators still need to send mail by invoking (running) scripts.  A good mail resource is located here:  http://linux.about.com/od/commands/l/blcmdl1_Mail.htm

 

8.4 ping (adapted from Cisco CCNA Lab)

ping uses the ICMP echo reply feature to test physical connectivity. Ping gives an indication of the reliability of the connection. Let’s first check that our OS’s Internet Stack (TCP/IP stack) is working so we will ping our own machine. Please enter:

$ ping 127.0.0.1 #ctrl-c to break out of ping cycle

When your networking functionality fails, this should be the first thing you do aside from checking the cables as this tests the integrity of your TCP/IP stack. 127.0.0.1 is a special purpose address commonly referred to as a ‘loopback’ since it is redirected by the computer’s network adapter back to the computer and therefore does not reach the connected LAN.  When we (or a program) pings 127.0.0.1, we are testing our OS’s TCP/IP protocol stack.

To illustrate this approach of testing 127.0.0.1 first consider: when a light is out in your room, do you immediately call National Grid or do you look for a light switch. Following this, do you next check your breaker box, do you look at your neighbor’s lights? You can see where I am going with this as we start with the foundation and work up.

Exercise 8.4a: Break out of the ping 127.0.0.1, take a screenshot and paste it into your document.

Please clear your screen after taking your screenshot and before continuing.

Continuing on with Ping: Ok, so we worked with a raw IP address above (i.e. 127.0.0.1), now lets invoke our DNS.

$ ping albany.edu #again ctrl-c breaks out

ping’s first output line shows the Fully Qualified Domain Name (FQDN) followed by the IP address. A Domain Name Service (DNS) server somewhere in the network was able to resolve the albany.edu domain name to an IP address. Note, DNS servers resolve domain names, not hostnames, to IP addresses.

Without this name resolution, the ping would have failed because TCP/IP only understands valid IP addresses. It would not be possible to use the web browser without this name resolution.  With DNS, connectivity to computers on the Internet can be verified using a familiar web address, or domain name, without having to know the actual IP address. If the nearest DNS server does not know the IP address, the server asks a DNS server higher in the Internet structure.

Let’s ping HVCC

$ping hvcc.edu

Did we find it?  In our SSH connection we  definitely found it however please try this from your Mac Terminal or Windows cmd.exe.  (Google “how to ping” appending your platform for instructions).  You will see that visibility depends on where you are (inside or outside HVCC).  HVCC surely has a DNS entry as you can Google it however quite often ping is turned off. HVCC has ping turned off so it can’t be pinged from the outside.  As presented in class, if you don’t have a visible IP address it is much harder to launch an attack. I hope you turned off your ping responder in your Wireless AP as recommended and demonstrated in class (Lecture Capture available on ciss100.com=>security=>security tips).

Now having said this we still can get HVCC’s IP Address from the outside by using the host command introduced below:

Exercise 8.4b:  Break out of the ping if necessary take a screenshot and paste it into your document.

Please clear your screen after taking your screenshot and before continuing.

Now in the future should you not be able to connect to Acadnx, we can use ping to determine if the network is up and therefore determine to some extent if the problem is client side or server side.  Try this:

$ ping acadnx.hvcc.edu

 

8.5 host

host will return an IP address and uses both DNS and anything recorded in /etc/hosts.  Try the following.

$host hvcc.edu 

 

8.6 nslookup

nslookup will return the IP address of a host name however in contrast to host above, nslookup will not use the /etc/hosts file.

Continuing on:  Ok, so we may know a site is out there using ping, host & nslookup but how do we learn more about or about the route the packets take?

 

8.7 traceroute (use the tracert command in DOS/Windows’ cmd.exe for equivalent functionality).

traceroute is TCP/IP utility for tracing the paths that IP packets follow through the internet. Recall that IP packets are created from TCP segments and these packets may follow different paths between source and destination where they are reconstituted at the destination. The first output line shows the FQDN followed by the IP address. Therefore, a DNS server was able to resolve the name to an IP address. Then there are listings of all routers the traceroute requests had to pass through to get to the destination. traceroute uses the same echo requests and replies as the ping command but in a slightly different way as it will compute the path 3 times.  Let’s try it by entering:

$traceroute albany.edu #note tracepath is also available

Now first you should immediately notice the traceroute originated from hvcc.edu as let’s not forget we are working on the acadnx.hvcc.edu server.  Do you see anything else that is interesting? While this is a moving target you may see very different things, I typically observe the path goes through either NYC or Boston as packets will take the quickest path (biggest fastest pipe). This usually surprises people the first time they see this but the packets are taking the quickest route not the most direct.  Notice that there may be relatively long delays due to congestion (asterisks due to time to live or ttl timeouts may also be present). The main thing to observe is the consistent connectivity. Each router represents a point where one network connects to another network and the packet was forwarded through.  Now if you have time, try traceroute for albany.edu again at some point in the future and compare results to determine the consistency of the route as it will may be different.

 Ok, lets look at packets that have to cross the country. Please enter:

$ traceroute berkeley.edu #or usc.edu or ucla.edu or stanford.edu, etc.

Sometimes I will even get paths to Berkeley that actually go to Europe and sometimes I will get completely anonymous routers (security) in the middle of the country.  A more detailed traceroute description is here: http://networking.ringofsaturn.com/IP/traceroutedoc.php

 

8.8 mtr

mtr is a network diagnostic tool that essentially improves upon traceroute by providing network quality and network diagnostic info. mtr can be left running to get real time stats. Let’s see it in action

$ mtr albany.edu # use [q] to quit

 

8.9 whois

whois can be incredibly useful utility to determine identity and defeat spoofing and aliasing however it is used/supported less and less.  whois is not installed in acadnx so you will have to try this from the outside in a Mac Terminal or in the upcoming Ubuntu VirtualBox implementation.  dig is installed and can be used in its place but provides less information.

$ whois hvcc.edu #note you can also use dig

$ dig hvcc.edu #this shows less information

If you were able to see the whois results from an outside connection (Mac Terminal) the  information should open the eyes of any budding SysAdmins as you are seeing 2 contact names and the opportunity for Social Hacking.  SysAdmins (and everyone for that matter) must be particularly aware when they post on Bulletin Boards and Usenet groups.  Imagine if a SysAdmin used his real name to either seek information or provide information (e.g. Imagine a Usenet group post asking for help – “System xxxx keeps crashing, does anyone have an answer”, or providing information,  “Yes, you need to install patch xxx.xxx).  In either case, a SysAdmin may reveal the systems they are running and provide hackers with research material or points of entry as it is easier to hack a known system.  Lesson – never… never use your real name or your institution name in an online user group!!!  Another lesson, don’t handcuff yourself by relying strictly on a Win OS as we need comprehensive resources.

 

8.10 talk

talk is the first chat program… really the first one – :).   It is unclear if this will work for the labs as someone else must be online and I don’t want to impose this constraint on anyone.  You could coordinate among yourselves or alternatively take a chance and use finger and try to talk to someone who is online with a very short idle time.

Good talk documentation here: http://linux.about.com/od/commands/l/blcmdl1_talk.htm

 

8.11 netstat

netstat is a very useful command revealing connections, routing tables, statistics and other vital information, to get a quick understanding of all netstat can do please see the netstat man page (please do this following and note we don’t need to fully understand this now).

$ netstat -s 

$ netstat -i #interface statistics

$ netstat -rn #routing table information

 

8.12 ifconfig (ipconfig in Win OS)

ifconfig (and ipconfig in Win) is an incredible useful tool that display additional connection information as you can see if your interfaces have valid IP addresses (i.e. did they get addresses from dhcp.  ifconfig can be used to set up your default gateways and set your DNS. Interestingly, if you have a Mac you will probably see a lot more information including whether you have mail. Let’s recall the networking stack (Application layer, TCP, IP, Network) and what layer is mail – ans. Application layer.

Try the following but I also recommend Windows users try ipconfig in their cmd.exe detailed below

$ ifconfig –a 

Exercise 8.12: Please take a screenshot and paste it into your .odt document.

You should be able to identify your hardware and IP addresses.  BTW – are you seeing IPV6 addresses (128 bits in contrast to IPV4’s 32 bit address)?  Do any of you have any collisions reported? If so what is your topology where ever you are?

Again, Windows uses ipconfig whereas the Mac uses the standard ifconfig. Windows 7 type in cmd.exe in search programs and files box at bottom of start menu and then ipconfig on the command line.  Do you see your ethernet and wireless interface’s mac and ip addresses?

Please clear your screen after taking your screenshot and before continuing.

 

8.13 socklist

socklist is a perl script that displays list of open sockets (includes type, port, inode, pid) and this of course allows you to shutdown/kill necessary processes/sockets which is very important for security.

$ socklist

 

8.14 procinfo

procinfo gathers system information from /proc and prints it to the screen and displays information about installed hardware, running processes and open sockets.

$ procinfo

 

8.15 route

route allows you to view, configure and manipulate your IP routing table.  Try  the following:

$route -n

 

8.16 arp (Address Resolution Protocol)

arp is a very important protocol/command that resolves the IP to Ethernet mapping and is presented here: http://linux-ip.net/html/ether-arp.html. Minimally please try

$arp -a

Now if you are doing this at home (Mac Terminal/Win cmd.exe), you can check your Wireless AP’s log and you will see that its MAC address has been accessed/logged.

Exercise 8.16: Please take a screenshot and paste into your submission document with the appropriate heading.

Please clear your screen after taking your screenshot and before continuing.

 

8.17 FTP

We introduced Secure Shell (SSH) in week 2.  As a refresher, recall that a very nice SSH introduction is located here and please pay special attention to the security information (i.e. spoofing): http://support.suso.com/supki/SSH_Tutorial_for_Linux

FTP  or File Transfer Protocol runs over the Internet just as HTTP (Web) and SMTP (Mail) use the Internet (Application Layer protocol in TCP/IP protocol stack).  SFTP extends this by adding end to end security. For background, Wikipedia’s entry on SFTP is here: http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol

You may use a FTP client to access a FTP server however you may also use your browser.  While we can perform SFTP directly from the terminal or PuTTy or your browser, it is nicer to have a FTP/SFTP client. I use FileZilla for my FTP needs and I recommend you explore FTP further especially if you are pursuing Web Design as this is how you will post to the Web Server if it is not local.  For Mac I recommend FileZilla downloaded from filezilla.org, for Windows I recommend WinSCP downloaded from WinSCP or cnet and here is the a WinSCP guide:  http://winscp.net/eng/docs/guide_connect

If you are so inclined you may even research setting up a FTP server on your home computer to retrieve files from anywhere but if you do this I would recommend you setup a SFTP server.

Mac users: I recommend the open source FileZilla so please download FileZilla and use it to connect to Acadnx as documented in this screencast.  As a download site I recommend direct download from FileZilla.

Windows users: I recommend WinSCP and this is also located on the HVCC ACE on campus machines (Start menu => All Programs => SSH => WinSCP).  A video of my WinSCP use is here:

Exercise 8.17

Please download Filezilla or WinSCP or the SFTP client of your choice and connect to the HVCC Acadnx server. Please recall I recommend you download from cnet for security reasons (i.e. search Filezilla download cnet and then choose cnet download). On campus please use WinSCP and this can be found in the start menu of ACE machines or you can always search for it in the start menu’s search box. Please save your present LL8 document (the one you’re working on) and drag and using your SFTP client, drag and drop this file into your AcadNX Linux home directory.  Please take a screenshot of your FTP Filezilla window and its connection to the ciss100/username demonstrating you copied the LL8 file to your AcadNX .  You could of course verify this file’s existing by performing a listing on this directory in the Terminal.

Please submit your pdf document in BlackBoard

In closing here is a nice Web resource with additional functionality: http://ping.eu/

CommandDescription
chfnChange a users finger information
dhcp
finger
hostresolve DNS name to IP address
hostnameshows/returns the system's hostname
ifconfig
mail
netstat
nslookup
ping
procinfo
SFTPSecure File Transfer Protocol
socklist
SSHSecure Shell
talk
tracepath
traceroute

Leave a Reply