From 8497c8982e711d8eb56c3823ef447bb2924275ed Mon Sep 17 00:00:00 2001 From: alan Date: Thu, 4 Feb 2010 13:27:23 -0500 Subject: Added ssh to list of network tools. Network tool descriptions complete through tcpdump. --- chapter_15.xml | 230 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 225 insertions(+), 5 deletions(-) diff --git a/chapter_15.xml b/chapter_15.xml index c188c41..d5a05f9 100644 --- a/chapter_15.xml +++ b/chapter_15.xml @@ -5,17 +5,237 @@ Basic Networking Commands + +So you've finally managed to setup your network connection, now what? +How do you know that it's working? How do you know that you set it up +correctly? And just what do you do now that it's setup? Well this +chapter is for you. + +
Network Diagnostic Tools -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +Slackware Linux includes a great many networking tools for +troubleshooting and diagnosing network connection troubles, or just for +seeing what's out there on the network. Most of these tools are +command-line tools, so you can run them from a virtual terminal or in a +console window on your graphical desktop. A few of them even have +graphical front-ends, but we're going to deal almost exclusively with +command-line tools for now. + + +
+ping + + +ping(8) is a handy tool for determining if a +computer is operational on your network or on the Internet at large. +You can think of as a type of sonar for computers. By using it, you +send out a "ping" and listen for an echo to determine if another +computer or network device is listening. By default, +ping checks for the remote computer once per +second indefinitely, but you can change the interval between checks and +the total number of checks easily, just check the man page. You can +terminate the application at any time with +CTRL-c. When +ping is finished, it displays a handy +summary of its activity. ping is very useful +for determining if a computer on your network or the Internet is +available, but some systems block the packets +ping sends, so sometimes a system may be +functioning properly, but still not send replies. + + + +darkstar:~# ping -c 3 www.slackware.com +64 bytes from slackware.com (64.57.102.34): icmp_seq=1 ttl=47 time=87.1 ms +64 bytes from slackware.com (64.57.102.34): icmp_seq=2 ttl=47 time=86.2 ms +64 bytes from slackware.com (64.57.102.34): icmp_seq=3 ttl=47 time=86.7 ms + +--- slackware.com ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2004ms +rtt min/avg/max/mdev = 86.282/86.718/87.127/0.345 ms + + +
+ +
+traceroute + + +traceroute(8) is a handy tool for determining +what route your packets take to reach some other computer. It's mainly +of use for determining which computers are "near" or "far" from you. +This distance isn't strictly geographical, as your Internet Service +Provider may route traffic from your computer in strange ways. +traceroute shows you each router between +your computer and any other machine you wish to connect to. +Unfortunately, many providers, firewalls, and routers will block +traceroute so you might not get a complete +picture when using it. Still, it remains a handy tool for network +troubleshooting. + + +darkstar:~# traceroute www.slackware.com +traceroute to slackware.com (64.57.102.34), 30 hops max, 46 byte +packets + 1 gw.ctsmacon.com (192.168.1.254) 1.468 ms 2.045 ms 1.387 ms + 2 10.0.0.1 (10.0.0.1) 7.642 ms 8.019 ms 6.006 ms + 3 68.1.8.49 (68.1.8.49) 10.446 ms 9.739 ms 7.003 ms + 4 68.1.8.69 (68.1.8.69) 11.564 ms 6.235 ms 7.971 ms + 5 dalsbbrj01-ae0.r2.dl.cox.net (68.1.0.142) 43.859 ms 43.287 ms +44.125 ms + 6 dpr1-ge-2-0-0.dallasequinix.savvis.net (204.70.204.146) 41.927 ms +58.247 ms 44.989 ms + 7 cr2-tengige0-7-5-0.dallas.savvis.net (204.70.196.29) 42.577 ms +46.110 ms 43.977 ms + 8 cr1-pos-0-3-3-0.losangeles.savvis.net (204.70.194.53) 78.070 ms +76.735 ms 76.145 ms + 9 bpr1-ge-3-0-0.LosAngeles.savvis.net (204.70.192.222) 77.533 ms +108.328 ms 120.096 ms +10 wiltel-communications-group-inc.LosAngeles.savvis.net +(208.173.55.186) 79.607 ms 76.847 ms 75.998 ms +11 tg9-4.cr01.lsancarc.integra.net (209.63.113.57) 84.789 ms 85.436 +ms 85.575 ms +12 tg13-1.cr01.sntdcabl.integra.net (209.63.113.106) 87.608 ms +84.278 ms 86.922 ms +13 tg13-4.cr02.sntdcabl.integra.net (209.63.113.134) 87.284 ms +85.924 ms 86.102 ms +14 tg13-1.cr02.rcrdcauu.integra.net (209.63.114.169) 85.578 ms +85.285 ms 84.148 ms +15 209.63.99.166 (209.63.99.166) 84.515 ms 85.424 ms 85.956 ms +16 208.186.199.158 (208.186.199.158) 86.557 ms 85.822 ms 86.072 ms +17 sac-main.cwo.com (209.210.78.20) 88.105 ms 87.467 ms 87.526 ms +18 slackware.com (64.57.102.34) 85.682 ms 86.322 ms 85.594 ms + +
+ +
+telnet + + +Once upon a time, telnet(1) was the greatest +thing since sliced bread. Basically, telnet +opens an unencrypted network connection between two computers and hands +control of the session to the user rather than some other application. +Using telnet, people could connect to shells +on other computers and execute commands as if they were physically +present. Due to its unencrypted nature this is no longer recommended; +however, telnet is still used for this +purpose by many devices. + +Today, telnet is put to better use as a +network diagnostic tool. Because it passes control of the session +directly to the user, it can be used for a great variety of testing +purposes. As long as you know what ASCII commands to send to the +receiving computer, you can do any number of activies, such as read web +pages or check your e-mail. Simply inform +telnet what network port to use, and you're +all set. + + +darkstar:~# telnet www.slackware.com 80 +Trying 64.57.102.34... +Connected to www.slackware.com. +Escape character is '^]'. +HEAD / HTTP/1.1 +Host: www.slackware.com + +HTTP/1.1 200 OK +Date: Thu, 04 Feb 2010 18:01:35 GMT +Server: Apache/1.3.27 (Unix) PHP/4.3.1 +Last-Modified: Fri, 28 Aug 2009 01:30:27 GMT +ETag: "61dc2-5374-4a973333" +Accept-Ranges: bytes +Content-Length: 21364 +Content-Type: text/html + + +
+ +
+ssh + + +As we mentioned, telnet may be useful as a +diagnostic tool, but its unencrypted nature makes it a security concern +for shell access. Thankfully, there's the secure shell protocol. Nearly +every Linux, UNIX, and BSD distribution today makes use of OpenSSH, or +ssh(1) for short. It is one of the most +commonly used network tools today and makes use of the strongest +cryptographic techniques. ssh has many +features, configuration options, and neat hacks, enough to fill its own +book, so we'll only go into the basics here. Simply run +ssh with the user name and the host and +you'll be connected to it quickly and safely. If this is the first time +you are connecting to this computer, ssh +will ask you to confirm your desire, and make a local copy of the +encryption key to use. Should this key later change, +ssh will warn you and refuse to connect +because it is possible that some one is attempting to hijack the +connection using what is known as a man-in-the-middle attack. + + +darkstar:~# ssh alan@slackware.com +alan@slackware.com's password: secret +alan@slackware.com:~$ + + + +The user and hostname are in the same form used by e-mail addresses. +If you leave off the username part, ssh will +use your current username when establishing the connection. + + +
+ +
+tcpdump + + +So far all the tools we've looked at have focused on making connections +to other computers, but now we're going to look at the traffic itself. +tcpdump(1) (which must be run as root) +allows us to few all or part of the network traffic originating or +received by our computer. tcpdump displays +the raw data packets in a variety of ways with all the network headers +intact. Don't be alarmed if you don't understand everything it +displays, tcpdump is a tool for professional +network engineers and system administrators. By default, it probes the +first network card it finds, but if you have multiple interfaces, +simply use the -i argument to specify which one you're +interested in. You can also limit the data displayed using expressions +and change the manner in which it is displayed, but that is best +explained by the man page and other reference material. + + +darkstar:~# tcpdump -i wlan0 +tcpdump: verbose output suppressed, use -v or -vv for full protocol +decode +listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes +13:22:28.221985 IP gw.ctsmacon.com.microsoft-ds > 192.168.1.198.59387: +Flags [P.], ack 838190560, win 3079, options [nop,nop,TS val 1382697489 +ecr 339048583], length 164WARNING: Short packet. Try increasing the +snap length by 140 +SMB PACKET: SMBtrans2 (REPLY) + +13:22:28.222392 IP 192.168.1.198.59387 > gw.ctsmacon.com.microsoft-ds: +Flags [P.], ack 164, win 775, options [nop,nop,TS val 339048667 ecr +1382697489], length 134WARNING: Short packet. Try increasing the snap +length by 110 +SMB PACKET: SMBtrans2 (REQUEST) + + +
+ +
+nmap + +
+
-- cgit v1.2.3