Results 1 to 10 of 10

Thread: HOWTO Ubuntu Networking

  1. #1
    Join Date
    Sep 2006
    Location
    Victoria, Australia
    Beans
    Hidden!

    HOWTO Ubuntu Networking

    Here is a networking tutorial with what I think are some handy CLI commands to know.
    Feel free to comment and/or make suggestions. Make sure you know what a command does before
    issuing it, especially in the security orientated ones.

    You may also like to see my tutorial on getting to know your ubuntu system better: http://ubuntuforums.org/showthread.php?t=842307


    Debugging

    # Show the ethernet status
    Code:
    ethtool eth0
    # Force 100Mbit Full duplex
    Code:
    ethtool -s eth0 speed 100 duplex full
    # Disable auto negotiation
    Code:
    ethtool -s eth0 autoneg off
    # Blink the ethernet led
    Code:
    ethtool -p eth0
    # Display all interfaces (similar to ifconfig)
    Code:
    ip link show
    # Bring device up (or down). Same as "ifconfig eth0 up"
    Code:
    ip link set eth0 up
    # Display all IP addresses (similar to ifconfig)
    Code:
    ip addr show
    # Similar to arp -a
    Code:
    ip neigh show
    # Ping on ethernet layer
    Code:
    arping 192.168.16.254
    # uses tcp instead of icmp to trace throught firewalls (install via sudo apt-get install tcptraceroute)
    Code:
    tcptraceroute -f 5 cb.vu

    Routing

    Print routing table

    # use "ip route"
    Code:
    route -n
    Code:
    netstat -rn

    Add and delete a route

    Code:
    route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.16.254
    # same as above with ip route
    Code:
    ip route add 192.168.20.0/24 via 192.168.16.254
    Code:
    route add -net 192.168.20.0 netmask 255.255.255.0 dev eth0
    Code:
    route add default gw 192.168.51.254
    # same as above with ip route
    Code:
    ip route add default via 192.168.51.254 dev eth0
    Code:
    route delete -net 192.168.20.0 netmask 255.255.255.0

    Configure additional IP addresses

    # First IP
    Code:
    ifconfig eth0 192.168.50.254 netmask 255.255.255.0
    # Second IP
    Code:
    ifconfig eth0:0 192.168.51.254 netmask 255.255.255.0
    # Equivalent Commands:
    Code:
    ip addr add 192.168.50.254/24 dev eth0
    Code:
    ip addr add 192.168.51.254/24 dev eth0 label eth0:1

    Change MAC address

    #Normally you have to bring the interface down before the change.

    Code:
    ifconfig eth0 down
    Code:
    ifconfig eth0 hw ether 00:01:02:03:04:05

    Ports in use

    #Listening on open ports:
    Code:
    netstat -an | grep LISTEN
    # lists all Internet connections
    Code:
    lsof -i
    # displays list of open sockets (use apt-get install procinfo)
    Code:
    socklist
    Code:
    netstat -anp --udp --tcp | grep LISTEN
    # List active connections to/from system
    Code:
    netstat -tup
    # List listening ports from system
    Code:
    netstat -tupl

    Firewall (iptables)

    # For status
    Code:
    iptables -L -n -v
    # Open everything
    Code:
    iptables -P INPUT       ACCEPT
    Code:
    iptables -P FORWARD     ACCEPT
    Code:
    iptables -P OUTPUT      ACCEPT
    # Zero the packet and byte counters in all chains
    Code:
    iptables -Z
    # Flush all chains
    Code:
    iptables -F
    # Delete all chains
    Code:
    iptables -X
    IP Forward for routing

    # Check and then enable IP forward with:

    # Check IP forward 0=off, 1=on
    Code:
    nano -w /proc/sys/net/ipv4/ip_forward
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # or edit /etc/sysctl.conf with:

    Code:
    net.ipv4.ip_forward = 1

    NAT Network Address Translation

    # to activate NAT
    Code:
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    # Port forward 20022 to internal IP port ssh
    Code:
    iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 20022 -j DNAT --to 192.168.16.44:22
    # Port forward of range 993-995
    Code:
    iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 993:995 -j DNAT --to 192.168.16.254:993-995
    Code:
    ip route flush cache
    # Check NAT status
    Code:
    iptables -L -t nat

    NOTE: You can delete a port forward with -D instead of -A.


    DNS

    On *nix the DNS entries are valid for all interfaces and are stored in /etc/resolv.conf.
    The domain to which the host belongs is also stored in this file. A minimal configuration is:

    Code:
    nameserver 78.31.70.238
    search mydomain.net intern.lab
    domain mydomain.net

    Check the system domain name with:

    # Same as dnsdomainname
    Code:
    hostname -d

    Forward queries

    Dig is used to test the DNS settings.
    See from which server the client receives the answer (simplified answer).
    in this example, we use google.com

    dig google.com
    google.com.267INA64.233.187.99
    ;; SERVER: 192.168.1.254#53(192.168.1.254)


    The router 192.168.1.254 answered and the response is the A entry.
    Any entry can be queried and the DNS server can be selected with @:

    # To test the local server
    Code:
    dig @127.0.0.1 NS sun.com
    # Query an external server
    Code:
    dig @204.97.212.10 NS MX heise.de
    # Get the full zone (zone transfer)
    Code:
    dig AXFR @ns1.xname.org cb.vu

    The program host is also quite powerful.

    # Get the mail MX entry
    Code:
    host -t MX google.com
    # Get the NS record over a TCP connection
    Code:
    host -t NS -T google.com
    # Get everything
    Code:
    host -a google.com


    Reverse queries

    Find the name belonging to an IP address (in-addr.arpa.). This can be done with dig, host and nslookup:

    Code:
    dig -x 78.31.70.238
    Code:
    host 78.31.70.238
    Code:
    nslookup 78.31.70.238

    Single hosts can be configured in the file /etc/hosts instead of running named locally
    to resolve the hostname queries. The format is simple, for example:

    64.233.187.99 google.com google


    DHCP

    The default ubuntu dhcp client is dhclient, however, i like dhcpcd a lot better,
    and that is what i will use in my examples

    apt-get install dhcpcd to install it.

    # Trigger a renew (does not always work)
    Code:
    dhcpcd -n eth0
    # release and shutdown
    Code:
    dhcpcd -k eth0

    The lease with the full information is stored in:

    /var/lib/dhcpcd/dhcpcd-eth0.info


    For dhclient:

    Code:
    dhclient eth0

    The lease with the full information is stored in:

    /var/db/dhclient.leases.eth0


    Use

    /etc/dhclient.conf

    to prepend options or force different options:

    Code:
    nano -w /etc/dhclient.conf
    interface "eth0" {
    prepend domain-name-servers 127.0.0.1;
    default domain-name "google.com";
    supersede domain-name "google.com";
    }


    Traffic analysis

    Bmon http://people.suug.ch/~tgr/bmon/ is a small console bandwidth monitor and can display the
    flow on different interfaces. You can install it on ubuntu with apt-get install bmon

    Sniff with tcpdump (tcpdump comes with ubuntu)

    Code:
    tcpdump -nl -i eth0 not port ssh and src \(192.168.16.121 or 192.168.16.54\)
    # select to/from a single IP
    Code:
    tcpdump -n -i eth0 net 192.168.16.121
    # select traffic to/from a network
    Code:
    tcpdump -n -i eth0 net 192.168.16.0/24
    # Buffered output
    Code:
    tcpdump -l > dump && tail -f dump
    # Write traffic headers in binary file
    Code:
    tcpdump -i eth0 -w traffic.eth0
    # Write traffic + payload in binary file
    Code:
    tcpdump -i eth0 -s 0 -w traffic.eth0
    # Read from file (also for ethereal
    Code:
    tcpdump -r traffic.eth0
    # The two classic commands
    Code:
    tcpdump port 80
    # Check if pop or imap is secure
    Code:
    tcpdump host google.com
    Code:
    tcpdump -i eth0 -X port \(110 or 143\)
    # Only catch pings
    Code:
    tcpdump -n -i eth0 icmp
    # -s 0 for full packet -A for ASCII
    Code:
    tcpdump -i eth0 -s 0 -A port 80 | grep GET

    Additional important options:


    * -A Print each packets in clear text (without header)

    * -X Print packets in hex and ASCII

    * -l Make stdout line buffered

    * -D Print all interfaces available

    Scan with nmap

    Nmap http://insecure.org/nmap/ is a port scanner with OS detection,
    it is usually installed on most distributions. Install it in ubuntu
    with apt-get install nmap

    # scans all reserved TCP ports on the host
    Code:
    nmap google.com
    # Find out which IP are used and by which host on 0/24
    Code:
    nmap -sP 192.168.16.0/24
    # Do a stealth SYN scan with version and OS detection
    Code:
    nmap -sS -sV -O google.com

    Other non standard but useful tools are hping (www.hping.org) an IP packet assembler/analyzer
    and fping (fping.sourceforge.net). fping can check multiple hosts in a round-robin fashion.

    Traffic control (QoS)

    Traffic control manages the queuing, policing, scheduling, and other traffic parameters for a network.
    The following examples are simple practical uses of the Linux capabilities to better use the available
    bandwidth.

    Limit upload

    DSL or cable modems have a long queue to improve the upload throughput.
    However filling the queue with a fast device (e.g. ethernet) will dramatically
    decrease the interactivity. It is therefore useful to limit the device
    upload rate to match the physical capacity of the modem, this should
    greatly improve the interactivity. Set to about 90% of the modem maximal (cable) speed.

    For a 512 Kbit upload modem:

    Code:
    tc qdisc add dev eth0 root tbf rate 480kbit latency 50ms burst 1540
    # Status
    Code:
    tc -s qdisc ls dev eth0
    # Delete the queue
    Code:
    tc qdisc del dev eth0 root
    [code[tc qdisc change dev eth0 root tbf rate 220kbit latency 50ms burst 1540[/code]


    Quality of service

    Priority queuing with tc to optimize VoIP. See the full example on voip-info.org or
    www.howtoforge.com. Suppose VoIP uses udp on ports 10000:11024 and device eth0
    (could also be ppp0 or so). The following commands define the QoS to three queues
    and force the VoIP traffic to queue 1 with QoS 0x1e (all bits set).
    The default traffic flows into queue 3 and QoS Minimize-Delay flows into queue 2.

    Code:
    tc qdisc add dev eth0 root handle 1: prio priomap 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 0
    Code:
    tc qdisc add dev eth0 parent 1:1 handle 10: sfq
    Code:
    tc qdisc add dev eth0 parent 1:2 handle 20: sfq
    Code:
    tc qdisc add dev eth0 parent 1:3 handle 30: sfq
    Code:
    tc filter add dev eth0 protocol ip parent 1: prio 1 u32
    # use server port range (added after u32 above)
    Code:
    match ip dport 10000 0x3C00 flowid 1:1
    # or/and use server IP (added after u32 above)
    Code:
    match ip dst 123.23.0.1 flowid 1:1

    Status and remove with

    # queue status
    Code:
    tc -s qdisc ls dev eth0
    # delete all QoS
    Code:
    tc qdisc del dev eth0 root

    Calculate port range and mask

    The tc filter defines the port range with port and mask which you have to calculate.
    Find the 2^# ending of the port range, deduce the range and convert to HEX.
    This is your mask. Example for 10000 -> 11024, the range is 1024.

    # ending is 2^14 = 16384
    Code:
    2^13 (8192) < 10000 < 2^14 (16384)
    # mask is 0x3C00
    Code:
    echo "obase=16;(2^14)-1024" | bc


    NIS Debugging

    Some commands which should work on a well configured NIS client:

    # get the connected NIS server name (apt-get install nis to use)
    Code:
    ypwhich
    # The NIS domain name as configured
    Code:
    domainname
    # should display the group from the NIS server
    Code:
    ypcat group
    # Rebuild the yp database
    Code:
    cd /var/yp && make

    Is ypbind running?

    Code:
    ps auxww | grep ypbind
    Code:
    /usr/sbin/ypbind
    Code:
    yppoll passwd.byname
    Map passwd.byname has order number 1190635041. Mon Sep 24 13:57:21 2007
    The master server is servername.domain.net.

    Code:
    nano -w /etc/yp.conf
    Code:
    ypserver servername
    Code:
    domain domain.net broadcast


    Netcat

    Netcat http://netcat.sourceforge.net (nc) is better known as the "network Swiss Army Knife",
    it can manipulate, create or read/write TCP/IP connections. Here some useful examples,
    there are many more on the net, for example g-loaded.eu[...]
    http://www.g-loaded.eu/2006/11/06/ne...seful-examples and here
    http://www.terminally-incoherent.com...-netcat-tricks.


    File transfer

    Copy a large folder over a raw tcp connection. The transfer is very quick (no protocol overhead) and you don't need to mess up with NFS or SMB or FTP or so, simply make the file available on the server, and get it from the client. Here 192.168.1.1 is the server IP address.

    # Serve tar folder on port 4444
    Code:
    server: tar -cf - -C VIDEO_TS . | nc -l -p 4444
    # Pull the file on port 4444
    Code:
    client: nc 192.168.1.1 4444 | tar xpf - -C VIDEO_TS
    # Server a single file
    Code:
    server: cat largefile | nc -l 5678
    # Pull the single file
    Code:
    client: nc 192.168.1.1 5678 > largefile
    # Server partition image
    Code:
    server: dd if=/dev/da0 | nc -l 4444
    # Pull partition to clone
    Code:
    client: nc 192.168.1.1 4444 | dd of=/dev/da0
    # Pull partition to file
    Code:
    client: nc 192.168.1.1 4444 | dd of=da0.img

    Other hacks


    Remote shell

    # Provide a remote shell on port 4444 (aserver backdoor)
    [code]nc -lp 4444 -e /bin/bash[code]

    Emergency web server

    Serve a single file on port 80 in a loop.

    Code:
    while true; do nc -l -p 80 < unixtoolbox.xhtml; done

    Chat

    Joe and Carter can chat over a simple TCP socket. The text is transferred with the enter key.

    Code:
    Joe: nc -lp 4444
    Code:
    Carter: nc 192.168.1.1 4444

    AJ
    Last edited by ajmorris; August 6th, 2008 at 04:24 AM. Reason: Easier to read :)
    Want to find out more about your ubuntu system? see HowTO Ubuntu System
    Want to know a little more about networking? see HOWTO Ubuntu Networking
    Looking for help with something on your ubuntu? see the tutorial of the week sticky


  2. #2
    Join Date
    May 2007
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: HOWTO Ubuntu Networking

    Very nice detailed guide for terminal networking.
    You have a few code tages that need to be closed at the end (and one or two throughout), just FYI. You might also consider a little table of contents at the top and bigger, bolder subtitles on sections.
    Good work.

  3. #3
    Join Date
    Sep 2006
    Location
    Victoria, Australia
    Beans
    Hidden!

    Re: HOWTO Ubuntu Networking

    Quote Originally Posted by Rocket2DMn View Post
    Very nice detailed guide for terminal networking.
    You have a few code tages that need to be closed at the end (and one or two throughout), just FYI. You might also consider a little table of contents at the top and bigger, bolder subtitles on sections.
    Good work.
    Thanks, i was in a hurry when i posted it... i'll start making it easier to read/follow
    Want to find out more about your ubuntu system? see HowTO Ubuntu System
    Want to know a little more about networking? see HOWTO Ubuntu Networking
    Looking for help with something on your ubuntu? see the tutorial of the week sticky


  4. #4
    Join Date
    Dec 2007
    Beans
    2

    Re: HOWTO Ubuntu Networking

    Wow great guide. I have saved it in my bookmark and printed a copy.

    Great job, very handy.

  5. #5
    Join Date
    Aug 2008
    Beans
    4

    Re: HOWTO Ubuntu Networking

    HEy HOw do I put the firewall back to default,
    I was messing with it lastnight, trying to configure firewall in Ubuntu,
    I think I set it back to default but want to be positive. Now when I try and login, I can login, but all I get is a blank screen, and i have to power down my machine, could I have changed something in the firewall to cause this? Help please

  6. #6
    Join Date
    Jun 2008
    Beans
    414

    Re: HOWTO Ubuntu Networking

    question about the ToS code.(im not on ubuntu to test right now)

    [tc qdisc add dev eth0 root tbf rate 480kbit latency 50ms burst 1540]

    for "latency" and "burst"

    whats the lowest/fastest time you can set the latency? will it accept 0ms(zero)?

    and what is "burst" and what does the number 1540 represent?(packets/ping?)

    an if the burst can be changed what would the result be/which would increase speed(setting it higher than 1540 or lower)?

    thanks.

  7. #7
    Join Date
    Sep 2006
    Location
    Victoria, Australia
    Beans
    Hidden!

    Re: HOWTO Ubuntu Networking

    Quote Originally Posted by zo934 View Post
    HEy HOw do I put the firewall back to default,
    I was messing with it lastnight, trying to configure firewall in Ubuntu,
    I think I set it back to default but want to be positive. Now when I try and login, I can login, but all I get is a blank screen, and i have to power down my machine, could I have changed something in the firewall to cause this? Help please
    I doubt the editing of your firewall will have prevented you from being able to log in, could you please start a new thread, rather than discussing it here, about your issue Feel free to pm me with the link of your thread.

    AJ
    Want to find out more about your ubuntu system? see HowTO Ubuntu System
    Want to know a little more about networking? see HOWTO Ubuntu Networking
    Looking for help with something on your ubuntu? see the tutorial of the week sticky


  8. #8
    Join Date
    Sep 2006
    Location
    Victoria, Australia
    Beans
    Hidden!

    Re: HOWTO Ubuntu Networking

    Quote Originally Posted by eival View Post
    question about the ToS code.(im not on ubuntu to test right now)

    [tc qdisc add dev eth0 root tbf rate 480kbit latency 50ms burst 1540]

    for "latency" and "burst"

    whats the lowest/fastest time you can set the latency? will it accept 0ms(zero)?

    and what is "burst" and what does the number 1540 represent?(packets/ping?)

    an if the burst can be changed what would the result be/which would increase speed(setting it higher than 1540 or lower)?

    thanks.
    You must have a latency or limit set. Thus the lowest setting for latency is 1ms.

    As for burst, burst is a paramater, similar to the cburst paramater. Essentially, it controls the max amount of data that can be accumulated if the real speed rate is lower than the 'ceil'. By default, it is about 1 packet, in the example, i have set it to 1540 packets. You can also use it in collaboration with ceil to limit speeds when it gets to a certain number of packets, etc.

    I hope that helps,

    AJ
    Want to find out more about your ubuntu system? see HowTO Ubuntu System
    Want to know a little more about networking? see HOWTO Ubuntu Networking
    Looking for help with something on your ubuntu? see the tutorial of the week sticky


  9. #9
    Join Date
    Jan 2009
    Location
    38º 39'24"N 27º13'41"W
    Beans
    300
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO Ubuntu Networking

    Great compilation.


    Thank you!
    Notebook ASUS A6JCMAS.219, Intel(R) CPU T2250 @ 1.73GHz,2GiB System Memory, Video G72M [Quadro NVS 110M/GeForce Go 7300], HD 100GB HTS541010G9AT00, Network Intel PRO/Wireless 3945ABG [Golan] (rev 02)

  10. #10
    Join Date
    Nov 2010
    Location
    India
    Beans
    4,828
    Distro
    Ubuntu Development Release

    Re: HOWTO Ubuntu Networking

    good thread . its have nice information .
    Raja

    రాజ శేఖర్ రెడ్డి

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •