Results 1 to 10 of 10

Thread: HOWTO Ubuntu Networking

Threaded View

  1. #1
    Join Date
    Sep 2006
    Location
    Victoria, Australia
    Beans
    Hidden!

    HOWTO Ubuntu Networking

    Here is a networking tutorial with what I think are some handy CLI commands to know.
    Feel free to comment and/or make suggestions. Make sure you know what a command does before
    issuing it, especially in the security orientated ones.

    You may also like to see my tutorial on getting to know your ubuntu system better: http://ubuntuforums.org/showthread.php?t=842307


    Debugging

    # Show the ethernet status
    Code:
    ethtool eth0
    # Force 100Mbit Full duplex
    Code:
    ethtool -s eth0 speed 100 duplex full
    # Disable auto negotiation
    Code:
    ethtool -s eth0 autoneg off
    # Blink the ethernet led
    Code:
    ethtool -p eth0
    # Display all interfaces (similar to ifconfig)
    Code:
    ip link show
    # Bring device up (or down). Same as "ifconfig eth0 up"
    Code:
    ip link set eth0 up
    # Display all IP addresses (similar to ifconfig)
    Code:
    ip addr show
    # Similar to arp -a
    Code:
    ip neigh show
    # Ping on ethernet layer
    Code:
    arping 192.168.16.254
    # uses tcp instead of icmp to trace throught firewalls (install via sudo apt-get install tcptraceroute)
    Code:
    tcptraceroute -f 5 cb.vu

    Routing

    Print routing table

    # use "ip route"
    Code:
    route -n
    Code:
    netstat -rn

    Add and delete a route

    Code:
    route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.16.254
    # same as above with ip route
    Code:
    ip route add 192.168.20.0/24 via 192.168.16.254
    Code:
    route add -net 192.168.20.0 netmask 255.255.255.0 dev eth0
    Code:
    route add default gw 192.168.51.254
    # same as above with ip route
    Code:
    ip route add default via 192.168.51.254 dev eth0
    Code:
    route delete -net 192.168.20.0 netmask 255.255.255.0

    Configure additional IP addresses

    # First IP
    Code:
    ifconfig eth0 192.168.50.254 netmask 255.255.255.0
    # Second IP
    Code:
    ifconfig eth0:0 192.168.51.254 netmask 255.255.255.0
    # Equivalent Commands:
    Code:
    ip addr add 192.168.50.254/24 dev eth0
    Code:
    ip addr add 192.168.51.254/24 dev eth0 label eth0:1

    Change MAC address

    #Normally you have to bring the interface down before the change.

    Code:
    ifconfig eth0 down
    Code:
    ifconfig eth0 hw ether 00:01:02:03:04:05

    Ports in use

    #Listening on open ports:
    Code:
    netstat -an | grep LISTEN
    # lists all Internet connections
    Code:
    lsof -i
    # displays list of open sockets (use apt-get install procinfo)
    Code:
    socklist
    Code:
    netstat -anp --udp --tcp | grep LISTEN
    # List active connections to/from system
    Code:
    netstat -tup
    # List listening ports from system
    Code:
    netstat -tupl

    Firewall (iptables)

    # For status
    Code:
    iptables -L -n -v
    # Open everything
    Code:
    iptables -P INPUT       ACCEPT
    Code:
    iptables -P FORWARD     ACCEPT
    Code:
    iptables -P OUTPUT      ACCEPT
    # Zero the packet and byte counters in all chains
    Code:
    iptables -Z
    # Flush all chains
    Code:
    iptables -F
    # Delete all chains
    Code:
    iptables -X
    IP Forward for routing

    # Check and then enable IP forward with:

    # Check IP forward 0=off, 1=on
    Code:
    nano -w /proc/sys/net/ipv4/ip_forward
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # or edit /etc/sysctl.conf with:

    Code:
    net.ipv4.ip_forward = 1

    NAT Network Address Translation

    # to activate NAT
    Code:
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    # Port forward 20022 to internal IP port ssh
    Code:
    iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 20022 -j DNAT --to 192.168.16.44:22
    # Port forward of range 993-995
    Code:
    iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 993:995 -j DNAT --to 192.168.16.254:993-995
    Code:
    ip route flush cache
    # Check NAT status
    Code:
    iptables -L -t nat

    NOTE: You can delete a port forward with -D instead of -A.


    DNS

    On *nix the DNS entries are valid for all interfaces and are stored in /etc/resolv.conf.
    The domain to which the host belongs is also stored in this file. A minimal configuration is:

    Code:
    nameserver 78.31.70.238
    search mydomain.net intern.lab
    domain mydomain.net

    Check the system domain name with:

    # Same as dnsdomainname
    Code:
    hostname -d

    Forward queries

    Dig is used to test the DNS settings.
    See from which server the client receives the answer (simplified answer).
    in this example, we use google.com

    dig google.com
    google.com.267INA64.233.187.99
    ;; SERVER: 192.168.1.254#53(192.168.1.254)


    The router 192.168.1.254 answered and the response is the A entry.
    Any entry can be queried and the DNS server can be selected with @:

    # To test the local server
    Code:
    dig @127.0.0.1 NS sun.com
    # Query an external server
    Code:
    dig @204.97.212.10 NS MX heise.de
    # Get the full zone (zone transfer)
    Code:
    dig AXFR @ns1.xname.org cb.vu

    The program host is also quite powerful.

    # Get the mail MX entry
    Code:
    host -t MX google.com
    # Get the NS record over a TCP connection
    Code:
    host -t NS -T google.com
    # Get everything
    Code:
    host -a google.com


    Reverse queries

    Find the name belonging to an IP address (in-addr.arpa.). This can be done with dig, host and nslookup:

    Code:
    dig -x 78.31.70.238
    Code:
    host 78.31.70.238
    Code:
    nslookup 78.31.70.238

    Single hosts can be configured in the file /etc/hosts instead of running named locally
    to resolve the hostname queries. The format is simple, for example:

    64.233.187.99 google.com google


    DHCP

    The default ubuntu dhcp client is dhclient, however, i like dhcpcd a lot better,
    and that is what i will use in my examples

    apt-get install dhcpcd to install it.

    # Trigger a renew (does not always work)
    Code:
    dhcpcd -n eth0
    # release and shutdown
    Code:
    dhcpcd -k eth0

    The lease with the full information is stored in:

    /var/lib/dhcpcd/dhcpcd-eth0.info


    For dhclient:

    Code:
    dhclient eth0

    The lease with the full information is stored in:

    /var/db/dhclient.leases.eth0


    Use

    /etc/dhclient.conf

    to prepend options or force different options:

    Code:
    nano -w /etc/dhclient.conf
    interface "eth0" {
    prepend domain-name-servers 127.0.0.1;
    default domain-name "google.com";
    supersede domain-name "google.com";
    }


    Traffic analysis

    Bmon http://people.suug.ch/~tgr/bmon/ is a small console bandwidth monitor and can display the
    flow on different interfaces. You can install it on ubuntu with apt-get install bmon

    Sniff with tcpdump (tcpdump comes with ubuntu)

    Code:
    tcpdump -nl -i eth0 not port ssh and src \(192.168.16.121 or 192.168.16.54\)
    # select to/from a single IP
    Code:
    tcpdump -n -i eth0 net 192.168.16.121
    # select traffic to/from a network
    Code:
    tcpdump -n -i eth0 net 192.168.16.0/24
    # Buffered output
    Code:
    tcpdump -l > dump && tail -f dump
    # Write traffic headers in binary file
    Code:
    tcpdump -i eth0 -w traffic.eth0
    # Write traffic + payload in binary file
    Code:
    tcpdump -i eth0 -s 0 -w traffic.eth0
    # Read from file (also for ethereal
    Code:
    tcpdump -r traffic.eth0
    # The two classic commands
    Code:
    tcpdump port 80
    # Check if pop or imap is secure
    Code:
    tcpdump host google.com
    Code:
    tcpdump -i eth0 -X port \(110 or 143\)
    # Only catch pings
    Code:
    tcpdump -n -i eth0 icmp
    # -s 0 for full packet -A for ASCII
    Code:
    tcpdump -i eth0 -s 0 -A port 80 | grep GET

    Additional important options:


    * -A Print each packets in clear text (without header)

    * -X Print packets in hex and ASCII

    * -l Make stdout line buffered

    * -D Print all interfaces available

    Scan with nmap

    Nmap http://insecure.org/nmap/ is a port scanner with OS detection,
    it is usually installed on most distributions. Install it in ubuntu
    with apt-get install nmap

    # scans all reserved TCP ports on the host
    Code:
    nmap google.com
    # Find out which IP are used and by which host on 0/24
    Code:
    nmap -sP 192.168.16.0/24
    # Do a stealth SYN scan with version and OS detection
    Code:
    nmap -sS -sV -O google.com

    Other non standard but useful tools are hping (www.hping.org) an IP packet assembler/analyzer
    and fping (fping.sourceforge.net). fping can check multiple hosts in a round-robin fashion.

    Traffic control (QoS)

    Traffic control manages the queuing, policing, scheduling, and other traffic parameters for a network.
    The following examples are simple practical uses of the Linux capabilities to better use the available
    bandwidth.

    Limit upload

    DSL or cable modems have a long queue to improve the upload throughput.
    However filling the queue with a fast device (e.g. ethernet) will dramatically
    decrease the interactivity. It is therefore useful to limit the device
    upload rate to match the physical capacity of the modem, this should
    greatly improve the interactivity. Set to about 90% of the modem maximal (cable) speed.

    For a 512 Kbit upload modem:

    Code:
    tc qdisc add dev eth0 root tbf rate 480kbit latency 50ms burst 1540
    # Status
    Code:
    tc -s qdisc ls dev eth0
    # Delete the queue
    Code:
    tc qdisc del dev eth0 root
    [code[tc qdisc change dev eth0 root tbf rate 220kbit latency 50ms burst 1540[/code]


    Quality of service

    Priority queuing with tc to optimize VoIP. See the full example on voip-info.org or
    www.howtoforge.com. Suppose VoIP uses udp on ports 10000:11024 and device eth0
    (could also be ppp0 or so). The following commands define the QoS to three queues
    and force the VoIP traffic to queue 1 with QoS 0x1e (all bits set).
    The default traffic flows into queue 3 and QoS Minimize-Delay flows into queue 2.

    Code:
    tc qdisc add dev eth0 root handle 1: prio priomap 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 0
    Code:
    tc qdisc add dev eth0 parent 1:1 handle 10: sfq
    Code:
    tc qdisc add dev eth0 parent 1:2 handle 20: sfq
    Code:
    tc qdisc add dev eth0 parent 1:3 handle 30: sfq
    Code:
    tc filter add dev eth0 protocol ip parent 1: prio 1 u32
    # use server port range (added after u32 above)
    Code:
    match ip dport 10000 0x3C00 flowid 1:1
    # or/and use server IP (added after u32 above)
    Code:
    match ip dst 123.23.0.1 flowid 1:1

    Status and remove with

    # queue status
    Code:
    tc -s qdisc ls dev eth0
    # delete all QoS
    Code:
    tc qdisc del dev eth0 root

    Calculate port range and mask

    The tc filter defines the port range with port and mask which you have to calculate.
    Find the 2^# ending of the port range, deduce the range and convert to HEX.
    This is your mask. Example for 10000 -> 11024, the range is 1024.

    # ending is 2^14 = 16384
    Code:
    2^13 (8192) < 10000 < 2^14 (16384)
    # mask is 0x3C00
    Code:
    echo "obase=16;(2^14)-1024" | bc


    NIS Debugging

    Some commands which should work on a well configured NIS client:

    # get the connected NIS server name (apt-get install nis to use)
    Code:
    ypwhich
    # The NIS domain name as configured
    Code:
    domainname
    # should display the group from the NIS server
    Code:
    ypcat group
    # Rebuild the yp database
    Code:
    cd /var/yp && make

    Is ypbind running?

    Code:
    ps auxww | grep ypbind
    Code:
    /usr/sbin/ypbind
    Code:
    yppoll passwd.byname
    Map passwd.byname has order number 1190635041. Mon Sep 24 13:57:21 2007
    The master server is servername.domain.net.

    Code:
    nano -w /etc/yp.conf
    Code:
    ypserver servername
    Code:
    domain domain.net broadcast


    Netcat

    Netcat http://netcat.sourceforge.net (nc) is better known as the "network Swiss Army Knife",
    it can manipulate, create or read/write TCP/IP connections. Here some useful examples,
    there are many more on the net, for example g-loaded.eu[...]
    http://www.g-loaded.eu/2006/11/06/ne...seful-examples and here
    http://www.terminally-incoherent.com...-netcat-tricks.


    File transfer

    Copy a large folder over a raw tcp connection. The transfer is very quick (no protocol overhead) and you don't need to mess up with NFS or SMB or FTP or so, simply make the file available on the server, and get it from the client. Here 192.168.1.1 is the server IP address.

    # Serve tar folder on port 4444
    Code:
    server: tar -cf - -C VIDEO_TS . | nc -l -p 4444
    # Pull the file on port 4444
    Code:
    client: nc 192.168.1.1 4444 | tar xpf - -C VIDEO_TS
    # Server a single file
    Code:
    server: cat largefile | nc -l 5678
    # Pull the single file
    Code:
    client: nc 192.168.1.1 5678 > largefile
    # Server partition image
    Code:
    server: dd if=/dev/da0 | nc -l 4444
    # Pull partition to clone
    Code:
    client: nc 192.168.1.1 4444 | dd of=/dev/da0
    # Pull partition to file
    Code:
    client: nc 192.168.1.1 4444 | dd of=da0.img

    Other hacks


    Remote shell

    # Provide a remote shell on port 4444 (aserver backdoor)
    [code]nc -lp 4444 -e /bin/bash[code]

    Emergency web server

    Serve a single file on port 80 in a loop.

    Code:
    while true; do nc -l -p 80 < unixtoolbox.xhtml; done

    Chat

    Joe and Carter can chat over a simple TCP socket. The text is transferred with the enter key.

    Code:
    Joe: nc -lp 4444
    Code:
    Carter: nc 192.168.1.1 4444

    AJ
    Last edited by ajmorris; August 6th, 2008 at 04:24 AM. Reason: Easier to read :)
    Want to find out more about your ubuntu system? see HowTO Ubuntu System
    Want to know a little more about networking? see HOWTO Ubuntu Networking
    Looking for help with something on your ubuntu? see the tutorial of the week sticky


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •