LPI-Learning-Material-102-500-en-3.pdf

Full Transcript

LPIC-1 (102) (Version 5.0) | 109.1 Fundamentals of internet protocols 109.1 Lesson 2 Certificate: LPIC-1...

LPIC-1 (102) (Version 5.0) | 109.1 Fundamentals of internet protocols 109.1 Lesson 2 Certificate: LPIC-1 Version: 5.0 Topic: 109 Networking Fundamentals Objective: 109.1 Fundamentals of internet protocols Lesson: 2 of 2 Introduction At the beginning of this subtopic we saw that the TCP/IP stack is composed of a series of different protocols. So far we have studied the IP protocol, which allows communication between machines through IP addresses, masks, routes, etc. For a host to be able to access a service available on another host, in addition to the IP addressing protocol at the network layer, it will be necessary to use a protocol at the transport layer such as the TCP and UDP protocols. These protocols carry out this communication through network ports. So in addition to defining a source and destination IP, source and destination ports will be used to access a service. The port is identified by a 16-bit field thus providing a limit of 65,535 possible ports. The services (destination) use ports 1 to 1023, which are called privileged ports because they have root access to the system. The origin of the connection will use the range of ports from 1024 to 65,535, called non-privileged ports, or socket ports. The ports used by each type of service are standardized and controlled by IANA (Internet Assigned Numbers Authority). This means that on any system, port 22 is used by the SSH service, port 80 by Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 391 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals the HTTP service and so on. The table below contains the main services and their respective ports. Port Service 20 FTP (data) 21 FTP (control) 22 SSH (Secure Socket Shell) 23 Telnet (Remote connection without encryption) 25 SMTP (Simple Mail Transfer Protocol), Sending Mails 53 DNS (Domain Name System) 80 HTTP (Hypertext Transfer Protocol) 110 POP3 (Post Office Protocol), Receiving Mails 123 NTP (Network Time Protocol) 139 Netbios 143 IMAP (Internet Message Access Protocol), Accessing Mails 161 SNMP (Simple Network Management Protocol) 162 SNMPTRAP, SNMP Notifications 389 LDAP (Lightweight Directory Access Protocol) 443 HTTPS (Secure HTTP) 465 SMTPS (Secure SMTP) 514 RSH (Remote Shell) 636 LDAPS (Secure LDAP) 993 IMAPS (Secure IMAP) 995 POP3S (Secure POP3) On a Linux system, standard service ports are listed in the /etc/services file. The identification of the desired destination port in a connection is done using the character : (colon) after the IPv4 address. Thus, when seeking access to the HTTPS service that is served by the IP host 200.216.10.15, the client must send the request to the destination 392 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.1 Fundamentals of internet protocols 200.216.10.15:443. The services listed above, and all others, use a transport protocol according to the characteristics required by the service, where TCP and UDP are the main ones. Transmission Control Protocol (TCP) TCP is a connection-oriented transport protocol. This means that a connection is established between the client through the socket port, and the service through the service standard port. The protocol is in charge of ensuring that all packets are delivered properly, verifying the integrity and order of the packets, including the re-transmission of packets lost due to network errors. Thus the application does not need to implement this data flow control as it is already guaranteed by the TCP protocol. User Datagram Protocol (UDP) UDP establishes a connection between the client and the service, but does not control the data transmission of that connection. In other words, it does not check if packages have been lost, or if they are out of order, etc. The application is responsible for implementing the controls that are necessary. As there is less control, UDP enables better performance in the data flow which is important for some types of services. Internet Control Message Protocol (ICMP) ICMP is a network layer protocol in the TCP/IP stack and its main function is to analyze and control network elements, making it possible, for example: Traffic volume control Detection of unreachable destinations Route redirection Checking the status of remote hosts It is the protocol used by the ping command, which will be studied in another subtopic. IPv6 So far we have studied version 4 of the IP protocol, i.e. IPv4. This has been the standard version Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 393 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals used in all network and Internet environments. However it has limitations especially in regards to the number of available addresses, and with an already current reality that all devices will be somehow connected to the Internet (see IoT), it is becoming increasingly common to use version 6 of the IP protocol, commonly written as IPv6. IPv6 brings a series of changes, new implementations and features, as well as a new representation of the address itself. Each IPv6 address has 128 bits, divided into 8 groups of 16 bits, represented by hexadecimal values. For example: 2001:0db8:85a3:08d3:1319:8a2e:0370:7344 Abbreviations IPv6 defines ways to shorten addresses in some situations. Let’s review the following address: 2001:0db8:85a3:0000:0000:0000:0000:7344 The first possibility is to reduce strings from 0000 to just 0, resulting in: 2001:0db8:85a3:0:0:0:0:7344 In addition, in case of group strings with a value of 0, they can be omitted, as follows: 2001:0db8:85a3::7344 However, this last abbreviation can only be done once in the address. See the example: 2001:0db8:85a3:0000:0000:1319:0000:7344 2001:0db8:85a3:0:0:1319:0:7344 2001:0db8:85a3::1319:0:7344 394 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.1 Fundamentals of internet protocols IPv6 Address Types IPv6 classifies addresses into 3 types: Unicast Identifies a single network interface. By default, the 64 bits on the left identify the network, and the 64 bits on the right identify the interface. Multicast Identifies a set of network interfaces. A packet sent to a multicast address will be sent to all interfaces that belong to that group. Although similar, it should not be confused with broadcast, which does not exist in the IPv6 protocol. Anycast This also identifies a set of interfaces on the network, but the packet forwarded to an anycast address will be delivered to only one address in that set, not everyone. Differences between IPv4 and IPv6 In addition to the address several other differences can be pointed out between versions 4 and 6 of the IP. Here are some of them: Service ports follow the same standards and protocols (TCP, UDP), the difference is only in the representation of the IP and port set. In IPv6 the IP address must be protected with [] (brackets): IPv4 200.216.10.15:443 IPv6 [2001:0db8:85a3:08d3:1319:8a2e:0370:7344]:443 IPv6 does not implement the broadcast feature exactly as it exists in IPv4. However the same result can be achieved by sending the packet to the address ff02::1, reaching all hosts on the local network. Something similar to using 224.0.0.1 on IPv4 for multicasting as a destination. Through the SLAAC (Stateless Address Autoconfiguration) feature, IPv6 hosts are able to self- configure. The TTL (Time to Live) field of IPv4 has been replaced by the “Hop Limit” in the IPv6 header. All IPv6 interfaces have a local address, called link-local address, prefixed with fe80::/10. IPv6 implements the Neighbor Discovery Protocol (NDP), which is similar to the ARP used by Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 395 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals IPv4, but with much more functionality. 396 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.1 Fundamentals of internet protocols Guided Exercises 1. Which port is the default for the SMTP protocol? 2. How many different ports are available in a system? 3. Which transport protocol ensures that all packets are delivered properly, verifying the integrity and the order of the packets? 4. Which type of IPv6 address is used to sent a packet to all interfaces that belong to group of hosts? Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 397 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals Explorational Exercises 1. Mention 4 examples of services that use the TCP protocol by default. 2. What is the name of the field on IPv6 header package that implement the same resource of TTL on IPv4? 3. What kind of information Neighbor Discovery Protocol (NDP) is able to discover? 398 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.1 Fundamentals of internet protocols Summary This lesson covered the main transport protocols and services used on TCP/IP stack. Another important topic was the version 6 of IP Protocol, including the IPv6 addresses and the main differences with IPv4. The following subjects were addressed: The correlation between Port numbers and Services TCP (Transmission Control Protocol) UDP (User Datagram Protocol) ICMP (Internet Control Message Protocol) The IPv6 address and how it can be abbreviated IPv6 address types Main differences between IPv4 and IPv6 Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 399 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals Answers to Guided Exercises 1. Which port is the default for the SMTP protocol? 25 2. How many different ports are available in a system? 65535 3. Which transport protocol ensures that all packets are delivered properly, verifying the integrity and the order of the packets? TCP 4. Which type of IPv6 address is used to sent a packet to all interfaces that belong to group of hosts? Multicast 400 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.1 Fundamentals of internet protocols Answers to Explorational Exercises 1. Mention 4 examples of services that use the TCP protocol by default. FTP, SMTP, HTTP, POP3, IMAP, SSH 2. What is the name of the field on IPv6 header package that implement the same resource of TTL on IPv4? Hop Limit 3. What kind of information Neighbor Discovery Protocol (NDP) is able to discover? NDP is able to obtain various information from the network, including other nodes, duplicate addresses, routes, DNS servers, gateways, etc. Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 401 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals 109.2 Persistent network configuration Reference to LPI objectives LPIC-1 version 5.0, Exam 102, Objective 109.2 Weight 4 Key knowledge areas Understand basic TCP/IP host configuration Configure ethernet and wi-fi network configuration using NetworkManager Awareness of systemd-networkd Partial list of the used files, terms and utilities /etc/hostname /etc/hosts /etc/nsswitch.conf /etc/resolv.conf nmcli hostnamectl ifup ifdown 402 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration 109.2 Lesson 1 Certificate: LPIC-1 Version: 5.0 Topic: 109 Networking Fundamentals Objective: 109.2 Persistent network configuration Lesson: 1 of 2 Introduction In any TCP/IP network, every node must configure its network adapter to match the network requirements, otherwise they will not be able to communicate with each other. Therefore, the system administrator must provide the basic configuration so the operating system will be able to setup the appropriate network interface, as well as to identify itself and the basic features of the network every time it boots. Network settings are agnostic in regard to operating systems, but the latter have their own methods to store and apply these settings. Linux systems rely on configurations stored in plain text files under the /etc directory to bring up network connectivity during boot time. It is worth knowing how these files are used to avoid connectivity loss due to local misconfiguration. The Network Interface Network interface is the term by which the operating system refers to the communication channel configured to work with the network hardware attached to the system, such as an ethernet or wi- fi device. The exception to this is the loopback interface, which the operating system uses when it needs to establish a connection with itself, but the main purpose of a network interface is to Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 403 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals provide a route through which local data can be sent and remote data can be received. Unless the network interface is properly configured, the operating system will not be able to communicate with other machines in the network. For most cases, the correct interface settings are either defined by default or customized during the installation of the operating system. Nevertheless, these settings often need to be inspected or even modified when the communication isn’t working properly or when the interface’s behavior requires customization. There are many Linux commands to list which network interfaces are present on the system, but not all of them are available in all distributions. Command ip, however, is part of the basic set of networking tools bundled with all Linux distributions and can be used to list the network interfaces. The complete command to show the interfaces is ip link show: $ ip link show 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp3s5: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 00:16:3e:8d:2b:5b brd ff:ff:ff:ff:ff:ff If available, command nmcli device can also be used: $ nmcli device DEVICE TYPE STATE CONNECTION enp3s5 ethernet connected Gigabit Powerline Adapter lo loopback unmanaged -- The commands shown in the examples do not modify any settings in the system, so they can be executed by an unprivileged user. Both commands list two network interfaces: lo (the loopback interface) and enp3s5 (an ethernet interface). Desktops and laptops running Linux usually have two or three predefined network interfaces, one for the loopback virtual interface and the others assigned to the network hardware found by the system. Servers and network appliances running Linux, on the other hand, may have tens of network interfaces, but the same principles apply to all of them. The abstraction provided by the operating system allows for the setup of network interfaces using the same methods, regardless of the underlying hardware. However, knowing the details about the underlying hardware of an interface can be useful to 404 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration better understand what is going on when the communication is not working as expected. In a system where many network interfaces are available, it could not be obvious which one corresponds to the wi-fi and which one corresponds to the ethernet, for example. For this reason, Linux uses an interface naming convention that helps identify which network interface corresponds to which device and port. Interface Names Older Linux distributions named ethernet network interfaces as eth0, eth1, etc., numbered according to the order in which the kernel identifies the devices. The wireless interfaces were named wlan0, wlan1, etc. This naming convention, however, does not clarify which specific ethernet port matches with the interface eth0, for example. Depending on how the hardware was detected, it was even possible for two network interfaces to swap names after a reboot. To overcome this ambiguity, more recent Linux systems employ a predictable naming convention for network interfaces, making up a closer relationship between the interface name and the underlying hardware connection. In Linux distributions that use the systemd naming scheme, all interface names start with a two- character prefix that signifies the interface type: en Ethernet ib InfiniBand sl Serial line IP (slip) wl Wireless local area network (WLAN) ww Wireless wide area network (WWAN) From higher to lower priority, the following rules are used by the operating system to name and number the network interfaces: 1. Name the interface after the index provided by the BIOS or by the firmware of embedded devices, e.g. eno1. Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 405 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals 2. Name the interface after the PCI express slot index, as given by the BIOS or firmware, e.g. ens1. 3. Name the interface after its address at the corresponding bus, e.g. enp3s5. 4. Name the interface after the interface’s MAC address, e.g. enx78e7d1ea46da. 5. Name the interface using the legacy convention, e.g. eth0. It is correct to assume, for example, that the network interface enp3s5 was so named because it did not fit the first two naming methods, so its address in the corresponding bus and slot was used instead. The device address 03:05.0, found in the output of the lspci command, reveals the associate device: $ lspci | fgrep Ethernet 03:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8110SC/8169SC Gigabit Ethernet (rev 10) Network interfaces are created by the Linux kernel itself, but there are many commands that can be used to interact with them. Normally, the configuration happens automatically and there is no need to change the settings manually. Nonetheless, with the name of the interface, it is possible to tell the kernel how to proceed in configuring it if necessary. Interface Management Over the years, several programs have been developed to interact with the networking features provided by the Linux kernel. Although the old ifconfig command can still be used to do simple interface configurations and queries, it is now deprecated due to its limited support of non- ethernet interfaces. The ifconfig command was superseded by the command ip, which is capable of managing many other aspects of TCP/IP interfaces, like routes and tunnels. The many capabilities of the ip command can be overkill for most ordinary tasks, so there are auxiliary commands to facilitate the activation and configuration of the network interfaces. Commands ifup and ifdown may be used to configure network interfaces based on interface definitions found in the file /etc/network/interfaces. Although they can be invoked manually, these commands are normally executed automatically during system boot. All network interfaces managed by ifup and ifdown should be listed in the /etc/network/interfaces file. The format used in the file is straightforward: lines beginning with the word auto are used to identify the physical interfaces to be brought up when ifup is executed with the -a option. The interface name should follow the word auto on the same line. All interfaces marked auto are brought up at boot time, in the order they are listed. 406 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration Network configuration methods used by ifup and ifdown are not standardized throughout all Linux distributions. CentOS, for example, keeps WARNING the interface settings in individual files in the /etc/sysconfig/network- scripts/ directory and the configuration format used in them is slightly different from the format used in /etc/network/interfaces. The actual interface configuration is written in another line, starting with the word iface, followed by the interface name, the name of the address family that the interface uses and the name of the method used to configure the interface. The following example shows a basic configuration file for interfaces lo (loopback) and enp3s5: auto lo iface lo inet loopback auto enp3s5 iface enp3s5 inet dhcp The address family should be inet for TCP/IP networking, but there is also support for IPX networking (ipx), and IPv6 networking (inet6). Loopback interfaces use the loopback configuration method. With the dhcp method, the interface will use the IP settings provided by the network’s DHCP server. The settings from the example configuration allow the execution of command ifup using interface name enp3s5 as its argument: # ifup enp3s5 Internet Systems Consortium DHCP Client 4.4.1 Copyright 2004-2018 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/enp3s5/00:16:3e:8d:2b:5b Sending on LPF/enp3s5/00:16:3e:8d:2b:5b Sending on Socket/fallback DHCPDISCOVER on enp3s5 to 255.255.255.255 port 67 interval 4 DHCPOFFER of 10.90.170.158 from 10.90.170.1 DHCPREQUEST for 10.90.170.158 on enp3s5 to 255.255.255.255 port 67 DHCPACK of 10.90.170.158 from 10.90.170.1 bound to 10.90.170.158 -- renewal in 1616 seconds. In this example, the method chosen for the enp3s5 interface was dhcp, so the command ifup called a DHCP client program to obtain the IP settings from the DHCP server. Likewise, command ifdown enp3s5 can be used to turn the interface off. Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 407 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals In networks without a DHCP server, the static method could be used instead and the IP settings provided manually in /etc/network/interfaces. For example: iface enp3s5 inet static address 192.168.1.2/24 gateway 192.168.1.1 Interfaces using the static method do not need a corresponding auto directive, as they are brought up whenever the network hardware is detected. If the same interface has more than one iface entry, then all of the configured addresses and options will be applied when bringing up that interface. This is useful to configure both IPv4 and IPv6 addresses on the same interface, as well as to configure multiple addresses of the same type on a single interface. Local and Remote Names A working TCP/IP setup is just the first step towards full network usability. In addition to being able to identify nodes on the network by their IP numbers, the system must be able to identify them with names more easily understood by human beings. The name by which the system identifies itself is customizable and it is good practice to define it, even if the machine is not intended to join a network. The local name often matches the network name of the machine, but this isn’t necessarily always true. If the file /etc/hostname exists, the operating system will use the contents of the first line as its local name, thereafter simply called the hostname. Lines starting with # inside /etc/hostname are ignored. The /etc/hostname file can be edited directly, but the machine’s hostname can also be defined with the hostnamectl command. When supplied with sub-command set-hostname, command hostnamectl will take the name given as an argument and write it in /etc/hostname: # hostnamectl set-hostname storage # cat /etc/hostname storage The hostname defined in /etc/hostname is the static hostname, that is, the name which is used to initialize the system’s hostname at boot. The static hostname may be a free-form string up to 64 characters in length. However, it is recommended that it consists only of ASCII lower-case characters and no spaces or dots. It should also limit itself to the format allowed for DNS domain name labels, even though this is not a strict requirement. 408 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration Command hostnamectl can set two other types of hostnames in addition to the static hostname: Pretty hostname Unlike the static hostname, the pretty hostname may include all kinds of special characters. It can be used to set a more descriptive name for the machine, e.g. “LAN Shared Storage”: # hostnamectl --pretty set-hostname "LAN Shared Storage" Transient hostname Used when the static hostname is not set or when it is the default localhost name. The transient hostname is normally the name set together with other automatic configurations, but it can also be modified by the command hostnamectl, e.g. # hostnamectl --transient set-hostname generic-host If neither the --pretty nor --transient option is used, then all three hostname types will be set to the given name. To set the static hostname, but not the pretty and transient names, the option --static should be used instead. In all cases, only the static hostname is stored in the /etc/hostname file. Command hostnamectl can also be used to display various descriptive and identity bits of information about the running system: $ hostnamectl status Static hostname: storage Pretty hostname: LAN Shared Storage Transient hostname: generic-host Icon name: computer-server Chassis: server Machine ID: d91962a957f749bbaf16da3c9c86e093 Boot ID: 8c11dcab9c3d4f5aa53f4f4e8fdc6318 Operating System: Debian GNU/Linux 10 (buster) Kernel: Linux 4.19.0-8-amd64 Architecture: x86-64 This is the default action of the hostnamectl command, so the status sub-command can be omitted. Regarding the name of the remote network nodes, there are two basic ways the operating system can implement to match names and IP numbers: to use a local source or to use a remote server to translate names into IP numbers and vice versa. The methods can be complementary to each Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 409 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals other and their priority order is defined in the Name Service Switch configuration file: /etc/nsswitch.conf. This file is used by the system and applications to determine not only the sources for name-IP matches, but also the sources from which to obtain name-service information in a range of categories, called databases. The hosts database keeps track of the mapping between host names and host numbers. The line inside /etc/nsswitch.conf beginning with hosts defines the services accountable for providing the associations for it: hosts: files dns In this example entry, files and dns are the service names that specify how the lookup process for host names will work. First, the system will look for matches in local files, then it will ask the DNS service for matches. The local file for the hosts database is /etc/hosts, a simple text file that associates IP addresses with hostnames, one line per IP address, e.g.: 127.0.0.1 localhost The IP number 127.0.0.1 is the default address for the loopback interface, hence its association with the localhost name. It is also possible to bind optional aliases to the same IP. Aliases can provide alternate spellings, shorter hostnames and should be added at the end of the line, for example: 192.168.1.10 foo.mydomain.org foo The formatting rules for the /etc/hosts file are: Fields of the entry are separated by any number of blanks and/or tab characters. Text from a # character until the end of the line is a comment and is ignored. Host names may contain only alphanumeric characters, minus signs and periods. Host names must begin with an alphabetic character and end with an alphanumeric character. IPv6 addresses may also be added to /etc/hosts. The following entry refers to the IPv6 loopback address: 410 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration ::1 localhost ip6-localhost ip6-loopback Following the files service specification, the dns specification tells the system to ask a DNS service for the desired name/IP association. The set of routines responsible for this method is called the resolver and its configuration file is /etc/resolv.conf. The following example shows a generic /etc/resolv.conf containing entries for Google’s public DNS servers: nameserver 8.8.4.4 nameserver 8.8.8.8 As shown in the example, the nameserver keyword indicates the IP address of the DNS server. Only one nameserver is required, but up to three nameservers can be given. The supplementary ones will be used as a fallback. If no nameserver entries are present, the default behaviour is to use the name server on the local machine. The resolver can be configured to automatically add the domain to names before consulting them on the name server. For example: nameserver 8.8.4.4 nameserver 8.8.8.8 domain mydomain.org search mydomain.net mydomain.com The domain entry sets mydomain.org as the local domain name, so queries for names within this domain will be allowed to use short names relative to the local domain. The search entry has a similar purpose, but it accepts a list of domains to try when a short name is provided. By default, it contains only the local domain name. Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 411 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals Guided Exercises 1. What commands can be used to list the network adapters present in the system? 2. What is the type of network adapter whose interface name is wlo1? 3. What role does the file /etc/network/interfaces play during boot time? 4. What entry in /etc/network/interfaces configures interface eno1 to obtain its IP settings with DHCP? 412 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration Explorational Exercises 1. How could the hostnamectl command be used to change only the static hostname of the local machine to firewall? 2. What details other than hostnames can be modified by command hostnamectl? 3. What entry in /etc/hosts associates both names firewall and router with IP 10.8.0.1? 4. How could the /etc/resolv.conf file be modified in order to send all DNS requests to 1.1.1.1? Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 413 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals Summary This lesson covers how to make persistent changes to the local network configuration using standard Linux files and commands. Linux expects the TCP/IP settings to be in specific places and it may be necessary to change them when the default settings are not appropriate. The lesson goes through the following topics: How Linux identifies network interfaces. Interface activation during boot and basic IP configuration. How the operating system associates names with hosts. The concepts, commands and procedures addressed were: Interface naming conventions. Listing network interfaces with ip and nmcli. Interface activation with ifup and ifdown. Command hostnamectl and the /etc/hostname file. Files /etc/nsswitch.conf, /etc/hosts and /etc/resolv.conf. 414 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration Answers to Guided Exercises 1. What commands can be used to list the network adapters present in the system? Commands ip link show, nmcli device and the legacy ifconfig. 2. What is the type of a network adapter whose interface name is wlo1? The name starts with wl, so it is a wireless LAN adapter. 3. What role does the file /etc/network/interfaces play during boot time? It has the configurations used by command ifup to activate the corresponding interfaces during boot time. 4. What entry in /etc/network/interfaces configures interface eno1 to obtain its IP settings with DHCP? The line iface eno1 inet dhcp. Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 415 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals Answers to Explorational Exercises 1. How could the hostnamectl command be used to change only the static hostname of the local machine to firewall? With the --static option: hostnamectl --static set-hostname firewall. 2. What details other than hostnames can be modified by command hostnamectl? hostnamectl can also set the default icon for the local machine, its chassis type, the location and the deployment environment. 3. What entry in /etc/hosts associates both names firewall and router with IP 10.8.0.1? The line 10.8.0.1 firewall router. 4. How could the /etc/resolv.conf file be modified in order to send all DNS requests to 1.1.1.1? Using nameserver 1.1.1.1 as its only nameserver entry. 416 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration 109.2 Lesson 2 Certificate: LPIC-1 Version: 5.0 Topic: 109 Networking Fundamentals Objective: 109.2 Persistent network configuration Lesson: 2 of 2 Introduction Linux supports virtually every network technology used to connect servers, containers, virtual machines, desktops and mobile devices. The connections between all these network nodes can be dynamic and heterogeneous, thus requiring appropriate management by the operating system running in them. In the past, distributions developed their own customized solutions for managing dynamic network infrastructure. Today, tools like NetworkManager and systemd provide more comprehensive and integrated features to meet all the specific demands. NetworkManager Most Linux distributions adopt the NetworkManager service daemon to configure and control the system’s network connections. NetworkManager’s purpose is to make the network configuration as simple and automatic as possible. When using DHCP, for example, NetworkManager arranges route changes, IP address fetching and updates to the local list of DNS servers, if necessary. When both wired and wireless connections are available, NetworkManager prioritizes the wired connection by default. NetworkManager will try to keep at least one connection active all the time, Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 417 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals whenever it is possible. A request using DHCP (Dynamic Host Configuration Protocol) is usually sent through the network adapter as soon as the link to the network is established. The NOTE DHCP server that is active on the network then responds with the settings (IP address, network mask, default route, etc.) which the requester must use to communicate via IP protocol. By default, the NetworkManager daemon controls the network interfaces not mentioned in the /etc/network/interfaces file. It does so to not interfere with other configuration methods that may be present as well, thus modifying the unattended interfaces only. The NetworkManager service runs in the background with root privileges and triggers the necessary actions to keep the system online. Ordinary users can create and modify network connections with client applications that, albeit not having root privileges themselves, are capable of communicating with the underlying service in order to perform the requested actions. Client applications for NetworkManager are available for both the command line and the graphical environment. For the latter, the client application comes as an accessory of the desktop environment (under names like, nm-tray, network-manager-gnome, nm-applet or plasma-nm) and it is usually accessible through an indicator icon at the corner of the desktop bar or from the system configuration utility. In the command line, NetworkManager itself provides two client programs: nmcli and nmtui. Both programs have the same basic features, but nmtui has a curses-based interface while nmcli is a more comprehensive command that can also be used in scripts. Command nmcli separates all network related properties controlled by NetworkManager in categories called objects: general NetworkManager’s general status and operations. networking Overall networking control. radio NetworkManager radio switches. connection NetworkManager’s connections. 418 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration device Devices managed by NetworkManager. agent NetworkManager secret agent or polkit agent. monitor Monitor NetworkManager changes. The object name is the main argument to command nmcli. To show the overall connectivity status of the system, for example, the object general should be given as the argument: $ nmcli general STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN connected full enabled enabled enabled enabled Column STATE tells whether the system is connected to a network or not. If the connection is limited due to external misconfiguration or access restrictions, then the CONNECTIVITY column will not report the full connectivity status. If Portal appears in the CONNECTIVITY column, it means that extra authentication steps (usually through the web browser) are required to complete the connection process. The remaining columns report the status of the wireless connections (if any), either WIFI or WWAN (Wide Wireless Area Network, i.e. cellular networks). The HW suffix indicates that the status corresponds to the network device rather than the system network connection, that is, it tells if the hardware is enabled or disabled to save power. In addition to the object argument, nmcli also needs a command argument to execute. The status command is used by default if no command argument is present, so the command nmcli general is actually interpreted as nmcli general status. It is hardly necessary to take any action when the network adapter is connected directly to the access point through cables, but wireless networks require further interaction to accept new members. nmcli facilitates the connection process and saves the settings to connect automatically in the future, hence it is very helpful for laptops or any other mobile appliances. Before connecting to wi-fi, it is convenient to first list the available networks in the local area. If the system has a working wi-fi adapter, then the device object will use it to scan the available networks with command nmcli device wifi list: $ nmcli device wifi list IN-USE BSSID SSID MODE CHAN RATE SIGNAL BARS SECURITY 90:F6:52:C5:FA:12 Hypnotoad Infra 11 130 Mbit/s 67 ▂▄▆_ WPA2 Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 419 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals 10:72:23:C7:27:AC Jumbao Infra 1 130 Mbit/s 55 ▂▄__ WPA2 00:1F:33:33:E9:BE NETGEAR Infra 1 54 Mbit/s 35 ▂▄__ WPA1 WPA2 A4:33:D7:85:6D:B0 AP53 Infra 11 130 Mbit/s 32 ▂▄__ WPA1 WPA2 98:1E:19:1D:CC:3A Bruma Infra 1 195 Mbit/s 22 ▂___ WPA1 WPA2 Most users will probably use the name in the SSID column to identify the network of interest. For example, command nmcli can connect to the network named Hypnotoad using the device object again: $ nmcli device wifi connect Hypnotoad If the command is executed inside a terminal emulator in the graphical environment, then a dialog box will appear asking for the network’s passphrase. When executed in a text only console, the password may be provided together with the other arguments: $ nmcli device wifi connect Hypnotoad password MyPassword If the wi-fi network hides its SSID name, nmcli can still connect to it with the extra hidden yes arguments: $ nmcli device wifi connect Hypnotoad password MyPassword hidden yes If the system has more than one wi-fi adapter, the one to be used may be indicated with ifname. For example, to connect using the adapter named wlo1: $ nmcli device wifi connect Hypnotoad password MyPassword ifname wlo1 After the connection succeeds, NetworkManager will name it after the corresponding SSID (if it is a wi-fi connection) and will keep it for future connections. The connections names and their UUIDs are listed by command nmcli connection show: $ nmcli connection show NAME UUID TYPE DEVICE Ethernet 53440255-567e-300d-9922-b28f0786f56e ethernet enp3s5 tun0 cae685e1-b0c4-405a-8ece-6d424e1fb5f8 tun tun0 Hypnotoad 6fdec048-bcc5-490a-832b-da83d8cb7915 wifi wlo1 4G a2cf4460-0cb7-42e3-8df3-ccb927f2fd88 gsm -- 420 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration The type of each connection is shown — which can be ethernet, wifi, tun, gsm, bridge, etc. — as well as the device to which they are associated with. To perform actions on a specific connection, its name or UUID must be supplied. To deactivate the Hypnotoad connection, for example: $ nmcli connection down Hypnotoad Connection 'Hypnotoad' successfully deactivated Likewise, the command nmcli connection up Hypnotoad can be used to bring the connection up, as it is now saved by NetworkManager. The interface name can also be used to reconnect, but in this case the device object should be used instead: $ nmcli device disconnect wlo2 Device 'wlo1' successfully disconnected. The interface name can also be used to reestablish the connection: $ nmcli device connect wlo2 Device 'wlo1' successfully activated with '833692de-377e-4f91-a3dc-d9a2b1fcf6cb'. Note that the connection UUID changes every time the connection is brought up, so it is preferable to use its name for consistency. If the wireless adapter is available but it is not being used, then it can be turned off to save power. This time, the object radio should be passed to nmcli: $ nmcli radio wifi off Of course, the wireless device can be turned on again with command nmcli radio wifi on. Once the connections are established no manual interaction will be required in the future, as NetworkManager identifies available known networks and automatically connects to them. If necessary, NetworkManager has plugins that can extend its functionalities, like the plugin to support VPN connections. systemd-networkd Systems running systemd can optionally use its built-in daemons to manage network connectivity: systemd-networkd to control network interfaces and systemd-resolved to manage the local name resolution. These services are backwards compatible with legacy Linux configuration Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 421 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals methods, but the configuration of network interfaces in particular has features that are worth knowing. The configuration files used by systemd-networkd to setup network interfaces can be found in any of the following three directories: /lib/systemd/network The system network directory. /run/systemd/network The volatile runtime network directory. /etc/systemd/network The local administration network directory. The files are processed in lexicographic order, so it is recommended to start their names with numbers to make the ordering easier to read and set. Files in /etc have the highest priority, whilst files in /run take precedence over files with the same name in /lib. This means that if configuration files in different directories have the same name, then systemd-networkd will ignore the files with lesser priority. Separating files like that is a way to change the interface settings without having to modify the original files: modifications can be placed in /etc/systemd/network to override those in /lib/systemd/network. The purpose of each configuration file depends on its suffix. File names ending in.netdev are used by systemd-networkd to create virtual network devices, such as bridge or tun devices. Files ending in.link set low-level configurations for the corresponding network interface. systemd- networkd detects and configures network devices automatically as they appear — as well as ignore devices already configured by other means — so there is little need to add these files in most situations. The most important suffix is.network. Files using this suffix can be used to setup network addresses and routes. As with the other configuration file types, the name of the file defines the order in which the file will be processed. The network interface to which the configuration file refers to is defined in the [Match]` section inside the file. For example, the ethernet network interface enp3s5 can be selected within the file /etc/systemd/network/30-lan.network by using the Name=enp3s5 entry in the [Match] section: [Match] 422 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration Name=enp3s5 A list of whitespace-separated names is also accepted to match many network interfaces with this same file at once. The names can contain shell-style globs, like en*. Other entries provide various matching rules, like selecting a network device by its MAC address: [Match] MACAddress=00:16:3e:8d:2b:5b The settings for the device are in the [Network] section of the file. A simple static network configuration only requires the Address and Gateway entries: [Match] MACAddress=00:16:3e:8d:2b:5b [Network] Address=192.168.0.100/24 Gateway=192.168.0.1 To use the DHCP protocol instead of static IP addresses, the DHCP entry should be used instead: [Match] MACAddress=00:16:3e:8d:2b:5b [Network] DHCP=yes The systemd-networkd service will try to fetch both IPv4 and IPv6 addresses for the network interface. To use IPv4 only, DHCP=ipv4 should be used. Likewise, DHCP=ipv6 will ignore IPv4 settings and use the provided IPv6 address only. Password-protected wireless networks can also be configured by systemd-networkd, but the network adapter must be already authenticated in the network before systemd-networkd can configure it. Authentication is performed by WPA supplicant, a program dedicated to configure network adapters for password protected networks. The first step is to create the credentials file with command wpa_passphrase: # wpa_passphrase MyWifi > /etc/wpa_supplicant/wpa_supplicant-wlo1.conf Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 423 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals This command will take the passphrase for the MyWifi wireless network from the standard input and store its hash in the /etc/wpa_supplicant/wpa_supplicant-wlo1.conf. Note that the filename should contain the appropriate name of the wireless interface, hence the wlo1 in the file name. The systemd manager reads the WPA passphrase files in /etc/wpa_supplicant/ and creates the corresponding service to run WPA supplicant and bring the interface up. The passphrase file created in the example will then have a corresponding service unit called [email protected]. Command systemctl start [email protected] will associate the wireless adapter with the remote access point. Command systemctl enable [email protected] makes the association automatic during boot time. Finally, a.network file matching the wlo1 interface must be present in /etc/systemd/network/, as systemd-networkd will use it to configure the interface as soon as WPA supplicant finishes the association with the access point. 424 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration Guided Exercises 1. What is the meaning of the word Portal in the CONNECTIVITY column in the output of command nmcli general status? 2. In a console terminal, how can an ordinary user use the command nmcli to connect to the MyWifi wireless network protected by the password MyPassword? 3. What command can turn the wireless adapter on if it was previously disabled by the operating system? 4. Custom configuration files should be placed in what directory when systemd-networkd is managing the network interfaces? Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 425 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals Explorational Exercises 1. How can a user run the command nmcli to delete an unused connection named Hotel Internet? 2. NetworkManager scans wi-fi networks periodically and command nmcli device wifi list only lists the access points found in the last scan. How should the nmcli command be used to ask NetworkManager to immediately re-scan all available access points? 3. What name entry should be used in the [Match] section of a systemd-networkd configuration file to match all ethernet interfaces? 4. How should the wpa_passphrase command be executed to use the passphrase given as an argument and not from the standard input? 426 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration Summary This lesson covers the common tools used in Linux to manage heterogeneous and dynamic network connections. Although most configuration methods do not require user intervention, sometimes that is necessary and tools like NetworkManager and systemd-networkd can reduce the hassle to a minimum. The lesson goes through the following topics: How NetworkManager and systemd-networkd integrate with the system. How the user can interact with NetworkManager and systemd-networkd. Basic interface configuration with both NetworkManager and systemd-networkd. The concepts, commands and procedures addressed were: NetworkManager’s client commands: nmtui and nmcli. Scanning and connecting to wireless networks using nmcli appropriate commands. Persistent wi-fi network connections using systemd-networkd. Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 427 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals Answers to Guided Exercises 1. What is the meaning of the word Portal in the CONNECTIVITY column in the output of command nmcli general status? It means that extra authentication steps (usually through the web browser) are required to complete the connection process. 2. In a console terminal, how can an ordinary user use the command nmcli to connect to the MyWifi wireless network protected by the password MyPassword? In a text-only terminal, the command would be $ nmcli device wifi connect MyWifi password MyPassword 3. What command can turn the wireless adapter on if it was previously disabled by the operating system? $ nmcli radio wifi on 4. Custom configuration files should be placed in what directory when systemd-networkd is managing the network interfaces? In the local administration network directory: /etc/systemd/network. 428 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.2 Persistent network configuration Answers to Explorational Exercises 1. How can a user run the command nmcli to delete an unused connection named Hotel Internet? $ nmcli connection delete "Hotel Internet" 2. NetworkManager scans wi-fi networks periodically and command nmcli device wifi list only lists the access points found in the last scan. How should the nmcli command be used to ask NetworkManager to immediately re-scan all available access points? The root user can run nmcli device wifi rescan to make NetworkManager re-scan available access points. 3. What name entry should be used in the [Match] section of a systemd-networkd configuration file to match all ethernet interfaces? The entry name=en*, as en is the prefix for ethernet interfaces in Linux and systemd-networkd accepts shell-like globs. 4. How should the wpa_passphrase command be executed to use the passphrase given as an argument and not from the standard input? The password should be given just after the SSID, as in wpa_passphrase MyWifi MyPassword. Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 429 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals 109.3 Basic network troubleshooting Reference to LPI objectives LPIC-1 version 5.0, Exam 102, Objective 109.3 Weight 4 Key knowledge areas Manually configure network interfaces, including viewing and changing the configuration of network interfaces using iproute2. Manually configure routing, including viewing and changing routing tables and setting the default route using iproute2. Debug problems associated with the network configuration. Awareness of legacy net-tools commands. Partial list of the used files, terms and utilities ip hostname ss ping ping6 traceroute traceroute6 tracepath tracepath6 430 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting netcat ifconfig netstat route Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 431 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals 109.3 Lesson 1 Certificate: LPIC-1 Version: 5.0 Topic: 109 Networking Fundamentals Objective: 109.3 Basic network troubleshooting Lesson: 1 of 2 Introduction Linux has very flexible and powerful network capabilities. In fact, Linux based operating systems are often used on common network devices, including expensive commercial equipment. Linux networking could be a certification in itself. With this mind, this lesson is only going to cover a few basic configuration and troubleshooting tools. Be sure to review the lessons on internet protocols and persistent network configuration prior to this lesson. Within this lesson, we will be covering tools to configure and troubleshoot IPv4 and IPv6 networking. While not an official objective, packet sniffers such as tcpdump are useful troubleshooting tools. Packet sniffers allow you to view and record packets coming into or out of a network interface. Tools such as hex viewers and protocol analyzers can be used to view these packets in more detail than a packet sniffer will typically allow. It wouldn’t hurt to at least be aware of such programs. About the ip Command The ip command is a fairly recent utility used to view and configure just about anything relating 432 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting to network configurations. This lesson covers some of the most used subcommands of ip, but it barely scratches the surface of what is available. Learning to read the documentation will help you be much more efficient with it. Each subcommand of ip has its own man page. The SEE ALSO section of the ip man page has a list of them: $ man ip... SEE ALSO ip-address(8), ip-addrlabel(8), ip-l2tp(8), ip-link(8), ip-maddress(8), ip-monitor(8), ip-mroute(8), ip-neighbour(8), ip-netns(8), ip- ntable(8), ip-route(8), ip-rule(8), ip-tcp_metrics(8), ip-token(8), ip- tunnel(8), ip-xfrm(8) IP Command reference ip-cref.ps... Instead of looking at this every time you need the man page, simply add - and the name of the subcommand to ip, e.g. man ip-route. Another source of information is the help function. To view the built-in help, add help after the subcommand: $ ip address help Usage: ip address {add|change|replace} IFADDR dev IFNAME [ LIFETIME ] [ CONFFLAG-LIST ] ip address del IFADDR dev IFNAME [mngtmpaddr] ip address {save|flush} [ dev IFNAME ] [ scope SCOPE-ID ] [ to PREFIX ] [ FLAG-LIST ] [ label LABEL ] [up] ip address [ show [ dev IFNAME ] [ scope SCOPE-ID ] [ master DEVICE ] [ type TYPE ] [ to PREFIX ] [ FLAG-LIST ] [ label LABEL ] [up] [ vrf NAME ] ] ip address {showdump|restore} IFADDR := PREFIX | ADDR peer PREFIX... Netmask and Routing Review IPv4 and IPv6 are what are known as routed or routable protocols. This means they are designed in a way that make it possible for network designers to control traffic flow. Ethernet is not a routable protocol. This means that if you were to connect a bunch of devices together using Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 433 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals nothing but Ethernet, there is very little you can do to control the flow of network traffic. Any measures to control traffic would end up similar to current routable and routing protocols. Routable protocols allow network designers to segment networks to reduce the processing requirements of connectivity devices, provide redundancy, and manage traffic. IPv4 and IPv6 addresses have two sections. The first set of bits make up the network section while the second set make up the host portion. The number of bits that make up the network portion are determined by the netmask (also called subnet mask). Sometimes it will also be referred to as the prefix length. Regardless of what it is called, it is the number of bits that the machine treats as the network portion of the address. With IPv4, sometimes this is specified in dotted decimal notation. Below is an example using IPv4. Notice how the binary digits maintain their place value in the octets even when it is divided by the netmask. 192.168.130.5/20 192 168 130 5 11000000 10101000 10000010 00000101 20 bits = 11111111 11111111 11110000 00000000 Network = 192.168.128.0 Host = 2.5 The network portion of an address is used by an IPv4 or IPv6 machines to lookup which interface a packet should be sent out on in its routing table. When an IPv4 or IPv6 host with routing enabled receives a packet that is not for the host itself, it attempts to match the network portion of the destination to a network in the routing table. If a matching entry is found, it sends the packet to the destination specified in the routing table. If no entries are found and a default route is configured, it is sent to the default route. If no entry is found and no default route are configured, the packet is discarded. Configuring an Interface There are two tools we will be covering that you can use to configure a network interface: ifconfig and ip. The ifconfig program, while still widely used, is considered a legacy tool and may not be available on newer systems. On newer Linux distributions, installation of the net-tools package will provide you TIP with the legacy networking commands. 434 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting Before configuring an interface, you must first know what interfaces are available. There are a few ways to do this. One way is to use the -a option of ifconfig: $ ifconfig -a Another way is with ip. Sometimes you will see examples with ip addr, ip a, and some with ip address. They are synonymous. Officially, the subcommand is ip address. This means that if you wish to view the man page, you must use man ip-address and not man ip-addr. The link subcommand for ip will list the interface links available for configuration: $ ip link 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s3: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:54:18:57 brd ff:ff:ff:ff:ff:ff 3: enp0s8: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:ab:11:3e brd ff:ff:ff:ff:ff:ff Assuming the sys filesystem is mounted, you can also list the contents of /sys/class/net: $ ls /sys/class/net enp0s3 enp0s8 lo To configure an interface with ifconfig, you must be logged in as root or use a utility such as sudo to run the command with root privilege. Follow the example below: # ifconfig enp1s0 192.168.50.50/24 The Linux version of ifconfig is flexible with how you specify the subnet mask: # ifconfig eth2 192.168.50.50 netmask 255.255.255.0 # ifconfig eth2 192.168.50.50 netmask 0xffffff00 # ifconfig enp0s8 add 2001:db8::10/64 Notice how with IPv6 the keyword add was used. If you don’t precede an IPv6 address with add, Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 435 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals you will get an error message. The following command configures an interface with ip: # ip addr add 192.168.5.5/24 dev enp0s8 # ip addr add 2001:db8::10/64 dev enp0s8 With ip, the same command is used for both IPv4 and IPv6. Configuring Low Level Options The ip link command is used to configure low level interface or protocol settings such as VLANs, ARP, or MTUs, or disabling an interface. A common task for ip link is to disable or enable an interface. This can be done with ifconfig as well: # ip link set dev enp0s8 down # ip link show dev enp0s8 3: enp0s8: mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 08:00:27:ab:11:3e brd ff:ff:ff:ff:ff:ff # ifconfig enp0s8 up # ip link show dev enp0s8 3: enp0s8: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:ab:11:3e brd ff:ff:ff:ff:ff:ff Sometimes you may need to adjust an interface’s MTU. As with enabling/disabling interfaces, this can be done with either ifconfig of ip link: # ip link set enp0s8 mtu 2000 # ip link show dev enp0s3 2: enp0s3: mtu 2000 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:54:53:59 brd ff:ff:ff:ff:ff:ff # ifconfig enp0s3 mtu 1500 # ip link show dev enp0s3 2: enp0s3: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:54:53:59 brd ff:ff:ff:ff:ff:ff 436 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting The Routing Table The commands route, netstat -r, and ip route can all be used to view your routing table. If you wish to modify your routes, you need to use route or ip route. Below are examples of viewing a routing table: $ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 10.0.2.2 0.0.0.0 UG 0 0 0 enp0s3 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3 192.168.150.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8 $ ip route default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 192.168.150.0/24 dev enp0s8 proto kernel scope link src 192.168.150.200 $ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 192.168.150.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8 Notice how there is no output regarding IPv6. If you wish to view your routing table for IPv6, you must use route -6, netstat -6r, and ip -6 route. $ route -6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2001:db8::/64 [::] U 256 0 0 enp0s8 fe80::/64 [::] U 100 0 0 enp0s3 2002:a00::/24 [::] !n 1024 0 0 lo [::]/0 2001:db8::1 UG 1 0 0 enp0s8 localhost/128 [::] Un 0 2 84 lo 2001:db8::10/128 [::] Un 0 1 0 lo fe80::a00:27ff:fe54:5359/128 [::] Un 0 1 0 lo ff00::/8 [::] U 256 1 3 enp0s3 ff00::/8 [::] U 256 1 6 enp0s8 An example of netstat -r6 has been omitted because its output is identical to route -6. Some of the output of the above route command is self explanatory. The Flag column provides some Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 437 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals information about the route. The U flag indicates that a route is up. A ! means reject route i.e. a route with a ! won’t be used. The n flag means the route hasn’t been cached. The kernel maintains a cache of routes for faster lookups separately from all known routes. The G flag indicates a gateway. The Metric or Met column isn’t used by the kernel. It refers to the administrative distance to the target. This administrative distance is used by routing protocols to determine dynamic routes. The Ref column is the reference count, or number of uses of a route. Like Metric, it is not used by the Linux kernel. The Use column shows the number of lookups for a route. In the output of netstat -r, MSS indicates the maximum segment size for TCP connections over that route. The Window column shows you the defualt TCP window size. The irtt shows the round trip time for packets on this route. The output of ip route and ip -6 route reads as follows: 1. Destination. 2. Optional address followed by interface. 3. The routing protocol used to add the route. 4. The scope of the route. If this is omitted, it is global scope, or a gateway. 5. The route’s metric. This is used by dynamic routing protocols to determine the cost of the route. This isn’t used by most systems. 6. If it is an IPv6 route, the RFC4191 route preference. Working through a few examples should clarify this: IPv4 Example default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 1. The destination is the default route. 2. The gateway address is 10.0.2.2 reachable through interface enp0s3. 3. It was added to the routing table by DHCP. 4. The scope was omitted, so it is global. 5. The route has a cost value of 100. 6. No IPv6 route preference. IPv6 Example 438 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting fc0::/64 dev enp0s8 proto kernel metric 256 pref medium 1. The destination is fc0::/64. 2. It is reachable through interface enp0s8. 3. It was added automatically by the kernel. 4. The scope was omitted, so it is global. 5. The route has a cost value of 256. 6. It has an IPv6 preference of medium. Managing Routes Routes can by managed by using route or ip route. Below is an example of adding and removing a route using the route command. With route, you must use the -6 option for IPv6: # ping6 -c 2 2001:db8:1::20 connect: Network is unreachable # route -6 add 2001:db8:1::/64 gw 2001:db8::3 # ping6 -c 2 2001:db8:1::20 PING 2001:db8:1::20(2001:db8:1::20) 56 data bytes 64 bytes from 2001:db8:1::20: icmp_seq=1 ttl=64 time=0.451 ms 64 bytes from 2001:db8:1::20: icmp_seq=2 ttl=64 time=0.438 ms # route -6 del 2001:db8:1::/64 gw 2001:db8::3 # ping6 -c 2 2001:db8:1::20 connect: Network is unreachable Below is the same example using the ip route command: # ping6 -c 2 2001:db8:1:20 connect: Network is unreachable # ip route add 2001:db8:1::/64 via 2001:db8::3 # ping6 -c 2 2001:db8:1:20 PING 2001:db8:1::20(2001:db8:1::20) 56 data bytes 64 bytes from 2001:db8:1::20: icmp_seq=2 ttl=64 time=0.529 ms 64 bytes from 2001:db8:1::20: icmp_seq=2 ttl=64 time=0.438 ms # ip route del 2001:db8:1::/64 via 2001:db8::3 # ping6 -c 2 2001:db8:1::20 connect: Network is unreachable Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 439 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals Guided Exercises 1. Which commands can be used to list network interfaces? 2. How would you temporarily disable an interface? How would you re-enable it? 3. Which of the following is a reasonable subnet mask for IPv4? 0.0.0.255 255.0.255.0 255.252.0.0 /24 4. Which commands can you use to verify your default route? 5. How would add a second IP address to an interface? 440 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting Explorational Exercises 1. Which subcommand of ip can be used to configure vlan tagging? 2. How would you configure a default route? 3. How would you get detailed information about the ip neighbour command? What happens if you run it by itself? 4. How would you backup your routing table? How would you restore from it? 5. Which ip subcommand can be used to configure spanning tree options? Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 441 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals Summary Networking is usually configured by a system’s startup scripts or a helper such as NetworkManager. Most distributions have tools that will edit the startup script configuration files for you. Consult your distribution’s documentation for details. Being able to manually configure networking allows you to troubleshoot more effectively. It is useful in minimal environments used for things like restoring from backups or migrating to new hardware. The utilities covered in this section have more functionality than covered in this lesson. It would be worthwhile to skim through the man page of each to familiarize yourself with the options available. The ss and ip commands are the modern way of doing things, while the rest that are covered, while still in common use, are considered legacy tools. The best way to get familiar with the tools covered is practice. Using a computer with a modest amount of RAM, it is possible to setup a virtual network lab using virtual machines that you can practice with. Three virtual machines are enough to get comfortable with the tools listed. Commands used in this lesson include: ifconfig Legacy utility used to configure network interfaces and review their states. ip Modern and versatile utility used to configure network interfaces and review their states. netstat Legacy command used to view current network connections and route information. route Legacy command used to view or modify a system’s routing table. 442 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting Answers to Guided Exercises 1. Which commands can be used to list network interfaces? Any of the commands below: ip link, ifconfig -a, or ls /sys/class/net 2. How would you temporarily disable an interface? How would you re-enable it? You could use ifconfig or ip link: Using ifconfig: $ ifconfig wlan1 down $ ifconfig wlan1 up Using ip link: $ ip link set wlan1 down $ ip link set wlan1 up 3. Which of the following is a reasonable subnet mask for IPv4? ◦ 255.252.0.0 ◦ /24 The other masks listed are invalid because they don’t separate the address cleanly into two sections, the first part defining the network, and the second the host. The left most bits of a mask will always be 1 and the right bits will always be 0. 4. Which commands can you use to verify your default route? You can use route, netstat -r, or ip route: $ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default server 0.0.0.0 UG 600 0 0 wlan1 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan1 $ netstat -r Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 443 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default server 0.0.0.0 UG 0 0 0 wlan1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan1 $ ip route default via 192.168.1.20 dev wlan1 proto static metric 600 192.168.1.0/24 dev wlan1 proto kernel scope link src 192.168.1.24 metric 600 5. How would add a second IP address to an interface? You would use ip address or ifconfig. Keep in mind that ifconfig is a legacy tool: $ ip addr add 172.16.15.16/16 dev enp0s9 label enp0s9:sub1 The portion of the command label enp0s9:sub1 adds an alias to enp0s9. If you don’t use the legacy ifconfig you can omit this. If you do, the command will still work, but the address you just added won’t show up in the output of ifconfig. You can also use ifconfig: $ ifconfig enp0s9:sub1 172.16.15.16/16 444 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting Answers to Explorational Exercises 1. Which subcommand of ip can be used to configure vlan tagging? ip link has a vlan option that can be used. Below is an example of tagging a sub interface with vlan 20. # ip link add link enp0s9 name enp0s9.20 type vlan id 20 2. How would you configure a default route? Using route or ip route: # route add default gw 192.168.1.1 # ip route add default via 192.168.1.1 3. How would you get detailed information about the ip neighbour command? What happens if you run it by itself? By reading the man page: $ man ip-neigbour It displays your ARP cache: $ ip neighbour 10.0.2.2 dev enp0s3 lladdr 52:54:00:12:35:02 REACHABLE 4. How would you backup your routing table? How would you restore from it? The example below demonstrates backing up and restoring a routing table: # ip route save > /root/routes/route_backup # ip route restore < /root/routes/route_backup 5. Which ip subcommand can be used to configure spanning tree options? Similar to managing vlan settings, ip link can configure spanning tree by using the bridge type. The example shows adding a virtual interface with a STP priority of 50: Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 445 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals # ip link add link enp0s9 name enp0s9.50 type bridge priority 50 446 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting 109.3 Lesson 2 Certificate: LPIC-1 Version: 5.0 Topic: 109 Networking Fundamentals Objective: 109.3 Basic network troubleshooting Lesson: 2 of 2 Introduction Linux based operating systems have a variety of tools to troubleshoot network problems with. This lesson is going to cover some of the more common ones. At this point you should have a grasp of the OSI or other layered models of networking, IPv4 or IPv6 addressing, and the basics of routing and switching. The best way to test a network connection is to try to use your application. When that doesn’t work, there are plenty of tools available to help diagnose the problem. Testing Connections With ping The ping and ping6 commands can be used to send an ICMP echo request to an IPv4 or IPv6 address, respectively. An ICMP echo request sends a small amount of data to the destination address. If the destination address is reachable, it will send an ICMP echo reply message back to the sender with the same data that was sent to it: $ ping -c 3 192.168.50.2 PING 192.168.50.2 (192.168.50.2) 56(84) bytes of data. Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 447 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals 64 bytes from 192.168.50.2: icmp_seq=1 ttl=64 time=0.525 ms 64 bytes from 192.168.50.2: icmp_seq=2 ttl=64 time=0.419 ms 64 bytes from 192.168.50.2: icmp_seq=3 ttl=64 time=0.449 ms --- 192.168.50.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2006ms rtt min/avg/max/mdev = 0.419/0.464/0.525/0.047 ms $ ping6 -c 3 2001:db8::10 PING 2001:db8::10(2001:db8::10) 56 data bytes 64 bytes from 2001:db8::10: icmp_seq=1 ttl=64 time=0.425 ms 64 bytes from 2001:db8::10: icmp_seq=2 ttl=64 time=0.480 ms 64 bytes from 2001:db8::10: icmp_seq=3 ttl=64 time=0.725 ms --- 2001:db8::10 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.425/0.543/0.725/0.131 ms The -c option is used to specify the number of packets to send. If you omit this option, ping and ping6 will continue to send packets until you stop it, typically with the Ctrl + C keyboard combination. Just because you can’t ping a host, doesn’t mean you can’t connect to it. Many organizations have firewalls or router access control lists that block everything but the bare minimum needed for their systems to function. This includes ICMP echo request and replies. Since these packets can include arbitrary data, a clever attacker could use them to exfiltrate data. Tracing Routes The traceroute and traceroute6 programs can be used to show you the route a packet takes to get to its destination. They do this by sending multiple packets to the destination, incrementing the Time-To-Live (TTL) field of the IP header with each subsequent packet. Each router along the way will respond with a TTL exceeded ICMP message: $ traceroute 192.168.1.20 traceroute to 192.168.1.20 (192.168.1.20), 30 hops max, 60 byte packets 1 10.0.2.2 (10.0.2.2) 0.396 ms 0.171 ms 0.132 ms 2 192.168.1.20 (192.168.1.20) 2.665 ms 2.573 ms 2.573 ms $ traceroute 192.168.50.2 traceroute to 192.168.50.2 (192.168.50.2), 30 hops max, 60 byte packets 1 192.168.50.2 (192.168.50.2) 0.433 ms 0.273 ms 0.171 ms 448 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting $ traceroute6 2001:db8::11 traceroute to 2001:db8::11 (2001:db8::11), 30 hops max, 80 byte packets 1 2001:db8::11 (2001:db8::11) 0.716 ms 0.550 ms 0.641 ms $ traceroute 2001:db8::11 traceroute to 2001:db8::11 (2001:db8::11), 30 hops max, 80 byte packets 1 2001:db8::10 (2001:db8::11) 0.617 ms 0.461 ms 0.387 ms $ traceroute net2.example.net traceroute to net2.example.net (192.168.50.2), 30 hops max, 60 byte packets 1 net2.example.net (192.168.50.2) 0.533 ms 0.529 ms 0.504 ms $ traceroute6 net2.example.net traceroute to net2.example.net (2001:db8::11), 30 hops max, 80 byte packets 1 net2.example.net (2001:db8::11) 0.738 ms 0.607 ms 0.304 ms By default, traceroute sends 3 UDP packets with junk data to port 33434, incrementing it each time it sends a packet. Each line in the command’s output is a router interface the packet traverses through. The times shown in each line of the output is the round trip time for each packet. The IP address is the address of the router interface in question. If traceroute is able to, it uses the DNS name of the router interface. Sometimes you will see * in place of a time. When this happens, it means that traceroute never received the TTL exceeded message for this packet. When you start seeing this, this often indicates that the last response is the last hop on the route. If you have access to root, the -I option will set traceroute to use ICMP echo requests instead of UDP packets. This is often more effective than UDP because the destination host is more likely to respond to an ICMP echo request than the UDP packet: # traceroute -I learning.lpi.org traceroute to learning.lpi.org (208.94.166.201), 30 hops max, 60 byte packets 1 047-132-144-001.res.spectrum.com (47.132.144.1) 9.764 ms 9.702 ms 9.693 ms 2 096-034-094-106.biz.spectrum.com (96.34.94.106) 8.389 ms 8.481 ms 8.480 ms 3 dtr01hlrgnc-gbe-4-15.hlrg.nc.charter.com (96.34.64.172) 8.763 ms 8.775 ms 8.770 ms 4 acr01mgtnnc-vln-492.mgtn.nc.charter.com (96.34.67.202) 27.080 ms 27.154 ms 27.151 ms 5 bbr01gnvlsc-bue-3.gnvl.sc.charter.com (96.34.2.112) 31.339 ms 31.398 ms 31.395 ms 6 bbr01aldlmi-tge-0-0-0-13.aldl.mi.charter.com (96.34.0.161) 39.092 ms 38.794 ms 38.821 ms 7 prr01ashbva-bue-3.ashb.va.charter.com (96.34.3.51) 34.208 ms 36.474 ms 36.544 ms 8 bx2-ashburn.bell.ca (206.126.236.203) 53.973 ms 35.975 ms 38.250 ms 9 tcore4-ashburnbk_0-12-0-0.net.bell.ca (64.230.125.190) 66.315 ms 65.319 ms 65.345 ms 10 tcore4-toronto47_2-8-0-3.net.bell.ca (64.230.51.22) 67.427 ms 67.502 ms 67.498 ms 11 agg1-toronto47_xe-7-0-0_core.net.bell.ca (64.230.161.114) 61.270 ms 61.299 ms 61.291 ms 12 dis4-clarkson16_5-0.net.bell.ca (64.230.131.98) 61.101 ms 61.177 ms 61.168 ms 13 207.35.12.142 (207.35.12.142) 70.009 ms 70.069 ms 59.893 ms Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 449 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals 14 unassigned-117.001.centrilogic.com (66.135.117.1) 61.778 ms 61.950 ms 63.041 ms 15 unassigned-116.122.akn.ca (66.135.116.122) 62.702 ms 62.759 ms 62.755 ms 16 208.94.166.201 (208.94.166.201) 62.936 ms 62.932 ms 62.921 ms Some organizations block ICMP echo requests and replies. To get around this, you can use TCP. By using a known open TCP port, you can guarantee the destination host will respond. To use TCP, use the -T option along with -p to specify the port. As with ICMP echo requests, you must have access to root to do this: # traceroute -m 60 -T -p 80 learning.lpi.org traceroute to learning.lpi.org (208.94.166.201), 60 hops max, 60 byte packets 1 * * * 2 096-034-094-106.biz.spectrum.com (96.34.94.106) 12.178 ms 12.229 ms 12.175 ms 3 dtr01hlrgnc-gbe-4-15.hlrg.nc.charter.com (96.34.64.172) 12.134 ms 12.093 ms 12.062 ms 4 acr01mgtnnc-vln-492.mgtn.nc.charter.com (96.34.67.202) 31.146 ms 31.192 ms 31.828 ms 5 bbr01gnvlsc-bue-3.gnvl.sc.charter.com (96.34.2.112) 39.057 ms 46.706 ms 39.745 ms 6 bbr01aldlmi-tge-0-0-0-13.aldl.mi.charter.com (96.34.0.161) 50.590 ms 58.852 ms 58.841 ms 7 prr01ashbva-bue-3.ashb.va.charter.com (96.34.3.51) 34.556 ms 37.892 ms 38.274 ms 8 bx2-ashburn.bell.ca (206.126.236.203) 38.249 ms 36.991 ms 36.270 ms 9 tcore4-ashburnbk_0-12-0-0.net.bell.ca (64.230.125.190) 66.779 ms 63.218 ms tcore3- ashburnbk_100ge0-12-0-0.net.bell.ca (64.230.125.188) 60.441 ms 10 tcore4-toronto47_2-8-0-3.net.bell.ca (64.230.51.22) 63.932 ms 63.733 ms 68.847 ms 11 agg2-toronto47_xe-7-0-0_core.net.bell.ca (64.230.161.118) 60.144 ms 60.443 ms agg1- toronto47_xe-7-0-0_core.net.bell.ca (64.230.161.114) 60.851 ms 12 dis4-clarkson16_5-0.net.bell.ca (64.230.131.98) 67.246 ms dis4-clarkson16_7- 0.net.bell.ca (64.230.131.102) 68.404 ms dis4-clarkson16_5-0.net.bell.ca (64.230.131.98) 67.403 ms 13 207.35.12.142 (207.35.12.142) 66.138 ms 60.608 ms 64.656 ms 14 unassigned-117.001.centrilogic.com (66.135.117.1) 70.690 ms 62.190 ms 61.787 ms 15 unassigned-116.122.akn.ca (66.135.116.122) 62.692 ms 69.470 ms 68.815 ms 16 208.94.166.201 (208.94.166.201) 61.433 ms 65.421 ms 65.247 ms 17 208.94.166.201 (208.94.166.201) 64.023 ms 62.181 ms 61.899 ms Like ping, traceroute has its limitations. It is possible for firewalls and routers to block the packets sent from or returned to traceroute. If you have root access, there are options that can help you get accurate results. Finding MTUs With tracepath The tracepath command is similar to traceroute. The difference is it tracks Maximum 450 | learning.lpi.org | Licensed under CC BY-NC-ND 4.0. | Version: 2023-07-13 LPIC-1 (102) (Version 5.0) | 109.3 Basic network troubleshooting Transmission Unit (MTU) sizes along the path. The MTU is either a configured setting on a network interface or hardware limitation of the largest protocol data unit that it can transmit or receive. The tracepath program works the same way as traceroute in that it increments the TTL with each packet. It differs by sending a very large UDP datagram. It is almost inevitable for the datagram to be larger than the device with the smallest MTU along the route. When the packet reaches this device, the device will typically respond with a destination unreachable packet. The ICMP destination unreachable packet has a field for the MTU of the link it would send the packet on if it were able. tracepath then sends all subsequent packets with this size: $ tracepath 192.168.1.20 1?: [LOCALHOST] pmtu 1500 1: 10.0.2.2 0.321ms 1: 10.0.2.2 0.110ms 2: 192.168.1.20 2.714ms reached Resume: pmtu 1500 hops 2 back 64 Unlike traceroute, you must explicitly use tracepath6 for IPv6: $ tracepath 2001:db8::11 tracepath: 2001:db8::11: Address family for hostname not supported $ tracepath6 2001:db8::11 1?: [LOCALHOST] 0.027ms pmtu 1500 1: net2.example.net 0.917ms reached 1: net2.example.net 0.527ms reached Resume: pmtu 1500 hops 1 back 1 The output is similar to traceroute. The advantage of tracepath is on the last line it outputs the smallest MTU on the entire link. This can be useful for troubleshooting connections that can’t handle fragments. As with the previous troubleshooting tools, there is the potential for equipment to block your packets. Creating Arbitrary Connections The nc program, known as netcat, can send or receive arbitrary data over a TCP or UDP network connection. The following examples should make its functionality clear. Here is an example of setting up a listener on port 1234: Version: 2023-07-13 | Licensed under CC BY-NC-ND 4.0. | learning.lpi.org | 451 LPIC-1 (102) (Version 5.0) | Topic 109: Networking Fundamentals $ nc -l 1234 LPI Example The output of LPI Example appears after the example below, which is setting up a netcat sender to send packets to net2.example.net on port 1234. The -l option is used to specify that you wish for nc to receive data instead of send it: $ nc net2.example.net 1234 LPI Example Press Ctrl + C on either system to stop the connection. Netcat works with both IPv4 and IPv6 addresses. It works with both TCP and UDP. It can even be used to setup a crude remote shell. Note that not every installation of nc supports the -e switch. Be sure to review WARNING the man pages for your installation for security information about this option as well as alternative methods to execute commands on a

Use Quizgecko on...
Browser
Browser