LPIC - 108 Linux Network

Objective

• Network Protocols
• Network Addressing
• Linux Network Config
• Network Troubleshooting

Network Protocols

Linux uses the TCP/IP stack.

1 - General

Network hardware

• Facilitate data transfer between computers
• Ethernet hardware - twister-pair cabling (-T, pairs of twister wires, reduce inteference)
• Other types
  • Token Ring (common on IBM networks)
  • LocalTalk (Apple, early Macs)
• High-speed interfaces (for high performance applications)
  • Fibre Channel
  • FDDI - Fiber Distributed Data Inteference
  • HIPPI - High Performance Parallel Interface

Network devices don’t have entries in /dev.
Low-level network utilities take device name and work with them directly.

Cabling

• Fiber-optic cables - use light to transmit data down a thin glass strand (faster speed & longer distance)

  • For 100 Base-T Ethernet: Cat-5 (Category 5)

  • Gigabit Ethernet works best with Cat-5e / optical cables

• Many network types (including twister-pair Ethernet), require a hub / switch

  • Switches are superior to hubs 📌

  • Hub mirror all traffic to all computers (half-duplex)

  • Switch send packets only to intended destination (full-duplex)

    Both parties can send data at the same time in full speed, instead of taking turns

PPP & DSL

• DSL connections (Digital Subscriber Line) - For broadband users
• PPP - login-based way to access the Internet (e.g. Dial-up Internet access)
• PPP & DSL - PPPoE (PPP over Ethernet)

Network Packets

• Packets - discrete chunks of data

• Error-recovery procedures - critical for protocols that handle large transfers

• Packets can be stored within each other (e.g. TCP packets within Ethernet frames)

  A data transfer can involves several layers of wrapping & unwrapping data

Wireless networking

Common protocols

• 802.11a - 54 Mbps
• 802.11b - 11 Mbps
• 802.11g - 54 Mbps
• 802.11n - 300 Mbps

Transmission

• Transmitted via radio waves (network device - network Access Point)
  • AP - controls how data is sent to each network device (similar to switch)
  • Each AP has a unique SSID (Service Set Identifier)
• Easily intercepted - need to enable encryption

Encryption

• WEP - Wired Equivalent Privacy (weak)
• WPA - WiFi Protected Access
• WPA2

WiFi Adapters

• Computers with wifi adapters can communicate directly with each other
• But it’s more common to use a wireless router

Wireless Routers

• Link together both wireless & Ethernet devices
• Connection to outside netowrk (sometimes via broadband connection)

2 - TCP / IP

Common Protocols

• IP
  • Connectionless, best effort delivery - not guranteed to reach destination
  • Packets may arrive our of order / corrupted
• ICMP - Internet Control Message Protocol
  • Layer 3 protocol
  • For sending error msgs between computers
• UDP - User Datagram Protocol
  • Faster than TCP, but no checking / verification
  • L7 protocols built on top of UDP - streaming protocols, DNS, NFS (Network File System)
• TCP - Transmission Control Protocol
  • Establish full connection, with error checking & correction
  • L7 protocols built on top of TCP - HTTP, FTP, SMTP

Network Addressing

Configure a host with static IP

• IP address (subnet + host address )
• Netmask
• Gateway address (default router)
• Hostname
• DNS server

1 - Addresses & Netmasks

Hardware Address

• Also called - MAC address (Media Access Control)
• 6 bytes in hex
• Network switches use it to direct data packets
• DHCP can use the MAC address to consistently assign the same IP to a given host

IP Address

• Convert between MAC & IP address
  • Send broadcast query - Ask computer with given IP to identify itself. Receive reply with MAC address
  • IPv4 - ARP (Address Resolution Protocol)
  • IPv6 - NDP (Neighbor Discovery Protocol)
• Two Section
  • Network / Subnet address - All devices on the same physical network, share the same network address portion
  • Host address - Each device must have a unique host address

Network Mask 📌

Also called - subnet mask, netmask

• Identifies network address (binary 1) & host address (binary 0)

• Another way to express netmask - CIDR (Classless Inter-Domain Routing)

• Broadcast address - address binary all set to 1

Example

# IP
172.30.9.102

# netmask
255.255.0.0

# in CIDR
172.30.9.102/16

# network addr
172.30.0.0

# broadcast addr
172.30.255.255

IPv4 network classes

• Private Address range - RFC1918
  • Routers will drop packets sent to these addresses, isolating them from the Internet
  • Class A - 10.0.0.0 to 10.255.255.255
  • Class B - 172.16.0.0 to 172.31.255.255
  • Class C - 192.168.0.0 to 192.168.255.255
• Class D - multicasting ( 224.0.0.0 to 239.255.255.255 )
• Class E - future use
• Special case
• 127.x.x.x - For loopback (i.e. localhost) 📌
  • Ultimate broadcast address - 255.255.255.255
    Routers normally block packets sent to this address, to prevent flooding the network

Small private networks (Class A, B, C) hide behind one NAT router (Natwork Address Translation),
with one public IP on the Internet.

Default Router (Gateway)

• Connect different physical networks together
• Network devices must know the local default gateway to forward packets to remote hosts 📌

For a computer on a local network to communicate to the outside - Need a router / gateway

2 - DNS

Hostnames

• To make up a hostname - choose an invalid domain name (Below are reserved for this purpose)
  • xx.example.com
  • xx.example.org
  • xx.localhost

DNS

• Distributed database

• Each domain has at least 2 DNS servers (nameservers)

• Resolve hostname in corporate network - point your laptop to your org’s DNS servers

• DNS Error - NXDOMAIN : Hasn’t configured reverse lookup (get IP address based on hostnames)

DNS Lookup Tools

• nslookup - Deprecated, dropped from parent pacakge (bind-utils / bind-tools)
• host - Replacement of nslookup. For simple queries only
• dig - For complex DNS lookup
• whois - lookup domain info
• getent - look for entries in any type of text database on Linux 📌
  • parse through host databases defined in /etc/nsswitch.conf

# whois - omit legal disclaimer
whois -H github.com

# dig
dig +short github.com CNAME

Local config - /etc/hosts

192.168.7.23   merikanto.io   merikanto

• merikanto.io - FQDN
• merikanto - alias (hostname without full domain specification)
• For small network - maintain /etc/hosts on all computers in the network
• Linux DNS lookup: First /etc/hosts, then DNS
  • Modify lookup order - /etc/nsswitch.conf (Configure NSS - Name Service Switch)

# reverse files & dns order
hosts:    files dns

Local config - /etc/networks

• Applies to network address
• Rarely necessary to edit this file

3 - Network Ports

Port numbers are Layer 4 features (TCP / UDP)

Port Number	Protocol	Purpose
20	TCP	FTP (Unsecured)
53	TCP & UDP	DNS
67	UDP	DHCP
123	UDP	NTP - Network Time Protocol
161	UDP	SNMP - Simple Network Management Protocol
162	UDP	SNMP Trap
389	TCP	LDAP
636	TCP	LDAP over SSL
5900+	TCP	RFB (Remote Frame Buffer), for VNC
6000 - 6007	TCP	X Window System

Privileged Ports

• Privileged - port number less than 1024 (restrict access to root)
• Purpose - Ensure client connection to privileged ports are configured by sys admin
• This distinction isn’t useful today - Trust is unjustified based soly on the port number

Local config - /etc/services

• Map port numbers to names - Link servers to correct ports
• Then use names in server configs

Linux Network Config

Legacy Tools (from net-tools pkg)

• ethtool - Display ethernet setting
• iwconfig - Set SSID & encryption key for wireless interface
• ifconfig - Set IP & Netmask
• route - Set default router

1 - Basic

Configure Network Hardware

Find the name of the network hardware’s kernel module

# load network driver
sudo modprobe tulip

Systemd - systemd-networkd

• Detect network interfaces
• Create entries for interfaces in the network config file

Netplan

• Used by Ubuntu to manage network settings
• Config file - /etc/netplan

Network Manager CLIs

• nmtui - text based UI

• nmcli - text only CLI

  nmcli device xx
  nmcli connection xx

Configure DHCP

• DHCP client sends a broadcast to search for DHCP server
• Server replies with following info 📌
  • IP address
  • Netmask
  • Network’s gateway
  • DNS server
• DHCP lease - If not renewed, the DHCP server will give the lease to another host
• Clients
  • pump
  • dhclient - e.g. dhclient eth0
  • dhcpcd - Most popular

It’s not a good idea to use DHCP for servers - Servers need to have fixed IP address.

Safest to manually configure network info for servers (static host address)

Configure Static IP

• Config files
  • Redhat - /etc/sysconfig/network-scripts/
  • Debian - /etc/network/interfaces
• Configure following items
  • IP address
  • Netmask
  • Gateway address - route (necessary for hosts communicating with wider network)
  • DNS setting - specify at least 1 DNS server in /etc/resolve.conf

Wireless Interface

iwlist - Display all wirelss signals

iwlist wlan0 scan

Use ifconfig

• RX - packets received
• TX - packets transmitted

# bring up network interface eth0
ifconfig eth0 up 192.168.1.1 netmask 255.255.0.0

# add gateway
route add default gw 192.168.10.1

# view config
ifconfig eth0

If ifconfig viewing shows TX collision rate is high - Consider replacing hub with a switch.

2 - Interface Bonding

Network interface bonding types 📌

Aggregate multiple interfaces into one virtual network device (Similar concept - LACP)

• Load Balancing - Share traffic between multiple interfaces
• Aggregation - Combined to create one larger network pipe
• Active / Passive - One primary, one used as backup for fault tolerance

Boning modes

Mode	Name	Description
0	balance-rr	LB + Fault tolerance in round-robin approach
1	active-backup	Fault tolerance with one as primary, one as backup
2	balance-xor	LB + Fault tolerance by transmitting on one interface, and receiving on the other
3	broadcast	Transmit all packets on all interfaces
4	802.3ad	Aggregate interfaces to create one connection combining interface bandwidths
5	balance-tlb	LB + Fault tolerance based on current transmit load
6	balance-alb	LB + Fault tolerance based on current receive load

Example - Steps to enable network interface bonding 📌

bond0 will be treated as a single network interface

# load bonding module - create bond0 interface
sudo modprobe bonding

# define bond0 mode
sudo ip link add bond0 type bond mode 4

# add interfaces to the bond
sudo ip link set eth0 master bond0
sudo ip link set eth1 master bond0

When to use a network bridge:

Connect multiple network interfaces to separate networks. Configure LInux as a bridge between networks.

Don’t forget to set ip_forward 1 in /etc/sysctl. Use brctl to control the bridge.

3 - Routing

Notes

• Each router has at least 2 network interfaces, and keeps a routing table (rules)

View routing info

• Use -n : Use IP address instead of hostnames (If DNS config is broken, lookup can be slow or fail)

# diagnostic
route -n 

127.x.x.x - Loopback / Localhost: Special virtual interface that loops back to the originating host

• lo - Local loopback interface
• Any local program can use it to communicate with other programs, as if they were across a network.
  This simplifies data transfer between programs.

Configure Routing

• Route Tables - Direct packets based on destination IP
• reject - block the route

# set default gateway
route add default gw 192.168.1.2

# destination  - 172.20.0.0/16 subnet
# pass through - 172.21.1.1 router
route add -net 172.20.0.0 \
      netmask 255.255.0.0 \ 
      gw 172.21.1.1
      
# enable routing - /etc/sysctl.conf
net.ipv4.ip_forward = 1

Config Tools

• GUI tool - system-config-network
• CLI tool
  • ifup - bring up interface
  • ifdown - bring down interface

If config breaks the network connection, then

• Bring down & up the interface ( ifdown + ifup )
• Reboot

4 - Hostnames

Setting local hostname (Does not affect remote servers)

• hostname
• dnsdomainname
• /etc/hostname

With Systemd

• hostnamectl
• DNS server - systemd-resolved

5 - The New Standard : iproute2

Most of the legacy tools have been replaced by the iproute2 package. The main utility is ip

Options for ip

Option	Explanation
address / a	Set IPv4 / IPv6 address
route	Manage routing table
link	Define network device
monitor	Watch for netlink msg
netns	Manage
rule	Manage entries in routing policy database
tcpmetrics	Manage TCP metrics on the interface
token	Manage tokenized interface identifiers
tunnel	Tunnel over IP
l2tp	Tunnel Ethernet over IP
xfrm	Manage IPSec policies for secure connections

Multicast options

Option	Explanation
maddress	Define multicast address for system to listen to
mroute	Define entry in multicast routing cache
mrule	Define rule in multicast routing policy database

Example

# show address
ip a show

# specify host address & netmask for interface eth0
ip a add 192.168.1.2/24 dev eth0

# set default router
ip route add default via 192.168.1.10 dev eth0

# make interface active
ip link set eth0 up

Fine-tune network interface parameters in /etc/sysctl.conf

• Disable packet forwarding - ip_forward 0
• Disable ICMP message response - icmp_echo_ignore_broadcasts 1
  • ICMP packets can be used to create DOS attack 📌

Network Troubleshooting

• ping
• traceroute / tracepath
• tcpdump
• netstat
• ss
• netcat ( nc )

1 - Connectivity & Trace Route

Test Connectivity - ping

# specify number of tests
ping -c 4 [host]

Route Tracing - traceroute / tracepath

# -n: display target host's IP address
traceroute -n 10.1.0.43

• traceroute can localize problems in network connectivity
  Highly variable / missing times indicate a overloaded router, or has an unreliable link to the preious system.
• tracepath - yields longer output
  • Common use - Find mismatch in MTU (Max Transmission Unit) between network hops in a path. 📌
  • MTU - Size of largest data packet allowed by a network device

Some routers block all traceroute data.

2 - Network Status & Traffic

Check network status - netstat

Option	Explanation
-i	Interface information. Similar to ifconfig results
-r	Routing table list. Similar to route results
-l	Listening
-M	Get info about connection mediated by Linux NAT features (IP Masquerading) NAT enables a Linux router to hide a network behind a single IP
-p	Get info about programs that are using network connections
-a	Get info about all listening & open ports
-t	TCP connections only
-u	UDP connections only
-s	Stats for different packet types

Examine Sockets - ss

• Socket - Program connection to a port 📌

# show listening & established TCP connections
ss -anpt

netcat

• Read from & write any network port
• Accept input from redirection & piping

# listen for incoming traffic on 80/tcp
nc -l 80

# listen to server on 443/tcp
nc 192.168.1.4 443

3 - Other

Examine Raw Network Traffic - tcpdump (Packet Sniffer) 📌

• Packet sniffer - intercept network packets
• Must run as root

-c [n]	# show number of packets
-v	# verbose

-A	# show packet content in ASCII
-D	# show list of listenable interfaces
-n	# show all addresses numerically
-w	# write captured packets to file

telnet

• Unencrypted connection
• Debug network protocols (TCP only)

telnet [host] 25	# SMTP

IPv6

1 - Address

Notes

• Multicasting - transmit data simultaneously from one computer to multiple recipients

• New feature - SLAAC (Stateless Adress Auto-Config), simplifies initial network setup

  Similar to IPv4 DHCP (Dynamic Host Config Protocol)

• Originates the IPSec tools. IPSec then is back-ported to IPv4 📌

• Streamlined data structures - Quicker processing by routers

IPv6 address format

• 128-bit, split to 8 groups with :
• If one or more groups of 4-digit is 0000, then omitted with :: (only one groups of zeros 📌 )
• Host address types
  • Link local addresses (uniquely identify the device)
  • Global addresses

IPv6 Private Addresses

• IPv6 site-local addresses maybe routed within a site, but not offsite
  • Begin with - fec, fed, fee, fef
• Link-local addresses are restricted to single network segment. They shouldn’t be routed at all 📌
  • Begin with - fe8, fe9, fea, feb
  • Assign address (auto to assign link local address) - iface eth0 inet6 auto

2 - Config & Troubleshoot

Test connectivity - ping6

• With link local address - need to specify the interface

# -c : specify number of tests
# after % : specify interface
ping6 -c 4 fe80::2ed0:cbce%enp0s3