* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download UNIX Networking
Survey
Document related concepts
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Computer network wikipedia , lookup
Network tap wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Airborne Networking wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Deep packet inspection wikipedia , lookup
Distributed firewall wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Transcript
Networking in UNIX Basic Networking Concepts: TCP/IP TCP/IP stands for Transfer Control Protocol over Internet Protocol, the language used for 2 computers communicating to each other – initially developed on and for the UNIX platform in 1983 – message broken up into packets – each packet contains a packet sequence number, a checksum, plus a header that contains at least a sender address & one or more recipient addresses – no dedicated connections between sender and receiver – transferred through network via routers – intelligent devices that inspect each packet and decide what to do next (deliver packet locally or forward it to another router.) Basic Networking Concepts: Identifying Computers Each computer in network has a host name and IP address • a host name may be simple, e.g., sodapop,or a Fully Qualified Domain Name (FQDN), e.g. sodapop.brookdalecc.edu • an IP address is a set of 4 dot delimited octets, e.g. 127.212.109.37 Each octet has a maximum value of 255. • only IP addresses are routable. FQDN’s must be converted to IP addresses for a router to evaluate. Mapping Domain Names to/from IP Addresses • /etc/host file – good for small networks – holds name to address mappings in small networks. – each computer must maintain its copy and keep it in sync with the other computers on the network. • DNS (Domain Name Service) – used in larger networks – distributed database that provides name to address mapping service – hostnames organized hierarchically – delegation of authority at individual levels in hierarchy The DNS Hierarchy Authority delegated to levels in hierarchy falls to organization’s network administration. A zone is an organization’s level(s) of authority. The Client-Server Paradigm in UNIX One entity makes a request, another party services the request Request Server Client Response Server programs in UNIX are called daemons • Run in background. Listen for input from clients • Examples: – httpd – listens for requests for web pages – sendmail – handles email – inetd – handles ftp and telnet requests Ports • Communication on a computer is through a port • Many ports are predefined including: Service Client Program server Port # FTP ftp 21 SSH ssh, scp, sftp, slogin 22 TELNET telnet 23 SMTP mailx, netscape 25 HTTP netscape, mozila, 80 firefox, opera, chrome POP3 fetchmail 110 A complete list ports that UNIX listens on found in /etc/services Testing Connectivity: ping • used to test if a machine is on a network. ping uses no daemon • ping sends 56 byte packets to remote whose NIC card answers back $ ping sodapop PING sodapop: 56 data bytes 64 bytes from sodapop.brookdalecc.edu (172.17.1.243): icmp_seq=0. time=0. ms 64 bytes from sodapop.brookdalecc.edu (172.17.1.243): icmp_seq=. time=0. ms 64 bytes from sodapop.brookdalecc.edu (172.17.1.243): icmp_seq=. time=0. ms 64 bytes from sodapop.brookdalecc.edu (172.17.1.243): icmp_seq=. time=0. ms ^C --- sodapop PING statistics --4 packets transmitted, 4 packets received, 0% packet loss round trip (ms) min/avg/max/stddev = 0.010/0.031/0.006 Remote Login: telnet log in to a remote machine over an IP network using: telnet ip address $ telnet 127.0.0.1 Trying 127.0.0.1... or telnet Connected to localhost. o 127.0.0.1 Escape character is '^]'. User (rbournique): telnet is not secure. User ID and password are transmitted in clear text local machine acts like a dumb terminal: Echoes to terminal what is sent and what is received \ Transferring Files: ftp • ftp lets a user log into a remote machine over an IP network to transfer files. Users may log into remote machine as: • an authorized remote user (user has own id and password) • an anonymous user (user id= anonymous, pwd=user’s e-mail address) • transfers may be ASCII (text files) or BINARY (e..g. programs) • whole set of commands to allow user to navigate to proper files on the remote machine and download them ftp Commands to Use on Remote System ! $ account append ascii bell binary bye case cd cdup chmod close cr get mdir nlist put debug glob mget nmap pwd delete hash mkdir ntrans quit dir help mls open quote disconnect idle mlsd page umask edit image mlst passive rcvbuf epsv4 lcd mode pdir recv exit less modtime pls reget features lpage more pmlsd remopts fget lpwd mput preserve rename form ls mreget progress reset ftp macdef msend prompt restart gate mdelete newer proxy rmdir rstatus runique send rate tenex throttle trace type sendport set site size sndbuf status struct sunique rhelp unset usage user verbose xferbuf ? system Secure Remote Login: ssh • ssh lets a user securely log in to a remote machine over an IP network • developed to replace telnet • encryption/decryption provides data confidentiality and data integrity over an insecure network • data is encrypted by sender, and decrypted by recipient using a key • uses public key (asymmetric) cryptographic algorithms to generate a mathematically related public-private key pair • key pair is used to — establish trust, i.e., authenticate user and host — encrypt/decrypt the user’s passwords & data Asymmetric Cryptography Advantage: key management Disadvantage: Complex mathematical algorithm Diagnosing Network Problems: netstat • netstat is used to help diagnose a network problem. For example, $ netstat -i Name Mtu Network eg1 1500 204.89.162 eg0 1500 38.254.211 loop 1536 loopback-net # Name = Mtu = Network= Address= Ipkts= Opkts= Odrop= Address dxi4.dxi.com dxifour.dxi.com localhost Ipkts 2275517 4716968 0 Opkts 3783974 2862227 0 Odrop 0 0 0 the name of the interface. It identifies a particular Ethernet board the maximum transfer unit or maximum packet size for this interface the network to which this interface is connected the address of this interface on Internet # of input packets received by this interface since system was booted # of output packets sent by this interface since system was booted # of packets that were dropped without reaching destination More netstat Examples netstat Displays generic net statistics of the host you are currently connected to netstat –an Shows all connections to the server including the source and destination ips and ports if you have proper permissions netstat -an |grep :80 |wc –l Display a count of the amount of active connections on port 80 netstat –natp Displays active Internet connections The X Window System on a Network • X Window uses a reverse client-server paradigm: – the application runs on the client – the display is handled by the server • To run a client on a remote machine and still have the display show up on the local machine: – on the local machine, run xhost +<remote machine name> which tells the local machine it’s OK to run X Window applications from another remote machine – on the remote machine, run export DISPLAY=<local machine name>:0.0 which directs the remote machine output to the local machine