205: Networking Configuration
205.1 Basic networking configuration (weight: 3)
Candidates should be able to configure a network device to be able to connect to a local, wired or wireless, and a wide-area network. This objective includes being able to communicate between various subnets within a single network including both IPv4 and IPv6 networks.
Key Knowledge Areas:
Utilities to configure and manipulate ethernet network interfaces
Configuring basic access to wireless networks
The following is a partial list of the used files, terms and utilities:
ip
ifconfig
route
arp
iw
iwconfig
iwlist
Managing Network Interfaces
ifconfig: configure a network interface
ifconfig
Display information for active network interfaces
ifconfig -a
Display information for all network interfaces
ifconfig eth0
Display information for a specific network interface
ifconfig eth0 up
Bring a device online
ifconfig eth0 down
Bring a device offline
ifconfig eth0 192.168.1.200
Assign an IP address to a network interface
ifconfig eth0 netmask 255.255.255.0
Assign a netmask to a network interface
ifconfig eth0 broadcast 192.168.1.255
Assign a broadcast address to a network interface
ifconfig eth0 192.168.1.200
Remove an IP address from a network interface
ifconfig eth0 mtu number
Set maximum transmission unit for a network interface
ifconfig eth0 promisc
Set a network interface to promiscuous mode
ip: Show/manipulate routing, devices, policy routing, and tunnels.
OBJECT:
linkaddraddrlabelrouteruleneightunnelmaddrmroutemonitor
ip help
Display a list of commands and options for the ip command
ip addr help
Display a list of commands and options for the address subcommand
ip link help
Display a list of commands and options for the link subcommand
ip addr
Show information for all address
ip addr show dev eth0
Show information for a specific device
ip addr add 192.168.1.200/24 dev eth0
Add a address to device
ip addr del 192.168.1.200/24 dev eth0
Remove an address from a device
ip addr add 192.168.1.200/24 broadcast 192.168.1.255 dev eth0
Add an IP address specific broadcast address to a device
ip link
Show information for all interfaces
ip link show dev eth0
Show information for a single device
ip -s link
Show interface statistics
ip link set
Alter the status of an interface
ip link set mtu number
Set maximum transmission unit for a network interface
ip link set eth0 promisc on
Set a network interface to promiscuous mode
ip link set eth0 up
Bring a device online
ip link set eth0 down
Bring a device offline
iwconfig: configure a wireless network interfaceiwlist: Get more detailed wireless information from a wireless interface
iwconfig
Display information about all available wireless interfaces
iwconfig wlan0
Display information about a wireless interface
iwconfig --help
Display a list of commands and options
iwconfig wlan0 essid "MyNetwork" key my_key
Connect to a wireless network by providing a key
iwconfig wlan0 rate 24M
Set the bitrate for an interface
iwlist wlan0 scan
Scan for available wireless networks
iwlist wlan0 freq
List available frequencies
iwlist wlan0 rate
List available bit rates
iw: show / manipulate wireless devices and their configuration
iw help
Print all supported commands
iw help command
Print help information for specified command
iw dev
View available wireless interfaces
iw list
List all wireless devices and their capabilities
iw dev wlan0 link
Display link information
iw dev wlan0 info
Show information for an interface
iw phy phy0 info
Show capabilities for a device
iw event
Monitor event from the kernel
iw wlan0 scan
Scan for available SSIDs
iw dev wlan0 connad
Connect to a wireless network
iw dev wlan0 disconnect
Disconnect from a wireless network
Discovering Network Devices
arp: manipulate the system ARP cache
arp [-avn]
Display the contents of the ARP cache
arp -i eth1
Display entries for an interface
arp -a 192.168.1.9
Display entries for an IP address
arp -s 192.168.1.9 -i eth2 1:2:3:4:5:6
Add an enrty to the ARP cache
arp -i eth1 -d 192.168.1.9
Remove an entry from the ARP cache
ip neigh:Display the neighbor objects or the ARP cache
ip neigh
Display neighbor objects
ip -s neigh
Display neighbor objects in verbos with statistics
ip neigh show dev eth1
Show o arp cache for a device
ip neigh add 192.168.1.9 lladdr 1:2:3:4:5:6 dev eth1
Add an entry into the ARP table
ip neigh del 192.168.1.9 dev eth1
Invalidate an entry in the ARP table
ip neigh replace 192.168.1.9 lladdr 1:2:3:4:5:6 dev eth1
Replace an entry or add one if not defined
205.2 Advanced Network Configuration (weight: 4)
Candidates should be able to configure a network device to implement various network authentication schemes. This objective includes configuring a multi-homed network device and resolving communication problems.
Key Knowledge Areas:
Utilities to manipulate routing tables
Utilities to configure and manipulate ethernet network interfaces
Utilities to analyse the status of the network devices
Utilities to monitor and analyse the TCP/IP traffic
The following is a partial list of the used files, terms and utilities:
ip
ifconfig
route
arp
ss
netstat
lsof
ping, ping6
nc
tcpdump
nmap
Adjusting Network Routing
ip routeandroute: show / manipulate the IP routing table
ip route show
Display the routing table
ip route add 10.0.2.0/24 via 10.0.2.10 dev eth1
Add a route
ip route del 10.0.2.0/24 via 10.0.2.10 dev eth1
Remove a route
ip route add default via 10.0.2.10
Add a default gateway
ip route add prohibit 10.0.2.10/24
Blockl the destinication route and send ICMP message
ip route add blackhole 10.0.2.0/24
Block the destination route and silently discard
route (n)
Display the routing table
route add -net 10.0.2.0/24 gw 10.0.2.10 eth1
Add a route
route del -net 10.0.2.0/24 gw 10.0.2.10 eth1
Remove a route
route add default gw 10.0.2.10
Add a default gateway
route add -host 10.0.2.10 reject
Block the destination route for a host
route add -net 10.0.2.0 netmask 255.255.255.0 reject
Block the destination route for a network
Monitoring Network Sockets
ss: A utility used to investigate network sockets and dump socket statistics.
-l, --listening
Display listening server sockets
-a, --all
Display all sockets (default: connected)
-i, --interfaces
Display interfaces table
-s, --summary
Show socket usage summary (like SNMP)
-e, --extended
Show detailed socket information
-n, --numeric
Don't resolve names
-p, --programs
Display PID/Program name for sockets
-t, --tcp
Display only TCP sockets
-u, --udp
Display only UDP sockets
netstat: Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
-l, --listening
Display listening server sockets
-a, --all
Display all sockets (default: connected)
-i, --interfaces
Display interfaces table
-s, --statistics
Show network statistics
-e, --extended
Show detailed socket information
-v, --verbose
Be verbose
-n, --numeric
Don't resolve names
-p, --programs
Display PID/Program name for sockets
-t, --tcp
Display only TCP sockets
-u, --udp
Display only UDP sockets
-r, -route
Display routing table
lsof: A utility that lists open files.
-u username
List open files by user
-u ^username
List open files and exclude a user
-i [46][protocol][@hostname|hostaddr][:service|port]
List open files by network connections
-p PID
List open files by PID
-p ^PID
List open files and exculde a PID
/directory
List open files by directory
/dev/sda1
List open files by device
-c
List open files by process name
Monitoring Network Traffics
tcpdump: A network traffic monitoring tool. Can monitor protocols other than TCP. Lofical operators and and or can be used to combine filters.
-D
List interfaces available for capture
-i eth0
Capture packets on an interface or all interfaces (any)
-c
Capture a specified count of packets
-n
Disable hostname resolution
-nn
Disable protocol, port and hostname resolution
-i any protocol
Capture packets by protocol on all interfaces
-i any host 10.0.2.10
Capture packets by a host on all interfaces
-i any src/dst 10.0.2.10
Capture packets by source or destination address on all interfaces
-A
View packet content in ASCII
-X
View packet content in hex and ASCII
-w file_name.pcap
Save the output of tcpdump to a file
-r file_name.pcap
Read packets from a file
nmap: Network Mapper is a network exploration and security scanner. The network mapper services file is located at/usr/share/nmpa/nmpa-services.
hostname
Scan using a hostname or multiple hostnames
10.0.2.10
Scan using IP address or multi IP addresses
-v 10.0.2.10
Increase verbosity
-iL hosts.txt
Scan a list of hosts from a file
-A 10.0.2.10
Enable OS detection, version detection, script scanning, and traceroute
-O 10.0.2.10
Enable OS detection
-sA 10.0.2.10
Detect firewall or packet filters
-Pn 10.0.2.10
Skip host discovery (formerly -PN)
-sn 10.0.2.10
Perform a "ping scan" - Dot not detect open ports (formerly -sP)
-F 10.0.2.10
Perform fast scan using less ports
-r 10.0.2.10
Scan ports consecutively - don't randomize
--iflist
View host interface and route information
-p 22, 443 10.0.2.10
Specify ports to scan
-sU 58 10.0.2.10
Scan for a UDP port
-sV 10.0.2.10
Determine service/version information
-sS 10.0.2.10
Perform TCP SYN scan (stealthy scan)
-sT 10.0.2.10
Perform TCP connect scan
Interacting with Remote Hosts
pingandping6: Utilities used to send ICMP ECHO_REQUEST to network hosts. Provided by theiputilspackages. All options can be used bypingandping6execpt for -F (not listed), which in used to allocated a 20-bit flow label on echo request packets.
hostname
Send a stream of ICMP packets to a hostname
10.0.2.10
Send a stream of ICMP packets to an IP address
-c 5 10.0.2.10
Send a specified amount of packets
-s 10.0.2.10
Alter the size of the packets
-i 3 10.0.2.10
Change the interval for sending packets
-q 10.0.2.10
Only show the summary information
-w 5 10.0.2.10
Set a timeout of when to stop sending packets
-f 10.0.2.10
Flood ping. Send packets as soon as possible.
-p ff 10.0.2.10
Fill a packet with data. ff fills the packet with ones
-b 10.0.2.10
Send packets to a broadcast address
-t 10 10.0.2.10
Limit the number of network hops
-v 10.0.2.10
Increase verbosity
ncat (nc):A network utility that provides several options for interacting with hosts using TCP or UDP over IPv4 and IPv6. Provided by thenmap-ncatpackage.
-l port
Listen for inbound connections on a port
10.0.2.10 port
Connect to remote system on a specific port
-u udp_port
Specify a UDP port (TCP is the default)
-w time_count
Terminate connection after specified time
-l -k port
Accept multiple connections in listen mode
-v
Increase verbosity
-z
Report connection status only
-i
Set an idle timeout
-v -z 10.0.2.10 22 80
Scan multiple ports
-v -z 10.0.2.10 20-80
Scan a range of ports
-c command
Executes given command via /bin/sh
-e command
Execute the given command
205.3 Troubleshooting network issues (weight: 4)
Candidates should be able to identify and correct common network setup issues, to include knowledge of locations for basic configuration files and commands.
Key Knowledge Areas:
Location and content of access restriction files
Utilities to configure and manipulate ethernet network interfaces
Utilities to manage routing tables
Utilities to list network states.
Utilities to gain information about the network configuration
Methods of information about the recognised and used hardware devices
System initialisation files and their contents (Systemd and SysV init)
Awareness of NetworkManager and its impact on network configuration
The following is a partial list of the used files, terms and utilities:
ip
ifconfig
route
ss
netstat
/etc/network/, /etc/sysconfig/network-scripts/
ping, ping6
traceroute, traceroute6
mtr
hostname
System log files such as /var/log/syslog, /var/log/messages and the systemd journal
dmesg
/etc/resolv.conf
/etc/hosts
/etc/hostname, /etc/HOSTNAME
/etc/hosts.allow, /etc/hosts.deny
Undrestanding Network Configuration Files and Locations
IPADDR=10.0.1.10
Specify the IPv4 address
PREFIX=24
Specify the network prefix
NETMASK=10.0.10.1
Specify the netmask
GATEWAY=10.0.10.1
Specify the gateway
DNS1=192.168.154.3
Specify a DNS server
DNS2=10.216.6.3
Specify another DNS server
PEERDNS=yes
Modify the /etc/resolv.conf file (yes|no)
TYPE=Ethernet
The type of network interface device
BOOTPROTO=none
Specify boot protocol (none|dhcp|bootp)
DEFROUTE=yes
Specify default route for IPv4 traffic (yes|no)
IPV6_DEFROUTE=yes
Specify default route for IPv6 traffic (yes|no)
IPV4_FAILURE_FATAL=no
Disable the device if the configuration fails (yes|no)
IPV6_FAILURE_FATAL=no
Disable the device if the configuration fails (yes|no)
IPV6INIT=yes
Enable or disable IPv6 on the interface (yes|no)
IPV6_AUTOCONF=yes
Enable or disable autoconf configuration (yes|no)
NAME=eth0
Specify a name for the connection
UUID=...
Specify the unique identifier for the device
ONBOOT=yes
Activate interface on boot (yes|no)
HWADDR=0e:a5:1a:b9:fc:89
Specify the MAC address for the interface
/etc/hosts: The host configuration file associates hostnames with an IP address.
/etc/resolv.conf: The resolver configuration file specifies DNS servers and searches domains for the host.
/etc/sysconfig/network: This configuration file is used to specify global network settings.
/etc/nsswitch.conf: The Name Service Switch (NSS) configuration file is used to determine which sources to obtain name-service information and in what order.
/etc/network/interfaces: (Debian Based-System):
NetworkManager
Attempts to automate and simplify network configuration
Implements a dynamic network control and configuration daemon to ensure connections stay active
Proactivity creats (temporary) connections for detected network devices
Provides user-friendly administrative tools: GUI,
nmtui, andnmcli
Lines beginning with the word "auto" are used to identify to be brought up when
ifupis run with the-aoptio. (This option is used by the system boot scripts.)
Analyzing Network Diagnostics and Troubleshooting Network Issues
traceroute: Tracks the route packets take from an IP network on their way to a given host.traceroute6: is identical totraceroutewith the-6option.
-I
Use ICMP ECHO for probes
-T
Use TCP SYN for probes
-f first_ttl
Specifies what TTL to start (default is 1)
-g gateway
Specify a gateway to route the packets
-i interface
Specify an interface to send packets through
-m max_ttl
Specify the maximum number of hopes (default is 30)
-n
Do not attempt to resolve host names
-q
Set the number of probe packet per hop (default is 3)
-w
Set the time to wait, in seconds, for a response (default is 5)
-4 | -6
Use IPv4 or IPv6 only
hostname packet_len
Set the size of the probing packet (default is 60 bytes)
mtr: A network diagnostic utility that combines the funcionality of thetracerouteandpingcommand
-r -c 5
Run mtr report mode and print out statistics based on the number of cycles
-w
Run mtr in wide report mode and print out statistics
-c 5
Specify the number of pings
-n
Do not resolve hostnames
-b
Show hostnames and IP addresses
-o "LSD NBAW"
Specify the fields and order of fields
-a 10.0.2.20
Send outgoing packes through a specific interface
-i seconds
Specify the interval for sending packets (default is 1)
-m NUM
Specify the maximum number of hops (default is 30)
-f NUM
Specify the maximim number of hops (default is 1)
-u
Use UDP datagrams instead of ICMP ECHO
-T
Use TCP SYN packets instead of ICMP ECHO
-4 | -6
Use IPv4 or IPv6 only
journalctl: A logging system introduce by Systemd. Implemented by thejournalddaemon, which stores logs in a binary format that can viewed by using thejournalctlutility. Settings for the Systemd journal can be updated bt modifying/etc/systemd/journald.confor by adding configuration files to/etc/systemd/journald.conf.d/.
-u unit
View messages for a particular Systemd unit
-f
Follow the journal for the latest messages
-e
Jump to the end of the journal
-o format
Change the format of the messages displayed
-x
Add explanation texts from the message catalogue
-p
Filter messages based on priority specified
-S, -U
Show entries from a specified date (since and until)
dmesg: A utiliy used to examine or control the kernel ring buffer. By default, it reads all messages from the kernel ring buffer.
-C
Clear the ring buffer
-c
Clear the ring buffer contents after printing
-D
Disable printing message to the console
-E
Enable printing message to the console
-e
Display local time and delta in human-readable format
-H
Enable human readable format
-F file
Read log from a file
/var/log/syslog: The main system log for Debian-based hosts. Stores all global system activity and startup messages. Options are controlled by/etc/syslog.confor/etc/rsyslog.confin newer versions. Additional configuration files can be added to `/etc/rsyslog.d/.
/var/log/messages: The main system log on RHEL-based hosts. Stores all global system activity and startup messages. Options are controlled by/etc/rsyslog.conf. Additional configurations can be added to `/etc/rsyslog.d/.
Managing Hostnames and Restricting Host-Level Access
/etc/hostnameand/etc/HOSTNAME: The /etc/hostname file is used to store hostname of the system. On some distributions, the/etc/HOSYNAMEfile is used for this purpose but is ofen aliased to/etc/hostname.hostnameandhostnamectl: Thehostnamecommand is used to show ro set the system's hostname (i.e.,hostname HOSTNAME). On Systemd systems, thehostnamectlcommand has replaced thehostnamecommand (i.e., `hostnamectl set-hostname HOSTNAME)
/etc/hosts: This file is used to map hostnames and aliases to IP addresses./etc/hosts.allowand/etc/hosts.deny: These files are used to determine whether a client has permission to connect to a network service on a remote host. The format of both files is as follow:daemon_list:client_list [:command]. The daemon list is a comma-seprated list of service daemons, the client list is a comma-separated list of clients, and command is an optional command that is executed when a client tries to access a server daemon. The keywordALLmay be used for the daemon and client lists in order to allow or deny access to all clients.
Sample Questions
Last updated
Was this helpful?