205: Networking Configuration
205.1 Basic networking configuration (weight: 3)
Candidates should be able to configure a network device to be able to connect to a local, wired or wireless, and a wide-area network. This objective includes being able to communicate between various subnets within a single network including both IPv4 and IPv6 networks.
Key Knowledge Areas:
Utilities to configure and manipulate ethernet network interfaces
Configuring basic access to wireless networks
The following is a partial list of the used files, terms and utilities:
ip
ifconfig
route
arp
iw
iwconfig
iwlist
Managing Network Interfaces
ifconfig
: configure a network interface
Command | Purpose |
---|---|
| Display information for active network interfaces |
| Display information for all network interfaces |
| Display information for a specific network interface |
| Bring a device online |
| Bring a device offline |
| Assign an IP address to a network interface |
| Assign a netmask to a network interface |
| Assign a broadcast address to a network interface |
| Remove an IP address from a network interface |
| Set maximum transmission unit for a network interface |
| Set a network interface to promiscuous mode |
ip
: Show/manipulate routing, devices, policy routing, and tunnels.
OBJECT:
link
addr
addrlabel
route
rule
neigh
tunnel
maddr
mroute
monitor
Command | Purpose |
---|---|
| Display a list of commands and options for the |
| Display a list of commands and options for the address subcommand |
| Display a list of commands and options for the link subcommand |
| Show information for all address |
| Show information for a specific device |
| Add a address to device |
| Remove an address from a device |
| Add an IP address specific broadcast address to a device |
| Show information for all interfaces |
| Show information for a single device |
| Show interface statistics |
| Alter the status of an interface |
| Set maximum transmission unit for a network interface |
| Set a network interface to promiscuous mode |
| Bring a device online |
| Bring a device offline |
iwconfig
: configure a wireless network interfaceiwlist
: Get more detailed wireless information from a wireless interface
Command | Purpose |
---|---|
| Display information about all available wireless interfaces |
| Display information about a wireless interface |
| Display a list of commands and options |
| Connect to a wireless network by providing a key |
| Set the bitrate for an interface |
| Scan for available wireless networks |
| List available frequencies |
| List available bit rates |
iw
: show / manipulate wireless devices and their configuration
Command | Purpose |
---|---|
| Print all supported commands |
| Print help information for specified command |
| View available wireless interfaces |
| List all wireless devices and their capabilities |
| Display link information |
| Show information for an interface |
| Show capabilities for a device |
| Monitor event from the kernel |
| Scan for available SSIDs |
| Connect to a wireless network |
| Disconnect from a wireless network |
Discovering Network Devices
arp
: manipulate the system ARP cache
Command | Purpose |
---|---|
| Display the contents of the ARP cache |
| Display entries for an interface |
| Display entries for an IP address |
| Add an enrty to the ARP cache |
| Remove an entry from the ARP cache |
ip neigh:
Display the neighbor objects or the ARP cache
| Display neighbor objects |
| Display neighbor objects in verbos with statistics |
| Show o |
| Add an entry into the ARP table |
| Invalidate an entry in the ARP table |
| Replace an entry or add one if not defined |
205.2 Advanced Network Configuration (weight: 4)
Candidates should be able to configure a network device to implement various network authentication schemes. This objective includes configuring a multi-homed network device and resolving communication problems.
Key Knowledge Areas:
Utilities to manipulate routing tables
Utilities to configure and manipulate ethernet network interfaces
Utilities to analyse the status of the network devices
Utilities to monitor and analyse the TCP/IP traffic
The following is a partial list of the used files, terms and utilities:
ip
ifconfig
route
arp
ss
netstat
lsof
ping, ping6
nc
tcpdump
nmap
Adjusting Network Routing
ip route
androute
: show / manipulate the IP routing table
Command | Purpose |
---|---|
| Display the routing table |
| Add a route |
| Remove a route |
| Add a default gateway |
| Blockl the destinication route and send ICMP message |
| Block the destination route and silently discard |
Command | Purpose |
---|---|
| Display the routing table |
| Add a route |
| Remove a route |
| Add a default gateway |
| Block the destination route for a host |
| Block the destination route for a network |
Monitoring Network Sockets
ss
: A utility used to investigate network sockets and dump socket statistics.
Option | Description |
---|---|
| Display listening server sockets |
| Display all sockets (default: connected) |
| Display interfaces table |
| Show socket usage summary (like SNMP) |
| Show detailed socket information |
| Don't resolve names |
| Display PID/Program name for sockets |
| Display only TCP sockets |
| Display only UDP sockets |
netstat
: Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
Option | Description |
---|---|
| Display listening server sockets |
| Display all sockets (default: connected) |
| Display interfaces table |
| Show network statistics |
| Show detailed socket information |
| Be verbose |
| Don't resolve names |
| Display PID/Program name for sockets |
| Display only TCP sockets |
| Display only UDP sockets |
| Display routing table |
lsof
: A utility that lists open files.
Option | Description |
---|---|
| List open files by user |
| List open files and exclude a user |
| List open files by network connections |
| List open files by PID |
| List open files and exculde a PID |
| List open files by directory |
| List open files by device |
| List open files by process name |
Monitoring Network Traffics
tcpdump
: A network traffic monitoring tool. Can monitor protocols other than TCP. Lofical operators and and or can be used to combine filters.
Option | Description |
---|---|
| List interfaces available for capture |
| Capture packets on an interface or all interfaces (any) |
| Capture a specified count of packets |
| Disable hostname resolution |
| Disable protocol, port and hostname resolution |
| Capture packets by protocol on all interfaces |
| Capture packets by a host on all interfaces |
| Capture packets by source or destination address on all interfaces |
| View packet content in ASCII |
| View packet content in hex and ASCII |
| Save the output of |
| Read packets from a file |
nmap
: Network Mapper is a network exploration and security scanner. The network mapper services file is located at/usr/share/nmpa/nmpa-services
.
Option | Description |
---|---|
| Scan using a hostname or multiple hostnames |
| Scan using IP address or multi IP addresses |
| Increase verbosity |
| Scan a list of hosts from a file |
| Enable OS detection, version detection, script scanning, and traceroute |
| Enable OS detection |
| Detect firewall or packet filters |
| Skip host discovery (formerly -PN) |
| Perform a "ping scan" - Dot not detect open ports (formerly -sP) |
| Perform fast scan using less ports |
| Scan ports consecutively - don't randomize |
| View host interface and route information |
| Specify ports to scan |
| Scan for a UDP port |
| Determine service/version information |
| Perform TCP SYN scan (stealthy scan) |
| Perform TCP connect scan |
Interacting with Remote Hosts
ping
andping6
: Utilities used to send ICMP ECHO_REQUEST to network hosts. Provided by theiputils
packages. All options can be used byping
andping6
execpt for -F (not listed), which in used to allocated a 20-bit flow label on echo request packets.
Option | Description |
---|---|
| Send a stream of ICMP packets to a hostname |
| Send a stream of ICMP packets to an IP address |
| Send a specified amount of packets |
| Alter the size of the packets |
| Change the interval for sending packets |
| Only show the summary information |
| Set a timeout of when to stop sending packets |
| Flood ping. Send packets as soon as possible. |
| Fill a packet with data. ff fills the packet with ones |
| Send packets to a broadcast address |
| Limit the number of network hops |
| Increase verbosity |
ncat (nc):
A network utility that provides several options for interacting with hosts using TCP or UDP over IPv4 and IPv6. Provided by thenmap-ncat
package.
Option | Purpose |
---|---|
| Listen for inbound connections on a port |
| Connect to remote system on a specific port |
| Specify a UDP port (TCP is the default) |
| Terminate connection after specified time |
| Accept multiple connections in listen mode |
| Increase verbosity |
| Report connection status only |
| Set an idle timeout |
| Scan multiple ports |
| Scan a range of ports |
| Executes given command via /bin/sh |
| Execute the given command |
205.3 Troubleshooting network issues (weight: 4)
Candidates should be able to identify and correct common network setup issues, to include knowledge of locations for basic configuration files and commands.
Key Knowledge Areas:
Location and content of access restriction files
Utilities to configure and manipulate ethernet network interfaces
Utilities to manage routing tables
Utilities to list network states.
Utilities to gain information about the network configuration
Methods of information about the recognised and used hardware devices
System initialisation files and their contents (Systemd and SysV init)
Awareness of NetworkManager and its impact on network configuration
The following is a partial list of the used files, terms and utilities:
ip
ifconfig
route
ss
netstat
/etc/network/, /etc/sysconfig/network-scripts/
ping, ping6
traceroute, traceroute6
mtr
hostname
System log files such as /var/log/syslog, /var/log/messages and the systemd journal
dmesg
/etc/resolv.conf
/etc/hosts
/etc/hostname, /etc/HOSTNAME
/etc/hosts.allow, /etc/hosts.deny
Undrestanding Network Configuration Files and Locations
Option | Description |
---|---|
| Specify the IPv4 address |
| Specify the network prefix |
| Specify the netmask |
| Specify the gateway |
| Specify a DNS server |
| Specify another DNS server |
| Modify the |
Option | Description |
---|---|
| The type of network interface device |
| Specify boot protocol (none|dhcp|bootp) |
| Specify default route for IPv4 traffic (yes|no) |
| Specify default route for IPv6 traffic (yes|no) |
| Disable the device if the configuration fails (yes|no) |
| Disable the device if the configuration fails (yes|no) |
| Enable or disable IPv6 on the interface (yes|no) |
| Enable or disable autoconf configuration (yes|no) |
| Specify a name for the connection |
| Specify the unique identifier for the device |
| Activate interface on boot (yes|no) |
| Specify the MAC address for the interface |
/etc/hosts
: The host configuration file associates hostnames with an IP address.
/etc/resolv.conf
: The resolver configuration file specifies DNS servers and searches domains for the host.
/etc/sysconfig/network
: This configuration file is used to specify global network settings.
/etc/nsswitch.conf
: The Name Service Switch (NSS) configuration file is used to determine which sources to obtain name-service information and in what order.
/etc/network/interfaces
: (Debian Based-System):
NetworkManager
Attempts to automate and simplify network configuration
Implements a dynamic network control and configuration daemon to ensure connections stay active
Proactivity creats (temporary) connections for detected network devices
Provides user-friendly administrative tools: GUI,
nmtui
, andnmcli
Lines beginning with the word "auto" are used to identify to be brought up when
ifup
is run with the-a
optio. (This option is used by the system boot scripts.)
Analyzing Network Diagnostics and Troubleshooting Network Issues
traceroute
: Tracks the route packets take from an IP network on their way to a given host.traceroute6
: is identical totraceroute
with the-6
option.
Option | Description |
---|---|
| Use ICMP ECHO for probes |
| Use TCP SYN for probes |
| Specifies what TTL to start (default is 1) |
| Specify a gateway to route the packets |
| Specify an interface to send packets through |
| Specify the maximum number of hopes (default is 30) |
| Do not attempt to resolve host names |
| Set the number of probe packet per hop (default is 3) |
| Set the time to wait, in seconds, for a response (default is 5) |
| Use IPv4 or IPv6 only |
| Set the size of the probing packet (default is 60 bytes) |
mtr
: A network diagnostic utility that combines the funcionality of thetraceroute
andping
command
Option | Description |
---|---|
| Run |
| Run mtr in wide report mode and print out statistics |
| Specify the number of pings |
| Do not resolve hostnames |
| Show hostnames and IP addresses |
| Specify the fields and order of fields |
| Send outgoing packes through a specific interface |
| Specify the interval for sending packets (default is 1) |
| Specify the maximum number of hops (default is 30) |
| Specify the maximim number of hops (default is 1) |
| Use UDP datagrams instead of ICMP ECHO |
| Use TCP SYN packets instead of ICMP ECHO |
| Use IPv4 or IPv6 only |
journalctl
: A logging system introduce by Systemd. Implemented by thejournald
daemon, which stores logs in a binary format that can viewed by using thejournalctl
utility. Settings for the Systemd journal can be updated bt modifying/etc/systemd/journald.conf
or by adding configuration files to/etc/systemd/journald.conf.d/
.
Option | Description |
---|---|
| View messages for a particular Systemd unit |
| Follow the journal for the latest messages |
| Jump to the end of the journal |
| Change the format of the messages displayed |
| Add explanation texts from the message catalogue |
| Filter messages based on priority specified |
| Show entries from a specified date (since and until) |
dmesg
: A utiliy used to examine or control the kernel ring buffer. By default, it reads all messages from the kernel ring buffer.
Option | Description |
---|---|
| Clear the ring buffer |
| Clear the ring buffer contents after printing |
| Disable printing message to the console |
| Enable printing message to the console |
| Display local time and delta in human-readable format |
| Enable human readable format |
| Read log from a file |
/var/log/syslog
: The main system log for Debian-based hosts. Stores all global system activity and startup messages. Options are controlled by/etc/syslog.conf
or/etc/rsyslog.conf
in newer versions. Additional configuration files can be added to `/etc/rsyslog.d/.
/var/log/messages
: The main system log on RHEL-based hosts. Stores all global system activity and startup messages. Options are controlled by/etc/rsyslog.conf
. Additional configurations can be added to `/etc/rsyslog.d/.
Managing Hostnames and Restricting Host-Level Access
/etc/hostname
and/etc/HOSTNAME
: The /etc/hostname file is used to store hostname of the system. On some distributions, the/etc/HOSYNAME
file is used for this purpose but is ofen aliased to/etc/hostname
.hostname
andhostnamectl
: Thehostname
command is used to show ro set the system's hostname (i.e.,hostname HOSTNAME
). On Systemd systems, thehostnamectl
command has replaced thehostname
command (i.e., `hostnamectl set-hostname HOSTNAME)
/etc/hosts
: This file is used to map hostnames and aliases to IP addresses./etc/hosts.allow
and/etc/hosts.deny
: These files are used to determine whether a client has permission to connect to a network service on a remote host. The format of both files is as follow:daemon_list:client_list [:command]
. The daemon list is a comma-seprated list of service daemons, the client list is a comma-separated list of clients, and command is an optional command that is executed when a client tries to access a server daemon. The keywordALL
may be used for the daemon and client lists in order to allow or deny access to all clients.
Sample Questions
Last updated