# 205: Networking Configuration ## **205.1 Basic networking configuration (weight: 3)** {% hint style="success" %} Candidates should be able to configure a network device to be able to connect to a local, wired or wireless, and a wide-area network. This objective includes being able to communicate between various subnets within a single network including both IPv4 and IPv6 networks. **Key Knowledge Areas:** * Utilities to configure and manipulate ethernet network interfaces * Configuring basic access to wireless networks **The following is a partial list of the used files, terms and utilities:** * ip * ifconfig * route * arp * iw * iwconfig * iwlist {% endhint %} ### Managing Network Interfaces * `ifconfig`: configure a network interface

Command	Purpose
`ifconfig`	Display information for active network interfaces
`ifconfig -a`	Display information for all network interfaces
`ifconfig eth0`	Display information for a specific network interface
`ifconfig eth0 up`	Bring a device online
`ifconfig eth0 down`	Bring a device offline
`ifconfig eth0 192.168.1.200`	Assign an IP address to a network interface
`ifconfig eth0 netmask 255.255.255.0`	Assign a netmask to a network interface
`ifconfig eth0 broadcast 192.168.1.255`	Assign a broadcast address to a network interface
`ifconfig eth0 192.168.1.200`	Remove an IP address from a network interface
`ifconfig eth0 mtu` `number`	Set maximum transmission unit for a network interface
`ifconfig eth0 promisc`	Set a network interface to promiscuous mode

* `ip`: Show/manipulate routing, devices, policy routing, and tunnels. ```bash ip [ OPTIONS ] OBJECT { COMMAND | help } ``` OBJECT: * `link` * `addr` * `addrlabel` * `route` * `rule` * `neigh` * `tunnel` * `maddr` * `mroute` * `monitor`

Command	Purpose
`ip help`	Display a list of commands and options for the `ip` command
`ip addr help`	Display a list of commands and options for the address subcommand
`ip link help`	Display a list of commands and options for the link subcommand
`ip addr`	Show information for all address
`ip addr show dev eth0`	Show information for a specific device
`ip addr add 192.168.1.200/24 dev eth0`	Add a address to device
`ip addr del 192.168.1.200/24 dev eth0`	Remove an address from a device
`ip addr add 192.168.1.200/24 broadcast 192.168.1.255 dev eth0`	Add an IP address specific broadcast address to a device
`ip link`	Show information for all interfaces
`ip link show dev eth0`	Show information for a single device
`ip -s link`	Show interface statistics
`ip link set`	Alter the status of an interface
`ip link set mtu` `number`	Set maximum transmission unit for a network interface
`ip link set eth0 promisc on`	Set a network interface to promiscuous mode
`ip link set eth0 up`	Bring a device online
`ip link set eth0 down`	Bring a device offline

* `iwconfig`: configure a wireless network interface * `iwlist`: Get more detailed wireless information from a wireless interface

Command	Purpose
`iwconfig`	Display information about all available wireless interfaces
`iwconfig wlan0`	Display information about a wireless interface
`iwconfig --help`	Display a list of commands and options
`iwconfig wlan0 essid "MyNetwork" key my_key`	Connect to a wireless network by providing a key
`iwconfig wlan0 rate 24M`	Set the bitrate for an interface
`iwlist wlan0 scan`	Scan for available wireless networks
`iwlist wlan0 freq`	List available frequencies
`iwlist wlan0 rate`	List available bit rates

* `iw`: show / manipulate wireless devices and their configuration ```bash iw [ OPTIONS ] { help | OBJECT COMMAND } ``` | Command | Purpose | | ------------------------- | ------------------------------------------------ | | `iw help` | Print all supported commands | | `iw help command` | Print help information for specified command | | `iw dev` | View available wireless interfaces | | `iw list` | List all wireless devices and their capabilities | | `iw dev wlan0 link` | Display link information | | `iw dev wlan0 info` | Show information for an interface | | `iw phy phy0 info` | Show capabilities for a device | | `iw event` | Monitor event from the kernel | | `iw wlan0 scan` | Scan for available SSIDs | | `iw dev wlan0 connad` | Connect to a wireless network | | `iw dev wlan0 disconnect` | Disconnect from a wireless network | ### Discovering Network Devices * `arp`: manipulate the system ARP cache

Command	Purpose
`arp [-avn]`	Display the contents of the ARP cache
`arp -i eth1`	Display entries for an interface
`arp -a 192.168.1.9`	Display entries for an IP address
`arp -s 192.168.1.9 -i eth2 1:2:3:4:5:6`	Add an enrty to the ARP cache
`arp -i eth1 -d 192.168.1.9`	Remove an entry from the ARP cache

* `ip neigh:` Display the neighbor objects or the ARP cache | | | | ---------------------------------------------------------- | -------------------------------------------------- | | `ip neigh` | Display neighbor objects | | `ip -s neigh` | Display neighbor objects in verbos with statistics | | `ip neigh show dev eth1` | Show o `arp` cache for a device | | `ip neigh add 192.168.1.9 lladdr 1:2:3:4:5:6 dev eth1` | Add an entry into the ARP table | | `ip neigh del 192.168.1.9 dev eth1` | Invalidate an entry in the ARP table | | `ip neigh replace 192.168.1.9 lladdr 1:2:3:4:5:6 dev eth1` | Replace an entry or add one if not defined | ## **205.2 Advanced Network Configuration (weight: 4)** {% hint style="success" %} Candidates should be able to configure a network device to implement various network authentication schemes. This objective includes configuring a multi-homed network device and resolving communication problems. **Key Knowledge Areas:** * Utilities to manipulate routing tables * Utilities to configure and manipulate ethernet network interfaces * Utilities to analyse the status of the network devices * Utilities to monitor and analyse the TCP/IP traffic **The following is a partial list of the used files, terms and utilities:** * ip * ifconfig * route * arp * ss * netstat * lsof * ping, ping6 * nc * tcpdump * nmap {% endhint %} ### Adjusting Network Routing * `ip route` and `route`: show / manipulate the IP routing table | Command | Purpose | | ------------------------------------------------- | ---------------------------------------------------- | | `ip route show` | Display the routing table | | `ip route add 10.0.2.0/24 via 10.0.2.10 dev eth1` | Add a route | | `ip route del 10.0.2.0/24 via 10.0.2.10 dev eth1` | Remove a route | | `ip route add default via 10.0.2.10` | Add a default gateway | | `ip route add prohibit 10.0.2.10/24` | Blockl the destinication route and send ICMP message | | `ip route add blackhole 10.0.2.0/24` | Block the destination route and silently discard | | Command | Purpose | | ------------------------------------------------------ | ----------------------------------------- | | `route (n)` | Display the routing table | | `route add -net 10.0.2.0/24 gw 10.0.2.10 eth1` | Add a route | | `route del -net 10.0.2.0/24 gw 10.0.2.10 eth1` | Remove a route | | `route add default gw 10.0.2.10` | Add a default gateway | | `route add -host 10.0.2.10 reject` | Block the destination route for a host | | `route add -net 10.0.2.0 netmask 255.255.255.0 reject` | Block the destination route for a network | ### Monitoring Network Sockets * `ss`: A utility used to investigate network sockets and dump socket statistics. | Option | Description | | -------------------- | ---------------------------------------- | | `-l`, `--listening` | Display listening server sockets | | `-a`, `--all` | Display all sockets (default: connected) | | `-i`, `--interfaces` | Display interfaces table | | `-s`, `--summary` | Show socket usage summary (like SNMP) | | `-e`, `--extended` | Show detailed socket information | | `-n`, `--numeric` | Don't resolve names | | `-p`, `--programs` | Display PID/Program name for sockets | | `-t`, `--tcp` | Display only TCP sockets | | `-u`, `--udp` | Display only UDP sockets | * `netstat`: Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. | Option | Description | | -------------------- | ---------------------------------------- | | `-l`, `--listening` | Display listening server sockets | | `-a`, `--all` | Display all sockets (default: connected) | | `-i`, `--interfaces` | Display interfaces table | | `-s`, `--statistics` | Show network statistics | | `-e`, `--extended` | Show detailed socket information | | `-v`, `--verbose` | Be verbose | | `-n`, `--numeric` | Don't resolve names | | `-p`, `--programs` | Display PID/Program name for sockets | | `-t`, `--tcp` | Display only TCP sockets | | `-u`, `--udp` | Display only UDP sockets | | `-r`, `-route` | Display routing table | * `lsof`: A utility that lists open files.

Option	Description
`-u username`	List open files by user
`-u ^username`	List open files and exclude a user
`-i [46][protocol][@hostname\|hostaddr][:service\|port]`	List open files by network connections
`-p PID`	List open files by PID
`-p ^PID`	List open files and exculde a PID
`/directory`	List open files by directory
`/dev/sda1`	List open files by device
`-c`	List open files by process name

### Monitoring Network Traffics * `tcpdump`: A network traffic monitoring tool. Can monitor protocols other than TCP. Lofical operators **and** and **or** can be used to combine filters. | Option | Description | | -------------------------- | ------------------------------------------------------------------ | | `-D` | List interfaces available for capture | | `-i eth0` | Capture packets on an interface or all interfaces (any) | | `-c` | Capture a specified count of packets | | `-n` | Disable hostname resolution | | `-nn` | Disable protocol, port and hostname resolution | | `-i any protocol` | Capture packets by protocol on all interfaces | | `-i any host 10.0.2.10` | Capture packets by a host on all interfaces | | `-i any src/dst 10.0.2.10` | Capture packets by source or destination address on all interfaces | | `-A` | View packet content in ASCII | | `-X` | View packet content in hex and ASCII | | `-w file_name.pcap` | Save the output of `tcpdump` to a file | | `-r file_name.pcap` | Read packets from a file | * `nmap`: Network Mapper is a network exploration and security scanner. The network mapper services file is located at `/usr/share/nmpa/nmpa-services`.

Option	Description
`hostname`	Scan using a hostname or multiple hostnames
`10.0.2.10`	Scan using IP address or multi IP addresses
`-v 10.0.2.10`	Increase verbosity
`-iL hosts.txt`	Scan a list of hosts from a file
`-A 10.0.2.10`	Enable OS detection, version detection, script scanning, and traceroute
`-O 10.0.2.10`	Enable OS detection
`-sA 10.0.2.10`	Detect firewall or packet filters
`-Pn 10.0.2.10`	Skip host discovery (formerly -PN)
`-sn 10.0.2.10`	Perform a "ping scan" - Dot not detect open ports (formerly -sP)
`-F 10.0.2.10`	Perform fast scan using less ports
`-r 10.0.2.10`	Scan ports consecutively - don't randomize
`--iflist`	View host interface and route information
`-p 22, 443 10.0.2.10`	Specify ports to scan
`-sU 58 10.0.2.10`	Scan for a UDP port
`-sV 10.0.2.10`	Determine service/version information
`-sS 10.0.2.10`	Perform TCP SYN scan (stealthy scan)
`-sT 10.0.2.10`	Perform TCP connect scan

### Interacting with Remote Hosts * `ping` and `ping6`: Utilities used to send ICMP ECHO\_REQUEST to network hosts. Provided by the `iputils` packages. All options can be used by `ping` and `ping6` execpt for -F (not listed), which in used to allocated a 20-bit flow label on echo request packets. | Option | Description | | ----------------- | ------------------------------------------------------ | | `hostname` | Send a stream of ICMP packets to a hostname | | `10.0.2.10` | Send a stream of ICMP packets to an IP address | | `-c 5 10.0.2.10` | Send a specified amount of packets | | `-s 10.0.2.10` | Alter the size of the packets | | `-i 3 10.0.2.10` | Change the interval for sending packets | | `-q 10.0.2.10` | Only show the summary information | | `-w 5 10.0.2.10` | Set a timeout of when to stop sending packets | | `-f 10.0.2.10` | Flood ping. Send packets as soon as possible. | | `-p ff 10.0.2.10` | Fill a packet with data. ff fills the packet with ones | | `-b 10.0.2.10` | Send packets to a broadcast address | | `-t 10 10.0.2.10` | Limit the number of network hops | | `-v 10.0.2.10` | Increase verbosity | * `ncat (nc):` A network utility that provides several options for interacting with hosts using TCP or UDP over IPv4 and IPv6. Provided by the `nmap-ncat` package. | Option | Purpose | | ----------------------- | ------------------------------------------- | | `-l port` | Listen for inbound connections on a port | | `10.0.2.10 port` | Connect to remote system on a specific port | | `-u udp_port` | Specify a UDP port (TCP is the default) | | `-w time_count` | Terminate connection after specified time | | `-l -k port` | Accept multiple connections in listen mode | | `-v` | Increase verbosity | | `-z` | Report connection status only | | `-i` | Set an idle timeout | | `-v -z 10.0.2.10 22 80` | Scan multiple ports | | `-v -z 10.0.2.10 20-80` | Scan a range of ports | | `-c command` | Executes given command via /bin/sh | | `-e command` | Execute the given command | ## **205.3 Troubleshooting network issues (weight: 4)** {% hint style="success" %} Candidates should be able to identify and correct common network setup issues, to include knowledge of locations for basic configuration files and commands. **Key Knowledge Areas:** * Location and content of access restriction files * Utilities to configure and manipulate ethernet network interfaces * Utilities to manage routing tables * Utilities to list network states. * Utilities to gain information about the network configuration * Methods of information about the recognised and used hardware devices * System initialisation files and their contents (Systemd and SysV init) * Awareness of NetworkManager and its impact on network configuration **The following is a partial list of the used files, terms and utilities:** * ip * ifconfig * route * ss * netstat * /etc/network/, /etc/sysconfig/network-scripts/ * ping, ping6 * traceroute, traceroute6 * mtr * hostname * System log files such as /var/log/syslog, /var/log/messages and the systemd journal * dmesg * /etc/resolv.conf * /etc/hosts * /etc/hostname, /etc/HOSTNAME * /etc/hosts.allow, /etc/hosts.deny {% endhint %} ### Undrestanding Network Configuration Files and Locations

cat ifcfg-eth0

BOOTPROTO=dhcp
DEVICE=eth0
DHCPV6C=yes
HWADDR=02:ne:5a:69:69:0f
IPV6INIT=yes
ONBOOT=yes
TYPE=Ethernet
USERCTL=no

Option	Description
`IPADDR=10.0.1.10`	Specify the IPv4 address
`PREFIX=24`	Specify the network prefix
`NETMASK=10.0.10.1`	Specify the netmask
`GATEWAY=10.0.10.1`	Specify the gateway
`DNS1=192.168.154.3`	Specify a DNS server
`DNS2=10.216.6.3`	Specify another DNS server
`PEERDNS=yes`	Modify the `/etc/resolv.conf` file (yes\|no)

| Option | Description | | -------------------------- | ------------------------------------------------------- | | `TYPE=Ethernet` | The type of network interface device | | `BOOTPROTO=none` | Specify boot protocol (none\|dhcp\|bootp) | | `DEFROUTE=yes` | Specify default route for IPv4 traffic (yes\|no) | | `IPV6_DEFROUTE=yes` | Specify default route for IPv6 traffic (yes\|no) | | `IPV4_FAILURE_FATAL=no` | Disable the device if the configuration fails (yes\|no) | | `IPV6_FAILURE_FATAL=no` | Disable the device if the configuration fails (yes\|no) | | `IPV6INIT=yes` | Enable or disable IPv6 on the interface (yes\|no) | | `IPV6_AUTOCONF=yes` | Enable or disable autoconf configuration (yes\|no) | | `NAME=eth0` | Specify a name for the connection | | `UUID=...` | Specify the unique identifier for the device | | `ONBOOT=yes` | Activate interface on boot (yes\|no) | | `HWADDR=0e:a5:1a:b9:fc:89` | Specify the MAC address for the interface | * `/etc/hosts`: The host configuration file associates hostnames with an IP address.

cat /etc/hosts

127.0.0.1 localhost.localdomain localhost
10.0.1.10 linuxmaster.example.com linuxmaster

* `/etc/resolv.conf`: The resolver configuration file specifies DNS servers and searches domains for the host.

cat /etc/resolv.conf

search example.com
nameserver 192.168.20.4
nameserver 172.8.100.3

* `/etc/sysconfig/network`: This configuration file is used to specify global network settings.

cat /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=linuxmaster.example.com

* `/etc/nsswitch.conf`: The Name Service Switch (NSS) configuration file is used to determine which sources to obtain name-service information and in what order. ```bash cat /etc/nsswitch.conf ... hosts: files dns ... ``` * `/etc/network/interfaces`: (Debian Based-System): ```bash cat /etc/network/interfaces # An example ethernet card setup: (broadcast and gateway are optional) # # auto eth0 # iface eth0 inet static # address 192.168.0.42 # network 192.168.0.0 # netmask 255.255.255.0 # broadcast 192.168.0.255 # gateway 192.168.0.1 ``` #### NetworkManager * Attempts to automate and simplify network configuration * Implements a dynamic network control and configuration daemon to ensure connections stay active * Proactivity creats (temporary) connections for detected network devices * Provides user-friendly administrative tools: GUI, `nmtui`, and `nmcli` > Lines beginning with the word "auto" are used to identify to be brought up when `ifup` is run with the `-a` optio. (This option is used by the system boot scripts.) ### Analyzing Network Diagnostics and Troubleshooting Network Issues * `traceroute`: Tracks the route packets take from an IP network on their way to a given host. * `traceroute6`: is identical to `traceroute` with the `-6` option.

traceroute [option] hostname [packet_len]

| Option | Description | | --------------------- | --------------------------------------------------------------- | | `-I` | Use ICMP ECHO for probes | | `-T` | Use TCP SYN for probes | | `-f first_ttl` | Specifies what TTL to start (default is 1) | | `-g gateway` | Specify a gateway to route the packets | | `-i interface` | Specify an interface to send packets through | | `-m max_ttl` | Specify the maximum number of hopes (default is 30) | | `-n` | Do not attempt to resolve host names | | `-q` | Set the number of probe packet per hop (default is 3) | | `-w` | Set the time to wait, in seconds, for a response (default is 5) | | `-4` \| `-6` | Use IPv4 or IPv6 only | | `hostname packet_len` | Set the size of the probing packet (default is 60 bytes) | * `mtr`: A network diagnostic utility that combines the funcionality of the `traceroute` and `ping` command ```bash mtr [options] hostname [packet_size] ``` | Option | Description | | --------------- | ---------------------------------------------------------------------------- | | `-r -c 5` | Run `mtr` report mode and print out statistics based on the number of cycles | | `-w` | Run mtr in wide report mode and print out statistics | | `-c 5` | Specify the number of pings | | `-n` | Do not resolve hostnames | | `-b` | Show hostnames and IP addresses | | `-o "LSD NBAW"` | Specify the fields and order of fields | | `-a 10.0.2.20` | Send outgoing packes through a specific interface | | `-i seconds` | Specify the interval for sending packets (default is 1) | | `-m NUM` | Specify the maximum number of hops (default is 30) | | `-f NUM` | Specify the maximim number of hops (default is 1) | | `-u` | Use UDP datagrams instead of ICMP ECHO | | `-T` | Use TCP SYN packets instead of ICMP ECHO | | `-4` \| `-6` | Use IPv4 or IPv6 only | * `journalctl`: A logging system introduce by Systemd. Implemented by the `journald` daemon, which stores logs in a binary format that can viewed by using the `journalctl` utility. Settings for the Systemd journal can be updated bt modifying `/etc/systemd/journald.conf` or by adding configuration files to `/etc/systemd/journald.conf.d/`. | Option | Description | | ----------- | ---------------------------------------------------- | | `-u unit` | View messages for a particular Systemd unit | | `-f` | Follow the journal for the latest messages | | `-e` | Jump to the end of the journal | | `-o format` | Change the format of the messages displayed | | `-x` | Add explanation texts from the message catalogue | | `-p` | Filter messages based on priority specified | | `-S`, `-U` | Show entries from a specified date (since and until) | * `dmesg`: A utiliy used to examine or control the kernel ring buffer. By default, it reads all messages from the kernel ring buffer. | Option | Description | | --------- | ----------------------------------------------------- | | `-C` | Clear the ring buffer | | `-c` | Clear the ring buffer contents after printing | | `-D` | Disable printing message to the console | | `-E` | Enable printing message to the console | | `-e` | Display local time and delta in human-readable format | | `-H` | Enable human readable format | | `-F file` | Read log from a file | * `/var/log/syslog`: The main system log for Debian-based hosts. Stores all global system activity and startup messages. Options are controlled by `/etc/syslog.conf` or `/etc/rsyslog.conf` in newer versions. Additional configuration files can be added to \`/etc/rsyslog.d/.

cat /var/log/syslog

...
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on GnuPG network certificate management daemon.
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on GnuPG cryptographic agent and passphrase cache.
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on debconf communication socket.
...

* `/var/log/messages`: The main system log on RHEL-based hosts. Stores all global system activity and startup messages. Options are controlled by `/etc/rsyslog.conf`. Additional configurations can be added to \`/etc/rsyslog.d/.

/var/log/messages

...
Aug 21 03:41:13 linuxmaster rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="737" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Aug 21 03:41:13 linuxmaster pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Aug 21 03:41:13 linuxmaster pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__klgf3cDA7cymYCN1 is now logged in
Aug 21 03:41:13 linuxmaster pure-ftpd: (__cpanel__service__auth__ftpd__klgf3cDA7cymYCN1@127.0.0.1) [INFO] Logout.
Aug 21 03:41:41 linuxmaster PAM-hulk[9971]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
...

### Managing Hostnames and Restricting Host-Level Access * `/etc/hostname` and `/etc/HOSTNAME`: The /etc/hostname file is used to store hostname of the system. On some distributions, the `/etc/HOSYNAME` file is used for this purpose but is ofen aliased to `/etc/hostname`. * `hostname` and `hostnamectl`: The `hostname` command is used to show ro set the system's hostname (i.e., `hostname HOSTNAME`). On Systemd systems, the `hostnamectl` command has replaced the `hostname` command (i.e., \`hostnamectl set-hostname HOSTNAME)

cat /etc/hostname
linuxmaster.example.com

hostname
linuxmaster.example.com

hostnamectl status

   Static hostname: linuxmaster.example.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 7d9f417ed8ed4e2393f3dce9f5a89ef4
           Boot ID: 3179595ad0cd4454a4b0c7a5f33f27cc
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-1160.42.2.el7.x86_64
      Architecture: x86-64

* `/etc/hosts`: This file is used to map hostnames and aliases to IP addresses. * `/etc/hosts.allow` and `/etc/hosts.deny`: These files are used to determine whether a client has permission to connect to a network service on a remote host. The format of both files is as follow: `daemon_list:client_list [:command]`. The daemon list is a comma-seprated list of service daemons, the client list is a comma-separated list of clients, and command is an optional command that is executed when a client tries to access a server daemon. The keyword `ALL` may be used for the daemon and client lists in order to allow or deny access to all clients. ```bash cat /etc/hosts.deny sshd : ALL ``` ```bash cat /etc/hosts.allow sshd : 10.0.3.* ``` ```bash cat /etc/hosts.deny vsfpd : .example.com ``` ```bash cat /etc/hosts.allow vsftpd : linuxmaster.example.com ``` ## Sample Questions