205: Networking Configuration

205.1 Basic networking configuration (weight: 3)

Candidates should be able to configure a network device to be able to connect to a local, wired or wireless, and a wide-area network. This objective includes being able to communicate between various subnets within a single network including both IPv4 and IPv6 networks.

Key Knowledge Areas:

  • Utilities to configure and manipulate ethernet network interfaces

  • Configuring basic access to wireless networks

The following is a partial list of the used files, terms and utilities:

  • ip

  • ifconfig

  • route

  • arp

  • iw

  • iwconfig

  • iwlist

Managing Network Interfaces

  • ifconfig: configure a network interface

CommandPurpose

ifconfig

Display information for active network interfaces

ifconfig -a

Display information for all network interfaces

ifconfig eth0

Display information for a specific network interface

ifconfig eth0 up

Bring a device online

ifconfig eth0 down

Bring a device offline

ifconfig eth0 192.168.1.200

Assign an IP address to a network interface

ifconfig eth0 netmask 255.255.255.0

Assign a netmask to a network interface

ifconfig eth0 broadcast 192.168.1.255

Assign a broadcast address to a network interface

ifconfig eth0 192.168.1.200

Remove an IP address from a network interface

ifconfig eth0 mtu number

Set maximum transmission unit for a network interface

ifconfig eth0 promisc

Set a network interface to promiscuous mode

  • ip: Show/manipulate routing, devices, policy routing, and tunnels.

ip [ OPTIONS ] OBJECT { COMMAND | help }

OBJECT:

  • link

  • addr

  • addrlabel

  • route

  • rule

  • neigh

  • tunnel

  • maddr

  • mroute

  • monitor

CommandPurpose

ip help

Display a list of commands and options for the ip command

ip addr help

Display a list of commands and options for the address subcommand

ip link help

Display a list of commands and options for the link subcommand

ip addr

Show information for all address

ip addr show dev eth0

Show information for a specific device

ip addr add 192.168.1.200/24 dev eth0

Add a address to device

ip addr del 192.168.1.200/24 dev eth0

Remove an address from a device

ip addr add 192.168.1.200/24 broadcast 192.168.1.255 dev eth0

Add an IP address specific broadcast address to a device

ip link

Show information for all interfaces

ip link show dev eth0

Show information for a single device

ip -s link

Show interface statistics

ip link set

Alter the status of an interface

ip link set mtu number

Set maximum transmission unit for a network interface

ip link set eth0 promisc on

Set a network interface to promiscuous mode

ip link set eth0 up

Bring a device online

ip link set eth0 down

Bring a device offline

  • iwconfig: configure a wireless network interface

  • iwlist: Get more detailed wireless information from a wireless interface

CommandPurpose

iwconfig

Display information about all available wireless interfaces

iwconfig wlan0

Display information about a wireless interface

iwconfig --help

Display a list of commands and options

iwconfig wlan0 essid "MyNetwork" key my_key

Connect to a wireless network by providing a key

iwconfig wlan0 rate 24M

Set the bitrate for an interface

iwlist wlan0 scan

Scan for available wireless networks

iwlist wlan0 freq

List available frequencies

iwlist wlan0 rate

List available bit rates

  • iw: show / manipulate wireless devices and their configuration

iw [ OPTIONS ] { help | OBJECT COMMAND }
CommandPurpose

iw help

Print all supported commands

iw help command

Print help information for specified command

iw dev

View available wireless interfaces

iw list

List all wireless devices and their capabilities

iw dev wlan0 link

Display link information

iw dev wlan0 info

Show information for an interface

iw phy phy0 info

Show capabilities for a device

iw event

Monitor event from the kernel

iw wlan0 scan

Scan for available SSIDs

iw dev wlan0 connad

Connect to a wireless network

iw dev wlan0 disconnect

Disconnect from a wireless network

Discovering Network Devices

  • arp: manipulate the system ARP cache

CommandPurpose

arp [-avn]

Display the contents of the ARP cache

arp -i eth1

Display entries for an interface

arp -a 192.168.1.9

Display entries for an IP address

arp -s 192.168.1.9 -i eth2 1:2:3:4:5:6

Add an enrty to the ARP cache

arp -i eth1 -d 192.168.1.9

Remove an entry from the ARP cache

  • ip neigh: Display the neighbor objects or the ARP cache

ip neigh

Display neighbor objects

ip -s neigh

Display neighbor objects in verbos with statistics

ip neigh show dev eth1

Show o arp cache for a device

ip neigh add 192.168.1.9 lladdr 1:2:3:4:5:6 dev eth1

Add an entry into the ARP table

ip neigh del 192.168.1.9 dev eth1

Invalidate an entry in the ARP table

ip neigh replace 192.168.1.9 lladdr 1:2:3:4:5:6 dev eth1

Replace an entry or add one if not defined

205.2 Advanced Network Configuration (weight: 4)

Candidates should be able to configure a network device to implement various network authentication schemes. This objective includes configuring a multi-homed network device and resolving communication problems.

Key Knowledge Areas:

  • Utilities to manipulate routing tables

  • Utilities to configure and manipulate ethernet network interfaces

  • Utilities to analyse the status of the network devices

  • Utilities to monitor and analyse the TCP/IP traffic

The following is a partial list of the used files, terms and utilities:

  • ip

  • ifconfig

  • route

  • arp

  • ss

  • netstat

  • lsof

  • ping, ping6

  • nc

  • tcpdump

  • nmap

Adjusting Network Routing

  • ip route and route: show / manipulate the IP routing table

CommandPurpose

ip route show

Display the routing table

ip route add 10.0.2.0/24 via 10.0.2.10 dev eth1

Add a route

ip route del 10.0.2.0/24 via 10.0.2.10 dev eth1

Remove a route

ip route add default via 10.0.2.10

Add a default gateway

ip route add prohibit 10.0.2.10/24

Blockl the destinication route and send ICMP message

ip route add blackhole 10.0.2.0/24

Block the destination route and silently discard

CommandPurpose

route (n)

Display the routing table

route add -net 10.0.2.0/24 gw 10.0.2.10 eth1

Add a route

route del -net 10.0.2.0/24 gw 10.0.2.10 eth1

Remove a route

route add default gw 10.0.2.10

Add a default gateway

route add -host 10.0.2.10 reject

Block the destination route for a host

route add -net 10.0.2.0 netmask 255.255.255.0 reject

Block the destination route for a network

Monitoring Network Sockets

  • ss: A utility used to investigate network sockets and dump socket statistics.

OptionDescription

-l, --listening

Display listening server sockets

-a, --all

Display all sockets (default: connected)

-i, --interfaces

Display interfaces table

-s, --summary

Show socket usage summary (like SNMP)

-e, --extended

Show detailed socket information

-n, --numeric

Don't resolve names

-p, --programs

Display PID/Program name for sockets

-t, --tcp

Display only TCP sockets

-u, --udp

Display only UDP sockets

  • netstat: Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

OptionDescription

-l, --listening

Display listening server sockets

-a, --all

Display all sockets (default: connected)

-i, --interfaces

Display interfaces table

-s, --statistics

Show network statistics

-e, --extended

Show detailed socket information

-v, --verbose

Be verbose

-n, --numeric

Don't resolve names

-p, --programs

Display PID/Program name for sockets

-t, --tcp

Display only TCP sockets

-u, --udp

Display only UDP sockets

-r, -route

Display routing table

  • lsof: A utility that lists open files.

OptionDescription

-u username

List open files by user

-u ^username

List open files and exclude a user

-i [46][protocol][@hostname|hostaddr][:service|port]

List open files by network connections

-p PID

List open files by PID

-p ^PID

List open files and exculde a PID

/directory

List open files by directory

/dev/sda1

List open files by device

-c

List open files by process name

Monitoring Network Traffics

  • tcpdump: A network traffic monitoring tool. Can monitor protocols other than TCP. Lofical operators and and or can be used to combine filters.

OptionDescription

-D

List interfaces available for capture

-i eth0

Capture packets on an interface or all interfaces (any)

-c

Capture a specified count of packets

-n

Disable hostname resolution

-nn

Disable protocol, port and hostname resolution

-i any protocol

Capture packets by protocol on all interfaces

-i any host 10.0.2.10

Capture packets by a host on all interfaces

-i any src/dst 10.0.2.10

Capture packets by source or destination address on all interfaces

-A

View packet content in ASCII

-X

View packet content in hex and ASCII

-w file_name.pcap

Save the output of tcpdump to a file

-r file_name.pcap

Read packets from a file

  • nmap: Network Mapper is a network exploration and security scanner. The network mapper services file is located at /usr/share/nmpa/nmpa-services.

OptionDescription

hostname

Scan using a hostname or multiple hostnames

10.0.2.10

Scan using IP address or multi IP addresses

-v 10.0.2.10

Increase verbosity

-iL hosts.txt

Scan a list of hosts from a file

-A 10.0.2.10

Enable OS detection, version detection, script scanning, and traceroute

-O 10.0.2.10

Enable OS detection

-sA 10.0.2.10

Detect firewall or packet filters

-Pn 10.0.2.10

Skip host discovery (formerly -PN)

-sn 10.0.2.10

Perform a "ping scan" - Dot not detect open ports (formerly -sP)

-F 10.0.2.10

Perform fast scan using less ports

-r 10.0.2.10

Scan ports consecutively - don't randomize

--iflist

View host interface and route information

-p 22, 443 10.0.2.10

Specify ports to scan

-sU 58 10.0.2.10

Scan for a UDP port

-sV 10.0.2.10

Determine service/version information

-sS 10.0.2.10

Perform TCP SYN scan (stealthy scan)

-sT 10.0.2.10

Perform TCP connect scan

Interacting with Remote Hosts

  • ping and ping6: Utilities used to send ICMP ECHO_REQUEST to network hosts. Provided by the iputils packages. All options can be used by ping and ping6 execpt for -F (not listed), which in used to allocated a 20-bit flow label on echo request packets.

OptionDescription

hostname

Send a stream of ICMP packets to a hostname

10.0.2.10

Send a stream of ICMP packets to an IP address

-c 5 10.0.2.10

Send a specified amount of packets

-s 10.0.2.10

Alter the size of the packets

-i 3 10.0.2.10

Change the interval for sending packets

-q 10.0.2.10

Only show the summary information

-w 5 10.0.2.10

Set a timeout of when to stop sending packets

-f 10.0.2.10

Flood ping. Send packets as soon as possible.

-p ff 10.0.2.10

Fill a packet with data. ff fills the packet with ones

-b 10.0.2.10

Send packets to a broadcast address

-t 10 10.0.2.10

Limit the number of network hops

-v 10.0.2.10

Increase verbosity

  • ncat (nc): A network utility that provides several options for interacting with hosts using TCP or UDP over IPv4 and IPv6. Provided by the nmap-ncat package.

OptionPurpose

-l port

Listen for inbound connections on a port

10.0.2.10 port

Connect to remote system on a specific port

-u udp_port

Specify a UDP port (TCP is the default)

-w time_count

Terminate connection after specified time

-l -k port

Accept multiple connections in listen mode

-v

Increase verbosity

-z

Report connection status only

-i

Set an idle timeout

-v -z 10.0.2.10 22 80

Scan multiple ports

-v -z 10.0.2.10 20-80

Scan a range of ports

-c command

Executes given command via /bin/sh

-e command

Execute the given command

205.3 Troubleshooting network issues (weight: 4)

Candidates should be able to identify and correct common network setup issues, to include knowledge of locations for basic configuration files and commands.

Key Knowledge Areas:

  • Location and content of access restriction files

  • Utilities to configure and manipulate ethernet network interfaces

  • Utilities to manage routing tables

  • Utilities to list network states.

  • Utilities to gain information about the network configuration

  • Methods of information about the recognised and used hardware devices

  • System initialisation files and their contents (Systemd and SysV init)

  • Awareness of NetworkManager and its impact on network configuration

The following is a partial list of the used files, terms and utilities:

  • ip

  • ifconfig

  • route

  • ss

  • netstat

  • /etc/network/, /etc/sysconfig/network-scripts/

  • ping, ping6

  • traceroute, traceroute6

  • mtr

  • hostname

  • System log files such as /var/log/syslog, /var/log/messages and the systemd journal

  • dmesg

  • /etc/resolv.conf

  • /etc/hosts

  • /etc/hostname, /etc/HOSTNAME

  • /etc/hosts.allow, /etc/hosts.deny

Undrestanding Network Configuration Files and Locations

cat ifcfg-eth0

BOOTPROTO=dhcp
DEVICE=eth0
DHCPV6C=yes
HWADDR=02:ne:5a:69:69:0f
IPV6INIT=yes
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
OptionDescription

IPADDR=10.0.1.10

Specify the IPv4 address

PREFIX=24

Specify the network prefix

NETMASK=10.0.10.1

Specify the netmask

GATEWAY=10.0.10.1

Specify the gateway

DNS1=192.168.154.3

Specify a DNS server

DNS2=10.216.6.3

Specify another DNS server

PEERDNS=yes

Modify the /etc/resolv.conf file (yes|no)

OptionDescription

TYPE=Ethernet

The type of network interface device

BOOTPROTO=none

Specify boot protocol (none|dhcp|bootp)

DEFROUTE=yes

Specify default route for IPv4 traffic (yes|no)

IPV6_DEFROUTE=yes

Specify default route for IPv6 traffic (yes|no)

IPV4_FAILURE_FATAL=no

Disable the device if the configuration fails (yes|no)

IPV6_FAILURE_FATAL=no

Disable the device if the configuration fails (yes|no)

IPV6INIT=yes

Enable or disable IPv6 on the interface (yes|no)

IPV6_AUTOCONF=yes

Enable or disable autoconf configuration (yes|no)

NAME=eth0

Specify a name for the connection

UUID=...

Specify the unique identifier for the device

ONBOOT=yes

Activate interface on boot (yes|no)

HWADDR=0e:a5:1a:b9:fc:89

Specify the MAC address for the interface

  • /etc/hosts: The host configuration file associates hostnames with an IP address.

cat /etc/hosts

127.0.0.1 localhost.localdomain localhost
10.0.1.10 linuxmaster.example.com linuxmaster

  • /etc/resolv.conf: The resolver configuration file specifies DNS servers and searches domains for the host.

cat /etc/resolv.conf

search example.com
nameserver 192.168.20.4
nameserver 172.8.100.3

  • /etc/sysconfig/network: This configuration file is used to specify global network settings.

cat /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=linuxmaster.example.com

  • /etc/nsswitch.conf: The Name Service Switch (NSS) configuration file is used to determine which sources to obtain name-service information and in what order.

cat /etc/nsswitch.conf
...
hosts: files dns
...

  • /etc/network/interfaces: (Debian Based-System):

cat /etc/network/interfaces

# An example ethernet card setup: (broadcast and gateway are optional)
# 
# auto eth0
# iface eth0 inet static
# address 192.168.0.42
# network 192.168.0.0
# netmask 255.255.255.0
# broadcast 192.168.0.255
# gateway 192.168.0.1

NetworkManager

  • Attempts to automate and simplify network configuration

  • Implements a dynamic network control and configuration daemon to ensure connections stay active

  • Proactivity creats (temporary) connections for detected network devices

  • Provides user-friendly administrative tools: GUI, nmtui, and nmcli

Lines beginning with the word "auto" are used to identify to be brought up when ifup is run with the -a optio. (This option is used by the system boot scripts.)

Analyzing Network Diagnostics and Troubleshooting Network Issues

  • traceroute: Tracks the route packets take from an IP network on their way to a given host.

  • traceroute6: is identical to traceroute with the -6 option.

traceroute [option] hostname [packet_len]
OptionDescription

-I

Use ICMP ECHO for probes

-T

Use TCP SYN for probes

-f first_ttl

Specifies what TTL to start (default is 1)

-g gateway

Specify a gateway to route the packets

-i interface

Specify an interface to send packets through

-m max_ttl

Specify the maximum number of hopes (default is 30)

-n

Do not attempt to resolve host names

-q

Set the number of probe packet per hop (default is 3)

-w

Set the time to wait, in seconds, for a response (default is 5)

-4 | -6

Use IPv4 or IPv6 only

hostname packet_len

Set the size of the probing packet (default is 60 bytes)

  • mtr: A network diagnostic utility that combines the funcionality of the traceroute and ping command

mtr [options] hostname [packet_size]
OptionDescription

-r -c 5

Run mtr report mode and print out statistics based on the number of cycles

-w

Run mtr in wide report mode and print out statistics

-c 5

Specify the number of pings

-n

Do not resolve hostnames

-b

Show hostnames and IP addresses

-o "LSD NBAW"

Specify the fields and order of fields

-a 10.0.2.20

Send outgoing packes through a specific interface

-i seconds

Specify the interval for sending packets (default is 1)

-m NUM

Specify the maximum number of hops (default is 30)

-f NUM

Specify the maximim number of hops (default is 1)

-u

Use UDP datagrams instead of ICMP ECHO

-T

Use TCP SYN packets instead of ICMP ECHO

-4 | -6

Use IPv4 or IPv6 only

  • journalctl: A logging system introduce by Systemd. Implemented by the journald daemon, which stores logs in a binary format that can viewed by using the journalctl utility. Settings for the Systemd journal can be updated bt modifying /etc/systemd/journald.conf or by adding configuration files to /etc/systemd/journald.conf.d/.

OptionDescription

-u unit

View messages for a particular Systemd unit

-f

Follow the journal for the latest messages

-e

Jump to the end of the journal

-o format

Change the format of the messages displayed

-x

Add explanation texts from the message catalogue

-p

Filter messages based on priority specified

-S, -U

Show entries from a specified date (since and until)

  • dmesg: A utiliy used to examine or control the kernel ring buffer. By default, it reads all messages from the kernel ring buffer.

OptionDescription

-C

Clear the ring buffer

-c

Clear the ring buffer contents after printing

-D

Disable printing message to the console

-E

Enable printing message to the console

-e

Display local time and delta in human-readable format

-H

Enable human readable format

-F file

Read log from a file

  • /var/log/syslog: The main system log for Debian-based hosts. Stores all global system activity and startup messages. Options are controlled by /etc/syslog.conf or /etc/rsyslog.conf in newer versions. Additional configuration files can be added to `/etc/rsyslog.d/.

cat /var/log/syslog

...
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on GnuPG network certificate management daemon.
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on GnuPG cryptographic agent and passphrase cache.
Aug 27 14:26:13 linuxmaster systemd[3616238]: Listening on debconf communication socket.
...

  • /var/log/messages: The main system log on RHEL-based hosts. Stores all global system activity and startup messages. Options are controlled by /etc/rsyslog.conf. Additional configurations can be added to `/etc/rsyslog.d/.

/var/log/messages

...
Aug 21 03:41:13 linuxmaster rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="737" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Aug 21 03:41:13 linuxmaster pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Aug 21 03:41:13 linuxmaster pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__klgf3cDA7cymYCN1 is now logged in
Aug 21 03:41:13 linuxmaster pure-ftpd: (__cpanel__service__auth__ftpd__klgf3cDA7cymYCN1@127.0.0.1) [INFO] Logout.
Aug 21 03:41:41 linuxmaster PAM-hulk[9971]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
...

Managing Hostnames and Restricting Host-Level Access

  • /etc/hostname and /etc/HOSTNAME: The /etc/hostname file is used to store hostname of the system. On some distributions, the /etc/HOSYNAME file is used for this purpose but is ofen aliased to /etc/hostname.

  • hostname and hostnamectl: The hostname command is used to show ro set the system's hostname (i.e., hostname HOSTNAME). On Systemd systems, the hostnamectl command has replaced the hostname command (i.e., `hostnamectl set-hostname HOSTNAME)

cat /etc/hostname
linuxmaster.example.com
hostname
linuxmaster.example.com
hostnamectl status

   Static hostname: linuxmaster.example.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 7d9f417ed8ed4e2393f3dce9f5a89ef4
           Boot ID: 3179595ad0cd4454a4b0c7a5f33f27cc
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-1160.42.2.el7.x86_64
      Architecture: x86-64

  • /etc/hosts: This file is used to map hostnames and aliases to IP addresses.

  • /etc/hosts.allow and /etc/hosts.deny: These files are used to determine whether a client has permission to connect to a network service on a remote host. The format of both files is as follow: daemon_list:client_list [:command]. The daemon list is a comma-seprated list of service daemons, the client list is a comma-separated list of clients, and command is an optional command that is executed when a client tries to access a server daemon. The keyword ALL may be used for the daemon and client lists in order to allow or deny access to all clients.

cat /etc/hosts.deny

sshd : ALL
cat /etc/hosts.allow

sshd : 10.0.3.*
cat /etc/hosts.deny

vsfpd : .example.com
cat /etc/hosts.allow

vsftpd : linuxmaster.example.com

Sample Questions

Last updated