Networking in LINUX

Networking Files

Here I will discuss some very important files in one's system which is part of a network. This knowledge is essential to understand the basics of managing a network in a Linux environment.

/etc/hostname

When you installed Linux, you specified a hostname for your system. If you want to change the hostname associated with your system, you can edit the file /etc/hostname by using an editor of your choosing. Because the file - like most configuration files - has restrictive permissions, you must login as root in order to modify it.The format of the /etc/hostname file is simple. The file contains a single line, which contains the hostname of your system; for example, chaks.

/etc/resolv.conf

The network addresses of your system's name servers are specified in the file /etc/resolv.conf, which you can edit by using an editor while logged in as root. To specify a name server, include a line of the form:

search csa.iisc.ernet.in

nameserver 144.16.67.13

A maximum of three such nameservers can be given. The system will sequentially visit the three name servers if the one preceeding it is not available to give you the network address.

/etc/hosts

The hosts file, /etc/hosts, lets your system determine the network address number that corresponds to a hostname, without querying a DNS server.Most systems can query a DNS server to determine the IP address that corresponds to a hostname and, failing to obtain an answer, read the /etc/hosts file. Alternatively, most systems can read the etc/hosts file and, failing to obtain an answer, query a DNS server. The second alternative is generally better, because reading the /etc/hosts file takes less time than querying a DNS server.

127.0.0.1 localhost.localdomain localhost

192.168.168.2 eclass.csa.iisc.ernet.in eclass

192.168.168.11 ashwini.csa.iisc.ernet.in ashwini

/etc/hosts.allow and /etc/hosts.deny.

These days the system contains TCP wrappers, which monitor all of the incoming ports by themselves. When a connection is made the wrappers decide whether access will be permitted, and only when a connection is approved is the daemon run to respond to it. The access rules are usually found in the configuration files /etc/hosts.allow and /etc/hosts.deny.

/etc/inetd.conf

The /etc/inetd.conf file tells it what ports to monitor, what service is offered on each port, and what program to run when a connection is detected.

Network Configuration Information

ifconfig

This command is used to configure network interfaces, or to display their current configuration. In addition to activating and deactivating interfaces with the up and down settings, this command is necessary for setting an interface's address information. An IP interface, for example, needs to be told both its own address and the network mask and broadcast address of its subnet.

eth0 Link encap:Ethernet HWaddr 00:50:BA:D8:ED:2A

inet addr:192.168.168.11 Bcast:192.168.168.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:332894 errors:0 dropped:0 overruns:0 frame:0

TX packets:356956 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:185754524 (177.1 Mb) TX bytes:205539976 (196.0 Mb)

Interrupt:10 Base address:0x7c00

route

Once its interfaces are configured, your machine can receive packets from the network. But where should outgoing packets be sent? Making this decision is called ``routing,'' and it is made by consulting the system's routing table. The destination address of every outgoing packet is checked against every line of this table; if a matching line is found then the packet is sent out the interface listed on that line of the table; if no match is found the system returns the error ``Unreachable host.'' The route command is the tool used to display or modify the routing table.

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.168.0 * 255.255.255.0 U 0 0 0 eth0

169.254.0.0 * 255.255.0.0 U 0 0 0 eth0

127.0.0.0 * 255.0.0.0 U 0 0 0 lo

default eclass.csa.iisc 0.0.0.0 UG 0 0 0 eth0

usernetctl

Sometimes users are granted the ability to bring certain interfaces up or down on their own; this is the command they use. It is like an emasculated version of ifconfig, that can only turn the interface on or off.

arp

When the system transmits a packet, it has to send it to a particular physical-layer address (actually, some messages are sent in broadcast mode, but these are kept to a minimum since they require the attention of every processor connected to the LAN). For instance, when you send an IP packet over Ethernet, it will normally be sent to the Ethernet address of another machine directly connected to it. The ARP (Address Resolution Protocol) table normally uses an automatic mechanism to find what physical addresses go with which IP addresses. The arp command displays this table, and can be used to modify it, though this necessity is rare.

Address HWtype HWaddress Flags Mask Iface

eclass.csa.iisc.ernet.in ether 00:50:BA:C5:11:02 C eth0

inetd

tcpd

TCP wrapping is subdivided into two jobs. The inetd daemon is usually run when networking is activated and grabs control of the ports for FTP and telnet and whatever. The /etc/inetd.conf file tells it what ports to monitor, what service is offered on each port, and what program to run when a connection is detected. The program that inetd is usually instructed to run is tcpd, which checks the /etc/hosts.allow and /etc/hosts.deny files to see if the connection should be permitted and if so starts or alerts the appropriate daemon.

tcpdchk

tcpdmatch

These small utility programs let you check your /etc/hosts.allow and /etc/hosts.deny files. The tcpdchk command scans the files and reports any errors or omissions it finds. The tcpdmatch utility lets you specify a hypothetical daemon/client pair and predicts, given your setup files, whether the connection would be accepted.

Network Monitoring

nstat: This command displays the values of a few dozen statistics relating to network activity that are maintained inside the kernel. These statistics are normally kept for the benefit of the SNMP daemon. They may also be viewed by accessing the file /proc/net/snmp.
netstat: This is another command that will present the contents of /proc/net files for you, but offers a broader range of information than the nstat program. It can list the currently active network connections, dump the system routing tables, present interface statistics, and list masqueraded connections.; Active Internet connections (w/o servers); Proto Recv-Q Send-Q Local Address Foreign Address State; tcp 0 0 ashwini.csa.iisc.er:ssh eclass.csa.iisc.e:48136 ESTABLISHED; tcp 0 0 ashwini.csa.iisc.er:ssh eclass.csa.iisc.e:48155 ESTABLISHED; Active UNIX domain sockets (w/o servers); Proto RefCnt Flags Type State I-Node Path; unix 10 [ ] DGRAM 2452 /dev/log
snmp*: The collection of SNMP commands (snmpget, snmpnext, et cetera) that come with the Linux CMU SNMP package allow you to query a remote machine that has an SNMP daemon running. This can provide network performance and error statistics for that host. The CMU package also contains an snmpd(8) daemon that you can run if you want your machine to provide SNMP information.
tcpdump: This is a sniffer, a program that captures packets off of a network interface and interprets them for you. It understands all basic Internet protocols, and can be used to save entire packets for later inspection.
09:17:27.510312 ashwini.csa.iisc.ernet.in.57702 > eclass.csa.iisc.ernet.in.ssh: . ack 9328 win 24616 (DF) [tos 0x10] 09:17:27.510510 eclass.csa.iisc.ernet.in.ssh > ashwini.csa.iisc.ernet.in.57702: P 9328:9632(304) ack 4719 win 9792 (DF) [tos 0x10]

Networking Tools