Ø Static IP assigning.
Ø DHCP based IP configuration.
Ø Basic commands like ifconfig,ip,route..etc.
Ø dns,fqdn, /etc/hosts,/etc/resolv.conf…etc
Ø packet flow between two Linux hosts
Ø ssh server configuration
Ø ssh client
Ø AppArmor
Ø UFW
Ø IPtables
The Open Systems Interconnect (OSI) model has seven layers.
· Application
· Presentation
· Session
· Transport
· Network
· Data Link
· Physical
PHYSICAL LAYER
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers.
DATA LINK LAYER
The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link. To do this, the data link layer provides:
· Link establishment and termination: establishes and terminates the logical link between two nodes.
· Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are available.
· Frame sequencing: transmits/receives frames sequentially.
· Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from errors that occur in the physical layer by retransmitting non-acknowledged frames and handling duplicate frame receipt.
· Frame delimiting: creates and recognizes frame boundaries.
· Frame error checking: checks received frames for integrity.
· Media access management: determines when the node "has the right" to use the physical medium.
NETWORK LAYER
The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. It provides:
· Routing: routes frames among networks.
· Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station to "throttle back" its frame transmission when the router's buffer fills up.
· Frame fragmentation: if it determines that a downstream router's maximum transmission unit (MTU) size is less than the frame size, a router can fragment a frame for transmission and re-assembly at the destination station.
· Logical-physical address mapping: translates logical addresses, or names, into physical addresses.
· Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet intermediate systems, to produce billing information.
Communications Subnet
The network layer software must build headers so that the network layer software residing in the subnet intermediate systems can recognize them and use them to route data to the destination address.
This layer relieves the upper layers of the need to know anything about the data transmission and intermediate switching technologies used to connect systems. It establishes, maintains and terminates connections across the intervening communications facility (one or several intermediate systems in the communication subnet).
In the network layer and the layers below, peer protocols exist between a node and its immediate neighbor, but the neighbor may be a node through which data is routed, not the destination station. The source and destination stations may be separated by many intermediate systems.
TRANSPORT LAYER
The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.
The size and complexity of a transport protocol depends on the type of service it can get from the network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If the network layer is unreliable and/or only supports datagrams, the transport protocol should include extensive error detection and recovery.
The size and complexity of a transport protocol depends on the type of service it can get from the network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If the network layer is unreliable and/or only supports datagrams, the transport protocol should include extensive error detection and recovery.
The transport layer provides:
· Message segmentation: accepts a message from the (session) layer above it, splits the message into smaller units (if not already small enough), and passes the smaller units down to the network layer. The transport layer at the destination station reassembles the message.
· Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments.
· Message traffic control: tells the transmitting station to "back-off" when no message buffers are available.
· Session multiplexing: multiplexes several message streams, or sessions onto one logical link and keeps track of which messages belong to which sessions (see session layer).
Typically, the transport layer can accept relatively large messages, but there are strict message size limits imposed by the network (or lower) layer. Consequently, the transport layer must break up the messages into smaller units, or frames, prepending a header to each frame.
The transport layer header information must then include control information, such as message start and message end flags, to enable the transport layer on the other end to recognize message boundaries. In addition, if the lower layers do not maintain sequence, the transport header must contain sequence information to enable the transport layer on the receiving end to get the pieces back together in the right order before handing the received message up to the layer above.
End-to-end layers
Unlike the lower "subnet" layers whose protocol is between immediately adjacent nodes, the transport layer and the layers above are true "source to destination" or end-to-end layers, and are not concerned with the details of the underlying communications facility. Transport layer software (and software above it) on the source station carries on a conversation with similar software on the destination station by using message headers and control messages.
SESSION LAYER
The session layer allows session establishment between processes running on different stations. It provides:
· Session establishment, maintenance and termination: allows two application processes on different machines to establish, use and terminate a connection, called a session.
· Session support: performs the functions that allow these processes to communicate over the network, performing security, name recognition, logging, and so on.
PRESENTATION LAYER
The presentation layer formats the data to be presented to the application layer. It can be viewed as the translator for the network. This layer may translate data from a format used by the application layer into a common format at the sending station, then translate the common format to a format known to the application layer at the receiving station.
The presentation layer provides:
· Character code translation: for example, ASCII to EBCDIC.
· Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.
· Data compression: reduces the number of bits that need to be transmitted on the network.
· Data encryption: encrypt data for security purposes. For example, password encryption.
APPLICATION LAYER
The application layer serves as the window for users and application processes to access network services. This layer contains a variety of commonly needed functions:
· Resource sharing and device redirection
· Remote file access
· Remote printer access
· Inter-process communication
· Network management
· Directory services
· Electronic messaging (such as mail)
· Network virtual terminals
The simplest definition of a computer network is a group of computers that are able to communicate with one another and share a resource
Common networking terms
node: Each device on a network, is called a node.
NOS: In order for communications to take place, you need the software, the network operating system (NOS) and the means of
communication.
Networking Configuration
The basics for any network based on *nix hosts is the Transport Control Protocol/ Internet Protocol (TCP/IP) combination of three protocols. This combination consists of the Internet Protocol (IP), Transport Control Protocol (TCP), and Universal Datagram Protocol (UDP).
By Default most of the users configure their network card during the installation of Ubuntu. You can however, use the ifconfig command at the shell prompt, to edit your system's network device information or to add or remove network devices on your system
Configure Network Interface Using Command-Line
You can configure a network interface from the command line using the networking utilities. You configure your network client hosts with the command line by using commands to change your current settings or by editing a number of system files.
Configuring DHCP address for your network card
To configure DHCP address you need to edit the /etc/network/interfaces and you need to enter the following lines replace eth0 with your network interface card.
sudo vi /etc/network/interfaces
Note :- Use vi editor if you don't have GUI installed
If you have GUI use the following command
$sudo gedit /etc/network/interfaces
# The primary network interface -- use DHCP to find our address
auto eth0
iface eth0 inet dhcp
auto eth0
iface eth0 inet dhcp
Configuring Static IP address for your network card
If you want to configure Static IP address you need to edit the /etc/network/interfaces and you need to enter the following lines replace eth0 with your network interface card
sudo vi /etc/network/interfaces
$sudo gedit /etc/network/interfaces
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.3.90
gateway 192.168.3.1
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
iface eth0 inet static
address 192.168.3.90
gateway 192.168.3.1
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
After entering all the details you need to restart networking services using the following command
sudo /etc/init.d/networking restart
Setting up Second IP address or Virtual IP address in Ubuntu
If you are a server system administrator or normal user some time you need to assign a second ip address to your Ubuntu machine. For this you need to edit the /etc/network/interfaces file and you need to add the following syntax. Below one is the only example you need to change according to your ip address settings
sudo vi /etc/network/interfaces
Note :- Use vi editor if you don't have GUI installed
If you have GUI use the following command
$sudo gedit /etc/network/interfaces
auto eth0:1
iface eth0:1 inet static
address 192.168.1.60
netmask 255.255.255.0
network x.x.x.x
broadcast x.x.x.x
gateway x.x.x.x
iface eth0:1 inet static
address 192.168.1.60
netmask 255.255.255.0
network x.x.x.x
broadcast x.x.x.x
gateway x.x.x.x
You need to enter all the details like address, netmask, network, broadcast and gateways values after entering all the values save this file and you need to restart networking services in debian using the following command to take effect of our new ip address.
After entering all the details you need to restart networking services using the following command
sudo /etc/init.d/networking restart
Setting your ubuntu stytem hostname
Hostname is the name of the computer you're currently logged into or visiting. hostname is used to display the system's DNS name, and to display or set its hostname or NIS (Network Information Services) domain name.
Setting up your hostname upon a ubuntu installation is very straightforward. You can directly query, or set, the hostname with the hostname command.
· As a user you can see your current hostname with:
sudo /etc/hostname
· To set the hostname directly you can become root and run
sudo /etc/hostname newname
When your system boots it will automatically read the hostname from the file /etc/hostname
Checking your Linux host name
· To see if your host name is set correctly using the following commands:
#uname -n
#hostname -a
#hostname -s
#hostname -d
#hostname -f
#hostname
#hostname -a
#hostname -s
#hostname -d
#hostname -f
#hostname
Normally we will set the hostname of a system during the installation process.
DNS
DNS servers allow you to use friendly names in your browser, email or other Internet applications to perform tasks which require IP addresses.
The Internet uses TCP/IP protocol to send and receive everything on the Internet. When you type google.com in your browser to do a search, you use DNS. Otherwise, you would have to use this numeric value: 64.233.187.99.Click on each one and see what you get.
You see Google.com is a name in a database that your browser consults to find the IP address of the Google web site. But that's transparent to the user. How would you like to keep a notebook of IP addresses to manually look up and find web sites you wish to visit? Well, the Domain Name System does that for you automatically.
Linux uses BIND(Berkeley Internet Domain Name) to perform DNS functions. Rather than attempt to use another program, system administrators should start with BIND because it runs almost all the DNS servers in the world.
Tell Me About Configuration Files
BIND comes with three components.
1. named or name-dee. It's a daemon that runs the server side of DNS. That will make sense in a little while.
2. resolver library. People think of a resolver as the client side of BIND. The resolver code makes queries of DNS servers in an attempt to translate a friendly name to an IP address. This component uses the resolv.conf file.
3. tools for testing you DNS server. They are really a set of command line utilities like dig. Go to your console and type dig yahoo.com and see what happens.
What's My Responsibility In The DNS System?
As DNS is a distributed data base. When you pay a fee to register a domain one of the questions you answer deals with your Name Servers. You have to list two and they have to be registered in the DNS system.
The domain name system database has three levels.
1. "root" servers
2. Top Level Domains or (TLDs) - TLDs include com, net, org, mil, gov, edu, etc. When your resolver needs to find the address for a web site, it makes a query. Let's say you want to find Google.com. Your resolver asks the Root servers to identify Google.com's IP. The Root server replies, I don't know but I do now where you can find the answer. Start with the TLD servers for COM.
Setting up DNS
When it comes to DNS setup Ubuntu doesn't differ from other distributions. You can add hostname and IP addresses to the file /etc/hosts for static lookups.
To cause your machine to consult with a particular server for name lookups you simply add their addresses to /etc/resolv.conf.
For example a machine which should perform lookups from the DNS server at IP address 192.168.3.2 would have a resolv.conf file looking like this
sudo vi /etc/resolv.conf
Note :- Use vi editor if you don't have GUI installed
If you have GUI use the following command
$ sudo gedit /etc/resolv.conf
enter the following details
search test.com
nameserver 192.168.3.2
nameserver 192.168.3.2
Whatever change you made in network configuration will not take place till you restart the LAN card
#service network restart
ifconfig
The ifconfig command will display the configuration of all active Ethernet card. Without specifying any parameter this command will show all active Ethernet card. if you want to see the configuration of any specific Ethernet card then use the name of that card as the command line arguments. for example to show the IP configuration on loop back Interface execute this command
#ifconfig lo
ifup/ifdown
Each installed network adapter has a corresponding ifcfg-* file in /etc/sysconfig/network-scripts. You can activate or deactivate that adapter with the ifup and ifdown commands. Either of the following commands will activate the eth0 network adapter:
#ifup ifcfg-eth0 #ifup eth0
netstat
The netstat program provides real-time information on the status of your network connections, as well as network statistics and the routing table. The netstat command has several options you can use to bring up different sorts of information about your network.
arp
The Address Resolution Protocol associates the hardware address of a network adapter with an IP address. The arp command (in the /sbin directory) displays a table of hardware and IP addresses on the local computer. With arp, you can detect problems such as duplicate addresses on the network, or you can manually add arp entries as required.
ping
ping command is used to check the physical connectivity. If you get reply mean everything is ok. If you get request time out response means there is some problem it could be unplugged cable power off switch or enabled firewall on destination node. If you get Destination host unreachable means remote node is not in your network. Use CTRL+C to abort the ping sequence
service network restart
Whatever change you made in network configuration files will not take place until you restart the network services. To implement change this command is used.
Comments
Post a Comment