1 / 37

HALP! Something is in my tubes!

HALP! Something is in my tubes!. Part I by Jason Testart, IST. Overview. OSI Model Review of Ethernet, IP and common transport protocols A quick look at DHCP & DNS Scenarios we’ll cover: No DHCP No DNS Routing Problems Problem accessing a specific service on a specific server.

kemal
Télécharger la présentation

HALP! Something is in my tubes!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HALP! Something is in my tubes! Part I by Jason Testart, IST

  2. Overview • OSI Model • Review of Ethernet, IP and common transport protocols • A quick look at DHCP & DNS • Scenarios we’ll cover: • No DHCP • No DNS • Routing Problems • Problem accessing a specific service on a specific server WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  3. OSI Model SMTP Layer 7 SSL TCP IP Ethernet Layer 1 1000BASE-T WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  4. Our Focus SMTP SSL Layer 4 TCP Layer 3 IP Layer 2 Ethernet 1000BASE-T WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  5. Ethernet • Layer 2 • Shared Medium • Addressing using a 48-bit “MAC” address • MAC address represented using 6 groups of 2 hex digits delimited by a ‘:’ or a ‘-’ WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  6. Internet Protocol • Layer 3 • Encapsulate data from a higher layer • Routers are computers that span several layer 2 networks • A router forwards packets from one network to another based on rules it has. • It’s all about addressing. WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  7. One Layer-3 NetworkFour Layer-2 Networks (shown) We don’t care about what’s in the cloud. WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  8. Layer 4 protocols • UDP • TCP • ICMP (ping/traceroute) • IGMP (multicast group management) • ESP (IPSec VPN) WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  9. UDP • Connectionless • Order not guaranteed • Unreliable • Uses ports, like TCP • DNS, NTP, DHCP WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  10. TCP • Connection oriented • Ordered • Reliable • Uses ports (0 to 65535) • SMTP, HTTP, IMAP WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  11. DHCP • A means of getting an IP address assigned • http://en.wikipedia.org/wiki/Dhcp#DHCP_acknowledgement • On Windows, use “ipconfig /all | more” • On Unix/Linux, use “ifconfig –a | more” • 169.254.X.Y means trouble WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  12. Output of ifconfig (Linux) [jatestar@wiretap ~]$ /sbin/ifconfig -a eth0 Link encap:Ethernet HWaddr 00:50:56:80:17:EB inet addr:129.97.85.179 Bcast:129.97.85.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fe80:17eb/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5219908 errors:0 dropped:0 overruns:0 frame:0 TX packets:3462430 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1024059373 (976.6 MiB) TX bytes:2395847731 (2.2 GiB) Interrupt:177 Base address:0x1424 WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  13. Extract of ipconfig output Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : uwaterloo.ca Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN Physical Address. . . . . . . . . : 00-1F-3B-7B-31-A1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::d173:7c70:199c:98f1%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.46.14(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : November-27-08 8:25:24 PM Lease Expires . . . . . . . . . . : November-27-08 8:45:24 PM Default Gateway . . . . . . . . . : 192.168.46.1 DHCP Server . . . . . . . . . . . : 192.168.46.1 DNS Servers . . . . . . . . . . . : 192.168.46.1 NetBIOS over Tcpip. . . . . . . . : Enabled WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  14. What if DHCP doesn’t work? • Check the cable. • Is there a link light? • VLAN setting OK in ONA? • Linux firewall too secure? • Call for help. WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  15. DNS • Name lookup can fail, but network is OK • Check your DNS resolver settings • Look for stale host table entries • Clear any DNS caching • Check connectivity using IP addresses WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  16. Handy IP addresses to memorize • 129.97.128.10 (nameserver) • 129.97.129.10 (nameserver) • 129.97.128.40 (www.uwaterloo.ca) • Your favourite off-campus site WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  17. Resolver settings • On *nix: /etc/resolv.conf • On Windows: Run nslookup (or ipconfig) C:\Users\jatestart>nslookup www.uwaterloo.ca Server: UnKnown Address: 192.168.46.1 Non-authoritative answer: Name: info.uwaterloo.ca Address: 129.97.128.40 Aliases: www.uwaterloo.ca WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  18. Hosts Table • *nix: /etc/hosts • Windows: hosts or lmhosts somewhere under System32 directory • Vista: drivers\etc\hosts • Keep only ‘localhost’ definitions in there, otherwise should be empty WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  19. DNS Caching • Caching to improve performance • Windows: “ipconfig /flushdns” • *nix: Do you have “nscd” running? WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  20. What if DNS doesn’t work? • Is the network OK? • Can you ping “129.97.128.40”? • Can you ping your fav site? (they allow ping, right?) • If network OK, complain that DNS is broken. WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  21. General Network Problems: Things to look for WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  22. Gateway • Need a gateway (router) to access the big bad Internet. • Does the computer know it? • If so, is it the correct one? • Can you ping the gateway? • Check all interfaces (wired & wireless) WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  23. Routing tables [jatestar@wiretap ~]$ netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 129.97.85.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 129.97.85.1 0.0.0.0 UG 0 0 0 eth0 IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.46.1 192.168.46.14 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.46.0 255.255.255.0 On-link 192.168.46.14 281 192.168.46.14 255.255.255.255 On-link 192.168.46.14 281 192.168.46.255 255.255.255.255 On-link 192.168.46.14 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.46.14 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.46.14 281 =========================================================================== WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  24. Multiple default gateways? • Disable all but one network adapter • Wireless + wired can be problematic WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  25. No default gateway? • Are you sure DHCP is working? • Reboot. • If problem persists, call for help. WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  26. Can’t ping the gateway? • Use “arp” command to see if you have communicated. [jatestar@wiretap ~]$ /sbin/arp -an ? (129.97.85.1) at 00:0D:ED:C0:1F:C2 [ether] on eth0 C:\Users\jatestart>arp -a Interface: 192.168.46.14 --- 0xa Internet Address Physical Address Type 192.168.46.1 00-05-5d-2d-0a-37 dynamic 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.252 01-00-5e-00-00-fc static WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  27. Client-Server Issues: Can’t access a specific service on a specific server? WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  28. What about that service? • Does the service use UDP or TCP? • What ‘port’ does the service use on the server? • Is there a specific port used on the client? • What’s the IP address of the server? WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  29. A word about ports Privileged ports (1-1023) • Most Operating systems won’t let just anyone bind to privileged ports • Notice most “servers” are on privileged ports? Ephemeral ports (typically 1024-65535) • Ports that clients bind to when talking to servers • Ephemeral port range varies from OS to OS and may be customized http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  30. What’s connected? • Need to be privileged • On Windows: netstat –bn • On *nix: lsof -i -a -n WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  31. netstat on Windows C:\Windows\system32>netstat -bn Active Connections TCP 192.168.46.14:49222 129.97.128.141:993 ESTABLISHED [thunderbird.exe] TCP 192.168.46.14:49347 192.168.46.1:22 ESTABLISHED [SshClient.exe] WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  32. lsof on Linux COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME ntpd 5250 ntp 16u IPv4 13035 UDP *:ntp sshd 6337 root 3u IPv6 14240 TCP *:ssh (LISTEN) sshd 11337 root 3r IPv6 311941 TCP 192.168.46.1:ssh->192.168.46.14:49347 (ESTABLISHED) sshd 11339 jatestar 3u IPv6 311941 TCP 192.168.46.1:ssh->192.168.46.14:49347 (ESTABLISHED) WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  33. Can you connect to the port? • Use telnet to try connecting • Example: telnet 129.97.128.10 25 • 3 outcomes possible WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  34. Connected • You’re in! • If there’s a problem, it’s likely something other than the network WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  35. Connection Refused • You can connect to the host, but it’s telling you the service is not there. • Service is likely not running • Could be “tcp-wrapped” or application access control • Don’t blame the firewall! WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  36. Timeout • Connection attempt is hanging, or timed out • If you know your network is OK, and the server is OK, then something might be blocking you! • Host-based firewall? • IPSec Local Security Policy? • Router ACL? • Network firewall? WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

  37. Turning it over to Mike.... Thank You WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!

More Related