1 / 30

Linux Networking

Linux Networking. ITEC 370 George Vaughan Franklin University. TCP/IP and OSI Models. Origins of Unix. In the early 1960's, MIT experimented with Time sharing systems: CTSS and MAC. This developed into the Multics project.

kenna
Télécharger la présentation

Linux Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linux Networking ITEC 370 George Vaughan Franklin University

  2. TCP/IP and OSI Models

  3. Origins of Unix • In the early 1960's, MIT experimented with Time sharing systems: CTSS and MAC. • This developed into the Multics project. • Funded by ARPA (ARPA also funded the creation of the Internet, originally known as ARPANET). • Project included MIT, GE and Bell Labs (Included Dennis Ritchie and Ken Thompson from Bell Labs). • Bell Labs withdrew in 1969.

  4. Origins of Unix • Ken Thompson wrote a game called 'Space Travel' but it was expensive to run on a Mainframe. • Thompson found an old PDP-7 with inadequate OS. • Thompson and Ritchie wrote the precursor to UNIX in assembly language.

  5. Origins of Unix • Thompson and Ritchie wanted a portable OS for programmers. • Ritchie developed the language C as mid-level language to implement UNIX. This was very important because: • It allowed UNIX to be portable. • It made it much easier to maintain/modify UNIX • Portability allowed UNIX to spread to other platforms very quickly.

  6. Origins of Unix • Bell Labs was part of AT&T. AT&T was a legal telecommunications monopoly and was not allowed to sell computers or software. • AT&T licensed UNIX source to Universities which made their own modifications and variations (specifically Berkley). • After divestiture of AT&T in 1984, AT&T commercializes UNIX. • Many commercial variants exist, including SUN Solaris, HP-UX, IBM AIX, Compaq TRUE64, etc. Source NOT available.

  7. Where did GNU and Linux Come From? • In the mid 80's, Richard Stallman, a researcher at MIT, felt it was morally wrong that companies would not share source code. • Stallman created the Free Software Foundation (FSF) with the goal a creating a free OS, called GNU (GNU stands for 'GNU is Not Unix'). • see: http://www.gnu.org/ • In the late 1980's, Stallman wins the McArthur Genious Award ($300K) and uses the money to support the GNU effort.

  8. Where did GNU and Linux Come From? • GNU project decided to work on OS tools first (gcc, gdb, gnu make, gzip, etc) and the Kernel last. • In the early 1990's, Linus Torvalds wants source to Minix and is turned away. Torvalds creates a UNIX compliant Kernel and encourages other over the internet to help him. • In the mid 1990s complete, free, UNIX compliant OS's were created by merging GNU tools with Linux. This is what Redhat, Fedora, Knoppix, Debian, Mandrake, Suse, Knoppix, etc. have done. • GNU still working on its own Kernel (GNU HURD)

  9. Where did GNU and Linux Come From? • In a strict sense, Linux refers to the kernel. • The kernel is a single executable file. • In Fedora Core 6.0, the kernel is: • located at /boot/vmlinuz • based on version 2.4 • approximately 1.7 Mbytes in size (small)

  10. What is the IP Address of My Machine? • ifconfig command • ifconfig displays the status of the currently active network interfaces. • > ifconfig • eth0 Link encap:Ethernet HWaddr 00:A0:CC:3B:0E:53 • inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 • inet6 addr: fe80::2a0:ccff:fe3b:e53/64 Scope:Link • UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 • RX packets:136 errors:1 dropped:0 overruns:0 frame:0 • TX packets:171 errors:0 dropped:0 overruns:0 carrier:0 • collisions:0 txqueuelen:1000 • RX bytes:14102 (13.7 KiB) TX bytes:18945 (18.5 KiB) • Interrupt:5 Base address:0xef00

  11. What is the IP Address of a Remote Machine? • nslookup command (also in Windows) • A program to query Internet domain name servers • Example: > nslookupeinstein.franklin.edu • Server: 65.24.7.3 • Address: 65.24.7.3#53 • Non-authoritative answer: • Name: einstein.franklin.edu • Address: 66.77.177.143

  12. Is the Remote Machine Alive? • Example of ping command: (also in Windows) • > ping 65.24.7.3 • PING 65.24.7.3 (65.24.7.3) 56(84) bytes of data. • 64 bytes from 65.24.7.3: icmp_seq=1 ttl=248 time=16.5 ms • 64 bytes from 65.24.7.3: icmp_seq=2 ttl=248 time=13.0 ms • 64 bytes from 65.24.7.3: icmp_seq=3 ttl=248 time=11.7 ms • 64 bytes from 65.24.7.3: icmp_seq=4 ttl=248 time=14.9 ms • 64 bytes from 65.24.7.3: icmp_seq=5 ttl=248 time=12.2 ms • --- 65.24.7.3 ping statistics --- • 5 packets transmitted, 5 received, 0% packet loss, time 4000ms • rtt min/avg/max/mdev = 11.710/13.687/16.518/1.794 ms

  13. /etc/hosts • /etc/host file: • Text file that associates IP addresses with hostnames (aliases). • /etc/hosts on Einstein • # Do not remove the following line, or various programs • # that require network functionality will fail. • 127.0.0.1 localhost.localdomain localhost • 10.0.2.12 qwprlx17 qwprlx17.students.qw.franklin.edu • 10.0.2.118 qwprwi04

  14. /etc/protocols • A text file that maps protocol names with protocol numbers used as IDs in the IP layer. • Example from Einstein (very small subset): • ip 0 IP # internet protocol, pseudo protocol number • icmp 1 ICMP # internet control message protocol • tcp 6 TCP # transmission control protocol • udp 17 UDP # user datagram protocol • gre 47 GRE # Generic Routing Encapsulation • ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6 • ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6

  15. /etc/services • A text file providing that maps the following: • Human friendly textual names for internet services • Assigned port numbers • Protocol types • Port assignments made by IANA • See http://www.iana.org/assignments/port-numbers • Example from Einstein: • # service-name port/protocol [aliases ...] [# comment] • tcpmux 1/tcp # TCP port service multiplexer • rje 5/tcp # Remote Job Entry • echo 7/tcp • systat 11/tcp users • daytime 13/tcp • ftp 21/tcp • ssh 22/tcp # SSH Remote Login Protocol • telnet 23/tcp

  16. inetd • Historically, each network service is supported by its own daemon process or processes. • A telnet daemon would support the telnet service, the ftp daemon would support the ftp process, etc. • Many daemons are running, often not being used. • Each service had to worry about security from the point of connection

  17. inetd • inetd (precursor to xinetd) was created to address the issue of the abundance of network service daemons. • inetd was designed to listen on ports for network service requests. • when a request arrived at a port, inetd would fork the appropriate process (ftp, telnet, etc) to service the request. • Therefore services like ftp, telnet, etc were no longer daemons - they are now transient processes. • Inetd is sometimes referred to as a ‘Super Server’.

  18. /etc/inetd.conf(inetd, n.d.) • File format: servicetypeprotocolwaituserservercmdline • service • Gives the service name. • The service name has to be translated to a port number by looking it up in the /etc/services file. • type • Specifies a socket type • stream (for connection-oriented protocols) • dgram (for datagram protocols).

  19. /etc/inetd.conf(inetd, n.d.) • protocol • Names the transport protocol used by the service. • Must be a valid protocol name found in the /etc/protocols • wait • This option applies only to dgram sockets. • It can be either wait or nowait. • If wait is specified, inetd executes only one server for the specified port at any time. • Otherwise, it immediately continues to listen on the port after executing the server.

  20. /etc/inetd.conf(inetd, n.d.) • user • This is the login ID of the user who will own the process when it is executing. • server • Gives the full pathname of the server program to be executed. • cmdline • This is the command line to be passed to the server. • This field is empty for internal services.

  21. /etc/inetd.conf(inetd, n.d.) • Sample File (Subset) • # • # inetd services • # • ftp stream tcp nowait root /usr/sbin/ftpd • login stream tcp nowait root /usr/sbin/rlogind • # • # inetd internal services • # • time stream tcp nowait root internal • time dgram udp nowait root internal • echo stream tcp nowait root internal • echo dgram udp nowait root internal

  22. xinetd • xinetd stands for eXtended InterNET services Daemon. • Created by Panos Tsirigotis at the University of Colorado. • More secure than inetd - designed to prevent Denial of Service attacks. • Can control access by: • address of remote host • time of access • name of remote host • domain of remote host • xinetd is sometimes referred to as the “super-server”.

  23. 0001: # 0002: # Simple configuration file for xinetd 0003: # 0004: # Some defaults, and include /etc/xinetd.d/ 0005: 0006: defaults 0007: { 0008: instances = 60 0009: log_type = SYSLOG authpriv 0010: log_on_success = HOST PID 0011: log_on_failure = HOST 0012: cps = 25 30 0013: } 0014: 0015: includedir /etc/xinetd.d 0016: xinetd is the name of the daemon process. xinetd config file: /etc/xinetd.conf instances: max number of simultaneous servers for a given service cps: first number is max connections per second second number is number of seconds to wait before re-enabling service after cps has been exceeded. xinetd.conf

  24. xinetd.d • In addition to having a config file for the xinetd daemon itself, each supported service (ftp, telnet, etc) has its own config file in /etc/xinetd.d [root@localhost xinetd.d]# ls amanda cups-lpd eklogin ipop3 pop3s services time amandaidx daytime finger klogin rexec sgi_fam time-udp amidxtape daytime-udp gssftp krb5-telnet rlogin swat chargen dbskkd-cdb imap kshell rsh talk chargen-udp echo imaps ktalk rsync telnet comsat echo-udp ipop2 ntalk servers tftp

  25. xinetd.d • Example: What follows is the configuration file for telnet: 0001: # default: on 0002: # description: The telnet server serves telnet sessions; it uses \ 0003: # unencrypted username/password pairs for authentication. 0004: service telnet 0005: { 0006: flags = REUSE 0007: socket_type = stream 0008: wait = no 0009: user = root 0010: server = /usr/sbin/in.telnetd 0011: log_on_failure += USERID 0012: disable = no 0013: } 0014:

  26. SSHD • SSHD - OpenSSH SSH daemon • replaces rsh and rlogin • forks a new sshd daemon for each new connection • communication is encrypted • used on einstein and can comes configured on RedHat 9.0

  27. SSHD • SSHD supports: • ssh • similar to telnet • client uses tool like putty (Windows), ssh (Linux/Unix) • secure ftp • similar to ftp • client uses tool like winscp2 (Windows), sftp (Linux, Unix)

  28. Samba • Open Source application that runs on Linux, Unix, etc. • It allows Linux machine to appear like a Windows file server to Windows client machines • It also allows Windows clients to make use of printing services on a Linux machine. • Supports Server Message Block (SMB) Protocol. • Windows client machines can mount Unix directories to their PCs (as added drives) • Included in most Linux distributions.

  29. NFS(NFS, n.d.) • Network File System • A protocol developed by SUN in 1984 • Allows a remote filesystem to be mounted on a local computer. • Originally implemented on top of UDP • Newer versions implement NFS protocol on top of TCP for better WAN support.

  30. References • http://www.perldoc.com/perl5.6.1/lib/CGI.html • http://www.xinetd.org/faq.html • http://www.linuxfocus.org/English/November2000/article175.shtml • http://www.macsecurity.org/resources/xinetd/tutorial.shtml • http://www.bgw.org/tutorials/operating_systems/linux/inetd_tour.php3 • Inetd, n.d. The inetd Super Server. Retrieved on 02/20/2007 http://www.faqs.org/docs/linux_network/x-087-2-appl.inetd.html • NFS, n.d. Network File System (Sun). Retrieved on 02/20/2007 http://en.wikipedia.org/wiki/Network_File_System_%28Sun%29

More Related