Ch16 system administration


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Note the following in regard to the hosts file. A host may have several “aliases.” In the previous code, the host may be addressed as,its fully qualified host name. The names grumpy or loghost are nicknames that it will also answer to. All hosts connected to the corporate network need not be listed in the hosts file. Typically, only those hosts routinely contacted are listed. For security reasons, root is the only user who can edit the /etc/hosts file. If a host routinely communicates with many hosts (e.g., more than a dozen) on the network, maintaining a large hosts file can become cumbersome. If this is the case, using an on-line distributed name service database system, such as the Domain Name System (DNS) or Network Information Service (NIS+), should be considered. WARNING: Trailing blank characters on a line in the hosts file may cause that entry to fail.
  • Each network interface will probably have a unique host name assigned to it. For example, a multi-homed machine with an hme0 and le0 interface on separate networks might be called thishost on one net­work interface and thishostthat_subnetwork on another. The /etc/hosts file should list both addresses for the host in order to facilitate mapping the unique interface names to an IP address. The following example shows the host name files for a host with two hme interfaces connected to two different networks. The host is registered as wazoo on one network and wazoo-206 on the second network. # more /etc/hostname.hme0 wazoo # more /etc/hostname.hme1 wazoo-206 WARNING: The name in the hostname.if_name file must resolve at boot time. It is wise to use IP addresses instead of the host’s name. Alternatively, ] you can have an entry in the /etc/hosts file for each hostname.if_name entry on the machine. Failure to use resolvable names will result in interfaces that cannot be configured at boot time.
  • In general, ports numbered 0 through 512 are reserved Internet protocol ports. These port numbers are assigned to particular services by the NIC. Port numbers between 512 and 1024 are generally recognized UNIX network service ports. These ports are not reserved, but are generally treated as though they were reserved port numbers. Port numbers above 1024 are unassigned, and may be used for local network services as required by the site. NOTE: The use of ports not assigned by the NIC may vary from site to site. Some sites may reserve a group of ports above 1024 for internal use. Checking with the local network administrator before assigning local ports and/or services is recommended.
  • You may want to limit the service requests a machine answers. This is done by removing the service from the /etc/inetd.conf file (or by removing the file from /etc/xinet.d ) and restarting inetd/xinetd . Conversely, to add a new service to a host, add information to the /etc/inetd.conf file (or add the appropriate configuration file to the /etc/xinet.d directory) and then restart inetd/xinetd . TIP: It is sometimes possible to send a signal to the inetd process to cause it to reread the configuration file. This is achieved by sending a kill -HUP signal to the process ID (PID) of the running inetd process. For example, if the inetd process is running with a PID of 73, the command kill -HUP 73 should cause the inetd process to reread the configuration file.
  • The files entry tells the system to check the configuration files located on the host’s file systems. The dns entry tells the host to try to resolve host names using the DNS if the host name was not found in the local configuration files. Some systems allow for more complicated processing of the service switch file. For example, many operating systems allow the administrator to explicitly state what should happen in the case of lookup failures. Solaris and HPUX allow the following result/action values in the service switch file. [NOTFOUND=action] : Causes the lookup to perform the action if the preceding service could not perform the resolution [SUCCESS=action] : Causes the system to perform action upon a successful lookup [UNAVAIL=action] : Causes the system to perform action if the resolution method was not available [TRYAGAIN=action\\] : Causes the system to perform action if the resolution method was busy, or not responding Note that the action taken upon satisfying the condition may be return or continue . The return action tells the system to return a failed status, whereas the continue action tells the system to try the next resolution method in the list. In addition, the TRYAGAIN keyword allows the action forever , with an optional limit on the number of times the action will actually be retried.
  • The –f flag is used to flush the routing table of all entries. Some operating systems use route –flush instead of route –f . The keyword field indicates the operation to be performed. Keywords available in all versions of the route command include the following. add : Add the specified route. delete : Delete the specified route. Some versions of route also support the following keywords: get : Look up and display the route for a destination. change : Change some aspect of the route (for example, change the gateway). flush : Remove all entries from routing tables. Monitor : Continuously monitor and report changes in the status of routing tables, routing hits and misses, and suspected network partitioning. The type field indicates whether this route is a host route or a network route. Because the route command may not have knowledge of local subnet masks, the administrator should always specify whether the route is a host or network route. Note, however, that some versions of the route command will consult the /etc/networks and /etc/netmasks files in an attempt to determine local subnet masks, and therefore assign the “proper” type of route if the type is not specified. Note also that some operating systems require a hyphen before type field. The values allowed in the type field are therefore limited to the following. [-]host : Route to a specific host [-]net : Route to a network
  • Feb 12 14:30:14 grumpy inetd[251]:[ID 317013 daemon.notice] ftp[13370] from 32769 This syslog entry includes several important pieces of information about this network connection attempt.     The Date field tells when the message was logged.     The Hostname field gives the name of the host ( grumpy ) that sent this log message.     The Process field tells what process running on hostname generated this message. In this case, the inetd process, running on grumpy , with process ID of 251, sent the message.     The Severity field tells the severity level of this notice (daemon notice).     The Subprocess field lists the command invoked by inetd as a result of this connection request. In this case, the inetd service launches ftpd on host grumpy . The ftpd process invoked has a process ID of 13370.     The Remote host field lists the IP address of the host that made this network connection request.
  • Other values often modified include the TCP high water and low water marks, and the type of link in use (half/full duplex, “autobaud”/10/100/1000 Megabit Ethernet capabilities). The ndd command may be used to probe the following devices. /dev/tcp : TCP protocol stack variables /dev/udp : UDP protocol stack variables /dev/ip : IP protocol stack variables /dev/icmp : ICMP protocol stack variables /dev/rawip : ICMP protocol stack variables /dev/arp : ARP protocol variables /dev/le : Lance Ethernet device driver variables / dev/hme : 100 Mbit Ethernet device driver variables /dev/eri : Gigabit Ethernet device driver variables To see what variables are available under a specific device, invoke ndd as follows. ndd /dev/{devicename} \\? This will cause ndd to query the driver and produce a list of variables that the driver lists as available to be viewed/set using the ndd interface.
  • NOTE: Different vendors implement multi-pathing in different ways. Consult your vendor information to determine the specifics of how your operating environments implement/configure multi-pathing. The following example shows the host name files from a Solaris host using Sun’s multi-path mode of operation. This configuration provides better bandwidth, and redundancy for the host by “bonding” two interfaces. If one interface fails, the system will continue to run with half the bandwidth previously available to it. Note that both interfaces are on the same network and have the same host name. The interfaces are added to an interface group by directives in the hostname.if_name file. # more /etc/hostname.hme0 wazoo group plc -failover # more /etc/hostname.hme1 wazoo group plc –failover NOTE: Not all operating systems allow the operator to place the same information in their hostname.ifname files. Consult the manual page for your OS to determine the appropriate values to place in your files.
  • # cat /proc/sys/net/ipv4/conf/eth0/accept_redirects 1 If the command returns a 1 (as in the previous code), the feature is enabled on the eth0 interface. If the administrator decides to turn off the system’s capability of accepting ICMP REDIRECT directives on the eth0 interface, he/she could change the file using the following. # echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects The System Administration, Networking, and Security Institute (SANS) publishes step-by-step guides to assist an administrator with the task of securing operating systems. The SANS Step-by-Step Guide to Securing Linux contains many helpful tips for securing a Linux host on the network using the /proc interface files.
  • As an example of a simple DHCP configuration, the administrators created a DHCP server named (aptly) dhcpserve . This machine provides DHCP service to clients on the network. The network has 10 client machines that obtain IP addresses via DHCP. When the administrator has completed the configuration process, the dchpconfig command will create two database files. The files created by the dhcpconfig command are stored in the /var/dhcp directory. The /var/dhcp/dhcptab file contains information about the server environment. The /var/dhcp/[IP_with_underscores] file contains the information regarding addresses leased out, and available addresses. If the network number for the DHCP network is, this file name would be /var/dhcp/192_168_0_0 .
  • Linux, BSDI, and MacOS X Once the hosts file has been modified, try one (or both) of the following commands. route add -host all-ones dev eth0 route add dev eth0 Once the route has been added, you need to edit the /etc/dhcp.conf file to configure the DHCP server’s operation. If you are using the KDE window manager, you can use the kcmdhcpd GUI to configure the DHCP service. The following sample dhcp.conf file configures the server to provide client addresses in the through and through ranges. The default lease time will be 600 seconds unless the client requests some other value. The time limit on a lease is 7200 seconds (2 hours). The client will be instructed to use the subnet mask, and the broadcast address . The client will also be told to use as its default gateway. The host will be told to use the name servers at and The client domain name will be set to . Windows clients will be configured with as their WINS server. default-lease-time 600; max-lease-time 7200; option subnet-mask; option broadcast-address; option routers; option domain-name-servers,; option domain-name ""; option netbios-name-servers; subnet netmask { range; range; }
  • The easiest way to configure DHCP on a HPUX system is through the SAM program. Under SAM, select Networking and Communications | Bootable Devices | DHCP Device Groups Booting From This Server. At this point, the system should display any existing DHCP groups assigned to this server. If none appear, you need to add one, as follows. Use the ACTION menu, select Add DHCP Group. Fill in the information on this screen. This includes the following items. DHCP group name Subnet mask [subnet] Address pool Lease time Consult the dhcp manual pages for more information on these options.
  • Several third-party utilities are available to parse message files, and alert you to messages you may have missed. The following are two of the more popular utilities.     logcheck : Now called Psionic LogSentry. LogSentry is available at . This utility comes complete with installation and configuration information. The LogSentry utility is very similar to the log parser that comes with the TIS Guantlet firewall product.     swatch : Simple watcher developed by E. Todd Atkins at the University of California, Santa Barbara. Swatch is available at . The distribution code includes installation and configuration information for this utility.
  • WARNING: SNMP has been perpetually insecure. The use of well-known “community strings” (passwords), and the existence of buffer overflows in many implementations, has made the use of SNMP somewhat dangerous. If your site uses SNMP, you need to take extra caution to block external access to the SNMP processes. Failure to do so may result in your systems becoming compromised by hackers.
  • sysdescr PLC SparcStation syscontact [email_address] sysLocation Poodle Lecture Consulting # system-group-read-community Myreadgroupstring #system-group-write-community Mywritegroupstring # read-community Myreadcomstring #write-community Mywritecomstring # trap localhost trap-community SNMP-trap # #kernel-file /vmunix # managers localhost Once the snmpd.conf file has been modified, make sure it is only accessible by root . If the file is readable by others, they will have access to your read/write strings, and therefore access to your systems. You can start the snmp utilities running by invoking the S76snmpdx script, followed by the S77dmi script with the start argument.
  • get-community-name : your_read_community_password     set-community-name : your_write_community_password     trap-dest : Name of the hosts that should receive trap notifications. There may be more than one trap destination.     location : Physical location of the host.     contact : E-mail address of the person to contact about the host. The HPUX SNMP daemon logs information to /var/adm/snmpd.log . Starting snmp with a log mask can control the amount of logging. See the manual page for snmp to determine the proper log mask for your site.
  • Monitoring traffic containing specific data.     Monitoring a network to determine which host is creating the most network traffic. The snoop com­mand even provides a “cheap and dirty” means of determining which hosts are generating the most traffic on the network. You could start snoop and visually mon­itor which hosts are generating traffic ( snoop -d hme0 ). Alternatively, you could generate some shell scripts to invoke snoop to capture a specified number of packets, and then analyze which hosts were send­ing and receiving packets during the sample window. For example , snoop -d hme0 -o /tmp/snapshot -c 10000 will collect 10,000 packets and save them in the /tmp/snapshot file. You can then use snoop -i /tmp/snapshot | grep hostname |wc -l to determine how many of the 10,000 packets hostname contrib­uted. Figure 16-13 shows snoop used to monitor network traffic. WARNING: By default, snoop is a root-restricted command because the network interface device spe­cial file is created with root read permission. Some applications require that the network interface run in promiscuous mode. This changes the read/write modes of the device-special file such that any user on the host can use the snoop command to capture packets. You may want to have the root crontab invoke a utility such as ifstatus periodically to determine the mode of the network interface(s) on your hosts.
  • # nettl -tn 0x30800000 -e ns_ls_ip -size 1024 0tracemax 99999 -f /tmp/raw0 To view the data just collected, the user would need to invoke the netfmt command with the options required to format the output as desired. The following example shows the use of the netfmt command to give a one-line trace analysis of all packets captured to the /tmp/raw0.TRC0 file. # netfmt -N -n -l -1 -f /tmp/raw0.TRC0 > /tmp/fmt-10 The nettl utility provides the ability to incorporate filters into the packet capture and analysis process. A filter is a small “program” or specification that tells the utility what packets to capture/display. The filters can be used to specify source or destination addresses, MAC addresses, protocols, ports, and other useful classifiers for the packet capture/display. Consult the manual pages for nettl , netfmt , and nettlgen.conf for more information on the use of the HPUX nettl utility.
  • # tcpdump -vvv -i hme1 -e -c 1 -x ‘icmp’ 14:21:40.496416 8:0:20:7e:80:69 8:0:20:9a:5d:bc ip 98: > icmp: echo request (DF) (ttl 255, id 56704, len 84) 4500 0054 dd80 4000 ff01 68cc 814a 1965 814a 1962 0800 6843 2328 0000 3c98 e144 0004 63b0 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 One of the most powerful features of tcpdump is its ability to use filters to narrow down the type of packet to be displayed. This filtering capability makes tcpdump an extremely powerful tool. If you want to capture specific types of packets, all you have to do is write a filter that uniquely specifies that type of packet. Once you have the filter written, call tcpdump with the filter option, and tcpdump will use your filter as part of the packet selection criteria. The format of the filters is pretty straightforward. The basic formula for a filter is as follows. <header> [<offset>:<length>] <relation> <value> The relational operators tcpdump understands are =, <, >, <=, >=, and !=. The logical operators it understands are the and (&), or (|), and not (!) operators. A simple example of a filter would be a filter for capturing all telnet traffic, such as follows. # tcpdump -i hme1 -x ‘tcp[2:2] = 25’ This tells tcpdump to look at the tcp header. Skipping bytes 0 and 1 (the source port), and looking at bytes 2 and 3 (the destination port), if this two-byte field contains the value 25, this is an SMTP packet! To make life simpler, tcpdump also includes some built-in macros that make writing filters even simpler.
  • Ch16 system administration

    1. 1. Network Configuration and Management Chapter 16
    2. 2. Chapter Goals <ul><li>Examine and understand network configuration files. </li></ul><ul><li>Examine and understand network configuration utilities. </li></ul><ul><li>Examine network monitoring utilities. </li></ul><ul><li>Examine simple troubleshooting utilities. </li></ul>
    3. 3. Host Configuration <ul><li>General Network Configuration Procedure </li></ul><ul><li>To connect a host to the network, the administrator needs the following information. </li></ul><ul><ul><li>    Host name for the system </li></ul></ul><ul><ul><li>    Domain name for the system </li></ul></ul><ul><ul><li>    IP address for the system </li></ul></ul><ul><ul><li>    Netmask for the network (if applicable) </li></ul></ul><ul><ul><li>    Default router (gateway) for the network </li></ul></ul><ul><ul><li>    Name service used on the network </li></ul></ul><ul><ul><li>    Name or address of the machine providing name service </li></ul></ul><ul><li>Once you have this information, you can configure the machine and “plug it in” to the network. </li></ul>
    4. 4. Host Configuration <ul><li>Every operating system stores network configuration information in files. </li></ul><ul><ul><li>Fortunately, some of these files are common across multiple versions of UNIX. </li></ul></ul><ul><ul><li>Some of these files specify information about the host’s address and host name, or unique setup parameters. </li></ul></ul><ul><ul><li>Other files specify which network ser­vices the host will allow, and which other hosts on the network provide services the host may require. </li></ul></ul><ul><ul><li>Many operating systems also provide access to the TCP/IP network stack variables in order to allow advanced network configuration. </li></ul></ul>
    5. 5. Host Configuration <ul><li>Common UNIX Configuration Files </li></ul><ul><li>Network configuration information is stored in several files on the system. </li></ul><ul><ul><li>Most of the OS installers ask for the previously listed information and configure the system for network operation. </li></ul></ul><ul><ul><li>Where is all of this information stored? </li></ul></ul><ul><ul><li>How do you make changes to the network configuration without reloading the operating system? </li></ul></ul>
    6. 6. Host Configuration <ul><li>/etc/hosts File </li></ul><ul><ul><li>One of the most frequently used network administration files is the /etc/hosts file ( /etc/inet/hosts on System V machines). </li></ul></ul><ul><ul><li>Even Windows systems have a version of the hosts file, called lmhosts . </li></ul></ul><ul><ul><li>The file is a registry of IP addresses and associated host names known to a system. </li></ul></ul><ul><ul><li>At a minimum, it must contain the loop-back address ( and the IP address for the host. </li></ul></ul><ul><ul><li>The hosts file is one of the resources consulted by applications in order to resolve a host name to an IP address when communications are requested. </li></ul></ul><ul><ul><li>The format of host file entries follows. </li></ul></ul><ul><li>IP address<Tab>Fully.Qualified.Name<space>[host_alias]* </li></ul><ul><ul><li> grumpy loghost </li></ul></ul>
    7. 7. Host Configuration <ul><li>/etc/hostname.if_name File </li></ul><ul><ul><li>Many versions of UNIX use files in the /etc directory to aid in the configuration of individual interfaces on the system. </li></ul></ul><ul><ul><ul><li>For example, Solaris uses files with the generic name /etc/hostname.if_name to simplify system configuration at boot time. </li></ul></ul></ul><ul><ul><ul><li>The device name of the network interface is substituted for the if_name portion of the file name. </li></ul></ul></ul><ul><ul><ul><li>For a host with an on-board hme Ethernet device, connected to a single network, the /etc/hostname.hme0 file would contain the host name to be used by that interface. </li></ul></ul></ul><ul><ul><ul><li>Machines connected to multiple networks would have multiple /etc/host­name.if_name files. </li></ul></ul></ul><ul><ul><ul><li>Solaris also uses a file called /etc/hostname6.if_name to configure any Ipv6 interfaces on the system. </li></ul></ul></ul>
    8. 8. Host Configuration <ul><li>/etc/nodename File </li></ul><ul><ul><li>System V machines may also employ another file to maintain an “alias” for the host on the network. </li></ul></ul><ul><ul><ul><li>The /etc/nodename file contains the “alias” name from /etc/hosts . </li></ul></ul></ul><ul><ul><ul><li>For a multi-homed host, this allows the host to respond to service requests from all connected networks by a single host name. </li></ul></ul></ul><ul><ul><ul><li>This requires users to remember only one name for the host, no matter which network interface they use to contact the host. </li></ul></ul></ul>
    9. 9. Host Configuration <ul><li>/etc/services file </li></ul><ul><ul><li>The /etc/services file contains a list of network ports and services that correspond to those ports. </li></ul></ul><ul><ul><ul><li>For example, port 25 is defined as the SMTP port, whereas port 80 is reserved as the hypertext transport protocol daemon ( httpd ) port. </li></ul></ul></ul><ul><ul><ul><li>To add a new service to a host, the administrator must add a port number and service name pair to the /etc/services file. </li></ul></ul></ul>
    10. 10. Host Configuration <ul><li>/etc/inetd.conf File </li></ul><ul><ul><li>UNIX provides two types of network service daemons: </li></ul></ul><ul><ul><ul><li>persistent daemons, which are started by run control scripts and are always running, and </li></ul></ul></ul><ul><ul><ul><li>“ part time” services that are only launched when required. </li></ul></ul></ul><ul><ul><ul><ul><li>These “part-time” services are controlled by the inet daemon ( inetd , or xinetd under Linux). </li></ul></ul></ul></ul><ul><ul><ul><ul><li>The persistent inetd daemon reads the inetd.conf file when it is started. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>The inetd.conf file tells inetd the ports it should listen on. Once inetd is running, it monitors incoming network packets for service requests on the ports under its control. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>When a request is received, inetd launches the daemon listed for this port in the inetd.conf file. </li></ul></ul></ul></ul>
    11. 11. Host Configuration <ul><ul><li>/etc/resolv.conf File </li></ul></ul><ul><ul><ul><li>Most versions of UNIX use the information in the /etc/resolv.conf file to configure the name service client on the host. </li></ul></ul></ul><ul><ul><ul><li>The file consists of keywords and values. Some of the more common keywords follow. </li></ul></ul></ul><ul><ul><ul><ul><li>domain : DNS domain of this host </li></ul></ul></ul></ul><ul><ul><ul><ul><li>nameserver (up to three allowed): IP address of the name server(s) this host should contact. The preferred name server should be listed first. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>search : List of up to seven domains the system should search when trying to resolve an unqualified host name. </li></ul></ul></ul></ul>
    12. 12. Host Configuration <ul><li>/etc/nsswitch.conf File </li></ul><ul><ul><li>The /etc/nsswitch.conf file, also known as the service switch file, is used to tell the system which order it should try to resolve host names. </li></ul></ul><ul><ul><li>Linux also uses the /etc/host.conf file for this purpose, and BSDI uses the /etc/host.conf file to determine resolution order. </li></ul></ul><ul><ul><li>These files consist of keywords and values. Some of the more common entries follow. </li></ul></ul><ul><ul><ul><li>hosts: files dns </li></ul></ul></ul><ul><ul><ul><li>ipnodes: files dns </li></ul></ul></ul><ul><ul><ul><li>passwd: files </li></ul></ul></ul><ul><ul><ul><li>ethers: files </li></ul></ul></ul><ul><ul><ul><li>netmasks: files </li></ul></ul></ul><ul><ul><ul><li>bootparams: files </li></ul></ul></ul><ul><ul><ul><li>services: files </li></ul></ul></ul><ul><ul><ul><li>aliases: files </li></ul></ul></ul><ul><ul><ul><li>netgroups: files </li></ul></ul></ul>
    13. 13. Host Configuration <ul><li>Common UNIX Configuration Commands </li></ul><ul><ul><li>Different versions of UNIX provide several methods for the administrator to enter system network configuration information. </li></ul></ul><ul><ul><li>During the installation of the operating system, the installation procedure may prompt you for network information and build the files as required for the installation. </li></ul></ul><ul><ul><li>Once the system is up and running, other methods and utilities are available for updating network information. </li></ul></ul>
    14. 14. Host Configuration <ul><li>ifconfig </li></ul><ul><ul><li>The ifconfig command is used to bind the IP address, host name, net mask, broadcast address, and other network configuration parameters to a particular network interface. </li></ul></ul><ul><ul><li>The ifconfig command is run at boot time by the startup scripts called by the init process. </li></ul></ul><ul><ul><li>Unfortunately, every vendor has added its own options to the ifconfig command, with the list of options growing daily. </li></ul></ul><ul><ul><li>This fact makes it almost impossible to tabulate all options available for every operating system environment. </li></ul></ul><ul><ul><li>You can use the ifconfig command to examine and/or modify interface parameters while the system is up and running. </li></ul></ul><ul><ul><li>When issued with the –a flag, ifconfig prints the configuration information for all interfaces. </li></ul></ul><ul><ul><li>Note that IPv4 and IPv6 information is listed separately on dual-stack hosts. </li></ul></ul><ul><ul><li>Because the implementation details may differ on various versions of UNIX, it is best to consult the ifconfig manual page on your system for more information on this command. </li></ul></ul>
    15. 15. Host Configuration <ul><li>route </li></ul><ul><ul><li>The route command is used to add and manage static routing tables on the host. </li></ul></ul><ul><ul><ul><li>Static routes are, as the name implies, routes that should not change very often. </li></ul></ul></ul><ul><ul><ul><li>Many sites configure their systems to send all packets to the site/building/group router nearest the host’s location. </li></ul></ul></ul><ul><ul><ul><li>The routers then decide how to deliver the data to the final destination. </li></ul></ul></ul><ul><ul><ul><li>The route command allows the administrator to manually add a static route to this “default gateway” router. </li></ul></ul></ul><ul><ul><ul><li>The generic call to the route command is as follows. </li></ul></ul></ul><ul><ul><li>route [-f] keyword [type] destination gateway [metric] </li></ul></ul>
    16. 16. Host Configuration <ul><li>The destination field contains the IP address of the route’s destination. </li></ul><ul><ul><li>This could be a host address (for example, or a network address (for example,, as specified by the type field. </li></ul></ul><ul><li>The gateway field specifies the address of the router that provides the gateway service for this route. </li></ul><ul><ul><li>This field may contain the IP address of a host, the IP address of a network, or the string default. The IP address of may also be used in place of the string default. </li></ul></ul><ul><ul><li>Packets bound for a destination that does not have an explicit route in the host’s routing tables use the default route. </li></ul></ul><ul><li>The metric field gives the administrator a way to assign precedence to the routes in the routing table. </li></ul><ul><ul><li>For example, a host with multiple network interfaces may have static routes to multiple gateway routers. </li></ul></ul><ul><ul><li>If one of these routes included a path with higher bandwidth, the administrator might want to force the traffic to use this route unless the link was down. </li></ul></ul><ul><ul><li>By assigning a low metric value (typically 1) to the preferred route, and a high metric value (something greater than 1) to the slower link, the system would use the preferred route most of the time. </li></ul></ul>
    17. 17. Host Configuration <ul><li>WARNING: Check the manual page for the route command on your system for any nonstandard behavior in that environment. For example, the BSDI kernels do not allow a metric value, but will gladly accept the value at the end of the command as a net mask. This is rarely what the administrator had in mind when configuring the host! </li></ul><ul><li>OS-specific Network Configuration Information </li></ul><ul><ul><li>There are no specifications that force UNIX OS vendors to use common file names and content to configure the system. </li></ul></ul><ul><ul><ul><li>This includes the numerous network configuration files on today’s UNIX hosts. </li></ul></ul></ul>
    18. 18. Host Configuration <ul><li>Solaris </li></ul><ul><ul><li>Solaris provides a plethora of files that are involved in the configuration of networking. </li></ul></ul><ul><ul><li>In fact, Solaris is probably the most difficult OS to deal with when configuring networking due to the number of configuration files and utilities that seem to be randomly scattered through the file systems. </li></ul></ul><ul><li>/etc/defaultrouter </li></ul><ul><ul><li>This file contains the IP address of the default router (gateway) for this host. </li></ul></ul><ul><ul><li>A sample defaultrouter file might appear as follows. </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><li>This entry would tell the host that in the absence of a specific routing table entry for the destination host route all packets to the router at for delivery. </li></ul></ul><ul><ul><li>The default router has also been called the “router of last resort,” as the host will attempt to find a specific route to the destination before it will send the packet to the default router. </li></ul></ul>
    19. 19. Host Configuration <ul><li>/etc/defaultdomain </li></ul><ul><ul><li>This file is used to specify the default NIS[+] domain for this host. </li></ul></ul><ul><ul><li>The NIS domain name may be different from the DNS domain name. </li></ul></ul><ul><li>/etc/netmasks </li></ul><ul><ul><li>When a network is divided into subnets, the net mask may not be obvious. </li></ul></ul><ul><ul><li>The /etc/netmasks file associates a subnetwork with the net mask used to create the subnetwork. </li></ul></ul><ul><ul><li>This allows the system to automatically determine the broadcast address for the subnet. </li></ul></ul><ul><ul><li>Typical content for a netmasks file might resemble the following example. </li></ul></ul><ul><ul><ul><li> </li></ul></ul></ul><ul><ul><ul><li> </li></ul></ul></ul><ul><ul><ul><li> </li></ul></ul></ul><ul><ul><ul><li> </li></ul></ul></ul><ul><ul><ul><li> </li></ul></ul></ul>
    20. 20. Host Configuration <ul><li>/etc/networks </li></ul><ul><ul><li>The networks file is used to associate symbolic network names with Internet protocol addresses. </li></ul></ul><ul><ul><li>While largely unused, some applications rely on the (sparse) information found in this file. </li></ul></ul><ul><ul><ul><li># The networks file associates Internet Protocol (IP) </li></ul></ul></ul><ul><ul><ul><li># network numbers with network names. The format </li></ul></ul></ul><ul><ul><ul><li># of this file is: </li></ul></ul></ul><ul><ul><ul><li># network-name network-number nicnames . . . </li></ul></ul></ul><ul><ul><ul><li># The loopback is used for intra-machine communication </li></ul></ul></ul><ul><ul><ul><li>loopback 127 </li></ul></ul></ul><ul><ul><ul><li># </li></ul></ul></ul><ul><ul><ul><li># Internet networks </li></ul></ul></ul><ul><ul><ul><li># </li></ul></ul></ul><ul><ul><ul><li>arpanet 10 arpa # Historical </li></ul></ul></ul>
    21. 21. Host Configuration <ul><li>/etc/init.d/network </li></ul><ul><ul><li>The /etc/init.d/network file is the first of the network startup scripts invoked by init at boot time. </li></ul></ul><ul><ul><li>The services launched by the network script include the multicast routing daemon, and the DHCP client daemon. </li></ul></ul><ul><ul><li>The script also call ifconfig (to configure network interfaces). </li></ul></ul><ul><ul><li>The interfaces must be properly configured and available before any other network services may be started. </li></ul></ul>
    22. 22. Host Configuration <ul><li>/etc/init.d/inetsvc </li></ul><ul><ul><li>The /etc/init.d/inetsvc file is the next network startup script invoked by init at boot time. This script starts many of the Solaris network daemons. </li></ul></ul><ul><ul><li>The inetsvc script starts the NIS daemons to provide NIS, the named binary to provide DNS, and the Dynamic Host Configuration Protocol (DHCP) server daemon. </li></ul></ul><ul><ul><li>The inetsvc script also configures a multicast route to be used by multicast services, and launches the inetd daemon to manage non-persistent service daemons. </li></ul></ul><ul><ul><li>If you want your hosts to send a log entry for every network connection request to syslog , change the last line of the inetsvc script to invoke inetd with the –t flag (in addition to the –s flag). </li></ul></ul><ul><ul><ul><li>This enables the trace option of inetd . All incoming network connections generate a log entry in the /var/adm/messages file </li></ul></ul></ul><ul><li>Feb 12 14:30:14 grumpy inetd[251]:[ID 317013 daemon.notice] ftp[13370] from </li></ul>
    23. 23. Host Configuration <ul><li>/usr/sbin/ndd </li></ul><ul><ul><li>Solaris and HPUX provide the ndd command to allow the administrator to get and set driver configuration parameters. </li></ul></ul><ul><ul><li>For example, if you want to use a host as a packet forwarding system, the kernel must be configured to provide this service. </li></ul></ul><ul><ul><li>The appropriate kernel configuration may be accomplished via the ndd command. </li></ul></ul><ul><ul><li>In particular, you should use ndd to turn on packet forwarding at the IP protocol stack level. </li></ul></ul><ul><ul><li>To accomplish this task on a Solaris host, you would use the following command. </li></ul></ul><ul><ul><li># /usr/sbin/ndd -set /dev/ip ip_forwarding 1 </li></ul></ul><ul><ul><li>Conversely, the following command will disable packet forwarding on a Solaris system. </li></ul></ul><ul><ul><li># /usr/sbin/ndd -set /dev/ip ip_forwarding 0 </li></ul></ul>
    24. 24. Host Configuration <ul><li>Hosts with Multiple Interfaces </li></ul><ul><li>Quite often you will encounter systems with more than one network interface. </li></ul><ul><li>This situation may be required for many reasons. </li></ul><ul><ul><li>Sometimes the host requires more bandwidth than can be provided by one interface. </li></ul></ul><ul><ul><li>Other times the system needs to localize traffic to a specific network segment, or the system may need to answer to multiple “names” on the network. </li></ul></ul><ul><ul><li>These hosts impose some interesting problems on the system administrator. </li></ul></ul>
    25. 25. Host Configuration <ul><li>Multi-path Capabilities </li></ul><ul><ul><li>Systems that contain several network interfaces connected to the same network are called multi-path hosts. </li></ul></ul><ul><ul><ul><li>These hosts often have very high availability or bandwidth requirements. </li></ul></ul></ul><ul><ul><ul><li>For this reason, the system architects might install multiple network interface adapters, and connect them to the same media. </li></ul></ul></ul><ul><ul><ul><li>In the case of a high-bandwidth setup, multiple network interfaces are assigned the same IP address and host name. </li></ul></ul></ul><ul><ul><li>Under Solaris, this may be accomplished with the ifconfig adapter group groupname command. </li></ul></ul><ul><ul><ul><li>This invocation of ifconfig allows the administrator to group interfaces into a virtual “larger” network connection. </li></ul></ul></ul><ul><ul><ul><li>This group of interfaces acts as a single link, but splits the bandwidth load across many links, thereby providing better overall bandwidth. </li></ul></ul></ul><ul><ul><ul><li>In the case of high-availability setups, the interfaces may be configured to provide automatic “fail-over,” which provides a “hot spare” situation for the network interfaces. </li></ul></ul></ul><ul><ul><ul><li>This option is configured through the ifconfig –failover option. </li></ul></ul></ul>
    26. 26. Host Configuration <ul><li>Multi-homed Hosts </li></ul><ul><ul><li>Hosts with network interfaces on several networks are referred to as multi-homed hosts . </li></ul></ul><ul><ul><li>Such hosts may be configured to act as routers on the internal network. </li></ul></ul><ul><ul><li>Because these hosts are connected to multiple networks, it may be desirable to have them forward packets from one net­work to another to facilitate communications. </li></ul></ul><ul><ul><li>This process is sometimes referred to as packet forwarding, or ip forwarding . </li></ul></ul><ul><li>NOTE: Packet forwarding will require considerable processor overhead, and is usually best left to routers designed to perform this function. </li></ul><ul><ul><li>The administrator can use the route command to set the metric for a route, or the ndd command to set the metric for an interface. </li></ul></ul><ul><ul><li>The result is the same: one route is preferred over another due to the weight (metric) assigned to each route/interface. </li></ul></ul><ul><ul><li>Note that configuration settings made using ndd or route do not persist across reboots. </li></ul></ul>
    27. 27. Host Configuration <ul><li>/etc/system </li></ul><ul><li>The /etc/system file is a dumpster for things that don’t fit elsewhere. </li></ul><ul><ul><li>This file is read at boot time, and is used to configure everything from network interfaces to virtual memory to executable stack limits. </li></ul></ul><ul><ul><li>On the networking side, this file is used to configure network interfaces. </li></ul></ul><ul><ul><li>Placing directives in this file will cause the configuration settings to be applied each time the system reboots. </li></ul></ul><ul><ul><li>One example of extraordinary network configuration is a network interface configured for “non-auto sensing” operation. </li></ul></ul><ul><ul><ul><li>By default, Sun network interfaces perform auto-speed and auto-duplex sensing of the network equipment to which they are connected. </li></ul></ul></ul><ul><ul><ul><li>This situation sometimes leads to deadlocks when a host tries to auto-sense the type of connection it is using. </li></ul></ul></ul><ul><ul><ul><li>Directives in the /etc/system file can force a Solaris system to disable the auto-sense capabilities of the interface, and force the interface to operate in a fixed speed/duplex mode. </li></ul></ul></ul><ul><ul><ul><li>Note that the same results could be obtained using the ndd commands (shown as comments in the following example). </li></ul></ul></ul>
    28. 28. Host Configuration <ul><li>; Set interface not to negotiate speed </li></ul><ul><li>; same as ndd –set hme:hme_adv_autoneg_cap=0 </li></ul><ul><li>set hme:hme_adv_autoneg_cap=0 </li></ul><ul><li>; set interface to 100 megabit full duplex </li></ul><ul><li>; same as ndd –set set hme:hme_adv_100fdx_cap=1 </li></ul><ul><li>set hme:hme_adv_100fdx_cap=1 </li></ul><ul><li>/usr/sbin/sys-unconfig </li></ul><ul><ul><li>The Solaris /usr/sbin/sys-unconfig command allows the administrator to change the network information of the host. </li></ul></ul><ul><ul><li>This command removes all network-specific information files, and halts the machine. </li></ul></ul><ul><ul><li>When the machine is rebooted, a portion of the SunInstall program is invoked to prompt the administrator for the new network connection information. </li></ul></ul><ul><ul><li>Once the new information is entered, the system reconfiguration is complete, and the system is ready for use. </li></ul></ul>
    29. 29. Host Configuration <ul><li>PPP Under Solaris </li></ul><ul><ul><li>The Solaris operating system provides a point-to-point protocol daemon called aspppd . </li></ul></ul><ul><ul><li>The ppp daemon is used to provide PPP service over dial-up modem links [or PPP over Ethernet (PPPOE), as used by some virtual private networks] and Network Address Translation systems. </li></ul></ul><ul><li>Red Hat Linux </li></ul><ul><ul><li>The Linux operating system attempts to place most of the configuration files in a common location. </li></ul></ul><ul><ul><li>In general, under UNIX, the /etc directory usually contains system startup scripts and configuration files. </li></ul></ul><ul><ul><li>But many vendors create multiple subdirectories under /etc to segregate and contain the files/scripts required to configure the system. </li></ul></ul><ul><ul><li>Whereas most versions of Linux use the BSD conventions for configuration files, RedHat Linux does things a little differently. </li></ul></ul><ul><ul><li>Under Red Hat Linux, this subdirectory is /etc/sysconfig . </li></ul></ul><ul><ul><li>The /etc/sysconfig directory contains scripts and data files required to configure many system services, including networking. </li></ul></ul>
    30. 30. Host Configuration <ul><li>The linuxconf Command </li></ul><ul><ul><li>The /bin/linuxconf command is the top-level Linux configuration tool. </li></ul></ul><ul><ul><li>This tool contains links to several second-level configuration tools. </li></ul></ul><ul><ul><li>One of the tools linuxconf can invoke is the netconfig command. </li></ul></ul><ul><li>WARNING: The linuxconf command is also available as an inetd service. The linuxconf command has been known to be less than bulletproof, and many administrators disable the ability to launch the linuxconf command via inetd. </li></ul>
    31. 31. Host Configuration <ul><li>The netconf Command </li></ul><ul><li>The /bin/netconfig command, is the primary network configuration GUI under Linux. </li></ul><ul><li>This tool includes menus that allow the administrator to configure IP addresses, net masks, metrics, and other operational parameters of the network interfaces, as well as network protocol stacks. </li></ul><ul><li>This tool often launches other utilities to perform these tasks. </li></ul><ul><li>The Network Script File </li></ul><ul><li>The /etc/sysconfig/network file contains information that is “generic” to all interfaces on the host. </li></ul><ul><li>The following are a few of the keywords and typical values. </li></ul><ul><ul><ul><li>NETWORKING=yes # enable networking on host </li></ul></ul></ul><ul><ul><ul><li>FORWARD_IPV4=”no” # yes if host routes packets </li></ul></ul></ul><ul><ul><ul><li>HOSTNAME=”grumpy” # hostname for this host </li></ul></ul></ul><ul><ul><ul><li>DOMAINNAME=”” # domain of this host </li></ul></ul></ul><ul><ul><ul><li>GATEWAY=”” # The IP gateway for this host </li></ul></ul></ul><ul><ul><ul><li>GATEWAYDEV=”eth0” # default link device </li></ul></ul></ul>
    32. 32. Host Configuration <ul><li>The ifcfg-ifname File </li></ul><ul><ul><li>The /etc/sysconfig/network-scripts/ifcfg-ifname files supply the configuration information for each network interface. </li></ul></ul><ul><ul><li>These script files contain a series of keywords and values parsed at boot time. </li></ul></ul><ul><ul><li>The values are used to configure network interfaces, net masks, and host names; set default gateways; and perform other tasks required to bring the host up on the network. </li></ul></ul><ul><li>DEVICE=&quot;eth0&quot; # The interface name </li></ul><ul><li>BOOTPROTO=&quot;none&quot; # Set to DHCP to use DHCP </li></ul><ul><li>IPADDR=&quot;; # Host’s static IP address </li></ul><ul><li>NETWORK=“” # The network number </li></ul><ul><li>BROADCAST=”” # The broadcast address </li></ul><ul><li>NETMASK=&quot;; # The netmask </li></ul><ul><li>ONBOOT=&quot;yes&quot; # yes to configure at boot </li></ul>
    33. 33. Host Configuration <ul><li>The ifup Script </li></ul><ul><ul><li>The /etc/sysconfig/network-scripts/ifup script file is invoked at boot time by init . </li></ul></ul><ul><ul><li>The script reads the interface files and parses the entries. </li></ul></ul><ul><ul><li>The information from the entries is used to configure each network interface with the proper values. </li></ul></ul><ul><li>The ifdown Script </li></ul><ul><ul><li>The /etc/sysconfig/network-scripts/ifdown script file is invoked at shutdown time by init . </li></ul></ul><ul><ul><li>The script reads the interface files and parses the entries. </li></ul></ul><ul><ul><li>The information from the entries is used to shut down each network interface. </li></ul></ul><ul><li>The network-functions Script </li></ul><ul><ul><li>The /etc/sysconfig/network-scripts/network-functions script file contains a “library” of functions used by the ifup and ifdown scripts. </li></ul></ul><ul><ul><li>The functions include code for setting the net mask, host name, broadcast addresses, and gateways. </li></ul></ul><ul><ul><li>The functions perform operations required to configure an interface up or down. </li></ul></ul>
    34. 34. Host Configuration <ul><li>The /proc/sys/net Interface </li></ul><ul><ul><li>The /proc/sys/net directory contains an interface to many internal features of the IP stack on the host. </li></ul></ul><ul><ul><li>Typically, the files in this directory appear to be empty. </li></ul></ul><ul><ul><li>Reading the file will give the current value of the variable. </li></ul></ul><ul><ul><li>The administrator can edit these files, and set a value to tune many operational parameters of the IP stack. </li></ul></ul><ul><ul><li>For example, by default network interfaces will accept redirect messages from network routers. </li></ul></ul><ul><ul><li>This allows the router to optimize the network utilization by telling two hosts how to communicate with each other without involving the router. </li></ul></ul><ul><ul><li>Unfortunately, this also leaves the system open to hijack attacks. </li></ul></ul><ul><ul><li>The administrator can check to see if the system accepts ICMP REDIRECT packets by using the following. </li></ul></ul>
    35. 35. Host Configuration <ul><li>HPUX </li></ul><ul><ul><li>HPUX achieves something that most of the other UNIX variants come close to: it manages to contain all network configuration parameters within one script. </li></ul></ul><ul><ul><li>The /etc/rc.config.d/netconf script is the HPUX network configuration script. This script is invoked by init at system boot. </li></ul></ul><ul><li>NOTE: OSF/1 is another UNIX variant that employs a single network configuration script, named /etc/rc.config . </li></ul><ul><li>/etc/rc.config.d/netconf </li></ul><ul><ul><li>To configure, or change the configuration of, network interfaces on an HPUX system you must edit the /etc/rc.config.d/network file. </li></ul></ul><ul><ul><li>This file contains several variables that control the configuration of the network interface(s). </li></ul></ul><ul><ul><li>In the following example, the host has two interfaces. Note that any host names used in this script must be defined in /etc/hosts , as the DNS service will not be running when this script is executed. </li></ul></ul>
    36. 36. Host Configuration <ul><li>NET_CARDS=2 </li></ul><ul><li>HOSTNAME=bamboozled </li></ul><ul><li>INTERFACE_NAME[0]=lan0 # Ethernet link layer encapsulation </li></ul><ul><li>ROUTE_DESTINATION[0]=default # could also be net or host </li></ul><ul><li>ROUTE_MASK[0]= </li></ul><ul><li>ROUTE_GATEWAY[0]= </li></ul><ul><li>ROUTE_COUNT=1 </li></ul><ul><li>IP_ADDRESS[0]= </li></ul><ul><li>SUBNET_MASK[0]= </li></ul><ul><li>INTERFACE_NAME[1]=snap1 # 802.3 link layer encapsulation </li></ul><ul><li>ROUTE_GATEWAY[1]= </li></ul><ul><li>IP_ADDRESS[1]= </li></ul><ul><li>SUBNET_MASK[1]= </li></ul><ul><li>GATED=0 # set to 1 to enable gated </li></ul>
    37. 37. Host Configuration <ul><li>HPUX Network Utilities </li></ul><ul><ul><li>In addition to the rc.config.d/netconf file, HPUX provides a few utilities that provide information about the system’s network links. </li></ul></ul><ul><ul><li>/usr/sbin/lanscan : shows information about network interfaces. Note that ifconfig –a does not work, but you can use ifconfig with an interface name </li></ul></ul><ul><ul><li>/usr/sbin/lanadmin : The lanadmin utility is a menu-based tool that allows the administrator to modify and monitor the network interfaces on the system. </li></ul></ul><ul><li>NOTE: HPUX will not allow an Ethernet network interface to be configured unless it is connected to the Ethernet media, and a link test is successful. </li></ul><ul><li>AIX </li></ul><ul><ul><li>AIX uses a network configuration scheme that is more “Windows-like” than any of the other UNIX variants. Windows provides a GUI tool that allows the administrator to enter the information into a “database” called the registry. </li></ul></ul><ul><ul><li>AIX stores the basic network configuration information in a database located in /etc/objrepos . </li></ul></ul><ul><ul><li>This database cannot be readily edited by hand and must be accessed by the AIX-specific tools lsdev , chdev , and mkdev . </li></ul></ul><ul><ul><li>A simpler alternative to AIX network configuration management is to use AIX’s system management interface tool (SMIT), which acts as a front end to the database tools. </li></ul></ul>
    38. 38. Host Configuration <ul><li>IRIX </li></ul><ul><ul><li>IRIX stores its basic network configuration information in several files in /etc and /etc/config . These files can be edited by hand, or via the system manager GUI interface found in the Toolbox menu or by running /usr/sysadm/bin/sysmgr . The following are some of the more important files. </li></ul></ul><ul><ul><li>/etc/sys_id : Contains the system’s fully qualified domain name. This is used to locate the system’s IP address in /etc/hosts unless the value there is overridden by setting alternative values in /etc/config/netif.options . </li></ul></ul><ul><ul><li>/etc/config/ifconfig-1.options , /etc/config-2.options , and so on: These files are numbered for each network interface and contain any additional options needed when the corresponding interface is configured by ifconfig during system startup. For example, this file might include a custom net mask for a specific network interface. </li></ul></ul><ul><ul><li>/etc/config/netif.options : Contains values to override the name or IP address assigned to each network interface on system startup. This might be used to set unique host names for each network interface. </li></ul></ul><ul><ul><li>/etc/config/proclaim.options : Contains the settings for the proclaim daemon that will gather an IP address and other configuration data from a DHCP server. </li></ul></ul><ul><ul><li>/etc/config/static-route.options : Contains any default routes to be added at system startup. </li></ul></ul>
    39. 39. Host Configuration <ul><li>BSDI </li></ul><ul><ul><li>Like HPUX and Linux, the BSD kernel relies on variables set in a script file to configure the network interfaces. </li></ul></ul><ul><ul><li>The system ships with default values set in the file /etc/defaults/rc.conf . Under BSD kernels, the administrator needs to edit the file /etc/rc.conf to set values that will override the values in the default file. </li></ul></ul><ul><ul><li>If you need to set variables specific to a system, you can also create a file named /etc/rc.conf.local to contain host-specific settings. </li></ul></ul><ul><ul><li>In this example, the host has two network interfaces (xl0 and xl1). One network interface connects to the network, and the other connects to the network (with a subnet mask of </li></ul></ul><ul><ul><ul><li>network_interfaces=”xl0 xl1 lo0” </li></ul></ul></ul><ul><ul><ul><li>hostname=”poncho” </li></ul></ul></ul><ul><ul><ul><li>ifconfig_xl0=”” </li></ul></ul></ul><ul><ul><ul><li>ifconfig_xl1=”” </li></ul></ul></ul><ul><ul><ul><li>defaultrouter=”” </li></ul></ul></ul><ul><ul><ul><li>static_routes=”backbone private” </li></ul></ul></ul><ul><ul><ul><li>route_backbone=”-net” </li></ul></ul></ul><ul><ul><ul><li>route_private=”-net –netmask” </li></ul></ul></ul>
    40. 40. Host Configuration <ul><li>MacOS X </li></ul><ul><ul><li>While similar to BSD-style UNIX, MacOS X moves the host configuration information to a different file, /etc/hostconfig . </li></ul></ul><ul><ul><li>Under MacOS X, the other typical BSD network data files are found in their usual places in /etc . MacOS X also provides a GUI for managing the configuration information. </li></ul></ul><ul><ul><li>Note the Location pull-down menu at the top of the network control panel. </li></ul></ul><ul><ul><li>This allows several network configurations to be saved under different “locations,” and makes network reconfiguration on portable MacOS X systems easier. </li></ul></ul><ul><ul><li>The padlock icon at the bottom left-hand corner of the control panel allows the system administrator to lock the network settings such that helpful users cannot “fix” the settings for the administrator. </li></ul></ul><ul><li>Windows </li></ul><ul><ul><li>Under Windows operating systems, many of the network configuration values are contained in the registry, in lieu of text files. This makes changing the values a matter of using the GUI-based tools provided by the OS, or for the really brave, the use of the REGEDIT.EXE utility to edit the registry. </li></ul></ul><ul><ul><li>WARNING: Editing the registry is best left to Windows gurus. It is very easy to render the operating system non-bootable by making changes to the Windows registry. </li></ul></ul>
    41. 41. Host Configuration <ul><li>The LMHOSTS File </li></ul><ul><ul><li>The winntsystem32driversetclmhosts file is the Windows equivalent of the UNIX /etc/hosts file. But as with many things Windows related, the format of the file is a little bit different than its UNIX counterpart. The Windows lmhosts file allows options not recognized in the UNIX hosts file. The following are a few of these directives. </li></ul></ul><ul><ul><ul><li>#PRE : Preload this entry </li></ul></ul></ul><ul><ul><ul><li>#DOM <DOMAIN> : Windows domain controller for this host </li></ul></ul></ul><ul><ul><ul><li>#BEGIN_ALTERNATE : Used to group include statements </li></ul></ul></ul><ul><ul><ul><li>#END_ALTERNATE : Used to mark end of grouped include statements </li></ul></ul></ul><ul><ul><ul><li>#INCLUDE <filename> : Include the named file as part of the hosts file </li></ul></ul></ul><ul><ul><ul><li>#MH : Used to signify multi-homed hosts that have multiple IP addresses </li></ul></ul></ul><ul><ul><ul><li>#SG : Special group keyword maps Internet groups by NetBIOS name </li></ul></ul></ul><ul><ul><li>The entries in the Windows lmhosts file typically do not specify the fully qualified domain name of the computer, as shown in the following example. </li></ul></ul><ul><ul><ul><li> happy #PRE #DOM plc </li></ul></ul></ul><ul><ul><ul><li> sleepy </li></ul></ul></ul><ul><ul><ul><li> dopey </li></ul></ul></ul><ul><ul><ul><li> doc </li></ul></ul></ul>
    42. 42. Host Configuration <ul><li>Configuration Programs </li></ul><ul><ul><li>Windows provides a GUI-based Network Control panel that may be used to configure hosts network components. The Network Control panel allows the administrator to configure the interface manually or via the DHCP protocol. If manual configuration is selected, the administrator is presented with several menus of configuration options. </li></ul></ul><ul><ul><li>If manual configuration is selected, the administrator will need to provide the IP address, net mask value, the IP address of the gateway for this host, the name service to be used, and the name server address. Other options allow the administrator to set a security policy, and enable network filtering based on the policies set by the administrator. </li></ul></ul><ul><li>ipconfig </li></ul><ul><ul><li>The ipconfig program displays the current settings used by the network adapter. When invoked with the /all flag, this command will show more verbose information about the network settings. Information available includes IP addresses, host names, packet counts, subnet masks, gateways, and domain name. </li></ul></ul>
    43. 43. Host Configuration <ul><li>Using DHCP to Assign IP Addresses </li></ul><ul><ul><li>A tool that simplifies IP configuration is the Dynamic Host Configuration Protocol (DHCP). DHCP automatically assigns an IP address to a host at boot time. Hosts that use the DHCP protocol to obtain their network configuration information are typically referred to as DHCP clients. Hosts that supply DHCP configuration information to other hosts are referred to as DHCP servers. </li></ul></ul><ul><li>DHCP Client Configuration </li></ul><ul><ul><li>In most cases, the simplest method of configuring a host as a DHCP client is to do so when the operating system installation process is invoked. Most installers contain a section that asks how the system will receive its network configuration information. Simply selecting the DHCP option configures the host to obtain its information from a DHCP server. Because systems tend to have many uses over their lifetime, it is often handy to know which files to edit to change the host’s idea of where it will get its network information. The following sections briefly describe the files/commands required to configure a host as a DHCP client. </li></ul></ul>
    44. 44. Host Configuration <ul><li>Solaris </li></ul><ul><ul><li>Configuring a Solaris host to be a DHCP client is relatively simple. The interface needs to be configured under the control of the dhcpagent program. The dhcpagent program is the utility that manages the network interfaces that use DHCP. From the command line, you can enter the following command. </li></ul></ul><ul><ul><li>ifconfig interface dhcp </li></ul></ul><ul><ul><li>Here, interface is hme0 , le0 , eri0 , or one of the other Solaris-supported network interfaces. This command will place the interface under the control of the dhcpagent program. To make the system use DHCP when it boots, you need to modify/create a couple of files, as follows. </li></ul></ul><ul><ul><li>/etc/dhcp.interface : Existence of this file causes the system to configure that interface for DHCP at boot time. </li></ul></ul><ul><ul><li>/etc/hostname.interface : Can still exist, but can be empty if you plan to use DHCP. If the file contains a host name, the system will come up using the static IP address referred to by the name in /etc/hostname.interface , and then the DHCP service reconfigure the interface using a DHCP address later in the boot process. </li></ul></ul><ul><ul><li>If you want to check the status of the dhcp client software under Solaris, use the dhcpinfo command. Additionally, you can examine the content of the /etc/dhcp/interface.dhc file to view the settings for a specific interface. </li></ul></ul>
    45. 45. Host Configuration <ul><li>Linux </li></ul><ul><ul><li>You can make a Linux system use DHCP to obtain network information by editing the /etc/sysconfig/network-scripts/ifcfg-interface file, where the name of the interface is substituted for the word interface . Placing the following directive in the ifcfg-interface file will cause the system to use DHCP to configure the interface at boot. </li></ul></ul><ul><ul><li>BOOTPROTO=dhcp </li></ul></ul><ul><li>AIX </li></ul><ul><ul><li>Configuring AIX to use DHCP is best done via SMIT. AIX provides very complete control over the DHCP client and the configuration information it is to receive from the DHCP server </li></ul></ul><ul><li>IRIX </li></ul><ul><ul><li>IRIX uses a daemon called proclaim to communicate with the DHCP server to obtain an IP address and other information. proclaim is started during system startup if the Primary on or Interface on option is present in the /etc/config/proclaim.options file. </li></ul></ul>
    46. 46. Host Configuration <ul><li>HPUX </li></ul><ul><ul><li>To make a HPUX system use DHCP, you need to edit the /etc/rc.config.d/netconf file. For each interface that will use DHCP, you need to set the DHCP_ENABLE[N] variable to 1, as shown in the following for interface 0 (zero). </li></ul></ul><ul><ul><li>DHCP_ENABLE[0]=1 </li></ul></ul><ul><ul><li>Note that if there is no DHCP_ENABLE variable for an interface, the kernel defaults the setting to 1. When DHCP is enabled, the host will receive its IP address, gateway address, net mask, and other network configuration information from the DHCP server. Under HPUX, the /sbin/auto_params script calls the dhcpdb2conf utility to modify the netconf file with the values provided by the dhcp server. Note that you can also use the SAM utility to configure the system to use DHCP. To monitor the operation of the DHCP client software under HPUX, use the /usr/sbin/dhcptools utility provided with the system software. </li></ul></ul>
    47. 47. Host Configuration <ul><li>BSDI </li></ul><ul><ul><li>To make a BSDI kernel use DHCP, you need to define a few values, and set a variable for each interface. This is done by editing the /etc/defaults/rc.conf file and adding the following two directives. </li></ul></ul><ul><ul><li>dhcp_program=”/sbin/dhclient” </li></ul></ul><ul><ul><li>dhcp_flags=”” </li></ul></ul><ul><ul><li>Once these values are set, you need to edit the /etc/rc.conf file and add a line to cause each desired interface to use DHCP. This is illustrated for the xl0 interface in the following example. </li></ul></ul><ul><ul><li>ifconfig_xl0=”DHCP” </li></ul></ul><ul><ul><li>With these changes in place, the system will start the DHCP dhclient program at boot, and the xl0 interface will receive all network configuration information from the DHCP server. The dhclient.conf file allows you to customize the dhclient program’s operation, but such customizations are usually not required. Lease information is stored in the /etc/dhclient.leases file. </li></ul></ul>
    48. 48. Host Configuration <ul><li>MacOS X </li></ul><ul><ul><li>Configuring MacOS X for DHCP is a simple matter of selecting DHCP from the list of choices in the Network Control panel. </li></ul></ul><ul><li>Windows </li></ul><ul><ul><li>Setting a Windows system to be a DHCP client is accomplished via the “Network Control panel” GUI. Select the appropriate network connection, right-click on it, and then select the Internet Protocol (TCP/IP) entry. Click on the Properties button, and then click on the Obtain an IP address automatically button. </li></ul></ul><ul><li>DHCP Server Configuration </li></ul><ul><ul><li>Configuring a system to be a DHCP server is more involved than making the system operate as a DHCP client. The server needs to be configured to know what addresses are available, which hosts may check them out, how long an IP address may be leased, and several other parameters. The following sections describe how to configure the DHCP server process under several operating system variants. </li></ul></ul>
    49. 49. Host Configuration <ul><li>Solaris </li></ul><ul><ul><li>To configure the DHCP Server service under Solaris, the administrator should use the dhcpconfig command. The dhcpconfig command is a front end to the dhtadm and pntadm utilities that build and maintain DHCP configuration tables. The dhcpconfig command allows the administrator to configure DHCP and Boot Relay services (required for remote DHCP), or to unconfigure the DHCP service. </li></ul></ul><ul><ul><li>The dhcpconfig command will guide the user through several questions, collecting the information necessary to set up DHCP on the server. Once the information is collected by dhcpconfig , it will invoke the dhtadm and pntadm commands to create the DHCP database files, and start the DHCP service. </li></ul></ul><ul><ul><li>If this DHCP server were required to provide DHCP service for remote networks, the administrator would have to set up/configure the BOOTP Relay service. The DHCP registration requests are sent as broadcast packets. By default, routers will not forward broadcast packets to other networks. For the DHCP registration request packets to get to the server, a relay service has to forward them through the router. </li></ul></ul>
    50. 50. Host Configuration <ul><li>Linux, BSDI, and MacOS X </li></ul><ul><ul><li>Most Linux distributions come with the ISC version of DHCP. The BSDI and MacOS operating systems also use the ISC DHCP server. The following discussion covers the ISC DHCP server, not the RedHat pump server. </li></ul></ul><ul><ul><li>Once the DHCP package has been downloaded, built, and installed, the task of configuring the server begins. For DHCP to work, the system must be configured to provide multicast services, and there must be a route for “host” You can check the output of the ifconfig command to determine if the system supports multicast. By default, most Linux/BSDI kernels support multicast operation. To provide a route for the host, enter the following command (assuming your network device is eth0 ). </li></ul></ul><ul><ul><li>route add -host dev eth0 </li></ul></ul><ul><ul><li>If you get the message “ Unknown host,” add the following entry to the /etc/hosts file. </li></ul></ul><ul><ul><li> all-ones </li></ul></ul>
    51. 51. Host Configuration <ul><li>If you need to assign specific IP addresses to hosts, you can add multiple fixed address directives to the file. The format of these directives is shown in the following example. The sample code will assign the IP address to any host that advertises that its MAC address is 08:00:20:C0:FF:EE. </li></ul><ul><ul><li>host zircon { </li></ul></ul><ul><ul><li>hardware ethernet 08:00:20:C0:FF:EE; </li></ul></ul><ul><ul><li>fixed-address; </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><li>When the snmpd.conf file is ready, create a zero-length file named /var/state/dhcp/dhcpd.leases . Once this file exists, start the DHCP server with the command /usr/sbin/dhcpd interface . If you leave off the interface directive, the server will start on the eth0 interface. Remember to add the dhcpd server to the appropriate startup file, to ensure that the service starts at system boot. </li></ul>
    52. 52. Host Configuration <ul><li>HPUX </li></ul><ul><li>The HPUX DHCP server is named bootpd . The first step required to set up a DHCP server under HPUX is to define the range of addresses the server will manage. This is accomplished using the dhcptools program, as follows. </li></ul><ul><li>dhcptools -h fip= no=30 sm= hn=hpdhcpserver## </li></ul><ul><li>This command defines the range of addresses to be used by defining the starting address ( fip= ), the number of contiguous addresses ( no=30 ), the subnet mask, and the host name of the dhcp server ( hpdhcpserver ). </li></ul><ul><li>The command will create a file /tmp/dhcphosts , which can be incorporated into the /etc/hosts file. </li></ul>
    53. 53. Host Configuration <ul><li>Windows </li></ul><ul><ul><li>Windows server products offer a DHCP server package. </li></ul></ul><ul><ul><li>The DHCP Service package is not installed by default, and can only be installed on Windows Server-based operating systems. </li></ul></ul><ul><ul><li>The DHCP snap-in provides a GUI tool for configuration and management of the DHCP service. </li></ul></ul>
    54. 54. Host Configuration <ul><li>Network Monitoring and Troubleshooting </li></ul><ul><ul><li>As with most computer operations, networks are bound to have problems. Troubleshooting networks can be a tedious process. </li></ul></ul><ul><ul><li>One method of troubleshooting is to use monitoring tools that determine how the network is being used. In some cases, it may not be possible to monitor a network because physical connections may be damaged or gateways may be down. </li></ul></ul><ul><ul><li>Another method of monitoring the network is to watch the console error messages generated by the machines connected to the network. </li></ul></ul><ul><li>Console Error Messages </li></ul><ul><ul><li>The error messages sent to the system console provide you with a lot of information about the health of the system and the network. </li></ul></ul><ul><ul><li>Unfortunately, many administrators do not pay attention to console messages (or worse yet, close the console window, or leave the console window iconized). </li></ul></ul><ul><ul><li>Fortunately, UNIX provides the administrator with a simple facility for capturing all console messages in a single location. </li></ul></ul><ul><ul><li>The UNIX kernel uses the syslog facility to log messages to the system console. However, syslog also allows these messages to be sent to remote hosts. </li></ul></ul>
    55. 55. Host Configuration <ul><li>/etc/syslog.conf File </li></ul><ul><ul><li>The /etc/syslog.conf file controls the action of the syslog facility. The UNIX kernel defines several levels of message severity. </li></ul></ul><ul><ul><li>Entries in the syslog.conf file configure the syslog facility to handle these different message categories. </li></ul></ul><ul><ul><li>For example, a simple informational message may be ignored, whereas a system hardware error may be reported to the console with much fanfare. </li></ul></ul>
    56. 56. Host Configuration <ul><li>Logging Messages to a Remote Host </li></ul><ul><ul><li>In addition to controlling the local disposition of messages, the /etc/syslog.conf file also allows the administrator to send error messages to a central log host on the network. </li></ul></ul><ul><ul><li>This procedure enables you to monitor one log file that contains messages from all machines on the network. It also makes life difficult for an intruder trying to cover his footsteps. </li></ul></ul><ul><ul><li>To enable remote syslog capabilities, you should add a line similar to the following to the /etc/syslog.conf file. </li></ul></ul><ul><li>*.alert;*.crit;*.err;*.warning;kern.notice;auth.notice </li></ul><ul><ul><li>Once the previous directive has been added to the /etc/sys­log.conf file, you can restart the syslogd process on the client machine by sending a kill -HUP signal to the process ID of the syslogd process. </li></ul></ul><ul><ul><li>The kill -HUP signal will cause the syslog process to reread the configuration file, and restart with the new parameters. </li></ul></ul><ul><ul><li>Once you have set up all hosts on the network to log errors to a single location, monitoring the error log is as simple as using the tail -f / var/adm/messages command on the log host. </li></ul></ul>
    57. 57. Host Configuration <ul><li>Network Monitoring </li></ul><ul><li>Although kernel syslog messages may provide some information about the health of the network, it is some­times necessary to more closely examine the network. </li></ul><ul><li>Simple Network Management Protocol (SNMP) </li></ul><ul><li>A more sophisticated method of monitoring networks is to use a network management tool based on the simple network management protocol (SNMP). </li></ul><ul><li>The SNMP package allows a network administration host to constantly monitor the network. Information available to the SNMP software includes network utilization, host error counts, host packet counts, and routing information. SNMP allows you to determine normal usage of the net­work and implement alarms to warn of impending problems. </li></ul><ul><li>SNMP operates in a client/server mode. One machine on the network is designated as the SNMP network monitor station. It is configured to poll hosts on the local network in order to collect data into a central repository. The data may be made available to other packages in order to implement alarms, generate graphs of network utilization, and other off-line processing. </li></ul><ul><li>The other hosts on the network are configured as SNMP clients. These hosts run a process that watches for polling requests from the network management station. When such a request is received, the SNMP agent code collects the data from the workstation’s kernel and forwards it to the management station. </li></ul>
    58. 58. Host Configuration <ul><li>Configuring SNMP </li></ul><ul><ul><li>Under most operating systems, the default SNMP configuration is horribly insecure. For this reason, many sites disable the SNMP client code on their systems. If you must run SNMP, there are several things you should do in an attempt to protect the security of your systems. </li></ul></ul><ul><ul><li>Change the public and private community strings. By default, the public string is public . Private community strings vary by vendor, but are usually easy to find. Access to the private string gives an intruder the capability to reconfigure your hosts/network equipment. Change these strings and protect them as you would the root password. The SNMP community strings are just as dangerous as a compromised root password! </li></ul></ul><ul><ul><li>Block TCP and UDP ports 161, 162, and 1993 at your border routers. There should be no reason for someone outside your organization to access your site using SNMP. </li></ul></ul><ul><ul><li>Keep current with patches. Watch for SNMP security advisories, and make sure your hosts are patched. </li></ul></ul><ul><ul><li>If you generate OpenView or MRTG information for your network, do not allow it to be viewed without proper authentication. The data available from OpenView and/or MRTG packages often gives intruders important information about your network. </li></ul></ul><ul><ul><li>With these rules in mind, the following sections briefly discuss how to configure the SNMP client on various operating systems. </li></ul></ul>
    59. 59. Host Configuration <ul><li>SNMP Under Solaris </li></ul><ul><ul><li>Under Solaris, the following four files are responsible for the configuration and startup of the SNMP package. </li></ul></ul><ul><ul><li>    /etc/rc2.d/S76snmpdx : Startup script for the snmp daemon. </li></ul></ul><ul><ul><li>    /etc/rc2.d/S77dmi : Startup script for the DMI processes that are part of the snmp package. </li></ul></ul><ul><ul><li>    /etc/snmp/conf/snmpdx.acl : File containing a list of IP addresses allowed to contact the SNMP daemon on this system. The default file contains comments that explain how to add the IP addresses, and community strings for each host allowed to contact the local SNMP daemon. </li></ul></ul><ul><ul><li>    /etc/snmp/conf/snmpd.conf : Text configuration file for snmpd . </li></ul></ul><ul><ul><li>The administrator needs to edit the configuration file and set the read and write community strings to something unique to the local site, as shown in the following example. </li></ul></ul>
    60. 60. Host Configuration <ul><li>SNMP Under Linux </li></ul><ul><ul><li>By default, most Linux installers no longer install the SNMP package. </li></ul></ul><ul><ul><li>To use SNMP, you must install the SNMP utilities from the distribution medium, or from a downloaded RPM. </li></ul></ul><ul><ul><li>If you do run SNMP, you need to edit the /etc/snmp.conf file to set the runtime parameters for the SNMP utilities. </li></ul></ul><ul><li>SNMP Under HPUX </li></ul><ul><ul><li>Under HPUX, the following two files are responsible for the configuration and startup of the SNMP package. </li></ul></ul><ul><ul><li>/usr/sbin/snmpd : Startup script for the snmp daemon </li></ul></ul><ul><ul><li>/etc/SnmpAgent.d/snmpd.conf : Text configuration file for snmpd </li></ul></ul><ul><ul><li>The snmpd.conf file allows the administrator to define several variables that control the actions of the SNMP daemon. </li></ul></ul>
    61. 61. Host Configuration <ul><li>SNMP Under Windows </li></ul><ul><ul><li>Under Windows, the SNMP package is not installed by default. </li></ul></ul><ul><ul><li>To use the SNMP package under Windows the administrator must load the package from the distribution medium. </li></ul></ul><ul><ul><li>This may be accomplished using the Add/Remove Programs control panel. </li></ul></ul><ul><ul><li>Click on the Add/Remove Windows Components button, select the Management and Monitoring Tools option, and click on the Details button. </li></ul></ul><ul><ul><li>Next, select Simple Network Management Protocol, and click on OK. </li></ul></ul><ul><ul><li>Once the SNMP protocol has been installed, select Control Panel | Administrative Tools | Services GUI to select the SNMP agent. </li></ul></ul><ul><ul><li>This will cause a pop-up window to appear. The pop-up window contains entries for the configuration and management of the SNMP process </li></ul></ul>
    62. 62. Host Configuration <ul><li>Remote MONitor (RMON) </li></ul><ul><li>Extensions to the SNMP software packages have recently permitted more advanced monitoring of net­work usage. The Remote MONitor (RMON) package allows the administrator to monitor which applications are utilizing the network and which users are running these applications, giving you the ability to perform bandwidth utilization scheduling for the corporate net­work. RMON also provides you with the capability of monitoring disk space usage, processor utilization, memory usage, and other system monitoring functions. </li></ul><ul><li>Solstice Domain Manager </li></ul><ul><li>Tools such as Sun Microsystem’s Solstice Domain Manager package use the data collected by the SNMP soft­ware to perform higher-level network monitoring. These packages typically include utilities that have the capacity to “discover” systems connected to a network. The discovered systems are then used to construct an interactive schematic of the network. Alarms (thresholds) on numerous network “health” statistics can be set. If a system on the network fails, an alarm for that condition would be tripped, alerting the network manager of the failure by flashing the icon of the failed system on the schematic. </li></ul><ul><li>Sun’s Solstice Domain Manager, shown in figure 16-10, is not bundled with Solaris. It is a separate product marketed by SunConnect, a division of Sun Microsystems. </li></ul>
    63. 63. Host Configuration <ul><li>HP OpenView </li></ul><ul><ul><li>Hewlett-Packard’s OpenView product provides capabilities similar to Domain Manager, and is available for a wide range of platforms, including UNIX and Windows. </li></ul></ul><ul><ul><li>OpenView employs SNMP to gather information about the network. A set of utilities included with OpenView also allows the operator to map the network, and to configure automated polling and trap handling using SNMP. </li></ul></ul><ul><li>Multi-Router Traffic Grapher (MRTG) </li></ul><ul><ul><li>The Multi-Router Traffic Grapher (MRTG) package is another tool that employs SNMP to collect data about the network. MRTG is configured to contact routers and collect performance/throughput statistics from each interface. </li></ul></ul><ul><ul><li>This information is then parsed, and stored in a condensed MRTG format. The MRTG data is used to create graphs of input and output traffic for each network interface. </li></ul></ul><ul><ul><li>MRTG allows for short-interval (typically 15 minutes) daily graphing, and monthly graphs of network activity. </li></ul></ul><ul><ul><li>MRTG also allows the operator to graph other interesting network events, such as the number of incoming/outgoing messages processed by a mail server, or the number of web site visits seen by a web server. </li></ul></ul>
    64. 64. Host Configuration <ul><li>Network Troubleshooting </li></ul><ul><ul><li>Tracking down network problems is similar to detective work. In time, administrators develop an instinct for where to seek clues. The following discussion is by no means an exhaustive troubleshooting scenario. It will, however, provide some basic tools and techniques that all seasoned network managers use. </li></ul></ul><ul><li>Network Sniffers </li></ul><ul><ul><li>Network sniffers are software tools that are often used by hackers to surreptitiously collect sensitive information from a network. But system administrators may also use a sniffer as a network-troubleshooting tool. These tools may allow the sysadmin to determine why a network connection is failing, or what application is consuming all of the network bandwidth. </li></ul></ul><ul><li>Vendor-supplied Network Sniffers </li></ul><ul><ul><li>Most operating systems ship with some form of network sniffer utility. Under Solaris there is the snoop utility. Under Windows you will find Network Monitor. HPUX ships with the nettl program. Each of these tools is specific to a single operating system, which makes them somewhat cumbersome, as the sysadmin needs to learn several utilities in order to perform one function. In addition to their “proprietary” sniffer applications, most of the UNIX operating systems discussed now ship with a third-party sniffer called tcpdump . However, because Solaris and HPUX do not include this application, let’s examine the snoop (Solaris) and nettl (HPUX) packet sniffers. </li></ul></ul>
    65. 65. Host Configuration <ul><li>snoop </li></ul><ul><ul><li>Solaris ships with Sun’s version of a network sniffer utility, snoop . The output from snoop is generally voluminous and somewhat cryptic. However, it is a good command to use when trying to determine whether two hosts on a network are communicating, or to identify the type of network traffic being generated. Some of the more common uses of snoop follow. </li></ul></ul><ul><ul><ul><li>Monitoring traffic between two hosts. For example, snoop can be very useful when troubleshooting two systems that cannot communicate. For example, a diskless client might issue tftpboot requests that are never answered. You could use snoop to capture packets from the diskless client to determine if the client is issuing “proper” requests. Next, you could monitor the boot server network traffic to determine if the server is replying to the boot requests, as follows. </li></ul></ul></ul><ul><ul><li>snoop -d hme0 between client_name server_name </li></ul></ul><ul><ul><ul><li>Monitoring traffic using a particular protocol. For example, a host on the network may not be able to resolve IP-to-MAC addresses. This typically means that the address resolution protocol (ARP) process is failing. You could use the snoop command to watch the network for ARP requests and the ensuing replies from the name server, as follows. </li></ul></ul></ul><ul><ul><li>snoop -d hme0 arp </li></ul></ul>
    66. 66. Host Configuration <ul><li>nettl </li></ul><ul><ul><li>HPUX ships with a network sniffer utility called nettl . Many consider this one of the most annoying and useless packet sniffers available. The nettl application is actually very functional, but configuring and learning the user interface of nettl are very cumbersome. The nettl utility is included in the HPUX Network Tracing and Logging package. </li></ul></ul><ul><ul><li>Once the nettl utility is installed, it is started (by default) at boot time. To disable this boot-time startup, you should edit the /etc/rc.config.d/nettl file and change the value of the variable NETTL to 0. The nettl utility reads its configuration from the file /etc/nettlgen.conf . The nettlgen.conf file specifies the default settings for the nettl (packet capture) and netfmt (packet display) tools. </li></ul></ul><ul><ul><li>Starting the nettl utility seems somewhat cumbersome. The example that follows shows how to start nettl to capture the first 1024 bytes of all input and output packets on the loop-back and Ethernet interfaces. This command captures only IP packets, due to the ns_ls_ip directive. This example would capture 99999 packets to the file /tmp/raw0 . </li></ul></ul>
    67. 67. Host Configuration <ul><li>Public Domain Sniffers </li></ul><ul><ul><li>Although most vendors ship a network sniffer with their operating system, these tools are often geared toward capturing packets that are known to follow the rules set out for the TCP/IP protocol stack. </li></ul></ul><ul><ul><li>These vendor-supplied utilities often do not give the user the capability of capturing packets based on very specific criteria. </li></ul></ul><ul><ul><li>The vendor-supplied tools also present a variety of user interfaces that often disagree on how the menus and data should be presented to the user. </li></ul></ul><ul><ul><li>Luckily, there are several good public domain sniffer packages available on the net. </li></ul></ul>
    68. 68. Host Configuration <ul><li>Ethereal </li></ul><ul><ul><li>Ethereal, shown in figure 16-14, is a user-friendly UNIX-based program that also runs on Windows. It comes in both a read-only (protocol analyzer) version as well as a capture (sniffing) version. </li></ul></ul><ul><ul><li>The read-only version is useful for decoding existing packet captures, as it avoids the hassle of installing a packet capture driver on the system. </li></ul></ul><ul><ul><li>Data can be captured from a live network connection, or read from a capture file. </li></ul></ul><ul><ul><li>Ethereal can read capture files from an impressive array of other sniffers, and can “uncompress” compressed data from other sniffers on the fly. </li></ul></ul><ul><ul><li>Live data can be read from Ethernet, FDDI, PPP, token-ring, X.25, or Classical IP over ATM interfaces. </li></ul></ul><ul><ul><li>Captured network data can be browsed via a GUI, or via the TTY-mode tethereal program. </li></ul></ul><ul><ul><li>Capture files can be programmatically edited or converted via command-line switches to the editcap program. </li></ul></ul><ul><ul><li>Output can be saved to disk or printed. </li></ul></ul><ul><ul><li>Data display can be refined using a display filter. </li></ul></ul><ul><ul><li>Display filters can also be used to selectively highlight and color packet summary information. </li></ul></ul>
    69. 69. Host Configuration <ul><li>tcpdump </li></ul><ul><ul><li>The tcpdump utility is a general-purpose packet sniffer that runs on many operating systems. The tcpdump utility was originally developed by Van Jacobson, Craig Leres, and Steven McCanne, all of the Lawrence Berkeley National Laboratory, University of California, Berkeley. It is currently maintained as a public domain package, and is available at </li></ul></ul><ul><ul><li>Although its user interface is not nearly as friendly as the Ethereal interface, tcpdump is one of the more popular network sniffers available. This tcpdump utility is also available for Windows, but the Windows version is called windump . The windump/tcpdump utility allows you to create filters to capture any type of packet you might imagine. The filter language used by tcpdump is easy to learn, and is often used in laboratory exercises to teach TCP/IP networking. </li></ul></ul><ul><ul><li>tcpdump does not attempt to make the output easy to read. The output is very concise, and once you get used to it, very easy to read and decipher. For example, to capture one ICMP packet, with the Ethernet frame information included and in hexadecimal output format, you could use the following. </li></ul></ul>
    70. 70. Host Configuration <ul><li>netstat </li></ul><ul><ul><li>The netstat program is available under most operating systems. </li></ul></ul><ul><ul><li>netstat has a different set of command line flags under each OS, so it is usually best to consult the OS documentation for the capabilities of netstat on your system. </li></ul></ul><ul><ul><li>In general, netstat can display packet counts, and configuration information for your system. Some of the typical uses of netstat include display of input/output packet counts per interface, display of TCP/UDP sockets in use on a host, display of the ARP table for a host, and display of the routing tables for a host. </li></ul></ul>
    71. 71. Host Configuration <ul><li>ping </li></ul><ul><ul><li>If a host cannot be contacted on a network, the first question to answer is whether the problem is specific to the host or the network. A very useful command for making this determination is ping . The command name stands for “packet Internet groper,” and is used to test reachability of hosts by sending an ICMP echo request and waiting for a reply. The command name is often used as a verb, such as in “Ping pop to see if it’s up.” </li></ul></ul><ul><ul><li>In the example, the blues machine sent 10 packets (1,024 bytes of data, and an 8-byte ICMP header) to the machine. The pop machine answered eight of those 10 ping packets, as shown by missing packets with sequence numbers of 1 and 7. The network appears to be fairly fast, in that other than the very first packet the average round-trip time for the packets is short. </li></ul></ul><ul><ul><li>By logging on to several hosts on a network and “pinging” other hosts, you can quickly determine whether the problem is network or host related. </li></ul></ul>
    72. 72. Host Configuration <ul><li>Rebooting the noncommunicating hosts will frequently solve the problem. </li></ul><ul><li>If rebooting does not work, examining the files and physical components previously listed would be the next step. In the absence of network diagnostic equipment, replacing components may be the only way to track down the failure. If, on the other hand, no hosts reply to pings, the problem is specific to the network. Some of the more common network faults follow. </li></ul><ul><ul><li>Missing or damaged terminators </li></ul></ul><ul><ul><li>Broken or damaged cable (may not be visible) </li></ul></ul><ul><ul><li>Faulty connectors </li></ul></ul><ul><ul><li>Damaged transceiver (may be jamming the network) </li></ul></ul><ul><li>Once again, in the absence of network diagnostic equipment, replacing components may be the only way to precisely identify the cause of failure. If a host on one subnet is unable to contact a host located on a different subnet, and there is no difficulty pinging hosts on the local subnet, the problem could be one of the following items. </li></ul><ul><ul><li>Malfunction of the router connected to the subnet </li></ul></ul><ul><ul><li>Malfunction of the network on the other side of the router </li></ul></ul><ul><ul><li>Malfunction of a distant router not directly connected to the subnet </li></ul></ul><ul><ul><li>Malfunction of the remote host </li></ul></ul><ul><ul><li>Failure of a component or connection between the local host and remote hosts </li></ul></ul><ul><li>To locate the problem, use the techniques discussed earlier in this section for each subnet in question. With sub­netted networks, ping is often all that is required to locate (or at least narrow down) the source of a network failure. </li></ul>
    73. 73. Host Configuration <ul><li>traceroute </li></ul><ul><ul><li>The traceroute utility does exactly what its name implies: it traces the route from point A to point B. This utility can be very useful when trying to determine why two hosts cannot communicate. For example, to trace the route from a specific local host to a distant host, the administrator could invoke the following command. </li></ul></ul><ul><ul><li>traceroute fully_qualified_hostname </li></ul></ul><ul><ul><li>The traceroute command prints an informational message about each “hop” along the route from the local host to the remote host. Routing loops and inoperative hosts are very easy to spot in the traceroute output. Note that under Windows this utility is called tracert.exe . </li></ul></ul>
    74. 74. Host Configuration <ul><li>Host Configuration </li></ul><ul><li>Unfortunately, connecting a computer to the network is not the end of the network configuration and management task. </li></ul><ul><li>Once the system is on the network, the sysadmin needs to be vigilant to ensure that the system is secure. </li></ul>
    75. 75. Summary <ul><li>This chapter examined configuration files and utilities involved in the management of computer networking. </li></ul><ul><li>Topics discussed include some simple network configuration commands, as well as coverage of several of the network configuration files. </li></ul><ul><li>Examples of these configuration files were presented to illustrate the information required to configure a system for network operation. </li></ul><ul><li>Finally, the chapter explored ways to monitor and troubleshoot local area networks. </li></ul>