12. Networking

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the following configuration files holds the name of the host? .rhosts /etc/hostname /etc/networks /etc/hosts

/etc/hostname The /etc/hostname file holds the variables that define the host and domain names. On some new distributions, particularly Red Hat derivative distributions, you will find this information in /etc/sysconfig/network. The /etc/hosts file is used on small networks in place of DNS to list the hosts on the network and their IP addresses. The /etc/networks file lists known networks the hosts can communicate with, while the .rhosts file lists hosts allowed to remotely connect to this host.

What is the full path and filename of the file you should edit to determine the order in which name resolution is completed?

/etc/nsswitch.conf Use the /etc/nsswitch.conf file to specify the order in which name resolution is completed between a host file and the DNS server.

Which of the following files contain information that enables a Linux system to resolve IP addresses to FQDN/host names? (Choose ALL that apply.) /etc/resolv.conf /etc/hosts /etc/sysconfig/network-scripts/ifup /etc/services

/etc/resolv.conf /etc/hosts The /etc/hosts file is correct because it contains the IP-address-to-hostname mapping and is stored on the local computer. The /etc/resolv.conf file is also correct because it contains a list of IP addresses of DNS servers to query. The /etc/sysconfig/network-scripts/ifup script is not correct because it is used to bring an interface up and does not contain any information relative to DNS. The /etc/services file is not correct because it contains a list of service names and port numbers and does not contain any information relative to the resolution of FQDN/host names.

Which port number is used by the IMAP protocol? 25 21 143 110

143 IMAP uses port 143. FTP uses port 21, SMTP uses port 25, and POP uses port 110.

Which of the following are not valid IP addresses? (Select THREE). 116.0.0.116 145.8.260.7 45.22.156.256 132.64.32.8 257.0.122.55 1.55.254.3

145.8.260.7 45.22.156.256 257.0.122.55 IP addresses have a value between 0 and 255 within each octet. In this list, 45.22.156.256, 145.8.260.7, and 257.0.122.55 are not valid IP addresses.

Which port number does SNMP use? 25 110 119 143 161

161 The Simple Network Management Protocol (SNMP) uses port 161. The other listed ports are used as follows: SMTP uses port 25. POP3 uses port 110. NNTP uses port 119. IMAP4 uses port 143.

Which of the following are valid IPv6 addresses? Select all that apply. 6384:1319:7700:7631:446A:5511:8940 552 165.15.78.53.100.1 A82:5B67:7700:AH0A:446A:779F:FFE3:0091 343F:1EEE:ACDD:2034:1FF3:5012 141:0:0:0:15:0:0:1

6384:1319:7700:7631:446A:5511:8940:2552 141:0:0:0:15:0:0:1 An IPv6 IP address is a 128-bit address listed as eight 16-bit hexadecimal sections. Leading zeros can be omitted in each section. Therefore, 6384:1319:7700:7631:446A:5511:8940:2552 and 141:0:0:0:15:0:0:1 are both valid IPv6 IP addresses. A single set of all-zero sections can be abbreviated with two colons (::). Therefore, 141::15:0:0:1 is a valid way of writing that address. Digits in a hexadecimal system range from 0-9 and A-F. H is not a valid hexadecimal number. 343F:1EEE:ACDD:2034:1FF3:5012 is too short, having only six sections instead of eight. 165.15.78.53.100.1 is too short, and the sections are separated by periods instead of colons.

Follow these guidelines when configuring a bonding:

> Configure the LAG on both sides of the link. > Set the interfaces on both sides of the link to the same speed. > Configure and apply firewall filters on a LAG (optional). > Use IP addresses in the load balancing algorithm for better performance when all communication is between two devices, such as a router and a firewall.

Subnet mask

A 32-bit number that is associated with each IPv4 address and identifies the network portion of the address.

12.2.7 Network Interface Bonding Facts

A Bonding Bandwidth On Demand Interoperability Group, referred to as bonding or aggregation, combines multiple network interfaces into a single bonding interface. A bonding interface allows you to increase throughput by increasing bandwidth and traffic load sharing. It provides high availability through redundant network connections, link integrity monitoring, and failover. This lesson covers the following topics: Aggregation overview Installation Bonding configuration Slave configuration

host

Finds the IP address for a domain name. e.g. host fs5.corpnet.com displays the IP address for fs5.corpnet.com.

Global unicast

Global unicast addresses are addresses that are assigned to individual interfaces that are globally unique (unique throughout the entire Internet). Global unicast addresses are any addresses that are not link-local, unique local, or multicast addresses. Originally, ISPs assigned global unicast addresses with a 2000::/3 prefix (this includes any address beginning with a 2 or a 3). However, this was later amended so that all IPv6 addresses that haven't been specifically reserved for other purposes are defined as global unicast addresses. The global routing prefix assigned to an organization by an ISP is typically 48 bits long (/48). However, it could be as short as /32 or as long as /56, depending upon the ISP. Using this addressing scheme allows organizations to define a large number (216) of IPv6 subnets.

HyperText Transfer Protocol (HTTP)

HTTP is used by web browsers and web servers to exchange files (such as web pages) through the World Wide Web and intranets. HTTP can be described as an information requesting and responding protocol. It is typically used to request and send web documents, but is also used as the protocol for communication between agents using different IP protocols.

HTTP over SSL (HTTPS)

HTTPS is a secure form of HTTP that uses SSL to encrypt data before it is transmitted.

Which of the following describes link-local IPv6 addresses? (Select THREE). Link-local IPv6 addresses are routable. Link-local IPv6 addresses must be assigned to any network interface on a Linux system. Link-local IPv6 addresses are not routable. Link-local IPv6 addresses are only needed on interfaces connected to small networks. Link-local IPv6 addresses cannot be used on subnets that have no routers. Link-local IPv6 addresses begin with FE8, FE9, FEA, or FEB.

Link-local IPv6 addresses must be assigned to any network interface on a Linux system. Link-local IPv6 addresses are not routable. Link-local IPv6 addresses begin with FE8, FE9, FEA, or FEB. Link-local addresses (also known as local link addresses) are addresses that are valid on only the current subnet. Link-local addresses have a FE80::/10 prefix. This includes any address beginning with FE8, FE9, FEA, or FEB. All nodes must have at least one link-local address, although each interface can have multiple addresses. Routers never forward packets destined for link-local addresses to other subnets. Link-local addresses are used for automatic address configuration, neighbor discovery, or subnets that have no routers.

Link-local

Link-local addresses (also known as local link addresses) are addresses that are valid on only the current subnet. > Link-local addresses have a FE80::/10 prefix. This includes any address beginning with FE8, FE9, FEA, or FEB. > All nodes must have at least one link-local address, although each interface can have multiple addresses. > Routers never forward packets destined for link-local addresses to other subnets. > Link-local addresses are used for automatic address configuration, neighbor discovery, or for subnets that have no routers.

12.2.6 Network Configuration Facts

Linux uses files and commands for network configuration. This lesson covers the following topics: Network configuration files Network configuration commands

iftop

Listens to network traffic on a named interface. If no interface is named it listens on the first interface that looks like an external interface. Be aware that ifhop: > Displays a table of current bandwidth usage by pairs of hosts. > Must be run with sufficient permissions to monitor all network traffic on the interface. > Looks up the hostnames associated with addresses it finds in packets. This can cause substantial traffic. You can suppress display of DNS traffic by using filter code or switch it off with the -n option. > Includes some of the following options: -r suppresses display of DNS traffic when the program is running. -h prints a summary of usage. -N suppresses resolving port number to service names. -p runs in promiscuous mode; counts traffic that does not pass directly through the specified interface. -f allows you to specify filters.

whois

Looks up records in the databases maintained by several Network Information Centers (NICs) Options include: -a uses the American Registry for Internet Numbers (ARIN) database. -d uses the US Department of Defense database. -g uses the US non-military federal government database, which contains points of contact for subdomains of .GOV. -h uses the specified host instead of the default NIC. Either a host name or an IP address may be specified.

/etc/services

Many firewall applications read from the /etc/services file. This file is a list of well-known services and their port assignments. When you update firewall rules, consider updating this file with new services and ports.

/etc/hosts

Maps host names to their associated IP addresses. Each record in this file line contains an IP address along with the hostname that should be resolved to that IP address. It may optionally contain an alias that also maps to that same IP address. When a host needs to resolve a hostname into an IP address, this file is read first by default. If a mapping for the hostname is found, it is used, and the name resolution process ends. If a mapping is not found in this file, then the name resolution request is sent to a DNS server. e.g. 10.0.0.136 fs5.corpnet.com fs5specifies that the IP address 10.0.0.136 is mapped to fs5.corpnet.com and that the alias fs5 also maps to that same IP address.

12.7 Network Troubleshooting

Missing localization: icon-copyprint As you study this section, answer the following questions: Why is it important to completely identify the source of a problem before beginning to fix it? What are good sources to research when creating a hypothesis and determining a resolution? After you fix a problem, what actions should you still complete? How can you verify the connectivity of hosts within a network? Which utilities send name resolution requests? Which utility will provide the most information about the hostname or IP address? In this section, you will learn to: Use network troubleshooting tools. Use the ping and traceroute commands. Key terms for this section include the following:

12.7.2 Troubleshooting Methodology Facts

Missing localization: icon-copyprint Good troubleshooting is a process that combines knowledge, experience, and intuition. This lesson presents an effective troubleshooting process

12.1.2 IP Protocol Facts

Missing localization: icon-copyprint This lesson covers the following topics: Protocols Protocols in the IP protocol suite

Installation

Most kernels ship with the bonding driver already available as a module and the ifenslave program installed. If your distribution does not or you need to compile bonding from source, be aware that: > The current version of the bonding driver is available in the drivers/net/bonding subdirectory of the most recent kernel source. > You can add bonding to the kernel with modprobe. > When you configure the driver as a module, you will be able to pass parameters to the driver or configure more than one bonding device. > After you build and install the new kernels and modules, install the ifenslave control utility. ifenslave should correspond to the kernel you are using. > Options for the bonding driver are supplied as parameters to the bonding module at load time, usually specified in either the /etc/modules.conf or /etc/modprobe.conf configuration file.

Which of the following describes network interface bonding? Bonding prefixes a 64-bit address to the network interface card MAC address, allowing the address to aggregate a network interface from a remote server to provide load balancing. Multiple network interface cards are aggregated into a single bonded interface. Bonding allows network interface cards inserted into expansion slots to fully replace the onboard network ports. Bonding provides the network interface card with the ability to utilize IPv6 addresses

Multiple network interface cards are aggregated into a single bonded interface. Multiple network interface cards are aggregated into a single bonded interface that provides increased throughput by increasing bandwidth and traffic load sharing. Bonding does not provide the network interface card with the ability to utilize IPv6 addresses. Replacing onboard NICs is not a function of bonding. Bonding does not utilize a 64-bit prefix address nor connect with a remote NIC for load balancing.

Network Time Protocol (NTP)

NTP is used to communicate time synchronization information between systems on a network.

12.5.4 Name Resolution Facts

Name resolution services resolve easy to remember host and domain names into IP addresses. This lesson covers the topic of configuring name resolution settings.

ip route del network

Removes a route from the routing table. Replace network with the network address of the route to be removed. Be sure to include the prefix of the network using CIDR notation. e.g. ip route del 192.168.1.0/24 removes the route to the 192.168.1.0/24 network from the routing table.

In an effort to secure the internal network, the system administrator has implemented a host-based firewall and set up explicit allow and deny statements for specific ports and services. Some of the employees are complaining they can no longer access the applications they need. The server was on the internal network connected to an internal router, which is connected to the DMZ and an external router to the internet. Which of the following is the most likely causing problems? Restrictive ACLs on the firewall. The external network router is now misconfigured. The DMZ is blocking access. The internal network router is now misconfigured.

Restrictive ACLs on the firewall. Restrictive ACLs on the firewall is most like the issue since access was disrupted after implementing the firewall. ACLs determine whether routed packets are accepted, rejected, or dropped. Accepted packets are forwarded on to their destinations. Rejected packets are blocked, and a message is sent back to the packet's sender. Dropped packets are also blocked, but no message is sent. Changes to the host-based firewall would not impact the internal router, DMZ, or the external router.

Remote Terminal Emulation (Telnet)

Telnet allows an attached computer to act as a dumb terminal with data processing taking place on the TCP/IP host computer. Telnet uses insecure data transmissions and should be avoided. SSH provides the same functionality, but does so securely using encryption.

You attempt to telnet to system 192.168.1.240. You receive the following message: "Connecting To 192.168.1.240...Could not open connection to the host, on port 23. No connection could be made because the target machine actively refused it." What may be the problem? The Telnet server is not running. The DNS server is down. The Telnet client is not installed.

The Telnet server is not running. The error message is an indication that the Telnet server on the target system is not running. The Telnet client must be installed for you to make a connection. DNS has no part in making this connection because you are using the IP address of the system. The Tomcat server is an open-source Java application server.

firewalld

The firewalld firewall is pre-installed on many Linux distributions. > firewalld is a front-end controller for IPTables. > With firewalld, the IPTables commands are still available. > firewalld has both a command line and graphical interface. > firewalld uses zones and services instead of chains and rules - Zones are pre-constructed rulesets for various trust levels. - Different zones allow different network services, ports, protocols, and incoming traffic types, while denying everything else. - You can apply a zone to different network interfaces. - You can configure firewalld with rules to allow traffic for specific network services. - You can add custom service rules to any zone.

Prefix

The first 64 bits of an IPv6 address.

12.3.4 IPv6 Configuration Facts

There are a number of ways that an IPv6 address can be configured. This lesson covers the following topics: IPv6 configuration methods IPv6 configuration process

Popular Linux Firewalls

There are many third-party Linux firewalls, and a few of them are included in major Linux distributions. Most of them are based on Netfilter. > Netfilter is part of the Linux kernel. > Netfilter is used for network address translation and port translation. > Netfilter supplies the kernel's IP packet filtering functions, which are used by firewall applications. > Linux firewall applications interface with Netfilter to perform firewall functions. The following are popular Linux firewalls that are based on Netfilter.

12.2.5 Addressing Method Facts

There are two options for assigning IP addresses. You can use static addressing, or you can specify that IP addresses are dynamically assigned. This lesson covers choosing an IP assignment method.

/var/lib/dhcpcd/dhcpclientn /var/lib/dhcpcd/dhclient.leases /var/lib/dhclient/dhclient.leases

These files contain DHCP lease information. The specific file used will vary between distributions.

/etc/sysconfig/network-scripts

This directory contains network configuration files. For example, each network interface in the system is configured using a configuration file in this directory named ifcfg-device_name (for example, ifcfg-ens192). Edit the appropriate device file in this directory to modify the following settings: > Boot protocol (static, DHCP, or BootP) > Autoconfiguration information > IP address, mask, and default router (for static configurations)

/etc/netplan

This directory contains the *.yaml file that defines the network configuration parameters, such as: > On/off toggle for DHCP4 and DHCP6 > Static IP address > Gateway IP address > IP addresses of nameservers

12.1.6 IPv4 Addressing Facts

This lesson covers the following topics: IPv4 rules and concepts IPv4 address structure Subnet masks Classless Inter-Domain Routing (CIDR) Address assignment Network Address Translation (NAT) routers

Bonding Configuration

To create a bonding interface, you give the parameters for the Linux bonding driver to the kernel bonding module at load time. They may be given as command line arguments to the insmod or modprobe command, but are usually specified in a configuration file in the /etc/sysconfig/network-scripts/ directory called ifcfg-bondn where n is a number that identifies the interface. *When bonding using active/passive, the term passive is also known as the slave. The following table identifies parameters you can include.

What is the path and filename of the file in the Linux system that lists all network services, including the port assigned to the service?

/etc/services /etc/services lists all network services on the Linux system, including the port assigned to the service. Most applications reference /etc/services to determine which service is using a specific TCP/UDP port.

If you are managing a systemd-based Linux system, which of the following commands cannot be used to bring the enp2s0 interface down? ip link set enp2s0 down /etc/sysconfig/network-scripts/ifcfg-enp2s0 down ifconfig enp2s0 down /etc/init.d/network stop ifdown enp2s0

/etc/sysconfig/network-scripts/ifcfg-enp2s0 down /etc/init.d/network stop /etc/sysconfig/network-scripts/ifcfg-enp2s0 down and /etc/init.d/network stop will not bring enp2s0 down. The ifcfg-* files in /etc/sysconfig/network-scripts are for configuration only, and are not intended to be executed. A systemd-based system does not use the init.d daemon to stop and start services. The ifup and ifdown commands bring the network interfaces up and down. The ifconfig and ip link set commands can also bring network interfaces up and down when provided with the name of the device and the up and down options.

Maria, a system administrator, wants to setup IP forwarding on a server for both IPv4 and IPv6. Which of the following files should be modified to enable IP forwarding? (Choose TWO). /proc/sys/net/ipv6/ip_forward /usr/lib/modules/kernelversion/kernel/net/ipv6 /etc/services /proc/sys/net/ipv4/ip_forward /usr/lib/modules/kernelversion/kernel/net/ipv4

/proc/sys/net/ipv6/ip_forward /proc/sys/net/ipv4/ip_forward IP forwarding is another name for routing. It is sometimes called kernel IP forwarding because it is a feature of the Linux kernel. Enable IP forwarding by writing a 1 to the ip_forward file. Enable IPv4 forwarding by writing to the /proc/sys/net/ipv4/ip_forward file. Enable IPv6 forwarding by writing to the /proc/sys/net/ipv6/ip_forward file. Be cautious about enabling IP forwarding without a firewall, especially if an interface connects to the internet or to a subnet you don't control. Many firewall applications read from the /etc/services file. This file is a list of well-known services and their port assignments.

You are configuring a network firewall to allow SMTP outbound email traffic and POP3 inbound email traffic. Which of the following TCP/IP ports should you open on the firewall? (Select TWO). 143 110 25 443 21

110 25 The Simple Mail Transfer Protocol (SMTP) uses TCP/IP port 25. The Post Office Protocol version 3 (POP3) uses TCP/IP port 110. The File Transfer Protocol (FTP) uses TCP/IP Port 21. The Internet Message Access Protocol (IMAP) uses TCP/IP port 143. TCP/IP port 443 is used by the Secure Sockets Layer (SSL) protocol.

You have a computer that is connected to the internet through a NAT router. You want to use a private addressing scheme for your computer. Which of the following IP addresses could you assign to the computer? (Select THREE). 172.18.188.67 10.0.12.15 192.168.12.253 240.12.188.1 127.0.0.1 32.188.99.10 224.15.166.12

172.18.188.67 10.0.12.15 192.168.12.253 Of the addresses listed here, the following are in the private IP address ranges: 10.0.12.15 (private range = 10.0.0.0 to 10.255.255.255) 172.18.188.67 (private range = 172.16.0.0 to 172.31.255.255) 192.168.12.253 (private range = 192.168.0.0 to 192.168.255.255)

You are the administrator for a small network of Linux hosts. Your network does not communicate with the internet and does not use DNS. When you add a new host named ENERGY7 to the network, which entry should be added to the /etc/hosts files? 192.168.0.34:ENERGY7:Reception Area 192.168.0.34 #ENERGY7 (Reception Area) 192.168.0.34 ENERGY7 #Reception Area ENERGY7 #192.168.0.34 #Reception Area

192.168.0.34 ENERGY7 #Reception Area The /etc/hosts file uses space as a delimiter between fields. Only two fields need to be given, the IP address and then the hostname. A third field, if it exists and it is not preceded by a pound sign (#), indicates any aliases the computer could be known by. If you want to add comments, you must precede them with a pound sign. All text following the first pound sign is assumed to be comments and is ignored.

To transfer files to your company's internal network from home, you use FTP. The administrator has recently implemented a firewall at the network perimeter and disabled as many ports as possible. Now you can no longer make the FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (Select TWO). 20 80 23 21 443

20 21 FTP uses port 21 for connection requests and port 20 for data transfers. Both ports would need to remain open for you to transfer files to your company's internal network from home. Telnet uses port 23, SSL uses port 443, and HTTP uses port 80.

Out of concern for security, you convinced your boss to stop allowing Telnet access to the network. Now, remote connections are only made through ssh. Which port must you allow through the firewall for ssh access? 22 23 24 25

22 ssh uses port 22 by default.

Which port does Telnet use? 25 34 80 23

23 Telnet uses port 23

Which of the following correctly describe the most common format for expressing IPv6 addresses? (Select TWO). 128 numbers grouped using colons 32 numbers grouped using colons Hexadecimal numbers Binary numbers Decimal numbers

32 numbers grouped using colons Hexadecimal numbers IP version 6 addresses are made up of 32 hexadecimal numbers organized into eight quartets. The quartets are separated by colons. An IPv6 address is made of 128 binary digits. IP version 4 addresses use decimal numbers organized into four octets and separated by periods.

You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable? 443 42 80 53 21

53 The DNS service uses port 53.

Dynamic Host Configuration Protocol (DHCP) assignment

A DHCP server is a special server configured to pass out IP addresses and other IP configuration information to network clients. Use DHCP for small, medium, or large networks. > When a client boots, it contacts the DHCP server for IP configuration information. > The DHCP server is configured with a range of IP addresses that it can assign to hosts. > The DHCP server can be configured to pass out other IP configuration, such as the default gateway and DNS server addresses. > The DHCP server ensures that each client has a unique IP address. > The DHCP server can be configured to not assign specific addresses in the range. > The DHCP server assigns the IP address and other information to the client. The assignment is called a lease and includes a lease time that identifies how long the client can use the IP address. > At boot and at set intervals, the client contacts the DHCP server to renew the lease on the IP address. > The DHCP lease process uses frame-level broadcasts. For this reason, DHCP requests typically do not pass through routers to other subnets. To enable DHCP across subnets: > Enable BootP (DHCP broadcast) requests through the router. > Configure a computer for BootP forwarding to request IP information on behalf of other clients. > A DHCP server can be configured to deliver the same address to a specific host each time it requests an address. This is called a reservation.

Domain Name System (DNS)

A DNS server is a computer server that contains a database of public IP addresses and their associated hostnames and is used to convert IP addresses to real domain names. DNS is also called Domain Name Service and Domain Name Server.

Network Address Translation (NAT) Routers

A Network Address Translation (NAT) router translates multiple private addresses into the single registered IP address. > The internet is classified as a public network. All devices on the public network must have a unique registered IP address. This address is assigned by the ISP. No two hosts on a public network can have the same IP address. > The internal network is classified as a private network. All devices on the private network use private IP addresses internally, but share the public IP address when accessing the internet. > A NAT router associates a port number with each private IP address. Port assignments are made automatically by the NAT router. Communications from the internet are sent to the public IP address. The NAT router translates the public IP address into the private IP address of the host. > A private network can use addresses in the following ranges that have been reserved for private use by IANA: 10.0.0.0 to 10.255.255.2555 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 By default, internet routers are configured not to route private IP addresses.

Firewall

A barrier between the internal network, which is assumed to be secure and trusted, and the external network, which is usually the internet and is not secure or trusted.

Network port

A communication endpoint used by a process or an application.

Routing table

A database maintained by a router to determine where to send data on a network.

Default Subnet Mask

A default subnet mask is assigned to classes A - C as follows: 255.0.0.0 is the default subnet mask for class A networks. 255.255.0.0 is the default subnet mask for class B networks. 255.255.255.0 is the default subnet mask for class C networks.

Network interface alias

A designation, such as eth0 or en0, that is associated with network interface cards.

Interface configuration file

A file in the /etc/sysconfig/network directory that is used to configure a network interface.

12.6.4 Linux Firewall Facts

A firewall basically establishes a barrier between the internal network, which is assumed to be secure and trusted, and the external network, which is usually the internet and is not secure or trusted. Most operating systems, including Linux, offer software-based firewalls to protect networks and systems from external threats. This lesson covers the following topics: Access control lists Popular Linux firewalls Other Linux firewall considerations

Router

A hardware device on a network that analyzes the contents of data packets sent from a host on the same network or sent from another router. If the destination host is on the router's network, the router forwards the packets to the host; if the destination host is not on the router's network, the packet is forwarded to another router.

Host

A host (also known as a network host) is a computer or device (such a router) on a network.

Bonding

A method for aggregating multiple NICs into a single logical (bonded) interface.

DHCP IP assignment

A method for dynamically assigning an IP address to a host through a DHCP server.

Static IP assignment

A method for manually assigning an IP address to a host.

NIC

A network interface card.

IP forwarding

A process used to determine which network path to send an IP packet. (This process is also known as IP routing).

nslookup

A program to query internet domain name servers. The nslookup command has two modes: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain. Non-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. To use nslookup: 1. Enter nslookup at the shell prompt. 2. Enter the hostname or IP address, such as 192.168.1.1. 3. The DNS server should respond with the requested mapping. 4. Type exit when finished. e.g. nslookup google.com returns the IP address for google.com.

Protocols

A protocol is a set of standards for communication between network hosts. Protocols often provide services, such as email or file transfer. Most protocols are not intended to be used alone, but, instead, rely on and interact with other dependent or complimentary protocols. A group of protocols intended to be used together is called a protocol suite.

Neighbor Discovery Protocol (NDP)

A protocol used to automatically generate the interface ID and learn the subnet prefix and default gateway.

12.4.3 Routing Facts

A router is a device that sends packets from one network to another network. Routers receive packets, read their headers to find addressing information, and send the packets on to their correct destination on the network or Internet. This lesson covers the following topics: Routing tables Default router Commands to configure routing

Default gateway

A router that allows hosts on one network to communication with hosts on another network, including the internet.

Protocol

A set of standards for communication between network hosts.

Subnet Mask

A subnet mask identifies the portion of the IP address that defines the network address and the portion of the IP address that defines the specific host.

Subnet Masks

A subnet mask identifies which portion of the IP address represents the network and, consequentially, which portion represents the host address. The structure of a subnet mask is identical to that of an IP address. > In binary form, the subnet mask is always a series of 1s followed by a series of 0s (1s and 0s are never mixed in sequence in the mask). > In decimal, each number used to indicate that it is part of the network will will be the value of 255. For example, 255.255.255.0 means that the first three numbers (octets) are reserved for the network portion of an IP address.When using complex subnet masks, the last number of the network portion may be any number as long as that number converted to binary is made of all 1s followed by all 0s. For example, a decimal subnet mask of 255.255.255.240 converted to binary is 11111111.11111111.11111111.11110000. In this address, the first four bits of the last octet are part of the network address.

Access Control Lists

ACLs are the rules a firewall uses to process IP packets. Linux firewall technologies often use different methods to organize their configuration options, but ACL concepts are still at the heart of a firewall's design. > ACLs determine whether routed packets are accepted, rejected, or dropped. - Accepted packets are forwarded on to their destinations. - Rejected packets are blocked, and a message is sent back to the packet's sender. - Dropped packets are also blocked, but no message is sent. > ACLs are stateless firewall filters. *A stateful firewall looks at traffic patterns, tunneling, and encryption to determine how to filter packets. > ACLs use the following packet characteristics to determine how to filter a packet. - Source address - Destination address - Ports - Protocols > ACLs can log each time they're used to filter a packet. > The packets that are the target of ACLs can be captured by setting a logging option.

Automatic Private IPv4 Addressing (APIPA)

APIPA is an automatic configuration method where hosts automatically select their own IPv4 address within a specific range. When using APIPA: > Windows computers will use APIPA if a DHCP server cannot be contacted. > Hosts select an IPv4 address in the 169.254.0.1 to 169.254.255.255 range with a mask of 255.255.0.0. After choosing the address, the host verifies that no other host on the network is using the selected address. > APIPA sets only the IPv4 address and mask. Because it does not assign a default gateway, APIPA can be used on a single subnet, but cannot be used if communication with other subnets is required. Use APIPA for small single-subnet networks that do not use DNS servers or do not have internet or connectivity outside of the local subnet.

ip route add

Adds a route to the routing table. Use the following options: > network specifies the address of the remote network. Be sure to include the prefix of the network using CIDR notation. > via router_IP specifies the router to which packets addressed to the remote route should be sent. > dev interface specifies the network interface to which the new route will be applied. e.g. ip route add 192.168.1.0/24 via 10.0.0.1 dev ens32 adds a static route to the 192.168.1.0/24 network through a router with an IP address of 10.0.0.1. The route applies to traffic going through the ens32 network interface.

route add

Adds a static route in the routing table. Use the following options: > default gw creates a route for the default router. > -net specifies a network address. > -host specifies a single host on the network. > reject installs a blocking route. e.g. route add default gw 192.168.1.1 adds the default router 192.168.1.1. route add -net 15.0.0.0 netmask 255.0.0.0 dev eth0 adds a route to the 15.0.0.0/8 network. route add -host 15.0.0.1 gw 10.0.20.1 adds a static route to the 15.0.0.1 host. route add -net 10.0.0.0 netmask 255.0.0.0 reject installs a rejecting route for the 10.0.0.0/8 network.

USERCTL

Allows or prohibist system users from making changes to the bond. e.g. USERCTL=no allows only root to make changes.

IP Address Structure

An IPv4 network address is a grouping of four numbers. Each number in the group is separated by a period (referred to as a dot). IPv4 addresses can be represented in the following ways: > Decimal notation: In decimal notation, each of the four numbers must be between 0 and 255. Example: 131.107.2.200 (spoken as 137 dot 107 dot 2 dot 200). > Binary notation: In binary notation, each of the four numbers is an octet (consisting of 8 bits). Each bit is either a 1 or a 0. Example: 10000011.01101011.00000010.11001000 On occasion, such as when working with subnet masks, you may need to convert an IP address from a binary value to decimal (or vice versa). Therefore, it is important to understand that each bit position in a binary octet is assigned a decimal value, as shown in the following table:

IPv6 Configuration Methods

An IPv6 address can be configured using any one of the following methods:

IPv6 Address Components

An IPv6 address is constructed of two major component as described below:

IPv4 address

An addressing scheme used by the fourth version of the Internet Protocol (IP). It uses 32-bit addresses.

Aggregation Overview

An aggregation (bonding) combines a group of ports into a link aggregation group, or LAG. A Linux bonding driver aggregates two or more network interface controllers into a single logical bonded interface. The LAG (bonding) is referred to as the master; the network interfaces associated with the bond are referred to as slaves. The Link Aggregation Control Protocol (LACP) is used to include or remove individual links from the LAG. Be aware that: > A scheduling algorithm defines which packets are sent along which link. > IEEE standard for link aggregation is 802.1AX. > All links must be identical (Ethernet 10/100/1000/10G, etc.). > All links must be configured the same way (duplex settings, VLAN configurations, and queuing features). > There is a maximum of eight individual links in a LAG group. > An even number of links usually provides better load balancing. > Bonding interfaces function according to whether the modes are hot standby or load balancing. > Bonded devices are directly connected to a dedicated switch device, or another system, such as a computer running Linux.

Dynamic rule sets

An automated process for changing the IPTables rules to filter network traffic and prevent intrusion.

12.6.6 Configure iptables

As the IT administrator for a small corporate network, you periodically check the firewall configuration on the CorpData Linux server to make sure everything is secure. In this lab, select View Lab and type iptables -L at the prompt to answer the following question: Which two TCP services have been allowed through the firewall? SSH and HTTP The two services allowed through the firewall are SSH and HTTP. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http

12.6 Linux Firewalls

As you study this section, answer the following questions: What is an ACL? How does a firewall use and ACL? What technologies are used to create Linux firewalls? What are IPtables chains and rules? How is IP forwarding configured in Linux? What products are available to create dynamic firewall rule sets? Which ports are considered privileged ports? In this lesson, you will learn to: Start and stop a firewall with firewalld. Configure a firewalld zone. Configure IP forwarding. Key terms for this section include the following:

12.2 Network Interface Configuration

As you study this section, answer the following questions: What is the advantage of using dynamic addressing rather than static addressing? Where is the interface configuration file located on the system? How can you view the current status of the network interfaces from the shell prompt? Which utilities can disable and enable the network interfaces? In this lesson, you will learn to: View information about the current network interfaces. Use the interface configuration file to manually assign a static address for the network interface. Disable and enable a network interface. Key terms for this section include the following:

12.3 IPv6 Overview

As you study this section, answer the following questions: What is the difference between stateful and stateless DHCPv6? What are the two parts of a 128-bit address? How do static full and static partial assignments differ? What process is used to configure the IPv6 address for each interface? What is a unique local address? In this section, you will learn to: Configure IPv6 addresses. Key terms for this section include the following:

12.1 IPv4 Overview

As you study this section, answer the following questions: What is the function of the IP protocol? What is the difference between a connectionless and a connection-oriented protocol? What is the main role of the ICMP protocol? What is the difference between a private IP address and a public IP address? How does the subnet mask identify the network address and network node? Which file lists all network services and their ports on the Linux system? Key terms for this section include the following:

12.4 Routing Configuration

As you study this section, answer the following questions: What is the role of a router? Which file contains the complete routing table on the system? How can you make the default gateway persistent? Which command sets the default route on the system? In this section, you will learn to: Configure the default route. Key terms for this section include the following:

12.5 Hostname and DNS Configuration

As you study this section, answer the following questions: When configuring the DNS, what is the purpose of having multiple name servers? Which file provides the system with domain names mapped to IP addresses? What function does the /etc/nsswitch.conf file provide? What are the advantages of using a DNS server for name resolution? In this section, you will learn to: Configure DNS settings. Test name resolution. Key terms for this section include the following:

2. Establish what has changed

Ask questions to discover what might have changed that could have caused the problem. Problems are frequently caused by a change to the system, such as: > Adding new hardware > Installing new software > Making configuration changes

12.7.6 Find Path Information 1

Below are the IP addresses of the hops in the path between ITAdmin and the external DNS server on the internet, which has an IP address of 163.128.80.93. Drag the IP addresses listed on the left to the hops described on the right. Use only the addresses that belong to the routers that match the description. Not all of the IP addresses on the left will be used. Type traceroute 163.128.80.93 to identify the devices in the path between ITAdmin and the external DNS server. Hop 1: Default gateway for ITAdmin 192.168.0.5 Hop 2: CorpNet Main Router 198.28.56.1 Hop 3: Network Security Appliance 65.86.24.136 Hop 4: ISP Internet Router 65.86.1.1 Destination: External DNS Server 163.128.80.93 Use traceroute 163.128.80.93 to trace the path between the IT Administrator workstation (named ITAdmin) and the external DNS server. The following routers are in the path (in listed order): 192.168.0.5 (Default Gateway) 198.28.56.1 (CorpNet Main Router) 65.86.24.136 (Network Security Appliance) 65.86.1.1 (ISP Internet Router) 163.128.80.93 (External DNS Server) The address of the External DNS Server (163.128.80.93) is listed in the path, but it is the destination server or a router.

Slave Configuration

Bonding also requires configuration file for bonding interfaces, or slaves. These configuration files are in the /etc/sysconfig/network-scripts/ directory. Create a file named ifcfg-xxxn where xxx is the type of interface and n is a number that identifies the interface. For example, ifcfg-eth0 identifies the first Ethernet interface. The following table identifies parameters you can include in the file:

BONDING_OPTS

Bonding options include the following: > arp_interval specifies the ARP link monitoring frequency in milliseconds. > downdelay specifies the time, in milliseconds, to wait before disabling a slave after a link failure has been detected. This option is valid only for the miimon link monitor. The downdelay value should be a multiple of the miimon value or it will be rounded down to the nearest multiple. The default value is 0. > lacp_rate specifies the rate to transmit LACPDU (LACP data unit) packets in 802.3ad mode. Slow, or 0, transmits LACPDUs every 30 seconds. Fast, or 1, transmits LACPDUs every second. Slow is the default setting. > maxbonds specifies the number of bonding devices to create for this instance of the bonding driver. > miimon specifies the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures. A value of zero disables MII link monitoring. > mode specifies if the links function as either hot standby or load balancing services. The behavior of the single logical bonded interface is specified by the bonding driver mode. The default parameter is balance-rr. Modes can be specified by numbers as follows: - mode=0 Balance Round Robin (balance-rr): this mode transmit network packets in sequential order from the first available network interface (NIC) slave through the last. This mode provides load balancing and fault tolerance. - mode=1 Active backup: only one NIC slave in the bond is active. A different slave becomes active if the active slave fails. This mode provides fault tolerance. - mode=2 Balance XOR: this mode transmits network packets based on a hash of the packet's source and destination. The same NIC slave is used for each destination MAC address, IP address, or IP address and port combination. This mode provides load balancing and fault tolerance. - mode=3 Broadcast: this mode transmits network packets on all slave network interfaces. This mode provides fault tolerance. - mode=4 802.3ad Dynamic link aggregation: each aggregation group shares the same speed and duplex settings. This mode is similar to the XOR mode and supports the same balancing policies. The link is set up dynamically between two LACP-supporting peers. - mode=5 Adaptive transmit load balancing (balance-tlb): This mode does not require any special network switch support. The outgoing network packet traffic is distributed according to the current load on each network interface slave. - mode=6 Adaptive load balancing (balance-alb): this mode includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic. It does not require any special network switch support. The receive load balancing is achieved by ARP negotiation. > primary specifies which slave is the primary device. The primary device will always be the active slave while it is available. Only when the primary is offline will another device be used. > updelay specifies the time, in milliseconds, to wait before enabling a slave after a link recovery has been detected. The updelay value should be a multiple of the miimon value. e.g. Use BONDING_OPTS=("mode=0 miimon=100 downdelay=400(" to use rr for load balancing, activate link monitoring every 100 milliseconds, and wait 500 milliseconds before disabling a failed link. Use BONDING_OPTS=("mode=1 primary=eth0 LACPDU=1 maxbonds=8(" to specify active backup, eth0 as the primary slave, a maximum of 8 bonds, and transmit LACPDU packets each second.

12.1.9 Practice Questions

CIST 2431

12.2.12 Practice Questions

CIST 2431

12.3.5 Practice Questions

CIST 2431

12.4.4 Practice Questions

CIST 2431

12.5.5 Practice Questions

CIST 2431

12.6.7 Practice Questions

CIST 2431

12.7.8 Practice Questions

CIST 2431

Classless Inter-Domain Routing (CIDR)

Classless Inter-Domain Routing (CIDR) is a method by which all of the bits used for the subnet mask are written in a single decimal number. For example, when an IP address is written as 10.10.1.16 /16, the "/16" is the CIDR. The /16 indicates that the first two octets (8-bits + 8-bit = /16) are used for the network address. CIDR notation is most useful when one of the network octets does not comprise the entire octet. For example, when an IP address is written as 10.10.1.16 /18, the "/18" indicates that part of the third octet is used as part of the network address (8-bits + 8-bit + 2-bit = /18). The following table shows the default address class for each IPv4 address range with its default subnet mask (also represented in CIDR notation). When using CIDR notation, you must know how to find your subnet mask. When you find the subnet mask, you will know what bits are available for the network address. To convert a CIDR to a subnet mask, use the following steps: 1. If the CIDR is greater than or equal to 8, write 255 in the first available octet (on the left) and then subtract 8 from the CIDR. 2. Repeat step 1 until the number is less than 8. The octets found using these first two steps will be the first part of you subnet mask. 3. Convert the remaining number (which will be less than eight) to 1s and pad the remaining bits (up to 8) with 0. This will be the last octet in your subnet mask. Examples: If the remaining number is: 3 the converted number is written as 11100000 5 the converted number is written as 11111000 7 the converted number is written as 11111110 4. Convert the 1s in the last (interesting) octet to a decimal number. This number is the subnet mask for this octet. Examples: 11100000 = 224 11111000 = 248 11111110 = 264 5. Any unused octets are represented with a 0. > CIDR conversion example: IP address /CIDR = 196.200.45.5 /20 1. Find simple subnet mask octets:12 -8 = 4. 4 is less than 8. Therefore, move to the next step. 2. The number 4 is changed to four 1s with the remaining bits for this octet padded with 0s:111100000 3. As a result, the full subnet mask is 255.255.240.0..

mtr

Combines the functionality of the traceroute and ping commands in a single network diagnostic tool. Options include: -r puts mtr into report mode, causing it to run for the number of cycles specified by the -c option, print statistics, and exit. -t forces mtr to use the curses based terminal interface if it is available. -n forces mtr to display numeric IP numbers and not try to resolve the host names. -u uses UDP datagrams instead of ICMP ECHO. -4 uses IPv4 only. -6 uses IPv6 only.

nmcli

Controls NetworkManager and get its status from the command line. Use nmcli as a complementary utility to nm-applet or other similar clients. Its main usage is on servers, headless machines, or for power users. Consider the following options: -t displays terse output. The output is suitable for scripts. -p displays pretty output that is easily readable by humans. -m specifies mode, tabular or multiline. -f specifies column names.

3. Create a hypothesis

Create a hypothesis by reviewing the list of potential causes and selecting the most probable cause. Look for common errors or solutions that can be tried quickly.

4. Create an action plan

Create an action plan and account for side effects of the proposed plan. The plan might require purchases that need approval before proceeding. In addition, the plan might involve taking services offline for a period of time. Identifying the effects ahead of time helps put measures into place to eliminate or reduce any potential negative consequences.

You have a TCP/IP network with 50 hosts. There have been inconsistent communication problems between hosts. You run a protocol analyzer and discover that two hosts are assigned the same IP address. Which protocol can you implement on your network to help prevent problems such as this? IGMP IP TCP ICMP DHCP SNMP

DHCP You can use the Dynamic Host Configuration Protocol (DHCP) to set up a DHCP server that will assign IP addresses automatically to network hosts. DHCP servers will not assign the same IP address to two different hosts.

Dynamic Host Configuration Protocol (DHCP)

DHCP is a method used to automatically assign IPv4 addresses and other TCP/IPv4 configuration parameters to hosts. Client computers contact a DHCP server to receive TCP/IPv4 configuration information. Use DHCP: For small, medium, or large networks. For automatic host configuration. To automatically deliver additional configuration parameters such as default gateway and DNS servers By default, all Windows computers try to use DHCP for TCP/IPv4 configuration information.

Dynamic Host Configuration Protocol (DHCP)

DHCP is a protocol that automatically assigns addresses and other configuration parameters to network hosts. Using a DHCP server, hosts receive configuration information at startup, reducing the amount of manual configuration required on each host.

You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. Which of the following protocols should you implement? DHCP DNS ARP Telnet

DNS DNS is a system that is distributed throughout the internetwork to provide address/name resolution. For example, www.mydomain.com would be identified with a specific IP address. ARP is a protocol for finding the IP address from a known MAC address. DHCP is a protocol used to assign IP addresses to hosts. Telnet is a remote management utility.

Which network service would you use to get the IP address from the Fully Qualified Domain Name (FQDN) hostname? DHCP DNS FTP NAT

DNS Use the Domain Name System (DNS) to get the IP address from a given host name. The fully qualified domain name (FQDN) is the full DNS name for the computer. Use DHCP to assign IP address and other configuration information to hosts automatically. Use FTP to transfer files. Use NAT to connect a private network to the internet.

Domain Name System (DNS)

DNS is a system that is distributed throughout the internetwork to provide address and name resolution. For example, the name www.mydomain.com would be identified with a specific IP address.

Which routing component is used to forward packets to remote networks? Host name IP address Subnet mask Default gateway

Default gateway The default gateway identifies the router to which packets for remote networks are sent. The subnet mask identifies which portion of the IP address is the network address. The IP address identifies both the logical host and logical network addresses. The host name identifies the logical name of the local system.

Which TCP/IP configuration parameter identifies the router that is used to reach hosts on remote networks? IP address Subnet mask Host name Default gateway

Default gateway The default gateway identifies the router to which packets for remote networks are sent. The subnet mask identifies which portion of the IP address is the network address. The IP address identifies both the logical host and logical network addresses. The hostname identifies the logical name of the local system.

/etc/hostname

Defines the host and domain names. e.g. fs5.corpnet.com identifies the system's hostname as fs5.

route del

Deletes a static route in the routing table. e.g. route del -net 172.18.0.0 netmask 255.255.0.0 deletes a route to the 17.18.0.0/16 network.

Which of the following are Python scripts classified as intrusion prevention software that provide dynamic rule sets to automate the rules iptables use to filter network traffic? (Choose TWO.) DenyHosts IPset Uncomplicated Firewall (UFW) Fail2ban firewalld

DenyHosts Fail2ban DenyHosts and Fail2ban are two popular Python scripts that are classified as instruction prevention software. Both scripts monitor log files and react to common security problems, such as brute force attacks, by adding or modifying firewall rules. Uncomplicated Firewall (UFW) provides a user-friendly framework for managing Netfilter. IPset is a companion application to IPTables that allows you to easily set firewall rules for a block of IP addresses. firewalld is a front-end controller for IPTables.

BOOTPROTO

Determines the protocol type to initialize the device. There are three options: > dhcp causes the system to search for the DHCP server. > bootp indicates the boot protocol looks for a DHCP server. > static or none indicates DHCP will not be used. e.g. BOOTPROTO=static indicates DHCP will not be used. BOOTPROTO=dhcp indicates that DHCP will be used.

netstat

Displays a list of network connections (e.g., sockets), the routing table, and information about the network interface. A socket is an endpoint of a bidirectional communication flow across a computer network. Use the following options for additional information: -a lists both listening and non-listening ports. -i displays a table of all network interfaces. -l lists listening sockets. -s displays statistics for each protocol. -r displays the routing table, which includes the IP address of the default gateway. *The netstat command is being replaced by ss, ip route (for netstat -r), ip -s link (for netstat -i), and ip maddr (for netstat -g)

arp

Displays and modify the Internet-to-Ethernet address translation tables used by the Address Resolution Protocol, ARP. Options include: -a displays all of the current ARP entries. -d deletes the entry for the specified hostname. When combined with -a, deletes all entries and automatically disables hostname lookups. -f processes entries in the specified file to be set in the ARP tables. -F overwrites entries for a given host when used with -f. -s creates an ARP entry for the specified host and Ethernet address. This option is used with the -f option. *The arp command is being replaced by ip n.

hostname

Displays or sets the name of the local host for the current session. e.g. hostname ls4 sets the hostname for the current session to ls4.

7. Document the solution

Document the solution to the problem. If problems occur in the future, check the documentation first to see what has changed or to recall the solution to common problems. *Remember, troubleshooting is a process of both deduction and induction. Field experience is critical to developing troubleshooting skills.

dig

Domain Information Groper (dig) is a command-line tool that lets you query Domain Name System (DNS) name servers and displays the answers that are returned from the name server(s) that are queried. Dig is useful for verifying and troubleshooting DNS problems and can also be used to perform DNS lookups and displays the answers that are returned from the name server that were queried. e.g. dig testout.com displays the DNS information for the TestOut site. This includes all of the IP addresses mapped to this site.

Domain names

Domain names are used to identify one or more IP addresses, such as www.testout.com and www.google.com. Domain names are used in URLs to identify particular web pages.

ss

Dumps socket statistics. Provides detailed information about communication with other hosts, networks, services, network connections, networking protocol statistics, and Linux socket connections. Consider the following options: -a displays all sockets. -t displays only TCP sockets. -u displays only UDP sockets. -l displays listening sockets. -m shows socket memory usage. -p shows process using socket. ss > ss_output sends the output to a file.

tcpdump

Dumps traffic on a network. Options include: -A prints each packet without the link level header in ASCII. -B sets the operating system capture buffer size. -c exits after receiving count packets. -d dumps the compiled packet-matching code in a human readable form to standard output and stops. -dd dumps packet-matching code as a C program fragment. -D prints the list of the network interfaces available on which tcpdump can capture packets.

Dynamic Rule Sets

Dynamic rule sets automate the rules IPTables use to filter network traffic and prevent intrusions. > There are two popular Python scripts that are classified as intrusion prevention software. - DenyHosts - Fail2ban > Both scripts monitor log files and react to common security problems, such as brute-force attacks, by adding or modifying firewall rules.

The three most important IPv4 address rules are:

Each host must have a unique IPv4 address. Each host on the same logical network must have the same network address. Hosts can only communicate directly with other hosts on the same logical network.

Which of the following describes an IPv6 address? (Select TWO). Four decimal octets Eight hexadecimal quartets 128-bit address 64-bit address 32-bit address

Eight hexadecimal quartets 128-bit address IP version 6 addresses are 128-bit addresses. They are commonly written using 32 hexadecimal numbers organized into eight quartets. Each quartet is represented as a hexadecimal number between 0 and FFFF. The quartets are separated by colons. IP version 4 addresses are 32-bit addresses. They have four octets. Each octet is an eight-digit binary number. Each octet has a decimal value between 0 and 255.

6. Ensure user satisfaction

Ensuring user satisfaction may include educating the user, such as explaining what the problem was, the solution, and how to avoid the problem in the future.

You are the system administrator of a test lab that uses the Linux operating system. For security reasons, your lab is not connected to the corporate network. Therefore, you are not able to resolve host names via the corporate DNS server. You want to be able to connect to the lab computers using hostnames, but you do not have the resources to bring up your own DNS server. Which of the following solutions would satisfy your requirements? Use a DNS relay agent to forward your DNS requests to the outside world. Enter the IP addresses and hostnames for all of the lab computers in the /etc/lmhosts file on each of the machines in the lab. Configure the lab machines to use broadcast name resolution. Enter the IP addresses and hostnames for all of the lab computers in the /etc/hosts file on each of the machines in the lab.

Enter the IP addresses and hostnames for all of the lab computers in the /etc/hosts file on each of the machines in the lab. The best choice in this case is to enter the IP addresses and hostnames into the /etc/hosts file of each lab computer. The hosts file is used to resolve hostnames to IP addresses in conjunction with or in place of DNS. The biggest downside to using the hosts file is that it must be manually updated. The lmhosts file is used for NetBIOS name to IP address resolution. NetBIOS names are not used with Linux unless you are using Samba and want to participate in a Windows network. There is no such thing as a DNS relay agent. Broadcast name resolution is also only used with NetBIOS.

Your ISP has changed the IP addresses of their DNS servers. What would you need to do on your Linux system to still be able to continue resolving host and fully qualified domain names if you use statically assigned IP address information? Enter the IP addresses of the new DNS servers into the /etc/hosts file. Enter the IP addresses of the new DNS servers into the /etc/resolv.conf file. Update the DNS entries listed in the /etc/sysconfig/network file. Update the DNS entries listed in the /etc/sysconfig/network-scripts/ifcfg-eth0 file.

Enter the IP addresses of the new DNS servers into the /etc/resolv.conf file. DNS server addresses are stored in the /etc/resolv.conf file. The /etc/hosts file is used to store IP-address-to-hostname resolution information. Only interface-specific information (such as IP addresses and subnet masks) is stored in the /etc/sysconfig/network-scripts/ifcfg-eth0 file. The /etc/sysconfig/network file is typically used to store data such as the local machine's host name and the NIS domain.

Which of the following is a valid IPv6 address? FEC0::AB:9007 FEC0:9087:AB04:9900:7GA2:7788:CEDF:349A 199.12.254.11 FEC0:AB04:899A FEC0:AB98::A7::9845:4567

FEC0::AB:9007 FEC0::AB:9007 is a valid IPv6 address. :: in the address replaces blocks of consecutive 0s. The longer form of this address is FEC0:0000:0000:0000:0000:0000:00AB:9007. Leading 0s within a quartet can also be omitted. You can only omit one block of 0s using the double colon. Each number in the IPv6 address must be between 0-9 or A-F; G is not a valid number for the IPv6 address. An address without double colons should have a total of 32 hexadecimal numbers in eight blocks.

File Transfer Protocol (FTP)

FTP provides a generic method of transferring files. It can include file security through usernames and passwords, and it allows file transfer between dissimilar computer systems. FTP can transfer both binary and text files, including HTML, to another host. FTP URLs are preceded by ftp://. To log in to an FTP server, use ftp://username@servername.

ICANN Ports

ICANN specifies three categories for ports: > Well-known ports range from 0 to 1023 and are assigned to common protocols and services. > Registered ports range from 1024 to 49151 and are assigned by ICANN to a specific service. > Dynamic (also called private or high) ports range from 49,152 to 65,535 and can be used by any service on an ad hoc basis. Ports are assigned when a session is established, and released when the session ends.

nternet Control Message Protocol (ICMP)

ICMP works closely with IP to provide error and control information by allowing hosts to exchange packet status information, which helps move the packets through the internetwork. Two common management utilities, ping and traceroute, use ICMP messages to check network connectivity. ICMP also works with IP to send notices when destinations are unreachable, when devices' buffers overflow, and whether devices can communicate across the network. It also relays information about the route and hops packets take through the network.

Internet Group Membership Protocol (IGMP)

IGMP is a protocol for defining host groups. All group members can receive broadcast messages intended for the group (called multicasts). Multicast groups can be composed of devices within the same network or across networks (connected with a router).

Internet Message Access Protocol (IMAP)

IMAP is an email retrieval protocol designed to enable users to access their email from various locations without the need to transfer messages or files back and forth between computers. Messages remain on the remote mail server and are not automatically downloaded to a client system. An email client that uses IMAP for receiving mail uses SMTP for sending mail.

IPv4 Rules and Concepts

IP addresses and routers are responsible for sorting and delivering packets to and from clients on a network. Each packet contains the IP address of both the sender and the recipient. Routers use the IP address to send the packets to the specified destination. IPv4 addresses allow hosts to participate on IPv4-based networks. The following table describes IPv4 concepts you should be aware of.

IP Forwarding

IP forwarding is another name for routing. It's sometimes called kernel IP forwarding because it's a feature of the Linux kernel. > Enable IP forwarding by writing a 1 to the ip_forward file. - Enable IPv4 forwarding by writing to the /proc/sys/net/ipv4/ip_forward file. - Enable IPv6 forwarding by writing to the /proc/sys/net/ipv6/ip_forward file. > Be cautious about enabling IP forwarding without a firewall, especially if an interface connects to the internet or to a subnet you don't control.

Internet Protocol (IP)

IP is the main protocol used on the internet. It is a connectionless protocol that makes routing path decisions. It also handles logical addressing issues through the use of IP addresses.

12.3.2 IPv6 Facts

IP version 6 (IPv6) is an updated version of the IP protocol designed to address the shortage of registered IPv4 addresses. The IPv6 address is a 128-bit binary number. A sample IPv6 IP address looks like: 35BC:FA77:4898:DAFC:200C:FBBC:A007:8973. This lesson covers the following topics: IPv6 address features IPv6 address components Types of IPv6 addresses

Which of the following popular Linux firewalls are based on Netfilter? (Choose THREE). IPTables netstat firewalld netcat IP Forwarding Uncomplicated Firewall (UFW) Wireshark

IPTables firewalld Uncomplicated Firewall (UFW) Iptables, Uncomplicated Firewall (UFW), and firewalld are all firewalls based on Netfilter. The other options are not firewalls.

IPTables

IPTables is a firewall application that's pre-installed on most Linux distributions. > IPTables is a rule-based front-end tool that interfaces with Netfilter to decide which packets to filter. > Internally, IPTables consists of five pre-defined tables that contain chains. - The kernel accesses each chain at a specific point while processing an IP packet. - Each chain has its own purpose and contains rules. > Configure an IPTables firewall by adding, deleting, and customizing the rules contained in each chain. - For a basic firewall, only the INPUT, FORWARD, and OUTPUT chains in the filter table are modified. IP packets are filtered according to the IPTables rules. > Each chain's rules are traversed in order. > Each rule has fields that are matched against the IP packet. - If a match is made, the action in the rule is taken. No other rules in the chain are checked. - If the packet doesn't match the rule, the rule is skipped, and the next rule is checked. - Normally, the last rule is configured with wildcards so that it matches any packet. In many cases, the action for the last rule is to reject the packet.

IPset

IPset is a companion application to IPTables that allows you to easily set firewall rules for a block of IP addresses.

Address Class

IPv4 addresses are divided into classes. The address class identifies the range of IPv4 addresses and a default subnet mask used for the range.

DHCPv6

IPv6 uses an updated version of DHCP (called DHCPv6) that operates in one of two different modes: > Stateful DHCPv6 is used when the DHCP server provides each client with the IP address, default gateway, and other IP configuration information (such as the DNS server IP address). The DHCP server tracks the status (or state) of the client. > Stateless DHCPv6 does not provide the client an IP address and does not track the status of each client, but rather is used to supply the client with the DNS server IP address. Stateless DHCPv6 is most useful when used in conjunction with stateless autoconfiguration.

SLAVE

Identifies the slave interfaces for the bonding. e.g. BONDING_SLAVE0=eth0 indicates the interface name. eth0 is a slave in the bond. BONDING_SLAVE1=bus-pci-0000:06:08.1 indicates that the interface name bus-pci-0000:06:08.1 is a slave in the bond.

Network issues

If the device and its connection appear to be working correctly, check the following: > Check firewalls on both end devices to see if communications are being blocked by a host-based firewall. > Check the service on the target device to make sure that it is running and is properly configured.

5. Implement the fix

Implement the fix, and then make sure that the solution has fully fixed the issue and has not caused any other problems. If necessary, implement additional steps to correct the problem if the first solution did not work.

Types of IPv6 Addresses

In IPv6, all interfaces are required to have an address, and interfaces can have more than one address. IPv6 identifies the following types of addresses:

12.7.5 Use Ping and Traceroute

In this lab, you will discover important facts about network communications by using ping or traceroute. ITAdmin has a configured IP address, but no default gateway address. The following local network IP addresses are used in this lab: Complete this lab as follows: > At the prompt, type ping -c 4 192.168.0.30 and press Enter to ping Office1. > Does the test succeed? > Type ping -c 4 199.92.0.33 and press Enter to ping Support. > Why does this test fail? > Type ping -c 4 192.168.0.5 and press Enter to ping the router's internal interface. > Does the test succeed? > Type ping -c 4 163.128.78.93 and press Enter to ping the ISP. > Why does this test fail?pi > Trace the path between Office2 and the internal router's interface as follows: - From the top navigation tabs, select Floor 1 Overview. - Under Office 2, select Office2. - At the prompt, type traceroute 198.28.56.1 and press Enter. > What addresses appear in the path between Office2 and the internal router? > Type traceroute 163.128.78.93 and press Enter to trace the path to one of the ISP's DNS servers. > How does this path differ from the path you discovered in the previous step? > When you trace the path between Office2 and the ISP's DNS server, the path has additional hops. The first lines in the traceroute output are the routers (hops) between Office2 and the DNS server. The last address in the traceroute output is the DNS server.

Saturation

Indicates that the maximum capacity of the bandwidth has been achieved.

NM_CONTROLLED

Indicates whether the bond will be controlled by NetworkManager. e.g. NM_CONTROLLED=no specifies NetworkManager is not used to manage the bond.

Interference

Interference is caused by electromagnetic fields or radio frequency interference. Check the following: > For wired cables, make sure wires are not routed next to motors or fluorescent lights that can cause interference. > For wireless devices, make sure there are no other devices in the area transmitting on the same frequency and channel (e.g., microwaves or cordless phones). > Check to make sure that the cable is not kinked or worn. Cables should be routed through walls or ceilings, not strung across the floor. If a cable must run across the floor, encase the cable to prevent wear and secure the cable in place to prevent tripping accidents. Worn cables might introduce some interference, or simply prevent signals from being sent properly.

Lightweight Directory Access Protocol (LDAP)

LDAP is used to allow searching and updating of a directory service. The LDAP directory service follows a client/server model. One or more LDAP servers contain the directory data. The LDAP client connects to an LDAP server to make a directory service request.

Network performance

Network performance is comprised of many factors. A significant factor is latency, which is the amount of time it takes data to travel from one point of the network to another. To improve latency, look at: > Increasing or improving bandwidth which is the size of the communication channel. > Increasing or improving throughput which is the ability of the system to send and receive data. > Eliminating saturation of bandwidth or throughput. Saturation indicates that maximum capacity has been achieved. Exceeding that point may result in a bottleneck. Technologies that may improve latency are: > Remote Direct Memory Access (RDMA) drivers. They provide high-throughput, low-latency communication that minimizes CPU usage. The drivers quickly transfer the contents of a memory buffer to a buffer on a remote system. RDMA drivers use one of the following communication standards: - Infiniband (IB) - Internet Wide Area RDMA Protocol (iWARP) - RDMA over Converged Ethernet (RoCE) > Unix sockets instead of localhost. You can improve latency by using a Unix domain socket for exchanging data between processes executing on the same host operating system. Unix socket communication occurs in the operating system kernel. The file system is used as the address name space and the two processes can communicate by opening the same socket.

12.1.8 IP Port Facts

Network ports are logical connections provided by the TCP or UDP protocols. The IP protocol stack uses port numbers to determine the protocol that incoming traffic should be directed to. This lesson covers the following topics: Port characteristics ICANN ports Well-known internet services ports

Post Office Protocol 3 (POP3)

POP3 is used to retrieve email from a remote server to a local client over a TCP/IP connection. With POP3, email messages are downloaded to the client. An email client that uses POP3 for receiving mail uses SMTP for sending mail.

iperf

Performs network throughput measurements. To perform an iperf test, the user must establish both a server (to discard traffic) and a client (to generate traffic). Options include: -f specifies report format: [kmKM] Kbits, Mbits, KBytes, MBytes. -i pauses n seconds between periodic bandwidth reports. -l sets length read/write buffer (default 8 KB). -o specifies output file name for the report or error message. -p sets server port to listen on/connect to (default 5001) -u uses UDP rather than TCP

You are attempting to ping the FQDN of a computer on the internet, but are not getting a response. What is the problem? Your default gateway is configured incorrectly. Pinging the FQDN of a computer does not give you enough information to know what the problem is. Your local IP address information is configured incorrectly. Your NIC has failed.

Pinging the FQDN of a computer does not give you enough information to know what the problem is. If you attempt to ping a FQDN and do not get a response, there are a number of things that could be wrong: Your IP address or DNS settings could be incorrect. Your default gateway could be configured incorrectly. Any router or network between you and the destination could be having a problem. DNS could be malfunctioning on your end or on the server. Pinging an FQDN command alone cannot give you enough information to determine what is wrong. It is better to ping an IP address and then follow that up with a traceroute to get a better idea of where the problem is occurring.

Port Characteristics

Port characteristics include: > Ports allow a single host with a single IP address to run network services. Each port number is associated with a particular service. > Each host can have over 65,000 ports per IP address. > Port use is regulated by the Internet Corporation for Assigning Names and Numbers (ICANN). > On Linux systems, /etc/services lists all network services on the system, including the port assigned to the service. Most applications reference /etc/services to determine which service is using a specific TCP/UDP port. * To protect a server, ensure that only the necessary ports are opened. For example, if the server is being used only for email, then shut down ports that correspond to FTP, DNS, and HTTP (among others).

nmtui

Provides a text-base interface for controlling NetworkManager. Consider the following options: -edit displays a connection editor that supports adding, modifying, viewing, and deleting connections. -connect displays a list of available connections with options to activate or deactivate them. -hostname sets the system hostname.

/etc/resolv.conf

Provides the system with the address of a DNS server that can be used for name resolution. Up to three servers can be listed, and the servers are accessed in the order specified. The file can also specify a fully qualified domain name that will be appended to hostnames that are missing a domain name. e.g. nameserver 8.8.8.8 specifies 8.8.8.8 as the IP address of the DNS server. search corpnet.com appends the domain name to hostnames that do not have a domain name. For example, linux1 becomes linux1.corpnet.com.

Routing Tables

Routers can forward packets through an internetwork by maintaining routing information in a database called a routing table. Every Linux system maintains a routing table in RAM that it uses to determine where to send data on a network. The routing table typically contains the following information: > The address of a known network > The interface or next hop router used to reach the destination network > A cost value (also called a metric) that identifies the desirability of the route to the destination network (using distance, delay, or cost) > A timeout value that identifies when the route expires

You are attempting to ping another computer on the internet by its IP address, but you are not getting a response. You do get a response when you ping a host on your own network. Which of the following options would help you better determine where the problem is? Run ip route trace on the IP address of the computer on the internet. Run nslookup on the internet computer's IP address. Run traceroute on the IP address of the computer on the internet. Run netstat on the internet computer's IP address. ping the computer's FQDN (Fully Qualified Domain name).

Run traceroute on the IP address of the computer on the internet. traceroute is very useful for helping you determine where a network connectivity problem is across multiple networks. Unlike ping, it requests a reply from every router that it passes through to get to the specified host. This will help you determine where in the path, from your computer to the destination computer, the problem is located. Attempting to ping the FQDN of a host when you cannot get a response from pinging its IP address will tell you nothing more; it actually tells you less because it introduces the possibility of problems with name resolution (DNS), which did not affect prior results. nslookup also will not help you determine where the problem is because it will only query a DNS server. netstat is useful only for getting information about connections into and out of your computer. netstat does not help you determine where the problem is. ip route shows the routing table, but does not have a trace option.

Secure Copy Protocol (SCP)

SCP is used to copy files between systems. Like SFTP, SCP relies on SSH to ensure that data and passwords are not transmitted over the network in cleartext.

Secure File Transfer Protocol (SFTP)

SFTP is a secure version of FTP that uses Secure Shell (SSH) to encrypt data transfers. SSH ensures that SFTP transmissions use encrypted commands and data, which prevent data from being transmitted over the network in clear text.

Simple Mail Transfer Protocol (SMTP)

SMTP is used to route electronic mail through the internetwork. SMTP is used: Between mail servers for sending and relaying mail. By all email clients to send mail.

Simple Network Management Protocol (SNMP)

SNMP is a protocol designed for managing complex networks. SNMP lets network hosts exchange configuration and status information. This information can be gathered by management software and used to monitor and manage the network.

Which of the following network services or protocols uses TCP/IP port 22? TFTP NNTP IMAP4 SSH

SSH The Secure Shell (SSH) service uses TCP/IP port 22. SSH is a terminal emulation program similar to Telnet that provides secure authenticated sessions on a remote system. It is most commonly associated with Unix and Linux systems. The Trivial File Transfer Protocol (TFTP) is a connectionless service for downloading files from a remote system. TFTP uses TCP/IP port 69. The Network News Transfer Protocol (NNTP) is used to access and download messages from newsgroup servers. NNTP uses TCP/IP port 119. The Internet Message Access Protocol version 4 (IMAP4) is used to download email from remote servers. IMAP 4 uses TCP/IP port 143.

Secure Shell (SSH)

SSH allows secure interactive control of remote systems. SSH is a secure and acceptable alternative to Telnet. SSH uses public key cryptography for both connection and authentication.

Secure Sockets Layer (SSL)

SSL secures messages being transmitted on the internet. It uses RSA for authentication and encryption. Web browsers use SSL (Secure Sockets Layer) to ensure safe web transactions. URLs that begin with https:// trigger your web browser to use SSL.

dig

Sends a name resolution request and receive extensive information about the hostname or IP address. Consider the following options: a resolves a record information. ptr resolves a ptr record. cname resolves cname record information. p queries a specific port on the host. in resolves internet record information. mx resolves mx record information. soa resolves start of authority information.

nslookup

Sends a name resolution request. To use nslookup: 1. Enter nslookup at the shell prompt. 2. Enter the hostname or IP address, such as 192.168.1.1. 3. The DNS server should respond with the requested mapping. 4.Enter exit when finished. *The nslookup command is being replaced by the host and dig commands.

ipset

Sets up, maintains, and inspects IP sets in the Linux kernel. Options include: -n creates a set identified with setname and specified type. add adds a given entry to the set. del deletes the specified entry from a set. test tests whether an entry is set or not. -x destroys specified set or all sets if no set is specified. -t lists the set names and header; suppresses listing set members..

Protocols in the IP Protocol Suite

The Internet Protocol (IP) protocol suite (commonly referred to as TCP/IP) is the most widely used protocol suite today. The following table describes several protocols in the IP protocol suite.

DEVICE

Specifies a number to identify the bond. e.g. DEVICE=bond1 identifies the bond as bond1.

TYPE

Specifies driver type. e.g. TYPE=Ethernet indicates an Ethernet connection.

IPADDR

Specifies the IP address for the bond. e.g. IPADDR=179.254.0.2 uses 179.254.0.2 as the IP address for the bond.

MTU

Specifies the maximum transmission unit (MTU). e.g. MTU=9000

STARTMODE

Specifies when the driver will be started. The options are onboot and manual. > onboot activates the bond when the system is started. > manual requires the boot to be started e.g. STARTMODE=ONBOOT activates the bond at startup.

/etc/nsswitch.conf

Specifies whether the computer's hosts file or the DNS server takes precedence. e.g. hosts: files dns specifies that the hosts file takes precedence before the DNS server.

Stateless DHCPv6

Stateless DHCPv6 does not provide the client an IP address and does not track the status of each client, but rather is used to supply the client with the DNS server IP address. Stateless DHCPv6 is most useful when used in conjunction with stateless autoconfiguration.

IPv6 is configured using several methods. In which method do clients use Neighbor Discovery Protocol to send router solicitation and router advertisement messagesto learn the subnet prefix and default gateway as part of an automatic interface ID generation process? DHCPv6 Stateless autoconfiguration Static full assignment Static partial assignment

Stateless autoconfiguration Stateless autoconfiguration is the configuration in which clients automatically generate the interface ID and learn the subnet prefix and default gateway through the Neighbor Discovery Protocol (NDP). NDP uses the following messages for autoconfiguration: Router solicitation (RS) is a message sent by the client to request that routers respond. Router advertisement (RA) is a message sent by the router periodically and in response to RS messages to inform clients of the IPv6 subnet prefix and the default gateway address. NDP is also used by hosts to discover the address of other interfaces on the network, replacing the need for the Address Resolution Protocol(ARP). Static full assignment is the configuration in which the entire 128-bit IPv6 address and all other configuration information is statically assigned to the host. Static partial assignment is the configuration in which the prefix is statically assigned and the interface ID uses the modified EUI-64 format derived from the MAC address. DHCPv6 is the confugraiton in which IPvG uses an updated version of DHCP (called DHCPv6) that operates in stateful or stateless mode. Stateful DHCPv6 is used when the DHCP server provides each client with the IP address, default gateway, and other IP configuration information (such as the DNS server IP address). The DHCP server tracks the status (or state) of the client.> Stateless DHCPv6 does not provide the client an IP address and does not track the status of each client, but is used to supply the client with the DNS server IP address. Stateless DHCPv6 is most useful when used in conjunction with stateless autoconfiguration.

Stateless autoconfiguration

Stateless autoconfiguration is where clients automatically generate the interface ID and learn the subnet prefix and default gateway through the Neighbor Discovery Protocol (NDP). NDP uses the following messages for autoconfiguration: > Router solicitation (RS) is a message sent by the client to request that the routers respond. > Router advertisement (RA) is a message sent by the router periodically and in response to RS messages to inform clients of the IPv6 subnet prefix and the default gateway address. NDP is also used by hosts to discover the address of other interfaces on the network, replacing the need for Address Resolution Protocol (ARP). *Even though NDP provides enough information for the addressing of the client and for clients to learn the addresses of other clients on the network, it does not provide the client with DNS server information or other IP configuration information besides the IP address and the default gateway.

Static full assignment

Static full assignment is where the entire 128-bit IPv6 address and all other configuration information is statically assigned to the host.

Static partial assignment

Static partial assignment is where the prefix is statically assigned and the interface ID uses the modified EUI-64 format derived from the MAC address.

Transport Layer Security (TLS)

TLS is an improved version of SSL. It ensures that messages being transmitted on the internet are private and tamper proof. TLS is implemented through two protocols: TLS Record provides connection security with encryption (e.g., with DES). TLS Handshake provides mutual authentication and choice of the encryption method.

Static (manual) assignment

Static/manual IPv4 address assignment means that you manually enter in the required IPv4 address and associated IP information for a host. > When you configure a static IPv4 address, you must also configure the subnet mask and default gateway. > When you configure a static IPv4 address, you disable DHCP and APIPA. > If you use DHCP, you can also assign DNS server addresses manually. Use static addressing: > For small networks that do not often change or grow. > If your network does not have a DHCP server or if you want to eliminate DHCP traffic from your network. > For specific hosts that must have the same address each time (such as servers). You can use DHCP on the rest of the network and use static addressing for only a few hosts. However, before you use static addressing, explore the possibility of using a DHCP server to assign the same IPv4 address to specific hosts each time an address is requested. > For non-DHCP hosts (hosts that cannot accept an IPv4 address from DHCP). *Ensure that duplicate addresses are not assigned to hosts on the same network.

You are an application developer. You are writing a program to exchange video files through a TCP/IP network. You need to select a transport protocol that will guarantee delivery. Which TCP/IP protocol would you implement that provides this capability? TFTP IP UDP TCP RIP

TCP Write the application to use the Transmission Control Protocol (TCP). TCP guarantees delivery through error checking and acknowledgments.

Transmission Control Protocol (TCP)

TCP provides services that ensure accurate and timely delivery of network communications between two hosts. TCP is a connection-oriented protocol. TCP provides the following services to ensure message delivery: Sequencing of data packets Flow control Error checking

Trivial File Transfer Protocol (TFTP)

TFTP is similar to FTP. It lets you transfer files between a host and an FTP server. However, it provides no user authentication and no error detection. Because it does not perform error detection, TFTP is faster than FTP, but might be subject to transmission errors.

nc ncat

Tests communications between network hosts. The netcat (nc or ncat) command establishes a TCP or UDP connection between two computers. The procedure for using nc is to: > Open a listening TCP or UDP socket on one host. The syntax is nc -l port_number. The -l option tells netcat to wait and listen for incoming connections. If no protocol is specified, then TCP is used by default. To use UDP instead of TCP, include the -u option in the command. > Connect to the listening socket on the first host from another host. The syntax is nc ip_address port_number. After the connection is established, text entered at the prompt of the second computer should appear on the screen of the first computer. *You must open the appropriate ports in the host firewalls of both systems.

traceroute tracepath

Tests connectivity between devices, show the path between the two devices. traceroute: > Can help track down which router (known as a hop) in the route is not working correctly. > Displays the Round Trip Time (RTT) for each hop. The RTT is the time difference between when the probe was sent from traceroute and the time the response arrived for each packet. tracepath is similar to traceroute, but does not require super user privileges. *To test IPv6 routing, use the traceroute6 or the tracepath6 commands instead of traceroute.

You open the /etc/nsswitch.conf file and observe the following line: hosts: files dns What is the result of this configuration? The /etc/hosts file sends configured IP information to the local DNS server. DNS server information takes precedence over the configuration in the information/etc/hosts file. The /etc/hosts file takes precedence over information obtained from a DNS server when resolving domain names. The /etc/resolv.conf file is populated by the local files on the system.

The /etc/hosts file takes precedence over information obtained from a DNS server when resolving domain names. Lines in the /etc/nsswitch.conf file specify whether the computer's host file or the DNS server takes precedence if there is a DNS resolution conflict between the two. The line hosts: files dns indicates the following files and order of preference: The /etc/hosts file provide the system with domain names for IP addresses. The line contains the IP address, fully qualified domain name, and aliases for the domain name. The /etc/resolv.conf file provides the system with the name of the network DNS server. Up to three servers can be listed, and the servers are accessed in the order specified.

You are asked to troubleshoot a problem on a user's computer. When the user types the name of any website he recives a message stating, "The page cannot be displayed." You determine that nothing has changed on the computer. What is MOST LIKELY the problem? The web browser needs to be upgraded. The DNS server is down or not reachable. The Apache server is down. The computer has a virus.

The DNS server is down or not reachable. It is likely that the DNS server is down or not reachable. Domain Name Service (DNS) resolves IP addresses to domain names that are easier for people to remember. A Linux virus is not likely. Upgrading the web browser will not solve the problem. Since no websites can be accessed, it is unlikely that it is a web server problem.

IP Address

The IP address is a number assigned to identify hosts and other devices on a network.

What will be the result of the following command? host www.somedom.com The hostname www.somedom.com isentered into the /etc/hosts file. A remote console session is initiated with www.somedom.com. The hostname of the local machine isset to www.somedom.com. The IP address of the computer www.somedom.com isdisplayed.

The IP address of the computer www.somedom.com is displayed. The host command retrieves the IP address and other information for a FQDN/host name from a DNS server. To set your local host name, you must edit the /etc/sysconfig/network file. To enter entries into the /etc/hosts file, you must edit it with a text editor. To open a remote console session on a remote computer, you should use a program such as Telnet or SSH.

Throughput

The ability of the system to send and receive data.

Latency

The amount of time it takes data to travel from one point of the network to another.

Physical issues

The best way to verify if a connection is valid is to check the link light on both the workstation and the switch. If the link light is unlit, try the following: > Swap the cables. This will help determine whether the cable is the problem. > Try using a different switch port for the connection. > Make sure that the card is properly seated. > Use loopback plugs to test network cards and cable testing devices to test network cables.

Broadcast Address

The broadcast address is the laazst address in the IP address range and is used to send messages to all hosts on the network.

Default Gateway

The default gateway is a device that performs routing and enables a host to communicate with hosts on other networks through the routing process. > A default gateway address must be configured on each host to allow internetwork communication. without the default gateway, hosts can only communicate with devices within the same subnet. > The default gateway address must be on the same subnet as the host computer. - Routers have multiple network interface cards attached to multiple networks. When configuring the default gateway, choose the address on the local subnet.

Default Router

The default router (also known as gateway router and default gateway router) is the router that hosts forward packets to when: > The IP address of the destination host does not reside on the local network segment. > A route to the network where the destination host resides is not in the routing table of the sending host. The default router IP address: > Must be configured on each host to allow inter-network communication. Without the default router, hosts will only be able to communicate with devices within the same subnet. > Must be on the same subnet as the host computer. Routers have multiple network interface cards attached to multiple networks. When configuring the default router, choose the address on the local subnet. > Is stored in the /etc/sysconfig/network/routes or the /etc/sysconfig/network-scripts/route-interface file, depending upon the distribution. Changes to this file will not take effect until the network interface is restarted.

Prefix

The first 64-bits is known as the prefix. > The 64-bit prefix can be divided into various parts, with each part having a specific meaning. Parts in the prefix can identify the geographic region, the ISP, the network, and the subnet. > The prefix length identifies the number of bits in the relevant portion of the prefix. To indicate the prefix length, add a forward slash (/) followed by the prefix length number. Full quartets with trailing 0s in the prefix address can be omitted (for example, 2001:0DB8:4898:DAFC::/64). > Because addresses are allocated based on physical location, the prefix generally identifies the location of the host. The 64-bit prefix is often referred to as the global routing prefix.

Other Linux Firewall Considerations

The following are items to consider when implementing a Linux firewall.

IPv6 Address Features

The following list describes the features of an IPv6 address: > The address is made up of 32 hexadecimal numbers, organized into 8 quartets. > The quartets are separated by colons. > Each quartet is represented as a hexadecimal number between 0 and FFFF. Each quartet represents 16-bits of data (FFFF = 1111 1111 1111 1111). > Leading zeros can be omitted in each section. For example, the quartet 0284 could also be represented by 284. > Addresses with consecutive zeros can be expressed more concisely by substituting a double-colon for the group of zeros. For example: FEC0:0:0:0:78CD:1283:F398:23AB FEC0::78CD:1283:F398:23AB (concise form) > If an address has more than one consecutive location where one or more quartets are all zeros, only one location can be abbreviated. For example, FEC2:0:0:0:78CA:0:0:23AB could be abbreviated as: FEC2::78CA:0:0:23AB or FEC2:0:0:0:78CA::23AB But not FEC2::78CA::23AB > The 128-bit address contains two parts.

Troubleshooting Process

The following process has proven effective in a variety of situations:

Network Communications Troubleshooting Tools

The following table compares some of the tools for troubleshooting network communication problems:

Address Assignment

The following table describes options for assigning IPv4 addresses and other IPv4 configuration values.

Network Configuration Files

The following table identifies files that Linux uses for network configuration:

Name Resolution Settings Configuration

The following table lists the files that administrators use to configure name resolution settings on Linux:

Well-known Internet Services Ports

The following table lists the well-known ports that correspond to common internet services:

Choose an IP Assignment Method

The following table provides information to help you decide which method of assigning IP addresses you should choose.

Host Address

The host address (also referred to as a host ID) is the remaining portion of the IP address that identifies the specific host or other device on the network.

Interface ID

The last 64 bits of an IPv6 address. This is the unique address assigned to an interface.

Interface ID

The last 64-bits is the interface ID. This is the unique address assigned to an interface. > Addresses are assigned to interfaces (network connections), not to the host. Technically, the interface ID is not a host address. > In most cases, individual interface IDs are not assigned by ISPs, but are rather generated automatically or managed by site administrators. > Interface IDs must be unique within a subnet, but can be the same if the interface is on different subnets. > On Ethernet networks, the interface ID can be automatically derived from the MAC address. Using the automatic host ID simplifies administration.

Loopback

The local loopback address for the local host is 0:0:0:0:0:0:0:1 (also identified as ::1 or ::1/128). The local loopback address is not assigned to an interface. It can be used to verify that the TCP/IP protocol stack has been properly installed on the host. *There are no broadcast addresses in IPv6. IPv6 multicast addresses are used instead of broadcast addresses.

Network Address

The network address (also referred to as the network ID) is the portion of the IP address that identifies a specific network.

privileged ports

The ports from 1 to 1023 are privileged ports. > Only the root account has access to ports 1 to 1023. > Privileged ports give confidence in internal networks where only trusted individuals have passwords to the root account. > Internal firewalls may be more tolerant when passing network traffic using these ports.

Privileged port

The ports numbered 1 to 1023 that only the root account has access to.

IPv6 uses 128-bit addresses. The address contains two 64-bit components. What is the first 64-bit component called? What is the last 64-bit component called?

The prefix The interface ID The first 64-bit part of an IPv6 address is called the prefix, or network portion, of the address. The last 64-bit portion is called the interface ID, or host portion, of the address. The host portion of the address assigned to an interface must be unique.

Subnetting

The process of dividing a large network into smaller networks.

Stateful DHCPv6

The process of obtaining the following from a DHCP server: An IPv6 address A gateway address Other IP configuration information, such as the DNS server IP address The DHCP server tracks the status (or state) of the client.

Access Control List (ACL)

The rules a firewall uses to process IP packets.

Bandwidth

The size of the communication channel.

Commands to Configure Routing

The table below shows common commands for configuring routing:

Wireshark tshark

Tracks, intercepts, and logs network traffic. It can also generate a customized report from captured data. Use a CLI version of the Wireshark packet analyzer. Options include: -i specifies the name or index number of the interface. -s specifies the packet snapshot length. -y specifies the link type. -c stops capture after a specified number of packets. -i specifies a file to read from. -i specifies a file to output to. -2 performs two-pass analysis.

12.7.7 Find Path Information 2

Type traceroute 216.48.8.6 to identify the devices in the path between ITAdmin and a remote computer on the internet that has an IP address of 216.48.8.6. How many routers are in the path between ITAdmin and the remote computer? 6 What is the default gateway address for ITAdmin? 192.168.0.5 What is the IP address of the last router in the path between ITAdmin and the remote computer? 73.44.216.14 To answer these questions, type traceroute 216.48.8.6 on ITAdmin. There are six routers in the path between between ITAdmin and the remote computer. The last address listed in the tracert output is the remote computer itself (216.48.8.6). The default gateway address for the ITAdmin is 192.168.0.5. When you run the tracert command, the default gateway will be the first router in the list. The last router in the path has the IP address 73.44.216.14.

User Datagram Protocol (UDP)

UDP is a connectionless protocol. UDP is a host-to-host protocol like TCP. However, it does not include mechanisms for ensuring timely and accurate delivery. Because it has less overhead, it offers fast communications, but at the expense of possible errors or data loss.

Uncomplicated Firewall

Uncomplicated Firewall (UFW) provides a user-friendly framework for managing Netfilter. > A command line interface is provided to configure the firewall. > A few GUI tools make working with the UFW incredibly simple.

Unique local

Unique local addresses are private addresses used for communication within a site or between a limited number of sites. In other words, unique local addressing is commonly used for network communications within an organization that do not cross a public network. They are the equivalent of private addressing in IPv4. > Unique local addresses have a FC00::/7 prefix. Currently, however, the 8th bit is always set to 1 to indicate that the address is local (and not global). Thus, addresses beginning with FC or FD are unique local addresses. > Following the prefix, the next 40 bits are used for the Global ID. The Global ID is generated randomly so that there is a high probability of uniqueness on the entire Internet. > Following the Global ID, the remaining 16 bits in the prefix are used for subnet information. > Unique local addresses are likely to be globally unique, but are not globally routable. Unique local addresses might be routed between sites by a local ISP. > Earlier IPv6 specifications defined a site-local address that was not globally unique and had a FEC0::/10 prefix. The site-local address has been replaced with the unique local address. > Because unique local addresses are not registered with IANA, they cannot be used on a public network (such as the Internet) without address translation. The process for designing a network addressing scheme when using unique local addresses is similar to that used for global unicast addresses. The key difference is how the prefix is defined. Because the address range is not registered, a global routing prefix does not have to be requested from an ISP. Instead, each organization defines the prefix to be used for their organization. However, there are several requirements that need to be observed when doing so. As with global unicast addressing, using this addressing scheme allows organizations to define a large number (216) of IPv6 subnets.

After arriving at work in the morning, you turn on your Linux workstation and attempt to visit an internet news site. After a few minutes, your web browser times out telling you that the website is unavailable. Which of the following troubleshooting steps would help you determine the cause of this issue? (Choose TWO). Use the route command to test the route to the FQDN and IP address of the website you are trying to reach. Use the ip addr command to test whether the IP address of the website you are trying to reach is correct. Use the traceroute command to traceroute the FQDN and IP address of the website you are trying to reach. Use the ping command to ping the FQDN and IP address of the website you are trying to reach.

Use the traceroute command to traceroute the FQDN and IP address of the website you are trying to reach. Use the ping command to ping the FQDN and IP address of the website you are trying to reach. ping and traceroute are commands that can help you troubleshoot a network connectivity problem. route is used to view, add, and delete routes from your local machine's routing table and would not be helpful in this situation. ip addr is useful for determining your own network configuration information, but cannot be used to determine the network information for a remote computer.

Static (manual) assignment

Using static addressing, IP configuration information must be manually configured on each host. Static addressing can be used: > On networks with a very small number of hosts. > To permanently assign IP addresses to hosts that must always have the same address (such as printers, servers, or routers). > For hosts that cannot accept an IP address from DHCP. *Static addressing is very susceptible to configuration errors and duplicate IP address configuration errors (two hosts that have been assigned the same IP address). Static addressing also disables both APIPA and DHCP capabilities on the host.

ping

Verifies connectivity between hosts within the network. > Ping a host using its IP address. If there is no response, try to ping another host. - If your computer cannot communicate with any other computer, check the network cable, the network interface card, or the IP address configuration on your computer. - If your computer can communicate with computers on the local network, but can't communicate with remote computers (such as the internet), verify the default gateway configuration on your computer. - If all computers on the local network cannot communicate with any remote computer, troubleshoot the router's connection to the remote network. > Ping a host using its DNS name. If a ping by IP address works, but a ping by DNS name fails, then there is probably a name resolution problem. > Use the -c option to specify how many ICMP echo requests to send to the destination. *IPv6 communications can be tested using ping, but the ping6 command must be used.

ip route show

Views routes in the routing table. e.g. ip route show displays the current routing table.

route

Views the routing table, including the default gateway address.

IPv6 Configuration Process

When a host starts up, it uses the following process to configure the IPv6 address for each interface: 1. The host generates an IPv6 address using the link-local prefix (FE80::/10) and modifying the MAC address to get the interface ID. For example, if the MAC address is 20-0C-FB-BC-A0-07, the link-local address for the interface would be: FE80::220C:FBFF:FEBC:A007. 2. The host then sends a neighbor solicitation (NS) message addressed to its own link-local address to see if the address it has chosen is already in use. > If the address is in use, the other network host responds with a neighbor advertisement (NA) message. The process stops and manual configuration of the host is required. > If the address is not in use (no NA message), the process continues. 3. The host waits for a router advertisement (RA) message from a router to learn the prefix. > If an RA message is not received, the host sends out a router solicitation (RS) message addressed to all routers on the subnet using the multicast address FF02::2. > The router sends out an RA message addressed to all interfaces on the subnet using the multicast address FF02::1. > If no routers respond, the host attempts to use stateful DHCPv6 to receive configuration information. 4. The RA message contains information that identifies how the IPv6 address and other information is to be configured. Possible combinations are: > Use stateful autoconfiguration: - Obtains the interface ID, subnet prefix, default gateway, and other configuration information from a DHCPv6 server. - The host sends out a REQUEST message addressed to the multicast address FF02::1:2 to request this information from the DHCPv6 server. > Use stateless autoconfiguration: - Sets the interface ID automatically. - Gets the subnet prefix and default gateway from the RA message. - Gets DNS and other configuration information from a DHCPv6 server. - The host sends out an INFORMATION-REQUEST message addressed to the multicast address FF02::1:2 to request this information from the DHCPv6 server. 5. If a manual address or stateful autoconfiguration is used, the host sends an NS message to make sure the address is not already in use. If stateless autoconfiguration is used, the NS message at this step is unnecessary, because the interface ID has already been verified in step 2.

Alternate IPv4 configuration

When an alternate IPv4 configuration is enabled, the host attempts to use DHCP for TCP/IPv4 configuration information. If a DHCP server cannot be contacted, the alternate IPv4 values are used. Use an alternate configuration: > For computers (such as a laptop) that connect to two networks; one with a DHCP server and another without a DHCP server. > To provide values to properly configure the computer in the event that the DHCP server is unavailable. * When you configure an alternate IPv4 address, APIPA will never be used.

Network Communication Troubleshooting

When experiencing problems with network communications, consider the following:

1. Identify the symptoms and potential causes

When identifying the problem and potential causes: > Ask the user to describe the problem. > Check for error messages. > Recreate the problem. > Identify the affected area. > Determine how large the problem is. For example, fixes for one client workstation would likely be very different than fixes for an entire network segment.

12.7.4 Troubleshooting Tool Facts

When troubleshooting network communications, there are a number of considerations you have to take into account. There is also a number of tools specifically designed to troubleshoot network communications. This lesson covers the following topics: Network communication troubleshooting Network communications troubleshooting tools

12.2.11 Troubleshoot IP Configurations

You are a network technician for a small corporate network. The network is connected to the internet. The employee in Office 2 reports that his workstation can communicate with some computers on the network, but not on the internet. The employee in the Support Office reports that her workstation can only communicate with the Exec computer on the network. In addition, you just set up your workstation in the IT Administration office, and it does not connect to any computers on the network. You need to diagnose and fix these problems. In this lab, your task is to complete the following: Use troubleshooting tools such as ping, ip addr show, or traceroute to diagnose the problems in the network. Fix the problem at each workstation. Use the troubleshooting tools to confirm the problem's resolution. To see the network diagram and the wiring schematics of the network, use Exhibits. Complete this lab as follows: 1. In the Support Office, begin troubleshooting the problem by verifying the scope of the connectivity problem as follows: > Under Support Office, select Support. > At the prompt, type ping 192.168.0.5 and press Enter to ping the gateway. > Press Ctrl + C. The ping fails. > Type ping 192.168.0.30 and press Enter to ping the computer in Office 1. > Press Ctrl + C. The ping fails. > Type ifconfig and press Enter to examine the network configuration. The IP configuration for the network interface is on a different network. 2. Correct the problem on Support by configuring the network properties for the interface as follows: > Type nano /etc/sysconfig/network-scripts/ifcfg-enp2s1 and press Enter to edit the /etc/sysconfig/network-scripts/ifcfg-enp2s1 file to configure the interface. > On the IPADDR line, type 192.168.0.32. > On the BROADCAST line, type 192.168.0.255. > Press Ctrl + O. > Press Enter to save the file. > Press Ctrl + X to exit the editor. > Type ip link set enp2s1 down or ifdown enp2s1 and press Enter to bring the interface down. > Type ip link set enp2s1 up or ifup enp2s1 and press Enter to bring the interface back up with the new configuration. > Type ip addr show or ifconfig and press Enter to verify the correct IP address on the interface. > Type ping 192.168.0.5 and press Enter to verify connectivity to the gateway. > Press Ctrl + C. The ping now succeeds. 3. On Office2, begin troubleshooting the problem by verifying the scope of the connectivity problem as follows: > From the top navigation tabs, select Floor 1 Overview. > Under Office 2, select Office2. > At the prompt, type ping 192.168.0.5 and press Enter to ping the gateway. The ping succeeds. > Press Ctrl + C. > Type ping 192.168.0.30 and press Enter to ping the computer in Office 1. The ping succeeds. > Press Ctrl + C. > Type ping 198.28.56.1 and press Enter to ping the internal router interface. > Press Ctrl + C. The ping fails. Since you have connectivity to the local network, but not beyond the gateway, this indicates a possible problem with the configured gateway address. > Type route and press Enter to examine the configured gateway. The gateway is configured incorrectly for this network. 4. Correct the problem on Office2 by configuring the network properties for the interface as follows: > Type nano /etc/sysconfig/network-scripts/ifcfg-enp2s0 and press Enter to edit the /etc/sysconfig/network-scripts/ifcfg-enp2s0 file to configure the interface. > On the GATEWAY line, type 192.168.0.5. > Press Ctrl + O. > Press Enter to save the file. > Press Ctrl + X to exit the editor. > Type ip link set enp2s0 down or ifdown enp2s0 and press Enter to bring the interface down. > Type ip link set enp2s0 up or ifup enp2s0 and press Enter to bring the interface back up with the new configuration. > Type ping 198.28.56.1 and press Enter to verify connectivity to the internal router interface. The ping now succeeds. > Press Ctrl + C. 5. On ITAdmin, begin troubleshooting the problem by verifying the scope of the connectivity problem as follows: > From the top navigation tabs, select Floor 1 Overview. > Under IT Administration, select ITAdmin. > At the prompt, type ping 192.168.0.5 and press Enter to ping the gateway. > Press Ctrl + C. The ping fails. > Type ping 192.168.0.30 and press Enter to ping the computer in Office 1. > Press Ctrl + C. The ping fails. > Type ping 192.168.0.34 and press Enter to ping the computer in Executive Office. The ping succeeds. > Press Ctrl + C. > Type ifconfig and press Enter to examine the configured subnet mask. The subnet mask is configured incorrectly. Only this workstation and the Exec workstation are on the same network. 6. Correct the problem on ITAdmin by configuring the network properties for the interface as follows: > At the prompt, type nano /etc/sysconfig/network-scripts/ifcfg-enp2s0 and press Enter to edit the /etc/sysconfig/network-scripts/ifcfg-enp2s0 file to configure the interface. > On the NETMASK line, type 255.255.255.0. > Press Ctrl + O. > Press Enter to save the file. > Press Ctrl + X to exit the editor. > Type ip link set enp2s0 down or ifdown enp2s0 and press Enter to bring the interface down. > Type ip link set enp2s0 up or ifup enp2s0 and press Enter to bring the interface back up with the new configuration. > Type ping 192.168.0.5 and press Enter to verify connectivity to the gateway. The ping now succeeds.

12.2.10 Configure IP Addresses

You are the IT administrator for a small corporate network. You need to configure the workstation in the Support Office so it can connect to the local network and the internet. The workstation has two network interface cards. This allows the workstation to connect to the local network (as shown in Exhibits) and another small network, which is not yet built. In this lab, your task is to: Configure the IP version 4 TCP/IP settings for the enp2s1 network connections as follows: IP address: 192.168.0.254 Subnet mask: 255.255.255.0 Broadcast: 192.168.0.255 Default gateway: 192.168.0.5 Configure the IP version 4 TCP/IP settings for the enp2s0 network connections as follows: IP address: 10.0.255.254 Subnet mask: 255.255.0.0 Broadcast: 10.0.255.255 Default gateway: 0.0.0.0 Configure DNS using the following addresses: 163.128.78.93 163.128.80.93 Ping the gateway to confirm that the workstation is properly connected to the small network and the internet. Complete this lab as follows: > At the prompt, type ip addr show (or ifconfig) and press Enter to view the current status of the network adapters. > Type cd /etc/sysconfig/network-scripts/ and press Enter. > Type ls and press Enter to view the files in this folder. Take note of ifcfg-enp2s0 and ifcfg-enp2s1 which are the configuration files for the network adapters. > Configure the settings for enp2s1 as follows: - Type nano ifcfg-enp2s1 and press Enter to edit the first adapter. - On the IPADDR line, type 192.168.0.254. - On the NETMASK line, type 255.255.255.0. - On the BROADCAST line, type 192.168.0.255. - On the GATEWAY line, type 192.168.0.5. - Type Ctrl + O. - Press Enter to save the file. - Type Ctrl + X to exit the editor. - Type ip link set enp2s1 down (or ifdown) and press Enter to bring the interface down. - Type ip link set enp2s1 up (or ifup) and press Enter to bring the interface back up with the new configuration. > Configure the settings for enp2s0 as follows: - Type nano ifcfg-enp2s0 and press Enter to edit the first adapter. - On the IPADDR line, type 10.0.255.254. - On the NETMASK line, type 255.255.0.0. - On the BROADCAST line, type 10.0.255.255. - On the GATEWAY line, type 0.0.0.0. - Type Ctrl + O. - Press Enter to save the file. - Type Ctrl + X to exit the editor. - Type ip link set enp2s0 down (or ifdown) and press Enter to bring the interface down. - Type ip link set enp2s0 up (or ifup) and press Enter to bring the interface back up with the new configuration. > Configure DNS as follows: - Type nano /etc/resolv.conf and press Enter to configure the DNS server addresses. - Type nameserver 163.128.78.93 and press Enter to start a new line. - Type nameserver 163.128.80.93. - Type Ctrl + O. - Press Enter to save the file. - Type Ctrl + X to exit the editor. > Type ping -c 4 192.168.0.5 and press Enter to confirm the connection to the network.

12.2.8 Start a NIC

You share a number of files from your computer, and you've received a number of calls from users who say they can't connect to the files. You check your computer and find that the Ethernet cable is unplugged. You've plugged the Ethernet cable in, so now you need to start the network interface card. In this lab, your task is to: Determine which network interface went down when it was unplugged. Start the network interface from the command line. Complete this lab as follows: 1. At the prompt, type one of the following commands and press Enter to view information about the network interfaces to determine which card is not up and to identify the card alias. (The alias for the network interface that is down is enp2s1.) ip addr ip addr show ip addr show enp2s1 ifconfig -a 2. Type one of the following commands and press Enter to start the enp2s1 network interface: ifup enp2s1 ip link set enp2s1 up

12.6.5 Change Default Ports

You're the IT administrator for a small corporate network. You've set up an internal web server to do some testing. You would like to obscure the server some by changing the default ports. In this lab, your task is to: Use ss -lt and netstat to determine which ports the web server is running on. Modify the ports.conf file to change port 80 to 81 and port 8080 to 8081. Restart the web server to implement the port change. Use netstat and ss -lt to verify that the server is listening on the new ports. Complete this lab as follows: > At the prompt, type ss -lt and press Enter to view which ports the server is listening on. > Type netstat and press Enter to identify which ports the apache web server is listening on. The web server is listening on 80, 443, and 8080. > Type nano /etc/apache2/ports.conf and press Enter to open the port configuration file. > Change 80 to 81. > Change 8080 to 8081. > Press Ctrl + O. > Press Enter to save the file. > Press Ctrl + X to exit the editor. > Type systemctl restart apache2 and press Enter to restart the web server. > Type ss -lt and press Enter. > Type netstat and press Enter to verify that the server is listening on the new ports.

12.2.9 Stop a NIC

You've experienced some network connectivity issues, and you suspect the issue may be one of the NICs in your computer. In this lab, your task is to: Stop the enp2s1 NIC as the first step to isolating the problem. Verify that enp2s1 is down. There are multiple commands that you can use to stop the NIC and to verify that it is down Complete this lab as follows: 1. At the prompt, type one of the following commands and press Enter to stop the enp2s1 network interface: ifdown enp2s1 ip link set enp2s1 down 2. Type one of the following commands and press Enter to verify that enp2s1 is down: ip addr ip addr show ip addr show enp2s1 ifconfig -a

When configuring bonding on two network interfaces, the technician wants to configure one interface to take over if the other interface fails. Which of the following bonding modes should be used to provide a hot standby? active-backup, or mode 1 balance-rr, or mode 0 802.3ad, or mode 4 balance-xor, or mode 2

active-backup, or mode 1 active-backup, or mode 1, is configured so that only one slave in the bond is active. A different slave (passive) only becomes active if the active slave fails. This mode provides a hot standby, not load balancing. balance-rr, or mode 0, provides round robin for load balancing and fault tolerance. balance-xor, or mode 2, transmits packets based on a hash of the packet's source and destination. 802.3ad, or mode 4, is dynamic link aggregation, and all slaves are active.

You are troubleshooting a workstation that is having trouble while browsing the internet. You want to perform some tests on name resolution. Which utility would give you the most information? nslookup traceroute dig ping

dig Use dig to get the most information about the name resolution process. You can also use nslookup, but it does not give you as much information. Use ping and traceroute to test connectivity between hosts.

Which of the following commands can be used to retrieve the IP address and/or the FQDN or hostname information from a DNS server? (Choose ALL that apply.) host netstat dig nslookup

host dig nslookup The dig, nslookup, and host commands are all designed to allow you to query a DNS server to resolve IP addresses and the FQDN or hostname. The dig command is the most powerful because you can retrieve the most information with it. The nslookup command is outdated and has been deprecated (or marked for retirement) and may disappear from Linux distributions sometime in the future. The netstat command is used to display connection and other network information for the local system, not for retrieving information from a DNS server.

What would you enter at the command prompt to find the IP address for the xyzcomp.com domain?

host xyzcomp.com Use host xyzcomp.com to find the IP address for the xyzcomp.com domain. host displays the IP address for the specified domain name.

You need to temporarily change the IP address of the network interface (enp2s0) to 192.168.1.50. The network interface's IP address is currently set to 10.0.1.50. Which of the following commands would achieve the desired result? ifconfig enp2s0 192.168.1.50 /etc/init.d/network enp2s0 182.168.1.50 echo "IPADDR=192.168.1.50" >> /etc/sysconfig/network-scripts/ifcfg-enp2s0 ifconfig enp2s0:1 192.168.1.50

ifconfig enp2s0 192.168.1.50 ifconfig enp2s0 192.168.1.50 is correct because it is setting the IP address to enp2s0 interface. This is only set in memory. A reboot or restart of the network service will revert to what is saved in the config file (usually /etc/sysconfig/network-scripts/ifcfg-enp2s0) or what is given out by a DHCP server. echo "IPADDR=192.168.1.50" >> /etc/sysconfig/network-scripts/ifcfg-enp2s0 is incorrect because it would preserve the IP address change across reboots or network service restarts. Additionally, the IP address would not change until the network service was restarted. /etc/init.d/network enp2s0 182.168.1.50 is incorrect because it would not change the IP address. The init process use the scripts in /etc/init.d to start and stop services. This command is also incorrect because eth0 and an IP address are incorrect options for the network init script. Init scripts usually accept options such as start, stop, restart, and status. ifconfig enp2s0:1 192.168.1.50 is incorrect because it would not change the IP address of enp2s0, but create an alias (secondary IP address) on enp2s0 called enp2s0:1.

You need to set an IP address for enp2s0 to 192.168.15.2 with a subnet mask of 255.255.255.0. Which commands are correct? (Select TWO). ifconfig enp2s0:1 192.168.15.2 netmask 255.255.255.0 ifconfig enp2s0 192.168.15.2 netmask 255.255.255.0 ipconfig enp2s0 192.168.15.2 netmask 255.255.255.0 ifconfig enp2s0 192.168.15.2 255.255.255.0 ipconfig enp2s0 192.168.15.2 255.255.255.0 ip addr add 192.168.15.2/24 dev enp2s0

ifconfig enp2s0 192.168.15.2 netmask 255.255.255.0 ip addr add 192.168.15.2/24 dev enp2s0 The commands ifconfig enp2s0 192.168.15.2 netmask 255.255.255.0 and ip addr add 192.168.15.2/24 dev enp2s0 are correct. If you use ip addr add 192.168.15.2/24 dev enp2s0, this address and subnet mask will be added to any other addresses already assigned to enp2s0. If you want this to be the only IP address assignment on this interface, you can use the ip addr del command to delete any unwanted addresses. ipconfig is incorrect for Linux because this is a Windows command. ifconfig enp2s0 192.168.15.2 255.255.255.0 is incorrect because it is missing the netmask statement. ifconfig enp2s0:1 192.168.15.2 netmask 255.255.255.0 is a correct Linux command, but sets an alias IP address for enp2s0 rather than the primary IP address.

As you troubleshoot the network connection for your Linux system, you discover that the eno32 interface is down. Which command should you use to start the interface? ifconfig eno32 ifup eno32 eno32 ifup eno32 ifconfig

ifup eno32 Use ifup eno32 to start the eno32 network interface. ifconfig eno32 displays the network configuration information for the eno32 interface.

The enp2s0 interface is currently down. What can you enter at the command line to start the enp2s0 interface?

ifup enp2s0 ifup enp2s0 or ip link set enp2s0 up starts the enp2s0 network device.

The enp2s0 network interface has already been assigned the IP configuration 172.16.1.123/16. Which command would you use to temporarily configure a second IP address of 192.168.0.123/24 for this network interface? ip addr add 192.168.0.123/24 dev enp2s0 ipconfig enp2s1 192.168.0.123/24 ifconfig enp2s0 192.168.0.123/24 ipconfig enp2s0 192.168.0.123/24

ip addr add 192.168.0.123/24 dev enp2s0 Use the ip addr add command to configure a temporary second IP address for a network interface on a Linux system. The ifconfig command will temporarily replace the current IP address for a network interface on a Linux system. ipconfig is a similar utility for the Windows environment.

Which commands display the IP address and subnet mask values configured on a workstation? (Select TWO). ip addr show ifconfig arp netstat route

ip addr show ifconfig When used without parameters, the ifconfig utility displays the IP configuration settings. The ip addr command, with or without the show option, will also display the IP configuration of each installed network interface. Use the ip addr show ifname command to only display the IP configuration of a specific network interface. The netstat utility shows which ports/sockets are open for networking. route shows the routing table. arp displays the address resolution table.

You have just made IP configuration changes in the ifcfg-enp2s1 file. You do not want to restart the Linux system or restart the network service to put these changes into effect. There are two ip commands you can use to put these changes into effect. What is the first ip command you enter at the command line to put these changes into effect? What is the second ip command you enter at the command line to put these changes into effect?

ip link set enp2s1 down ip link set enp2s1 up To put the changes made in the ifcfg-enp2s1 file into effect you can enter two ip commands: ip link set enp2s1 down ip link set enp2s1 up

After the acquisition of another company, you are in a position where you must add another network to the existing routing tables. Which of the following commands would you use to accomplish this task? (Select TWO. Each option is a complete solution.) ip route 11.12.13.14/24 201.12.3.4 route add -host 11.12.13.14 gw 201.12.3.4 add route 11.12.13.14/24 gw 201.12.3.4 ip route add 11.12.13.14/24 via 201.12.3.4 ip route add -net 11.12.13.14/24 via 201.12.3.4 route add -net 11.12.13.14/24 gw 201.12.3.4 route -p add 11.12.13.14 201.12.3.4

ip route add 11.12.13.14/24 via 201.12.3.4 route add -net 11.12.13.14/24 gw 201.12.3.4 The first option is to use the route add command to add a route to the routing table. To add an entire network (versus just a host), use the -net option followed by the network address and gateway using route add -net 11.12.13.14/24 gw 201.12.3.4. The second option is to use the ip route add command to a route to the routing table. First, indicate the network address. Then use via to indicate the IP address of the router to which packets addressed to the remote route should be sent as follows: ip route add 11.12.13.14/24 via 201.12.3.4

As a system administrator, you are going to add a static route for host 195.157.66.221, 255.255.255.0. Your default gateway is 192.168.5.1, but you want this route to use gateway 192.168.7.1. Which commands will accomplish this task? (Select TWO. Each option is a complete solution.) route add -net 195.157.66.0 netmask 255.255.255.0 ip route add 195.157.66.0/8 via 192.168.7.1 route 195.157.66.0 netmask 255.255.255.0 gw 192.168.7.1 ip route add 195.157.66.0 netmask 255.255.255.0 via 192.168.7.1 ip route add 195.157.66.0/24 via 192.168.7.1 route add -net 195.157.66.0 netmask 255.255.255.0 gw 192.168.7.1 route add -net 195.157.66.0 netmask 255.255.255.0 gw 192.168.5.1

ip route add 195.157.66.0/24 via 192.168.7.1 route add -net 195.157.66.0 netmask 255.255.255.0 gw 192.168.7.1 One option is to use route add -net 195.157.66.0 netmask 255.255.255.0 gw 192.168.7.1. route add -net indicates that you are adding a route and the target is a network. 195.156.66.0 netmask 255.255.255.0 indicates that you are routing network 195.156.66.0 with a subnet mask of 255.255.255.0, which indicates that the first three octets are the network address. gw 192.168.7.1 indicates that you are using the gateway (gw) 192.168.7.1 to find the target network. The second option is to use ip route add 195.157.66.0/24 via 192.168.7.1. ip route add 195.157.66.0/24 indicates that you are adding the 195.156.76.0/24 network with the 24-bit subnet mask (which is the same as the 255.255.255.0 subnet mask, but you must use CIDR notation with the ip command and any of its options) to the route table. Including via 192.168.7.1 indicates that you are using 192.168.7.1 to find the target network.

A technician is configuring a server with four network interface cards to use a round robin scheduling algorithm. This algorithm transmits packets on the first available network interface. Which of the following is provided by this configuration? hot swap load balancing updelay downdelay

load balancing A round robin or using mode 0 (balance-rr) provides load balancing and fault tolerance. Hot swap provides just fault tolerance. updelay is a bonding option that specifies the time, in milliseconds, to wait before enabling a slave after a link recovery has been detected. downdelay is a bonding option that specifies the time, in milliseconds, to wait before disabling a slave after a link failure has been detected.

As the IT System Administrator, you recently setup a new DHCP server, DHCP_03. You want to test connectivity on port 53 from other servers on the network. Which of the following commands will accomplish that task? nc -zv DHCP_03 53 ifconfig DHCP_03 traceroute DHCP_03 ping -c 53 DHCP_03

nc -zv DHCP_03 53 The netcat or nc command can scan a port and report if a connection was successfully established. The -z option tell the nc command to not actually send any data but to report the connection status only and the v options indicates verbose mode. traceroute DHCP_03 will report the network route to that server. ifconfig DHCP_03 would look for a network device named DHCP_03. ping -c 53 DHCP_03 will ping the server 53 times.

You would like to see how many different computers are currently connected to your local workstation. Which of the following commands would allow you to do this? netstat route ping ip route list traceroute

netstat netstat is correct because it is designed to report the connections into and out of your computer. ping and traceroute are useful only for testing connectivity to other computers and do not give you information about connections into your local machine. route and ip route list are used to view and change your local computer's routing table.

Which utility would you use to view current connections and active sessions and ports on a computer? netstat ipconfig ip route nslookup

netstat netstat shows IP-related statistics, including: Current connections Incoming and outgoing connections Active sessions, ports, and sockets The local routing table ipconfig displays IP configuration information for network adapters. Use ipconfig to view IP address, subnet mask, and default gateway configuration. Use ipconfig /all to view detailed configuration information including the MAC address and the DHCP server used for configuration. nslookup resolves (looks up) the IP address of a hostname. ip route shows the routes in the routing table.

You are troubleshooting a connectivity problem on a Linux server. You are able to connect to another system on the local network, but you are not able to connect to a server on a remote network. You suspect that the default gateway information for the system may be configured incorrectly. Which of the following commands would you use to view the default gateway information on the Linux server? winipcfg netstat -r ifconfig dig

netstat -r Use the netstat command with the -r option on systems running Linux to view the routing table, which includes the IP address of the default gateway. Use winipcfg to view network configuration information on Windows systems. Use the ifconfig command to configure network interfaces or to display the status of currently active interfaces. Use the dig command on Linux and Unix systems to query Domain Name Service (DNS) servers.

Which of the following commands could you use to view your local system's default gateway? (Choose ALL that apply.) netstat -r ifconfig ip route list ip addr ifconfig -r route

netstat -r ip route list route route and netstat (when used with the -r option) both display the routing table, which contains the default gateway. ip route list, or just ip route, displays the routing table, which contains the default gateway. ifconfig and ip addr both display interface-specific information such as the IP address and MAC address, but they do not display any routing information.

Which of the following commands would allow you to see whether a remote computer is reachable? ip addr ping netstat ifconfig ipconfig ping

ping ping is a useful utility used to test whether a remote computer is reachable via a TCP/IP network. ping sends an ICMP packet to a remote host requesting a reply. ifconfig and ip addr are commands that allow you to view and set interface specific network information such as IP addresses and subnet masks. They do not help you test connectivity. (ip addr does not have a ping option.) ipconfig is not a Linux command; it is a Microsoft Windows command used to view IP address settings. netstat is not used to test connectivity. netstat displays information about your local computer's network connections.

Which of the following utilities would you use to view the routing table? (Select TWO. Each option is a complete solution.) route ip route show mtr dig tracert traceroute

route ip route show Use the route or ip route show commands to display the contents of the routing table. traceroute or tracert uses ICMP packets to test connectivity between devices and shows the path between the two devices. Responses from each hop on the route are measured three times to provide an accurate representation of how long the packet takes to reach and be returned by that host. The mtr command on Linux is a combination of the ping and traceroute commands. The dig command resolves (looks up) the IP address of a host name.

As a system administrator, you need to add a static route so that you can reach host 195.156.76.122, 255.255.255.0 and the device eno32 to find the target network. Which commands will accomplish this task? (Select TWO. Each option is a complete solution). ip route add 195.156.76.0 netmask 255.255.255.0 dev eno32 route add 195.156.76.122 netmask 255.255.255.0 ip route add 195.156.76.0/16 dev eno32 route add -net 195.156.76.0 netmask 255.255.255.0 dev eno32 route 195.156.76.0 netmask 255.255.255.0 dev eno32 route insert 195.156.76.0 netmask 255.255.255.0 dev eno32 ip route add 195.156.76.0/24 dev eno32

route add -net 195.156.76.0 netmask 255.255.255.0 dev eno32 ip route add 195.156.76.0/24 dev eno32 One correct answer is route add -net 195.156.76.0 netmask 255.255.255.0 dev eth0. The route add -net indicates that you are adding a route and the target is a network. 195.156.76.0 netmask 255.255.255.0 indicates that you are routing network 195.156.76.0 with a subnet mask of 255.255.255.0, which indicates the first three octets are the network address. Remember, you route networks, not hosts. dev eno32 indicates that the eno32 device is being used to find the target network. The other correct answer is ip route add 195.156.76.0/24 dev eno32. ip route add 195.156.76.0/24 indicates that you are adding the 195.156.76.0/24 network with the 24-bit subnet mask (which is the same as the 255.255.255.0 subnet mask, but you must use CIDR notation with the ip command and any of its options). dev eno32 indicates that the eno32 device is being used to find the target network.

As a system administrator, you want to block (reject) any packets from 170.122.0.0, 255.255.0.0. Which command will block those packets? route add 170.122.0.0 netmask 255.255.0.0 reject route block 170.122.0.0 netmask 255.255.0.0 route add 170.122.0.0 netmask 255.255.0.0 block route add block 170.122.0.0 netmask 255.255.0.0

route add 170.122.0.0 netmask 255.255.0.0 reject route add indicates that you are adding a route. 170.122.0.0 netmask 255.255.0.0 indicates the network and subnet mask that is being added. reject is the option used to reject any packets from hosts on this network.

You have replaced the default gateway on your network. The gateway had used the IP address of 201.12.3.4, and you must remove it from the routing table. Which command would you use to accomplish this task? route del default gw 201.12.3.4 route remove 201.12.3.4 remove route 201.12.3.4 del route gw 201.12.3.4

route del default gw 201.12.3.4 Use the route utility to add and remove entries. Use the del parameter to remove a route. The syntax for removing a default gateway with the IP address given is route del default gw 201.12.3.4.

Alex, a webmaster, recently deployed a new web server. After checking external access to the new web server, he was unable to communicate on port 80. Alex verified that the host-based firewall's configuration had been changed and that the httpd service is running. Which of the following commands will most likely resolve the communication issue? systemctl restart firewalld Install firewalld on the same system as the webserver firewall-cmd --permanent --zone=public --add-port= 80/tcp systemctl restart httpd

systemctl restart firewalld systemctl restart firewalld restarts the firewall service. This is important because if you make any changes to the firewall configuration, you need to restart the firewalld daemon in order to have that change take effect. This is most likely the step that Alex did not complete for the configuration changes to take effect. firewall-cmd --permanent --zone=public --add-port= 80/tcp changes the configuration, which Alex had already done. Install firewalld on the same system as the webserver is not a command. systemctl restart httpd will restart the webserver, which will have no impact on the issue since the webserver is running.

Which utility is similar to traceroute, but does not require elevated privileges?

tracepath tracepath is similar to traceroute, but does not require superuser privileges. tracepath tests connectivity between devices and shows the path between the two devices

You are having trouble contacting a host on another network. ping fails, but you would like to get more information about the router in the path where the communication stops. Which of the following utilities would you use? traceroute route ifconfig ip route trace netstat

traceroute Use traceroute to map the path to a destination host. If ping fails, traceroute can tell you which router might be the last one to respond. Use route to view and configure your host routing table. Use ifconfig to view host configuration information. Use netstat to view network configuration and statistics. ip route does not have a trace option.

Which command could you use to see the path that a packet traveled across a network to a remote host? ifup traceroute ping route

traceroute traceroute is used to trace a packet's path to a destination. It does this by sending an ICMP packet to a remote computer. The ICMP packet requests that the destination computer respond to both the packet and every router that the packet travels through. This gives you the path across any number of networks that your packet followed. This can be very useful in determining where along this path a problem is occurring. route does not test connectivity. It allows you to view, add, or delete routes from your local computer's routing table. ping allows you to see whether a remote computer is reachable, but it does not show you the path that a packet takes to get to the remote computer. ifup is used to start (bring up) network interfaces. It is not useful for testing connectivity.


Kaugnay na mga set ng pag-aaral

Marketing Communications, 20 questions study guide

View Set

American History Unit 28 Test Part One

View Set