BL Linux - Ch. 19 Networking Fundamentals
Using the *dig* command, what are the sections that are returned?
1.) Header 2.) Question 3.) Answer 4.) Authority 5.) Additional 6.) Statistics
Which port number corresponds to the following: FTP
20 and 21
Which port number corresponds to the following: 53
DNS
Define Class A
From 1 to 126; each of these permits up to 16,777,214 host addresses (minus 2! ID and Broadcast)
Which port number corresponds to the following: 80
HTTP
Which port number corresponds to the following: 443
HTTPs
Which port number corresponds to the following: 23
Telnet
Define *ifdown*
Used to bring an interface down
Define *ifup*
Used to bring an interface up
Define *tcpdump*
Used to capture and inspect the contents of packets from the network.
Define *host, nslookup, and dig*
Used to look up DNS names and return information about the targeted host.
2.) Consider the following: 10.122.189.77/255.0.0.0. Which of the following is the equivalent? a.) 10.122.189.77/32 b.) 10.122.189.77/24 c.) 10.122.189.77/16 d.) 10.122.189.77/8
d.) 10.122.189.77/8 The 255.0.0.0 subnet mask is identical to the notation /8 or 8 bit subnet mask.
figure 19-4 page 552 and 553 - memorize
*** super important hosts: file dns nis file = /etc/hosts dns = /etc/resolv.conf nis = /etc/nsswitch.conf
Which file does the *getent* command use to determine search order?
*/etc/nsswitch.conf* file determines the search order
Which file contains information to inform a service which port it is assigned to or to be listening on?
*/etc/services* However, most programs now have this information in their own configuration files and don't read the */etc/services* file
On a Red Hat system, which file contains the scripts to bring up or down the network interface?
*/etc/sysconfig/network-scripts* directory contains the scripts used to configure and bring up or down the interfaces on the machine.
Give the file path for dhcpcd and where/how it is invoked.
*/sbin/dhcpcd* daemon is typically invoked from the startup scripts or from the */sbin/ifup*; this utility executes the commands in the */etc/sysconfig/network-scripts/ifup* script on a Red Hat machine and the */etc/network/interfaces* script on a Debian machine.
Using the *dig* command, tell me about the following: *ADDITIONAL*
*ADDITIONAL* This is a catch-all section, typically displaying the name servers for the target.
Using the *dig* command, tell me about the following: *ANSWER*
*ANSWER* This section is the reply to your query.
Using the *dig* command, tell me about the following: *AUTHORITY*
*AUTHORITY* This section shows the servers that are the authoritative name servers for the requested target.
What is *dhcpcd*?
*DHCP Client daemon = dhcpcd* This program runs on the client to help configure the client's IP and watch the least time-out period, requesting a new address lease when needed for the client.
Netstat columns - describe: *Foreign Address*
*Foreign Address* The address and port number of the remote end of the connection, or the other user's machine.
Using the *dig* command, tell me about the following: *HEADER*
*HEADER* This contains information about the *dig* environment and options.
What is *ICMP*?
*ICMP (Internet Control Message Protocol)* = The primary focus of this protocol is to allow networking devices, such as routers, the capability to send error messages. An example would be when a router is unreachable. ICMP also provides the capability to perform queries, such as when an administrator uses the *ping* command to determine whether a remote system is reachable.
What is *IP*?
*IP (Internet Protocol)* = It handles the addressing and communication between devices on a network. It defines IP addresses, subnetting, and routing.
Netstat columns - describe: *Local Address*
*Local Address* This is your machine, the address, and the port number or name of services.
What is *NAT*?
*NAT (Network Address Translation)* A private network can use nonroutable IP addresses and funnel all Internet connections via a router that "translates" the private IP addresses into a single public IP address. *ONLY* used in IPv4
Netstat columns - describe: *Proto*
*Proto* The protocol used, typically TCP or UDP
Using the *dig* command, tell me about the the following: *QUESTION*
*QUESTION* This section simply echoes back your query.
Netstat columns - describe: *Recv-Q*
*Recv-Q* The bytes not yet received by the service or client attached to the socket.
Using the *dig* command, tell me about the the following: *STATISTICS*
*STATISTICS* This section shows you how much time it took in milliseconds or seconds to answer the query as well as the date and time of the query.
Netstat columns - describe: *Send-Q*
*Send-Q* The bytes not yet acknowledged by the remote host.
Netstat columns - describe: *State*
*State* Typically this is set to ESTABLISHED if a connection is or has been recently active; otherwise, it might be TIME_WAIT when it's almost done processing packets and LISTEN when the socket is a service/daemon waiting for a connection.
What is *TCP*?
*TCP (Transmission Control Protocol)* = TCP is designed to be a compliment protocol to the Internet Protocol. Often the two protocols described as the TCP/IP suite. While IP focuses on the addressing of systems, TCP focuses on the transport of data packages. TCP packages are considered "reliable" because it performs error checking to make sure all data packages arrive at the destination.
What is *UDP*?
*UDP (User Datagram Protocol)* = Designed to be a complement protocol to the Internet Protocol. While IP focuses on the addressing of systems, UDP focuses on the transport of data packages. UDP differs from TCP in that the data packages are sent connectionless, so no error checking is performed.
What is the *broadcast* in the output of the *ifconfig* command?
*broadcast* = The broadcast address for the network this machine is on; it's entirely dependent on the network mask.
What is another option or method of getting a DHCP lease?
*dhclient* program
What configuration file does the *dhclient* program use?
*dhclient.conf* file This file includes its time-out and retry values. The *dhclient* command attempts to obtain a lease for all interfaces set up to use DHCP, keeping the lease information in the *dhclient.leases* file. using the *dhclient* is simple. if you need a new address, restart the network services and run *dhclient*
What command can you use to immediately renew or refresh your client's address lease?
*dhcpcd -k* You can restart or "HUP" the *dhcpcd* daemon. This kills and restarts the daemon, causing it to either recontact the DHCP server and get a new lease or reconfirm the old one.
Which tool is the best to perform only DNS queries and what is the syntax?
*dig* command is the correct tool. Syntax: *dig server name type* The server section is only used if you want to query a specific server. The name is the actual domain or host you are searching for, and the type allows you to specify the type of DNS records.
What is *ether* in the output of the *ifconfig* command?
*ether* = This displays the hardware address, also known as the Media Access Control (MAC). In any case, it's the 48 bit physical address of the interface hardware.
Which command can search both the */etc/hosts* location and the DNS servers?
*getent* The *getent* command can search both locations *as well as hostname to IP address translation on NIS and LDAP servers).
Which command is used to view and set the host and domain names for a system?
*hostname* The system's hostname can be set by this command, or it can be set in the boot process by various scripts depending on the distribution and version.
What is the *inet* in the output of the *ifconfig* command?
*inet* = The address assigned to the interface.
What can the *ip* command display?
*ip* command will display network configuration data, just like the *ifconfig* command.
What is the *netmask* in the output of the *ifconfig* command?
*netmask* = The network mask, or how the system knows the logical network it's on.
Which command is best for determining statistics for network interfaces, connections to and from the local machine, and a lot of other information?
*netstat* Using the *netstat* command without any options outputs a list of the open sockets on the system, but the most useful output is produced when you use options or combine them for richer information and troubleshooting.
5.) You are configuring a system and need to set your eth0 interface to have a default gateway with the address of 192.168.33.1. Fill in the blank with the exact command and options to accomplish this from the command line:
*route add default gw 192.168.33.1*
Break down this command's syntax: route add default gw 10.0.0.1
*route* = The route command, which is used for many things related to establishing, viewing, and removing routes to other networks. *add* = Used to add the default gateway. Other options include *del* to delete a particular route. *default* = The default gateway is the one used if no other route exists or matches the target address. *gw* = Notes that the entry is a gateway to the rest of the networks and traffic should be routed through this interface. *10.0.0.1* = Replaced with your gateway address, or the resolvable domain name of the host that provides this functionality.
Which utility is used to capture and display packets from a network?
*tcpdump*
Which command does essentially the same thing as *traceroute*?
*tracepath*
4.) A user complains that she can't reach a web mail site she frequents, but she can reach other hosts on your networks and on the Internet. Which command would show you where the problem is occurring? Fill in the blank with just the most appropriate command name:
*traceroute*
What command is used primarily to troubleshot and view the route taken between two hosts?
*traceroute* If you are a sysadmin and your users can reach internal hosts, but not Internet destinations, your primary tool to diagnose this problem is the *traceroute* command.
What command performs the same function as the *traceroute* command, but is used for IPv6 systems?
*traceroute6* Similarly you can also use the *tracepath6*
What are three prominent files that deal with Local Name Configuration?
/etc/hosts /etc/resolv.conf /etc/nsswitch.conf
Which file does the Debian distro use to set each individual network interface gateway value? What is the full path?
/etc/network/interfaces
7.) On a Red Hat machine, you need to edit a file that sets the order for how names are resolved. Fill in the blank with the full path and filename for this file:
/etc/nsswitch.conf
Where do you add the GATEWAY entry for a Red Hat distro?
/etc/sysconfig/network *OR* /etc/sysconfig/network-scripts/ifcfg-eth0 You can then add the gateway entry: GATEWAY = 10.0.0.1
What three things does a host need to have to participate in more than a single subnet or network?
1.) *IP address* = Assigned either statically or dynamically, the address must be valid to work. 2.) *Network Mask* = Each logical network or subnet has a particular network mask that helps define where one section of addresses ends and another begins. This is also known as the subnet mask. 3.) *Gateway Address* = Like a door leading out of a room, a gateway address is the local IP address associated with a network card or interface on a gateway or router device. Hosts configured with this address as the default gateway send traffic to this address when they need to access remote hosts.
Name 3 DHCP client tools.
1.) dhcpcd 2.) dhclient 3.) pump
What commands are linked to the *hostname* command?
1.) domainname 2.) dnsdomainname 3.) nisdomainname 4.) ypdomainname
What are three commands that you can use for name lookups or troubleshooting of hostname or fully qualified domain names.
1.) host 2.) getent 3.) dig
Which port number corresponds to the following: 143
143 IMAP Internet Message Access Protocol 993 = IMAPs
Which port number corresponds to the following: 161 and 162
161 and 162 SNMP Simple Network Management Protocol
What does an IPv4 address consist of?
32 bits grouped into 4 octets of 8 bits each, with each octet separated by a dot. This is also known as *dotted quad notation*.
Which port number corresponds to the following: 465
465 SMTPS Simple Mail Transfer Protocol Secure
Which ports are dynamic ports (also called private or ephemeral ports)?
49,152 - 65,535
Which port number corresponds to the following: 514
514 SYSLOG
Which port number corresponds to the following: 636
636 LDAPS LDAP Secure
Which port number corresponds to the following: 993
993 IMAPS Internet Message Access Protocol
Which port number corresponds to the following: 995
995 POP3S
Define Class A subnet
A = 255.0.0.0 or /8 for the number of bits that represent the network mask.
Define Class B subnet
B = 255.255.0.0 or /16 for the number of bits that represent the network mask.
Using the *getent* command, what is the following search order as outlined in the */etc/nsswitch.conf* *hosts: files dns*
Based on the */etc/nsswitch.conf* file, the *getent* command first searches the local hosts file and then, if the lookup isn't found, performs a DNS query.
Define Class C subnet
C = 255.255.255.0 or /24 for the number of bits that represent the network mask.
Define *ip*
Designed to replace the collection of commands (ifconfig, ifup, ifdown, route, and so on)
Define Class B
From 128 to 191; each of these permits up to 65,534 host addresses. (minus 2! ID and Broadcast)
Define Class C
From 192 to 223; each of these permits up to 254 host addresses. These can be 2,097,150 Class C networks.
Define Class D
From 224 to 239. This range is reserved for such activities as multicast and is not usually available for host addresses.
Define Class E
From 240 to 254. This range is reserved for future use.
What does the * (asterisks) mean when viewed from the output of your traceroute command?
If you see a series of *asterisks where a return time should be, that's an indication that the router is either configured to not return ECHO_REQUESTS from the traceroute command, or it is too busy, or it is down and cannot respond.
Which port number corresponds to the following: 389
LDAP 636 = LDAPs
Which port number corresponds to the following: 139
NETBIOS
Which port number corresponds to the following: 123
NTP (Network Time Protocol)
What is the difference between the *traceroute* and the *tracepath* commands?
Only the root user can use the *traceroute* command while all users can use the *tracepath* command.
Which port number corresponds to the following: 110
POP3 995 = POP3 Secure
Which ports are designated as "well known ports?"
Ports 0 - 1,023
Which ports are registered ports?
Ports 1,024 - 49,151
Which port number corresponds to the following: 25
SMTP 465 = SMTPs
Which port number corresponds to the following: 22
SSH
What does this option do? *netstat -c*
Shows a refreshing (every 1 second) view of statistics for usage. This shows the *netstat* output continuously.
What does the *ifconfig* file show by default?
Shows all active interfaces, including the loopback.
What does this option do? *netstat -s*
Shows all the interfaces' usage statistics.
What does this option do? *netstat -a*
Shows all the sockets on all functioning interfaces.
What does this option do? *netstat -t*
Shows the TCP statistics
What does this option do? *netstat -p*
Shows the name and PID of the program related to each socket (very useful!).
What does this option do? *netstat -r*
Shows the routing table.
Define */etc/host.conf*
Similar in function to the */etc/nsswitch.conf* file. It sets the order in which resolution sources are searched (the */etc/host.conf* file is overridden by */etc/nsswitch.conf*).
What is a weakness of the *host* command?
Since the *host* command can only perform DNS lookups, this can pose problems when your system resolves hostnames from both DNS severs and from the local host file (*/etc/hosts*).
What is the one use of the *host* command?
The *host* command is simple and has little use other than to return the resolved IP address for a hostname. *host brunson.org* Returns the following output: *brunson.org has adddress 192.168.1.1* The *host* command is designed specifically to perform DNS lookups.
What will this command do? ifconfig -a
The *ifconfig* command displays the working or activated interfaces for the system. If any are down or not activated, they can be shown with the *-a* switch.
What is this command *ifconfig* used for?
The *ifconfig* command is used primarily to view or set the IPs for a host. You can set everything like the default gateway with this command, including the bringing up or activation of the interface. Example: ifconfig eth0 192.168.33.2 netmask 255.255.255.0 up
What is the *ping* command used for?
The *ping* command is used for many things, including finding whether a host is available, whether a network can be reached, whether a gateway is functioning and so on.
What protocol does the *ping* command use?
The *ping* command uses Internet Control Message Protocol (ICMP) ECHO_REQUEST and ECHO_RESPONSE packets to determine whether a host is functioning, or is at least able to respond to a ping request.
Tell me about the *pump* command.
The *pump* command is another of the possible variations you can use to obtain a DHCP lease. To obtain a new address with *pump*, use the command as such: *pump*
What does the *traceroute* command use?
The *traceroute* command uses three (3) UDP packets to map the set of devices between the source and the target hosts. The first set of three packets has a time to live (TTL) of 1, which is decremented when the packets reach the first devices on the way to the target host. When a packet's TTL reaches 0, the packet is expired and a message is sent to the originating host to that effect. The host then sends three (3) more packets with a TTL of 2, which makes it past the first devices and dies at the second one. This continues for as many devices as it takes to reach the target.
2.) You need to view a user's routing information on his workstation. Which command, with any needed options would you use to accomplish this?
The correct answer is either *route* or you can use *netstat -r*
Define *ping*
The simplest way to establish that a host is alive and responding; essentially a network "hello".
What does the *ping6* command do?
This is the same function as the *ping* command, but for IPv6 systems.
What does this command do? *route add 10.1.1.69 lo*
This will add the address 10.1.1.69 and route any traffic to *lo* (the loopback address). This is good if you are experiencing a DOS attack and you can route all traffic to the loopback address which is like sending it to null.
What does this command do? *tcpdump -w capturefile.cap*
This will capture all the data going across your local network and put that info into a file called capturefile.cap *-w* = write to file
What does this command do? *traceroute -n brunson.org*
This will show the routers between your host and another (but not show the resolved names for speed hence the -n option).
What does this command do? *tcpdump -r capturefile.cap dst port 21*
This will view the data contained in the capture file, such as FTP packets *-r* = read from file
Define *dhcpcd, dhclient, and pump*
Used (variously) to initiate, release, or renew the client's DHCP assigned address(es).
Define *traceroute*
Used to determine the path, names, and statuses of the routing devices that a set of traffic uses to reach a given remote host.
Define */etc/networks*
Used to map a network name to an otherwise IP-related network, more often used in Solaris environments than Linux
Define *ifconfig*
Used to set and display the host's IP address and network mask.
Define *route*
Used to set and display the host's routing and gateway information
Define *hostname*
Used to set or view the host's hostname; other name utilities can create name-related links to this file.
Define */etc/hostname*
Used to statically store the fully qualified domain name, such as snowblower.brunson.org. Note that this file is included in the exam objectives while the other two files are not.
Define *netstat*
Used to view information about the networking subsystem, statistics, and attached hosts/ports.
4.) Which protocol offers reliable data package transfers? a.) TCP b.) UDP c.) IGMP d.) ICMP
a.) TCP The TCP protocol is capable of making network communications much more reliable than its lesser-capable fellow protocol UDP. TCP can detect lost packets, reorder them if delivered out of order, and perform other functions that make network communications more reliable.
8.) Which command allow you to request an IP address as a DHCP client? (Choose all that apply). a.) dhcpcd b.) dhcpclient c.) pump d.) dhcpd
a.) dhcpcd b.) dhcpclient c.) pump All of these are client tools that request an IP address from the DHCP server.
8.) Which of the following is a valid entry for resolution methods on the hosts: line in the */etc/nsswitch.conf* file? (Choose all that apply). a.) files b.) ylwpage c.) dns d.) nis
a.) files c.) dns d.) nis They all are valid resolution methods on the hosts: line in the /etc/nsswitch.conf file.
5.) Which of the following commands display your IP address information? (Choose two). a.) ifconfig b.) route c.) ifup d.) ip
a.) ifconfig d.) ip The *ifconfig* command is a historical method of viewing your IP address information, whereas the *ip* command is a newer and more commonly supported version that introduces some new and useful functions.
1.) For a class B IP address of 130.88.101.75, what is the network part of the IP address? a.) 130 b.) 130.88 c.) 130.88.101 d.) 101.75
b.) 130.88 The first and second octet of the address are the network part of an address with Class B or 16-bit network mask.
1.) If your IP is 192.168.33.35 and your network mask is /28, what is the address of your local network? a.) 192.168.33.16 b.) 192.168.33.32 c.) 192.168.33.0 d.) 192.168.33.64
b.) 192.168.33.32 Answer B is correct because the network is a Class C; therefore, the network mask of /28 causes the LSB to be 16, and networks are incremented by 16, making the 192.168.33.35 address's network address 192.168.33.3 2.
6.) You want to find the mail servers for a particular domain but not see all the address records. Which of the following command can accomplish this? (Choose all that apply). a.) digger b.) host c.) resolver d.) dig
b.) host d.) dig They both can be used to show MX records or the names of the mail servers.
6.) Which command displays your default gateway? a.) ifconfig b.) route c.) ifup d.) ip
b.) route The *route* command is used to display and manage the default gateway.
3.) Your boss wants you to create a subnet scheme that gives your company eight networks with at least 10 hosts per network. Which subnet mask for a Class C leased network address meets those objectives? a.) 255.255.255.192 b.) 255.255.255.224 c.) 255.255.255.240 d.) 255.255.255.248
c.) 255.255.255.240 Answer C is correct because, with the number of networks needed a 240 subnet mask is needed and allows for at least 10 hosts per network.
9.) Which command allows you to perform a direct DNS query on a specific DNS server? a.) ping b.) traceroute c.) dig d.) getent
c.) dig The *dig* command is used to gather or query information from the DNS server you are using it upon.
3.) Consider the following: 192.168.10.0/255.255.255.0. What is the broadcast address? a.) 192.168.10.0 b.) 192.168.10.1 c.) 192.168.10.100 d.) 192.168.10.255
d.) 192.168.10.255 The subnet mask is a /24, indicating that the last octet is a network, the first address or 0 is the network itself, and the last address 255 is the broadcast address.
7.) Consider the following entry in the /etc/nsswitch.conf file: hosts: files dns nis ldap When the command *ping test.com* executes, which location will be searched first for hostname resolution? a.) The DNS server b.) The NIS server c.) The LDAP server d.) A local file
d.) A local file The order of the query is files first, which means the /etc/hosts file will be consulted.
What two commands can you use to view the default gateway configured on your machine?
route *OR* netstat -r
What command do you use to add a gateway via the command line regardless of distro?
route add default gw 10.0.0.1
9.) You need to capture data packets from the network for later analysis. Fill in the blank with only the command name that will accomplish this on a default machine:
tcpdump
