CMIT 265 Name:____________________________________ Various networking and Internet activities on Linux. ping the Linux host at 192.168.100.xxx Ping time:_______ What does nmap -O identify its operating system as:_______________ What TCP ports of it are "open":___________________________ TELNET --remote login to telnet server --not installed in 7/8/10, so install it by: Start | Control Panel | Programs and Features | Turn Windows features on or off | Telnet Client Telnet to the Linux server and login Username is cmit265 and the password is password. Before networking-specific activities, here are some commands to discover system hardware and software configuration: CPU: more /proc/cpuinfo (Model name, speed, cache size, bogomips)______________________ How many CPUs/cores (each is a processor #):________ RAM: free -h (total Mem: in MB or GiB etc.) ______ Disk(s): df -hl The /dev/sdaX are them/it. In VMware, it's the big one, xxG[bytes]. It's Mounted on: / (Sizes of disks/partitions) ______________________ PCI devices: lspci (PCI bus's hardware devices.) IRQs: more /proc/interrupts (# of interrupts each device has generated.) (an interrupt is how an I/O device gets the CPU's attention) System time: date _______________________ OS: uname -rs (kernel release) __________________ more /etc/lsb-release OR more /etc/system-release (Linux distribution "distro") __________________ system uptime: uptime ______________________ list all processes: ps aux process activity: top (q to quit) # of processes/tasks in system:_______ logged on users: who How many times is us (i.e. user cmit265) logged in:________ Who else is logged on:___________ The 'who am i' command shows who you are logged in as and from where:_____________ GUIs might have "friendlier" ways to discover much of this information. Networking specific stuff. ifconfig eth0 is the first ethernet interface. OR ens33 (lo is the loopback device, ignore it.) UP and RUNNING is the status you want to see. IP address ("inet addr:") of the host: ___________ Broadcast address [of this network]:___________ Based on the IP address and the "Mask:" or "netmask", what IP network is this computer in:___________ On the Ethernet interface: How many packets have been received (RX) and transmitted (TX): _____________________________________________ How many bytes in those packets: _____________________________________________ "HWAddr" or "ether" is the 6-byte (in hexadecimal) MAC address of the network interface card/chip/controller (NIC), unique in the world. The first three bytes (OUI) identify the vendor. What is the MAC address: ________________________________ On your Windows, in CMD, arp -a shows what Physical Address for this Internet Address:_________________ arp command views the arp cache/table. arp -n shows in IP addresses (and avoids a time-consuming DNS lookup). What is the MAC address of the default gateway of this network: ___________________ What does it say is the MAC address of the machine you've logged in from: ___________________ lspci to see the make and model of the Ethernet controller: ________________________________________ more /proc/interrupts OR grep eth /proc/interrupts OR grep ens /proc/interrupts to find out the IRQ of the eth0 or ens33 (or "ether") device (i.e. the NIC) and the number of interrupts it has generated:_________________________________ Run the command again. Each input or output of a frame results in an interrupt. How many interrupts have occurred since you just looked at it: (use subtraction) ____________________ dmesg | grep eth0 OR dmesg | grep ens to find out speed and duplex of NIC _____________________________________ (Other possibilities maybe: ethtool eth0 OR mii-tool -v eth0 ) If DHCP is/has being used, then the system log file records the DHCP process: SKIP: cat /var/log/syslog | grep dhc OR tail -100 /var/log/syslog grep DHCP /var/log/messages (paste the lines of the most recent 4-step DHCP process: ______________________ Use the 'route' command to see hostname and IP of the default gateway (the router your computer sends packets to if their destination is outside your local network [and they don't have a specific route to follow]): (Use the -n option to see IP addresses) It's the "Gateway" of the "default", or "0.0.0.0", "Destination": _________________________________________ more /etc/resolv.conf to see the IP addresses of the DNS name servers that are queried to translate DNS names like yahoo.com to an IP address: __________________________________________ ***************** SKIP *********************************************** more /etc/hosts to see the hosts file (an alternative to using DNS). What host-to-IP mappings are there, if any: ____________________________________________ To see whether IP address is assigned via DHCP or statically: Redhat: more /etc/sysconfig/network-scripts/ifcfg-eth0 (BOOTPROTO entry will indicate dhcp or not:________ Ubuntu: more /etc/network/interfaces (on line with: iface eth0 inet ) ____________ ***************** END SKIP ******************************************** Use the 'ping' command to see if a computer exists or is running [and is accessible and is responding to pings]: ping www.yahoo.com Notice the time field of each ping message; this is the round-trip time of each packet. Notice it varies, due to network activity. What is the IP:________________________ What is the average time of 10 pings: ___________ Ctrl-C (meaning hold down Ctrl and hit c) terminates the command. A machine that doesn't answer the pings: ping www.asia.umgc.edu What happens:______________________________________________ ping a non-existent machine: ping asdf.asia.umgc.edu What is the response?___________________________ You can also ping by IP address (skipping the DNS name lookup, if DNS isn't working): ping xxx.xxx.xxx.xxx localhost and 127.0.0.1 are synonyms for the computer you're on. What is the average round-trip time to ping it?__________________ ping a computer in the network (i.e. the default gateway 192.168.100.1). What is the average round-trip time to ping it?__________________ ping the default gateway of the neighboring network (i.e. 192.168.12.1) What is the average round-trip time to ping it?__________________ ping the default gateway of the next next network (i.e. 220.150.2.150) What is the average round-trip time to ping it?__________________ What is the average round-trip time to ping www.cenpac.net.nr? or dns1.cenpac.net.nr _______________ What is the average round-trip time to ping www.anadyr.ru?_______________ ***************** SKIP ******************************************** Use the 'traceroute' (or 'tracepath' )command to see the route on the Internet to some machine or site. A list of the gateways/routers ("hops") that any message goes through is shown, along with the time it takes to get to each hop. For example, traceroute www.nypl.org is interesting because of some of the names of the hops. How many hops to it (or before the hops quit answering)?_______ Which hop to www.cenpac.net.nr is likely to be a satelite link: ______________________________________ What is the general path taken to www.anadyr.ru? _________________________________________________________________ ***************** END SKIP ******************************************** The 'nslookup' command looks up a DNS name to show the IP address. nslookup umgc.edu What is the IP address:_______________ nslookup nypl.org What is the IP address:_______________ ************** SKIP ********************* The 'whois' command to see some information about a domain name. You can find out the registrar of the domain, contacts and its name servers. whois umgc.edu What are its name servers:___________________________________________ When does the domain expire:_______________ whois google.com to see all the variations on google.com that people have spent money registering. ************** END SKIP ********************* Use the 'netstat' command to see what Internet services are available on the local machine: netstat -lt [ -lt option shows listening TCP ports ] netstat -ltn shows the ports by number SKIP: By comparing the two outputs, what port is ipp listening on:______ SKIP: By comparing the two outputs, what port is mysql listening on:______ SKIP:By comparing the two outputs, what port is ssh listening on:______ SKIP:By comparing the two outputs, what port is ftp listening on:______ What Internet services are running on this server: __________________________________________________________ netstat -tn to see TCP connections. Your telnet login is in the list, by its socket (IP:port). What ephemeral port are you using on your system:_______________ Run netstat on your XP/7/8/10 to see the ephemeral port your telnet connection is using:________ Use nmap to scan ports and services on a machine. nmap localhost shows port numbers in addition to the list of services netstat gave you. What service is listening at port 21:__________ What service is listening at port 23:__________ What service is listening at port 80:__________ nmap can scan any machine's ports (unless firewalled or otherwise protected). Scan the default gateway. What services/ports are open: __________________________________________________________________ Scan the printer of the neighboring network 192.168.12.5 What services/ports are open: __________________________________________________________________ SKIP:Scan the switch at 192.168.100.199 Scan instructor's computer at 192.168.100.TBD What services/ports are open: __________________________________________________________________ Scan your own computer at 192.168.100.xxx What services/ports are open: __________________________________________________________________ Note: port scanning is sometimes construed as a hacker attack, so don't do it to other people's networks. Use telnet to connect to any port on a host (by default, connects to the telnet port, 23): telnet www.asia.umgc.edu 80 will connect to the HTTP web server port. Then enter: GET /index.html HTTP/1.0 (and a blank line) will show exactly what the web server sends in response to your HTTP request for the /index.html resource. Normally that goes to a browser, but you can do it from the command line. You can see the headers that the server sends the browser. What is the web server at www.asia.umgc.edu:_____________________________ ps aux for list of all processes in the system. What is the PID (process ID) of vsftp (FTP server):____________ httpd (Apache web server):____________ (the one owned by root) sshd (SSH server):____________ Hint: ps aux | grep wordToSearchFor The PID can be used to control the process, e.g. terminate it or restart it. more /etc/protocols to see the list of protocols that IP packets can carry. (i.e. transport layer protocol being carried in IP datagram.) Will be used in the 8-bit Protocol field of IP header. What are the numbers for TCP, UDP, ICMP, and IP itself? ___ ___ ____ ___ more /etc/services to see the list of TCP/UDP well-known ports. Will be used in the 16-bit Source Port and 16-bit Destination Port in TCP and UDP segment header. What is the name of the service that uses port 22:_________ What service uses UDP port 520:________ Radius uses what port:_______ MySQL uses what port:________ BGP uses what port:_______ Hint: grep wordToSearchFor fileToSearchIn ******************** SKIP *********************** more /var/lib/dhcp3/dhclient.leases to see recent leases allocated by the DHCP server. What is the first listed lease's IP address, MAC address and client hostname:__________________________ more /etc/dhcpd.master What is the range of IP addresses that the DHCP server can allocate: _______________________________ more /etc/mime.types list of MIME types ******************** END SKIP ***********************