sottotitolo Network Administration Milano, XX mese 20XX A.A. 2016/17 Federico Reghenzani, Alessandro Barenghi

Similar documents
sottotitolo A.A. 2016/17 Federico Reghenzani, Alessandro Barenghi

netkit lab IPv6 Neighbor Discovery (NDP)

Network Administration

Ethernet/IP interac.on emulated with NETKIT. DHCP relay, proxy ARP, Port stealing and ARP poisoning adack.

Advanced IP Routing. Policy Routing QoS RVSP

Fondamenti di Internet: Aspetti pratici delle reti di telecomunicazioni

Multimedia Communication. Project 6: Intelligent DiffServ

Part 3. ARP poisoning

Exercises: Basics of Networking II Experiential Learning Workshop

Fondamenti di Internet: Aspetti pratici delle reti di telecomunicazioni

Fundamentals of Computer Networking AE6382

Ch.6 Mapping Internet Addresses to Physical Addresses (ARP)

LAB THREE STATIC ROUTING

Guide to TCP/IP Fourth Edition. Chapter 6: Neighbor Discovery in IPv6

Esercitazione re- di accesso

sottotitolo System Security Introduction Milano, XX mese 20XX A.A. 2016/17 Federico Reghenzani

Rtnetlink dump filtering in the kernel Roopa Prabhu

Firewalling. Alessandro Barenghi. May 19, Dipartimento di Elettronica e Informazione Politecnico di Milano barenghi - at - elet.polimi.

To see how ARP (Address Resolution Protocol) works. ARP is an essential glue protocol that is used to join Ethernet and IP.

Material for the Networking lab in EITF25 & EITF45

History Page. Barracuda NextGen Firewall F

containerization: more than the new virtualization

ECE 650 Systems Programming & Engineering. Spring 2018

Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

2 nd SEE 6DISS Workshop Plovdiv June Host Configuration (Windows XP) Athanassios Liakopoulos

sottotitolo Socket Programming Milano, XX mese 20XX A.A. 2016/17 Federico Reghenzani

Address Resolution Protocol (ARP), RFC 826

Lab I: Using tcpdump and Wireshark

FiberstoreOS IP Service Configuration Guide

Exercises: Basics of Network Layer Experiential Learning Workshop

Reliable Linux Wireless - Techniques for Debugging Wireless Module Integrations STEVE DEROSIER / CAL-SIERRA CONSULTING

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

NAME ip show / manipulate routing, devices, policy routing and tunnels

Information Network 1 TCP 1/2. Youki Kadobayashi NAIST

Configuring IPv6 for Gigabit Ethernet Interfaces

Operation Manual DHCP. Table of Contents

Lecture 20: Link Layer

Understanding Linux Internetworking

VPN-against-Firewall Lab: Bypassing Firewalls using VPN

THE INTERNET PROTOCOL INTERFACES

SC/CSE 3213 Winter Sebastian Magierowski York University CSE 3213, W13 L8: TCP/IP. Outline. Forwarding over network and data link layers

The Internet Protocol

Computer Networks Security: intro. CS Computer Systems Security

Address Resolution APPLIED SECURITY BASICS. Alberto Caponi

CMPE 151 Routing. Marc Mosko

NETWORK SIMULATION USING NCTUns. Ankit Verma* Shashi Singh* Meenakshi Vyas*

Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. TCP Attacks. Chester Rebeiro IIT Madras

Internet Control Message Protocol (ICMP)

Networking for Data Acquisition Systems. Fabrice Le Goff - 14/02/ ISOTDAQ

Packet Sniffing and Spoofing

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

For personnal use only

libcap_utils Documentation

CS118 Discussion 1A, Week 9. Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m.

Routing. Info 341 Networking and Distributed Applications. Addresses, fragmentation, reassembly. end-to-end communication UDP, TCP

ISO/OSI Model and Collision Domain NETWORK INFRASTRUCTURES NETKIT - LECTURE 1 MANUEL CAMPO, MARCO SPAZIANI

SOFTWARE LICENSE

Elmic Systems: From IPv4 to MoonV6. The most fluent way to speak Internet

K2289: Using advanced tcpdump filters

Objectives. Chapter 10. Upon completion you will be able to:

}w!"#$%&'()+,-./012345<ya

FiberstoreOS IPv6 Service Configuration Guide

Packet Filtering and NAT

Chapter 5: Trouble shooting of a network

CS 378 (Spring 2003)

CSC 401 Data and Computer Communications Networks

THE INTERNET PROTOCOL/1

Introduction to OSI model and Network Analyzer :- Introduction to Wireshark

IP addressing and routing. Lorenzo Bracciale Donato Battaglino

Addressing and Routing

Secure Communications Over a Network

Fundamentals of Networking Network Terminologies

Different Layers Lecture 20

9th Slide Set Computer Networks

Kernel Module Programming

QBone Scavenger Service Implementation for Linux

19: Networking. Networking Hardware. Mark Handley

IP addressing and routing. Lorenzo Bracciale Donato Battaglino

Dongsoo S. Kim Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis

Developing ILNP. Saleem Bhatti, University of St Andrews, UK FIRE workshop, Chania. (C) Saleem Bhatti.

EAN-Network Configuration

CSCD433/533 Advanced Networks Winter 2017 Lecture 13. Raw vs. Cooked Sockets

Intro to OpenFlow Tutorial

Network Analyzer :- Introduction to Wireshark

Network Administra0on

Addressing protocols. TELE3118 lecture notes Copyright by Tim Moors Aug-09. Copyright Aug-09, Tim Moors

Command Manual Network Protocol. Table of Contents

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964

Operating Systems Design Exam 3 Review: Spring 2011

What is an L3 Master Device?

Internet protocols: ICMP, ARP, DHCP

Network Security Fundamentals. Network Security Fundamentals. Roadmap. Security Training Course. Module 2 Network Fundamentals

ERSPAN in Linux. A short history and review. Presenters: William Tu and Greg Rose

Network Traffic Analysis - Course Outline

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Static and source based routing

DNS CACHE POISONING LAB

Networking Fundamentals

IPv6 Neighbor Discovery

IPv6 Neighbor Discovery

Transcription:

Titolo presentazione Piattaforme Software per la Rete sottotitolo Network Administration Milano, XX mese 20XX A.A. 2016/17, Alessandro Barenghi

Outline 1) Introduction and Netkit-NG 2) Link-Layer Management 3) Network-Layer Management 4) Monitor traffic 2/30

Introduction and Netkit-NG

Netkit-NG The Netkit-NG tool provides a simple and fast way to emulate one faithfully on a single host It employs User Mode Linux (UML) to run lightweight virtual machines It emulates L2 collision domains You can emulate an entire network on your machine with minimal effort Easy to install, go to https://netkit-ng.github.io/ and follow the instructions 4/30

Netkit-NG Start virtual machines The command vstart starts a VM and sets the network cards on a specific collision domain e.g. vstart my_vm eth0=0 --mem=128 To stop a virtual machine: : gracefully shutdown vhalt vcrash : kill the virtual machine The command vlist lists all running VMs 5/30

ISO/OSI vs TCP/IP 7 Application 6 Presentation 5 Session 4 Transport Transport 3 Network Internet 2 Data Link 1 Physical Application Network Access 6/30

Linux network management Network management is instrinsically split between userspace and kernelspace (the network stack resides in kernelspace in Linux, your management tools don t) Common old tools: ifconfig route They use the old and limited ioctl system call We will see the new tools of IPROUTE2 suite, that uses the Netlink interface 7/30

A few words on Netlink... Special IPC used for transferring information between kernel and userspace processes Based on standard C socket API Custom tools for communication with the kernel facilities can be written simply in C 8/30

The `ip` command Syntax: ip [options] object command... We will deal only with Ethernet addresses. IP supports also other technologies (e.g. DSL) 9/30

Application 7 6 Presentation 5 Session 4 3 Transport Transport Network Internet 2 Data Link 1 Physical Network Access Link Layer Management Application

Device names in Linux Traditional naming scheme: eth0, eth1,, wlan0, The udev subsystem binds each name to a MAC address May cause problems in some situations Recent versions of systemd introduced the predictable network interface device names: PCI devices: [prefix]p[bus]s[slot] [prefix] = en Ethernet, wl Wireless Example: enp2s0 11/30

Link-Layer addresses List all devices and show their L2 addresses: Change your current MAC address with something else: ip link set <device> address <MAC address> Enable/Disable the ARP protocol: ip link show ip link set <device> arp [on off] Enable/Disable the network interface: ip link set <device> [up down] 12/30

ARP tables Management How to... Add a line to the ARP table: ip neigh add <IP Address> lladdr <MAC address> dev <device> Update a line in the ARP table: ip neigh change <IP Address> lladdr <MAC address> dev <device> Print the ARP table: ip neigh show The NUD (Neighbour Unreachability Detection) can be also set by hand using the nud <nud> parameter 13/30

ARP NUDs State permanent noarp reachable Meaning Entry always valid added by the system administrator. Entry valid until the lifetime expiration. No attempts to validate it. Entry valid until the lifetime expiration. Reachable. stale Entry valid but the reachable timer has expired. none Temporary value during initialization. incomplete Entry has never been validated (yet). delay Entry validation was delayed waiting the upper protocol. probe Entry is currently being probed. failed Entry not valid (max number of probing reached). 14/30

ARP NUDs State machine none incomplete reachable Response received permanent noarp probe Reachability timeout expires Packet received Delay timeout occurs stale Packet sent delay 15/30

Application 7 6 Presentation 5 Session 4 3 Transport Transport Network Internet 2 Data Link 1 Physical Network Access Network Layer Management Application

IP addresses (1/2) Probably the most common task you ll be performing How to List the IP addresses: ip addr show Add an IP address*: ip addr add <IP Address>/<netmask> dev <device> Remove an IP address: ip addr del <IP Address>/<netmask> dev <device> * An interface can be bound to more than a single address without the need to create an alias, as it happens in the old `ifconfig` command 17/30

IP addresses (2/2) By default, the broadcast address is set to 0.0.0.0 (aka 255.255.255.255) To change it, you can use the broadcast <IP address> option Remove a class of addresses from any interface: ip addr flush to <IP address>/<netmask> e.g. ip addr flush to 192.168.0.0/16 will remove any 192.168.x.x address 18/30

Routing (1/3) Route table management is still performed via the ip tool The IP Routing table perfoms exactly as you have seen in the previous courses: The address with the logest matching prefix is selected If two addresses with the same prefix are matched, the one with the matching TOS is selected If the both address prefix and TOS match, the first route is selected As always, the default route is specified as the 0.0.0.0/0 address 19/30

Routing (2/3) How to... Add a route : ip route add <address>/<netmask> via <gateway> Remove a route: ip route del <address>/<netmask> via <gateway> Enforce packets to go out of a specific interface: dev <interface> Wipe all routes of a specific interface: ip route flush dev <interface> 20/30

Routing (3/3) Where my packets are going?! As usual, to show all registered routes: ip route get <address>[/<netmask>] ip route show To create a NAT routes*: ip route add nat <address> via <router> * we will see NAT in next lesson 21/30

Application 7 6 Presentation 5 Session 4 3 Transport Transport Network Internet 2 Data Link 1 Physical Network Access Transport Layer Management Application

Linux Traffic Control Configurations on trasport layer, basically for traffic control, can be managed via the tc tool Three main components: qdisc: the scheduler of network queues class: used to create an hierarchical tree-structure in qdisc filter: matching rules for classes We won t see in details traffic control 23/30

Network Monitoring

Network Monitoring Network monitoring means capture network traffic, measure network bandwidth or monitor connection statuses Why network monitoring? Monitor the network usage in terms of bandwidth and connections Debug ill behaved configurations or programs Steal unencrypted information 25/30

Host Network Status The Socket Stats tool ss replaces the old netstat Invoking the tool without parameters lists all the open sockets on the platform By default the known ports are listed with the service name instead of the port number Use -n to enforce numbers By default it shows only the connected sockets Use -l to show the listening sockets To restrict by protocol: -4 To print extensive info: -i -6 -t -u 26/30

Live traffic analysis Several tools available to analyze traffic Most of them rely on libpcap We will see: A traffic dumper and inspector: tcpdump (wireshark as the corresponding GUI tool) A dissection tool: ngrep 27/30

The `tcpdump` tool Provides a way to collect packets from one (or more) interface (not just tcp ) tcpdump The default behaviour of the tool is to print out on screen a description of the packets flowing Some useful options: -i <dev> : restrict the sniffing to one interface -w <file>: -v : show extra info -X : show packet content -XX save packets to file : show ethernet header and content 28/30

Wireshark Wireshark is a GUI program that performs the same task of `tcpdump` Just install it and play 29/30

Ngrep The idea is similar to grep tool, but it works with network packets Common usage: ngrep -d <dev> <pattern> The option -K kills (i.e. sends a RST packet) to the tcp connections matching the expression. 30/30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback