作者 主題: Lpi 102 Task Oriented (1)Topic 112: Networking Fundamentals  (閱讀 8706 次)

0 會員 與 1 訪客 正在閱讀本文。

小徒兒

  • 區域板主
  • 鑽研的研究生
  • *****
  • 文章數: 622
    • 檢視個人資料
1.112.1 Fundamentals of TCP/IP

***determine a network and broadcast address for a host based on its subnet mask in "dotted quad"

代碼: [選擇]

192.168.1.124/255.255.255.224
192        .   168       .        1    .01111100  #ip
11111111.11111111.11111111.11100000  #netmask

192         .  168       .         1   .01100000 #network address

192         .  168        .        1   .01111111 #broadcast address  

192.168.1.96/255.255.255.224 #network address
192.168.1.127/255.255.255.224 #broadcast address




***determine the network address, broadcast address and netmask when given an IP-address and number of bits.
代碼: [選擇]

192.168.1.124/26

192        .   168       .        1    .01111100  #ip
11111111.11111111.11111111.11000000  #netmask

192         .  168       .         1   .01000000 #network address

192         .  168        .        1   .01111111 #broadcast address  

192.168.1.64/26 #network address
192.168.1.127/26 #broadcast address




***the understanding of the network classes

[starting bit] [class] [net-bit][host-bit]

0  A
10 B
110 C
1110 D


***reserved addresses for private network use
reserved for intranet

172.16.0.0/12
10.0.0.0/8
192.168.0.0/16

127.0.0.1 loopback

***the function and application of a default route

Routing table的最後一定會有一項default route,當之前所有的項目都不符合時,封包就依據default route的內容遞送。

在linux主機的表示法中,default route的destination address和network mask都是0.0.0.0。

[root@pc1 root]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
61.64.186.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         1.4.6.54   0.0.0.0         UG    0      0        0 eth0

[root@pc1 root]# route add default gw 61.64.186.24

[root@pc1 root]# vi /etc/rc.d/rc.local
/sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.1.1.3

[root@pc1 root]# vi /etc/sysconfig/network
GATEWAY=61.64.186.24

*** understanding of basic internet protocols (IP, ICMP, TCP, UDP)

APPLICATION 送啥
---封包 header--PORT---

UDP/TCP 平郵/掛號  ICMP (verify live)

---------IP-----------------

IP  1.封包的切割再組合 2.哪些封包先送那些後送 3.用NEXT HOOP來傳送 廣播方式 (路在口邊)

-----  ARP-----------------

LAN(WAN WIFI) WAN(MODEN DIALUP)  實體運送工具: 用飛機火車貨車?     MAC(48BIT)



***TCP and UDP ports (20, 21, 23, 25, 53, 80, 110, 119, 139, 143, 161)
grep -w 631 /etc/services

20 ftp  都快 "餓死" 請傳些東西
21 ftp
23 telnet "兩山" 彼此要溝通要telnet
25 smtp  
53 dns "我刪" 所有DNS RECORD
80 http
110 pop3 郵局火燒請打 "110"
119 nntp "119" 是大家都知道 不是新聞
139 netbios
143 imap  那張地圖 (map) 標示 有一(1)個死人(4)骨頭埋在山下(3)
161 snmp 簡單網路控管 一溜一 (一個警察蹓一隻狗管馬路)



#連到某網站將檔案抓下來
wget ftp://rs.internic.net/domain/named.root

#砍站
/usr/local/bin/wget -m -A xls –nd ftp://user:hidePW@xxx.xxx.xxx.xxx/ooo/

-m的意思是表示建立一個mirror,兩邊檔案會同步,若有檔案相同則不會更新
-A xls 是只抓遠端目錄裡的.xls類型檔案
-nd 是本地不建立跟遠端相同的目錄
xxxx則是遠端主機名稱或ip
ooo則為此使用者的家目錄下的ooo檔案夾


#在windows裡用coomand line連到某網站將檔案塞上去
用command line上傳檔案
cd 到要上傳檔案的目錄
打ftp servername.com
username
password
put 要上傳檔案的名稱


#連到某網站將檔案塞上去
ftp 172.16.107.144
anonymous
kk
binary
mput  binaryfiles*
put  singlebinaryfile

get readme.txt
mget * (mget xyz* would get all files starting with xyz)








 :wink:  just fun

小徒兒

  • 區域板主
  • 鑽研的研究生
  • *****
  • 文章數: 622
    • 檢視個人資料
1.113.7 Set up secure shell (OpenSSH)
« 回覆 #1 於: 2004-09-07 18:39 »
1.113.7 Set up secure shell (OpenSSH)


***obtain and configure OpenSSH

-rpm -ivh --test /mnt/cdrom/redhat/RPMS/openssh*
-apt-get install openssh

vi /etc/ssh/sshd_config
代碼: [選擇]


#Port 22

#Port 345
#use command -ssh -p 345 192.168.100.1

#Protocol 2,1

PermitRootLogin yes
DenyUsers test
DenyGroups test



***configuring sshd to start at system boot
chkconfig --level 35 sshd on


***troubleshooting -security
vi /etc/hosts.allow
sshd: 192.168.100.1, 192.168.100.2: allow

vi /etc/hosts.deny
source from vbird
代碼: [選擇]

sshd : ALL : spawn (/bin/echo Security notice from host `/bin/hostname`; \
/bin/echo; /usr/sbin/safe_finger @%h ) | \
/bin/mail -s "%d -%h security" root@localhost & \
: twist ( /bin/echo -e "\n\nWARNING connectin not allowed. Your attempt has been logged. \n\n\n警告您尚未允許登入,您的連線將會被紀錄,並且作為以後的參考\n\n ". )



***/etc/nologin
#touch /etc/nologin #勿讓一般權限者 shell 登入主機,不管是 telnet 或 ssh/ssh2

***trouble shooting @@@ HOST IDENTIFICATION HAS CHANGED @@@
/etc/ssh_known_hosts
vi $HOME/.ssh/ssh_known_hosts

***/etc/sshrc
if $HOME/.ssh/rc exist, run the user shell, if /etc/sshrc exist, run /bin/sh


***ssh-keygen dsa

ssh-keygen -t dsa -N "mykeyphrase"  #set the keyphrase to mykeyphrase
scp ~/.ssh/id_dsa.pub 192.168.1.1:myid_dsa
ssh 192.168.1.1
cat myid_dsa >> ~/.ssh/authorized_keys2
chmod 600 ~/.ssh/authorized_keys2


***ssh-keygen rsa

ssh-keygen -N "mykeyphrase"  #set the keyphrase to mykeyphrase
scp ~/.ssh/identity.pub 192.168.1.1:myidentity
ssh 192.168.1.1
cat myidentity >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys


***on windows

拷貝鑰到欲連線的主機
putty.exe

Host Name
root@172.16.107.145

ssh-->Auth-->PrivateKey-->browse-->C:\private.ppk


--generate key--
puttygen.exe
generate
save public key to C:\public.ppk no phrase
save private key to C:\private.ppk no phrase


--用直接貼上public key的方式
copy the generate output like
代碼: [選擇]

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAg3i6olZd+Z7+QbBBo03fGjYA8oJvLvMUTSBSsLfSEBnJYCSi1cBAFwyIfamGbmoprWYDTiSsFb7AvNmeE7KmNfMiP4bauAVkmZYxQATPM6eIyVS4ownBICU7b2lxepC3qDcJFSGz2dqrUZ1Ams/V2Uj6bbIqiQ+/TZpg1Z7Ht0c


to the users' home directory that you want to login
for example

#cd ~
#mkdir .ssh
#vi authorized_keys
past the keygen output
-------------
login again
done


--用ftp public key 的方式
copy到ftp的位址
wget [shift] [insert]

小徒兒

  • 區域板主
  • 鑽研的研究生
  • *****
  • 文章數: 622
    • 檢視個人資料
1.112.3 TCP/IP configuration and troubleshooting
« 回覆 #2 於: 2004-09-08 08:58 »
***view, change and verify configuration settings and operational status for various network interfaces

-ifconfig  #view
-route vn  

***manual and automatic configuration of interfaces
-hostname pc11.pattatech.com
-vi /etc/hostname
代碼: [選擇]

pc11.pattatech.com


vi /etc/hosts
代碼: [選擇]

127.0.0.1 localhost
192.168.100.11 pc11.test.cxm



-vi /etc/sysconfig/network-scripts/ifcfg-eth0
代碼: [選擇]

DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.100.11
NETMASK=255.255.255.0
NETWORK=192.168.100.0
BROADCAST=192.168.100.255



vi /etc/resolv.conf
代碼: [選擇]

nameserver 192.168.100.1
nameserver 168.95.1.1


service network restart
ifconfig

***manual and automatic configuration of routing tables

route -add default gw 192.168.100.1

vi /etc/sysconfig/network
代碼: [選擇]


GATEWAY=192.168.100.1


route -n


***add network interfaces

dmesg | grep eth
lspci | grep -i ether
lsmod | grep 3c59x
modprobe 3c59x

vi /etc/modules.conf
代碼: [選擇]

alias eth0 = sis900
alias eth1 = 3c59x



*** start, stop, restart, delete or reconfigure network interfaces

-vi /etc/sysconfig/network-scripts/ifcfg-eth1

代碼: [選擇]

DEVICE=eth1
BOOTPROTO=dhcp
ONBOOT=yes


-ifdown eth1
-ifconfig eth1 down

-ifup eth0
-ifconfig eth0 up


***change, view or configure the routing table
-route del -net 192.168.2.0 netmask 255.255.255.0

-redhat-config-network

-route add -net  192.168.100.0 netmask 255.255.255.0 eth0
-route add -net 192.168.2.0 netmask 255.255.255.0 eth1

-route add default gw ppp0


-route -vn
-netstat -rn


***correct an improperly set default route manually
vi /etc/networks

代碼: [選擇]

default         0.0.0.0         # default route    - mandatory
loopnet         127.0.0.0       # loopback network - mandatory
veggie-net      128.17.75.0     # Modify for your own network address



route add veggie-net


-route add 127.0.0.1
-route add ${NETWORK}
-route add default gw 192.168.100.1


***configure Linux as a DHCP client and a TCP/IP host

-vi /etc/sysconfig/network-scripts/ifcfg-eth1 #DHCP
代碼: [選擇]

DEVICE=eth1
BOOTPROTO=dhcp
ONBOOT=yes





-vi /etc/sysconfig/network-scripts/ifcfg-eth1 #tcp/ip
代碼: [選擇]

DEVICE=eth0
IPADDR=1.2.3.251
NETMASK=255.255.255.0
BROADCAST=1.2.3.255
NETWORK=1.2.3.0
ONBOOT=yes
BOOTPROTO=none
HOSTNAME=pc1.pattatech.com
USERCTL=no
PEERDNS=no
TYPE=Ethernet



-vi /etc/sysconfig/network
代碼: [選擇]

NETWORKING=yes
HOSTNAME=pc1.pattatech.com
GATEWAY=1.2.3.254



***debug problems associated with the network configuration
-ping 168.95.1.1
-traceroute -I


***/etc/host.conf
/etc/host.conf 這個檔案,此檔案包含:
代碼: [選擇]

order hosts, bind
multi on


order 這一行設定是 /etc/hosts 先被搜尋或是 DNS 先被搜尋
multi on 設置檢測是否“/etc/hosts”文件中的主機是否擁有多個IP地址(比如有多個以太口網卡)


***/etc/nsswitch.conf
這個檔案來決定resolver query 的順序


***dhcpcd, dhcpclient, pump
dhcp client program, 3 pick up 1

#pump -i eth1
#dhcpcd eth1
#dhclient eth1

***host
host www.test.cxm 168.95.1.1.

***hostname (domainname, dnsdomainname)
hostname www.test.cxm

***netstat
netstat -anup
netstat -r
netstat -nap --inet |grep 80

***ping
ping 168.95.1.1
 
***traceroute
traceroute -I 168.95.1.1
 
***tcpdump #sniffer tool resource from:http://www.china-pub.com 作者: 李國莉
(1)想要截獲所有210.27.48.1 的主機收到的和發出的所有的數據包:
#tcpdump host 210.27.48.1
(2) 想要截獲主機210.27.48.1 和主機210.27.48.2 或210.27.48.3的通信,使用命令:(在命令行中適用   括號時,一定要
#tcpdump host 210.27.48.1 and \ (210.27.48.2 or 210.27.48.3 \)
(3) 如果想要獲取主機210.27.48.1除了和主機210.27.48.2之外所有主機通信的ip包,使用命令:
#tcpdump ip host 210.27.48.1 and ! 210.27.48.2
(4)如果想要獲取主機210.27.48.1接收或發出的telnet包,使用如下命令:
#tcpdump tcp port 23 host 210.27.48.1

小徒兒

  • 區域板主
  • 鑽研的研究生
  • *****
  • 文章數: 622
    • 檢視個人資料
1.112.4 Configure Linux as a PPP client
« 回覆 #3 於: 2004-09-09 13:26 »
1.112.4 Configure Linux as a PPP client

ls -l /dev/modem
ln -sf /dev/ttyS2 /dev/modem

vi /etc/ppp/my-chat-script
代碼: [選擇]

#!/bin/sh
# my-chat-script: a program for dialing up your ISP
exec chat -v \
     '' ATZ \
     OK ATDT555-1212 \
     CONNECT '' \
     ogin: mdw \
     assword: my-password


chmod 755 /etc/ppp/my-chat-script

vi /etc/ppp/ppp-on

代碼: [選擇]

#!/bin/sh
# the ppp-on script

exec /usr/sbin/pppd /dev/modem 38400 lock crtscts noipdefault \
     defaultroute 0.0.0.0:0.0.0.0 connect my-chat-script



vi /etc/rc.local

代碼: [選擇]

. /etc/ppp/ppp-on


ifconfig

vi /etc/ppp/ip-up

代碼: [選擇]

/usr/bin/wall "PPP is up!"



vi /etc/ppp/ppp-off

代碼: [選擇]

#!/bin/sh
# A simple ppp-off script

kill `cat /var/run/ppp0.pid`


vi /etc/syslog.conf

代碼: [選擇]

# Save messages from chat
local2.*                                           /var/log/chat-log

# Save messages from pppd
daemon.*                                           /var/log/pppd-log


ln /etc/ppp/chat-secrets /etc/ppp/pap-secrets
vi /etc/ppp/chap-secrets

代碼: [選擇]


# Secrets for authentication using PAP
# client      server     secret IP or Domain
#clientaccount  server  clientpassword  optional ip
mdw      *     my-password


if use PAP or CHAP, then the my-chat-scripts will be
before use PAP or CHAP

代碼: [選擇]

#!/bin/sh
# my-chat-script: a program for dialing up your ISP
exec chat -v \
     '' ATZ \
     OK ATDT555-1212 \
     CONNECT '' \
     ogin: mdw \
     assword: my-password


after use PAP or CHAP
代碼: [選擇]

#!/bin/sh
# my-chat-script: a program for dialing up your ISP
exec chat -v            \
     '' ATZ             \
     OK ATDT555-1212    \
     CONNECT ''


before use PAP or CHAP

代碼: [選擇]

exec /usr/sbin/pppd /dev/modem 38400 lock crtscts noipdefault \
     defaultroute 0.0.0.0:0.0.0.0 connect my-chat-script


after

代碼: [選擇]

exec /usr/sbin/pppd /dev/modem 38400 lock crtscts noipdefault \
     [color=blue]user mdw[/color] defaultroute 0.0.0.0:0.0.0.0 connect my-chat-script



***the basics of the PPP protocol

***the definition of the chat sequence to connect (given a login example)

# modem initialization string...
        # format: <expect> <send> ... (chat sequence)
        INIT="" AT\r OK\r\n

# this line is the connect chat sequence.  This chat sequence is performed after the WAITFOR string is found.  The \A character automatically sets the baudrate to the characters that are found, so if you get the message CONNECT 2400, the baud rate is set to 2400

# format: <expect> <send> ... (chat sequence)
        CONNECT="" ATA\r CONNECT\s\A 56700
代碼: [選擇]

OK\r\n ATD1234567
\r\n \c
ECHO ON
CONNECT \c
ogin: account


代碼: [選擇]

/usr/sbin/chat -v ABORT 'NO CARRIER' "" "ATZ\r" "OK" "ATM0" "OK" \
                                     "ATDTXXXXXXXX" \
        "ogin:" "YYYYY" "ord:" "ZZZZZ"




*** the setup commands to be run automatically when a PPP connection is made

less /etc/ppp/ip-up

代碼: [選擇]

PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
 
LOGDEVICE=$6
REALDEVICE=$1
 
[ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] && /etc/sysconfig/network-scripts/ifup-post ifcfg-${LOGDEVICE}
 
[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"
 
exit 0




***initialisation and termination of a PPP connectioninitialisation and termination of a PPP connection, with a modem, ISDN or ADSL

#modem
exec /usr/sbin/pppd debug /dev/ttySx 38400 \
        $LOCAL_IP:$REMOTE_IP \
        connect $DIALER_SCRIPT

less /etc/sysconfig/network-scripts/ifup-ppp

#adsl ??
代碼: [選擇]

exec pppd $opts ${MODEMPORT} ${LINESPEED} \
    ipparam ${DEVNAME} linkname ${DEVNAME} call ${DEVNAME}\
    noauth \
    ${PPPOPTIONS}




***setting PPP to automatically reconnect if disconnected

????????????????


***/etc/ppp/options.*

option priority:
1.command line
2. ~/.ppprc
3. /etc/ppp/options.ttyS?
4. /etc/ppp/options


***common pppd options
Option
 Effect
 
lock
 Locks the serial device to restrict access to pppd.
 
crtscts
 Uses hardware flow control.
 
noipdefault
 Doesn't try to determine the local IP address from the hostname. The IP is assigned by the remote system.
 
user username
 Specifies the hostname or username for PAP or CHAP identification.
 
netmask mask
 Specifies the netmask for the connection.
 
defaultroute
 Adds a default route to the local system's routing table, using the remote IP address as the gateway.
 
connect command
 Uses the given command to initiate the connection. pppd assumes this script is in /etc/ppp. If not, specify the full path of the script.
 
local_IP_address: remote_IP_address
 Specifies the local and/or remote IP addresses. Either or both of these could be 0.0.0.0 to indicate that the address should be assigned by the remote system.
 
debug
 Logs connection information through the syslog daemon.
 

***/etc/ppp/peers/wvdial
代碼: [選擇]

noauth
name wvdial
usepeerdns
Auto Reconnect=on :断线时是否自动重新连接,缺省设为是。


cp /etc/ppp/peers/isdn/arcor /etc/ppp/peers/isdn/test
pppd call isdn/test


***wvdial是linux下的智能化拨号工具,利用wvdial和ppp可以实现linux下的轻松上网。在整个过程中wvdial的作用是拨号并等待提示,并根据提示输入相应的用户名和密码等认证信息;

***pppd的作用是与拨入方协商传输数据的方法并维持该连接。

wvdialconf /etc/wvdial.conf #用wvdialconf程序自动生成wvdial.conf配置文件,會自動偵測modem

less /etc/wvdial.conf
代碼: [選擇]

[Dialer Defaults]
Modem = /dev/ttyS1
Baud = 115200
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 S11=55 +FCLASS=0
;Phone =
;Username =
;Password =

[Dialer Tom]
Username=tom
Password=xxx
Inherits=169

[Dialer 169]
Phone=169

如果这时候我们执行wvdial Tom则系统将先读入[Dialer Defaults],然后再用[Dialer Tom]覆盖[Dialer Defaults]的相应选项,最后再用[Dialer 169]的相应选项来覆盖前二者的相应选项。


***/etc/ppp/ip-up #建立連結之後 的 指令稿

***/etc/ppp/ip-down #連結關閉之後 的 指令稿