The descriptions above have outlined the basics of network connectivity and how to install a network card into a system. The following section builds on this knowledge and defines how to manage the connectivity between systems in a network.
Routing
The setup of the IP address and associated data on each of the NICs within a system is only part of the required network configuration. The system needs to know where to route packets, and this is achieved using the route command, located in /sbin and used after the interfaces have been set up.
Any network interface will have an IP address and a subnet mask. The IP address will be in the form 192.168.1.1 (for IPv4) or 2001:db9:0:1234:0:567:1:1 (IPv6). The subnet mask identifies how many nodes are in that network, for instance, a class C network will have 254 nodes. When a machine has to communicate with another machine, it will decide how to route these packets to it. If it is on the local network, it can do so directly. Otherwise, it has to use an intermediate router to send the packets to. The route command used with no parameters displays the current routing table as shown below:
syngress> /sbin/route |
Kernel IP routing table |
Destination | Gateway | Genmask | Flags | Metric | Ref | Use | Iface |
192.168.1.0 | * | 255.255.255.0 | U | 1 | 0 | 0 | eth0 |
loopback | * | 255.0.0.0 | U | 0 | 0 | 0 | lo |
default | 192.168.1.1 | 0.0.0.0 | UG | 0 | 0 | 0 | eth0 |
The first column shows the destination IP or the host name. The default gateway for this machine is the default entry and will be where packets are sent if no specific route exists for a destination. The Genmask column defines the Netmask for that particular network. The Flags column can have a number of options, with U being the route is enabled and G specifying that the destination requires a gateway. The other notable column is Iface column. This column specifies which interface is used for that route.
The route command can add to the routing tables and can specify a host or a network as a destination, with the default being a host. The most common route to add is that of the default gateway such as
/sbin/route add default gw 192.168.1.1
If the interface has just been configured using the ifconfig command, the network may have to be added by hand
/sbin/route add –net 192.168.1.0 netmask 255.255.25.50 dev eth1
Network Connectivity Troubleshooting
The following will guide the user through basic network connectivity troubleshooting. When connectivity issues arise, a systematic approach is needed to ensure a quick resolution. If the machine is newly built, it is advisable to use a network connection that is known to be fully working to ensure that the physical connections, cable, and upstream devices such as routers, switches, and DHCP servers are fully operational.
Initially, ensure that the NIC configuration is correct and then connect the network cable. The machine should now be initialized with an IP address and relevant NS information from a DHCP server or using a static information. The
ifconfig command, with no parameters, should be executed to display the status of the NICs. For a more comprehensive output than
ifconfig, use
netstat. The output is listed by
sockets (application to application connections between two computers). The common options for the
netstat command are shown in
Table 4.1.
Table 4.1. Common netstat Options
|
Option | Output |
---|
-a | Show the state of a; sockets and routing table entries |
-g | Displays the multicast groups configured |
-i | Shows all the interfaces configured ifconfig |
-v | Verbose output |
-s | Summary of activity for each protocol |
-c | Output displayed every second; this is very useful in testing |
-e | Verbose output for active connections only |
-C | Displays information from the route cache |
It is often useful to have the netstat command running in a separate terminal window with the –c command while testing is being undertaken. Additionally, there will be an entry in the Address Resolution Protocol (ARP) table, located in /proc/net/arp which primary translates IP addresses to Media Access Control (MAC) addresses or the actual hardware address embedded in every NIC.
With the machine on the network, the connections to various systems and networks can be tested. Initially, use the PING command to test the hosts loopback address as shown below, using the –c option to limit the number of pings to 3.
$ ping -c 3 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.066 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.064 ms
--- 127.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000 ms
rtt min/avg/max/mdev = 0.064/0.065/0.066/0.000 ms
In addition, the command hostname can be used to display the local host name. This command can be used to display the name and IP address(es) of the host. This will further clarify whether the local IP addressing is set up correctly.
When the local machine is known to be working correctly, the command can be used to test other machines. The PING command will echo back the name and, if resolved, the IP address; otherwise an error message of “ping: unknown host” is displayed. If you use a name of a well-known server, for example,
ping linux.com and the name is resolved, then basic NS resolution is working.
To find out more about the actual route packets take from your machine to the target, traceroute can be used which is located in /usr/sbin. The first part of the output to the Syngress Web server is shown below:
traceroute towww.syngress.com(145.36.40.200), 30 hops max, 40 byte packets using UDP 1 192.168.1.1 (192.168.1.1) 1.117 ms 0.595 ms 0.621 ms
2 * * *
3 ge-3-27-ur02.grant.tx.houston.comcast.net (68.85.250.25) 7.015 ms 7.898 ms 7.332 ms
4 te-8-1-ar01.royalton.tx.houston.comcast.net (68.85.244.101) 10.504 ms 10.304 ms 9.740 ms
5 po-11-ar02.royalton.tx.houston.comcast.net (68.85.244.98) 11.640 ms 11.836 ms 11.808 ms
6 po-17-ar02.greenspoint.tx.houston.comcast.net (68.85.244.130) 13.299 ms 13.271 ms 13.276 ms
7 te-0-1-0-4-cr01.dallas.tx.ibone.comcast.net (68.86.91.57) 17.153 ms 17.074 ms 16.860 ms
8 64.132.69.249 (64.132.69.249) 16.837 ms 16.650 ms 16.243 ms
Along a network there will be a number of routers which interconnect different networks together. The routers along the network decide where to send the packet, that is, to forward it to one of its interfaces. If the router does not find a matching route for the packet, it will be sent to its default route and so on until the packet reaches its destination.
Earlier in this section, you learned that when a system does not seem to recognize a name but works perfectly with IP addresses, then there is an issue with the name resolution. First, if possible, discover if it is a global issue with all your machines on the network by utilizing the ping <server name> command on another machine. If this works, then the problem is with your machine setup. Check that there is a valid NS defined in the /etc/resolv.conf file and that you can traceroute to that server. If you cannot perform basic routing to these servers, then name resolution will not occur.
The Domain Information Groper or dig command can query the NSs listed in the /etc/resolv.conf file and then undertakes an NS query. An example of the dig command and output is shown below:
$ dig syngress.com
; <<>> DiG 9.5.0-P2 <<>> syngress.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54845
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;syngress.com.INA
;; ANSWER SECTION:
syngress.com.300INA145.36.40.200
;; Query time: 207 msec
;; SERVER: 68.87.85.98#53(68.87.85.98)
;; WHEN: Thu May 14 14:58:26 2009
;; MSG SIZE rcvd: 46
It can also perform a reverse lookup, where the IP address is used instead of the name. This produces slightly different results.
$ dig 145.36.40.200
; <<>> DiG 9.5.0-P2 <<>> 145.36.40.200
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1949
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;145.36.40.200.INA
;; AUTHORITY SECTION:
.900INSOAA.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009051401 1800 900 604800 86400
;; Query time: 144 msec
;; SERVER: 68.87.85.98#53(68.87.85.98)
;; WHEN: Thu May 14 14:59:37 2009
;; MSG SIZE rcvd: 106
The slightly outdated command nslookup is still useful, in both interactive and noninteractive modes.
$ nslookup
Server: 68.87.85.98
Address: 68.87.85.98#53
Non-authoritative answer:
Name: syngress.com
Address: 145.36.40.200