TCP/IP Commands

TCP/IP offers several commands and features that are supported on the Solaris operating environment. These commands are part of the TCP/IP networking package and are available on all UNIX systems that implement TCP/IP, unless specifically disabled by the administrator.

telnet

telnet is used to log in to another system on the network. The following is a sample session:

# telnet pyramid1 
Trying 192.9.200.4... 
Connected to pyramid1. 
Escape character is '^]'. 

SunOS 5.9 
login: bill 
Password: 
Last login: Mon Jul 30 15:12:59 from 192.9.200.1 
Sun Microsystems Inc.   SunOS 5.9       Generic February 2001 
pyramid1%

Caution

The authentication process used by telnet is not encrypted; therefore, it is unsecure and prone to security risks. The secure shell (ssh) is a more secure alternative to telnet. With the secure shell, the sshd daemon listens for connection requests and handles the encrypted authentication exchange between both hosts. The secure shell is described in Chapter 16.


rlogin

rlogin is also a command for logging in to another system on the network. Unlike telnet, rlogin has a mechanism in which you don’t have to enter a login name and password if the /.rhosts and /etc/hosts.equiv files are in place. These files are discussed in Chapter 16.

FTP

The file transfer protocol (FTP) is used to transfer one or more files between two systems on the network. You’ll use FTP to transfer files between a local system and a remote system. Using FTP, a user connects to a remote system, enters a login name and password, and is put into the FTP utility as follows:

ftp 192.168.0.253

The system responds with the following:

Connected to 192.168.0.253. 
220 ultra5 FTP server ready.

You’ll be prompted to enter a login name and password:

Name (192.168.0.253:root): <enter login> 
331 Password required for root. 
Password: <enter password>

If the system you are accessing has established an anonymous FTP account, you will not be prompted for a password. If login is successful, the system will display the following message:

230 User root logged in. 
Remote system type is UNIX. 
Using binary mode to transfer files.

You’ll then see the FTP command-line interface (CLI) prompt:

ftp>

You can now use any of the commands supplied by the FTP interface, including help. All of the essential FTP commands are listed in Table 21.8.

Table 21.8. FTP Commands
Command Description
open Logs in to the remote system from the FTP command prompt
close Logs out of the remote system and returns to the FTP command prompt
bye Quits FTP and puts you back to the Solaris shell prompt
help Lists all FTP commands or, if a command name is supplied, briefly describes what the command does
reset Resynchronizes the command-reply sequencing with the remote FTP server
ls Lists the contents of the current working directory on the remote system
pwd Displays the name of the working directory on the remote system
cd <directory name> Changes the current working directory on the remote system
lcd <directory name> Changes the working directory on the local system
mkdir <directory name> Creates a new directory on the remote system
rmdir <directory name> Deletes a directory on the remote system
get/mget Copies a file (or multiple files) from the remote working directory to the local working directory
put/mput Copies a file (or multiple files) from the local working directory to the remote working directory
delete/mdelete Deletes a file (or multiple files) from the remote working directory

The following is a sample FTP session:

pyramid1% ftp pyramid1 
Connected to pyramid1. 
220 pyramid1 FTP server (SunOS 5.9) ready. 
Name (pyramid1:bill): <cr> 
331 Password required for bill. 
Password: <enter password> 
230 User bill logged in. 
ftp>

From the ftp prompt, I’ll list my current working directory:

ftp> pwd 
257 "/users/bill" is current directory.

Now I’ll list the files in my current working directory:

ftp> ls 
200 PORT command successful. 
150 ASCII data connection for /bin/ls (192.9.200.4,47131) (0 bytes). 
admin 
file1 
data 
226 ASCII Transfer complete. 
19 bytes received in 0.049 seconds (0.38 Kbytes/s)

Now I’ll copy a file from the remote system to my local system using the get command:

ftp> get file1 /tmp/file1 
200 PORT command successful. 
150 ASCII data connection for file1 (192.9.200.4,47132) (31311 bytes). 
226 ASCII Transfer complete. 
local: /tmp/file1 remote: file1 
31441 bytes received in 0.12 seconds (266.82 Kbytes/s)

Now I’ll exit my FTP session and return to the shell prompt:

ftp> bye 
221 Goodbye. 
pyramid1%

Anonymous FTP is used when you don’t want to set up a user account for everyone who will be using FTP. By setting up anonymous FTP, users can log in and are very restricted as to which directories they can use.

Caution

The anonymous FTP account is inherently dangerous and should be avoided when possible.


To setup anonymous FTP on a system, an anonymous FTP account must be present in the password file for user ftp. Use ftpconfig to create the anonymous ftp account and home directory tree. The ftpconfig script creates the anonymous user account and populates the home directory with the required files.

The ftpconfig script will copy and set up all the components needed to operate an anonymous FTP server, including creating the ftp user account, creating device nodes, copying /usr/lib files, and copying time zone data. The setup of the /etc/passwd and /etc/group files has been stripped down to prevent malicious users from finding login names on the server. The anonymous file area will be placed where you specify. If the ftp user account already exists, the current FTP area is used, and the system files in it are updated. All other files are left untouched.

Use the ftpconfig script to create the anonymous user account and default FTP directory, as follows:

/usr/sbin/ftpconfig <anonymous-ftp-directory>

The <anonymous-ftp-directory> is the absolute pathname of the directory under which the anonymous FTP area is set up.

Confirm that the anonymous user is assigned to a class in the ftpaccess file. In this example, the FTP area is set up in the /home/ftp directory by typing the following command:

/usr/sbin/ftpconfig /home/ftp

The system responds with the following information:

Creating user ftp 
Updating directory /home/ftp

The following entry is also added to your /etc/passwd file:

ftp:x:1003:1:Anonymous FTP:/home/ftp:/bin/true

rcp

You can also use the rcp (remote copy) command to transfer one or more files between two hosts on a network. The other system must trust your ID on the current host. This trust relationship was discussed in Chapter 16, “System Security.”

The rcp command is more convenient than ftp. First, rcp does not require a login or password if the proper trust relationship exists between the systems; this makes it suitable for scripts. Second, rcp allows complete directory trees to be copied from one system to another. However, ftp has more options and is considered more secure. The following is a sample use of rcp:

rcp /etc/hosts systemB:/etc/hosts

This example uses rcp to copy the file /etc/hosts from the local system to systemB.

Note

The authentication process used by rcp is not encrypted; therefore, it is unsecure and prone to security risks.

scp is part of the secure shell and is a more secure method of copying data between two systems. The scp command is described in Chapter 16.


rsh

You use the rsh (remote shell) command to execute a shell on another system on the network. The other system must trust your ID on the current system. The following example uses rsh to get a long listing of the directory /etc on systemB:

rsh systemB ls -la /etc

Caution

The authentication process used by rsh is not encrypted; therefore, it is unsecure and prone to security risks. The secure shell (ssh) is a more secure alternative to rsh. With the secure shell, the sshd daemon listens for connection requests and handles the encrypted authentication exchange between both hosts. The secure shell is described in Chapter 16.


rexec

The rexec command is also used to execute a shell on a remote system. This command differs from rsh in that you must enter a password. At many sites, rsh is disabled for security reasons, and rexec is used as a replacement.

rwho

The rwho command produces output similar to the who command (which was described in Chapter 16) but for all systems on the network.

finger

The finger command displays information about users logged on to the local system or other systems. If finger is used without an argument, it gives information concerning users currently logged in. If finger is used with an argument (for example, the username glenda), it displays information about all users matching the argument. You can also use the finger command to look up users on a remote system by specifying the user as username@host .To protect user privacy, many remote systems do not allow remote fingering of their systems.

rup

The rup command shows the host status of remote systems, similar to the uptime command. For example, to get uptime information about the remote host named sparc14, type the following:

rup sparc14

The system responds with this:

sparc14    up  2 days, 41 mins,  load average: 0.00, 0.00, 0.01

ping

Use the ping command to test network connectivity to a particular host. The syntax for the ping command is as follows:

/usr/sbin/ping <options> <host> [timeout]

<host> is the hostname of the machine in question, and [timeout] is an optional argument to specify the time in seconds for ping to keep trying to reach the machine. Twenty seconds is the default.

Some of the more common options to the ping command are described in Table 21.9.

Table 21.9. ping Options
Option Description
-v Verbose output. Lists any ICMP packets, other than ECHO_RESPONSE, that are received.
-I <interval> Specifies the interval between successive transmissions. The default is 1 second.
-s When the -s flag is specified, ping sends one datagram per second (adjustable with -I) and prints one line of output for every ECHO_RESPONSE it receives.

When you run ping, the ICMP protocol sends a datagram to the host you specify, asking for a response. ICMP is the protocol responsible for error handling on a TCP/IP network.

To test network connectivity between ultra5 and sparc14, type the following:

ping sparc14

If host sparc14 is up, this message is displayed:

sparc14 is alive

The message indicates that sparc14 responded to the ICMP request. However, if sparc14 is down or cannot receive the ICMP packets, you receive the following response:

no answer from sparc14

If you suspect that a machine might be losing packets even though it is up, you can use the -s option of ping to try to detect the problem. For example, type the following:

ping -s sparc14

ping continually sends packets to sparc14 until you send an interrupt character or a timeout occurs. The responses on your screen will resemble this:

PING sparc14: 56 data bytes 
64 bytes from sparc14 (192.9.200.14): icmp_seq=0. time=1. ms 
64 bytes from sparc14 (192.9.200.14): icmp_seq=1. time=0. ms 
64 bytes from sparc14 (192.9.200.14): icmp_seq=2. time=0. ms 
64 bytes from sparc14 (192.9.200.14): icmp_seq=3. time=0. ms 
64 bytes from sparc14 (192.9.200.14): icmp_seq=4. time=0. ms 
... 
... 
----sparc14 PING Statistics----
8 packets transmitted, 8 packets received, 0% packet loss 
round-trip (ms)  min/avg/max = 0/0/1

The packet loss statistic at the end of the output indicates whether the host has dropped packets, which could indicate a network problem.

spray

The spray command tests the reliability of your network. It can tell you whether packets are being delayed or dropped. spray sends a one-way stream of packets to a host using a Remote Procedure Call (RPC). It reports how many were received as well as the transfer rate.

The syntax is as follows:

spray  [ -c <count> -d <interval> -l <packet_size>] <hostname>

Each option in this syntax is described in Table 21.10.

Table 21.10. spray Options
Field Description
-c <count> Specifies the number of packets to send.
-d <interval> Specifies the number of microseconds to pause between sending packets. If you don’t use a delay, you might run out of buffers.
-l <packet_size> Specifies the packet size.
<hostname> Specifies the system to send packets to. The <hostname> argument can be either a name or an Internet address.

spray is not useful as a networking benchmark because it uses unreliable connectionless transports such as the User Datagram Protocol (UDP). spray can report a large number of packets dropped when the drops were caused by spray sending packets faster than they could be buffered locally (before the packets got to the network medium). spray is used, however, to verify connectivity between two hosts and to test the operation of the network.

The following example illustrates the use of spray to send 100 packets to sparc14 (-c 100). Each packet is 2,048 bytes (-l 2048). The packets are sent with a delay time of 20 microseconds between each burst (-d 20):

spray -c100 -d20 -l2048 sparc14

The system responds with this:

sending 100 packets of length 2048 to sparc14 ... 
2 packets (2.000%) dropped by sparc14 
567 packets/sec, 1161394 bytes/sec

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset