Linux Networking Tips


How to grant privileged access to specific users?
You can grant specific users full access to all privileged commands, with this sudoers entry. (add it to the file: /etc/sudoers).
kranti  ALL=(ALL) ALL
It is not recommend because this allows user kranti to use the su command to get permanent root privileges thereby bypassing the command logging features of sudo.

 How to disable/enable firewall in Linux (Fedora)?
Disable -
    # service iptables stop
Enable -
    # service iptables start
Disable at boot time
     # chkconfig iptables off
Enable at boot time
     # chkconfig iptables on

 Configuring Static IP address on Linux from the Command Line (Fedora)
1. Assign static IP Address
vi /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE="em1"
ONBOOT=yes
NM_CONTROLLED="yes"
TYPE=Ethernet
BOOTPROTO=none
IPADDR0=172.19.3.1
PREFIX0=24
GATEWAY0=172.19.3.254
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System em1"
UUID=1dad842d-1912-ef5a-a43a-bc238fb267e7
HWADDR=00:C0:9F:BA:C5:32

 2. Restart the NIC
service network restart

 3. Add the Default Route:
Default Route:
route add default gw ip_address_of_your_default_gateway em1
route add default gw 172.16.3.1 em1

 To make gw/route permanent:
vi /etc/sysconfig/network

 change to look like this:
NETWORKING=yes
HOSTNAME= localhost.localdomain
GATEWAY=172.19.3.254

 Add default route through an interface (Fedora)
-> route add -net 172.0.0.0 netmask 255.0.0.0 dev em1
-> route -n
Kernel IP routing table
Destination     Gateway      Genmask      Flags Metric Ref   Use  Iface
172.0.0.0          0.0.0.0         255.0.0.0       U       0          0       0     em1

 4. Add Permanent Route
Set up static routes for certain network interface (for example eth1) by editing file /etc/sysconfig/network-scripts/route-eth1.

For example, if you have to save static route added by the following command:
route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.100.1 dev eth1

To do it, just add the following line to /etc/sysconfig/network-scripts/route-eth1:
ADDRESS0=192.168.0.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.100.1


Configure DHCP Server
To start, stop, restart and check status of dhcpd:
- service dhcpd start
- service dhcpd stop
- service dhcpd restart
- service dhcpd status

 To ensure dhcpd starts automatically on your next reboot:
- chkconfig dhcpd on

 DHCP server config file:
- Find sample config file @ /usr/share/doc/dhcp*/dhcpd.conf.sample
- The actual config file @ /etc/dhcp/dhcpd.conf

 Test config file for errors:
- /usr/sbin/dhcpd –f

 To check log messages:
- cat /var/log/messages

 To check the assigned leases:
- cat /var/lib/dhcpd/dhcpd.leases

 To configure to listen on an interface:
- vi /etc/sysconfig/dhcpd
        DHCPDARGS="em1"
- If not configured the following error will be thrown in the error log
        Not configured to listen on any interfaces!

 Other errors:
1. No subnet declaration for em1 (172.19.3.1).
** Ignoring requests on em1.  If this is not what you want, please write a subnet declaration in your dhcpd.conf file for the network segment to which interface em1 is attached. **
- Add subnet declaration for 172.19.3.0 in /etc/dhcp/dhcpd.conf file

 2. "DHCPDISCOVER from 00:00:aa:aa:aa:aa via 172.19.5.1: unknown network segment"
- Mostly because the subnet definition is missing for the particular subnet that the DHCP request is coming from (Most of the time because of DHCP helpers on switches). Add  subnet declaration to your dhcpd.conf file for this subnet

 To Change the MTU of an interface on Linux:

  - sudo ifconfig eth0 mtu 2000

No comments:

IP Addressing


IP addresses are described as consisting of two groups of bits in the address:
  - the most significant part is the network address which identifies a whole network or subnet
  - and the least significant portion is the host identifier, which specifies a particular host interface on that network.
This division is used as the basis of traffic routing between IP networks and for address allocation policies.

Classful Addressing -

 - Classful network design for IPv4 sized the network address as one or more 8-bit groups, resulting in the blocks of Class A, B, or C addresses.

Class
First Byte
Network ID / Host ID (Bytes)
Theoretical IP Address Range
Class A
0xxx xxxx
1 / 3
1.0.0.0 to 126.255.255.255
Class B
10xx xxxx
2 / 2
128.0.0.0 to 191.255.255.255
Class C
110x xxxx
3 / 1
192.0.0.0 to 223.255.255.255
Class D
1110 xxxx
224.0.0.0 to 239.255.255.255
Class E
1111 xxxx
240.0.0.0 to 255.255.255.255

Classless Inter-Domain Routing -

 - CIDR allocates address space to Internet service providers and end users on any address bit boundary, instead of on 8-bit segments
 - CIDR specifies an IP address range using a combination of an IP address and its associated network mask. CIDR notation uses the following format - xxx.xxx.xxx.xxx/n, where n is the number of (leftmost) '1' bits in the mask.
 - For example, 192.168.12.0/23 applies the network mask 255.255.254.0 to the 192.168 network, starting at 192.168.12.0. This notation represents the address range 192.168.12.0 - 192.168.13.255.


1 comment:

IP Address FAQs

1. In general, the first address (ending with 0) and last address (ending with 255) in a subnet are used as the network identifier and broadcast address, respectively. All other addresses in the subnet can be assigned to hosts on that subnet.

2. Private IP address ranges (RFC 1918) 
    a.  Class A: 10.0.0.0 through 10.255.255.255
b. Class B: 172.16.0.0 through 172.31.255.255
c. Class C: 192.168.0.0 through 192.168.255.255

3. Special IP addresses 
    a.  127.0.0.1 – Loopback address
    b.  224.0.0.0 – 239.255.255.255 – Multicast addresses
    c.  0.0.0.0 – Wildcard address
No comments:

Interframe Gap and Throughput

Ethernet devices must allow a minimum idle period between transmission of frames known as the interframe gap (IFG) or interpacket gap (IPG). It provides a brief recovery time between frames to allow devices to prepare for reception of the next frame. The minimum interframe gap is 96 bit times, which is 9.6 microseconds for 10 Mb/s Ethernet, 960 nanoseconds for 100 Mb/s Ethernet, and 96 nanoseconds for 1 Gb/s Ethernet.

Let's assume a Gigabit port that can transfer raw data up to 125,000,000 bytes per second with minimum frame size of 64 bytes. The minimum inter frame gap period is 96 bits or 12 bytes which amounts to 96 nano seconds + 7 byte of preamble and 1 byte of delimiter consequence 84 bytes. 


Maximum Frame Rate and Throughput Calculations For a 1-Gb/s Ethernet Link
Frame PartMinimum Frame SizeMaximum Frame Size
Inter Frame Gap (9.6 ms)
12 bytes
12 bytes
MAC Preamble (+ SFD)
8 bytes
8 bytes
MAC Destination Address
6 bytes
6 bytes
MAC Source Address
6 bytes
6 bytes
MAC Type (or length)
2 bytes
2 bytes
Payload (Network PDU)
46 bytes
1,500 bytes
Check Sequence (CRC)
4 bytes
4 bytes
Total Frame Physical Size
84 bytes
1, 538 bytes

[1,000,000,000 b/s / (84 B * 8 b/B)] == 1,488,096 f/s (maximum rate)
[1,000,000,000 b/s / (1,538 B * 8 b/B)] == 81,274 f/s (minimum rate)

 Example Formula for Ixia  or other Test Device to find the exact linerate in bps-

 =((Bytes Received Rate * 8) + (Frames Received Rate * 160))
where 160 bits (20 bytes) is the inter frame gap
No comments:

Regular Expressions

The Anchor Characters: ^ and $

Pattern
Matches
^A
"A" at the beginning of a line
A$
"A" at the end of a line
A^
"A^" anywhere on a line
$A
"$A" anywhere on a line
^^
"^" at the beginning of a line
$$
"$" at the end of a line

Match any character with .

The character "." is one of those special meta-characters. By itself it will match any character, except the end-of-line character.
The pattern that will match a line with a single characters is ^.$

Specifying a Range of Characters with [...]

If you want to match specific characters, you can use the square brackets to identify the exact characters you are searching for
The pattern that will match any line of text that contains exactly one number is ^[0123456789]$
This is verbose. You can use the hyphen between two characters to specify a range: ^[0-9]$
You can intermix explicit characters with character ranges. This pattern will match a single character that is a letter, number, or underscore: [A-Za-z0-9_]

Exceptions in a character set

You can easily search for all characters except those in square brackets by putting a "^" as the first character after the "["
To match all characters except vowels use "[^aeiou]".
Like the anchors in places that can't be considered an anchor, the characters "]" and "-" do not have a special meaning if they directly follow "[". Here are some examples:

Regular Expression
Matches
[]
The characters "[]"
[0]
The character "0"
[0-9]
Any number
[^0-9]
Any character other than a number
[-0-9]
Any number or a "-"
[0-9-]
Any number or a "-"
[^-0-9]
Any character except a number or a "-"
[]0-9]
Any number or a "]"
[0-9]]
Any number followed by a "]"
[0-9-z]
Any number,
or any character between "9" and "z".
[0-9\-a\]]
Any number, or
a "-", a "a", or a "]"

Repeating character sets with *

The special character "*" matches zero or more copies. That is, the regular expression "0*" matches zero or more zeros, while the expression "[0-9]*" matches zero or more numbers
This explains why the pattern "^#*" is useless, as it matches any number of "#'s" at the beginning of the line, including zero. Therefore this will match every line, because every line starts with zero or more "#'s"
Just use "^ *" to match zero or more spaces at the beginning of the line. If you need to match one or more, just repeat the character set. That is, "[0-9]*" matches zero or more numbers, and "[0-9][0-9]*" matches one or more numbers

Matching a specific number of sets with \{ and \}

You can specify the minimum and maximum number of repeats by putting those two numbers between "\{" and "\}"
The backslashes deserve a special discussion. Normally a backslash turns off the special meaning for a character. A period is matched by a "\." and an asterisk is matched by a "\*"
If a backslash is placed before a "<," ">," "{," "}," "(," ")," or before a digit, the backslash turns on a special meaning
The regular expression to match 4, 5, 6, 7 or 8 lower case letters is [a-z]\{4,8\}
Any numbers between 0 and 255 can be used. The second number may be omitted, which removes the upper limit. If the comma and the second number are omitted, the pattern must be duplicated the exact number of times specified by the first number
Regular Expression
Matches
_
*
Any line with an asterisk
\*
Any line with an asterisk
\\
Any line with a backslash
^*
Any line starting with an asterisk
^A*
Any line
^A\*
Any line starting with an "A*"
^AA*
Any line if it starts with one "A"
^AA*B
Any line with one or more "A"'s followed by a "B"
^A\{4,8\}B
Any line starting with 4, 5, 6, 7 or 8 "A"'s
followed by a "B"
^A\{4,\}B
Any line starting with 4 or more "A"'s
followed by a "B"
^A\{4\}B
Any line starting with "AAAAB"
\{4,8\}
Any line with "{4,8}"
A{4,8}
Any line with "A{4,8}"

Matching words with \< and \>

Searching for a word isn't quite as simple as it at first appears. The string "the" will match the word "other". You can put spaces before and after the letters and use this regular expression: " the ". However, this does not match words at the beginning or end of the line. And it does not match the case where there is a punctuation mark after the word.
There is an easy solution. The characters "\<" and "\>" are similar to the "^" and "$" anchors, as they don't occupy a position of a character. They do "anchor" the expression between to only match if it is on a word boundary.
The pattern to search for the word "the" would be "\<[tT]he\>". The character before the "t" must be either a new line character, or anything except a letter, number, or underscore. The character after the "e" must also be a character other than a number, letter, or underscore or it could be the end of line character.

No comments:

Structure of a IPv4 Packet


Each protocol has a packet header, and this header is actually defined the rules for communication, thus the figure one is the figure of IPv4 packet header, and following is the detail of the IP packets fields.
Version: 4 bits
The Version field specifies the version of the internet header. As in the case is version 4.
IHL (Header Length): 4 bits
IHL stands for Internet Header Length; this is the length of the internet header and consists of 32 bit words, and this point to the establishment of the data. The lowest value for an accurate header is 5.
Type of Service: 8 bits
The Type of Service offers of the quality of service preferred. Type Of Service is utilize for particular IP packet information which may be inspect by routers by the interface who receive the packet. Initially, three bits was introduced named as IP Precedence that had a use as,
•000 (0) - Routine
•001 (1) - Priority
•010 (2) - Immediate
•011 (3) - Flash
•100 (4) - Flash Override
•101 (5) - Critical
•110 (6) - Internetwork Control
•111 (7) - Network Control
The 4th bit was set to "0" and the left over 4 bits are on hand for utilizing now a days for as following.
Minimise delay
Maximise throughput
Maximize reliability
Minimize monetary costs
Total Length: 16 bits
This is the length of the datagram, calculated in octets, including internet header and data. The minimum length of any IP datagram is 20 bytes and the maximum is 65,535
Identification: 16 bits
A recognize value allocate by the sender to assist in assembling the fragments of a datagram. It basically identify a packet’s fragments for example packet with identification of 1 has 20 fragments, so each fragment can be reassemble on the base of this identification.
Flags: 3 bits
Used primarily for the fragmentation.
Bit 0: reserved, must be zero
Bit 1: (DF) 0 = May Fragment, 1 = Don't Fragment.
Bit 2: (MF) 0 = Last Fragment, 1 = More Fragments.
Fragment Offset: 13 bits
This field specifies where in the IP datagram this fragment fit in. The fragment offset is determined in units of 8 bytes (64 bits). The first fragment has offset zero
Time to Live (TTL): 8 bits
This field specifies the highest time the datagram is permitted to stay in the internet system. If this field contains the value zero, then the datagram must be destroyed. The time is calculated in units of seconds, since every device that route an IP datagram must reduce the TTL by minimum one, even if it route the IP datagram in less than one second.
Protocol: 8 bits
This field specifies the next layer protocol, or it tells the IP which is the layer four protocols.
Header Checksum: 16 bits
A checksum is always computed on the header only. The checksum field is use for error-checking.
Source IP Address: 32 bits
This is the IP address of the machine which is sending the data out. It is usually represented by 4 octets of decimal value separated by decimals e.g 192.168.1.4
Destination IP Address: 32 bits
This is the IP address of the machine to which the datagram is being routed for delivery. It is normally symbolize by 4 octets of decimal value separated by decimals for example 192.168.1.10
IP Options
This field is for testing, debugging and security.
Padding
If datagram is not confined with the minimum length requirement of 20 byte then there is padding added sometimes just to make sure that the datagram is confined with the standard minimum total length requirement.
No comments:
Subscribe to: Posts (Atom)