Nsa CH-4
Nsa CH-4
Network Management
The easy way to change your IP address is to use one of the configuration programs that
come with the distribution. To change it the difficult way though we'll use the command line
The command 'ifconfig' will tell you all about your networking currently, but it will also let
you reset your IP address.
The first option, 'eth0' says this is for the first ethernet card. The next is the IP address you are
assigning to that ethernet card. The next two fields are the netmask and broadcast.
The netmask number, which usually looks like 255.255.255.0, is used to determine whether a
message goes to a machine that is on the same subnet as the machine that sends the message.
This means that if all your computers on your network start with 192.168.0.x, where x
changes (from 0- 255), then your netmask will be 255.255.255.0 because messages will only
get sent to the last part of the network number.
A broadcast number is used to talk to all computers or hosts on your LAN at the same time
The function of the broadcast IP number is to make sure that all hosts that are supposed to be
listening are and that the broadcast is not passed to the entire Internet.
Ubuntu Commands
Configuring Static IP Address For Your Network Card
Configure a Static IP address by editing /etc/network/interfaces. Replace eth0 with your
network interface card (see Find Network Interface Card).
sudo nano /etc/network/interfaces
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.2.33
gateway 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
For these settings to take effect you need to restart your networking services.
sudo /etc/init.d/networking restart
• ifconfig
– ifconfig (interface configurator) command is use to initialize an interface,
assign IP Address to interface and enable or disable interface on demand.
– With this command you can view IP Address and Hardware / MAC
address assign to interface and also MTU (Maximum transmission unit) size.
– Example: ifconfig eth0
• ifconfig with interface (eth0) command only shows specific interface
details like IP Address, MAC Address etc
• Enable or Disable Specific Interface
– To enable or disable specific interfaces we use the following commands
respectively.
• ifup eth0 – enables eth0 interface
• ifdown eth0 – disables eth0 interface
Changing the hostname : After installation of the system, we will be asked for what the
hostname of the computer would be. If you wanted to change this name now, you can use the
command 'hostname', like –
[root@comp root]# hostname new-name
Then you would open the file
/etc/sysconfig/network
where a few network setting are saved and change the field that says hostname to your new
name.
You also have to make sure you /etc/hosts file is changed and updated with your new
hostname
The next time you restart your computer the new hostname will take effect.
# netstat
- Display connections, routing tables, stats etc
–List externally connected processes:
netstat -punta
–List all connected processes:
netstat -nap
–Show network statistics:
netstat -s
4.4 Configuring a Web Server (Apache)
The port for a webserver is usually port 80. That means when you go to a webpage,
you are sending data that says 'give me this webpage' to some IP address to port 80.
Ports allow many networked services run on a computer at the same time.
Most computers will usually have quite a few services running that have opened
different ports on a computer
Network services on a Linux computer will act just like the services in the /etc/init.d
folder, except there is a more sophisticated way to control them.
4.5 Configuring a DNS Server (BIND)
The Configuration files
/etc/resolv.conf - resolver configuration file – domain domain.com – your domain
name – search name-of-domain.com - Name of your domain or ISP's domain if using
their name server – nameserver XXX.XXX.XXX.XXX - IP address of primary name
server – nameserver XXX.XXX.XXX.XXX - IP address of secondary name server.
This configures Linux so that it knows which DNS server will be resolving domain
names into IP addresses.
If using DHCP is used, this will automatically be sent to you by the ISP and loaded into
this file as part of the DHCP protocol. If using a static IP address, then you'll have to fill it
in yourself.
• The flow of e-mail on the Internet is managed by the SMTP (Simple Mail Transfer
Protocol).
• The SMTP server is simply a computer running SMTP, and which acts more or less
like the postman.
POP
• POP stands for Post Office Protocol.
• A POP (or POP3) server in it’s simplest form stores the messages for a
particular user in a text file.
• The file for a particular user is appended with information each time an e-mail
is received by a POP server.
• A POP server requires the log-in credentials of a user that are sent through e-
Lease IP addresses for a specific amount of time to DHCP clients, and then
automatically renew the IP
addresses when the client requests a renewal.
Update DHCP client parameters automatically by changing a server or scope option at
the DHCP server rather than performing this action individually on all DHCP clients.
Reserve IP addresses for specific computers or other devices so that they always
have the same IP
address and also receive the most up-to-date DHCP options.
Exclude IP addresses or address ranges from distribution by the DHCP server so that
these IP addresses and ranges can be used to statically configure servers, routers, and
other devices that require static IP addresses.
Provide DHCP services to many subnets, if all routers between the DHCP server and
the subnet for which you want to provide service are configured to forward DHCP
messages.
Install NTP
Sudo apt-get install ntp
traceroute –
Another utility that documents network performance is called tracert. While the ping utility
merely lets us know that the connection from A to B is complete, tracert informs us of the
route and number of hops the packet of data took to arrive at its destination.
traceroute print the route packets take to network host –
Example
[root@comp root]# traceroute google.com
ipconfig –
Another useful software troubleshooting tool is ipconfig. This diagnostic command displays
all current TCP/IP network-configuration values. This command is useful on systems running
DHCP, allowing users to determine which TCP/IP configuration values have been configured
by DHCP.
route –
Every computer and network routing device stores a routing table in its RAM. A routing table
stores information about which routers to send network packets to. The route command can
be used to display and modify the routing table of a computer.
netstat –
The netstat command can be used to display the currently active TCP connections on a
computer.
• SSH was designed and created to provide the best security when accessing another
computer remotely.
• Not only does it encrypt the session
Key-based authentication uses two keys, one "public" key that anyone is allowed to see, and another
"private" key that only the owner is allowed to see. To securely communicate using key-based
authentication, one needs to create a key pair, securely store the private key on the computer one
wants to log in from, and store the public key on the computer one wants to log in to.
Using key based logins with ssh is generally considered more secure than using plain password
logins. This section of the guide will explain the process of generating a set of public/private RSA
keys, and using them for logging into your Ubuntu computer(s) via OpenSSH.
mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t rsa
You will be prompted for a location to save the keys, and a passphrase for the keys. This passphrase
will protect your private key while it's stored on the hard drive:
Open the file for editing using your favorite command-line editor.
Look for the required directive, uncomment it, and set its value to yes, as shown in the
screenshot.
GatewayPorts yes
Save the changes and exit. Next, you need to restart sshd to apply the recent change you
made.
Once you understand this method of tunneling, you can easily and securely expose a local
development server, especially behind NATs and firewalls to the Internet over secure tunnels.