User Tools

Site Tools


network-and-communication

Network & Communication


NETWORK & COMMUNICATION
hostname
hostname <hostname>
prints the system's host name, -I all IP addresses of the host, -d DNS domain name, -y NIS domain name
sets the system’s host name (permanent settings in /etc/sysconfig/network)
hostnamectl --transient
(implemented in Red Hat Enterprise Linux 7)
hostnamectl set-hostname <hostname>
(implemented in Red Hat Enterprise Linux 7)
prints the system's host name

sets a permanent system’s host name (edits /etc/hostname), --transient sets a temporary system’s host name
hostnamectl (status)
(implemented in Red Hat Enterprise Linux 7)
prints the permanent, possibly temporary system’s host name, hardware type, machine ID, boot ID, operating system name, name and version of the kernel and processor architecture
domainname
domainname <nisdomain>
prints the system’s NIS domain name, -I all IP addresses of the host, -d DNS domain name
sets the system’s NIS domain name (permanent settings in /etc/sysconfig/network)
hostid prints the numeric identifier for the current host
cat /etc/services prints known network services including their protocol and port number
cat /etc/protocols prints known network protocols
cat /etc/resolv.conf prints a list of DNS servers available for resolving domain names into IP addresses
cat /etc/hosts prints a list of IP addresses with associated names, possibly aliases of the remote systems that the local system connects to without using DNS or NIS
host <IP_address / hostname> prints a name or IP address of the remote system, -a all available information
$ host fedora.com
nslookup <IP_address / hostname> prints an IP address of the DNS server and name or IP address of the remote system; depending on particular options additional DNS records are displayed; without a parameter it works interactively
dig <hostname> prints an IP address of the remote system and the DNS server, -x <IP_address> prints a name of the remote system; depending on particular options additional DNS records are displayed
whois <domain_name> prints information about an internet domain registration
$ whois redhat.com
ping <IP_address / hostname> detects a host's availability in the network, -c <n> sets the number of connection attempts, -i <n> sets the interval between attempts in seconds (1 s by default)
$ ping -c 5 google.com
route / netstat -r
route <option> (<parameter>) (<target>) (<option>) (<parameter>)
prints the IP routing table
-n prints IP addresses, add adds a static route, del removes a static route, -net the target is a network, -host the target is a host, netmask defines a network mask, gw defines a network gateway, dev defines a network card; (permanent settings in /etc/sysconfig/network-scripts/route-eth*)
# route add -host 95.139.140.42 gw 89.229.34.178
(adds a route for a particular host)
# route add default gw 192.168.122.255
(assigns the gateway a particular IP address)
# route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0
(adds a route for the particular network and specifies a network card)
traceroute <IP_address / hostname> prints the route packets trace to a remote host, -m <n> specifies the max. number of hops – max. time-to-live value (30 by default), -n prints IP addresses, -w <n> sets the interval to wait for a response in seconds (5 s by default)
$ traceroute yahoo.com
mtr <IP_address / hostname> prints the route packets trace to a remote host interactively (the packet information changes according to the current state), -m <n> specifies the max. number of hops – max. time-to-live value (30 by default), -n prints IP addresses
whatmask <netmask / IP/netmask> prints the number of usable IP addresses in a specified network
$ whatmask /24 / 192.168.165.23/24
ethtool <device>
ethtool -s <device> <option>
prints ethernet card settings
alters ethernet card settings; option e.g. duplex half or full, speed 10, 100, or 1000
# ethtool -s eth0 duplex full speed 100
(sets a duplex mode with full speed of 100 Mb/s)
ip (<option>) <object> <command> (<parameter>) prints or configures network parameters
$ ip addr show
(prints the current network configuration)
# ip addr add 192.168.0.100/24 dev eth0
(assigns another IP address for a particular interface)
# ip addr del 192.168.0.100/24 dev eth0
(removes the IP address from a particular interface)
# ip route show
(prints a routing table)
ifconfig (<device>)

ifconfig <device> (<IP address>) <option>
prints the status of the currently active or specified interfaces – IP address, MAC address, network mask and other network parameters, -a prints the status of all (including inactive) interfaces
configures a specified network interface, options e.g. up, down, hw ether <MAC_address>, netmask <netmask> (permanent settings in /etc/sysconfig/network-scripts/ifcfg-eth*)
# ifconfig eth0 up/down
(activates/deactivates a network card)
# ifconfig eth0 192.168.0.10 netmask 255.255.255.0
(sets a static IP address and network mask)
# ifconfig eth0 hw ether 00:11:09:D6:DC:3C
(sets a particular MAC address for the network card)
ifup <device> activates a network card
# ifup eth0
ifdown <device> deactivates a network card
# ifdown eth1
iwconfig <device>
iwconfig <device> <option>
prints the status of a wireless network interface
configures a wireless network interface, essid <network_name> network name, ap <AP_address> access point address, mode <mode> card mode ("Managed" = client, "Master" = access point), key <key> encrypted transfer
# iwconfig eth1 essid AP_profik ap 00:60:1D:01:23:45 key 0123-4567-89 mode Managed
iwlist <device> <option> prints detailed information from a wireless interface, scan prints available wireless networks including IP addresses of access points, frequency, mode, encryption and quality
tcpdump prints traffic on a network, -i <device> specifies a specified interface (the first one by default), port <port> specified port, tcp/udp/icmp particular protocol, host <host> between a specified host, ether host <MAC_address> between a specified MAC address, -n prints IP addresses, -v detailed output
# tcpdump -i eth0 -nv port 22
# tcpdump -nv ether host 00:02:3F:09:FA:F1
ifstat (<device>) displays a network traffic – the size of received and sent data on all or specified network interfaces
iftop displays a network traffic in an interactive way – source and destination addresses, the size of transferred data and a total summary (the output changes according to the current state), -i <device> specifies a particular interface (the first one by default), interactive option n prints IP addresses, p displays ports, S source port, D destination port, N service listening on the destination port, q quits the program
netstat prints a list of open sockets including port numbers, protocol types and IP addresses, -a all current connections, -l listening ports only, -t TCP ports only (used with option "-a" or "-l"), -u UDP ports only (used with option "-a" or "-l"), -e users and i-nodes, -n IP addresses, -p the PID and name of the program to which each socket belongs, -i the table of network interfaces, -r the kernel routing table, -s summary statistics for each protocol
$ ports="echo discard systat daytime netstat chargen finger nntp"; echo="7"; discard="9"; systat="11"; daytime="13"; netstat="15"; chargen="19"; finger="79"; nntp="119"; for port in $ports; do open_ports=$(netstat -an | egrep ":${!port}[ ]"); if [[ -n "$open_ports" ]]; then echo "${port} --> YES"; else echo "${port} --> NO"; fi; done
(prints the names of particular processes and whether their standard ports are open or not)
nmap (<scan> <option>) <target> explores ports availability of a remote host in order to identify running services and possibly the operating system type; the scan type can be -sS (TCP SYN scan – the most used scan, does not open a full TCP connection, sends a SYN packet and receives SYN/ACK – port is open, or RST – port is closed), -sA (TCP ACK scan, maps out firewall rulesets determining whether they are state or not and which ports are filtered), -sU (UDP scan), -sP (ping scan, checks a host's availability only and its MAC address in the local network); -sV prints a program used by the particular service, -p <port> specifies the ports, -O identifies the OS, -PN does not send ping requests (useful when ping is not allowed by the firewall), -D <IP_address> a "decoy" scan to mystify the target, -iL <file> reads the target from a file, -v detailed output
$ nmap root.cz
$ nmap -sP 10.0.0.0/24
# nmap -sA -v 147.229.28.4
# nmap -sS -sV -v 147.229.28.4 > scan.txt
# nmap -sS -PN -p 1-65000 192.168.0.247
# nmap -sS -sU -iL server_list
# nmap -sS -O -D 192.168.0.1,192.168.0.2 192.168.0.3
(TCP SYN port scan with OS detection of the target 192.168.0.3, pretended to be executed from previous IP addresses)
service iptables start / stop / status starts / stops the firewall or prints its settings
service iptables save saves newly created firewall rules into /etc/sysconfig/iptables in order to be persistent after the system reboot
iptables-save exports configured (not even saved) firewall rules from memory to STDOUT
# iptables-save > iprules
(saves new firewall rules into a particular file)
iptables-restore imports firewall rules from STDIN to memory
# iptables-restore < iprules
(reads the firewall rules from a particular file)
iptables (-t <table>) <option> <chain> <specification> <target> sets up and maintains firewall rules in the network; table "filter" is used for packets filtering (default) and contains builtin chains "INPUT" for incoming packets, "OUTPUT" for outgoing packets and "FORWARD" for packet forwarding between the networks, table "nat" is used for IP address translations and port forwarding with chain "PREROUTING" for incoming packets, "OUTPUT" for altering locally-generated packets before routing and "POSTROUTING" for outgoing packets, table "mangle" is used for specialized packet alterations and contains all the above chains; the correct firewall setup strictly depends on the particular rules order listed in /etc/sysconfig/iptables; option -I (<n>) inserts a rule at the head of the chain or in the selected chain given by the rule number, -A appends a rule to the end of the selected chain, -D (<n>) deletes a rule from the selected chain, -L lists all rules in the selected chain, if no chain is selected, all chains are listed; option -n prints IP addresses and ports in a numeric format, -v prints the number of packets and bytes for each rule including the protocol and interface, --line-numbers numbers the rules of a particular chain (useful for further use with option "-I" or "-D"), -F removes the rules for a particular chain, if no chain is selected, all rules are removed, -P sets the default policy for the chain (all is allowed by default), -N creates a new user-defined chain by the given name, usually used for more detailed specifications of the rules (a default policy cannot be applied for these chains), -X removes a user-defined chain; follows the rule specification -i <interface> input interface, -o <interface> output interface, -s <address> source address, -d <address> destination address, -p <protocol> type of protocol, -m <module> rule extension (state --state <connection_type> specifies the connection type – NEW new connection, ESTABLISHED existing connection, RELATED new connection related to an already existing communication, INVALID invalid connection meaning the packets cannot be identified; time specifies the time of connection --timestart <hh:mm>, --timestop <hh:mm>, --monthdays <day_in_month>, --weekdays <day_in_week>; iprange --src-range / --dst-range <IP-IP> specifies the range of source/destination addresses; limit --limit <n>/<s / m / h / d> specifies the time value, --limit-burst <n> specifies the number of packets), --sport <port> source port, --dport <port> destination port; and finally -j <target> specifies how to deal with the packets – for table "filter" ACCEPT = accept, DROP = drop, LOG = log the packets, REJECT = send back an error packet in response to the matched packet, for table "nat" SNAT --to <IP_address> = change the source address, DNAT --to <IP_address> = change the destination address, REDIRECT --to-ports <port> = redirect the port
# iptables -nvL --line-numbers
(prints the firewall rules in detailed output)
# iptables -P INPUT DROP
(drops all incoming packets)
# iptables -I INPUT -s 147.229.28.4 -j DROP
(drops all packets incoming from the particular IP address)
# iptables -A INPUT -p tcp --dport 22 -j DROP
(drops all packets incoming to the particular port)
# iptables -A INPUT -p tcp --dport 443 -j REJECT
(sends information about the service unavailability)
# iptables -I OUTPUT -d '!' 147.229.28.4 -j DROP
(allows only packets outgoing to the particular IP address)
# iptables -A OUTPUT -o eth0 -d 192.168.0.0/24 -j ACCEPT
(allows only packets outgoing from the particular interface to the local network)
# iptables -A OUTPUT -d upc.cz -p tcp --dport 80 -j DROP
(disallows to display the particular URL)
# iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport '!' 80 -j DROP
(allows packet redirections only to port 80)
# iptables -A INPUT -p tcp –dport 50:55 -m iprange --src-range 192.168.0.1-192.168.0.10 -j ACCEPT
(allows port range of 50-55 for particular IP addresses)
# iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 2 -j ACCEPT
(limits the number of "ping" requests to 2 per 1s)
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3250
(redirects the particular port)
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.0.2:8080
(alters the destination IP address and port of the service)
# iptables -A INPUT -j LOG
(logs all packets that do not meet any of the configured rules to /var/log/messages)
# iptables -D INPUT 5
(drops a rule on the 5th order in the list of "INPUT" chain)
ssh <host> / <user>@<host> (<command>) initializes an encrypted logging in to an existing account on the remote host using the same user name on both systems / using different user names; ssh is also used for executing commands on a remote host whose outputs are displayed on STDOUT of the local computer, -l <user> logs on under a specified user, -p <port> uses a nonstandard port, -v detailed output
$ ssh 192.168.0.20
$ ssh norton@mx.webs.cz / ssh -l norton mx.webs.cz
$ ssh 192.168.0.20 uname -a
ssh-keygen generates a pair of authentication keys – private and public which provide a secure user identification during the ssh connection without the necessity to enter the logging name and password; the private key is by default located in ~/.ssh/id_rsa či ~/.ssh/id_dsa, the public key in ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub and its contents need to be put into ~/.ssh/authorized_keys of the remote host; the program also asks the user to enter a "passphrase" (string of arbitrary characters, including white spaces, protecting the private key against abuse) which, if not empty, is required from the user for identification at the beginning of each connection, -t <key> specifies the type of key – "rsa" or "dsa" (by default "rsa"), -p alters a "passphrase", -v detailed output
ssh-copy-id (<user>@)<host> copies a public key of the user from the local computer into ~/.ssh/authorized_keys of the host, -i <file> specifies the file with the keys (otherwise ~/.ssh/id_rsa.pub is used)
$ ssh-copy-id -i ~/.ssh/id_dsa.pub dookie@94.112.152.47
ssh-add (<file>) delivers temporarily a private key and "passphrase" under "ssh-agent" management
ssh-agent <command> provides a secure logging based on authentication keys without the necessity to enter a "passphrase" for user identification at the beginning of each connection (useful especially for commands executing on more remote servers via a script); ssh-agent is thus executed as first before the connection, by "ssh-add" the private key is delivered and only once a "passphrase" is required
$ ssh-agent sh <-'
$ ssh-add <-'
> <passphrase> <-'
scp (<host>: / <user>@<host>:)<source> (<host>: / <user>@<host>:)<target> initializes an encrypted data transfer between remote hosts using the same user name on both systems / using different user names, -p preserves file attributes, -r recursively, -v detailed output, -P <port> uses a nonstandard port, -l limits the used bandwidth specified in kB/s, -C compression
$ scp -rv mx.webs.cz:/home/kuba/data .
(copies directory "data" from the remote host to the working directory on the local computer)
$ scp ~/.ssh/id_rsa.pub norton@192.168.0.1:.ssh/authorized_keys
(copies file "id_rsa.pub" from the local computer to ".ssh/" in the home directory on the remote host)
$ scp norton@arnold:soubor.txt 192.168.20.1:
(copies file "file.txt" from one remote host to another, in both cases from and to user's home directory)
sftp <host> / <user>@<host> initializes an interactive encrypted data transfer between remote hosts using the same user name on both systems / using different user names, -P <port> uses a nonstandard port; the following commands are used: ! <command> executes a specified command on the local computer, help or ? help, get <file> copies a remote file to the local computer, mget <fil*> copies more files using wildcards, for the opposite direction put <file> or mput <fil*>, bye/quit/exit termination
telnet <host> (<port>) initializes an unencrypted logging in to an existing account on the remote host or detects a specified port availability; without a parameter it works interactively
$ telnet 192.168.0.20 80
ftp <host> initializes an interactive unencrypted data transfer between remote hosts; the following commands are used: ! <command> executes a specified command on the local computer, help or ? help, get <file> copies a remote file to the local computer, mget <fil*> copies more files using wildcards, for the opposite direction put <file> or mput <fil*>, bye/quit/exit termination
lynx <URL> displays the contents of the URL, q terminates the program
$ lynx centos.org
wget <URL> downloads the contents of the URL into the working directory, -c continues downloading a partially-downloaded file after the transfer is interrupted, -r recursive download, -t <n> specifies the number of download attempts
curl <URL> copies data from or to a specified URL, -o <file> specifies a target file (by default STDOUT), -F <item>=<contents> specifies outgoing data ("@" represents a source file)
# curl -o /etc/yum.repos.d/data.repo set.cz/data.repo
mail displays the contents of the logged-in user's mailbox (/var/spool/mail/<user>), -f displays the contents of mailbox with already read messages (/home/<user>/mbox); commands related to work with the mailbox: p/p(n) displays the oldest message / particular message, r replies to the message, d/d(m-n)/d* deletes particular/all messages, q terminates the program
mail <address> sends a message to the specified address, -s <subject> subject, -c <address> carbon copy (CC), -b <address> blind carbon copy (BCC)
$ mail root / tom@atlas.cz < offer.txt
$ cat file | mail -s "offer" james -c root
$ echo "Hello James" | mail -s "greeting" james
the message can also be sent this way:
$ mail <address> <-'
Subject: <subject> <-'
<text> <-'
.<-' or ctrl+d
Cc: <address> <-'
wall <message> sends messages to all open terminals of logged-in users with their mesg permission set to "yes"
write <user> (<terminal>) sends a message to the specified user within the same host; the terminal specification is needed if the user is using more terminals at the same time
$ write dookie <-'
<text>
ctrl+d
$ echo "Hello" | write dookie
talk <user> / <user>@<host> (<terminal>) provides a communication between two users at the same time within the same host or between different hosts (in case of using the same user name on both hosts), the terminal is split into incoming and outgoing text windows; the terminal specification is needed if the user is using more terminals at the same time
$ talk tom@domain.com <-'
<text> <-'
ctrl+c
mesg (<y/n>) prints or sets the terminal's availability for the logged-in user to receive messages of "wall", "talk" or "write" program ("y" = yes, "n" = no)
who -w prints the current access state of the logged-in users' terminals for using program "wall", "talk" or "write" ("+" = yes, "-" = no)
Last modified: 2019/04/12 17:42 by Miroslav Bernát

visits: