User Tools

Site Tools


network-and-communication

Network & Communication


NETWORK & COMMUNICATION
hostname
hostname <hostname>
prints the system's host name, -I all IP addresses of the host, -d DNS domain name, -y NIS domain name
sets the system’s host name (permanent settings in /etc/sysconfig/network)
hostnamectl --transient
(implemented from RHEL 7)
hostnamectl set-hostname <hostname>
(implemented from RHEL 7)
prints the system's host name

sets a permanent system’s host name (edits /etc/hostname), --transient sets a temporary system’s host name
hostnamectl (status)
(implemented from RHEL 7)
prints the permanent, possibly temporary system’s host name, hardware type, machine ID, boot ID, operating system name, name and version of the kernel and processor architecture
domainname
domainname <nisdomain>
prints the system’s NIS domain name, -I all IP addresses of the host, -d DNS domain name
sets the system’s NIS domain name (permanent settings in /etc/sysconfig/network)
hostid prints the numeric identifier for the current host
cat /etc/services prints known network services including their protocol and port number
cat /etc/protocols prints known network protocols
cat /etc/resolv.conf prints a list of DNS servers available for resolving domain names into IP addresses
cat /etc/hosts prints a list of IP addresses with associated names, possibly aliases of the remote systems that the local system connects to without using DNS or NIS
host <IP_address / hostname> prints a name or IP address of the remote system, -a all available information
$ host fedora.com
nslookup <IP_address / hostname> prints an IP address of the DNS server and name or IP address of the remote system; depending on particular options additional DNS records are displayed; without an argument it works interactively
dig <hostname> prints an IP address of the remote system and the DNS server, -x <IP_address> prints a name of the remote system; depending on particular options additional DNS records are displayed
whois <domain_name> prints information about an internet domain registration
$ whois redhat.com
ping <IP_address / hostname> detects a host's availability in the network, -c <n> sets the number of connection attempts, -i <n> sets the interval between attempts in seconds (1 s by default)
$ ping -c 5 google.com
route / netstat -r
route <option> (<parameter>) (<target>) (<option>) (<parameter>)
prints the IP routing table
-n prints IP addresses, add adds a static route, del removes a static route, -net the target is a network, -host the target is a host, netmask defines a network mask, gw defines a network gateway, dev defines a network card; (permanent settings in /etc/sysconfig/network-scripts/route-eth*)
# route add -host 95.139.140.42 gw 89.229.34.178
(adds a route for a particular host)
# route add default gw 192.168.122.255
(assigns the gateway a particular IP address)
# route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0
(adds a route for the particular network and specifies a network card)
traceroute <IP_address / hostname> prints the network path to a remote host, -m <n> specifies the max. number of hops – max. time-to-live value (30 by default), -n prints IP addresses, -w <n> sets the interval to wait for a response in seconds (5 s by default)
$ traceroute yahoo.com
tracepath <IP_address / hostname> prints the network path to a remote host, -m <n> specifies the max. number of hops – max. time-to-live value (30 by default), -n prints IP addresses, -b prints both host names and IP addresses
mtr <IP_address / hostname> prints the route packets trace to a remote host interactively (the packet information changes according to the current state), -m <n> specifies the max. number of hops – max. time-to-live value (30 by default), -n prints IP addresses
whatmask <netmask / IP/netmask> prints the number of usable IP addresses in a specified network
$ whatmask /24 / 192.168.165.23/24
ethtool <device>
ethtool -s <device> <option>
prints ethernet card settings
alters ethernet card settings; option e.g. duplex half or full, speed 10, 100, or 1000
# ethtool -s eth0 duplex full speed 100
(sets a duplex mode with full speed of 100 Mb/s)
ip (<option>) <object> <command> (<parameter>) prints or configures network parameters, -s displays traffic statistics for a network interface
$ ip link show
(prints the properties of all or specified network interfaces – their status, MAC address and other network parameters)
$ ip -s link show enp3s0
(prints the number of received and transmitted packets, packets errors and packets that were dropped for a specified network interface)
$ ip addr show
(prints the properties of all or specified network interfaces – their status, MAC address, IP address, network mask and other network parameters)
# ip addr add 192.168.0.100/24 dev eth0
(assigns another IP address for the network interface)
# ip addr del 192.168.0.100/24 dev eth0
(removes an IP address from network interface)
# ip route show
(prints a routing table)
ifconfig (<device>)

ifconfig <device> (<IP address>) <option>
prints the properties of all active or specified network interfaces – their status, MAC address, IP address, network mask and other network parameters, -a prints inactive network interfaces too
configures a specified network interface, options e.g. up, down, hw ether <MAC_address>, netmask <netmask> (permanent settings in /etc/sysconfig/network-scripts/ifcfg-eth*)
# ifconfig eth0 up/down
(activates/deactivates a network interface)
# ifconfig eth0 192.168.0.10 netmask 255.255.255.0
(sets a static IP address and network mask for the network interface)
# ifconfig eth0 hw ether 00:11:09:D6:DC:3C
(sets a specified MAC address for the network interface)
ifup <device> activates a network interface
# ifup eth0
ifdown <device> deactivates a network interface
# ifdown eth1
iwconfig <device>
iwconfig <device> <option>
prints the status of a wireless network interface
configures a wireless network interface, essid <network_name> network name, ap <AP_address> access point address, mode <mode> card mode ("Managed" = client, "Master" = access point), key <key> encrypted transfer
# iwconfig eth1 essid AP_profik ap 00:60:1D:01:23:45 key 0123-4567-89 mode Managed
iwlist <device> <option> prints detailed information from a wireless interface, scan prints available wireless networks including IP addresses of access points, frequency, mode, encryption and quality
nmcli (<object> <command> (<argument>)) controls NetworkManager (creates, deletes, displays, edits, activates and deactivates network profiles, as well as controls and displays network device status); profile (connection) = collection of settings that can be configured for a specified device, each profile has a name or ID that identifies it
$ nmcli dev status
(displays device status)
$ nmcli dev show enp3s0
(displays the settings for a specified device)
$ nmcli con show
(displays all profiles)
$ nmcli con show --active
(displays only the active profiles)
$ nmcli con show enp3s0
(displays all configuration settings for a specified profile)
# nmcli con add con-name static ifname enp3s0 type ethernet ipv4.method manual ipv4.address 192.168.15.105/24 ipv4.gateway 192.168.15.1 ipv4.dns 192.168.15.1
(creates a new profile "static" with a specified IP address, network prefix, default gateway and DNS)
# nmcli con mod static +ipv4.address 192.168.15.106/24
(modifies a profile adding another IP address)
# nmcli con up static
(activates a profile)
# nmcli con mod enp3s0 connection.autoconnect no
(disables the original profile from autostarting at boot)
tcpdump prints traffic on a network, -i <device> specifies a specified interface (the first one by default), port <port> specified port, tcp/udp/icmp particular protocol, host <host> between a specified host, ether host <MAC_address> between a specified MAC address, -n prints IP addresses, -v detailed output
# tcpdump -i eth0 -nv port 22
# tcpdump -nv ether host 00:02:3F:09:FA:F1
ifstat (<device>) displays network traffic statistics – the size of received and transmitted data on all or specified network interfaces
iftop displays a network traffic in an interactive way – source and destination addresses, the size of transferred data and a total summary (the output changes according to the current state), -i <device> specifies a particular interface (the first one by default), interactive option n prints IP addresses, p displays ports, S source port, D destination port, N service listening on the destination port, q quits the program
netstat / ss prints a list of open sockets including port numbers, protocol types and IP addresses, -a all current connections, -l listening ports only, -t TCP ports only (used with option "-a" or "-l"), -u UDP ports only (used with option "-a" or "-l"), -e users and i-nodes, -n IP addresses, -p the PID and name of the program using a particular port, -i the table of network interfaces, -r the kernel routing table, -s summary statistics for each protocol
$ ports="echo discard systat daytime netstat chargen finger nntp"; echo="7"; discard="9"; systat="11"; daytime="13"; netstat="15"; chargen="19"; finger="79"; nntp="119"; for port in $ports; do open_ports=$(netstat -an | egrep ":${!port}[ ]"); if [[ -n "$open_ports" ]]; then echo "${port} --> YES"; else echo "${port} --> NO"; fi; done
(prints the names of particular processes and whether their standard ports are open or not)
nmap (<scan> <option>) <target> explores ports availability of a remote host in order to identify running services and possibly the operating system type; the scan type can be -sS (TCP SYN scan – the most used scan, does not open a full TCP connection, sends a SYN packet and receives SYN/ACK – port is open, or RST – port is closed), -sA (TCP ACK scan, maps out firewall rulesets determining whether they are state or not and which ports are filtered), -sU (UDP scan), -sP (ping scan, checks a host's availability only and its MAC address in the local network); -sV prints a program used by the particular service, -p <port> specifies the ports, -O identifies the OS, -PN does not send ping requests (useful when ping is not allowed by the firewall), -D <IP_address> a "decoy" scan to mystify the target, -iL <file> reads the target from a file, -v detailed output
$ nmap root.cz
$ nmap -sP 10.0.0.0/24
# nmap -sA -v 147.229.28.4
# nmap -sS -sV -v 147.229.28.4 > scan.txt
# nmap -sS -PN -p 1-65000 192.168.0.247
# nmap -sS -sU -iL server_list
# nmap -sS -O -D 192.168.0.1,192.168.0.2 192.168.0.3
(TCP SYN port scan with OS detection of the target 192.168.0.3, pretended to be executed from previous IP addresses)
service iptables start / stop / status starts / stops the firewall or prints its settings
service iptables save saves newly created firewall rules into /etc/sysconfig/iptables in order to be persistent after the system reboot
iptables-save exports configured (not even saved) firewall rules from memory to STDOUT
# iptables-save > iprules
(saves new firewall rules into a particular file)
iptables-restore imports firewall rules from STDIN to memory
# iptables-restore < iprules
(reads the firewall rules from a particular file)
iptables (-t <table>) <option> <chain> <specification> <target> sets up and maintains firewall rules in the network; table "filter" is used for packets filtering (default) and contains builtin chains "INPUT" for incoming packets, "OUTPUT" for outgoing packets and "FORWARD" for packet forwarding between the networks, table "nat" is used for IP address translations and port forwarding with chain "PREROUTING" for incoming packets, "OUTPUT" for altering locally-generated packets before routing and "POSTROUTING" for outgoing packets, table "mangle" is used for specialized packet alterations and contains all the above chains; the correct firewall setup strictly depends on the particular rules order listed in /etc/sysconfig/iptables; option -I (<n>) inserts a rule at the head of the chain or in the selected chain specified by the rule number, -A appends a rule to the end of the selected chain, -D (<n>) deletes a rule from the selected chain, -L lists all rules in the selected chain, if no chain is selected, all chains are listed; option -n prints IP addresses and ports in a numeric format, -v prints the number of packets and bytes for each rule including the protocol and interface, --line-numbers numbers the rules of a particular chain (useful for further use with option "-I" or "-D"), -F removes the rules for a particular chain, if no chain is selected, all rules are removed, -P sets the default policy for the chain (all is allowed by default), -N creates a new user-defined chain by the specified name, usually used for more detailed specifications of the rules (a default policy cannot be applied for these chains), -X removes a user-defined chain; follows the rule specification -i <interface> input interface, -o <interface> output interface, -s <address> source address, -d <address> destination address, -p <protocol> type of protocol, -m <module> rule extension (state --state <connection_type> specifies the connection type – NEW new connection, ESTABLISHED existing connection, RELATED new connection related to an already existing communication, INVALID invalid connection meaning the packets cannot be identified; time specifies the time of connection --timestart <hh:mm>, --timestop <hh:mm>, --monthdays <day_in_month>, --weekdays <day_in_week>; iprange --src-range / --dst-range <IP-IP> specifies the range of source/destination addresses; limit --limit <n>/<s / m / h / d> specifies the time value, --limit-burst <n> specifies the number of packets), --sport <port> source port, --dport <port> destination port; and finally -j <target> specifies how to deal with the packets – for table "filter" ACCEPT = accept, DROP = drop, LOG = log the packets, REJECT = send back an error packet in response to the matched packet, for table "nat" SNAT --to <IP_address> = change the source address, DNAT --to <IP_address> = change the destination address, REDIRECT --to-ports <port> = redirect the port
# iptables -nvL --line-numbers
(prints the firewall rules in detailed output)
# iptables -P INPUT DROP
(drops all incoming packets)
# iptables -I INPUT -s 147.229.28.4 -j DROP
(drops all packets incoming from the particular IP address)
# iptables -A INPUT -p tcp --dport 22 -j DROP
(drops all packets incoming to the particular port)
# iptables -A INPUT -p tcp --dport 443 -j REJECT
(sends information about the service unavailability)
# iptables -I OUTPUT -d '!' 147.229.28.4 -j DROP
(allows only packets outgoing to the particular IP address)
# iptables -A OUTPUT -o eth0 -d 192.168.0.0/24 -j ACCEPT
(allows only packets outgoing from the particular interface to the local network)
# iptables -A OUTPUT -d upc.cz -p tcp --dport 80 -j DROP
(disallows to display the particular URL)
# iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport '!' 80 -j DROP
(allows packet redirections only to port 80)
# iptables -A INPUT -p tcp –dport 50:55 -m iprange --src-range 192.168.0.1-192.168.0.10 -j ACCEPT
(allows port range of 50-55 for particular IP addresses)
# iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 2 -j ACCEPT
(limits the number of "ping" requests to 2 per 1s)
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3250
(redirects the particular port)
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.0.2:8080
(alters the destination IP address and port of the service)
# iptables -A INPUT -j LOG
(logs all packets that do not meet any of the configured rules to /var/log/messages)
# iptables -D INPUT 5
(drops a rule on the 5th order in the list of "INPUT" chain)
ssh (<user>@)<host> (<command>) initializes an encrypted logging in to an existing account on the remote host using the same user name on both systems / using different user names; ssh is also used for executing commands on a remote host whose outputs are displayed on STDOUT of the local computer, -l <user> logs on under a specified user, -i <file> specifies the file with the keys (otherwise ~/.ssh/id_rsa is used), -p <port> uses a nonstandard port, -o <option> uses a specified option to override the default configuration, -v detailed output
$ ssh 192.168.0.20
$ ssh norton@mx.webs.cz / ssh -l norton mx.webs.cz
$ ssh 192.168.0.20 uname -a
$ ssh -o PubkeyAuthentication=no norton@192.168.0.20
$ echo "insert hostname":; while read hostname; do ssh $hostname 'echo "Hostname": $(hostname); echo "Linux version": $(uname -a; cat /etc/redhat-release)'> ${hostname}_version.log && echo "insert hostname":; done
ssh-keygen generates a pair of authentication keys – private and public which provide a secure user identification during the ssh connection without the necessity to enter the logging name and password; the private key is by default located in ~/.ssh/id_rsa či ~/.ssh/id_dsa, the public key in ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub and its contents need to be put into ~/.ssh/authorized_keys of the remote host; the program also asks the user to enter a "passphrase" (string of arbitrary characters, including white spaces, protecting the private key against abuse) which, if not empty, is required from the user for identification at the beginning of each connection, -t <key> specifies the type of key – "rsa" or "dsa" (by default "rsa"), -f <file> specifies the file with the keys (otherwise ~/.ssh/id_rsa is used), -p alters a "passphrase", -v detailed output
ssh-copy-id (<user>@)<host> copies a public key of the user from the local computer into ~/.ssh/authorized_keys of the host, -i <file> specifies the file with the keys (otherwise ~/.ssh/id_rsa.pub is used)
$ ssh-copy-id -i ~/.ssh/id_dsa.pub dookie@94.112.152.47
ssh-agent (<command>) provides a secure logging based on authentication keys without the necessity to enter a "passphrase" for user identification at the beginning of each connection (useful especially for commands executing on more remote servers via a script); ssh-agent is thus executed as first before the connection, by "ssh-add" the private key is delivered and only once a "passphrase" is required
$ ssh-agent sh <-'
$ ssh-add <-'
> <passphrase> <-'
ssh-add (<file>) provides temporarily a private key and passphrase under "ssh-agent" management
scp (<host>: / <user>@<host>:)<source> (<host>: / <user>@<host>:)<target> initializes an encrypted data transfer between remote hosts using the same user name on both systems / using different user names, -p preserves file attributes, -r recursively, -i <file> specifies the file with the keys (otherwise ~/.ssh/id_rsa is used), -v detailed output, -P <port> uses a nonstandard port, -l limits the used bandwidth specified in kB/s, -C compression
$ scp -rv 192.168.0.20:/home/kuba/data .
(copies directory "data" from the remote host to the working directory on the local computer)
$ scp ~/.ssh/id_rsa.pub kuba@192.168.0.20:.ssh/authorized_keys
(copies file "id_rsa.pub" from the local computer to ".ssh/" in the home directory on the remote host)
$ scp kuba@192.168.0.20:soubor.txt 192.168.0.21:
(copies file "file.txt" from one remote host to another, in both cases from and to user's home directory)
sftp (<user>@)<host> initializes an interactive encrypted data transfer between remote hosts using the same user name on both systems / using different user names, -P <port> uses a nonstandard port; the following commands are used: ! <command> executes a specified command on the local computer, help or ? help, get <file> copies a remote file to the local computer, mget <fil*> copies more remote files using wildcards, put <file> copies a local file to the remote computer, mput <fil*> copies more local files using wildcards, bye/quit/exit quits the program
telnet <host> (<port>) initializes an unencrypted logging in to an existing account on the remote host or detects a specified port availability; without an argument it works interactively
$ telnet 192.168.0.20 80
ftp <host> initializes an interactive unencrypted data transfer between remote hosts; the following commands are used: ! <command> executes a specified command on the local computer, help or ? help, get <file> copies a remote file to the local computer, mget <fil*> copies more remote files using wildcards, put <file> copies a local file to the remote computer, mput <fil*> copies more local files using wildcards, bye/quit/exit quits the program
lynx <URL> displays the contents of the URL, q quits the program
$ lynx centos.org
wget <URL> downloads the contents of the URL into the working directory, -c continues downloading a partially-downloaded file after the transfer is interrupted, -r recursive download, -t <n> specifies the number of download attempts
curl <URL> copies data from or to a specified URL, -o <file> specifies a target file (by default STDOUT), -F <item>=<contents> specifies outgoing data ("@" represents a source file)
# curl -o /etc/yum.repos.d/data.repo set.cz/data.repo
mail displays the contents of the logged-in user's mailbox (/var/spool/mail/<user>), -f displays the contents of mailbox with already read messages (/home/<user>/mbox); commands related to work with the mailbox: p/p(n) displays the oldest message / particular message, r replies to the message, d/d(m-n)/d* deletes particular/all messages, q quits the program
mail <address> sends a message to the specified address, -s <subject> subject, -c <address> carbon copy (CC), -b <address> blind carbon copy (BCC)
$ mail root / tom@atlas.cz < offer.txt
$ cat file | mail -s "offer" james -c root
$ echo "Hello James" | mail -s "greeting" james
the message can also be sent this way:
$ mail <address> <-'
Subject: <subject> <-'
<text> <-'
.<-' or ctrl+d
Cc: <address> <-'
wall <message> sends messages to all open terminals of logged-in users with their mesg permission set to "yes"
write <user> (<terminal>) sends a message to the specified user within the same host; the terminal specification is needed if the user is using more terminals at the same time
$ write dookie <-'
<text>
ctrl+d
$ echo "Hello" | write dookie
talk <user> / <user>@<host> (<terminal>) provides a communication between two users at the same time within the same host or between different hosts (in case of using the same user name on both hosts), the terminal is split into incoming and outgoing text windows; the terminal specification is needed if the user is using more terminals at the same time
$ talk tom@domain.com <-'
<text> <-'
ctrl+c
mesg (<y/n>) prints or sets the terminal's availability for the logged-in user to receive messages of "wall", "talk" or "write" program ("y" = yes, "n" = no)
who -w prints the current access state of the logged-in users' terminals for using program "wall", "talk" or "write" ("+" = yes, "-" = no)
Last modified: 2019/08/05 16:29 by Miroslav Bernát

visits: