User Tools

Site Tools


network-and-communication

Network & Communication


NETWORK & COMMUNICATION
hostname prints the current system's host name, -I all network addresses of the host, -d the name of the DNS domain
hostname <hostname> sets a temporary system’s host name (permanent settings in /etc/sysconfig/network)
hostnamectl --transient
(implemented in Red Hat Enterprise Linux 7)
prints the current system's host name
hostnamectl set-hostname <hostname>
(implemented in Red Hat Enterprise Linux 7)
sets a permanent system’s host name (edits /etc/hostname), --transient sets a temporary system’s host name
domainname prints the current system’s NIS/YP domain name, -I all network addresses of the host, -d the name of the DNS domain
domainname <nisdomain> sets a current system’s NIS/YP domain name (permanent settings in /etc/sysconfig/network)
hostid prints the numeric identifier for the current host
cat /etc/services prints known network services including their protocol and port number
cat /etc/protocols prints known network protocols
cat /etc/resolv.conf prints a list of DNS servers available for resolving domain names into IP addresses
cat /etc/hosts prints a list of IP addresses with associated domain names and eventual aliases of the servers which the local system communicates with without using DNS or NIS
host <IP_address / hostname> prints a domain name or IP address of the remote system, -a prints all available information
$ host fedora.com
nslookup <IP_address / hostname> prints an IP address of the DNS server and a domain name or IP address of the remote system; depending on particular options other DNS records can be displayed, when no arguments are given an interactive mode is used
dig <hostname> prints an IP address of the remote system and the DNS server, -x <IP_address> prints a domain name of the remote system; depending on particular options other DNS records can be displayed
whois <domain_name> prints an internet domain registration information
$ whois redhat.com
ethtool <device>
ethtool -s <device> <option>
prints ethernet card settings
alters ethernet card settings; option e.g. duplex half or full, speed 10, 100, or 1000
# ethtool -s eth0 duplex full speed 100
(sets a duplex mode with full speed of 100 Mb/s)
ifup <device> activates a network card
# ifup eth0
ifdown <device> deactivates a network card
# ifdown eth1
whatmask <netmask> / <IP/netmask> prints the number of usable IP addresses in in a particular network
$ whatmask /24 / 192.168.165.23/24
ip (<option>) <object> <command> (<parameter>) prints or configures network parameters
$ ip addr show
(prints the current network configuration)
# ip addr add 192.168.0.100/24 dev eth0
(assigns another IP address for a particular interface)
# ip addr del 192.168.0.100/24 dev eth0
(removes the IP address from a particular interface)
# ip route show
(prints a routing table)
ifconfig / ifconfig <device>


ifconfig <device> (<IP address>) <option>
prints the status of the currently active / particular interfaces - IP address, MAC address, network mask and other network parameters, -a prints the status of all (including inactive) interfaces
configures a particular network interface, options e.g. up, down, hw ether <MAC_address>, netmask <netmask> (permanent settings in /etc/sysconfig/network-scripts/ifcfg-eth*)
# ifconfig eth0 up / down
(activates / deactivates a network card)
# ifconfig eth0 192.168.0.10 netmask 255.255.255.0
(sets a static IP address and network mask)
# ifconfig eth0 hw ether 00:11:09:D6:DC:3C
(sets a particular MAC address for the network card )
iwconfig <device>
iwconfig <device> <option>
prints the status of a wireless network interface
configures a wireless network interface, essid <network_name> network name, ap <AP_address> access point address, mode <mode> card mode ("Managed" = client, "Master" = access point), key <key> encrypted transfer
# iwconfig eth1 essid AP_profik ap 00:60:1D:01:23:45 key 0123-4567-89 mode Managed
iwlist <device> <option> prints detailed information from a wireless interface, scan prints available wireless networks including IP addresses of access points, frequency, mode, encryption and quality
ping <IP_address / hostname> checks a host's availability in the network, -c<n> sets the number of connection attempts
$ ping -c5 google.com
route / netstat -r
route <option> (<parameter>) (<target>) (<option>) (<parameter>)
prints the IP routing table
-n prints IP addresses, add adds a static route, del removes a static route, -net the target is a network, -host the target is a host, netmask defines a network mask, gw defines a network gateway, dev defines a network card; (permanent settings in /etc/sysconfig/network-scripts/route-eth*)
# route add -host 95.139.140.42 gw 89.229.34.178
(adds a route for a particular host)
# route add default gw 192.168.122.255
(assigns the gateway a particular IP address)
# route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0
(adds a route for the particular network and specifies a network card)
traceroute <IP_address / hostname> prints the route packets trace to a network host, -m <n> specifies the maximum number of hops - max. time-to-live value (the default is 30), -n prints IP addresses
$ traceroute yahoo.com
mtr <IP_address / hostname> prints the route packets trace to a network host in an interactive way (the packet information changes according to the current state), -m <n> specifies the maximum number of hops - max. time-to-live value (the default is 30), -n prints IP addresses
netstat prints a list of open sockets including port numbers, protocol types and IP addresses, -a all current connections, -l listening ports only, -t TCP ports only (used with option "-a" or "-l"), -u UDP ports only (used with option "-a" or "-l"), -e users and i-nodes, -n IP addresses, -p the PID and name of the program to which each socket belongs, -i the table of network interfaces, -r the kernel routing table, -s summary statistics for each protocol
$ ports="echo discard systat daytime netstat chargen finger nntp"; echo="7"; discard="9"; systat="11"; daytime="13"; netstat="15"; chargen="19"; finger="79"; nntp="119"; for port in $ports; do open_ports=$(netstat -an | egrep ":${!port}[ ]"); if [[ -n "$open_ports" ]]; then echo "${port} --> YES"; else echo "${port} --> NO"; fi; done
(prints the names of particular processes and whether their standard ports are open or not)
tcpdump prints traffic on a network, -i <device> specifies a particular interface (the first one by default), port <port> particular port, tcp/udp/icmp particular protocol, host <host> between a particular host, ether host <MAC_address> between a particular MAC address, -n prints IP addresses, -v detailed output
# tcpdump -i eth0 -nv port 22
# tcpdump -nv ether host 00:02:3F:09:FA:F1
ifstat (<device>) displays a network traffic - the size of received and sent data on all or on a particular interface
iftop displays a network traffic in an interactive way - source and destination addresses, the size of transferred data and a total summary (the output changes according to the current state), -i <device> specifies a particular interface (the first one by default), interactive option n prints IP addresses, p displays ports, S source port, D destination port, N service listening on the destination port, q quits the program
nmap (<scan> <option>) <target> explores ports availability of a remote host in order to identify running services and eventually the operating system type; the scan type can be -sS (TCP SYN scan - the most used scan, does not open a full TCP connection, sends a SYN packet and receives SYN/ACK - port is open, or RST - port is closed), -sA (TCP ACK scan, maps out firewall rulesets determining whether they are stateful or not and which ports are filtered), -sU (UDP scan), -sP (ping scan, checks a host's availability only and its MAC address in the local network); -sV prints a program used by the particular service, -p <port> specifies the ports, -O identifies the OS, -PN does not send ping requests (useful when ping is not allowed by the firewall), -D <IP_address> a "decoy" scan to mystify the target, -iL <file> reads the target from a file, -v detailed output
$ nmap root.cz
$ nmap -sP 10.0.0.0/24
# nmap -sA -v 147.229.28.4
# nmap -sS -sV -v 147.229.28.4 > scan.txt
# nmap -sS -PN -p 1-65000 192.168.0.247
# nmap -sS -sU -iL server_list
# nmap -sS -O -D 192.168.0.1,192.168.0.2 192.168.0.3
(TCP SYN port scan with OS detection of the target 192.168.0.3, pretended to be executed from previous IP addresses)
service iptables start / stop / status starts / stops the firewall or prints its settings
service iptables save saves newly created firewall rules into /etc/sysconfig/iptables in order to be persistent after the system reboot
iptables-save exports configured (not even saved) firewall rules from memory to STDOUT
# iptables-save > iprules
(saves new firewall rules into a particular file)
iptables-restore imports firewall rules from STDIN to memory
# iptables-restore < iprules
(reads the firewall rules from a particular file)
iptables (-t <table>) <option> <chain> <specification> <target> sets up and maintains firewall rules in the network; table "filter" is used for packets filtering (default) and contains builtin chains "INPUT" for incoming packets, "OUTPUT" for outgoing packets and "FORWARD" for packet forwarding between the networks, table "nat" is used for IP address translations and port forwarding with chain "PREROUTING" for incoming packets, "OUTPUT" for altering locally-generated packets before routing and "POSTROUTING" for outgoing packets, table "mangle" is used for specialized packet alterations and contains all the above chains; the correct firewall setup strictly depends on the particular rules order listed in /etc/sysconfig/iptables; option -I (<n>) inserts a rule at the head of the chain or in the selected chain given by the rule number, -A appends a rule to the end of the selected chain, -D (<n>) deletes a rule from the selected chain, -L lists all rules in the selected chain, if no chain is selected, all chains are listed; option -n prints IP addresses and ports in a numeric format, -v prints the number of packets and bytes for each rule including the protocol and interface, --line-numbers numbers the rules of a particular chain (useful for further use with option "-I" or "-D"), -F removes the rules for a particular chain, if no chain is selected, all rules are removed, -P sets the default policy for the chain (all is allowed by default), -N creates a new user-defined chain by the given name, usually used for more detailed specifications of the rules (a default policy cannot be applied for these chains), -X removes a user-defined chain; follows the rule specification -i <interface> input interface, -o <interface> output interface, -s <address> source address, -d <address> destination address, -p <protocol> type of protocol, -m <module> rule extension (state --state <connection_type> specifies the connection type - NEW new connection, ESTABLISHED existing connection, RELATED new connection related to an already existing communication, INVALID invalid connection meaning the packets cannot be identified; time specifies the time of connection --timestart <hh:mm>, --timestop <hh:mm>, --monthdays <day_in_month>, --weekdays <day_in_week>; iprange --src-range / --dst-range <IP-IP> specifies the range of source / destination addresses; limit --limit <n>/<s / m / h / d> specifies the time value, --limit-burst <n> specifies the number of packets), --sport <port> source port, --dport <port> destination port; and finally -j <target> specifies how to deal with the packets - for table "filter" ACCEPT = accept, DROP = drop, LOG = log the packets, REJECT = send back an error packet in response to the matched packet, for table "nat" SNAT --to <IP_address> = change the source address, DNAT --to <IP_address> = change the destination address, REDIRECT --to-ports <port> = redirect the port
# iptables -nvL --line-numbers
(prints the firewall rules in detailed output)
# iptables -P INPUT DROP
(drops all incoming packets)
# iptables -I INPUT -s 147.229.28.4 -j DROP
(drops all packets incoming from the particular IP address)
# iptables -A INPUT -p tcp --dport 22 -j DROP
(drops all packets incoming to the particular port)
# iptables -A INPUT -p tcp --dport 443 -j REJECT
(sends information about the service unavailability)
# iptables -I OUTPUT -d '!' 147.229.28.4 -j DROP
(allows only packets outgoing to the particular IP address)
# iptables -A OUTPUT -o eth0 -d 192.168.0.0/24 -j ACCEPT
(allows only packets outgoing from the particular interface to the local network)
# iptables -A OUTPUT -d upc.cz -p tcp --dport 80 -j DROP
(disallows to display the particular URL)
# iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport '!' 80 -j DROP
(allows packet redirections only to port 80)
# iptables -A INPUT -p tcp –dport 50:55 -m iprange --src-range 192.168.0.1-192.168.0.10 -j ACCEPT
(allows port range of 50 - 55 for particular IP addresses)
# iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 2 -j ACCEPT
(limits the number of "ping" requests to 2 per 1s)
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3250
(redirects the particular port)
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.0.2:8080
(alters the destination IP address and port of the service)
# iptables -A INPUT -j LOG
(logs all packets that do not meet any of the configured rules to /var/log/messages)
# iptables -D INPUT 5
(drops a rule on the 5th order in the list of "INPUT" chain)
ssh <host> / <user>@<host> (<command>) provides an encrypted logging into an existing account on the remote host using the same user name on both servers / using different user names on both servers; ssh is also used for executing commands on a remote host whose outputs are displayed on STDOUT of the local computer, -l <user> logs on under a particular user, -p <port> uses a nonstandard port (different from port 22), -v detailed output
$ ssh 192.168.0.20
$ ssh norton@mx.webs.cz / ssh -l norton mx.webs.cz
$ ssh 192.168.0.20 uname -a
ssh-keygen generates a pair of authentication keys - private and public which provide a secure user identification during the ssh connection without the necessity to enter the logging name and password; the private key is by default located in ~/.ssh/id_rsa či ~/.ssh/id_dsa, the public key in ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub and its contents need to be put into ~/.ssh/authorized_keys of the remote host; the program also asks the user to enter a "passphrase" (string of arbitrary characters, including white spaces, protecting the private key against abuse) which, if not empty, is required from the user for identification at the beginning of each connection, -t <key> specifies the type of the key - "rsa" or "dsa" (by default "rsa"), -p alters a "passphrase", -v detailed output
ssh-copy-id (<user>@)<host> copies a public key of the user from the local computer into ~/.ssh/authorized_keys of the host, -i <file> specifies the file with the keys (otherwise ~/.ssh/id_rsa.pub is used)
$ ssh-copy-id -i ~/.ssh/id_dsa.pub dookie@94.112.152.47
ssh-add (<file>) delivers temporarily a private key and "passphrase" under "ssh-agent" management
ssh-agent <command> provides a secure logging based on authentication keys without the necessity to enter a "passphrase" for user identification at the beginning of each connection (useful especially for commands executing on more remote servers via a script); ssh-agent is thus executed as first before the connection, by "ssh-add" the private key is delivered and only once a "passphrase" is required
$ ssh-agent sh <-'
$ ssh-add <-'
> <passphrase> <-'
scp (<host>: / <user>@<host>:)<source> (<host>: / <user>@<host>:)<target> provides an encrypted data transfer between remote hosts using the same user name on both servers / using different user names on both servers, -p preserves file attributes, -r recursively, -v detailed output, -P <port> uses a nonstandard port, -l limits the used bandwidth specified in kB/s, -C compression
$ scp -rv mx.webs.cz:/home/kuba/data .
(copies directory "data" from the remote host to the working directory on the local computer)
$ scp ~/.ssh/id_rsa.pub norton@192.168.0.1:.ssh/authorized_keys
(copies file "id_rsa.pub" from the local computer to ".ssh/" in the home directory on the remote host)
$ scp norton@arnold:soubor.txt 192.168.20.1:
(copies file "file.txt" from one remote host to another, in both cases from and to user's home directory)
sftp <host> / <user>@<host> provides an encrypted data transfer between remote hosts using the same user name on both servers / using different user names on both servers; the following commands are used: ! <command> executes a particular command on the local computer, ? help, get <file> copies a remote file to the local computer, mget <fil*> copies more files using wildcards, for the opposite direction put <file> or mput <fil*>, bye / quit termination
telnet <host> (<port>) provides logging into an existing account on the remote host
$ telnet 192.168.0.20 80
(checks a particular port availability on the remote host)
lynx <URL> displays the contents of the URL, q terminates the program
$ lynx yahoo.com
wget <URL> downloads the contents of the URL into the home directory, -r recursive download, -t <number> specifies the number of download attempts
curl <URL> copies data from or to a particular URL, -o <file> specifies a target file (by default STDOUT), -F <item>=<contents> specifies outgoing data ("@" represents a source file)
# curl -o /etc/yum.repos.d/data.repo set.cz/data.repo
mail displays the contents of the logged in user's mailbox (/var/spool/mail/<user>), -f displays the contents of mailbox with already read messages (/home/<user>/mbox); commands related to work with the mailbox:
p/p(n) displays the oldest message / particular message, r replies to the message, d/d(m-n)/d* deletes particular / all messages, q terminates the program
mail <address> sends a message to the particular address, -s <subject> subject, -c <address> carbon copy (CC), -b <address> blind carbon copy (BCC)
$ mail root / tom@atlas.cz < offer.txt
$ cat file | mail -s "offer" james -c root
$ echo "Hello James" | mail -s "greeting" james
the message can also be sent this way:
$ mail <address> <-'
Subject: <subject> <-'
<text> <-'
.<-' or ctrl+d
Cc: <address> <-'
wall <message> sends messages to all open terminals of logged in users with their mesg permission set to "yes"
write <user> (<terminal>) sends a message to the particular user within the same host; the terminal specification is needed if the user is using more terminals at the same time
$ write dookie <-'
<text>
ctrl+d
$ echo "Hello" | write dookie
talk <user> / <user>@<host> (<terminal>) provides a communication between two users at the same time within the same host or between different hosts (in case of using the same user name on both hosts), the terminal is split into incoming and outgoing text windows; the terminal specification is needed if the user is using more terminals at the same time
$ talk root@new.domain.cz <-'
<text> <-'
ctrl+c
mesg (<y / n>) allows or disallows other users to write to a user's terminal using program "wall", "talk" or "write"; if no option is given, mesg prints out the current access state of the logged in user's terminal
who -w prints the current access state of the logged in users' terminals for using program "wall", "talk" or "write" ("+" = yes, "-" = no)
Last modified: 2015/08/06 20:56 by Miroslav Bernát

visits: