340 likes | 533 Views
Unix Comp-145. Lecture 11: Unix’s Networking Tools Based on: S. Das, “Your Unix: The ultimate Guide”, 2 nd Edition, McGraw Hill, 2006 Chapt 14. Networking Tools. Intro to TCP/IP Mapping Domain Names to IP Addresses: /etc/hosts & DNS Communication Across Systems: Client/Server
E N D
Unix Comp-145 Lecture 11: Unix’s Networking Tools Based on: S. Das, “Your Unix: The ultimate Guide”, 2nd Edition, McGraw Hill, 2006Chapt 14 BROOKDALE COMMUNITY COLLEGE
Networking Tools Intro to TCP/IP Mapping Domain Names to IP Addresses: /etc/hosts& DNS Communication Across Systems: Client/Server Testing Connectivity using ping Use of telnet for remote login Use of Secure Shell (ssh) for remote login Why need cryptography? Use and limits of ftp BROOKDALE COMMUNITY COLLEGE
Intro to TCP/IP • Transfer ControlProtocol over Internet Protocol • Initially developed on and for UNIX platform • Around since 1983 • A Packet Switching system, no dedicated connections between sender and receiver • TCP’s standard = IETF’s RFC 793 (+RFC1323, RFC2581, etc.) • IP’s standard = IETF’s RFC 791 (+RFC 1826, 1853, 2549, 3768, etc) • Packets • Each packet contains a packet sequence number, a checksum, plus a header that contains at least a sender address & one or more recipient addresses. • Transferred through network via ROUTERS – • Intelligent devices that inspect each packet and decide what to do next (deliver packet locally or forward it to another router.) BROOKDALE COMMUNITY COLLEGE
Intro to TCP/IP (Cont’d) • Host Names and IP addresses • Host = computer in network • Host identified by hostnamevalue • 2 forms of host name: • Simple • sodapop • Fully Qualified Domain Name (FQDN) • sodapop.brookdalecc.edu • hostnamecommand reveals the host name of the computer BROOKDALE COMMUNITY COLLEGE
Intro to TCP/IP (Cont’d) • Host Names and IP addresses (Cont’d) • Each networked host assigned a network unique IP address. • Set of 4 dot delimited octets, i.e., each octet represents a sequence of 8 bits or 1 byte. • Max value of each octet is 255 • For routing efficiency, each IP address is divided into a prefix and a suffix • Prefix identifies network to which computer is attached • Suffix identifies network computer is within BROOKDALE COMMUNITY COLLEGE
Intro to TCP/IP (Cont’d) • Host Names and IP addresses (Cont’d) • Like FQDN’s an IP Address is Hierarchical • Only IP addresses are considered routable. • Fully Qualified Domain Names must be converted to IP addresses for a router to evaluate. • Resolution of FQDNs to IP addresses performed by “resolver” BROOKDALE COMMUNITY COLLEGE
Mapping Domain Names to/from IP Addresses • /etc/host • Holds name to address mappings in small networks. • File often called host file. • Syntax: ip_address $ cat /etc/host ::1 localhost localhost.brookdalecc.edu 127.0.0.1 localhost localhost.brookdalecc.edu • 127.0.0.1 = local (loop-back) address. • Sometimes used by system administrators to stop sites that attempt to redirect their requests. • Considered a dead-end address, but some malicious code can run services on the loopback address BROOKDALE COMMUNITY COLLEGE
Used in larger networks, DB that provides Name to Address mapping service. Hostnames organized Hierarchically. Distributed DB comprised of various hosts on the internet and various domains Delegation of authority at individual levels in hierarchy. Three main components of DNS Resolver (maps a Name to an IP address) Name server Database of Resource Records (RRs) • Mapping Domain Names to/from IP Addresses DNS: Domain Name system BROOKDALE COMMUNITY COLLEGE
Mapping Domain Names to/from IP Addresses Partial DNS Hierarchy int fr BROOKDALE COMMUNITY COLLEGE
Mapping Domain Names to/from IP Addresses Domains Explained • Top Level Domains: Immediately subordinate to its “.” root • Domain is a label of the DNS Tree. • Each node on the DNS tree represents a domain. • Domain Name represents an entity's position within the structure of the DNS hierarchy • Domains under the top-level domains represent individual organizations or entities BROOKDALE COMMUNITY COLLEGE
Mapping Domain Names to/from IP Addresses • Delegation of authority to individual levels in hierarchy, falls to organization’s network admin. • Zone = group of domains and sub-domains for which an organization has authority Domains Explained BROOKDALE COMMUNITY COLLEGE
Communication Across Systems • One entity makes a request, another party services the request Client-server paradigm Server Client Request Response BROOKDALE COMMUNITY COLLEGE
Communication Across Systems • Server programs in Unix called daemons. • Run in background • Listen for input from clients • Examples: • httpd – Listens for requests for web-pages • sendmail – Handles e-mail • inetd – Handles FTP and telnet requests • ping – Does not need a server. Client-server paradigm in UNIX BROOKDALE COMMUNITY COLLEGE
Communication Across Systems (cont’d) • Servers communicate via PORTS • Port IDs (numbers) divided into 3 ranges: • From 0 through 1023 = Well Known Ports • From 1024 through 49151 = Registered Ports • From 49152 through 65535 = Dynamic and/or Private Ports • “Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a Service Contact Port is defined.” The list published by IANA “specifies the port used by the server process as its contact port. The contact port is sometimes called the "well-known port".” 1 • PORT Types: TCP and UDP (Universal Datagram Protocol) • 1: http://www.iana.org/assignments/port-numbers, last updated 12/8/09 BROOKDALE COMMUNITY COLLEGE
Communication Across Systems (cont’d) • “well-known” server PORTS • ServiceClient Programserver Port # • FTP ftp 21 • SSH ssh, scp, sftp, slogin 22 • TELNET telnet 23 • SMTP mailx, netscape 25 • HTTP netscape, mozila, 80 • firefox, opera, konqueror • POP3 fetchmail 110 • A complete list ports that UNIX listens on found in /etc/services BROOKDALE COMMUNITY COLLEGE
Communication Across Systems (cont’d) • Connects to network via NIC card (Network Interface Card) – often called “NIC card” • card assigned an IP address. BROOKDALE COMMUNITY COLLEGE
Testing connectivity using ping (cont’d) • Used to test connectivity • PING sends 56 byte packets to remote host whose NIC card answers back • $ ping sodapop • PING sodapop: 56 data bytes • 64 bytes from sodapop.brookdalecc.edu (172.17.1.243): icmp_seq=0. time=0. ms • 64 bytes from sodapop.brookdalecc.edu (172.17.1.243): icmp_seq=. time=0. ms • 64 bytes from sodapop.brookdalecc.edu (172.17.1.243): icmp_seq=. time=0. ms • 64 bytes from sodapop.brookdalecc.edu (172.17.1.243): icmp_seq=. time=0. ms • ^C • --- sodapop PING statistics --- • 4 packets transmitted, 4 packets received, 0% packet loss round trip (ms) min/avg/max/stddev = 0.010/0.031/0.006 BROOKDALE COMMUNITY COLLEGE
Use of telnetFor Remote Login • Log in to a remote machine over an IP network [telnet <ip_address>] • User ID and password transmitted in CLEAR TEXT • Local machine acts like a dumb terminal: Echoes to terminal what is sent and what is received. • “esc_key” or “ctl ]” – temporarily transfers user to local machine. Prompt changes telnet > • $ telnet 127.0.0.1 • Trying 127.0.0.1... • Connected to localhost. • Escape character is '^]'. • Trying SRA secure login: • User (rjesmajian): BROOKDALE COMMUNITY COLLEGE
Use of telnetFor Remote Login (cont’d) • “esc_key” or “ctl +]” – temporarily enables user to run commands on local machine. Prompt changes telnet > • Use “!” to run commands on local system telnet > !ls –l *.sh BROOKDALE COMMUNITY COLLEGE
Use of telnetFor Remote Login (cont’d) Microsoft telnet> Microsoft Telnet> ctl+] Welcome to Microsoft Telnet Client Escape Character is 'CTRL+]' Microsoft Telnet> ?/help Commands may be abbreviated. Supported commands are: c - close close current connection d - display display operating parameters o - open hostname [port] connect to hostname (default port 23). q - quit exit telnet set - set set options (type 'set ?' for a list) sen - send send strings to server st - status print status information u - unset unset options (type 'unset ?' for a list) ?/h - help print help information Microsoft Telnet> !ls –l ~/*.sh BROOKDALE COMMUNITY COLLEGE
Use of Secure Shell (ssh) for remote login • Securely log in to a remote machine over an IP network [ssh<RemoteMachineName>] • Developed to replace telnet • Uses public key (Asymmetric) cryptographic algorithms to generate a mathematically related public-private key pair • Key pair is used to • Establish trust, i.e., authenticate user & host • Encrypt/decrypt passwords & data. BROOKDALE COMMUNITY COLLEGE
Why need Cryptography? • Encryption/Decryption provides data confidentiality and data integrity over an insecure network • Data exchanged is encrypted by sender, and decrypted by recipient using session key. • Messages & transactions can be Digitally Signed by originator to provide data integrity and authentication • Popular algorithms used to generate digital signatures: • RSA (invented by Rivest, Shamir and Adlemen) • DSA (Digital Signature Algorithm) BROOKDALE COMMUNITY COLLEGE
Why need Cryptography?(cont’d) • 2 forms of Cryptography • Symmetric – 1 secret key • Advantage: Simple mathematical algorithm Key determined between 2 parties • Disadvantage: key management • Use: Military and most major firms for Internal Communications • Asymmetric – 1 Public Key and 1 Private key • Advantage: key management • Disadvantage: Complex mathematical algorithm Must subscribe to public key administrator service • Use: Telecoms and most major firms for External Communications BROOKDALE COMMUNITY COLLEGE
Why need Cryptography?(Symmetric Cryptography) • Data protection (via Symmetric Encryption). Sender’sSecret Key Sender’sSecret Key BROOKDALE COMMUNITY COLLEGE
Why need Cryptography?(Asymmetric Cryptography) • Data protection (via Asymmetric Encryption). The Recipient’s secret key is the mathematical inverse function of Sender’s public key. BROOKDALE COMMUNITY COLLEGE
Why need Cryptography?(Digital Signatures)(cont’d) • Message Authentication (via Digital Signature). BROOKDALE COMMUNITY COLLEGE
Why need Cryptography?(Digital Signatures)(cont’d) • Originating a DIGITAL SIGNATURE • A message digest (MD) is generated using the sender’s private key and a MD creation algorithm, i.e., a set of hashing algorithms. • Message digest = “summary” of the message to be transmitted. • MD’s main properties: • Always smaller than the message itself • The slightest change in the message produces a different digest. • The message digest is encrypted using the sender's asymmetric private key. The resulting encrypted MD = the digital signature. • Attach the computed digital signature to the message & send. BROOKDALE COMMUNITY COLLEGE
Why need Cryptography?(Digital Signatures)(cont’d) • Validating a DIGITAL SIGNATURE on receipt • Use the sender's PUBLIC KEY to decrypt the digital signature to obtain the received MD assumed to be generated by the known sender. • Use the same MD algorithm used by the sender to generate your own MD of the received message. • Compare the 2 MD • If equal then message is unaltered & not from an imposter. • If not equal, discard message as untrustworthy, the message has been tampered with by a third party. BROOKDALE COMMUNITY COLLEGE
File Transfer Protocol (FTP) • Log in to a remote machine over an IP network to transfer files [ftp <remoteMachineName>] • Authorized remote user (user’s sign-on credentials (userID/Pwd) known by remote system) • Anonymous user(userID= anonymous, pwd=user e-mail address) BROOKDALE COMMUNITY COLLEGE
File Transfer Protocol (FTP) • Uploads & Downloads 2 types of Files: ASCII (text) & BINARY (all other file encodings) • ftp> binary • 200 Type set to I • ftp> put photo1.gif • Preface commands with “!” to run command on local machine • ftp> !pwd BROOKDALE COMMUNITY COLLEGE
File Transfer Protocol (FTP)(cont’d) • FTP commands for use on remote system: ! cr get mdirnlist put rmdirtenex $ debug glob mgetnmappwdrstatus throttle Account delete hash mkdirntrans quit runique trace append dir help mls open quote send type ascii disconnect idle mlsd page rate sendportumask bell edit image mlst passive rcvbuf set unset binary epsv4 lcd mode pdirrecv site usage bye exit less modtimeplsreget size user case features lpage more pmlsdremoptssndbuf verbose cdfgetlpwdmput preserve rename status xferbuf cdup form lsmreget progress reset struct ? chmod ftp macdefmsend prompt restart sunique close gate mdelete newer proxy rhelp system BROOKDALE COMMUNITY COLLEGE
File Transfer Protocol (FTP)(cont’d) • To Upload files onto remote system use put or mput • put - Uploads one file at a time • ftp> binary • 200 Type set to I. • ftp> put photo1.gif • mput - Uploads one or more files at a time • ftp> binary • 200 Type set to I. • ftp> mput photo*.gif • ftp> ascii • 200 Type set to A. • ftp> mput mo*.sh BROOKDALE COMMUNITY COLLEGE
File Transfer Protocol (FTP)(cont’d) • To Download files from a remote system use getormget. • getcommand downloads one file at a time • ftp> binary • 200 Type set to I. • ftp> get photo1.gif • mget downloads one or more files at a time • ftp> binary • 200 Type set to I. • ftp> mget photo*.gif BROOKDALE COMMUNITY COLLEGE
File Transfer Protocol (FTP)(cont’d) • Normally, prompt and hash are invoked immediately before get and mget • prompt • Makes get and mget behave non-interactively, if the interactive mode was active. • ftp> prompt • Interactive mode off. • ftp> • hash • Each time a block of data is transferred a “#” to be printed. • ftp> hash • Hash mark printed on (1024 bytes/hash mark). • ftp> BROOKDALE COMMUNITY COLLEGE