Home  
  CompTIA  
  Practice Exams  
  TechNotes  
  - A+ Core -  
  - A+ OS -  
  - Network+ -  
  - Security+ -  
  - Linux+ -  
  Links  
  Forums  
  Blogs  
  Topsites  
  Search the Web  
  Watch free videos online  
     
  Subnet Calculator  
  Online Degrees  
  Exam Vouchers  
  Free Magazines  

   
Linux+ TechNotes
Networking
Index
Configuring Network Interfaces
Network Connectivity Tools
Basic Network Services

With nearly every corporate and government workplace making use of networked computers, being able to configure and troubleshoot network devices and services is a fundamental part of an administrator’s job. Like most modern operating systems, Linux supports the TCP/IP protocol and has a number of tools for managing network adapters and protocols.


Configuring Network Interfaces

Just like any other hardware in Linux, network interfaces are identified using a standard naming convention. The first Ethernet interface is always eth0. The second is eth1. Any additional Ethernet interfaces are numbered sequentially. Wireless Ethernet adapters are named starting at wlan0. Any PPP interfaces are named beginning with ppp0. The loopback interface is called lo0.

The network service is used to start or stop all network devices. This service is merely a script that starts each networking component in turn. On RedHat based distributions, this service first reads the contents of the file /etc/sysconfig/network to gather system wide network settings. An example /etc/sysconfig/network file looks like this:

NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=production
GATEWAY=10.0.0.1
GATEWAYDEV=eth0

The network service then checks whether nonstandard settings such as IPv6 or IPX are in use and starts them if needed. Next the network service looks for network adapters to start. Each network adapter will have a configuration script in the /etc/sysconfig/network-scripts directory. These configuration scripts use the following naming convention: ifcfg-<interface_name>. A script to configure the first Ethernet interface would be named ifcfg-eth0 and could look like this:

# Intel Corp.|82547GI Gigabit Ethernet Controller
DEVICE=eth0
HWADDR=00:11:25:BA:5F:8C
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.0.0.2
NETMASK=255.0.0.0

Notice that these settings are specific to that particular adapter. The network service can be manually started, stopped or restarted by calling it with the appropriate parameter:

/etc/rc.d/init.d/network start
/etc/rc.d/init.d/network stop
/etc/rc.d/init.d/network restart

Starting or restarting the network service will result in a message that displays which network interfaces are trying to start and whether they were successful or not. You can also check the status of a system’s network interfaces using the ifconfig command. Used without any parameters, ifconfig will display the status of all active network adapters:

eth0 Link encap:Ethernet HWaddr 00:11:25:BA:5F:8C
        inet addr:10.0.0.2 Bcast:10.255.255.255 Mask:255.0.0.0
        UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
        RX packets:45135830 errors:0 dropped:0 overruns:0 frame:0
        TX packets:56287524 errors:0 dropped:0 overruns:0 carrier:0
        collisions:182043 txqueuelen:1000
        RX bytes:315903775 (304.4 Mb) TX bytes:284703199 (278.7 Mb)
        Base address:0x2000 Memory:d0120000-d0140000

lo Link encap:Local Loopback
        inet addr:127.0.0.1 Mask:255.0.0.0
        UP LOOPBACK RUNNING MTU:16436 Metric:1
        RX packets:516385 errors:0 dropped:0 overruns:0 frame:0
        TX packets:516385 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:0
        RX bytes:94513448 (90.1 Mb) TX bytes:94513448 (90.1 Mb)

The -a option will display the status of all adapters including those that are down. Ifconfig is the most common command for checking basic information such as the IP address or whether an interface is enabled. The ifconfig command can also be used to configure an interface. A simple command using ifconfig shows how to set an IP address and subnet mask:

ifconfig eth0 10.0.0.3 netmask 255.0.0.0

Settings configured in this manner are only kept until the machine is rebooted. To make network settings permanent the changes must be made to the appropriate configuration file in the /etc/sysconfig/network-scripts directory. Ifconfig can be used with either the up or down parameter to start or stop an interface. This example disables the first Ethernet interface:

ifconfig eth0 down

Two other commands exist to manually start or stop a single network interface: ifup and ifdown. The first command enables the first Ethernet interface, while the following command disables it, for example:

ifup eth0

ifdown eth0

Unfortunately, ifconfig cannot be used to configure DNS settings. To do this you must use a distribution specific tool (such as netconfig ) or edit the /etc/resolv.conf file directly. A list of DNS servers to query are listed in /etc/resolv.conf using the following format:

nameserver <IP_address>

Network Connectivity Tools

The simplest tool for testing that your network card has been correctly configured is the ping command. This simple utility is part of the TCP/IP protocol suite and can be used to test communication between any two TCP/IP devices. The ping command accepts both IP addresses and hostnames as parameters and will continue to send packets until Ctrl-C is pressed:

Ping 10.0.0.1

PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.226 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.186 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.155 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.220 ms
64 bytes from 10.0.0.1: icmp_seq=5 ttl=64 time=0.171 ms
^C

--- 10.0.0.1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4998ms
rtt min/avg/max/mdev = 0.155/0.197/0.229/0.033 ms

The ping command can be used to isolate a failing network device and narrow down the cause of connectivity problems. A common strategy is to ping the nearest device and work outward until connectivity is lost. Generally, this involves pinging the loopback adapter (127.0.0.1) to make sure TCP/IP is correctly installed on the local machine. The next step is to ping the IP address of the local machine to make sure its network card is correctly configured. If the destination device is on a different network, the next step would be to ping the default gateway of the local machine to make sure you can communicate with other devices on the same network. Continue pinging devices further and further away until the problematic link is identified. Pinging a device by its hostname can also be used to test whether name resolution is working properly.

Often, a network problem lies outside of the local network. The traceroute command displays each gateway packets travel through to reach a destination. This command can be used to identify a router that is down or incorrectly routing packets. The –n option disables name resolution lookups which can significantly speed up a trace.

traceroute google.com

traceroute to google.com (64.233.187.99), 30 hops max, 38 byte packets
1 10.0.0.1 (10.0.0.1) 0.505 ms 0.468 ms 0.410 ms
2 10.0.56.133 (10.0.56.133) 3.648 ms 3.830 ms 3.815 ms
3 10.0.200.205 (10.0.200.205) 4.185 ms 3.802 ms 3.766 ms
4 sl-gw10-roa-3-2.sprintlink.net (160.81.204.141) 11.934 ms 13.095 ms 12.809 ms
5 po14-0.nykcr2.NewYork.opentransit.net (193.251.240.138) 90.060 ms 90.184 ms 89.995 ms
6 po10-0.nykcr3.NewYork.opentransit.net (193.251.241.114) 90.006 ms 90.260 ms 90.123 ms
7 po2-0.ashcr2.Ashburn.opentransit.net (193.251.240.133) 95.467 ms 95.418 ms 95.602 ms
8 so-6-0-0-0.atlcr1.Atlanta.opentransit.net (193.251.241.158) 89.134 ms 89.228 ms 89.374 ms
9 google-us-customers-3.GW.opentransit.net (193.251.250.226) 52.479 ms google-asia-customers-3.GW.opentransit.net (193.251.250.230) 49.140 ms google-us-customers-3.GW.opentransit.net (193.251.250.226) 50.243 ms
10 66.249.95.124 (66.249.95.124) 49.083 ms 72.14.236.15 (72.14.236.15) 50.620 ms 66.249.95.124 (66.249.95.124) 48.756 ms
11 72.14.236.19 (72.14.236.19) 50.368 ms 50.683 ms 51.950 ms
12 64.233.187.99 (64.233.187.99) 50.467 ms 50.695 ms 50.738 ms

The netstat command is used to show current network information such as open sockets, active connections, routing tables and interface statistics. The most common options are:

Switch

Parameter

-a

Shows all active and listening sockets

-c

Shows updated information continuously

-i

Shows statistics for each network interface

-n

Disables name resolution

-r

Shows routing tables

-t

Shows only TCP connections

-u

Shows only UDP connections

An alternate command for displaying routing tables is route.

Basic Network Services

Most system services, or daemons, run continuously in the background waiting for something to happen. Printing services are almost always configured this way. Network services are configured differently. Rather than having an instance of each needed service running 24 hours a day and using resources, most network services are managed by a super-service called xinetd. Xinetd runs continuously listening for network connections. When a connection is initiated, xinetd identifies the type of connection (ftp, telnet, ssh, etc.) and starts the appropriate network service to handle the connection. When the connection is closed xinetd stops the service.

Xinetd is actually an improved version of inetd (still found on older systems.) The main differences are that xinetd is modular (therefore more portable) and easier to configure. Inetd relies on a single configuration file, /etc/inetd.conf, to define all services that it manages. An example inetd.conf file contains several lines like this:

ftp stream tcp nowait root /usr/sbin/ftpd ftpd
telnet stream tcp nowait root /usr/sbin/telnetd telnetd
tftp dgram udp SRC nobody /usr/sbin/tftpd tftpd -n
login stream tcp nowait root /usr/sbin/rlogind rlogind
 

By comparison, the /etc/xinetd.conf file contains a few default settings and exists mainly to define a directory that contains definitions of each service xinetd manages. By default, this directory is /etc/xinetd.d. Each service is defined in its own configuration file. The telnet definition file looks like this:

# default: on
# description: The telnet server serves telnet sessions; it uses
# unencrypted username/password pairs for authentication.
service telnet
{
        disable = no
        flags = REUSE
        socket_type = stream
        wait = no
        user = root
        server = /usr/sbin/in.telnetd
        log_on_failure += USERID
}

The xinetd configuration is more intuitive and since services are configured as individual files, configuring a new service on several different machines is simply a matter of copying files.

In addition to services that provide resources to users, such as email, ftp or http, xinetd is often used to control services that provide remote management capabilities to administrators. Older services such as rsh (remote shell) and rlogin (remote login) are still in use but are inherently insecure and are rarely enabled on new servers. Telnet and ssh (secure shell) are the most common remote management services in use today. Telnet is bundled in nearly every distribution, is easy to install, and provides full command line access to a remote machine. The downside is that login information is not encrypted and can be captured by anyone on the network using a packet sniffer. Because of this, telnet should never be used to connect to a machine that is part of an untrusted network (such as the Internet.) The ssh package allows you to login and manage a server securely using a number of encryption algorithms including 3DES, Blowfish, AES and RSA.

 

Current related exam topics for the Linux+ exam:

DOMAIN 1.0 Installation

1.10 Select appropriate networking configuration and protocols (for example: inetd, xinetd, modems,Ethernet)

DOMAIN 2.0 Management

2.14 Monitor and troubleshoot network activity (for example: ping, netstat, traceroute)
2.17 Perform remote management (for example: rsh, ssh, rlogin)

DOMAIN 3.0 Configuration


3.1 Configure client network services and settings (for example: settings for TCP/IP)
3.7 Configure a Network Interface Card (NIC) from a command line




Click here for the complete list of exam objectives.

Discuss this TechNote here Author: Drew Miller




 

Featured Sponsors

TrainSignal - “Hands On” computer training for IT professionals. Network+ Training, MCSE, Cisco & more! Visit Train Signal’s free training site to get loads of Free Computer Training, videos, articles and practice exams.

 

All images and text are copyright protected, violations of these rights will be prosecuted to the full extent of the law.
2002-2011 TechExams.Net | Advertise | Disclaimer

TechExams.Net is not sponsored by, endorsed by or affiliated with CompTIA. CompTIA A+, Network+, Security+, Linux+, Server+, CTT+. , the CompTIA logo and trademarks or registered trademarks of CompTIA in the United States and certain other countries. All other trademarks, including those of Microsoft, Cisco, and CWNP are trademarks of their respective owners.