Wednesday, July 28, 2010

Linux Network Management


Show the systems DNS domain name
Show or set the systems domain name
Used to show or set the name of your machine for networking
Show or set systems NIS/YP domain name
Show or set the systems DECnet node name
Show or set the system's NIS/YP domain name

Network setup and commands

This program lets the user read or modify their arp cache.
Send domain name query packets to name servers for debugging or testing.
Display information about the system users.
File transfer program.
Configure a network interface.
Shutdown a network interface.
Brings a network interface up. Ex: ifup eth0
IP firewall administration used to set input, forward, and output rules.
A GUI interactive program to let you configure a network on Redhat systems.
Another GUI step by step network configuration program.
Displays information about the systems network connections, including port connections, routing tables, and more. The command "netstar -r" will display the routing table.
Used to query DNS servers for information about hosts.
Same as ftp.
Send ICMP ECHO_REQUEST packets to network hosts.
DARPA port to RPC program number mapper. Must be running to make RPC calls.
Manipulate the system's RARP table.
Remote file copy. Copies files between two machines.
Remote execution client for an exec server. The host uses the rexecd server.
Query RIP gateways. Request all routes known by an RIP gateway by sending an RIP request.
Starts a terminal session on a remote host.
Show or manipulate the IP routing table.
Executes command on remote host.
Displays summary of current system status of a remote host or all hosts on the network.
Show host status of local machines.
System status server, maintains database used by rwho and ruptime.
Show mount information for an NFS server.
Access control facility for internet services. Can be set up to monitor requests for Telnet, finger, ftp, exec, rsh, rlogin, tftp, talk, comsat. It filters access for these requests.
Tcp wrapper configuration checker.
Dump traffic on a network. Prints out headers of packets that match the boolean expression.
Predicts how the tcp wrapper will handle a specific request for a service.
User interface to the TELNET protocol, setting up a remote console session.
Print the route that packets take to the specified network host.
Tool to setup Netware access.
Netware filesystem mounting program.
Novell print command.
Netware printer list for a given server.
Netware print server.
Netware server list.

Communications commands (includes mail)

Notifies the system if mail arrives and who it is from.
Biff server to receive reports of incoming mail.
Used to purge old news articles.
Electronic mail.
File transfer protocol.
Berkley mail program.
Interface for sending non-text mail.
Net news.
Program for internet news and e-mail, Can send documents, graphics, local & remote messages.
A popular Unix, Linux mail message transfer agent.
A popular mail message transfer agent which is easier to set up than sendmail.
Lets two parties talk simultaneously.
Allows a user to have a login session across a network on a remote host.
Net news reader.
Allows users to directly interact with other users via terminal number (one way at a time).

Linux System Management


Show all environment variables.
Set the value of a variable so it is visible to all subprocesses that belong to the current shell.
Print all or part of environment.
Restores runtime parameters for session to default values.
Shows how the environment is set up. This is a builtin bash command.

Library management

Updates the necessary links for the run time link bindings.
Tells what libraries a given program needs to run.
A library call tracer.
Same as ltrace.

Module and kernel management

Handle loadable modules automatically. Creates a makefile-like dependency file.
Print or control the kernel ring buffer. This shows the last kernel startup messages.
Generate symbol version information.
Install loadable kernel module.
List currently installed kernel modules.
Used to load a set of modules that are marked with a specified tag.
Unload loadable modules.

Runtime level management

Terminates the shell.
Stop the system.
Process control initialization.
Script that executes inittab commands.
Log the user off the system.
Brings the system down.
Reboot the system.
List the current and previous runlevel.
Run a program in a new session.
If your system has many users, use the command "shutdown -h +time message", where time is the time in minutes until the system is halted, and message is a short explanation of why the system is shutting down.
# shutdown -h +10 'We will install a new disk. System should be back on-line in three hours.'
By requesting run level 1 a system can be taken to single user mode.

System Configuration tools

Set the function of the ctrl alt del combination.
Configure ISA plug and play devices.
A Redhat Linux tool which configures the /etc/sysconfig/keyboard file which specifies the location of the keyboard map file. This is a GUI based tool.
Set the keyboard repeat rate and delay time.
A Redhat GUI kernel configuration tool, Start X, then run it from a console session.
Redhat's GUI linux system configuration tool.
List all pci devices.
Control write access to your terminal.
A Redhat Linux tool used to configure the /etc/sysconfig.mouse file. This is a GUI tool.
Script file used to restart, stop, start the DNS server.
Redhat's GUI printer configuration tool.
Display disk usage and limits.
Scan a filesystem for disk usages.
Turn file system quotas off.
Turn file system quotas on.
Script file used to stop, start, restart samba services when not run using inetd.
Configure pci devices.
Set/get serial port information.
Set terminal attributes.
Set up devices and file systems.
Used to configure and print the console devices.
Enable devices and files for paging and swapping.
Disable devices and files for paging and swapping.
A Redhat Linux tool used to configure the /etc/sysconfig/clock file. This is a GUI tool used to set timezone and whether or not the clock is set to GMT time.
Used to initialize terminals.

System Information

Print machine architecture.
Shows disk free space.
Shows disk usage.
Display used and free memory on the system.
Provide information on ipc facilities.
Same as ipcrm.
Display information about installed hardware via files in the /proc directory.
List open files.
List PCI devices .
Lists ISA plug and play devices resource information.
Display system status gathered from proc.
Display a tree of processes.
Find the current and previous system runlevel.
Trace ssytem calls and signals for a binary program.
Change and print terminal line settings.
Prints a graphic representation of the system load average.
Print the filename of the terminal connected to standard input.
Print system information, Prints Linux.
Report virtual memory statistics.
Displays CPU states (idle, nice, system, kernel) statistics. Runs in X?

System Logging

Kernel log daemon which intercepts and logs Linux kernel messages.
Make entries in the system log.
Linux system logging utilities.
Linux system logging utilities.

System Security

System time

Used to change or get current time. The command "clock -–w" sets the hardware clock.
Print or set the system date and time.
Set or read the hardware CMOS clock.
Time server daemon to synchronize the host's time with other machines, normally invoked at boot time from the rc(8) file.
Timed control program.
Used to change the users private time zone by setting the TZ environment variable.
Reports how long the system has been running.
Prints the current time in each zonename named on the command line.
Reads text from files named on the command line and creates time conversion files.

X Management and programs

Probe video hardware.
The Redhat tool used during system setup to configure X.
Displays messages usually sent to /dev/console.
Older version of XF86Setup.
A newer X configuration program with a GUI interface which modifies the "/etc/X11/XF86Config" configuration file.
This program will test video modes on the fly without modification to your X configuration. Read the usr/X11R6/lib/X11/doc/VideoModes.doc file before running this program.

Types Of DNS Records

A Domain Name is a unique name that you choose for your web site. All websites are identified only by their names called as domain names. Each Domain name has a unique IP Address.This page helps you to find the Ip Address for given hostname.
    This tool converts the hostname to IP Address.

Types of DNS Records:

    A record: Address record maps a hostname to a 32-bit IPv4 address.

    AAAA record: AAAA record IPv6 address record maps a hostname to a 128-bit IPv6 address.

    CNAME record: Canonical name record is an alias of one name to another.

    MX record: Mail exchange record maps a domain name to a list of mail exchange servers for that domain.

    PTR record: Pointer record maps an IPv4 address to the canonical name for that host.Setting up a PTR record for a hostname in the domain that corresponds to an IP address implements reverse DNS lookup for that address.

    NS record: Name server record maps a domain name to a list of DNS servers authoritative for that domain.

    SOA record Start of authority record specifies the DNS server providing authoritative information about an Internet domain.

    SRV record: It is a generalized service location record.

    TXR record: This record is used to implement the Sender Policy Framework.

You can search or look up A Record, AAAA, CNAME, MX, NS, PTR, SOA, SPF, SRV, TXT or Find ALL of DNS entries

DNS and it's Terminology

The domain namespace is divided into regions called zones. For instance, if you have, you have the example section, or zone, of the com domain.

DNS server
The DNS server is a server that maintains the name and IP information for a domain. You can have a primary DNS server for master zone, a secondary server for slave zone, or a slave server without any zones for caching.

Master zone DNS server
The master zone includes all hosts from your network and a DNSserver master zone stores up-to-date records for all the hosts in your domain.

Slave zone DNS server
A slave zone is a copy of the master zone. The slave zone DNSserver obtains its zone data with zone transfer operations from its master server. The slave zone DNS server responds authoritatively for the zone as long as it has valid (not expired) zone data. If the slave cannot obtain a new copy of the zone data, it stops responding for the zone.

Forwarders are DNS servers to which your DNS server should send queries it cannot answer.

The record is information about name and IP address. Supported records and their syntax are described in BIND documentation. Some special records are:

NS record
An NS record tells name servers which machines are in charge of a given domain zone.

MX record
The MX (mail exchange) records describe the machines to contact for directing mail across the Internet.

SOA record
SOA (Start of Authority) record is the first record in a zone file. The SOA record is used when using DNS to synchronize data between multiple computers.  

Configuring a DNS Server

Step 1. Create named.conf file with the following content:
Note: options "directory", ", "pid-file", "dump-file", "statistics-file" might have other values if you configure bind server on Linux. The following values are for FreeBSD.
Note: do not forget to put ";" after every IP, incuding last IP, and to enclose rules between { }.

options {
directory       "/etc/namedb";
pid-file        "/var/run/named/pid";
dump-file       "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
forwarders      {;; };
allow-recursion {;; };
allow-transfer  {;;; };
listen-on       {; 86.X.Y.Z; };
zone "." {
type hint;
file "named.root";
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
zone "" {
type master;
file "master/";
zone "" in {
type master;
file "/etc/namedb/";
Few explanations regarding following variables:
forwarders      {;; };
allow-recursion {;; };
allow-transfer  {;;; };
listen-on       {; 86.X.Y.Z; };
forwarders - here you place your ISP DNS Servers (or other DNS servers from root, that accept your IPs). This is also useful for DNS cache.

allow-recursion - allow only to IP placed here (or to subnets) to query the DNS server. You must place here all IPs or subnets that will use the DNS server.
allow-transfer - allow only to these servers to transfer zones from current DNS server (there can be DNS slave servers for example).
listen-on - the IP on which will run the DNS server.

Step 2. Create the file for the domain "", (we asume is the domain you want to setup) with the following content:

$TTL 3600        ; 1 ora    IN      SOA (
2006051501      ; Serial
10800           ; Refresh
3600            ; Retry
604800          ; Expire
86400           ; Minimum TTL
; DNS Servers
IN      NS
IN      NS
; MX Records
IN      MX 10
IN      MX 20
IN      A       86.X.Y.Z
; Machines
localhost       IN      A
ns1             IN      A       86.X.Y.Z
ns2             IN      A       86.X.Y.Z
mx              IN      A       86.X.Y.Z
mail            IN      A       86.X.Y.Z
; Aliases
www             IN      CNAME   @
Note: be careful not to omit "." when defining zone, after every host name. If you omit ".", bind will add after machine name the origin of zone (in our case So "." at the end of hostname in zone means the
exact name of hostname.

Step 3. Add in /etc/resolv.conf the following line:

Step 4. Test the DNS server
After you've configured bind (named.conf) and you've created zone file you will start bind service to test if it works. After you've stared bind (/etc/rc.d/named -forcestart) you must have answer when pinging the domain name from localhost. Try to ping every hostname defined as A records in your zone file.

Note: NS and MX records from zone must all have defined A records in order to properly work. If NS and MX records do not have A records defined with the same name it won't answer to ping either from localhost or from outside and it won't work.

Test example (from localhost):

If after configuration hosts defined in DNS server zone answers to ping then from localhost everything works well. To test from outside you must wait for DNS to propagate to the Internet. This will take up to 24 hours.

Then you must the proper answer to queries on zone records (NS, MX, subdomains).

If DNS server does not answers when you ping on A records from localhost:
- check if name server is started (ps awux | grep named)
- check if name server is listen on port 53 (netstat -an | grep 53)
- you can start named in foreground with "named -f" to check error messages or you can activate logs for named service)

As a note you should also have open port 953 which is used by rndc service to reload named server.

Test DNS server with dig:

dig -x @ any
If you do not want to see all records but only MX or NS replace "any" with NS or MX. If digs returns your records defined in your zone then you've succesfuly setup your DNS server, and you must wait for DNS records to propagate to the Internet.

Test DNS Server with nslookup:

>set q=any
webserver# nslookup
> set q=any
origin =
mail addr =
serial = 2007061061
refresh = 21600
retry = 3600
expire = 604800
minimum = 86400    nameserver =    mail exchanger = 10
Address: 86.X.Y.Z
Query the DNS Server by using local DNS server:

> lserver
Default server:
Address: 86.X.Y.Z#53
Example DNS server query for MX records with nslookup:

# nslookup -type=mx
Address:    mail exchanger = 10
Query the DNS server in verbose mode, useful for debug:
> set debug
QUESTIONS:, type = A, class = IN
internet address = 86.X.Y.Z
nameserver =
internet address = 86.X.Y.Z
Address: 86.X.Y.Z
Query of the DNS server in more verbose mode (debug 2):
> set d2
Howto configure a Slave DNS server:

The Slave DNS server usualy is setup for redundancy. It will share the load with MasterDNS server and will answer to DNS request if the Master DNS server is not accesible. Usualy is not recommended to use two Master DNS servers (it is possible). You can use multiple Slave DNS servers. A Slave DNS server can transfer DNS zones to other SlaveDNS server (of course if it is configured to do that).
How it works: the Master DNS server read DNS records from file and then sends those records to the Slave DNS server. The zone file from Slave DNS server is a copy of the zone file from Master DNS server.
Example for Master and Slave DNS servers:
zone "" in {
type master;
file "/etc/namedb/";
zone "" in {
type slave;
file "/etc/namedb/";
masters { 86.X.Y.Z; };

Network Traffic Monitoring

network traffic monitoring software
NMTF toolsA big list of network monitoring tools. And I do mean BIG.
sniffers2005-7-12: Steve Baum's list of network sniffing tools.
Zenoss2007-6-9: Open Source Enterprise Monitoring. Has in impressive set of network monitoring features. Very nice web site too!
IPTrafA Statistics Utility for Monitoring IP Networks.
ntopntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.
PloadGraphical monitoring of PPP traffic.
KsnuffleKSnuffle is a network packet sniffer for KDE.
IPACipac Linux ip accounting package.

text-based packet monitoring software
wireshark.orgFormerly called `Ethereal' network analyzer. Analyzes log files in tcpdump and other formats. Can also run live.
IPauditLogs aggregate traffic between host pairs.
tcpdumpIncludes libpcap library. I use tcpdump several times a day to monitor traffic.
tcpdump2asciiPerl script to convert tcpdump files to ascii.
nstreamsFrom HervĂ© Schauer Consultants, France. Nstreams is a program which analyzes the streams that occur on a network. It displays which streams are generated by the users between several networks, and between the networks and the outside.
supersnifferImproved version of tcpdump?
NetPeekNetPeek is a GUI-based network monitoring and diagnosis tool. It captures packets from the local network and displays them to the user in two forms... Requires GTK and Gnome.
TCP SnifferMarcelo Gornstein's free network tools, including `Easy Sniffer', `Send Packet' and `TCP Listen'.
xipdumpA snazzy IP packet monitoring tool for X window system, withimpressive screenshot.
WinDumpTCPdump for Windows.
MonikerUnsophisticated command-line perl scripts to monitor traffic and create CSV files of observed traffic.

remote computer monitoring software
NMAPFree open source network probing utility. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
nessus.orgThe "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner.
nagiosAn open source host, service and network monitoring program.
MonSome sort of network monitoring tool. "mon" is a tool for monitoring the availability of services. Services may be network-related, environmental conditions, or nearly anything that can be tested with software. Here is the top web page.

remote monitoring software for web-sites
monit/munin2006-5-8: Server Monitoring With munin And monit.
Cuevision2004-9-28: Commercial software to monitor websites. A tool to monitor your website, monitor your servers and monitor your network devices.
nPULSEnPULSE is a web-based network monitoring package for Unix-like operating systems. It can quickly monitor tens, hundreds, even thousands of sites/devices at a time on multiple ports. See also thefreshmeat link.
XACCTXACCT Technologies has created the first and only Network to Business (N2B) platform that provides a bi-directional, real-time link between the physical network infrastructure and Operations and Business Support Systems (OSS/BSSs) to enable advanced network and service usage and automated service provisioning.
dotcom-monitor.com2004-9-13: Commercial remote monitoring software for web sites. Dotcom-Monitor provides web site monitoring service that tests your website from multiple locations around the world as often as every minute simulating end-user behavior from each location.
GFI Network
Server Monitor
Commercial software which checks your network & servers for failures and fixes them automatically, before your network users notice them. Limited freeware version is also available.
Alchemy EyeAlchemy Eye is a system management tool that continuously monitors server availability and performance. In the event of network errors, Alchemy Eye can alert the network administrator by cell phone or pager. Commercial software. Seems to be intended for MS servers.
Server Nanny2004-4-18: Commercial software for remote monitoring of systems. Server Nanny Network Monitor monitors servers and network devices, sends problem notifications, performs actions, and logs performance data.

network traffic metrics
SurveyorSurveyor is a measurement infrastructure that is being currently deployed at participating sites around the world.
IPPMInternet Protocol Performance Metrics. An IETF Working Group.

internet end-to-end performance evaluation software
CAIDACooperative association for Internet data analysis. Tools and analyses promoting the engineering and maintenance of a robust, scalable global Internet infrastructure. They have a range of tools for measurement and visualisation.
PMA2004-9-17: Passive Measurement and Analysis. The goal of the PMA project is to deliver new insights into the operation, behavior, and health of the Internet, for the benefit of network users and operations. Passive header trace data provides the means to study workload profiles for a number of strategically located measurement points in high speed environments. We currently take daily measurements from OC3 through OC48 speeds.
BBMonitor2006-6-18: A commercial bandwidth monitoring tool for MS-Windows i386 machines. This software if a traffic performance measurement tool rather than a packet sniffer.
FireHunterA system for monitoring the network performance for users of an Internet access network. This system sets of alarms when users violate their SLAs. See their product information. This system is used by Qwest.
webperfThis open source software runs on Solaris, Linux, *BSD (not FreeBSD 3.2), and WinNT.
For the webmaster, It is hard to know how their web sites are performing. Just because a site is fast and responsive from your desk, doesn't mean that it is like that from around the world.
This project was started to help webmasters monitor the responsiveness of URLs on their sites (as well as their competitors) from different parts of the internet.
This software seems to be oriented more towards evaluating web servers rather than web access links for clients.
HypertrakThis is a white paper for commercial software to do server-oriented web performance analysis.

related stuff
spinning cube2004-6-2: The Spinning Cube of Potential Doom. The cube displays data from Bro along 3 axes and creates interesting visual results (port scansbarber poleslawnmower). See also the slashdot article.
state of the InternetRolling 24-hour graphs of end-to-end Internet performance.
Internet weather reportAnimated maps of current Internet lag.
SurveyorPaper on An Infrastructure for Internet Performance Measurements.
NetFactual.comWeb site which makes statistical surveys of the net.
netcraft site classifierThe UK Netcraft site's What's that site running? - tells you what server and OS a web site is running. E.g. you could check
uptimebot.com2004-6-5: A really annoying service for monitoring web site uptime or something.
CyberAlertCyberalert 3.0 is a fully-automated Internet monitoring and Web clipping service.
false.netProvides some probing tools which have been abused against my web site.
Extreme trackingA site which provides very detailed info on visitors to particular sites. With the eXTReMe Tracker you get every advanced feature required to picture the visitors of your website. Conveniently arranged, numbers, percentages, stats, totals and averages.