Wednesday, July 28, 2010

Linux Network Management


Names

dnsdomainname
Show the systems DNS domain name
domainname
Show or set the systems domain name
hostname
Used to show or set the name of your machine for networking
nisdomainname
Show or set systems NIS/YP domain name
nodename
Show or set the systems DECnet node name
ypdomainname
Show or set the system's NIS/YP domain name

Network setup and commands

arp
This program lets the user read or modify their arp cache.
dig(1)
Send domain name query packets to name servers for debugging or testing.
finger
Display information about the system users.
ftp
File transfer program.
ifconfig
Configure a network interface.
ifdown
Shutdown a network interface.
ifup
Brings a network interface up. Ex: ifup eth0
ipchains
IP firewall administration used to set input, forward, and output rules.
netconf
A GUI interactive program to let you configure a network on Redhat systems.
netconfig
Another GUI step by step network configuration program.
netstat
Displays information about the systems network connections, including port connections, routing tables, and more. The command "netstar -r" will display the routing table.
nslookup
Used to query DNS servers for information about hosts.
pftp
Same as ftp.
ping
Send ICMP ECHO_REQUEST packets to network hosts.
portmap
DARPA port to RPC program number mapper. Must be running to make RPC calls.
rarp
Manipulate the system's RARP table.
rcp
Remote file copy. Copies files between two machines.
rexec
Remote execution client for an exec server. The host uses the rexecd server.
ripquery
Query RIP gateways. Request all routes known by an RIP gateway by sending an RIP request.
rlogin
Starts a terminal session on a remote host.
route
Show or manipulate the IP routing table.
rsh
Executes command on remote host.
rup
Displays summary of current system status of a remote host or all hosts on the network.
ruptime
Show host status of local machines.
rwhod
System status server, maintains database used by rwho and ruptime.
showmount
Show mount information for an NFS server.
tcpd
Access control facility for internet services. Can be set up to monitor requests for Telnet, finger, ftp, exec, rsh, rlogin, tftp, talk, comsat. It filters access for these requests.
tcpdchk
Tcp wrapper configuration checker.
tcpdump
Dump traffic on a network. Prints out headers of packets that match the boolean expression.
tcpdmatch
Predicts how the tcp wrapper will handle a specific request for a service.
Telnet
User interface to the TELNET protocol, setting up a remote console session.
traceroute
Print the route that packets take to the specified network host.
ipx_configure
Tool to setup Netware access.
ncpmount
Netware filesystem mounting program.
nprint
Novell print command.
pqlist
Netware printer list for a given server.
pserver
Netware print server.
slist
Netware server list.

Communications commands (includes mail)

biff
Notifies the system if mail arrives and who it is from.
comsat
Biff server to receive reports of incoming mail.
expire
Used to purge old news articles.
elm
Electronic mail.
ftp
File transfer protocol.
mailx
Berkley mail program.
metasend
Interface for sending non-text mail.
nn
Net news.
pine
Program for internet news and e-mail, Can send documents, graphics, local & remote messages.
sendmail
A popular Unix, Linux mail message transfer agent.
smail
A popular mail message transfer agent which is easier to set up than sendmail.
talk
Lets two parties talk simultaneously.
telnet
Allows a user to have a login session across a network on a remote host.
tin
Net news reader.
write
Allows users to directly interact with other users via terminal number (one way at a time).

Linux System Management


Environment

env
Show all environment variables.
export
Set the value of a variable so it is visible to all subprocesses that belong to the current shell.
printenv
Print all or part of environment.
reset
Restores runtime parameters for session to default values.
set
Shows how the environment is set up. This is a builtin bash command.

Library management

ldconfig
Updates the necessary links for the run time link bindings.
ldd
Tells what libraries a given program needs to run.
ltrace
A library call tracer.
trace
Same as ltrace.

Module and kernel management

depmod
Handle loadable modules automatically. Creates a makefile-like dependency file.
dmesg
Print or control the kernel ring buffer. This shows the last kernel startup messages.
genksyms
Generate symbol version information.
insmod
Install loadable kernel module.
lsmod
List currently installed kernel modules.
modprobe
Used to load a set of modules that are marked with a specified tag.
rmmod
Unload loadable modules.

Runtime level management

exit
Terminates the shell.
halt
Stop the system.
init
Process control initialization.
initscript
Script that executes inittab commands.
logout
Log the user off the system.
poweroff
Brings the system down.
reboot
Reboot the system.
runlevel
List the current and previous runlevel.
setsid
Run a program in a new session.
shutdown
If your system has many users, use the command "shutdown -h +time message", where time is the time in minutes until the system is halted, and message is a short explanation of why the system is shutting down.
# shutdown -h +10 'We will install a new disk. System should be back on-line in three hours.'
telinit
By requesting run level 1 a system can be taken to single user mode.

System Configuration tools

ctrlaltdel
Set the function of the ctrl alt del combination.
isapnp
Configure ISA plug and play devices.
kbdconf
A Redhat Linux tool which configures the /etc/sysconfig/keyboard file which specifies the location of the keyboard map file. This is a GUI based tool.
kbdrate
Set the keyboard repeat rate and delay time.
kernelcfg
A Redhat GUI kernel configuration tool, Start X, then run it from a console session.
linuxconf
Redhat's GUI linux system configuration tool.
lspci
List all pci devices.
mesg
Control write access to your terminal.
mouseconfig
A Redhat Linux tool used to configure the /etc/sysconfig.mouse file. This is a GUI tool.
ndc
Script file used to restart, stop, start the DNS server.
Printtool
Redhat's GUI printer configuration tool.
quota
Display disk usage and limits.
quotacheck
Scan a filesystem for disk usages.
quotaoff
Turn file system quotas off.
quotaon
Turn file system quotas on.
samba
Script file used to stop, start, restart samba services when not run using inetd.
setpci
Configure pci devices.
setserial
Set/get serial port information.
setterm
Set terminal attributes.
setup
Set up devices and file systems.
stty
Used to configure and print the console devices.
swapon
Enable devices and files for paging and swapping.
swapoff
Disable devices and files for paging and swapping.
timeconfig
A Redhat Linux tool used to configure the /etc/sysconfig/clock file. This is a GUI tool used to set timezone and whether or not the clock is set to GMT time.
tset
Used to initialize terminals.

System Information

arch
Print machine architecture.
df
Shows disk free space.
du
Shows disk usage.
free
Display used and free memory on the system.
ipcrm
Provide information on ipc facilities.
ipcs
Same as ipcrm.
lsdev
Display information about installed hardware via files in the /proc directory.
lsof
List open files.
lspci
List PCI devices .
pnpdump
Lists ISA plug and play devices resource information.
procinfo
Display system status gathered from proc.
pstree
Display a tree of processes.
runlevel
Find the current and previous system runlevel.
strace
Trace ssytem calls and signals for a binary program.
stty
Change and print terminal line settings.
tload
Prints a graphic representation of the system load average.
tty
Print the filename of the terminal connected to standard input.
uname
Print system information, Prints Linux.
vmstat
Report virtual memory statistics.
xcpustate
Displays CPU states (idle, nice, system, kernel) statistics. Runs in X?

System Logging

klogd
Kernel log daemon which intercepts and logs Linux kernel messages.
logger
Make entries in the system log.
syslogd
Linux system logging utilities.
sysklogd
Linux system logging utilities.

System Security


System time

cal
Calendar.
clock
Used to change or get current time. The command "clock -–w" sets the hardware clock.
date
Print or set the system date and time.
hwclock
Set or read the hardware CMOS clock.
timed
Time server daemon to synchronize the host's time with other machines, normally invoked at boot time from the rc(8) file.
timedc
Timed control program.
tzset
Used to change the users private time zone by setting the TZ environment variable.
uptime
Reports how long the system has been running.
zdump
Prints the current time in each zonename named on the command line.
zic
Reads text from files named on the command line and creates time conversion files.

X Management and programs

SuperProbe
Probe video hardware.
Xconfigurator
The Redhat tool used during system setup to configure X.
xconsole
Displays messages usually sent to /dev/console.
xf86config
Older version of XF86Setup.
XF86Setup
A newer X configuration program with a GUI interface which modifies the "/etc/X11/XF86Config" configuration file.
xvidtune
This program will test video modes on the fly without modification to your X configuration. Read the usr/X11R6/lib/X11/doc/VideoModes.doc file before running this program.

Types Of DNS Records

A Domain Name is a unique name that you choose for your web site. All websites are identified only by their names called as domain names. Each Domain name has a unique IP Address.This page helps you to find the Ip Address for given hostname.
    This tool converts the hostname to IP Address.

Types of DNS Records:

    A record: Address record maps a hostname to a 32-bit IPv4 address.

    AAAA record: AAAA record IPv6 address record maps a hostname to a 128-bit IPv6 address.

    CNAME record: Canonical name record is an alias of one name to another.

    MX record: Mail exchange record maps a domain name to a list of mail exchange servers for that domain.

    PTR record: Pointer record maps an IPv4 address to the canonical name for that host.Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address.

    NS record: Name server record maps a domain name to a list of DNS servers authoritative for that domain.

    SOA record Start of authority record specifies the DNS server providing authoritative information about an Internet domain.

    SRV record: It is a generalized service location record.

    TXR record: This record is used to implement the Sender Policy Framework.

You can search or look up A Record, AAAA, CNAME, MX, NS, PTR, SOA, SPF, SRV, TXT or Find ALL of DNS entries

DNS and it's Terminology

Zone
The domain namespace is divided into regions called zones. For instance, if you have example.com, you have the example section, or zone, of the com domain.

DNS server
The DNS server is a server that maintains the name and IP information for a domain. You can have a primary DNS server for master zone, a secondary server for slave zone, or a slave server without any zones for caching.

Master zone DNS server
The master zone includes all hosts from your network and a DNSserver master zone stores up-to-date records for all the hosts in your domain.

Slave zone DNS server
A slave zone is a copy of the master zone. The slave zone DNSserver obtains its zone data with zone transfer operations from its master server. The slave zone DNS server responds authoritatively for the zone as long as it has valid (not expired) zone data. If the slave cannot obtain a new copy of the zone data, it stops responding for the zone.

Forwarder
Forwarders are DNS servers to which your DNS server should send queries it cannot answer.

Record
The record is information about name and IP address. Supported records and their syntax are described in BIND documentation. Some special records are:

NS record
An NS record tells name servers which machines are in charge of a given domain zone.

MX record
The MX (mail exchange) records describe the machines to contact for directing mail across the Internet.

SOA record
SOA (Start of Authority) record is the first record in a zone file. The SOA record is used when using DNS to synchronize data between multiple computers.  

Configuring a DNS Server


Step 1. Create named.conf file with the following content:
Note: options "directory", ", "pid-file", "dump-file", "statistics-file" might have other values if you configure bind server on Linux. The following values are for FreeBSD.
Note: do not forget to put ";" after every IP, incuding last IP, and to enclose rules between { }.


options {
directory       "/etc/namedb";
pid-file        "/var/run/named/pid";
dump-file       "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
forwarders      { 213.157.176.3; 213.157.176.1; };
allow-recursion { 10.0.0.1/16; 127.0.0.1; };
allow-transfer  { 213.157.176.3; 213.157.176.1; 192.162.16.0/24; };
listen-on       { 127.0.0.1; 86.X.Y.Z; };
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};
zone "Z.Y.X.86.in-addr.arpa" {
type master;
file "master/Z.Y.X.86.in-addr.arpa";
};
zone "domeniu.ro" in {
type master;
file "/etc/namedb/domeniu.ro";
};
Few explanations regarding following variables:
forwarders      { 213.157.176.3; 213.157.176.1; };
allow-recursion { 10.0.0.1/16; 127.0.0.1; };
allow-transfer  { 213.157.176.3; 213.157.176.1; 192.162.16.0/24; };
listen-on       { 127.0.0.1; 86.X.Y.Z; };
forwarders - here you place your ISP DNS Servers (or other DNS servers from root, that accept your IPs). This is also useful for DNS cache.

allow-recursion - allow only to IP placed here (or to subnets) to query the DNS server. You must place here all IPs or subnets that will use the DNS server.
allow-transfer - allow only to these servers to transfer zones from current DNS server (there can be DNS slave servers for example).
listen-on - the IP on which will run the DNS server.


Step 2. Create the file for the domain "example.com", (we asume example.com is the domain you want to setup) with the following content:

$TTL 3600        ; 1 ora
example.com.    IN      SOA      ns1.example.com. admin.example.com. (
2006051501      ; Serial
10800           ; Refresh
3600            ; Retry
604800          ; Expire
86400           ; Minimum TTL
)
; DNS Servers
IN      NS      ns1.example.com.
IN      NS      ns2.example.com.
; MX Records
IN      MX 10   mx.example.com.
IN      MX 20   mail.example.com.
IN      A       86.X.Y.Z
; Machines
localhost       IN      A       127.0.0.1
ns1             IN      A       86.X.Y.Z
ns2             IN      A       86.X.Y.Z
mx              IN      A       86.X.Y.Z
mail            IN      A       86.X.Y.Z
; Aliases
www             IN      CNAME   @
Note: be careful not to omit "." when defining zone, after every host name. If you omit ".", bind will add after machine name the origin of zone (in our case example.com). So "." at the end of hostname in zone means the
exact name of hostname.


Step 3. Add in /etc/resolv.conf the following line:
nameserver 127.0.0.1

Step 4. Test the DNS server
After you've configured bind (named.conf) and you've created zone file you will start bind service to test if it works. After you've stared bind (/etc/rc.d/named -forcestart) you must have answer when pinging the domain name from localhost. Try to ping every hostname defined as A records in your zone file.

Note: NS and MX records from zone must all have defined A records in order to properly work. If NS and MX records do not have A records defined with the same name it won't answer to ping either from localhost or from outside and it won't work.

Test example (from localhost):
#ping ns1.example.com

If after configuration hosts defined in DNS server zone answers to ping then from localhost everything works well. To test from outside you must wait for DNS to propagate to the Internet. This will take up to 24 hours.

Then you must the proper answer to queries on zone records (NS, MX, subdomains).

If DNS server does not answers when you ping on A records from localhost:
- check if name server is started (ps awux | grep named)
- check if name server is listen on port 53 (netstat -an | grep 53)
- you can start named in foreground with "named -f" to check error messages or you can activate logs for named service)

As a note you should also have open port 953 which is used by rndc service to reload named server.

Test DNS server with dig:

dig -x @ domeniu.com any
If you do not want to see all records but only MX or NS replace "any" with NS or MX. If digs returns your records defined in your zone then you've succesfuly setup your DNS server, and you must wait for DNS records to propagate to the Internet.

Test DNS Server with nslookup:

#nslookup
>set q=any
>example.com
^D
Example:
webserver# nslookup
> set q=any
> example.com
Server:         127.0.0.1
Address:        127.0.0.1#53
example.com
origin = ns1.example.com
mail addr = webmaster.example.com
serial = 2007061061
refresh = 21600
retry = 3600
expire = 604800
minimum = 86400
example.com    nameserver = ns1.example.com.
example.com    mail exchanger = 10 mail.example.com.
Name:   example.com
Address: 86.X.Y.Z
Query the DNS Server by using local DNS server:

> lserver example.com
Default server: example.com
Address: 86.X.Y.Z#53
Example DNS server query for MX records with nslookup:

# nslookup -type=mx example.com
Server:         127.0.0.1
Address:        127.0.0.1#53
example.com    mail exchanger = 10 mail.example.com.
Query the DNS server in verbose mode, useful for debug:
> set debug
> example.com
Server:         127.0.0.1
Address:        127.0.0.1#53
------------
QUESTIONS:
example.com, type = A, class = IN
ANSWERS:
->  example.com
internet address = 86.X.Y.Z
AUTHORITY RECORDS:
->  example.com
nameserver = ns1.example.com.
ADDITIONAL RECORDS:
->  ns1.example.com
internet address = 86.X.Y.Z
------------
Name:   example.com
Address: 86.X.Y.Z
Query of the DNS server in more verbose mode (debug 2):
> set d2
> example.com
Howto configure a Slave DNS server:

The Slave DNS server usualy is setup for redundancy. It will share the load with MasterDNS server and will answer to DNS request if the Master DNS server is not accesible. Usualy is not recommended to use two Master DNS servers (it is possible). You can use multiple Slave DNS servers. A Slave DNS server can transfer DNS zones to other SlaveDNS server (of course if it is configured to do that).
How it works: the Master DNS server read DNS records from file and then sends those records to the Slave DNS server. The zone file from Slave DNS server is a copy of the zone file from Master DNS server.
Example for Master and Slave DNS servers:
zone "example.com" in {
type master;
file "/etc/namedb/example.com";
zone "example.com" in {
type slave;
file "/etc/namedb/slave.example.com";
masters { 86.X.Y.Z; };

Network Traffic Monitoring



network traffic monitoring software
NMTF toolsA big list of network monitoring tools. And I do mean BIG.
sniffers2005-7-12: Steve Baum's list of network sniffing tools.
Zenoss2007-6-9: Open Source Enterprise Monitoring. Has in impressive set of network monitoring features. Very nice web site too!
IPTrafA Statistics Utility for Monitoring IP Networks.
ntopntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.
PloadGraphical monitoring of PPP traffic.
KsnuffleKSnuffle is a network packet sniffer for KDE.
IPACipac Linux ip accounting package.

text-based packet monitoring software
wireshark.orgFormerly called `Ethereal' network analyzer. Analyzes log files in tcpdump and other formats. Can also run live.
IPauditLogs aggregate traffic between host pairs.
tcpdumpIncludes libpcap library. I use tcpdump several times a day to monitor traffic.
tcpdump2asciiPerl script to convert tcpdump files to ascii.
nstreamsFrom Hervé Schauer Consultants, France. Nstreams is a program which analyzes the streams that occur on a network. It displays which streams are generated by the users between several networks, and between the networks and the outside.
supersnifferImproved version of tcpdump?
ngrep 
NetPeekNetPeek is a GUI-based network monitoring and diagnosis tool. It captures packets from the local network and displays them to the user in two forms... Requires GTK and Gnome.
TCP SnifferMarcelo Gornstein's free network tools, including `Easy Sniffer', `Send Packet' and `TCP Listen'.
xipdumpA snazzy IP packet monitoring tool for X window system, withimpressive screenshot.
WinDumpTCPdump for Windows.
MonikerUnsophisticated command-line perl scripts to monitor traffic and create CSV files of observed traffic.

remote computer monitoring software
NMAPFree open source network probing utility. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
nessus.orgThe "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner.
nagiosAn open source host, service and network monitoring program.
MonSome sort of network monitoring tool. "mon" is a tool for monitoring the availability of services. Services may be network-related, environmental conditions, or nearly anything that can be tested with software. Here is the top web page.

remote monitoring software for web-sites
monit/munin2006-5-8: Server Monitoring With munin And monit.
Cuevision2004-9-28: Commercial software to monitor websites. A tool to monitor your website, monitor your servers and monitor your network devices.
nPULSEnPULSE is a web-based network monitoring package for Unix-like operating systems. It can quickly monitor tens, hundreds, even thousands of sites/devices at a time on multiple ports. See also thefreshmeat link.
XACCTXACCT Technologies has created the first and only Network to Business (N2B) platform that provides a bi-directional, real-time link between the physical network infrastructure and Operations and Business Support Systems (OSS/BSSs) to enable advanced network and service usage and automated service provisioning.
dotcom-monitor.com2004-9-13: Commercial remote monitoring software for web sites. Dotcom-Monitor provides web site monitoring service that tests your website from multiple locations around the world as often as every minute simulating end-user behavior from each location.
GFI Network
Server Monitor
Commercial software which checks your network & servers for failures and fixes them automatically, before your network users notice them. Limited freeware version is also available.
Alchemy EyeAlchemy Eye is a system management tool that continuously monitors server availability and performance. In the event of network errors, Alchemy Eye can alert the network administrator by cell phone or pager. Commercial software. Seems to be intended for MS servers.
Server Nanny2004-4-18: Commercial software for remote monitoring of systems. Server Nanny Network Monitor monitors servers and network devices, sends problem notifications, performs actions, and logs performance data.

network traffic metrics
SurveyorSurveyor is a measurement infrastructure that is being currently deployed at participating sites around the world.
IPPMInternet Protocol Performance Metrics. An IETF Working Group.

internet end-to-end performance evaluation software
CAIDACooperative association for Internet data analysis. Tools and analyses promoting the engineering and maintenance of a robust, scalable global Internet infrastructure. They have a range of tools for measurement and visualisation.
PMA2004-9-17: Passive Measurement and Analysis. The goal of the PMA project is to deliver new insights into the operation, behavior, and health of the Internet, for the benefit of network users and operations. Passive header trace data provides the means to study workload profiles for a number of strategically located measurement points in high speed environments. We currently take daily measurements from OC3 through OC48 speeds.
BBMonitor2006-6-18: A commercial bandwidth monitoring tool for MS-Windows i386 machines. This software if a traffic performance measurement tool rather than a packet sniffer.
FireHunterA system for monitoring the network performance for users of an Internet access network. This system sets of alarms when users violate their SLAs. See their product information. This system is used by Qwest.
webperfThis open source software runs on Solaris, Linux, *BSD (not FreeBSD 3.2), and WinNT.
For the webmaster, It is hard to know how their web sites are performing. Just because a site is fast and responsive from your desk, doesn't mean that it is like that from around the world.
This project was started to help webmasters monitor the responsiveness of URLs on their sites (as well as their competitors) from different parts of the internet.
This software seems to be oriented more towards evaluating web servers rather than web access links for clients.
HypertrakThis is a white paper for commercial software to do server-oriented web performance analysis.

related stuff
spinning cube2004-6-2: The Spinning Cube of Potential Doom. The cube displays data from Bro along 3 axes and creates interesting visual results (port scansbarber poleslawnmower). See also the slashdot article.
state of the InternetRolling 24-hour graphs of end-to-end Internet performance.
Internet weather reportAnimated maps of current Internet lag.
SurveyorPaper on An Infrastructure for Internet Performance Measurements.
NetFactual.comWeb site which makes statistical surveys of the net.
netcraft site classifierThe UK Netcraft site's What's that site running? - tells you what server and OS a web site is running. E.g. you could check onwww.topology.org.
uptimebot.com2004-6-5: A really annoying service for monitoring web site uptime or something.
CyberAlertCyberalert 3.0 is a fully-automated Internet monitoring and Web clipping service.
false.netProvides some probing tools which have been abused against my web site.
Extreme trackingA site which provides very detailed info on visitors to particular sites. With the eXTReMe Tracker you get every advanced feature required to picture the visitors of your website. Conveniently arranged, numbers, percentages, stats, totals and averages.