Network
NETWORK
CONFIGURATION AT BOOT TIME:
1. /etc/rc.net
Configures and starts TCP/IP interfaces. Sets hostname, default gateway and static routes.(it is called by cfgmgr)
then during initialization, the file /etc/inittab is called. There are 2 entries:
...
rctcpip:23456789:wait:/etc/rc.tcpip > /dev/console 2>&1 # Start TCP/IP daemons
rcnfs:23456789:wait:/etc/rc.nfs > /dev/console 2>&1 # Start NFS Daemons
...
2. /etc/rc.tcpip
starts TCP/IP daemons (sendmail, portmap, inetd, etc., and other daemons: syslogd, lpd ...)
3. /etc/inetd.conf
when inetd started, it reads its configuration from this file
contains the name of the services that inetd listens for requests and starts as needed
PORTMAP DAEMON:
The portmap daemon converts remote procedure call (RPC) program numbers into Internet port numbers. (like in the case of NFS)
When an RPC server starts up, it registers with the portmap daemon. The portmap daemon knows the location of every registered port on the host and which programs are available on each of these ports. When a client sends an RPC to the server, the portmap daemon answers to the client which port to send the call to. Portmap daemon listens on port number 111.
It is started from /etc/rc.tcpip before inetd and the RPC servers (e.g. nfs). Thus, when the RPC servers start they can register with portmap.
INETD DAEMON:
The /usr/sbin/inetd daemon provides Internet service management for a network. It reduces system load by invoking other daemons. The inetd daemon listens for connections on certain Internet sockets (info in /etc/inetd.conf) and handles those requests.
The inetd daemon is a subsystem that controls the following daemons (subservers): ftpd, fingerd, talkd, telnetd ...
/etc/inetd.conf inetd configuration file (if changed by an editor, run refresh -s inetd)
smitty inetd updates automatically the /etc/inetd.conf
lssrc -ls inetd shows details of subservers started in inetd
stopsrc -s inetd stops the inetd daemon
stopsrc -t ftp stops an inetd subserver
------------------------
NAME RESOLUTION:
You can use several methods to ensure that /etc/hosts file is used before any DNS, if the /etc/resolv.conf file exists.
You can include the NSORDER variable in the /etc/environment file, or you can include a specification line in either the /etc/irs.conf file or the /etc/netsvc.conf file.
The settings in the /etc/netsvc.conf configuration file override the settings in the /etc/irs.conf file. The NSORDER environment variable overrides the settings in the /etc/irs.conf and the /etc/netsvc.conf files.
Domain Name Service (DNS):
/etc/resolv.conf contains name servers, if this file exists then we have a domain network, if not then /etc/hosts file is used
/etc/netsvc.conf specify the ordering of name resolution (or NSORDER environment variable can contain this)
(if both exists NSORDER will override netsvc.conf)
bind=DNS, local=/etc/hosts
pl.:
NSORDER=local,bind
The /etc/netsvc.conf and /etc/irs.conf files are used by the resolver routines as soon as the files exist
/etc/netsvc.conf configuration:
hosts=local,bind
/etc/irs.conf configuration:
hosts local continue
hosts dns
nslookup responds similarly to the host command, but it only uses DNS (don't NIS and don't /etc/hosts)
Flat Network:
/etc/hosts contains the hostnames and their address for hosts in the network
host searches through the /etc/hosts file, and display the ip address of the hostname
host searches through the /etc/hosts file, and display the hostname
To work properly both should give the same result.
------------------------
ADDRESS RESOLUTION:
Internet-to-physical address (MAC address)
arp -a shows the ARP table
the manual of arp command can help
------------------------
VERIFYING OPEN PORTS:
To display TCP/IP application ports (which are opened)
netstat -an lists of opened ports with port numbers (netstat -an -f inet)
netstat -af inet lists all open UDP and TCP ports with service names (not the port numbers)
server ports are in LISTEN state, client connections to or from any port are in ESTABLISHED state
/etc/services contains information about known services and their portnumber (if changing this file: refresh -s inetd)
------------------------
ROUTING
lsattr -El inet0 shows routings in the inet0 (which is a netwotk device in the kernel (config info for inet0 is stored in the odm)
(you can check with this as well: odmget -q attribute=route CuAt)
netstat -rn shows the routing table. (-r: displays routing statistics, -n: displays the network address as an IP address)
In the routing table:
U - route is up and available
H - route is to a host
G - route is to a gateway
b - route represents a broadcast address
S - manually added??? (Static route: it will come back after reboot???)
A - Active Dead Gateway Detection is enabled on the route
Check both places: netstat -nr and lsattr -El inet0 (odmget -q "attribute = route" CuAt)
Commands:
chdev smitty route route
ADD/REMOVE with chdev: (permanent)
(when default route is added it can be network route, dest. addres is 0.0.0.0 and network mask can be 0.0.0.0)
(we can add interface name as well, if omitted system will add 1)
add:
chdev -l inet0 -a route=net,-hopcount,0,,0,100.200.200.65
chdev -l inet0 -a route=0,
remove:
first check lsattr -El inet0, and copy a line exactly from the output into " ...":
chdev -l inet0 -a delroute="net,-hopcount,0,-netmask,255.255.0.0,-if,en4,,,,50.20.0.0,50.50.80.3"
chdev -l inet0 -a delroute="net,-hopcount,0,,0,100.200.200.65"
chdev -l inet0 -a delroute="net,-hopcount,0,-netmask,255.255.255.240,,,,,-static,50.20.100.80,10.10.3.1"
------------------------
ADD/REMOVE with route: (temporary)
add:
route add 0 9.19.99.11 route add -net 100.100.243.0 -netmask 255.255.255.0 100.100.200.209 route add -net 9.19.99/22 9.19.98.11 route add -host 50.200.100.31 50.200.100.20 route add 10.200.40.28 10.200.40.1 -active_dgd
remove:
route delete 50.20/22 50.50.80.3 route delete 0 9.19.99.11
route -f clear the routing table (except those created implicitly)
mkdev -l inet0 it will recreate the routes which exist in the ODm (inet0) (it can help, if it was deleted manually)
The route command distinguishes between routes to hosts and routes to networks by interpreting the network address of the destination address. The optional keywords -net and -host force the destination to be interpreted as given.
If there are more routes (duplicate routes) on host A, you can have some packet loss, when you ping host A from host B. On host A if you issue many times: route -n get , you will see interface names (enX) will change, this is due to bad routing)
For Static routes a solution would be:
(instead of using chdev and ODM checking)
1. add the routes with route command
2. Put the routes into /etc/rc.net file (with the same route command)
Look for "Part II - Traditional Configuration," and you will see an area in which you can add routes
This way, you have a flat file that is easily modified, contains the route information in a straightforward way, and doesn't manipulate the ODM.
To remove all the routes:
(routing table + ODM)
/etc/route -n -f and odmdelete -o CuAt -q "name=inet0 and attribute=route"
------------------------
chdev - changes are effective immediately and across boots
ifconfig, route - changes are active immediately and are effective until reboot
------------------------
DIFFERENT INTERNET SERVICES:
ARPANET BERKLEY SECURE SHELL
secure (not powerful) powerful (not secure) secure and powerful
Remote login: telnet rlogin/rsh ssh
Remote execue: rexec rsh ssh
File Transfer: ftp rcp sftp/scp
------------------------
OTHER COMMANDS:
smitty inet configuring interfaces
smitty tcpip configuring TCP/IP
smitty mktcpip on 1 page you can set: hostname, default gateway, netmask...
smitty hostname sets the hostname (chdev -l inet0 -a hostname=)
lsdev -Cc adapter lists adapters
lsdev -Cc if lists interfaces
lsattr -EHl en0 lists attributes (ez is müxik: lsattr -EHl ent0)
lscfg -vpl shows vital product data (e.g. lscfg -vpl ent0)
ifconfig configure and modify properties of network interfaces
ifconfig -a displays information about all interfaces (should be UP and RUNNING)
ifconfig en0 shows attributes of a specific interface (lo0:loopback, en0:ethernet...)
ifconfig en0 up activates network interface (... down: deactivates it)
ifconfig en1 50.20.100.47 netmask 255.255.255.192 configure ip (or ifconfig en0 x.x.x.x netmask y.y.y.y up)
ifconfig en3 10.200.30.106 netmask 255.255.255.0 alias configure alias (ifconfig makes changes only until reboot)
ifconfig en3 10.200.30.106 netmask 255.255.255.0 delete deletes ip from interface en3
chdev -l en8 -a netaddr=50.20.80.4 changes the ip on en8
chdev -l en1 -a netaddr=12.10.10.2 -a netmask=255.255.255.0 -a state=up
chdev -l en3 -a alias4=10.10.6.26,255.255.255.0 adds alias to en3 (last after reboot as well)
chdev -l en9 -a delalias4=10.200.200.136,255.255.255.224 removes an alias (this works as well: ifconfig en1 delete 9.37.207.29)
no -a lists network tuning parameters
ping -c 1 sends only 1 packet
ping -f floods out packets (it is good for testing the network for handling a lot of traffic)
ping -s specifies the number of bytes to be sent
rpcinfo -d deletes registration of a service (clears up the port?)
spray -c 100 -l 50 -d 1 sends a specified number of packets to a host (performance statistics)
it uses RPC which is higher level then ICMP (higher layer than ping)
sprayd must be run in host to get respond (inetd.conf)
-c number of packets to send
-l the size of a packet
-d delay time (in microseconds) between sending the packets
-i sends ICMP package not RPC
netstat -rn shows the routing table
netstat -in shows the MAC addresses (and IP addresses) of all interfaces
netstat -v shows device driver information
netstat -v ent2 shows statistical information (it uses entstat, e.g. it is similar to entstat -d ent2)
netstat -v |grep Media shows running speed (100Mbs..., Full duplex) (netstat -v | egrep "ETH|Media|Speed|Link")
netstat -p udp display UDP transport statistics (dropped, socket buffer overflow)
netstat -p tcp display TCP transport statistic (retransmitted: it means cannot ACK before timeout, duplicate packets)
netstat -I en0 2 shows traffic across that interface in 2 seconds intervals
netstat -an display the status of connections to host
route get shows info which interface, gateway ... is used to reach the ip
traceroute shows each router the packets travel through to reach the target host
+with the min., average, max. response time taken to get to that router (* means probe to the next router timed out)
traceroute packet size can be added as well (once this was successful:traceroute 100.200.140.55 1456, but with 1457 it wasn't)
arp -an shows the routing table without name resolution
------------------------
tcpdump -i en0 icmp it will only watch the icmp (ping) traffic on the given interface
tcpdump -i en1 host 50.50.30.8 displays the traffic of en1 which is coming from or going to the given host
tcpdump -n -i en1 host 50.50.30.8 it is the same as above, just without name resolution (more simplified)
tcpdump -i en2 dst host show only data being sent to a specific host
tcpdump -i en2 src host show only packets coming from a specific host
tcpdump -i en2 host port 22 show packet destined for or sent by a specific host on a specific port
tcpdump -w test.pcap -i en4 host 10.120.0.13 shows network traffic (if -w omitted it displays the results on the screen)
-w writes details to file test.pcap (it is not a text file, wireshark can understand it)
-i checks traffic only on specified interface
host only the communication from the given host will be watched
------------------------
iptrace same as tcpdump (tcpdump better)
iptrace usage:
1. iptrace -a -i en1 -s clientip -b -d serverip -p 80 trace.out this will capture both directions on port 80 traffic to file trace.out
2. generate a test, then run: ps -ef | grep iptrace --> kill -15
3. ipreport trace.out>trace.fmt (after this trace.fmt can be read by wireshark)
uname -n display the hostname (-x: displays operating system realease number...)
no -o ipforwarding shows if the host fowards IP datagrams or not (0=not, 1=yes; to change it: no -o ipforwarding=)
Hosts should not forward IP datagrams unless specifically configured as a router
------------------------
Hostname setting:
hostname changes the hostname until next reboot
chdev -l inet0 -a hostname= permanent change
------------------------
Who is using my port?
1. netstat -Aan | grep is being used.
The hex number in the first column is the address of protocol control block (PCB)
$ netstat -Aan | grep 30542
f10000f303321b58 tcp4 0 0 *.30542 *.* LISTEN
2. rmsock tcpcb
$ rmsock f10000f303321b58 tcpcb
The socket 0x3321800 is being held by proccess 692476 (db2sysc).
Note that rmsock, unlike what its name implies, does not remove the socket, if the socket is being used by any process.
It just reports the process holding the socket. The second argument of rmsock is the protocol. (tcpcb in the example indicates TCP.)
------------------------
If ping does not work and arp -a shows incomplete entry:
server.domain.com (111.111.222.222) at (incomplete)
There is an IFIX (IV13759s01) for this issue, but manually can be fixed by removing this entry from arp table and adding a new one with MAC address.
1. on destination server: check mac address of the network interface (111.111.222.222)
# netstat -i
Name Mtu Network Address
en1 1500 link#2 1e.2f.ed.3c.e4.c en1 1500 111.111.222 server.domain
2. on the server with wrong arp table:
arp -d server.domain.com arp -s ether server.domain.com 1e:2f:ed:3c:e4:c
After that arp -a will show correct entry and ping should work.
Comments
Post a Comment