(Message inbox:33) Return-Path: rootd@ee.pdx.edu Return-Path: Received: from sirius.cs.pdx.edu (sirius.cs.pdx.edu [131.252.20.199]) by cs.pdx.edu (8.6.9/CATastrophe-12/23/94-P) with ESMTP id JAA28781; Wed, 18 Jan 1995 09:37:11 -0800 for Received: from localhost (localhost.cs.pdx.edu [127.0.0.1]) by sirius.cs.pdx.edu (8.6.9/CATastrophe-9/18/94-C) with ESMTP id JAA26469; Wed, 18 Jan 1995 09:36:27 -0800 for Message-Id: <199501181736.JAA26469@sirius.cs.pdx.edu> To: cs410tcp@cs.pdx.edu Subject: do-it-yourself UNIX network admin. command HW assignment Date: Wed, 18 Jan 1995 09:36:26 -0800 From: James Binkley Greetings, This is an informal do-it-yourself homework assignment. There are a number of UNIX network sys. admin. commands I would like you to familiarize yourself with. There is NOTHING to mail to me or to turn in by the way -- whether you do this or not is entirely up to you. I would like for you to read the man pages and try (as possible, some commands require UNIX sys. admin. permissions -- typically you must be superuser to SET things, not look at them) the following commands: % netstat -a -rn -s -in % arp -a % ping a.b.c.d % traceroute a.b.c.d % ifconfig somedevice %ifconfig -a -> info for all devices Read the man pages (but do not try) % man route (route is used for setting routes by hand) % man routed (RIP routing daemon - sets routes dynamically; i.e., you don't do anything but run it at boot). This will take some time but try and do it in the next 2-3 weeks. The following document was written a couple of years ago but is still mostly accurate. It attempts to describe local SunOS and public domain commands that might be found on a UNIX system and are network sys. admin. related. j. ================================================================= Network sys admin files/commands -------------------------------- Give these commands (where you can: some are root/sys admin only some are daemons that only get run at boot). E.g., anyone can give % arp -a to print the arp table. But only root can use "arp" to change the arp table. Briefly scan man pages and files to familiarize yourself. E.g., to read the arp man page % man arp Familiarization here is useful both for application programmers and for sys. admins, but it is a long haul sort of thing. Remember I said *briefly*. Do it once now and once at the end of the course again -- see if you can pick some of it up along the way. Network sys. admin. is a full time job. One other point: a fair number of these commands live in /etc or /usr/etc and if you can't get to them from your path, you need /etc and/or /usr/etc in your path... (PSU has more in /usr/local/etc) or just tack on: %/usr/etc/arp -a Figuring out where these commands live on a particular UNIX system is your job, not mine. Do *NOT* try to run daemons. You can't (we hope), and they are usually started at boot automatically. Only an experienced sys. admin will restart a daemon. Commands you can run as a non-root, are labeled below with ANYBODY as opposed to ROOTONLY. Network status (ANYBODY) % netstat - running error stats + counts on config. i/f every N seconds % netstat -a: socket ports and state % netstat -s: protocol (tcp etc.) counts and errors Lots of info here. Probably too much. Black art of interpretation (same for netstat -i). % netstat -rn: routing table dump % netstat -m: socket (mbuf) usage and stream bufs too % netstat -i: list of interfaces note: % netstat -n: forces host addresses to be numeric, avoids /etc/hosts or DNS lookup, can be much faster. use with other switch; e.g., % netstat -in ANYBODY can do netstat commands. Network interfaces: % netstat -i: list of interfaces and stats Use this command to find the 3 letter interface names. E.g., rigel has 2 interfaces le0, and le1. % ifconfig - print setup. ANYBODY After you run netstat -i to learn the i/f names. Use ifconfig on the interface names; e.g., % ifconfig we0 (assuming we0 is an i/f name. It is, but not on Suns!) % ifconfig - *set* params with if name: print current if setup, else set parameters, typically ip address, subnet mask, broadcast address set at boot in /etc/rc* (rc.local). ROOT ONLY. % ifconfig -a args...: set all interfaces with remainder of args. ROOT ONLY. Connectivity: % ping host - send an ICMP echo message to a host. one packet. ANYBODY % ping -s host - send packets continually, until SIGINT. (CTRL-C or DEL). ANYBODY (The parameters of ping vary from UNIX system to UNIX system) Note whether packets were lost indicating possibly low-level connectivity problems or sw problems. No response means somebody is unplugged or down. With -s, note the time. Occasional unexpectedly long times may indicate network congestion or hw cable or i/f problems. ping means a packet was sent from your machine via ICMP, and echoed at the IP level. ping tells you if the os is up; but doesn't tell you if inetd is running. % telnet host 25 - talk to "hosts" sendmail problem. Mail connectivity test. ANYBODY. % telnet ip-number - can tell if inetd is functioning. With telnet you can use the ip number instead of the host name. If ip-number as opposed to telnet hostname works, you have problems with the name server. ANYBODY If you can ping, but you can't telnet, you have problems with getting processes running and possibly inetd configuration problems. % telnet host 7 - talk to tcp echo port. If this works, inetd is up and so is the machine in terms of being fully booted, but you can just telnet to it as well or whatever. ANYBODY (even you) Try % telnet localhost 7 Type in "hello world", it will be echoed. Type in Cntl-], followed by QUIT to get out. Routing % netstat -r: print routing tables (the routing tables are stored in the kernel and used by ip to route packets to foreign (i.e., not the local network) networks. % route ... params to-host-or-network via-local-ip don't try it. ROOT ONLY. The route command is used for setting a static (non-dynamic by hand route) route path in the route tables. It is typically used at boot in the /etc/rc scripts. It can be used for setting a default route; i.e., when in doubt send all packets to a particular local gateway. % routed - the BSD daemon that does dynamic routing. Started at boot. ROOT ONLY (definitely). This daemon runs the RIP routing protocol. % gated - somewhat rare, but found. Alternative routing daemon to rip. Has OSPF routing protocol, EGP, and RIP all under same roof. ROOT ONLY. % traceroute ipaddr - useful for tracing route of packet. Public domain utility. packet causes message to be send back from all gateways inbetween here and final endpoint. PSU has it. ANYBODY. (Sometimes ROOT ONLY, sometimes not.) E.g., from psu try: % traceroute cse.ogi.edu Arp % arp -a: print arp table. Root can add and delete arp entries. Deleting them can be useful if an arp entry is malformed or just wrong. Arp entries explicitly added by root are permanent -- they can also be by proxy (we'll talk about this eventually later). The arp table is stored in the kernel and manipulated dynamically. Arp entries are cached and will time out and be deleted normally in 20 minutes. ANYBODY. % arp [other switches]: set, delete routing table entries. See man page for details. ROOT ONLY. NFS/NIS network file system/yellow pages (a little) % df . - shows where you are. ANYBODY % df -t nfs - show nfs mounts. ANYBODY % mount - to do the mounts /etc/fstab - set for automatic mounts at boot. ROOT ONLY. % nfsstat - show local NFS client/server rpc call stats. good for checking on errors. ANYBODY % nfsstat -c: client side info % nfsstat -s: server side info % showmount - show NFS mounts on a host. ANYBODY /etc/exports - file of mount points exported on a given system. Also /etc/xtab % rpcinfo - print portmap (nis name servers) RPC program numbers to tcp/udp port mapping Example %rpcinfo -p localhost ANYBODY. /etc/mtab - mount table built by mount. %mount to print. % nfswatch - useful for NFS monitoring. public domain utility. also some protocol stats. Curses (?) display. PSU has it. ANYBODY % automount, /etc/auto* - daemon and control files for Sun automounter - auto mount NFS directories when touched. ROOT ONLY. processes %ps -aux or ps -alx (I prefer alx for sys admin oriented things since you get the boot order of daemons -aux is user and use oriented). ANYBODY % ps -aux | grep - get all of your procs including procs on background. %ps - just your processes in foreground, and not other users. ANYBODY naming (bind) % /usr/etc/nslookup command shell. try typing in ftp.uu.net. or prep.ai.mit.edu (where GNU sources live). exit to quit. ANYBODY. make queries of name server; e.g., given name foo.bar.com; what is IP number? set type=any to get more info. See if you can figure out how to do a reverse ip address mapping; i.e., give the ip address and get the name -- the reverse of the usual name to ip address mapping. % /usr/etc/in.named - the DNS (BIND) name server A daemon. ROOT ONLY. (Rigel is cs.pdx.edu name server, files are in /usr/local/lib/named) Files: /etc/hosts - names to ip addresses /etc/networks - network names to ip addresses /etc/protocols - protocol names to protocol numbers /etc/services - tcp/udp service names to port numbers Some servers and stat. commands (netstat -a) use it. Some don't. It's never quite correct. See rfc 1060, (may be newer rfc) assigned numbers for more info. (It's out of date by definition too). /etc/ethers - ethernet numbers (Sun'ism) - may not have it even on a sun. Useful for ethernet trace utilities. Diagnostics: anything that dumps a table... ps, netstat -r, netstat -i arp -a, nfsstat, df -t nfs Sun % traffic - graphical traffic status ROOT ONLY. You have to run this from sunview or openwin. % etherfind - per line ethernet filter. ROOT ONLY. % tcpdump - public domain etherfind, but better. ROOT ONLY. Basic utilities (ANYBODY, subject to passwd/other restrictions): % ftp . file transfer. uses shell and ascii commands. quit to quit. Anonymous ftp: name is anonymous: password is user@whereever % telnet %telnet 1.2.3.4 %telnet rigel.cs.pdx.edu telnet e.g, %telnet localhost 7 - talk to tcp ECHO protocol... % telnet localhost 25 - SMTP protocol how SMTP works... you can talk directly to it or to NNTP too. Type in help to get help list of commands. '.' to quit. Send yourself mail from fred@flintstone.com. virtual terminal program. EOF to quit, but CTRL-] gets you to the telnet shell where you can type "quit" to get out if you are hung. ************************************************* rcp/rsh are mostly banned at psu, due to weak security ************************************************* rcp system:file system:file params like UNIX cp. rcp -r: recursive file copy. rcp/rsh talk to rshd which is controlled by inetd. rshd administers the rshd security protocol which uses .rhosts and /etc/hosts.equiv as a weak security system. for policy at PSU see /home/jove/stuff/banzai/policy/rhosts-gone rsh (BSD remote shell) remsh on Sys V. rsh sysname /bin/sh -i poor man's shell. You can sometimes use this if a system is out of pty ports. rlogin name virtual terminal like telnet. ~. to quit if you are hung. eof normally gets you out. You should read the man pages for ftp/telnet (skim them) and ftpd, telnetd, rshd if you are a sys. admin. other daemons: (ROOT ONLY can start these at boot) inetd: - the BSD mother daemon /etc/inetd.conf - configuration file. makes connections for all daemons listed in inetd.conf. Sys V has "listen" administered by nlsadmin, which is a similar sort of thing. inetd may even run under listen. sendmail: - runs SMTP mail protocol on tcp port 25. delivers mail. Mail daemon. If you telnet to port 25, you are talking *directly* to sendmail.