Networking

Networking

IP Address, Mask, Gateway

IPv4

Four 8-bit numbers 0-255.0-255.0-255.0-255

• subnet mask
• gateway server: where to send packages?
• DNS server: resolve domain names to IPs

Ports

IANA (Internet Assigned Numbers Authority): Service Name and Transport Protocol Port Number Registry ^d2523a

Excerpt

Service   Port    Transport   Description
Name     Number   Protocol
socks     1080        tcp       Socks
socks     1080        udp       Socks

Technologies and Protocols

What is a protocol?¹

In networking, a protocol is a standardized set of rules for formatting and processing data. Protocols enable computers to communicate with one another.

Protocols

TABLE WITHOUT ID
("[" + acronym + "](" + file.path + ")") AS "Acronym",
full-name AS "Name",
desc-short AS "Description"
WHERE contains(file.path,"networking/protocols")

OSI Model

Wikipedia: OSI model

7 layers to differentiate protocols

• layer 1: physical layer
• layer 2: data link layer
• layer 3: network layer
• layer 4: transport layer
• layer 5: session layer
• layer 6: presentation layer
• layer 7: application layer

Wireless

• 5G

Security

Networking: Security

• TLS
• SSL
• SASL

Network Managers

Netplan

Netplan documentation

• YAML configuration

Load Balancing

• nginx: HTTPq
• HAProxy: TCP/HTTP
• LVS (Linux Virtual Server)

Tools

Tags: #tech/networking/tools

General toolkit ^0fd526

• ICMP
• ping and traceroute
• wireshark
• NSLookpup
• Netstat
• Network Management
• Show and debug
• Discovery …
• …

ip #tech/networking/tools/ip

• network namespaces

  • create virtual route/network between VM and host (K8s Documentation)

  # create network namespace for VM
  sudo ip netns add myns
  ip netns list
  # execute command in new network namespace
  sudo ip netns exec myns ip addr
  # create a virtual interface pair, it has two virtual interfaces which are connected by a virtual cable
  sudo ip link add veth-a type veth peer name veth-b
  # move one interface to new namespace
  sudo ip link set veth-b netns test1
  # assign IP addresses and bring interfaces up
  sudo ip addr add 192.168.1.1/24 dev veth-a
  sudo ip link set veth-a up
  sudo ip netns exec myns ip addr add 192.168.1.2/24 dev veth-b
  sudo ip netns exec myns ip link set dev veth-b up
  # we should be able to ping interface `b`
  ping 192.168.1.2
  

host: DNS lookup utility

host name [server] # find IP or hostname, optionally specify DNS server

netstat: part of net-tools and considered deprecated, functionality is now provided by ip and ss

netstat -tlpn # show tcp listen with program and numeric addresses

Alternatives to deprecated net-tools programs @StackExchange

• arp → ip n (ip neighbor)
• ifconfig → ip a (ip addr), ip link, ip -s (ip -stats)
• iptunnel → ip tunnel
• iwconfig → iw
• nameif → ip link, ifrename
• netstat → ss, ip route (for netstat -r), ip -s link (for netstat -i), ip maddr for netstat -g)

Tags: #tech/networking/nc (netcat): scan for (open) ports

nc [options] host port # usage
# scan for open ports
nc -z -v <IP-ADDRESS> 1-65535 2>&1 | grep -v refused
# -v: verbose
# -z: scan without sending data to port

Tags: #linux/tools/lsof: list open (network) files, show ports and mappings

lsof -i -P -n
# -i: list files whose Internet address matches argument or all network files if no address is specified
# -n: inhibit conversion of network numbers to host names for network files
# -P: inhibit conversion of port numbers to names for network files

Tags: #tech/networking/tools/ss ^06f80a

ss | less  # get all connections
ss -t      # get tcp connections not in listen mode (server programs)
ss -u      # get udp connections not in listen mode
ss -x      # get unix socket pipe connections
ss -ta     # get all tcp connections
ss -au     # get all udp connections
ss -nt     # all tcp without host name
ss -ltn    # listening tcp without host resolution
ss -ltp    # listening tcp with PID and name
ss -s      # prints statstics
ss -tn -o  # tcp connection with domain host and show keepalive timer
ss -tl4    # ip4 connections
ss -tlp[n] # show TCP listening ports

nmap: Network exploration tool and security / port scanner. Not commonly pre-installed.

open source tool for network exploration and security auditing

• ping sweep
• https://stackoverflow.com/questions/14600466/how-to-ping-mac-address-in-linux

nmap -sn # no port scan/"ping scan": allows light reconnaissance of a target   network without attracting much attention

Tags: #tech/networking/tools/dnsmasq: A lightweight DHCP and caching DNS server

Tags: #tech/networking/tools/dig (Domain Information Groper): DNS lookup utility

• find CNAMEs and IPs for hostnames

dig google.com [@1.0.0.1] # optionally specify DNS server with @

Tags: #tech/networking/tools/resolvctl: #linux/systemd (not present on openSUSE)

Send control commands to the network name resolution manager, or resolve domain names, IPv4 and IPv6 addresses, DNS records, and services.

Config at /etc/resolv.conf specifying DNS servers, but usually managed by some program, e.g. netconfig.

Tags: #tech/networking/tools/nslookup: (interactively) query Internet name servers

nslookup host [server]

traceroute: print the route packets trace to network host

traceroute <host>

Wireshark

See also my notes on Wireshark

Tags: #tech/networking/tools/wireshark: the world’s foremost and widely-used network protocol analyzer

Website | Documentation | Wiki

Tags: #tech/networking/tshark: Dump and analyze network traffic

Man page

Security

See my notes on networking security

SSL Labs: Check website certificate, protocols, keys, etc.

Authentication

Principles

Packets

• MTU (Maximum Transmission Unit) ^mtu
  maximum packet size that can be transmitted over your network

Packet Problems

• faulty packets lead to CRC errors (e.g. cable issue)
• business environment switches usually drop these, consumer devices might forward packets anyway
• even when connected to the switch, the NIC might drop it, Wireshark still can’t see it then (old NICs might still forward) => Wireshark is only good for OSI layers 2-7, other tools required for layer 1

Main issues

• delay
• jitter (variation in arrival of packets)
• packet loss

Fragmented packets pose security problems as they can be able to avoid signature detection as firewall’s signature detection would require putting them back together. This would mean a lot of processing, so they are often dropped. For example Google drops ping attempts with size 4096 bytes. Thus fragmented packets can hint at security issues. On modern networks they shouldn’t be present anymore.

Detecting Wireshark being used on a network: with active name resolution disabled Wireshark is passive, but tools can look for promiscuous NIC behaviour.

Packet Priority

Packets have tags to determine priority and ensure Quality of Service (QoS). In most cases this should be reassigned when external packets enter a network as own priorities on traffic are safer to use.

Glossary

References

• Wikipedia: List of TCP and UDP port numbers
• My notes on MAC addresses
• Get public IP address DaveMcKay@HowToGeek

---

1. https://www.cloudflare.com/en-gb/learning/network-layer/what-is-a-protocol/ ↩