Contents
- Introduction
- Examining And Monitoring A Network
- Transporting Files Over A Network
- Secure Communication With Remote Hosts
- Summary
Introduction
When it comes to networking, there is probably nothing that cannot be done with Linux. Linux is used to build all sorts of networking systems and appliances, including firewalls, routers, name servers, network-attached storage (NAS) boxes, and on and on. This chapter will introduce the following commands:
ping
- Send an ICMP ECHO_REQUEST to network hoststraceroute
- Print the route packets trace to a network hostip
- Show/manipulate routing, devices, policy routing, and tunnelsnetstat
- Print network connections, routing tables, interface statistics, masquerade connections, and multicast membershipsftp
- Internet file transfer programwget
- Non-interactive network downloaderssh
- OpenSSH SSH client (remote login program)
Examining And Monitoring A Network
Even if you’re not the system administrator, it’s often helpful to examine the performance and operation of a network.
ping
The most basic network command is ping
. The ping
command sends a special network packet called an ICMP ECHO_REQUEST to a specified host. Most network devices receiving this packet will reply to it, allowing the network connection to be verified. Let’s see whether we can reach google.com (one of our favorite sites).
[user@linux ~]$ ping google.com
traceroute
The traceroute
program (some systems use the similar tracepath program instead) lists all the “hops” network traffic takes to get from the local system to a specified host. For routers that provided identifying information, we see their hostnames, IP addresses, and performance data, which includes three samples of round-trip time from the local system to the router. For routers that do not provide identifying information (because of router configuration, network congestion, firewalls, etc.), we see asterisks as in the line for hop number 2. In cases where routing information is blocked, we can sometimes overcome this by adding either the -T
or -I
option to the traceroute
command. Let’s see the route taken to reach google.com.
[user@linux ~]$ traceroute google.com
ip
The ip
program is a multipurpose network configuration tool that makes use of the full range of networking features available in modern Linux kernels. It replaces the earlier and now deprecated ifconfig
program. With ip
, we can examine a system’s network interfaces and routing table.
[user@linux ~]$ ip a
netstat
The netstat
program is used to examine various network settings and statistics. Using the -ie
option, we can examine the network interfaces in our system. Using the -r
option will display the kernel’s network routing table.
[user@linux ~]$ netstat -ie
[user@linux ~]$ netstat -r
Transporting Files Over A Network
What good is a network unless we can move files across it? There are many programs that move data over networks. In this chapter we will cover two of them.
ftp
One of the true “classic” programs, ftp gets its name from the protocol it uses, the File Transfer Protocol. FTP was once the most widely used method of downloading files over the Internet. Most, if not all, web browsers support it, and you often see URIs starting with the protocol ftp://
.
Before there were web browsers, there was the ftp program. ftp
is used to communicate with FTP servers, machines that contain files that can be uploaded and downloaded over a network.
FTP (in its original form) is not secure because it sends account names and passwords in cleartext. This means they are not encrypted, and anyone sniffing the network can see them. Because of this, almost all FTP done over the Internet is done by anonymous FTP servers. An anonymous server allows anyone to log in using the login name “anonymous” and a meaningless password.
Typing help
at the ftp>
prompt will display a list of the supported commands.
lftp: A Better ftp
ftp
is not the only command-line FTP client. In fact, there are many. One of the better (and more popular) ones is lftp
by Alexander Lukyanov. It works much like the traditional ftp
program but has many additional convenience features including multiple-protocol support (including HTTP), automatic retry on failed downloads, background processes, tab completion of path names, and many more.
wget
Another popular command-line program for file downloading is wget. It is useful for downloading content from both web and FTP sites. Single files, multiple files, and even entire sites can be downloaded. Let’s download google.com.
[user@linux ~]$ wget https://www.google.com
Secure Communication With Remote Hosts
For many years, Unix-like operating systems have had the capability to be administered remotely via a network. In the early days, before the general adoption of the Internet, there were a couple of popular programs used to log in to remote hosts. These were the rlogin
and telnet
programs. These programs, however, suffer from the same fatal flaw that the ftp
program does; they transmit all their communications (including login names and passwords) in cleartext. This makes them wholly inappropriate for use in the Internet Age.
ssh
To address this problem, a new protocol called Secure Shell (SSH) was developed. SSH solves the two basic problems of secure communication with a remote host.
- It authenticates that the remote host is who it says it is (thus preventing so-called man-in-the-middle attacks).
- It encrypts all of the communications between the local and remote hosts.
SSH consists of two parts. An SSH server runs on the remote host, listening for incoming connections, by default, on port 22, while an SSH client is used on the local system to communicate with the remote server.
Most Linux distributions ship an implementation of SSH called OpenSSH from the OpenBSD project. Some distributions include both the client and the server packages by default (for example, Red Hat), while others (such as Ubuntu) supply only the client. To enable a system to receive remote connections, it must have the OpenSSH-server package installed, configured, and running, and (if the system either is running or is behind a firewall) it must allow incoming network connections on TCP port 22.
The SSH client program used to connect to remote SSH servers is called, appropriately enough, ssh
.
[user@linux ~]$ ssh remote-computer
scp And sftp
The OpenSSH package also includes two programs that can make use of an SSH-encrypted tunnel to copy files across the network. The first, scp
(secure copy), is used much like the familiar cp
program to copy files. The most notable difference is that the source or destination pathnames may be preceded with the name of a remote host, followed by a colon character. For example, if we wanted to copy a document named document.txt from our home directory on the remote system, remote-computer, to the current working directory on our local system, we could do this:
[user@linux ~]$ scp remote-computer:document.txt .
The second SSH file-copying program is sftp
, which, as its name implies, is a secure replacement for the ftp
program. sftp
works much like the original ftp
program that we used earlier; however, instead of transmitting everything in cleartext, it uses an SSH encrypted tunnel. sftp
has an important advantage over conventional ftp
in that it does not require an FTP server to be running on the remote host. It requires only the SSH server. This means that any remote machine that can connect with the SSH client can also be used as an FTP-like server. Here is a sample session.
[user@linux ~]$ sftp remote-computer
Connecting to remote-computer...
user@remote-computer's password:
sftp> ls
ubuntu-8.04-desktop-i386.iso
sftp> lcd Desktop
sftp> get ubuntu-8.04-desktop-i386.iso
Fetching /home/user/ubuntu-8.04-desktop-i386.iso to ubuntu-8.04-desktop-i386.iso
/home/user/ubuntu-8.04-desktop-i386.iso 100% 699MB 7.4MB/s 01:35
sftp> bye
Summary
In this chapter, we surveyed the field of networking tools found on most Linux systems. Since Linux is so widely used in servers and networking appliances, there are many more that can be added by installing additional software. But even with the basic set of tools, it is possible to perform many useful network-related tasks.