Course Title: Network and System Administration

Course No: BIT451 Semester: VIII

Unit 3: Network Administrations

Network Interface Configuration

A network interface is the point of connection between a computer and a network.

Interface configuration files

Every network interface has its own configuration file in the /etc/sysconfig/network-scripts directory.
Each interface has a configuration file named ifcfg-<interface-name>X, where X is the number of the
interface, starting with zero or 1 depending upon the naming convention in use; for example
/etc/sysconfig/network-scripts/ifcfg-eth0 for the first Ethernet interface.

Most of the other files in the /etc/sysconfig/network-scripts directory are scripts used to start, stop and
perform various network configuration activities.

Each interface configuration file is bound to a specific physical network interface by the MAC address of
the interface.

Configuration file examples

This example network interface configuration file, ifcfg-eth0, defines a static IP address configuration for
a CentOS 6 server installation.

# Intel Corporation 82566DC-2 Gigabit Network Connection

DEVICE=eth0
HWADDR=00:16:76:02:BA:DB
ONBOOT=yes
IPADDR=192.168.0.10
BROADCAST=192.168.0.255
NETMASK=255.255.255.0
NETWORK=192.168.0.0
SEARCH="example.com"
BOOTPROTO=static
GATEWAY=192.168.0.254
DNS1=192.168.0.254
DNS2=8.8.8.8
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
This file starts the interface on boot, assigns it a static IP address, defines a domain and network
gateway, specifies two DNS servers, and does not allow non-root users to start and stop the interface.

Configuration options:
There are many configuration options for the interface configuration files. These are some of the more
common options:

 DEVICE: The logical name of the device, such as eth0 or enp0s2.

 HWADDR: The MAC address of the NIC that is bound to the file, such as 00:16:76:02:BA:DB
 ONBOOT: Start the network on this device when the host boots. Options are yes/no. This is
typically set to "no" and the network does not start until a user logs in to the desktop. If you
need the network to start when no one is logged in, set this to "yes".
 IPADDR: The IP Address assigned to this NIC such as 192.168.0.10
 BROADCAST: The broadcast address for this network such as 192.168.0.255
 NETMASK: The netmask for this subnet such as the class C mask 255.255.255.0
 NETWORK: The network ID for this subnet such as the class C ID 192.168.0.0
 SEARCH: The DNS domain name to search when doing lookups on unqualified hostnames such
as "example.com"
 BOOTPROTO: The boot protocol for this interface. Options are static, DHCP, bootp, none. The
"none" option defaults to static.
 GATEWAY: The network router or default gateway for this subnet, such as 192.168.0.254
 ETHTOOL_OPTS: This option is used to set specific interface configuration items for the network
interface, such as speed, duplex state, and autonegotiation state. Because this option has several
independent values, the values should be enclosed in a single set of quotes, such as: "autoneg
off speed 100 duplex full".
 DNS1: The primary DNS server, such as 192.168.0.254, which is a server on the local network.
The DNS servers specified here are added to the /etc/resolv.conf file when using
NetworkManager, or when the peerdns directive is set to yes, otherwise the DNS servers must
be added to /etc/resolv.conf manually and are ignored here.
 DNS2: The secondary DNS server, for example 8.8.8.8, which is one of the free Google DNS
servers. Note that a tertiary DNS server is not supported in the interface configuration files,
although a third may be configured in a non-volatile resolv.conf file.
 TYPE: Type of network, usually Ethernet. The only other value I have ever seen here was Token
Ring but that is now mostly irrelevant.
 PEERDNS: The yes option indicates that /etc/resolv.conf is to be modified by inserting the DNS
server entries specified by DNS1 and DNS2 options in this file. "No" means do not alter the
resolv.conf file. "Yes" is the default when DHCP is specified in the BOOTPROTO line.
 USERCTL: Specifies whether non-privileged users may start and stop this interface. Options are
yes/no.
 IPV6INIT: Specifies whether IPV6 protocols are applied to this interface. Options are yes/no.

If the DHCP option is specified, most of the other options are ignored. The only required options are
BOOTPROTO, ONBOOT and HWADDR. Other options that you might find useful, that are not ignored, are
the DNS and PEERDNS options if you want to override the DNS entries supplied by the DHCP server.
Diagnosing Network Startup Issues
The term troubleshooting refers to the process of identifying problems with a network through a
rigorous and repeatable process and then solving those problems using testable methods.
Network Troubleshooting Steps includes the following.
1. Check the hardware.
2. Use ipconfig.
3. Use ping and tracert.
4. Perform a DNS check.
5. Contact the ISP.
6. Check on virus and malware protection.
7. Review database logs.
Command-Line Tools
The following commands can be entered into the command prompt one at a time to reveal specific
information about the network status:

 ping — A TCP/IP utility that transmits a datagram to another host, specified in the command. If
the network is functioning properly, the receiving host returns the datagram.
 tracert/traceroute —A TCP/IP utility that determines the route data takes to get to a particular
destination. This tool can help you to determine where you are losing packets in the network,
helping to identify problems.
 nslookup — A DNS utility that displays the IP address of a hostname or vice versa. This tool is
useful for identifying problems involving DNS name resolution.
 ipconfig — A Windows TCP/IP utility that verifies network settings and connections. It can tell
you a host’s IP address, subnet mask and default gateway, alongside other important network
information.
 ifconfig — A Linux or UNIX TCP/IP utility that displays the current network interface
configuration and enables you to assign an IP address to a network interface. Like ipconfig on
Windows, this command will tell you vital information about the network and its status.
 iptables — A Linux firewall program that protects a network. You can use this tool if you suspect
that your firewall may be too restrictive or too lenient.
 netstat — A utility that shows the status of each active network connection. This tool is useful
for finding out what services are running on a particular system.
 tcpdump — A utility that is used to obtain packet information from a query string sent to the
network interface. It’s available for free on Linux but can be downloaded as a command for
Windows.
 pathping — A TCP/IP command that provides information about latency and packet loss on a
network. It can help you troubleshoot issues related to network packet loss.
 nmap — A utility that can scan the entire network for various ports and the services that are
running on them. You can use it to monitor remote network connections and get specific
information about the network.
  route — A command that enables manual updating of the routing table. It can be used to
troubleshoot static routing problems in a network.
 arp — A utility that supports the Address Resolution Protocol (ARP) service of the TCP/IP
protocol suite. It lets the network admin view the ARP cache and add or delete cache entries. It
can be used to address problems having to do with specific connections between a workstation
and a host.
 dig — A Linux or UNIX command-line tool that will display name server information. It can be
used to troubleshoot problems in DNS name resolution.
Network Troubleshooting Applications
In addition to command-line tools, there are also a number of standalone applications that can be used
to determine the status of a network and to troubleshoot issues. Some of these applications may be
included in the system that you are working with, while others may need to be installed separately.

 Packet Sniffer — Provides a comprehensive view of a given network. You can use this application
to analyze traffic on the network, figure out which ports are open and identify network
vulnerabilities.
 Port Scanner — Looks for open ports on the target device and gathers information, including
whether the port is open or closed, what services are running on a given port and information
about the operating system on that machine. This application can be used to figure out which
ports are in use and identify points in a network that could be vulnerable to outside attacks.
 Protocol Analyzer — Integrates diagnostic and reporting capabilities to provide a comprehensive
view of an organization's network. You can use analyzers to troubleshoot network problems and
detect intrusions into your network.
 Wi-Fi Analyzer — Detects devices and points of interference in a Wi-Fi signal. This tool can help
you to troubleshoot issues in network connectivity over a wireless network.
 Bandwidth Speed Tester — Tests the bandwidth and latency of a user’s internet connection. This
application is typically accessed through a third-party website and can be used to confirm user
reports about slow connections or download speeds.

Introduction to Packet Level and Application Level Firewall

A firewall is a network security device or software that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. Essentially, a firewall acts as a barrier between a
trusted internal network and untrusted external networks, such as the internet, to block malicious traffic
and attempts to access sensitive data.
Two primary types of firewalls are:

 Packet filtering firewalls

 Proxy-server firewalls

Packet filtering firewalls

Packet filtering firewalls are one of the simplest types of firewalls that operate at the network
layer of the OSI model. They are designed to control network access by monitoring outgoing
and incoming packets and either allowing them to pass through or halting them based on
predetermined rules. These rules are based on the packet headers and involve criteria such as IP
addresses, protocol types, port numbers, and other surface-level information available in the
packet.

Fig: packet filtering firewall

Packet filter firewall controls access to packets on the basis of packet source and destination
address or specific transport protocol type. It is done at the OSI (Open Systems Interconnection)
data link, network, and transport layers. Packet filter firewall works on the network layer of the
OSI model.

Advantages of Packet Filtering Firewalls

 Simplicity: They are relatively simple to set up and manage.
 Speed: Due to their basic nature, packet filtering firewalls generally impose minimal
delay on traffic.
 Cost-Effective: Being one of the earliest types of firewalls, they are less expensive
compared to more advanced firewall technologies like stateful inspections or application
layer firewalls.
Limitations
 Limited Security: As they only inspect packet headers, these firewalls cannot evaluate
the contents of the data being transmitted, making them less effective against
sophisticated attacks.
 No Stateful Inspection: Packet filters do not track the state of network connections
(e.g., whether a received packet is part of an established TCP connection), which can lead
to vulnerabilities in handling complex network protocols.
 Susceptibility to IP Spoofing: Since decisions are made based solely on packet headers,
spoofed packets (where header information is faked) can easily bypass these firewalls
unless additional security measures are in place.

Proxy-server firewalls/ Application-Level Firewall

Proxy-server firewalls, also known simply as proxy firewalls or application-level gateways, act
as intermediaries between end users and the services they access on the internet. Unlike lower-
level packet filtering firewalls, proxy firewalls operate at the application layer of the OSI model.
They examine the contents of the traffic at a much deeper level, which involves looking at the
application data within the packet. This ability allows them to offer more comprehensive security
features.

Advantages of Proxy-Server Firewalls

 Enhanced Security: Provides thorough inspection of application data and can block
specific content, making them more secure against application-layer attacks.
 Privacy: Can effectively hide the real IP addresses of clients within the internal network,
enhancing privacy and security.
 Control and Monitoring: Offers detailed control over internet usage and activities, with
capabilities to track and log user actions.
Limitations
 Performance Impact: Since all traffic must be relayed through the proxy, this can
introduce latency and potentially reduce network performance.
 Complexity: More complex to configure and maintain than packet filtering firewalls.
 Application-Specific: Needs to be configured for each protocol it supports (HTTP, FTP,
etc.), which can limit its flexibility.

Fundamental Commands in Network Troubleshooting

When troubleshooting network issues on a Linux system, several fundamental commands can help you
diagnose connectivity problems, check configurations, and monitor network traffic.

1. Using Ping (Packet Internet Groper) Command

The ping command is used to ensure that a computer can communicate with a specified device over the
network. The pings command sends Internet Control Message Protocol (ICMP) Echo Request messages
in the form of packets to the destination computer and waits in order to get the response back. Once the
packets are received by the destined computer, it starts sending the packets back. This command keeps
executing until it is interrupted. Ping command provides details such as

 the number of packets transmitted.

 the number of packets received.
 time is taken by the packet to return.

Ping command is generally used for the following purposes:

 Measuring the time taken by the packets to return to determine the speed of the connection.
 To make sure that the network connection between the host and the destined computer can be
established.

[root@localhost ~]# ping facebook.com

2. nslookup/dig
These commands are used for querying the Domain Name System (DNS) to obtain domain name
or IP address mapping or any other specific DNS record.
[root@localhost ~]# nslookup facebook.com

3. Using traceroute/tracert
These commands show the path packets take to reach a network host. They can help identify
where delays are occurring in the network. traceroute is used on Linux, while tracert is used on
Windows.

[root@localhost ~]# traceroute www.google.com

 4. Using host Command

The host command is used to find a domain name associated with the IP address or find an IP address
associated with the domain name. The returned IP address is either IPv4 or IPv6.

[root@localhost ~]# host google.com

5. Using netstat
This command displays various network-related information such as network connections,
routing tables, interface statistics, masquerade connections, and multicast memberships.

[root@localhost ~]# netstat

6. Using Arp Command

The ARP (Address Resolution Protocol) command is used to display and modify ARP cache, which
contains the mapping of IP address to MAC address. The system’s TCP/IP stack uses ARP in order to
determine the MAC address associated with an IP address.
[root@localhost ~]# arp

SDN Operations and Management

SDN Controller and Dataplane Communication

Fundamental of Open Source Networking Monitoring (E.G. Nagios)

Open source network monitoring tools are essential for managing network operations, ensuring network
performance, and proactively detecting network anomalies or failures. These tools help IT administrators
and network engineers to keep an eye on network traffic, infrastructure health, and various performance
metrics. One of the most recognized tools in this category is Nagios.

Nagios is an open source computer and network monitoring software application. It supervises hosts and
services, alerting users when things go wrong and again when they get better. It is used to monitor
Storage, Network, Grid and National Services divisions.

Key Features of Nagios:

Monitoring of Network Services:

Nagios can monitor SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP, SSH, and other network services.

Resource Monitoring:

It can monitor processor load, disk usage, system logs, and more on a majority of network
operating systems.

Scalability:

Due to its flexible design and powerful script APIs, Nagios can scale to monitor large
environments with thousands of devices and millions of metrics.

Comprehensive Reporting:

Provides a wealth of reports which can help in maintaining historical data about network
performance, outages, and server functionality.

Extensible:

Nagios features a powerful API that allows for extensive customization and integration with
third-party tools and scripts.