Previous | Next
Objectives|
Introduction|
What is a Network?|
TCP/IP and the Internet|
Names and Addresses|
Name Resolution|
Routing|
Network Services|
Some Useful Commands|
Conclusions|
Review Questions
Section 12
UNIX NETWORK BASICS
The aim of this section is to
- introduce you to the basic concepts of networking
- provide an explanation of what TCP/IP is and how it works
- define the terms hostname, network addresses, DNS, routers, gateways, port numbers, domain name resolution
- introduce various TCP/IP protocols including SMTP, FTP, telnet
- introduce you to some of the network daemons
- explain commands like ping netstat
- introduce you to various network configuration files including /etc/hosts /etc/services /etc/inetd.conf
In this day and age it is rare for a UNIX machine to be totally unconnected to other machines. In the commercial environment one of the major uses of UNIX is as a network file server. Networks are only going to become more pervasive as time progresses. The System Administrator is typically involved very closely with the network, either through setting up machines to talk to the network or even having to look after the network. This and the next section will introduce you to the intricacies of UNIX networking.
A network is simply a collection of machines connected in some way that allows them to communicate with each other and share information. To do this the machines have to be connected in some way that allows communication, and have an agreed upon a language to talk when they do communicate.
Characteristics of a network include
- individual hosts
The network is a collection of individual machines sometimes referred to as hosts. Each host must have some unique identifier that allows other hosts to talk to it.
- communications connection
To communicate the hosts must be connected in some way that allows communication. Typical physical connections include ethernet, token ring, serial line, modems and various other formats.
- network protocol
In order to communicate the parties must speak the same language. Languages on computer networks are referred to as network protocols. A network protocol is simply a set of rules and formats that govern how information is sent and in what format it is sent. Some of the different network protocols used today include TCP/IP (Internet and UNIX favourite), IPX (Novell), Appletalk (guess who?), DECnet and various others.
- network services
To be of use to users the network will provide various services including file, print and device sharing, electronic mail etc.
There are at least two categories in which networks are placed
- LAN (local area network)
All the hosts in the network are directly linked to each other.
- WAN (wide area network)
Much larger than a LAN and all machines are not directly connected. WANs will generally have a lower throughput than a LAN.
Separate LANs can be connected together to form a WAN as show in Diagram 12.1.
Diagram 12.1.LANs and WANs.
Some Definitions
Like any field of computing, networking has its own terminology. This section provides definitions for some of the terms you'll come across.
- packets and datagrams,
Many networking protocols transmit information as packets. Information being sent across the network is divided into small (hundreds of bytes usually) chunks of data, called packets, that are put back together by the network protocol at the receiving machine. Under TCP/IP packets are referred to as datagrams.
- routing,
The art of making sure that when machine a1 (from Diagram 12.1) sends a packet to machine c6 it actually gets there and if at all possible in the most efficient manner. In some cases the most efficient route must be chosen from multiple different routes.
- bridge,
A device that is used to join more than one network (e.g. machine c2 from Diagram 12.1). All the machines on LAN C can transmit packets directly to all the machines on LAN C. But if they send a packet to LAN D it must be passed across the bridge machine. Networks joined by bridges typically use different networking hardware. A bridge could be a computer or a specially designed device.
- router,
Responsible for performing the routing for a network, a router is typically a device that connects multiple networks together. (The terms router, gateway and bridge are sometimes used interchangeably).
- gateway, and
A device that connects two totally different types of network. For example you might have a gateway machine sitting between an IPX network and a TCP/IP network. The gateway allows the two different networks to talk to each other by converting the protocols they are using.
- ethernet.
The most common form of network hardware used in LANs (especially with UNIX boxes).
Most versions of the UNIX operating system comes with in-built support for networking. The default network protocol that UNIX systems are typically designed to talk is TCP/IP. TCP/IP is more correctly called the Internet Protocol Suite.
TCP/IP is the protocol used by the Internet, a network of networks spread throughout the world connecting two million machines with over twenty million users. It is not necessary to be connected to the Internet to use TCP/IP. (However being able to connect to the Internet is one of the advantages of using TCP/IP.)
TCP and IP are two of the many protocols that make up the suite of Internet protocols. Table 12.1 lists some of the others. Some of these protocols will be discussed in detail in the next section. Diagram 12.2 displays the four different layers of TCP/IP and where some of the protocols fit within those layers.
TCP/IP is an example of a layered communications suite. The advantage of this layered approach is that the protocols at higher levels can safely assume that the lower level protocols will carry out their responsibilities. For example TCP does not need to know anything about the hardware being used because it is hidden by the layers below it.
Diagram 12.2. Four Layers of TCP/IP.
TCP/IP uses four layers
- network access layer
Responsible for the transformation of IP datagrams into a format that can be placed onto the hardware.
- internet layer
The Internet Protocol is the heart of this layer. Functions IP performs include defining the IP datagram and addressing scheme, and routing datagrams between remote hosts. It provides a well-defined protocol that from the higher layers (transport, application) will appear the same regardless of the hardware. This means that the transport protocols do not have to know about the different types of hardware since the Internet layer hides the hardware dependencies.
- transport layer
The transport layer is responsible for dividing (and putting back together) the user data into correct size datagrams for network transmission, and providing any additional transport controls such as error detection and reliable delivery.
- application layer
Protocols in the application layer add additional functionality by building on the transport layer.
In most instances you will come across TCP/IP running on an ethernet based local area network. However TCP/IP is not limited to ethernet It can run over various different types of communications hardware including modems, serial lines, fibre optic cable, microwave and satellite links.
Serial line internet protocol (SLIP) and Point to Point Protocol (PPP) are two protocols that allow TCP/IP to be run over serial lines and modems.
Transport Protocols
The protocols TCP and UDP are the major transport protocols of the Internet protocol suite. The majority of the higher level application protocols use one of TCP or UDP. TCP and UDP differ in much the same way as the telephone and postal services.
A TCP connection is like a telephone connection. Before any information is sent the two ends connect and make a channel (sometimes referred to as a stream) and all information sent between the two hosts is sent down that stream. TCP performs checks that make sure that all the information sent down the channel actually arrives at the destination in the same order as it was sent.
UDP is like the postal service in that all information is sent in individual messages (called packets or datagrams). These datagrams do not always take the same route when going from one point to another.
UDP is an unreliable, connectionless protocol. TCP is a reliable, connection oriented transport protocol.
UDP is used to send small infrequent messages while TCP is used in situations where large amounts of information must be transferred safely.
Application Protocols
At the top layer of the TCP/IP protocol stack are the application protocols. These protocols specify higher level application specific protocols. Examples include smtp (the simple mail transfer protocol) that specifies how mail messages are to be exchanged.
Protocol Full Name Purpose
SMTP Simple Mail Transfer Protocol defines the format of mail messages and the commands used to send and receive mail messages
Telnet telnet defines a protocol used to login remotely to other machines on the network
TFTP FTP (Trivial) File Transfer Protocol protocol for transferring files between two machines
TCP Transmission Control Protocol a connection oriented, reliable, full-duplex byte stream service
UDP User Datagram Protocol connectionless, unreliable datagram service
IP Internet Protocol ensures that individual datagrams get to their destination
ICMP Internet Control Message Protocol used to send the error/control messages for the TCP/IP software
ARP/RARP (Reverse) Address Resolution Protocol performs the translation from Internet addresses to ethernet addresses (specific to hardware)
Table 12.1. Some of the Internet Protocols.
RFCs
The standards used on the Internet are specified in documents called Request for Comments (RFCs). Someone proposing a new standard will write and submit an RFC. The RFC will be distributed to the Internet community who will comment on it and may suggest changes. The standard proposed by the RFC will be adopted as a standard if the community is happy.
Diagram 12.2 includes RFC numbers that correspond to the different protocols. If you have access to the Internet you can anonymously ftp RFCs from a number of well-known sites (including archie.au).
RFCs can and often are very technical and hard to understand unless you are familiar with the area (the RFC for ftp is about 80 pages long).
Every machine on a network has to have a unique identifier. This unique identifier is used by the network protocol to deliver information to the host and used by the network users so they know which machine they are using.
TCP/IP provides two types of unique identifier for every host
- host address
This is the unique identifier that the protocols use to deliver packets to the correct host. For example the host jasper at CQU has the address 138.77.1.1. All network communication uses the host address.
- host name
Host names are meant to provide a unique identifier that is easier for the users of the network to remember. For example the address 138.77.1.1 refers to the machine with the host name jasper within the domain cqu.edu.au. Names are easier for humans to remember than numbers are.
Addresses
TCP/IP addresses are currently 32 bit numbers that are usually represented as four 8 bit (octets) numbers separated by full stops e.g. 132.22.42.1. Using 8 bits the maximum range that can be represented is 0-255 (256 numbers).
Since IP is the protocol designed to route information to a particular host this address is sometimes referred to as the IP address.
Every machine on a network must have a unique IP addresses. When setting up a LAN this can be reasonably simple and IP addresses can be assigned by the Systems Administrator.
However the Internet is classed as one network so every machine on the Internet must have a unique IP address. IP addresses for a LAN are assigned by a central authority to ensure that no two machines have the same address.
This central authority generally does not (currently) hand out individual IP addresses. A site will usually apply for a network address (for example, CQU's network address is 138.77). This network address provides you with a set of IP addresses that can be used for the entire LAN. There are currently three types of network address being handed out. The type of network addresses assigned depends on the size of a site.
There are three network address classes that are assigned to sites, classes A, B and C (there are two others but they aren't normally used). Each class has a maximum number of machines that can be connected. Table 12.2 lists the types of network addresses and their characteristics.
The current problem with Internet addressing is that there isn't a network class for sites that have more than 254 hosts but less than 64,000 hosts (mainly medium size companies).
Address Class Value first byte Number of Hosts
A 1 to 126 16 million
B 128 to 191 64,000
C 192 to 223 254
Table 12.2. IP Address Classes.
The Central Queensland University has been assigned the Class B address 138.77. Any machine that has an IP address starting with 138.77 is part of the University network.
Some network addresses are reserved for specific purposes
- 127.0.0.1
This is the loopback address. Data sent to the address 127.0.0.1 is sent straight to the machine sending the information (it refers to the current host). If you are not connected to a network this is probably the only IP address you can use.
- network.255 and network.0 (where network is the network address)
These are used for broadcast addresses. Sending information to 138.77.37.255 causes every machine on the network 138.77.37 to receive the information.
Names
IP addresses are fine for machines but the users also need a mechanism by which they can identify machines and trying to remember 138.77.1.1 is not easy. For this reason machines using TCP/IP also have host names.
A host name under TCP/IP follows the format hostname.site.domain.country.
- hostname
A name by which the machine is known. This name must be unique to the site to which it belongs.
- site
A name given to the site (company, University, government department etc) on which the machine resides.
- domain
Each site belongs to a specific domain. A domain is used to group sites of similar purpose together. Table 12.3 provides an example of some domain names.
- country
Specifies the actual country in which the machine resides. Table 12.4 provides an example of some country names.
For example the CQU machine jasper has the fully qualified name jasper.cqu.edu.au, where jasper is the hostname, cqu is the site name, the domain is edu and the country is au.
Domain Purpose
edu Educational institution (University, etc)
com Commercial company
gov Government department
org Non-profit organization
Table 12.3. Example Domain Names.
Country Code Country
nothing United States
au Australia
uk United Kingdom
in India
ca Canada
fr France
de Germany
ch Switzerland
no Norway
se Sweden
nz New Zealand
Table 12.4. Example Country Codes.
jasper.cqu.edu.au is a fully qualified name and uniquely identifies the machine jasper on the CQU campus to the entire Internet. There cannot be another machine called jasper at CQU. However there could be another machine called jasper at James Cook University in Townsville (its name would be jasper.jcu.edu.au). A fully qualified name must be unique.
It is not always necessary to specify a fully qualified name. If a user on aldur (see Diagram 12.3) enters the command telnet jasper it will be assumed that because it isn't fully qualified the user means the machine jasper within the current domain (cqu.edu.au).
IP always uses the IP address and not the name when it is sending information. Users on the other hand can choose which scheme they wish to use. A hostname is always resolved to its corresponding IP address before the command is executed. For example the commands telnet jasper.cqu.edu.au and telnet 138.77.1.1 have exactly the same effect (to connect to the machine with the IP address 138.77.1.1). How is the resolution performed?
The TCP/IP software performs name resolution. It accepts the name jasper.cqu.edu.au and then resolves that into the machine's IP address. There are two methods that can be used to perform this translation from hostname to IP address
- the /etc/hosts file, and
- the Domain Name Service.
The /etc/hosts File
A UNIX machine maintains a text file /etc/hosts that has one line per host. Each line is of the format IP_address hostname. For example the hosts file of the machine aldur looks like this
127.0.0.1 localhost loopback
138.77.36.29 aldur aldur.cqu.edu.au
138.77.1.1 jasper jasper.cqu.edu.au
138.77.37.28 pol pol.cqu.edu.au
When a user on aldur enters the command telnet jasper.cqu.edu.au the software first looks in the hosts file for an entry for jasper. If it finds an entry it obtains jasper's IP address and then can execute the command.
If it can't find an entry for a machine there are two options
- failure
Report back to the user unknown host or some similar error.
- make use of DNS
Domain Name Service is the other method the Internet uses to perform name to address translation
The DNS
The fact that there are over two million machines connected to the Internet implies the possibility of some very big /etc/hosts files. In fact there is no machine on the Internet that has a hosts file that contains entries for all the machines on the Internet. Not only would the files be huge there is no easy way to keep them up to date.
For example:
How does an administrator in Rockhampton, Australia know when a small company in Bolivia goes bankrupt and all its machines are sold and are no longer on the net?.
DNS is a hierarchical hostname management system that allows each site (or part of a site) to maintain its own IP address information without having to inform some central site.
Instead each network maintains its own authoritative name server that can perform the translation from hostname to IP address for that network. If a local machine changes its IP address then only the local name server is updated. Other sites will know how to contact the networks name server by using the DNS.
For example:
At CQU the Mathematics & Computing Department might maintain a name server for its network (kknuth). Up the hierarchy CQU may contain a name server for the entire University (jasper). jasper would now that the name server for the Maths & Computing network is kknuth. jasper would not know anything about the Maths & Computing network.
Moving further up there might be a name server for all the Queensland Universities that would know the name servers for each individual Queensland University.
If someone on a machine at Queensland University types the command telnet aldur.cqu.edu.au the user's machine must obtain the IP address for aldur.cqu.edu.au before it can carry out the command. It will do this using the following steps
- look in its /etc/hosts file,
If users on this particular machine connect to aldur.cqu.edu.au quite often it might have been put in the hosts file by the administrator. But typically it would not be there.
- ask its name server,
If it isn't in the hosts file the name server for the Queensland University site would be asked. It would probably not be there. However this name server would contain a pointer to the name server next up the hierarchy.
- ask the name server for Queensland Universities,
This name server will generally contain the address for the name server of CQU to which the request will be passed
ask CQU's central name server (jasper), and
jasper will ask the Maths & Computing name server knuth.
- knuth will perform the hostname to IP address translation.
knuth will contain the necessary information which it will pass back up the chain.
The requesting machine will keep a cache that contains the name/address translation for aldur. This is so the next request for aldur does not have to follow the above steps. This in cache copy will be lost when the power is lost.
A machine specifies its name server in the file /etc/resolv.conf. The resolv.conf file for aldur might contain
nameserver 138.77.36.1 # Maths & Computing nameserver
nameserver 138.77.1.1 # CQU name server
Notice that the machines in the resolv.conf file are specified by their IP address and not their hostnames?
Exercise 12.1. You are logged into the machine pol.cqu.edu.au and you enter the command telnet sunsite.unc.edu but you get a message host not found. What might have gone wrong (there are a number of reasons)?
Routing is the act of deciding how each individual datagram sent finds its way through the multiple different paths to its destination. What follows in this section is a simplified explanation of that process.
TCP/IP is based on a model in which smaller individual networks are connected together to form larger networks. Diagram 12.3. is a small section of the network at the Central Queensland University.
The CQU campus is divided into a number of separate networks (LANs) all using ethernet. Each separate network has its own network number. For example the Maths & Computing Department network is 138.77.36. All machines in the Department have IP addresses that start with 138.77.36.
Each individual network is limited to 254 machines because two of the numbers 0 and 255 are reserved for broadcast addresses.
Any machine on an ethernet LAN can send information straight to another machine on that LAN. When a machine places a packet on an ethernet network every host on that LAN can see that information. However they will ignore it unless it is specifically addressed for them (or they have been programmed to look at everything).
Diagram 12.3. Part of the CQU Campus Network.
For example when the machine aldur (138.77.36.29) from diagram 12.3 wants to send some information to the machine 138.77.36.1 it places the packets on the ethernet. All the machines on the LAN will see the information but only 138.77.36.1 will accept the information.
-
When a packet is placed onto ethernet every machine on the network is able to view that packet. In practice only the machine to which it is addressed will ask for the packet.
However it is possible to set up machines to accept all packets placed onto the net, not just the packets destined for it.
In this way criminals or idiots can intercept information they were never meant to have. This is one method of obtaining passwords and other confidential information.
The solution is implement some form of encryption so that even if they obtain the information they can't use it.
Figure 12.1. Security Problem with Ethernet.
For two machines that reside on the same physical network both machines will know the address of the other and the exchanging of information is fairly simple. But the Internet is a collection of hundreds and hundreds of connected companies and institutions, many of which are at least as large as the CQU net. Each of these networks is in turn made up of sub-nets which in turn have hundreds of machines connected.
How does information find its way from one machine to another? It is obvious that every machine connected to the Internet CANNOT know about the address or the route to every other machine.
The gateway machine is basically the connection from one network to another. It is convention that the gateway machine (it might be a computer or a purpose built device) be the first machine on the network. For example the gateway machine for the Maths & Computing LAN is 138.77.36.1.
If a user on aldur wants to send some information to the machine pol it would place the information onto the ethernet with an address 138.77.37.28 (after already going through the name/address translation scheme outlined above). All the machines on the LAN would ignore the packet (because of the address) except the gateway machine. It would see that the information is meant for another network.
The gateway machine would pick that packet up and place it onto the outside net (in this case the campus fibre backbone). All the machines connected here would ignore it except the gateway machine for the 138.77.37 network that would recognise the address as one of its own. The gateway machine 138.77.37.1 would then place the packet onto the ethernet for the 138.77.37 network and the machine with the corresponding address (pol) would recognise it and snaffle it.
The process works the same way if you are sending information across the world.
Exercise 12.2. What would happen if a user on aldur wanted to send information to the machine sunsite.unc.edu?
Hardware Routing
When a host recognises a packet as its own (as is mentioned in the above section) it isn't actually using the IP address for recognition. When using ethernet as the hardware medium the ethernet address will be used.
Every ethernet card has built into it a 48 bit address (called an Ethernet address or a Media Access Control address). The high 24 bits of the address are used to assign a unique number to manufacturers of ethernet addresses and the low 24 bits are assigned to individual ethernet cards made by the manufacturer.
Every packet of information sent on ethernet contains a source and destination MAC address. If the card in your machine recognises the destination MAC as its own it passes the packet to the protocol in the next layer (refer to Diagram 12.2).
ARP, the address resolution protocol, maintains tables of translations between IP address and Ethernet address. These tables are dynamic and are added to as different machines are contacted. UNIX supplies a command arp that can be used to examine these tables. arp -a will list the current entries. Refer to your manual pages for more information.
For example:
bash$ arp -a
Address HW type HW address Flags
138.77.37.1 10Mbps Ethernet 00:00:0C:03:79:2F C
bash$ telnet bertha
.
.
bash$ arp -a
Address HW type HW address Flags
138.77.37.1 10Mbps Ethernet 00:00:0C:03:79:2F C
138.77.37.37 10Mbps Ethernet 00:40:F6:60:4D:A4 C
Exercise 12.3. If you are connected to a LAN use the arp command to examine the tables of your machine.
Exercise 12.4. Use a command to connect to a machine not listed in the tables and reexamine the arp tables to see if it has been added.
We've looked at how different hosts are identified and taken a simple look at how information is routed from one host to another. In this next section we look at how the various network services are provided. When you telnet to another machine, how does it work? When you send an e-mail message to a user at another host, how is it delivered?
The provision of network services like ftp, telnet, e-mail and others relies on three different components
- network ports,
Network ports are the logical connections through which the information flows into and out of a machine. A single machine can have thousands of network ports all sending and receiving information at the same time.
- network daemons,
Network daemons are the programs that sit listening at pre-defined ports waiting for connections from other hosts. These daemons are in charge of fulfilling the request.
- network client programs, and
Users access network services using client programs. For example to connect to a remote machine using the telnet protocol a user will execute a telnet client program.
- network protocols.
Network protocols specify how the daemons are to communicate. For a machine to send mail to another they must talk the same protocol (under TCP/IP this is SMTP, simple mail transfer protocol) so they can exchange mail messages.
Network client programs and network daemons are completely different programs and will generally use different ports.
For example:
-
What happens when a user types the following command?
telnet jasper
First they are running the telnet client program. This program will get the IP address of the machine to connect to, connect to a port on the local machine, and then contact the telnet daemon on the remote machine.
The inetd daemon will be waiting on a specified port (23) for a connection request. When it gets one it will start up the telnet daemon.
Diagram 12.4. Example telnet Connection.
-
The following are commands taken from the actual machines to demonstrate the above diagram. The netstat command is discussed later in this section. However you can see the port numbers that are being used (jasper.telnet means that the telnet port is being used)
aldur$ telnet jasper
....login procedure onto jasper
jasper$ netstat | grep aldur
Active Internet connections these two header lines have been added for understanding
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 jasper.telnet aldur.cqu.EDU.AU.1467 ESTABLIS
back on aldur
aldur$ netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 aldur.cqu.EDU.AU.1467 jasper.cqu.EDU.A.telne ESTABLIS
Ports
Any packet sent on a TCP/IP network is identified by five individual bits of information
- source and destination IP address,
- source and destination port number, and
At any one time a machine is likely to have multiple programs sending and receiving information to and from the network (multiple users all using telnet or ftp). How can multiple programs be using the network at once? How does the machine know which packet is for which program? The answer is the port number (explained below).
- transport protocol being used.
Usually either TCP or UDP.
Every program that talks to the network is assigned a port number. It is through this port that all information flows from the computer to the outside world and vice versa (some programs might have two ports, one for outgoing and one for incoming). An individual computer will have approximately 64,000 ports to use (the port address is a 16 bit number). Some of these ports are used for predefined purposes. The ports 0-256 are set aside for well known Internet services (e.g. telnet, FTP, SMTP). Ports in the range from 256-1024 are used for UNIX specific purposes and anything above can be used by user programs.
Different protocols use predefined ports on which they listen for incoming calls. For example if you telnet to another machine your machine first contacts the process listening on port 23 of the remote machine to negotiate the connection. Table 12.5. lists some of the other well known ports.
Port Number Purpose
20 ftp-data
21 ftp
23 telnet
25 smtp (mail)
119 nntp (network news)
Table 12.5. Reserved Ports.
Which port is used by which protocol is stored in the file /etc/services. Each line in the services file is of the format service-name port/protocol aliases, where service-name is the official name, port is the port number that it listens on, protocol is the transport protocol it uses and aliases is a list of alternate names.
For example:
The following are extracts from an example /etc/services file
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
ftp-data 20/tcp
ftp 21/tcp
telnet 23/tcp
smtp 25/tcp mail
nntp 119/tcp usenet # Network News Transfer
ntp 123/tcp # Network Time Protocol
You should see the similarities between the numbers listed in this listing and those in Table 12.5.
Network Daemons
The various network services provided are usually supplied using a variety of network daemons. For a particular service to be available (e.g. telnet ftp mail etc) the correct daemon must be listening to the correct port. Table 12.6 contains a list of some of the network daemons (there are many others).
Daemon Name Purpose
inetd Internet services daemon used to manage most of
the TCP/IP daemons. Configured using the
/etc/inetd.conf file
rwhod periodically sends information to every other host
on the network about who is logged in, how long
they've been logged in etc. (used by the rwho
and ruptime commands)
routed maintains dynamic routing information
named used by the DNS to contact other machines
(see previous section)
timed used to ensure that the system clocks on all
machines are synchronised
nfsd handles requests for the network file system
biod used by NFS clients to do read ahead and write behind
smtpd accepts incoming mail messages
telnetd accepts incoming telnet requests
Table 12.6. Various Internet Daemons.
For a particular protocol to work there must be a daemon running that is listening to the specified port to accept the information. There are two ways in which a daemon might be started
- executed as a normal program (usually in the startup files)
These should show up in a ps list of all the current running processes and are always waiting for some information to arrive at the specified port. One example is the smtpd daemon (it might be called smail on some systems).
- by the inetd daemon
Most network daemons are not executed until information arrives for them. The inetd daemon listens at a number of ports and when information arrives, it executes the daemon for that port specified in its configuration file /etc/inetd.conf.
To disable a particular protocol all you do is ensure that its daemon is not running. There are two basic methods for disabling a daemon
- remove its entry in the startup file
- remove its entry in the inetd.conf file
The /etc/inetd.conf File
The /etc/inetd.conf file specifies the daemons that the inetd daemon should execute when a request for a specific protocol has arrived. The inetd.conf consists of one line per network service using the following format
service-name socket-type protocol flags user server_program args
service-name corresponds to the name of the network service and is the same as the one listed in /etc/services. user is the username to run the program as. The following is from the inetd.conf file of one machine.
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
nntp stream tcp nowait root /usr/public/bin/nntpd nntpd
Whenever the machine receives a request on a port the inetd daemon will examine the inetd.conf file to determine the program that should be executed to respond to the request. For example a request on port number 21 (taken from the /etc/services file) will be identified as a telnet request and the program to run for telnet is /usr/sbin/in.telnetd (taken from the /etc/inetd.conf file).
Exercise 12.5. The smtp protocol is used to handle electronic mail messages. Examine the entry for smtp in the /etc/services file. smtp must have a daemon program running to respond to requests. Find out where it is started on your machine.
Network Protocols
Each network service generally uses its own network protocol that specifies how the information is transferred. For example the ftp network protocol defines the commands that can be used to move files from machine to machine. The smtp network protocol specifies the format of mail messages and how they are moved from one machine to another.
The format of these Internet protocols is laid down in documents referred to as request for comments (RFCs). Each protocol will have its own RFC that describes it. RFCs are available off the network from a number of anonymous ftp sites including archie.au and ftp.lcs.mit.edu.
Some of these protocols smtp, ftp and nntp, are text based. They make use of simple text based commands to perform their duty. Table 12.7. contains a list of the commands that smtp understands.
Command Purpose
HELO hostname startup and give your hostname
MAIL FROM:sender-address start transaction from sender
RCPT TO:recipient-address name recipient for message
VRFY address verify deliverability of address
EXPN address expand mailing list address
DATA start text of mail message
RSET reset state, drop transaction
NOOP do nothing
DEBUG [level] set debugging level, default 1
HELP produce a help message
QUIT close SMTP connection
Table 12.7. SMTP Commands.
When transferring a mail message the two daemons will connect and carry out a conversation using the above commands. Since these are straight text commands it is possible for a user to pretend to be a daemon.
For example:
The following is the start of an example conversation between a smtp daemon and a normal user. The text in this font are explanations.
bash$ telnet aldur 25 connect to the smtp port (see /etc/services)
Trying 138.77.36.29 ...
Connected to aldur.cqu.edu.au.
Escape character is '^]'.
220 aldur.cqu.edu.au Amix Smail3.1.28.1 #2 ready at Sun, 28 Aug 94 12:04 EST
helo aldur tell the machine who I am (the name of another machine not a user)
250 aldur.cqu.edu.au Hello aldur
mail from: god@heaven.com this is who the mail is coming from
250 ... Sender Okay
data I want to enter some data which is the message
503 Need RCPT (recipient) can't do that yet, have to tell it who to send the message to
rcpt: david@aldur
500 Command unrecognized oops, typed it wrong
rcpt to: david@aldur
250 ... Recipient Okay
data
354 Enter mail, end with "." on a line by itself
You have been a naughty boy type in the message
.
250 Mail accepted
quit bye, bye
221 aldur.cqu.edu.au closing connection
Connection closed by foreign host.
It doesn't take a genius to see the application some immature or morally corrupt people might use this "feature" for.
The above example makes use of a "useful" feature of the telnet command. By default the format for telnet is telnet hostname. When executed like this it connects to port 23 of the remote host since that is where the telnet daemon is listening. However it is possible to tell telnet to connect to another port using the format
telnet hostname port-number
Exercise 12.6. Try doing the same task for ftpas was done above for smtp. What is the port number for the ftp daemon?
This final section lists some of the commands that will be useful to you as both a Systems Administrator and a user.
netstat
The netstat command provides various types of information about the status of your network including
- a list of all active connections
By default it provides a list of all active connections into and out of your machine.
For example:
bash$ netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 aldur.cqu.EDU.AU.login jasper.cqu.EDU.A.1018 ESTABLISHED
tcp 0 0 aldur.cqu.EDU.AU.1796 *.* LISTEN
tcp 0 0 aldur.cqu.EDU.AU.ftp aldur.cqu.EDU.AU.1794 CLOSE_WAIT
tcp 0 0 aldur.cqu.EDU.AU.1794 aldur.cqu.EDU.AU.ftp FIN_WAIT_2
tcp 0 0 aldur.cqu.EDU.AU.1025 *.* LISTEN
tcp 0 0 aldur.cqu.EDU.AU.2767 *.* LISTEN
tcp 0 0 aldur.cqu.EDU.AU.liste *.* LISTEN
tcp 0 0 aldur.cqu.EDU.AU.print *.* LISTEN
udp 0 0 localhost.domain *.*
udp 0 0 aldur.cqu.EDU.AU.domai *.*
- net statistics
Statistics about the amount of information being sent on the network, the number of collisions etc.
For example:
display statistics every 5 seconds
bash$ netstat 5
input (aen0) output input (Total) output
packets errs packets errs colls packets errs packets errs colls
0 273435 275709 0 273435 274 273435 275983 0 273435
0 1 1 0 1 0 1 1 0 1
0 1 1 0 1 0 1 1 0 1
0 1 1 0 1 0 1 1 0 1
- routing information
Display the route tables that are used to distribute information (netstat -r).
ping
The ping command is a simple utility that provides a simple test of whether or not you can talk to another machine. The format of the ping command is simply ping host and the output generally takes one of two formats
- verbose
In verbose mode ping continually sends a packet of information from your machine to the destination and reports back the IP address it is sending, how long the information took, and various other stats.
- not verbose
In this format ping reports back a simple message indicating whether or not the destination machine is reachable.
There are two cases where ping might fail
- the machine is not reachable
There is no network connection between your machine and the destination for it to use (e.g. someone has put a back hoe through the fibre linking the two machines)
- the machine is not up
The destination machine is not turned on or not responding to the network for some reason.
Exercise 12.7. Use the netstat command to find out the status of your network (if you are connected to one).
Exercise 12.8. Use the ping command to test a connection to a destination machine. Try to get both output formats discussed above (if you are not on a network try pinging the local host).
Learning how to manage a network is a subject in itself. In this section you have hopefully been introduced to the basics of UNIX and TCP/IP networking, including
- some basic concepts and definitions like gateway, router, network protocol, bridge etc.
- a look at the protocols that make up the Internet protocol suite
- discussion of IP addresses, host names and the resolution from one to the other
- how IP routes information
- an introduction to the commands arp ping netstat
- the concept of ports and network daemons
12.1. Explain the terms gateway, router, port, protocol, daemon and bridge.
12.2. People are unable to telnet to the machine hades. The machine is connected to the network, turned on and every other network service is working. What could be wrong?
12.3. What is the purpose of TCP and UDP?
12.4. Explain how the hostname aldur might be resolved to its IP address.
12.5. Explain the relationship between the files /etc/services and /etc/inetd.conf
12.6. What are the four layers used by TCP/IP?
Previous | Next
David Jones (author)
Chris Hanson (html 09/09/96)