lsg32.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->













<LINK REL="ToC" HREF="index.htm">



<LINK REL="Index" HREF="htindex.htm">



<LINK REL="Next" HREF="lsg33.htm">









<A NAME="I0"></A>



<H2>Linux System Administrator's Survival Guide lsg32.htm</H2>



<P ALIGN=LEFT>



















<HR ALIGN=CENTER>



<P>



<UL>



<UL>



<UL>



<LI>



<A HREF="#E68E177" >Configuration Files</A>



<UL>



<LI>



<A HREF="#E69E206" >Symbolic Machine Names: /etc/hosts</A>



<LI>



<A HREF="#E69E207" >Network Names: /etc/networks</A>



<LI>



<A HREF="#E69E208" >Network Protocols: /etc/protocols</A>



<LI>



<A HREF="#E69E209" >Network Services: /etc/services</A></UL>



<LI>



<A HREF="#E68E178" >The Loopback Driver</A>



<LI>



<A HREF="#E68E179" >The ifconfig Command</A>



<LI>



<A HREF="#E68E180" >The inetd Daemon</A>



<LI>



<A HREF="#E68E181" >The netstat Command</A>



<UL>



<LI>



<A HREF="#E69E210" >Communications End Points</A>



<LI>



<A HREF="#E69E211" >Network Interface Statistics</A>



<LI>



<A HREF="#E69E212" >Data Buffers</A>



<LI>



<A HREF="#E69E213" >Routing Table Information</A>



<LI>



<A HREF="#E69E214" >Protocol Statistics</A></UL>



<LI>



<A HREF="#E68E182" >The ping Command</A>



<LI>



<A HREF="#E68E183" >The arp Command</A>



<LI>



<A HREF="#E68E184" >The traceroute Command</A>



<LI>



<A HREF="#E68E185" >c)The rpcinfo Command</A>



<LI>



<A HREF="#E68E186" >Summary</A></UL></UL></UL>



<HR ALIGN=CENTER>



<A NAME="E66E36"></A>



<H1 ALIGN=CENTER>



<CENTER>



<FONT SIZE=6 COLOR="#FF0000"><B>Chapter 32</B></FONT></CENTER></H1>



<BR>



<A NAME="E67E39"></A>



<H2 ALIGN=CENTER>



<CENTER>



<FONT SIZE=6 COLOR="#FF0000"><B>TCP/IP Utilities</B></FONT></CENTER></H2>



<BR>



<P>Linux's version of TCP/IP has several utility programs that provide status information and statistics on network performance. Several debugging utilities are available that enable a developer or knowledgeable user to trace a network problem. This chapter examines the basic set of these tools. It begins with a look at the primary configuration files involved in TCP/IP. Although these files have been discussed in earlier chapters, it is worth examining them again in closer detail.



<BR>



<P>Not all of these tools and configuration files will be supplied with every version of Linux, especially because two variants (BSD and System V) of these utilities are in general distribution. Check your software package to see which utilities you are supplied with. If you need a utility that wasn't included, download it from a BBS or FTP site and hope for no incompatibility problems! Most of the commands and utilities mentioned in this chapter are not made available to all users, although the superuser can access them all.



<BR>



<BR>



<A NAME="E68E177"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Configuration Files</B></FONT></CENTER></H3>



<BR>



<P>Several files are involved in the complete specification of network addresses and configuration for TCP/IP. Linux allows comments on every line of these configuration files, as long as they are prefaced by a pound sign (#). Many Linux systems will have default, empty configuration files with many default entries commented out until the system administrator removes the comment symbols.



<BR>



<BR>



<A NAME="E69E206"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Symbolic Machine Names: /etc/hosts</B></FONT></CENTER></H4>



<BR>



<P>A symbolic name is an alternative to using an IP address. For example, it is much easier to call a neighboring machine darkstar than 147.23.13.32. Whenever a symbolic name is used as an address by an application, the TCP/IP software must be able to resolve that name into a network address (as TCP/IP only uses IP addresses). The ASCII file /etc/hosts is usually employed, with the symbolic names matched to network addresses. (Note that the /etc/hosts file does not apply when Yellow Pages (YP), Network Information Services (NIS), or Domain Name Server (DNS) systems are used. These services use their own configuration files.)



<BR>



<P>Linux uses the file /etc/hosts to hold the network addresses and symbolic names, as well as a connection called the loopback (which is examined later in this chapter in the section, &quot;Loopback Drivers&quot;). The loopback connection address is usually listed as the machine name loopback or localhost.



<BR>



<P>The /etc/hosts file consists of the network address in one column and the symbolic name in another. Although the network addresses can be specified in decimal, octal, or hexadecimal format, decimal is the most commonly used form (and use of the others can be downright confusing). You can specify more than one symbolic name on a line by separating the names with white space characters (spaces or tabs). The following is a sample Linux /etc/hosts file:



<BR>



<PRE>



<FONT COLOR="#000080"># network host addresses



127.0.0.1 localhost local merlin_server



157.40.40.12 artemis



157.40.40.2 darkstar



143.10.12.62 big_bob



153.21.63.1 tpci_server tpci_main tpci



191.13.123.4 kitty_cat</FONT></PRE>



<P>Whenever a user or an application specifies a symbolic name, Linux searches the /etc/hosts file for a matching name and then reads the proper address from the same line. You can change the contents of the /etc/hosts file at any time, and the changes are essentially in effect immediately.



<BR>



<BR>



<A NAME="E69E207"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Network Names: /etc/networks</B></FONT></CENTER></H4>



<BR>



<P><A HREF="lsg30.htm">Chapter 30</A>, &quot;Configuring TCP/IP,&quot; mentioned the /etc/networks file. This file allows networks to be addressed by a symbolic name, just as machines are, instead of by their IP address. To resolve the network names, the file /etc/networks is used to specify symbolic network names. The format of the file provides a network symbolic name, its network address, and any alias that might be used. A sample /etc/networks file is shown below:



<BR>



<PRE>



<FONT COLOR="#000080"># local network names



tpci 146.1 tpci_network tpci_local



bnr 47.80 BNR bnr.ca



big_net 123.2.21



unique 89.12323 UNIQUE



loopback 127 localhost</FONT></PRE>



<P>The last entry in the file gives the loopback name. The first entry specifies the local machine name, its network address, and its name variants that may be used by applications.



<BR>



<BR>



<A NAME="E69E208"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Network Protocols: /etc/protocols</B></FONT></CENTER></H4>



<BR>



<P>TCP/IP uses a special number, called a protocol number, to identify the specific transport protocol a Linux system receives. This allows the TCP/IP software to properly decode the information coming in. A configuration file called /etc/protocols identifies all the transport protocols available on the Linux and gives their respective protocol numbers. All systems have this file, although some entries may be commented out to prevent unwanted intrusion or abuse.



<BR>



<P>Usually the /etc/protocols file is not modified by the administrator. Instead, the file is maintained by the networking software and updated automatically as part of the installation procedure. The file contains the protocol name, its number, and any alias that may be used for that protocol. A sample /etc/protocols file is shown below:



<BR>



<PRE>



<FONT COLOR="#000080"># protocols



ip 0 IP # internet protocol, pseudo protocol number



icmp 1 ICMP # internet control message protocol



igmp 2 IGMP # internet group multicast protocol



ggp 3 GGP # gateway-gateway protocol



tcp 6 TCP # transmission control protocol



pup 12 PUP # PARC universal packet protocol



udp 17 UDP # user datagram protocol



idp 22 IDP # WhatsThis?



raw 255 RAW # RAW IP interface</FONT></PRE>



<P>The exact contents of the /etc/protocols file on your system may differ a little from the file shown above, but the protocol numbers and names are probably very similar. There may be additional protocols listed, depending on the version of Linux and networking software.



<BR>



<BR>



<A NAME="E69E209"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Network Services: /etc/services</B></FONT></CENTER></H4>



<BR>



<P>The last TCP/IP configuration file used on most Linux systems identifies existing network services. This file is called /etc/services. As with the /etc/protocols file, this file is not usually modified by an administrator, but is maintained by software when installed or configured. The exception is when the /etc/services file has services missing that the application software did not add automatically. In addition, a system administrator can trim the /etc/services file in order to enhance security, such as when setting up a firewall to the local area network.



<BR>



<P>The /etc/services file is in ASCII format, and consists of the service name, a port number, and the protocol type. The port number and protocol type are separated by a slash. Any optional service alias names follow. The following is a short extract from a sample /etc/services file (the file is usually quite lengthy):



<BR>



<PRE>



<FONT COLOR="#000080"># network services



echo 7/tcp



echo 7/udp



discard 9/tcp sink null



discard 9/udp sink null



ftp 21/tcp



telnet 23/tcp



smtp 25/tcp mail mailx



tftp 69/udp



# specific services



login 513/tcp



who 513/udp whod</FONT></PRE>



<P>Most /etc/services files will have many more lines, because a wide number of TCP/IP services are supported by most versions of Linux. Most Linux systems are not used as firewalls to the Internet or between LANs, so administrators of most Linux machines will never have to worry about the contents of this file. On the other hand, if your machine is going to act as a firewall or you are very worried about security, you may want to manually modify the /etc/services file.



<BR>



<BR>



<A NAME="E68E178"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>The Loopback Driver</B></FONT></CENTER></H3>



<BR>



<P>The loopback driver is one of the most fundamental and oft-used diagnostic tools available to a system administrator. The loopback driver acts like a virtual circuit out of and back into the host machine. All outgoing information is immediately rerouted back to an input. You can use the loopback driver to test your machine's circuits by eliminating any external influences (including the network card, the network itself, gateways, or remote machines). With the loopback driver, you can ensure that the local machine is working properly and that any problems are from further out on the network. Loopback drivers are embedded as part of the Linux operating system kernel.



<BR>



<P>Because TCP/IP requires a destination IP address in order to send data, a loopback driver is set up as a special network address with the IP address 127.0.0.1. The loopback driver entries are always made in the /etc/hosts file, as shown below:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">loopback 127 localhost</FONT></PRE>



<P>The loopback driver is also known as the localhost, and you can use either name. If the loopback driver doesn't already exist on your machine, you must create it with the ifconfig command. For more information, see <A HREF="lsg30.htm">Chapter 30</A>, &quot;Configuring TCP/IP.&quot;



<BR>



<BR>



<A NAME="E68E179"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>The ifconfig</B><B> Command</B></FONT></CENTER></H3>



<BR>



<P>With the ifconfig program, you can activate and deactivate network interfaces, as well as configure them. Access to the ifconfig program is generally restricted to the superuser. Many options are available with ifconfig, most of which system administrators never use. Most of the time, you will use ifconfig only to enable an interface, as shown in <A HREF="lsg30.htm">Chapter 30</A>, &quot;Configuring TCP/IP.&quot;



<BR>



<P>The format of ifconfig commands always follow the same syntax. The syntax is



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">ifconfig interface [address [parms]]</FONT></PRE>



<P>where interface is the name of the interface, address is the (optional) IP address or symbolic name to be assigned to the interface (which is verified in /etc/hosts or /etc/networks), and parameters is one of a list of optional arguments for the address.



<BR>



<P>When used with only the name of an interface, ifconfig returns information about the current state of the interface, as shown in the following code. In this example, a query of both an Ethernet card and the loopback driver is performed. The status flags of the interface are followed by the Internet address, broadcast address, and optionally provides a network mask which defines the Internet address used for address comparison when routing. Your output may be different, but ifconfig should always display information about the interface (unless one has not been defined).



<BR>



<PRE>



<FONT COLOR="#000080">$ ifconfig eth0



eth0 Link encap 10Mps: Ethernet Hwaddr



 inet addr 147.123.20.1 Bcast 147.123.1.255 Mask 255.255.255.0



 UP BROADCAST RUNNING MTU 1500 Metric 1



 RX packets:0 errors:0 dropped:0 overruns:0



 TX packets:0 errors:0 dropped:0 overruns:0



$ ifconfig lo



lo Link encap: Local Loopback



 inet addr 127.0.0.1 Bcast {NONE SET] Mask 255.0.0.0



 UP BROADCAST LOOPBACK RUNNING MTU 2000 Metric 1



 RX packets:0 errors:0 dropped:0 overruns:0



 TX packets:0 errors:0 dropped:0 overruns:0</FONT></PRE>



<P>The output from the ifconfig command shows the interface, any characteristics it has assigned to it, broadcast addresses, and network masks. MTU stands for maximum transfer unit. The Maximum Transfer Unit size is usually set to the maximum value the interface type will support (1500 for Ethernet networks). Some operating systems use the Metric field to compute the cost of any particular route, although Linux doesn't use this field.



<BR>



<P>The RX and TX lines show how many packets of data have been received and transmitted respectively, both in total and those with errors, since the interface started in the current session.



<BR>



<P>As mentioned earlier, ifconfig accepts a long list of optional arguments to tailor the behavior of the interfaces. The following arguments are available with most versions of Linux:



<BR>







<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="100%" CELLPADDING=2 >



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



allmulti



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



This argument sets multicast mode. It is not currently supported by Linux.</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



-allmulti



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



This argument turns off multicast mode.</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



arp



</FONT>