LFCE.1 Advanced Linux Networking

LFCE: Advanced Linux Networking

[toc]

virtual network Setup between centos

make a virtual network

things you gotta do first

1. virtubalbox. add network adapter.

    server0 > adapter 1: `NAT`
            > adapter 2: `Internal Network`: `intnet1`
                > Advanced: Promiscuous Mode: Allow All
    server0 > adapter 1: `NAT`
            > adapter 3: `Internal Network`: `intnet2`
                > Advanced: Promiscuous Mode: Allow All

    server0:
    enp0s3 ether 08:00:27:63:e2:88 NAT
    enp0s8 ether 08:00:27:48:90:f2 intnet1
    enp0s9 ether 08:00:27:f9:e8:12 intnet2


2. open network, test ping.

3. add config file:

    cd /etc/sysconfig/network-scripts

    cp /etc/sysconfig/network-scripts/ifcfg-enp0s3 /etc/sysconfig/network-scripts/ifcfg-enp0s8

    vi ifcfg-enp0s8
    # change
    BOOTPROTO=static
    ONBOOT=yes // interface activated at boot time.
    # delete
    // UUID, PREFIX
    # add
    IPADDR0=192.168.1.100
    NETMASK=255.255.255.0
    GATEWAY=192.168.1.1

4. restart

5. GUI setup IP.

修改里面的NAME、DEVICE、UUID、IPADDR、NETMASK，删除GATEWAY

如果BOOTPROTO设置为dhcp，代表接受dhcp服务器动态分配的ip，你就不需要配置ip，此情况下如果你的局域网路由器或者交换机没有dhcp功能，你就上不了网；如果BOOTPROTO设置为static，你就需要自己配置ip，此情况下如果你配置的ip已经被别人占用，你也上不了网； 通过uuidgen ens37可以生成新网卡的UUID，写到配置文件里面去，你可以不写，但是不能与其他网卡的UUID相同； 所有网卡的配置文件只能有一个配置GATEWAY，否则启动不了。虚拟机的出口网关都是这个GATEWAY，但是所有网卡配置的ip都可以被访问； NAME、DEVICE就是你的新网卡的名字； NETMASK子网掩码，不解释。

server0:

To start NetworkManager:
systemctl start NetworkManager

To enable NetworkManager automatically at boot time:
systemctl enable NetworkManager

yum install network-scripts


# change to root user
su -

# config the networks
nmtui
#or
nmtooey
#
> edit a connection
  > Ethernet
    > Wired connection 3
    > enp0s3              # the NAT network, a public address
    > Wired connection 1 (enp0s8) # check the device name
      > IPv4:
        > [space] > "Manual"
        > <show>
          > Address: "192.168.1.1/24"
          > no gateway, use NAT adapter as default gateway.
        > [tab] go done
    > Wired connection 2 (enp0s9) # check the device name
      > IPv4:
        > [space] > "Manual"
        > <show>
          > Address: "192.168.1.2/24"
          > no gateway, will use NAT adapter as default gateway.
        > [tab] go done

# restart the network
systemctl restart network
# confirm the network
ip addr
# check new interface has ipaddress

server1: > adapter 1: Internal Network: intnet1

nmtui
> edit a connection
  > Ethernet
    > Wired connection 2
    > Wired connection 1 (enp0s8) #
    > enp0s3
      > IPv4:
        > [space] > "Manual"
        > <show>
          > Address: "192.168.1.100"
          > gateway: "192.168.1.1"

systemctl restart network
ping 192.168.1.1

server2:

> Address: "192.168.1.200"
> gateway: "192.168.1.2"

---

encapsulation of data with Wireshark and tcpdump

server0 :

# write scripts to install a Apache web server on the systems
# create it as normal user

touch installWeb.sh
// add
yum install httpd
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload
echo "Hello World" > /var/www/html/index.html
systemctl enable httpd
systemctl start httpd


# run the script as sudo

sh installWeb.sh



# test the web server
// download the index html file
$ wget https://192.168.1.1/index.html

server1 :

install packet sniffers

$ yum install tcpdump wireshark wireshark-gnome


Before install Wireshark, make sure that all the dependencies for Wireshark are present on the system.
Install all the dependencies using the following command,

$ yum install gcc gcc-c++ bison flex libpcap-devel qt-devel gtk3-devel rpm-build libtool c-ares-devel qt5-qtbase-devel qt5-qtmultimedia-devel qt5-linguist desktop-file-utils

Install epel using the following command:
$ sudo yum -y install epel-release

Refresh repo by typing the following commad:
$ sudo yum repolist
Install the dpkg rpm packages:
$ sudo yum install dpkg-devel dpkg-dev


$ sudo yum install wireshark wireshark-qt

use tcpdump

// run the tcpdump
$ tcpdump

// new Window
// send 1 ping packet
$ ping -c 1 192.168.1.1

// stop the capture
$ sudo tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
// here should be a ICMP echo request and reply
13:27:41.727919 IP server0.57198 > time.richiemcintosh.com.ntp: NTPv4, Client, length 48
//rever DNS lookup
// take that IP address pinged and resolve it to its host name.
13:27:41.728864 IP server0.48412 > dns.google.domain: 11642+ PTR? 136.213.164.69.in-addr.arpa. (45)
13:27:41.748362 IP dns.google.domain > server0.48412: 11642 1/0/0 PTR time.richiemcintosh.com. (82)
13:27:41.748695 IP server0.46339 > dns.google.domain: 2429+ PTR? 15.2.0.10.in-addr.arpa. (40)
13:27:41.749235 IP time.richiemcintosh.com.ntp > server0.57198: NTPv4, Server, length 48
13:27:41.772854 IP dns.google.domain > server0.46339: 2429 NXDomain 0/0/0 (40)
13:27:41.773535 IP server0.41142 > dns.google.domain: 58687+ PTR? 8.8.8.8.in-addr.arpa. (38)
13:27:41.799984 IP dns.google.domain > server0.41142: 58687 1/0/0 PTR dns.google. (62)
13:27:46.922872 ARP, Request who-has _gateway tell server0, length 28
13:27:46.923139 ARP, Reply _gateway is-at 52:54:00:12:35:02 (oui Unknown), length 46
13:27:46.923370 IP server0.37657 > dns.google.domain: 61893+ PTR? 2.2.0.10.in-addr.arpa. (39)
13:27:46.941761 IP dns.google.domain > server0.37657: 61893 NXDomain 0/0/0 (39)
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel

use Wireshark

change permission to see the interfaces

$ wireshark
error:
Couldnt run /usr/bin/dumpcap in child process: Permission denied
// change the privileges
$ ls -l /usr/bin/dumpcap
-rwxr-xr-- 1 root wireshark 96464 Jan 24 10:31 /usr/bin/dumpcap
$ sudo chown -R server1 /usr/bin/dumpcap
-rwxr-xr-- 1 server1 wireshark 96464 Jan 24 10:31 /usr/bin/dumpcap


change permission to capture the interfaces
// for CentOS
sudo groupadd wireshark
sudo usermod -a -G wireshark $USER
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod o-rx /usr/bin/dumpcap
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
sudo getcap /usr/bin/dumpcap

Then log-out and log-in again.

// for other system
$ sudo dpkg-reconfigure wireshark-common
press the right arrow and enter for yes
// add user to the "wireshark" group
$ sudo chmod +x /usr/bin/dumpcap

server1: ping -c 1 192.168.1.1

server1: wget https://192.168.1.1/index.html package 6 is the content of that webpage. http all plain text.

---

configure VLSM, NAT

subnet

server0:

$ ip addr
// spit out the ip for each interface
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:63:e2:88 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
       valid_lft 72419sec preferred_lft 72419sec
    inet6 fe80::bde6:813f:17b4:5952/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:f9:1a:97 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global noprefixroute enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::9af2:f7b0:b121:65ce/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:43:06:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global noprefixroute enp0s9
       valid_lft forever preferred_lft forever
    inet6 fe80::c02:f95b:9174:76a5/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
// virtual bridge
// come with the installation of the GNOME Desktop, which also installs delivery utilities.
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:44:ff:0d brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:44:ff:0d brd ff:ff:ff:ff:ff:ff

================================================================================

change the subnetmask

$ sudo vi /etc/sysconfig/network-scripts/ifcfg-enp0s9

TYPE=Ethernet
ONBOOT=yes
IPADDR=192.168.2.1
NETMASK=255.255.255.0
// change the PREFIX to 25
PREFIX=24
UUID=93d13955-e9e2-a6bd-df73-12e3c747f122

================================================================================

restart one interfaces

$ ifdown enp0s9
Device 'enp0s9' successfully disconnected.
$ ifup enp0s9
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/12)


check

$ ip addr
4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:43:06:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/25 brd 192.168.2.127 scope global noprefixroute enp0s9
       valid_lft forever preferred_lft forever
    inet6 fe80::c02:f95b:9174:76a5/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

server2

change the subnetmask

$ sudo vi /etc/sysconfig/network-scripts/ifcfg-enp0s9
// change the PREFIX to 25
// change the ip address 192.168.2.100
IPADDR=192.168.2.100
PREFIX=24

================================================================================

restart one interfaces

$ ifdown enp0s9
$ ifup enp0s9

================================================================================

check

$ ip addr
4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.2.100/25 brd 192.168.2.127 scope global noprefixroute enp0s9

---

NAT

server1:

// no result
// no internet
$ ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 88ms

# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.365 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.519 ms

server0:

https://linuxize.com/post/how-to-configure-and-manage-firewall-on-centos-8/

-------------error-------------
error: firewall-cmd is not installed
$ yum install firewalld
$ systemctl enable firewalld
$ systemctl start firewalld
$ systemctl is-enabled firewalld
enabled

-------------error-------------
root # firewall-config
Unable to init server: Could not connect: Connection refused
(firewall-config:5000): Gtk-WARNING **: 19:00:32.989: cannot open display:
Dont run sudo su, run it as normal user.


// easy configure the NAT
# firewall-config
zone > public >  masquerade > mark
Options > runtime to permanent (to save the configuration)

server1: now is able to ping.

# ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
64 bytes from 4.2.2.2: icmp_seq=1 ttl=61 time=20.1 ms
64 bytes from 4.2.2.2: icmp_seq=2 ttl=61 time=21.3 ms

---

ARP Wireshark

server1:

# arp -a
_gateway (192.168.1.1) at 08:00:27:af:6c:25 [ether] on enp0s8

# arp -d 192.168.1.1
# arp -a

# ping 192.168.1.1

# arp -a
_gateway (192.168.1.1) at 08:00:27:af:6c:25 [ether] on enp0s8

---

DNS Wireshark

server1:

# vi /etc/resolv.conf
//add line
nameserver 4.2.2.2
nameserver 8.8.8.8


# dig www.google.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48686
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.			IN	A

;; ANSWER SECTION:
www.google.com.		56	IN	A	172.217.12.228

;; Query time: 25 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Fri Apr 17 21:57:42 EDT 2020
;; MSG SIZE  rcvd: 48



# host www.google.com
www.google.com has address 172.217.12.228
www.google.com has IPv6 address 2607:f8b0:4004:809::2004



# Wireshark

1	0.000000000	192.168.1.100	4.2.2.2	DNS	97	Standard query 0xbe2e A www.google.com OPT
2	0.025825286	4.2.2.2	192.168.1.100	DNS	90	Standard query response 0xbe2e A www.google.com A 172.217.12.228

Frame 1: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface 0
Ethernet II, Src: PcsCompu_bf:ee:f8 (08:00:27:bf:ee:f8), Dst: PcsCompu_af:6c:25 (08:00:27:af:6c:25)
Internet Protocol Version 4, Src: 192.168.1.100, Dst: 4.2.2.2
User Datagram Protocol, Src Port: 57740, Dst Port: 53
Domain Name System (query)
    ...
    Queries
        www.google.com: type A, class IN
            Name: www.google.com
            [Name Length: 14]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    ...
    [Response In: 2]


Frame 2: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface 0
Ethernet II, Src: PcsCompu_af:6c:25 (08:00:27:af:6c:25), Dst: PcsCompu_bf:ee:f8 (08:00:27:bf:ee:f8)
Internet Protocol Version 4, Src: 4.2.2.2, Dst: 192.168.1.100
User Datagram Protocol, Src Port: 53, Dst Port: 57740
Domain Name System (response)
    Queries
    Answers
        www.google.com: type A, class IN, addr 172.217.12.228
            Name: www.google.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 56
            Data length: 4
            Address: 172.217.12.228
    [Request In: 1]
    [Time: 0.025825286 seconds]

---

check the fragment packets

server1:

small packets:

# ping -c 1 4.2.2.2
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
64 bytes from 4.2.2.2: icmp_seq=1 ttl=61 time=18.0 ms
--- 4.2.2.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 18.016/18.016/18.016/0.000 ms


$ wireshark

1	0.000000000	192.168.1.100	4.2.2.2	ICMP	98	Echo (ping) request  id=0x132a, seq=1/256, ttl=64 (reply in 2)

Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0
Ethernet II, Src: PcsCompu_bf:ee:f8 (08:00:27:bf:ee:f8), Dst: PcsCompu_af:6c:25 (08:00:27:af:6c:25)
Internet Protocol Version 4, Src: 192.168.1.100, Dst: 4.2.2.2
    0100 .... = Version: 4
------------------------- IP header: 20 bytes
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
------------------------- data: 64 Bytes
------------------------- IP header: 20 bytes
------------------------- data+ IP header: 84 bytes
    Total Length: 84
    Identification: 0x8fbc (36796)
    Flags: 0x4000, Dont fragment
    Time to live: 64
    Protocol: ICMP (1)
    Header checksum: 0xe2dc [validation disabled]
    [Header checksum status: Unverified]
    Source: 192.168.1.100
    Destination: 4.2.2.2
    [Destination GeoIP: US]
Internet Control Message Protocol

large packt

# make the package size as 1472

$ ping -c 1 -s 1472 192.168.1.1

1	0.000000000	192.168.1.100	192.168.1.1	ICMP	1514	Echo (ping) request  id=0x1363, seq=1/256, ttl=64 (reply in 2)

Frame 1: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface 0
Ethernet II, Src: PcsCompu_bf:ee:f8 (08:00:27:bf:ee:f8), Dst: PcsCompu_af:6c:25 (08:00:27:af:6c:25)
Internet Protocol Version 4, Src: 192.168.1.100, Dst: 192.168.1.1

------------------------- ping packet size: 1472 Bytes
------------------------- ICMP its own header: 8 Bytes
------------------------- transmission size: 1480 Bytes

    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)

------------------------- data: 1480 Bytes
------------------------- IP header: 20 bytes
------------------------- data+ IP header: 1500 bytes

    Total Length: 1500
    Identification: 0x3e5d (15965)
    Flags: 0x4000, Dont fragment
    Time to live: 64
    Protocol: ICMP (1)
    Header checksum: 0x730e [validation disabled]
    [Header checksum status: Unverified]
    Source: 192.168.1.100
    Destination: 192.168.1.1
Internet Control Message Protocol

// check the MTU = 1500
$ ip addr

3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000



# make the package size as 1473

$ ping -c 1 -s 1473 192.168.1.1

3	6.254072263	192.168.1.100	192.168.1.1	IPv4	1514	Fragmented IP protocol (proto=ICMP 1, off=0, ID=51d1) [Reassembled in #4]
4	6.254193946	192.168.1.100	192.168.1.1	ICMP	35	Echo (ping) request  id=0x1364, seq=1/256, ttl=64 (reply in 6)

Frame 3:
Ethernet II, Src:
Internet Protocol Version 4, Src: 192.168.1.100, Dst: 192.168.1.1
    ...
    .... 0101 = Header Length: 20 bytes (5)
------------------------- ping packet size: 1472 Bytes
------------------------- ICMP its own header: 8 Bytes
------------------------- data: 1480 Bytes

------------------------- IP header: 20 bytes
------------------------- data+ IP header: 1500 bytes
    Total Length: 1500
    ...
Data (1480 bytes)


Frame 4:
Ethernet II, Src:
Internet Protocol Version 4, Src: 192.168.1.100, Dst: 192.168.1.1
    ...
    .... 0101 = Header Length: 20 bytes (5)
------------------------- ping packet size: 1 Bytes
------------------------- IP header: 20 bytes
------------------------- data+ IP header: 21 bytes
    Total Length: 21
    ...
Internet Control Message Protocol

---

manipulate with TTL

server1:

# -n : donot do DNS lookup on all the routers along the way.
it may takes long time.

$ traceroute -n 4.2.2.2

traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 60 byte packets
 1  192.168.1.1  1.157 ms  1.005 ms  0.952 ms
 2  10.0.2.2  1.304 ms  1.397 ms  1.314 ms
// these are hop that doesnt Reply
// ignore, add 1 ttl, send again.
 3  * * *
 4  96.120.11.225  12.491 ms  12.483 ms  12.383 ms
 5  68.87.137.189  12.305 ms  14.231 ms  14.859 ms
 6  96.110.6.221  24.297 ms  24.336 ms  24.281 ms
 7  162.151.60.233  20.454 ms  20.089 ms  19.874 ms
 8  * * *
 9  * * *
10  4.2.2.2  18.461 ms  27.538 ms  27.466 ms


wireshark to check
ICMP echo request TTL: 64 (according to the system.)



# -t : chenge the TTL in the IP header
// ping the 4th hop

# ping -t 4 4.2.2.2
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
From 96.120.11.225 icmp_seq=1 Time to live exceeded
--- 4.2.2.2 ping statistics ---
6 packets transmitted, 0 received, +6 errors, 100% packet loss, time 25ms



# check the route table

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    101    0        0 enp0s8
192.168.1.0     0.0.0.0         255.255.255.0   U     101    0        0 enp0s8
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

---

configure routes, setup VLAN

server2:

# add static route

$ ip route
192.168.2.0/25 dev enp0s8 proto kernel scope link src 192.168.2.100 metric 101
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     0.0.0.0         255.255.255.128 U     101    0        0 enp0s8
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0


run time configuration:
// restart network, lose it
$ ip route add 192.168.1.1/24 via 192.168.2.1 dev enp0s3

$ ip route
// the line added
192.168.1.1/24 via 192.168.2.1 dev enp0s3
192.168.2.0/25 dev enp0s8 proto kernel scope link src 192.168.2.100 metric 101
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

$ ip route del 192.168.1.1


add a persistent route:
$ vi route-enp0s8
// add line
192.168.1.1/24 via 192.168.2.1 dev enp0s3
$ systemctl restart network
$ ip route
192.168.1.0/24 via 192.168.2.1 dev enp0s8 proto static metric 101
192.168.2.0/25 dev enp0s8 proto kernel scope link src 192.168.2.100 metric 101
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown


# ping 4.2.2.2
connect: Network is unreachable
$ vi ifcfg-enp0s8
// add line
192.168.1.1/24 via 192.168.2.1 dev enp0s3
$ systemctl restart network
$ ip route
// default router added
default via 192.168.2.1 dev enp0s8 proto static metric 101
192.168.1.0/24 via 192.168.2.1 dev enp0s8 proto static metric 101
192.168.2.0/25 dev enp0s8 proto kernel scope link src 192.168.2.100 metric 101
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
[root@server2 network-scripts]#

# add VLAN

$ vi ifcfg-enp0s8.42
// Edit
TYPE=Ethernet
BOOTPROTO=none
NAME=enp0s8.42
DEVICE=enp0s8.42
ONBOOT=yes
// VLAN yes!
VLAN=yes
NETWORK=192.168.42.0
IPADDR=192.168.42.100
PREFIX=24

// get network manager out of way.
// it wont accept
$ systemctl stop NetworkManager
// avoid break the configuration when the system reboot
$ systemctl disable NetworkManager

$ systemctl restart network


$ ip -d link show
...
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:e1:1f:f1 brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
// VLAN
// VLAN id 42
// same physical address of enp0s8
6: enp0s8.42@enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:e1:1f:f1 brd ff:ff:ff:ff:ff:ff promiscuity 0
    vlan protocol 802.1Q id 42 <REORDER_HDR> addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535


$ ip addr
...
7: enp0s8.42@enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 08:00:27:e1:1f:f1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.42.100/24 brd 192.168.42.255 scope global enp0s8.42
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fee1:1ff1/64 scope link
       valid_lft forever preferred_lft forever

---

establish and ternination of a TCP handshack

server1:

1. run the wireshark


2. download the html file from server0

$ wget https://192.168.1.1/index.html
--2020-04-18 17:29:31--  https://192.168.1.1/index.html
Connecting to 192.168.1.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12 [text/html]
Saving to: ‘index.html.1’
index.html.1         100%[===================>]      12  --.-KB/s    in 0s
2020-04-18 17:29:31 (1.36 MB/s) - ‘index.html.1’ saved [12/12]



3. wireshark

# TCP three-way handshake
1	0.000000000	192.168.1.100	192.168.1.1	TCP	74	33002 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2332931052 TSecr=0 WS=128
# the first flag set is the Syn flag with a sequence number of zero.


2	0.000479073	192.168.1.1	192.168.1.100	TCP	74	80 → 33002 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=3030758399 TSecr=2332931052 WS=128
# the initial response from the server back to the client
# acknowledge original Syn request, set its own Syn flag
# source port 80
# destination: ephemeral port on the client, 52166.

3	0.000546551	192.168.1.100	192.168.1.1	TCP	66	33002 → 80 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=2332931053 TSecr=3030758399
# the original requesting client is going to acknowledge the second part of the connection to the ephemeral port
# the acknowledgement number is one
# transmitted from 192. 168. 1. 100, back over to 192. 168. 1. 1.
# Now we have a fully-built established TCP connection
# next, we can transmit data.


4	0.016081126	192.168.1.100	192.168.1.1	HTTP	214	GET /index.html HTTP/1.1
# client requests from the web server, index. html
# transmitted from client to server
5	0.016586837	192.168.1.1	192.168.1.100	TCP	66	80 → 33002 [ACK] Seq=1 Ack=149 Win=30080 Len=0 TSval=3030758415 TSecr=2332931068
# the server acknowledges transmission,
6	0.018881828	192.168.1.1	192.168.1.100	HTTP	375	HTTP/1.1 200 OK  (text/html)
# transmits the data, HTTP 200 OK request, the actual webpage being delivered back to the client.
7	0.018925135	192.168.1.100	192.168.1.1	TCP	66	33002 → 80 [ACK] Seq=149 Ack=310 Win=30336 Len=0 TSval=2332931071 TSecr=3030758417
# client acknowledge that transmission of the page, and send an Ack from the client back over to the server.



8	0.028759547	192.168.1.100	192.168.1.1	TCP	66	33002 → 80 [FIN, ACK] Seq=149 Ack=310 Win=30336 Len=0 TSval=2332931081 TSecr=3030758417
9	0.029264140	192.168.1.1	192.168.1.100	TCP	66	80 → 33002 [FIN, ACK] Seq=310 Ack=150 Win=30080 Len=0 TSval=3030758428 TSecr=2332931081
10	0.029340848	192.168.1.100	192.168.1.1	TCP	66	33002 → 80 [ACK] Seq=150 Ack=311 Win=30336 Len=0 TSval=2332931082 TSecr=3030758428
# client sends a Fin request and an acknowledgement
# the server replies back to that Fin request with an acknowledgement and its own Fin flag set
# finally client acknowledges the Fin request from the server, and the connection is now closed.

---

TCP connection state

server1:

0.0.0.0:*
any ip any port


$ ss -ltn -4
//                                  local port                in/out port
State    Recv-Q    Send-Q        Local Address:Port         Peer Address:Port
LISTEN   0         128                 0.0.0.0:111               0.0.0.0:*
LISTEN   0         32            192.168.122.1:53                0.0.0.0:*
LISTEN   0         128                 0.0.0.0:22                0.0.0.0:*
LISTEN   0         5                 127.0.0.1:631               0.0.0.0:*


$ ss -ltn
State    Recv-Q    Send-Q        Local Address:Port         Peer Address:Port
LISTEN   0         128                 0.0.0.0:111               0.0.0.0:*
LISTEN   0         32            192.168.122.1:53                0.0.0.0:*
LISTEN   0         128                 0.0.0.0:22                0.0.0.0:*
LISTEN   0         5                 127.0.0.1:631               0.0.0.0:*
LISTEN   0         128                    [::]:111                  [::]:*
LISTEN   0         128                    [::]:22                   [::]:*
LISTEN   0         5                     [::1]:631                  [::]:*

$ ss -all -4
Netid State    Recv-Q   Send-Q       Local Address:Port       Peer Address:Port
udp   UNCONN   0        0                  0.0.0.0:mdns            0.0.0.0:*
udp   UNCONN   0        0            192.168.122.1:domain          0.0.0.0:*
udp   UNCONN   0        0           0.0.0.0%virbr0:bootps          0.0.0.0:*
udp   UNCONN   0        0                  0.0.0.0:sunrpc          0.0.0.0:*
udp   UNCONN   0        0                127.0.0.1:323             0.0.0.0:*
udp   UNCONN   0        0                  0.0.0.0:33439           0.0.0.0:*
tcp   LISTEN   0        128                0.0.0.0:sunrpc          0.0.0.0:*
tcp   LISTEN   0        32           192.168.122.1:domain          0.0.0.0:*
tcp   LISTEN   0        128                0.0.0.0:ssh             0.0.0.0:*
tcp   LISTEN   0        5                127.0.0.1:ipp             0.0.0.0:*



# head : only a few

$ netstat -an | head
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
tcp6       0      0 :::111                  :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 ::1:631                 :::*                    LISTEN
udp        0      0 0.0.0.0:5353            0.0.0.0:*



1. ssh to a host that deoesnt exist


$ ss -t
State   Recv-Q    Send-Q         Local Address:Port         Peer Address:Port


$ ssh root@192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' cant be established.
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sat Apr 18 17:19:02 2020
[root@server0 ~]#

$ ss -t
State   Recv-Q    Send-Q        Local Address:Port          Peer Address:Port
ESTAB   0         0             192.168.1.100:44192          192.168.1.1:ssh



2. to a host that deoesnt exist

$ ssh root@192.168.1.1

$ ss -t
State      Recv-Q    Send-Q        Local Address:Port        Peer Address:Port
SYN-SENT   0         1             192.168.1.100:45160       192.168.1.13:ssh
// not ESTAB
// SYN-SENT, SYN-RECEIVED, ESTAB

---

manipulate a latency of the network, congestion control

normal downloads

server0:

1. create a big file.

$ cd /var/www/html
$ sudo fallocate -l1G largeFile.bin
$ ls
index.html  largeFile.bin

server1:

1. start the Wireshark



2. download the big file.

$ scp root@192.168.1.1:/var/www/html/largeFile.bin .
root@192.168.1.1s password:
largeFile.bin                                  100% 1024MB  27.7MB/s   00:36

open the wireshark:

static > TCP streamGraph > window scaling graph

slow start, TCP starts out its connection with a very small window size, and as it proves the connection is more reliable, it increases the window size, and thus maximizing the throughput. download a file from the internet, it starts off slow and then speeds up. This is the reason why. It’s also the same reason why download one single large file, it downloads much quicker than many small files of the same size, because of the startup costs of TCP and getting from a small window size to the full window size for the connection.

put lantency

server0:

1.
use tool called TC, an IP traffic shaper
tell that server to add a 3, 000 milliseconds of delay,
and drop 5% of the packets,
so a very slow, a very unreliable link, and try the transfer again .

$ sudo tc qdisc add dev enp0s8 root netem delay 3000ms loss 5%

server1:

1. start the Wireshark


2. download the big file.
// extremely slow
$ scp root@192.168.1.1:/var/www/html/largeFile.bin .
root@192.168.1.1s password:
largeFile.bin                                    0%   112KB   1.9KB/s 153:01:00 E

server0:

1. delete the modification
$ sudo tc qdisc del dev enp0s8 root

server1: download speed back to normal

open the wireshark:

static > TCP streamGraph > window scaling graph

start off with a very small window size, and TCP struggles to increase it, but once delete that traffic policy, link reliability and performance increases, as window size goes way up, and start moving larger chunks of data more quickly.

static > IO graph.

filter tcp. analysis.window_update: each of the times, during this transmission, that the window was updated.

filter tcp. window_size. when the link was dropping packets and really high latency, the window size was pretty fixed, and then once we removed it, it shoots up very quickly.

So you can see the big inflection point at 120 seconds, when we removed the policy, and the bandwidth shoots way up. So that covers us for congestion control. We were backing off the send rate, because of dropping packets and increased latency.

filter tcp.analysis.bytes_in_flight: the amount of data in flight between the two hosts. These are unacknowledged TCP segments. Initially we didn’t have any data in flight due to the poor connection, except for the one segment in transmission, but once the link proved reliable, we started being able to send more unacknowledged segments, and thus helping us realize the full bandwidth of the link.

---

UDP connections

server1:

1. send a udp DNS request

$ dig www.google.com


2. check the Wireshark

1	0.000000000	192.168.1.100	10.0.2.3	DNS	97	Standard query 0x6479 A www.google.com OPT
2	1.000204013	192.168.1.100	8.8.8.8 	DNS	97	Standard query 0x6479 A www.google.com OPT
3	1.018508002	8.8.8.8	        192.168.1.100   DNS	101	Standard query response 0x6479 A www.google.com A 172.217.164.164 OPT

---

.