Network security

Computer Network Diagnostics, Part 1

Sometimes, at the beginning of my adventure to the Internet, I was wondering how it is that I have a local area network and Internet access. See for yourself, turn on your computer and after some time we will see the screen of our desktop operating system. Then the only thing left click on the icon of our browser and we have access to our favorite sites. Whoa, you do not see a party, so what went wrong? Why do we not have access to our favorite websites? Well, we will try to remedy this by using the network diagnostic software available on any operating system.

How is it that you really have access to the network?

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

Start Learning

This question may seem trivial, but no response usually takes a very long time. Whenever we ask what a computer must have to use the network, we mean any adapters or cables. Sometimes we say that we also need a router. Of course, all these things are usually very important in the use of computer networks, but in themselves they do not really give us access as users. In order to efficiently use computer networks, we must necessarily have the service installed on any computer network protocols.

Of course, with different networks are a number of different solutions. The simplest of these is that our dear computer has installed support for all of the family of TCP / IP protocols and has a permanently assigned IP address, which is always printed in the local configuration settings. It is one of the simplest solutions with which we come into contact, but really it is not very secure, so we have always assumed that the administrator has decided to to something else.

Most likely, the situation is that the administrator has started on one of your DHCP servers. This service allows the dynamic assignment of IP addresses at the request of any workstation on the network. It is also usually very possible that in our local network there is a functioning set of private addresses, which we do not see on the outside, and the IP address that we see on the outside is the address of our router network. The task of translation is really the appropriate response to incoming private addresses and to get content on the screen, which is really needed. Sometimes, its administrator has some very compelling reasons to install support for one of the oldest Internet protocols. Then usually on the road package is the gateway, which is really responsible for the translation of data between relevant network protocols.

If we find solutions that are based on the internal network using a set of private addresses that are not and will never be seen on the outside, it is called Network Address Translation, NAT for short. Some NAT-based networks are also different types. I distinguish NAT static, dynamic, active, passive, positive and negative. NAT itself is beautiful. It works so that an incoming packet to the internal network interface, always containing the address of our workstation, which is taken from the pool of our private addresses, is routed to one of the router's external interface, where it goes on, along with the address of the network interface. The answer that comes is really always redirecting and then is passed on to whom you need.

Sometimes it so happens that the private addresses are much more prevalent than the available public addresses. Then we are dealing with a situation that one public address is associated with a number of private addresses. In addition, to make it clear to whom the response from the server is addressed, we need to assign each address to an appropriate set of internal ports to the external address. We take it from the pool of dynamic ports that are available to us. This to change the data port is called PAT.

As you probably noticed, all the addresses from the internal network can not really be anything, but a good practice is to use addresses from the reserved pool of private addresses. Gee, how fortunate we are; everywhere there is a good practice, whether it is a network address assignment, or for testing or software development. Sometimes it also happens that the whole operation takes place outside of the third and fourth layer ISO / OSI model. Then the packets are not shifted between the IP addresses, but between the fourth layer protocols. This solution is called Circuit-Level Proxy.

If you look at most networks, you will find some similarities in all that are visible to the naked eye. In most of them, the administrator uses the same private IP network that, in order to resolve any conflicts, all computers are dynamically allocated. This dynamic address assignment can be carried out by several protocols, but most of it is carried out by the DHCP server that has all of them. This is really the greatest potential for the transmission of all information to specific workstations. The DHCP can provide not only information about the data of IP addresses that receive data workstations, and what is really the gateway address, but also a huge range of information, such as information about services in data networks and servers.

Whoa, we finally reached the end of our quick theory on the principles of computer networks. We already know about something about layers and how to communicate. We also know what services must be provided with our computer in order to effectively communicate over a computer network. Now we can move on. To really determine how the network configuration looks in our case, we can use graphics programs, but we have the ifconfig system installed. This program allows you to set or display all information about our network. Below is a sample output from the ifconfig command from my workstation which is not currently connected to the network:

root [~] # ifconfig

eth0 Link encap: Ethernet HWaddr dc: 0e: a1: 4b: 5d: 94

inet addr: 169.254.186.86 bcast: 169.254.255.255 Mask: 255.255.0.0

UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1

RX packets: 0 errors: 0 dropped: 2775300121 overruns: 0 frame: 0

TX packets: 2790 errors: 0 dropped: 0 overruns: 0 carrier: 0

collisions: 0 txqueuelen: 1000

RX bytes: 0 (0.0 B) TX bytes: 625441 (610.7 KB)

Interrupt: 122 Base address: 0x6000

lo Link encap: Local Loopback

inet addr: 127.0.0.1 Mask: 255.0.0.0

UP LOOPBACK RUNNING MTU: 16436 Metric: 1

RX packets: 1003 errors: 0 dropped: 0 overruns: 0 frame: 0

TX packets: 1003 errors: 0 dropped: 0 overruns: 0 carrier: 0

collisions: 0 txqueuelen: 0

RX bytes: 379547 (370.6 KiB) TX bytes: 379547 (370.6 KB)

root [~] #

All program options in ifoconfig. I wrote the following:

ifconfig [-a] [-v] [-s] <interface> [[<AF>] <address>]

[Add <address> [/ <prefixlen>]]

[Del <address> [/ <prefixlen>]]

[[-] Broadcast [<address>]] [[-] pointopoint [<address>]]

[Netmask <address>] [dstaddr <address>] [tunnel <address>]

[Outfill <nn>] [keepalive <nn>]

[H <HW> <address>] [metric <nn>] [mtu <nn>]

[[-] Trailers] [[-] arp] [[-] allmulti]

[Multicast] [[-] promisc]

[Mem_start <nn>] [io_addr <nn>] [irq <nn>] [media <type>]

[Txqueuelen <nn>]

[[-] Dynamic]

[Up | down] ...

<HW> = Hardware Type.

List of possible hardware types:

loop (Local Loopback) slip (Serial Line IP) cslip (VJ Serial Line IP)

slip6 (6-bit Serial Line IP) cslip6 (VJ 6-bit Serial Line IP) adaptive (Adaptive Serial Line IP)

strip (Metricom Starmode IP) ether (Ethernet) tr (16/4 Mbps Token Ring)

tr (16/4 Mbps Token Ring (New)) ax25 (AX.25 Amp R) netrom (ampr NET / ROM)

tunnel (IPIP Tunnel) ppp (Point-to-Point Protocol) arcnet (ARCnet)

DLCI (Frame Relay DLCI) FRAD (Frame Relay Access Device) irda (IrLAP)

x25 (generic X.25)

<AF> = Address family. Default: inet

List of possible address families:

unix (UNIX Domain) inet (DARPA Internet) inet6 (IPv6)

ax25 (AX.25 Amp R) netrom (ampr NET / ROM) ipx (Novell IPX)

ddp (Appletalk DDP) x25 (CCITT X.25)

However, if you want to know more about this program, just type "main ifoconfig" in the console.

Wireless configuration is used in the iwconfig command console. This command takes the following parameters:

Usage: iwconfig [interface]

interface essid {NNN | any | on | off}

interface mode {managed | ad-hoc | master | ...}

N.NNN interface freq [k | M | G]

interface channel N

interface bit {N [k | M | G] | auto | fixed}

interface rate {N [k | M | G] | auto | fixed}

enc {NNNN interface-NNNN | off}

interface key {NNNN-NNNN | off}

interface power {period N | timeout N | saving N | off}

NNN nickname interface

interface nwid {NN | on | off}

interface ap {N | off | auto}

interface txpower {nmw | NDBM | off | auto}

interface point N

interface retry {limit N | lifetime N}

interface rts {N | auto | fixed | off}

interface frag {N | auto | fixed | off}

interface modulation {11g | 11a | CCK | OFDMg | ...}

interface commit

You can find out more about it by typing "man iwconfig" in the console of you operating system.

Well, let's now consider another important issue. How can we request information from a server to send configuration information, although they do not know his address, both logical and physical? To this end, our machine sends information for all machines on the network. This is called a broadcast, and it is that the message is placed in the frame broadcast.

In DHCP specification, the message is called a DHCPDISCOVER and is asking for a DHCP server, which, if found, returns the DHCPOFFER message with the name. This message is sent in the usual unicast frame that is addressed to a single recipient.

What's next? The customer must select the DHCP server that is for him. To do this, wait for a moment to familiarize yourself with all DHCP servers in the area. It then sends the DHCPREQUEST message, which contains the selected DHCP server, but it is subject to broadcast to the entire network to other servers, which also reported the readiness to provide similar services, to also know what is really going on. Then the selected server sends the DHCPACK message. This message contains information that you need to configure the client. So as you can see, right at the beginning of the poll of the network appeared at least four answers, if we assume that the network is on at least one DHCP server.

Summary

The first part of the article is, of course, a simple introduction to the utilities. Perhaps this is not something an advanced user expected out of this article, but not all of us are very advanced in terms of network configuration and network protocols. Just in this article I wanted to give some basic information that everyone should know about computer networks. After completion of all you will learn a lot more specifically, how it all works. Until then I recommend you try out basic network configurations, and decipher the NAT configuration. I also recommend a look inside the TCP / IP and DNS protocol specifications.

What can you expect next? Certainly talk about the issue of DNS servers and the arp table. In addition, we will try to implement your own C program that will translate an IP address into an address understandable by humans and vice versa. We will learn the tools needed by each Administrator, the program nestat and how to use it. We will probably make some analysis of what is happening in our computer network. We will also see how to use the analysis of the network and ping telnet program. Also learn how to track the route taken by packets using traceroute.

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

Start Learning

All of these tools presented in this series of articles will aim to make you better administrators. However, it now remains for me to be leaving this with you and to ask you to read other articles by me. Have fun while exploring the documentation and good luck on the road that leads to becoming the best administrators of network operating systems.