Some Systems Stuff

• Wireshark/ethereal.
  • http://www.wireshark.org/
  • A packet sniffer
  • A protocol analyzer
  • Try it.
• /sbin/ifconfig
  • reports and configures network interfaces.
  • 
  • By anding the target ip and the netmask, we can determine if the target is on the local network or not.
  • Note, we also see the Maximum Transmission Unit (MTU) for the associated network.
• Netstat
  • Provides information about network connections.
  • With no flags gives information about active connections.
  • 
  • netstat -r
    • Shows the routing table for the machine.
    • 
  • Routes are added and deleted with route command.
  • The DEFAULT route tells where to send unknown network packets to.
  • Another example from braveheart.
    • 
    • In this case, if the network part is 10.1.1. send it to eth0
    • If the network part is 147.64.242.x send it to eth0
    • The default route is to 147.64.242.1
• Setting this all up.
  • From files. Look at braveheart.
  • From DHCP.
  • 
• ARP - address resolution protocol.
  • IP address to lower level network translation.
  • For two hosts on the same network
  • Or a host and a router.
  • I know the IP address I want to talk to.
    • I send an ARP broadcast asking who has the ip address
    • Whoever has it responds to the broadcast.
  • Example wireshark (ethereal) output.
    • My machine is at 192.168.1.101
    • The windows machine is at 192.168.1.100
    • /sbin/arp reports the arp table.
    • Entries time out (looks like about 10 min right now)
    • A screenshot of the command
    • 
    • A screenshot of ethereal capture.
    • 
    • The request (arp packet)
    • 
    • The reply (arp packet)
    • 
• NAT - Network address translation
  • Allows my router to pretend my machines are connected to the network.
  • The router on a private network interface can perform this service.
  • It matches ip addresses/tcp port pairs
  • And forwards the connection.
  • It does this by forming a table of ip/port on both sides.
  • On a packet transmission from my side
    • It is sent to the router.
    • The router records source ip and port
    • It establishes a connection on a given port and sends the packet.
  • On a packet from the outside.
    • It is to a given port on the router.
    • It looks to see if this port is matched, and if so sends it on to the registered machine.
  • On an unknown connection from outside.
    • The router maintains a table of allowable connections.
    • 
    • If I receive a connection on one of those ports, it is forwarded to the listed machine.