-
Notifications
You must be signed in to change notification settings - Fork 0
/
NetworkTools.txt
398 lines (297 loc) · 15.3 KB
/
NetworkTools.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
Network Tools To Remember:
https://unix.stackexchange.com/questions/120153/resolving-mac-address-from-ip-address-in-linux
Mac Address Finder : https://aruljohn.com/mac.pl
1. ifconfig
shows interfaces that are up and their ip address, mac address, broadcast and other details.
2. ifconfig enp0s8 192.168.56.10 netmask 255.255.255.0 up
Add IP Address for adapter enp0s8 to 192.168.56.10 and mask 24 bit and up the adapter
3. ip a
ip ad
ip address
ip address show
Shows the ip address and other links which are either up or down with their L2/L3 details
4. ip address add 192.168.56.10/24 dev enp0s8
Add a new ip address to your device enp0s8
5. ip address del 192.168.56.10/24 dev enp0s8
Delete just the ip address of enp0s8 and not the interface itself.
5. ip link
ip link show
Similar to ip a but shows the status of the devices
6. ip link set enp0s8 netns 1
This will set the netns of the link to root namespace
ip link set enp0s9 netns red
This will set the netns of the link to red namespace
7. ip link set enp0s8 down
ip link set enp0s8 up
Bring down the adapter interface enp0s8 down and then up.
To see the status of the down link run "ip link" see the <...,UP,...>
8. ip route
CAUTION: Make sure there is no double entry otherwise no connectivity OR destination out of reach
Gives you the ip address, gateway of the devices in your network
9. route
CAUTION: Make sure there is no double entry otherwise no connectivity OR destination out of reach
Gives you the same information of ip route but tabular
10. ip route add default via 192.168.1.1 dev enp0s8
Set the device enp0s8 use 192.168.1.1 as its default gateway
11. ip route add 10.0.0.0/24 via 0.0.0.0 dev veth0-d
Creates the entry at the following table in route
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 UG 100 0 0 veth0-d
12. ip route del 10.0.0.0/32
Deletes 1st entry from the following table in route
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.255 UG 100 0 0 veth0-d
10.0.0.0 0.0.0.0 255.255.255.0 UG 100 0 0 veth0-d
13. route del -net 10.0.0.0 gw 0.0.0.0 netmask 255.255.255.0 dev veth0-d
Deletes 1st entry from the following table in route
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 UG 100 0 0 veth0-d
10.0.0.0 0.0.0.0 255.255.255.0 UG 100 0 0 veth1-d
14. ip neigh
Same as ip address show
15. nslookup google.com
Helps you to resolve the webaddress to ip address using the DNS service provided at IP address mentioned in /etc/resolv.conf
16. dig
17. vim /etc/resolv.conf
Helps you open file with the address of different nameserver that provide us DNS service
add -> nameserver 8.8.8.8 (google nameserver)
add -> nameserver 8.8.4.4 (google nameserver)
18. ping 192.168.56.6 -c 1
Send one ICMP packets to the device with ip address mention
19. ping -I enp0s8 192.168.56.6
Send ICMP packet from network device enp0s8 to ip address 56.6
20. fping -s -g 192.168.56.1 192.168.56.101
Ping IP address from 56.1 to 56.101
alternate names: fping / fing
21. arp -a
22. arping -I <interface> -c 1 <host>
arping -I eth0 -c1 192.168.1.2
23. tcpdump -D
Give you the devices that can be listened to your devices
tcpdump -i enp0s8
Give you the packets arriving at the adapter device enp0s8
24. nmap -P0 -O 192.168.56.5
Free security scanner which gives the following result
1. OS running on the IP
2. MAC address of the device
3. open ports available running which services
4. Next hop
25. netstat -tulpn | grep ':6653'
-l : tells nestat to only show listening sockets
-t tells to display tcp connection
-n instructs it show numerical address
-p show process ID and process names
-u udp connection
Install netstat using the following
sudo apt install net-tools
26. ss --all
Shows the state of All ports. Listening or not listening
ss -l
Show the port that are Listening.
ss -ta
Shows All the port that are using Tcp
ss -lu
Shows the port that are Listening and using Udp.
ss -p
Shows the Process id with the port number
ss --inet -nap
Mix as per wish example "ltp"
26. sudo fuser -k 6653/tcp
Kill the process which is using port 6653 and is TCP
27. ethtool -S veth1
S: statistics
i: interface show details
If you have a veth pair veth1 <-> eth1 then you can trace where the other veth pair is given you have one.
This command will give you peer_ifindex as some number. Use ip link to find that index in different netns or docker.
Eg:
ethtool -S veth1
peer_ifindex: 4
ip link
1. lo
2. enp0s3
3. veth1
4. eth1
So from this we can understand eth1 is the peer of veth1
Note: The ifindex of devices can be seen using the following:
cat /sys/class/net/enp0s3/ifindex
29. iptable
Used to create firewall. It can drop or add packets as per requirement. Didn't use it till now.
help: https://www.geeksforgeeks.org/iptables-command-in-linux-with-examples/
30. anydump.sh
Tcpdump just shows the output without mentioning the interface in which the packet is received.
The code by Sebastian Haas append the interface name with the packet.
help1: https://sebastianhaas.de/anydump-release/
Its a bash script copy it from his blog and paste it in any editor and run it like tcpdump.
help1: https://serverfault.com/questions/224698/how-to-display-interface-in-tcpdump-output-flow
I) How to create Network NamespaceLinux VETH Pair - Virtual Ethernet Pair
ip link # Shows existing network device configuration
ip link add tap1 type veth peer name tap2 #add 2 network devices connected in form of a pipe with tap1
at beginning and device type veth(virtual ethernet) and end tap2
ip netns add red # Create a network namespace(netns) red
ip netns add blue # Create a network namespace(netns) blue
ip link set tap1 netns red #shift tap1 to netns red
ip link set tap2 netns blue #shift tap2 to netns blue
ip netns exec red ip a #See the network devices within netns red and observe the device state is down
ip netns exec red ip link set tap1 up #We set the device state of tap1 to be UP
ip netns exec blue ip a #See the network devices within netns blue and observe the device state of tap2 is down.
ip netns exec blue ip link set tap2 up #We set the device state of tap2 to be UP
ip netns exec red ifconfig tap1 192.168.1.2/24 #Set the ip address of tap1 in netns red to be 1.2/24
ip netns exec blue ifconfig tap2 192.168.1.3/24 #Set the ip address of tap2 in netns blue to be 1.3/24
ip netns exec red ping 192.168.1.3 #Try to ping to the netns blue using tap1
ip netns exec blue ping 192.168.1.2 #Try to ping to the netns red using tap2
NB: This ping works for the following reason
1. the "ip route" entry for both of the will have an entry which will have dev that are end of pipes (tap1,tap2).
2. If there are multiple pipes connecting 2 netns then make sure there is just one entry for one netns to another.
SHORTCUT
# ip netns add net1
# ip netns add net2
# ip link add veth1 netns net1 type veth peer name veth2 netns net2
II) How to create a mininet network with vSwitch
(h1)--(s1)--(h2)
https://www.youtube.com/watch?v=_WgUwUf1d34&t=29s
ip link #observe the link
ip a #observe the address of links
ip route #observe the route for links
ip netns add red #Create new network namespace red
ip netns add green #Create new network namespace green
ip netns exec red ip link # {ip netns exec red} runs the command {ip link} in ns red
ip netns exec green ip link # {ip netns exec green} runs the command {ip link} in ns green
ovs-vsctl add-br OVS1 #We need a openVSwitch in root namespace to talk to red and green with name OVS1
ovs-vsctl show #Shows the details of the OpenVSwitch and newly added port
#Use veth pipe to connect network ns red and vSwitch and green and vSwitch
ip link add eth0-r type veth peer name veth-r #Create pipe with eth0-r and veth-r at both end
ip link set eth0-r netns red #Put eth0-r in ns red
ip link #We see that root ns doesnt have eth0-r
ip netns exec red ip link #We see that red ns contain eth0-r
ovs-vsctl show #See the switch characteristics
ovs-vsctl add-port OVS1 veth-r #Adds veth-r to vSwitch OVS1
ovs-vsctl show #See the added port to vSwitch
#red and vSwitch connected
ip link add eth-g type veth peer name veth-g #Create pipe with eth0-g and veth-g at both end
ip link set eth0-g netns green #Put eth0-g in ns red
ovs-vsctl add-port OVS1 veth-g #Adds veth-g to vSwitch OVS1
ip link #We see that root ns doesnt have eth0-g
ip netns exec green ip link #We see that green ns contain eth0-g
ovs-vsctl show #See the added port to vSwitch
#green and vSwitch connected
Bringing the interfaces UP and Assigning IP Addresses
#root namespace
ip link #See that veth-r and veth-g STATE is DOWN
#veth-r@ <BROADCAST, MULTICAST> is seen
ip link set veth-r up #Set the veth-r interface up
ip link #See that eth0-r and eth-g STATE is LOWERLAYERDOWN
#veth-r@ <NO-CARRIER, BROADCAST, MULTICAST, UP> is seen.
#red namespace
ip netns exec red ip link set lo up #Bring up the loopback interface in netns red
ip netns exec red ip link set eth0-r up #Bring up the eth-r interface in netns red
ip netns exec red ip address add 10.0.0.1/24 dev eth0-r #Assign the IP address to eth0-r
ip netns exec red ip route #See that now we have a device for ip address 10.0.0.0/24 via eth0-r
#10.0.0.0/24 dev eth0-r proto kernel scope link src 10.0.0.1
#Shows that there exist a path
ip route # See that root netns has no clue of 10.0.0.0/24
#green namespace
ip link set veth-g up # Set the veth-g interface up
#Shortcut
ip netns exec green bash #Removes the need of typing ip netns exec green everytime
ip link set lo up #set the loopback device up
ip link set eth0-g up #Set the eth-g device up
ip address add 10.0.0.2/24 dev eth0-g #Add network address 10.0.0.2/24 on device eth0-g
exit #Comes out of netns green
ip netns exec red ping 10.0.0.2 #See ping from green replying
III) How to run local DHCP to give ip address to a device in a network namespace using vlan tag for process isolation.
#Run commands in II) to get a (Red)--(Router)--(Green) setup
(h1)--(s1)--(h2)
ovs-vsctl set port veth-r tag=100 #Namespace red has green are
ovs-vsctl set port veth-g tag=200 #separated at the switch by vlan
ovs-vsctl show #See that interface have tag: added to it
ip netns exec red ping 10.0.0.2 #Packets wont cross the switch because of vlan tag
#remove ip address of eth0-r and eth0-g since we will be using dhcp instead
ip netns exec red ip address delete 10.0.0.1/24 dev eth0-r
ip netns exec green ip address delete 10.0.0.2/24 dev eth0-g
ip netns add dhcp-r #to run DCHP server on netns for red tenents
ip netns add dhcp-g #to run DCHP server on netns for red tenents
#connection of ns dhcp-r and dhcp-g to the switch will be done using internal port tap-r and tap-g and not veth pair
ovs-vsctl add-port OVS1 tap-r #You may seem error stating "Could not open network device"
ovs-vsctl show #The error is because it doesn't identify the use of the port
ovs-vsctl set interface tap-r type=internal #The error will be removed after it knows its internal port
ovs-vsctl show #No error in tap-r section
ovs-vsctl set port tap-r tag=100 #Set the vlan tag for tap-r to be 100
ovs-vsctl add-port OVS1 tap-g
ovs-vsctl set interface tap-g type=internal
ovs-vsctl set port tap-g tag=200
ovs-vsctl show
#Move the tap-r and tap-g to their netns dhcp-r and dhcp-g
ip link set tap-r netns dhcp-r #Moves tap-r to netns dhcp-r
ip link set tap-g netns dhcp-g
ip netns exec dhcp-r ip link # Shows that tap-r is here
#move into netns dhcp-r to up the devices
ip
ip netns exec dhcp-r bash #start bash in netns dhcp-r
ip link set lo up #Up the loopbach device
ip link set tap-r up #Up the tap-r device
ip address add 10.50.50.2/24 dev tap-r #Add IP address to the dhcp-r port
exit
#move into netns dhcp-g to up the devices
ip netns exec dhcp-g bash
ip link set lo up
ip link set tap-g up
ip address add 10.50.50.2/24 dev tap-g #Add IP address to the dhcp-g port
#Run a DNS server on dhcp-r netns to give address to any tenants
ip netns exec dhcp-r dnsmasq --interface=tap-r \ #Run dnsmasq in the dhcp-r netns on tap-r
--dhcp-range=10.50.50.10,10.50.50.100,255.255.255.0 #interface in the range of 50.10 to 50.100
ip netns exec dhcp-g dnsmasq --interface=tap-g \ #Run dnsmasq in the dhcp-g netns on tap-g
--dhcp-range=10.50.50.10,10.50.50.100,255.255.255.0 #interface in the range of 50.10 to 50.100
#To check which process is running on which network nameserver
ps -ef | grep dnsmasq #Obtain the PID for the dnsmasq with UID nobody
ip netns identify <pid of dnsmasq> #We see dnsmasq in tap-r is in dhcp-r
ip netns exec dhcp-r ip address
ip netns exec red ip address #Shows there is still no address for eth0-r
ip netns exec red dhclient eth0-r #Assigns ip address to the adapter eth0-r
ip netns exec red ip a #Find the IP address here
ip netns exec green dhclient eth0-g #Assigns ip address to the adapter eth0-g
ip netns exec green ip a #Find the IP address here
Preetams Helps
Introduction to Linux interfaces for virtual networking
https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking/
Linux VETH Pair - Virtual Ethernet Pair
https://www.youtube.com/watch?v=FUHyWfRNhTk
IV) How to start 2 dockers and connect them using ovs-docker or ovs-vsct
#Install openVSwitch
sudo apt install openvswitch-switch
#check whether ovs-docker is available in your /usr/bin if not then
cd /usr/bin
wget https://raw.githubusercontent.com/openvswitch/ovs/master/utilities/ovs-docker
chmod a+rwx ovs-docker
#Creating an OVS Bridge
sudo ovs-vsctl add-br ovs-br1
sudo show ovs-vsctl show
# Giving your bridge ip address
sudo ifconfig ovs-br1 173.16.1.1 netmask 255.255.255.0 up
#Starting ubuntu docker containers to act as hosts
#To have control over the network interfaces add --privileged
#We opted for ubuntu:14.04 even when 18.04 and 20.04 are available because 14.04 have ifconfig and ip package installed.
sudo docker run -it --privileged --name container1 ubuntu:14.04 bash
sudo docker run -it --privileged --name container2 ubuntu:14.04 bash
#Checking the network interfaces in host containers to see that there will be just lo and eth0
# here eth0 or the interface with ifindex=2 is very important as if you take it down then there wont be any further communication between your docker and outside world and you have to stop the docker and start again.
# Even with eth0 active you will be able to ping to the other host. Once we have set up our bridge we can take it down
#In container1
ip link
#In container2
ip link
#Connect OVS Bridge with the 2 host containers
sudo ovs-docker add-port ovs-br1 eth1 container1 --ipaddress=173.16.1.2/24
sudo ovs-docker add-port ovs-br1 eth1 container2 --ipaddress=173.16.1.3/24
#Go to container 1 and see ip address to see eth1 there an
# Now take down the eth0 to ensure there is no alternate path for our packet to reach other host container.
#In container 1
ip link set eth0 down
#In container 2
ip link set eth0 down
#ping the other device to see it taking eth1 as the gateway
#In container 1
ping 173.16.1.3
route
#In container 2
ping 173.16.1.2
route