LINUX - MANAGING NETWORK

 The OSI Model

IPv4 Classes

Monitoring Services

# top

# ApacheTop

# Monit 

# System Monitor

Hostname Configuration

# sudo hostnamectl set -hostname server01

The nmcli Command

# nmcli general status

# nmcli connection show: view identification info for each NIC

# nmcli con up {device ID}: Enable specified NIC

# nmcli con down {device ID}: Disable specified NIC

# nmcli con edit {device ID}: Enter interactive mode to configure specified NIC

# nmcli device status: display current status of each NIC

The nmtui Utility

The nmgui Utility

The ip command

# ip addr show

# ip link

# ip link set eth1 up

# ip link set eth1 down

The ethtool command

The brctl command

Configures network bridging:

• Associating two networks together
• Works at Layer 2 with MAC address

# brctl show

# brctl addr {bridge name}

# brctl addif {bridge name} eth0

# brctl addif {bridge name} eth1

# /etc/sysconfig/network-scripts

The DHCP Lease Generation and Renewal Process

# /etc/dhcp/dhclient.conf

Name Resolution

# /etc/hosts

# /etc/resolv.conf

The /etc/nsswitch.conf

Preferred order:

• /etc/hosts
• DNS servers

# cat /etc/nsswitch.conf | grep hosts

Tools for testing name resolution

# dig: dig @{IP address} {domain name}: outputs IP addr mapped to domain, answering DNS server, and time taken to receive answer

# nslookup {domain name}

# host {domain name} {IP address}

Hypervisors

Virtualization Tool

# virsh: is interactive shell to KVM virtual machines

The traceroute and tracepath commands

The netstat Command

Gathers info about TCP connections on system: existing connections, listening ports, NIC info, etc

# netstat -v: verbose mode

# netstat -i: network interfaces

# netstat -c: continuously print info every second

# netstat -l: show only ports being listened on

netstat vs ss

# ss -l: show currently listening sockets

# dst {host}: show whether host is connected and its stats

# -i: only what ports being listened on

The route Command

# route: view current routing table

# route add default gateway {IP addr}

# route add -host {IP addr} reject: filter traffic based on specified IP addr

# ip addr

# ping {destination}

# firewall -cmd --list -services

# Wireshark

# tcpdump -i enp3s0 -c 5

The netcat command

Can test connectivity over a network. Can listen on a destination computer and attempt to connect to source

LAB

Configuring the Server's Network Identity

Scenario

You need to ensure the system's hostname and IP address configuration is correct. You also need to be able to configure network settings whether or not a GUI is installed. You will configure the system with both a static IP address and a dynamic IP address.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

• 1.3 Given a scenario, configure and verify network connection parameters

• 2.7 Explain the use and operation of Linux devices

---

Set the server's hostname

1. Log in as student01 with Pa22w0rd as the password.

2. In a terminal window, enter hostname to view the system's current hostname.

3. Enter nmcli general hostname to use a different command to view the system's current hostname.

4. Enter sudo hostnamectl set-hostname server01 to configure a new hostname.

5. Enter sudo systemctl restart systemd-hostnamed to restart the service, making the change persistent.

   Recall that you will almost always have to restart services for changes to be implemented.

6. Verify that your system's hostname has changed.

Verify the current IP address configuration of the server

1. Enter man ifconfig and note the man page entry that indicates the tool is deprecated (retired).

2. Press q to quit.

3. Type ip (don't press Enter), add a space, then press Tab twice to see a list of available subcommands.

   Be sure to include a space before pressing Tab twice. This tip takes advantage of tab completion. It displays the subcommands associated with the ip command.

4. Enter ip addr to display information about available network interfaces.

   On CentOS 7, the main Ethernet device you should use will usually be named in the format enp#s#. For the following steps, make sure you're using the NIC identified with this name, and not the loopback adapter or a wireless LAN adapter.

   You may enter the device ID below:
   

5. Enter ip addr show ens32 to display the information for a specific NIC.

   

   Use the NIC device ID from the output of the previous step. For example, the device ID value might be enp0s3

   One of the first steps in networking troubleshooting is to verify the current IP address configuration. Therefore, the ip command will be essential to your network troubleshooting process.

Display network information by using nmcli

1. Enter nmcli general status to view the current network connectivity status according to NetworkManager.

2. Enter nmcli connection show to see the name, UUID, type, and device ID for each NIC.

Disable and enable a NIC using nmcli

1. Enter nmcli con down ens32 to stop the NIC, making it inactive.

2. Enter nmcli device status to view the current status.

3. Enter nmcli con up ens32 to re-enable the NIC, making it active.

4. Enter nmcli device status to view the current status.

Configure the system with a static IP address using nmcli

1. Enter ip addr show ens32 to view the current IP address.

2. Enter nmcli con edit ens32 to edit the NIC's configuration.

3. Enter set ipv4.addresses 10.50.1.101/24 to set the static IP address at the nmcli prompt.

   It is possible your lab environment will have slightly different IP addressing information.

4. Press Enter to set ipv4.method to manual

5. Enter save at the nmcli prompt.

6. Enter quit at the nmcli prompt.

7. Enter nmcli con down ens32

8. Enter nmcli con up ens32 to reset the device.

9. Enter ip addr show ens32 to confirm the static IP address is configured.

   

Configure the system as a DHCP client

1. Enter nmtui at the prompt to open a new interface.

   Use the Tab key and the Arrow keys to navigate text-based user interfaces. Use the Spacebar to check/uncheck settings. Use the Enter key to accept a configuration.

2. Make sure Edit a connection is highlighted, and then press Enter.

3. With your device ID ens32 highlighted from the Ethernet menu, press the Right Arrow key once then the Down Arrow key to highlight < Edit…> and then press Enter.

4. Notice the static IP address, as configured in the previous task.

5. Press the Tab key three times to move to the IPv4 CONFIGURATION line.

   That line currently displays <Manual>

6. Press Enter and select Automatic from the menu.

7. Press the Tab key multiple times until you reach the bottom of the interface and < OK > is highlighted.

8. Press Enter to save your changes to the network configuration.

9. Use the Tab key to highlight < Back > and then press Enter.

10. In the NetworkManager TUI interface, use the Down Arrow key to highlight Quit and then press Enter.

11. Enter ip addr show ens32 and notice that the old statically assigned IP address is still in place. This is because you need to restart the network service for changes to take effect.

12. Enter sudo systemctl restart network

13. Enter ip addr show ens32 and notice a new IP address is configured, leased from a DHCP server.

Using the GUI, reconfigure the NIC to use a static IP address

1. From the desktop menu, select Applications→System Tools→Settings.

2. In the Settings menu, select Network.

   Notice the NIC is displayed as Connected and On.

3. Select the Configuration gear button.

   The NIC details may still show the static IP address.

4. Select the Apply button in the upper-right corner of the interface.

5. Select the slider to turn the NIC Off, then turn it back On.

6. Select the Configuration gear button again and note the leased IP address.

7. Select the IPv4 tab.

8. Observe that the Automatic (DHCP) button is selected, as configured in the previous nmtui task.

9. Select the Manual radio button, and then fill in the Address, Netmask, and Gateway fields:

   • IP address: 10.50.1.101
   • Subnet mask: 255.255.255.0 or /24
   • Gateway: 10.50.1.1

   Your lab environment may have different IP addressing information.

10. In the DNS field, enter 8.8.8.8

    This is one of Google's DNS servers.

11. Select Apply.

12. Select the slider to turn the NIC Off, then turn it back On.

13. Close the Settings window.

14. Test the network configuration by opening Applications→Favorites→Firefox Web Browser and browsing to the https://www.comptia.org website.

15. When you're done, close the browser.

Verifying Network Configurations

Scenario

Now that you've configured a NIC, you need to verify that those configurations are active and accurate. So, you'll use ethtool and the device's configuration file to confirm the networking details.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

• 1.3 Given a scenario, configure and verify network connection parameters

• 2.7 Explain the use and operation of Linux devices

---

Gather information with ethtool

1. If necessary, enter ip a to recall your Ethernet device ID.

2. Enter ethtool ens32

3. Verify that you can see information about the NIC's capabilities and configurations.

   You should be able to see the NIC's maximum bandwidth speed, its duplex capabilities, its supported link modes, and more.

View network configuration files

1. Enter ls /etc/sysconfig/network-scripts to display the contents.

2. Verify that there is a ifcfg-ens32 file.

3. Enter cat /etc/sysconfig/network-scripts/ifcfg-ens32 to view the contents.

4. Verify that you can see device information as well as IP addressing information for this NIC.

Configuring a DNS Client

Scenario

In addition to setting up machine-friendly IP addressing, you also need to account for the fact that humans aren't good at remembering long strings of numbers. So, you'll configure name resolution to relate a hostname with an IP address so that users can easily refer to a specific computer on the network.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

• 1.3 Given a scenario, configure and verify network connection parameters

• 2.7 Explain the use and operation of Linux devices

---

Review the IP address and hostname identities of your system

1. Enter hostname to view the system's user-friendly name.

2. Enter ip addr show ens32 to view the system's IP address.

   Humans don't tend to be good at remembering long strings of numbers. Name resolution is used to relate the hostname and the IP address values displayed above.

3. If the leased IP address is still visible, use nmcli con down ens32 and then nmcli con up ens32 to reset the interface.

Try connecting to the second server by name and by IP address

1. Enter ping server02 and verify that it fails.

2. Enter ping 10.50.1.102 and verify that it succeeds.

3. Press Ctrl+C to interrupt the process.

   One effective way of testing name resolution is to ping a destination host by name. If that fails, then ping the same host by IP address. If that succeeds, then you know that you have a good network connection to the destination, but that name resolution is failing.

Configure the server name for your second server

1. Select CentOS 7 (2nd) to access your second virtual machine.

2. Log in as student02 with Pa22w0rd as the password.

3. In a terminal window, enter sudo hostnamectl set-hostname server02 to configure a new hostname.

4. Enter sudo systemctl restart systemd-hostnamed to restart the service, making the change persistent.

5. Verify that your second system's hostname has changed by using the hostname command.

Configure name resolution for your system

1. Select CentOS 7 to return to server01. If necessary, use Pa22w0rd to sign back in.

2. Enter cat /etc/resolv.conf to display the DNS server(s) the system is configured to query.

   Note the spelling of the file name: resolv.conf

3. Enter cat /etc/hosts to display the static text file that can be used for name resolution.

4. Using sudo, open the text editor of your choice to add your second server's hostname and IP address information into the /etc/hosts file in the format: 10.50.1.102 server02

5. Save and close the file.

6. Ping your second server's hostname and IP address again and verify that, this time, both succeed.

Ensure name resolution for Internet identities is functioning correctly

1. Enter host www.google.com

2. Enter nslookup www.google.com

3. Verify that you receive IP addressing results for google.com with each command.

   

Configuring Virtualization

Scenario

One of the developers at Develetech has asked for your help. She needs Linux test environments to test that her application functions as designed. She'd like to manage the environments herself and be able to revert back to their original configuration for each test. You will install a KVM virtualization solution for her.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

• 1.5 Compare and contrast cloud and virtualization concepts and technologies

---

1. What are some of the potential benefits of virtualization? Click here for answer.

Install the KVM virtualization software

1. Enter cat /proc/cpuinfo | grep vmx and then enter cat /proc/cpuinfo | grep svm to check the processor. If either term is found, the processor should support hardware-assisted virtualization.

2. Carefully enter the following command on one line. Check your syntax before you hit Enter:

   sudo yum -y install qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils librbd1 librbd1-devel libsolv

   This installs KVM and dependent software.

   Wait for KVM to finish installing.

Start the KVM service

1. Enter sudo systemctl start libvirtd to start the service.

   The name of the KVM service is libvirtd

2. Enter sudo systemctl enable libvirtd to make the service persist.

3. Enter lsmod | grep kvm and verify that the KVM kernel module is loaded.

Configuring Virtualization

Scenario

One of the developers at Develetech has asked for your help. She needs Linux test environments to test that her application functions as designed. She'd like to manage the environments herself and be able to revert back to their original configuration for each test. You will install a KVM virtualization solution for her.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

• 1.5 Compare and contrast cloud and virtualization concepts and technologies

---

1. What are some of the potential benefits of virtualization? Click here for answer.

Install the KVM virtualization software

1. Enter cat /proc/cpuinfo | grep vmx and then enter cat /proc/cpuinfo | grep svm to check the processor. If either term is found, the processor should support hardware-assisted virtualization.

2. Carefully enter the following command on one line. Check your syntax before you hit Enter:

   sudo yum -y install qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils librbd1 librbd1-devel libsolv

   This installs KVM and dependent software.

   Wait for KVM to finish installing.

Start the KVM service

1. Enter sudo systemctl start libvirtd to start the service.

   The name of the KVM service is libvirtd

2. Enter sudo systemctl enable libvirtd to make the service persist.

3. Enter lsmod | grep kvm and verify that the KVM kernel module is loaded.

Create a VM at the CLI

1. Carefully enter the following command on one line. Check your syntax before you hit Enter:

   sudo virt-install --name=devtech-install --vcpus=1 --memory=2048 --cdrom=/opt/linuxplus/managing_networking/CentOS-7-x86_64-DVD-1810.iso --disk size=12 --os-variant=rhel7

   This defines the hardware specifications of the virtual machine to create. The VM will use one virtual CPU, have access to 2 GB of RAM, use the provided system image to boot from, and have access to a 12 GB storage drive.

2. Close the devtech-install(1) - VirtViewer window that pops up and select OK when prompted.

3. Enter sudo virsh save devtech-install saved-vm to stop the VM and save its state for later.

Import a VM image using the GUI Virtual Machine Manager

1. From the desktop menu, select Applications→System Tools→Virtual Machine Manager.

2. Enter the root password to continue.

3. In the Virtual Machine Manager, select File→New Virtual Machine.

4. In the New VM wizard, for the first step, select Import existing disk image, then select Forward.

5. For the second step, select Browse and then select Browse Local.

6. From the navigation menu, select + Other Locations.

7. Select Computer.

8. Navigate to /opt/linuxplus/managing_networking and open ubuntu-vm.qcow2.

9. Select Forward.

10. For the third step, change the Memory (RAM) to 2048 and ensure CPUs is set at 1.

11. Select Forward.

12. For the fourth step, name the VM ubuntu-vm and select Finish.

Get acquainted with Ubuntu, a different distribution of Linux

1. Verify that a virtual machine window named ubuntu-vm on QEMU/KVM automatically pops up.

2. Wait for the authentication screen (it may take 1-2 minutes).

3. Log in to the Ubuntu virtual machine using student as the account and Pa22w0rd as the password.

4. Verify that you successfully signed in to the Ubuntu desktop.

   If you receive an error that there is no space left on the device, reboot CentOS and try again.

5. From the bottom-left corner, select the Show Applications button . You might need to scroll the VM window down to locate this button.

   If at any time you're prompted by the Software Updater dialog box, select Remind Me Later.

6. Select the Settings icon.

7. In the Settings window, from the navigation menu, select Network.

8. Select the configuration gear icon for the Wired connection to view the Ubuntu VM's networking information.

9. Select Cancel to close the Wired window, then close the Settings window.

10. From the Show Applications menu, select the Utilities icon.

11. Select the Logs icon.

12. Observe the log files that are displayed (it may take 1-2 minutes), then close the Logs window when you're done.

13. From the dock on the left side of the desktop, select the Ubuntu Software icon.

14. At the top of the window, select the Installed tab.

15. Scroll down and verify that Vim is installed, then close the window when you're done.

Shut down the virtual machine

1. Close the virtual machine window.

2. Right-click the ubuntu-vm VM and select Shut Down→Shut Down.

   You may need to issue the shut down command twice.

3. Wait for the VM's state to change to Shutoff.

4. Close Virtual Machine Manager.

View network services that are currently listening on the hosts in your network.

1. Enter ip addr to verify the system has a correct IP address configuration.

   When troubleshooting, an IP address that begins with 169.254 indicates the client could not lease an IP address from a DHCP server. The 169.254.0.0 IP address range is known as the Automatic Private IP Address (APIPA) range.

2. Enter ss -l | less to see what TCP ports your system is currently listening on, then press q to return to the prompt.

3. Enter nc localhost 21

   You should receive a "Connection refused" error, indicating that your system is not listening on port 21 (FTP).

4. Enter nc server02 22 to verify that the second lab VM is listening on port 22 (SSH).

5. Press Ctrl+C to disconnect.

   You can use a tool like nc to identify network services that aren't listening on the local or remote host.

Test public name resolution

1. Enter host www.comptia.org at the command prompt.

2. Verify that you resolved the public CompTIA hostname to a specific IP address.

   You can use a name resolution tool like host to ensure that you can establish a connection to hosts using human-friendly hostnames.

Capture network traffic

1. Enter sudo tcpdump -i ens32 where device ID is your Ethernet device name.

2. Verify that the tcpdump tool is listening on the device.

3. Right-click the desktop and select Open Terminal to open another terminal.

4. In this new terminal, enter ping server02 -c 4

5. In the other terminal window, verify that tcpdump captured the ICMP echo traffic.

   You can use a network capture tool like tcpdump to learn more about the traffic that is transmitted and received over your network.

   

6. Close the terminal window running the tcpdump capture.