IT Networks tutorial
By size, these networks can be:
- Local Area Network (LAN) - small networks
- Metropolitan Area Network - at a city level
- Wide Area Network - across the entire earth globe
Topologically, networks can be:
- Bus topology networks
- Ring topology networks
- Star topology networks
- Mesh topology networks
In terms of transmission medium:
- wired networks
- fiber-optic networks
- wi-fi networks
Communication in a computer network is based on the OSI reference model and more recently based on the TCP / IP model.
In general, an IT network is comprised of computers, interconnected by switches. In the OSI model, the switches are Layer 2 (for data traffic targeting, they use MAC addresses rather than IPs).
Interconnection between networks is done with routers, which in the OSI model are Layer 3 (for data traffic targeting use IP addresses).
For networking, any device has a network interface card (Ethernet, FO, Wi-Fi), NIC. This network card has a MAC address (which is unique), consisting of 6 bytes, based on which a PC will be identified in the network.
MAC address example: 00: 20: 60: 35: ED: F9
The Internet protocol is the protocol through which data flows from one computer to another via the Internet, based on IP addresses. The data is encapsulated in IP packets, with a header containing information about the source address, destination, package size, etc.
For an Ethernet interface, MTU (Maximum Transmission Unit) is normally 1500 bytes.
IP addresses can be IPv4, having a length of 4 bytes or IPv6, with a length of 16 bytes.
An IPv address can be: 192.168.100.1. Each IP address identifies a network and a workstation (host). This IP address separation is based on the subnet mask. Example of the subnet mask: 255.255.255.0.
There are 5 classes of IP addresses, marked A to E, depending on the size of the networks.
At a host workstation, to communicate with other hosts (LAN and other LANs), 3 parameters will be set: IP address, subnet mask and gateway to other networks.
A computer connected to the Internet, having an IP, netmask and gateway, must be able to run multiple applications and services at the same time.
For this, ports 0 to 65535 have been defined and standardized, and can be used by applications and services as follows:
- 0 - 1023 - well-known ports for server services. For example: port 80 is used for HTTP protocol, port 21 for FTP, port 22 for SSH, port 23 for TELNET.
- 1024 - 49151 - registered ports. They can be reserved and registered for various services and programs.
- 49152 - 65535 - ports that can be freely used for client programs and applications.
To be able to test these commands, we need a Terminal.
First of all, we will install a Linux distribution to get access to the Terminal. We can install Ubuntu, Debian, Linux Mint or another distribution.
For tests, we will use Kali Linux.
This command is used to test if there is connectivity between 2 PCs in the network. Ping is typed, followed by the IP address or hostname. If there is connectivity, the remote PC will respond to ping (usually 4 times).
If we want to set the number of ping responses, we will use option c followed by a number of responses that we want to receive.
First of all, if we are not connected to the Terminal as a superuser, some of the described commands may not run. In this case, in front of the command is put sudo, which forces the command to execute with the right of administrator.
For example, restarting an interface:
sudo /etc/init.d/networking restart
The ifconfig command is one of the most used in networking. With its help set the IP, gateway, subnet mask, broadcast, dns-nameserver, mtu, enable or disable ethernet interfaces (eth0), wi-fi interface (wlan0), loopback interface (l0) and more.
if we want to see details about active interfaces (IP, subnet mask, network address, broadcast address, MTU, metric, MAC address, number of sent and received packets).
if we want to see details about all interfaces (active and passive).
To view the details of a single interface (eg eth0), type:
To enable the eth0 interface, type:
ifconfig eth0 up
To disable the eth0 interface, type:
ifconfig eth0 down
To change MTU (accepted packet size, which is usually 1500 bytes):
ifconfig eth0 mtu 2000
To view the IP address, we can also use the command:
ip addr show
Activate promiscuous mode. If the received data packet is not intended for it, the network card removes it. In promiscuous mode, all packages that arrive at the network card are accepted. The Promiscuous mode activation command is:
ifconfig eth0 promisc
Command to disable Promiscuous Mode:
ifconfig eth0 -promisc
The command to change the MAC address of eth0:
ifconfig eth0 hw ether AA:BB:CC:DD:EE:FF
For IP, netmask and broadcast setting, we use the command:
sudo ifconfig eth0 192.168.100.7 netmask 255.255.255.255 broadcast 192.168.100.255
Or we can set them one by one:
sudo ifconfig eth0 192.168.100.7
sudo netmask 255.255.255.255
sudo broadcast 192.168.100.255
Now we will set the gateway (IP address of the router interface to which our PC is connected). First we will give the command:
to see the existing routing tables and routes. If the gateway is not set or we want to change it, we use the command:
route add default gw 192.168.100.1 eth0
All of these data (IP, netmask, broadcast, gateway, network, dns-nameservers) are saved in the /etc/network/interfaces file.
To set the eth0 interface, we will open this file with a text editor (nano, gedit) using the command:
sudo nano /etc/network/interfaces
Make the necessary changes, save the file using the Ctrl + O keys and close the nano editor using the Ctrl + X keys.
In order for the changes to be executed, the interface will be restarted using the command:
sudo /etc/init.d/networking reset
Also in the interfaces file, there may also be data about the Domain Name Server (DNS):
The Wi-Fi interface (wlan0) is configured just like the ethernet interface (eth0), but the configuration file also includes data about the Wi-Fi network name (SSID) and password (which is encoded in Hexa format):
wpa-ssid (Wi-Fi network name)
wpa-psk (password encrypted)
This command is used to explore and verify the security of IT networks. It uses IP packet analysis to get information about network hosts, operating systems used, functional applications, services and ports, firewalls and more.
In the Kali Linux distribution, nmap is already installed. To install nmap in Ubuntu or other Linux distributions, open the Terminal and give the commands:
sudo apt-get update
sudo apt-get install nmap
Scanning a simple host is done using the nmap command followed by the host ip (or hostname):
There are several options for this command. The -sS option is the default option, and shows us whether the scanned host is working (up).
You can scan multiple hosts at the same time using one of the following commands:
nmap -sS 192.168.100.1 192.168.100.4 192.168.100.6
nmap -sS 192.168.100.2-15
nmap -sS 192.168.100.3,4,5
nmap -sS 192.168.100.*
This option is used for faster scanning of the host. There are 6 prebuild timing schemes (0 to 5), 0 being the slowest and 5 being the fastest.
The default scheme is T3, but T4 is typically used to increase scanning speed.
nmap -sS -T4 192.168.100.7
This option is used to obtain information about the operating system (OS) of the scanned host.
nmap -sS -T4 -O 192.168.100.7
This option is used for faster scanning (not the scanning speed but the number of scanned ports).
Nmap normally scans 1000 of the most used ports. Using the -F option, only 100 of the most used ports will be scanned.
nmap -sS -T4 -F 192.168.100.7
This option is used for a more aggressive scan to obtain as much data as possible about the scanned host including information about the operating system (OS) of the scanned host.
nmap -sS -T4 -A 192.168.100.7
This option added to an nmap command will bring more information about the scanned host.
nmap -sS -T4 -A -v 192.168.100.7
This option is used to scan certain specified ports
nmap -sS -T4 -p 21,22,23,80
nmap -sS -T4 -p http,ftp
This option is used to scan all host ports.
nmap -sS -T4 -p- 192.168.100.7
This option is used to detect the firewall of the scanned host.
nmap -sA -T4 192.168.100.7
This option is used to detect servers and functional devices.
nmap -sP -T4 192.168.100.0/24
This option is used to scan TCP ports.
nmap -sT -T4 192.168.100.7
This option is used to scan UDP ports.
nmap -sU -T4 192.168.100.7
This option is used to save the command log into a text file.
nmap -sS -p -oN Documents/log.txt 192.168.100.7
This option is used to use the list of hosts to be scanned from a text file. If the hosts list file is called list.txt, the command will be:
nmap -iL /list.txt
This option is used to exclude one or more hosts from the scanning network.
nmap 192.168.100.0/24 --exclude 192.1688.100.7
This option is used to exclude one or more hosts from a list contained in a text file. If the text file is called list.txt:
nmap 192.168.100.0/24 --excludefile /list.txt
This option is used to detect open ports:
nmap --open 192.168.100.0/24
This option is used to detect interfaces and routes used:
This option is used to detect the type and version of services used:
nmap -sV 126.96.36.199
Zenmap is the official Nmap Security Scanner GUI. In Ubuntu or another Linux distribution, it installs like this.
We're typing in Terminal:
sudo apt-get update
sudo apt-get install zenmap
Visit my websites:https://www.jwebsaints.com