IT Networks tutorial

Next >>

Introduction

IT networks are composed of computers interconnected to exchange information. There are several classifications:


By size, these networks can be:
- Local Area Network (LAN) - small networks
- Metropolitan Area Network - at a city level
- Wide Area Network - across the entire earth globe
Topologically, networks can be:
- Bus topology networks
- Ring topology networks
- Star topology networks
- Mesh topology networks
In terms of transmission medium:
- wired networks
- fiber-optic networks
- wi-fi networks
Communication in a computer network is based on the OSI reference model and more recently based on the TCP / IP model.


Osi

In general, an IT network is comprised of computers, interconnected by switches. In the OSI model, the switches are Layer 2 (for data traffic targeting, they use MAC addresses rather than IPs).
Interconnection between networks is done with routers, which in the OSI model are Layer 3 (for data traffic targeting use IP addresses).


Media Access Control Address (MAC)

For networking, any device has a network interface card (Ethernet, FO, Wi-Fi), NIC. This network card has a MAC address (which is unique), consisting of 6 bytes, based on which a PC will be identified in the network.
MAC address example: 00: 20: 60: 35: ED: F9


Internet Protocol (IP) Addresses

The Internet protocol is the protocol through which data flows from one computer to another via the Internet, based on IP addresses. The data is encapsulated in IP packets, with a header containing information about the source address, destination, package size, etc.
For an Ethernet interface, MTU (Maximum Transmission Unit) is normally 1500 bytes.

IP addresses can be IPv4, having a length of 4 bytes or IPv6, with a length of 16 bytes.
An IPv address can be: 192.168.100.1. Each IP address identifies a network and a workstation (host). This IP address separation is based on the subnet mask. Example of the subnet mask: 255.255.255.0.
There are 5 classes of IP addresses, marked A to E, depending on the size of the networks.
At a host workstation, to communicate with other hosts (LAN and other LANs), 3 parameters will be set: IP address, subnet mask and gateway to other networks.


Ports and sockets

A computer connected to the Internet, having an IP, netmask and gateway, must be able to run multiple applications and services at the same time.
For this, ports 0 to 65535 have been defined and standardized, and can be used by applications and services as follows:
- 0 - 1023 - well-known ports for server services. For example: port 80 is used for HTTP protocol, port 21 for FTP, port 22 for SSH, port 23 for TELNET.
- 1024 - 49151 - registered ports. They can be reserved and registered for various services and programs.
- 49152 - 65535 - ports that can be freely used for client programs and applications.


Linux commands in networking


To be able to test these commands, we need a Terminal.
First of all, we will install a Linux distribution to get access to the Terminal. We can install Ubuntu, Debian, Linux Mint or another distribution.
For tests, we will use Kali Linux.


Osi

Ping command


This command is used to test if there is connectivity between 2 PCs in the network. Ping is typed, followed by the IP address or hostname. If there is connectivity, the remote PC will respond to ping (usually 4 times).
If we want to set the number of ping responses, we will use option c followed by a number of responses that we want to receive.


Ping

Ifconfig command


First of all, if we are not connected to the Terminal as a superuser, some of the described commands may not run. In this case, in front of the command is put sudo, which forces the command to execute with the right of administrator.
For example, restarting an interface:


sudo /etc/init.d/networking restart


The ifconfig command is one of the most used in networking. With its help set the IP, gateway, subnet mask, broadcast, dns-nameserver, mtu, enable or disable ethernet interfaces (eth0), wi-fi interface (wlan0), loopback interface (l0) and more.
Command is:


ifconfig


if we want to see details about active interfaces (IP, subnet mask, network address, broadcast address, MTU, metric, MAC address, number of sent and received packets).


ifconfig -a


if we want to see details about all interfaces (active and passive).


Ifconfig

To view the details of a single interface (eg eth0), type:


ifconfig eth0


To enable the eth0 interface, type:


ifconfig eth0 up


or only


ifup eth0


To disable the eth0 interface, type:


ifconfig eth0 down


or only


ifdown eth0


To change MTU (accepted packet size, which is usually 1500 bytes):


ifconfig eth0 mtu 2000


To view the IP address, we can also use the command:


ip addr show


Activate promiscuous mode. If the received data packet is not intended for it, the network card removes it. In promiscuous mode, all packages that arrive at the network card are accepted. The Promiscuous mode activation command is:


ifconfig eth0 promisc


Command to disable Promiscuous Mode:


ifconfig eth0 -promisc


The command to change the MAC address of eth0:


ifconfig eth0 hw ether AA:BB:CC:DD:EE:FF


Setting the eth0 interface


For IP, netmask and broadcast setting, we use the command:


sudo ifconfig eth0 192.168.100.7 netmask 255.255.255.255 broadcast 192.168.100.255


Or we can set them one by one:


sudo ifconfig eth0 192.168.100.7
sudo netmask 255.255.255.255
sudo broadcast 192.168.100.255


Now we will set the gateway (IP address of the router interface to which our PC is connected). First we will give the command:


route

to see the existing routing tables and routes. If the gateway is not set or we want to change it, we use the command:


route add default gw 192.168.100.1 eth0

All of these data (IP, netmask, broadcast, gateway, network, dns-nameservers) are saved in the /etc/network/interfaces file.
To set the eth0 interface, we will open this file with a text editor (nano, gedit) using the command:


sudo nano /etc/network/interfaces


Nanoif

Make the necessary changes, save the file using the Ctrl + O keys and close the nano editor using the Ctrl + X keys.
In order for the changes to be executed, the interface will be restarted using the command:


sudo /etc/init.d/networking reset


Also in the interfaces file, there may also be data about the Domain Name Server (DNS):


dns-nameservers 8.8.8.8


The Wi-Fi interface (wlan0) is configured just like the ethernet interface (eth0), but the configuration file also includes data about the Wi-Fi network name (SSID) and password (which is encoded in Hexa format):


wpa-ssid (Wi-Fi network name)
wpa-psk (password encrypted)


Nmap (Network mapping) command


This command is used to explore and verify the security of IT networks. It uses IP packet analysis to get information about network hosts, operating systems used, functional applications, services and ports, firewalls and more.
In the Kali Linux distribution, nmap is already installed. To install nmap in Ubuntu or other Linux distributions, open the Terminal and give the commands:


sudo apt-get update
sudo apt-get install nmap


Scanning a simple host is done using the nmap command followed by the host ip (or hostname):


nmap 192.168.100.1
nmap jweb.ro


There are several options for this command. The -sS option is the default option, and shows us whether the scanned host is working (up).
You can scan multiple hosts at the same time using one of the following commands:


nmap -sS 192.168.100.1 192.168.100.4 192.168.100.6
nmap -sS 192.168.100.2-15
nmap -sS 192.168.100.3,4,5
nmap -sS 192.168.100.*
nmap 192.168.100.0/24


-T (Timing) option


This option is used for faster scanning of the host. There are 6 prebuild timing schemes (0 to 5), 0 being the slowest and 5 being the fastest.
The default scheme is T3, but T4 is typically used to increase scanning speed.


nmap -sS -T4 192.168.100.7


-O option


This option is used to obtain information about the operating system (OS) of the scanned host.


nmap -sS -T4 -O 192.168.100.7


-F (Fast Scan) option


This option is used for faster scanning (not the scanning speed but the number of scanned ports).
Nmap normally scans 1000 of the most used ports. Using the -F option, only 100 of the most used ports will be scanned.


nmap -sS -T4 -F 192.168.100.7


-A option


This option is used for a more aggressive scan to obtain as much data as possible about the scanned host including information about the operating system (OS) of the scanned host.


nmap -sS -T4 -A 192.168.100.7


-v (Verbose) option


This option added to an nmap command will bring more information about the scanned host.


nmap -sS -T4 -A -v 192.168.100.7


-p option


This option is used to scan certain specified ports


nmap -sS -T4 -p 21,22,23,80
nmap -sS -T4 -p http,ftp


-p- option


This option is used to scan all host ports.


nmap -sS -T4 -p- 192.168.100.7


-sA option


This option is used to detect the firewall of the scanned host.


nmap -sA -T4 192.168.100.7


-sP option


This option is used to detect servers and functional devices.


nmap -sP -T4 192.168.100.0/24


-sT option


This option is used to scan TCP ports.


nmap -sT -T4 192.168.100.7


-sU option


This option is used to scan UDP ports.


nmap -sU -T4 192.168.100.7


-oN (Output normal) option


This option is used to save the command log into a text file.


nmap -sS -p -oN Documents/log.txt 192.168.100.7


-iL (Input list) option


This option is used to use the list of hosts to be scanned from a text file. If the hosts list file is called list.txt, the command will be:


nmap -iL /list.txt


--exclude option


This option is used to exclude one or more hosts from the scanning network.


nmap 192.168.100.0/24 --exclude 192.1688.100.7


--excludefile option


This option is used to exclude one or more hosts from a list contained in a text file. If the text file is called list.txt:


nmap 192.168.100.0/24 --excludefile /list.txt


--open option


This option is used to detect open ports:


nmap --open 192.168.100.0/24


--iflist option


This option is used to detect interfaces and routes used:


nmap --iflist


-sV option


This option is used to detect the type and version of services used:


nmap -sV 192.16.100.7


The Zenmap application


Zenmap is the official Nmap Security Scanner GUI. In Ubuntu or another Linux distribution, it installs like this.
We're typing in Terminal:


sudo apt-get update
sudo apt-get install zenmap


Zenmap
Next >>

Visit my websites:

https://www.jwebsaints.com
https://www.jwebplants.com