Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Management Tools. ifConfig (UNIX) Used to assign/read an address to/of an interface Option -a is to display all interfaces Notice two interface.

Similar presentations


Presentation on theme: "Network Management Tools. ifConfig (UNIX) Used to assign/read an address to/of an interface Option -a is to display all interfaces Notice two interface."— Presentation transcript:

1 Network Management Tools

2 ifConfig (UNIX) Used to assign/read an address to/of an interface Option -a is to display all interfaces Notice two interface loop-back (lo0) and Ethernet (hme0) ifconfig -a [/home/staff/ycchen]ifconfig -a lo0: flags=849 mtu 8232 inet netmask ff hme0: flags=863 mtu 1500 inet netmask ffffff00 broadcast ifconfig le0 down ifconfig le netmask broadcast

3 ipconfig (Windows) ipconfig (internet protocol configuration) /? help /all 顯示完整設定資訊 /release 釋放 IPv4 位址 /release6 釋放 IPv6 位址 /renew 更新 IPv4 位址 /renew6 更新 Pv6 位址 /flushdns 清除 DNS 解析快取 /registerdns 重新整理 DHCP 租用並重新登錄 DNS /displaydns 顯示 DNS 解析快取內容 ipconfig /?

4 ipconfig 無線區域網路介面卡 無線網路連線 : 連線特定 DNS 尾碼 : 連結 - 本機 IPv6 位址 : fe80::19e4:8b36:e72b:2cf%11 IPv4 位址 : 子網路遮罩 : 預設閘道 :

5 ipconfig /all 無線區域網路介面卡 無線網路連線 : 連線特定 DNS 尾碼 : 描述 : Atheros AR5BWB225 Wireless Network Adapter 實體位址 : 74-DE-2B-CB-49-0C DHCP 已啟用 : 是 自動設定啟用 : 是 連結 - 本機 IPv6 位址 : fe80::19e4:8b36:e72b:2cf%11( 偏好選項 ) IPv4 位址 : ( 偏好選項 ) 子網路遮罩 : 租用取得 : 2013 年 4 月 5 日 下午 07:58:09 租用到期 : 2013 年 4 月 6 日 下午 07:59:14 預設閘道 : DHCP 伺服器 : DHCPv6 IAID : DHCPv6 用戶端 DUID : FF-74-DE-2B-CB-49-0C DNS 伺服器 : NetBIOS over Tcpip : 啟用    

6 手動設定 IP 位址

7

8

9 © 2011 Pearson Education, Inc. Publishing as Prentice Hall9 NAT - Network Address Translation

10

11 Address Resolution Protocol RFC 826 To map network addresses to the hardware addresses used by a data link protocol To translate IP addresses to Ethernet MAC addresses Use data-link broadcast ARP Request, ARP Reply

12

13 ARP Announcement Gratuitous ARP

14 ARP Spoofing (ARP Poisoning) Send fake, or 'spoofed', ARP messages to an Ethernet LAN. Generally, to associate the attacker's MAC address with the IP address of another node (such as the default gateway). Passive sniffing, Man-in-the-middle attack, Denial-of-service attack

15 C:\>arp -a Interface: x2 Internet Address Physical Address Type cf-28-cd-20 dynamic cf-29-c6-80 dynamic cf-28-1e-20 dynamic e3-dd-b3-1f dynamic arp -a arp -d arp -d * arp –s aa c6-09 C:\>arp -s cf-28-1e-20 C:\>arp –a Interface: x2 Internet Address Physical Address Type cf-28-1e-20 static e3-dd-b3-1f dynamic ARP Cache Default cache time-outsDefault cache time-outs: Two-minute (unused entries) Ten-minute (used entries)

16 Routing information route print route -4 print route -6 print route add mask metric 100 if 11 route add mask metric 100 route change mask metric 130 route delete netstat -r

17

18 領域名稱系統 (DNS) 提供主機名稱與 IP 位址之轉換 由 DNS 伺服器提供 RR-DNS (Round Robin DNS) (8 台伺服器 ) , , , … DDNS (Dynamic DNS) 主機名稱 浮動 IP 位址

19 ipconfig /displaydns ipconfig /flushdns nslookup C:\>nslookup Default Server: academic.ncnu.edu.tw Address: > Server: academic.ncnu.edu.tw Address: Non-authoritative answer: Name: Addresses: , , , , , , > Server: academic.ncnu.edu.tw Address: Name: euler.im.ncnu.edu.tw Address: Aliases: in-addr.arpa >

20 nslookup An interactive program for querying Internet Domain Name System servers Converts a hostname into an IP address and vice versa querying DNS Useful to identify the subnet a host or node belongs to Lists contents of a domain, displaying DNS record

21 DNS Lookup

22 Ping Most basic tool for internet management Based on ICMP ECHO_REQUEST message Available on all TCP/IP stacks Useful for measuring Connectivity Packet Loss Round Trip Time Can do auto-discovery of TCP/IP equipped stations on single segment

23 ping Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] destination-list Options: -t Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet. -i TTL Time To Live. -v TOS Type Of Service. -r count Record route for count hops. -s count Timestamp for count hops. -j host-list Loose source route along host-list. -k host-list Strict source route along host-list. -w timeout Timeout in milliseconds to wait for each reply.

24 Example C:\>ping -n 10 -l 256 Pinging euler.im.ncnu.edu.tw [ ] with 256 bytes of data: Reply from : bytes=256 time=1ms TTL=253 Ping statistics for : 0% loss Packets: Sent = 10, Received = 10, Lost = 0 (0% loss), round trip times Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms

25 traceroute/tracert Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name Options: -d Do not resolve addresses to hostnames. -h maximum_hops Maximum number of hops to search for target. -j host-list Loose source route along host-list. -w timeout Wait timeout milliseconds for each reply. tracert

26 C:\>tracert 在上限 30 個躍點上 追蹤 star.c10r.facebook.com [ ] 的路由 : 1 8 ms 8 ms 8 ms h254.s98.ts.hinet.net [ ] 2 8 ms 8 ms 8 ms ms 8 ms 8 ms NTNK-3101.hinet.net [ ] 4 11 ms 11 ms 11 ms tchn-3011.hinet.net [ ] 5 16 ms 14 ms 14 ms TPDT-3011.hinet.net [ ] 6 11 ms 12 ms 11 ms r4103-s2.tp.hinet.net [ ] 7 12 ms 13 ms 12 ms r4003-s2.tp.hinet.net [ ] 8 96 ms 96 ms 96 ms HINET-IP.hinet.net [ ] 9 97 ms 97 ms 97 ms ae-5.r00.tokyjp03.jp.bb.gin.ntt.net [ ] ms 98 ms 97 ms ae-0.facebook.tokyjp03.jp.bb.gin.ntt.net [ ] ms 97 ms 97 ms po126.msw01.01.nrt1.tfbnw.net [ ] ms 99 ms 99 ms edge-star-ecmp-01-nrt1.facebook.com [ ]

27

28 netstat C:\>netstat -n -a Active Connections Proto Local Address Foreign Address State TCP : :0 LISTENING TCP : :0 LISTENING TCP : :0 LISTENING TCP : :0 LISTENING TCP : :0 LISTENING TCP : :0 LISTENING TCP : :80 ESTABLISHED TCP : :80 ESTABLISHED TCP : :80 SYN_SENT UDP :135 *:* UDP :445 *:* UDP :38037 *:* UDP :1230 *:* UDP :500 *:*

29 NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval] -a Displays all connections and listening ports. -e Displays Ethernet statistics. This may be combined with the -s option. -n Displays addresses and port numbers in numerical form. -p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default. interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.

30 TCP Connection Monitoring netstat –p TCP

31 netstat –b –p TCP

32 netstat -e

33 Network Management Tools SNMP command tools MIB Walk MIB Browser

34 SNMP Command Tools snmptest snmpget snmpgetnext snmpset snmptrap snmpwalk snmpnetstat

35 Network Status Command: snmpnetstat host community Useful for finding status of network connections % snmpnetstat noc5 public Active Internet Connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 *.* *.* CLOSED tcp 0 0 localhost localhost.3456 ESTABLISHED tcp 0 0 localhost localhost.3712 ESTABLISHED tcp 0 0 localhost localhost.3968 ESTABLISHED tcp 0 0 localhost localhost.4224 ESTABLISHED tcp 0 0 localhost.3456 localhost ESTABLISHED tcp 0 0 localhost.3712 localhost ESTABLISHED tcp 0 0 localhost.3968 localhost ESTABLISHED tcp 0 0 localhost.4224 localhost ESTABLISHED tcp 0 0 noc noc ESTABLISHED tcp 0 0 noc noc ESTABLISHED tcp 0 0 noc noc ESTABLISHED tcp 0 0 noc noc ESTABLISHED

36 SNMP Browser Command: snmpwalk host community [variable name] Uses Get Next Command Presents MIB Tree

37 Protocol Analyzer Analyzes data packets on any transmission line including LAN Measurements made locally or remotely Probe Probe (data capture device) captures data and transfers to the protocol analyzer (no storage) Data link between probe and protocol analyzer either dial-up or dedicated link or LAN Protocol analyzer analyzes data at all protocol levels

38 RMON Probe Communication between probe and analyzer is using SNMP Data gathered and stored for an extended period of time and analyzed later Used for gathering traffic statistics and used for configuration management for performance tuning

39 Network Monitoring with RMON Probe

40 Network Statistics Protocol Analyzers RMON Probe / Protocol analyzer MRTG (Multi router traffic grouper) Home-grown program using tcpdump

41 Traffic Load: Source

42 Traffic Load: Source/Destination

43 Protocol Distribution

44 Network Monitoring By polling By traps (notifications) Failure indicated by pinging or traps Ping frequency optimized for network load vs. quickness of detection trap messages: linkdown, linkUp, coldStart, warmStart, etc. Network topology discovered by auto-discovery

45 Global View

46

47 Domain View

48 Segment View

49 Node Discovery In a Network Node Discovery Given an IP Address with its subnet mask, find the nodes in the same network. Two Major Approaches: Use ICMP ECHO to query all the possible IP addresses. Use SNMP to query the ARP Cache of a node known

50 Use ICMP ECHO Eg: IP address: Subnet mask: All possible addresses: ~ For each of the above addresses, use ICMP ECHO to inquire the address If a node replies (ICMP ECHO Reply), then it is found.

51 Use SNMP Find a node which supports SNMP The given node, default gateway, or router Or try a node arbitrarily ipNetToMediaTable Query the ipNetToMediaTable in MIB-II IP group ipNetToMediaIfIndex ipNetToMediaNetAddress 1 00:80:43:5F:12:9A dynamic(3) 200:80:51:F3:11:DE dynamic(3) ipNetToMediaPhysAddressipNetToMediaType

52 Network Discovery Find the networks to be managed with their interconnections Given a network, find the networks which directly connect with it. Recall that networks are connected via routers. Major Approach Use SNMP

53 Discovering Networks

54 A Network Discovery Algorithm 1. First use a node discovery algorithm to find all the nodes in the network. ipAddrTable 2. For each discovered node, use SNMP to query the ipAddrTable of MIB-II IP group ipRouteTable 3. Query the corresponding entries in ipRouteTable to verify the above addresses ipAdEntNetMask … … … ipAdEntAddr ipAdEntIfIndexipAdEntBcastAddr

55 ipRouteTable


Download ppt "Network Management Tools. ifConfig (UNIX) Used to assign/read an address to/of an interface Option -a is to display all interfaces Notice two interface."

Similar presentations


Ads by Google