Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIX operacinės sistemos V. TCP/IP įrankiai. SSH naudojimas Simonas Kareiva 2014 m. rudens semestras.

Published byNeil Gallagher Modified over 8 years ago

Similar presentations

Presentation on theme: "UNIX operacinės sistemos V. TCP/IP įrankiai. SSH naudojimas Simonas Kareiva 2014 m. rudens semestras."— Presentation transcript:

1 UNIX operacinės sistemos V. TCP/IP įrankiai. SSH naudojimas Simonas Kareiva 2014 m. rudens semestras

2 Paskaita #5 – I dalis Įvadas į TCP/IP bei OSI. IP adresas IP ir MAC adresai Darbas su UNIX OS tinkle Komandos ping ir traceroute Komandos arp, ifconfig ir route

3 TCP/IP Duomenų perdavimo protokolų rinkinys (HTTP / FTP / DNS / …) Sukurta 1973-1974, įdiegta 1983 Abstrakcijos lygiai (žr. toliau) Enkapsuliacija OSI modelis

4

5

6 Teoriškai Kompiuteris 2 Maršruti -zatorius Kompiuteris 1

7 Praktiškai Kompiuteris 2 Maršruti -zatorius Kompiuteris 1 Maršruti -zatorius

8 Kaip vyksta komunikacija? Ethernet Palydovi nis ryšys / optika / etc. WiFi Aplikacija Transportas Tinklas Sujungimas Aplikacija Transportas Tinklas Sujungimas Tinklas Sujungimas Tinklas Sujungimas

9 IP adresas ir kaukė 192.168.1.112/22 11000000.10101000.00000001.11100000 255.255.252.0 192.168.1.0 - ? 192.168.3.225 - ?

10 Užduotis IP adresas yra 10.250.1.48/19 Klausimai: Kokia yra tinklo kaukės išraiška pilnu formatu? Kiek daugiausiai kompiuterių galima sujungti į tokį tinklą? Kokios tai klasės IP adresas?

11 Atsakymas - ipcalc > ipcalc 10.250.1.48/19 Address: 10.250.1.48 00001010.11111010.000 00001.00110000 Netmask: 255.255.224.0 = 19 11111111.11111111.111 00000.00000000 Wildcard: 0.0.31.255 00000000.00000000.000 11111.11111111 => Network: 10.250.0.0/19 00001010.11111010.000 00000.00000000 HostMin: 10.250.0.1 00001010.11111010.000 00000.00000001 HostMax: 10.250.31.254 00001010.11111010.000 11111.11111110 Broadcast: 10.250.31.255 00001010.11111010.000 11111.11111111 Hosts/Net: 8190 Class A, Private Internet

12 dar vienas IP užrašymo būdas (sh) #!/bin/sh IPTONUM () { IP=$1; IPNUM=0 for (( i=0 ; i<4 ; ++i )); do ((IPNUM+=${IP%.*}*$((256**$((3-${i})))))) IP=${IP#*.} done echo $IPNUM } NUMTOIP () { echo -n $(($(($(($((${1}/256))/256))/256))%256)). echo -n $(($(($((${1}/256))/256))%256)). echo -n $(($((${1}/256))%256)). echo $((${1}%256)) }

13 Adresų klasės KlasėPirmas oktetas dvejetainėje sistemoje Pirmas oktetas nuo-iki Tinklą identifikuoja Tinklų skaičius A0XXXXXXX0 - 127a.2 7 = 128 B10XXXXXX128 - 191a.b.2 14 = 16,384 C110XXXXX192 - 223a.b.c.2 21 = 2,097,152

14 MAC adresas 08:00:20:d1:b0:0a 080020 – Sun Microsystems Inc. d1b00a – unikalus gaminio ID MAC / IP ryšys DHCP Statinis DHCP Dinaminis DHCP

15 Darbas tinkle su UNIX OS talk jonas@developers.firma.lt lynx www.delfi.lt echo paskambink | mail –s svarbu evelina@pardavimai ping 192.168.0.1 ifconfig

16 > ifconfig eth0 Link encap:Ethernet HWaddr 00:22:15:88:9c:93 inet addr:82.135.156.42 Bcast:82.135.156.255 Mask:255.255.255.0 inet6 addr: fe80::222:15ff:fe88:9c93/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2038944517 errors:0 dropped:0 overruns:0 frame:0 TX packets:2634746425 errors:0 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:592322463 (592.3 MB) TX bytes:3453432517 (3.4 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:5318385 errors:0 dropped:0 overruns:0 frame:0 TX packets:5318385 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2254159344 (2.2 GB) TX bytes:2254159344 (2.2 GB)

17 ping > ping 24.93.4.206 PING 24.93.4.206 (24.93.4.206): 56 data bytes 64 bytes from 24.93.4.206: icmp_seq=0 ttl=240 time=157.010 ms 64 bytes from 24.93.4.206: icmp_seq=1 ttl=240 time=151.762 ms 64 bytes from 24.93.4.206: icmp_seq=2 ttl=240 time=314.532 ms ping: sendto: Network is down ^C --- 24.93.4.206 ping statistics --- 6 packets transmitted, 3 packets received, 50% packet loss round-trip min/avg/max/stddev = 151.762/207.768/314.532/75.524 ms

18 traceroute > traceroute cisco.netacad.net traceroute to cisco.netacad.net (128.107.229.50), 30 hops max, 40 byte packets 1 gw.ep.lt (82.135.156.254) 0.966 ms 0.940 ms 0.926 ms 2 212-59-21-193.static.telecom.lt (212.59.21.193) 2.727 ms 2.716 ms 2.703 ms 3 213-190-60-93.telecom.lt (213.190.60.93) 2.892 ms 2.880 ms 2.868 ms 4 war-b3-link.telia.net (213.248.85.89) 11.790 ms 11.779 ms 11.766 ms 5 hbg-bb2-link.telia.net (80.91.251.217) 37.136 ms 37.124 ms 37.112 ms 6 ldn-bb2-link.telia.net (80.91.249.14) 41.709 ms ldn-bb2-link.telia.net (80.91.250.151) 41.859 ms ldn-bb2-link.telia.net (80.91.254.7) 41.842 ms 7 ash-bb1-link.telia.net (80.91.251.209) 123.663 ms 123.964 ms ash-bb1-link.telia.net (213.248.65.210) 125.426 ms 8 192.205.34.209 (192.205.34.209) 122.910 ms 123.278 ms * 9 cr1.wswdc.ip.att.net (12.122.135.14) 196.349 ms 195.994 ms 195.979 ms 10 cr2.phlpa.ip.att.net (12.122.4.53) 197.221 ms 199.154 ms 199.135 ms 11 cr2.cl2oh.ip.att.net (12.122.2.209) 215.193 ms 213.361 ms 213.550 ms 12 cr1.cl2oh.ip.att.net (12.122.2.125) 213.099 ms 221.672 ms 221.645 ms 13 cr1.cgcil.ip.att.net (12.122.2.205) 222.744 ms 222.733 ms 222.720 ms 14 cr1.sffca.ip.att.net (12.122.4.121) 221.392 ms 221.377 ms 221.366 ms 15 gar1.sj2ca.ip.att.net (12.123.15.1) 205.537 ms 203.746 ms 203.730 ms 16 12.118.124.10 (12.118.124.10) 228.697 ms 228.684 ms 228.673 ms 17 sjck-dmzbb-gw1.cisco.com (128.107.239.9) 190.264 ms 190.251 ms 190.652 ms 18 sjc12-dmzbb-gw1-g1-37.cisco.com (128.107.224.165) 302.883 ms 302.868 ms 302.650 ms 19 sjc12-dmzdc-gw1-gig5-2.cisco.com (128.107.224.22) 303.049 ms 303.037 ms 303.025 ms 20 * * * 21 * * * 22 * * *

19 arp > arp -an ? (82.135.156.222) at 00:c0:02:2a:4e:6d [ether] on eth0 ? (82.135.156.16) at 00:15:60:57:06:cd [ether] on eth0 ? (82.135.156.83) at 00:0e:0c:4e:62:f8 [ether] on eth0 ? (82.135.156.84) at 00:06:29:39:63:c3 [ether] on eth0 ? (82.135.156.6) at 00:80:a3:8c:0d:72 [ether] on eth0 ? (82.135.156.88) at 00:11:d8:94:a9:4a [ether] on eth0 ? (82.135.156.21) at 00:18:f3:87:31:17 [ether] on eth0 ? (82.135.156.15) at 00:0e:a6:34:37:a1 [ether] on eth0 ? (82.135.156.23) at 00:0c:f1:ed:c8:56 [ether] on eth0 ? (82.135.156.55) at 00:10:5a:5a:06:f1 [ether] on eth0 ? (82.135.156.254) at 00:30:48:88:d9:1e [ether] on eth0 ? (82.135.156.201) at 00:08:02:ef:fa:a4 [ether] on eth0

20 route > route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 193.219.94.168 82.135.156.254 255.255.255.255 UGH 0 0 0 eth0 193.219.94.141 82.135.156.254 255.255.255.255 UGH 0 0 0 eth0 82.135.156.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 82.135.156.254 0.0.0.0 UG 100 0 0 eth0

21 Maršrutizavimas Kompiuteris 2 172.16.0.2/28 Router 3 Router 1 Kompiuteris 1 192.168.1.1/24 Router 2 Kompiuteris 3 192.168.3.1/24 Internetas

22 II dalis - kas yra SSH? SSH - Secure SHell Nuotolinių komandų vykdymas SSL šifravimas Prievadų nukreipimas X aplinkos prievadų nukreipimas (X-forwarding)

23 SSH – Secure SHell ssh uosis.mif.vu.lt ssh user1234@uosis.mif.vu.lt ssh –l user1234 uosis.mif.vu.lt ssh –l user1234 uosis.mif.vu.lt –p 222 ssh –l user1234 uosis.mif.vu.lt –p 222 who ssh –X –l user1234 uosis.mif.vu.lt –p 222 xterm

24 SCP – secure copy scp user@host:/path/file /local/file scp /local/file user@host:/path/ scp user@host1:/file user@host2:/file scp * user@host

25 Privatūs ir vieši raktai Siuntėjas Gavėjo viešas raktas LABAS :) Gavėjo privatus raktas LABAS :) (*&#$()*@#) (&#!#^&$

26 ssh-keygen # ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): id_rsa1 Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in id_rsa1. Your public key has been saved in id_rsa1.pub. The key fingerprint is: 79:29:18:f5:6b:35:85:cb:98:6b:be:86:00:04:c4:0c root@myhost Kaip elgtis toliau? Pvz: # ssh b13.vu.lt Enter passphrase for key '/root/.ssh/id_rsa':

27 man sshd AUTHORIZED_KEYS FILE FORMAT AuthorizedKeysFile specifies the file containing public keys for public key authentication; if none is specified, the default is ~/.ssh/authorized_keys. Each line of the file contains one key (empty lines and lines starting with a ‘#’ are ignored as comments).

28 Known hosts # ssh root@b13.vu.lt The authenticity of host 'b13.vu.lt (193.219.94.176)' can't be established. RSA key fingerprint is a2:f9:5e:50:17:ca:86:b1:97:58:96:31:f2:d2:8a:93. Are you sure you want to continue connecting (yes/no)? no Host key verification failed. # # ssh root@b13.vu.lt The authenticity of host 'b13.vu.lt (193.219.94.176)' can't be established. RSA key fingerprint is a2:f9:5e:50:17:ca:86:b1:97:58:96:31:f2:d2:8a:93. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'b13.vu.lt,193.219.94.176' (RSA) to the list of known hosts. Password:

29 Kai pasikeičia host key… # ssh root@b13.vu.lt @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 3f:1b:f4:bd:c5:aa:c1:1f:bf:4e:2e:cf:53:fa:d8:59. Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending key in /home/user/.ssh/known_hosts:3 RSA host key for b13.vu.lt has changed and you have requested strict checking. Host key verification failed. #

30 Prievadų nukreipimas ssh –R [bind_address:]port:host:hostport ssh -L [bind_address:]port:host:hostport

31 Saugumas anti-sec:~/pwn/xpl#./0pen0wn -h xx.yy.143.133 -p 22 [+] 0wn0wn – anti-sec group [+] Target: xx.yy.143.133 [+] SSH Port: 22 [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>] sh-3.2# export HISTFILE=/dev/null sh-3.2# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) sh-3.2# uname -a Linux xx.yy.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux

32

33

34

Download ppt "UNIX operacinės sistemos V. TCP/IP įrankiai. SSH naudojimas Simonas Kareiva 2014 m. rudens semestras."

Similar presentations

Jump to first page Setup Ethernet & PPP client on Laptop computer Presented by: Xuewu Cai Jianfang Wang.

Jump to first page Setup Ethernet & PPP client on Laptop computer Presented by: Xuewu Cai Jianfang Wang.
David Byers IDA/ADIT/IISLAB ©2003–2004 David Byers Linux Network Basics REVIEW – IPv4 – LINUX NETWORKING.

David Byers IDA/ADIT/IISLAB ©2003–2004 David Byers Linux Network Basics REVIEW – IPv4 – LINUX NETWORKING.
Terminology and basic structures for lab 1 ©2012 Prof. José María Foces Morán.

Terminology and basic structures for lab 1 ©2012 Prof. José María Foces Morán.
6 UNIX Network Utilities Mauro Jaskelioff. Introduction Overview of computer networks Network related utilities –Accessing a remote computer –Transferring.

6 UNIX Network Utilities Mauro Jaskelioff. Introduction Overview of computer networks Network related utilities –Accessing a remote computer –Transferring.
SYSTEM ADMINISTRATION Chapter 19

SYSTEM ADMINISTRATION Chapter 19
Linux network troubleshooting If your network connection is not working..

Linux network troubleshooting If your network connection is not working..
588 Section 2 Neil Spring April 13, 1999. Schedule traceroute (context) Paxson’s Pathologies Dijkstra’s (shortest path) Algorithm Subnetting Homework.

588 Section 2 Neil Spring April 13, Schedule traceroute (context) Paxson’s Pathologies Dijkstra’s (shortest path) Algorithm Subnetting Homework.
Installing and running FreeS/WAN. What is FreeS/WAN An implementation of IpSec for Linux –Can be found at www.freeswan.org Helps setup encrypted and/or.

Installing and running FreeS/WAN. What is FreeS/WAN An implementation of IpSec for Linux –Can be found at Helps setup encrypted and/or.
Network Management And Debugging

Network Management And Debugging
Network Debugging Organizational Communications and Technologies Prithvi Rao H. John Heinz III School of Public Policy and Management Carnegie Mellon University.

Network Debugging Organizational Communications and Technologies Prithvi Rao H. John Heinz III School of Public Policy and Management Carnegie Mellon University.
Linux Setting up your network. Basic Approaches Configure during installation –Disadvantage -> not able to redo easily –Advantage-> holds your hand Configure.

Linux Setting up your network. Basic Approaches Configure during installation –Disadvantage -> not able to redo easily –Advantage-> holds your hand Configure.
Linux Networking Sirak Kaewjamnong. 2 Configuration NIC IP address  NIC: Network Interface Card  Use “ipconfig” command to determine IP address, interface.

Linux Networking Sirak Kaewjamnong. 2 Configuration NIC IP address  NIC: Network Interface Card  Use “ipconfig” command to determine IP address, interface.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.08 ping & traceroute.

CISCO NETWORKING ACADEMY Chabot College ELEC ping & traceroute.
Everything. MACIP End-host IP: 10.1.2.3 MAC: 11:11:11:11:11 gateway IP: 10.1.2.1 MAC: 22:22:22:22:22 Google server IP: 201.1.2.3 MACIP MACInterfaceMACInterface.

Everything. MACIP End-host IP: MAC: 11:11:11:11:11 gateway IP: MAC: 22:22:22:22:22 Google server IP: MACIP MACInterfaceMACInterface.
Linux Networking Commands

Linux Networking Commands
Ssh keys, yum, ntp, rsync 1.  CST8177 Linux Operating Systems II  Saturday 13-Dec-14 10:30-13:30 T130 2.

Ssh keys, yum, ntp, rsync 1.  CST8177 Linux Operating Systems II  Saturday 13-Dec-14 10:30-13:30 T130 2.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.
TCP/IP Networking sections 13.2,3,4,5 Road map: TCP, provide connection-oriented service IP, route data packets from one machine to another (RFC 791) ICMP,

TCP/IP Networking sections 13.2,3,4,5 Road map: TCP, provide connection-oriented service IP, route data packets from one machine to another (RFC 791) ICMP,
CCNA Introduction to Networking 5.0 Rick Graziani Cabrillo College

CCNA Introduction to Networking 5.0 Rick Graziani Cabrillo College

Similar presentations

Ads by Google