halp! something is in my tubes!
DESCRIPTION
HALP! Something is in my tubes!. Part I by Jason Testart, IST. Overview. OSI Model Review of Ethernet, IP and common transport protocols A quick look at DHCP & DNS Scenarios we’ll cover: No DHCP No DNS Routing Problems Problem accessing a specific service on a specific server. - PowerPoint PPT PresentationTRANSCRIPT
HALP! Something is in my tubes!
Part I byJason Testart, IST
Overview
OSI Model Review of Ethernet, IP and common transport
protocols A quick look at DHCP & DNS Scenarios we’ll cover:
No DHCP No DNS Routing Problems Problem accessing a specific service on a specific server
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
OSI ModelApplication Presentati
on Sess ion Transport
Network Data Link Phys ical
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
1000BASE-T
Ethernet
IP
TCP
SMTP
SSL
Layer 1
Layer 7
Our FocusApplication Presentati
on Sess ion Transport
Network Data Link Phys ical
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
1000BASE-T
Ethernet
IP
TCP
SMTP
SSL
Layer 2
Layer 3
Layer 4
Ethernet
Layer 2 Shared Medium Addressing using a 48-bit “MAC” address MAC address represented using 6 groups of 2 hex
digits delimited by a ‘:’ or a ‘-’
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Internet Protocol
Layer 3 Encapsulate data from a higher layer Routers are computers that span several layer 2
networks A router forwards packets from one network to
another based on rules it has. It’s all about addressing.
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
One Layer-3 NetworkFour Layer-2 Networks (shown)
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
We don’t care about what’s in the cloud.
Layer 4 protocols
UDP TCP ICMP (ping/traceroute) IGMP (multicast group management) ESP (IPSec VPN)
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
UDP
Connectionless Order not guaranteed Unreliable Uses ports, like TCP DNS, NTP, DHCP
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
TCP
Connection oriented Ordered Reliable Uses ports (0 to 65535) SMTP, HTTP, IMAP
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
DHCP
A means of getting an IP address assigned http://en.wikipedia.org/wiki/Dhcp#DHCP_acknowle
dgement On Windows, use “ipconfig /all | more” On Unix/Linux, use “ifconfig –a | more” 169.254.X.Y means trouble
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Output of ifconfig (Linux)
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
[jatestar@wiretap ~]$ /sbin/ifconfig -aeth0 Link encap:Ethernet HWaddr 00:50:56:80:17:EB inet addr:129.97.85.179 Bcast:129.97.85.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fe80:17eb/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5219908 errors:0 dropped:0 overruns:0 frame:0 TX packets:3462430 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1024059373 (976.6 MiB) TX bytes:2395847731 (2.2 GiB) Interrupt:177 Base address:0x1424
Extract of ipconfig output
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : uwaterloo.ca Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN Physical Address. . . . . . . . . : 00-1F-3B-7B-31-A1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::d173:7c70:199c:98f1%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.46.14(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : November-27-08 8:25:24 PM Lease Expires . . . . . . . . . . : November-27-08 8:45:24 PM Default Gateway . . . . . . . . . : 192.168.46.1 DHCP Server . . . . . . . . . . . : 192.168.46.1 DNS Servers . . . . . . . . . . . : 192.168.46.1 NetBIOS over Tcpip. . . . . . . . : Enabled
What if DHCP doesn’t work?
Check the cable. Is there a link light? VLAN setting OK in ONA? Linux firewall too secure? Call for help.
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
DNS
Name lookup can fail, but network is OK Check your DNS resolver settings Look for stale host table entries Clear any DNS caching Check connectivity using IP addresses
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Handy IP addresses to memorize
129.97.128.10 (nameserver) 129.97.129.10 (nameserver) 129.97.128.40 (www.uwaterloo.ca) Your favourite off-campus site
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Resolver settings
On *nix: /etc/resolv.conf On Windows: Run nslookup (or ipconfig)
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
C:\Users\jatestart>nslookup www.uwaterloo.caServer: UnKnownAddress: 192.168.46.1
Non-authoritative answer:Name: info.uwaterloo.caAddress: 129.97.128.40Aliases: www.uwaterloo.ca
Hosts Table
*nix: /etc/hosts Windows: hosts or lmhosts somewhere under
System32 directory Vista: drivers\etc\hosts Keep only ‘localhost’ definitions in there, otherwise
should be empty
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
DNS Caching
Caching to improve performance Windows: “ipconfig /flushdns” *nix: Do you have “nscd” running?
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
What if DNS doesn’t work?
Is the network OK? Can you ping “129.97.128.40”? Can you ping your fav site? (they allow ping, right?) If network OK, complain that DNS is broken.
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
General Network Problems:Things to look for
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Gateway
Need a gateway (router) to access the big bad Internet.
Does the computer know it? If so, is it the correct one? Can you ping the gateway? Check all interfaces (wired & wireless)
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Routing tables
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
[jatestar@wiretap ~]$ netstat -nrKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface129.97.85.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth00.0.0.0 129.97.85.1 0.0.0.0 UG 0 0 0 eth0
IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.46.1 192.168.46.14 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.46.0 255.255.255.0 On-link 192.168.46.14 281 192.168.46.14 255.255.255.255 On-link 192.168.46.14 281 192.168.46.255 255.255.255.255 On-link 192.168.46.14 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.46.14 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.46.14 281===========================================================================
Multiple default gateways?
Disable all but one network adapter Wireless + wired can be problematic
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
No default gateway?
Are you sure DHCP is working? Reboot. If problem persists, call for help.
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Can’t ping the gateway?
Use “arp” command to see if you have communicated.
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
[jatestar@wiretap ~]$ /sbin/arp -an? (129.97.85.1) at 00:0D:ED:C0:1F:C2 [ether] on eth0
C:\Users\jatestart>arp -a
Interface: 192.168.46.14 --- 0xa Internet Address Physical Address Type 192.168.46.1 00-05-5d-2d-0a-37 dynamic 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.252 01-00-5e-00-00-fc static
Client-Server Issues:Can’t access a specific service on a specific server?
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
What about that service?
Does the service use UDP or TCP? What ‘port’ does the service use on the server? Is there a specific port used on the client? What’s the IP address of the server?
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
A word about ports
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Privileged ports (1-1023) Most Operating systems
won’t let just anyone bind to privileged ports
Notice most “servers” are on privileged ports?
Ephemeral ports(typically 1024-65535)
Ports that clients bind to when talking to servers
Ephemeral port range varies from OS to OS and may be customized
http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
What’s connected?
Need to be privileged On Windows: netstat –bn On *nix: lsof -i -a -n
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
netstat on Windows
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
C:\Windows\system32>netstat -bn
Active Connections
TCP 192.168.46.14:49222 129.97.128.141:993 ESTABLISHED [thunderbird.exe]TCP 192.168.46.14:49347 192.168.46.1:22 ESTABLISHED [SshClient.exe]
lsof on Linux
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAMEntpd 5250 ntp 16u IPv4 13035 UDP *:ntpsshd 6337 root 3u IPv6 14240 TCP *:ssh (LISTEN)sshd 11337 root 3r IPv6 311941 TCP 192.168.46.1:ssh->192.168.46.14:49347 (ESTABLISHED)sshd 11339 jatestar 3u IPv6 311941 TCP 192.168.46.1:ssh->192.168.46.14:49347 (ESTABLISHED)
Can you connect to the port?
Use telnet to try connecting Example: telnet 129.97.128.10 25 3 outcomes possible
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Connected
You’re in! If there’s a problem, it’s likely something other
than the network
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Connection Refused
You can connect to the host, but it’s telling you the service is not there.
Service is likely not running Could be “tcp-wrapped” or application access
control Don’t blame the firewall!
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
Timeout
Connection attempt is hanging, or timed out If you know your network is OK, and the server is
OK, then something might be blocking you! Host-based firewall? IPSec Local Security Policy? Router ACL? Network firewall?
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!
THANK YOUTurning it over to Mike....
WatITis | Making the Future | December 2, 2008 | HALP! Something is my tubes!