1
00:00:00,000 --> 00:00:18,820
Hey guys and welcome back. So now what we're going to talk about is relating to networking.

2
00:00:18,820 --> 00:00:24,820
So obviously networking is a very, very important concept with respect to systems administration.

3
00:00:24,820 --> 00:00:30,519
Networking is how different devices can communicate with one another. And naturally that ability

4
00:00:30,519 --> 00:00:38,140
to communicate, well it's indispensable therefore we as Linux engineers, we have to understand

5
00:00:38,140 --> 00:00:44,600
how basic networking actually operates as well as what tools we can use to help us configure

6
00:00:44,600 --> 00:00:50,799
some basic networking settings. And we also want to have a decent grasp of the theory

7
00:00:50,799 --> 00:00:56,239
of networking so that when something goes wrong we are adequately able to troubleshoot

8
00:00:56,239 --> 00:01:00,280
that problem. So we will be talking about some of the theory behind networking so we

9
00:01:00,280 --> 00:01:05,519
can do such a thing, we can troubleshoot these issues and we will be looking at some of the

10
00:01:05,519 --> 00:01:11,319
tools and utilities that we can use to help us along the way. So the very first thing

11
00:01:11,319 --> 00:01:17,039
that I want to talk to you about is all about interfaces. Now when we are talking about a

12
00:01:17,040 --> 00:01:23,000
network interface, all we are talking about is a point of interconnection between one

13
00:01:23,000 --> 00:01:29,000
device and another device. So simply put we may have one computer here and a second one

14
00:01:29,000 --> 00:01:34,440
here. We would have a cable attached connecting them, this would be something called like

15
00:01:34,440 --> 00:01:40,200
an ethernet cable. And where you would actually plug this ethernet cable would be on the

16
00:01:40,200 --> 00:01:46,799
interface of this device and the interface of this device. Now these interfaces actually

17
00:01:46,799 --> 00:01:52,879
need to have very particular settings in order for this communication to work. Say for example

18
00:01:52,879 --> 00:01:58,680
if you want to be able to communicate over IP then these interfaces would have to have

19
00:01:58,680 --> 00:02:04,879
things like an IP address. Similarly the interface would also have to have a MAC address and

20
00:02:04,879 --> 00:02:10,039
it's been able to understand these concepts and know the tools that we can use to inspect

21
00:02:10,039 --> 00:02:15,919
this information as well as correct it if we happen to run into any problems. This is

22
00:02:15,919 --> 00:02:20,639
what we are going to be talking about. Now the very first command that I want to talk

23
00:02:20,639 --> 00:02:27,359
to you about is actually a command that is deprecated. Meaning that it is no longer supported

24
00:02:27,359 --> 00:02:33,479
but the reality is for the LPIC2 examination this is still something we will be quizzed

25
00:02:33,479 --> 00:02:38,599
on. This is still something we have to have a good awareness of. Now quite honestly I

26
00:02:38,599 --> 00:02:44,679
am a little sad that this command is deprecated because it has been an old favourite of mine

27
00:02:44,679 --> 00:02:52,079
for many many years. And the command I am talking about is one called IFconfig. So let's

28
00:02:52,079 --> 00:02:58,799
now explore this command then shall we. So what I will do is if you type IFconfig notice

29
00:02:58,800 --> 00:03:04,360
that it says here that this command is no longer found again this plays into the fact

30
00:03:04,360 --> 00:03:10,439
that it now is deprecated. So some systems that you install may be still have this tool

31
00:03:10,439 --> 00:03:15,360
automatically installed but typically nowadays what you are going to have to do is to manually

32
00:03:15,360 --> 00:03:20,360
install a Vita package called netTool. So that is exactly what we will do. First we

33
00:03:20,360 --> 00:03:27,439
will say sudo apt install net hyphen tools and if I hit enter I will put in my passwords

34
00:03:27,560 --> 00:03:31,800
and to enter we will now begin pulling this information just give it a little moment for

35
00:03:31,800 --> 00:03:36,840
the download to complete. Perfect so what I will do is I will go into the man page for

36
00:03:36,840 --> 00:03:44,039
IFconfig and we can see here this command is used to configure a network interface. Now

37
00:03:44,039 --> 00:03:49,639
you will be able to see here all of these different options and we will get to look

38
00:03:49,639 --> 00:03:54,919
at what some of those are but for now I will press Q to quit and I will just issue this

39
00:03:55,000 --> 00:04:01,639
command IFconfig. Now if I hit enter this is the output that we are going to see. Now

40
00:04:01,639 --> 00:04:07,319
depending on the type of device you happen to be operating the output might look a little

41
00:04:07,319 --> 00:04:15,079
bit different. For example here what I am seeing is ENP0S3. Now this might look a little

42
00:04:15,079 --> 00:04:20,919
bit confusing so let me just tell you what this means the EN portion this tells us that

43
00:04:20,920 --> 00:04:28,439
this is an ethernet based interface. The P0 tells us the bus number for this interface

44
00:04:28,439 --> 00:04:37,120
and S3 happens to be our slot number. Now it may transpire that your output might read

45
00:04:37,120 --> 00:04:43,879
ETH0. This again tells us that we have an ethernet port and it is ethernet0 the very

46
00:04:43,879 --> 00:04:49,520
first available port. So notice that on the very left hand side it tells us the type of

47
00:04:49,519 --> 00:04:54,519
interface that we have. Again we may have different formats and below here we have this

48
00:04:54,519 --> 00:05:01,359
one called LO. This is the look back address or rather look back interface should I say

49
00:05:01,359 --> 00:05:06,879
not the look back address the look back interface. Now what a look back interface is it is quite

50
00:05:06,879 --> 00:05:13,319
simply a logical interface meaning that it is an interface which belongs in software it

51
00:05:13,319 --> 00:05:18,279
is not actually a physical port that exists. So you can actually plug anything physical

52
00:05:18,279 --> 00:05:24,279
into this interface. It is purely virtual but you can assign things like IP addresses

53
00:05:24,279 --> 00:05:30,479
to this virtual interface and primarily this is actually used for testing purposes but

54
00:05:30,479 --> 00:05:35,479
if you happen to be a network engineer you will know that there are far more use cases

55
00:05:35,479 --> 00:05:40,799
for a look back interface other than simple testing. But for the general purposes this

56
00:05:40,799 --> 00:05:45,439
is what we are going to see but realistically for the purposes of the examination the output

57
00:05:45,439 --> 00:05:50,319
here what we want to know is on the left hand side we can see the actual interface type.

58
00:05:50,319 --> 00:05:56,240
LO denotes look back which is not a physical interface it is a logical virtual interface

59
00:05:56,240 --> 00:06:01,040
and with respect here this is an ethernet physical interface similar if you happen to

60
00:06:01,040 --> 00:06:07,800
see eth0. Now what about all this other stuff that we see here. So the first part here we

61
00:06:07,800 --> 00:06:13,720
are going to look at is this section flags and that is denoted right here okay. All

62
00:06:13,800 --> 00:06:19,560
this is is a whole bunch of different parameters that have been set in accordance with this

63
00:06:19,560 --> 00:06:25,080
actual interface. So let's look at what some of these flags are as well as the other common

64
00:06:25,080 --> 00:06:30,480
ones which were not actually seen here. The first one which is a super important one is

65
00:06:30,480 --> 00:06:37,600
this up flag. This might be intuitively well evident to you what this means. This just means

66
00:06:37,680 --> 00:06:44,120
that the interface is up i.e. the interface is active. So if the interface is up the flag

67
00:06:44,120 --> 00:06:52,720
will be up. The next one here is the flag broadcast. Now with respect to broadcasts what they are

68
00:06:52,720 --> 00:06:59,280
is when a particular communication on a network let's maybe say we have a device here and one

69
00:06:59,280 --> 00:07:06,080
here and one here and one here so four devices on the network and we have like say a network

70
00:07:06,159 --> 00:07:12,560
switch connecting all of these devices together as opposed to this device here talking to this

71
00:07:12,560 --> 00:07:18,959
device directly for example. What this device can do is actually send a broadcast to everyone

72
00:07:18,959 --> 00:07:24,879
on the network. So no matter who is on that network segment they will all receive this

73
00:07:24,879 --> 00:07:30,959
broadcast message. Now when we happen to see the broadcast flag set this means that the broadcast

74
00:07:30,959 --> 00:07:36,719
address has actually been set for this particular interface. So you may notice here that in the

75
00:07:36,719 --> 00:07:44,159
case of the ethernet connection we do have a broadcast address set and you may actually be

76
00:07:44,159 --> 00:07:52,560
able to spot within the output that the broadcast actually has an IP address right here of 192.1680.255

77
00:07:52,560 --> 00:07:59,519
and this address would actually be the same for all devices on the same network. Whereas if we

78
00:07:59,519 --> 00:08:06,159
happen to look at the look back interface we do not have the broadcast flag set therefore as we can

79
00:08:06,159 --> 00:08:12,000
see we do not have any such broadcast address to where we have on our ethernet connection this

80
00:08:12,000 --> 00:08:18,719
does not exist right here and we can easily spot that because the broadcast flag is not set. Now

81
00:08:18,719 --> 00:08:24,799
when we're talking about being able to send a message to absolutely everyone on your network

82
00:08:24,800 --> 00:08:30,000
segments well this is what we mean when we broadcast a message sending that message to

83
00:08:30,000 --> 00:08:36,399
absolutely everyone. What if we want to be a little bit more selective and we only want to send a

84
00:08:36,399 --> 00:08:42,639
message to a particular group of devices on our network so not absolutely everyone. Just a few

85
00:08:42,639 --> 00:08:48,560
people who have tuned in so to speak to a particular address you can kind of conceptualize this as

86
00:08:48,560 --> 00:08:54,639
tuning into your radio station. If you tune in to a particular frequency then you will get that radio

87
00:08:54,639 --> 00:09:00,639
message that is being sent across all of the airwaves. Similar effect right here some devices

88
00:09:00,639 --> 00:09:06,799
can tune into particular messages via something called a multicast address. So if you happen to

89
00:09:06,799 --> 00:09:13,679
see the flag multicast in this output then you know this particular interface is engaged in

90
00:09:13,679 --> 00:09:21,200
multicast communication. Now another flag you may see is the promisc flag. What this actually tells

91
00:09:21,200 --> 00:09:27,920
you is if the interface is behaving promiscuously or not simply put the normal behavior for an

92
00:09:27,920 --> 00:09:35,759
interface is quite simply just to tune in and listen to IP packets that are actually sent to its

93
00:09:35,759 --> 00:09:42,000
own address. Now if you happen to set your interface to act in a promiscuous mode what that

94
00:09:42,000 --> 00:09:48,640
interface will actually do it will actually listen for all the network traffic very very different.

95
00:09:48,639 --> 00:09:53,279
Now you might be wondering why on earth you would want to set such a thing this sounds like

96
00:09:53,279 --> 00:09:57,840
almost too much of a headache to listen to all the different traffic. Well think about this

97
00:09:57,840 --> 00:10:04,240
if you want to analyze the traffic on your network. This is exactly the mode that you would want to

98
00:10:04,240 --> 00:10:09,600
configure your interface to be and of course you could see that this had been set on an interface

99
00:10:09,600 --> 00:10:14,720
by just quickly scanning the flags that are set and if you see that promisc flag you know

100
00:10:14,720 --> 00:10:20,160
the interface is behaving promiscuously and listening for all that traffic. Now here is an

101
00:10:20,160 --> 00:10:29,600
important one the MTU and it says here the value is 1500. The MTU tells us the maximum transmission

102
00:10:29,600 --> 00:10:35,440
units so what does that mean then simply put this is the maximum unit of data that can actually

103
00:10:35,440 --> 00:10:42,639
traverse the physical link. Now the value here is 1500 this means it's 1500 bytes and this happens

104
00:10:42,639 --> 00:10:50,000
to be a very very common MTU setting. Now of course this does not mean that the maximum amount of

105
00:10:50,000 --> 00:10:57,120
data you can send over this link is 1500 in total this is the maximum unit of data i.e the size of

106
00:10:57,120 --> 00:11:02,879
the actual data packets of which there are many many many. Okay so the next one we want to know

107
00:11:02,879 --> 00:11:10,399
about is iNet. When we see iNet this is telling us what our IP address is for that particular

108
00:11:10,399 --> 00:11:20,159
interface so we can see here that the IP address is 192.168.0.65 that is the IP address for this

109
00:11:20,159 --> 00:11:28,559
interface and if we look down here we can see the IP address which is 127.0.0.1 for the lookback

110
00:11:28,559 --> 00:11:33,279
interface which by the way which by the way is going to be an address you see all over the place

111
00:11:33,279 --> 00:11:38,480
this is a default lookback interface address so you could have a hundred devices on the same

112
00:11:38,480 --> 00:11:46,560
network the lookback address for all those devices is going to be 127.001. The net mask relates to the

113
00:11:46,560 --> 00:11:52,480
network mask now if you happen to recall what we talked about in the lpik one the network mask is

114
00:11:52,480 --> 00:11:59,440
how we can determine which part of the IP address relates to the network itself and which part of

115
00:11:59,440 --> 00:12:05,920
the address tells us about the host on the network we can see here that the address for the ethernet

116
00:12:06,000 --> 00:12:15,439
one is 225.225.225.0 this is otherwise known as a slash 24 mask whereas on the lookback

117
00:12:15,439 --> 00:12:25,120
it is 225.0.0.0 again this is a slash eight mask now when we see iNet 6 it should probably be pretty

118
00:12:25,120 --> 00:12:32,480
intuitive to you that if the iNet keyword denotes the IP address the iNet 6 keyword actually tells us

119
00:12:32,480 --> 00:12:41,440
the ipv6 address ipv6 if you do recall is a more modern implementation of ip addressing but even

120
00:12:41,440 --> 00:12:47,840
though it is more modern it has much more address space and is ultimately more secure quite honestly

121
00:12:47,840 --> 00:12:54,639
because of its perceived complexity it still is nowhere near as common as ipv4 but nevertheless

122
00:12:54,639 --> 00:13:00,159
you will see networks which are running on ipv6 only so you definitely do want to be able to

123
00:13:00,159 --> 00:13:06,240
interpret this information and we can see here this is the ipv6 address here and you'll notice

124
00:13:06,240 --> 00:13:12,639
that being much longer and using hexadecimal characters this complexity is why many people

125
00:13:12,639 --> 00:13:21,120
rather avoid it and stick with ipv4 now when we see the prefix len keyword followed by 64 in this case

126
00:13:21,120 --> 00:13:29,360
and prefix len followed by 128 in the case of the lookback this is ultimately the net mask for ipv6

127
00:13:29,360 --> 00:13:35,759
what we're talking about here in the case of the ethernet is a slash 64 mask and in the case of the

128
00:13:35,759 --> 00:13:42,399
lookback we're talking about the slash 128 mask again telling us how to separate the network

129
00:13:42,399 --> 00:13:47,519
address from the actual hosts on the network now a very important one we definitely want to be

130
00:13:47,519 --> 00:13:53,440
remembering is this keyword here called ether this tells us right here and again this is more

131
00:13:53,520 --> 00:14:00,480
hexadecimal we're looking at oh and i just drew all over the values now whilst this is a hexadecimal

132
00:14:00,480 --> 00:14:07,200
address it's not an ipv6 address this is your mac address otherwise known as the hardware address

133
00:14:07,200 --> 00:14:14,800
now you will notice here that the physical interface does have a mac address i.e a hardware address

134
00:14:14,800 --> 00:14:20,960
but the virtual non physical address and the lookback does not have this value the next value

135
00:14:20,960 --> 00:14:27,920
we want to be aware of is the txqlen which is a bit of a mouthful what this is is actually the

136
00:14:27,920 --> 00:14:33,600
transmit q length what we're talking about here is ultimately the speed at which the data can

137
00:14:33,600 --> 00:14:39,759
actually be transmitted so in this case here we see the value of 1000 what we're actually seen here

138
00:14:39,759 --> 00:14:48,480
is that this device right here is capable of transmitting data at 1000 megabits per second

139
00:14:48,480 --> 00:14:55,360
now we can see the rx packets the rx packets ultimately tell us statistics relating to how

140
00:14:55,360 --> 00:15:02,800
many packets have been received think of that r and not just received but received correctly i.e

141
00:15:02,800 --> 00:15:08,800
without error so this is what we like conversely if we want to see packets which were received in

142
00:15:08,800 --> 00:15:16,639
error we would look at the rx error outputs see this right here so in my case here my rx errors

143
00:15:16,639 --> 00:15:23,039
are zero none of them contained any errors now you can probably imagine what the next two are

144
00:15:23,039 --> 00:15:28,879
tx packets similar to rx packets but instead of talking about packets which were received we're

145
00:15:28,879 --> 00:15:35,360
talking about packets we actually transmitted and again this is how many packets that were

146
00:15:35,360 --> 00:15:41,919
transmitted correctly without error if we want to see packets that were transmitted with an error

147
00:15:41,919 --> 00:15:49,039
then we would be looking at the tx error value in this case here i have not transmitted any packets

148
00:15:49,039 --> 00:15:54,240
with an error since the value happens to be zero if we want to actually make configuration changes

149
00:15:54,240 --> 00:15:59,360
using the ifconfig command we can absolutely do such a thing so what i will do here so i'll just

150
00:15:59,360 --> 00:16:05,279
clear the screen now let's say i wanted to change the ip address of this interface right here so i'll

151
00:16:05,360 --> 00:16:12,720
just copy this here okay and i will say sudo ifconfig and now what i want to do is to specify the name

152
00:16:12,720 --> 00:16:17,839
of the interface which i want to modify so i'll just paste in this value right here this is the

153
00:16:17,839 --> 00:16:23,519
interface i want to target and now i'll type in the ip address so right now i think my ip address

154
00:16:23,519 --> 00:16:30,959
is 0.68 i'll just maybe make it 0.50 so it's something different and then i will say net mask

155
00:16:30,960 --> 00:16:40,400
so i can specify my subnet mask i will still keep it at the same value of a slash 24 i.e 255.255.255.255.0

156
00:16:40,400 --> 00:16:46,160
so if i hit enter i'll have to type in my password and of course i've just realized what this will

157
00:16:46,160 --> 00:16:51,280
do this is going to change the ip address and i am connecting remotely to this device so my

158
00:16:51,280 --> 00:16:56,160
connection is going to drop so what i'll actually do here is i'll go to the actual device itself on

159
00:16:56,159 --> 00:17:01,039
the virtual machine so i'll minimize this and i'll just log in here instead of my ssh session

160
00:17:01,039 --> 00:17:08,639
i'll go to my terminal emulator i will say ifconfig and lo and behold we can actually see the i net

161
00:17:08,639 --> 00:17:16,000
value has changed i.e the ip address has actually changed now i could also make additional changes

162
00:17:16,000 --> 00:17:20,879
say for example if i wanted to make this interface promiscuous and set that flag

163
00:17:20,880 --> 00:17:28,080
i could say sudo ifconfig and then the name of the interface so enp0s3 and i will just say

164
00:17:28,080 --> 00:17:36,160
promisc so if i hit enter type in my password and i do an ifconfig notice now we have now set

165
00:17:36,160 --> 00:17:42,080
the promisc flag and now this interface is listening promiscuously to all traffic on the

166
00:17:42,080 --> 00:17:47,520
network again the type of setting we would want to do if we wanted to conduct some type of packet

167
00:17:47,519 --> 00:17:53,440
analysis or by the way if we were maybe doing some malicious hacking this is also something you

168
00:17:53,440 --> 00:17:58,960
may actually do in order to listen to that traffic and potentially invoke some attacks against the

169
00:17:58,960 --> 00:18:06,480
network and if we want to reverse that action because they sudo ifconfig enp0s3 and then they

170
00:18:06,480 --> 00:18:14,000
could do minus promisc if i now hit enter and i do an ifconfig suddenly that flag has now been

171
00:18:14,079 --> 00:18:18,079
removed now if you happen to go through the man page you'll get to see that we have

172
00:18:18,079 --> 00:18:24,319
additional flags that we could use say for example ifconfig dash a this is going to show us all of

173
00:18:24,319 --> 00:18:29,920
our interfaces now this happens to look like the exact same output we just saw before and in this

174
00:18:29,920 --> 00:18:36,240
case it is but the difference is if we happen to have an interface that was down say for example

175
00:18:36,400 --> 00:18:45,599
ifconfig with sudo of course and i did enp0s3 down such that i do ifconfig notice with my

176
00:18:45,599 --> 00:18:52,799
general ifconfig because my ethernet interface is disconnected ifconfig shows me nothing about

177
00:18:52,799 --> 00:19:01,200
this interface however if i do ifconfig with the dash a flag we once again actually see the output

178
00:19:01,759 --> 00:19:06,960
for this interface even though we do not see the up flag because like i say this interface

179
00:19:06,960 --> 00:19:13,120
actually is down so again we can bring it back up by saying up and to enter that we'll now re-establish

180
00:19:13,120 --> 00:19:19,360
it and we can just use ifconfig and our interface is back in the upstate once again okay so i know

181
00:19:19,360 --> 00:19:24,960
that was a lot to cover with respect to the ifconfig command but the reality is understanding the

182
00:19:24,960 --> 00:19:30,720
output of this rather simple command is very very useful for you understanding what is actually

183
00:19:30,720 --> 00:19:35,920
happening on your network how your interfaces are configured and how you can make the relevant

184
00:19:35,920 --> 00:19:41,440
changes to your network interfaces if they do require to be changed okay docks so that is us

185
00:19:41,440 --> 00:19:46,319
for looking at the ifconfig command for now i hope this has been informative for you and i'd like to

186
00:19:46,319 --> 00:19:49,200
thank you for viewing