- 8 months ago
Category
🦄
CreativityTranscript
00:00The computers in our lab, have a look at the back of them and see how many LAN ports there are.
00:10Everyone have a look at the back of their computer now.
00:14How many LAN ports?
00:20So, identify the LAN ports.
00:33You should see there's a cable plugged into one of them, a yellow cable,
00:38and there's two that have nothing plugged into them.
00:45These computers have three LAN ports, three wired LAN ports.
00:50One is on the motherboard.
00:52The yellow cable is plugged into the LAN port on the motherboard that comes with the motherboard.
00:58And we've bought two extra PCI cards plugged into the PCI slots for extra LAN connections.
01:05So we'll use three of them over the next few labs, not today.
01:09By default, we'll use that one on the motherboard,
01:12and we'll use the other two for some special purposes later.
01:17So these computers have three wired LAN ports.
01:20Any other network interfaces?
01:24Wireless. Okay, we've got a USB wireless adapter here.
01:29So in fact we have four network interfaces.
01:32Three wired interfaces and one wireless interface.
01:37And there are no others on these computers.
01:42Where is the yellow cable go to?
01:49There's a yellow cable plugged into one of the network interfaces.
01:52Where does it go to?
01:55Can you see that?
01:58In this lab we can do things to find answers.
02:01You won't break anything.
02:03If I say, where does it go to?
02:05Have a look at the cable and see where it goes to.
02:08It goes to the floor.
02:11Doesn't it?
02:13And then where does it go?
02:17You see it plugs into this special adapter in the floor,
02:20and you notice I think that the floorboards here are raised.
02:24They're about 20 centimetres above the actual floor.
02:28So we have a raised floor here.
02:29And there's cables underneath to make the layout a little bit nicer.
02:33So they go into a socket on the floor and then a special extender cable
02:38that goes under the floor and into these four cabinets in the corner.
02:43You can maybe open the door in the back cabinet and open this door,
02:47and you'll see in, if you open that one they'll see,
02:52they'll see, and you can look at any time,
02:55the four groups of nine computers
02:59go into one of the four cabinets.
03:01So these nine computers, the cables from the floor,
03:05all come into the cabinet here.
03:07The nine green computers go into the cabinet there,
03:11and you see in the one, the yellow one at the back,
03:13you see all the cables plugged in there.
03:17Look in those cabinets, if you can see, it's not easy.
03:20How many devices in there?
03:24You should see there are four devices in a rack there.
03:32The cables are plugged into just one of them,
03:34I think the bottom one.
03:35That's a switch.
03:36So that's a network switch.
03:38The cables from the computers plug into that switch,
03:41and then that switch has another cable
03:43that goes upstairs to a fifth switch.
03:46All four of these switches all plug into that fifth switch upstairs.
03:51Then that one connects out to our router for SIT,
03:54and then out to Runxit,
03:56and then out to the rest of the world.
03:58So that's the topology of the network.
04:03This picture is a little bit old.
04:05It only has three devices in the cabinet,
04:07but our computer has a cable, not two,
04:10just one at the moment going into the floor,
04:12under the floorboards.
04:13It runs into these cabinets.
04:16In the cabinets, you'll see we're using one switch.
04:20That's all we're using at the moment.
04:22But there are three other devices there,
04:24and the top two are routers, special purpose routers,
04:27and the third one is an old switch.
04:29So the one we're using is the newer switch of those.
04:32So the top two are routers.
04:36So if we wanted to connect and build up an internet,
04:41we would use those top two devices.
04:43In this course, we will not use those other three devices.
04:47Because it's hard to get access,
04:49it's hard for students to walk up and plug cables in.
04:52So we will use our own computers as routers in later tasks.
04:57So that's just the physical topology of our network.
05:00We have nine computers connected into a switch,
05:05and those four switches connected into another switch.
05:08We're all on the same LAN, all on the same subnet.
05:12And in fact, the Mac lab upstairs is also on the same subnet.
05:17So from the internet perspective, we're all on one big cloud,
05:22one big subnet for this lab and the Mac lab.
05:27So we want to learn some commands that show us more information about our network setup.
05:37So we said how many wired interfaces?
05:39We said we have three wired interfaces and one wireless interface.
05:44What's a command that shows us the configuration of our interfaces?
05:52Try. Try the command that I've used and shown you many times,
05:56how to see the config of your interface.
06:00Short for interface is IF.
06:04IF config.
06:07Show you the configuration of your interfaces.
06:11And for me, I'll just pipe mine through less so that we can scroll through.
06:16You don't need to.
06:21So this shows you from the operating system perspective what interfaces this computer has.
06:26And you note some names there, ETH0, ETH1, ETH2.
06:32ETH short for Ethernet, the common name for wired interfaces.
06:37So there's three interfaces for the wired card.
06:44LO. What's LO?
06:49Local or loopback.
06:52This is a special interface for testing when you want to send to yourself.
06:57So this is not a hardware interface.
06:59This is a special one set up by the operating system.
07:02If you want to send something to yourself without sending out on a cable or a wireless link,
07:07you can send to the LO interface called the local loopback interface.
07:11And you may recognise the IP address there.
07:14This special case address, 127001.
07:19So that's a special case interface.
07:21Where's the wireless interface?
07:23Can everyone see theirs?
07:26No.
07:27You can only see your three wired interfaces.
07:30IFConfig doesn't show interfaces which are turned off.
07:35If you want to show all interfaces, use IFConfig minus A.
07:39Show them all.
07:41And you should see WLAN there, wireless LAN interface 0.
07:45You can plug in multiple wireless LAN adapters and you'll get...
07:49Usually the operating system we've set it up so it labels them 0, 1, 2 and so on.
07:55And the way that we've set up these computers is, assuming everything's correct,
08:00ETH0 is always the network interface on the motherboard.
08:07This is a useful one to remember.
08:09ETH0 is on the motherboard.
08:11ETH1 is the top PCI slot.
08:14ETH2 is the bottom PCI slot.
08:170, 1, 2 physically.
08:19Because later when we plug cables in, we'll need to know which one we're using.
08:25So the operating system gives them names.
08:30If we want to look at just the deep, the config of one of them,
08:33we can specify IFConfig eth0.
08:38Another tool is...
08:45So this shows the operating system's perspective of this interface.
08:50We can also get a bit of information about the hardware.
08:53So it's actually a piece of hardware on your computer.
08:56And one tool that gives us something about the Ethernet hardware is ETH tool.
09:02Followed by an interface that tells us some information about...
09:07that hardware associated with ETH0.
09:14And I'll pipe it through less because I know it has a lot of output.
09:22So that's some information about the hardware device.
09:25IFConfig is about the software configuration.
09:32Have a look through that information.
09:40And try these two tasks.
09:53See if you can find some of the information I list there.
09:56So just from those two commands, they give some information.
09:59Just browse through.
10:00You don't need to understand everything, especially from ETH tool.
10:04But some of the things you'll quickly recognize.
10:06And especially look at the output of IFConfig.
10:10And see if you can complete these two tasks.
10:12Find the information, then put a file on my computer named by your computer number.
10:18Bonus for the first person to do it in a short time.
10:29So we're trying to find some information.
10:31Very basic information about our LAN interfaces.
10:35And to find that information, two commands you can use.
10:42Well first ETH tool, followed by the interface.
10:47I'll pipe it into less.
10:49Tells us a lot of information about our...
10:51Think of the hardware and the link.
10:54What data rates are supported by your wired LAN interface?
11:00What data rates are supported?
11:04Well it says there are different link modes supported.
11:07And we see these strange names, but you may be able to guess.
11:1010BaseT half, 10BaseT full, 100, 1000.
11:1510, 100, 1000 are the data rates that Ethernet support.
11:21Our device, so the hardware can send at either 10Mbps,
11:26100Mbps, 100Mbps or 1000Mbps.
11:30The BaseT is just the name given to the type of cable or the connector here.
11:39Half and full refer to duplex.
11:42Half duplex or full duplex.
11:44Half duplex you can send in both directions but one at a time.
11:48Full duplex is typical today where we can send in both directions at the same time.
11:54So this is what's supported because when you buy the device,
11:58it supports the old 10Mbps,
12:02the less old 100Mbps and the current typical device,
12:08or the speed for your device is 1Gbps.
12:13And the way it works is that your device advertises those capabilities
12:19to the other endpoint of the cable.
12:22The device at the other endpoint, they do some negotiation.
12:27So auto-negotiation means they will automatically try and choose the best one
12:33based upon what both endpoints support.
12:37Because if the partner only supports 10 and 100,
12:41and you support 10, 100 or 1000,
12:44you cannot use 1000.
12:46You use the best with both support.
12:48Well it turns out both of them support 1000 base T full.
12:52We support 1000 base T full.
12:56We advertise that to the other side.
12:58And the other side, the partner advertised that as well.
13:03So that's what we use. That's the best one.
13:05How do we know what we used?
13:08The speed tells us.
13:111000Mbps and duplex is full.
13:15Try not to resize your windows.
13:24Duplex is full, speed is the current data rate.
13:27So they are the two main fields we care about here at this stage.
13:31The other one, which wasn't the question there,
13:33the very last line is very useful when we do some real testing.
13:37Is the link detected?
13:39Yes.
13:41What if we look at ETH1?
13:45Link detected? No.
13:47We don't have a cable plugged in and there's nothing at the other endpoint.
13:51So this will become useful because sometimes we'll plug a cable into the wrong interface.
13:57Or we don't plug in the other endpoint.
13:59So a quick check, is the link detected? Yes or no.
14:02So that's useful when we are setting up the links.
14:08IF config tells us our hardware address.
14:20And the hardware address, where does that come from?
14:25It's the MAC address, that's the other name, or a physical address.
14:30Where did it come from?
14:32The manufacturer.
14:34So the company that made the chip on the motherboard,
14:38or the PCI slot, assigned this hardware address to it.
14:44It should be fixed and unique.
14:47This is the IP address.
14:54In my case, 10.10.16.201.
14:57This is assigned to your computer.
14:59So this may change.
15:00Whereas you can think the hardware address is fixed.
15:03It's for the device.
15:04It's for the device.
15:05This is assigned to my computer.
15:08Where did that come from?
15:10Who gave it to me?
15:12How did your computer get this IP address?
15:16Well, there are three basic ways.
15:21Either I set it when I start my computer.
15:25I manually set the IP address.
15:27I did not do that.
15:28I think when you boot your computer, you didn't type in the IP address.
15:31That would be very inconvenient.
15:33But we can manually set it.
15:35We could have a file on our system that says,
15:39when the computer boots, load this IP address.
15:42A static address.
15:45And the third approach, which is more commonly used,
15:48is that when our computer boots, it asks a special server,
15:51can you give me an IP address?
15:53What protocol does it use to ask a special server for an IP address?
15:57D, we need to configure our hosts dynamically.
16:06Dynamic Host Configuration Protocol, DHCP,
16:09is the protocol that my computer asks a server,
16:13give me an IP address.
16:14And the server says, here, use this one.
16:16We will see that in a later lab, DHCP.
16:19It also gives me this other information.
16:22And you know your experts about broadcast address,
16:25network masks.
16:27And from that also you can work out the network address,
16:30which is 101016.0 in this case.
16:35The way to work it out,
16:37look at the internet address.
16:39Grab the first 22 bits.
16:43Why 22?
16:45255 is 8 bits, 8 ones.
16:48So there's 16 ones.
16:50252 is in binary, 6 ones and 2 zeros.
16:54So we have 8 plus 8 plus 6.
16:57Grab the first 22 bits of this binary address.
17:00Set the last 10 bits to 0.
17:03And you get 10.10.16.0.
17:06So that's how you get the network address.
17:10This is your IPv6 address.
17:14We're not using that in the lab in this course, IPv6,
17:18version 6, but most operating systems give an IPv6 address to your computer.
17:23But in this case it can only be used on the local LAN.
17:27It only has a scope of the link.
17:29It can't be used out on the internet.
17:31The rest are some statistics or status information about
17:34how many packets have been received,
17:37how many bytes have been transmitted since we started the interface,
17:40usually since we've booted the computer.
17:42So we can get a few stats plus the other information about the addresses.
17:48Let's stay with those tools and a couple of others briefly.
17:52ETH tool also gives us some stats.
17:57Minus S.
18:00ETH tool minus uppercase S gives us some statistics.
18:05Not much different from ifconfig.
18:07So sometimes when we're running our network,
18:09we want to diagnose if something's gone wrong.
18:12Maybe look at how many packets have been sent
18:14or how many errors have we got.
18:16We shouldn't see many errors.
18:18If we do, we see thousands of errors,
18:20then maybe there's some problem with the hardware.
18:24Or the cable.
18:26So ETH tool has many options in fact.
18:29We can see statistics with uppercase S.
18:33A little bit out of the scope,
18:36but we can also change parameters using ETH tool.
18:40I don't think we'll do it very often,
18:45but we can use ETH tool to set a value for my ETH0 interface.
18:52I can set the speed to be 100 megabits per second
18:56and the duplex to be full.
18:59So mine was set at 1000 megabits per second, duplex full.
19:03If I want to change the speed, maybe for testing purposes,
19:06I want to slow down, I can set it to a specific value.
19:12When we run it, it says operation not permitted
19:15because many networking things, we can view the information,
19:19but we're not allowed to, as the normal user,
19:22change the network settings.
19:24So what do we do?
19:27We do this as super user.
19:30And I've set up these computers so that the student user
19:33is allowed to run most networking commands.
19:37And if we check now, we notice the speed is 100 megabits per second.
19:49We should set both speed and duplex together
19:52because they go together, the speed and duplex mode.
19:55You'll get an error if you try to just set the speed.
19:59An ETH tool has many other options.
20:02I'm going to set mine back to 1000.
20:09So to see statistics, we've got ETH tool, we've got IF config,
20:17plus the other configuration information.
20:19Before we have a break, another way to see the statistics,
20:23there's a command called netstat, network status.
20:28And it has many options, netstat.
20:32It produces lots of different output
20:34depending upon the option we specify.
20:36to see statistics minus s, lowercase s here.
20:40So the options don't always mean the same thing
20:43across different commands.
20:45In ETH tool, it means set.
20:47In netstat, it means statistics.
20:50If we wanted to get statistics in ETH tool,
20:54it was uppercase s.
20:55So that's a bit confusing.
20:57Try netstat minus s.
20:59It gives us some network status information,
21:02in particular some statistics.
21:04I'll pipe it into less because there's a lot of output.
21:08And here are a lot more details of all the IP packets I've sent.
21:12Any with errors or different types of packets.
21:15ICMP is used for ping.
21:17So all the ping messages being received and sent.
21:20The different types of ICMP messages.
21:25TCP and UDP are transport protocols.
21:27So it shows some statistics about TCP and UDP.
21:30The connections opened, segments received, errors.
21:35So if you find diagnosing problems,
21:40looking for statistics about the error messages received
21:43can be useful sometimes.
21:45And some extensions of UDP and TCP.
21:48Some further statistics for extensions.
21:52So some of that we may not know what they mean,
21:55but if you want to find detailed statistics,
21:58netstat minus s.
22:00When we run ifconfig,
22:13it tells us my IP address is 10.10.16.201,
22:19my hardware address is this FC address,
22:22long in hexadecimal, 12 digits, 48 bit address.
22:29We use the hardware address for communications inside the LAN.
22:34So whenever your wired interface needs to send
22:37to another computer in this LAN,
22:40say in this room,
22:42then the source address will be your hardware address
22:46and the destination address of that frame
22:48will be the other person's hardware address.
22:52So the hardware addresses are used by Ethernet protocol
22:56and the source and destination address
22:58are set inside the frame that's sent in the LAN.
23:01So that's used for internal communications.
23:04But if we want to communicate to someone outside of our subnet,
23:07that's where IP addresses come in.
23:10But in fact, most applications today we use IP addresses
23:14and when I say I want to communicate with 10.10.16.202 for example,
23:27so I specify the IP address as the destination,
23:31we know it's in the same subnet,
23:34computer2 is right next to me.
23:37For my computer to send a frame to computer2,
23:40it must know the hardware address of computer2.
23:43Okay, so I know as the user the IP address of computer2,
23:4910.10.16.202,
23:51but I don't know or my software doesn't yet know
23:54the hardware address of computer2.
23:56So we have a bit of an issue.
23:59How does my computer discover the hardware address of other computers?
24:07For example, I want to connect to computer,
24:10who have we got?
24:11Computer 37.
24:14If I want to connect to computer 37,
24:1710.10.16.237,
24:20I know it's IP address,
24:22I need to know the hardware address of computer 37.
24:26Does anyone in this room know the hardware address of computer 37?
24:33Computer 37, does anyone have the hardware address?
24:38That is the IP address 10.10.16.237.
24:43Maybe that person will stand up.
24:48I want to know the hardware address of computer with IP address 10.10.16.237.
24:53Microphone.
24:58Microphone.
25:00What's your hardware address?
25:02Hardware,
25:07FCAA143902CD.
25:15Okay, thank you.
25:16Now I know the hardware address.
25:19Now my computer can send a frame to computer 37.
25:22Because everything sent across the LAN
25:25is sent using the Ethernet protocol
25:30and they must use the hardware addresses to communicate.
25:33If I wanted to contact computer...
25:36Who's at the back?
25:3827.
25:3927.
25:40I say,
25:44I want to contact computer 27.
25:47Anyone out there?
25:48Yep.
25:49Yes, there is.
25:50Good.
25:51And what do you tell me?
25:53My hardware address.
25:58Okay.
25:59FC.
26:00Okay, so she will tell me the hardware address.
26:06And there's no need to read it out.
26:07Good.
26:08So, the idea is that for my computer to contact anyone,
26:14I must first learn their hardware address.
26:17And the way that I did it is I yelled out the whole class,
26:20saying, who has this IP address?
26:22Who is computer 101016227?
26:26And that computer, who is that,
26:29responded to me saying,
26:31I am computer 27 and my hardware address is this.
26:35Of course, we don't do that manually.
26:38That must happen automatically.
26:40Whenever I try and contact a particular computer,
26:43if I try to secure shell into computer 27,
26:46I press enter.
26:47The time from when I press enter until when I log in,
26:54automatically in the background,
26:56something discovered the hardware address of computer 27.
27:00Okay, so there's a protocol that operates really in the background.
27:05Whenever we want to contact someone by IP address,
27:08this protocol goes and finds the hardware address.
27:11The protocol is called the address resolution protocol.
27:15ARP, ARP.
27:19We will see this in the next lab.
27:21We will see how it works.
27:22But for today, there is also a command called ARP,
27:26the address resolution protocol.
27:28And it shows me, from my computer's perspective,
27:31who do I currently know about?
27:33Who have I asked recently?
27:35If I run it, it shows me a table.
27:38And it doesn't look so good on my output.
27:43I'll run it again.
27:45We'll run it here in a slightly better output.
27:55There are two main columns.
27:57There are multiple columns there,
27:58but two columns of interest.
28:00We pipe it into less.
28:02The address, which is the network address,
28:06and the hardware address.
28:08The hardware type is almost always the same, Ethernet.
28:14But look at these two columns.
28:15The address is the name of the computer that I want to contact,
28:20and this is the hardware address.
28:22Now, note that the addresses, some are IP addresses.
28:27Some are the nicknames.
28:29We've given each computer a nickname.
28:32And you see the pattern, I think.
28:34Netlab, followed by the computer number.
28:36Now, I don't like nicknames so much,
28:39so I'd prefer to use this command without nicknames.
28:42And many networking commands, if you don't want the nickname,
28:45add the minus-n option.
28:47And you'll see me do that a lot with different commands,
28:50and I'll not explain it.
28:52But that means, show me the raw address, not the nickname.
28:58So let's run it again with the minus-n option.
29:03And it shows that my computer recently
29:09has been in communication with 10.10.16.220,
29:14and the protocol ARP automatically learnt
29:17that the hardware address for that computer was this one.
29:21So this is a table of the recent ones we've learnt.
29:26And when you run the command,
29:29you'll probably see your table is much smaller.
29:32The reason I've got many entries here
29:34is because you've all logged into my computer.
29:37You're all communicating with me now.
29:39You use Secure Shell to communicate to my computer, to connect.
29:44So I know your hardware address already.
29:46But when you run it on another computer,
29:50if I log into another computer,
29:54I'm on computer 10 now.
30:00Computer 10 currently knows about four other computers.
30:07IP address .1, .231, .201, .236,
30:13and it knows their hardware addresses.
30:15So, over time, that may change.
30:19It's like a cache of the most recent ones
30:23that we've communicated with.
30:24Over a few minutes, if you don't contact that computer,
30:27it disappears.
30:30So, ARP as the command,
30:32shows me the hardware address
30:35of the computers I've recently communicated with.
30:39ARP, the protocol, gathers that information.
30:43It's running whenever you try to contact
30:45another computer by IP address,
30:47ARP runs and it works by yelling out
30:51who has this IP address
30:53and that computer responding.
30:55The yelling out in a network terms is a broadcast.
30:59We'll see the protocol work later,
31:02but just remember the ARP command
31:04shows you those hardware addresses.
31:06So then you can see about your friends
31:09and see what their hardware addresses are.
31:12Let's go back.
31:21So maybe just contact a few other computers
31:24and see that table change.
31:26So currently my table has those four.
31:29If I ping another computer,
31:36and we haven't studied ping yet,
31:38but you've seen me use it in a number of other cases,
31:40maybe in the lectures.
31:43If I ping another computer, 235,
31:48and then stop that and look at ARP again,
31:51now I see 235s in the list.
31:54Before I didn't know the hardware address of 235.
31:58When I pinged or tried to communicate with computer
32:01with IP address 235,
32:03ARP went to work.
32:06It learnt the hardware address.
32:08And we can see that in the output here.
32:10Now 235s in the table.
32:13Over time, that table will get smaller.
32:18It takes, I think, a couple of minutes
32:23for the entry to be removed from the table
32:25if we don't contact that computer.
32:28So just see your ARP table grow
32:32by contacting a few other computers.
32:35Either secure shell into them, ping them,
32:37or use wget or access the web page.
32:40We've seen Netstat gives us some statistics
32:54if we use the minus S option.
32:56So Netstat, the network's data showing statistics.
33:01What are the two transport protocols which are common?
33:07Everyone should remember the two common transport protocols.
33:12And you'll see here TCP and UDP.
33:16TCP is very common.
33:19Most of the applications we're using in this lab use TCP.
33:23When we secure a shell into another computer,
33:26access a website, you send emails.
33:28TCP, before we send data, we set up connections.
33:32So here the stats say there are seven active connection openings,
33:3872 passive.
33:40Active is usually when we initiate the connection open.
33:44Passive when someone connects to us.
33:47Your stats will be different from mine on your computer.
33:51So TCP, we set up a connection,
33:54transfer data and then close the connection.
33:57So one thing we commonly want to look at is
34:01what connections do we currently have open?
34:04Who's currently connected to us?
34:07And in fact, Netstat can show that.
34:12If you run the command,
34:18and I'll do it here so I can zoom in a bit better,
34:21and on computer 10,
34:23Netstat minus T shows us the TCP connections.
34:29And I'm going to use again the minus N
34:32because I want the no nicknames,
34:34I want the raw addresses.
34:36The minus T option, show me the TCP connections,
34:39the current ones.
34:43And here in this case,
34:45I'm on computer 10 here,
34:46it shows me there is one connection.
34:51So Netstat minus T,
34:53show me the current TCP or the active internet connections.
34:57And the two or three columns of interest
35:00are the local address, foreign address and state.
35:03The protocol is TCP because I set the minus T option.
35:07Local address, note that it has two addresses.
35:11There's an IP address, that's me,
35:1510-10-16-2-1-0,
35:17because I'm actually logged into computer 10 now.
35:19And a port number, port 22.
35:23And the foreign address is another computer,
35:2710-10-16-2-0-1, and a port number as well.
35:31So the addresses contain both IP address and port number.
35:35And the state says that this connection is currently established.
35:39We're connected right now.
35:41The state may change.
35:43Normally what happens when you've finished communicating,
35:47you, the state, the connection closes,
35:53but it actually stays temporarily open for a couple of minutes,
35:57so then it fully closes.
35:59You'll see some other states like time wait here.
36:03If I connect to another computer,
36:09I'm currently on computer 10.
36:12How do I connect to another computer?
36:14What does WGET do?
36:16Everyone remember?
36:18Get a web page.
36:20And every computer in this lab runs a web server,
36:24so I can get the web page of computer 221.
36:32WGET just downloads the web page.
36:36From computer 21, I'm going to visit their website.
36:40Save the file to index.html in this case.
36:44So I don't want to show you the page,
36:46I just want to download it.
36:48WGET does that.
36:50And now if we look at netstat,
36:54I've got the original connection
36:56between computer 10 and computer 1,
36:58and there was another connection
37:00from computer 10 to computer 21.
37:04Because WGET uses HTTP to access a website,
37:09and HTTP uses TCP as the transport protocol.
37:13So this shows me I recently,
37:16computer 10, using port 53463,
37:20contacted computer 21 on port 80.
37:24The state is time wait.
37:26The connection is not established.
37:28This normally means that
37:30we've established the connection,
37:34we transferred some data,
37:36we closed the connection,
37:38and we're just waiting for it to fully close.
37:40We wait a couple of minutes before,
37:42just in case there's some extra communication.
37:46So time wait means we're waiting for it to close.
37:50After I think a couple of minutes,
37:52or not so long, it disappears.
37:54So you see the connection
37:56from my computer to computer 21
37:58is no longer there.
38:00It's fully closed now.
38:02So netstat-t gives us some information
38:08about our current connections, TCP connections.
38:12We can often estimate or guess who,
38:16what application is being used,
38:18by the port numbers.
38:24Port 22.
38:26What server uses port 22?
38:30Easy one.
38:32What server uses port 80?
38:34HTTP or web server.
38:36So HTTP uses port 80.
38:38So this line tells me
38:40I connected to a web server.
38:42The 53463 port
38:46is allocated by the operating system
38:50to my browser, wget,
38:52but port 80 is usually fixed and used by a web server.
38:56So when I see this,
38:58I know I recently contacted a web server.
39:02Here, what's this data?
39:06I'm still connected to port 22.
39:12What do you think port 22 is?
39:18SSH.
39:20Remember I secured shell into another computer.
39:24There's a secure shell server.
39:26Web server uses port 80.
39:28Secure shell uses port 22.
39:30Good ones to remember.
39:32If you can't remember them,
39:36there's a file on your computer that reminds you.
39:40It's in the etc directory.
39:42It's called services.
39:44Have a look in the file.
39:46It's just a text file
39:48that lists the port numbers
39:50and the server names,
39:52or the services.
39:54Have a look in slash etc services.
40:06So when there's a quiz question,
40:08what is the port number for FTP or for SMTP?
40:14You'll look up this file and see the answer.
40:20We see SSH is port 22.
40:26HTTP port 80.
40:36And some others you may recognize over time.
40:40443 is down here somewhere.
40:42HTTP S when we connect to a secure web server.
40:46Different port numbers used.
40:48While we're looking at text files,
40:58let's look at one other.
41:00slash etc slash protocols.
41:02What's the protocol number for TCP?
41:04What is the protocol number for UDP and others?
41:08Look in the file and it will remind you.
41:10The protocol number,
41:12at least in the protocols file.
41:16IP is 0.
41:20ICMP is 1.
41:22TCP is 6.
41:24UDP is 17.
41:26The common ones we'll see.
41:28Transport protocols are given numbers.
41:32But there are many others here as well.
41:38Those files are typically on Linux operating systems in that location
41:44so that software can look them up.
41:46So what you should do is contact some other computers,
41:58either secure shell into them,
42:00access their websites,
42:02and then look at netstat-t to see the connections.
42:16What if I access the ICT server?
42:38Using my web browser, links.
42:40Because I'm logged into computer 10,
42:42I don't have a graphical interface.
42:44So I'm sitting at my computer,
42:46but I'm actually secure shell into computer 10.
42:48I can't open Firefox.
42:50Not without other settings.
42:52So I'll use my text-based web browser,
42:54links.
42:56Access ICT.
42:58And it takes me to the ICT server.
43:00We visit Moodle.
43:02Do I want to accept cookies?
43:04Yes.
43:06Let's allow that.
43:08And now I'm on the Moodle website.
43:10Now let's quit.
43:12Yes, I'm sure.
43:14And look at our connections.
43:16My connection disappeared there.
43:24In that case, links close the connection immediately after I ended.
43:30So not a good example.
43:32Even better.
43:33Let's try this one.
43:35Use wget.
43:43That's better.
43:45Try it again.
43:47Links close the connection and deleted the connection state straight away.
43:51So that wasn't a good example.
43:52But wget.
43:53Download the ICT web page.
43:55Look at netstat.
43:57And I see in there, because I just did it twice,
44:01there were two connections to the ICT server.
44:04I know that the ICT server has a special IP address or a local IP address of 10.10.6.11.
44:12It's just upstairs on the third floor, the server.
44:18So these were my two connections to the ICT server.
44:22If I connect again,
44:24then there's another connection.
44:30And they're in the time wait state because the connection's been closed,
44:34but it's waiting for a couple of minutes for it to fully close.
44:38Whereas with links, it fully closed it straight away, so I didn't see it.
44:42So I cannot contact some different servers and see the output with netstat.
44:48So we're trying to look at the TCP connections and using netstat to look at that.
45:02So we're going to use netcat to create a simple TCP connection.
45:08And I'm going to do it in some different terminals so that we can see it all at the same time.
45:14On computer 10, so the blue one is computer 10, the green one is 13.
45:20Okay, 10 and 13, I'm logged into those.
45:22Computer 10, down here I'll start the netcat server.
45:26To start netcat in server mode, minus L.
45:30Tell the netcat software to listen.
45:33And we need to choose a port.
45:35And the port is a 16-bit number,
45:38so it goes up to about 65,000.
45:42In practice we need to choose a number greater than 1,023.
45:46And less than 65,000.
45:48Here's a simple one.
45:50So this tells my netcat software to listen.
45:54Listen in on port 1, 2, 3, 4, 5.
45:58And it's listening now.
46:00And still on computer 10, now I'll use netstat.
46:03Let's show me the TCP connections
46:06and let's show me the ones which are listening on this computer.
46:14And there's a number of essentially servers running on my computer.
46:19There's a number of pieces of software listening on my computer.
46:23Well, we do recognize this one.
46:27There's some software on my computer and it's listening on port 1, 2, 3, 4, 5.
46:32And that's the netcat software.
46:34That's what I noticed there.
46:36Now the other information, maybe the address information,
46:39this all zeros means anyone is listening for any particular address.
46:46That is anyone can connect to it.
46:53We notice some other ports.
46:54If we look through the ports here, here's port 22.
46:58There's some software running on my computer listening on port 22.
47:01What is that software?
47:04It's the Secure Shell server.
47:06Every computer when they boot up,
47:08it automatically starts a Secure Shell server.
47:11It's called the SSH daemon.
47:13SSHD is the software.
47:15So there's a Secure Shell server.
47:17Now there's another entry for 22 here.
47:19This is for IPv6 connections, IPv6.
47:23This is for IPv4.
47:25But the key thing to point,
47:27or to realize from the output are the port numbers here.
47:31Sometimes there's both IPv4 and IPv6.
47:35Sometimes there's just IPv6 which covers IPv4.
47:40A bit confusing.
47:42Note just the port numbers.
47:44Port 80.
47:46Every computer is running a web server.
47:48Port 22.
47:50Every computer is running a Secure Shell server.
47:52Here's my computer running the Netcat server.
47:55What about the others?
47:573306.
47:59What is it?
48:01When you saw it, did you look in the services file for 3306?
48:21MySQL.
48:22We're running the MySQL database server on these computers.
48:25So it's listening there.
48:28Now the slight difference, it's listening only on the local, the special loopback address.
48:35Meaning, you cannot connect to my MySQL server from your computer.
48:40You must be on my computer to connect to my MySQL server.
48:44So that's the difference here.
48:46The all zeros means anyone can connect.
48:48This one means you have to be on my computer to connect to my server.
48:53So you can't communicate across the internet.
48:55631 is the internet printing protocol.
49:00It's for communicating with a printer.
49:0425 is for email.
49:06This is just for local email delivery.
49:08Not for out on the internet.
49:10And I think that's covered them all.
49:13So there's some software running on your computer that listens.
49:20My Netcat server is still running.
49:22So now I go to computer 13.
49:24and I connect 210.
49:30I would connect to the IP address.
49:32Computer 10.
49:33Port number.
49:35Send my message.
49:38Check the output of Netstat.
49:42And I see that computer 13 is connected to computer 10.
49:51The connection is established.
49:52They're still connected.
49:54Netcat uses TCP by default.
49:56Foreign address is listening on port 12345.
50:01And my Netcat client, when I started it,
50:04was given the port 47990.
50:07The operating system gave it to it.
50:09We don't do it as the user.
50:13So this shows the active connections,
50:15or the current connections.
50:17If you add the minus L,
50:19to show the servers listening.
50:22One thing you may have noticed,
50:24the server is still there.
50:26I can still send back.
50:32But if we look at the listening connections,
50:34it's no longer there.
50:36That is, there's no longer a listening connection
50:39on port 12345.
50:41That is because Netcat is a very, very simple server.
50:45As soon as someone connects to it,
50:47it's no longer listening for others.
50:50It's just communicating with that one that connects.
50:53So you can't have multiple people connect to the Netcat server at the same time.
50:58Real servers, normally when someone connects,
51:03it creates a child process to deal with that client
51:07and then listens for more connections.
51:10That's why all of you can log into my secure shell server.
51:14I've got one secure shell server running.
51:17Whenever you connect, it creates a copy of itself
51:20and then waits for the next person to connect.
51:23We'll see that when we look at web servers later.
51:26So from Netstat minus T,
51:30you can see information about current connections.
51:32Add the minus L and you can see those which are listening.
51:44Those listening is very useful to know
51:46what servers are running on your computer.
51:49Because that may be the potential security flaw
51:53in that if there's a server running on your computer,
51:55then others outside may be able to connect to your server
51:58and do things.
51:59So that's useful to know what's running on your computer.
52:02When we close,
52:06I close the server,
52:13the client's closed,
52:15the connection was closed then.
52:18So I close the connection and it's not even in a time wait state
52:24because we haven't communicated.
52:30So you know what about applications communicating using Netstat minus T?
52:35We've seen Netstat minus S show me statistics.
52:49Minus T show me TCP connections.
52:51If you read the man page for Netstat,
52:54there are many, many different options.
52:58TCP connections.
53:00TCP connections,
53:01you can show about UDP,
53:02you can show listening,
53:04you can show routing information,
53:06interface information,
53:08statistics and others.
53:12Alright?
53:13So it does a lot.
53:14Let's do a couple more.
53:16Netstat minus I.
53:19And I'll pipe it into less.
53:25Show me something about the interfaces
53:27and some statistics.
53:29Doesn't come up very well.
53:33The command Netstat minus I.
53:43Some statistics about my interfaces.
53:46So my ETH 0, 1 and 2
53:48and some of the data packets received okay,
53:51transmitted okay and so on.
53:57Netstat minus R shows me the routing table.
54:03And I should have did it with the minus N option
54:06to show no nicknames.
54:08It was a bit slow without it.
54:10For the routing table,
54:14if we look at the first two columns,
54:16it gives me two entries and it says,
54:19look at the last column maybe first,
54:21to reach anyone on network 10.10.16.0,
54:25we know that network address from our first task,
54:28to reach anyone on this subnet,
54:31there is no gateway, send direct.
54:34It doesn't make sense to send to a router
54:37if they're on the same subnet as me.
54:40A gateway also means router.
54:42The first row is for anyone else,
54:47send to the router or gateway 10.10.16.1.
54:52So if I want to communicate with anyone
54:54that starts with 10.10.16,
54:57then send direct to them in the LAN.
55:00If I want to communicate with someone else,
55:02maybe the Google website, Facebook,
55:05then the default action is to send to the gateway 10.10.16.1.
55:10So we say 10.10.16.1 is my default router or default gateway.
55:15It's a computer upstairs on the third floor.
55:18So that's a routing table.
55:21We will see and modify the routing table with commands in another lab.
55:25Today we're just looking at the information.
55:27Another way to see that is using the route command.
55:33Before we do it,
55:34Netstat minus R minus N shows no nicknames,
55:39the raw addresses.
55:42And it's generally faster
55:43because it doesn't have to look up and find the nicknames.
55:46To see the routing table you can also use route.
55:49Route minus N shows exactly the same information.
55:53We will commonly use the route command to see the routing table
55:57and we'll also modify the routing table using the route command.
56:01Netstat just shows us.
56:06Netstat minus R or the route command
56:09are effectively the same from our purposes.
Comments