Archive for the tag 'Network'

IP aliases disappears after network services is restarted in Ensim

If networks service has been restarted server looses the IP aliases set by ensim.

To get all IP aliases back restart virtualhosting service.

# service virtualhosting restart

License Invalid in PPCP after the Network Card change

Parallels Pro Control Panel license is tied to a MAC-address. Therefore, when you change your network card, PPCP does not recognize the license as valid anymore.

Resolution

Just rename /etc/appliance/.license/.LIC_file and /etc/appliance/.license/.MLK_file so that the license would be treated as a new one by PPCP:

# mv /etc/appliance/.license/.MLK_file /etc/appliance/.license/.MLK_file.bak
# mv /etc/appliance/.license/.LIC_file /etc/appliance/.license/.LIC_file.bak

Reference: http://parallels.com

tshark - Dump and analyze network traffic

TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark’s native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.

Without any options set, TShark will work much like tcpdump. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet.

Example :

# tshark -n -i ppp0 port 80
Running as user “root” and group “root”. This could be dangerous.
Capturing on ppp0

-n Disable network object name resolution (such as hostname, TCP and UDP port names), the -N flag might override this one.

-i [capture interface]

Protect a server within a network by using a TCP Wrapper.

The Xinetd super server that comes with most Linux distributions includes a built-in TCP wrapper.

It can be used to explicitly define network services to accept incoming connections from specified servers and networks.

The TCP wrappers implements access control through the use of two files, /etc/hosts.allow and /etc/hosts.deny

A recommended security-strategy is to block all incoming requests by default, but allow specific hosts or networks to connect.

To deny everything by default, add the following line to /etc/hosts.deny:

ALL: ALL

To accept incoming SSH connections from e.g. nodes lab1, lab2 and lab3, add the following line to /etc/hosts.allow

sshd: lab1 lab2 lab3

To accept incoming SSH connections from all servers from a specific network, add the name of the subnet to /etc/hosts.allow.

For example:

sshd: lab1 lab2 lab3 .subnet.lab.com

To accept incoming ssh connections from IP address 192.168.0.1 and subnet 192.168.5, add the following line to /etc/hosts.allow:

sshd: 192.168.0.1 192.168.5.

You can even tell xinetd to limit the rate of incoming connections. The TCP wrapper is quite flexible. And xinetd provides its own set of host-based and time-based access control functions.

Detect and close network ports that are not needed.

To get a list of listening network ports (TCP and UDP sockets), you can run the following command:

# netstat -tulp

# netstat -tulp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.locald:domain *:* LISTEN 4521/named
tcp 0 0 localhost.localdoma:953 *:* LISTEN 4521/named
tcp6 0 0 [::]:ssh [::]:* LISTEN 4553/sshd
tcp6 0 0 ::1%134628752:953 [::]:* LISTEN 4521/named
udp 0 0 *:domain *:* 4521/named
udp 0 0 localhost.locald:domain *:* 4521/named
udp 0 0 *:bootpc *:* 4884/dhclient
udp 0 0 *:34787 *:* 4574/avahi-daemon:
udp 0 0 *:mdns *:* 4574/avahi-daemon:
udp6 0 0 [::]:38224 [::]:* 4521/named

Using nmap

# nmap -sTU [remote_host]

# nmap -sTU 127.0.0.1

Starting Nmap 4.53 ( http://insecure.org ) at 2009-10-18 04:55 IST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 3196 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
953/tcp open rndc
53/udp open|filtered domain
68/udp open|filtered dhcpc
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 1.608 seconds

If you remove the UDP port scan (without the option “-U”), then nmap will finish the port scan immediately. If you run it on the local machine it will also complete very fast.

Also note that nmap might not show all listening network sockets if a firewall is being used to block ports.

Another method to list all of the TCP and UDP sockets to which programs are listening is lsof:

# lsof -i -n | egrep ‘COMMAND|LISTEN|UDP’

# lsof -i -n | egrep ‘COMMAND|LISTEN|UDP’
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 4521 bind 20u IPv4 12381 TCP 127.0.0.1:domain (LISTEN)
named 4521 bind 21u IPv4 12392 TCP 127.0.0.1:953 (LISTEN)
named 4521 bind 22u IPv6 12393 TCP [::1]:953 (LISTEN)
named 4521 bind 512u IPv4 12380 UDP 127.0.0.1:domain
named 4521 bind 513u IPv4 12382 UDP *:domain
named 4521 bind 514u IPv6 12383 UDP *:38224
sshd 4553 root 3u IPv6 12423 TCP *:ssh (LISTEN)
avahi-dae 4574 avahi 14u IPv4 12466 UDP *:mdns
avahi-dae 4574 avahi 15u IPv4 12467 UDP *:34787
dhclient 4884 dhcp 6u IPv4 13547 UDP *:bootpc

One of the most important tasks is to remove any network services from the system startup process that are not needed.

On Red Hat systems you can list all services which are started at bootup using the following command:

chkconfig –list |grep on

To permanently disable e.g. the runlevel service nfs, run:

chkconfig nfs off

To immediately disable the runlevel service nfs, run:

/etc/init.d/nfs stop

« Prev - Next »