Differences

This shows you the differences between two versions of the page.

--- linux [2019-08-07 T 17:33]
admin [ifdown and ifup]
+++ linux [2022-03-28 T 19:07] (current)
admin [dig]
@@ Line 960: / Line 960: @@
       netmask 255.255.255.0
   vlan-raw-device bond0
+===Links===
+https://www.beyondvm.com/2014/03/quick-tip-bonding-lacp-and-vlans-in-linux/
+====Checking network configuration====
+this page indicates some checks that could be done after configuring the interfaces file. https://www.tecmint.com/network-nic-bonding-teaming-in-debian-linux/2/
+\\ Mainly it suggests to perform these checks:
+  * ifconfig to look that interfaces are configured properly
+  * mii-tool (not sure how this will work)
 ==== ip ====
 Use ip to show / manipulate routing, devices, policy routing and tunnels. Many of the things you do with ifconfig can now be done with ip. Here is a good link, and some examples that will be expanded uppon later.
@@ Line 1058: / Line 1065: @@
   * -D to list available interfaces
   * -n does not resolve name servers, useful if in a slow devices
+  * -e Shows Mac address
   * src [ip] / dst [ip] shows you lines with that source or desitnation ip respectivly.
   * proto [protocal] for types of packages
@@ Line 1071: / Line 1079: @@
   sudo tcpdump -i eth0 ether host aa:bb:cc:11:22:33
 This is an excellent page for more options: https://danielmiessler.com/study/tcpdump/#gs.lU0pRcE
+==== dig===
+Use dig to easily lookup what the DNS entry of an ip is.
+  dig [host] [options]
+Some options
+  * +short to just show the IP address entry
+Example to look up what IP google has and what Ip it returns:
+  User@mend:~#dig google.com +short
+.251.46.238
 ==== SSH ====
 ssh stands for secure shell. It is a service that allows for you to remote access a terminal using encryption. It is very universally standard and exists on most linux systems or can be easly installed
@@ Line 1258: / Line 1274: @@
   * $wget -qO- http://ipecho.net/plain ; echo
 This will call up a website that can display your ip in a simple way. The operators for wget are just quiet and save to a standard file which is then echoed with the echo command.
-====snmp====
+====SNMP====
+Simple Network Management Protocol allows you to get information from network devices. You can also use it to control, but this is not the typical way it is used.
+  * OID is the address of a specific date point that can be used when querying a network device with SNMP.
+  * MIB is the Management information base, and is usual a file formatted a specific way to indicated what OIDs mean what. The device itself does not necessarily have identifiers of what each OID means.
+  * ASN1 is Abstract Syntax Notation One. This is the Syntax that MIBs are in.
+  * Agent - Is the device queering the client device for data using various types of SNMP gathering software
+  * Community - The agent uses the community string to Authenticate that it can gather information from devices. Note that this is a low security model in version 1 and 2c of snmp
+  * SNMP version 1 and 2c. Version 2c allows for more expansion of what data can be passed with SNMP, and some other improvements, It is very common
+  * SNMP version 3 adds extra security and authorization beyond just knowing the community
+To install the suite of packages
   * The package name in ubuntu/debian is snmp
   * The package name in Centos/RHEL is net-snmp
-=== snmpwalk ===
+=== snmpstatus===
+To get the status of if snmp and if it is running on a device you need to know the IP of the host, the community string, and the version
+ snmpstatus -c [community] -v [version] [host]
+For example
+ snmpstatus -c public -v 2c 192.168.0.99
+=== snmpwalk and snmpget===
 snmpwalk is a tool to scan for snmp. To install you you just install the package called snmp
   snmpwalk [opts] -c [community] [ip address] [OID]
@@ Line 1269: / Line 1299: @@
   * -m "[mib file]" This will tell snmp walk to look up the mib file. The defualt MIB search path is several paths defined by the : /home/btowne/.snmp/mibs
   * You can put in the OID address at the end to just get data from that data point
+snmpwalk will go through every sub OID possible from the highest point you are calling it from. This is very good when discovering sets of data, but if you want to find the specific information of a specific OID, you want to try snmpget. This is very hepful because if you use walk for what you think is specific OID. It might append a 1 or another number on the end. For example, lets say that oid.99.500.3.5 is supposed to tell you how may foos are in the network device so you run:
+  snmpwalk -v1 -c public 192.168.1.99 oid.99.500.3.5
+You might get a return of:
+  SNMPv2-SMI::oid.99.500.3.5.1 = INTEGER: 33,
+You can see that in the readout it shows the oid with a .1 on the end. So if you did snmpget instead:
+  snmpget -v1 -c public 192.168.1.99 oid.99.500.3.5
+This might be a return readout:
+  SNMPv2-SMI::oid.99.500.3.5 = No Such Instance currently exists at this OID
+If you do walk, you may see that the o
 ===snmpd===
 To allow your linux device to act as a simple snmp agent you can install snmpd
@@ Line 1333: / Line 1372: @@
   * http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAF << For extended details of the man page for access control of snmpd
   * http://net-snmp.sourceforge.net/wiki/index.php/Vacm#VACM_Masks.2C_or_How_to_restrict_access_to_a_particular_index_.28row.29_in_a_Table << More info about masks for access
+  * https://mibs.observium.org/ << A big database of MIBs
+  * http://www.circitor.fr/Mibs/Mibs.php << Another big databse of MIBs
 ==== iperf ====
 Iperf is a way of transferring bulk benign files to see pure transfer rates. Here is a good tuturial: [[http://openmaniak.com/iperf.php#iperf-w|http://openmaniak.com/iperf.php#iperf-w]]
@@ Line 1359: / Line 1400: @@
   * -p shows PID
   * -n shows numerical addresses instead of trying to determine symbolic host, port, or user names
+====SSL Cert====
+A secure socket layer certificate is used to authenticate a website with various authorities that give out certificates. It allows for a url to operate has https within a browser or any service that accesses that domain. This is not really a network tool, but rather a security tool for domains within a network.
+===Cert basics and location===
+A certificate is a file with an encryption key. It uses public key cryptography between the web client, like your browser, and the server, or the website you are trying to access with https. The file is located in a few different locations depending on what system you have. Ultimately though you will be defining where the file is with the httpd.conf file. More about that below
+===Obtain cert===
+First you must obtain the cert. Certs can be found with some hosting providers like godadd, or with a free service like https://letsencrypt.org/
+===conf file===
+There is an ssl.conf file but that just has to do with paramiters of how you want ssl to work. You will need to locate the httpd.conf file and make sure that your cert files are pointed to the right locations. here is an example /etc/httpd/conf/httpd.conf configuration:
+  SSLCertificateFile /root/sslcerts/ca.crt
+  SSLCertificateKeyFile /root/sslcerts/ca.key
+  SSLCertificateChainFile /root/sslcerts/ca.bundle

wiki.mendiculus.info

User Tools

Site Tools

Differences

Page Tools