Open main menu

CDOT Wiki β

Changes

OPS235 Lab 6 - CentOS7

213 bytes removed, 15:53, 4 May 2015
no edit summary
# Examine the contents of the ARP cache by using the command: <b><code><span style="color:#3366CC;font-size:1.2em;">arp</span></code></b>
# Check the contents of the cache again by using the command: <b><code><span style="color:#3366CC;font-size:1.2em;">arp -n</span></code></b>
# What was the difference in output? For what other command did the option '''-n''' have a similar effect? '''Answer Part 2 observations / questions in your lab log book.''' =<br>{| width= Part 3: How can I see what network services or ports are active on my CentOS system? "40%" align="right" cellpadding="10"|- valign="top"{{Admon/note | Use All Machines | Complete this investigation on all of your VM's and the CentOS host.}} {{Admon/note | Network Ports | When our CentOS system provides any services on a network, those services are accessible through a port number. All network services are configured to be accessed on a particular port number. By examining which ports are active on our system we can know what services (and points of attack) are available on our system. The ability to examine this information is important for troubleshooting network services and securing our systems. One great tool for this is the <code>netstat</code> command.}}|}# On your CentOS host execute the command: <b><code><span style="color:#3366CC;font-size:1.2em;">netstat -at</span></code></b>
# This command will list all active TCP ports. Note the state of your ports.
# TCP is a connection oriented protocol that uses a handshaking mechanism to establish a connection. Those ports that show a state of LISTEN are waiting for connection requests to a particular service. For example you should see the <code>'''ssh</code> ''' service in a LISTEN state as it is waiting for connections.# From one of your VM's login to your host using <code>'''ssh</code>'''
# On the CentOS host rerun the command and in addition to the LISTEN port it should list a 2nd entry with a state of ESTABLISHED. This shows that there is a current connection to your ssh server.
# Exit your ssh connection from the VM and rerun the command on the CentOS host. Instead of ESTABLISHED it should now show a state of CLOSE_WAIT. Indicating that the TCP connection is being closed.
# On your CentOS host try the command <b><code><span style="color:#3366CC;font-size:1.2em;">netstat -atn</span></code></b>. How is this output different?
# Without the <code>-n</code> option <code>netstat</code> attempts to resolve IP addresses to host names (using /etc/hosts) and port numbers to service names (using /etc/services)
# Examine the <code>'''/etc/services</code> ''' file and find which ports are used for the services: <code>'''ssh''', ftp'''sftp''', '''http</code>'''# Now execute the command <b><code><span style="color:#3366CC;font-size:1.2em;">netstat -au</span></code></b> What is the difference between <code>the options: '''-at</code> ''' and <code>'''-au</code>'''?
# When examining UDP ports why is there no state?
# Using the <code>netstat</code> man page and experimentation make sure you understand how the following options work. #* -at#* -au#* -atp#* -aup#* -atn#* -aun#* -autnp
'''Answer Part 3 observations / questions in your lab log book.'''
13,420
edits