Linux Fundamentals Certification Training

Module 1: Overview of Linux

Case Study III - Solution

© Brain4ce Education Solutions Pvt. Ltd.

Module 1 – Overview of Linux

Case Study

Problem Statement

Domain: Networking
OS: Linux
Focus: Development

Networking

Tina brought her own laptop.

• Please help them to build a private network between her and Tom’s laptops.
• Sometime, Tom and Tina like to work on each other’s system from their own laptop. Please
guide them about remote log-in. Please explain them about pros and cons of SSH and Telnet.
• Sometimes they want to share their files with each other over network. Please provide them
various alternatives like FTP, TFTP, SCP and SFTP etc with their relative advantages
• They noticed that none of the alternatives worked for them. Please introduce them about
various troubleshooting tools at Linux. It can be, wireshark, tcpdump, netstat command etc.
• Also explain them, the relevance and importance of opening of a specific port at firewall to run
any server.
• Now they got Internet connectivity and they are about to connect both laptop to Internet.
Explain them about possible DoS attack (and its remedy) if any port is open in the system.

Approach to solve:

• Connect Tom and Tina by lan cable or by wireless.

• Run command “ifconfig” to find if they are in same subnet.
• Try ping to other machines.
• If ping is successful then a connection is established.
• Let them communicate via ftp, scp , ssh, etc.
Module 1 – Overview of Linux

Solution

• Check IP subnet.
• Check if masking and subnet are proper.

• Ping the other machine and confirm for connection.

Module 1 – Overview of Linux

• Use ssh to login into the other machine from host machine.
Module 1 – Overview of Linux

• Use scp or ftp to transfer files.

FTP, SFTP, SCP, TFTP

Protocol Secure TCP/UDP Port

FTP File Transfer Protocol No TCP 21

TFTP Trivial File Transfer Protocol No UDP 69
SFTP Secure File Transfer Protocol Yes TCP 22
SCP Secure copy Protocol Yes TCP 22

FTP is a used to transfer files between hosts and or servers. One computer acts as the server to
store information and the other acts as the client to send or request files from the server. The
FTP client will usually authenticate itself with the FTP server by sending over a username and a
password.

TFTP is a simpler version of FTP. TFTP does not require any type of authentication. It also uses
UDP, the data sent is less reliable but is marginally faster than going over TCP.
TFTP can be easily implemented by small footprint code.

SFTP protocol is packet-based instead of text-based. Since SFTP runs over SSH, it is inherently
secure. Where FTP might send a command such as “DELE file.txt,” SFTP would send a binary 0xBC
and then “file.txt.” The key difference is that by sending less data, the SFTP protocol is faster over
the long-term as less data is crossing the wire.

SCP also uses the same SSH encryption and authentication as SFTP, however it is slightly faster.
the SCP client opens an SSH connection to the source host and requests that it, in turn, open an
SCP connection to the destination.
Wireshark, Tcpdump, netstat
Module 1 – Overview of Linux

• If packet is not received by the destination system then use one of the above command to debug
it.
• Use netstat command like netstat -l to check if your program is listening to a particular socket or
not.

• To check if packets are passing or not use tcpdump.

• Tcpdump is a CLI tool. You can run it remotely in an ssh session, it accepts a lot of filters and
allows you to display data about packets going in and out of an interface.
Module 1 – Overview of Linux

• Wireshark is a gui tool, you have a nice window and, like tcpdump, it allows you to capture (or
look at recorded captures) packets going in and out of an interface. You can apply filters to
capture and also collapse fields you don’t care about while examining a packet.

• The netstat command is a Command Prompt command used to display very detailed information
about how your computer is communicating with other computers or network devices. It helps in
monitoring network connections both incoming and outgoing as well as viewing routing tables,
interface statistics etc.

Opening a specific port for a functionality: Advantages and Risk:

• Moving SSH off the default port of 22 will deter some of the non-targeted and amateur script
type attacks.
• Some of these ports (the first 1,024) are fixed – a pre-determined standard that helps core
applications to communicate across the globe.
• Each port corresponds to a different application.
• there are 65,536 ports in total available to use.
• Ports are blocked by default on routers.
• This is an essential security feature, and prevents malicious requests from reaching all the core
services which may be running on your computers.
• The daemon that is listing on a port, could be vulnerable to a buffer overflow, or another
remotely exploitable vulnerability.
• Open ports may reveal information about the system or network architecture.
• At open ports, even if the requests are invalid, still process incoming traffic. Denial of service
results from finding a way to commit a port.