3.1 DNS
DNS stands for Domain Name System, which is a distributed naming system used in the Internet to convert domain names into corresponding IP addresses.
On the Internet, every device (such as computer, server, router, etc.) is assigned a unique IP address for communicating on the network. However, the IP address is a string of numbers (such as 192.168.0.1), which is difficult to remember and identify. In order to simplify the Internet usage experience, the domain name system maps easy-to-remember domain names (such as www.example.com) to corresponding IP addresses.
The way DNS works is by sending domain name queries to a DNS server for resolution. When a user enters a domain name in a web browser, the computer will first send a query request to the local DNS server. If the local DNS server caches the IP address of this domain name, it will return that address directly. Otherwise, the local DNS server will send a query request to the root DNS server, and the root DNS server will instruct the local DNS server to continue querying the next-level DNS server, and finally find the DNS server responsible for managing the domain name. Once the IP address corresponding to the domain name is found, the local DNS server will return it to the user, and the user's device can establish a connection with the target server through this IP address.
In addition to resolving domain names into IP addresses, DNS also provides other functions, such as reverse resolution (converting IP addresses to domain names), mail server lookup (mapping email domain names to mail servers), etc.
In short, DNS is an important Internet infrastructure that allows users to access various resources on the Internet through easy-to-remember domain names, and is responsible for converting domain names into corresponding IP addresses in the background.
| record type | describe | Example |
|---|---|---|
| A | Map domain names to IPv4 addresses | example.com IN A 192.0.2.1 |
| AAAA | Map domain names to IPv6 addresses | example.com IN AAAA 2001:db8::1 |
| CNAME | Create an alias for a domain name | www.example.com IN CNAME example.com |
| MX | Specify the mail server that receives domain name mail | example.com IN MX 10 mail.example.com |
| NS | Authoritative name servers for the specified domain name | example.com IN NS ns1.example.com |
| TXT | Store arbitrary text information associated with a domain name | example.com IN TXT "Some text information" |
| SRV | Specify servers that provide specific services | _http._tcp.example.com IN SRV 10 0 80 www.example.com |
| SOA | Specify the authoritative server that manages the domain name | example.com IN SOA ns1.example.com admin.example.com |
3.2 SNMP
3.2.1 Introduction
SNMP stands for Simple Network Management Protocol. It is a protocol for network device management and monitoring that allows network administrators to remotely monitor and manage the performance, status, and configuration of network devices.
The main function of SNMP is to collect and manage information about network devices. It communicates with network devices through a network management system (NMS). SNMP defines a set of standard management objects and management information bases (MIBs). These MIBs contain various information about network devices, such as device status, performance indicators, configuration parameters, etc. The network device accesses this information through the SNMP agent program and sends this information to the NMS through the SNMP protocol.
SNMP uses a client-server model for communication. NMS acts as a client and sends SNMP requests to network devices (such as obtaining device information, modifying device configurations, etc.), while the SNMP agent on the network device acts as a server, receiving and responding to these requests. The SNMP protocol uses UDP as the transmission protocol, and usually uses port 161 for communication.
SNMP defines a set of basic operating commands for managing and monitoring network devices. Common operation commands include get (GET), set (SET), polling (GETNEXT), trap (TRAP), etc. Through these operation commands, administrators can obtain the status information and configuration parameters of the device, configure and modify the device, and receive alarm and event notifications sent by the device.
SNMP is a standard protocol widely used in network management. It enables network administrators to remotely monitor and manage network devices and achieve centralized management, troubleshooting and performance optimization of devices.
3.2.2 Windows environment deployment
First add the function on the Windows host. The steps are as follows:
Step 1. Right-click Start in the lower left corner and select "Settings".
Find and click "Apply".
Select " Apps & Features " in the left column and click " Optional Features " in the right column.
Click " Add Features " under Optional Features .
Enter " snmp " in the search box, then check " Simple Network Management Protocol (SNMP) ", and finally click " Install ".
Step 2
Search for " Service " in the lower left corner and open
Scroll down and find " SNMP Service "
Click SNMP, right-click, select Properties
Open: Security in the properties, and add the community " public " and select " Accept SNMP packets from any host " below, and then click OK.
This concludes the setup of the Windows host.
- Use the Snmpwalk command to test Windows hosts
The execution command is as follows:
snmpwalk -c public 169.254.218.205 -v 2c
snmpwalk -v 2c -c public 169.254.218.205
3.2.3 Deploying SNMP in CentOS environment
To set up an SNMP service on CentOS, you can follow the following steps:
1. Make sure the snmp package is installed on the CentOS system.
Check if it is installed using the following command:
rpm -qa | grep net-snmp
If there is no output, it means that the SNMP software package is not installed. It can be installed using the following command:
sudo vi /etc/snmp/snmpd.conf
2. Configure SNMP settings. Edit the main SNMP configuration file /etc/snmp/snmpd.conf, which can be opened with any text editor:
sudo vi /etc/snmp/snmpd.conf
In the file, you can configure settings such as SNMP community strings, allowed host access, and more. Make corresponding modifications as needed.
Start the SNMP service. Start the SNMP service using the following command:
sudo systemctl start snmpd
Specific steps are as follows:
- Install components using yum over the Internet
There are probably a few things that need to be installed:
yum install -y net-snmp
yum install -y net-snmp-devel
yum install -y net-snmp-libs
yum install -y net-snmp-perl
yum install -y net-snmp-utils
yum install -y mrtg
yum install -y net-snmp
yum install -y net-snmp-devel
yum install -y net-snmp-libs
yum install -y net-snmp-perl
yum install -y net-snmp-utils
yum install -y mrtg
Check if the installation is successful!
rpm -qa |grep snmp
- Start SNMP
Enter service snmpd startand use service snmpd statusto view service status.
- Configure SNMP
The command is as follows:
vi /etc/snmp/snmpd.conf
The configuration snmpd.conffile needs to be changed in four places (based on the default configuration):
(1) Configure snmp community name (default is public): com2sec notConfigUser default publicIt is recommended to change public to the community name you use (you can also leave it unchanged)
Add content:
Allow native access for testing community name is public
Will be com2sec notConfigUser default publicmodified to:com2sec notConfigUser 127.0.0.1 public
Allow the management host with IP address 192.168.18.133 to access the community with the name public (192.168.18.133 is the IP address of kali Linux)
com2sec notConfigUser 192.168.18.133 public
(2) access notConfigGroup "" any noauth exact systemview none nonewill changed toaccess notConfigGroup "" any noauth exact all none none
(3) Remove the comments in front of the following two lines:
# view all included .1 80
# view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
(4) Remove the comments in front of the following two lines
# access MyROGroup "" any noauth 0 all none none
# access MyRWGroup "" any noauth 0 all all all
After modifying the configuration file, save it.
- Restart service
The command is as follows:
systemctl start snmpd.service #启动SNMP服务
systemctl enable snmpd.service #开机启动SNMP服务
Check service status:
service snmpd status
>>
Redirecting to /bin/systemctl status snmpd.service
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmpd.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2023-06-08 17:55:45 CST; 31min ago
Main PID: 1171 (snmpd)
Tasks: 1
CGroup: /system.slice/snmpd.service
└─1171 /usr/sbin/snmpd -LS0-6d -f
6月 08 17:55:44 defense snmpd[1171]: /etc/snmp/snmpd.conf: line 77: Error:...ed
6月 08 17:55:44 defense snmpd[1171]: /etc/snmp/snmpd.conf: line 80: Error:...ay
6月 08 17:55:44 defense snmpd[1171]: /etc/snmp/snmpd.conf: line 81: Error:...ay
6月 08 17:55:44 defense snmpd[1171]: /etc/snmp/snmpd.conf: line 95: Error:...ay
6月 08 17:55:44 defense snmpd[1171]: /etc/snmp/snmpd.conf: line 96: Error:...ay
6月 08 17:55:44 defense snmpd[1171]: /etc/snmp/snmpd.conf: line 129: Error...id
6月 08 17:55:45 defense snmpd[1171]: /etc/snmp/snmpd.conf: line 130: Error...id
6月 08 17:55:45 defense snmpd[1171]: net-snmp: 8 error(s) in config file(s)
6月 08 17:55:45 defense snmpd[1171]: NET-SNMP version 5.7.2
6月 08 17:55:45 defense systemd[1]: Started Simple Network Management Prot.....
Hint: Some lines were ellipsized, use -l to show in full.
- verify
You can use a simple command to determine whether the snmp service has been started successfully:
netstat -ln | grep 161
>>
udp 0 0 0.0.0.0:161 0.0.0.0:*
6. Set up a firewall
The command is as follows:
- Turn off firewall
systemctl stop firewalld.service
- Disable firewall from starting at boot
systemctl disable firewalld.service
>>
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
- View default firewall status
firewall-cmd --state
>>
not running
- test
Using the SNMP v2c version, use the public SNMP community string ("public" in the example) to obtain the SNMP information of the local host.
Open kali Linux
Enter the following command in the terminal:
snmpwalk -v 2c -c public 192.168.18.142
Saw some SNMP data output about the system and network.
At this point, you have successfully set up the SNMP service and performed basic configuration. You can further customize the SNMP settings according to your specific needs, such as
Add more SNMP community strings, configure SNMP Trap, etc.
Please note that installing and configuring SNMP services involves system security and access control. It is recommended to carefully evaluate security requirements and take appropriate security measures.
Take measures to protect the system from potential security risks.
- Close snmp service :
systemctl stop snmpd 停止服务
systemctl disable snmpd 关闭服务
3.2.4 Purpose
With the rapid development of network technology, the continuous popularity of the network has also brought some problems to network management:
- The number of network devices is increasing exponentially, making it increasingly difficult for network administrators to manage the devices; at the same time, as a complex distributed system, the network's coverage area continues to expand, making it possible to monitor and control these devices in real time. Troubleshooting becomes extremely difficult.
- There are various types of network equipment, and different management interfaces (such as command line interfaces) provided by different equipment manufacturers make network management more and more complex.
In this context, SNMP emerged as the times require. SNMP is a network management standard protocol widely used in TCP/IP networks. This protocol can support network management systems to monitor whether there are any devices connected to the network that cause management concern. Case. Through the method of "using network management network":
- Network administrators can use the SNMP platform to complete information query, information modification, and troubleshooting at any node on the network, thereby improving work efficiency.
- Shielding the physical differences between devices, SNMP only provides the most basic set of functions, making management tasks independent of the physical characteristics and network types of the managed devices, thus enabling unified management of different devices and low management costs.
- The design is simple and the operation cost is low. SNMP adopts the design concept of "as simple as possible". The software/hardware added to the device, the types of messages and the format of the messages are all as simple as possible. Therefore, the impact of running SNMP on the device is as simple as possible. Costs are minimized.
The main reason why the SNMP service is not installed by default in Windows 10 is for security reasons.
The SNMP service itself is a powerful management tool that provides the ability to remotely access and manage network devices. However, it also presents some security risks. Opening SNMP services can lead to unauthorized access and potential security vulnerabilities. Attackers can exploit weaknesses in the SNMP protocol to obtain sensitive information, modify device configurations, or perform other malicious activities.
In Windows 10 1803 and later (1809, 1903, 1909, 2004), the SNMP service is considered deprecated and is not listed in the Control Panel list of Windows Features.
Due to the security risks associated with this protocol, Microsoft plans to completely remove the SNMP service in the next version of Windows. It is recommended to use the Common Information Model (CIM) supported by Windows Remote Management instead of SNMP. In the current version of Windows 10, the SNMP service is hidden.
3.2.5 Instructions
| Operation type | describe | Remark |
|---|---|---|
| Get | The Get operation can extract one or more parameter values from the Agent. | |
| GetNext | The GetNext operation can extract the next parameter value from the Agent in lexicographic order. | |
| Set | The Set operation can set one or more parameter values of the Agent. | |
| Response | The Response operation can return one or more parameter values. This operation is issued by Agent, which is the response operation of four operations: GetRequest, GetNextRequest, SetRequest and GetBulkRequest. After receiving the Get/Set command from the NMS, the Agent completes the corresponding query/modification operation through the MIB, and then uses the Response operation to return the information to the NMS. | |
| Trap | Trap information is information proactively sent by the Agent to the NMS to inform the management process of the situation on the device side. | |
| GetBulk | The GetBulk operation implements NMS's information group query for managed devices. | SNMPv1 version does not support GetBulk operation |
| Inform | InformRequest is also the managed device actively sending alarms to the NMS. Different from Trap alarms, after the managed device sends an Inform alarm, the NMS needs to reply with an InformResponse for confirmation. | The SNMPv1 version does not support the Inform operation. |
3.3 SMTP
3.3.1 Introduction
SMTP stands for Simple Mail Transfer Protocol. It is a standard protocol for email transmission, used to send and receive emails. The SMTP protocol defines the transmission method and exchange format of email on the network.
The SMTP protocol works by establishing a connection to an email server to transmit email. The sender uses an SMTP client to send the email to the email server, which then forwards the email to the recipient's email server. The recipient receives email from its own mail server using POP3 (Post Office Protocol 3) or IMA (Internet Mail Access Protocol).
The SMTP protocol uses the TCP/IP network for communication, and port 25 is used by default. It defines a series of command and response rules for establishing connections, authenticating identities, transmitting messages, and handling errors. The SMTP protocol also supports the transmission of email metadata such as attachments, multiple recipients and CCs, subject and body.
It should be noted that the SMTP protocol is only responsible for the transmission of emails, not the format, security, or storage of emails. this
Some aspects are handled by other protocols and technologies such as MIME and SSL/TLS.
3.3.2 CentOS environment deployment
If you want to set up an SMTP server on CentOS to send emails, you can follow the steps below:
- Install and configure the Mail Transfer Agent (MTA). On CentOS, the commonly used MTA software is Postfix. Install Postfix using the following command:
sudo yum install postfix
- Configure Postfix. Edit Postfix’s main configuration file /etc/postfix/main.cf, which can be opened with any text editor:
sudo vi /etc/postfix/main.cf
According to your needs, you can modify the following configuration parameters:
myhostname:Set your hostname or domain name.
mydomain:Set your domain name.
myorigin: Set the sender domain name of the email.
mydestination: Set the target domain name of the email.
mynetworks: Set the network segment allowed to use SMTP service.
Save and close the file.
- Start the Postfix service. Start the Postfix service using the following command:
sudo systemctl start postfix
You can also set it to start automatically at boot:
udo systemctl enable postfix
- Verify that the SMTP server is working properly. You can use command line tools (such as telnet) to test SMTP server connectivity. Here is an example command:
telnet localhost 25
This will connect to port 25 (SMTP port) of localhost. You can execute SMTP commands (such as HELO, MAIL FROM, RCPT TO) to simulate the process of sending emails.
If everything goes well, you have successfully set up the SMTP server. You can configure SMTP settings in your application or mail client to use your SMTP server to send emails.
Please note that configuring an SMTP server involves mail transport and network security, and it is recommended to carefully evaluate security needs and take appropriate security measures to protect the server from potential spam or abuse. In addition, in order to improve email deliverability, proper anti-spam configuration and domain verification settings are required.
Specific steps are as follows:
- Install Postfix
yum -y install postfix
- Start postfix service
systemctl start postfix
- Set up auto-start at boot
systemctl enable postfix
- Check whether the service started successfully
netstat -tnlp | grep :25
- Change hostname
The default name of the CentOs host localhost.localdomainis changed here test.com. The specific operations are:
Step 1: Modify /etc/sysconfig/networkthe file
Add or modify:NETWORKING=yes HOSTNAME=test.com
Open terminal:
Go to cd /etc/sysconfigfolder
View current filels
Modify networkconfiguration file
vi network
Add or modify:
NETWORKING=yes
HOSTNAME=test.com
Step 2: Modify /etc/hoststhe file and add node mapping
vi /etc/hosts
127.0.0.1 localhost test.com
:1 localhost test.com
Step 3: Modify /etc/hostnamethe file, delete all text in the file, and addtest.com
vi /etc/hostname
Step 4: Reboot and verify
reboot -f (强制重启)
After restarting, enter hostnamethe command in the terminal to view
Successfully modified
3. Configure Postfix
/etc/postfix/main.cfThe main configuration that can be changed by modifying the main configuration file Postfixis as follows. Make changes to the main configuration file of Postfix as follows.
vi /etc/postfix/main.cf
myhostname=mail.test.com
mydomain=test.com
myorigin=$mydomain
mydestination = $myhostname, localhost.$mydomain, localhost,$mydomaininet
interfaces = all
home_mailbox = Maildir/
4. Use Postfix to send letters
yum -y install telnet
telnet 0 25
helo mail.test.com //向服务器表明身份
mail from:[email protected] //设置寄件人
rcpt to:[email protected] //设置收件人
data //编辑文本内容
Quit //退出
- Install remote client
yum -y install telnet
- Login client
telnet 0 25
- Common response codes and their meanings are shown in the table:
| response code | illustrate |
|---|---|
| 220 | Server ready |
| 250 | The requested email operation is completed |
| 354 | Start email input and end with "," |
| 450 | The requested email operation was not completed and the mailbox is unavailable |
| 452 | The system has insufficient storage and the requested operation was not performed. |
| 454 | Temporary authentication failed and the account may have been temporarily frozen. |
| 550 | The requested email operation was not completed and the mailbox is unavailable |
- The specific usage of basic SMTP commands and other commonly used SMTP commands are as shown in the table:
| Order | illustrate |
|---|---|
| helo/ehlo client hostname | Identify yourself to the server |
| mail from: sender's email address | Set sender identity |
| rcpt to:recipient email | Set the recipient's email address. If you need to send the email to multiple people, you can reuse this command to set multiple recipient addresses. |
| data | Use this command to start typing the email body and end it with . |
| vrfy email address | Verify whether the specified mailbox exists. Considering security issues, this command is generally disabled. |
| nope | No operation, requiring the server to return an OK response, generally used for testing |
| rset | Reset session, cancel current transfer |
- Identify yourself to the server
helo mail.test.com 按Enter键
- Set sender identity
mail from:[email protected] 按Enter键
- Set recipient email address
rcpt to:[email protected] 按Enter键
- Use
datathe command to start typing the body of the email
Dear Yang, how are you doing recently? Recently I often think of our sweet time together, do you still remember me? No matter what the future holds, please remember that you will always be my best friend. Looking forward to your reply.
Press "Enter key. Enter key", enter "quit", and exit.
Screenshot below:
Information received by QQ mailbox:
If your mail server is protected by a firewall, please open TCP port 25 first. Once the test is complete, you should see the test email in the recipient's inbox.
3.4 TCP/UDP
| TCP | UDP | |
|---|---|---|
| connect | connection oriented | no connection |
| reliability | Reliable transmission, providing error detection and retransmission mechanisms | Unreliable transmission, no error detection and retransmission mechanism provided |
| Orderliness | Provides guarantees that packets will be delivered in order | There is no guarantee that packets will be delivered in order |
| Initial overhead | The header is large (at least 20 bytes) and contains control information such as sequence number and confirmation number. | The header is small (at least 8 bytes) and only contains basic information such as source port and destination port. |
| Transmission efficiency | The transmission efficiency is low due to the overhead of connection management, retransmission and other mechanisms. | The transmission efficiency is high and no connection management and retransmission mechanisms are required. |
| Applicable scene | Suitable for applications with high reliability requirements, such as file transfer, web browsing, email, etc. | Suitable for applications with high real-time requirements and tolerable packet loss, such as audio/video streaming, DNS query, etc. |
| Sample protocol | HTTP、FTP、SMTP、SSH等 | DNS、DHCP、TFTP、SNMP等 |
This table briefly compares the differences between TCP and UDP in terms of connection, reliability, orderliness, header overhead, transmission efficiency, and applicable scenarios. Please note that each protocol has its own advantages and applicable scenarios, and the specific use depends on application requirements and design considerations.