CONTENTS |
Networking varies greatly from installation to installation. Some installations, such as highly centralized and isolated systems that have only ASCII terminals connected to the system, require the system administrator to pay very little attention to networking. Other installations, such as highly distributed environments in which thousands of systems are connected to a network that may span many geographic sites, may require the system administrator to pay a great deal of attention to networking. In this second scenario, the amount of time a system administrator devotes to networking may exceed the amount of time spent on all other system administration functions combined! Rather than ignoring networking altogether, as the first system administrator might, or covering all aspects of network administration, as the second system administrator may require, I cover in this chapter the aspects of networking that apply to most UNIX systems. This content is based on my experience of working in a variety of new UNIX installations. If you require more networking background than I cover in this chapter, I recommend the following book as an excellent source of networking information - UNIX Networks by Bruce H. Hunter and Karen Bradford Hunter (Prentice Hall, ISBN 0-13-08987-1).
In this chapter, I provide primarily background rather than setup information on many networking topics, because setup is predominantly performed by system administrators. Most of what I cover is sometimes called "Internet Services." In general, I am going to cover the basics of networking in this chapter. This includes ARPA and Berkeley Services. Here is a list of topics I cover:
General UNIX networking background
Internet Protocol (IP) addressing (classes A, B, and C)
Subnet mask
ARPA Services
Berkeley commands
Host name mapping
Network File System (NFS) background
UNIX networking commands
I provide summaries and examples of many UNIX commands in this chapter. A great deal more detail can be found in the manual pages for these commands. I provide the full manual pages at the end of this chapter for many of the commands covered.
I use a variety of systems in the examples in this chapter, including Solaris, AIX, andHP-UX.
Connecting to other machines is an important part of every UNIX network. This means connecting to other UNIX machines as well as to non-UNIX machines. The machines must be physically connected to one another as well as functionally connected to one another, so that you can perform such tasks as transferring files and logging into other systems. Many commands exist on your UNIX system that provide you with the functionality to log in and transfer files between systems. These are known as the ARPA commands, telnet and ftp.
The telnet command allows remote logins in a heterogeneous environment. From your UNIX system, for instance, you can telnet to non-UNIX systems and log in. After login on the remote system, you need to have an understanding of the operating system running on that system. If you need to connect to a different computer only for the purpose of transferring files to and from the system, then you can use ftp. This command allows you to transfer files between any two systems without having an understanding of the operating system running on the remote system.
These commands are somewhat primitive compared to the commands that can be issued between UNIX systems. To UNIX systems, networking is not an afterthought that needs to be added on to the system. The ftp and telnet commands come with your UNIX system, as well as more advanced commands and functionality that you can use to communicate between your UNIX system and other UNIX systems. These more advanced commands, known as Berkeley commands, allow you to perform many commands remotely, such as copying files and directories and logging in. This functionality continues to increase to the point where you are working with files that can be stored on any system on the network, and your access to these files is transparent to you with the Network File System (NFS).
Let's take a look at some of the basics of UNIX networking.
In order to understand how the networking on your UNIX system works, you first need to understand the components of your network that exist on your UNIX system. Seven layers of network functionality exist on your UNIX system, as shown in Figure 16-1. I cover the bottom four layers at a cursory level so that you can see how each plays a part in the operation of your network and, therefore, be more informed when you configure and troubleshoot networking on your UNIX system. The top layers are the ones that most UNIX system administrators spend time working with because those layers are closest to the functionality to which you can relate. The bottom layers are, however, also important to understand at some level, so that you can perform any configuration necessary to improve the network performance of your system, which has a major impact on the overall performance of your system.
I start reviewing Figure 16-1 at the bottom with layer 1 and then describe each of the four bottom layers. This is the International Standards Organization Open Systems Interconnection (ISO/OSI) model. It is helpful to visualize the way in which networking layers interact.
The beginning is the physical interconnection between the systems on your network. Without the physical layer, you can't communicate between systems, and all the great functionality you would like to implement is not possible. The physical layer converts the data you would like to transmit to the analog signals that travel along the wire (I'll assume for now that whatever physical layer you have in place uses wires). The information traveling into a network interface is taken off the wire and prepared for use by the next layer.
In order to connect to other systems local to your system, you use the link layer that is able to establish a connection to all the other systems on your local segment. This is the layer where you have either IEEE 802.3 or Ethernet. Your UNIX system supports both of these "encapsulation" methods. This is called encapsulation because your data is put in one of these two forms (either IEEE 802.3 or Ethernet). Data is transferred at the link layer in frames (just another name for data), with the source and destination addresses and some other information attached. You might think that because two different encapsulation methods exist, they must be very different. This assumption, however, is not the case. IEEE 802.3 and Ethernet are nearly identical. For this reason, many UNIX systems can handle both types of encapsulation. So with the bottom two layers, you have a physical connection between your systems and data that is encapsulated into one of two formats with a source and destination address attached. Figure 16-2 lists the components of an Ethernet encapsulation and makes comments about IEEE802.3 encapsulation where appropriate:
One interesting item to note is the difference in the maximum data size between IEEE 802.3 and Ethernet of 1492 and 1500 bytes, respectively. This is the Maximum Transfer Unit (MTU). The ifconfig command covered shortly displays the MTU for your interface. The data in Ethernet is called a frame (the re-encapsulation of data at the next layer up is called a datagram in IP, and encapsulation at two levels up is called a packet for TCP).
Keep in mind that Ethernet and IEEE 802.3 will run on the same physical connection, but there are indeed differences between the two encapsulation methods. With your UNIX systems, you don't have to spend much, if any, time setting up your network interface for encapsulation.
Next we work up to the third layer, which is the network layer. This layer on UNIX systems is synonymous with the Internet Protocol (IP). Data at this layer is transported as datagrams. This is the layer that handles the routing of data around the network. Data that gets routed with IP sometimes encounters an error of some type, which is reported back to the source system with an Internet Control Message Protocol (ICMP) message. We will see some ICMP messages shortly. ifconfig and netstat are two UNIX commands that are commonly used to configure this routing.
Unfortunately, the information that IP uses does not conveniently fitinside an Ethernetframe, soyouend up with fragmented data. This is really re-encapsulation of the data, so you end up with a lot of inefficiency as you work your way up the layers.
IP handles routing in a simple fashion. If data is sent to a destination connected directly to your system, then the data is sent directly to that system. If, on the other hand, the destination is not connected directly to your system, the data is sent to the default router. The default router then has the responsibility of getting the data to its destination. This routing can be a little tricky to understand, so I'll cover it in detail shortly.
The trasport level is the next level up from the network layer. It communicates with ports. TCP is the most common protocol found at this level, and it forms packets that are sent from port to port. The port used by a program is usually defined in /etc/services, along with the protocol (such as TCP). These ports are used by network programs such as telnet, rlogin, ftp, and so on. You can see that these programs, associated with ports, are the highest level we have covered while analyzing the layer diagram.
The Internet Protocol address (IP address) is either a class "A," "B," or "C" address (there are also class "D" and "E" addresses I will not cover). A class "A" network supports many more nodes per network than either a class "B" or "C" network. IP addresses consist of four fields. The purpose of breaking down the IP address into four fields is to define a node (or host) address and a network address. Figure 16-3 summarizes the relationships between the classes and addresses.
These bit patterns are significant in that the number of bits defines the ranges of networks and nodes in each class. For instance, a class A address uses 8 bits to define networks, and a class C address uses 24 bits to define networks. A class A address therefore supports fewer networks than a class C address. A class A address, however, supports many more nodes per network than a class C address. Taking these relationships one step further, we can now view the specific parameters associated with these address classes in Figure 16-4.
A class "B" address has the first bit set to a 1 and the second bit to a 0. More networks are supported here than with a class A address, but fewer nodes per network. With a class B address, 2 bytes are devoted to the network portion of the address and 2 bytes devoted to the node portion of the address.
These addresses are used in various setup files that are covered later when the /etc/hosts file is described. Every interface on your network must have a unique IP address. Systems that have two network interfaces must have two unique IP addresses.
Your UNIX system uses the subnet mask to determine whether an IP datagram is for a host on its own subnet, a host on a different subnet but the same network, or a host on a different network. Using subnets, you can have some hosts on one subnet and other hosts on a different subnet. The subnets can be separated by routers or other networking electronics that connect the subnets.
To perform routing, the only aspects of an address that your router uses are the net and subnet. The subnet mask is used to mask the host part of the address. Because you can set up network addresses in such a way that you are the only one who knows which part of the address is the host, subnet, and network, you use the subnet mask to make your system aware of the bits of your IP address that are for the host and which are for the subnet.
In its simplest form, what you are really doing with subnet masking is specifying which portion of your IP address defines the host, and which part defines the network. One of the most confusing aspects of working with subnet masks is that most books show the subnet masks in Figure 16-5 as the most common.
This way of thinking, however, assumes that you are devoting as many bits as possible to the network and as many bits as possible to the host, and that no subnets are used. Figure 16-6 shows an example of using subnetting with a class B address.
In Figure 16-6, the first two bytes of the subnet mask (255.255) define the network, the third byte (255) defines the subnet, and the fourth byte (0) is devoted to the host ID. Although this subnet mask for a class B address did not appear in the earlier default subnet mask figure, the subnet mask of 255.255.255.0 is widely used in class B networks to support subnetting.
How does your UNIX system perform the comparison using the subnet mask of 255.255.255.0 to determine that 152.128.12.1 and 152.128.13.1 are on different subnets? Figure 16-7 shows this comparison.
Figure 16-8 shows these two systems on the different subnets:
You don't have to use the 8-bit boundaries to delineate the network, subnet, and host ID fields. If, for instance, you want to use part of the subnet field for the host ID, you can do so. A good reason for this approach would be to accommodate future expandability. You might want subnets 12, 13, 14, and 15 to be part of the same subnet today and make these into separate subnets in the future. Figure 16-9 shows this setup:
These systems are connected to the same subnet, even though part of the third byte, normally associated with the subnet, is used for the host ID. In the future, the subnet mask could be changed to 255.255.252.0 and have four separate subnets of 12, 13, 14, and 15. This arrangement would require putting routers in place to route to these separate subnets.
Let's now switch to a higher levels of the ISO/OSI model and look at some networking functionality.
The ISO/OSI model is helpful for visualizing the way in which the networking layers interact. The model does not, however, tell you how to use the networking. Two widely used networking services that may be running on your system(s) and are worth taking a look at are ARPA and NFS.
The first networking product to try on your system is what is sometimes called ARPA Services - what I have been calling ARPA. ARPA is a combination of "ARPA Services" and "Berkeley Services." ARPA Services supports communications among systems running different operating systems, and Berkeley Services supports UNIX systems. The following sections are a list of the most common ARPA and Berkeley commands. Although many programs can be run under each of these services, the following are the most commonly used ones in the UNIX world. In some cases, there are examples that show how these commands are used. For most of the examples, the local host is system1 and the remote host is system2.
File Transfer Protocol (ftp) Transfer a file, or multiple files, from one system to another. This is often used when transferring files between a UNIX workstation and a Windows PC, VAX, etc. The following example shows copying the file /tmp/krsort.c from system2 (remote host) to the local directory on system1 (local host):
Comments | |
---|---|
$ ftp system2 | Issue ftp command |
Connected to system2. | |
system2 FTP server (Version 4.1) ready. | |
Name (system2:root): root | Log in to system2 |
Password required for root. | |
Password: | Enter password |
User root logged in. | |
Remote system type is UNIX. | |
Using binary mode to transferfiles. | |
ftp> cd /tmp | cd to /tmp on system2 |
CWD command successful | |
ftp> get krsort.c | Get krsort.c file |
PORT command successful | |
Opening BINARY mode data connection for krsort.c | |
Transfer complete. | |
2896 bytes received in 0.08 seconds | |
ftp> bye | Exit ftp |
Goodbye. | |
$ |
In this example, both systems are running UNIX; however, the commands you issue through ftp are operating system-independent. The cd for change directory and get commands used above work for any operating system on which ftp is running. If you become familiar with just a few ftp commands, you may find that transferring information in a heterogeneous networking environment is not difficult.
Chances are that you are using your UNIX system(s) in a heterogeneous environment and may therefore use ftp to copy files and directories from one system to another. Because ftp is so widely used, I will describe some of the more commonly used ftp commands:
ascii | Set the type of file transferred to ASCII. This means that you are transferring an ASCII file from one system to another. This is usually the default, so you don't have to set it. Example: ascii |
binary | Set the type of file transferred to binary. This means that you are transferring a binary file from one system to another. If, for instance, you want to have a directory on your UNIX system that holds applications that you copy to non-UNIX systems, then you want to use binary transfer. Example: binary |
cd | Change to the specified directory on the remote host. Example: cd /tmp |
dir | List the contents of a directory on the remote system to the screen or to a file on the local system, if you specify a local file name. |
get | Copy the specified remote file to the specified local file. If you don't specify a local file name, then the remote file name will be used. |
lcd | Change to the specified directory on the local host. Example: lcd /tmp |
ls | List the contents of a directory on the remote system to the screen or to a file on the local system, if you specify a local file name. |
mget | Copy multiple files from the remote host to the local host. Example: mget *.c |
put | Copy the specified local file to the specified remote file. If you don't specify a remote file name, then the local file name will be used. Example: put test.c |
mput | Copy multiple files from the local host to the remote host. Example: mput *.c |
bye/quit | Close the connection to the remote host. Example: bye |
Other ftp commands are available in addition to those I have covered here. If you need more information on these commands or wish to review additional ftp commands, the UNIX manual pages for ftp are helpful.
telnet | Used for communication with another host using the telnet protocol. Telnet is an alternative to using rlogin, described later. The following example shows how to establish a telnet connection with the remote host, system2: |
Comments | |
---|---|
$telnetsystem2 | |
Connected to system2. | Telnet to system2 |
AIX version 4 system2 | |
login: root | Log in asrooton system2 |
password: | Enter password |
Welcome to system2. - rs6000 aix 4.3.1.0 | |
$ | AIX prompt on system2 |
This program is used to copy files and directories from one UNIX system to another. To copy /tmp/krsort.c from system1 to system2, you could do the following:
$ rcp system2:/tmp/krsort.c /tmp/krsort.c
Some networking configuration needs to be made to files in order to get this level of functionality. In this example, the user who issues the command is considered "equivalent" on both systems and has permission to copy files from one system to the other with rcp (These terms are described shortly).
Supports login to a remote UNIX system. To remotely log in to system2 from system1, you would do the following:
$ rlogin system2 password: Welcome to system2 $
If a password is requested when the user issues the rlogin command, the users are not equivalent on the two systems. If no password is requested, then the users are indeed equivalent. You can also issue rlogin system -l user to specify the system and user as part of the command.
With the remsh command, you can sit on one UNIX system and issue a command to be run remotely on a different UNIX system and have the results displayed locally. In this case, a remsh is issued to show a long listing of /tmp/krsort.c. Thecom-mand is run on system2, but the result is displayed on system1, where the command was typed:
$ remsh system2 ll /tmp/krsort.c -rwxrwxrwx 1 root sys 2896 Sept 1 10:54 /tmp/krsort.c $
In this case, the users on system1 and system2 must be equivalent, or else permission is denied to issue this command.
Find out who is logged in on a remote UNIX system. Here is the output of issuing rwho:
$ rwho root system1:ttyu0 Sept 1 19:21 root system2:console Sept 1 13:17 tomd system2:ttyp2 Sept 1 13:05 | | | | |> time of login | | | |> day of login | | | | | |> terminal line | |> machine name | |> user name
For rwho to work, the rwho daemon (rwhod) must be running.
Other "r" commands, in addition to those covered, are available. Also, variations of these commands occur going from one UNIX variant to another, so you may not run exactly the same "r" command on your UNIX system.
The most important decision related to networking is how host name mapping is implemented on your system in ARPA. Three techniques are available for host name mapping:
Berkeley Internet Named Domain (BIND)
Network Information Service (NIS)
UNIX file /etc/hosts
The most common and simplest way to implement host name mapping is with /etc/hosts, so I cover this technique in the next section. Keep in mind that there are probably networking manuals for your UNIX variant devoted to many networking topics, including NFS, ARPA, and others. These manuals serve as good reference material if you need to know more about networking than is covered here.
Using the /etc/hosts file, as you are about to see, becomes very difficult for environments where there are many systems deployed. With this solution there is one /etc/hosts file that must be kept up-to-date and propagated to all other systems.
The Domain Name System (DNS) iswidely usedin large environments. DNS uses Berkeley Internet Name Domain Service (BIND) to resolve names to addresses. There are name servers that fill a request for name data. This is the server side to BIND. There is a client side to BIND, called the resolver, that accesses the name server(s) to resolve names. Using this client/server model, it is much easier to maintain naming information, because it only needs to be kept in a few places, as opposed to on each system.
Clients use a file called /etc/resolv.conf to configure the resolver. The name server and its corresponding address are the keys to resolving information.
This solution makes it much easier to maintain system names and addresses in large environments. DNS and BIND are primarily a system administration exercise to setup. From a user standpoint, you don't need to know much about them. What I will instead focus on in the upcoming sections are some of the programs in which users are more interested. I will supply some background so that the way in which the programs are used has more meaning. In general, though, I'll concentrate on the user aspect of these networking topics, as opposed to the system administration aspect of them.
This file contains information about the other systems to which you are connected. It contains the Internet address of each system, the system name, and any aliases for the system name. If the /etc/hosts file is modified to contain the names of the systems on your network, they have provided the basis for rlogin to another system. Although you can now rlogin to other UNIX systems, you cannot yet rcp or remsh to another system. Although adding remsh and rcp functionality is easy, it does indeed compromise security, so it is not always set up on all systems. Here is an example /etc/hosts file:
127.0.0.1 | localhost | loopback |
15.32.199.42 | a4410827 | |
15.32.199.28 | a4410tu8 | |
15.32.199.7 | a4410922 | |
15.32.199.21 | a4410tu1 | |
15.32.199.22 | a4410tu2 | |
15.32.199.62 | a4410730 | |
15.32.199.63 | hpxterm1 | |
15.32.199.64 | a4410rd1 | |
15.32.199.62 | a4410750 | hp1 |
This file is in the following format:
<internet_address> <official_hostname> <alias>
The Internet Protocol address (IP address) is a class "A," "B," or "C" address. A class "A" network supports many more nodes per network than either a class "B" or "C" network. The purpose of breaking down the IP address into four fields is to define a node (or host) address and a network address. Figures 16-3 through 16-6 described these classes in detail.
Assuming that the above /etc/hosts file contains class "C" addresses, the rightmost field is the host or node address, and the other three fields comprise the network address.
You could use either the official_hostname or alias from the /etc/ hosts file when issuing one of the ARPA or Berkeley commands described earlier. For instance, either of the following ARPA commands work:
$ telnet a4410750 or $ telnet hp1
Similarly, either of the following Berkeley commands works:
$ rlogin a4410750 or $ rlogin hp1
Your system may be setup so users don't have to issue a password when they rlogin to a remote system, they can set up equivalent hosts by editing this file. As I mentioned earlier, this is technique sometimes considered a security risk, so it is not always employed. The login names must be the same on both the local and remote systems for /etc/hosts.equiv to allow the user to bypass entering a password. You can either list all the equivalent hosts in /etc/ hosts.equiv or list the host and user name you wish to be equivalent. Users can now use rcp and remsh, because they are equivalent users on these systems. I usually just enter all the host names on the network. Here is an example of /etc/hosts.equiv:
a4410730
a4410tu1
a4410tu2
hpxterm1
a4410827
a4410750
Keep in mind the potential security risks of using /etc/ hosts.equiv. If a user can log into a remote system without a password, you have reduced the overall level of security on your network. Even though users may find it convenient to not have to enter a password when logging into a remote system, you have given every user in /etc/hosts.equiv access to the entire network. If you could ensure that all the permissions on all the files and directories on all systems were properly set up, then you wouldn't care who had access to what system. In the real UNIX world, however, permissions are sometimes not what they are supposed to be. Users have a strong tendency to "browse around," invariably stumbling upon a file they want to copy to which they really shouldn't have access.
This file is the /etc/hosts.equiv for superuser. If you log in as root, you want to have this file configured with exactly the same information as /etc/hosts.equiv. If you do, however, you have compounded your network security risk by allowing superuser on any system to log in to a remote system without a root password. If you are the undisputed ruler of your network and you're 100 percent certain that no security holes exist, then you may want to set up /.rhosts so that you don't have to issue a password when you log in remotely to a system as superuser. From a security standpoint, however, you should know that this setup is frowned upon.
If the appropriate changes have been made to the appropriate entries in /etc/hosts, /etc/hosts.equiv, and/.rhosts, you can use the ARPA Services commands ftp and telnet, as well as theBerkeley commands rcp, rlogin, remsh, and rwho.
I have described the process of setting up the appropriate files to get the most commonly used ARPA Services up and running. There is sometimes even more advanced functionality, such as DNS/BIND, required. You system may have DNS/BIND or similar functionality set up that gives you access to some or all of the commands covered throughout this section.
NFS allows you to mount disks on remote systems so that they appear as though they are local to your system. Similarly, NFS allows remote systems to mount your local disk so that it looks as though it is local to the remote system. Configuring NFS to achieve this functionality is simple. Here are the steps to go through in order to configure NFS:
Start NFS.
Specify whether your system will be an NFS Client, NFS Server, or both.
Specify which of your local file systems can be mounted by remote systems.
Specify the remote disks you want to mount and view as if they were local to your system.
As with ARPA, you could enable other aspects to NFS, but again, I cover what I know to be the NFS functionality that nearly every UNIX installation uses.
Because NFS may be setup on your system to meet the needs of many users, you may want to understand the terminology associated with NFS. The following are commonly used NFS terms:
Node | A computer system that is attached to or is part of a computer network. |
Client | A node that requests data or services from other nodes (servers). |
Server | A node that provides data or services to other nodes (clients) on the network. |
File System | A disk partition or logical volume. |
Export | Makes a file system available for mounting on remote nodes using NFS. |
Mount | Accesses a remote file system using NFS. |
Mount Point | The name of a directory on which the NFS file system is mounted. |
Import | Mounts a remote file system. |
Some of the specific configuration tasks and related files are different among UNIX variants. The following are some general tasks and examples related to configuring NFS. Your system administrator, of course, has to deal with the specifics of configuration on the UNIX variants.
Your system must be an NFS client, NFS server, or both. There are also daemons which must be running to support NFS. Both of these tasks are performed somewhat differently among the UNIX variants.
Your system then imports remote file systems to which you have local access and exports local file systems that are accessed by other systems.
A remote file system that you are mounting locally has an entry similar to the one that follows in /etc/fstab, /etc/vfstab, /etc/ filesystems, or whatever file is used to mount file systems:
system2:/opt/app3 /opt/app3 nfs rw,suid 0 0
In this case, we are mounting /opt/app3 on system2 locally as /opt/app3. This is an NFS mount with the permissions shown.
You can use the showmount command to show all remote systems (clients) that have mounted a local file system. This command is supported on most UNIX variants. showmount is useful for determining the file systems that are most often mounted by clients with NFS. The output of showmount is particularly easy to read, because it lists the host name and the directory that was mounted by the client. You have the three following options to the showmount command:
-a prints output in the format "name:directory"
-d lists all the local directories that have been remotely mounted by clients
-e prints a list of exported file systems
Setting up a network is an intensive planning exercise for both network and system administrators. No two networking environments are alike. There is typically a lot of networking electronics to which your system is connected. There are many useful commands related to testing connectivity to other systems and networking configuration. Should you encounter a problem, you want to have an understanding of some networking commands that can be lifesavers. In addition, you can encounter some tricky aspects to networking setup if you have some networking hardware that your UNIX systems must interface to, such as routers, gateways, bridges, etc. I give an example of one such case: connecting a UNIX system to a router. At the same time, I cover some of the most handy networking commands as part of this description.
Consider Figure 16-10, in which a UNIX system is connected directly to a router.
Here we have a UNIX system connected to segment 128.185.61. This is a class "B" Internet address with subnetting enabled.
The /etc/hosts file needs to have in it the UNIX system with node ID 2, the router, and any other systems on this segment or segments on the other side of the router.
If the router is properly configured, we should be able to seamlessly connect from 61 to systems on segments 60, 62, and 63. The router should be configured to allow our system to connect to systems on other segments (60, 62, and 63) by going through the router. Some unforeseen configuration was required to make this simple network operate seamlessly. In this case, a problem occurred getting system1 to connect to systems on the other side of the router on 60, 62, and 63. Before discussing the additional configuration that needed to be done, I first show the /etc/hosts file and then use some very useful UNIX commands that show the state of the network. Here is the /etc/hosts file showing just the UNIX system and router:
$ cat /etc/hosts 127.0.0.1 localhosts loopback 128.185.61.1 router1 # router 128.185.61.2 system1 # UNIX system on 61 128.185.62.1 system2 # UNIX system on 62
This host file is simple and allows system1 to connect to router1 and system2. The connection from system1 to system2 is accomplished by going through the router.
Let's look at one of the most commonly used networking commands -ping. This command is used to determine whether or not a connection exists between two networking components. ping is a simple com mand that sends an ICMP echo packet to the host you specify once per second. You may recall that ICMP was covered earlier under the network, or third layer. ping stands for Packet InterNet Groper. ping differs somewhat among UNIX variants, mostly in the reporting that ping produces when no options are provided.
Some systems provide performance information when ping is issued with no options; others report that the system "is alive". The following is an example of checking the connection between the local system and another system on the network called austin:
martyp $ ping austin austin is alive martyp $
You can adjust the packet size and number of iterations on most UNIX variants, as in the HP-UX example shown below specifying a packet size of 4096 and interval of 5:
# ping l2 4096 5 PING l2: 4096 byte packets 4096 bytes from 10.1.1.12: icmp_seq=0. time=2. ms 4096 bytes from 10.1.1.12: icmp_seq=1. time=2. ms 4096 bytes from 10.1.1.12: icmp_seq=2. time=2. ms 4096 bytes from 10.1.1.12: icmp_seq=3. time=2. ms 4096 bytes from 10.1.1.12: icmp_seq=4. time=2. ms ----l2 PING Statistics---- 5 packets transmitted, 5 packets received, 0% packet loss round-trip (ms) min/avg/max = 2/2/2 #
AIX allows you to specify the interval with -I as well as other options, including packet size, and number of iterations. These options are shown for an AIX system in the following example:
martyp $ ping -I 5 austin 4096 10 PING austin: 4096 data bytes 4104 bytes from austin (128.185.61.5): icmp_seq=0. time=8. ms 4104 bytes from austin (128.185.61.5): icmp_seq=1. time=9. ms 4104 bytes from austin (128.15.61.5): icmp_seq=2. time=9. ms 4104 bytes from austin (128.15.61.5): icmp_seq=3. time=9. ms 4104 bytes from austin (128.15.61.5): icmp_seq=4. time=8. ms 4104 bytes from austin (128.15.61.5): icmp_seq=5. time=9. ms 4104 bytes from austin (128.15.61.5): icmp_seq=6. time=9. ms 4104 bytes from austin (128.15.61.5): icmp_seq=7. time=9. ms 4104 bytes from austin (128.15.61.5): icmp_seq=8. time=9. ms 4104 bytes from austin (128.15.61.5): icmp_seq=9. time=9. ms ----austin PING Statistics---- 10 packets transmitted, 10 packets received, 0% packet loss round-trip (ms) min/avg/max = 9/9/15 martyp $
In this example, we ping austin every five seconds, with a packet size of 4096 bytes for a total of ten times.
Let's now get back to our example.
How do I know that I have a connection between system1 and the router and the other systems on the other side of the router? I use the ping command. Here is how I know that system1 is connected to router1:
$ping router1 PING router1: 64 byte packets 64 bytes from 128.185.61.2: icmp_seq=0. time=0. ms 64 bytes from 128.185.61.2: icmp_seq=1. time=0. ms 64 bytes from 128.185.61.2: icmp_seq=2. time=0. ms
Each line of output here represents a response that was returned from the device that was pinged. This means that the device responded. You continue to get this response indefinitely and have to type ^c (control c) to terminate the ping. If no output is produced, as shown below, then no response occurred and you may have a problem between your system and the device to which you are checking the connection:
$ping system2 PING router1: 64 byte packets
In this scenario, you would see this message and that is as far as you would get. A ^c will kill the ping, and you see that some number of packets were sent and none were received. I did indeed get this response when issuing the ping command, so I know that a problem exists with the connection between system1 and router1.
ping should be used only for testing purposes such as manual fault isolation, because it generates a substantial amount of network traffic. You do not want to use ping on an ongoing basis, such as in a script that is running continuously.
A nice variation of ping that I use is to specify a packet size of 4096 bytes, rather than the default of 64 bytes shown in the previous examples, and count the number of times ping transmits before terminating, rather than having to type ^c to terminate ping. The following example shows this:
$ ping router1 4096 5 PING router1: 64 byte packets 4096 bytes from 128.185.51.2: icmp_seq=0. time=8. ms 4096 bytes from 128.185.51.2: icmp_seq=1. time=8. ms 4096 bytes from 128.185.51.2: icmp_seq=2. time=9. ms 4096 bytes from 128.185.51.2: icmp_seq=3. time=8. ms 4096 bytes from 128.185.51.2: icmp_seq=4. time=8. ms
Notice that the time required to transmit and receive a response, the round-trip time, is substantially longer than with only 64 bytes transmitted. I usually find that the round-trip time for 64 bytes is 0 ms, although this depends on a number of factors, including network topology and network traffic.
From the earlier description of the subnet mask, you can see that routing from one host to another can be configured in a variety of ways. The path that information takes in getting from one host to another depends on routing.
You can obtain information related to routing with the netstat command. The -r option to netstat shows the routing tables, which you usually want to know, and the -n option can be used to print network addresses as numbers rather than as names. With the -v option, you get additional information related to routing, such as the subnet mask. In the following examples, netstat is issued with the -r option (this is used when describing the netstat output), the -rn options, and the -rnv options, so you can compare the outputs:
# netstat -r Routing tables Dest/Netmask Gateway Flags Refs Use Interface Pmtu o2 o2 UH 0 1890905 lo0 4136 o2 o2 UH 0 343 lan1 4136 o2 o2 UH 0 0 lan0 4136 10.1.1.0 o2 U 2 0 lan0 1500 10.1.1.0 o2 U 2 0 lan1 1500 127.0.0.0 o2 U 0 0 lo0 4136 default 10.1.1.1 UG 0 0 lan1 1500 # # netstat -rn Routing tables Dest/Netmask Gateway Flags Refs Use Interface Pmtu 127.0.0.1 127.0.0.1 UH 0 1891016 lo0 4136 10.1.1.10 10.1.1.10 UH 0 343 lan1 4136 10.1.1.110 10.1.1.110 UH 0 0 lan0 4136 10.1.1.0 10.1.1.110 U 2 0 lan0 1500 10.1.1.0 10.1.1.10 U 2 0 lan1 1500 127.0.0.0 127.0.0.1 U 0 0 lo0 4136 default 10.1.1.1 UG 0 0 lan1 1500 # # netstat -rnv Routing tables Dest/Netmask Gateway Flags Refs Use Interface Pmtu 127.0.0.1/255.255.255.255 127.0.0.1 UH 0 1891036 lo0 4136 10.1.1.10/255.255.255.255 10.1.1.10 UH 0 343 lan1 4136 10.1.1.110/255.255.255.255 10.1.1.110 UH 0 0 lan0 4136 10.1.1.0/255.255.255.0 10.1.1.110 U 2 0 lan0 1500 10.1.1.0/255.255.255.0 10.1.1.10 U 2 0 lan1 1500 127.0.0.0/255.0.0.0 127.0.0.1 U 0 0 lo0 4136 default/0.0.0.0 10.1.1.1 UG 0 0 lan1 1500 #
The first and second outputs show that our system, o2, has three interfaces: The first is the loopback interface called lo0. The second. is at.10, and the third is at.110 (which we can see from the -rn output). The next two lines show that our destination of 10.1.1.0, which is a network, can be accessed through either the card at.10 or.110. The third output provides verbose information. The last line is for the default route. This entry says to send packets to 10.1.1.1 if a more direct route can't be found.
With netstat, some information is provided about the router. The -r option shows information about routing, but many other useful options to this command are also available. Of particular interest in this output is "Flags," which defines the type of routing that takes place. Here are descriptions of the most common flags from the UNIX manual pages:
1=U | Route to a network via a gateway that is the local host itself. |
3=UG | Route to a network via a gateway that is the remote host. |
5=UH | Route to a host via a gateway that is the local host itself. |
7=UGH | Route to a host via a remote gateway that is a host. |
Also, I use two forms of netstat to obtain network statistics, as opposed to routing information. The first is netstat -i, which shows the state of interfaces that are autoconfigured. Because I am most often interested in getting a summary of lan0, I issue this command. netstat -i gives a good rundown of lan0, such as the network it is on, its name, and so on.
The following example shows the output of netstat -i on a Solaris and HP-UX system, respectively:
# netstat -i Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll ni0* 0 none none 0 0 0 0 0 ni1* 0 none none 0 0 0 0 0 lo0 4608 loopback 127.0.0.1 232 0 232 0 0 lan0 1500 169.200.112 169.200.112.2 3589746 2 45630 0 104 # netstat -i Name Mtu Network Address Ipkts Opkts lan1 1500 10.1.1.0 o2 59935480 163641547 lan0 1500 10.1.1.0 o2 139173 12839358 lo0 4136 127.0.0.0 o2 892333 1892345 #
Here is a description of the fields in the netstat example:
Name | The name of your network interface (Name), in this case, lan0. |
MTU | The "maximum transmission unit," which is the maximum packet size sent by the interface card. |
Network | The network address of the LAN to which the interface card is connected (169.200). |
Address | The host name of your system. This is the symbolic name of your system as it appears in the file /etc/hosts. |
The statistical information includes:
Ipkts | The number of packets received by the interface card, in this case, lan0. |
Ierrs | The number of errors detected on incoming packets by the interface card (on some UNIX variants). |
Opkts | The number of packets transmitted by the interface card. |
Oerrs | The number of errors detected during the transmission of packets by the interface card (on some UNIX variants.) |
Collis | The number of collisions that resulted from packet traffic (on some UNIX variants.) |
netstat provides cumulative data since the node was last powered up; you might have a long elapsed time over which data was accumulated. If you are interested in seeing useful statistical information, you can use netstat with different options. You can also specify an interval over which to report statistics. I usually ignore the first entry, because it shows all data since the system was last powered up. Therefore, the data includes non-prime hours when the system was idle. I prefer to view data at the time the system is working its hardest. The following netstat example provides network interface information every five seconds on a Solaris system:
# netstat -I lan0 5 (lan0)-> input output (Total)-> input output packets errs packets errs colls packets errs packets errs colls 3590505 2 45714 0 104 3590737 2 45946 0 104 134 0 5 0 0 134 0 5 0 0 174 0 0 0 0 174 0 0 0 0 210 0 13 0 0 210 0 13 0 0 165 0 0 0 0 165 0 0 0 0 169 0 0 0 0 169 0 0 0 0 193 0 0 0 0 193 0 0 0 0 261 0 7 0 0 261 0 7 0 0 142 0 8 0 0 142 0 8 0 0 118 0 0 0 0 118 0 0 0 0 143 0 0 0 0 143 0 0 0 0 149 0 0 0 0 149 0 0 0 0
With this example, you get multiple outputs of what is taking place on the LAN interface. As I mentioned earlier, you may want to ignore the first output, because it includes information over a long time period. This may include a time when your network was idle, and therefore the data is not important to you.
The following netstat example provides network interface information every five seconds on an HP-UX 11i system:
# netstat -I lan0 5 (lan0)-> input output (Total)-> input output packets packets packets packets 139185 12841621 61968131 178375605 139185 12841714 61968172 178375698 139185 12841810 61968213 178375794 139185 12841877 61968247 178375861 139185 12841912 61968265 178375896 139185 12842095 61968358 178376079 139187 12842244 61968413 178376240 139189 12842352 61968470 178376360 139189 12842453 61968525 178376461 139190 12842482 61968565 178376498 139190 12842539 61968594 178376555 139190 12842671 61968667 178376699
You can specify the network interface on which you want statistics reported by using -I interface; in the case of the example, it was -I lan0. An interval of five seconds was also used in this example.
Yet another use of netstat is to show the state of network sockets. netstat -a produces a list of protocols, queues, local and remote addresses, and protocol states. All this information is useful for showing active communications, as shown in the following example:
# netstat -a Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 2 system1.telnet atlm0081.atl.hp..1319 ESTABLISHED tcp 0 0 *.1095 *.* LISTEN tcp 0 0 *.psmond *.* LISTEN tcp 0 0 *.mcsemon *.* LISTEN tcp 0 0 localhost.8886 localhost.1062 ESTABLISHED tcp 0 0 localhost.1062 localhost.8886 ESTABLISHED tcp 0 0 *.8886 *.* LISTEN tcp 0 0 *.8887 *.* LISTEN tcp 0 0 *.1006 *.* LISTEN tcp 0 0 *.978 *.* LISTEN tcp 0 0 *.22370 *.* LISTEN tcp 0 0 *.389 *.* LISTEN tcp 0 0 *.8181 *.* LISTEN tcp 0 0 *.1054 *.* LISTEN tcp 0 0 *.1053 *.* LISTEN tcp 0 0 *.diagmond *.* LISTEN tcp 0 0 *.1045 *.* LISTEN tcp 0 0 *.1038 *.* LISTEN tcp 0 0 *.135 *.* LISTEN tcp 0 0 *.smtp *.* LISTEN tcp 0 0 *.1036 *.* LISTEN tcp 0 0 .appconn *.* LISTEN tcp 0 0 *.spc *.* LISTEN tcp 0 0 *.dtspc *.* LISTEN tcp 0 0 *.recserv *.* LISTEN tcp 0 0 *.klogin *.* LISTEN tcp 0 0 *.kshell *.* LISTEN tcp 0 0 *.chargen *.* LISTEN tcp 0 0 *.discard *.* LISTEN tcp 0 0 *.echo *.* LISTEN tcp 0 0 *.time *.* LISTEN tcp 0 0 *.daytime *.* LISTEN tcp 0 0 *.printer *.* LISTEN tcp 0 0 *.auth *.* LISTEN tcp 0 0 *.exec *.* LISTEN tcp 0 0 *.shell *.* LISTEN tcp 0 0 *.login *.* LISTEN tcp 0 0 *.telnet *.* LISTEN tcp 0 0 *.ftp *.* LISTEN tcp 0 0 *.795 *.* LISTEN tcp 0 0 *.792 *.* LISTEN tcp 0 0 *.* *.* CLOSED tcp 0 0 *.787 *.* LISTEN tcp 0 0 *.783 *.* LISTEN tcp 0 0 *.779 *.* LISTEN tcp 0 0 *.portmap *.* LISTEN tcp 0 0 *.2121 *.* LISTEN udp 0 0 *.112 *.* udp 0 0 *.177 *.* udp 0 0 *.1003 *.* udp 0 0 *.* *.* udp 0 0 *.* *.* udp 0 0 *.* *. udp 0 0 *.* *.* udp 0 0 *.nfsd *.* udp 0 0 *.976 *.* udp 0 0 *.22370 *.* udp 0 0 *.1097 *.* udp 0 0 *.1095 *.* udp 0 0 *.1079 *.* udp 0 0 *.135 *.* udp 0 0 *.* *.* udp 0 0 *.1045 *.* udp 0 0 *.snmp *.* udp 0 0 *.1040 *.* udp 0 0 *.tftp *.* udp 0 0 *.chargen *.* udp 0 0 *.discard *.* udp 0 0 *.echo *.* udp 0 0 *.time *.* udp 0 0 *.daytime *.* udp 0 0 *.ntalk *.* udp 0 0 *.bootps *.* udp 0 0 *.1023 *.* udp 0 0 *.787 *.* udp 0 0 *.798 *.* udp 0 0 *.797 *.* udp 0 0 *.1037 *.* udp 0 0 *.* *.* udp 0 0 *.1036 *.* udp 0 0 *.1035 *.* udp 0 0 *.777 *.* udp 0 0 *.portmap *.* udp 0 0 *.1034 *.* udp 0 0 *.syslog *.* udp 0 0 *.2121 *.* Active UNIX domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr bb9c00 stream 0 0 af9000 0 0 0 /tmp/.AgentSoA ced700 dgram 0 0 c99400 0 0 0 /opt/dcelocalr ce9e00 dgram 0 0 d23000 0 0 0 /opt/dcelocalr b0d200 dgram 0 0 b87000 0 0 0 /opt/dcelocalr 997a00 stream 0 0 b84800 0 0 0 /opt/dcelocal1 b24e00 dgram 0 0 b84000 0 0 0 /opt/dcelocal1 d59400 dgram 0 0 b66400 0 0 0 /var/tmp/psb_t d85c00 dgram 0 0 b67000 0 0 0 /var/tmp/psb_t c8b200 dgram 0 0 b12000 0 0 0 /opt/dcelocalr c8b400 stream 0 0 b78400 0 0 0 /opt/dcelocal5 c8b300 dgram 0 0 b78000 0 0 0 /opt/dcelocal5 c90900 dgram 0 0 d22400 0 0 0 /opt/dcelocalr c78c00 dgram 0 0 ba1000 c4a180 0 0 /opt/dcelocal0 b1e900 dgram 0 0 9a4400 0 c32e80 0 /opt/dcelocald d64100 stream 0 0 d24c00 0 0 0 /opt/dcelocal5 9e1600 dgram 0 0 9a4000 d4d940 0 0 /opt/dcelocal2 d64200 dgram 0 0 cfc800 0 c32c80 0 /opt/dcelocal9 d12d00 dgram 0 0 cfc000 c32c00 0 0 /opt/dcelocal1 c5ee00 stream 0 0 b1c000 0 0 0 /opt/dcelocal4 d19d00 dgram 0 0 ce4800 0 0 0 /opt/dcelocald cf0c00 dgram 0 0 a92800 0 af15c0 0 /opt/dcelocal7 d2d600 dgram 0 0 a93800 c32c00 0 d4db80 /opt/dcelocal0 c9b900 dgram 0 0 a93c00 0 0 0 /opt/dcelocald d6c800 stream 0 0 ba3000 0 0 0 /var/opt/OV/sT #
A lot of information is in this output. You can refer to the manual page at the end of this chapter if you want a detailed explanation of the fields.
The first line shows the Proto tcp to the Local Address system1.telnet as having a (state) of ESTABLISHED. This is the connection we have initiated to this system. We are sitting on system1 with a telnet session open to the system on which we ran netstat.
Most of the remaining tcp protocol entries are listening. This means that they are listening for incoming connections, as indicated by the LISTEN. They have a wildcard in the Foreign Address field, which will contain the address when a connection has been established. We are one of the few connections that has been made, as indicated by the ESTABLISHED.
All the send and receive queues, shown as Recv-Q and Send-Q, are empty, as indicated by 0.
The UNIX domain sockets at the end of the output are stream and datagram connections for a variety of services such as NFS.
This output gives you an appreciation of the immense amount of activity taking place from a networking perspective on your UNIX system. Networking and connectivity have been among the most advanced aspects of UNIX since its inception.
The information displayed with netstat is the routing tables for your system. Some are automatically created with the ifconfig command when your system is booted or when the network interface is initialized. Routes to networks and hosts that are not directly connected to your system are entered with the route command.
Routing changes can be made on the fly, as I did to change the
Flags from U to UG:
$ /usr/sbin/route add default 128.185.61.1 3
First is the route command. Second, we specify that we wish to add a route; the other option is to delete a route. Third, we specify the destination, in this case, the default. This could be a specific host name, a network name, an IP address, or default that signifies the wildcard gateway route that is shown in our example. Fourth is the gateway through which the destination is reached. In the above example, the IP address was used, but this could also be a host name. The 3 corresponds to the count that is used to specify whether the gateway is the local host or a remote gateway. If the gateway is the local host, then a count of 0 is used. If the gateway is a remote host, which is the case in the example, a count of >0 is used. This corresponds to UG for Flags. This manually changed the network routing table by adding a default route with the appropriate Flags. Issuing this command fixed the problem I encountered trying to get system1 to talk to the systems on the other side of the router (remember Figure 16-10 ?).
Before issuing /usr/sbin/route with the add option, you can first use the delete option to remove the existing default route, which is not working.
route commands usually appear in one of the system's startup files so that every time the system boots, route commands are issued. This ensures that the right connectivity information is in place every time the system starts.
The ifconfig command provides additional information on a LAN interface. The following example provides the configuration of a network interface:
$ /etc/ifconfig lan0 lan0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING> inet 128.185.61.2 netmask ffff0000 broadcast 128.185.61.255
From this example, we can quickly see that the interface is up, it has an address of 128.185.61.2, and it has a netmask of ffff0000. Again, keep in mind that your network interface may have a different name, such as le0.
You can use ifconfig to get the status of a network interface as I have done here to assign an address to a network interface, or to configure network interface parameters. The network address you have falls into classes such as "A," "B," or "C," as mentioned earlier. You want to be sure that you know the class of your network before you start configuring your LAN interface. This example is a class "B" network, so the netmask is defined as ffff0000 (typical for a class "B" address), as opposed to ffffff00, which is typical for a class "C" network. The netmask is used to determine how much of the address to reserve for subdividing the network into smaller networks. The netmask can be represented in hex, as shown above, or in decimal format, as in the /etc/hosts file. Here is the ifconfig command I issued to configure the interface:
$ /etc/ifconfig lan0 inet 128.185.61.2 netmask 255.255.0.0
The 255.255.0.0 corresponds to the hex ffff000 shown earlier for the class "B" subnet mask.
lan0 is the interface being configured.
inet is the address family, which is currently the only one supported for this system.
128.185.61.2 is the address of the LAN interface for system1.
netmask shows how to subdivide the network.
255.255.0.0 is the same as ffff0000, which is the netmask for a class "B" address.
I have made good use of netstat, ping, and ifconfig to help get the status of the network. ifconfig, route, and/etc/hosts are used to configure the network, should you identify any changes you need to make. The subnet examples show how flexible you can be when configuring your network for both your current and future needs. In simple networks, you may not need to use many of these commands or complex subnetting. In complex networks, or at times when you encounter configuration difficulties, you may have to make extensive use of these commands. In either case, network planning is an important part of setting up UNIX systems.
Most of the commands used throughout this chapter are a part of every system administrator's tool box. Networking is so vital to the use of UNIX systems, however, that having a background in this area can help with your overall understanding of the system and how to use it more effectively.
As a user, you may have a need to NFS mount a directory on another system or perform some other function that you haven't before used on your system. You can determine whether various pieces of functionality have been enabled by evaluating the daemons running on your system. rpcinfo allows you to generate a Remote Procedure Call (RPC) on a system, including your local system, by issuing the command rpc -p system_name.
The following example shows issuing rpcinfo -p on our local system:
# rpcinfo -p program vers proto port service 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 777 status 100024 1 tcp 779 status 100021 1 tcp 783 nlockmgr 100021 1 udp 1035 nlockmgr 100021 3 tcp 787 nlockmgr 100021 3 udp 1036 nlockmgr 100020 1 udp 1037 llockmgr 100020 1 tcp 792 llockmgr 100021 2 tcp 795 nlockmgr 100068 2 udp 1040 cmsd 100068 3 udp 1040 cmsd 100068 4 udp 1040 cmsd 100068 5 udp 1040 cmsd 100083 1 tcp 1036 ttdbserver 100005 1 udp 976 mountd 100005 1 tcp 978 mountd 100003 2 udp 2049 nfs 150001 1 udp 1003 pcnfsd 150001 2 udp 1003 pcnfsd 150001 1 tcp 1006 pcnfsd 150001 2 tcp 1006 pcnfsd #
Many daemons are running on the system that are important to the functionality I like to use. mountd is running, which indicates that a server could NFS mount file systems on this computer. There is other setup required for the mount to take place, but at least the daemon is running to support this functionality. In addition, pcnfsd is running, meaning that we have support for Windows-based NFS access.
The mechanism used to maintain a list of IP addresses and their corresponding MAC addresses is the ARP cache. The mapped addresses are only held in the cache for minutes, so if you want to see what addresses have been mapped recently, you can use the arp command, as shown in the following example:
# arp -a o2 (10.1.1.10) at 0:10:83:f7:a2:f8 ether l1 (10.1.1.11) at 0:10:83:f7:2e:d0 ether 63.88.85.1 (63.88.85.1) at 0:30:94:b0:b8:a0 ether l3 (10.1.1.200) at 0:10:83:fc:92:88 ether tape1 (10.1.1.14) at 0:10:83:f7:e:32 ether tape1 (10.1.1.14) at 0:10:83:f7:e:32 ether tape1 (10.1.1.14) at 0:10:83:f7:e:32 ether tape1 (10.1.1.14) at 0:10:83:f7:e:32 ether 63.88.85.18 (63.88.85.18) -- no entry
Current arp entries are displayed with the -a command. You can create an entry with the -s option.
lanadmin is used to view and perform administration on network cards. Issuing lanadmin with no options brings you into the interactive interface, as shown the following example:
# lanadmin LOCAL AREA NETWORK ONLINE ADMINISTRATION, Version 1.0 Copyright 1994 Hewlett Packard Company. All rights are reserved. Test Selection mode. lan = LAN Interface Administration menu = Display this menu quit = Terminate the Administration terse = Do not display command menu verbose = Display command menu Enter command: lan LAN Interface test mode. LAN Interface PPA Number = 0 clear = Clear statistics registers display = Display LAN Interface status and statistics registers end = End LAN Interface Administration, return to Test Selection menu = Display this menu ppa = PPA Number of the LAN Interface quit = Terminate the Administration, return to shell reset = Reset LAN Interface to execute its selftest specific = Go to Driver specific menu Enter command: d LAN INTERFACE STATUS DISPLAY PPA Number = 0 Description = lan0 Hewlett-Packard 10/100 TX Half-Duplex TT = 1500 Type (value) = ethernet-csmacd(6) MTU Size = 1500 Speed = 100000000 Station Address = 0x1083ffcaae Administration Status (value) = up(1) Operation Status (value) = down(2) Last Change = 237321866 Inbound Octets = 0 Inbound Unicast Packets = 0 Inbound Non-Unicast Packets = 0 Inbound Discards = 0 Inbound Errors = 0 Inbound Unknown Protocols = 0 Outbound Octets = 820 Outbound Unicast Packets = 20 Outbound Non-Unicast Packe = 0 Outbound Discards = 1 Outbound Errors = 0 Outbound Queue Len = 0 Specific = 655367 Press <Return> to continue
In this example, we issued lanadmin and specified that we wanted to go into the lan interface administration and that we wanted to display information about the interface.
lanadmin can also be used to perform such tasks as to change the MTU or speed of a lan interface with the -M and -s options, respectively.
ndd is used to perform network tuning and view information about network parameters. To view information about all supported tunable parameters with ndd, you would issue ndd -h supported. You can get the value of a parameter using the -get option and you can set the value of a parameter with the -set option.
nslookup is used to resolve a host name into an IP address. You issue nslookup hostname and nslookup will access either the /etc/ resolv.conf file or /etc/hosts to resolve the host name. The following example shows a system using /etc/hosts to produce the IP address of system l2:
# nslookup l2 Using /etc/hosts on: l3 looking up FILES Name: l2 Address: 10.1.1.12 #
You can also run nslookup in interactive mode by issuing the command with no command-line arguments. The following example shows issuing the command with no command line arguments to get into interactive mode and then typing help to get information on commands you can issue:
# nslookup l2 > help NAME - print address information about NAME IP-ADDRESS - print hostname information about IP-ADDRESS policy - print switch policy information server NAME - set default server to NAME, using current de fault server lserver NAME - set default server to NAME, using initial serv er set OPTION - sets the OPTION all - print options, current server and host [no]swtrace - print lookup result and lookup switch messages >
The following are the HP-UX manual pages for many of the commands used in this chapter. Commands often differ among UNIX variants, so you may find differences in the options or other areas for some commands; however, the following manual pages serve as an excellent reference.
ftp - Interface for file transfer program.
ftp(1) ftp(1) NAME ftp - file transfer program SYNOPSIS ftp [-g] [-i] [-n] [-v] [-B size] [server-host] DESCRIPTION ftp is a user interface to the File Transfer Protocol. ftp copies files over a network connection between the local ``client'' host and a remote ``server'' host. ftp runs on the client host. Options The ftp command supports the following options: -g Disable file name ``globbing''; see the glob command, below. By default, when this option is not specified, globbing is enabled. -i Disable interactive prompting by multiple-file commands; see the prompt command, below. By default, when this option is not specified, prompting is enabled. -n Disable ``auto-login''; see the open command, below. By default, when this option is not specified, auto-login is enabled. -v Enable verbose output; see the verbose command, below. If this option is not specified, ftp displays verbose output only if the standard input is associated with a terminal. -B Set the buffer size of the data socket to size blocks of 1024 bytes. The valid range for size is an integer from 1 to 64 (default is 56). Note: A large buffer size will improve the performance of ftp on fast links (e.g., FDDI), but may cause long connection times on slow links (e.g., X.25). The name of the server host that ftp communicates with can be specified on the command line. If the server host is specified, ftp immediately opens a connection to the server host; see the open command, below. Otherwise, ftp waits for commands from the user. File Transfer Protocol specifies file transfer parameters for type, mode, form, and struct. ftp supports the ASCII, binary, and tenex File Transfer Protocol types. ASCII is the default FTP type. (It should be noted though that, whenever ftp establishes a connection between two similar systems, it switches automatically to the more efficient binary type.) ftp supports only the default values for the file transfer parameters mode which defaults to stream, form which defaults to non-print, and struct which defaults to file. COMMANDS ftp supports the following commands. Command arguments with embedded spaces must be enclosed in quotes (for example, "argument with embedded spaces"). ![command [args]] Invoke a shell on the local host. The SHELL environment variable specifies which shell program to invoke. ftp invokes /usr/bin/sh if SHELL is undefined. If command is specified, the shell executes it and returns to ftp. Otherwise, an interactive shell is invoked. When the shell terminates, it returns to ftp. $ macro-name [args] Execute the macro macro-name that was defined with the macdef command. Arguments are passed to the macro unglobbed. account [passwd] Supply a supplemental password required by a remote system for access to resources once a login has been successfully completed. If no argument is included, the user is prompted for an account password in a non-echoing input mode. append local-file [remote-file] Copy local-file to the end of remote-file. If remote-file is left unspecified, the local file name is used in naming the remote file after being altered by any ntrans or nmap setting. ascii Set the file transfer type to network ASCII. This is the default type. bell Sound a bell after each file transfer completes. binary Set the file transfer type to binary. bye Close the connection to the server host if a connection was open, and exit. Typing an end-of-file (EOF) character also terminates and exits the session. case Toggle remote computer file name case mapping during mget commands. When case is on (the default is off), remote computer file names with all letters in uppercase are written in the local directory with the letters mapped to lowercase. cd remote-directory Set the working directory on the server host to remote-directory. cdup Set the working directory on the server host to the parent of the current remote working directory. chmod mode file-name Change the permission modes of the file file-name on the remote system to mode. close Terminate the connection to the server host. The close command does not exit ftp. Any defined macros are erased. cr Toggle carriage return stripping during ascii type file retrieval. Records are denoted by a carriage-return/line-feed sequence during ascii type file transfer. When cr is on (the default), carriage returns are stripped from this sequence to conform with the UNIX single line-feed record delimiter. Records on non-UNIX remote systems may contain single line-feeds; when an ascii type transfer is made, these line-feeds can be distinguished from a record delimiter only when cr is off. delete remote-file Delete remote-file. The remote-file can be an empty directory. No globbing is done. dir [remote-directory] [local-file] Write a remote-directory listing to standard output or optionally to local-file. If neither remote-directory nor local-file is specified, list the remote working directory to standard output. If interactive prompting is on, ftp prompts the user to verify that the last argument is indeed the target file for dir output. Globbing characters are always expanded. disconnect A synonym for close. form format Set the file transfer form to format. The only supported format is non-print get remote-file [local-file] Copy remote-file to local-file. If local-file is unspecified, ftp uses the specified remote-file name as the local-file name, subject to alteration by the current case, ntrans, and nmap settings. glob Toggle file name globbing. When file name globbing is enabled, ftp expands csh(1) metacharacters in file and directory names. These characters are *, ?, [, ], ~, {, and }. The server host expands remote file and directory names. Globbing metacharacters are always expanded for the ls and dir commands. If globbing is enabled, metacharacters are also expanded for the multiple-file commands mdelete, mdir, mget, mls, and mput. hash Toggle printing of a hash-sign (#) for each 1024 bytes transferred. help [command] Print an informative message about the ftp command called ftp- command. If ftp-command is unspecified, print a list of all ftp commands. idle [seconds] Set the inactivity timer on the remote server to seconds seconds. If seconds is omitted, ftp prints the current inactivity timer. lcd [local-directory] Set the local working directory to local-directory. If local- directory is unspecified, set the local working directory to the user's local home directory. ls [remote-directory] [local-file] Write a listing of remote-directory to local-file. The listing includes any system-dependent information that the server chooses to include; for example, most UNIX systems produce output from the command ls -l (see also nlist). If neither remote-directory nor local-file is specified, list the remote working directory. If globbing is enabled, globbing metacharacters are expanded. macdef macro-name Define a macro. Subsequent lines are stored as the macro macro name; an empty input line terminates macro input mode. There is a limit of 16 macros and 4096 total characters in all defined macros. Macros remain defined until a close command is executed. The macro processor interprets $ and \ as special characters. A $ followed by a number (or numbers) is replaced by the corresponding argument on the macro invocation command line. A $ followed by an i signals to the macro processor that the executing macro is to be looped. On the first pass $i is replaced by the first argument on the macro invocation command line, on the second pass it is replaced by the second argument, and so on. A \ followed by any character is replaced by that character. Use the \ to prevent special treatment of the $. mdelete [remote-files] Delete remote-files. If globbing is enabled, globbing metacharacters are expanded. mdir remote-files local-file Write a listing of remote-files to local-file. If globbing is enabled, globbing metacharacters are expanded. If interactive prompting is on, ftp prompts the user to verify that the last argument is indeed the target local file for mdir output. mget remote-files Copy remote-files to the local system. If globbing is enabled, globbing metacharacters are expanded. The resulting local file names are processed according to case, ntrans, and nmap settings. mkdir directory-name Create remote directory-name. mls remote-files local-file Write an abbreviated listing of remote-files to local-file. If globbing is enabled, globbing metacharacters are expanded. If interactive prompting is on, ftp prompts the user to verify that the last argument is indeed the target local file for mls output. mode [mode-name] Set the FTP file transfer mode to mode-name. The only supported mode is stream. modtime remote-file Show the last modification time of remote-file. mput local-files Copy local-files from the local system to the remote system. The remote files have the same name as the local files processed according to ntrans and nmap settings. If globbing is enabled, globbing characters are expanded. newer file-name Get the file only if the modification time of the remote file is more recent that the file on the current system. If the file does not exist on the current system, the remote file is considered newer. Otherwise, this command is identical to get. nlist [remote-directory] [local-file] Write an abbreviated listing of remote-directory to local-file. If remote-directory is left unspecified, the current working directory is used. If interactive prompting is on, ftp prompts the user to verify that the last argument is indeed the target local file for nlist output. nmap [inpattern outpattern] Set or unset the filename mapping mechanism. If no arguments are specified, the filename mapping mechanism is unset. If arguments are specified, remote filenames are mapped during mput commands and put commands issued without a specified remote target filename. If arguments are specified, local filenames are mapped during mget commands and get commands issued without a specified local target filename. This command is useful when connecting to a non-UNIX remote computer with different file naming conventions or practices. The mapping follows the pattern set by inpattern and outpattern. inpattern is a template for incoming filenames (which may have already been processed according to the ntrans and case settings). Variable templating is accomplished by including the sequences $1, $2, ..., $9 in inpattern. Use \ to prevent this special treatment of the $ character. All other characters are treated literally, and are used to determine the nmap inpattern variable values. For example, given inpattern $1.$2 and the remote file name mydata.data, $1 would have the value mydata, and $2 would have the value data. The outpattern determines the resulting mapped filename. The sequences $1, $2, ..., $9 are replaced by any value resulting from the inpattern template. The sequence $0 is replaced by the original filename. Additionally, the sequence [seq1,seq2] is replaced by seq1 if seq1 is not a null string; otherwise it is replaced by seq2. For example, the command nmap $1.$2.$3 [$1,$2].[$2,file] would yield the output filename myfile.data for input filenames myfile.data and myfile.data.old, myfile.file for the input filename myfile, and myfile.myfile for the input filename .myfile. Spaces can be included in outpattern, as in the example: nmap $1 | sed "s/ *$//" > $1 . Use the \ character to prevent special treatment of the $, [, ], and , characters. ntrans [inchars [outchars]] Set or unset the filename character translation mechanism. If no arguments are specified, the filename character translation mechanism is unset. If arguments are specified, characters in remote filenames are translated during mput commands and put commands issued without a specified remote target filename. If arguments are specified, characters in local filenames are translated during mget commands and get commands issued without a specified local target filename. This command is useful when connecting to a non-UNIX remote computer with different file naming conventions or practices. Characters in a filename matching a character in inchars are replaced with the corresponding character in outchars. If the character's position in inchars is longer than the length of outchars, the character is deleted from the file name. open server-host [port-number] Establish a connection to server-host, using port-number (if specified). If auto-login is enabled, ftp attempts to log into the server host. prompt Toggle interactive prompting. By default, ftp prompts the user for a yes or no response for each output file during multiple- file commands. If interactive prompting is disabled, ftp performs the command for all specified files. proxy ftp-command Execute an ftp command on a secondary control connection. This command allows simultaneous connection to two remote FTP servers for transferring files between the two servers. The first proxy command should be an open, to establish the secondary control connection. Enter the command proxy ? to see other FTP commands executable on the secondary connection. The following commands behave differently when prefaced by proxy: open does not define new macros during the auto-login process, close does not erase existing macro definitions, get and mget transfer files from the host on the primary control connection to the host on the secondary control connection, and put, mput, and append transfer files from the host on the secondary control connection to the host on the primary control connection. Third party file transfers depend upon support of the FTP protocol PASV command by the server on the secondary control connection. put local-file [remote-file] Copy local-file to remote-file. If remote-file is unspecified, ftp assigns the local-file name, processed according to any ntrans or nmap settings, to the remote-file name. pwd Write the name of the remote working directory to stdout. quit A synonym for bye. quote arguments Send arguments, verbatim, to the server host. See ftpd(1M). recv remote-file [local-file] A synonym for get. reget remote-file [local-file] reget acts like get, except that if local-file exists and is smaller than remote-file, local-file is presumed to be a partially transferred copy of remote-file and the transfer is continued from the apparent point of failure. This command is useful when transferring very large files over networks that tend to drop connections. rhelp [command-name] Request help from the server host. If command-name is specified, supply it to the server. See ftpd(1M). rstatus [file-name] With no arguments, show status of remote machine. If file-name is specified, show status of file-name on remote machine. rename remote-from remote-to Rename remote-from, which can be either a file or a directory, to remote-to. reset Clear reply queue. This command re-synchronizes command/reply sequencing with the remote FTP server. Resynchronization may be necessary following a violation of the FTP protocol by the remote server. restart marker Restart the immediately following get or put at the indicated marker. On UNIX systems, marker is usually a byte offset into the file. rmdir remote-directory Delete remote-directory. remote-directory must be an empty directory. runique Toggle storing of files on the local system with unique filenames. If a file already exists with a name equal to the target local filename for a get or mget command, a .1 is appended to the name. If the resulting name matches another existing file, a .2 is appended to the original name. If this process continues up to .99, an error message is printed, and the transfer does not take place. ftp reports the unique filename. Note that runique does not affect local files generated from a shell command (see below). The default value is off. send local-file [remote-file] A synonym for put. sendport Toggle the use of PORT commands. By default, ftp attempts to use a PORT command when establishing a connection for each data transfer. If the PORT command fails, ftp uses the default data port. When the use of PORT commands is disabled, ftp makes no attempt to use PORT commands for each data transfer. This is useful for certain FTP implementations that ignore PORT commands but (incorrectly) indicate that they've been accepted. See ftpd(1M). Turning sendport off may cause delays in the execution of commands. site arguments Send arguments, verbatim, to the server host as a SITE command. See ftpd(1M). size remote-file Show the size of remote-file. status Show the current status of ftp. struct [struct-name] Set the FTP file transfer struct to struct-name. The only supported struct is file. sunique Toggle storing of files on remote machine under unique file names. The remote server reports the unique name. By default, sunique is off. system Show the type of operating system running on the remote machine. tenex Set the FTP file transfer type to tenex. type [type-name] Set the FTP file transfer type to type-name. If type-name is unspecified, write the current type to stdout. Ascii, binary, and tenex are the types currently supported. umask [newmask] Set the default umask on the remote server to newmask. If newmask is omitted, the current umask is printed. user user-name [password] [account] Log into the server host on the current connection, which must already be open. A .netrc file in the user's local home directory can provide the user-name, password, and optionally the account; see netrc(4). Otherwise ftp prompts the user for this information. The HP-UX FTP server does not require an account. For security reasons, ftp always requires a password. It does not log into remote accounts that do not have a password. verbose Toggle verbose output. If verbose output is enabled, ftp displays responses from the server host, and when a file transfer completes it reports statistics regarding the efficiency of the transfer. ? [command] A synonym for the help command. Prints the help information for the specified command. Aborting A File Transfer To abort a file transfer, use the terminal interrupt key (usually Ctrl-C). Sending transfers are halted immediately. ftp halts incoming (receive) transfers by first sending a FTP protocol ABOR command to the remote server, then discarding any further received data. The speed at which this is accomplished depends upon the remote server's support for ABOR processing. If the remote server does not support the ABOR command, an ftp> prompt does not appear until the remote server completes sending the requested file. The terminal interrupt key sequence is ignored while ftp awaits a reply from the remote server. A long delay in this mode may result from the ABOR processing described above, or from unexpected behavior by the remote server, including violations of the FTP protocol. If the delay results from unexpected remote server behavior, the local ftp program must be killed manually. File Naming Conventions Files specified as arguments to ftp commands are processed according to the following rules. - If the file name - is specified, ftp uses the standard input (for reading) or standard output (for writing). - If the first character of the file name is |, ftp interprets the remainder of the argument as a shell command. ftp forks a shell, using popen() (see popen(3S)) with the supplied argument, and reads (writes) from standard output (standard input). If the shell command includes spaces, the argument must be quoted, as in: "| ls -lt". A particularly useful example of this mechanism is: "| dir . | more". - Otherwise, if globbing is enabled, ftp expands local file names according to the rules used by the C shell (see csh(1)); see the glob command, below. If the ftp command expects a single local file (e.g. put), only the first filename generated by the globbing operation is used. - For mget commands and get commands with unspecified local file names, the local filename is named the same as the remote filename, which may be altered by a case, ntrans, or nmap setting. The resulting filename may then be altered if runique is on. - For mput commands and put commands with unspecified remote file names, the remote filename is named the same as the local filename, which may be altered by a ntrans or nmap setting. The resulting filename may then be altered by the remote server if sunique is on. WARNINGS Correct execution of many commands depends upon proper behavior by the remote server. AUTHOR ftp was developed by the University of California, Berkeley. SEE ALSO csh(1), rcp(1), ftpd(1M), netrc(4), ftpusers(4), hosts(4).
ifconfig - Display or configure network interface parameters.
ifconfig(1M) ifconfig(1M) NAME ifconfig - configure network interface parameters SYNOPSIS ifconfig interface address_family [address [dest_address]] [parameters] ifconfig interface [address_family] DESCRIPTION The first form of the ifconfig command assigns an address to a network interface and/or configures network interface parameters. ifconfig must be used at boot time to define the network address of each interface present on a machine. It can also be used at other times to redefine an interface's address or other operating parameters. The second form of the command, without address_family, displays the current configuration for interface. If address_family is also specified, ifconfig reports only the details specific to that address family. Only a user with appropriate privileges can modify the configuration of a network interface. All users can run the second form of the command. Arguments ifconfig recognizes the following arguments: address Either a host name present in the host name database (see hosts(4)), or a DARPA Internet address expressed in Internet standard dot notation (see inet(3N)). The host number can be omitted on 10MB/second Ethernet interfaces (which use the hardware physical address), and on interfaces other than the first. address_family Name of protocol on which naming scheme is based. An interface can receive transmissions in differing protocols, each of which may require separate naming schemes. Therefore, it is necessary to specify the address_family, which may affect interpretation of the remaining parameters on the command line. The only address family currently supported is inet (DARPA- Internet family). dest_address Address of destination system. Consists of either a host name present in the host name database (see hosts(4)), or a DARPA Internet address expressed in Internet standard dot notation (see inet(3N)). interface A string of the form nameunit, such as lan0. (See the LAN Card Numbering subsection.) parameters One or more of the following operating parameters: up Mark an interface "up". Enables interface after an ifconfig down. Occurs automatically when setting the address on an interface. Setting this flag has no effect if the hardware is "down". down Mark an interface "down". When an interface is marked "down", the system will not attempt to transmit messages through that interface. If possible, the interface will be reset to disable reception as well. This action does not automatically disable routes using the interface. broadcast (Inet only) Specify the address that represents broadcasts to the network. The default broadcast address is the address with a host part of all 1's. debug Enable driver-dependent debugging code. This usually turns on extra console error logging. -debug Disable driver-dependent debugging code. ipdst (NS only) This is used to specify an Internet host that is willing to receive IP packets encapsulating NS packets bound for a remote network. In this case, an apparent point-to-point link is constructed, and the address specified is taken as the NS address and network of the destination. metric n Set the routing metric of the interface to n. The default is 0. The routing metric is used by the routing protocol (see gated(1m)). Higher metrics have the effect of making a route less favorable; metrics are counted as additional hops to the destination network or host. netmask mask (Inet only) Specify how much of the address to reserve for subdividing networks into sub- networks or aggregating networks into supernets. mask can be specified as a single hexadecimal number with a leading 0x, with a dot-notation Internet address, or with a pseudo-network name listed in the network table (see networks(4)). For subdividing networks into sub-networks, mask must include the network part of the local address, and the subnet part which is taken from the host field of the address. mask must contain 1's in the bit positions in the 32-bit address that are to be used for the network and subnet parts, and 0's in the host part. The 1's in the mask must be contiguous starting from the leftmost bit position in the 32- bit field. mask must contain at least the standard network portion, and the subnet field must be contiguous with the network portion. The subnet field must contain at least 2 bits. The subnet part after performing a bit-wise AND operation between the address and the mask must not contain all 0's or all 1's. For aggregating networks into supernets, mask must only include a portion of the network part. mask must contain contiguous 1's in the bit positions starting from the leftmost bit of the 32-bit field. trailers Request the use of a "trailer" link-level encapsulation when sending. If a network interface supports trailers, the system will, when possible, encapsulate outgoing messages in a manner that minimizes the number of memory- to-memory copy operations performed by the receiver. On networks that support the Address Resolution Protocol, this flag indicates that the system should request that other systems use trailers when sending to this host. Similarly, trailer encapsulations will be sent to other hosts that have made such requests. Currently used by Internet protocols only. See WARNINGS section. -trailers Disable the use of a "trailer" link-level encapsulation (default). LAN Card Numbering The name of an interface associated with a LAN card is lan, and its unitnumber is determined as follows. The LAN card installed first in the system is given interface unit number 0; the next LAN card installed is given interface unit number 1; and so on. When there are two or more LAN cards installed at the same time, interface unit numbers are assigned according to card positions in the backplane: the LAN card that appears "first" in the backplane is given the interface unit number N; the next LAN card in the backplane is given the number N+1. The lanscan command can be used to display the name and unit number of each interface that is associated with a LAN card (see lanscan(1M)). Supernets A supernet is a collection of smaller networks. Supernetting is a technique of using the netmask to aggregate a collection of smaller networks into a supernet. This technique is particularly useful for class C networks. A Class C network can only have 254 hosts. This can be too restrictive for some companies. For these companies, a netmask that only contains a portion of the network part can be applied to the hosts in these class C networks to form a supernet. This supernet netmask should be applied to those interfaces that connect to the supernet using the ifconfig command. For example, a host can configure its interface to connect to a class C supernet, 192.6, by configuring an IP address of 192.6.1.1 and a netmask of 255.255.0.0 to its interface. DIAGNOSTICS Messages indicate if the specified interface does not exist, the requested address is unknown, or the user is not privileged and tried to alter an interface's configuration. WARNINGS Currently, all HP 9000 systems can receive trailer packets but do not send them. Setting the trailers flag has no effect. SEE ALSO netstat(1), lanconfig(1m), lanscan(1m) hosts(4), routing(7).
netstat - Display statistics related to networking.
netstat(1) netstat(1) NAME netstat - show network status SYNOPSIS netstat [-aAn] [-f address-family] [system [core]] netstat [-mMnrsv] [-f address-family] [-p protocol] [system [core]] netstat [-gin] [-I interface] [interval] [system [core]] DESCRIPTION netstat displays statistics for network interfaces and protocols, as well as the contents of various network-related data structures. The output format varies according to the options selected. Some options are ignored when used in combination with other options. Generally, the netstat command takes one of the three forms shown above: - The first form of the command displays a list of active sockets for each protocol. - The second form displays the contents of one of the other network data structures according to the option selected. - The third form displays configuration information for each network interface. It also displays network traffic data on configured network interfaces, optionally updated at each interval, measured in seconds. Options are interpreted as follows: -a Show the state of all sockets, including passive sockets used by server processes. When netstat is used without any options (except -A and -n), only active sockets are shown. This option does not show the state of X.25 programmatic access sockets. The option is ignored if the -g, -i, -I, -m, -M, -p, -r, -s or interval option is specified. -A Show the address of the protocol control block associated with sockets. This option is used for debugging. It does not show the X.25 programmatic access control blocks. This option is ignored if the -g, -i, -I, -m, -M, -p, -r, -s or interval option is specified. -f address-family Show statistics or address control block for only the specified address-family. The following address families are recognized: inet for AF_INET, and unix for AF_UNIX. This option applies to the -a, -A and -s options. -g Show multicast information for network interfaces. Only the address family AF_INET is recognized by this option. This option may be combined with the -i option to display both kinds of information. The option is ignored if the -m, -M or -p option is specified. -i Show the state of network interfaces. Interfaces that are statically configured into a system, but not located at boot time, are not shown. This option is ignored if the -m, -M or -p option is specified. -I interface Show information about the specified interface only. This option applies to the -g and -i options. -m Show statistics recorded by network memory management routines. If this option is specified, all other options are ignored. -M Show the multicast routing tables. When -s is used with the -M option, netstat displays multicast routing statistics instead. This option is ignored if the -m or -p option is specified. -n Show network addresses as numbers. Normally, netstat interprets addresses and attempts to display them symbolically. This option applies to the -a, -A, -i, -r and -v options. -p protocol Show statistics for the specified protocol. The following protocols are recognized: tcp, udp, ip, icmp, igmp, arp, and probe. This option is ignored if the -m option is specified. -r Show the routing tables. When -v is used with the -r option, netstat also displays the network masks in the route entries. When -s is used with the -r option, netstat displays routing statistics instead. This option is ignored if the -g, -m, -M, -i, -I, -p or interval option is specified. -s Show statistics for all protocols. When this option is used with the -r option, netstat displays routing statistics instead. When this option is used with the -M option, netstat displays multicast routing statistics instead. This option is ignored if the -g, -i, -I, -m, -p or interval option is specified. -v Show additional routing information. When -v is used with the -r option, netstat also displays the network masks in the route entries. This option only applies to the -r option. The arguments system and core allow substitutes for the defaults, /stand/vmunix and /dev/kmem. If no options or only the -A or -n option is specified, netstat displays the status of only active sockets. The display of active and passive sockets status shows the local and remote addresses, send and receive queue sizes (in bytes), protocol, and the internal state of the protocol. Address formats are of the form host.port, or network.port if the host portion of a socket address is zero. When known, the host and network addresses are displayed symbolically by using gethostbyname() and getnetbyname(), respectively (see gethostbyname(3N) and getnetbyname(3N)). If a symbolic name for an address is unknown, or if the -n option is specified, the address is displayed numerically according to the address family. For more information regarding the Internet ``dot format'', refer to inet(3N). Unspecified or ``wildcard'' addresses and ports appear as an asterisk (*). The interface display provides a table of cumulative statistics regarding packets transferred, errors, and collisions. The network addresses of the interface and the maximum transmission unit (MTU) are also displayed. When the interval argument is specified, netstat displays a running count of statistics related to network interfaces. This display consists of a column for the primary interface (the first interface found during auto-configuration) and a column summarizing information for all interfaces. To replace the primary interface with another interface, use the -I option. The first line of each screen of information contains a summary since the system was last rebooted. Subsequent lines of output show values accumulated over the preceding interval. The routing table display indicates the available routes and their status. Each route consists of a destination host or network, a netmask and a gateway to use in forwarding packets. The Flags field shows whether the route is up (U), whether the route is to a gateway (G), whether the route is a host or network route (with or without H), whether the route was created dynamically (D) by a redirect or by Path MTU Discovery, and whether a gateway route has been modified (M), or it has been marked doubtful (?) due to the lack of a timely ARP response. The Netmask field shows the mask to be applied to the destination IP address of an IP packet to be forwarded. The result will be compared with the destination address in the route entry. If they are the same, then the route is one of the candidates for routing this IP packet. If there are several candidate routes, then the route with the longest Netmask field (contiguous 1's starting from the leftmost bit position) will be chosen. (see routing (7).) The Gateway field shows the address of the immediate gateway for reaching the destination. It can be the address of the outgoing interface if the destination is on a directly connected network. The Refs field shows the current number of active uses of the route. Connection-oriented protocols normally hold on to a single route for the duration of a connection, while connectionless protocols normally obtain a route just while sending a particular message. The Use field shows a count of the number of packets sent using the route. The Interface field identifies which network interface is used for the route. The Pmtu and PmtuTime fields apply only to host routes. The Pmtu field for network and default routes is the same as the MTU of the network interface used for the route. If the route is created with a static PMTU value (see route(1M)), the corresponding PmtuTime field contains the word perm, and the PMTU value permanently overrides the interface MTU. If the route is created dynamically (D in the Flags field), the value in the corresponding PmtuTime field is the number of minutes remaining before the PMTU expires. When the PMTU expires, the system rediscovers the current PMTU for the route, in case it has changed. The PmtuTime field is left blank when the PMTU is identical to the MTU of the interface. An asterisk (*) in the Pmtu field indicates that user has disabled the PMTU Discovery for the route. DEPENDENCIES X.25: -A and -a options do not list X.25 programmatic access information. AUTHOR netstat was developed by the University of California, Berkeley. SEE ALSO hosts(4), networks(4), gethostbyname(3N), getnetbyname(3N), protocols(4), route(1M), services(4).
ping - Send information over a network and get a response.
ping(1M) ping(1M) NAME ping - send ICMP Echo Request packets to network host SYNOPSIS ping [-oprv] [-i address] [-t ttl] host [-n count] ping [-oprv] [-i address] [-t ttl] host packet-size [ [-n] count] DESCRIPTION The ping command sends ICMP Echo Request (ECHO_REQUEST) packets to host once per second. Each packet that is echoed back via an ICMP Echo Response packet is written to the standard output, including round-trip time. ICMP Echo Request datagrams ("pings") have an IP and ICMP header, followed by a struct timeval (see gettimeofday(2)) and an arbitrary number of "pad" bytes used to fill out the packet. The default datagram length is 64 bytes, but this can be changed by using the packet-size option. Options The following options and parameters are recognizaed by ping: -i address If host is a multicast address, send multicast datagrams from the interface with the local IP address specified by address in ``dot'' notation (see inet_addr(3N)). If the -i option is not specified, multicast datagrams are sent from the default interface, which is determined by the route configuration. -o Insert an IP Record Route option in outgoing packets, summarizing routes taken when the command terminates. It may not be possible to get the round-trip path if some hosts on the route taken do not implement the IP Record Route option. A maximum of 9 Internet addresses can be recorded due to the maximum length of the IP option area. -p The new Path MTU information is displayed when a ICMP "Datagram Too Big" message is received from a gateway. The -p option must be used in conjunction with a large packetsize and with the -v option. -r Bypass the normal routing tables and send directly to a host on an attached network. If the host is not on a directly-connected network, an error is returned. This option can be used to ping the local system through an interface that has no route through it, such as after the interface was dropped by gated (see gated(1M)). -t ttl If host is a multicast address, set the time-to-live field in the multicast datagram to ttl. This controls the scope of the multicast datagrams by specifying the maximum number of external systems through which the datagram can be forwarded. If ttl is zero, the datagram is restricted to the local system. If ttl is one, the datagram is restricted to systems that have an interface on the network directly connected to the interface specified by the -i option. If ttl is two, the datagram can forwarded through at most one multicast router; and so forth. Range: zero to 255. The default value is 1. -v Verbose output. Show ICMP packets other than Echo Responses that are received. host Destination to which the ICMP Echo Requests are sent. host can be a hostname or an Internet address. All symbolic names specified for host are looked up by using gethostbyname() (see gethostbyname(3N)). If host is an Internet address, it must be in "dot" notation (see inet_addr(3N)). If a system does not respond as expected, the route might be configured incorrectly on the local or remote system or on an intermediate gateway, or there might be some other network failure. Normally, host is the address assigned to a local or remote network interface. If host is a broadcast address, all systems that receive the broadcast should respond. Normally, these are only systems that have a network interface on the same network as the local interface sending the ICMP Echo Request. If host is a multicast address, only systems that have joined the multicast group should respond. These may be distant systems if the -t option is specified, and there is a multicast router on the network directly connected to the interface specified by the -i option. packet-size The size of the transmitted packet, in bytes. By default (when packet-size is not specified), the size of transmitted packets is 64 bytes. The minimum value allowed for packet-size is 8 bytes, and the maximum is 4095 bytes. If packet-size is smaller than 16 bytes, there is not enough room for timing information. In that case, the round-trip times are not displayed. count The number of packets ping will transmit before terminating. Range: zero to 2147483647. The default is zero, in which case ping sends packets until interrupted. When using ping for fault isolation, first specify a local address for host to verify that the local network interface is working correctly. Then specify host and gateway addresses further and further away to determine the point of failure. ping sends one datagram per second, and it normally writes one line of output for every ICMP Echo Response that is received. No output is produced if there are no responses. If an optional count is given, only the specified number of requests is sent. Round-trip times and packet loss statistics are computed. When all responses have been received or the command times out (if the count option is specified), or if the command is terminated with a SIGINT, a brief summary is displayed. This command is intended for use in testing, managing and measuring network performance. It should be used primarily to isolate network failures. Because of the load it could impose on the network, it is considered discourteous to use ping unnecessarily during normal operations or from automated scripts. AUTHOR ping was developed in the Public Domain. FILES /etc/hosts SEE ALSO gethostbyname(3N), inet(3N).
rcp - Copy files and directories from one system to another.
rcp(1) rcp(1) NAME rcp - remote file copy SYNOPSIS Copy Single File rcp [-p] source_file1 dest_file Copy Multiple Files rcp [-p] source_file1 [source_file2]... dest_dir Copy One or More Directory Subtrees rcp [-p] -r source_dir1 [source_dir2]... dest_dir Copy Files and Directory Subtrees rcp [-p] -r file_or_dir1 [file_or_dir2]... dest_dir DESCRIPTION The rcp command copies files, directory subtrees, or a combination of files and directory subtrees from one or more systems to another. In many respects, it is similar to the cp command (see cp(1)). To use rcp, you must have read access to files being copied, and read and search (execute) permission on all directories in the directory path. Options and Arguments rcp recognizes the following options and arguments: source_file The name of an existing file or directory on a source_dir local or remote machine that you want copied to the specified destination. Source file and directory names are constructed as follows: user_name@hostname:pathname/filename or user_name@hostname:pathname/dirname Component parts of file and directory names are described below. If multiple existing files and/or directory subtrees are specified (source_file1, source_file2, ..., etc.), the destination must be a directory. Shell file name expansion is allowed on both local and remote systems. Multiple files and directory subtrees can be copied from one or more systems to a single destination directory with a single command. dest_file The name of the destination file. If host name and path name are not specified, the existing file is copied into a file named dest_file in the current directory on the local system. If dest_file already exists and is writable, the existing file is overwritten. Destination file names are constructed the same way as source files except that file name expansion characters cannot be used. dest_dir The name of the destination directory. If host name and path name are not specified, the existing file is copied into a directory named dest_dir in the current directory on the local system. If dest_dir already exists in the specified directory path (or current directory if not specified), a new directory named dest_dir is created underneath the existing directory named dest_dir. Destination directory names are constructed the same way as source directory tree names except that file name expansion characters cannot be used. file_or_dir If a combination of files and directories are specified for copying (either explicitly or by file name expansion), only files are copied unless the -r option is specified. If the -r option is present, all files and directory subtrees whose names match the specified file_or_dir name are copied. -p Preserve (duplicate) modification times and modes (permissions) of source files, ignoring the current setting of the umask file creation mode mask. If this option is specified, rcp preserves the sticky bit only if the target user is superuser. If the -p option is not specified, rcp preserves the mode and owner of dest_file if it already exists; otherwise rcp uses the mode of the source file modified by the umask on the destination host. Modification and access times of the destination file are set to the time when the copy was made. -r Recursively copy directory subtrees rooted at the source directory name. If any directory subtrees are to be copied, rcp recursively copies each subtree rooted at the specified source directory name to directory dest_dir. If source_dir is being copied to an existing directory of the same name, rcp creates a new directory source_dir within dest_dir and copies the subtree rooted at source_dir to dest_dir/source_dir. If dest_dir does not exist, rcp creates it and copies the subtree rooted at source_dir to dest_dir. Constructing File and Directory Names As indicated above, file and directory names contain one, two, or four component parts: user_name Login name to be used for accessing directories and files on remote system. hostname Hostname of remote system where directories and files are located. pathname Absolute directory path name or directory path name relative to the login directory of user user_name. filename Actual name of source or destination file. File name expansion is allowed on source file names. dirname Actual name of source or destination directory subtree. File name expansion is allowed on source directory names. Each file or directory argument is either a remote file name of the form hostname:path, or a local file name (with a slash (/) before any colon (:)). hostname can be either an official host name or an alias (see hosts(4)). If hostname is of the form ruser@rhost, ruser is used on the remote host instead of the current user name. An unspecified path (that is, hostname:) refers to the remote user's login directory. If path does not begin with /, it is interpreted relative to the remote user's login directory on hostname. Shell metacharacters in remote paths can be quoted with backslash (\), single quotes (''), or double quotes (""), so that they will be interpreted remotely. The rcp routine does not prompt for passwords. The current local user name or any user name specified via ruser must exist on rhost and allow remote command execution via remsh(1) and rcmd(3). remshd(1M) must be executable on the remote host. Third-party transfers in the form: rcp ruser1@rhost1:path1 ruser2@rhost2:path2 are performed as: remsh rhost1 -l ruser1 rcp path1 ruser2@rhost2:path2 Therefore, for a such a transfer to succeed, ruser2 on rhost2 must allow access by ruser1 from rhost1 (see hosts.equiv(4)). WARNINGS The rcp routine is confused by any output generated by commands in a .cshrc file on the remote host (see csh(1)). Copying a file onto itself, for example: rcp path `hostname`:path may produce inconsistent results. The current HP-UX version of rcp simply copies the file over itself. However, some implementations of rcp, including some earlier HP-UX implementations, corrupt the file. In addition, the same file may be referred to in multiple ways, for example, via hard links, symbolic links, or NFS. It is not guaranteed that rcp will correctly copy a file over itself in all cases. Implementations of rcp based on the 4.2BSD version (including the implementations of rcp prior to HP-UX 7.0) require that remote users be specified as rhost.ruser. If the first remote host specified in a third party transfer (rhost1 in the example below) uses this older syntax, the command must have the form: rcp ruser1@rhost1:path1 rhost2.ruser2:path2 since the target is interpreted by rhost1. A common problem that is encountered is when two remote files are to be copied to a remote target that specifies a remote user. If the two remote source systems, rhost1 and rhost2, each expect a different form for the remote target, the command: rcp rhost1:path1 rhost2:path2 rhost3.ruser3:path3 will certainly fail on one of the source systems. Perform such a transfer using two separate commands. AUTHOR rcp was developed by the University of California, Berkeley. SEE ALSO cp(1), ftp(1), remsh(1), remshd(1M), rcmd(3), hosts(4), hosts.equiv(4). ftp chapter in Using Internet Services. rcp(1) Secure Internet Services with Kerberos Authentication rcp(1) NAME rcp - remote file copy SYNOPSIS Copy Single File rcp [-k realm] [-P] [-p] source_file1 dest_file Copy Multiple Files rcp [-k realm] [-P] [-p] source_file1 [source_file2]... dest_dir Copy One or More Directory Subtrees rcp [-k realm] [-P] [-p] -r source_dir1 [source_dir2]... dest_dir Copy Files and Directory Subtrees rcp [-k realm] [-P] [-p] -r file_or_dir1 [file_or_dir2]... dest_dir DESCRIPTION The rcp command copies files, directory subtrees, or a combination of files and directory subtrees from one or more systems to another. In many respects, it is similar to the cp command (see cp(1)). To use rcp, you must have read access to files being copied, and read and search (execute) permission on all directories in the directory path. In a Kerberos V5 Network Authentication environment, rcp uses the Kerberos V5 protocol while initiating the connection to a remote host. The authorization mechanism is dependent on the command line options used to invoke remshd on the remote host (i.e., -K, -R, -r, or -k). Kerberos authentication and authorization rules are described in the Secure Internet Services man page, sis(5). Although Kerberos authentication and authorization may apply, the Kerberos mechanism is not applied when copying files. The files are still transferred in cleartext over the network. Options and Arguments rcp recognizes the following options and arguments: source_file The name of an existing file or directory on a source_dir local or remote machine that you want copied to the specified destination. Source file and directory names are constructed as follows: user_name@hostname:pathname/filename or user_name@hostname:pathname/dirname Component parts of file and directory names are described below. If multiple existing files and/or directory subtrees are specified (source_file1, source_file2, ..., etc.), the destination must be a directory. Shell file name expansion is allowed on both local and remote systems. Multiple files and directory subtrees can be copied from one or more systems to a single destination directory with a single command. dest_file The name of the destination file. If host name and path name are not specified, the existing file is copied into a file named dest_file in the current directory on the local system. If dest_file already exists and is writable, the existing file is overwritten. Destination file names are constructed the same way as source files except that file name expansion characters cannot be used. dest_dir The name of the destination directory. If host name and path name are not specified, the existing file is copied into a directory named dest_dir in the current directory on the local system. If dest_dir already exists in the specified directory path (or current directory if not specified), a new directory named dest_dir is created underneath the existing directory named dest_dir. Destination directory names are constructed the same way as source directory tree names except that file name expansion characters cannot be used. file_or_dir If a combination of files and directories are specified for copying (either explicitly or by file name expansion), only files are copied unless the -r option is specified. If the -r option is present, all files and directory subtrees whose names match the specified file_or_dir name are copied. -k realm Obtain tickets from the remote host in the specified realm instead of the remote host's default realm as specified in the configuration file krb.realms. -P Disable Kerberos authentication. Only applicable in a secure environment based on Kerberos V5. If the remote host has been configured to prevent non-secure access, using this option would result in the generic error, rcmd: connect: <hostname>: Connection refused See DIAGNOSTICS in remshd(1M) for more details. -p Preserve (duplicate) modification times and modes (permissions) of source files, ignoring the current setting of the umask file creation mode mask. If this option is specified, rcp preserves the sticky bit only if the target user is superuser. If the -p option is not specified, rcp preserves the mode and owner of dest_file if it already exists; otherwise rcp uses the mode of the source file modified by the umask on the destination host. Modification and access times of the destination file are set to the time when the copy was made. -r Recursively copy directory subtrees rooted at the source directory name. If any directory subtrees are to be copied, rcp recursively copies each subtree rooted at the specified source directory name to directory dest_dir. If source_dir is being copied to an existing directory of the same name, rcp creates a new directory source_dir within dest_dir and copies the subtree rooted at source_dir to dest_dir/source_dir. If dest_dir does not exist, rcp creates it and copies the subtree rooted at source_dir to dest_dir. Constructing File and Directory Names As indicated above, file and directory names contain one, two, or four component parts: user_name Login name to be used for accessing directories and files on remote system. hostname Hostname of remote system where directories and files are located. pathname Absolute directory path name or directory path name relative to the login directory of user user_name. filename Actual name of source or destination file. File name expansion is allowed on source file names. dirname Actual name of source or destination directory subtree. File name expansion is allowed on source directory names. Each file or directory argument is either a remote file name of the form hostname:path, or a local file name (with a slash (/) before any colon (:)). hostname can be either an official host name or an alias (see hosts(4)). If hostname is of the form ruser@rhost, ruser is used on the remote host instead of the current user name. An unspecified path (that is, hostname:) refers to the remote user's login directory. If path does not begin with /, it is interpreted relative to the remote user's login directory on hostname. Shell metacharacters in remote paths can be quoted with backslash (\), single quotes (''), or double quotes (""), so that they will be interpreted remotely. rcp does not prompt for passwords. In a non-secure or traditional environment, user authorization is checked by determining if the current local user name or any user name specified via ruser exists on rhost. In a Kerberos V5 Network Authentication or secure environment, the authorization method is dependent upon the command line options for remshd (see remshd(1M) for details). In either case, remote command execution via remsh(1) and rcmd(3) must be allowed and remshd(1M) must be executable on the remote host. Third-party transfers in the form: rcp ruser1@rhost1:path1 ruser2@rhost2:path2 are performed as: remsh rhost1 -l ruser1 rcp path1 ruser2@rhost2:path2 Therefore, for a such a transfer to succeed, ruser2 on rhost2 must allow access by ruser1 from rhost1 (see hosts.equiv(4)). WARNINGS The rcp routine is confused by any output generated by commands in a .cshrc file on the remote host (see csh(1)). Copying a file onto itself, for example: rcp path `hostname`:path may produce inconsistent results. The current HP-UX version of rcp simply copies the file over itself. However, some implementations of rcp, including some earlier HP-UX implementations, corrupt the file. In addition, the same file may be referred to in multiple ways, for example, via hard links, symbolic links, or NFS. It is not guaranteed that rcp will correctly copy a file over itself in all cases. Implementations of rcp based on the 4.2BSD version (including the implementations of rcp prior to HP-UX 7.0) require that remote users be specified as rhost.ruser. If the first remote host specified in a third party transfer (rhost1 in the example below) uses this older syntax, the command must have the form: rcp ruser1@rhost1:path1 rhost2.ruser2:path2 since the target is interpreted by rhost1. A common problem that is encountered is when two remote files are to be copied to a remote target that specifies a remote user. If the two remote source systems, rhost1 and rhost2, each expect a different form for the remote target, the command: rcp rhost1:path1 rhost2:path2 rhost3.ruser3:path3 will certainly fail on one of the source systems. Perform such a transfer using two separate commands. AUTHOR rcp was developed by the University of California, Berkeley. SEE ALSO cp(1), ftp(1), remsh(1), remshd(1M), rcmd(3), hosts(4), hosts.equiv(4), sis(5). ftp chapter in Using Internet Services.
remsh - Connect to a remote host and execute a command.
remsh(1) remsh(1) NAME remsh - execute from a remote shell SYNOPSIS remsh host [-l username] [-n] command host [-l username] [-n] command rexec host [-l username] [-n] command DESCRIPTION remsh connects to the specified host and executes the specified command. The host name can be either the official name or an alias as understood by gethostbyname() (see gethostent(3N) and hosts(4)). remsh copies its standard input (stdin) to the remote command, and the standard output of the remote command to its standard output (stdout), and the standard error of the remote command to its standard error (stderr). Hangup, interrupt, quit, terminate, and broken pipe signals are propagated to the remote command. remsh exits when the sockets associated with stdout and stderr of the remote command are closed. This means that remsh normally terminates when the remote command does (see remshd(1M)). By default, remsh uses the following path when executing the specified command: /usr/bin:/usr/ccs/bin:/usr/bin/X11: remsh uses the default remote login shell with the -c option to execute the remote command. If the default remote shell is csh, csh sources the remote .cshrc file before the command. remsh cannot be used to run commands that require a terminal interface (such as vi) or commands that read their standard error (such as more). In such cases, use rlogin or telnet instead (see rlogin(1) and telnet(1)). The remote account name used is the same as your local account name, unless you specify a different remote name with the -l option. This remote account name must be equivalent to the originating account; no provision is made for specifying a password with a command. For more details about equivalent hosts and how to specify them, see hosts.equiv(4). The files inspected by remshd on the remote host are /etc/hosts.equiv and $HOME/.rhosts (see remshd(1M)). If command, is not specified, instead of executing a single command, you will be logged in on the remote host using rlogin (see rlogin(1)). Any rlogin options typed in on the command line are transmitted to rlogin. If command is specified, options specific to rlogin are ignored by remsh. By default, remsh reads its standard input and sends it to the remote command because remsh has no way to determine whether the remote command requires input. The -n option redirects standard input to remsh from /dev/null. This is useful when running a shell script containing a remsh command, since otherwise remsh may use input not intended for it. The -n option is also useful when running remsh in the background from a job control shell, /usr/bin/csh or /usr/bin/ksh. Otherwise, remsh stops and waits for input from the terminal keyboard for the remote command. /usr/bin/sh automatically redirects its input from /dev/null when jobs are run in the background. Host names for remote hosts can also be commands (linked to remsh) in the directory /usr/hosts. If this directory is specified in the $PATH environment variable, you can omit remsh. For example, if remotehost is the name of a remote host, /usr/hosts/remotehost is linked to remsh, and if /usr/hosts is in your search path, the command remotehost command executes command on remotehost, and the command remotehost is equivalent to rlogin remotehost The rexec command, a link to remsh, works the same as remsh except that it uses the rexec() library routine and rexecd for command execution (see rexec(3N) and rexecd(1M)). rexec prompts for a password before executing the command instead of using hosts.equiv for authentication. It should be used in instances where a password to a remote account is known but there are insufficient permissions for remsh. EXAMPLES Shell metacharacters that are not quoted are interpreted on the local host; quoted metacharacters are interpreted on the remote host. Thus the command line: remsh otherhost cat remotefile >> localfile appends the remote file remotefile to the local file localfile, while the command line remsh otherhost cat remotefile ">>" otherremotefile appends remotefile to the remote file otherremotefile. If the remote shell is /usr/bin/sh, the following command line sets up the environment for the remote command before executing the remote command: remsh otherhost . .profile 2>&- \; command The 2>&- throws away error messages generated by executing .profile when stdin and stdout are not a terminal. The following command line runs remsh in the background on the local system, and the output of the remote command comes to your terminal asynchronously: remsh otherhost -n command & The background remsh completes when the remote command does. The following command line causes remsh to return immediately without waiting for the remote command to complete: remsh otherhost -n "command 1>&- 2>&- &" (See remshd(1M) and sh(1)). If your login shell on the remote system is csh, use the following form instead: remsh otherhost -n "sh -c \"command 1>&- 2>&- &\"" RETURN VALUE If remsh fails to set up the secondary socket connection, it returns 2. If it fails in some other way, it returns 1. If it fully succeeds in setting up a connection with remshd, it returns 0 once the remote command has completed. Note that the return value of remsh bears no relation to the return value of the remote command. DIAGNOSTICS Besides the errors listed below, errors can also be generated by the library functions rcmd() and rresvport() which are used by remsh (see rcmd(3N)). Those errors are preceded by the name of the library function that generated them. remsh can produce the following diagnostic messages: rlogin: ... Error in executing rlogin (rlogin is executed when the user does not specify any commands to be executed). This is followed by the error message specifying why the execution failed. shell/tcp: Unknown service The ``shell'' service specification is not present in the /etc/services file. Can't establish stderr remsh cannot establish secondary socket connection for stderr. <system call>: ... Error in executing system call. Appended to this error is a message specifying the cause of the failure. There is no entry for you (user ID uid) in /etc/passwd Check with the system administrator to see if your entry in the password file has been deleted by mistake. WARNINGS For security reasons, the /etc/hosts.equiv and .rhosts files should exist, even if empty, and should be readable and writable only by the owner. Note also that all information, including any passwords asked for, is passed unencrypted between the two hosts. If remsh is run with an interactive command it hangs. DEPENDENCIES remsh is the same service as rsh on BSD systems. The name was changed due to a conflict with the existing System V command rsh (restricted shell). AUTHOR remsh was developed by the University of California, Berkeley. FILES /usr/hosts/* for version of the command invoked only with hostname SEE ALSO rlogin(1), remshd(1M), rexecd(1M), gethostent(3N), rcmd(3N), rexec(3N), hosts.equiv(4), hosts(4). remsh(1) Secure Internet Services with Kerberos Authentication remsh(1) NAME remsh - execute from a remote shell SYNOPSIS remsh host [-l username] [-f/F] [-k realm] [-P] [-n] command host [-l username] [-f/F] [-k realm] [-P] [-n] command rexec host [-l username] [-n] command DESCRIPTION remsh connects to the specified host and executes the specified command. The host name can be either the official name or an alias as understood by gethostbyname() (see gethostent(3N) and hosts(4)). remsh copies its standard input (stdin) to the remote command, and the standard output of the remote command to its standard output (stdout), and the standard error of the remote command to its standard error (stderr). Hangup, interrupt, quit, terminate, and broken pipe signals are propagated to the remote command. remsh exits when the sockets associated with stdout and stderr of the remote command are closed. This means that remsh normally terminates when the remote command does (see remshd(1M)). By default, remsh uses the following path when executing the specified command: /usr/bin:/usr/ccs/bin:/usr/bin/X11: remsh uses the default remote login shell with the -c option to execute the remote command. If the default remote shell is csh, csh sources the remote .cshrc file before the command. remsh cannot be used to run commands that require a terminal interface (such as vi) or commands that read their standard error (such as more). In such cases, use rlogin or telnet instead (see rlogin(1) and telnet(1)). The remote account name used is the same as your local account name, unless you specify a different remote name with the -l option. In addition, the remote host account name must also conform to other rules which differ depending upon whether the remote host is operating in a Kerberos V5 Network Authentication, i.e., secure environment or not. In a non-secure, or traditional environment, the remote account name must be equivalent to the originating account; no provision is made for specifying a password with a command. For more details about equivalent hosts and how to specify them, see hosts.equiv(4). The files inspected by remshd on the remote host are /etc/hosts.equiv and $HOME/.rhosts (see remshd(1M)). In a Kerberos V5 Network Authentication environment, the local host must be successfully authenticated before the remote account name is checked for proper authorization. The authorization mechanism is dependent on the command line options used to invoke remshd on the remote host (i.e., -K, -R, -r, or -k). For further information on Kerberos authentication and authorization see the Secure Internet Services man page, sis(5) and remshd(1M). Although Kerberos authentication and authorization may apply, the Kerberos mechanism is not applied to the command or to its response. All information transferred between the local and remote host is still sent in cleartext over the network. In a secure or Kerberos V5-based environment, the following command line options are available: -f Forward the ticket granting ticket (TGT) to the remote system. The TGT is not forwardable from there. -F Forward the TGT to the remote system and have it forwardable from there to another remote system. -f and -F are mutually exclusive. -k realm Obtain tickets from the remote host in the specified realm instead of the remote host's default realm as specified in the configuration file krb.realms. -P Disable Kerberos authentication. If a command is not specified, instead of executing a single command, you will be logged in on the remote host using rlogin (see rlogin(1)). Any rlogin options typed in on the command line are transmitted to rlogin. If no command and the option -P is specified, rlogin will be invoked with -P to indicate that Kerberos authentication (or secure access) is not required. This will mean that if a password is requested, the password will be sent in cleartext. If a command is specified, options specific to rlogin are ignored by remsh. If a command and the option -n are specified, then standard input is redirected to remsh by /dev/null. If -n is not specified (the default case), remsh reads its standard input and sends the input to the remote command. This is because remsh has no way to determine whether the remote command requires input. This option is useful when running a shell script containing a remsh command, since otherwise remsh may use input not intended for it. The -n option is also useful when running remsh in the background from a job control shell, /usr/bin/csh or /usr/bin/ksh. Otherwise, remsh stops and waits for input from the terminal keyboard for the remote command. /usr/bin/sh automatically redirects its input from /dev/null when jobs are run in the background. Host names for remote hosts can also be commands (linked to remsh) in the directory /usr/hosts. If this directory is specified in the $PATH environment variable, you can omit remsh. For example, if remotehost is the name of a remote host, /usr/hosts/remotehost is linked to remsh, and if /usr/hosts is in your search path, the command remotehost command executes command on remotehost, and the command remotehost is equivalent to rlogin remotehost The rexec command, a link to remsh, works the same as remsh except that it uses the rexec() library routine and rexecd for command execution (see rexec(3N) and rexecd(1M)) and does not support Kerberos authentication. rexec prompts for a password before executing the command instead of using hosts.equiv for authentication. It should be used in instances where a password to a remote account is known but there are insufficient permissions for remsh. EXAMPLES Shell metacharacters that are not quoted are interpreted on the local host; quoted metacharacters are interpreted on the remote host. Thus the command line: remsh otherhost cat remotefile >> localfile appends the remote file remotefile to the local file localfile, while the command line remsh otherhost cat remotefile ">>" otherremotefile appends remotefile to the remote file otherremotefile. If the remote shell is /usr/bin/sh, the following command line sets up the environment for the remote command before executing the remote command: remsh otherhost . .profile 2>&- \; command The 2>&- throws away error messages generated by executing .profile when stdin and stdout are not a terminal. The following command line runs remsh in the background on the local system, and the output of the remote command comes to your terminal asynchronously: remsh otherhost -n command & The background remsh completes when the remote command does. The following command line causes remsh to return immediately without waiting for the remote command to complete: remsh otherhost -n "command 1>&- 2>&- &" (See remshd(1M) and sh(1)). If your login shell on the remote system is csh, use the following form instead: remsh otherhost -n "sh -c \"command 1>&- 2>&- &\"" RETURN VALUE If remsh fails to set up the secondary socket connection, it returns 2. If it fails in some other way, it returns 1. If it fully succeeds in setting up a connection with remshd, it returns 0 once the remote command has completed. Note that the return value of remsh bears no relation to the return value of the remote command. DIAGNOSTICS Besides the errors listed below, errors can also be generated by the library functions rcmd() and rresvport() which are used by remsh (see rcmd(3N)). Those errors are preceded by the name of the library function that generated them. remsh can produce the following diagnostic messages: rlogin: ... Error in executing rlogin (rlogin is executed when the user does not specify any commands to be executed). This is followed by the error message specifying why the execution failed. shell/tcp: Unknown service The ``shell'' service specification is not present in the /etc/services file. Can't establish stderr remsh cannot establish secondary socket connection for stderr. <system call>: ... Error in executing system call. Appended to this error is a message specifying the cause of the failure. There is no entry for you (user ID uid) in /etc/passwd Check with the system administrator to see if your entry in the password file has been deleted by mistake. rcmd: connect: <hostname>: Connection refused One cause for display of this generic error message could be due to the absence of an entry for shell in /etc/inetd.conf on the remote system. This entry may have been removed or commented out to prevent non-secure access. Kerberos-specific errors are listed in sis(5). WARNINGS For security reasons, the /etc/hosts.equiv and .rhosts files should exist, even if empty, and should be readable and writable only by the owner. If remsh is run with an interactive command it hangs. DEPENDENCIES remsh is the same service as rsh on BSD systems. The name was changed due to a conflict with the existing System V command rsh (restricted shell). AUTHOR remsh was developed by the University of California, Berkeley. FILES /usr/hosts/* for version of the command invoked only with hostname SEE ALSO rlogin(1), remshd(1M), rexecd(1M), gethostent(3N), rcmd(3N), rexec(3N), hosts.equiv(4), hosts(4), sis(5).
rlogin - Logintoa remote host.
NAME rlogin - remote login SYNOPSIS rlogin rhost [-7] [-8] [-ee] [-l username] rhost [-7] [-8] [-ee] [-l username] DESCRIPTION The rlogin command connects your terminal on the local host to the remote host (rhost). rlogin acts as a virtual terminal to the remote system. The host name rhost can be either the official name or an alias as listed in the file /etc/hosts (see hosts(4)). In a manner similar to the remsh command (see remsh(1)), rlogin allows a user to log in on an equivalent remote host, rhost, bypassing the normal login/password sequence. For more information about equivalent hosts and how to specify them in the files /etc/hosts.equiv and .rhosts, see hosts.equiv(4). The searching of the files /etc/hosts.equiv and .rhosts occurs on the remote host, and the .rhosts file must be owned by the remote user account or by a remote superuser. If the originating user account is not equivalent to the remote user account, the originating user is prompted for the password of the remote account. If this fails, a login name and password are prompted for, as when login is used (see login(1)). The terminal type specified by the current TERM environment variable is propagated across the network and used to set the initial value of your TERM environment variable on the remote host. Your terminal baud rate is also propagated to the remote host, and is required by some systems to set up the pseudo-terminal used by rlogind (see rlogind(1M)). All echoing takes place at the remote site, so that (except for delays) the remote login is transparent. If at any time rlogin is unable to read from or write to the socket connection on the remote host, the message Connection closed is printed on standard error and rlogin exits. Options rlogin recognizes the following options. Note that the options follow the rhost argument. -7 Set the character size to seven bits. The eighth bit of each byte sent is set to zero (space parity). -8 Use an eight-bit data path. This is the default HP-UX behavior. To use eight-bit characters, the terminal must be configured to generate either eight-bit characters with no parity, or seven bit characters with space parity. The HP-UX implementation of rlogind (see rlogind(1M)) interprets seven bit characters with even, odd, or mark parity as eight-bit non-USASCII characters. You may also need to reconfigure the remote host appropriately (see stty(1) and tty(7)). Some remote hosts may not provide the necessary support for eight-bit characters. In this case, or if it is not possible to disable parity generation by the local terminal, use the -7 option. -ee Set the escape character to e. There is no space separating the option letter and the argument character. To start a line with the escape character, two of the escape characters must be entered. The default escape character is tilde (~). Some characters may conflict with your terminal configuration, such as ^S, ^Q, or backspace. Using one of these as the escape character may not be possible or may cause problems communicating with the remote host (see stty(1) and tty(7)). -l username Set the user login name on the remote host to username. The default name is the current account name of the user invoking rlogin. Escape Sequences rlogin can be controlled with two-character escape sequences, in the form ex, where e is the escape character and x is a code character described below. Escape sequences are recognized only at the beginning of a line of input. The default escape character is tilde (~). It can be changed with the -e option. The following escape sequences are recognized: ey If y is NOT a code character described below, pass the escape character and y as characters to the remote host. ee Pass the escape character as a character to the remote host. e. Disconnect from the remote host. e! Escape to a subshell on the local host. Use exit to return to the remote host. If rlogin is run from a shell that supports job control (see csh(1), ksh(1), and sh-posix(1)), escape sequences can be used to suspend rlogin. The following escape sequences assume that ^Z and ^Y are set as the user's susp and dsusp characters, respectively (see stty(1) and termio(7)). e^Z Suspend the rlogin session and return the user to the shell that invoked rlogin. The rlogin job can be resumed with the fg command (see csh(1), ksh(1), and sh-posix(1)). e^Z suspends both rlogin processes: the one transmitting user input to the remote login, and the one displaying output from the remote login. e^Y Suspend the rlogin session and return the user to the shell that invoked rlogin. The rlogin job can be resumed with the fg command (see csh(1), ksh(1), and sh-posix(1)). e^Y suspends only the input process; output from the remote login continues to be displayed. If you "daisy-chain" remote logins (for example, you rlogin from host A to host B and then rlogin from host B to host C) without setting unique escape characters, you can repeat the escape character until it reaches your chosen destination. For example, the first escape character, e, is seen as an escape character on host A; the second e is passed as a normal character by host A and seen as an escape character on host B; a third e is passed as a normal character by hosts A and B and accepted as a normal character by host C. Remote Host Name As Command The system administrator can arrange for more convenient access to a remote host (rhost) by linking remsh to /usr/hosts/rhost, allowing use of the remote host name (rhost) as a command (see remsh(1)). For example, if remotehost is the name of a remote host and /usr/hosts/remotehost is linked to remsh, and if /usr/hosts is in your search path, the command: remotehost is equivalent to: rlogin remotehost RETURN VALUES rlogin sends an error message to standard error and returns a nonzero value if an error occurs before the connection to the remote host is completed. Otherwise, it returns a zero. DIAGNOSTICS Diagnostics can occur from both the local and remote hosts. Those that occur on the local host before the connection is completely established are written to standard error. Once the connection is established, any error messages from the remote host are written to standard output, like any other data. login/tcp: Unknown service rlogin was unable to find the login service listed in the /etc/services database file. There is no entry for you (user ID username) in /etc/passwd rlogin was unable to find your user ID in the password file. Next Step: Contact your system administrator. system call:... An error occurred when rlogin attempted the indicated system call. See the appropriate manual entry for information about the error. EXAMPLES Log in as the same user on the remote host remote: rlogin remote Set the escape character to a !, use a seven-bit data connection, and attempt a login as user guest on host remhost: rlogin remhost -e! -7 -l guest Assuming that your system administrator has set up the links in /usr/hosts, the following is equivalent to the previous command: remhost -e! -7 -l guest WARNINGS For security purposes, the /etc/hosts.equiv and .rhosts files should exist, even if they are empty. These files should be readable and writable only by the owner. See host.equiv(4) for more information. Note also that all information, including any passwords asked for, is passed unencrypted between the two hosts. rlogin is unable to transmit the Break key as an interrupt signal to the remote system, regardless of whether the user has set stty brkint on the local system. The key assigned to SIGINT with the command stty intr c should be used instead (see stty(1)). AUTHOR rlogin was developed by the University of California, Berkeley. FILES $HOME/.rhosts User's private equivalence list /etc/hosts.equiv List of equivalent hosts /usr/hosts/* For rhost version of the command SEE ALSO csh(1), ksh(1), login(1), remsh(1), sh(1), sh-bourne(1), sh-posix(1), stty(1), telnet(1), rlogind(1M), hosts(4), hosts.equiv(4), inetd.conf(4), services(4), termio(7), tty(7). rlogin(1) Secure Internet Services with Kerberos Authentication rlogin(1) NAME rlogin - remote login SYNOPSIS rlogin rhost [-7] [-8] [-ee] [-f/F] [-k realm] [-l username] [-P] rhost [-7] [-8] [-ee] [-f/F] [-k realm] [-l username] [-P] DESCRIPTION The rlogin command connects your terminal on the local host to the remote host (rhost). rlogin acts as a virtual terminal to the remote system. The host name rhost can be either the official name or an alias as listed in the file /etc/hosts (see hosts(4)). The terminal type specified by the current TERM environment variable is propagated across the network and used to set the initial value of your TERM environment variable on the remote host. Your terminal baud rate is also propagated to the remote host, and is required by some systems to set up the pseudo-terminal used by rlogind (see rlogind(1M)). All echoing takes place at the remote site, so that (except for delays) the remote login is transparent. If at any time rlogin is unable to read from or write to the socket connection on the remote host, the message Connection closed is printed on standard error and rlogin exits. In a Kerberos V5 Network Authentication environment, rlogin uses the Kerberos V5 protocol to authenticate the connection to a remote host. If the authentication is successful, user authorization will be performed according to the command line options selected for rlogind (i.e., -K, -R, -r, or -k). A password will not be required, so a password prompt will not be seen and a password will not be sent over the network where it can be observed. For further information on Kerberos authentication and authorization see the Secure Internet Services man page, sis(5) and rlogind(1M). Although Kerberos authentication and authorization may apply, the Kerberos mechanism is not applied to the login session. All information transferred between your host and the remote host is sent in cleartext over the network. Options rlogin recognizes the following options. Note that the options follow the rhost argument. -7 Set the character size to seven bits. The eighth bit of each byte sent is set to zero (space parity). -8 Use an eight-bit data path. This is the default HP-UX behavior. To use eight-bit characters, the terminal must be configured to generate either eight-bit characters with no parity, or seven bit characters with space parity. The HP-UX implementation of rlogind (see rlogind(1M)) interprets seven bit characters with even, odd, or mark parity as eight-bit non-USASCII characters. You may also need to reconfigure the remote host appropriately (see stty(1) and tty(7)). Some remote hosts may not provide the necessary support for eight-bit characters. In this case, or if it is not possible to disable parity generation by the local terminal, use the -7 option. -ee Set the escape character to e. There is no space separating the option letter and the argument character. To start a line with the escape character, two of the escape characters must be entered. The default escape character is tilde (~). Some characters may conflict with your terminal configuration, such as ^S, ^Q, or backspace. Using one of these as the escape character may not be possible or may cause problems communicating with the remote host (see stty(1) and tty(7)). -f Forward the ticket granting ticket (TGT) to the remote system. The TGT is not forwardable from there. -F Forward the TGT to the remote system and have it forwardable from there to another remote system. -f and -F are mutually exclusive. -k realm Obtain tickets from the remote host in the specified realm instead of the remote host's default realm as specified in the configuration file krb.realms. -l username Set the user login name on the remote host to username. The default name is the current account name of the user invoking rlogin. -P Disable Kerberos authentication. Only applicable in a secure environment based on Kerberos V5. When this option is specified, a password is required and the password is sent across the network in cleartext. To bypass the normal login/password sequence, you can login to a remote host using an equivalent account in a manner similar to remsh. See hosts.equiv(4) for details. rlogin can be controlled with two-character escape sequences, in the form ex, where e is the escape character and x is a code character described below. Escape sequences are recognized only at the beginning of a line of input. The default escape character is tilde (~). It can be changed with the -e option. The following escape sequences are recognized: ey If y is NOT a code character described below, pass the escape character and y as characters to the remote host. ee Pass the escape character as a character to the remote host. e. Disconnect from the remote host. e! Escape to a subshell on the local host. Use exit to return to the remote host. If rlogin is run from a shell that supports job control (see csh(1), ksh(1), and sh-posix(1)), escape sequences can be used to suspend rlogin. The following escape sequences assume that ^Z and ^Y are set as the user's susp and dsusp characters, respectively (see stty(1) and termio(7)). e^Z Suspend the rlogin session and return the user to the shell that invoked rlogin. The rlogin job can be resumed with the fg command (see csh(1), ksh(1), and sh-posix(1)). e^Z suspends both rlogin processes: the one transmitting user input to the remote login, and the one displaying output from the remote login. e^Y Suspend the rlogin session and return the user to the shell that invoked rlogin. The rlogin job can be resumed with the fg command (see csh(1), ksh(1), and sh-posix(1)). e^Y suspends only the input process; output from the remote login continues to be displayed. If you "daisy-chain" remote logins (for example, you rlogin from host A to host B and then rlogin from host B to host C) without setting unique escape characters, you can repeat the escape character until it reaches your chosen destination. For example, the first escape character, e, is seen as an escape character on host A; the second e is passed as a normal character by host A and seen as an escape character on host B; a third e is passed as a normal character by hosts A and B and accepted as a normal character by host C. Remote Host Name As Command The system administrator can arrange for more convenient access to a remote host (rhost) by linking remsh to /usr/hosts/rhost, allowing use of the remote host name (rhost) as a command (see remsh(1)). For example, if remotehost is the name of a remote host and /usr/hosts/remotehost is linked to remsh, and if /usr/hosts is in your search path, the command: remotehost is equivalent to: rlogin remotehost RETURN VALUES rlogin sends an error message to standard error and returns a nonzero value if an error occurs before the connection to the remote host is completed. Otherwise, it returns a zero. DIAGNOSTICS Diagnostics can occur from both the local and remote hosts. Those that occur on the local host before the connection is completely established are written to standard error. Once the connection is established, any error messages from the remote host are written to standard output, like any other data. login/tcp: Unknown service rlogin was unable to find the login service listed in the /etc/services database file. There is no entry for you (user ID username) in /etc/passwd rlogin was unable to find your user ID in the password file. Next Step: Contact your system administrator. system call:... An error occurred when rlogin attempted the indicated system call. See the appropriate manual entry for information about the error. rcmd: connect <hostname>: Connection refused. One cause for display of this generic error message could be due to the absence of an entry for login in /etc/inetd.conf on the remote system. This entry may have been removed or commented out to prevent non-secure access. Kerberos-specific errors are listed in sis(5). EXAMPLES Log in as the same user on the remote host remote: rlogin remote Set the escape character to a !, use a seven-bit data connection, and attempt a login as user guest on host remhost: rlogin remhost -e! -7 -l guest Assuming that your system administrator has set up the links in /usr/hosts, the following is equivalent to the previous command: remhost -e! -7 -l guest WARNINGS For security purposes, the /etc/hosts.equiv and .rhosts files should exist, even if they are empty. These files should be readable and writable only by the owner. See host.equiv(4) for more information. Note also that all information, including passwords, is passed unencrypted between the two hosts. In a Kerberos V5 Network Authentication environment, a password is not transmitted across the network, so it will be protected. rlogin is unable to transmit the Break key as an interrupt signal to the remote system, regardless of whether the user has set stty brkint on the local system. The key assigned to SIGINT with the command stty intr c should be used instead (see stty(1)). AUTHOR rlogin was developed by the University of California, Berkeley. FILES $HOME/.rhosts User's private equivalence list /etc/hosts.equiv List of equivalent hosts /usr/hosts/* For rhost version of the command SEE ALSO csh(1), ksh(1), login(1), remsh(1), sh(1), sh-bourne(1), sh-posix(1), stty(1), telnet(1), rlogind(1M), hosts(4), hosts.equiv(4), inetd.conf(4), services(4), termio(7), tty(7), sis(5).
route - Manipulate network routing tables.
route(1M) route(1M) NAME route - manually manipulate the routing tables SYNOPSIS /usr/sbin/route [-f] [-n] [-p pmtu] add [net|host] destination [netmask mask] gateway [count] /usr/sbin/route [-f] [-n] delete [net|host] destination [netmask mask] gateway [count] /usr/sbin/route -f [-n] DESCRIPTION The route command manipulates the network routing tables manually. You must have appropriate privileges. Subcommands The following subcommands are supported. add Add the specified host or network route to the network routing table. If the route already exists, a message is printed and nothing changes. delete Delete the specified host or network route from the network routing table. Options and Arguments route recognizes the following options and arguments. -f Delete all route table entries that specify a remote host for a gateway. If this is used with one of the subcommands, the entries are deleted before the subcommand is processed. -n Print any host and network addresses in Internet dot notation, except for the default network address, which is printed as default. -p pmtu Specifies a path maximum transmission unit (MTU) value for a static host route. The minimum value allowed is 68 bytes; the maximum is the MTU of the outgoing interface for this route. This option only applies to adding a host route. In all other cases, this option is ignored and has no effect on a system. You can also disable the Path MTU Discovery for a host route by specifying pmtu as zero. net The type of destination address. If this argument or is omitted, routes to a particular host are host distinguished from those to a network by interpreting the Internet address associated with destination. If the destination has a local address part of INADDR_ANY(0), the route is assumed to be to a network; otherwise, it is treated as a route to a host. destination The destination host system where the packets will be routed. destination can be one of the following: - A host name (the official name or an alias, see gethostbyname(3N)). - A network name (the official name or an alias, see getnetbyname(3N)). - An Internet address in dot notation (see inet(3N)). - The keyword default, which signifies the wildcard gateway route (see routing(7)). netmask mask The mask that will be bit-wise ANDed with destination to yield a net address where the packets will be routed. mask can be specified as a single hexadecimal number with a leading 0x, with a dot-notation Internet address, or with a pseudo-network name listed in the network table (see networks(4)). The length of the mask, which is the number of contiguous 1's starting from the leftmost bit position of the 32-bit field, can be shorter than the default network mask for the destination address. (see routing (7)). If the netmask option is not given, mask for the route will be derived from the netmasks associated with the local interfaces. (see ifconfig (1)). mask will be defaulted to the longest netmask of those local interfaces that have the same network address. If there is not any local interface that has the same network address, then mask will be defaulted to the default network mask of destination. gateway The gateway through which the destination is reached. gateway can be one of the following: - A host name (the official name or an alias, see gethostbyname(3N)). - An Internet address in dot notation (see inet(3N)). count An integer that indicates whether the gateway is a remote host or the local host. If the route leads to a destination through a remote gateway, count should be a number greater than 0. If the route leads to destination and the gateway is the local host, count should be 0. The default for count is zero. The result is not defined if count is negative. Operation All symbolic names specified for a destination or gateway are looked up first as a host name using gethostbyname(); if the host name is not found, the destination is searched for as a network name using getnetbyname(). destination and gateway can be in dot notation (see inet(3N)). If the -n option is not specified, any host and network addresses are displayed symbolically according to the name returned by gethostbyaddr() and getnetbyaddr(), respectively, except for the default network address (printed as default) and addresses that have unknown names. Addresses with unknown names are printed in Internet dot notation (see inet(3N)). If the -n option is specified, any host and network addresses are printed in Internet dot notation except for the default network address which is printed as default. If the -f option is specified, route deletes all route table entries that specify a remote host for a gateway. If it is used with one of the subcommands described above, the entries are deleted before the subcommand is processed. Path MTU Discovery is a technique for discovering the maximum size of an IP datagram that can be sent on an internet path without causing datagram fragmentation in the intermediate routers. In essence, a source host that utilizes this technique initially sends out datagrams up to the the size of the outgoing interface. The Don't Fragment (DF) bit in the IP datagram header is set. As an intermediate router that supports Path MTU Discovery receives a datagram that is too large to be forwarded in one piece to the next-hop router and the DF bit is set, the router will discard the datagram and send an ICMP Destination Unreachable message with a code meaning "fragmentation needed and DF set". The ICMP message will also contain the MTU of the next-hop router. When the source host receives the ICMP message, it reduces the path MTU of the route to the MTU in the ICMP message. With this technique, the host route in the source host for this path will contain the proper MTU. By default, Path MTU Discovery is enabled for TCP sockets and disabled for UDP sockets. If the -p pmtu option is specified for a host route, the pmtu value is considered permanent for the host route. Even if the Path MTU Discovery process discovers a smaller pmtu for this route at a later time, the pmtu field in the host route will not be updated. A warning message will be logged with the new pmtu value. The -p pmtu option is useful only if you knows the network environment well enough to enter an appropriate pmtu for a host route. IP will fragment a datagram to the pmtu specified for the route on the local host before sending the datagram out to the remote. It will avoid fragmentation by routers along the path, if the pmtu specified in the route command is correct. ping can be used to find the pmtu information for the route to a remote host. The pmtu information in the routing table can be displayed with the netstat -r command (see netstat(1)). Output add destination: gateway gateway The specified route is being added to the tables. delete destination: gateway gateway The specified route is being deleted from the tables. Flags The values of the count and destination type fields in the route command determine the presence of the G and H flags in the netstat -r display and thus the route type, as shown in the following table. Count Destination Type Flags Route Type _________________________________________________________________ =0 network U Route to a network directly from the local host >0 network UG Route to a network through a remote host gateway =0 host UH Route to a remote host directly from the local host >0 host UGH Route to a remote host through a remote host gateway =0 default U Wildcard route directly from the local host >0 default UG Wildcard route through a remote host gateway _________________________________________________________________ DIAGNOSTICS The following error diagnostics can be displayed. add a route that already exists The specified entry is already in the routing table. add too many routes The routing table is full. delete a route that does not exist The specified route was not in the routing table. WARNINGS Reciprocal route commands must be executed on the local host, the destination host, and all intermediate hosts if routing is to succeed in the cases of virtual circuit connections or bidirectional datagram transfers. The HP-UX implementation of route does not presently support a change subcommand. AUTHOR route was developed by the University of California, Berkeley. FILES /etc/networks /etc/hosts SEE ALSO netstat(1), ifconfig(1M), ping(1M), getsockopt(2), recv(2), send(2), gethostbyaddr(3N), gethostbyname(3N), getnetbyaddr(3N), getnetbyname(3N), inet(3N), routing(7).
rpcinfo - Report Remote Procedure Call (RPC) information.
rpcinfo(1M) rpcinfo(1M) NAME rpcinfo - report RPC information SYNOPSIS /usr/sbin/rpcinfo -p [host] /usr/sbin/rpcinfo [-n portnum] -u host program [version] /usr/sbin/rpcinfo [-n portnum] -t host program [version] /usr/sbin/rpcinfo -b program version /usr/sbin/rpcinfo -d program version DESCRIPTION rpcinfo makes an RPC call to an RPC server and reports what it finds. Options rpcinfo recognizes the following command-line options and arguments: -p host Probe the portmapper on host and print a list of all registered RPC programs. If host is not specified, it defaults to the value returned by hostname (see hostname(1)). -n portnum Use portnum as the port number for the -t and -u options instead of the port number given by the portmapper. -u Make an RPC call to procedure 0 of program on the specified host using UDP and report whether a response was received. -t Make an RPC call to procedure 0 of program on the specified host using TCP and report whether a response was received. -b Make an RPC broadcast to procedure 0 of the specified program and version using UDP and report all hosts that respond. -d Delete registration for the RPC service of the specified program and version. Only users with appropriate privileges can use this option. program Can be either a name or a number. version If specified, rpcinfo attempts to call that version of the specified program. Otherwise, rpcinfo attempts to find all the registered version numbers for the specified program by calling version 0, then attempts to call each registered version. (Version 0 is presumed to not exist, but if version 0 does exist, rpcinfo attempts to obtain the version number information by calling an extremely high version number instead.) Note that version must be specified when the -b and -d options are used. EXAMPLES Show all of the RPC services registered on the local machine: rpcinfo -p Show all of the RPC services registered on the machine named klaxon: rpcinfo -p klaxon Show all machines on the local net that are running the Network Information Service (NIS): rpcinfo -b ypserv 1 |sort |uniq where 1 is the current NIS version obtained from the results of the -p option in the previous example. Delete the registration for version 1 of the walld service: rpcinfo -d walld 1 [Note that walld is the RPC program name for rwalld (see rwalld(1m))]. WARNINGS In releases prior to Sun UNIX 3.0, the Network File System (NFS) did not register itself with the portmapper; rpcinfo cannot be used to make RPC calls to the NFS server on hosts running such releases. Note that this does not apply to any HP releases of NFS. AUTHOR rpcinfo was developed by Sun Microsystems, Inc. FILES /etc/rpc names for RPC program numbers SEE ALSO rpc(4), portmap(1M), Programming and Protocols for NFS Services.
rwho - Produce a list of users on a remote system.
rwho(1) rwho(1) NAME rwho - show who is logged in on local machines SYNOPSIS rwho [-a] DESCRIPTION rwho produces output similar to the output of the HP-UX who command for all machines on the local network that are running the rwho daemon (see who(1) and rwhod(1M)). If rwhod has not received a report from a machine for 11 minutes, rwho assumes the machine is down and rwho does not report users last known to be logged into that machine. rwho's output line has fields for the name of the user, the name of the machine, the user's terminal line, the time the user logged in, and the amount of time the user has been idle. Idle time is shown as: hours:minutes If a user has not typed to the system for a minute or more, rwho reports this as idle time. If a user has not typed to the system for an hour or more, the user is omitted from rwho's output unless the -a flag is given. An example output line from rwho would look similar to: joe_user machine1:tty0p1 Sep 12 13:28 :11 This output line could be interpreted as joe_user is logged into machine1 and his terminal line is tty0p1. joe_user has been logged on since September 12 at 13:28 (1:28 p.m.). joe_user has not typed anything into machine1 for 11 minutes. WARNINGS rwho's output becomes unwieldy when the number of users for each machine on the local network running rwhod becomes large. One line of output occurs for each user on each machine on the local network that is running rwhod. AUTHOR rwho was developed by the University of California, Berkeley. FILES /var/spool/rwho/whod.* Information about other machines. SEE ALSO ruptime(1), rusers(1), rwhod(1M).
telnet - User interface for TELNET.
telnet(1) telnet(1) NAME telnet - user interface to the TELNET protocol SYNOPSIS telnet [[options]host [port]] DESCRIPTION telnet is used to communicate with another host using the TELNET protocol. If telnet is invoked without arguments, it enters command mode, indicated by its prompt (telnet>). In this mode, it accepts and executes the commands listed below. If telnet is invoked with arguments, it performs an open command (see below) with those arguments. Once a connection has been opened, telnet enters an input mode. The input mode will be either ``character at a time'' or ``line by line'', depending on what the remote system supports. In ``character at a time'' mode, most text typed is immediately sent to the remote host for processing. In ``line by line'' mode, all text is echoed locally, and (normally) only completed lines are sent to the remote host. The ``local echo character'' (initially ^E) can be used to turn off and on the local echo (this would mostly be used to enter passwords without the password being echoed). In either mode, if the localchars toggle is TRUE (the default in line mode; see below), the user's quit and intr characters are trapped locally, and sent as TELNET protocol sequences to the remote side. There are options (see toggle autoflush and toggle autosynch below) which cause this action to flush subsequent output to the terminal (until the remote host acknowledges the TELNET sequence) and flush previous terminal input (in the case of quit and intr). While connected to a remote host, telnet command mode can be entered by typing the telnet ``escape character'' (initially ^]). When in command mode, the normal terminal editing conventions are available. telnet supports eight-bit characters when communicating with the server on the remote host. To use eight-bit characters you may need to reconfigure your terminal or the remote host appropriately (see stty(1)). Furthermore, you may have to use the binary toggle to enable an 8-bit data stream between telnet and the remote host. Note that some remote hosts may not provide the necessary support for eight-bit characters. If, at any time, telnet is unable to read from or write to the server over the connection, the message Connection closed by foreign host. is printed on standard error. telnet then exits with a value of 1. telnet supports the TAC User ID (also known as the TAC Access Control System, or TACACS User ID) option. Enabling the option on a host server allows the user to telnet into that host without being prompted for a second login sequence. The TAC User ID option uses the same security mechanism as rlogin for authorizing acces by remote hosts and users. The system administrator must enable the (telnetd) option only on systems which are designated as participating hosts. The system administrator must also assign to each user of TAC User ID the very same UID on every system for which he is allowed to use the feature. (See telnetd(1M) and the System Administration Tasks manual, PN 2355- 90051.) The following telnet options are available: -8 Enable cs8 (8 bit transfer) on local tty. -ec Set the telnet command mode escape character to be ^c instead of its default value of ^]. -l Disable the TAC User ID option if enabled on the client, to cause the user to be prompted for login username and password. Omitting the -l option executes the default setting. Commands The following commands are available in command mode. You need only type enough of each command to uniquely identify it (this is also true for arguments to the mode, set, toggle, and display commands). open host [port] Open a connection to the named host at the indicated port. If no port is specified, telnet attempts to contact a TELNET server at the standard TELNET port. The hostname can be either the official name or an alias as understood by gethostbyname() (see gethostent(3N)), or an Internet address specified in the dot notation as described in hosts(4). If no hostname is given, telnet prompts for one. close Close a TELNET session. If the session was started from command mode, telnet returns to command mode; otherwise telnet exits. quit Close any open TELNET session and exit telnet. An end of file (in command mode) will also close a session and exit. z Suspend telnet. If telnet is run from a shell that supports job control, (such as csh(1) or ksh(1)), the z command suspends the TELNET session and returns the user to the shell that invoked telnet. The job can then be resumed with the fg command (see csh(1) or ksh(1)). mode mode Change telnet's user input mode to mode, which can be character (for ``character at a time'' mode) or line (for ``line by line'' mode). The remote host is asked for permission to go into the requested mode. If the remote host is capable of entering that mode, the requested mode is entered. In character mode, telnet sends each character to the remote host as it is typed. In line mode, telnet gathers user input into lines and transmits each line to the remote host when the user types carriage return, linefeed, or EOF (normally ^D; see stty(1)). Note that setting line-mode also sets local echo. Applications that expect to interpret user input character by character (such as more, csh, ksh, and vi) do not work correctly in line mode. status Show current status of telnet. telnet reports the current escape character. If telnet is connected, it reports the host to which it is connected and the current mode. If telnet is not connected to a remote host, it reports No connection. Once telnet has been connected, it reports the local flow control toggle value. display [argument ...] Displays all or some of the set and toggle values (see below). ? [command] Get help. With no arguments, telnet prints a help summary. If a command is specified, telnet prints the help information available about that command only. Help information is limited to a one-line description of the command. ! [shell_command] Shell escape. The SHELL environment variable is checked for the name of a shell to use to execute the command. If no shell_command is specified, a shell is started and connected to the user's terminal. If SHELL is undefined, /usr/bin/sh is used. send arguments Sends one or more special character sequences to the remote host. Each argument can have any of the following values (multiple arguments can be specified with each send command): escape Sends the current telnet escape character (initially ^]). synch Sends the TELNET SYNCH sequence. This sequence causes the remote system to discard all previously typed (but not yet read) input. This sequence is sent as TCP urgent data (and may not work to some systems -- if it doesn't work, a lower case ``r'' may be echoed on the terminal). brk Sends the TELNET BRK (Break) sequence, which may have significance to the remote system. ip Sends the TELNET IP (Interrupt Process) sequence, which should cause the remote system to abort the currently running process. ao Sends the TELNET AO (Abort Output) sequence, which should cause the remote system to flush all output from the remote system to the user's terminal. ayt Sends the TELNET AYT (Are You There) sequence, to which the remote system may or may not choose to respond. ec Sends the TELNET EC (Erase Character) sequence, which should cause the remote system to erase the last character entered. el Sends the TELNET EL (Erase Line) sequence, which should cause the remote system to erase the line currently being entered. ga Sends the TELNET GA (Go Ahead) sequence, which likely has no significance to the remote system. nop Sends the TELNET NOP (No OPeration) sequence. ? Prints out help information for the send command. set variable_name value Set any one of a number of telnet variables to a specific value. The special value off turns off the function associated with the variable. The values of variables can be shown by using the display command. The following variable_names can be specified: echo This is the value (initially ^E) which, when in line-by-line mode, toggles between doing local echoing of entered characters (for normal processing), and suppressing echoing of entered characters (for entering, for example, a password). escape This is the telnet escape character (initially ^]) which causes entry into telnet command mode (when connected to a remote system). interrupt If telnet is in localchars mode (see toggle localchars below) and the interrupt character is typed, a TELNET IP sequence (see send ip above) is sent to the remote host. The initial value for the interrupt character is taken to be the terminal's intr character. quit If telnet is in localchars mode (see toggle localchars below) and the quit character is typed, a TELNET BRK sequence (see send brk above) is sent to the remote host. The initial value for the quit character is taken to be the terminal's quit character. flushoutput If telnet is in localchars mode (see toggle localchars below) and the flushoutput character is typed, a TELNET AO sequence (see send ao above) is sent to the remote host. The initial value for the flush character is ^O. erase If telnet is in localchars mode (see toggle localchars below), and if telnet is operating in character-at-a-time mode, then when this character is typed, a TELNET EC sequence (see send ec above) is sent to the remote system. The initial value for the erase character is taken to be the terminal's erase character. kill If telnet is in localchars mode (see toggle localchars below), and if telnet is operating in character-at-a-time mode, then when this character is typed, a TELNET EL sequence (see send el above) is sent to the remote system. The initial value for the kill character is taken to be the terminal's kill character. eof If telnet is operating in line-by-line mode, entering this character as the first character on a line causes this character to be sent to the remote system. The initial value of the eof character is taken to be the terminal's eof character. toggle arguments ... Toggle (between TRUE and FALSE ) various flags that control how telnet responds to events. More than one argument can be specified. The state of these flags can be shown by using the display command. Valid arguments are: localchars If TRUE, the flush, interrupt, quit, erase, and kill characters (see set above) are recognized locally, and transformed into appropriate TELNET control sequences (respectively ao, ip, brk, ec, and el; see send above). The initial value for this toggle is TRUE in line-by-line mode, and FALSE in character-at-a-time mode. autoflush If autoflush and localchars are both TRUE, whenever the ao, intr, or quit characters are recognized (and transformed into TELNET sequences - see set above for details), telnet refuses to display any data on the user's terminal until the remote system acknowledges (via a TELNET Timing Mark option) that it has processed those TELNET sequences. The initial value for this toggle is TRUE. autosynch If autosynch and localchars are both TRUE, when either the intr or quit character is typed (see set above for descriptions of the intr and quit characters), the resulting TELNET sequence sent is followed by the TELNET SYNCH sequence. This procedure should cause the remote system to begin discarding all previously typed input until both of the TELNET sequences have been read and acted upon. The initial value of this toggle is FALSE. binary Enable or disable the TELNET BINARY option on both input and output. This option should be enabled in order to send and receive 8-bit characters to and from the TELNET server. crlf If TRUE, end-of-line sequences are sent as an ASCII carriage-return and line-feed pair. If FALSE, end-of-line sequences are sent as an ASCII carriage-return and NUL character pair. The initial value for this toggle is FALSE. crmod Toggle carriage return mode. When this mode is enabled, any carriage return characters received from the remote host are mapped into a carriage return and a line feed. This mode does not affect those characters typed by the user; only those received. This mode is only required for some hosts that require the client to do local echoing, but output ``naked'' carriage returns. The initial value for this toggle is FALSE. echo Toggle local echo mode or remote echo mode. In local echo mode, user input is echoed to the terminal by the local telnet before being transmitted to the remote host. In remote echo, any echoing of user input is done by the remote host. Applications that handle echoing of user input themselves, such as C shell, Korn shell, and vi (see csh(1), ksh(1), and vi(1)), do not work correctly with local echo. options Toggle viewing of TELNET options processing. When options viewing is enabled, all TELNET option negotiations are displayed. Options sent by telnet are displayed as ``SENT'', while options received from the TELNET server are displayed as ``RCVD''. The initial value for this toggle is FALSE. netdata Toggles the display of all network data (in hexadecimal format). The initial value for this toggle is FALSE. ? Displays the legal toggle commands. RETURN VALUE In the event of an error, or if the TELNET connection is closed by the remote host, telnet returns a value of 1. Otherwise it returns zero (0). DIAGNOSTICS The following diagnostic messages are displayed by telnet: telnet/tcp: Unknown service telnet was unable to find the TELNET service entry in the services(4) database. hostname: Unknown host telnet was unable to map the host name to an Internet address. Your next step should be to contact the system administrator to check whether there is an entry for the remote host in the hosts database (see hosts(4)). ?Invalid command An invalid command was typed in telnet command mode. system call>: ... An error occurred in the specified system call. See the appropriate manual entry for a description of the error. AUTHOR telnet was developed by the University of California, Berkeley. SEE ALSO csh(1), ksh(1), login(1), rlogin(1), stty(1), telnetd(1M), hosts(4), services(4), termio(7). telnet(1) Secure Internet Services with Kerberos Authentication telnet(1) NAME telnet - user interface to the TELNET protocol SYNOPSIS telnet [[options]host [port]] DESCRIPTION telnet is used to communicate with another host using the TELNET protocol. If telnet is invoked without arguments, it enters command mode, indicated by its prompt (telnet>). In this mode, it accepts and executes the commands listed below. If telnet is invoked with arguments, it performs an open command (see below) with those arguments. Once a connection has been opened, telnet enters an input mode. The input mode will be either ``character at a time'' or ``line by line'', depending on what the remote system supports. In ``character at a time'' mode, most text typed is immediately sent to the remote host for processing. In ``line by line'' mode, all text is echoed locally, and (normally) only completed lines are sent to the remote host. The ``local echo character'' (initially ^E) can be used to turn off and on the local echo (this would mostly be used to enter passwords without the password being echoed). In either mode, if the localchars toggle is TRUE (the default in line mode; see below), the user's quit and intr characters are trapped locally, and sent as TELNET protocol sequences to the remote side. There are options (see toggle autoflush and toggle autosynch below) which cause this action to flush subsequent output to the terminal (until the remote host acknowledges the TELNET sequence) and flush previous terminal input (in the case of quit and intr). While connected to a remote host, telnet command mode can be entered by typing the telnet ``escape character'' (initially ^]). When in command mode, the normal terminal editing conventions are available. telnet supports eight-bit characters when communicating with the server on the remote host. To use eight-bit characters you may need to reconfigure your terminal or the remote host appropriately (see stty(1)). Furthermore, you may have to use the binary toggle to enable an 8-bit data stream between telnet and the remote host. Note that some remote hosts may not provide the necessary support for eight-bit characters. If, at any time, telnet is unable to read from or write to the server over the connection, the message Connection closed by foreign host. is printed on standard error. telnet then exits with a value of 1. By default (or by use of the -a option or the -l option), this Kerberos version of telnet behaves as a client which supports authentication based on Kerberos V5. As a Kerberos client, telnet will authenticate and authorize the user to access the remote system. (See sis(5) for details on Kerberos authentication and authorization.) However, it will not support integrity-checked or encrypted sessions. telnet supports the TAC User ID (also known as the TAC Access Control System, or TACACS User ID) option. Enabling the option on a host server allows the user to telnet into that host without being prompted for a second login sequence. The TAC User ID option uses the same security mechanism as rlogin for authorizing access by remote hosts and users. The system administrator must enable the (telnetd) option only on systems which are designated as participating hosts. The system administrator must also assign to each user of TAC User ID the very same UID on every system for which he is allowed to use the feature. (See telnetd(1M) and the System Administration Tasks manual) The following telnet options are available: -8 Enable cs8 (8 bit transfer) on local tty. -a Attempt automatic login into the Kerberos realm and disable the TAC User ID option. (Note: this is the default login mode.) Sends the user name via the NAME subnegotiation of the Authentication option. The name used is that of the current user as returned by the USER environment variable. If this variable is not defined, the name used is that returned by getpwnam(3) if it agrees with the current user ID. Otherwise, it is the name associated with the user ID. -e c Set the telnet command mode escape character to be ^c instead of its default value of ^]. -l user Attempt automatic login into the Kerberos realm as the specified user and disable the TAC User ID option. The user name specified is sent via the NAME subnegotiation of the Authentication option. Omitting the -l option executes the default setting. Only one -l option is allowed. P Disable use of Kerberos authentication and authorization. When this option is specified, a password is required which is sent across the network in a readable form. (See sis(5).) -f Allows local credentials to be forwarded to the remote system. Only one of -f or -F is allowed. -F Allows local credentials to be forwarded to the remote system including any credentials that have already been forwarded into the local environment. Only one of -f or -F is allowed. Commands The following commands are available in command mode. You need only type enough of each command to uniquely identify it (this is also true for arguments to the mode, set, toggle, and display commands). open [-l user] host [port] Open a connection to the named host at the indicated port. If no port is specified, telnet attempts to contact a TELNET server at the standard TELNET port. The hostname can be either the official name or an alias as understood by gethostbyname() (see gethostent(3N)), or an Internet address specified in the dot notation as described in hosts(4). If no hostname is given, telnet prompts for one. The -l option can be used to specify the user name to use when automatically logging in to the remote system. Using this option disables the TAC User ID option. close Close a TELNET session. If the session was started from command mode, telnet returns to command mode; otherwise telnet exits. quit Close any open TELNET session and exit telnet. An end of file (in command mode) will also close a session and exit. z Suspend telnet. If telnet is run from a shell that supports job control, (such as csh(1) or ksh(1)), the z command suspends the TELNET session and returns the user to the shell that invoked telnet. The job can then be resumed with the fg command (see csh(1) or ksh(1)). mode mode Change telnet's user input mode to mode, which can be character (for ``character at a time'' mode) or line (for ``line by line'' mode). The remote host is asked for permission to go into the requested mode. If the remote host is capable of entering that mode, the requested mode is entered. In character mode, telnet sends each character to the remote host as it is typed. In line mode, telnet gathers user input into lines and transmits each line to the remote host when the user types carriage return, linefeed, or EOF (normally ^D; see stty(1)). Note that setting line-mode also sets local echo. Applications that expect to interpret user input character by character (such as more, csh, ksh, and vi) do not work correctly in line mode. status Show current status of telnet. telnet reports the current escape character. If telnet is connected, it reports the host to which it is connected and the current mode. If telnet is not connected to a remote host, it reports No connection. Once telnet has been connected, it reports the local flow control toggle value. display [argument ...] Displays all or some of the set and toggle values (see below). ? [command] Get help. With no arguments, telnet prints a help summary. If a command is specified, telnet prints the help information available about that command only. Help information is limited to a one-line description of the command. ! [shell_command] Shell escape. The SHELL environment variable is checked for the name of a shell to use to execute the command. If no shell_command is specified, a shell is started and connected to the user's terminal. If SHELL is undefined, /usr/bin/sh is used. send arguments Sends one or more special character sequences to the remote host. Each argument can have any of the following values (multiple arguments can be specified with each send command): escape Sends the current telnet escape character (initially ^]). synch Sends the TELNET SYNCH sequence. This sequence causes the remote system to discard all previously typed (but not yet read) input. This sequence is sent as TCP urgent data (and may not work to some systems -- if it doesn't work, a lower case ``r'' may be echoed on the terminal). brk Sends the TELNET BRK (Break) sequence, which may have significance to the remote system. ip Sends the TELNET IP (Interrupt Process) sequence, which should cause the remote system to abort the currently running process. ao Sends the TELNET AO (Abort Output) sequence, which should cause the remote system to flush all output from the remote system to the user's terminal. ayt Sends the TELNET AYT (Are You There) sequence, to which the remote system may or may not choose to respond. ec Sends the TELNET EC (Erase Character) sequence, which should cause the remote system to erase the last character entered. el Sends the TELNET EL (Erase Line) sequence, which should cause the remote system to erase the line currently being entered. ga Sends the TELNET GA (Go Ahead) sequence, which likely has no significance to the remote system. nop Sends the TELNET NOP (No OPeration) sequence. ? Prints out help information for the send command. set variable_name value Set any one of a number of telnet variables to a specific value. The special value off turns off the function associated with the variable. The values of variables can be shown by using the display command. The following variable_names can be specified: echo This is the value (initially ^E) which, when in line-by-line mode, toggles between doing local echoing of entered characters (for normal processing), and suppressing echoing of entered characters (for entering, for example, a password). escape This is the telnet escape character (initially ^]) which causes entry into telnet command mode (when connected to a remote system). interrupt If telnet is in localchars mode (see toggle localchars below) and the interrupt character is typed, a TELNET IP sequence (see send ip above) is sent to the remote host. The initial value for the interrupt character is taken to be the terminal's intr character. quit If telnet is in localchars mode (see toggle localchars below) and the quit character is typed, a TELNET BRK sequence (see send brk above) is sent to the remote host. The initial value for the quit character is taken to be the terminal's quit character. flushoutput If telnet is in localchars mode (see toggle localchars below) and the flushoutput character is typed, a TELNET AO sequence (see send ao above) is sent to the remote host. The initial value for the flush character is ^O. erase If telnet is in localchars mode (see toggle localchars below), and if telnet is operating in character-at-a-time mode, then when this character is typed, a TELNET EC sequence (see send ec above) is sent to the remote system. The initial value for the erase character is taken to be the terminal's erase character. kill If telnet is in localchars mode (see toggle localchars below), and if telnet is operating in character-at-a-time mode, then when this character is typed, a TELNET EL sequence (see send el above) is sent to the remote system. The initial value for the kill character is taken to be the terminal's kill character. eof If telnet is operating in line-by-line mode, entering this character as the first character on a line causes this character to be sent to the remote system. The initial value of the eof character is taken to be the terminal's eof character. toggle arguments ... Toggle (between TRUE and FALSE ) various flags that control how telnet responds to events. More than one argument can be specified. The state of these flags can be shown by using the display command. Valid arguments are: localchars If TRUE, the flush, interrupt, quit, erase, and kill characters (see set above) are recognized locally, and transformed into appropriate TELNET control sequences (respectively ao, ip, brk, ec, and el; see send above). The initial value for this toggle is TRUE in line-by-line mode, and FALSE in character-at-a-time mode. autoflush If autoflush and localchars are both TRUE, whenever the ao, intr, or quit characters are recognized (and transformed into TELNET sequences - see set above for details), telnet refuses to display any data on the user's terminal until the remote system acknowledges (via a TELNET Timing Mark option) that it has processed those TELNET sequences. The initial value for this toggle is TRUE. autologin Enable or disable automatic login into the Kerberos realm. Using this option yields the same results as using the -a option. The initial value for this toggle is TRUE. autosynch If autosynch and localchars are both TRUE, when either the intr or quit character is typed (see set above for descriptions of the intr and quit characters), the resulting TELNET sequence sent is followed by the TELNET SYNCH sequence. This procedure should cause the remote system to begin discarding all previously typed input until both of the TELNET sequences have been read and acted upon. The initial value of this toggle is FALSE. binary Enable or disable the TELNET BINARY option on both input and output. This option should be enabled in order to send and receive 8-bit characters to and from the TELNET server. crlf If TRUE, end-of-line sequences are sent as an ASCII carriage-return and line-feed pair. If FALSE, end-of-line sequences are sent as an ASCII carriage-return and NUL character pair. The initial value for this toggle is FALSE. crmod Toggle carriage return mode. When this mode is enabled, any carriage return characters received from the remote host are mapped into a carriage return and a line feed. This mode does not affect those characters typed by the user; only those received. This mode is only required for some hosts that require the client to do local echoing, but output ``naked'' carriage returns. The initial value for this toggle is FALSE. echo Toggle local echo mode or remote echo mode. In local echo mode, user input is echoed to the terminal by the local telnet before being transmitted to the remote host. In remote echo, any echoing of user input is done by the remote host. Applications that handle echoing of user input themselves, such as C shell, Korn shell, and vi (see csh(1), ksh(1), and vi(1)), do not work correctly with local echo. options Toggle viewing of TELNET options processing. When options viewing is enabled, all TELNET option negotiations are displayed. Options sent by telnet are displayed as ``SENT'', while options received from the TELNET server are displayed as ``RCVD''. The initial value for this toggle is FALSE. netdata Toggles the display of all network data (in hexadecimal format). The initial value for this toggle is FALSE. ? Displays the legal toggle commands. RETURN VALUE In the event of an error, or if the TELNET connection is closed by the remote host, telnet returns a value of 1. Otherwise it returns zero (0). DIAGNOSTICS Diagnostic messages displayed by telnet are displayed below. Kerberos specific errors are listed in sis(5). telnet/tcp: Unknown service telnet was unable to find the TELNET service entry in the services(4) database. hostname: Unknown host telnet was unable to map the host name to an Internet address. Your next step should be to contact the system administrator to check whether there is an entry for the remote host in the hosts database (see hosts(4)). ?Invalid command An invalid command was typed in telnet command mode. system call>: ... An error occurred in the specified system call. See the appropriate manual entry for a description of the error. AUTHOR telnet was developed by the University of California, Berkeley. SEE ALSO csh(1), ksh(1), login(1), rlogin(1), stty(1), telnetd(1M), hosts(4), services(4), termio(7), sis(5). Keep in mind that you may need to start the telnet daemon, telnetd, in order to run telnet. See the manual page for telnetd for startup instructions if you do not have telnetd running. telnetd sends options to the client of a telnet session in order to set up a proper communication exchange during a telnet session.
CONTENTS |