5.2. Working in networks.

Section quote:

• "There are two kinds of fools -- those who never climb Mt. Fuji, and those who climb it twice."
      -- Old Japanese proverb

Section contents:

• 5.2.1. Diagnostic tools.
• 5.2.2. Using the web service (http).
• 5.2.3. Remote files.
• 5.2.4. Execute commands remotely.
• 5.2.5. Remote session and VNC service.
• 5.2.6. Windows remote servers.
• 5.2.7. Email.
• 5.2.8. Dialup and ppp tools.

5.2.1. Diagnostic tools.

To know that a host is up, you may ask it to reply on your echo request, using 'ping' command, and pass it name or address of the host you want to request

bash$ ping linux4arab.com
bash$ ping -c 4 127.0.0.1

Tip

The name of 'ping' come from table tennis ('ping-pong') where the sound of sending the ball is called 'ping' and reciving it 'pong'. So we say that it send a ping signal and receive pong signal.

To know what address is mapped to your NIC from your ISP, or from a LAN server like DHCP,BOOTP,or RARP (from new to old order) or even a static address (you gave when you install Linux) , just run 'ifconfig' tool (interface configure) you will find a field for each interface (like lo,eth,...etc) called 'iaddr', for example next to 'lo' you will see '127.0.0.1', another field is for the hardware address of an ethernet card (which is also called ethernet Media Access Control - MAC address ) which is a 48-Bit in the form 'XX:XX:XX:XX:XX:XX' in hex mapped by the vendor of the card. You may shut down (disable) an interface using the 'down' option, for example 'ifconfig eth0 down'. To activate it again give address and use 'up' option, like this example :

bash# ifconfig
bash# ifconfig lo 127.0.0.1 up
bash# ifconfig eth0 192.168.32.117 up

Tip

To configure Wireless NICs (Wi-Fi) in a way similar to 'ifconfig' we use 'iwconfig' from 'wireless-tools' package.

The tools 'host' to convert host name to address, for example 'host jolug.org', the tool 'ipcalc' with option 'h' do the reverse conversion. you may use 'adnsresfilter' to convert names to addresses in log files or output of commands.

cat /var/log/mylogfile | adnsresfilter
netstat -n | adnsresfilter
tcpdump -ln | adnsresfilter

You may use 'whois' followed by a host name you want to know it's address followed by '@' followed by name or address of a whois server, (we have whois servers on the Internet like 'ripe.net', 'radb.net', and 'cw.net' you may use it like this 'whois google.com@whois.radb.net ) it use different protocol than DNS.

To see the kernel routing table use 'route' command, you may manipulate (add or remove) entries. As we said before routing is to decide to which interface each pocket will go, based on it's address. for example if we want '172.17.0.5' to go through the first ethernet (eth0) we type

bash# route add -host 172.17.0.5 eth0

bash# route add -net 192.168.10.0/24 eth0
bash# route add default ppp0

bash# route add default gw 192.168.0.1 eth1

The tool 'fuser' we have talked about in section 4.2. Back to command line ,which display the process(program) that uses a specific file, it also can be used to tell you which process is using a specific port or connecting to a specific host, simply use the option 'n' followed by 'tcp' or 'udp' then the port number on your host, for example 'fuser -v -n tcp 80', will display PIDs of your web servers (apache or tux) if any. other syntax maybe more simple is to use port over protocol format, the previous example will be 'fuser -v 80/tcp'. More useful syntax is to specify address family IPv4 or IPv6 using '4' or '6' option (usually you use conventional IPv4) then you specify port on your host ',' a remote host ',' a port in the remote host (all are optional except commas), for example to know PIDs of all programs browsing the web, just type 'fuser -v -4 ,,80'

Network statistics tool 'netstat' is another powerful network tool, using 's' option 'netstat' will show statistics for each protocol like incoming,outcoming,forworded and failed connection attempts, just type netstat -s | less. As 'fuser' , netstat could tell you which process opens which port on your host, using 'p' option, you may use ports and hosts as names (default) or as numbers (using 'n' option), to disply only servers (listing state) use 'l' option, to disply both servers and clients use 'a' (for all), to specify TCP use 't' and for UDP use 'u' option, for example 'netstat -tnlp | less', similarly for UDP, 'netstat -unlp | less', those will display open ports (TCP and UDP respectively) and PIDs processes that open it, the option 'x' is for local Unix sockets. Option 'c' is to display continuous information until you press 'CTRL+C'. Another tool is 'lsof' (list open files) work similarly 'lsof -i | less' you may use 'grep' to search the output of 'fuser','lsof' and 'netstat'. There are many more network monitoring tools like 'mtr', 'bing' (which estimate bandwidth between two hosts by measuring ICMP echo round trip time) , 'iptraf' (which display bandwidth and network performence for TCP and UDP connections) , 'ipfm'(a bandwidth analysis tool based on counting how much data transferred through an Internet link) , meanwhile 'bwm' and 'pktstat' (it decodes parts of HTTP and FTP protocols to show what files are transferred) and 'iftop' they all to bandwidth as 'top' to CPU load and memory usage by processes, and we have 'wavemon' a wireless network monitor, there are many graphical network monitors like 'gnome-netinfo' part of 'gnome-network' package (see www.gnome.org/projects/gnome-network).

The powerful port scanner 'nmap' can give you open ports on any host (specially remote hosts) as they are visible to the host you run it from, using the hard way, it tries to make a connection (a separated program called NMAP FrontEnd 'nmapfe' offers a nice GTK+ graphical inteface for nmap), for example, 'nmap -v 192.168.20.1', the host you specify could be you localhost,a LAN host,entire network, or even Internet hosts, for example 'nmap -v -sL -O 192.168.25.0/24' which scan all host in '192.168.25.X' network and list them and the operating system of each, the option 'sL' mean List Scan, and 'O' option to detect the operating system there (yes, 'nmap' can know that remotely).

bash# nmap -O 172.20.0.5
Starting nmap V. 3.10 ( www.insecure.org/nmap/ )
Interesting ports on 172.20.0.5:
(The 1601 ports scanned but not shown below are in state: closed)
Port       State       Service
135/tcp    open        loc-srv                 
139/tcp    open        netbios-ssn             
445/tcp    open        microsoft-ds            
1025/tcp   open        NFS-or-IIS              
Remote operating system guess: Windows Millennium Edition (Me), Win 2000, or WinXP

Nmap run completed -- 1 IP address (1 host up) scanned in 1.291 seconds
bash# nmap -O 172.20.0.2
Starting nmap V. 3.10 ( www.insecure.org/nmap/ )
Interesting ports on 172.20.0.2:
(The 1604 ports scanned but not shown below are in state: closed)
Port       State       Service
68/tcp     open        dhcpclient              
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.005 days (since Thu Mar 10 09:11:58 2005)

Nmap run completed -- 1 IP address (1 host up) scanned in 6.144 seconds
bash# 

You may speed up scanning if you specify only some ports (important ports) to scan like '-p 20-250,500-600,5990-7000' , option 'F' (for fast) use a built-in list of most used ports to be scanned. You may send scanning output to a log file using 'oN' followed by file name, if you get bored of waiting just press 'CTRL+C' and you may continue later using the option '--resume logfile' where 'logfile' is the name of the file you had saved when you stoped the scanning.

There are other lesser known port scanners like 'pnscan' a multi threaded port scanner (much faster than nmap and less features), 'knocker' (visit http://knocker.sf.net) a simple and easy to use TCP security port scanner (using threads), and 'nwatch' a "passive port scanner" that display ports as they are being used implemented as a sniffer so it could detect ports that is open for a short period of time.

As we have seen 'nmap' could detect the OS of a remote machine as one of it's scanning features, it's not the only program that can do that, there are other specialized programs like 'queso', 'xprobe', 'p0f' (short for Passive OS fingerprinting), the last one unlike nmap and queso, it do that sending any data, additionally, it is able to determine the distance to the remote host and determine the structure of a network, specially if we run it on the gateway.

You may use 'telnet' to have (unecrypted) remote access into telnet servers, then you may execute telnet commands, you may specify any port (other than telnet port) to talk to server listening on that port directly,for example 'telnet foo.net 80' you will acccess to the web server of 'foo.net' you will get the name of the server saying 'hello' and a prompt, you may make a conversation with the server as if you were a client talking man to man with that server (to study http web protocol) for example type QUIT to end your session. 'telnet' is not useful for this purpose (study protocols), because telnet make some substitutions for special characters like it will ignore every thing after EOF (end of file). The netcat 'nc' tool is network swiss army knife, it work simply as 'cat' command that it takes standard input and concatenates it to,... well, a specified TCP or UDP port on a host, and wait for reply then display reply on standard output, this network cat can work as a server using the 'l' option, listening on a specific port and concatenate what it receive into standard output. This tool is useful to study network protocols and to build custom clients,servers and other network tools as simple as shell scripts, see '/usr/share/doc/netcat/examples' you will find web browser,search engine, and even a port scanner. Syntax is very simple, host then port, a server on that host should be listening to the port you specify, for example 'nc -w 2 172.17.0.1 80' (we use 'w' to set timeout to 2 seconds) this example will try to connect to web server on a remote host, you may get a welcome message by the web server, the shown prompt is just the standard input, know you talk to the server face to face using HTTP protocol, for example if you type 'GET /index.html' then press 'ENTER', according to HTTP/0.9 protocol this mean you request the file 'index.html', you could save what you get and open it with any HTML viewer (offline web browser), for example 'echo -n -e "GET /\r\n" | nc -w 2 www.yahoo.com 80 > yahoo.html' and to download the URL "http://www.cltb.net/downloads/copyleft.tar.gz" use echo -n -e "GET /downloads/copyleft.tar.gz\r\n" | nc -w 30 www.cltb.net 80 > copyleft.tgz , this is what actually the web browser do as we will see later, that was using TCP if the protocol you want is UDP add the option 'u'. To make a silly chat server just run 'nc -l -p 1234' ('l' to listen ie. server mode and 'p' to specify the port) on the client side run 'nc -w 2 192.168.20.1 1234' where the address is of server in the previous example, now type any thing then press 'CTRL+C' then goto the server and see what you type there. Let's make a toy web server first stop apache or any other web server then run "nc -l -p 80", our web server is up, open any web browser and located at our server (if no network use the local host address "http://127.0.0.1") and see it connecting it, now back to the terminal you run the server, and you see the request (as you see next) now type some HTML code then press CTRL+C, like this

bash# nc -l -p 80
... open a browser then you see:
GET / HTTP/1.1
Host: 127.0.0.1
... the rest of the output is omitted ...
... type the following ...
HTTP/1.1 200 OK
Connection: close


<html><body>
<h1>NetCat Toy Web Server</h1>
</body></html>

5.2.2. Using the web service (http).

Web service is the most common used service on the Internet, it's a way to export files to the network, it also could generate files using a CGI language or data base. You may access to this service using a graphical web browser like 'mozilla', 'epiphany' and 'konqueror' or text based browser like 'links' and 'lynx'. If you are connected using a proxy server (sometimes called web cache), you should tell your browser it's address, for example in 'mozilla' goto 'edit -> preferences -> advanced -> proxy', in 'konqueror' goto 'setting -> configure konqueror -> proxy' or from KDE Control Center, and with GNOME 2.6 you configure 'epiphany' from 'Gnome menu -> preferences -> proxy' you should tell them to ignore proxy for local host for example '127.0.0.1, 172.17.0.0/16', you may use environment variables for example 'http_proxy' (and for 'ftp' we use 'ftp_proxy' variable) you may put that in the file '/etc/profile' for all user, for example

bash# echo "export http_proxy='http://proxy.mysite.com:8080/'" \
	>> /etc/profile

bash$ echo "export http_proxy='http://ali:foobar@192.168.0.1:3128/'" \
	>> ~/.bashrc

Best known download tool from both 'HTTP' and 'FTP' servers is 'wget', just type something like 'wget http://foo.site.net/getme' this will download a file called 'getme' from that site, if downloading were intrepted (by 'CTRL+C' or very low bandwidth) you may resume downloading later with 'wget -c http://foo.site.net/getme', you may put all the URLs you want to download in a text file and use this syntax: 'wget -i FILE' or download all links in HTML file using 'F' option, you may set number of retries with '-t N' if N is zero this mean infinity, you may specify where to save them instead of the current directory using '-P PREFIX', you may specify what types to accept '-A PATLIST' or reject '-R PATLIST', you may download a file and all files related (links and images) in the same host using '-r' or add hosts with '-H -D HOSTLIST or download a file and all links and all links on them up to specified depth using '-l N'.

5.2.3. Remote files.

There are many ways to access files remotely like NFS,FTP,SMB (samba), and FISH. Network File System (NFS) is a Unix only protocol to share files, File Transefere Pprotocol (FTP) is very common in the Internet, Session Management Block(SMB) protocol (or netbios) is used in Microsoft networks (although it's good), Microsoft has nothing todo with Sabma implementation of this protocol used in GNU/Linux systems, and the last funny one is b>File transmission over Shell (FISH) is the most secure one using 'ssh' remote shell that we will discuss later.

You may import a NFS share (from a server running 'nfsd' daemon that allow you to do so) just use normal 'mount' command to map it to any empty directory in your host, for example type 'mount -t nfs 192.168.17.1:/my/dir /mnt/far' or 'mount -t nfs foobar.com:/my/dir /mnt/far' you may use '-o ro,hard' where 'hard' mean to hang until the connection is established, or replace it 'soft' which exit directly and the mount could happen later in the background.

FTP give up the same result, using a server with one of FTPs daemon like 'gftpd', 'wu-ftpd' (it's name 'in.ftpd' using the super service 'xinetd'), proftpd (Debian favorite FTP daemon) and 'vsftpd' (short for Very Secure FTP Daemon), usually web servers like 'apache' and 'tux' also offer FTP. You may mount an FTP directory using 'ftpmount' like 'ftpmount USER:PASSWORD@ftp.kernel.org /mnt/ftp' or using normal 'mount' like 'mount -n -t ftpfs none /mnt/ftp -o ip=100.12.14.1,user=myself,pass=doNOTlook'. FTP has a client tool called 'ftp', or you may use 'ftp link' in the 'right menu' (F9) of 'mc', but the most simple way is to type any FTP URL in your file manager, just type 'ftp://ftp.kernel.org' on the address. This protocol sends every thing in plan text even passwords (also NFS do that).

SMB protocol gives you access to Microsoft network shares like files and printers, after you install the requered Sabma packages, just type on the address of your favorite file manager ('nautilus' or 'konqueror') the URL 'smb://' which will display all SMB in the LAN and you move between them as normal folders, you may specify the host (IP address or name) of it in the format 'smb://[USER[:PASSWORD]@]HOST/' note that the USER and PASSWORD are optional, if you don't specify them you will be asked to enter them and sometimes you may enter any user with any password if it's world readable. In order to be able to access any Samba service (eg. a MS network share) you have to create a samba user, type 'smbpasswd -a USER' where 'USER' is the login name of the user, and if you always fail to login see the next section. We have discussed in section '4.1 Hardware configaration' how to configure printers using 'lpadmin', another tool is 'smbmount' used to mount remote Samba shares (access shared folders)

bash$ smbmount -o username=myname \
	 //HisHost/HisShare /mnt/smb

bash$ mount -t smbfs -o username=myname \
	 //HisHost/HisShare /mnt/smb

bash$ smbclient -N -L MyHost
bash$ nmblookup -T "*"

bash$ smbclient -L HisHost

On AppleTalk networks you may access to them using 'netatalk' package which gives you the needed tools.

To use FISH method just select 'shell link' in the 'Right menu' F9 of 'mc' program. You may use 'rsh' or 'ssh' packages to list or copy remote files, 'rcp' and 'scp' is used just like 'cp'. 'scp' (part of OpenSSH package) is the secure encrypted substitute of 'rcp', just pass the source file(s) (you want to copy) followed by the destination (where files will be copied), for example, 'scp ~/from.txt ali@mynet.org:/home/ali' will copy the local file 'from.txt' to the home directory of Ali at 'mynet.org' host and it tries to login as 'ali', you will be prompted to enter Ali's password there. You may do the opposite with 'scp ali@mynet.org:~/from.txt ~/ or even copy a remote file to a remote host like 'scp ali@mynet.org:~/from.txt ahmad@HisNet.edu:~/to.txt' which copy 'from.txt' from Ali's home directory on 'mynet.org' host to Ahmad's home directory on 'HisNet.org' host and rename it to be 'to.txt' you should know both passwords of Ali and Ahmad. 'scp' options is just like 'cp' for example to archive copy a directory recusively use something like:

bash$ scp -Ra project/ 192.168.20.1:~/

Files on SSH server could be accessed as a remote file system that you mount normally with 'mount' command (in a way similar to NFS), this method is called "SHell File System", to make it avaible you have to install a package called 'shfs-utils' on clients.

A smart replacement for 'rcp' and 'scp' is called 'rsync' which only send updates (differences) if you have an older version (for example a backup server may have an older backup done months ago), which will save much connection time specially in dialup slow connections. Remote synchronization tool (rsync) is meant to keep your local copy updated with the one on a remote host (or the opposite), it also can be used even if you don't have any previous copy. Although it starts with the ugly 'r' this does not mean it will be unecrypted! The good news that it can use 'ssh' to encrypt data and login process. It works in two methods, one using a server with 'rsync' daemon running, in which we give the address in the following format '[USER@]HOST::DIR or as a URL as in 'rsync://[USER@]HOST[:PORT]/DIR' where 'USER' is the login name,'HOST' is the name/address of remote host, 'PORT' is the port number (optional), and 'DIR' is the directory to use, for example 'ali@foo.net::~/' is Ali's home directory on 'foo.net'. The other method is to use 'ssh' (or 'rsh') on the remote host having 'rsync' installed and allowed to be run (need not be running as server) we use address in the form '[USER@]HOST:DIR' (only one ':').

Running 'rsync' with one argument (remote address) will list those files, for example 'rsync 172.20.0.15:/usr/share/doc', to copy them you should specify other argument where to copy them, for example 'rsync -avz /usr/local 10.20.10.17:/usr/local', using 'a' is to copy files 'as is' (archive copying) keeping permissions, links, and devices, the option 'z' is used to compress (gzip) connection for more and more speed. To do the opposite use something like 'rsync -avz 10.20.10.17:/usr/local /usr/local. In those three examples we used the second method addresses, ie. using 'ssh' or 'rsh', to make sure it's 'ssh' add '-e ssh' if you did not specify it will try 'ssh' first, this option is more useful when 'rsync' as server (the first method) where using 'ssh' is not the default action.

Tip

You may update a local directory to be the same as another local directory (on the same host) using 'rsync' which will be faster than copying, for example, 'rsync -avz /usr/local/src /usr/src' .

5.2.4. Execute commands remotely.

Many programs can do this like 'telnet', 'rlogin', 'rsh' and 'ssh'. You should ignore 'telnet' no matter how fame it is, it's a hole, you may have 'telnet' client preinstalled but not the server. The Remote Shell 'rsh' tools series is included in your distribution becuase some countries forbid using encryption, 'rsh' is a hole uses no encryption. Secure Shell (ssh) and related tools has many implementations, for example there is a java client so you use it under Windows or your mobile phone, in GNU/Linux systems we use OpenSSH which contain many tools like 'ssh', 'sftp' and 'scp' along with 'sshd' daemon. Unlike 'telnet', 'rsh' and 'ssh' servers work only on Unix, 'ssh' uses an asymmetric ecryption methods of OpenSSL (Secure Socket Layer) using two keys, public and private. There are some GUI programs that simplify using SSH like 'gnome-remote-shell' (for both 'telnet' and 'ssh') and 'secpanel' a secure GUI file manager and remote shell (front end for 'ssh' and 'scp').

To login a remote host like 'somewhere.com' as 'ahmad' (login name) (if you did not specify a name it will use the same one you run 'ssh' with), just type 'ssh ahmad@somewhere.com', it will tell you that this is the first time you use 'ssh' to login 'somewhere.com' do you want to save it's fingerprint (so if someone mess with DNS server or use 'Man in the middle attack', you will now) it will be saved in '~/.ssh/known_hosts' or '/etc/ssh/known_hosts', then you will see a prompt to enter the password of that user on that host, then 'sshd' on the remote host will execute Ahmad's default shell ('bash' for exmaple) you may specify other remote program to be executed as an extra argument, you may joke with Ahmad by typing 'ssh ahmad@somewhere.com eject' this will eject his remote CDROM, or you may reboot his machine. This is a session of using ssh:

[ali@localhost:~]$ ssh ahmad@somewhere.com
ahmad@somewhere.com password: *******
[ahmad@somewere.com:~]$ ls
farfile.txt	myfolder
[ahmad@somewere.com:~]$ exit
[ali@localhost:~]$

[ali@localhost:~]$ xhost +
[ali@localhost:~]$ ssh -X ahmad@somewhere.com xmms &
ahmad@somewhere.com password: *******
[aliHlocalhost:~]$

One of the tricks you won't believe that 'ssh' can do :

[ali@localhost:~]$ tar -cplf - ./ | ssh ahmad@somewhere.com \
	tar -xpf -
ahmad@somewhere.com password: *******
[ali@localhost:~]$

5.2.5. Remote session and VNC service.

You may control a remote machine as if you where sitting in front it, this is not a good thing for security reasons, a remote shell is more powerful and much lighter (on network traffic). X11 is designed to be a server with local or remote clients, if you allow remote programs to use you X11 this could be very annoying, a friend of you could execute 100 xeyes on your display, he call it with a special value of 'DISPLAY' enironment variable, for example:

bash$ DISPLAY=192.168.0.20:0 xeyes

Having X server listening for requests of remote clients, means that you allow them to display things on your screen and of course GUI programs recives events such as mouse movements and keyboard strokes (eg. when you type passwords they catch them) for that reason X is configured by default to reject remote requests (even if you open X TCP ports it in firewall rules and 'hosts.allow' file), unless explicitly allowed in one of two ways, the first is based on host (name or address) for example to let X accept all connection from your LAN, this way is not secure since addresses could be spoofed and names could be forged.

To allow remote hosts to run application on your X server use 'xhost +[HOST] where HOST is name or address of the host you want to allow, if you did not specify it will be considered as allow all, for example to display 'mozilla' located on a remote host called 'hishost' in your local X server running on 'myhost', type "xhost +hishost" at your host ('myhost'), then goto the remote host and type "DISPLAY='myhost:0' mozilla".

The other method is based on a secret saved on X Authority file (something like passwords), this file contian X authority secret for each host, usually this file is '~/.Xauthority"' to make sure type 'xauth -v' which display the X authority filename currently used by your X server, this file is read once X is started, it won't notice changes later so you have to use 'xauth -q' instead of editing the file directly, for example:

bash$ echo "add :0 . ThisIsMySecritDoNotLook" | xauth -q

bash$ echo "add hishost:0 . ThisIsHisSecritDoNotLook" | xauth -q
bash$ DISPLAY="hishost:0" mozilla &

Warning

although 'xauth' is much safer than 'xhost' because the last one is vulnerable by address spoofing, but te former one sends secrets unencrypted (secrets could be collected by sniffers).

Tip

It's not enough to use 'xhost' to make it work, you need to make sure that the firewall (around X server) allow TCP ports from 6000 to 6010 to be open, so do 'hosts.allow' and they are not on 'hosts.deny' refere to section 5.3.9.

Warning

If you allow others to access to your X server, they will see what you click on, keys you type, and could grap your passwords this way.

To have a full remote X session you may configure your display manager like gdm (using gdm-setup) to add XDMCP to it's session menu, then just click 'action' then it will allow you to specify a host you want to have session on (It may offer you a list of those servers or you enter it manually) then it will show you the display manager of the remote machine, so you enter login name and password, and select a session like GNOME. (to allow other hosts to login and have session in your host run 'gdm-setup', click on XDMCP tab then select 'enable'). The session you have is different than if you are sitting physically in front of that machine since XDMCP create a new session, 'M' (next to ':') in 'DISPLAY' will be incremented (':1' not ':0').

To get the same session that appear as if you sitting in front of the remote computer (and not to open a new session) you could use some remote-desktop applications that support X protocol, like 'xtv', but the favorite protocol for this purpose is VNC, some VNC clients supports X protocols like 'gnome-remote-desktop' (part of 'gnome-network' package).

Virtual Network Computing (VNC) is to have the same session as if you were setting in front of a remote computer, you can view the remote screen and control that computer. but VNC is useful if you don't trust users and you want to watch them (how legal is this ? I think you should declare that they are being watched). VNC is a standard protocol by AT&T works on many platforms including Unix,Windows,Mac and even geOS used in mobiles (like nokai 9000), and there are some clients written on Java for other platforms, there are many special implementations like a single bootable floppy Linux with VNC viewer www.khk.net, another one is for DOS using 'allegro' library.

On each host you want to be able access run 'vncserver' daemon, when you run it for the first time you will be asked to set a password for it (it should not be your root password, since it won't be encrypted), later you change it with 'vncpasswd', there are many clients to view/access to this server, for example there are a JAVA VNC viewer that work with any JAVA enabled web browser, or a special native program in a package called 'TightVNC' (some distribution call the same package just 'vnc) to access to a remote host with VNC server use the following format
'vncviewer [-share] [-viewonly] HOST[:N]' where 'HOST' name/address of the host, 'N' is an optional session number, the option 'viewonly' is used to watch only (you may not control the mouse and keyboard) with this option you may interact with what you see, and the option 'share' is used to allow more than one viewer at the same time. You may press 'F8' to display options menu like fullscreen. There many other packages like 'kvncviewer','keystone' 'krdc' and 'krfb' from 'KDE' for more beauty.

Sometimes this protocol is called Remote FrameBuffer (rfb) and it may use 'ssh' to encrypt the connection, the server is called 'x0rfbserver' and it's client is called 'xrfbviewer' call it in the from 'xrfbviewer [-viewonly] HOST' used the same way as 'vncviewer'.

5.2.6. Windows remote servers.

A program called 'rdesktop' can access to a remote Windows host just like VNC that run a different server called 'Windows Terminal Services' using a protocol called 'RDP', you will have the same session as if you were setting in front of that remote Windows host, you may move it's mouse and type with your keyboard, to run it just type something like: bash$ rdesktop -k ar HOST where 'HOST' is name/address of the remote host and you may specify port number using ':' after the host, the option 'k' is used to specify the keyboard layout (in the example I used Arabic layout and this is optional) ,you may use 'f' to use a fullscreen window. You may specify login information using options in the form '-u USER -p PASSWD -d DOMIAN' if you did not you will be asked to enter them.

5.2.7. Email.

We have talked about email programs on section '2.6. Internet related software', like 'kmail' which is one of the Mail User Agents (MUA) those programs receive emails using POP3 (on prot 110) and IMAP (port 143) and send it using SMTP (port 25), in some rare cases if your email server supports SSL for a secure connection between you and it (not sender) secure ports are 995,993, and 465 for POP3,IMAP and SMTP with SSL. Emails are important even if you don't have any Internet connection since some administration tools,daemons and 'cron' schedule tasks send report messages as emails, and can be used to leave message to other users. Local emails and delivered messages in subdirectories of '/var/spool/mail' or in a hidden (starts with '.') directory in your home.

You may use 'mail' tool to send emails from the command line to the Internet
'cat FILE | mail -s "My Subject" "someone@somewhere.com"' or some user in the local host
cat FILE | mail -s "My Subject" "ahmad"

The difference between IMAP and POP as appeared to the user that POP by default removes mail after it get successfully donwloaded. Emails back to the first appearance of 'ARPANet' (mother of the Internet) Those are very week protocols that not just send password in plan text but also any one could send emails in the name of other one, any one could write what ever in the 'From' field of SMTP.

Warning

If you receive emails from famous anti virus company, famous bank, ... etc ask you to download something important, or complete a form with sensitive data. What you see in 'From' need NOT be the real sender!! unless it's signed with PGP or alike.

Warning

Another risk is that email may contain text that gives you wrong impression that what you see is part of the web page or MUA like "This file has been scanned and no virus found", "timeout, re-enter your password" but they are just part of the email text.

5.2.8. Dialup and ppp tools.

Point-to-Point Protocol connection is done without server/client relationships, but we call the one that ask for the service first a client and the other one (that accept connection) a server we talk in section '4.1. Hardware configaration.' about using GUI programs like 'kppp' and 'gnome-ppp', also you may use 'wvdial' an interactive text based tool. but now we will talk about the command line tool 'ppp' itself.

The modem connects only two hosts it take from the local host text (case insensitive) AT&T signals and interprets them as commands or it take binary data stream and send them through the phone line to the host in the other side, it could reply on commands or receive data, since there is only two nodes 'ppp' uses no addresses. To use the modem you send initialization command "ATZW2" followed by newline (LF) and carriage return (CR), or any other initialization command, then you should wait it to reply with "OK" followed by (LF)(CR) if it's successfully initiated (from now on 'LF' and 'CR' are implied ), this command does not go through the phone line nor the "OK" come from it, but it's between the computer and the modem. If you send "ATDT" or "ATD" followed by a phone number, then you should wait for "OK" or an error like "NO DIALTONE" this how dialup works, after this all what you send is delivered "as is" in the form of stream to the other side (the dialed number).

The 'pppd' daemon cenvert 'TCP' pockets and other IP protocols into a stream then send it using the modem to the other side where another 'pppd' daemon split it back to pockets. 'pppd' daemon gives the link an IP address and it modify the routing tables (if we use 'defaultroute' option) to make ppp0 the default route. A non interactive program called 'chat' talks to the modem automatically, it reads a file called 'chatscript' which contian 'AT&T' signals that it should be issued and what to do for each expected reply, this file is in the form of two columns the first is the pattern of what it receive and the other is what it should reply (issue)

If you are lucky to use Debian just run 'pppconfig' once to do all configuration (ISP phone number, user name, password ...etc) then just use 'pon' and 'poff' to dial the connection and turn it off, 'plog' display 'ppp' log file.

To do that manually, edit '/etc/ppp/options' and make sure 'auth' and 'lock' lines are there uncommented (usually this is done by default). create a file called '/etc/ppp/peers/MyISP' where 'MyISP' is your ISP name useful in case of many ISPs (specially if you are using prepaid cards) by defualt 'pppd' for one called 'provider', and edit it to be like this:

#/etc/ppp/peers/provider
# from Debian docs
ttyS0		# modem is connected to /dev/ttyS0
38400		# run the serial port at 38400 baud
crtscts		# use hardware flow control
noauth		# don't require the ISP to authenticate itself (comment it if PAP CHAP)
defaultroute	# use the ISP as our default route
connect '/usr/sbin/chat -v -f /etc/ppp/chatscripts/provider'
# if PAP uncomment the following or else it will be assumed to be your 'whoami'
#user mypapname

#/etc/ppp/chatscripts/provider
# from Debian docs
ABORT		BUSY
ABORT		"NO CARRIER"
ABORT		"NO DIALTONE"
ABORT		"ERROR"
ABORT		VOICE
ABORT		"NO ANSWER"
ABORT		"Access denied"
ABORT		"Username/Password Incorrect"
SAY	"init device ..."
TIMEOUT		30
# there are many init like just 'AT' or 'ATE1'
""		ATZW2
# OK		"ATS0=1S11=60X4&K4S42.1=1"
# OK		"AT&D2&C1"
# ATDT or ATD
SAY	"dialing ISP ..."
OK	"ATDT81010101"
SAY	"sending name/password..."
#comment all below in case of PAP or CHAP
ogin	"MYNAME"
word    "\qMYPASSWORD"
#\q mean quiet does not appear in log files (password -> ?????????)

To dial what we have been configuring 'pppd call MyISP' Debian users may use 'pon MyISP', in our example 'MyISP' is 'provider', to turn off the link just 'kill' the 'pppd' daemon, or in Debian we use 'poff' and no need for ISP name if there is only on link running. 'pon' and 'poff' are very useful tools that do many chacks, for example it checks that no other 'pppd' is not running before running another one.

There are some advanced authentication for example Password Authentication Protocol - PAP (this does not mean that it's more secure, this also sends password in plan text) and Challenge Handshake Authentication Protocol (CHAP) you should (un)comment a few lines and create '/etc/ppp/pap-secrets' or '/etc/ppp/chap-secrets'.