BSc CSIT (TU) Science Network and System Administration (BSc CSIT, CSC412) Question Paper 2077 Nepal

TCP/IP Configuration and Troubleshooting

TCP/IP Configuration

Every host on a TCP/IP network needs four basic parameters, configured either statically (manually) or dynamically (via DHCP):

• Linux: edit /etc/network/interfaces, Netplan YAML, or use nmcli/ip addr add. View with ip addr, ip route.
• Windows: ncpa.cpl GUI or netsh interface ip set address. View with ipconfig /all.

Troubleshooting Approach

Use a layered, bottom-up method: verify physical link → check IP/subnet/gateway → test local connectivity → test remote connectivity → test name resolution.

Common Troubleshooting Tools

• ping — Sends ICMP Echo Request packets and waits for Echo Reply. Confirms whether a host is reachable and measures round-trip time and packet loss. Example: ping 8.8.8.8. If ping 8.8.8.8 works but ping google.com fails, the problem is DNS, not connectivity.

• traceroute (tracert on Windows) — Lists every router (hop) along the path to a destination by sending packets with increasing TTL values. Identifies where in the path a connection breaks or slows down.

• netstat — Displays active TCP/UDP connections, listening ports, routing table and interface statistics. Example: netstat -tulpn shows which service is listening on which port.

• nslookup (or dig) — Queries DNS servers to test and debug name resolution, showing the IP a hostname maps to and which DNS server answered. Used to confirm DNS records and isolate DNS faults.

Summary

Correct TCP/IP operation depends on a valid IP/mask/gateway/DNS set; troubleshooting proceeds layer by layer, using ping for reachability, traceroute for path faults, netstat for local ports/connections, and nslookup for name resolution.

Mail Server

A mail server is a computer/application that sends, receives, stores and forwards email messages over a network. It combines a Mail Transfer Agent (MTA) for moving mail between servers (e.g. Postfix, Sendmail, Exim) and a Mail Delivery/Access Agent that lets clients retrieve mail (e.g. Dovecot).

Mail Protocols

SMTP (Simple Mail Transfer Protocol) — Port 25 / 587

• A push protocol used to send mail and to relay it between mail servers.
• Client connects to the MTA, issues HELO/EHLO, MAIL FROM, RCPT TO, DATA, then the message body, ending with a single ..
• Handles only outgoing transfer; it does not retrieve mail to the user.

POP3 (Post Office Protocol v3) — Port 110 / 995 (SSL)

• A pull protocol used by a client to download mail from the server's mailbox.
• By default mail is downloaded and removed from the server, stored locally.
• Simple, good for single-device access; no server-side folder sync.

IMAP (Internet Message Access Protocol) — Port 143 / 993 (SSL)

• Also a pull/access protocol, but mail stays on the server; the client views and manages it remotely.
• Supports multiple folders, server-side search, flags, and synchronisation across many devices.
• Preferred for modern multi-device usage.

Flow: Sender → (SMTP) → Sender's MTA → (SMTP) → Recipient's MTA → mailbox → (POP3/IMAP) → Recipient's mail client.

Steps to Configure a Mail Server (Linux example)

1. DNS setup: create an MX record pointing to the mail server, plus A record; add SPF, DKIM, DMARC records to prevent spoofing.
2. Install MTA: sudo apt install postfix; choose Internet Site and set the domain.
3. Configure Postfix (/etc/postfix/main.cf): set myhostname, mydomain, myorigin, inet_interfaces, mydestination, relay/network settings.
4. Install IMAP/POP3 server: sudo apt install dovecot-imapd dovecot-pop3d and configure mailbox location and authentication.
5. Enable TLS/SSL with valid certificates so SMTP/IMAP/POP3 traffic is encrypted (ports 587/993/995).
6. Create mail users and set authentication (SASL).
7. Open firewall ports (25, 587, 143/993, 110/995) and start/enable services: systemctl enable --now postfix dovecot.
8. Test with telnet/swaks for SMTP and a mail client for IMAP/POP3.

Network Security

Network security is the set of policies, technologies and practices used to protect the confidentiality, integrity and availability (CIA) of data and resources transmitted over or stored on a network, defending against unauthorised access, misuse, modification and denial of service. A defence-in-depth strategy layers multiple controls so that the failure of one does not compromise the whole system.

1. Firewalls

A firewall is hardware or software that controls traffic between networks (e.g. internal LAN and the Internet) by enforcing a rule set (access control list).

• Packet-filtering firewall: inspects source/destination IP, port and protocol of each packet.
• Stateful inspection firewall: tracks connection state, allowing only packets belonging to valid sessions.
• Application-layer / proxy firewall (NGFW): inspects application content (HTTP, DNS) and can do deep packet inspection.
• Function: acts as a barrier, permitting legitimate traffic and blocking malicious or unauthorised traffic.

2. Intrusion Detection / Prevention System (IDS/IPS)

An IDS monitors network or host activity for signs of attack and raises alerts; an IPS additionally blocks the malicious traffic in real time.

• NIDS (network-based) watches traffic on a segment; HIDS (host-based) watches a single system.
• Signature-based detection: matches traffic against known attack patterns.
• Anomaly-based detection: flags deviations from a learned baseline of normal behaviour.
• Provides visibility and early warning of intrusions, scans and policy violations.

3. Virtual Private Network (VPN)

A VPN creates a secure, encrypted tunnel over an untrusted public network (the Internet), so remote users or branch offices can communicate as if on a private LAN.

• Provides confidentiality (encryption), integrity and authentication of endpoints.
• Common protocols: IPsec, SSL/TLS (OpenVPN), WireGuard, L2TP.
• Types: Remote-access VPN (user to network) and Site-to-site VPN (network to network).

Summary

Firewalls control who and what can enter the network, IDS/IPS detect and stop attacks that get through, and VPNs secure data in transit over public links. Together these layered controls form a robust network security architecture.

DNS Resolution

DNS resolution is the process of translating a human-readable domain name (e.g. www.example.com) into its corresponding IP address (e.g. 93.184.216.34) so that hosts can be reached on the network. It is performed by a resolver that queries the hierarchy of DNS servers: root → TLD (.com) → authoritative name server.

Recursive Query

• The client asks its local DNS resolver and demands a complete answer.
• The resolver takes full responsibility: it queries the other DNS servers on the client's behalf and returns either the final IP address or an error.
• The client makes one request and receives the resolved answer; the work is hidden from it.

Iterative Query

• The queried server returns the best answer it has, or a referral to the next server that may know more (e.g. "ask this TLD server").
• The client/resolver must then query that next server itself, repeating until the authoritative server is reached.
• Typically used between the resolver and the root/TLD/authoritative servers.

Typical flow: the client → resolver is recursive; the resolver → root/TLD/authoritative servers is iterative. Results are cached to speed up future lookups.

Purpose of /etc/fstab

The /etc/fstab (file system table) is a Linux configuration file that lists the filesystems to be automatically mounted at boot time and defines how they should be mounted. It lets mount -a and the boot process attach disks/partitions without manual commands.

Each line has six fields:

<device>   <mount point>   <fstype>   <options>   <dump>   <pass>
UUID=...    /              ext4       defaults    0        1
/dev/sdb1   /data          ext4       defaults    0        2
/swapfile   none           swap       sw          0        0

• device – partition by name, UUID= or LABEL=.
• mount point – directory where it is attached (e.g. /, /home).
• fstype – filesystem type (ext4, xfs, swap, nfs…).
• options – mount options (defaults, ro, noexec, nofail…).
• dump – used by the dump backup utility (0 = no).
• pass – fsck check order at boot (0 = none, 1 = root, 2 = others).

Purpose summary: it provides persistent, consistent mounting of disks, partitions, swap and network shares at startup, removing the need to mount them manually each time.

Package Manager

A package manager is a tool that automates installing, upgrading, configuring and removing software packages on a system. It tracks installed software, resolves dependencies (automatically fetching required libraries), verifies package integrity, and pulls packages from configured repositories, keeping the system consistent.

Key functions

• Install / remove / upgrade software.
• Automatic dependency resolution.
• Query installed packages and search repositories.
• Maintain a database of installed files and versions.

Examples

• APT (apt/apt-get, dpkg) — used by Debian/Ubuntu (.deb packages). E.g. sudo apt install nginx, sudo apt update && sudo apt upgrade.
• YUM / DNF (rpm) — used by RHEL/CentOS/Fedora (.rpm packages). E.g. sudo yum install httpd, sudo dnf update.
• Others: zypper (openSUSE), pacman (Arch), apk (Alpine).

Benefit: reliable, repeatable software management with automatic dependency handling instead of manual compilation.

Hardware RAID vs Software RAID

RAID (Redundant Array of Independent Disks) combines multiple physical disks into one logical unit for performance and/or redundancy. It can be implemented in hardware or software.

Summary: Hardware RAID uses a dedicated controller for better performance and CPU offloading at higher cost, while software RAID is cheaper and more flexible but consumes host CPU resources.

SSH (Secure Shell)

SSH is a cryptographic network protocol (default TCP port 22) that provides secure, encrypted remote login and command execution over an insecure network. It also supports secure file transfer (scp, sftp) and port forwarding/tunneling.

Why SSH is preferred over Telnet

• With Telnet, anyone capturing the traffic can read passwords and commands, so it is insecure for the modern Internet.
• SSH encrypts the entire session, verifies server identity (host keys) to prevent man-in-the-middle attacks, and supports key-based login.

Conclusion: SSH provides confidentiality, integrity and strong authentication that Telnet lacks, making it the standard for secure remote administration.

DHCP Lease Process (DORA)

DHCP (Dynamic Host Configuration Protocol) automatically assigns IP configuration to clients. A new client obtains an address through a four-step exchange, known as DORA:

1. DHCP DISCOVER — The client, having no IP, broadcasts a DISCOVER message (source 0.0.0.0, destination 255.255.255.255) to find any available DHCP server.

2. DHCP OFFER — One or more servers reply with an OFFER, proposing an available IP address along with subnet mask, default gateway, DNS, and lease duration.

3. DHCP REQUEST — The client broadcasts a REQUEST accepting one offer (identifying the chosen server), formally requesting that IP. The broadcast also tells other servers their offers were declined.

4. DHCP ACK — The chosen server sends an ACK confirming the lease, and the client configures the IP for the lease time.

Lease Renewal

• At 50% (T1) of the lease, the client unicasts a REQUEST to renew with the same server.
• At 87.5% (T2), if not renewed, it broadcasts to any server.
• If the lease expires without renewal, the client must restart the DORA process.

Summary: DISCOVER → OFFER → REQUEST → ACK assigns a leased IP for a fixed time, with periodic renewal to keep it.

Swap Space in Linux

Swap space is an area on disk (a dedicated swap partition or a swap file) that Linux uses as an extension of physical RAM. When RAM becomes full, the kernel moves inactive memory pages from RAM to swap (paging/swapping out), freeing RAM for active processes; pages are read back when needed.

Purposes

• Acts as virtual memory overflow when RAM is exhausted, preventing out-of-memory crashes.
• Holds inactive pages so RAM is used for active data, improving overall utilisation.
• Required for hibernation (suspend-to-disk), where RAM contents are saved to swap.

Notes

• Swap is much slower than RAM (disk-based), so heavy swapping ("thrashing") degrades performance.
• View usage with free -h or swapon --show; create with mkswap + swapon, and add to /etc/fstab for persistence.
• Recommended size traditionally ~equal to RAM (or RAM + a margin for hibernation), though it varies with workload.

Summary: Swap space supplements RAM as virtual memory, providing a safety buffer and enabling hibernation, at the cost of slower disk speed.

Role of init / systemd

When the Linux kernel finishes booting, it starts the init process, the first user-space process (PID 1), which is the ancestor of all other processes. Its job is to initialise the system and start all required services, bringing the machine to a usable running state, and to manage processes until shutdown.

Traditional init (SysV init)

• Uses runlevels (0–6) to define system states (0 = halt, 1 = single-user, 3 = multi-user CLI, 5 = GUI, 6 = reboot).
• Runs shell scripts in /etc/init.d/ sequentially, which is slower.

systemd (modern replacement)

• Replaces SysV init on most modern distributions (Ubuntu, RHEL, Fedora, Debian).
• Manages services as units (.service, .socket, .mount, .target).
• Starts services in parallel using dependency tracking → faster boot.
• Uses targets instead of runlevels (e.g. multi-user.target, graphical.target).
• Provides systemctl to start/stop/enable/disable/status services and journalctl for logging.

Core responsibilities

• Mount filesystems, set hostname, start system services/daemons.
• Supervise services (restart on failure), manage dependencies and ordering.
• Handle system state transitions (boot, reboot, shutdown).

Summary: init/systemd is PID 1, responsible for initialising the system and managing services; systemd improves on traditional init with parallel startup, unit/target-based management and the systemctl tool.

Network Address Translation (NAT)

NAT is a technique used on a router/firewall to translate IP addresses in packet headers as traffic passes between networks. It most commonly maps multiple private IP addresses (RFC 1918, e.g. 192.168.x.x, 10.x.x.x) onto one or a few public IP addresses, allowing many internal hosts to share a single public address to reach the Internet.

Why NAT is used

• Conserves public IPv4 addresses (a single public IP serves a whole LAN).
• Adds a layer of security/privacy by hiding internal addressing from the outside.

Types of NAT

• Static NAT: one-to-one fixed mapping of a private IP to a public IP.
• Dynamic NAT: maps private IPs to a pool of public IPs as needed.
• PAT / NAT Overload (Masquerading): many private IPs share one public IP, distinguished by port numbers — the most common form (home/office routers).

How it works (PAT)

When an internal host sends a packet, the router rewrites the source IP (and port) to the public IP and records the mapping in a translation table. Reply packets are matched against the table and the destination is rewritten back to the original private IP, delivering the response to the correct host.

Summary: NAT lets private networks access the Internet using shared public IPs, conserving address space and hiding internal hosts, with PAT being the most widely deployed variant.