Download index

Aim 1:
To study the NETWORK COMMANDS
1. PING
 Ping is a computer network administration utility used to test whether a
particular host is reachable across an Internet Protocol (IP) network and to
measure the round-trip time for packets sent from the local host to a
destination computer, including the local host's own interfaces.
 Ping operates by sending Internet Control Message. Protocol (ICMP) echo
request packets to the target host and waits for an ICMP response,
sometimes casually called a pong.
 Ping Program was written By “Michael John Muuss” in December 1983.
Ping local host .Pings the local host, this will allow you to see if the
computer is able to send information out and receive the information back.
Note that this does not send information over a network but may allow you
to see if the card is being seen.
ping xxx.xxx.xxx.xxx
Allows you to ping another computer where the x's are located are where
you would place the IP address of the computer you are attempting to ping.
If this is not able to complete, this should relay back an unsuccessful
message, which could be an indication of cable issues, network card issues,
hub issue, etc.
ping computerhope.com
1. PING computerhope.com (204.228.150.3) 56(84) bytes of data.
64 bytes from www.computerhope.com (204.228.150.3): icmp_seq=1
ttl=63 time=0.267ms
2. c:\>ping
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name
To see statistics and continue - type Control-Break;
To stop - type Control-C.
Ayush Patni (0834cs061011)
1
Options:

-t
- Ping the specified host until stopped.

-a
- Resolve addresses to hostnames.

-n count
- Number of echo requests to send.

-l size
- Send buffer size.

-f
- Set Don't Fragment flag in packet.

-i TTL
- Time To Live.

-v TOS
- Type Of Service.

-r count
- Record route for count hops.

-s count
- Timestamp for count hops.

-j host-list
- Loose source route along host-list.

-k host-list
- Strict source route along host-list.

-w timeout
- Timeout in milliseconds to wait for each reply.
C:\>ping –t 127.0.0.1
Ayush Patni (0834cs061011)
2
C:\>ping –a 127.0.0.1
C:\>ping –n 5 127.0.0.1
Ayush Patni (0834cs061011)
3
C:\>ping –l 5 127.0.0.1
C:\>ping –f 127.0.0.1
Ayush Patni (0834cs061011)
4
C:\>ping –i 8 127.0.0.1
C:\>ping –v 3 127.0.0.1
Ayush Patni (0834cs061011)
5
C:\>ping –r 5 127.0.0.1
C:\>ping –s 4 127.0.0.1
Ayush Patni (0834cs061011)
6
C:\>ping –w 2 127.0.0.1
Example
 PING -n 1 -w 7500 Server_06
 PING -w 7500 MyHost && ECHO MyHost found
 PING -w 7500 MyHost || ECHO MyHost not found
 PING -n 5 www.microsoft.com
 PING -n 5 -w 7500 microsoft.com
Troubleshooting with ping
 Ping the IP address of your local loopback, using the command ping
127.0.0.1.
 Ping the assigned IP address of your local network interface card (NIC).
 Ping the IP address of another known good system on your local network.
 Verify connectivity to a remote network by sending a ping to the IP
address of the default gateway.
 Verify remote connectivity by sending a ping to the IP address of a
system on a remote network.
Ayush Patni (0834cs061011)
7
2. IPCONFIG
The ipconfig command is a technician's best friend when it comes to viewing
the
TCP/IP
configuration
of
a
Windows
system.
ipconfig (internet protocol configuration) in Microsoft Windows is a console
application that displays all current TCP/IP network configuration values and
refreshes Dynamic Host Configuration Protocol DHCP and Domain Name
System DNS settings.
The standard path is %WINDIR%\System32\ipconfig.exe which usually
resolves to C:\WINDOWS\System32\ipconfig.exe
the ipconfig command shows basic information such as the name of the network
interface, the IP address, the subnet mask, and the default gateway.
Ayush Patni (0834cs061011)
8
C:\Documents and Settings\patni>ipconfig/all
Ayush Patni (0834cs061011)
9
ipconfig Switches
Switch
Description
?
Displays the ipconfig help screen
/all
Displays additional IP configuration information
/release
Releases the IP address of the specified adapter
/renew
Renews the IP address of a specified adapter
Symptom
Field to Check in ipconfig Output
User is unable to connect to any other
system.
Make sure the TCP/IP address and subnet
mask are correct. If the network uses
DHCP, make sure DHCP is enabled.
User is able to connect to another
system on the same subnet but is not
able to connect to a remote system.
Make sure the default gateway is correctly
configured.
User is unable to browse the Internet.
Make sure the DNS server parameters are
configured correctly.
User is unable to browse across
remote subnets.
Make sure the WINS or DNS server
parameters are configured correctly.
On a Windows 98 Second Edition and Windows Me systems, the
winipcfg command is used in addition to the ipconfig command. The difference
between the two utilities is that winipcfg is a graphical utility.
IPconfig performs the same function as ipconfig, but on a Linux, UNIX, or
Macintosh system. Because Linux relies more heavily on command-line utilities
than Windows, the Linux and UNIX version of ifconfig provides much more
functionality than ipconfig.
A console application is a computer program designed to be used via a textonly computer interface ,such as a text terminal, the command line interface of
some operating systems.
Ayush Patni (0834cs061011)
10
The loopback is a special function within the protocol stack that is supplied for
troubleshooting purposes. The Class A IP address 127.X.X.X is reserved for the
loopback; although convention dictates that you use127.0.0.1, you can use any
address in the 127.X.X.Xrange, except for the network number itself (127.0.0.0)
and the broadcast address (127.255.255.255). You can also ping by using the
default hostname for the local system, which is called local host. (for
example, ping localhost).
C:\>ipconfig 127.0.0.1
>ipconfig
Ayush Patni (0834cs061011)
……it shows the information
11
C:\>ipconfig /?
>ipconfig /?
Ayush Patni (0834cs061011)
…..it is used to display this help message
12
bit
offset
0–3
4–7
8–15
16–18
0
Version
Header
length
(-v)
Differentiated
Services
Total Length
32
Identification
64
Time to Live ( -i )
96
Source Address
128
Destination Address
160
Options ( if Header Length > 5 )
160
or
192+
Flags
(-f )
Protocol
19–31
Fragment Offset
Header Checksum
Data
Ayush Patni (0834cs061011)
13
3. TRACE ROUTE
The trace route utility does exactly what its name implies it traces the route
between two hosts. It does this by using Internet Control Message Protocol
(ICMP) echo packets to report information back at every step in the journey.
Each of the common network operating systems provides a trace route utility,
but the name of the command and the output vary slightly on each.
Trace route provides a lot of useful information, including the IP address of
every router connection it passes through and, in many cases, the name of the
router (although this depends on the router's configuration). Trace route also
reports the length, in milliseconds, of the round-trip the packet made from the
source location to the router and back. This information can help identify where
network bottlenecks or breakdowns might be.
Trace Route Utility Commands
Operating System
Trace Route Command Syntax
Windows Server 2000/2003
tracert <IP address>
Novell NetWare
iptrace
Linux/UNIX
traceroute <IP address>
Macintosh
traceroute <IP address>
C:\>tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d
do not resolve addresses to hostnames.
-h maximum_hops
Maximum number of hops to search for target.
-j host-list
loose source route along host-list.
-w timeout
Wait timeout milliseconds for each reply.
Ayush Patni (0834cs061011)
14
Example
C:\>tracert 24.7.70.37
The tracert display on a Windows-based system includes several columns of
information. The first column represents the hop number. You may recall that
'hop' is the term used to describe a step in the path a packet takes as it crosses
the network. The next three columns indicate the round-trip time, in
milliseconds, that a packet takes in its attempts to reach the destination. The last
column is the hostname and the IP address of the responding device.
Ayush Patni (0834cs061011)
15
The following is the output from a tracert command on a Windows Server 2003
system that doesn't manage to get to the remote host:
C:\>tracert comptia.org
In this example, the trace route request only gets to the seventh hop, at which
point it fails; this failure indicates that the problem lies on the far side of the
device in step 7 or on the near side of the device in step 8. In other words, the
device at step 7 is functioning but might not be able to make the next hop. The
cause of the problem could be a range of things, such as an error in the routing
table or a faulty connection. Alternatively, the seventh device might be
Ayush Patni (0834cs061011)
16
operating 100%, but device 8 might not be functioning at all. In any case, you
can isolate the problem to just one or two devices.
The trace route utility can also help you isolate a heavily congested network. In
the following example, the trace route packets fail in the midst of
the tracert from a Windows Server 2003 system, but subsequently are able to
continue.Trace route utilities allow you to identify the location of a problem in
the connectivity between two devices. After you have determined this location,
you might need to use a utility such as ping to continue troubleshooting.
In many cases, as in the example, the routers might be on a network such as the
Internet and therefore not within your control. In that case, there is little you can
do except inform your ISP of the problem.
Ayush Patni (0834cs061011)
17
4. NET STAT
The netstat command displays the protocol statistics and current TCP/IP
connections on the local system. Used without any switches,
the netstat command shows the active connections for all outbound TCP/IP
connections.
In addition, several switches are available that change the type of
information netstat displays.
Switch
Description
-a
Displays the current connections and listening ports
-e
Displays Ethernet statistics
-n
Lists addresses and port numbers in numerical form
-p
Shows connections for the specified protocol
-r
Shows the routing table
-s
Lists per-protocol statistics
interval
Specifies the length of time to wait before redisplaying
statistics
The netstat utility is used to show the port activity for both TCP and UDP
connections, showing the inbound and outbound connections. When used
without switches, the netstat utility has four information headings.
• Proto Lists the protocol being used, either UDP or TCP.
• Local address Specifies the local address and port being used.
• Foreign address Identifies the destination address and the port being used.
• State Specifies whether the connection is established.
The netstat command shows outbound connections that have been established
by TCP. The following shows a sample output from a netstat command without
using any switches:
Ayush Patni (0834cs061011)
18
C:\>netstat
The netstat -e command shows the activity for the NIC and displays the number
of packets that have been both sent and received.
C:\>netstat –e
Ayush Patni (0834cs061011)
19
The netstat -e command shows more than just the packets that have been sent
and received:
• Bytes The number of bytes that have been sent or received by the NIC
since the computer was turned on.
• Unicast packets Packets sent and received directly to this interface.
• Non-unicast packets Broadcast or multicast packets that were picked up
by the NIC.
• Discards The number of packets rejected by the NIC, perhaps because
they were damaged.
• Errors The errors that occurred during either the sending or receiving
process. As you would expect, this column should be a low number. If it
is not, it could indicate a problem with the NIC.
• Unknown protocols The number of packets that were not recognizable by
the system.
Ayush Patni (0834cs061011)
20
The netstat -a command displays statistics for both TCP and User Datagram
Protocol (UDP). Here is an example of the netstat -a command
C:\WINDOWS>netstat –a
The following list briefly explains the information provided by the netstat -a
command
• Proto The protocol used by the connection.
• Local Address The IP address of the local computer system and the port
number it is using. If the entry in the local address field is an asterisk (*),
it indicates that the port has not yet been established.
• Foreign Address The IP address of a remote computer system and the
associated port. When a port has not been established, as with the UDP
connections, *:* appears in the column.
• State The current state of the TCP connection. Possible states include
established, listening, closed, and waiting.
The output includes four columns, which show the protocol, the local address,
the foreign address, and the state of the port. The TCP connections show the
local and foreign destination addresses and the current state of the connection.
UDP, however, is a little different; it does not list a state status because UDP is
a connectionless protocol and does not establish connections.
Ayush Patni (0834cs061011)
21
Ayush Patni (0834cs061011)
22
The netstat -r command is often used to view the routing table for a system. A
system uses a routing table to determine routing information for TCP/IP traffic.
The following is an example of the netstat -r command from a Windows Me
system:
C:\WINDOWS >netstat -r
Ayush Patni (0834cs061011)
23
The netstat -s command displays a number of statistics related to the TCP/IP
protocol suite. Understanding the purpose of every field in the output is for your
reference, sample output from the netstat -s command is shown here
C:\>netstat -s
Ayush Patni (0834cs061011)
24
Aim 2:
Write the case study of DOMAIN NAME SYSTEM(DNS)
The Domain Name System (DNS) is a hierarchical naming system for
computers, services, or any resource connected to the Internet or a private
network. It associates various information with domain names assigned to each
of the participants. Most importantly, it translates domain names meaningful to
humans into the numerical (binary) identifiers associated with networking
equipment for the purpose of locating and addressing these devices worldwide.
An often-used analogy to explain the Domain Name System is that it serves as
the "phone book" for the Internet by translating human-friendly computer
hostnames into IP addresses. For example, www.example.com translates to
192.0.32.10.
The Domain Name System makes it possible to assign domain names to
groups of Internet users in a meaningful way, independent of each user's
physical location. Because of this, World Wide Web (WWW) hyperlinks and
Internet contact information can remain consistent and constant even if the
current Internet routing arrangements change or the participant uses a mobile
device. The Domain Name System distributes the responsibility of assigning
domain names and mapping those names to IP addresses by designating
authoritative name servers for each domain. Authoritative name servers are
assigned to be responsible for their particular domains, and in turn can assign
other authoritative name servers for their sub-domains. This mechanism has
made the DNS distributed and fault tolerant and has helped avoid the need for a
single central register to be continually consulted and updated.
In general, the Domain Name System also stores other types of
information, such as the list of mail servers that accept email for a given Internet
domain. By providing a worldwide, distributed keyword-based redirection
service, the Domain Name System is an essential component of the
functionality of the Internet. Other identifiers such as RFID tags, UPC codes,
International characters in email addresses and host names, and a variety of
other identifiers could all potentially utilize DNS.The Domain Name System
also defines the technical underpinnings of the functionality of this database
service. For this purpose it defines the DNS protocol, a detailed specification of
the data structures and communication exchanges used in DNS, as part of the
Internet Protocol Suite (TCP/IP).
Ayush Patni (0834cs061011)
25
Applications
 Hostnames and IP addresses do not necessarily match on a one-to-one
basis. Many hostnames may correspond to a single IP address: combined
with virtual hosting, this allows a single machine to serve many web sites.
Alternatively a single hostname may correspond to many IP addresses:
this can facilitate fault tolerance and load distribution, and also allows a
site to move physical location seamlessly.
 There are many uses of DNS besides translating names to IP addresses.
For instance, Mail transfer agents use DNS to find out where to deliver email for a particular address. The domain to mail exchanger mapping
provided by MX records accommodates another layer of fault tolerance
and load distribution on top of the name to IP address mapping.
 E-mail Blacklists: The DNS system is used for efficient storage and
distribution of IP addresses of blacklisted e-mail hosts. The usual method
is putting the IP address of the subject host into the sub-domain of a
higher level domain name, and resolve that name to different records to
indicate a positive or a negative. A hypothetical example using
blacklist.com
 102.3.4.5 is blacklisted => Creates 5.4.3.102.blacklist.com and resolves
to 127.0.0.1
 102.3.4.6 is not => 6.4.3.102.blacklist.com is not found, or default to
127.0.0.2
 E-mail servers can then query blacklist.com through the DNS mechanism
to find out if a specific host connecting to them is in the blacklist. Today
many of such blacklists, either free or subscription-based, are available
mainly for use by email administrators and anti-spam software.
 Software Updates: many anti-virus and commercial software now use the
DNS system to store version numbers of the latest software updates so
client computers do not need to connect to the update servers every time.
For these types of applications, the cache time of the DNS records are
usually shorter.
 Sender Policy Framework and DomainKeys, instead of creating their own
record types, were designed to take advantage of another DNS record
type, the TXT record.
 To provide resilience in the event of computer failure, multiple DNS
servers are usually provided for coverage of each domain, and at the top
level, thirteen very powerful root servers exist, with additional "copies"
of several of them distributed worldwide via Anycast.
Ayush Patni (0834cs061011)
26
 Dynamic DNS (also referred to as DDNS) provides clients the ability to
update their IP address in the DNS after it changes due to mobility.
Protocol details
DNS primarily uses User Datagram Protocol (UDP) on port number 53 to serve
requests. DNS queries consist of a single UDP request from the client followed
by a single UDP reply from the server. The Transmission Control Protocol
(TCP) is used when the response data size exceeds 512 bytes, or for tasks such
as zone transfers. Some operating systems, such as HP-UX, are known to have
resolver implementations that use TCP for all queries, even when UDP would
suffice.
DNS resource records
A Resource Record (RR) is the basic data element in the domain name system.
Each record has a type (A, MX, etc.), an expiration time limit, a class, and some
type-specific data. Resource records of the same type define a resource record
set. The order of resource records in a set, returned by a resolver to an
application, is undefined, but often servers implement round-robin ordering to
achieve load balancing. DNSSEC, however, works on complete resource record
sets in a canonical order.
RR (Resource record) fields
Description
Field
NAME
TYPE
CLASS
Name of the node to which this record
pertains.
Type of RR. For example, MX is type 15.
Class code.
TTL
Unsigned time in seconds that RR stays
valid, maximum is 2147483647.
RDLENGTH Length of RDATA field.
RDATA
Additional RR-specific data.
Length (octets)
(variable)
2
2
4
4
(variable)
NAME is the fully qualified domain name of the node in the tree. On the wire,
the name may be shortened using label compression where ends of domain
Ayush Patni (0834cs061011)
27
names mentioned earlier in the packet can be substituted for the end of the
current domain name.
TYPE is the record type. It indicates the format of the data and it gives a hint of
its intended use. For example, the A record is used to translate from a domain
name to an IPv4 address, the NS record lists which name servers can answer
lookups on a DNS zone, and the MX record specifies the mail server used to
handle mail for a domain specified in an e-mail address (see also List of DNS
record types).
RDATA is data of type-specific relevance, such as the IP address for address
records, or the priority and hostname for MX records. Well known record types
may use label compression in the RDATA field, but "unknown" record types
must not (RFC 3597).
The CLASS of a record is set to IN (for Internet) for common DNS records
involving Internet hostnames, servers, or IP addresses. In addition, the classes
CH (Chaos) and HS (Hesiod) exist. Each class is a completely independent tree
with potentially different delegations of DNS zones.
Ayush Patni (0834cs061011)
28
Aim 3:
Write the case study of SIMPLE NETWORK
MANAGEMENT PROTOCOL (SNMP)
Simple Network Management Protocol (SNMP) is a UDP-based network
protocol. It is used mostly in network management systems to monitor networkattached devices for conditions that warrant administrative attention. SNMP is a
component of the Internet Protocol Suite as defined by the Internet Engineering
Task Force (IETF). It consists of a set of standards for network management,
including an application layer protocol, a database schema, and a set of data
objects.
SNMP exposes management data in the form of variables on the managed
systems, which describe the system configuration. These variables can then be
queried (and sometimes set) by managing applications.
Basic components
An SNMP-managed network consists of three key components:
Managed device = Slave device
Agent = software which runs on Slave device
Network management system (NMS) = software which runs on Master
A managed device is a network node that implements an SNMP interface
that allows unidirectional (read-only) or bidirectional access to node-specific
information. Managed devices exchange node-specific information with the
NMSs. Sometimes called network elements, the managed devices can be any
type of device, including, but not limited to, routers, access servers, switches,
bridges, hubs, IP telephones, IP video cameras, computer hosts, and printers.
An agent is a network-management software module that resides on a
managed device. An agent has local knowledge of management information and
translates that information to or from an SNMP specific form.
A network management system (NMS) executes applications that monitor and
control managed devices. NMSs provide the bulk of the processing and memory
resources required for network management. One or more NMSs may exist on
any managed network.
Protocol Details
Ayush Patni (0834cs061011)
29
SNMPv1 and SMI-specific data types:The first version of the SMI (SMIv1) specifies the use of a number of SMIspecific data types, which are divided into two categories: Simple data types.
Three simple data types are defined in the SNMPv1 SMI, all of which are
unique values:
The integer data type is a signed integer in the range of -231 to 231-1.
Octet strings are ordered sequences of 0 to 65,535 octets.
Object IDs come from the set of all object identifiers allocated according to the
rules specified in ASN.1.
 Application-wide data types.
The following application-wide data types exist in the SNMPv1 SMI:Network addresses represent addresses from a particular protocol family.
SMIv1 supports only 32-bit (IPv4) addresses (SMIv2 uses Octet Strings
to represent
i.
ii.
iii.
iv.
v.
vi.
addresses generically, and thus are usable in SMIv1 too. SMIv1 had an
explicit IPv4 address datatype.)
Counters are non-negative integers that increase until they reach a
maximum value and then roll over to zero. SNMPv1 specifies a counter
size of 32 bits.
Gauges are non-negative integers that can increase or decrease between
specified minimum and maximum values. Whenever the system property
represented by the gauge is outside of that range, the value of the gauge
itself will vary no further than the respective maximum or minimum, as
specified in RFC 2578.
Time ticks represent time since some event, measured in hundredths of a
second.
Opaques represent an arbitrary encoding that is used to pass arbitrary
information strings that do not conform to the strict data typing used by
the SMI.
Integers represent signed integer-valued information. This data type
redefines the integer data type, which has arbitrary precision in ASN.1
but bounded precision in the SMI.
Ayush Patni (0834cs061011)
30
vii.
Unsigned integers represent unsigned integer-valued information, which
is useful when values are always non-negative. This data type redefines
the integer data type, which has arbitrary precision in ASN.1 but bounded
precision in the SMI.
Security implications
 SNMP versions 1 and 2c are subject to packet sniffing of the clear text
community string from the network traffic, because they do not
implement encryption.
 All versions of SNMP are subject to brute force and dictionary attacks for
guessing the community strings, authentication strings, authentication
keys, encryption strings, or encryption keys, because they do not
implement a challenge-response handshake. Entropy is an important
consideration when selecting keys, passwords and/or algorithms.
 Although SNMP works over TCP and other protocols, it is most
commonly used over UDP that is connectionless and vulnerable to IP
spoofing attacks. Thus, all versions are subject to bypassing device access
lists that might have been implemented to restrict SNMP access, though
SNMPv3's other security mechanisms should prevent a successful attack.
 SNMP's powerful configuration (write) capabilities are not being fully
utilized by many vendors, partly due to lack of security in SNMP
versions before SNMPv3 and partly due to the fact that many devices
simply are not capable of being configured via individual MIB object
changes.
 SNMP tops the list of the SANS Institute's Common Default
Configuration Issues with the issue of default SNMP community strings
set to ‘public’ and ‘private’ and was number ten on the SANS Top 10
Most Critical Internet Security Threats for the year 2000.
Ayush Patni (0834cs061011)
31
Aim 4:
Study of IP Routing
IP Routing is an umbrella term for the set of protocols that determine the path
that data follows in order to travel across multiple networks from its source to
its destination. Data is routed from its source to its destination through a series
of routers, and across multiple networks. The IP Routing protocols enable
routers to build up a forwarding table that correlates final destinations with next
hop addresses.
These protocols include:
1.



BGP (Border Gateway Protocol)
IS-IS (Intermediate System - Intermediate System)
OSPF (Open Shortest Path First)
RIP (Routing Information Protocol)
When an IP packet is to be forwarded, a router uses its forwarding table to
determine the next hop for the packet's destination (based on the destination IP
address in the IP packet header), and forwards the packet appropriately. The
next router then repeats this process using its own forwarding table, and so on
until the packet reaches its destination. At each stage, the IP address in the
packet header is sufficient information to determine the next hop; no additional
protocol headers are required.
The Internet, for the purpose of routing, is divided into Autonomous Systems
(ASs). An AS is a group of routers that are under the control of a single
administration and exchange routing information using a common routing
protocol. For example, a corporate intranet or an ISP network can usually be
regarded as an individual AS. The Internet can be visualized as a partial mesh of
ASs. An AS can be classified as one of the following three types.
 A Stub AS has a single connection to one other AS. Any data sent to, or
received from, a destination outside the AS must travel over that
connection. A small campus network is an example of a stub AS.
 A Transit AS has multiple connections to one or more ASs, which
permits data that is not destined for a node within that AS to travel
through it. An ISP network is an example of a transit AS.
 A Multihomed AS also has multiple connections to one or more ASs, but
it does not permit data received over one of these connections to be
forwarded out of the AS again. In other words, it does not provide a
Ayush Patni (0834cs061011)
32
transit service to other ASs. A Multihomed AS is similar to a Stub AS,
except that the ingress and egress points for data traveling to or from the
AS can be chosen from one of a number of connections, depending on
which connection offers the shortest route to the eventual destination. A
large enterprise network would normally be a multihomed AS.
An Interior Gateway Protocol (IGP) calculates routes within a single AS. The
IGP enables nodes on different networks within an AS to send data to one
another. The IGP also enables data to be forwarded across an AS from ingress
to egress, when the AS is providing transit services.
Routes are distributed between ASs by an Exterior Gateway Protocol (EGP).
The EGP enables routers within an AS to choose the best point of egress from
the AS for the data they are trying to route.
The EGP and the IGPs running within each AS cooperate to route data across
the Internet. The EGP determines the ASs that data must cross in order to reach
its destination, and the IGP determines the path within each AS that data must
follow to get from the point of ingress (or the point of origin) to the point of
egress (or the final destination).
The diagram below illustrates the different types of AS in a network. OSPF, ISIS and RIP are IGPs used within the individual ASs; BGP is the EGP used
between ASs.
Ayush Patni (0834cs061011)
33
Aim 5:
Study of Serial Line Internet Protocol(SLIP) and PointTo-Point Protocol(PPP)
Serial Line Internet Protocol (SLIP)
Serial Line Interface Protocol (SLIP) is a TCP/IP protocol used for
communication between two machines that are previously configured for
communication with each other. For example, the Internet server provider may
provide the user with a SLIP
connection so that the provider's server can respond to requests, pass them on to
the Internet and forwards requested Internet responses back to the user. The
dial-up connection to the server is typically on a slower serial line rather than on
the parallel or multiplex lines such as a line of the network the user is hooking
up to. It is commonly used on dedicated serial links and dial-up connections that
operate at speeds between 1200bps and 56Kbps.
SLIP modifies a standard Internet datagram by appending a special SLIP END
character to it, which allows datagrams to be distinguished as separate. SLIP
requires a port configuration of 8 data bits, no parity, and EIA or hardware flow
control. SLIP does not provide error detection, being reliant on other high-layer
protocols for this. Over a particularly error-prone dial-up link therefore, SLIP on
its own would not be satisfactory. A SLIP connection needs to have its IP
address configuration set each time before it is established whereas Point-toPoint Protocol (PPP) can determine it automatically once it has started.
The Serial Line Internet Protocol (SLIP) is a mostly obsolete encapsulation of
the Internet Protocol designed to work over serial ports and modem
connections. It is documented in RFC 1055. SLIP has been largely replaced by
the Point-to-Point Protocol (PPP), which is better engineered, has more features
and does not require its IP address configuration to be set before it is
established.
A version of SLIP with header compression is called CSLIP (Compressed
SLIP).
SLIP is a STREAMS-based computer networking facility that provides for the
transmission and reception of IP packets over serial lines. SLIP allows the use
of TCP/IP networking applications such as rlogin and telnet over serial lines.
SCO SLIP is an implementation of the Serial Line Internet Protocol (SLIP) as
defined in RFC 1055 and RFC 1144. SLIP can be used to connect one host to
another via a single, physical serial line connection between serial ports or over
longer distances using a modem at each end of a telephone line. A computer that
is running SLIP over one or more serial lines and that is also connected to a
computer network (such as an Ethernet) can serve as a communication gateway
Ayush Patni (0834cs061011)
34
between computers on a network and computers at the far end of each serial
line.
How SLIP framing works?
An IP datagram is passed down to SLIP, which breaks it into bytes and sends
them one at a time over the link. After the last byte of the datagram, a special
byte value is sent that tells the receiving device that the datagram has ended.
This is called the SLIP END character , and has a byte value of 192 decimal
(C0 hexadecimal, 11000000 binary). And that's basically it: take the whole
datagram, send it one byte at a time, and then send the byte 192 to delimit the
end of the datagram.
A minor enhancement to this basic operation is to precede the datagram by an
END character as well. The benefit of this is that, it clearly separates the start of
the datagram from anything that preceded it. To see why this might be needed,
suppose at a particular time one has only one datagram to send, datagram #1.
So, the user sends #1 and then sends the END character to delimit it. Now,
suppose there is a pause before the next datagram shows up. During that time,
there is no transmission, but if there is line noise, the other device might pick up
spurious bytes
here and there. If the user later receives datagram #2 and just starts sending it,
the receiving device might think the noise bytes were part of datagram #2.
Starting datagram #2 off with an END character tells the recipient that anything
received between this END character and the previous one is a separate
datagram. If that's just noise, then this “noise datagram” is just gibberish that
will be rejected at the IP layer. Meanwhile, it doesn't corrupt the real datagram
one wishes to send. If no noise occurred on the line between datagrams, then the
recipient will just see the END at the start of datagram #2 right after the one at
the end of #1 and will ignore the “null datagram” between the two.
Point-To-Point Protocol (PPP)
In networking, the Point-to-Point Protocol, or PPP, is a data link protocol
commonly used to establish a direct connection between two networking nodes.
Ayush Patni (0834cs061011)
35
It can provide connection authentication, transmission encryption privacy, and
compression.
PPP is used over many types of physical networks including serial cable, phone
line, trunk line, cellular telephone, specialized radio links, and fiber optic links
such as SONET. Most Internet service providers (ISPs) use PPP for customer
dial-up access to the Internet. Two encapsulated forms of PPP, Point-to-Point
Protocol over Ethernet (PPPoE) and Point-to-Point Protocol over ATM
(PPPoA), are used by Internet Service Providers (ISPs) to connect Digital
Subscriber Line (DSL) Internet service.
PPP is commonly used as a data link layer protocol for connection over
synchronous and asynchronous circuits, where it has largely superseded the
older, non-standard Serial Line Internet Protocol (SLIP) and telephone company
mandated standards (such as Link Access Protocol, Balanced (LAPB) in the
X.25 protocol suite). PPP was designed to work with numerous network layer
protocols, including Internet Protocol (IP), Novell's Internetwork Packet
Exchange (IPX), NBF and AppleTalk.
PPP is also used over broadband connections. RFC 2516 describes Point-toPoint Protocol over Ethernet (PPPoE), a method for transmitting PPP over
Ethernet that is sometimes used with DSL. RFC 2364 describes Point-to-Point
Protocol over ATM (PPPoA), a method for transmitting PPP over ATM
Adaptation Layer 5 (AAL5), which is also sometimes used with DSL.
PPP Features
 The PPP follows an address notification system and using this IP address
the dial up client works and the IP address established for the particular
link is also requested by their networks. All this takes place automatically
in the PPP.
 The PPP provides two methods of authentication; one is the Password
Authentication Protocol that uses a password to authenticate or the
Challenge Handshake Authentication Protocol which uses the handshake
of the server with the dial up as an authentication.
 The PPP allows different types of protocols to function on its platform
and on the same link.
 The PPP also additionally checks the link established by the protocol and
includes something called the link level echo facility which checks if the
link is operating properly.
 The main tasks of the Point to Point Protocol are to check if the condition
of the line or the telephone line that it is operating on is OK. The Point to
Point Protocol also checks the password and after going through all these
initial checks it establishes the connection with the internet service
provider servers and requests for an IP address.
Ayush Patni (0834cs061011)
36
 This IP address is used by the PPP on the internet to communicate with
all other network protocols and servers as long as the connection lasts.
The PPP also transports the packets of information from one server to the
other and uses the same IP address to address the computer which has
requested for the information.
PPP Frames
There are many protocols that are included in the PPP frame that work in
tandem to send and receive data on a network. The packages of data that are
being sent and received on the network is called frame. The Point to Point
Protocol usually follows a general and a standard format for all the frames that
it sends or receives.
In order to understand the network and its functionalities and later trouble shoot
a network administrator should be able to understand these frames to be able to
diagnose issues related to the protocols.
The Point to Point Protocol follows specified set of formats for different
purposes on the network. The formats that are commonly used by the Point to
Point Protocol are Link Control Protocol, and other authentication protocols like
PAP and CHAP. The Point to Point Protocol also has a varied version called the
PPP multilink protocol. All these protocols are used to transport the small bits
of data over the link.
Ayush Patni (0834cs061011)
37
Aim 6:
Study of Open Shortest Path First (OSPF)
Open Shortest Path First (OSPF) is a dynamic routing protocol for use in
Internet Protocol (IP) networks. Specifically, it is a link-state routing protocol
and falls into the group of interior gateway protocols, operating within a single
autonomous system (AS). It is defined as OSPF Version 2 in RFC 2328 (1998)
for IPv4.[1] The updates for IPv6 are specified as OSPF Version 3 in RFC 5340
(2008).
OSPF is perhaps the most widely-used interior gateway protocol (IGP) in large
enterprise networks; IS-IS, another link-state routing protocol, is more common
in large service provider networks. The most widely-used exterior gateway
protocol is the Border Gateway Protocol (BGP), the principal routing protocol
between autonomous systems on the Internet.
OSPF has two primary characteristics.
 The first is that the protocol is open, which means that its specification is
in the public domain. The OSPF specification is published as Request For
Comments (RFC) 1247.
 The second principal characteristic is that OSPF is based on the SPF
algorithm, which sometimes is referred to as the Dijkstra algorithm,
named for the person credited with its creation.
OSPF is a link-state routing protocol that calls for the sending of link-state
advertisements (LSAs) to all other routers within the same hierarchical area.
Information on attached interfaces, metrics used, and other variables is included
in OSPF LSAs. As OSPF routers accumulate link-state information, they use
the SPF algorithm to calculate the shortest path to each node.
As a link-state routing protocol, OSPF contrasts with RIP and IGRP, which are
distance-vector routing protocols. Routers running the distance-vector algorithm
send all or a portion of their routing tables in routing-update messages to their
neighbors.
Packet Format
Version Type Packet Router Area Checksum Authentication Authentication Data
number
length ID
ID
type
Ayush Patni (0834cs061011)
38
OSPF packets consist of nine fields.
The following descriptions summarize the header fields illustrated above
 Version Number: - Identifies the OSPF version used.
 Type:- Identifies the OSPF packet type as one of the following:
i. Hello: Establishes and maintains neighbor relationships.
ii. Database Description: Describes the contents of the topological
database. These messages are exchanged when an adjacency is
initialized.
iii. Link-state Request: Requests pieces of the topological database from
neighbor routers. These messages are exchanged after a router
discovers (by examining database-description packets) that parts of its
topological database are out of date.
iv. Link-state Update: Responds to a link-state request packet. These
messages also are used for the regular dispersal of LSAs. Several
LSAs can be included within a single link-state update packet.
v. Link-state Acknowledgment: Acknowledges link-state update
packets.
 Packet Length—Specifies the packet length, including the OSPF header,
in bytes.
 Router ID—Identifies the source of the packet.
 Area ID—Identifies the area to which the packet belongs. All OSPF
packets are associated with a single area.
 Checksum—Checks the entire packet contents for any damage suffered in
transit.
 Authentication Type—Contains the authentication type. All OSPF
protocol exchanges are authenticated. The Authentication Type is
configurable on a per-area basis.
 Authentication—Contains authentication information.
 Data—Contains encapsulated upper-layer information.
Ayush Patni (0834cs061011)
39
Aim 7:
Study of Supernetting and Subnetting
Supernetting
A supernet is an Internet Protocol (IP) network that is formed from the
combination of two or more networks (or subnets) with a common Classless
Inter-Domain Routing (CIDR) routing prefix. The new routing prefix for the
combined network aggregates the prefixes of the constituent networks. It must
not contain other prefixes of networks that do not lie in the same routing path.
The process of forming a supernet is often called supernetting, route
aggregation, or route summarization.
Supernetting within the Internet serves as a preventative strategy to avoid
topological fragmentation of the IP address space by using a hierarchical
allocation system that delegates control of segments of address space to regional
network service providers.[1] This method facilitates regional route
aggregation.
The benefits of supernetting are conservation of address space and efficiencies
gained in routers in terms of memory storage of route information and
processing overhead when matching routes.
In Internet networking terminology, a supernet is a block of contiguous
subnetworks addressed as a single subnet. Supernets always have masks that are
smaller than the masks of the component networks.
Supernetting alleviates some of the issues, such as excessively large route tables
which increase router latency, with the original classful addressing scheme for
IP addresses by allowing multiple networks address ranges to be combined,
either to create a single larger network, or just for route aggregation to keep the
"Internet Routing Table" (or any routing table) from growing too large.
Supernetting combines a group of routes into a single route advertisement. The
number of subnets and network addresses contained in Internet routing tables is
rapidly increasing due to the rapid expansion of the Internet. This growth has
had a negative impact on CPU resources, bandwidth, and memory used to
maintain routing tables. Therefore, route summarization was introduced to
reduce the size of network routing tables.
If configured properly, supernetting can reduce the latency associated with
router hop, since the average speed for routing table lookup will be increased
Ayush Patni (0834cs061011)
40
due to the reduced number of entries. The overhead for routing protocols can
also be reduced since fewer routing entries are being advertised.
Subnetting
A subnetwork, or subnet, is a logically visible, distinctly addressed part of a
single Internet Protocol network.[1] The process of subnetting is the division of
a computer network into groups of computers that have a common, designated
IP address routing prefix.
Subnetting breaks a network into smaller realms that may use existing address
space more efficiently, and, when physically separated, may prevent excessive
rates of Ethernet packet collision in a larger network. The subnets may be
arranged logically in a hierarchical architecture, partitioning the organization's
network address space (see also Autonomous System) into a tree-like routing
structure. Routers are used to interchange traffic between subnetworks and
constitute logical or physical borders between the subnets. They manage traffic
between subnets based on the high-order bit sequence (routing prefix) of the
addresses.
A routing prefix is the sequence of leading (most-significant) bits of an IP
address that precede the portion of the address used as host identifier and, if
applicable, the set of bits that designate the subnet number. Routing prefixes are
expressed in CIDR notation, which uses the first address of a network followed
by the bit-length of the prefix, separated by a slash (/) character. For example,
192.168.1.0/24 is the prefix of the IPv4 network starting at the given address,
having 24 bits allocated for the network number, and the rest (8 bits) reserved
for host addressing. The IPv6 address specification 2001:db8::/32 is a large
network for 296 hosts, having a 32-bit routing prefix.
In IPv4 networks, the routing prefix is traditionally expressed as a subnet mask,
which is the prefix bit mask expressed in quad-dotted decimal representation.
For example, 255.255.255.0 is the subnet mask for the 192.168.1.0/24 prefix.
All hosts within a subnet can be reached in one routing hop, implying that all
hosts in a subnet are connected to the same link.
A typical subnet is a physical network served by one router, for instance an
Ethernet network, possibly consisting of one or several Ethernet segments or
local area networks, interconnected by network switches and network bridges)
or a Virtual Local Area Network (VLAN). However, subnetting allows the
network to be logically divided regardless of the physical layout of a network,
since it is possible to divide a physical network into several subnets by
configuring different host computers to use different routers.
Ayush Patni (0834cs061011)
41