* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Computer Monitoring and Documenting
Survey
Document related concepts
IEEE 802.1aq wikipedia , lookup
TCP congestion control wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Network tap wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Airborne Networking wikipedia , lookup
Distributed firewall wikipedia , lookup
Computer network wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Deep packet inspection wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Internet protocol suite wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
Computer Monitoring and Documenting A Network Primer Computer Network can be defined as ’a set of transmission paths, interconnected at nodes’ which link a group of autonomous computers, these computers are capable of exchanging messages and information through the network linking them. Figure 2.1: The definition of a computer network: a set of transmission paths, interconnected at nodes Dr. Faisal Yousef Alzyoud 1 Computer networks exist on various scales: small scale that links between machines in the same room up through wiring connecting the machines in a building or campus to regional, national and global networks. The media which can carry the signals is either: copper wire, fibre-optic cables and wireless or radio transmissions etc. As signal passes through larger distances the signal will degrade as a result of the following common effects ( Irving, 2003,pp35-36), in spite the effect of transmission media: • Attenuation • Impulse noise • Thermal noise • Cross-talk • Inter-modulation noise • Radiation • Radio frequency interference • Signal reflection Dr. Faisal Yousef Alzyoud 2 The machine which receive the signal has to check the transmission errors, these checks are performed by including redundant, derived, information in the transmission which can then be re-derived from the signal received and the values compared. These checks are similar to parity check and done through sophisticated techniques such as Cyclic Redundancy Check (CRC). There must be a common protocol between the two communicated computer agree on. Real networks contain multiple machines that want to connect with each other. There are two types of mechanisms by which any two machines in a multiple-machine network can communicate with each other: circuit switching and packet switching. Dr. Faisal Yousef Alzyoud 3 Circuit switch was used in early telephone system, In circuit switching a dedicated circuit or ‘connection’ is created (or nailed-up) when communication between the two machines is initiated, remains in place while the message is passed and is relinquished (or torn down) when the transmission has finished. Whilst the message is being transmitted the two machines have sole use of this circuit. packet-switched networks (datagrams), In packet switching every machine on the network has an address which identifies it uniquely. When a message is transmitted the address of the machine to which the message is directed is included in each of its packets. The sending machine emits the addressed packets onto the network, where they are passed and forwarded until they reach their intended recipient. Dr. Faisal Yousef Alzyoud 4 Multiplexing: it is the process of combining signals for transmission over a shared medium. Two variants are common used : Frequency Domain Multiplexing (FDM) and Time Domain Multiplexing (TDM). FDM is often used where the medium is fiber-optic cables or radio transmission, in FDM several independent signals are transmitted at different wavelengths. TDM is often used when the medium is copper cable , in TDM the various inputs simply take turns to transmit down the medium. Network capacity: it is measured by the number of bits transferred from one point to the second in a given time interval (kilo, Mega or Giga bits per second ), it is a data rate, throughput or bandwidth. Dr. Faisal Yousef Alzyoud 5 Types of Network Networks can be classified according to transmission technology and scale. Transmission technology can be broadly divided into two types: broadcast and switched. Broadcast networks usually have special arrangements for sending simultaneous messages to either multiple machines or all machines, in broadcast network all the machines on the network are connected by a single, continuous communications channel (sometimes called a bus or backbone). The advantage of broadcast networks is their low wiring costs, and their simple routing. Dr. Faisal Yousef Alzyoud 6 In switched networks data are routed to their destination via a sequence of point-to-point, that is node-to-node. Network traffic will pass through one or more intermediate nodes during its journey. By definition, circuit and packet switched networks are both also point-topoint networks. Figure 2.2: Point-to-point links Dr. Faisal Yousef Alzyoud 7 Packet switching is used in computer networks because it works well in networks with heavy traffic flow: nodes can interleave packets from endhosts and other nodes to achieve better utilization of network capacity than dedicated circuit-switched connections. Packet switch has a delay disadvantages which is added to the overall transmission line. The delay is presented by the process of storing packets upon arrival, selecting an outgoing link based on routing information, and retrieving the packet for retransmission on the selected link. An alternative classification of networks is by scale. In this case they are usually divided into LANs, MANs and WANs. Dr. Faisal Yousef Alzyoud 8 LANs (Local Area Networks) typically link the computers in a single building or campus. Ethernet is a popular technology for LANs. MANs (Metropolitan Area Networks) are larger versions of LANs. Typically they link several distinct sites dispersed around a city. WANs (Wide Area Networks) span a wide geographical area, typically a country or continent. They are almost invariably operated by a telecommunications service provider rather than being owned by an end user. Dr. Faisal Yousef Alzyoud 9 Figure 2.3: LAN topologies: (a) is a simple bus and (b) a ring (from Tanenbaum[2] p17) Dr. Faisal Yousef Alzyoud 10 Figure 2.4: A typical WAN (from Tanenbaum[2] p19) Dr. Faisal Yousef Alzyoud 11 firewalls as ‘just a modern adaptation of that old medieval security standby: digging a deep moat around your castle (Tanenbaum, pp776). The usual purpose of a firewall is to protect the LAN from unwelcome external intrusions, such as hackers trying to probe the system prior to attempting un authorized access. Firewalls are configurable. A firewall might examine every packet in detail, though often they do not. Firewalls can also be used to police outgoing traffic. This function can help to prevent unauthorized access by your users to banned services or machines, can force certain types of traffic through another machine (for example, preventing out-bound HTTP access on port 80, thus forcing users to go through a proxy server machine) and can help stop the spread of propagating infections such as viruses. Dr. Faisal Yousef Alzyoud 12 Network Protocols Protocol can be defined as agreement between source, destination and intermediate node. protocol stack is The collection of protocols that define the various interfaces between all the layers in network model, since the decomposition of layers into separate layers allows the layers themselves to be developed, tested and, indeed replaced, individually. Dr. Faisal Yousef Alzyoud 13 Figure 2.5: Layers, protocols and interfaces in network software (from Tanenbaum[2], p27) Corresponding node in source and destination is called peer Dr. Faisal Yousef Alzyoud 14 Figure 2.6: The layers of the OSI (left) and TCP/IP (right) models (from Tanenbaum[2], p43). Dr. Faisal Yousef Alzyoud 15 Connectionless and Connection-Orientated Services Connectionless or Datagram means that there is no direct, dedicated connection between the source and destination hosts, and each packet travels independently from one to the other. If the protocol by which a layer in the network stack is accessed reflects this behavior it is said to offer a connectionless or datagram service. Connection-oriented or Virtual circuit service means the layer is mimicking a direct connection, such as a telephone line, and includes code which automatically checks that dispatched packets have arrived, resends lost packets etc. The OSI and TCP/IP protocols provide connectionless and connection-oriented services at different layers in their stacks Dr. Faisal Yousef Alzyoud 16 OSI Model Layer Connection-less Transport Network Yes TCP / IP Model Connection-oriented Connection-less Connection-oriented Yes Yes Yes Yes Yes The OSI transport layer protocol is only connection-oriented, whereas TCP/IP transport offers both connection-oriented and connectionless alternatives. Conversely, OSI offers both options in the network layer, whereas TCP/IP has only a connectionless network layer Dr. Faisal Yousef Alzyoud 17 Datagrams, packets and PDUs A datagram is defined in RFC 1594 (Marine. A, and Malkine. G, 1989) as “a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network”. Datagrams are used by connectionless services. A packet is simply the unit of data transmitted from a source to a destination on a packet switched network, such as the Internet. A PDU (Protocol Data Unit) is simply a unit of data passed across a network. the term can be used to refer to a unit of data at any of the OSI model’s seven layers, for example Ethernet PDU (layer two). Dr. Faisal Yousef Alzyoud 18 TCP / IP TCP/IP is a layered protocol and it has four layers, TCP/IP is controlled by the Internet Society (ISOC). The function for each layer is as follow: 1. Link or Host-to-network, it handles the hardware-specific details of interfacing to the physical communications channel. 2. Network or Internet, it handles the movement of packets around the network. 3. Transport, it provides a flow of data from the source to the destination host, for use by the application layer. 4. Application, it comprises the specific functionality of each application, such as file transfer,remote login, electronic mail, etc. Dr. Faisal Yousef Alzyoud 19 Figure 2.7: Some of the TCP/IP protocols, arranged by layer (Stevens, 1994, pp.6) Dr. Faisal Yousef Alzyoud 20 TCP (Transmission Control Protocol): it provides a reliable connectionoriented service for the complete transfer of messages from the source to the destination host. TCP is used in applications where it is important that a message arrives complete and intact, such as file transfer, electronic mail or accessing Web pages. TCP was originally defined in RFC 793. UDP (User Datagram Protocol),it is a much simpler protocol than TCP. The message is simply split up into packets and the packets dispatched from a source to a destination host. No acknowledgement that packets have been received is returned and there is no guarantee that all (or any) of the packets arrived. UDP is used in streaming video applications and it is defined in RFC 768. Dr. Faisal Yousef Alzyoud 21 IP (Internet Protocol) is the principal protocol of the network layer. It is used by both TCP and UDP (above) and hence by most network applications. Further, ICMP and IGMP messages (below) are transmitted as IP packets. IP defines a datagram delivery service which is connectionless and unreliable. ICMP (Internet Control Message Protocol): it communicates error messages and similar information between routers and hosts. ICMP messages are usually processed in the network or transport layers, though some will cause error conditions to be reported to user processes. IGMP (Internet Group Management Protocol),it is a rather more specialized protocol which is used for multicasting a UDP datagram to multiple hosts (recall that multicasting is the process of sending the same packet simultaneously to multiple recipients). Dr. Faisal Yousef Alzyoud 22 Link or host-to-network layer ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution Protocol) are specialized protocols used to interface to some types of network. Dr. Faisal Yousef Alzyoud 23 Internetworks and the Internet Internetwork are Multiple networks connected via gateways or bridges. internet (with the lower-case ‘i’) is any network that communicates using TCP/IP, or more precisely the Internet Protocol Suite. Internet (with an upper-case ‘I’) is the collection of all the linked hosts and networks which communicate using TCP/IP. Dr. Faisal Yousef Alzyoud 24 Addressing Every computer attached to a network has a unique address, and If a computer has two network interfaces (for example because it is connected to two networks), each interface will have its own unique Address. There are two types of addressing mechanism: • physical addressing • logical addressing Physical address is part of the computer’s hardware and will not normally change. It is usually programmed into firmware on a Media Access Control (MAC) unit (and hence is referred to as the MAC address), which itself is usually part of a Network Interface Card (NIC), Physical addressing works for LANs, but does not scale to larger networks with millions of hosts. It is either 16 or 64 bits. Dr. Faisal Yousef Alzyoud 25 Logical addresses are Internet addresses which are managed and assigned by the Internet Corporation for Assigned Names and Numbers (ICANN). Logical addressing offers the following advantages: • it allows address to be retained when the hardware changes • it allows the demarcation of the network into subsidiary networks • it provides a structure or hierarchy to the addresses There are two types of IP addresses: IPv4 and IPv6. IPv4 addresses are 32 bits (4 bytes) long. They are usually represented (for human consumption) using a dotted decimal notation where each of the bytes is shown as a decimal number (which, necessarily, must be in the range 0 to 255). An example: 192.12.6.12 10.65.44.34 Dr. Faisal Yousef Alzyoud 26 Address Classifications Internet Corporation for Assigned Names and Numbers (ICANN) gave address ranges to regional and national authorities which, in turn, allocate ranges to ISPs and other institutions. This ranges of addresses are called licences. licences were awarded in one of five classes A to E. Class D was assigned for multoicast applications, where class E was assigned for future use. Classes A to C were used for different sizes of organization. Class A, the licence address is contained in the first byte of the IP address, thus leaving three bytes for individual addresses. For historical reasons this type of licence was only issued to some American universities, it is ranged (00000000 to 01111111 or 0 to 127). Dr. Faisal Yousef Alzyoud 27 Class B, the licence address is contained in the first two bytes of the IP address, thus leaving two bytes for individual addresses. This type of licence was used for larger organizations, it is ranged (10000000 to 10111111 or 128 to 191). Class C, the licence address is contained in the first three bytes of the IP address, thus leaving one byte for individual addresses. This type of licence was used for smaller organizations, it is ranged (11000000 to 11011111 or 128 to 191). Class A B C Dr. Faisal Yousef Alzyoud Licences (Net id) 128 16,384 2 x 106 28 Addresses (Host id) 16.3 x 106 64 × 103 256 The Internet has grown beyond the wildest expectations of its original designers, the number of hosts increases, so free addresses are becoming increasingly scarce. Address classification wastes many addresses. Classless interdomain routing (CIDR) is an interim solution to scarce free address problem, and CIDR has been used since about 1993. CIDR is a method of representing an IP address and its subnet mask with a prefix. The basic idea is to allocate addresses in variable-sized blocks, suitable for the expected needs of the licensee and without regard to classes. Dr. Faisal Yousef Alzyoud 29 IP subnets IP subnets are a way of further subdividing the addresses allocated to a licence in classful addressing. IP subnet an address comprises: licence base address + subnet address + individual host address For example if a university with a class A or B licence. Typically it will have distinct Ethernet LANs for each department or faculty (IP subnets). When an external packet arrives at the university’s gateway, the IP subnet address is examined and the packet routed to the appropriate departmental Ethernet. A subnet mask is used to indicate which bits belong to the base or subnet address and which to the host address. The subnet mask is 4 bytes long, like the IP address. The values of bits in a subnet mask are interpreted as follows: • a ‘1’ indicates that the corresponding bit in the IP address (to which the mask is being applied) is part of the base or IP subnet address. • a ‘0’ indicates that the corresponding bit in the IP address is part of the individual host address. Dr. Faisal Yousef Alzyoud 30 Two notations are used for subnet masks. One is the same dotted decimal notation used for IP addresses, for example 255.255.252.0. The other is ‘/x ’ where x is the number of bits in the base and subnet addresses, for example if a total of 22 bits were so used, the subnet mask would be written ‘/22.’ The vertical bar (‘|’) indicates the boundary between the subnet address and the individual host address. Mask 11111111 11111111 111111|00 00000000 or /22 Subnet 1 10000010 00110010 000001|00 00000001 or 130.50.4.1 Subnet 2 10000010 00110010 000010|00 00000001 or 130.50.8.1 Subnet 3 10000010 00110010 000011|00 00000001 or 130.50.12.1 Dr. Faisal Yousef Alzyoud 31 IPv4 and IPv6 IPv4 is in widespread, but it suffers from scares of free IP addresses. IPv5 was an experimental protocol for real-time streaming which was not widely used. IPv6 was started in 1990, and it addresses by increasing the number of free IP addresses, it also addressed a number of other issues, including, inter alia, reducing the size of routing tables, simplifying the protocol, providing better security and aiding multicasting. IPv6 is not compatible with IPv4. However, it is compatible with many of the other TCP/IP protocols, including TCP, UDP, ICMP and IGMP. Dr. Faisal Yousef Alzyoud 32