Download IP Classes - La Salle University

Document related concepts

Dynamic Host Configuration Protocol wikipedia , lookup

AppleTalk wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Network tap wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Computer network wikipedia , lookup

Distributed firewall wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Airborne Networking wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript
IP Addresses
Based Computer Networks and
Internets (Comer)
CSIT 220 (Blum)
1
IP Layer


Recall that starting at the IP layer,
TCP/IP provided a logical homogeneity
(software) that could mask any
underlying physical heterogeneity
(hardware).
Moreover, the IP layer was responsible
for delivering the messages from
source to destination.
CSIT 220 (Blum)
2
Intranet


Businesses liked the services (HTTP,
FTP, SMTP, telnet, etc.) offered by the
TCP/IP model but they did not
necessarily want to be connected to the
Internet, so they started setting up
intranets.
An intranet is a set-up like the Internet
(having browsers, email, etc.) but not
connected to the outside world.
CSIT 220 (Blum)
3
Intranet (cont.)



With “tunneling”, companies can send private
messages through the public network, using
the public network with special
encryption/decryption and other security
safeguards to connect one part of their
intranet to another.
Allows a public transmission line to be used
as part of a private network.
If a public line is used as part of a private
network, that network is called a Virtual
Private Network
CSIT 220 (Blum)
4
Intranet (Cont.)


Typically, larger enterprises allow users within
their intranet to access the public Internet
through firewall servers that have the ability
to screen messages in both directions so that
company security is maintained.
When part of an intranet is made accessible
to customers, partners, suppliers, or others
outside the company, that part becomes part
of an extranet.
CSIT 220 (Blum)
5
Extranet


A private network that uses TCP/IP and
the public telecommunication system to
securely share part of a business's
information with suppliers, vendors,
customers, etc.
The required security and privacy are
gained by using firewall server
management, the issuance and use of
digital certificates or other means of user
authentication, encryption of messages,
and the use of virtual private networks
(VPN) that tunnel through the public
network.
CSIT 220 (Blum)
6
Tunneling



Tunneling works by adding another protocol,
such as Microsoft’s Point-to-Point Tunneling
Protocol (PPTP) or Cisco’s or Layer Two
Forwarding (L2F).
This new protocol is embedded in the TCP/IP
packets.
This allows organizations to use the Internet
to transmit data across a virtual private
network (VPN).
CSIT 220 (Blum)
7
IP Address




The logical (and thus software) destination is
denoted by an IP Address.
The IP Address provides homogeneity over
diverse networks.
The IP Address allows a host to change
hardware (and thus hardware address) and
yet still be found at the software level.
Also IP Addresses are assigned in a more
logical manner, which can facilitate routing.
CSIT 220 (Blum)
8
Prefix/Suffix


The routing is facilitated by the fact that an
IP Address is hierarchical.
It consists of two parts:


The first part of the address (starting on the
left) is known as the prefix and it identifies the
host’s network (the group of computers it
belongs to).
The second part of the address is known as the
suffix and it identifies the individual computer
(node) within the above specified network.
CSIT 220 (Blum)
9
IP Addressing Scheme


In IP(v4) each host is assigned a
unique 32-bit number which is the
address for the host.
To transmit on a TCP/IP internet, a host
must know its own IP address as well
as that of the destination.

We’ll qualify the above statement later.
CSIT 220 (Blum)
10
Dotted Decimal Notation




Each 8-bit section (known as a byte or octet) of
the 32-bit number [IP(v4)] is expressed as a
decimal value with periods between them.
The combination of eight bits can be in 256=28
states, which are expressed as the numbers 0
through 255.
The range of valid addresses which can be
assigned is 0.0.0.0 to 255.255.255.255, which
barring various reserved addresses is
4,294,967,296=232
The La Salle network is 139.84.0.0 , the computer
www.lasalle.edu is 139.84.10.250
CSIT 220 (Blum)
11
Uniqueness

Each computer on an internet (or on the
Internet) must have a unique address.



Two hosts on the same internet can have
different network portions and the same node
portion.
Two hosts on the same internet can have the
same network portion and different node
portions.
Two hosts on the same internet can have
different network portions and different node
portions.
CSIT 220 (Blum)
12
Address Classes


The IP address is not divided into equal
halves with one half for the network portion,
the other for the node potion
The addressing scheme tries to accommodate
for the fact that



Some networks (not many) will contain a vast
number of hosts
While other networks (very many) will contain a
more modest number of hosts
Thus the IP Class system was developed.
CSIT 220 (Blum)
13
The IP Class System




Originally the IP(v4) Addresses were broken
into 5 classes: A through E.
The dividing line between network portion
and node portion of the IP address differed
from class to class.
The first four bits on the left identify the class
to which an address belongs.
A, B and C are the primary classes for the
addressing, D and E were reserved.
CSIT 220 (Blum)
14
Reserved Class

Class D is used for multicasting. Class
D addresses begin with the first four
bits 1110.



If a set of hosts uses multicasting, they
agree to share the multicast address.
When a message is transmitted to the
multicast address, each host in the group
makes a copy.
Class E is reserved for future use. Class
E addresses begin with the first four bits
1111.
CSIT 220 (Blum)
15
Fig. 18.1
CSIT 220 (Blum)
16
Class A


Class A is self-identified by the leftmost bit
being a 0.
Class A uses the first octet from the left to
identify the network and the rest to identity
the nodes.


It has 7 bits (first octet minus first bit used to
indicate class A) to identify networks, so there can
be 128 = 27 Class A networks.
It has 24 bits (the last three octets) to identify
nodes, so there can be 16777216=224 nodes on a
Class A network (almost).
CSIT 220 (Blum)
17
Reserved Addresses



Actually the node addresses consisting
of all 1’s and all 0’s are reserved, so the
number of Class A nodes is actually
16,777,214=224 – 2
All 0’s (in the suffix) is reserved to refer
to the network itself.
All 1’s (in the suffix) is used to
broadcast on the network.
CSIT 220 (Blum)
18
Class B


Class B is self-identified by the first two bits
being a 10.
Class B uses the first two octets from the left
to identify the network and the rest to
identity the nodes


It has 14 bits (first two octet minus first two bits
used to indicate class B) to identify networks, so
there can be 16384 = 214 Class B networks.
It has 16 bits (the last two octets) to identify
nodes, so there can be 65534=216 –2 nodes on a
Class B network.
CSIT 220 (Blum)
19
Class C


Class C is self-identified by the first three bits
being a 110.
Class C uses the first three octets from the
left to identify the network and the remaining
one to identity the nodes.


It has 21 bits (first three octet minus first three bits
used to indicate class C) to identify networks, so
there can be 2097152 = 221 Class C networks.
It has 8 bits (the last octet) to identify nodes, so
there can be 254 =28 –2 nodes on a Class C
network.
CSIT 220 (Blum)
20
Fig. 18.5
These are all off by 2 because it is neglected
by node addresses (suffixes) reserved for the
network and broadcasting
CSIT 220 (Blum)
21
Computing Address Class

In Class A, the first octet starts with a 0,
thus the smallest number is
0

0
0
0
0
0
0
And the largest number (in Class A) is
0

0
1
1
1
1
1
1
1
So in decimal-dot notation, Class A
addresses start with a number between 0
and 127
CSIT 220 (Blum)
22
CSIT 220 (Blum)
23
Computing Address Class


In Class B, the first octet starts with a 10,
thus the smallest number is
1
0
0
0
0
0
0
0
And the largest number is
1


0
1
1
1
1
1
1
So in decimal-dot notation, Class B addresses
start with a number between 128 and 191
www.lasalle.edu (139.84.10.250) is Class B
CSIT 220 (Blum)
24
CSIT 220 (Blum)
25
Computing Address Class

In Class C, the first octet starts with a 110,
thus the smallest number is
1

0
0
0
0
0
0
1
1
1
And the largest number is
1

1
1
0
1
1
So in decimal-dot notation, Class C addresses
start with a number between 192 and 223
CSIT 220 (Blum)
26
CSIT 220 (Blum)
27
Determining class from first
four bits
CSIT 220 (Blum)
28
subnet




A Class B network (like LaSalle’s) can have
65534 hosts.
To manage traffic within the network, it is
useful to break the network into subnetworks (subnets).
On TCP/IP networks, subnets are defined as
all devices whose IP addresses have the same
prefix.
But Class B has a two-octet prefix, so
wouldn’t all 65534 of the hosts be on the
same subnet?
CSIT 220 (Blum)
29
Subnet mask




Dividing a network into subnets is useful for
both security and performance reasons.
The division of the prefix and suffix portions
was made more flexible by using subnet
masks.
In addition to setting an IP address, one also
sets a subnet mask which specifies which
portion of the address is used to identify the
network and which portion is used to identify
the hosts within a network.
The 1’s in the subnet mask correspond to
the network part, the 0’s correspond to the
host part.
CSIT 220 (Blum)
30
Subnet mask

By convention, the bits for the network
address are all set to 1




It would also work if the bits were set exactly
the same as in the network address (prefix).
A typical subnet mask looks like
11111111.11111111.11110000.0000000
0.
One extracts the subnet address by
performing a bitwise AND operation on
the mask and the IP address.
See previous lecture (c362_f03_13.ppt)
for example.
CSIT 220 (Blum)
31
CIDR

The use of subnet masking instead of
classes sometimes goes by the name
Classless Inter-Domain Routing (CIDR).
CSIT 220 (Blum)
32
Address Authority

IP addresses must be unique.



The network portion (prefix) is assigned
by an external agency.
The host portion (suffix) is assigned by
the network administrator.
Initially the external assigning was
done by InterNIC.
CSIT 220 (Blum)
33
InterNIC



A collaborative project between AT&T and
Network Solutions, Inc. (NSI) supported by
the National Science Foundation.
The distribution of IP addresses was taken
over, but InterNIC still maintains a database
(directory) of IP addresses, domain names,
etc.
It also performs some outreach and
educational services.
CSIT 220 (Blum)
34
IANA  ICANN


The responsibility for overseeing IP
distribution was first taken over by IANA
(Internet Assigned Number Authority) and
then by ICANN (Internet Corporation of
Assigned Names and Numbers).
The Internet Service Providers (ISP)
control blocks of addresses assigned to
them. They divide them up and lease
them to various organizations.
CSIT 220 (Blum)
35
Special IP Addresses




Network Addresses: IP reserves the host (suffix)
address of 0’s for a network
Direct Broadcast: IP reserves the host (suffix)
address of 1’s for broadcasting within the network
Limited Broadcast: Used during system startup by a
computer that does not know its IP address. The
entire prefix and suffix are assigned all 1’s for the
local network.
This Computer: Used by a computer to define its
address. The computer needs to send or receive
packets to determine its address on the network.
This happens during startup. IP reserves the
address of all zeros to mean the initial host
computer.
CSIT 220 (Blum)
36
LoopBack




Used to test network applications. Can test
computer-to-computer applications using one
computer by forcing a packet down through the
protocol stack by using the loopback address.
The application uses the loopback address to send
the data to “another” application which is running
on the same machine.
During loopback testing, no packets leave the
computer.
The network prefix of 127 is reserved for loopback.
Any suffix is used.
 (Reduces the number of Class A networks.)
CSIT 220 (Blum)
37
Ping localhost
CSIT 220 (Blum)
38
Berkeley Broadcast Address
Form



Recall TCP/IP was distributed with a
version of Unix put out by Berkeley.
In that version of TCP/IP, all 0’s in the
suffix is used for as broadcasting
(instead of all 1’s).
Many people used this version, so now
there are standard broadcasts and
Berkeley broadcasts.
CSIT 220 (Blum)
39
Routers and IP Addressing


Routers are also given IP
addresses, actually they are given 2
or more addresses since a router
connects to more than one physical
network.
To make network administrator’s
lives easier, they often assign the
same suffix to the various router
addresses. (The prefixes must of
course be different.)
CSIT 220 (Blum)
40
Multi-Homing    



Sometimes computers also have
multiple IP addresses (and multiple NIC
cards).
If a host computer connects to multiple
networks, it is called multi-homed.
This may increase reliability and
performance, since it is still networked
if only one of the networks goes down.
CSIT 220 (Blum)
41
Source/Destination Unknown


In the simplest scenario, a computer
must know its own IP address (the
source) as well as the destination IP
address.
But this is not always the case.
CSIT 220 (Blum)
42
Source or destination not
known



In some situations (when using Dynamic Host
Configuration Protocol DHCP), a host does not
initially know its own IP address, and it must
transmit at least one message without knowing
its eventual IP Address
A user does not have to know the destination IP
address but can use instead the domain name.
Sometimes the actual destination address is
hidden behind a firewall and is not known to the
source.
CSIT 220 (Blum)
43
DHCP



Dynamic Host Configuration Protocol is
a protocol for assigning IP addresses
dynamically.
A device’s IP address may change
every time it connects to the network.
It is even possible to change the
address while still connected.
CSIT 220 (Blum)
44
DHCP (cont.)


In some situations this can simplify a
network administrator’s job since he or
she does not have to assign addresses
manually.
Many ISPs use dynamic IP addressing
for dial-up users.
CSIT 220 (Blum)
45
Checking for DHCP
CSIT 220 (Blum)
46
Checking for DHCP
CSIT 220 (Blum)
47
Checking for DHCP
CSIT 220 (Blum)
48
Checking for DHCP
CSIT 220 (Blum)
49
Checking for DHCP
CSIT 220 (Blum)
50
Ipconfig /all
CSIT 220 (Blum)
51
Domain name



A user does not have to know an IP
address, a user often knows a domain
name which stands in for one or more IP
addresses.
Also a given IP may have more than one
domain name.
Because the Internet is based on IP
addresses, not domain names, every
Web server requires a Domain Name
System (DNS) server to translate domain
names into IP addresses.
CSIT 220 (Blum)
52
TLD


Every domain name has a suffix that
indicates which top level domain (TLD) it
belongs to.
There are only a limited number of such
domains. For example:








gov - Government agencies
edu - Educational institutions
org - Organizations (nonprofit)
mil - Military
com - commercial business
net - Network organizations
ca - Canada
A new set came out recently.
CSIT 220 (Blum)
53
Whois (a service for looking
up domain names)
CSIT 220 (Blum)
54
Whois www.lasalle.edu
CSIT 220 (Blum)
55
NAT



If the destination address is behind a firewall,
it is not known to the source. In such a case,
Network Address Translation (NAT) is
required.
NAT allows a LAN to use one set of IP
addresses for internal traffic and a second set
for external traffic.
A NAT box is located where the LAN meets
the Internet and it makes all necessary
translations.
CSIT 220 (Blum)
56
NAT (Cont.)

NAT serves two main purposes:


Provides a type of firewall by hiding internal
IP addresses.
Enables a company to use more internal IP
addresses. Since they're used internally
only, there's no conflict with IP addresses
used by other companies and organizations.
CSIT 220 (Blum)
57
IP Spoofing



Sometimes the source address is faked.
A hacker might gain unauthorized access to
computers by sending messages to a
computer with a faked source IP address,
masquerading as a trusted host.
To engage in IP spoofing, a hacker must


Discover the IP address of a trusted host.
Change the packet headers so they appear to come
from that host.
CSIT 220 (Blum)
58
Other References




http://www.whatis.com
http://www.webopdeia.com
http://public.pacbell.net/dedicated/cidr.
html
http://www.netsol.com/cgibin/whois/whois
CSIT 220 (Blum)
59