Download Basic Networking, Part TWO

PART II - Basic Networking
 Knowing TCP/IP Protocol Types
 Within TCP/IP, several different protocols exist. .Each of
these protocols can be classified as falling on one of the
four layers of the TCP/IP stack, as shown in figure above.
 The most important of the internet-and transport-layer
protocols are the building blocks for the application-layer
protocols with which you interact more directly.
 These important internet- and transport-layer protocols
include the following:
o IP
The Internet Protocol(IP) is the core protocol in
TCP/IP networking
 IP is an internet-layer(aka a network-layer or
layer 2) protocol
 IP provides a "best effort" method for transferring
packets between computers--that is, the packets
aren't guaranteed to reach their destination
 Packets may also arrive out of order or corrupted
 IP is also the portion of TCP/IP with which IP
addresses are associated
o ICMP
The Internet Control Message Protocol(ICMP) is
a protocol for communicating data
 ICMP is most often used to send error messages
between computers--for instance, to signal that a
requested service isn't available
 This is often done by modifying an IP packet and
returning it to its sender, which means that ICMP
is technically an internet-layer protocol, although
it relies upon IP.
 In most cases, you won't use programs that generate
ICMP packets on demand; they're created behind the
scenes as you use other protocols
o UDP
The User Datagram Protocol(UDP) is the simplest
of the common transport-layer(aka layer 3) TCP/IP
protocols.
 It doesn't provide sophisticated procedures to
correct for out-of-order packets, guarantee
delivery, or otherwise improve the limitations of
IP
o TCP
The Transmission Control Protocol(TCP) may be the
most widely used transport-layer protocol in the TCP/IP
stack
 Unlike UDP, TCP creates full connections with error
checking and correction as well as other features
 These features simplify the creation of network
protocols that must exchange large amounts of data,
but the features come at a cost: TCP imposes a
small performance penalty
 You may notice that the name of the TCP/IP stack is
built up of two of the stack's protocol names: TCP
and IP... This is because these two protocols are
so important for TCP/IP networking generally
 TCP/IP, though, is much more than just these 2
protocols; it includes additional protocols, most
of which(below the application layer) are rather
obscure
 A TCP/IP exchange need not use both TCP and IP--it
could be a UDP or ICMP exchange, for instance
 The IP portion of TCP/IP was at version 4 for many
years..until IPv6(IP version 6) hit the scene
 IPv6 makes multicasting -- the simultaneous
transmission of data from one computer to multiple
recipients. .part of the basic IP specification
 IPv6 originated the Internet Protocol
Security(IPsec) tools, which can improve the
security of Internet connections
 IPv6 has streamlined some data structures, enabling
quicker processing by routers
Understanding Network Addressing:
 In order for one computer to communicate with another over
a network, the computers need to have some way to refer to
each other
 The basic mechanism for doing this is provided by a
network address, which can take several different forms,
depending on the type of network hardware, protocol stack,
and so on.
 Large and routed networks pose additional challenges to
network addressing, and TCP/IP provides answers to these
challenges
 Finally, to address a specific program on a remote
computer, TCP/IP uses a port number, which identifies a
specific running program, something like the way a
telephone extension number identifies an individual in a
large company. . .The next section describe all these
methods of addressing
 Using Network Addresses:
 Consider an Ethernet network. When an Ethernet frame leaves
one computer, it's normally addressed to another Ethernet
card. . .This addressing is done using low-level Ethernet
features, independent of the protocol stack in question
 However, the Internet is composed of many different
networks that use many different low-level hardware
components
o A user may have a dial-up telephone connection(through
a serial port) but connect to one server that uses
Ethernet and another that uses Token Ring
o Each of these devices uses a different type of lowlevel network addresses
o TCP/IP requires something more to integrate across
different types of network hardware
o In total, 3 types of addresses are important when
you're trying to understand network addressing:
 network hardware addresses
 numeric IP addresses
 text-based hostnames
 Addressing Hardware
 One of the characteristics of dedicated network hardware
such as Ethernet or Token Ring cards is that they have
unique hardware addresses, also known as Media Access
Control(MAC) addresses, programmed into them
 In the case of Ethernet, these addresses are 6 bytes in
length, and they're generally expressed as hexadecimal(base
16) numbers separated by colons
 The hardware address for an Ethernet card can be discovered
by using the following command: ifconfig ethn, (n is the interface
number: 0 for 1st card)
 See example below: also, show on Linux server
 The line above, tells you that the device is an Ethernet
card and that its hardware address is 00:A0:CC:24:BA:02
o What use is this? Certain low-level network utilities
and hardware use the hardware address. . .For instance,
network switches use it to direct data packets
o The switch detects that a particular address is
connected to a particular wire, and so it sends data
directed at that address only over the associated wire
o The Dynamic Host Configuration Protocol(DHCP), is a
means of automating the configuration of specific
computers.
 It has an option that uses the hardware address to
consistently assign the same IP address to a given
computer.
 In addition, advanced network diagnostic tools are
available that let you examine packets that come
from or are directed to specific hardware addresses
 For the most part, you don't need to be aware of a
computer's hardware address
 Managing IP Addresses:
 TCP/IP supports about 4 billion addresses. . .This figure
is based on the size of the IP address used in TCP/IP
 Not all theses addresses are usable; some are overhead
associated with network definitions, and some are reserved
 The TCP/IP stack converts between the MAC address and the
IP address using the Address Resolution Protocol(ARP) for
IPv4 or the Neighbor Discovery Protocol(NDP) for IPv6
o These protocols enable a computer to send a broadcast
query--a message that goes out to all the computers on
the local network
o This query asks the computer with a given IP address to
identify itself. . .When a reply comes in, it includes
the hardware address, so the TCP/IP stack can direct
traffic for a given IP address to the target computer's
hardware address
 IPv4 addresses are usually expressed as four base-10
numbers(0-255) separated by periods, as in 172.30.9.102
 If Linux system's protocol stack is already up and running,
you can discover its IP address by using the command:
ifconfig
 The output includes a line like the following listed below,
which identifies the IP address(inet addr):
 Although it isn't obvious from the IP address alone, this
address is broken into two components:
o a network address
o a computer address
 Network address: identifies a block of IP addresses that
are used by one physical network
 Computer address: identifies one computer within that
network
 The reason for this breakdown is to make the job of routers
easier. . .routers can be programmed to direct traffic
based on packets' network addresses, which is a much
simpler job
 Ordinarily, a computer can directly communicate only with
computers on its local network segment; to communicate
outside of this set of computers, a router must be involved
 IPv6 addresses work in a similar way, except that they're
larger
 IPv6 addresses consist of eight groups of four-digit
hexadecimal numbers separated by colon, like:
fed1:0db8:85a3:08dc:1319:8a2e:0370:7334
 The network mask(aka subnet mask or netmask) is a number
that identifies the portion of the IP address that's a
network address and the part that's a computer address
o the netmask uses binary 1 values to represent the
network portion of an address and binary 0 values to
represent the computer address
o the network portion ordinarily leads the computer
portion. .expressed in base 10, these addresses usually
consist of 255 or 0 values, 255 being a network byte
and 0 being a computer byte
o If a byte is part network or part computer address, it
will have some other value
 See Pic Below:
 Another way of expressing a netmask is as a single number
representing the number of network bits in the address
 This number normally follows the IP address and a slash,
for example: 172.30.9.102/16 is equivalent to 172.30.9.102
with a netmask of 255.255.0.0
 Traditionally, IPv4 networks have been broken into one of
several classes as listed below:
 Classes A, B, and C are for general networking use
 Class D addresses are reserved for multicasting -- sending
data to multiple computers simultaneously
 Class E addresses are reserved for future use
 There are a few special cases within most of these ranges.
. For instance, the 127.x.y.z addresses are reserved for
use as loopback(aka localhost) devices -- these addresses
refer to the computer on which the address is entered
 Addresses in which all the machine bits are set to 1 refer
to the network block itself -- they're used for broadcasts
o The ultimate broadcast address is 255.255.255.255,
which sends data to all computers on a network segment
o Routers normally block packets directed to this
address. .If they didn't, the Internet could easily be
brought to its knees by a few people flooding the
network with broadcast packets
 Within each of the 3 general-use network classes is a range
of addresses reserved for private use
 Most IP addresses must be assigned to individual computers
by a suitable authority, lest two systems on the Internet
both try to use a single address
 Anybody can use the reserved private address spaces
o These address blocks are sometimes referred to as
RFC1918 addresses, after the standards document-RFC1918--in which they're defined
 The caveat is that routers normally drop packets sent to
these addresses, effectively isolating them from the
Internet as a whole
 These addresses may be safely used by small private
networks
o Today, they're often used behind Network Address
Translation(NAT) routers, which enable arbitrary
numbers of computer to "hide" behind a single system
o The NAT router substitutes its own IP address on
outgoing packets and then directs the reply to the
correct system
o This is very handy if you want to connect more
computers to the Internet than you have IP addresses
 Broadcasting Data:
 A broadcast is a type of network transmission that's sent
to all the computers on a local network, or occassionally
all the computers on a remote network
 Under TCP/IP, a broadcast is done by specifying binary 1
values in all the machine bits of the IP address
 The network portion of the IP address may be set to the
network's regular value and this is required for directed
broadcasts--those that are sent to a remote network
 In many cases, broadcasts are specified by the use of
255.255.255.255 as an IP address. . .Packets directed at
this address are sent to all the machines on a local
network
 Because the broadcast address for a network is determined
by the IP address and netmask, you can convert between the
broadcast address and netmask, given one of these and a
computer's IP address
 For example: consider a computer with an IP address of
172.30.9.102 and a netmask of 255.255.0.0 -- the final two
elements of the netmask have 0 values, so you swap in 255
values for these final two elements in the IP address to
obtain a broadcast address of 172.30.255.255
 When configuring a computer, you can enter the IP address
and netmask and let the computer do the binary computations