* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts
Wireless security wikipedia , lookup
Server Message Block wikipedia , lookup
Network tap wikipedia , lookup
Distributed firewall wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Computer network wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Airborne Networking wikipedia , lookup
TCP congestion control wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Internet protocol suite wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
4 TCP/IP Fundamentals 4.01 TCP/IP Protocol Suite Secure Shell (SSH): The Secure Shell (SSH) is a program used to create a shell, or session, with a remote system. Once the remote session is established, the client can execute commands within this shell and copy files to the local system. SSH has a major purpose in life, and that is to support remote shells with support for secure authentication and encrypted communication. Secure Copy Protocol (SCP): The Secure Copy Protocol (SCP) is responsible for copying files from a remote server to the local system over a secure connection, ensuring that data in transit is kept confidential. A number of SCP products use an SSH connection to ensure the security of the secure copy operation. Lightweight Directory Access Protocol (LDAP): The Lightweight Directory Access Protocol (LDAP) is the TCP/IP protocol for directory service access that is supported by all the principal directory services, such as Novell’s eDirectory and Microsoft’s Active Directory. LDAP is a protocol that allows LDAP clients to connect to the network database, or directory, and query the database for information about its objects, such as user accounts and printers. For example, a user on the network could find out the phone number of another user by using the LDAP protocol. Line Printer Daemon (LPD) and Line Printer Remote (LPR): The line printer daemon (LPD) is a printer protocol, or service, installed on the print server to allow line printer remote (LPR) clients to send print requests to the print server. When LPD receives the print request, it stores the print request in a queue until the printer becomes available. Now that you are acquainted with some of the core protocols of TCP/IP and some of the application-layer protocols that run on top of TCP/IP, let’s take a look at the possible scenarios involving TCP/IP protocols and services and their appropriate solutions. 4 TCP/IP Fundamentals 4.02 TCP/IP Fundamentals TCP/IP Settings: TCP/IP is a protocol that requires a little bit of knowledge to configure the systems properly. When you configure TCP/IP, you are required to know the settings for the IP address, subnet mask, and default gateway. IP Address The IP address is a 32-bit value that uniquely identifies the system on the network (or the Internet). An IP address looks similar in appearance to 192.168.1.15. There are four decimal values in an IP address separated by periods (.). Each decimal value is made up of 8 bits (1s and 0s), and there are four decimal values, so 8 bits times 4 equals the 32-bit address. Since each of the decimal values is made up of 8 bits (for example, the 192), we refer to each of the decimal values as an octet. There are four octets in an IP address. It is very important to understand that the four octets in an IP address are divided into two parts—a network ID and a host ID. The subnet mask determines the number of bits that make up the network ID and the number of bits that make up the host ID. Let’s see how this works. 4 TCP/IP Fundamentals 4.02 TCP/IP Fundamentals Subnet Mask: When looking at a subnet mask, if there is a 255 in an octet, then the corresponding octet in the IP address is part of the network ID. For example, if I had an IP address of 192.168.1.15 and a subnet mask of 255.255.255.0, the first three octets would make up the network ID and the last octet would be the host ID. The network ID assigns a unique address to the network itself, while the host ID uniquely identifies the system on the network. You can see in Table 4-1 that the network ID (shown with an “N”) is 192.168.1, and the host ID is the last octet with a value of 15. This means that this system is on the 192.168.1 network and any other system on the same network will have the same network ID. To use a different example, if I had a subnet mask of 255.0.0.0, it would mean that the first octet of the IP address is used as the network ID portion, while the last three octets are the host ID portion of the IP address. So what is the purpose of the subnet masks? Or better yet, why do we have a subnet mask that breaks the IP address into a network ID part and a host ID? The reason is so that when a system such as 192.168.1.15, with a subnet mask of 255.255.255.0, sends a piece of data to 192.198.45.10, the sending system first needs to determine whether the target computer exists on the same network or not. It does this by comparing the network IDs (Table 4-2); if the network IDs are the same, then both systems exist on the same network and one system can send to the other without the use of a router. If the systems exist on different networks, the data will need to be passed to the router so that the router can send the data to the other network. 4 TCP/IP Fundamentals 4.02 TCP/IP Fundamentals 4 TCP/IP Fundamentals 4.02 TCP/IP Fundamentals Default Gateway: When your system wants to send data to another system on the network, it looks at its own network ID and compares that to the destination system’s IP address. If it appears that they both have the same network ID, the data is sent directly from your system to the destination system. If the two systems are on different networks, your system must pass the data to the router so that the router can send the data to the destination system’s router. The question is now, how does your system know who the router is? The answer is “that is what the default gateway is.” The default gateway is the IP address of the router that can send data from your network. In order to communicate on the Internet, your system will need to be configured with an IP address, a subnet mask, and a default gateway. If you need to communicate only with other systems on your network, you will need only an IP address and a subnet mask. TCP/IP Addressing: This section will introduce you to the binary representation of an IP address and ensure that before you move onto the next chapter (on subnetting) you feel comfortable with converting binary values to decimal and address classes. 4 TCP/IP Fundamentals 4.02 TCP/IP Fundamentals Address Classes Every IP address belongs to a distinct address class. The Internet community defined these classes to accommodate networks of various sizes. The class to which the IP address belongs initially determines the network ID and host ID portions of the address, along with the number of hosts that are supported on that network. The different class addresses are named class A, class B, class C, class D, and class E. This section details each class of addresses. Class A Addresses A class A address has a default subnet mask of 255.0.0.0, which means that the first octet is the network ID and the last three octets belong to the host ID portion of the address. Each octet can contain 256 possible values (0–255), so a class A address supports 16,777,216 hosts on the network (256 × 256 × 256). Actually, there are only 16,777,214 valid addresses to use on systems, inasmuch as there are two addresses on each IP network you are not allowed to assign to systems because they are reserved. These are the addresses with all host bits set to 0s (the network ID) and all host bits set to 1s (the broadcast address). So with a class A address, you will not be able to assign n.0.0.0 or n.255.255.255 (where n is your network ID) to any hosts on the network. You can always identify a class A address, because the value of the first octet falls between the numbers 1 and 126. Actually, an address that starts with 127 is a class A address as well, but you are not allowed to use any address that starts with 127, because it is reserved for the loopback address (more on the loopback address later). For example, the IP address 12.56.87.34 is a class A address because the first octet is 12, which falls in the range 1–126. Class A addresses have an IP address in which the first octet is between 1 and 126. Class A addresses also have a default subnet mask of 255.0.0.0. Class B Addresses Class B addresses have a default subnet mask of 255.255.0.0, which means that the first two octets are the network ID and the last two octets are the host ID portion of the address. This means that we can have 65,536 hosts (256 × 256) on the network. Oh, but wait! Don’t forget to take off the two illegal addresses, so that gives us 65,534 addresses that can be assigned to hosts on the network. Due to the number of hosts that are supported on a class B address, you usually find that a medium-sized company has a class B address. You can identify a class B address because the first octet starts with a number that falls between 128 and 191. Class B addresses have an IP address in which the value of the first octet is between 128 and 191. Class B addresses have a default subnet mask of. 255.255.0.0 4 TCP/IP Fundamentals 4.02 TCP/IP Fundamentals Class C Addresses Class C addresses have a subnet mask of 255.255.255.0, which means that the first three octets are the network ID and the last octet is the host ID. Having only one octet as the host ID means that a class C address can support only 254 hosts (256 – 2) on the network. You can identify a class C address because it has a value for the first octet that ranges between 192 and 223. For example, an IP address of 202.45.8.6 is a class C address because 202 falls between 192 and 223. You also know that this system has a subnet mask of 255.255.255.0 because it is a class C address. Class C addresses have an IP address in which the value of the first octet is between 192 and 223. In addition, class C addresses have a default subnet mask of 255.255.255.0. Class D Addresses Class D addresses are used for special types of applications on the network known as multicasting applications. Multicasting applications send data to a number of systems at the same time by sending data to the multicast address, and anyone who has registered with that address will receive the data. A multicast address is what class D addresses are used for, so you will not be assigning them specifically to hosts on the network for normal network communication. Class D addresses have a value on the first octet that ranges from 224 to 239. With that many ranges, class D has the potential for 268,435,456 unique multicast groups that users can subscribe to from a multicast application. 4 TCP/IP Fundamentals 4.02 TCP/IP Fundamentals Class E Addresses The funny thing about class E addresses is that they were designed for experimental purposes only, so you will never see a class E address on a network. Class E addresses have a first octet with a value that falls in the range of 240–247. Loopback Address You have learned that you are not allowed to have a host assigned an IP address that has a value of 127 in the first octet. This is because the class A address range of 127 has been reserved for the loopback address. The loopback address is used to refer to the local system, also known as the localhost. If you want to verify that the TCP/IP software has initialized on the local system even though you may not have an IP address, you may ping the loopback address, which is typically referred to as 127.0.0.1. 4 TCP/IP Fundamentals 4.02 TCP/IP Fundamentals Private Addresses Another type of address you need to be aware of is what is known as a private address. A private address is an address that can be assigned to a system but cannot be used for any kind of Internet connectivity. The private addresses are non-routable addresses, so any system using them will not be able to function off the network. The following are the three address ranges that are private: •10.0.0.0–10.255.255.255 •172.16.0.0–172.31.255.255 •192.168.0.0–192.168.255.255 Illegal Addresses There are a few IP addresses that are illegal to assign to hosts on the network. You might wonder why a class C address can have only 254 hosts and not 256, as would seem more likely, since an 8-bit number can have 256 possible values. The reason for this seeming discrepancy is that two of the addresses are lost from the available host pool. The first is an address that has all bits set to 0s in the host ID, which signifies the network ID of the network. The second is an address that has all bits set to 1s in the host ID, which signifies the broadcast address for the network. So, for example, in the class C network 200.158.157.x, the addresses 200.158.157.0 (the network ID) and 200.158.157.255 (the broadcast address) are not available to hosts, reducing the available number of hosts from 256 to 254. 4 TCP/IP Fundamentals 4.03 TCP/IP Addressing Addressing Schemes When sending data on the network, there are different ways that the data can be sent to the destination. The data can be sent to a unicast address, a broadcast address, or a multicast address. The following outlines the difference between unicast, broadcast, and multicast: •Unicast Is the sending of information to one system. With the IP protocol this is accomplished by sending data to the IP address of the intended destination system. •Broadcast Is the sending of information to all systems on the network. Data that is destined for all systems is sent by using the broadcast address for the network. An example of a broadcast address for a network is 192.168.2.255. The broadcast address is determined by setting all host bits to 1 and then converting the octet to a decimal number. •Multicast Is the sending of information to a selected group of systems. Typically this is accomplished by having the systems subscribe to a multicast address. Any data that is sent to the multicast address is then received by all systems subscribed to the address. Most multicast addresses start with 224.x.y.z and are considered class D addresses. 4 TCP/IP Fundamentals 4.02 TCP/IP Fundamentals IPv6 Our entire discussion so far about TCP/IP is based on version 4 of TCP/IP, known as IPv4. The use of TCP/IP over the years has far exceeded expectations, and we are running out of IP addresses. For that reason, TCP/IP has been redesigned and the new version is IP version 6 (IPv6). There are major changes to IPv6 from what we know of IPv4. For starters, IPv4 uses a 32-bit address scheme, while IPv6 will use a 128-bit address scheme. This will give us an insane number of unique possible addresses—3.4 × 1038 to be exact (2128)! This is a huge improvement over 232=4 billion unique addresses with IPv4. An IPv6 address will no longer use four octets. The IPv6 address is divided into eight hexadecimal values that are separated by a colon (:) as shown in the following example: 65b3:b834:45a3:0000:0000:762e:0270:5224 4 TCP/IP Fundamentals 4.03 TCP/IP Addressing TCP/IP Ports: An application or process uses a TCP/IP port as an identifier for that application running on a system. When you send data from one computer to another, you send data to the port used by that application. client applications usually run on ports over 1024. Port numbers that are used by servers are known as wellknown ports (under 1024), whereas port numbers over 1024 used by client applications are known as dynamic ports. They are called dynamic ports because many times the port is selected at runtime by the application 4 TCP/IP Fundamentals 4.03 TCP/IP Addressing 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts TCP/IP Configuration Concepts: You have learned what an IP address, a subnet mask, and a default gateway are used for, and you have learned all about the binary form of addressing, including class addresses. In this section, you will learn to configure TCP/IP on a client system both manually and as a DHCP client. Configuring a system manually is not the best approach to take on a network for a number of reasons: Workload The amount of work involved in manually configuring each system on the network is too much for any network administrator. Typos The potential for human error is great when inputting the parameters on multiple systems simply due to the fact that it is such a laborious task. It is also very easy to assign a duplicate address on the network, which would result in an error. Change management It is very hard to implement major changes to your IP infrastructure when you are manually configuring systems. For example, a change to a router address would require a lot of time to update the default gateway entry on the clients. 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts Dynamic Host Configuration Protocol (DHCP) Configuring IP addressing on a large TCP/IP-based network can be a nightmare, especially if machines are moved from one network to another frequently. The Dynamic Host Configuration Protocol (DHCP) can help with the workload of configuring systems on a network by assigning addresses to systems on bootup automatically. The process of dynamically assigning IP addresses is managed via a DHCP server. The DHCP server is configured with a set of usable IP addresses, called a scope. The scope can also include the subnet mask, IP addresses of the default gateway, DNS servers, WINS servers, and other necessary addresses. When a PC comes online and is set up to use a DHCP server, it requests an IP address by transmitting a broadcast request packet looking for any DHCP servers on the network (known as DHCP Discovery). The DHCP server responds with an offer containing an IP address that the client can lease (known as the DHCP Offer). 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts The client then accepts the offer by sending a request message for that address from the DHCP server (known as the DHCP Request), and then the server responds with an acknowledgment to the client that it has that address and additional settings for the lease time (known as the DHCP ACK). The DHCP server marks the IP address in its database as being in use so that it is not assigned again. When configuring the DHCP server, you will need to configure a scope with the following settings: IP addresses The DHCP server issues an IP address to each DHCP client system on the network. Each system connected to a TCP/IP-based network is identified by a unique IP address. As you learned in this chapter, the IP address consists of four 8-bit octets separated by periods. The IP address is normally shown in dotted-decimal notation—for example, 192.10.24.62. Subnet mask The IP address actually consists of two parts: the network ID and the host ID. The subnet mask is used to identify the part of the IP address that is the network ID and the part that is the host ID. Subnet masks assign 1s to the network ID bits and 0s to the host ID bits of the IP address. Default gateway A default gateway is required when the client system needs to communicate outside its own subnet. Normally, the default gateway is a router connected to the local subnet, which enables IP packets to be passed to other network segments. 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts Scope Options: A DHCP scope is the range of IP addresses and additional options that the DHCP server will hand out to the DHCP clients on the network. As previously mentioned, the IP address and subnet mask are required items that the DHCP scope must include. Another requirement in the scope is the lease duration. It specifies how long a DHCP client can use an IP address before it must renew it with the DHCP server. This duration can be set for an unlimited time period or for a predetermined time period. You have the option of configuring a scope to reserve a specific IP address for a DHCP client or even for a system on the network that is not DHCP enabled. Servers Several versions of Windows server products support having DHCP server capabilities, including Windows Server 2003 and Windows Server 2008. The main factor to consider if you have multiple subnets is that your routers must comply with RFC 1542 so that a DHCP server can receive the broadcast message from a client. It is wise to keep in mind that, if your DHCP server goes down and your DHCP clients cannot renew their lease, the clients will most likely not be able to access network resources. One of the benefits of using multiple DHCP servers is redundancy. Redundancy can prevent your network from going down. If you decide to use multiple DHCP servers, you should place them on different subnets to achieve a higher degree of fault tolerance in case one of the subnets becomes unavailable. You can manage multiple servers on different subnets with the DHCP Console, the graphical utility used to maintain and configure DHCP servers in Windows. 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts Supported Clients The following operating systems can perform as DHCP clients on your network: •Windows clients such as Windows 2000, XP, Vista n Windows servers such as Windows 2000 Server, Windows Server 2003, and Windows Server 2008 •Older Microsoft clients such as DOS (with network client software loaded), Windows 3.11, and Windows 9x clients. •Non-Microsoft operating systems such as Linux Of course, DHCP clients are not limited to Microsoft operating systems. Any system that conforms to RFC 1541 can be a DHCP client. For example, you can have a UNIX, Linux, or Novell NetWare client on the network that obtains an address from your DHCP server as well. 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts APIPA Windows clients support a feature known as automatic private IP addressing (APIPA), which is a feature that provides that, when a Windows client boots up and cannot contact a DHCP server, it will configure itself automatically with a 169.254.x.y address. If there is something wrong with the DHCP server and all the systems on the network cannot obtain an address from the DHCP server, the clients will all assign themselves an address within the 169.254 address range and then be able to communicate with one another. APIPA does not assign a default gateway, so you will be unable to access resources on a remote network and the Internet—but you can still communicate with systems on your network. When troubleshooting to find out why a machine cannot communicate on the network, watch for systems that have the 169.254.x.y address range because it means they could not find a DHCP server. Boot Protocol The Boot Protocol, known as BOOTP, is used by diskless workstations. When a diskless workstation boots, it does so using an EEPROM on the network card to allow it to load basic drivers and connect to the network by obtaining an IP address automatically. A BOOTP server, similar to a DHCP server, assigns the diskless workstation an address for the network to allow it to participate on the network. You will see the term BOOTP a lot when it comes to DHCP and routers; a BOOTP-enabled router will allow the DHCP broadcast to cross the router so that a DHCP server can be found on the other side of the network. 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts The BOOTP server is usually the same as the DHCP server; the two are considered one and the same. Routers need to be BOOTP compatible to allow the DHCP requests to pass through the router to another segment, or else you will require a DHCP server per network segment. Domain Name System One service that is used throughout networks and the Internet is the Domain Name System (DNS). Most users on the network connect to resources by using a friendly name such as www.gleneclarke.com—this style of name, known as a fully qualified domain name (FQDN), must be converted to an IP address before communication can occur. DNS is used as our solution to convert FQDNs to IP addresses. 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts Top-Level Domains The root servers are responsible for ensuring that any requests for an Internet resource are forwarded to the correct top-level domain. To help organize Internet resources in the DNS distributed database, there are specific top-level domain names created, and a company or organization has to register under a top-level domain. For example, if you are trying to connect to microsoft.com, the root DNS server forwards you to the .com top-level domain namespace. The following is a description of the most popular DNS top-level domains found on the Internet: .com This is the commercial organizations group and is by far the largest. Almost everyone wants to be found in this domain, because it is where most customers will try to find you. .org This is for nonprofit organizations. .net This is for networking organizations such as island.net and nfs.net, as well as for Internet service providers such as netzero.net. .mil This is for military organizations such as army.mil and navy.mil. .gov This is for U.S. government offices only. .edu This is for educational organizations. 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts Country Domain Names With only six top-level domain names and the requirement that all organizations register under one of those top levels if they wanted an Internet name, this soon became a problem because there were so many names to be registered and so few choices on the top levels. Eventually, top-level names were created for country domains; therefore, if you resided in a certain country, you could register under that country domain so that your customers could find you easily. Here are a few of the most common country domain names: .ca Canada .ie Ireland .uk United Kingdom .us United States DNS Files Most DNS servers maintain their DNS data in a number of files that exist on the hard disk of the server. In the old days, you managed the records by updating these text files, but today most DNS server environments support a graphic tool like the one shown in Figure 4-7 to create the records for your DNS server. When you create the records graphically, the DNS files are updated. Windows servers store their DNS files in %systemroot%\system32\DNS. 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts Hosts File Before DNS became a popular solution to hostname resolution, there was a more manual method of creating and modifying a file on the local hard disk of every system. This file would need to be updated on every system if a change was made to a server’s IP address and you wanted the client applications to be aware of the change. This file, known as the hosts file, was located on each client system. Before DNS servers became a standard, network administrators used to create a text file known as the hosts file, which was used to resolve the FQDN to matching IP addresses. This text file was stored locally on each system; in the Windows world, it is stored in the %systemroot%\system32\drivers\etc folder and contains two columns—one for the IP address and the other for the FQDN. 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts Windows Internet Naming Service The Windows Internet Naming Service (WINS) provides name resolution for NetBIOS names to matching IP addresses and is popular on large Microsoft networks. WINS is very similar to DNS but contains a database of different-style names— NetBIOS names instead of fully qualified domain names. When a WINS client boots up, it registers its names within the WINS database and then queries that server any time it needs to have a computer name resolved to a matching IP address. When the WINS client shuts down, it also de-registers its names from the WINS database so that another system can register the names while it is offline. Before WINS, the LMHOSTS file was used to assist with remote NetBIOS name resolution. The LMHOSTS file is a static file that maps NetBIOS names to IP addresses. This file is similar to the hosts file in functionality; the only difference is that the hosts file is used for mapping hostnames to IP addresses. 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts 4 TCP/IP Fundamentals 4.05 Network Services Network Services: A network service is responsible for a specific function on the network. For example, the file and print services are responsible for providing files on the network, and the DHCP service is responsible for assigning IP addresses automatically to systems on the network. DHCP The Dynamic Host Configuration Protocol (DHCP) is responsible for assigning IP address information automatically to systems on the network. The network administrator configures the DHCP server by configuring a scope (a range of addresses) that the server can assign addresses from. The DHCP service may configure a client with all the TCP/IP settings, including the subnet mask, the default gateway, and the addresses of both the DNS server and the WINS server. The Domain Name System (DNS): is a network service that is responsible for converting FQDNs to IP addresses so that communication can occur. 4 TCP/IP Fundamentals 4.05 Network Services WINS As you learned earlier in the chapter, the Windows Internet Naming Service (WINS) is used to resolve, or convert, NetBIOS names (computer names) to IP addresses. NetBIOS applications use NetBIOS names as a way to identify the remote system that the application is to communicate with. The NetBIOS name will be converted to the IP address by a WINS server. NAT /PAT /SNAT Most networks today are connected to the Internet, and having an Internet connection presents a number of security concerns. For example, if you have your server connected directly to the Internet, it will take no time at all for the system to be hacked. Network Address Translation (NAT) is a network service that is responsible for translating internal IP addresses from machines inside the network to a public address used by the NAT service—essentially hiding your internal network addresses. 4 TCP/IP Fundamentals 4.05 Network Services you can see that the NAT server has two network interfaces (cards): the internal interface and the external interface. The internal interfacehas an IP address within the range of the internal network, whereas the external interface uses an external address. Notice that the NAT server has two IP addresses assigned and that the internal interface uses the IP address of 192.168.2.1. This will be the default gateway address of all other systems on the network because the NAT server is the way off the network. PAT and SNAT When implementing your NAT solution, you have a few options. You could have each private address inside the network translate to a single public address that is associated with the public interface. This would mean that you need to have multiple public addresses in order to create the one-to-one mapping by which one private IP address translates to one public IP address. If you only have one public IP address on the NAT device and need to use that for all private addresses on the LAN, then you will need to overload the public address with multiple private addresses. NAT overloading is used when each of the private IP addresses is translated to the one public IP address, essentially overloading the poor public address. The big question is “How does the NAT device know which internal system to send the response to when data is returned from the Internet?” This is an important question because all of the packets will be returned to whatever the public address is on the NAT device. This is where Port Address Translation (PAT) comes in. If you look at Figure 4-17, you will see that the NAT device using port addressing is keeping track of not only the IP address of the system sending outbound traffic, but also the port used by the application on the private system. The source address of the outbound packet is converted from the IP address of the private system to the 4 TCP/IP Fundamentals 4.05 Network Services Another term you will see that deals with NAT is Secure Network Address Translation, or SNAT. Some NAT devices include proxy features as well. These features give you the opportunity to configure different types of clients for the NAT device; for example, you could configure all the clients as proxy clients, or secure NAT clients. If you install proxy client software on the client systems, then the clients can use the NAT device as their method to get out to the Internet and you can leverage features such as authentication. If you decide you do not want to install the proxy client software but simply want to use the NAT features of the proxy server, then you 4 TCP/IP Fundamentals 4.05 Network Services ICS Internet Connection Sharing (ICS) is a service built into Windows operating systems that allows you to share your Internet connection with other users on the network. ICS acts as a NAT server and a DHCP server at the same time. When you enable ICS in Windows, it automatically starts assigning IP addresses out on the network so that the DHCP clients use the ICS computer as their default gateway. When clients send information to the ICS machine to be sent on the Internet, the ICS machine translates the source address (the NAT feature) to use the external interface of the system. To enable ICS, right-click your Internet LAN connection and choose Properties. On the Advanced page tab, select “Allow other network users to connect through this computer’s Internet connectionand then choose OK. SMB The Server Message Block (SMB) protocol, used primarily by Microsoft operating systems, is responsible for sharing files and printers on a system and making those resources available to SMB clients on the network. SMB is an application-layer protocol that runs on top of TCP/IP, IPX, and NetBEUI and relies on those protocols for transport functionality. NFS Microsoft environments use SMB; the Network File System (NFS) is a protocol developed by Sun Microsystems that allows users to access files stored on a remote system as if it were a local resource. NFS is the equivalent of SMB used in UNIX and Linux environments and is platform independent, meaning that the NFS client may be accessing a file system resource from any type of server that is an NFS server—not just a Linux server. NFS uses an interface that runs on top of TCP/IP networks called the Virtual File System (VFS), which is responsible for making the resource available to a local application. The local application makes the call to the resource as if it were a local resource, and the application never learns that the resource is on a remote system—NFS makes the location and platform of the remote resource transparent to the application and users. 4 TCP/IP Fundamentals 4.05 Network Services AFP If SMB is the file-sharing protocol in Microsoft environments and NFS is the filesharing protocol in UNIX environments, what is responsible for allowing access to files on remote systems in the Macintosh world? You guessed it; the AppleTalk Filing Protocol (AFP) is responsible for allowing Macintosh systems to access remote file systems on an AppleTalk network. Original implementations of AFP only ran on top of AppleTalk networks, but newer versions of AFP run on top of TCP/IP because of the popularity of the protocol. Like SMB and NFS, AFP provides an environment that allows users to access files on a remote system as if they were on the local system. AFP also provides security as to who accesses the file. Samba Samba is an application environment that runs on Linux systems and uses SMB to allow Microsoft clients to access the Samba-enabled UNIX servers as if they were Microsoft servers. A Samba-enabled UNIX server may provide a number of services to Microsoft clients, including n Sharing the file system of the UNIX server to Microsoft clients n Sharing printer resources from the UNIX environment to Microsoft clients n Performing authentication and authorization services to Microsoft clients. ZeroConfig Zero Configuration Networking (ZeroConfig) is a network service designed to minimize the configuration of the network clients by broadcasting configured services on the network to network clients who automatically discover these network services. After the service has been discovered, the client is automatically configured to use this service with no interaction from the network administrator. 4 TCP/IP Fundamentals Certification Summary In this chapter you learned the fundamentals of TCP/IP and what makes this protocol so common in today’s networking market. The following list summarizes what you learned about TCP/IP: n The IP address and subnet mask are the most important configuration settings and must be specified correctly in order to communicate on the TCP/IP-based network. Next in importance is the default gateway, which specifies where to route packets if you are communicating outside the local network. The Dynamic Host Configuration Protocol (DHCP) automatically configures a workstation with the correct TCP/IP settings, relieving you of the burden of manually configuring every workstation. The Domain Name System (DNS) is essential for Internet-based machines and company intranets that use DNS for hostname resolution. You learned about the hostname, domain name, resolution, and Internet domain name server hierarchies. The Windows Internet Naming Service (WINS), which ironically has little to do with the Internet, enables workstations to resolve NetBIOS names to IP addresses rather than using a static LMHOSTS file on each machine. TCP/IP is a suite of protocols, the most popular of which are TCP, UDP, IP, and ARP. (Your Network+ exam will definitely have several questions on some of these TCP/IP protocol suite members.) 4 TCP/IP Fundamentals Certification Summary TCP/IP addressing involves a strong knowledge of the IP address, subnet mask, network classes, and special reserved addresses. (You should memorize each network class for the exam.) n The most important portions of TCP/IP as it relates to your Network+ exam are the TCP/IP configuration concepts. You need these to configure workstations with TCP/IP. The concepts include the IP address, the subnet mask, DHCP, DNS, WINS, the default gateway, the hostname, and the NetBIOS name. 4 TCP/IP Fundamentals Two-Minute Drill TCP/IP Protocol Suite TCP/IP is a suite of protocols. TCP is used for connection-oriented communication and ensures delivery. UDP is used for connectionless communication and does not ensure delivery. The Internet Control Message Protocol (ICMP) enables systems on a TCP/IP network to share status and error information. IP provides packet routing and delivery for all other protocols within the suite. The Address Resolution Protocol (ARP) is used to provide IP address–to– physical address resolution. HTTP is used to deliver web pages from the web server to the web browser, while HTTPS is used to deliver the pages securely. The Simple Mail Transfer Protocol (SMTP) is used to send mail over the Internet. The Post Office Protocol (POP) is the Internet protocol for reading e-mail. The Internet Message Access Protocol (IMAP), a protocol similar to POP, is used to retrieve messages from a mail server. The Simple Network Management Protocol (SNMP) is an Internet standard that provides a simple method for remotely managing virtually any network device. The File Transfer Protocol (FTP) is a TCP/IP utility that exists solely to copy files from one computer to another. 4 TCP/IP Fundamentals Two-Minute Drill TCP/IP Fundamentals The popularity of TCP/IP makes the protocol a likely culprit to appear many times throughout your Network+ exam. TCP/IP addresses are 32-bit addresses. The IP address is a unique value assigned to the system that identifies the system on the network. The subnet mask is used to determine the network ID portion of an IP address. The network ID is used to determine whether the destination system exists on the same network or not. If the two systems have the same network ID, then they are on the same network. The host ID identifies the system within the network. The default gateway refers to the IP address of the router and is used to send data off the network. 4 TCP/IP Fundamentals Two-Minute Drill TCP/IP Addressing Class A addresses start with the first octet ranging from 0 to 126 and have a default subnet mask of 255.0.0.0. Class B addresses have a first octet ranging from 128 to 191 and have a default subnet mask of 255.255.0.0. Class C addresses have a first octet ranging from 192 to 223 and have a default subnet mask of 255.255.255.0. Class D addresses are used for multicasting. An application or process uses a TCP/IP port to communicate between client and server computers. The most popular, and therefore most likely, exam choices to remember are the FTP ports (20 and 21), SMTP port (25), HTTP port (80), and HTTPS port (443). 4 TCP/IP Fundamentals Two-Minute Drill TCP/IP Configuration Concepts You have two options for configuring a workstation: You can configure it manually, or you can use a DHCP server. DHCP is responsible for assigning IP address to clients automatically and reduces the network administration load. DNS is used to resolve FQDNs (www.gleneclarke.com) to IP addresses. WINS is used to convert NetBIOS names (computer names) to IP addresses. Hosts is a text file on the client that performs the same role as DNS but is configured on each system manually. LMHOSTS is a text file on the client that performs the same role as WINS but is configured on each system manually. 4 TCP/IP Fundamentals Two-Minute Drill Network Services DHCP is responsible for assigning IP address information to clients. DNS is a distributed database that is responsible for converting FQDNs to IP addresses. WINS is responsible for converting computer names to IP addresses. NAT is responsible for hiding internal network addresses by configuring all systems to use the NAT system as the default gateway. The NAT server will then change the source address of outgoing packets to its own external address, ensuring that all requests look as though they are coming from the NAT server. The NAT server will receive any responses and then send the response to the internal client—ensuring that no external system can communicate with internal systems. SMB is the e-sharing protocol on Microsoft networks that allows clients to access file systems on remote Microsoft systems. NFS is the file-sharing protocol on UNIX networks that allows UNIX clients to access file systems on NFS servers. AFP is the file-sharing protocol for Macintosh systems, allowing Macs to access remote file systems on Macintosh systems. Samba is a service that implements SMB on UNIX servers, allowing Microsoft clients to access file systems on the UNIX server.