Download 4 TCP/IP Fundamentals 4.04 TCP/IP Configuration Concepts

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Wireless security wikipedia , lookup

Server Message Block wikipedia , lookup

Network tap wikipedia , lookup

Distributed firewall wikipedia , lookup

Lag wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Computer network wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Wake-on-LAN wikipedia , lookup

AppleTalk wikipedia , lookup

Airborne Networking wikipedia , lookup

TCP congestion control wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Internet protocol suite wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript
4 TCP/IP Fundamentals
4.01 TCP/IP Protocol Suite
Secure Shell (SSH): The Secure Shell (SSH) is a program used to create a shell, or session, with a
remote system. Once the remote session is established, the client can execute commands within
this shell and copy files to the local system. SSH has a major purpose in life, and that is to
support remote shells with support for secure authentication and encrypted communication.
Secure Copy Protocol (SCP): The Secure Copy Protocol (SCP) is responsible for copying files from
a remote server to the local system over a secure connection, ensuring that data in transit is
kept confidential. A number of SCP products use an SSH connection to ensure the security of the
secure copy operation.
Lightweight Directory Access Protocol (LDAP): The Lightweight Directory Access Protocol (LDAP)
is the TCP/IP protocol for directory service access that is supported by all the principal directory
services, such as Novell’s eDirectory and Microsoft’s Active Directory. LDAP is a protocol that
allows LDAP clients to connect to the network
database, or directory, and query the database for information about its objects, such as user
accounts and printers. For example, a user on the network could find out the phone number of
another user by using the LDAP protocol.
Line Printer Daemon (LPD) and Line Printer Remote (LPR): The line printer daemon (LPD) is a
printer protocol, or service, installed on the print server to allow line printer remote (LPR)
clients to send print requests to the print server. When LPD receives the print request, it stores
the print request in a queue until the printer becomes available.
Now that you are acquainted with some of the core protocols of TCP/IP and some of the
application-layer protocols that run on top of TCP/IP, let’s take a look at the possible scenarios
involving TCP/IP protocols and services and their appropriate solutions.
4 TCP/IP Fundamentals
4.02 TCP/IP Fundamentals
TCP/IP Settings: TCP/IP is a protocol that requires a little bit of knowledge to configure
the systems properly. When you configure TCP/IP, you are required to know the
settings for the IP address, subnet mask, and default gateway.
IP Address
The IP address is a 32-bit value that uniquely identifies the system on the network
(or the Internet). An IP address looks similar in appearance to 192.168.1.15. There
are four decimal values in an IP address separated by periods (.). Each decimal value
is made up of 8 bits (1s and 0s), and there are four decimal values, so 8 bits times
4 equals the 32-bit address.
Since each of the decimal values is made up of 8 bits (for example, the 192), we refer
to each of the decimal values as an octet. There are four octets in an IP address.
It is very important to understand that the four octets in an IP address are divided into
two parts—a network ID and a host ID. The subnet mask determines the number of
bits that make up the network ID and the number of bits that make up the host ID.
Let’s see how this works.
4 TCP/IP Fundamentals
4.02 TCP/IP Fundamentals
Subnet Mask: When looking at a subnet mask, if there is a 255 in an octet, then the corresponding octet in
the IP address is part of the network ID. For example, if I had an IP address of 192.168.1.15 and a subnet
mask of 255.255.255.0, the first three octets would make up the network ID and the last octet would be the
host ID. The network ID assigns a unique address to the network itself, while the host ID uniquely identifies
the system on the network.
You can see in Table 4-1 that the network ID (shown with an “N”) is 192.168.1, and the host ID is the last
octet with a value of 15. This means that this system is on the 192.168.1 network and any other system on
the same network will have the same network ID.
To use a different example, if I had a subnet mask of 255.0.0.0, it would mean that the first octet of the IP
address is used as the network ID portion, while the last three octets are the host ID portion of the IP
address.
So what is the purpose of the subnet masks? Or better yet, why do we have a subnet mask that breaks the IP
address into a network ID part and a host ID? The reason is so that when a system such as 192.168.1.15,
with a subnet mask of 255.255.255.0, sends a piece of data to 192.198.45.10, the sending system first needs
to determine whether the target computer exists on the same network or not. It does this by comparing the
network IDs (Table 4-2); if the network IDs are the same, then both systems exist on the same network and
one system can send to the other without the use of a router. If the systems exist on different networks, the
data will need to be passed to the router so that the router can send the data to the other
network.
4 TCP/IP Fundamentals
4.02 TCP/IP Fundamentals
4 TCP/IP Fundamentals
4.02 TCP/IP Fundamentals
Default Gateway: When your system wants to send data to another
system on the network, it looks at its own network ID and compares that
to the destination system’s IP address. If it appears that they both have the
same network ID, the data is sent directly from your system to the
destination system. If the two systems are on different networks, your
system must pass the data to the router so that the router can send the
data to the destination system’s router.
The question is now, how does your system know who the router is? The
answer is “that is what the default gateway is.” The default gateway is the
IP address of the router that can send data from your network.
In order to communicate on the Internet, your system will need to be
configured with an IP address, a subnet mask, and a default gateway. If you
need to communicate only with other systems on your network, you will
need only an IP address and a subnet mask.
TCP/IP Addressing: This section will introduce you to the binary representation of an IP address
and ensure that before you move onto the next chapter (on subnetting) you feel comfortable
with converting binary values to decimal and address classes.
4 TCP/IP Fundamentals
4.02 TCP/IP Fundamentals
Address Classes
Every IP address belongs to a distinct address class. The Internet community defined these classes to accommodate networks of
various sizes. The class to which the IP address belongs initially determines the network ID and host ID portions of the address, along
with the number of hosts that are supported on that network. The different class addresses are named class A, class B, class C, class
D, and class E. This section details each class of addresses.
Class A Addresses
A class A address has a default subnet mask of 255.0.0.0, which means that the first octet is the network ID and the last three octets
belong to the host ID portion of the address. Each octet can contain 256 possible values (0–255), so a class A address supports
16,777,216 hosts on the network (256 × 256 × 256). Actually, there are only 16,777,214 valid addresses to use on systems, inasmuch
as there are two addresses on each IP network you are not allowed to assign to systems because they are reserved. These are the
addresses with all host bits set to 0s (the network ID) and all host bits set to 1s (the broadcast address). So with a class A address,
you will not be able to assign n.0.0.0 or n.255.255.255 (where n is your network ID) to any hosts on the network.
You can always identify a class A address, because the value of the first octet falls between the numbers 1 and 126. Actually, an
address that starts with 127 is a class A address as well, but you are not allowed to use any address that starts with 127, because it is
reserved for the loopback address (more on the loopback address later). For example, the IP address 12.56.87.34 is a class A address
because the first octet is 12, which falls in the range 1–126.
Class A addresses have an IP address in which the first octet is between 1 and 126. Class A addresses also have a default subnet
mask of 255.0.0.0.
Class B Addresses
Class B addresses have a default subnet mask of 255.255.0.0, which means that the first two octets are the network
ID and the last two octets are the host ID portion of the address. This means that we can have 65,536 hosts (256 ×
256) on the network. Oh, but wait! Don’t forget to take off the two illegal addresses, so that gives us 65,534
addresses that can be assigned to hosts on the network.
Due to the number of hosts that are supported on a class B address, you usually find that a medium-sized company
has a class B address. You can identify a class B address because the first octet starts with a number that falls
between 128 and 191.
Class B addresses have an IP address in which the value of the first octet is between 128 and 191. Class B
addresses have a default subnet mask of. 255.255.0.0
4 TCP/IP Fundamentals
4.02 TCP/IP Fundamentals
Class C Addresses
Class C addresses have a subnet mask of 255.255.255.0, which means that the first three octets are
the network ID and the last octet is the host ID. Having only one octet as the host ID means that a
class C address can support only 254 hosts (256 – 2) on the network.
You can identify a class C address because it has a value for the first octet that ranges between 192
and 223. For example, an IP address of 202.45.8.6 is a class C address
because 202 falls between 192 and 223. You also know that this system has a subnet mask of
255.255.255.0 because it is a class C address.
Class C addresses have an IP address in which the value of the first octet is between 192 and 223. In addition,
class C addresses have a default subnet mask of 255.255.255.0.
Class D Addresses
Class D addresses are used for special types of applications on the network known as multicasting
applications. Multicasting applications send data to a number of systems at the same time by sending
data to the multicast address, and anyone who
has registered with that address will receive the data. A multicast address is what class D addresses
are used for, so you will not be assigning them specifically to hosts on the network for normal network
communication.
Class D addresses have a value on the first octet that ranges from 224 to 239.
With that many ranges, class D has the potential for 268,435,456 unique multicast groups that users
can subscribe to from a multicast application.
4 TCP/IP Fundamentals
4.02 TCP/IP Fundamentals
Class E Addresses
The funny thing about class E addresses is that they were designed for experimental purposes only, so you will
never see a class E address on a network. Class E addresses have a first octet with a value that falls in the range of
240–247.
Loopback Address
You have learned that you are not allowed to have a host assigned an IP address that has a value
of 127 in the first octet. This is because the class A address range of 127 has been reserved for
the loopback address.
The loopback address is used to refer to the local system, also known as the localhost. If you
want to verify that the TCP/IP software has initialized on the local system even though you may
not have an IP address, you may ping the loopback address, which is typically referred to as
127.0.0.1.
4 TCP/IP Fundamentals
4.02 TCP/IP Fundamentals
Private Addresses
Another type of address you need to be aware of is what is known as a private address. A private address is
an address that can be assigned to a system but cannot be used for any kind of Internet connectivity. The
private addresses are non-routable addresses, so any system using them will not be able to function off the
network. The following are the three address ranges that are private:
•10.0.0.0–10.255.255.255
•172.16.0.0–172.31.255.255
•192.168.0.0–192.168.255.255
Illegal Addresses
There are a few IP addresses that are illegal to assign to hosts on the network. You might wonder why a class
C address can have only 254 hosts and not 256, as would seem more likely, since an 8-bit number can have
256 possible values. The reason for this seeming discrepancy is that two of the addresses are lost from the
available host pool. The first is an address that has all bits set to 0s in the host ID, which signifies the network
ID of the network. The second is an address that has all bits set to 1s in the host ID, which signifies the
broadcast address for the network.
So, for example, in the class C network 200.158.157.x, the addresses 200.158.157.0 (the network ID) and
200.158.157.255 (the broadcast address) are not available to hosts, reducing the available number of hosts
from 256 to 254.
4 TCP/IP Fundamentals
4.03 TCP/IP Addressing
Addressing Schemes
When sending data on the network, there are different ways that the data can be sent
to the destination. The data can be sent to a unicast address, a broadcast address, or a
multicast address. The following outlines the difference between unicast, broadcast,
and multicast:
•Unicast Is the sending of information to one system. With the IP protocol
this is accomplished by sending data to the IP address of the intended destination
system.
•Broadcast Is the sending of information to all systems on the network. Data
that is destined for all systems is sent by using the broadcast address for the network.
An example of a broadcast address for a network is 192.168.2.255.
The broadcast address is determined by setting all host bits to 1 and then converting
the octet to a decimal number.
•Multicast Is the sending of information to a selected group of systems.
Typically this is accomplished by having the systems subscribe to a multicast address.
Any data that is sent to the multicast address is then received by all systems
subscribed to the address. Most multicast addresses start with 224.x.y.z and are
considered class D addresses.
4 TCP/IP Fundamentals
4.02 TCP/IP Fundamentals
IPv6
Our entire discussion so far about TCP/IP is based on version 4 of TCP/IP,
known
as IPv4. The use of TCP/IP over the years has far exceeded expectations, and
we are running out of IP addresses. For that reason, TCP/IP has been
redesigned and the new version is IP version 6 (IPv6).
There are major changes to IPv6 from what we know of IPv4. For starters, IPv4
uses a 32-bit address scheme, while IPv6 will use a 128-bit address scheme.
This will give us an insane number of unique possible addresses—3.4 × 1038 to
be exact (2128)!
This is a huge improvement over 232=4 billion unique addresses with IPv4.
An IPv6 address will no longer use four octets. The IPv6 address is divided into
eight hexadecimal values that are separated by a colon (:) as shown in the
following example:
65b3:b834:45a3:0000:0000:762e:0270:5224
4 TCP/IP Fundamentals
4.03 TCP/IP Addressing
TCP/IP Ports: An application or process uses a TCP/IP port as an identifier for that application
running on a system. When you send data from one computer to another, you send
data to the port used by that application.
client applications usually run on ports over 1024. Port numbers that are used by servers are known as wellknown ports (under 1024), whereas port numbers over 1024 used by client applications are known as
dynamic ports. They are called dynamic ports because many times the port is selected at runtime by the
application
4 TCP/IP Fundamentals
4.03 TCP/IP Addressing
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
TCP/IP Configuration Concepts: You have learned what an IP address, a subnet mask, and a
default gateway are used for, and you have learned all about the binary form of addressing,
including class addresses. In this section, you will learn to configure TCP/IP on a client system
both manually and as a DHCP client.
Configuring a system manually is not the best approach to take on a network for a number of
reasons:
Workload The amount of work involved in manually configuring each system on the network is
too much for any network administrator.
Typos The potential for human error is great when inputting the parameters on multiple
systems simply due to the fact that it is such a laborious task. It is also very easy to assign a
duplicate address on the network, which would result in an error.
Change management It is very hard to implement major changes to your IP infrastructure
when you are manually configuring systems. For example, a change to a router address would
require a lot of time to update the default gateway entry on the clients.
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
Dynamic Host Configuration Protocol (DHCP)
Configuring IP addressing on a large TCP/IP-based network can be a nightmare,
especially if machines are moved from one network to another frequently. The
Dynamic Host Configuration Protocol (DHCP) can help with the workload of
configuring systems on a network by assigning addresses to systems on bootup automatically.
The process of dynamically assigning IP addresses is managed via a DHCP
server.
The DHCP server is configured with a set of usable IP addresses, called a scope.
The scope can also include the subnet mask, IP addresses of the default
gateway, DNS servers, WINS servers, and other necessary addresses. When a
PC comes online and is set up to use a DHCP server, it requests an IP address
by transmitting a broadcast request packet looking for any DHCP servers on the
network (known as DHCP Discovery). The DHCP server responds with an offer
containing an IP address that the client can lease (known as the DHCP Offer).
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
The client then accepts the offer by sending a request message for that address from the DHCP
server (known as the DHCP Request), and then the server responds with an acknowledgment to
the client that it has that address and additional settings for the lease time (known as the DHCP
ACK). The DHCP server marks the IP address in its database as being in use so that it is not
assigned again. When configuring the DHCP server, you will need to configure a scope with the
following settings:
IP addresses The DHCP server issues an IP address to each DHCP client
system on the network. Each system connected to a TCP/IP-based network is identified by a
unique IP address. As you learned in this chapter, the IP address consists of four 8-bit octets
separated by periods. The IP address is normally shown in dotted-decimal notation—for
example, 192.10.24.62.
Subnet mask The IP address actually consists of two parts: the network ID and the host ID. The
subnet mask is used to identify the part of the IP address that is the network ID and the part
that is the host ID. Subnet masks assign 1s to the network ID bits and 0s to the host ID bits of
the IP address.
Default gateway A default gateway is required when the client system needs to communicate
outside its own subnet. Normally, the default gateway is a router connected to the local subnet,
which enables IP packets to be passed to other network segments.
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
Scope Options: A DHCP scope is the range of IP addresses and additional options that the DHCP
server will hand out to the DHCP clients on the network. As previously mentioned, the IP address and
subnet mask are required items that the DHCP scope must include.
Another requirement in the scope is the lease duration. It specifies how long a DHCP client can use an
IP address before it must renew it with the DHCP server. This duration can be set for an unlimited time
period or for a predetermined time period.
You have the option of configuring a scope to reserve a specific IP address for a DHCP client or even
for a system on the network that is not DHCP enabled.
Servers
Several versions of Windows server products support having DHCP server capabilities, including
Windows Server 2003 and Windows Server 2008. The main factor to consider if you have multiple
subnets is that your routers must comply with RFC 1542 so that a DHCP server can receive the
broadcast message from a client. It is wise to keep in mind that, if your DHCP server goes down and
your DHCP clients cannot renew their lease, the clients will most likely not be able to access network
resources.
One of the benefits of using multiple DHCP servers is redundancy. Redundancy can prevent your
network from going down. If you decide to use multiple DHCP servers, you should place them on
different subnets to achieve a higher degree of fault tolerance in case one of the subnets becomes
unavailable. You can manage multiple servers on different subnets with the DHCP Console, the
graphical utility used to maintain and configure DHCP servers in Windows.
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
Supported Clients
The following operating systems can perform as DHCP clients on
your network:
•Windows clients such as Windows 2000, XP, Vista n Windows
servers such as Windows 2000 Server, Windows Server 2003, and
Windows Server 2008
•Older Microsoft clients such as DOS (with network client
software loaded),
Windows 3.11, and Windows 9x clients.
•Non-Microsoft operating systems such as Linux Of course, DHCP
clients are not limited to Microsoft operating systems. Any system
that conforms to RFC 1541 can be a DHCP client. For example,
you can have a UNIX, Linux, or Novell NetWare client on the
network that obtains an address from your DHCP server as well.
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
APIPA
Windows clients support a feature known as automatic private IP addressing (APIPA),
which is a feature that provides that, when a Windows client boots up and cannot
contact a DHCP server, it will configure itself automatically with a 169.254.x.y address.
If there is something wrong with the DHCP server and all the systems on the network
cannot obtain an address from the DHCP server, the clients will all assign themselves
an address within the 169.254 address range and then be able to communicate with
one another.
APIPA does not assign a default gateway, so you will be unable to access resources
on a remote network and the Internet—but you can still communicate with systems on
your network. When troubleshooting to find out why a machine cannot communicate
on the network, watch for systems that have the 169.254.x.y address range because it
means they could not find a DHCP server.
Boot Protocol
The Boot Protocol, known as BOOTP, is used by diskless workstations. When a diskless
workstation boots, it does so using an EEPROM on the network card to allow it to load basic
drivers and connect to the network by obtaining an IP address automatically.
A BOOTP server, similar to a DHCP server, assigns the diskless workstation an address for the
network to allow it to participate on the network. You will see the term BOOTP a lot when it
comes to DHCP and routers; a BOOTP-enabled router will allow the DHCP broadcast to cross the
router so that a DHCP server can be found on the other side of the network.
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
The BOOTP server is usually the same as the DHCP server; the two are
considered one and the same.
Routers need to be BOOTP compatible to allow the DHCP requests to
pass through the router to another segment, or else you will require a
DHCP server per network segment.
Domain Name System
One service that is used throughout networks and the Internet is the
Domain Name System (DNS). Most users on the network connect to
resources by using a friendly name such as www.gleneclarke.com—this
style of name, known as a fully qualified domain name (FQDN), must be
converted to an IP address before communication can occur. DNS is used
as our solution to convert FQDNs to IP addresses.
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
Top-Level Domains
The root servers are responsible for ensuring that any requests for an Internet
resource are forwarded to the correct top-level domain. To help organize Internet
resources in the DNS distributed database, there are specific top-level domain names
created, and a company or organization has to register under a top-level domain. For
example, if you are trying to connect to microsoft.com, the root DNS server forwards
you to the .com top-level domain namespace.
The following is a description of the most popular DNS top-level domains found
on the Internet:
 .com This is the commercial organizations group and is by far the largest.
Almost everyone wants to be found in this domain, because it is where most
customers will try to find you.
 .org This is for nonprofit organizations.
 .net This is for networking organizations such as island.net and nfs.net, as
well as for Internet service providers such as netzero.net.
 .mil This is for military organizations such as army.mil and navy.mil.
 .gov This is for U.S. government offices only.
 .edu This is for educational organizations.
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
Country Domain Names
With only six top-level domain names and the requirement that all organizations register under
one of those top levels if they wanted an Internet name, this soon became a problem because
there were so many names to be registered and so few choices on the top levels. Eventually,
top-level names were created for country domains; therefore, if you resided in a certain country,
you could register under that country domain so that your customers could find you easily. Here
are a few of the most common country domain names:
 .ca Canada
 .ie Ireland
 .uk United Kingdom
 .us United States
DNS Files
Most DNS servers maintain their DNS data in a number of files that exist on the hard disk of the
server. In the old days, you managed the records by updating these text files, but today most
DNS server environments support a graphic tool like the one shown in Figure 4-7 to create the
records for your DNS server. When you create the records graphically, the DNS files are updated.
Windows servers store their DNS files in %systemroot%\system32\DNS.
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
Hosts File
Before DNS became a popular solution to hostname resolution, there
was a more manual method of creating and modifying a file on the
local hard disk of every system. This file would need to be updated on
every system if a change was made to a server’s IP address and you
wanted the client applications to be aware of the change. This file,
known as the hosts file, was located on each client system.
Before DNS servers became a standard, network administrators used
to create a text file known as the hosts file, which was used to
resolve the FQDN to matching IP addresses. This text file was stored
locally on each system; in the Windows world, it is stored in the
%systemroot%\system32\drivers\etc folder and contains two
columns—one for the IP address and the other for the FQDN.
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
Windows Internet Naming Service
The Windows Internet Naming Service (WINS) provides name resolution for NetBIOS names to matching IP addresses and is
popular on large Microsoft networks. WINS is very similar to DNS but contains a database of different-style names—
NetBIOS names instead of fully qualified domain names.
When a WINS client boots up, it registers its names within the WINS database and then queries that server any time it
needs to have a computer name resolved to a matching IP address. When the WINS client shuts down, it also de-registers
its names from the WINS database so that another system can register the names while it is offline.
Before WINS, the LMHOSTS file was used to assist with remote NetBIOS name resolution. The LMHOSTS file is a static file
that maps NetBIOS names to IP addresses. This file is similar to the hosts file in functionality; the only difference is that the
hosts file is used for mapping hostnames to IP addresses.
4 TCP/IP Fundamentals
4.04 TCP/IP Configuration Concepts
4 TCP/IP Fundamentals
4.05 Network Services
Network Services:
A network service is responsible for a specific function on the network.
For example, the file and print services are responsible for providing files on
the network, and the DHCP service is responsible for assigning IP addresses
automatically to systems on the network.
DHCP
The Dynamic Host Configuration Protocol (DHCP) is responsible for assigning
IP address information automatically to systems on the network. The network
administrator configures the DHCP server by configuring a scope (a range of
addresses) that the server can assign addresses from. The DHCP service may
configure a client with all the TCP/IP settings, including the subnet mask, the
default gateway, and the addresses of both the DNS server and the WINS
server.
The Domain Name System (DNS):
is a network service that is responsible for converting FQDNs to IP addresses
so that communication can occur.
4 TCP/IP Fundamentals
4.05 Network Services
WINS
As you learned earlier in the chapter, the Windows Internet Naming Service (WINS) is used to
resolve, or convert, NetBIOS names (computer names) to IP addresses. NetBIOS applications use
NetBIOS names as a way to identify the remote system that the application is to communicate
with. The NetBIOS name will be converted to the IP address by a WINS server.
NAT /PAT /SNAT
Most networks today are connected to the Internet, and having an Internet connection presents
a number of security concerns. For example, if you have your server connected directly to the
Internet, it will take no time at all for the system to be hacked. Network Address Translation
(NAT) is a network service that is responsible for translating internal IP addresses from machines
inside the network to a public address used by the NAT service—essentially hiding your internal
network addresses.
4 TCP/IP Fundamentals
4.05 Network Services
you can see that the NAT server has two network interfaces (cards): the internal interface and the external
interface. The internal interfacehas an IP address within the range of the internal network, whereas the external
interface uses an external address. Notice that the NAT server has two IP addresses assigned and that the internal
interface uses the IP address of 192.168.2.1. This will be the default gateway address of all other systems on the
network because the NAT server is the way off the network.
PAT and SNAT
When implementing your NAT solution, you have a few options. You could have each private address inside the
network translate to a single public address that is associated with the public interface. This would mean that you
need to have multiple public addresses in order to create the one-to-one mapping by which one private IP address
translates to one public IP address.
If you only have one public IP address on the NAT device and need to use that for all private addresses on the LAN,
then you will need to overload the public address with multiple private addresses. NAT overloading is used when
each of the private IP addresses is translated to the one public IP address, essentially overloading the poor public
address.
The big question is “How does the NAT device know which internal system to send the response to when data is
returned from the Internet?” This is an important question because all of the packets will be returned to whatever
the public address is on the NAT device. This is where Port Address Translation (PAT) comes in. If you look at Figure
4-17, you will see that the NAT device using port addressing is keeping track of not only the IP address of the system
sending outbound traffic, but also the port used by the application on the private system. The source address of
the outbound packet is converted from the IP address of the private system to the
4 TCP/IP Fundamentals
4.05 Network Services
Another term you will see that deals with NAT is Secure Network Address Translation, or SNAT. Some NAT
devices include proxy features as well. These features give you the opportunity to configure different types of
clients for the NAT device; for example, you could configure all the clients as proxy clients, or secure NAT
clients.
If you install proxy client software on the client systems, then the clients can use the NAT device as their
method to get out to the Internet and you can leverage features such as authentication. If you decide you do
not want to install the proxy client software but simply want to use the NAT features of the proxy server,
then you
4 TCP/IP Fundamentals
4.05 Network Services
ICS
Internet Connection Sharing (ICS) is a service built into Windows operating systems that allows you to share your
Internet connection with other users on the network. ICS acts as a NAT server and a DHCP server at the same time.
When you enable ICS in Windows, it automatically starts assigning IP addresses out on the network so that the
DHCP clients use the ICS computer as their default gateway.
When clients send information to the ICS machine to be sent on the Internet, the ICS machine translates the source
address (the NAT feature) to use the external interface of the system.
To enable ICS, right-click your Internet LAN connection and choose Properties.
On the Advanced page tab, select “Allow other network users to connect through this computer’s Internet
connectionand then choose OK.
SMB
The Server Message Block (SMB) protocol, used primarily by Microsoft operating systems, is responsible for sharing
files and printers on a system and making those resources available to SMB clients on the network. SMB is an
application-layer protocol that runs on top of TCP/IP, IPX, and NetBEUI and relies on those protocols for transport
functionality.
NFS
Microsoft environments use SMB; the Network File System (NFS) is a protocol developed by Sun Microsystems that
allows users to access files stored on a remote system as if it were a local resource.
NFS is the equivalent of SMB used in UNIX and Linux environments and is platform independent, meaning that the
NFS client may be accessing a file system resource from any type of server that is an NFS server—not just a Linux
server.
NFS uses an interface that runs on top of TCP/IP networks called the Virtual File System (VFS), which is responsible
for making the resource available to a local application. The local application makes the call to the resource
as if it were a local resource, and the application never learns that the resource is on a remote system—NFS makes
the location and platform of the remote resource transparent to the application and users.
4 TCP/IP Fundamentals
4.05 Network Services
AFP
If SMB is the file-sharing protocol in Microsoft environments and NFS is the filesharing protocol
in UNIX environments, what is responsible for allowing access to files on remote systems in the
Macintosh world? You guessed it; the AppleTalk Filing Protocol (AFP) is responsible for allowing
Macintosh systems to access remote file systems on an AppleTalk network.
Original implementations of AFP only ran on top of AppleTalk networks, but newer versions of
AFP run on top of TCP/IP because of the popularity of the protocol. Like SMB and NFS, AFP
provides an environment that allows users to access files on a remote system as if they were on
the local system. AFP also provides security as to who accesses the file.
Samba
Samba is an application environment that runs on Linux systems and uses SMB to allow
Microsoft clients to access the Samba-enabled UNIX servers as if they were Microsoft servers. A
Samba-enabled UNIX server may provide a number of services to Microsoft clients, including
n Sharing the file system of the UNIX server to Microsoft clients n Sharing printer resources from
the UNIX environment to Microsoft clients n Performing authentication and authorization
services to Microsoft clients.
ZeroConfig
Zero Configuration Networking (ZeroConfig) is a network service designed to minimize the configuration of
the network clients by broadcasting configured services on the network to network clients who
automatically discover these network services. After the service has been discovered, the client is
automatically configured to use this service with no interaction from the network administrator.
4 TCP/IP Fundamentals
Certification Summary
In this chapter you learned the fundamentals of TCP/IP and what makes this protocol so common in
today’s networking market. The following list summarizes what you learned about TCP/IP:
n The IP address and subnet mask are the most important configuration settings and must be
specified correctly in order to communicate on the TCP/IP-based network. Next in importance is the
default gateway, which specifies where to route packets if you are communicating outside the local
network.
 The Dynamic Host Configuration Protocol (DHCP) automatically configures a workstation with the
correct TCP/IP settings, relieving you of the burden of manually configuring every workstation.
The Domain Name System (DNS) is essential for Internet-based machines and company intranets
that use DNS for hostname resolution. You learned about the hostname, domain name, resolution,
and Internet domain name
server hierarchies.
The Windows Internet Naming Service (WINS), which ironically has little to do with the Internet,
enables workstations to resolve NetBIOS names to IP addresses rather than using a static LMHOSTS
file on each machine.
TCP/IP is a suite of protocols, the most popular of which are TCP, UDP, IP, and ARP. (Your Network+
exam will definitely have several questions on some of these TCP/IP protocol suite members.)
4 TCP/IP Fundamentals
Certification Summary
TCP/IP addressing involves a strong knowledge of the IP address,
subnet
mask, network classes, and special reserved addresses. (You
should memorize
each network class for the exam.)
n The most important portions of TCP/IP as it relates to your
Network+
exam are the TCP/IP configuration concepts. You need these to
configure
workstations with TCP/IP. The concepts include the IP address, the
subnet
mask, DHCP, DNS, WINS, the default gateway, the hostname, and
the
NetBIOS name.
4 TCP/IP Fundamentals
Two-Minute Drill
TCP/IP Protocol Suite
TCP/IP is a suite of protocols.
TCP is used for connection-oriented communication and ensures delivery.
UDP is used for connectionless communication and does not ensure delivery.
The Internet Control Message Protocol (ICMP) enables systems on a TCP/IP network
to share status and error information.
IP provides packet routing and delivery for all other protocols within the suite.
The Address Resolution Protocol (ARP) is used to provide IP address–to– physical
address resolution.
HTTP is used to deliver web pages from the web server to the web browser, while
HTTPS is used to deliver the pages securely.
The Simple Mail Transfer Protocol (SMTP) is used to send mail over the Internet.
The Post Office Protocol (POP) is the Internet protocol for reading e-mail.
The Internet Message Access Protocol (IMAP), a protocol similar to POP, is used to
retrieve messages from a mail server.
The Simple Network Management Protocol (SNMP) is an Internet standard that
provides a simple method for remotely managing virtually any network device.
The File Transfer Protocol (FTP) is a TCP/IP utility that exists solely to copy files from
one computer to another.
4 TCP/IP Fundamentals
Two-Minute Drill
TCP/IP Fundamentals
The popularity of TCP/IP makes the protocol a likely culprit to appear many
times throughout your Network+ exam.
TCP/IP addresses are 32-bit addresses.
The IP address is a unique value assigned to the system that identifies the
system on the network.
The subnet mask is used to determine the network ID portion of an IP
address.
The network ID is used to determine whether the destination system exists
on the same network or not. If the two systems have the same network ID,
then they are on the same network.
The host ID identifies the system within the network.
The default gateway refers to the IP address of the router and is used to
send data off the network.
4 TCP/IP Fundamentals
Two-Minute Drill
TCP/IP Addressing
Class A addresses start with the first octet ranging from 0 to
126 and have a default subnet mask of 255.0.0.0.
Class B addresses have a first octet ranging from 128 to 191
and have a default subnet mask of 255.255.0.0.
Class C addresses have a first octet ranging from 192 to 223
and have a default subnet mask of 255.255.255.0.
Class D addresses are used for multicasting.
An application or process uses a TCP/IP port to communicate
between client and server computers.
The most popular, and therefore most likely, exam choices to
remember are the FTP ports (20 and 21), SMTP port (25), HTTP
port (80), and HTTPS port (443).
4 TCP/IP Fundamentals
Two-Minute Drill
TCP/IP Configuration Concepts
You have two options for configuring a workstation: You can configure it
manually, or you can use a DHCP server.
DHCP is responsible for assigning IP address to clients automatically and
reduces the network administration load.
DNS is used to resolve FQDNs (www.gleneclarke.com) to IP addresses.
WINS is used to convert NetBIOS names (computer names) to IP addresses.
Hosts is a text file on the client that performs the same role as DNS but is
configured on each system manually.
LMHOSTS is a text file on the client that performs the same role as WINS
but is configured on each system manually.
4 TCP/IP Fundamentals
Two-Minute Drill
Network Services
DHCP is responsible for assigning IP address information to clients.
DNS is a distributed database that is responsible for converting FQDNs to IP
addresses.
WINS is responsible for converting computer names to IP addresses.
NAT is responsible for hiding internal network addresses by configuring all systems
to use the NAT system as the default gateway. The NAT server will then change the
source address of outgoing packets to its own external address, ensuring that all
requests look as though they are coming from the NAT server. The NAT server will
receive any responses and then send the response to the internal client—ensuring
that no external system can communicate with internal systems.
SMB is the e-sharing protocol on Microsoft networks that allows clients to access file
systems on remote Microsoft systems.
NFS is the file-sharing protocol on UNIX networks that allows UNIX clients to access
file systems on NFS servers.
AFP is the file-sharing protocol for Macintosh systems, allowing Macs to access
remote file systems on Macintosh systems.
Samba is a service that implements SMB on UNIX servers, allowing Microsoft clients
to access file systems on the UNIX server.