Introduction

Networking Tutorial
The CTDP Networking Guide Version 0.6.3 Februar
3! "00#
$e%ised to Version 0.6.& No%e'ber! &! "00"
Introduction
This guide is (ri'aril about TCP)IP network (rotocols and ethernet network
architectures! but also
brie* describes other (rotocol suites! network architectures! and other signi+cant
areas o, networking.
This guide is written ,or all audiences! e%en those with little or no networking
e-(erience. It e-(lains in
si'(le ter's the wa networks are (ut together! and how data (ackages are sent
between networks and
subnets along with how data is routed to the internet. This docu'ent is broken into
+%e 'ain areas which
are.
#. /asics 0 1-(lains the (rotocols and how the work together
". 2edia 0 Describes the cabling and %arious 'edia used to send data between
'ulti(le (oints o, a
network.
3. 3rchitecture 0 Describes so'e (o(ular network architectures. 3 network
architecture re,ers to the
(hsical laout 4to(olog5 o, a network along with the (hsical trans'ission 'edia
4T(e o, wire!
wireless! etc5 and the data access 'ethod 467I 8aer "5. Includes ethernet! Token
$ing! 3$Cnet!
3((leTalk! and FDDI. This 'ain area o, the docu'ent can and should be ski((ed b
those
learning networking and read later.
&. 6ther Trans(ort Protocols 0 Describes IP9)7P9! Net/1:I! and 'ore.
;. Functions 0 1-(lains so'e o, the ,unctionalit o, networking such as routing!
+rewalls and DN7.
6. Further Details 0 Gi%es in,or'ation about so'e (rotocols not co%ered in the
</asics< section. In
the ,uture! it will include 'ore in,or'ation about (acket ,rag'entation and re0
asse'bl along
with 'ore details about :DP and es(eciall TCP and TCP connections.
=. 2ore Co'(le- ,unctions 0 Docu'ents 'ulticasting! dna'ic routing! and
network 'anage'ent
>. 3((lications 0 Docu'ents how so'e o, the a((lications work such as (ing and
traceroute. In the
,uture! it will co%er telnet! $login! and FTP.
?. 6ther Concerns 0 Includes installing dri%ers! network o(erating sste's!
a((lications! wide area
networks! backing u( the network and troubleshooting the network.
#0. $e,erences 0 Includes a re,erence list o, ter's! $FCs and reco''ended
reading.
The reader 'a read this docu'ent in an order! but ,or beginners! it would be best
to read through ,ro'
the beginning with the e-ce(tion o, sections " 4'edia5! 3 4architecture5! and &
4other5. 3t so'e (oint!
howe%er! the reader should be able to break ,ro' the basics and read about routing
and IP 'as@uerading. Introduction
There are no links to %arious reading 'aterial or so,tware (ackages inside this
docu'ent! e-ce(t under
the re,erences section. This is because it is 'ore structured! and 'akes it easier to
kee( the docu'ent
current.
This docu'ent will +rst talk about the network basics so the reader can get a good
gras( o, networking
conce(ts. This should hel( the reader understand how each network (rotocol is
used to (er,or'
networking. The reader will be able to understand wh each (rotocol is needed! how
it is used! and what
other (rotocols it relies u(on. This docu'ent e-(lains the data enca(sulation
techni@ues in (re(aration
,or trans(ort along with so'e o, the network (rotocols such as IP! TCP! :DP! IC2P!
and IG2P. It
e-(lains how 3$P and $3$P su((ort networking. In ,unctional areas! such as
routers! se%eral e-a'(les
are gi%en so the user can get a gras( on how networking is done in their (articular
situation. This
docu'ent co%ers routing! IP 'as@uerading! and +rewalls and gi%es so'e
e-(lanation o, how the work!
how the are set u(! and how and wh the are used. Firewalls and the a%ailable
(ackages are described!
but how to set the' u( is le,t to other docu'entation s(eci+c to the o(erating
sste' and the (ackage.
3((lication (rotocols such as FTP and Telnet are also brie* described. Networking
ter's are also
e-(lained and de+ned.
This docu'ent e-(lains the setu( o, networking ,unctions using 8inu- $edhat
%ersion 6.# as an
o(erating sste' 4675 (lat,or'. This will a((l to ser%er ,unctions such as routing
and IP 'as@uerading.
For 'ore docu'entation on setting u( (ackages! read docu'entation on this web
site and other locations
s(eci+c to the o(erating sste' and the (ackage. I, ou know how to set u( other
o(erating ser%ers such
as Aindows NT! ou can a((l the in,or'ation in this docu'ent to hel( ou
understand how to
con+gure ser%ices on that 67 (lat,or'.
This docu'ent was written because I (ercei%ed a need ,or a basic networking
docu'ent to e-(lain how
these networking ser%ices work and how to set the' u(! with e-a'(les. It will hel(
a no%ice to learn
networking 'ore @uickl b e-(laining the big (icture concerning how the sste'
works together. I ha%e
seen 'uch good networking docu'entation! but little that e-(lains the theor along
with (ractical setu(
and a((lications. Network To(olog
Network To(olog
3 network consists o, 'ulti(le co'(uters connected using so'e t(e o, inter,ace!
each ha%ing one or 'ore
inter,ace de%ices such as a Network Inter,ace Card 4NIC5 and)or a serial de%ice ,or
PPP networking. 1ach
co'(uter is su((orted b network so,tware that (ro%ides the ser%er or client
,unctionalit. The hardware used to
trans'it data across the network is called the 'edia. It 'a include co((er cable!
+ber o(tic! or wireless
trans'ission. The standard cabling used ,or the (ur(oses o, this docu'ent is
#0/ase0T categor ; ethernet cable.
This is twisted co((er cabling which a((ears at the sur,ace to look si'ilar to TV
coa-ial cable. It is ter'inated on
each end b a connector that looks 'uch like a (hone connector. Its 'a-i'u'
seg'ent length is #00 'eters.
Network Categories
There are two 'ain t(es o, network categories which are.
l 7er%er based
l Peer0to0(eer
In a ser%er based network! there are co'(uters set u( to be (ri'ar (ro%iders o,
ser%ices such as +le ser%ice or
'ail ser%ice. The co'(uters (ro%iding the ser%ice are are called ser%ers and the
co'(uters that re@uest and use
the ser%ice are called client co'(uters.
In a (eer0to0(eer network! %arious co'(uters on the network can act both as clients
and ser%ers. For instance!
'an 2icroso,t Aindows based co'(uters will allow +le and (rint sharing. These
co'(uters can act both as a
client and a ser%er and are also re,erred to as (eers. 2an networks are
co'bination (eer0to0(eer and ser%er
based networks. The network o(erating sste' uses a network data (rotocol to
co''unicate on the network to
other co'(uters. The network o(erating sste' su((orts the a((lications on that
co'(uter. 3 Network 6(erating
7ste' 4N675 includes Aindows NT! No%ell Netware! 8inu-! :ni- and others.
Three Network To(ologies
The network to(olog describes the 'ethod used to do the (hsical wiring o, the
network. The 'ain ones are bus!
star! and ring. Network To(olog
#. /us 0 /oth ends o, the network 'ust be ter'inated with a ter'inator. 3 barrel
connector can be used to
e-tend it.
". 7tar 0 3ll de%ices re%ol%e around a central hub! which is what controls the
network co''unications! and
can co''unicate with other hubs. $ange li'its are about #00 'eters ,ro' the hub.
3. $ing 0 De%ices are connected ,ro' one to another! as in a ring. 3 data token is
used to grant (er'ission ,or
each co'(uter to co''unicate.
There are also hbrid networks including a star0bus hbrid! star0ring network! and
'esh networks with
connections between %arious co'(uters on the network. 2esh networks ideall
allow each co'(uter to ha%e a
direct connection to each o, the other co'(uters. The to(olog this docu'entation
deals with 'ost is star
to(olog since that is what ethernet networks use. Network Bardware Connections
Network Bardware Connections
1thernet uses star to(olog ,or the (hsical wiring laout. 3 diagra' o, a t(ical
ethernet network laout is
shown below.
6n a network! a hub is basicall a re(eater which is used to re0ti'e and a'(li, the
network signals. In this
diagra'! (lease e-a'ine the hubs closel. 6n the le,t are & (orts close to each
other with an - abo%e or below
the'. This 'eans that these (orts are crosso%er (orts. This crosso%er is si'ilar to
the arrange'ent that was used
,or serial cables between two co'(uters. 1ach serial (ort has a trans'itter and
recei%er. :nless there was a null
'ode' connection between two serial (orts! or the cable was wired to cross
trans'it to recei%e and %ice %ersa!
the connection would not work. This is because the trans'it (ort would be sending
to the trans'it (ort on the
other side.
There,ore note that ou cannot connect two co'(uters together with a straight
network Cu'(er cable between
their network cards. Dou 'ust use a s(ecial crosso%er cable that ou can bu at
'ost co'(uter stores and so'e Network Bardware Connections
oEce su((l stores ,or around #0 dollars. 6therwise! ou 'ust use a hub as shown
here.
The hub on the u((er le,t is ,ull! but it has an u(link (ort on the right which lets it
connect to another hub. The
u(link does not ha%e a crosso%er connection and is designed to +t into a crosso%er
connection on the ne-t hub.
This wa ou can kee( linking hubs to (ut co'(uters on a network. /ecause each
hub introduces so'e dela
onto the network signals! there is a li'it to the nu'ber o, hubs ou can se@uentiall
link. 3lso the co'(uters that
are connected to the two hubs are on the sa'e network and can talk to each other.
3ll network traEc including all
broadcasts is (assed through the hubs.
In the diagra'! 'achine G has two network cards! eth0 and eth#. The cards eth#
and eth0 are on two diFerent
networks or subnetworks. :nless 'achine G is (rogra''ed as a router or bridge!
traEc will not (ass between
the two networks. This 'eans that 'achines 9 and G cannot talk to 'achines 3
through F and %ice %ersa.
2achine 9 can talk to G and G! and 'achines 3 though F can talk to each other and
the can talk to 'achine G.
3ll 'achines can talk to 'achine G. There,ore the 'achines are de(endent on
'achine G to talk between the two
networks or subnets.
1ach network card! called a network inter,ace card 4NIC5 has a built in hardware
address (rogra''ed b its
'anu,acturer. This is a &> bit address and should be uni@ue ,or each card. This
address is called a 'edia access
control 423C5 address. The 'edia! in our s(eci+c case will be the ethernet.
There,ore when ou re,er to
ethernet! ou are re,erring to the t(e o, network card! the cabling! the hubs! and
the data (ackets being sent. Dou
are talking about the hardware that 'akes it work! along with the data that is
(hsicall sent on the wires.
There are three t(es o, networks that are co''onl heard about. The are
ethernet! token0ring! and 3$Cnet.
1ach one is described brie* here! although this docu'ent is 'ainl about ethernet.
1thernet.
The network inter,ace cards share a co''on cable. This cable structure does not
need to ,or' a structure! but
'ust be essentiall co''on to all cards on the network. /e,ore a card trans'its! it
listens ,or a break in traEc.
The cards ha%e collision detection! and i, the card detects a collision while tring to
trans'it! it will retr a,ter
so'e rando' ti'e inter%al.
Token $ing.
Token ring networks ,or' a co'(lete electrical loo(! or ring. 3round the ring are
co'(uters! called stations. The
cards! using their built in serial nu'bers! negotiate to deter'ine what card will be
the 'aster inter,ace card. This
card will create what is called a token! that will allow other cards to send data.
1ssentiall! when a card with data
to send! recei%es a token! it sends its data to the ne-t station u( the ring to be
relaed. The 'aster inter,ace will
then create a new token and the (rocess begins again.
3$Cnet.
3$Cnet networks designate a 'aster card. The 'aster card kee(s a table o, acti%e
cards! (olling each one
se@uentiall with trans'it (er'ission. TCP)IP Ports and 3ddresses
TCP)IP Ports and 3ddresses
1ach 'achine in the network shown below! has one or 'ore network cards. The (art
o, the network that does the Cob
o, trans(orting and 'anaging the data across the network is called TCP)IP which
stands ,or Trans'ission Control
Protocol 4TCP5 and Internet Protocol 4IP5. There are other alternati%e 'echanis's ,or
'anaging network traEc! but
'ost! such as IP9)7P9 ,or Netware! will not be described here in 'uch detail. The IP
laer re@uires a & 4IP%&5 or 6
4IP%65 bte address to be assigned to each network inter,ace card on each
co'(uter. This can be done auto'aticall
using network so,tware such as dna'ic host con+guration (rotocol 4DBCP5 or b
'anuall entering static addresses
into the co'(uter.
Ports
The TCP laer re@uires what is called a (ort nu'ber to be assigned to each
'essage. This wa it can deter'ine the
t(e o, ser%ice being (ro%ided. Please be aware here! that when we are talking
about <(orts< we are not talking about
(orts that are used ,or serial and (arallel de%ices! or (orts used ,or co'(uter
hardware control. These (orts are 'erel
re,erence nu'bers used to de+ne a ser%ice. For instance! (ort "3 is used ,or telnet
ser%ices! and BTTP uses (ort >0 ,or
(ro%iding web browsing ser%ice. There is a grou( called the I3N3 4Internet 3ssigned
Nu'bers 3uthorit5 that
controls the assigning o, (orts ,or s(eci+c ser%ices. There are so'e (orts that are
assigned! so'e reser%ed and 'an
unassigned which 'a be utiliHed b a((lication (rogra's. Port nu'bers are
straight unsigned integer %alues which
range u( to a %alue o, 6;;3;.
3ddresses
3ddresses are used to locate co'(uters. It works al'ost like a house address. There
is a nu'bering sste' to hel( the
'ail'an locate the (ro(er house to deli%er custo'erIs 'ail to. Aithout an IP
nu'bering sste'! it would not be
(ossible to deter'ine where network data (ackets should go.
IP%&! which 'eans internet (rotocol %ersion &! is described here. 1ach IP address is
denoted b what is called dotted
deci'al notation. This 'eans there are ,our nu'bers! each se(arated b a dot.
1ach nu'ber re(resents a one bte
%alue with a (ossible 'athe'atical range o, 00";;. /rie*! the +rst one or two
btes! de(ending on the class o,
network! generall will indicate the nu'ber o, the network! the third bte indicates
the nu'ber o, the subnet! and the
,ourth nu'ber indicates the host nu'ber. This nu'bering sche'e will %ar
de(ending on the network and the
nu'bering 'ethod used such as Classless Inter0Do'ain $outing 4CID$5 which is
described later. The host nu'ber
cannot be 0 or ";;. None o, the nu'bers can be ";; and the +rst nu'ber cannot
be 0. This is because broadcasting is
done with all bits set in so'e btes. /roadcasting is a ,or' o, co''unication that
all hosts on a network can read!
and is nor'all used ,or (er,or'ing %arious network @ueries. 3n address o, all 0Is is
not used! because when a
'achine is booted that does not ha%e a hardware address assigned! it (ro%ides
0.0.0.0 as its address until it recei%es its
assign'ent. This would occur ,or 'achines that are re'ote booted or those that
boot using the dna'ic host
con+guration (rotocol 4DBCP5. The (art o, the IP address that de+nes the network is
re,erred to as the network ID!
and the latter (art o, the IP address that de+nes the host address is re,erred to as
the host ID.
IP%6 is an enhance'ent to the IP%& standard due to the shortage o, internet
addresses. The dotted notation %alues are
increased to #" bit %alues rather than bte 4> bit5 %alues. This increases the
eFecti%e range o, each (ossible deci'al
%alue to &0?;. 6, course the %alues o, 0 and &0?; 4all bits set5 are generall
reser%ed the sa'e as with the IP%&
standard. TCP)IP Ports and 3ddresses
3n 1-a'(le Network
In the diagra' below! the earlier hardware wiring e-a'(le is 'odi+ed to show the
network without the hubs. It also
shows IP addresses assigned to each inter,ace card. 3s ou can see there are two
networks which are #?".#6>.#.- and
#?".#6>.".-. 2achines 3 through F are on network #?".#6>.#.-. The 'achines 9 and
G are on network #?".#6>.".-!
and 'achine G has access to both networks.
NIC 3 / C D 1 F G 9 G
eth0 #?".#6>.#.= #?".#6>.#.6 #?".#6>.#.; #?".#6>.#.& #?".#6>.#.3 #?".#6>.#."
#?".#6>.#.# #?".#6>."." #?".#6>.".3
eth# 0 0 0 0 0 0 #?".#6>.".# 0 0
:sing this (ort and addressing sche'e! the networking sste' can (ass data!
addressing in,or'ation! and t(e o,
ser%ice in,or'ation through the hardware! ,ro' one co'(uter to another. The
reason! there is an address ,or the
hardware card 4ethernet address! also called 23C address5! and another assigned
address ,or that sa'e card 4IP
address5! is to kee( the (arts o, the network sste' that deal with the hardware
and the so,tware! inde(endent o, each
other. This is re@uired in order to be able to con+gure the IP addressing dna'icall.
6therwise! all co'(uters would
ha%e a static address and this would be %er diEcult to 'anage. 3lso! i, a
'odi+cation needs to be 'ade to the
hardware addressing sche'e ,or an reason! in ethernet! it will be trans(arent to
the rest o, the sste'. Con%ersel i, a TCP)IP Ports and 3ddresses
change is 'ade to the so,tware addressing sche'e in the IP (art o, the sste'! the
ethernet and TCP (rotocols will be
unaFected.
In the e-a'(le abo%e! 'achine F will send a telnet data (acket to 'achine 3.
$oughl! the ,ollowing ste(s occur.
#. The Telnet (rogra' in 'achine F (re(ares the data (acket. This occurs in the
a((lication 4Telnet5!
(resentation! and session laers o, the 67I network 'odel.
". The TCP so,tware adds a header with the (ort nu'ber! "3! to the (acket. This
occurs in the trans(ort 4TCP5
laer.
3. The IP so,tware adds a header with the senderIs and reci(ientIs IP address!
#?".#6>.#." to the (acket. This
occurs in the network 4IP5 laer.
&. The ethernet header is added to the (acket with the hardware address o, the
network card and the (acket is
trans'itted. This occurs in the link 41thernet5 laer.
;. 2achine 3Is network card detects itIs address in the (acket! retrie%es the data!
and stri(s its header data and
sends it to the IP laer.
6. The IP laer looks at the IP header! and deter'ines i, the senderIs IP address is
acce(table to (ro%ide ser%ice to
4hosts.allow! hosts.den! etc5! and i, so! stri(s the IP header and sends it to the TCP
laer.
=. The TCP 8aer reads the (ort nu'ber in itIs header! deter'ines i, ser%ice is
(ro%ided ,or that (ort! and what
a((lication (rogra' is ser%icing that (ort. It stri(s the TCP header and (asses the
re'ainder o, the data to the
telnet (rogra' on 'achine 3.
Please note! that the network laers 'entioned here are described in the ne-t
section. 3lso there are 'an t(es o,
su((ort at each o, the ,our TCP)IP network sste' laers! but that issue is
addressed in the ne-t section. Network Protocol 8e%els
Network Protocol 8e%els
Dou should be aware o, the ,act! that when talking about networking ou will hear
the word <(rotocol< all the
ti'e. This is because (rotocols are sets o, standards that de+ne all o(erations
within a network. The de+ne how
%arious o(erations are to be (er,or'ed. The 'a e%en de+ne how de%ices outside
the network can interact with
the network. Protocols de+ne e%erthing ,ro' basic networking data structures! to
higher le%el a((lication
(rogra's. The de+ne %arious ser%ices and utilit (rogra's. Protocols o(erate at
'an laers o, the network
'odels described below. There are (rotocols considered to be trans(ort (rotocols
such as TCP and :DP. 6ther
(rotocols work at the network laer o, the 67I network 'odel shown below! and
so'e (rotocols work at se%eral
o, the network laers.
$FCs
Protocols are outlined in $e@uest ,or Co''ents 4$FCs5. 3t the end o, this docu'ent
is a list o, (rotocols and
associated $FC nu'bers.Protocols. 3lthough $FCs de+ne (rotocols not all $FCs
de+ne (rotocols but 'a
de+ne other re@uire'ents ,or the internet such as $FC #;&3 which (ro%ides
in,or'ation about the (re(aration o,
$FCs. The ,ollowing $FCs are %er central to the TCP)IP (rotocol.
l $FC ##"" 0 De+nes host re@uire'ents o, the TCP)IP suite o, (rotocols co%ering
the link! network 4IP5!
and trans(ort 4TCP! :DP5 laers.
l $FC ##"3 0 The co'(anion $FC to ##"" co%ering re@uire'ents ,or internet hosts
at the a((lication laer
l $FC #>#" 0 De+nes re@uire'ents ,or internet gatewas which are IP%& routers
Network 2odels
There are se%eral network 'odels which ou 'a hear about but the one ou will
hear about 'ost is the I76
network 'odel described below. Dou should realiHe! howe%er that there are others
such as.
l The internet laered (rotocol
l The TCP)IP & laered (rotocol
l The 2icroso,t networking (rotocol
I, ou donIt like an o, these 'odels! ,eel ,ree to in%ent our own along with our
own networking sche'e o,
course! and add it to the list abo%e. Dou can call it <The 2Na'e Protocol<. 1%er
wonder wh networking can be
so co'(le- and con,usingJ Aelco'e to the world o, ,ree enter(riseK
The I76 Network 2odel 7tandard
The International 7tandards 6rganiHation 4I765 has de+ned a standard called the
6(en 7ste's Interconnection
467I5 re,erence 'odel. This is a se%en laer architecture listed below. 1ach laer is
considered to be res(onsible
,or a diFerent (art o, the co''unications. This conce(t was de%elo(ed to
acco''odate changes in technolog.
The laers are arranged here ,ro' the lower le%els starting with the (hsical
4hardware5 to the higher le%els. Network Protocol 8e%els
#. Phsical 8aer 0 The actual hardware.
". Data 8ink 8aer 0 Data trans,er 'ethod 4>0"- ethernet5. Puts data in ,ra'es and
ensures error ,ree
trans'ission. 3lso controls the ti'ing o, the network trans'ission. 3dds ,ra'e t(e!
address! and error
control in,or'ation. I111 di%ided this laer into the two ,ollowing sublaers.
#. 8ogical 8ink control 488C5 0 2aintains the 8ink between two co'(uters b
establishing 7er%ice
3ccess Points 473Ps5 which are a series o, inter,ace (oints. I111 >0".".
". 2edia 3ccess Control 423C5 0 :sed to coordinate the sending o, data between
co'(uters. The
>0".3! &! ;! and #" standards a((l to this laer. I, ou hear so'eone talking about
the 23C
address o, a network card! the are re,erring to the hardware address o, the card.
3. Network 8aer 0 IP network (rotocol. $outes 'essages using the best (ath
a%ailable.
&. Trans(ort 8aer 0 TCP! :DP. 1nsures (ro(erl se@uenced and error ,ree
trans'ission.
;. 7ession 8aer 0 The userIs inter,ace to the network. Deter'ines when the
session is begun or o(ened! how
long it is used! and when it is closed. Controls the trans'ission o, data during the
session. 7u((orts
securit and na'e looku( enabling co'(uters to locate each other.
6. Presentation 8aer 0 37CII or 1/CD1C data snta-. 2akes the t(e o, data
trans(arent to the laers
around it. :sed to translate date to co'(uter s(eci+c ,or'at such as bte ordering.
It 'a include
co'(ression. It (re(ares the data! either ,or the network or the a((lication
de(ending on the direction it is
going.
=. 3((lication 8aer 0 Pro%ides ser%ices so,tware a((lications need. Pro%ides the
abilit ,or user a((lications
to interact with the network.
2an (rotocol stacks o%erla( the borders o, the se%en laer 'odel b o(erating at
'ulti(le laers o, the 'odel.
File Trans(ort Protocol 4FTP5 and telnet both work at the a((lication! (resentation!
and the session laers.
The Internet! TCP)IP! D6D 2odel
This 'odel is so'eti'es called the D6D 'odel since it was designed ,or the
de(art'ent o, de,ense It is also
called the TCP)IP ,our laer (rotocol! or the internet (rotocol. It has the ,ollowing
laers.
#. 8ink 0 De%ice dri%er and inter,ace card which 'a(s to the data link and (hsical
laer o, the 67I 'odel.
". Network 0 Corres(onds to the network laer o, the 67I 'odel and includes the IP!
IC2P! and IG2P
(rotocols.
3. Trans(ort 0 Corres(onds to the trans(ort laer and includes the TCP and :DP
(rotocols.
&. 3((lication 0 Corres(onds to the 67I 7ession! Presentation and 3((lication laers
and includes FTP!
Telnet! (ing! $login! rsh! TFTP! 72TP! 7N2P! DN7! our (rogra'! etc.
Please note the ,our laer TCP)IP (rotocol. 1ach laer has a set o, data that it
generates.
#. The 8ink laer corres(onds to the hardware! including the de%ice dri%er and
inter,ace card. The link laer
has data (ackets associated with it de(ending on the t(e o, network being used
such as 3$Cnet! Token
ring or ethernet. In our case! we will be talking about ethernet.
". The network laer 'anages the 'o%e'ent o, (ackets around the network and
includes IP! IC2P! and
IG2P. It is res(onsible ,or 'aking sure that (ackages reach their destinations! and i,
the donIt! re(orting
errors.
3. The trans(ort laer is the 'echanis' used ,or two co'(uters to e-change data
with regards to so,tware.
The two t(es o, (rotocols that are the trans(ort 'echanis's are TCP and :DP.
There are also other t(es Network Protocol 8e%els
o, (rotocols ,or sste's other than TCP)IP but we will talk about TCP and :DP in this
docu'ent.
&. The a((lication laer re,ers to networking (rotocols that are used to su((ort
%arious ser%ices such as FTP!
Telnet! /66TP! etc. Note here to a%oid con,usion! that the a((lication laer is
generall re,erring to
(rotocols such as FTP! telnet! (ing! and other (rogra's designed ,or s(eci+c
(ur(oses which are go%erned
b a s(eci+c set o, (rotocols de+ned with $FCIs 4re@uest ,or co''ents5. Bowe%er a
(rogra' that ou
'a write can de+ne its own data structure to send between our client and ser%er
(rogra' so long as the
(rogra' ou run on both the client and ser%er 'achine understand our (rotocol.
For e-a'(le when our
(rogra' o(ens a socket to another 'achine! it is using TCP (rotocol! but the data
ou send de(ends on
how ou structure it.
Data 1nca(sulation! a Critical conce(t to be understood
Ahen starting with (rotocols that work at the u((er laers o, the network 'odels!
each set o, data is wra((ed
inside the ne-t lower laer (rotocol! si'ilar to wra((ing letters inside an en%elo(e.
The a((lication creates the
data! then the trans(ort laer wra(s that data inside its ,or'at! then the network
laer wra(s the data! and +nall
the link 4ethernet5 laer enca(sulates the data and trans'its it.
To continue! ou should understand the de+nition o, a client and ser%er with regards
to networking. I, ou are a Network Protocol 8e%els
ser%er! ou will (ro%ide ser%ices to a client! in 'uch the sa'e wa as a (ri%ate
in%estigator would (ro%ide
ser%ices to their clients. 3 client will contact the ser%er! and ask ,or ser%ice! which
the ser%er will then (ro%ide.
The ser%ice 'a be as si'(le as sending a single block o, data back to the client.
7ince there are 'an clients! a
ser%er 'ust be constantl read to recei%e client re@uests! e%en though it 'a
alread be working with other
clients. :suall the client (rogra' will o(erate on one co'(uter! while the ser%er
(rogra' will o(erate on
another co'(uter! although (rogra's can be written to be both a client and a
ser%er.
8ets sa ou write a client chat (rogra' and a ser%er chat (rogra' to be used b
two (eo(le to send 'essages
between their 'achines. Dou run the ser%er (rogra' on 'achine /! and the client
(rogra' on 'achine 3. To' is
on 'achine 3 and George is on 'achine /. GeorgeIs 'achine is alwas read to be
contacted! but cannot initiate
a contact. There,ore i, George wants to talk to To'! he cannot! until To' contacts
hi'. To'! o, course can
initiate contact at an ti'e. Now ou decide to sol%e the (roble' and 'erge the
,unctionalit o, the two
(rogra's into one! so both (arties 'a contact the other. This (rogra' is now a
client)ser%er (rogra' which
o(erates both as a client and a ser%er. Dou write our code so when one side
initiates contact! he will get a dialog
bo-! and a dialog bo- will (o( u( on the other side. 3t the ti'e contact is initiated! a
socket is o(ened between
the two 'achines and a %irtual connection is established. The (rogra' will let the
user 4To'5 t(e te-t into the
dialog window! and hit send. Ahen the user hits send! roughl the ,ollowing will
ha((en.
#. Dour (rogra' will (ass To'Is t(ed te-t in a buFer! to the socket. This ha((ens
on 'achine 3.
". The underling so,tware 4Code in a librar called b a ,unction our (rogra'
used to send the data5
su((orting the socket (uts the data inside a TCP data (acket. This 'eans that a TCP
header will be added
to the data. This header contains a source and destination (ort nu'ber along with
so'e other in,or'ation
and a checksu'. Dea'on (rogra's 4Dae'on de+nition at the botto' o, this (age5
'a also work at this
le%el to sort (ackages based on (ort nu'ber 4hence the TCP wra((er (rogra' in
:NI9 and 8inu-5.
3. The TCP (acket will be (laced inside an IP data (acket with a source and
destination IP address along
with so'e other data ,or network 'anage'ent. This 'a be done b a co'bination
o, our librar
,unction! the o(erating sste' and su((orting (rogra's.
&. The IP data (acket is (laced inside an ethernet data (acket. This data (acket
includes the destination and
source address o, the network inter,ace cards 4NIC5 on the two co'(uters. The
address here is the
hardware address o, the res(ecti%e cards and is called the 23C address.
;. The ethernet (acket is trans'itted o%er the network line.
6. 3ssu'ing there is a direct connection between the two co'(uters! the network
inter,ace card on 'achine
/! will recogniHe its 23C address and grab the data.
=. The IP data (acket will be e-tracted ,ro' the ethernet data (acket. 3
co'bination o, dea'ons and the
o(erating sste' will (er,or' this o(eration.
>. The TCP data (acket will be e-tracted ,ro' the IP data (acket. 3 co'bination o,
dea'ons! the o(erating
sste'! and libraries called b our (rogra' will (er,or' this ,unction.
?. The data will be e-tracted ,ro' the TCP (acket. Dour (rogra' will then dis(la
the retrie%ed data 4te-t5 in
the te-t dis(la window ,or George to read.
/e aware that ,or the sake o, si'(licit! we are e-cluding details such as error
'anage'ent! routing! and
identi,ing the hardware address o, the NIC on the co'(uter intended to recei%e the
data. 3lso we are not
'entioning the (ossible reCection o, ser%ice based on a (acketIs (ort nu'ber or
senderIs IP address.
3 dea'on (rogra' is a (rogra' that runs in the background on a co'(uter
o(erating sste'. It is used to
(er,or' %arious tasks including ser%er ,unctions. It is usuall started when the
o(erating sste' is booted! but a Network Protocol 8e%els
user or ad'inistrator 'a be able to start or sto( a dae'on at an ti'e. I111 >0"
7tandard
I111 >0" 7tandard
The Data 8ink 8aer and I111
Ahen we talk about 8ocal 3rea Network 483N5 technolog the I111 >0" standard
'a be heard. This
standard de+nes networking connections ,or the inter,ace card and the (hsical
connections! describing
how the are done. The >0" standards were (ublished b the Institute o, 1lectrical
and 1lectronics
1ngineers 4I1115. The >0".3 standard is called ethernet! but the I111 standards do
not de+ne the
e-act original true ethernet standard that is co''on toda. There is a great deal o,
con,usion caused
b this. There are se%eral t(es o, co''on ethernet ,ra'es. 2an network cards
su((ort 'ore than one
t(e.
The ethernet standard data enca(sulation 'ethod is de+ned b $FC >?&. $FC #0&"
de+nes the IP to link
laer data enca(sulation ,or networks using the I111 >0" standards. The >0"
standards de+ne the two
lowest le%els o, the se%en laer network 'odel and (ri'aril deal with the control
o, access to the
network 'edia. The network 'edia is the (hsical 'eans o, carring the data such
as network cable. The
control o, access to the 'edia is called 'edia access control 423C5. The >0"
standards are listed below.
l >0".# 0 Internetworking
l >0"." 0 8ogical 8ink Control L
l >0".3 0 1thernet or C723)CD! Carrier07ense 2ulti(le 3ccess with Collision
detection 83N L
l >0".& 0 Token0/us 83N L
l >0".; 0 Token $ing 83N L
l >0".6 0 2etro(olitan 3rea Network 423N5
l >0".= 0 /roadband Technical 3d%isor Grou(
l >0".> 0 Fiber06(tic Technical 3d%isor Grou(
l >0".? 0 Integrated Voice)Data Networks
l >0".#0 0 Network 7ecurit
l >0".## 0 Aireless Networks
l >0".#" 0 De'and Priorit 3ccess 83N! #00 /ase VG03n83N
LThe 6nes with stars should be re'e'bered in order ,or network certi+cation
testing.
Network 3ccess 2ethods
There are %arious 'ethods o, 'anaging access to a network. I, all network stations
tried to talk at once!
the 'essages would beco'e unintelligible! and no co''unication could occur.
There,ore a 'ethod o,
being sure that stations coordinate the sending o, 'essages 'ust be achie%ed.
There are se%eral 'ethods
listed below which ha%e %arious ad%antages and disad%antages. I111 >0" 7tandard
l Contention
' Carrier07ense 2ulti(le 3ccess with Collision Detection 4C723)CD5 0 :sed b
1thernet
' Carrier07ense 2ulti(le 3ccess with Collision 3%oidance 4C723)C35
l Token Passing 0 3 token is (assed ,ro' one co'(uter to another! which (ro%ides
trans'ission
(er'ission.
l De'and Priorit 0 Describes a 'ethod where intelligent hubs control data
trans'ission. 3
co'(uter will send a de'and signal to the hub indicating that it wants to trans'it.
The hub sill
res(ond with an acknowledge'ent that will allow the co'(uter to trans'it. The hub
will allow
co'(uters to trans'it in turn. 3n e-a'(le o, a de'and (riorit network is #00VG0
3n83N
4I111 >0".#"5. It uses a star0bus to(olog.
l Polling 0 3 central controller! also called the (ri'ar de%ice will (oll co'(uters!
called secondar
de%ices! to +nd out i, the ha%e data to trans'it. 6, so the central controller will
allow the' to
trans'it ,or a li'ited ti'e! then the ne-t de%ice is (olled.
Token (assing (er,or's better when the network has a lot o, traEc! while ethernet
which uses
C723)CD is generall ,aster but loses (er,or'ance when the network has a lot o,
traEc. C723)CD is
basicall a 'ethod that allows network stations to trans'it an ti'e the want.
The! howe%er! sense the
network line and detect i, another station has trans'itted at the sa'e ti'e the
did. This is called a
collision. I, a collision ha((ened! the stations in%ol%ed will retrans'it at a later!
rando'l set ti'e in
ho(es o, a%oiding another collision.
IP to link laer enca(sulation
The re@uire'ents ,or IP to link laer enca(sulation ,or hosts on a 1thernet network
are.
l 3ll hosts 'ust be able to send and recei%e (ackets de+ned b $FC >?&.
l 3ll hosts should be able to recei%e a 'i- o, (ackets de+ned b $FC >?& and $FC
#0&".
l 3ll hosts 'a be able to send $DC #0&" de+ned (ackets.
Bosts that su((ort both 'ust (ro%ide a 'eans to con+gure the t(e o, (acket sent
and the de,ault 'ust be
(ackets de+ned b $FC >?&.
1thernet and I111 >0" 1nca(sulation ,or'ats
1thernet 4$FC >?&5 'essage ,or'at consists o,.
#. 6 btes o, destination address.
". 6 btes o, source address.
3. " btes o, 'essage t(e which indicates the t(e o, data being sent.
&. &6 to #;00 btes o, data.
;. & btes o, cclic redundanc check 4C$C5 in,or'ation. I111 >0" 7tandard
I111 >0" 4$FC #0&"5 2essage ,or'at consists o, 3 sections (lus data and C$C as
,ollows.
#. >0".3 2edia 3ccess Control section used to coordinate the sending o, data
between co'(uters.
#. 6 btes o, destination address.
". 6 btes o, source address.
3. " btes o, length 0 The nu'ber o, btes that ,ollow not including the C$C.
". >0"." 8ogical 8ink control establishes ser%ice access (oints 473Ps5 between
co'(uters.
#. # bte destination ser%ice access (oint 4D73P5.
". # bte source ser%ice access (oint 4773P5.
3. # bte o, control.
3. 7ub Network 3ccess Protocol 47N3P5.
#. 3 btes o, org code.
". " btes o, 'essage t(e which indicates the t(e o, data being sent.
&. 3> to #&?" btes o, data.
;. & btes o, cclic redundanc check 4C$C5 in,or'ation.
7o'e ethernet 'essage t(es include.
l 0>00 0 IP datagra' with length o, 3> to #&?" btes.
l 0>06 0 3$P re@uest or re(l with "> btes and (ad btes that are used to 'ake
the ,ra'e long
enough ,or the 'ini'u' length.
l >03; 0 $3$P re@uest or re(l o, "> btes and (ad btes that are used to 'ake
the ,ra'e long
enough ,or the 'ini'u' length.
These 'essage t(es are the sa'e ,or both ,or'ats abo%e with the e-ce(tion o, the
(ad btes. The (ad
btes ,or the $FC >?& and $FC #0&" datagra's are o, diFerent lengths between the
two 'essage
,or'ats because the $FC >?& 'ini'u' 'essage length is &6 btes and the $FC
#0&" 'ini'u' 'essage
length is 3> btes. 3lso the two 'essage ,or'ats abo%e are distinguishable ,ro'
each other. This is
because the $FC >?& (ossible length %alues are e-clusi%e o, $FC #0&" (ossible t(e
%alues.
Trailor 1nca(sulation
This is described in $FC ##"" and $FC >?"! but this sche'e is not used %er o,ten
toda. The trailer
(rotocol M8INN.#O is a link0laer enca(sulation 'ethod that rearranges the data
contents o, (ackets sent
on the (hsical network. It 'a be used but onl a,ter it is %eri+ed that both the
sending and recei%ing
hosts su((ort trailers. The %eri+cation is done ,or each host that is co''unicated
with.
$FC ##"" states. <6nl (ackets with s(eci+c siHe attributes are enca(sulated using
trailers! and t(icall
onl a s'all ,raction o, the (ackets being e-changed ha%e these attributes. Thus! i,
a sste' using trailers
e-changes (ackets with a sste' that does not! so'e (ackets disa((ear into a
black hole while others are
deli%ered success,ull.< I111 >0" 7tandard
Trailer negotiation is (er,or'ed when 3$P is used to disco%er the 'edia access
control 423C5 address
o, the destination host. $FC ##"" states. <a host that wants to s(eak trailers will
send an additional
<trailer 3$P re(l< (acket! i.e.! an 3$P re(l that s(eci+es the trailer enca(sulation
(rotocol t(e but
otherwise has the ,or'at o, a nor'al 3$P re(l. I, a host con+gured to use trailers
recei%es a trailer 3$P
re(l 'essage ,ro' a re'ote 'achine! it can add that 'achine to the list o,
'achines that understand
trailers! e.g.! b 'arking the corres(onding entr in the 3$P cache.< Network
Categories
Network Categories
TDP)IP includes a wide range o, (rotocols which are used ,or a %ariet o, (ur(oses
on the network. The set o, (rotocols that
are a (art o, TCP)IP is called the TCP)IP (rotocol stack or the TCP)IP suite o,
(rotocols.
Considering the 'an (rotocols! 'essage t(es! le%els! and ser%ices that TCP)IP
networking su((orts! I belie%e it would be
%er hel(,ul to categoriHe the %arious (rotocols that su((ort TCP)IP networking and
de+ne their res(ecti%e contribution to
the o(eration o, networking. :n,ortunatel I ha%e ne%er seen this done to an real
e-tent! but belie%e it would be worthwhile
to hel( those learning networking understand it ,aster and better. I cannot
guarantee that e-(erts will agree with the
categoriHations that will be (ro%ided here! but the should hel( the reader get the
big (icture on the %arious (rotocols! and
thus clari, what the reason or need is ,or each (rotocol.
3s 'entioned (re%iousl! there are ,our TCP)IP laers. The are link! network!
trans(ort! and a((lication. The link laer is
the hardware laer that (ro%ides abilit to send 'essages between 'ulti(le
locations. In the case o, this docu'ent! ethernet
(ro%ides this ca(abilit. /elow I de+ne se%eral categories so'e o, which +t into the
& laer (rotocol le%els described
earlier. I also de+ne a relati%e ,unda'ental i'(ortance to the abilit o, the network
to ,unction at all. I'(ortance includes
essential! critical! i'(ortant! ad%anced! use,ul.
#. 1ssential 0 Aithout this all other categories are irrele%ant.
". Critical 0 The network! as designed! is useless without this abilit.
3. I'(ortant 0 The network could ,unction! but would be diEcult to use and
'anage.
&. 3d%anced 0 Includes enhance'ents that 'ake the network easier to use and
'anage.
;. :se,ul 0 Functionalit that ou would like to be able to use as a network user.
3((lications or so'e ,unctionalit is
su((orted here. Aithout this! wh build a networkJ
The categories are.
Na'e4laer5 I'(ortance Na'es o, (rotocols Ahat it does
Bardware4link5 1ssential
ethernet! 78IP! PPP! Token $ing!
3$Cnet
3llows 'essages to be (ackaged and sent
between (hsical locations.
Package 'anage'ent4network5 1ssential IP! IC2P
2anages 'o%e'ent o, 'essages and
re(orts errors. It uses 'essage (rotocols
and so,tware to 'anage this (rocess.
4includes routing5
Inter laer co''unication 1ssential 3$P
Co''unicates between laers to allow one
laer to get in,or'ation to su((ort another
laer. This includes broadcasting
7er%ice control4trans(ort5 Critical TCP! :DP
Controls the 'anage'ent o, ser%ice
between co'(uters. /ased on %alues in
TCP and :DP 'essages a ser%er knows
what ser%ice is being re@uested.
3((lication and user su((ort I'(ortant DN7! $PC
DN7 (ro%ides address to na'e translation
,or locations and network cards. $PC
allows re'ote co'(uter to (er,or'
,unctions on other co'(uters.
Network 2anage'ent 3d%anced
$3$P! /66TP! DBCP! IG2P!
7N2P!$IP! 67PF! /GP! CID$
1nhances network 'anage'ent and
increases ,unctionalitNetwork Categories
:tilit43((lication5 :se,ul
FTP! TFTP! 72TP! Telnet! NF7!
(ing! $login
Pro%ides direct ser%ices to the user.
There are e-ce(tions to ' categoriHations that donIt +t into the nor'al laering
sche'e! such as IG2P is nor'all (art o,
the link laer! but I ha%e tried to list these categoriHations according to network
,unctions and their relati%e i'(ortance to the
o(eration o, the network. 3lso note that ethernet! which is not reall a (rotocol! but
an I111 standard along with PPP! 78IP!
Token$ing! and 3rcNet are not TCP)IP (rotocols but 'a su((ort TCP)IP at the
hardware or link laer! de(ending on the
network to(olog.
The list below gi%es a brie, descri(tion o, each (rotocol
l ethernet 0 Pro%ides ,or trans(ort o, in,or'ation between (hsical locations on
ethernet cable. Data is (assed in
ethernet (ackets
l 78IP 0 7erial line IP 478IP5! a ,or' o, data enca(sulation ,or serial lines.
l PPP 0 Point to (oint (rotocol 4PPP5. 3 ,or' o, serial line data enca(sulation that is
an i'(ro%e'ent o%er 78IP.
l IP 0 Internet Protocol 4IP5. 1-ce(t ,or 3$P and $3$P all (rotocolsI data (ackets
will be (ackaged into an IP data
(acket. Pro%ides the 'echanis' to use so,tware to address and 'anage data
(ackets being sent to co'(uters.
l IC2P 0 Internet control 'essage (rotocol 4IC2P5 (ro%ides 'anage'ent and error
re(orting to hel( 'anage the
(rocess o, sending data between co'(uters.
l 3$P 0 3ddress resolution (rotocol 43$P5 enables the (ackaging o, IP data into
ethernet (ackages. It is the sste'
and 'essaging (rotocol that is used to +nd the ethernet 4hardware5 address ,ro' a
s(eci+c IP nu'ber. Aithout this
(rotocol! the ethernet (ackage could not be generated ,ro' the IP (ackage!
because the ethernet address could not be
deter'ined.
l TCP 0 3 reliable connection oriented (rotocol used to control the 'anage'ent o,
a((lication le%el ser%ices between
co'(uters.
l :DP 0 3n unreliable connection less (rotocol used to control the 'anage'ent o,
a((lication le%el ser%ices between
co'(uters.
l DN7 0 Do'ain Na'e 7er%ice! allows the network to deter'ine IP addresses ,ro'
na'es and %ice %ersa.
l $3$P 0 $e%erse address resolution (rotocol 4$3$P5 is used to allow a co'(uter
without a local (er'anent data
storage 'edia to deter'ine its IP address ,ro' its ethernet address.
l /66TP 0 /ootstra( (rotocol is used to assign an IP address to diskless
co'(uters and tell it what ser%er and +le to
load which will (ro%ide it with an o(erating sste'.
l DBCP 0 Dna'ic host con+guration (rotocol 4DBCP5 is a 'ethod o, assigning
and controlling the IP addresses o,
co'(uters on a gi%en network. It is a ser%er based ser%ice that auto'aticall
assigns IP nu'bers when a co'(uter
boots. This wa the IP address o, a co'(uter does not need to be assigned
'anuall. This 'akes changing networks
easier to 'anage. DBCP can (er,or' all the ,unctions o, /66TP.
l IG2P 0 Internet Grou( 2anage'ent Protocol used to su((ort 'ulticasting.
l 7N2P 0 7i'(le Network 2anage'ent Protocol 47N2P5. :sed to 'anage all t(es
o, network ele'ents based on
%arious data sent and recei%ed.
l $IP 0 $outing In,or'ation Protocol 4$IP5! used to dna'icall u(date router
tables on A3Ns or the internet.
l 67PF 0 6(en 7hortest Path First 467PF5 dna'ic routing (rotocol.
l /GP 0 /order Gatewa Protocol 4/GP5. 3 dna'ic router (rotocol to
co''unicate between routers on diFerent
sste's.
l CID$ 0 Classless Interdo'ain $outing 4CID$5.
l FTP 0 File Trans,er Protocol 4FTP5. 3llows +le trans,er between two co'(uters
with login re@uired.
l TFTP 0 Tri%ial File Trans,er Protocol 4TFTP5. 3llows +le trans,er between two
co'(uters with no login re@uired. It
is li'ited! and is intended ,or diskless stations.
l 72TP 0 7i'(le 2ail Trans,er Protocol 472TP5.
l NF7 0 Network File 7ste' 4NF75. 3 (rotocol that allows :NI9 and 8inu- sste's
re'otel 'ount each otherIs +le
sste's. Network Categories
l Telnet 0 3 'ethod o, o(ening a user session on a re'ote host.
l Ping 0 3 (rogra' that uses IC2P to send diagnostic 'essages to other
co'(uters to tell i, the are reachable o%er the
network.
l $login 0 $e'ote login between :NI9 hosts. This is outdated and is re(laced b
Telnet.
1ach (rotocol ulti'atel has itIs data (ackets wra((ed in an ethernet! 78IP! or PPP
(acket 4at the link le%el5 in order to be
sent o%er the ethernet cable. 7o'e (rotocol data (ackets are wra((ed se@uentiall
'ulti(le ti'es be,ore being sent. For
e-a'(le FTP data is wra((ed in a TCP (acket which is wra((ed in a IP (acket which
is wra((ed in a link (acket 4nor'all
ethernet5. The diagra' below shows the relationshi( between the (rotocolsI
se@uential wra((ing o, data (ackets. Network De%ices
Network De%ices
$e(eaters! /ridges! $outers! and Gatewas
Network $e(eater
3 re(eater connects two seg'ents o, our network cable. It reti'es and
regenerates the signals to (ro(er
a'(litudes and sends the' to the other seg'ents. Ahen talking about! ethernet
to(olog! ou are
(robabl talking about using a hub as a re(eater. $e(eaters re@uire a s'all a'ount
o, ti'e to regenerate
the signal. This can cause a (ro(agation dela which can aFect network
co''unication when there are
se%eral re(eaters in a row. 2an network architectures li'it the nu'ber o,
re(eaters that can be used in a
row. $e(eaters work onl at the (hsical laer o, the 67I network 'odel.
/ridge
3 bridge reads the outer'ost section o, data on the data (acket! to tell where the
'essage is going. It
reduces the traEc on other network seg'ents! since it does not send all (ackets.
/ridges can be
(rogra''ed to reCect (ackets ,ro' (articular networks. /ridging occurs at the data
link laer o, the 67I
'odel! which 'eans the bridge cannot read IP addresses! but onl the outer'ost
hardware address o, the
(acket. In our case the bridge can read the ethernet data which gi%es the hardware
address o, the
destination address! not the IP address. /ridges ,orward all broadcast 'essages.
6nl a s(ecial bridge
called a translation bridge will allow two networks o, diFerent architectures to be
connected. /ridges do
not nor'all allow connection o, networks with diFerent architectures. The
hardware address is also
called the 23C 4'edia access control5 address. To deter'ine the network seg'ent
a 23C address
belongs to! bridges use one o,.
l Trans(arent /ridging 0 The build a table o, addresses 4bridging table5 as the
recei%e (ackets. I,
the address is not in the bridging table! the (acket is ,orwarded to all seg'ents
other than the one
it ca'e ,ro'. This t(e o, bridge is used on ethernet networks.
l 7ource route bridging 0 The source co'(uter (ro%ides (ath in,or'ation inside
the (acket. This is
used on Token $ing networks.
Network $outer
3 router is used to route data (ackets between two networks. It reads the
in,or'ation in each (acket to
tell where it is going. I, it is destined ,or an i''ediate network it has access to! it
will stri( the outer
(acket! readdress the (acket to the (ro(er ethernet address! and trans'it it on that
network. I, it is
destined ,or another network and 'ust be sent to another router! it will re0(ackage
the outer (acket to be
recei%ed b the ne-t router and send it to the ne-t router. The section on routing
e-(lains the theor Network De%ices
behind this and how routing tables are used to hel( deter'ine (acket destinations.
$outing occurs at the
network laer o, the 67I 'odel. The can connect networks with diFerent
architectures such as Token
$ing and 1thernet. 3lthough the can trans,or' in,or'ation at the data link le%el!
routers cannot
trans,or' in,or'ation ,ro' one data ,or'at such as TCP)IP to another such as
IP9)7P9. $outers do not
send broadcast (ackets or corru(ted (ackets. I, the routing table does not indicate
the (ro(er address o, a
(acket! the (acket is discarded.
/router
There is a de%ice called a brouter which will ,unction si'ilar to a bridge ,or network
trans(ort (rotocols
that are not routable! and will ,unction as a router ,or routable (rotocols. It ,unctions
at the network and
data link laers o, the 67I network 'odel.
Gatewa
3 gatewa can translate in,or'ation between diFerent network data ,or'ats or
network architectures. It
can translate TCP)IP to 3((leTalk so co'(uters su((orting TCP)IP can co''unicate
with 3((le brand
co'(uters. 2ost gatewas o(erate at the a((lication laer! but can o(erate at the
network or session
laer o, the 67I 'odel. Gatewas will start at the lower le%el and stri( in,or'ation
until it gets to the
re@uired le%el and re(ackage the in,or'ation and work its wa back toward the
hardware laer o, the
67I 'odel. To con,use issues! when talking about a router that is used to inter,ace
to another network!
the word gatewa is o,ten used. This does not 'ean the routing 'achine is a
gatewa as de+ned here!
although it could be. 3ddress $esolution Protocol
3ddress $esolution Protocol
3$P and $3$P 3ddress Translation
3ddress $esolution Protocol 43$P5 (ro%ides a co'(letel diFerent ,unction to the
network than $e%erse
3ddress $esolution Protocol 4$3$P5. 3$P is used to resol%e the ethernet address o, a
NIC ,ro' an IP
address in order to construct an ethernet (acket around an IP data (acket. This
'ust ha((en in order to
send an data across the network. $e%erse address resolution (rotocol 4$3$P5 is
used ,or diskless
co'(uters to deter'ine their IP address using the network.
3ddress $esolution Protocol 43$P5
In an earlier section! there was an e-a'(le where a chat (rogra' was written to
co''unicate between
two ser%ers. To send data! the user 4To'5 would t(e te-t into a dialog bo-! hit send
and the ,ollowing
ha((ened.
#. The (rogra' (assed To'Is t(ed te-t in a buFer! to the socket.
". The data was (ut inside a TCP data (acket with a TCP header added to the data.
This header
contained a source and destination (ort nu'ber along with so'e other in,or'ation
and a
checksu'.
3. The TCP (acket was be (laced inside an IP data (acket with a source and
destination IP address
along with so'e other data ,or network 'anage'ent.
&. The IP data (acket was (laced inside an ethernet data (acket. This data (acket
includes the
destination and source address o, the network inter,ace cards 4NIC5 on the two
co'(uters. The
address here is the hardware address o, the res(ecti%e cards and is called the 23C
address.
;. The ethernet (acket was trans'itted o%er the network line.
6. Aith a direct connection between the two co'(uters! the network inter,ace card
on the intended
'achine! recogniHed its address and grabbed the data.
=. The IP data (acket was e-tracted ,ro' the ethernet data (acket.
>. The TCP data (acket was e-tracted ,ro' the IP data (acket.
?. The data was e-tracted ,ro' the TCP (acket and the (rogra' dis(laed the
retrie%ed data 4te-t5 in
the te-t dis(la window ,or the intended reci(ient to read.
In ste( & abo%e! the IP data was going to be (laced inside an ethernet data (acket!
but the co'(uter
constructing the (acket does not ha%e the ethernet address o, the reci(ientIs
co'(uter. The co'(uter that
is sending the data! in order to create the ethernet (art o, the (acket! 'ust get the
ethernet hardware
423C5 address o, the co'(uter with the intended IP address. This 'ust be
acco'(lished be,ore the
ethernet (acket can be constructed. The ethernet de%ice dri%er so,tware on the
recei%ing co'(uter is not
(rogra''ed to look at IP addresses encased in the ethernet (acket. I, it did! the
(rotocols could not be
inde(endent and changes to one would aFect the other. This is where address
resolution (rotocol 43$P5 3ddress $esolution Protocol
is used. To'Is co'(uter sends a network broadcast asking the co'(uter that has
the reci(ientIs IP
address to send itIs ethernet address. This is done b broadcasting. The ethernet
destination is set with all
bits on so all ethernet cards on the network will recei%e the data (acket. The 3$P
'essage consists o, an
ethernet header and 3$P (acket. The ethernet header contains.
#. 3 6 bte ethernet destination address.
". 3 6 bte ethernet source address.
3. 3 " bte ,ra'e t(e. The ,ra'e t(e is 0>06 he-adeci'al ,or 3$P and >03; ,or
$3$P
The enca(sulated 3$P data (acket contains the ,ollowing.
#. T(e o, hardware address 4" btes5. #Pethernet.
". T(e o, (rotocol address being 'a((ed4 " btes5. 0>00B 4he-adeci'al5 P IP
address.
3. /te siHe o, the hardware address 4# bte5. 6
&. /te siHe o, the (rotocol address 4# bte5. &
;. T(e o, o(eration. # P 3$P re@uest! "P3$P re(l! 3P$3$P re@uest! &P$3$P
re(l.
6. The senderIs ethernet address 46 btes5
=. The senderIs IP address 4& btes5
>. The reci(ientIs ethernet address 46 btes5
?. The reci(ientIs IP address 4& btes5
Ahen the 3$P re(l is sent! the reci(ientIs ethernet address is le,t blank.
In order to increase the eEcienc o, the network and not tie u( bandwidth doing
3$P broadcasting! each
co'(uter kee(s a table o, IP addresses and 'atching ethernet addresses in
'e'or. This is called 3$P
cache. /e,ore sending a broadcast! the sending co'(uter will check to see i, the
in,or'ation is in itIs
3$P cache. I, it is it will co'(lete the ethernet data (acket without an 3$P
broadcast. 1ach entr
nor'all lasts "0 'inutes a,ter it is created. $FC ##"" s(eci+es that it should be
(ossible to con+gure
the 3$P cache ti'eout %alue on the host. To e-a'ine the cache on a Aindows!
:NI9! or 8inu-
co'(uter t(e <ar( 0a<.
I, the recei%ing host is on another network! the sending co'(uter will go through its
route table and
deter'ine the correct router 43 router should be between two or 'ore networks5 to
send to! and it will
substitute the ethernet address o, the router in the ethernet 'essage. The encased
IP address will still
ha%e the intended IP address. Ahen the router gets the 'essage! it looks at the IP
data to tell where to
send the data ne-t. I, the reci(ient is on a network the router is connected to! it will
do the 3$P
resolution either using itIs 3$P buFer cache or broadcasting.
$e%erse 3ddress $esolution Protocol 4$3$P5
3s 'entioned earlier! re%erse address resolution (rotocol 4$3$P5 is used ,or diskless
co'(uters to
deter'ine their IP address using the network. The $3$P 'essage ,or'at is %er
si'ilar to the 3$P 3ddress $esolution Protocol
,or'at. Ahen the booting co'(uter sends the broadcast 3$P re@uest! it (laces its
own hardware address
in both the sending and recei%ing +elds in the enca(sulated 3$P data (acket. The
$3$P ser%er will +ll
in the correct sending and recei%ing IP addresses in its res(onse to the 'essage.
This wa the booting
co'(uter will know its IP address when it gets the 'essage ,ro' the $3$P ser%er.
Network 3ddressing
Network 3ddressing
IP addresses are broken into & octets 4IP%&5 se(arated b dots called dotted deci'al
notation. 3n octet is
a bte consisting o, > bits. The IP%& addresses are in the ,ollowing ,or'.
#?".#6>.#0.#
There are two (arts o, an IP address.
l Network ID
l Bost ID
The %arious classes o, networks s(eci, additional or ,ewer octets to designate the
network ID %ersus the
host ID.
Class #st 6ctet "nd 6ctet 3rd 6ctet &th 6ctet
Net ID Bost ID
3
Net ID Bost ID
/
Net ID Bost ID
C
Ahen a network is set u(! a net'ask is also s(eci+ed. The net'ask deter'ines the
class o, the network
as shown below! e-ce(t ,or CID$. Ahen the net'ask is setu(! it s(eci+es so'e
nu'ber o, 'ost
signi+cant bits with a #Is %alue and the rest ha%e %alues o, 0. The 'ost signi+cant
(art o, the net'ask
with bits set to #Is s(eci+es the network address! and the lower (art o, the address
will s(eci, the host
address. Ahen setting addresses on a network! re'e'ber there can be no host
address o, 0 4no host
address bits set5! and there can be no host address with all bits set.
Class 301 networks
The addressing sche'e ,or class 3 through 1 networks is shown below. Note. Ae
use the I-I character
here to denote donIt care situations which includes all (ossible nu'bers at the
location. It is 'an ti'es
used to denote networks.
Network T(e 3ddress $ange Nor'al Net'ask Co''entsNetwork 3ddressing
Class 3 00#.-.-.- to #"6.-.-.- ";;.0.0.0 For %er large networks
Class / #">.#.-.- to #?#.";&.-.- ";;.";;.0.0 For 'ediu' siHe networks
Class C #?".0.#.- to ""3.";;.";&.- ";;.";;.";;.0 For s'all networks
Class D ""&.-.-.- to "3?.";;.";;.";; :sed to su((ort 'ulticasting
Class 1 "&0.-.-.- to "&=.";;.";;.";;
$FCs #;#> and #;#? de+ne a sste' called Classless Inter0Do'ain $outing 4CID$5
which is used to
allocate IP addresses 'ore eEcientl. This 'a be used with subnet 'asks to
establish networks rather
than the class sste' shown abo%e. 3 class C subnet 'a be > bits but using CID$!
it 'a be #" bits.
There are so'e network addresses reser%ed ,or (ri%ate use b the Internet
3ssigned Nu'bers 3uthorit
4I3N35 which can be hidden behind a co'(uter which uses IP 'as@uerading to
connect the (ri%ate
network to the internet. There are three sets o, addresses reser%ed. These address
are shown below.
l #0.-.-.-
l #=".#6.-.- 0 #=".3#.-.-
l #?".#6>.-.-
6ther reser%ed or co''onl used addresses.
l #"=.0.0.# 0 The loo(back inter,ace address. 3ll #"=.-.-.- addresses are used b
the loo(back
inter,ace which co(ies data ,ro' the trans'it buFer to the recei%e buFer o, the NIC
when used.
l 0.0.0.0 0 This is reser%ed ,or hosts that donIt know their address and use /66TP
or DBCP
(rotocols to deter'ine their addresses.
l ";; 0 The %alue o, ";; is ne%er used as an address ,or an (art o, the IP
address. It is reser%ed ,or
broadcast addressing. Please re'e'ber! this is e-clusi%e o, CID$. Ahen using CID$!
all bits o,
the address can ne%er be all ones.
To ,urther illustrate! a ,ew e-a'(les o, %alid and in%alid addresses are listed below.
#. Valid addresses.
' #0.#.0.# through #0.#.0.";&
' #0.0.0.# through #0.0.0.";&
' #0.0.#.# through #0.0.#.";&
". In%alid addresses.
' #0.#.0.0 0 Bost IP canIt be 0.
' #0.#.0.";; 0 Bost IP canIt be ";;.
' #0.#"3.";;.& 0 No network or subnet can ha%e a %alue o, ";;.
' 0.#".#6.>? 0 No Class 3 network can ha%e an address o, 0.
' ";;.?.;6.&; 0 No network address can be ";;.
' #0.3&.";;.# 0 No network address can be ";;. Network 3ddressing
Network)Net'ask s(eci+cation
7o'eti'es ou 'a see a network inter,ace card 4NIC5 IP address s(eci+ed in the
,ollowing 'anner.
#?".#6>.#.#)"&
The +rst (art indicates the IP address o, the NIC which is <#?".#6>.#.#< in this case.
The second (art
<)"&< indicates the net'ask %alue 'eaning in this case that the +rst "& bits o, the
net'ask are set. This
'akes the net'ask %alue ";;.";;.";;.0. I, the last (art o, the line abo%e were
<)#6<! the net'ask would
be ";;.";;.0.0.
7ubnet 'asks
7ubnetting is the (rocess o, breaking down a 'ain class 3! /! or C network into
subnets ,or routing
(ur(oses. 3 subnet 'ask is the sa'e basic thing as a net'ask with the onl real
diFerence being that ou
are breaking a larger organiHational network into s'aller (arts! and each s'aller
section will use a
diFerent set o, address nu'bers. This will allow network (ackets to be routed
between subnetworks.
Ahen doing subnetting! the nu'ber o, bits in the subnet 'ask deter'ine the
nu'ber o, a%ailable
subnets. Two to the (ower o, the nu'ber o, bits 'inus two is the nu'ber o,
a%ailable subnets. Ahen
setting u( subnets the ,ollowing 'ust be deter'ined.
l Nu'ber o, seg'ents
l Bosts (er seg'ent
7ubnetting (ro%ides the ,ollowing ad%antages.
l Network traEc isolation 0 There is less network traEc on each subnet.
l 7i'(li+ed 3d'inistration 0 Networks 'a be 'anaged inde(endentl.
l I'(ro%ed securit 0 7ubnets can isolate internal networks so the are not %isible
,ro' e-ternal
networks.
3 #& bit subnet 'ask on a class / network onl allows " node addresses ,or A3N
links. 3 routing
algorith' like 67PF or 1IG$P 'ust be used ,or this a((roach. These (rotocols allow
the %ariable length
subnet 'asks 4V8725. $IP and IG$P donIt su((ort this. 7ubnet 'ask in,or'ation
'ust be trans'itted
on the u(date (ackets ,or dna'ic routing (rotocols ,or this to work. The router
subnet 'ask is diFerent
than the A3N inter,ace subnet 'ask.
6ne network ID is re@uired b each o,.
l 7ubnet Network 3ddressing
l A3N connection
6ne host ID is re@uired b each o,.
l 1ach NIC on each host.
l 1ach router inter,ace.
T(es o, subnet 'asks.
l De,ault 0 Fits into a Class 3! /! or C network categor
l Custo' 0 :sed to break a de,ault network such as a Class 3! /! or C network into
subnets.
IP%6
IP%6 is #"> bits. It has eight octet (airs! each with #6 bits and written in
he-adeci'al as ,ollows.
"b63.#&=>.#ac;.3=e,.&e>c.=;d,.#&cd.?3,"
1-tension headers can be added to IP%6 ,or new ,eatures.
7u(ernetting
7u(ernetting is used to hel( 'ake u( ,or so'e o, the shortage i, IP addresses ,or
the internet. It uses
Classless Inter0Do'ain $outing 4CID$5. I, a business needs a s(eci+c nu'ber o, IP
addresses such as
#;00! rather than allocating a class / set o, addresses with the subnet 'ask o,
";;.";;.0.0! a subnet
'ask o, ";;.";;."&>.0 'a be allocated. There,ore the e@ui%alent o, eight class C
addresses ha%e been
allocated. Aith su(ernetting! the %alue o, " is not subtracted ,ro' the (ossible
nu'ber o, subnets since
the router knows that these are contiguous networks. > ti'es ";& P "03".
Ahat section o, this docu'ent to read ne-t
3t this (oint the reader should ha%e enough ,unda'ental knowledge to gras(
routing! so the reader 'a
continue on or ski( to the section entitled! <si'(le routing<. The reader 'a at this
ti'e read all the
sections in the <Functions< grou( o, sections! then continue back at the section a,ter
this one where ou
le,t oF. Internet Protocol
Internet Protocol
Internet Protocol 4IP5 (ro%ides su((ort at the network laer o, the 67I 'odel. 3ll
trans(ort (rotocol data
(ackets such as :DP or TCP are enca(sulated in IP data (ackets to be carried ,ro'
one host to another.
IP is a connection0less unreliable ser%ice 'eaning there is no guarantee that the
data will reach the
intended host. The datagra's 'a be da'aged u(on arri%al! out o, order! or not
arri%e at all 47ounds like
so'e 'ail ser%ices! doesnIt itJ5. There,ore the laers abo%e IP such as TCP are
res(onsible ,or being sure
correct data is deli%ered. IP (ro%ides ,or.
l 3ddressing.
l T(e o, ser%ice s(eci+cation.
l Frag'entation and re0asse'bl.
l 7ecurit.
IP 2essage For'at
IP is de+ned b $FC =?#.
#. Version 4& bits5 0 The IP (rotocol %ersion! currentl & or 6.
". Beader length 4& bits5 0 The nu'ber o, 3" bit words in the header
3. T(e o, ser%ice 4T675 4> bits5 0 6nl & bits are used which are 'ini'iHe dela!
'a-i'iHe
through(ut! 'a-i'iHe reliabilit! and 'ini'iHe 'onetar cost. 6nl one o, these
bits can be on. I,
all bits are oF! the ser%ice is nor'al. 7o'e networks allow a set (recedences to
control (riorit o,
'essages the bits are as ,ollows.
' /its 00" 0 Precedence.
n ### 0 Network Control
n ##0 0 Internetwork Control
n #0# 0 C$ITIC)1CP
n #00 0 Flash 6%erride
n 0## 0 Flash
n 0#0 0 I''ediate
n 00# 0 Priorit
n 000 0 $outine
' /it 3 0 3 %alue o, 0 'eans nor'al dela. 3 %alue o, # 'eans low dela.
' /it & 0 7ets through(ut. 3 %alue o, 0 'eans nor'al and a # 'eans high
through(ut.
' /it ; 0 3 %alue o, 0 'eans nor'al reliabilit and a # 'eans high reliabilit.
' /it 60= are reser%ed ,or ,uture use.
&. Total length o, the IP data 'essage in btes 4#6 bits5
;. Identi+cation 4#6 bits5 0 :ni@uel identi+es each datagra'. This is used to re0
asse'ble the
datagra'. 1ach ,rag'ent o, the datagra' contains this sa'e uni@ue nu'ber.
6. *ags 43 bits5 0 6ne bit is the 'ore ,rag'ents bit Internet Protocol
#. /it 0 0 reser%ed.
". /it # 0 The ,rag'ent bit. 3 %alue o, 0 'eans the (acket 'a be ,rag'ented while
a #
'eans it cannot be ,rag'ented. I, this %alue is set and the (acket needs ,urther
,rag'entation! an IC2P error 'essage is generated.
3. /it " 0 This %alue is set on all ,rag'ents e-ce(t the last one since a %alue o, 0
'eans this is
the last ,rag'ent.
=. Frag'ent oFset 4#3 bits5 0 The oFset in > bte units o, this ,rag'ent ,ro' the
beginning o, the
original datagra'.
>. Ti'e to li%e 4TT85 4> bits5 0 8i'its the nu'ber o, routers the datagra' can (ass
through. :suall
set to 3" or 6&. 1%er ti'e the datagra' (asses through a router this %alue is
decre'ented b a
%alue o, one or 'ore. This is to kee( the datagra' ,ro' circulating in an in+nite
loo( ,ore%er.
?. Protocol 4> bits5 0 It identi+es which (rotocol is enca(sulated in the ne-t data
area. This is 'a be
one or 'ore o, TCP465! :DP4#=5! IC2P4#5! IG2P4"5! or 67PF4>?5. 3 list o, these
(rotocols and
their associated nu'bers 'a be ,ound in the )etc)(rotocols +le on :ni- or 8inu-
sste's.
#0. Beader checksu' 4#6 bits5 0 For the IP header! not including the o(tions and
data.
##. 7ource IP address 43" bits5 0 The IP address o, the card sending the data.
#". Destination IP address 43" bits5 0 The IP address o, the network card the data is
intended ,or.
#3. 6(tions 0 6(tions are.
' 7ecurit and handling restrictions
' $ecord route 0 1ach router records its IP address
' Ti'e sta'( 0 1ach router records its IP address and ti'e
' 8oose source routing 0 7(eci+es a set o, IP addresses the datagra' 'ust go
through.
' 7trict source routing 0 The datagra' can go through onl the IP addresses
s(eci+ed.
#&. Data 0 1nca(sulated hardware data such as ethernet data.
The 'essage order o, bits trans'itted is 00=! then >0#;! in network bte order.
Frag'entation is handled
at the IP network laer and the 'essages are reasse'bled when the reach their
+nal destination. I, one
,rag'ent o, a datagra' is lost! the entire datagra' 'ust be retrans'itted. This is
wh ,rag'entation is
a%oided b TCP. The data on the last line! ite' #&! is ethernet data! or data
de(ending on the t(e o,
(hsical network. Trans'ission Control Protocol
Trans'ission Control Protocol
Trans'ission Control Protocol 4TCP5 su((orts the network at the trans(ort laer.
Trans'ission Control
Protocol 4TCP5 (ro%ides a reliable connection oriented ser%ice. Connection oriented
'eans both the
client and ser%er 'ust o(en the connection be,ore data is sent. TCP is de+ned b
$FC =?3 and ##"".
TCP (ro%ides.
l 1nd to end reliabilit.
l Data (acket re se@uencing.
l Flow control.
TCP relies on the IP ser%ice at the network laer to deli%er data to the host. 7ince IP
is not reliable with
regard to 'essage @ualit or deli%er! TCP 'ust 'ake (ro%isions to be sure
'essages are deli%ered on
ti'e and correctl 4Federal 1-(ressJ5.
TCP 2essage For'at
The ,or'at o, the TCP header is as ,ollows.
#. 7ource (ort nu'ber 4#6 bits5
". Destination (ort nu'ber 4#6 bits5
3. 7e@uence nu'ber 43" bits5 0 The bte in the data strea' that the +rst bte o,
this (acket
re(resents.
&. 3cknowledge'ent nu'ber 43" bits5 0 Contains the ne-t se@uence nu'ber that
the sender o, the
acknowledge'ent e-(ects to recei%e which is the se@uence nu'ber (lus # 4(lus the
nu'ber o,
btes recei%ed in the last 'essageJ5. This nu'ber is used onl i, the 3CN *ag is on.
;. Beader length 4& bits5 0 The length o, the header in 3" bit words! re@uired since
the o(tions +eld
is %ariable in length.
6. $eser%ed 46 bits5
=. :$G 4# bit5 0 The urgent (ointer is %alid.
>. 3CN 4# bit5 0 2akes the acknowledge'ent nu'ber %alid.
?. P7B 4# bit5 0 Bigh (riorit data ,or the a((lication.
#0. $7T 4# bit5 0 $eset the connection.
##. 7DN 4# bit5 0 Turned on when a connection is being established and the
se@uence nu'ber +eld
will contain the initial se@uence nu'ber chosen b this host ,or this connection.
#". FIN 4# bit5 0 The sender is done sending data.
#3. Aindow siHe 4#6 bits5 0 The 'a-i'u' nu'ber o, btes that the recei%er will to
acce(t.
#&. TCP checksu' 4#6 bits5 0 Calculated o%er the TCP header! data! and TCP (seudo
header.
#;. :rgent (ointer 4#6 bits5 0 It is onl %alid i, the :$G bit is set. The urgent 'ode is
a wa to
trans'it e'ergenc data to the other side o, the connection. It 'ust be added to
the se@uence
nu'ber +eld o, the seg'ent to generate the se@uence nu'ber o, the last bte o,
urgent data. Trans'ission Control Protocol
#6. 6(tions 4%ariable length5
The header is ,ollowed b data. TCP data is ,ull du(le-. :ser Datagra' Protocol
:ser Datagra' Protocol
:ser Datagra' Protocol 4:DP5 su((orts the network at the trans(ort laer. :ser
Datagra' Protocol
4:DP5 is an unreliable connection0less (rotocol and is de+ned b $FC =6> and ##"".
It is a datagra'
ser%ice. There is no guarantee that the data will reach its destination. :DP is 'eant
to (ro%ide seri%ce
with %er little trans'ission o%erhead. It adds %er little to IP data(ackets e-ce(t ,or
so'e error checking
and (ort direction 4$e'e'ber! :DP enca(sulates IP (ackets5. The ,ollowing
(rotocols or ser%ices use
:DP.
l DN7
l 7N2P
l /66TP
l TFTP
l NF7
l $PC
l $IP
:DP 2essage For'at
The :DP header includes.
#. 7ource (ort nu'ber 4#6 bits5 0 3n o(tional +eld
". Destination (ort nu'ber 4#6 bits5
3. :DP length 4#6 bits5
&. :DP checksu' 4#6 bits5
This is ,ollowed b data. The :DP checksu' includes :DP data! not Cust the header
as with IP 'essage
,or'ats. For :DP and TCP checksu' calculation a #" bte (seudo header is
included which contains
so'e +elds ,or' the IP 'essage header. This header is not trans'itted as (art o,
:DP or TCP! but is
onl used to hel( co'(ute the checksu' as a 'eans o, being sure that the data
has arri%ed at the correct
IP address. This is the TCP):DP (seudo header.
#. 7ource IP address 43" bits5
". Destination IP address 43" bits5
3. blank +ller405 4> bits5
&. Protocol 4> bits5
;. :DP length 4#6 bits5 Internet Control 2essage Protocol
Internet Control 2essage Protocol
Internet Control 2essage Protocol 4IC2P5 de+ned b $FC =?" and $FC ##"" is used
,or network error
re(orting and generating 'essages that re@uire attention. The errors re(orted b
IC2P are generall
related to datagra' (rocessing. IC2P onl re(orts errors in%ol%ing ,rag'ent 0 o,
an ,rag'ented
datagra's. The IP! :DP or TCP laer will usuall take action based on IC2P
'essages. IC2P generall
belongs to the IP laer o, TCP)IP but relies on IP ,or su((ort at the network laer.
IC2P 'essages are
enca(sulated inside IP datagra's.
IC2P will re(ort the ,ollowing network in,or'ation.
l Ti'eouts
l Network congestion
l Network errors such as an unreachable host or network.
The (ing co''and is also su((orted b IC2P! and this can be used to debug
network (roble's.
IC2P 2essages.
The IC2P 'essage consists o, an > bit t(e! an > bit code! an > bit checksu'! and
contents which %ar
de(ending on code and t(e. The below table is a list o, IC2P 'essages showing
the t(e and code o,
the 'essages and their 'eanings.
T(e Codes Descri(tion Pur(ose
0 0 1cho re(l Quer
3 0 Network :nreachable 1rror
3 # Bost :nreachable 1rror
3 " Protocol :nreachable 1rror
3 3 Protocol :nreachable 1rror
3 & Frag'entation needed with donIt ,rag'ent bit set 1rror
3 ; 7ource route ,ailed 1rror
3 6 Destination network unknown 1rror
3 = Destination host unknown 1rror
3 > 7ource host isolated 1rror
3 ? Destination network ad'inistrati%el (rohibited 1rror
3 #0 Destination host ad'inistrati%el (rohibited 1rror
3 ## Network :nreachable ,or T67 1rrorInternet Control 2essage Protocol
3 #" Bost :nreachable ,or T67 1rror
3 #3 Co''unication ad'inistrati%el (rohibited b +ltering 1rror
3 #& Bost (recedence %iolation 1rror
3 #; Precedence cutoF in eFect 1rror
& 0 7ource @uench 1rror
; 0 $edirect ,or network 1rror
; # $edirect ,or host 1rror
; " $edirect ,or t(e o, ser%ice and network 1rror
; 3 $edirect ,or t(e o, ser%ice and host 1rror
> 0 1cho re@uest Quer
? 0 Nor'al router ad%ertise'ent Quer
? #6 $outer does not route co''on traEc Quer
#0 0 $outer 7olicitation Quer
## 0 Ti'e to li%e is Hero during transit 1rror
## # Ti'e to li%e is Hero during reasse'bl 1rror
#" 0 IP header bad 1rror
#" # $e@uired o(tion 'issing 1rror
#" " /ad length 1rror
#3 0 Ti'esta'( re@uest Quer
#& 0 Ti'esta'( re(l Quer
#; 0 In,or'ation re@uest Quer
#6 0 In,or'ation re(l Quer
#= 0 3ddress 'ask re@uest Quer
#> 0 3ddress 'ask re@uest Quer
IC2P is used ,or 'an diFerent ,unctions! the 'ost i'(ortant o, which is error
re(orting. 7o'e o, these
are <(ort unreachable<! <host unreachable<! <network unreachable<! <destination
network unknown<! and
<destination host unknown<. 7o'e not related to errors are.
l Ti'esta'( re@uest and re(l allows one sste' to ask another one ,or the
current ti'e.
l 3ddress 'ask and re(l is used b a diskless workstation to get its subnet 'ask
at boot ti'e.
l 1cho re@uest and echo re(l is used b the (ing (rogra' to test to see i,
another unit will res(ond. Network Cabling
Network Cabling
This section 'a be ski((ed b those 'ore interested on the so,tware as(ects o,
networking or those
learning networking! but all readers should at so'e ti'e be aware o, the
ter'inolog used in this section
since the are used with regard to cabling. I, this section is ski((ed b those
learning networking! it
should be read later. This section should be read b those who (lan to (hsicall
install their own
network.
T(es o, Trans'ission
#. /aseband 0 Data bits are de+ned b discrete signal changes.
". /roadband 0 :ses analog signals to di%ide the cable into se%eral channels with
each channel at its
own ,re@uenc. 1ach channel can onl trans'it one direction.
Phsical 'edia
#. Twisted (air 0 Aire is twisted to 'ini'iHe crosstalk inter,erence. It 'a be
shielded or
unshielded.
' :TP0:nshielded Twisted Pair. Nor'all :TP contains > wires or & (air. #00
'eter
'a-i'u' length. &0#00 2b(s s(eed.
' 7TP07hielded twisted (air. #00 'eter 'a-i'u' length. #60#;; 2b(s s(eed.
8ower
electrical inter,erence than :TP.
". Coa-ial 0 Two conductors se(arated b insulation such as TV =; oh' cable.
2a-i'u' length o,
#>; to ;00 'eters.
#. Thinnet 0 Thinnet uses a /ritish Na%al Connector 4/NC5 on each end. Thinnet is
(art o,
the $G0;> ,a'il o, cableL. 2a-i'u' cable length is #>; 'eters. Trans'ission
s(eed is
#02b(s. Thinnet cable should ha%e ;0 oh's i'(edance and its ter'inator has ;0
oh's
i'(edance. 3 T or barrel connector has no i'(edance.
". Thicknet 0 Bal, inch rigid cable. 2a-i'u' cable length is ;00 'eters.
Trans'ission s(eed
is #02b(s. 1-(ensi%e and is not co''onl used. 4$G0## or $G0>5. 3 %a'(ire ta( or
(iercing ta( is used with a transcei%er attached to connect co'(uters to the cable.
#00
connections 'a be 'ade. The co'(uter has an attach'ent unit inter,ace 43:I5 on
its
network card which is a #; (in D/0#; connector. The co'(uter is connected to the
transcei%er at the cable ,ro' its 3:I on its network card using a dro( cable.
Coa- cable t(es.
' $G0;> ): 0 ;0 oh'! with a solid co((er wire core.
' $G0;> 3):L 0 ;0 oh'! with a stranded wire core.
' $G0;> C):L 0 2ilitar %ersion o, $G0;> 3):.
' $G0;? 0 =; oh'! ,or broadband trans'ission such as cable TV.
' $G06" 0 ?3 oh'! (ri'aril used ,or 3rcNet.
' $G06 0 :sed ,or satellite cable 4i, ou want to run a cable to a satelliteK5.
Network Cabling
L6nl these are (art o, the I111 s(eci+cation ,or ethernet networks.
3. Fiber0o(tic 0 Data is trans'itted using light rather than electrons. :suall there
are two +bers! one
,or each direction. Cable length o, " Nilo'eters. 7(eed ,ro' #002b(s to "Gb(s. This
is the 'ost
e-(ensi%e and 'ost diEcult to install! but is not subCect to inter,erence. Two t(es
o, cables are.
#. 7ingle 'ode cables ,or use with lasers.
". 2ulti'ode cables ,or use with 8ight 1'itting Diode 481D5 dri%ers.
Cable 7tandards
The 1lectronic Industries 3ssociation and Teleco''unications Industries 3ssociation
41I3)TI35
de+ned a standard called 1I3)TI3 ;6> which is a co''ercial building wiring
standard ,or :TP cable. It
de+nes trans'ission s(eed and twists (er ,oot.
Categor 7(eed Notes
# None :sed ,or old tele(hone sste's
" &2(s
3 #02(s The 'ini'u' categor ,or data networks
& #62(s
; #002(s Cat ; network cable! used b 'ost networks toda
6 Data (atch! Two (air with ,oil and braided shield
= :nde+ned
> Flat cable ,or under car(ets with two twisted (air
? Plenu' cable with two twisted (air. It is sa,e i, ouIre ha%ing a +re.
The 'a-i'u' trans'ission length is #00 'eters. This cable is susce(tible to
inter,erence.
7TP
7hielded twisted (air has a 'a-i'u' cable length o, #00 'eters 43"> ,eet5. Data
rate ,ro' #6 to #;;
2b(s. Cables re@uire s(ecial connectors ,or grounding but this cabling 'ethod
resists electrical
inter,erence and is less susce(tible to ea%esdro((ing. Costs 'ore than :TP or
Thinnet! but not as 'uch
as Thicknet or Fiber0o(tic.
Ter's
l 3ttenuation 0 7ignal loss due to i'(edance.
l /andwidth 0 Indicates the a'ount o, data that can be sent in a ti'e (eriod.
2easured in 2b(s
which is one 'illion bits (er second.
l I'(edance 0 The a'ount o, resistance to the trans'ission de%ice. Network
Cabling
l Inter,erence 0 1lectro'agnetic Inter,erence 412I5. Crosstalk 0 Ahen wires (ick u(
electro'agnetic signals ,ro' nearb wires also carring signals.
l Plenu' 0 7(ace abo%e a ,alse ceiling in an oEce area where heat ducts and
cables 'a be run.
Plenu' cabling is s(ecial +re resistant cabling re@uired ,or use in these areas due to
+re haHards.
l 7hielding 0 :sed to 'ini'iHe inter,erence. TAireless Networking
Aireless Networking
This section 'a be ski((ed b all readers and used b those interested in wireless
network technolog.
Trans'ission o, wa%es take (lace in the electro'agnetic 4125 s(ectru'. The carrier
,re@uenc o, the
data is e-(ressed in ccles (er second called hertH4BH5. 8ow ,re@uenc signals can
tra%el ,or long
distances through 'an obstacles but can not carr a high bandwidth o, data. Bigh
,re@uenc signals can
tra%el ,or shorter distances through ,ew obstacles and carr a narrow bandwidth.
3lso the eFect o, noise
on the signal is in%ersel (ro(ortional to the (ower o, the radio trans'itter! which is
nor'al ,or all F2
trans'issions. The three broad categories o, wireless 'edia are.
#. $adio 0 #0 NhH to # GhH. It is broken into 'an bands including 32! F2! and VBF
bands. The
Federal co''unications Co''ission 4FCC5 regulates the assign'ent o, these
,re@uencies.
Fre@uencies ,or unregulated use are.
' ?0"0?">2hH 0 Cordless (hones! re'ote controls.
' ".& GhH
' ;.="0;.>; GhH
". 2icrowa%e
' Terrestrial 0 :sed to link networks o%er long distances but the two 'icrowa%e
towers 'ust
ha%e a line o, sight between the'. The ,re@uenc is usuall &06GBH or "#0"3GBH.
7(eed
is o,ten #0#02b(s. The signal is nor'all encr(ted ,or (ri%ac.
' 7atellite 0 3 satellite orbits at ""!300 'iles abo%e the earth which is an altitude
that will
cause it to sta in a +-ed (osition relati%e to the rotation o, the earth. This is called
a
geosnchronous orbit. 3 station on the ground will send and recei%e signals ,ro'
the
satellite. The signal can ha%e (ro(agation delas between 0.; and ; seconds due to
the
distances in%ol%ed. The trans'ission ,re@uenc is nor'all ##0#&GBH with a
trans'ission
s(eed in the range o, #0#02b(s.
3. In,ared 0 In,ared is Cust below the %isible range o, light between #00GhH and
#000ThH. 3 light
e'itting diode 481D5 or laser is used to trans'it the signal. The signal cannot tra%el
through
obCects. 8ight 'a inter,ere with the signal. The t(es o, in,ared are
' Point to (oint 0 Trans'ission ,re@uencies are #00GBH0#!000TBH . Trans'ission
is
between two (oints and is li'ited to line o, sight range. It is diEcult to ea%esdro(
on the
trans'ission.
' broadcast 0 The signal is dis(ersed so se%eral units 'a recei%e the signal. The
unit used to
dis(erse the signal 'a be re*ecti%e 'aterial or a trans'itter that a'(li+es and
retrans'its the signal. Nor'all the s(eed is li'ited to #2b(s. The trans'ission
,re@uenc
is nor'all #00GBH0#!000TBH with trans'ission distance in #0Is o, 'eters.
Installation is
eas and cost is relati%el ine-(ensi%e ,or wireless.
Ter's.
l 32P7 0 3d%anced 2obile Phone 7er%ice is analog cellular (hone ser%ice.
TAireless Networking
l CD23 0 Code di%ision 'ulti(le access allows trans'ission o, %oice and data o%er
a shared (art
o, radio ,re@uencies. This is also called s(read s(ectru'.
l CDPD 0 Cellular Digital Packet Data will allow network connections ,or 'obile
users using
satellites.
l cellular 0 3n >00 2hH band ,or 'obile (hone ser%ice.
l D032P7 0 Digital 32P7 using TD23 to di%ide the channels into three channels.
l FD23 0 Fre@uenc Di%ision 2ulti(le 3ccess di%ides the cellular network into
30NhH channels.
l G72 0 Global 7ste' ,or 2obile Co''unications.
l BD28 0 Bandheld De%ice 2arku( 8anguage is a %ersion o, BT28 onl allowing
te-t to be
dis(laed.
l 2D/7 0 2obile Data /ase 7tation re%iews all cellular channels at cellular sites.
l PC7 0 Personal co''unications 7er%ice is a #.? GhH band.
l TD23 0 Ti'e Di%ision 2ulti(le 3ccess uses ti'e di%ision 'ulti(le-ing to di%ide
each cellular
channel into three sub channels to ser%ice three users at a ti'e.
l wireless bridge 0 2icrowa%e or in,ared is used between two line o, site (oints
where it is diEcult
to run wire.
l A28 0 Aireless 'arku( language is another na'e ,or BD28.
Categories o, 83N $adio Co''unications
l 8ow (ower! single ,re@uenc 0 Distance in #0s o, 'eters. 7(eed in #0#02b(s.
7usce(tible to
inter,erence and ea%esdro((ing.
l Bigh (ower! single ,re@uenc 0 $e@uire FCC licensing and high (ower
trans'itter. 7(eed in #0
#02b(s. 7usce(tible to inter,erence and ea%esdro((ing.
l 7(read s(ectru' 0 It uses se%eral ,re@uencies at the sa'e ti'e. The ,re@uenc
is nor'all ?0"0
?">2BH with so'e networks at ".&GBH. The s(eed o, ?0"2BH sste's is between "
and 62b(s.
I, ,re@uenc0ho((ing is used! the s(eed is nor'all lower than "2b(s. Two t(es
are.
#. Direct se@uence 'odulation 0 The data is broken into (arts and trans'itted
si'ultaneousl
on 'ulti(le ,re@uencies. Deco data 'a be trans'itted ,or better securit. The
s(eed is
nor'all " to 6 2b(s.
". Fre@uenc ho((ing 0 The trans'itter and recei%er change (redeter'ined
,re@uencies at the
sa'e ti'e 4in a snchroniHed 'anner5. The s(eed is nor'all #Gb(s. Network A3N
Connections
Network A3N Connections
Three o(tions ,or connecting o%er a tele(hone ser%ice.
l Dial0u( connections.
l Integrated 7er%ices Digital Network4I7DN5 0 3 'ethod o, sending %oice and data
in,or'ation on
a digital (hone line.
' /asic I7DN 0 Two 6&Nb(s /0channels with one #6Nb(s D channel is (ro%ided.
The D0
channel is used ,or call control and setu(. /asic I7DN can (ro%ide #">Nb(s s(eed
ca(abilit.
' Pri'ar I7DN 0 "3 /0channels and one D channel is (ro%ided.
l 8eased 8ines 0 This in%ol%es the leasing o, a (er'anent tele(hone line between
two locations.
$e'ote Co''unication Protocols
l 7erial 8ine Internet Protocol 478IP5 0 3llows co'(uters to connect to the internet
with a 'ode'.
No error checking or data co'(ression is su((orted. 6nl the TCP)IP (rotocols are
su((orted.
l Point to Point Protocol 4PPP5 0 Pro%ides error checking and data co'(ression.
3lso su((orts
'ulti(le network (rotocols such IP9)7P9 and Net/1:I in addition to TCP)IP. 7u((orts
dna'ic
allocation o, IP addresses.
$e'ote 3ccess 7er%ice
$e'ote 3ccess 7er%ice 4$375 with Aindows NT allows users connecting to the
network using a 'ode'
to use network resources. $37 'a be called dial u( networking 4D:N5 de(ending
on the %ersion o,
Aindows ou are using. The NT $37 ser%er can handle ";6 connections. Aindows
NT $37 ser%ers
(ro%ide the ,ollowing securit ,eatures.
#. :ser account securit
". 1ncr(tion between the D:N 4dial u( networking5 client and the ser%er
3. Callback ca(abilit
The client so,tware is called Dial u( networking 4D:N5 in windows NT& and
Aindows?;. For NT 3.;#
and Aindows 3.# it is called a $37 client. These clients 'a be used to connect to
the internet through
an internet ser%ice (ro%ider 4I7P5. 1thernet
1thernet
The I111 >0".3 standard de+nes ethernet at the (hsical and data link laers o, the
67I network 'odel. 2ost
ethernet sste's use the ,ollowing.
l Carrier0sense 'ulti(le0access with collision detection 4C723)CD5 ,or controlling
access to the network
'edia.
l :se baseband broadcasts
l 3 'ethod ,or (acking data into data (ackets called ,ra'es
l Trans'it at #02b(s! #002b(s! and #Gb(s.
T(es o, 1thernet
l #0/ase; 0 :ses Thicknet coa-ial cable which re@uires a transcei%er with a
%a'(ire ta( to connect each
co'(uter. There is a dro( cable ,ro' the transcei%er to the 3ttach'ent :nit
Inter,ace 43I:5. The 3I:
'a be a DI9 (ort on the network card. There is a transcei%er ,or each network card
on the network. This
t(e o, ethernet is subCect to the ;0&03 rule 'eaning there can be ; network
seg'ents with & re(eaters! and
three o, the seg'ents can be connected to co'(uters. It uses bus to(olog.
2a-i'u' seg'ent length is
;00 2eters with the 'a-i'u' o%erall length at ";00 'eters. 2ini'u' length
between nodes is ".;
'eters. 2a-i'u' nodes (er seg'ent is #00.
l #0/ase" 0 :ses Thinnet coa-ial cable. :ses a /NC connector and bus to(olog
re@uiring a ter'inator at
each end o, the cable. The cable used is $G0;>3): or $G0;>C): with an i'(edance
o, ;0 oh's. $G0;>:
is not acce(table. :ses the ;0&03 rule 'eaning there can be ; network seg'ents
with & re(eaters! and three
o, the seg'ents can be connected to co'(uters. The 'a-i'u' length o, one
seg'ent is #>; 'eters.
/arrel connectors can be used to link s'aller (ieces o, cable on each seg'ent! but
each barrel connector
reduces signal @ualit. 2ini'u' length between nodes is 0.; 'eters.
l #0/aseT 0 :ses :nshielded twisted (air 4:TP5 cable. :ses star to(olog. 7hielded
twisted (air 47TP5 is
not (art o, the #0/aseT s(eci+cation. Not subCect to the ;0&03 rule. The can use
categor 3! &! or ; cable!
but (er,or' best with categor ; cable. Categor 3 is the 'ini'u'. $e@uire onl "
(airs o, wire. Cables
in ceilings and walls 'ust be (lenu' rated. 2a-i'u' seg'ent length is #00
'eters. 2ini'u' length
between nodes is ".; 'eters. 2a-i'u' nu'ber o, connected seg'ents is #0"&.
2a-i'u' nu'ber o,
nodes (er seg'ent is # 4star to(olog5. :ses $R0&; connectors.
l #0/aseF 0 :ses Fiber 6(tic cable. Can ha%e u( to #0"& network nodes.
2a-i'u' seg'ent length is "000
'eters. :ses s(ecialiHed connectors ,or +ber o(tic. Includes three categories.
' #0/aseF8 0 :sed to link co'(uters in a 83N en%iron'ent! which is not
co''onl done due to
high cost.
' #0/aseFP 0 :sed to link co'(uters with (assi%e hubs to get cable distances u(
to ;00 'eters.
' #0/aseF/ 0 :sed as a backbone between hubs.
l #00/aseT 0 3lso known as ,ast ethernet. :ses $R0&; connectors. To(olog is star.
:ses C723)CD 'edia
access. 2ini'u' length between nodes is ".; 'eters. 2a-i'u' nu'ber o,
connected seg'ents is #0"&.
2a-i'u' nu'ber o, nodes (er seg'ent is # 4star to(olog5. I111>0".3
s(eci+cation.
' #00/aseT9 0 $e@uires categor ; two (air cable. 2a-i'u' distance is #00
'eters.
' #00/aseT& 0 $e@uires categor 3 cable with & (air. 2a-i'u' distance is #00
'eters.
' #00/aseF9 0 Can use +ber o(tic to trans'it u( to "000 'eters. $e@uires two
strands o, +ber o(tic
cable. 1thernet
l #00VG03n83N 0 $e@uires categor 3 cable with & (air. 2a-i'u' distance is
#00 'eters with cat 3 or &
cable. Can reach #;0 'eters with cat ; cable. Can use +ber o(tic to trans'it u( to
"000 'eters. This
ethernet t(e su((orts trans'ission o, Token0$ing network (ackets in addition to
ethernet (ackets. I111
>0".#" s(eci+cation. :ses de'and0(riorit 'edia access control. The to(olog is
star. It uses a series o,
interlinked cascading hubs. :ses $R0&; connectors.
The I111 na'ing con%ention is as ,ollows.
#. The trans'ission s(eed in 2b(s
". /aseband 4base5 or /roadband data trans'ission
3. The 'a-i'u' distance a network seg'ent could co%er in hundreds o, 'eters.
Co'(arisons o, so'e ethernet t(es. distances are in 'eters.
1thernet T(e Cable 2in length between nodes 2a- 7eg'ent length 2a- o%erall
length
#0/ase" Thinnet 0.; #>; ?";
#0/ase; Thicknet ".; ;00 ";00
#0/aseF Fiber "000
#0/aseT :TP ".; #00
T(es o, ethernet ,ra'es
l 1thernet >0"." 0 These ,ra'es contain +elds si'ilar to the ethernet >0".3
,ra'es with the addition o, three
8ogical 8ink Control 488C5 +elds. No%ell NetAare &.- networks use it.
l 1thernet >0".3 0 It is 'ainl used in No%ell NetAare ".- and 3.- networks. The
,ra'e t(e was de%elo(ed
(rior to co'(letion o, the I111 >0".3 s(eci+cation and 'a not work in all ethernet
en%iron'ents.
l 1thernet II 0 This ,ra'e t(e co'bines the >0".3 (rea'ble and 7FD +elds and
include a (rotocol t(e
+eld where the >0".3 ,ra'e contained a length +eld. TCP)IP networks and networks
that use 'ulti(le
(rotocols nor'all use this t(e o, ,ra'es.
l 1thernet 7N3P 0 This ,ra'e t(e builds on the >0"." ,ra'e t(e b adding a
t(e +eld indicating what
network (rotocol is being used to send data. This ,ra'e t(e is 'ainl used in
3((leTalk networks.
The (acket siHe o, all the abo%e ,ra'e t(es is between 6& and #!;#> btes.
1thernet 2essage For'ats
The ethernet data ,or'at is de+ned b $FC >?& and #0&". The addresses s(eci+ed
in the ethernet (rotocol are &>
bit addresses. 1thernet
The t(es o, data (assed in the t(e +eld are as ,ollows.
#. 0>00 IP Datagra'
". 0>06 3$P re@uest)re(l
3. >03; $3$P re@uest)re(l
There is a 'a-i'u' siHe o, each data (acket ,or the ethernet (rotocol. This siHe is
called the 'a-i'u'
trans'ission unit 42T:5. Ahat this 'eans is that so'eti'es (ackets 'a be broken
u( as the are (assed
through networks with 2T:s o, %arious siHes. 78IP and PPP (rotocols will nor'all
ha%e a s'aller 2T: %alue
than ethernet. This docu'ent does not describe serial line inter,ace (rotocol 478IP5
or (oint to (oint (rotocol
4PPP5 enca(sulation. Token $ing
Token $ing
De%elo(ed b I/2 is standardiHed to I111 >0".;. It uses a star to(olog! but it is
wired so the signal will tra%el
,ro' hub to hub in a logical ring. These networks use a data token (assed ,ro'
co'(uter to co'(uter around the
ring to allow each co'(uter to ha%e network access. The token co'es ,ro' the
nearest acti%e u(strea' neighbor
4N3:N5. Ahen a co'(uter recei%es a token! i, it has no attached data and the
co'(uter has data ,or
trans'ission! it attaches its data to the token then sends it to its nearest acti%e
downstrea' neighbor 4N3DN5.
1ach co'(uter downstrea' will (ass the data on since the token is being used until
the data reaches its reci(ient.
The reci(ient will set two bits to indicate it recei%ed the data and trans'it the token
and data. Ahen the co'(uter
that sent the data recei%es the (ackage! it can %eri, that the data was recei%ed
correctl. It will re'o%e the data
,ro' the token and (ass the token to its N3DN.
Characteristics
2a-i'u' cable length is &; 'eters when :TP cable is used and #0# 'eters when
7TP is used. To(olog is star0
wired ring. It uses t(e # 7TP and t(e 3 :TP. Connectors are $R0&; or I/2 t(e 3.
2ini'u' length between
nodes is ".; 'eters. 2a-i'u' nu'ber o, hubs or seg'ents is 33. 2a-i'u' nodes
(er network is =" nodes with
:TP and "60 nodes with 7TP. 7(eed is & or #6 2(s. Data ,ra'es 'a be &!000 to
#=!>00 btes long.
Bubs
3 token ring network uses a 'ultistation access unit 423:5 as a hub. It 'a also be
known as a 7'art
2ultistation 3ccess :nit 4723:5. 3 23: nor'all has ten (orts. Two (orts are $ing
In 4$I5 and $ing 6ut
4$65 which allow 'ulti(le 23:s to be linked to each other. The other > (orts are
used to connect to co'(uters. Token $ing
Cables
:TP or 7TP cabling is used as a 'edia ,or token ring networks. Token $ing uses an
I/2 cabling sste' based
on 3'erican Aire Gauge 43AG5 standards that s(eci, wire dia'eters. The larger
the 3AG nu'ber! the s'all
dia'eter the cable has.
Token ring networks nor'all use t(e #! t(e 3 or regular :TP like cable used on
ethernet installations. I,
electrical inter,erence is a (roble'! the t(e # cable is a better choice. Cable t(es.
T(e Descri(tion
#
Two "" 3AG solid core (air o, 7TP cable with a braided shield. This cable is nor'all
used between
23:s and co'(uters.
" Two "" 3AG solid core (air with ,our "6 3AG solid core o, 7TP cable.
3 Four "" or "& 3AG :TP cable. This is %oice0grade cable and cannot trans'it at a
rate abo%e &2b(s.
& :nde+ned.Token $ing
; Fiber0o(tic cable. :suall used to link 23:s.
6
Two "6 3AG stranded core (air o, 7TP cable with a braided shield. The stranded0
core allows 'ore
*e-ibilit but li'its the trans'ission distance to two0thirds that o, t(e #.
= :nde+ned.
> T(e 6 cable with a *at casing to be used under car(ets.
? T(e 6 cable with (lenu'0rating ,or sa,et.
/eaconing
The +rst co'(uter turned on on a token ring will be the acti%e 'onitor. 1%er se%en
seconds it sends a ,ra'e to
its nearest acti%e downstrea' neighbor. The data gi%es the address o, the acti%e
'onitor and ad%ertised the ,act
that the u(strea' neighbor is the acti%e 'onitor. That station changes the (ackets
u(strea' address and sends it
to its nearest acti%e downstrea' neighbor. Ahen the (acket has tra%eled around
the ring! all stations know the
address o, their u(strea' neighbor and the acti%e 'onitor knows the state o, the
network. I, a co'(uter has not
heard ,ro' its u(strea' neighbor a,ter se%en seconds! it will send a (acket that
announces its own address! and
the N3:N that is not res(onding. This (acket will cause all co'(uters to check their
con+guration. The ring can
thereb route around the (roble' area gi%ing so'e ,ault tolerance to the network.
3$Cnet Network
3$Cnet Network
3$Cnet 43ttached $esource Co'(uter Network5
4C$5
To(olog is star and bus or a 'i-ture. Cable t(e is $G06" 3): coa-ial 4?3 oh'5!
:TP or +ber0o(tic. 3
network can use an co'bination o, this 'edia. Connectors used include /NC! $R0
&;! and others. It
(asses tokens (assing ,or 'edia access. 2a-i'u' seg'ent length is 600 'eters
with $G06" 3):! #"#
'eters with :TP! 3&>; 'eters with +ber0o(tic! and 30 'eters ,ro' a (assi%e hub.
The s(eci+cation is
3N7I >=>.#. It can ha%e u( to ";; nodes (er network. The s(eed is ".; 2b(s.
3$Cnet Plus has o(erating
s(eeds a((roaching "02b(s.
7ignals are broadcast across the entire network with co'(uters (rocessing onl
signals addressed to
the'. 3$Cnet tokens tra%el based on a station identi+er 47ID5 which each co'(uter
has. 1ach network
card has a DIP switch used to set the 7ID with an address between # and ";;.
7ignals are generall sent
,ro' the lowest nu'bered station to the ne-t until the wra( around back to 7ID o,
#. To deter'ine non0
e-istent stations! the station with the lowest ID indicates it has the token and begins
@uering IDs o,
higher %alue until it gets a res(onse. Then the ne-t co'(uter does the sa'e until
the original station is
@ueried. This (rocedure is done when a station is added or re'o%ed ,ro' the
network or when the
network is originall started. Bow does the network know when a station has been
added or re'o%edJ
Bow is the lowest nu'bered 7ID identi+edJ 3ddresses assign'ent is based on
(ro-i'it! which hel(s
the network o(erate 'ore eEcientl.
The acron' 7ID is used ,or a station identi+er with regard to 3$Cnet! but as used
in the Aindows NT
and Aindows ?; o(erating sste's! it re,ers to the securit identi+cation nu'ber o,
a user or grou(. 3((leTalk Network
3((leTalk Network
To(olog is bus. Cable t(e is 7TP. The connectors are s(ecialiHed. The 'edia
access 'ethod is
C723)C3 . 2a-i'u' seg'ent and network length is 300 'eters. The 'a-i'u'
nu'ber o, connected
seg'ents is >. There are 3" 'a-i'u' nodes (er seg'ent with ";& 'a-i'u'
nu'ber o, nodes (er
network. 7(eed is "30.&Nb(s. The cabling sste' used with 3((leTalk is called
8ocalTalk.
3ddressing
3ddressing is dna'ic with each co'(uter! when (owered on! choosing its last
used address or a rando'
address. The co'(uter broadcasts that address to deter'ine i, the address is used.
I, it is used! it will
broadcast another rando' address until it +nds an unused address.
1therTalk and TokenTalk (ro%ide ,or use o, 3((leTalk network (rotocols on to( o,
ethernet and token
ring architectures res(ecti%el.
8ocalTalk
8ocalTalk uses 7TP cable and bus to(olog. :sing C723)C3 ,or 'edia access!
co'(uters will +rst
deter'ine i, an other co'(uters are trans'itting! be,ore the trans'it. 3 (acket is
trans'itted (rior to
trans'itting that alerts other co'(uters that a trans'ission will be sent. :suall
8ocalTalk is onl used
in s'all en%iron'ents. FDDI
FDDI
Fiber Distributed Data Inter,ace 4FDDI5
7tandard is 3N7I 93T?.; . To(olog is ring with two counter rotating rings ,or
reliabilit with no
hubs. Cable t(e is +ber0o(tic. Connectors are s(ecialiHed. The 'edia access
'ethod is token (assing.
The 'a-i'u' length is #00 kilo'eters. The 'a-i'u' nu'ber o, nodes on the
network is ;00. 7(eed is
#00 2b(s. FDDI is nor'all used as a backbone to link other networks. 3 t(ical
FDDI network can
include ser%ers! concentrators! and links to other networks.
De%ices called concentrators (ro%ide ,unctions si'ilar to hubs. 2ost concentrators
use dual attach'ent
station network cards but single attach'ent concentrators 'a be used to attach
'ore workstations to the
network.
FDDI token (assing allows 'ulti(le ,ra'es to circulate around the ring at the sa'e
ti'e. Priorit le%els
o, a data ,ra'e and token can be set to allow ser%ers to send 'ore data ,ra'es.
Ti'e sensiti%e data 'a
also be gi%en higher (riorit. The second ring in a FDDI network is a 'ethod o,
adCusting when there are
breaks in the cable. The (ri'ar ring is nor'all used! but i, the nearest
downstrea' neighbor sto(s
res(onding the data is sent on the secondar ring in atte'(t to reach the co'(uter.
There,ore a break in
the cable will result in the secondar ring being used. There are two network cards
which are.
#. Dual attach'ent stations 4D375 used ,or ser%ers and concentrators are attached
to both rings.
". 7ingle 3ttach'ent stations 47375 attached to one ring and used to attach
workstations to
concentrators.
3 router or switch can link an FDDI network to a local area network 483N5. Nor'all
FDDI is used to
link 83Ns together since it co%ers long distances. IP9)7P9
IP9)7P9
IP9)7P9 is a routable (rotocol and can be used ,or s'all and large networks. The
,ollowing (rotocols
are (art o, the IP9)7P9 suite.
l 73P 0 7er%ice 3d%ertising Protocol (ackets are used b +le and (rint ser%ers to
(eriodicall
ad%ertise the address o, the ser%er and the ser%ices a%ailable. It works at the
a((lication!
(resentation! and session le%els.
l NCP 0 NetAare Core Protocol (ro%ides ,or client)ser%er interactions such as +le
and (rint
sharing. It works at the a((lication! (resentation! and session le%els.
l 7P9 0 7e@uenced Packet 1-change o(erates at the trans(ort laer (ro%iding
connection oriented
co''unication on to( o, IP9.
l IP9 0 Internetwork Packet 1-change su((orts the trans(ort and network laers o,
the 67I
network 'odel. Pro%ides ,or network addressing and routing. It (ro%ides ,ast!
unreliable!
co''unication with network nodes using a connection less datagra' ser%ice.
l $IP 0 $outing In,or'ation Protocol is the de,ault routing (rotocol ,or IP9)7P9
networks which
o(erates at the network laer. 3 distance0%ector algorith' is used to calculate the
best route ,or a
(acket.
l 6DI 0 6(en Data0link Inter,ace o(erates at the data link laer allowing IP9 to
work with an
network inter,ace card.
NetAare ,ra'e t(es
No%ell NetAare ".- and 3.- use 1thernet >0".3 as their de,ault ,ra'e t(e. No%ell
NetAare &.- networks
use 1thernet >0"." as their de,ault ,ra'e t(e. I, co''unication does not occur
between two NetAare
co'(uters it is a good idea to check the netware %ersions o, the two co'(uters to
be sure their ,ra'e
t(es 'atch. I, the ,ra'e t(es do not 'atch on an ethernet network! the
co'(uters cannot co''unicate. Net/1:I
Net/1:I
In order to (ro(erl describe Net/1:I! the trans(ort (rotocol so'eti'es used ,or
2icroso,t networking!
it is necessar to describe 2icroso,t networking in so'e detail and the %arious
(rotocols used and what
network laers the su((ort.
Net/I67! Net/1:I! and 72/ are 2icroso,t Protocols used to su((ort 2icroso,t
Networking. The
Net/I67 stack includes 72/! Net/I67! and Net/1:I which are described in the table
below. The
,ollowing are (arts o, the 2icroso,t networking stack.
Na'e Network 8aer Descri(tion
$edirector 3((lication
Directs re@uests ,or network resources to the a((ro(riate
ser%er and 'akes network resources see' to be local
resources.
72/ Presentation
7er%er 2essage /lock (ro%ides redirector client to ser%er
co''unication
Net/I67 7ession
Controls the sessions between co'(uters and 'aintains
connections.
Net/1:I Trans(ort! Network
Pro%ides data trans(ortation. It is not a routable trans(ort
(rotocol which is wh N/T e-ists on large networks to use
routable TCP (rotocol on large networks. This (rotocol 'a
so'eti'es be called the Net/I67 ,ra'e 4N/F5 (rotocol.
NDI7 and NIC dri%er Data 8ink
NDI7 allows se%eral ada(ter dri%ers to use an nu'ber o,
trans(ort (rotocols. The NIC dri%er is the dri%er so,tware ,or
the network card.
Net/I67 1-tended :ser Inter,ace 4Net/1:I5
This is a se(arate (rotocol ,ro' Net/I67. It su((orts s'all to 'ediu' networks
(ro%iding trans(ort and
network laer su((ort. It is ,ast and s'all and works well ,or the D67 o(erating
sste' but Net/1:I is
not a routable (rotocol.
Na'e $esolution
There are three 'ethods o, 'a((ing Net/I67 na'es to IP addresses on s'all
networks that donIt
(er,or' routing.
#. IP broadcasting 0 3 data (acket with the Net/I67 co'(uter na'e is broadcast
when an
associated address is not in the local cache. The host who has that na'e returns its
address. Net/1:I
". The l'hosts +le 0 This is a +le that 'a(s IP addresses and Net/I67 co'(uter
na'es.
3. N/N7 0 Net/I67 Na'e 7er%er. 3 ser%er that 'a(s Net/I67 na'es to IP
addresses. This ser%ice
is (ro%ided b the n'bd dae'on on 8inu-.
7ste' wide 'ethods o, resol%ing Net/I67 na'es to IP addresses are.
#. b0node 0 /roadcast node
". (0node 0 Point0to0(oint node @ueries an N/N7 na'e ser%er to resol%e addresses.
3. '0node 0 First uses broadcasts! then ,alls back to @uering an N/N7 na'e ser%er.
&. h0node 0 The sste' +rst atte'(ts to @uer an N/N7 na'e ser%er! then ,alls
back to broadcasts i,
the na'eser%er ,ails. 3s a last resort! it will look ,or the l'hosts +le locall.
Net/I67 na'e ser%ices use (ort #3= and Net/I67 session ser%ices use (ort #3?.
Net/I67 datagra'
ser%ice uses (ort #3>.
To resol%e addresses ,ro' na'es! a co'(uter on a 2icroso,t network will check its
cache to see i, the
address o, the co'(uter it wants to connect to is listed there. I, not it sends a
Net/I67 broadcast
re@uesting the co'(uter with the na'e to res(ond with its hardware address. Ahen
the address is
recei%ed! Net/I67 will start a session between the co'(uters. 6n larger networks
that use routers! this is
a (roble' since routers do not ,orward broadcasts! nor is Net/1:I a routable
(rotocol. There,ore
2icroso,t i'(le'ented another 'ethod o, resol%ing na'es with the Aindows
Internet Na'e 7er%ice
4AIN75. The ,ollowing ste(s are taken to resol%e Net/I67 na'es to IP addresses ,or
B0node resolution
on larger networks using TCP)IP 4N/T5.
#. Net/I67 na'e cache
". AIN7 7er%er
3. Net/I67 broadcast
&. l'hosts +le
;. hosts +le
6. DN7 ser%er
For a 'ore co'(lete e-(lanation o, Net/I67 na'e resolution! AIN7! and Aindows
networking in
general! see the 'anuals in the Aindows o(erating sste' section such as the
<Aindows TCP)IP
$e,erence.< 3lso a Aindows Networking 'anual will be written ,or this section.
Net/I67 o%er TCP)IP 4N/T5
7ince Net/1:I is not a routable (rotocol! 2icroso,t i'(le'ented N/T ,or larger
networks. Net/I67
'essages are nor'all enca(sulated in Net/1:I datagra's! but when using N/T!
the are enca(sulated
in TCP)IP datagra's. The N/T (rotocol is de+ned b $FC #00# and $FC #00".
Net/1:I
NA8ink
NA8ink is 2icroso,tIs i'(le'entation o, IP9)7P9. NA8ink will act as a trans(ort
'echanis' ,or
Net/I67 si'ilar to the use o, TCP)IP described in the N/T section abo%e. NA8ink is
nor'all used to
su((ort 'ediu' networks and 'a be used where NetAare ser%ers are (resent.
Aindows Internet Na'e 7er%ice 4AIN75
AIN7 is the 2icroso,t i'(le'entation o, Net/I67 na'e ser%ice. 7a'ba on 8inu- can
be used as a
AIN7 ser%er.
Co'(uters con+gured to use AIN7! when booted! contact the AIN7 na'e ser%er
and gi%e the ser%er
their Net/I67 na'e and IP address. The AIN7 ser%er adds the in,or'ation to its
database and it 'a
send the in,or'ation to other AIN7 ser%ers on our network. Ahen a co'(uter that
is con+gured to use
AIN7 needs to get an address o, another co'(uter! it will contact the AIN7 ser%er
,or the in,or'ation.
Aithout the use o, a AIN7 ser%er! Net/I67 will onl be able to see co'(uters on the
unrouted sections
o, the local network. Does this 'ean a AIN7 ser%er 'ust e-ist in each routed
section o, the networkJ
The answer is no. This is because AIN7 uses TCP)IP which is routable. 6nl one
AIN7 ser%er needs to
e-ist on the network.
The Aindows Networking 1n%iron'ent
3 do'ain in a 2icroso,t networking en%iron'ent re,ers to a collection o, co'(uters
using user le%el
securit. It is not the sa'e as the ter' do'ain used with regard to the do'ain
na'e sste' 4DN75.
Do'ain related ter's are.
l /DC 0 /acku( Do'ain Controller is a backu( ,or a PDC
l T8D 0 To( 8e%el do'ain
l PDC 0 Pri'ar Do'ain Controller is an NT ser%er (ro%iding central control o, user
access
(er'issions and accounts on a network. 3((leTalk Protocols
3((leTalk Protocols
3((leTalk is the architecture used on with 3((le brand co'(uters and is a suite o,
(rotocols ,or
networking 3((le co'(uters. 7o'e o, the (rotocols are.
l 3((le7hare 0 Aorks at the a((lication laer to (ro%ide ser%ices.
l 3FP 0 3((leTalk Filing (rotocol 0 2akes network +les a((ear local b 'anaging
+le sharing at
the (resentation laer.
l 3TP 0 3((leTalk Transaction Protocol (ro%ides a Trans(ort 8aer connection
between
co'(uters. Three transaction laers.
' transaction re@uires 4T$1Q5
' transaction res(onse 4T$17P5
' transaction release 4T$185
l DDP 0 Datagra' Deli%er Protocol is a routable (rotocol that (ro%ides ,or data
(acket
trans(ortation. It o(erates at the network laer at the sa'e le%el o, the IP (rotocol.
The 3((leTalk networking sche'e (uts co'(uters into grou(s called Hones. This is
si'ilar to
workgrou(s on a Aindows network.
Four 7ession laer (rotocols
l 37P 0 3((leTalk session (rotocol controls the starting and ending o, sessions
between co'(uters
called nodes. It works at the session le%el. The N/P! described below is used to get
addresses
,ro' co'(uter na'es. 3TP is used at the trans(ort le%el.
l 3D7P 0 3((leTalk data strea' (rotocol 'anages the *ow o, data between two
established socket
connections.
l GIP 0 Gone in,or'ation (rotocol used with $T2P to 'a( Hones. $outers use Hone
in,or'ation
tables 4GITs5 to de+ne network addresses and Hone na'es.
l P3P 0 Printer access (rotocol 'anages in,or'ation between workstations and
(rinters.
6ther Protocols
l N/P 0 Na'e0binding (rotocol translates addresses into na'es.
l 31P 0 3((leTalk echo (rotocol uses echoes to tell i, a co'(uter! or node! is
a%ailable.
l $T2P 0 $outing table 'aintenance (rotocol is used to u(date routers with
in,or'ation about
network status and address tables. The whole address table is sent across the
network.
l 3$:P 0 3((leTalk u(date routing is a newer %ersion o, $T2P. 7ste' Network
3rchitecture
7ste' Network 3rchitecture
7ste' Network 3rchitecture 47N35 b I/2 is a suite o, (rotocols 'ainl used with
I/2 'ain,ra'e
and 37)&00 co'(uters. Two 7N3 (rotocols are.
l 3PPC 0 3d%anced Peer0to0Peer Co''unications (ro%ides (eer to (eer ser%ices at
the trans(ort
and session laer.
l 3PPN 0 3d%anced Peer0to0Peer Networking su((orts the co'(uter connections at
the network
and trans(ort laers.
2icroso,t (roduced the 7N3 7er%er so PC networks could connect with 7N3
networks.
7N3 8aers
7N3 has its own network 'odel which is.
l Phsical
l Data link 0 :ses (rotocols such as token0ring or 7nchronous Data 8ink Control
47D8C5.
l Path Control 0 Per,or's routing! di%ision! and re0asse'bl o, data (ackets.
l Trans'ission 0 Connection so,tware
l Data *ow 0 Pre%ents data o%er*ows b 'onitoring and handling traEc
l Presentation 0 Bandles inter,aces to a((lications
l Transaction 0 Pro%ides an inter,ace ,or a((lications to use network ser%ices
7N3 Network De%ices
l host sste's
l ter'inals
l 6ut(ut de%ices
l Co''unications controllers
l Cluster controllers 0 3llow 'an de%ices to connect through the'. The connect
ot a host or
co''unications controller.
7N3 Network Categories
l Nodes
' T(e " 0 PCs! ter'inals and (rinters
' T(e & 0 Co''unications controllers
' t(e ; 0 Bost co'(uters used to 'anage the network
l Data links 0 Connection between co'binations o, hosts! cluster controllers! or
nodes. 7ste' Network 3rchitecture
Possible 7N3 co''unications architectures
l 7D87 0 7nchronous Data 8ink Control
l /7C 0 /inar 7nchronous Co''unication sends bits in ,ra'es which are ti'ed
se@uences o,
data.
l Token0ring
l 9.";
l 1thernet
l FDDI
7N3 units
N3: 0 Network 3ddressable :nits
l 8: 0 8ogical :nits are (orts that users use to access network resources
' T(e # 0 3n interacti%e batch session
' T(e " 0 3n I/2 3"=0 ter'inal
' T(e 3 0 3n I/2 3"=0 (rinter
' T(e 6." 0 3 (rogra' to (rogra' session
' T(e = 0 3n I/2 ;";0 ,a'il session
l P: 0 Phsical :nits are a network de%ice used to co''unicate with hosts.
' T(e " 0 Cluster controllers
' T(e 3 0 Front end (rocess
' T(e ; 0 Bost co''unications so,tware
7N3 so,tware co'(onents
l 77CP 0 7ste's 7er%ices Control Point 'anages all resources in the hostIs
do'ain.
l NCP 0 Network Control Progra' (er,or's routing! session 'anage'ent tasks. It
runs in the
co''unications controller. 6ther Trans(ort Protocols
6ther Trans(ort Protocols
D1Cnet
D1Cnet ,ro' Digital 1@ui('ent Cor(oration is a suite o, (rotocols which 'a be
used on large
networks that integrate 'ain,ra'e and 'inico'(uter sste's. It is a routable
(rotocol. DN3 0 Digital
Network 3rchitecture.
Data 8ink Control 4D8C5
This (rotocol o(erates at the data link laer and is designed ,or co''unications
between Bewlett0
Packard network (rinters and I/2 'ain,ra'e co'(uters. This (rotocol is not
routable.
6(en 7ste's Interconnect 467I5
3 suite o, (rotocols de%elo(ed b the International 7tandards 6rganiHation 4I765
which corres(onds
with the laers o, the 67I 'odel. These (rotocols (ro%ide a nu'ber o, a((lication
(rotocols ,or %arious
,unctions. The 67I (rotocol stack 'a be used to connect large sste's. 67I is a
routable trans(ort
(rotocol. Network $outing
Network $outing
7i'(le Networking $outing and $outers
This section will e-(lain routing in si'(le ter's with so'e si'(le standard rules.
There 'a be e-ce(tions to
these rules! but ,or introductor (ur(oses we will kee( the +rst e-a'(le si'(le.
Please be aware! that the
e-a'(les in this section are working e-a'(les! but 'ore co'(le-it 'a be added
when a larger network is
considered! and 'ulti(le data routes beco'e a%ailable.
1ach network inter,ace card 4NIC5 has a s(eci+c address which is an IP address or
nu'ber. Ahen data is sent
between two co'(uters! the data 'ust be sent in a (ackage that has the address o,
the intended recei%er 4IP5 on it.
It is like an en%elo(e 4ethernet5 with the senderIs and reci(ientIs address on it.
There is so'ewhat o, a diFerence!
howe%er. Ahen the co'(uter intends to send a (acket! it +rst checks its routing
table to see i, the intended data
'ust be sent through a gatewa. 2an co'(uters onl ha%e a si'(le routing table!
which is built ,ro' the
network 'ask and the gatewa in,or'ation entered! when ou set our co'(uter
u( to do networking. The
co'(uter! when set u( ,or networking! 'ust be assigned an IP address! net'ask!
and de,ault gatewa. This 'a
be done 'anuall or done auto'aticall using Dna'ic Bost Con+guration Protocol
4DBCP5 to assign this
in,or'ation to the co'(uter when it boots. DCBP is described in another section. I,
the co'(uter deter'ines that
the (acket 'ust be sent to a gatewa! it (uts it in a s(ecial (acket 4ethernet5 ,or
that gatewa! with the actual
reci(ientIs address wra((ed inside.
In the abo%e (aragra(h! data (ackets are e@uated to a letter with an en%elo(e. For
this t(e o, thinking! the
en%elo(e would be si'ilar to the ethernet! 78IP! or PPP (acket which enca(sulates
the IP (acket. The IP (acket
and its enca(sulated data would si'ilar to a letter. BereIs generall what ha((ens
when a (ackage is sent.
The sending co'(uter checks the IP (art o, the (ackage to see the senderIs IP
address! and based on
the address and instructions in its routing table will do one o, the ,ollowing.
#. 7end the (acket to the ethernet address o, the intended reci(ient. The ,ollowing
will ha((en.
#. The ethernet card on the recei%ing co'(uter will acce(t the (acket.
". The other network le%els 4IP! TCP5 will o(en the (acket and use it according to
+ltering and other
(rogra''ing instructions.
". 7end the (acket to the ethernet address o, a router! de(ending on the
instructions in the routing table.
#. The ethernet card on the router will acce(t the (acket.
". The IP le%el o, the router will look at the (acketIs IP address and deter'ine
according to its routing
table where to send the (acket ne-t. It should send it to another router or to the
actual reci(ient.
3. The router will enca(sulate the IP (acket in another ethernet (acket with the
ethernet address o, the
ne-t router or the intended reci(ient.
&. $outer ho(s will continue until the (acket is sent on a network where the
intended reci(ient is
(hsicall located unless the (acket e-(ires.
;. The ethernet card on the recei%ing co'(uter will acce(t the (acket.
6. The other network le%els 4IP! TCP5 will o(en the (acket and use it according to
+ltering and other
(rogra''ing instructions. Network $outing
8ets sa ou enter an IP address o, #0.#."0.&; and a net'ask o, ";;.";;.0.0. This
'eans ou are on the network
#0.#.0.0 4I show it as #0.#.-.-! the 9Is 'ean donIt care conditions5. The 'achineIs IP
address and net'ask!
together de+ne the network! that itIs NIC is on. There,ore an 'achine that +ts in
the address range (ro%ided
under #0.#.-.- can be accessed directl ,ro' our NIC! and an that are not in this
nu'ber range! such as
#0.3.3&.6= cannot be accessed directl and 'ust be sent to a gatewa 'achine
since it is on another network.
T(icall 'ost 'achines will use their net'ask to 'ake this deter'ination which
'eans i, the address does not
'atch their known network! the (ackage will be sent to that 'achineIs de,ault
gatewa in a s(ecial (ackage 'eant
,or a router. It works si'ilar to a (ost oEce. Ahen ou send a letter in our town!
ou (ut it in the local slot. It
can be deli%ered to so'eone else in our town 4network5! but i, ou are sending to
another town 4network5! ou
(ut the letter in the out o, town slot 4de,ault gatewa5! then the 'ail (ersonnel (ut
it in a s(ecial container or bo-
and send it to a 'ain town 4gatewa5! which then decides where to send it based on
its address. 3lthough this
si'(le network and de,ault gatewa 'a be co''on! s(eci+c co'(uters or
gatewas can ha%e 'uch 'ore
co'(le- rules ,or routing that allow e-ce(tions to this e-a'(le.
Please be aware that in order to be ,orwarded! data (ackets 'ust be addressed to a
router. The cannot Cust be sent
to the reci(ientIs address out to a network. The router does not (ick (ackets oF the
network and ,orward the'. I,
a (acket is sent on a network and a %alid reci(ient is not on that network! there will
be no res(onse. This will be
de'onstrated in the ne-t section where a subnetwork will be described.
To kee( routing si'(le! 'ost networks are structured as shown below. Generall!
the higher networks are
#0.-.-.-! then the ne-t are #0.00";&.-.-! then #0.00";&.00";&.-. The nu'ber #0 is
used as an e-a'(le Class 3
network. This nu'bering sche'e kee(s routing si'(le and is the least con,using
but networks can be set u( in
other was. In the diagra' below! onl gatewas and their networks are shown.
Network $outing
In ' si'(le network e-a'(le below I %ar ,ro' con%ention and 'ake network
#?".#6>.".- be below network
#?".#6>.#.-. causing traEc between the internet and #?".#6>.".- to go through the
network #?".#6>.#.-.
Nor'all the network #?".#6>.#.- would be #?".#6>.-.-! but this will show ou that
there can be 'an %ariants
that will work as long as ou ha%e thought our laout through well! and set our
routing tables u( in our
gatewas correctl. Network $outing
The bo-es labeled 3 and / 'ust be gatewas or routers in order ,or anone on
networks #?".#6>.".- or
#?".#6>.#.- to talk to an other network or internet. The bo-es labeled 7# through
76 are stations which could be
workstations or ser%ers (ro%iding ser%ices like /66TP! DBCP! DN7! BTTP! and)or +le
sharing such as NF7 or
7a'ba. The gatewas 'a also (ro%ide these ser%ices. These stations 'a co'bine
an co'bination o, ser%er or
workstation ,unction. The reasons ,or (utting the %arious ser%ices on se(arate
'achines is because o, securit
concerns and the abilit o, a gi%en 'achine to handle s(eci+c de'and. T(icall!
the co'(uter that is connected
directl to the internet! would be a +rewall and (ro%ide no other ser%ices ,or
securit reasons. For e-a'(le! it is
not a good idea to (ro%ide TFTP ser%ices on a 'achine that ou want to ha%e high
securit. This is wh!
de(ending on the securit needs o, the co'(an or indi%idual along with the
relati%e a'ount o, each ser%ice to be
(ro%ided! %arious ser%ers are set u( with li'ited ,unctionalit.
The 'achine 76 in the diagra' abo%e has the ,ollowing characteristics.
IP 3ddress. #?".#6>."."
Network. #?".#6>.".0
Net'ask. ";;.";;.";;.0
Gatewa. #?".#6>.".#
In 8inu-! the <i,con+g< co''and is used to con+gure the NIC and the co''and
<route< is used to set u( routing
tables ,or that 'achine. Please note that in $edhat 8inu-! the G:I inter,ace
(rogra's <netcon,< and <linu-con,<
'a be used to set this u( also. These G:I inter,ace (rogra's will set these
changes u( to be (er'anent b Network $outing
writing the' to +les that are used to con+gure network in,or'ation. Changes 'ade
with <route< without adding
the changes to (er'anent +les will no longer be %alid when ou reboot the
'achine. The co''and <i,con+g eth0
#?".#6>."." net'ask ";;.";;.";;.0< will set the NIC card u( with its address and
network nu'ber. Dou can t(e
<netcon+g<! then select <basic host in,or'ation< and do the sa'e thing. The
co''and <route add 0net de,ault gw
#?".#6>.".# de% eth0< will add the route re@uired ,or this co'(uter ,or its gatewa.
This can be done using
<i,con,< b selecting <routing and gatewas< and <de,aults<! then setting the
address o, the de,ault gatewa! and
enabling routing. Please be aware that %arious %ersions o, 8inu- ha%e diFerent
'eans o, storing and retrie%ing
network and routing in,or'ation and ou 'ust use the tools that co'e with our
sste' or learn it well enough to
deter'ine what +les to 'odi,. 6n $edhat 6.# the +le <)etc)sscon+g)static0routes<
can be 'odi+ed to 'ake our
route changes (er'anent! but this does not a((l to our de,ault route. 6ther +les
are <)etc)sscon+g)routed< and
<)etc)sscon+g)network<. 6ther +les include <)etc)gatewas<! <)etc)networks<!
<)(roc)net)route<!
<)(roc)net)rtScache<! and <)(roc)net)i(%6Sroute<. The +le <)etc)sscon+g)network0
scri(ts< is a scri(t +le that
controls the network setu( when the sste' is booted.
I, ou t(e <route< ,or this 'achine! the routing table below will be dis(laed.
Destination Gatewa Gen'ask Flags 2etric $e, :se I,ace
#?".#6>."." L ";;.";;.";;.";; :B 0 0 0 eth0
#?".#6>.".0 L ";;.";;.";;.0 : 0 0 0 eth0
#"=.0.0.0 L ";;.0.0.0 : 0 0 0 lo
de,ault #?".#6>.".# 0.0.0.0 :G 0 0 0 eth0
Bere is a si'(le e-(lanation o, routing tables and their (ur(ose. 3ll co'(uters that
are networked ha%e a routing
table in one ,or' or another. 3 routing table is a si'(le set o, rules that tell what
will be done with network
(ackets. In (rogra''ing language it is easiest to think o, it as a set o, instructions!
%er si'ilar to a case
state'ent which has a <de,ault< at its end. I, can also be thought o, as a series o,
i,..then..elsei,..then..else
state'ents. I, the lines abo%e are labeled 3 through C and a de,ault 4the last line5!
an a((ro(riate case state'ent
is. 4DonIt count the header line5
switch4address5T
case 3. send to 'eUbreakU
case /. send to ' networkUbreakU
case C. send to ' local inter,aceUbreakU
de,ault. send to gatewa #?".#6>.".#
3n a((ro(riate i, state'ent is.
i, 4addressP'e5 then send to 'eU
elsei, 4addressP' network5 then send to ' networkU
elsei, 4addressP' local5 then send to ' local inter,aceU
else send to ' gatewa #?".#6>.".#U
In e%erda ter's this is si'ilar to a basic decision (rocess. I'agine ou are
holding a letter. I, it is addressed to Network $outing
ou! ou kee( it! i, it is addressed to so'eone in our town! ou dro( it in the local
slot at the (ost oEce! but i, it
is addressed to so'eone out o, town! ou would dro( it in the out o, town slot.
Note how the routing table is arranged. It is arranged ,ro' the 'ost s(eci+c to the
least s(eci+c. There,ore as ou
go down the table! 'ore (ossibilities are co%ered. Dou will notice the +rst Gen'ask
is ";;.";;.";;.";; and the
last is 0.0.0.0. There can be no doubt that the last line is the de,ault. The gen'asks
between the start and the end
ha%e a decreasing nu'ber o, least signi+cant bits set.
The abo%e de,ault routing table 'a be added 'anuall with the co''and.
route add 0net de,ault gw #?".#6>.".# de% eth0
The routing table ,or 'achine /! the gatewa ,or the network #?".#6>.".0 is as
,ollows.
Destination Gatewa Gen'ask Flags 2etric $e, :se I,ace
#?".#6>.".# L ";;.";;.";;.";; :B 0 0 0 eth0
#?".#6>.#." L ";;.";;.";;.";; :B 0 0 0 eth#
#?".#6>.".0 #?".#6>.".# ";;.";;.";;.0 :G 0 0 0 eth0
#?".#6>.".0 L ";;.";;.";;.0 : 0 0 0 eth0
#?".#6>.#.0 #?".#6>.#." ";;.";;.";;.0 :G 0 0 0 eth#
#?".#6>.#.0 L ";;.";;.";;.0 : 0 0 0 eth#
#"=.0.0.0 L ";;.0.0.0 : 0 0 0 lo
de,ault #?".#6>.#.# 0.0.0.0 :G 0 0 0 eth0
The I,ace s(eci+es the card where (ackets ,or this route will be sent. The address o,
eth# is #?".#6>.#." and eth0
is #?".#6>.".#. The NIC card addresses could ha%e easil been switched. 8ine #
4abo%e5 (ro%ides ,or the eth0
address! while line " (ro%ides ,or the address o, eth#. 8ines 3 and & are the rules ,or
traEc going ,ro' network
#?".#6>.#.0 to network #?".#6>.".0 which will be sent out on NIC eth0. 8ines ; and
6 are the rules ,or traEc
going ,ro' network #?".#6>.".0 to network #?".#6>.#.0 which will be sent out NIC
eth#. This 'a see'
con,using! but (lease note the +rst %alue on lines 3 and & is #?".#6>.".0 which the
header indicates as the
destination o, the (acket. DonIt think o, it as sourceK The last line is the de,ault line
which s(eci+es that an
(acket not on one o, the networks #?".#6>.#.0 or #?".#6>.".0 will be sent to the
gatewa #?".#6>.#.#. This is
how the internet access can be attained! though IP 'as@uerading will (robabl be
used. The *ags abo%e 'ean the
,ollowing.
l : 0 $oute is u(
l B 0 Target is a host
l G 0 :se gatewa
There are other *ags! ou can look u( b t(ing <'an route<. 3lso the 'etric %alue
abo%e! indicating the distance
to the target! is not used b current 8inu- kernels but 'a be needed b so'e
routing dae'ons. Please note that i,
route knows the na'e o, the gatewa 'achine! it 'a list its na'e rather than the
IP address. The sa'e is true ,or
de+ned networks. Networks 'a be de+ned in the +le <)etc)networks< as in the
e-a'(le. Network $outing
net# #?".#6>.#.0
net" #?".#6>.".0
The routing table abo%e can be set u( with the ,ollowing co''ands.
route add 0net #?".#6>.".0 net'ask ";;.";;.";;.0 gw #?".#6>.".# de% eth0
route add 0net #?".#6>.#.0 net'ask ";;.";;.";;.0 gw #?".#6>.#." de% eth#
3gain be aware that ou are s(eci,ing destination networks here and the ethernet
de%ice and address the data is
to be sent on.
In $edhat 8inu- this can be s(eci+ed using <netcon,< b selecting <routing and
gatewas< and <other routes to
networks< and entering the ,ollowing.
Network Net'ask Gatewa
#?".#6>.".0 ";;.";;.";;.0 #?".#6>.".#
#?".#6>.#.0 ";;.";;.";;.0 #?".#6>.#."
3lternati%el in $edhat 8inu-! ou can add the ,ollowing two lines to the +le
<)etc)sscon+g)static0routes<.
eth0 net #?".#6>.".0 net'ask ";;.";;.";;.0 gw #?".#6>.".#
eth# net #?".#6>.#.0 net'ask ";;.";;.";;.0 gw #?".#6>.#."
The co''ands to delete the abo%e routes with route are.
route del 0net #?".#6>.".0 net'ask ";;.";;.";;.0 gw #?".#6>.".# de% eth0 route
del 0net #?".#6>.#.0
net'ask ";;.";;.";;.0 gw #?".#6>.#." de% eth#
/e aware! the (rogra' route is %er (articular on how the co''ands are entered.
1%en though it 'a see' that
ou entered the' as the 'an (age s(eci+es! it will not alwas acce(t the
co''ands. I donIt know i, this is a bug
or not! but i, ou enter the' as described here with the network! net'ask! gatewa!
and de%ice s(eci+ed! it should
work. The slightest 'isno'er in network na'e! net'ask! gatewa! de%ice! or
co''and snta- and the eFort will
,ail. 2ore Co'(le- Networking $outing
2ore Co'(le- Networking $outing
Now letIs 'odi, the s'all network in the e-a'(le in the (re%ious section. The
#?".#6>.#.- network is changed
to #?".#6>.-.- and gatewa /Is address is changed to #?".#6>.#0.#. 3ll the
net'asks on the co'(uters on the
#?".#6>.-.- network are 'odi+ed to ";;.";;.0.0 to acco''odate the change!
e-ce(t 'achine 73 which kee(s
the net'ask ";;.";;.";;.0 and changes its address to #?".#6>.#0.3. This
eFecti%el (uts 73 on a diFerent
network than 7" and 7#! it no longer belie%es it can talk directl to the' and 'ust
talk to gatewa / to talk to
the'. It canIt e%en talk to gatewa 3 an'ore since it canIt address it directl.
2achines 7#! 7"! and 3 are not on
network #?".#6>.#0.0! their addresses are #?".#6>.#.L. 7# and 7" can talk to 73!
but 73 will not be able to
res(ond unless it utiliHes gatewa /.
Please be aware! in the e-a'(le in the (re%ious section! that gatewa 3 was aware
o, gatewa /. I, it were not!
no 'essages could ha%e been trans'itted ,ro' the internet to the #?".#6>.".0
network. In this e-a'(le! gatewa
3 knows nothing about gatewa /! and as ,ar as itIs concerned! the network
#?"!#6>.".0 is (art o, #?".#6>.0.0
and there is no gatewa between the'. Gatewa /! does know about gatewa 3
and is using that gatewa as its
de,ault gatewa. There,ore i, 7# and 7" use gatewa 3 ,or their de,ault gatewa!
the will not be able to talk to
7&! ;! or 6 unless their routing table is 'odi+ed. 7# and 7" will be able to talk to 73!
howe%er! assu'ing 73 is
using gatewa /.
Bere is a listing o, 'achine 7#Is routing table! using gatewa 3 as de,ault and no
other routes. 2ore Co'(le- Networking $outing
Destination Gatewa Gen'ask Flags 2etric $e, :se I,ace
#?".#6>.#.; L ";;.";;.";;.";; :B 0 0 0 eth0
#?".#6>.0.0 L ";;.";;.0.0 : 0 0 0 eth0
#"=.0.0.0 L ";;.0.0.0 : 0 0 0 lo
de,ault #?".#6>.#.# 0.0.0.0 :G 0 0 0 eth0
Bere it is 'odi+ed to let it use network #?".#6>.".0.
Destination Gatewa Gen'ask Flags 2etric $e, :se I,ace
#?".#6>.#.; L ";;.";;.";;.";; :B 0 0 0 eth0
#?".#6>.0.0 L ";;.";;.0.0 : 0 0 0 eth0
#?".#6>.".0 #?".#6>.#0.# ";;.";;.";;.0 :G 0 0 0 eth0
#?".#6>.".0 L ";;.";;.";;.0 : 0 0 0 eth0
#"=.0.0.0 L ";;.0.0.0 : 0 0 0 lo
de,ault #?".#6>.#.# 0.0.0.0 :G 0 0 0 eth0
It s(eci+es the gatewa /! #?"!#6>.#0.# to be used i, the destination is #?".#6>.".-.
The +gure below shows an ethernet network with bus to(olog e-cluding the hubs.
It is a large Class 3 network
with 'an subnetworks. The 'achines labeled 3 through D are routers or (otential
routers and each ha%e two
network inter,ace cards4NIC5. These 'achines 'a be called gatewas since their
,unction is to be a gate to
another location. 1ach card has a %alid address on its own network or subnetwork.
The table below lists each
gatewa! and each NIC address and associated network.
Gatewa eth0 eth0 network eth# eth# network
3 #0.0.0.# #0.-.-.- #6&.";.=&.#3# Internet
/ #0.0.0." #0.-.-.- #0.#.0.# #0.#.-.-.
C #0.0.0.3 #0.-.-.- #0.".0.# #0.".-.-.
D #0.0.0.& #0.-.-.- #0.3.0.# #0.3.-.-.
1 #0.3.;0.# #0.3.-.- #0.3.#00.# #0.3.#00.-.
F #0.#.0." #0.#.-.- #0.#."0.# #0.#."0.-.
G #0.".0." #0.".-.- #?".#6>.#.# #?".#6>.#.-.
B #0.3.#00." #0.3.#00.- #0.3.#;0.# #0.3.#;0.-.
I #0.3.#;0." #0.3.#;0.- #?".#6>.#." #?".#6>.#.-.2ore Co'(le- Networking $outing
In this +gure! there are ? gatewas. which are labeled 3 through I. There are
'ulti(le (aths between se%eral
networks. The (ossible (aths between networks #0.#.#00.- and #?".#6>.#.- can be
through gatewas 1! D! C!
then G 410D0C0G5 or through gatewas B0I. The (ath ,ro' #0.3.#00.- ot #0.#."0.-
can be 10D0/0F or B0I0G0C0/0
F. 6b%iousl there are was to set the routing (aths u( that 'a not be ,ull
eEcient. In this t(e o, network! the
ad'inistrator 'ust gi%e care,ul thought to the setu( o, the routing tables in their
gatewas. It would be eas to set
u( an in+nite (acket route loo( in this network where so'e (ackets 'a go in
circles ,ro' router to router. BereIs
how I would route ,or this network.
The below table lists each network and their de,ault router.
Network De,ault $outer
#0.3.#00.- 1
#0.3.#;0.- B
#?".#6>.#.- G
#0.#."0.- F2ore Co'(le- Networking $outing
#0.#.-.- /
#0.".-.- C
#0.3.-.- D
#0.-.-.- 3
The router! I! is not used as a de,ault router ,or an network.
The table below lists an abbre%iated route table ,or each gatewa.
$outer Destination Gatewa
3 #?".#6>.#.- C
#0.#.-.- /
#0.".-.- C
#0.3.-.- D
#0.-.-.- #0.0.0.#
de,ault internet
/ #0.#."0.- F
#0.#.-.- #0.#.0.#
de,ault 3
C #?".#6>.#.- G
#0.".-.- #0.".0.#
de,ault 3
D #0.3.#;0.- 1
#0.3.#00.- 1
#0.3.-.- #0.3.0.#
de,ault 3
1 #?".#6>.#.- L B
#0.3.#;0.- B
#0.3.#00.- #0.3.#00.#
de,ault D
F #0.#."0.- #0.#."0.#
de,ault /
G #0.3.#00.- L I
#?".#6>.#.- #?".#6>.#.#
#0.3.#;0.- L I
de,ault C
B #?".#6>.#.- I
#0.3.#00.- #0.3.#00."2ore Co'(le- Networking $outing
#0.3.#;0.- #0.3.#;0.#
de,ault 1
I #0.3.#00.- B
#?".#6>.#.- #?".#6>.#."
#0.3.#;0.- #0.3.#;0."
de,ault G
The destinations with ILI indicate destinations that shorten the nor'al route (ath
through network #0.3.#;0.-.
3lso in this network since there are 'ulti(le (ossible (aths! dna'ic routing can be
used to (ro%ide alternate
routing! i, one router goes down. IP 2as@uerading
IP 2as@uerading
IP 'as@uerading is a ,or' o, network address translation 4N3T5 which allows
internal co'(uters with no known address
outside their network! to co''unicate to the outside. It allows one 'achine to act
on behal, o, other 'achines. ItIs si'ilar to
so'eone buing stocks through a broker 4without considering the 'onetar
transaction5. The (erson buing stocks! tells the
broker to bu the stocks! the broker gets the stocks and (asses the' to the (erson
who 'ade the (urchase. The broker acts on
behal, o, the stock (urchaser as though he was the one buing the stock. No one
who sold the stock knew or cared about
whether the broker was buing ,or hi'sel, or so'eone else.
Please D6 N6T con,use routers with +rewalls and the (er,or'ance o, IP
'as@uerading. The co''ands that allow IP
'as@uerading are a si'(le ,or' o, a +rewall! howe%er routing is a co'(letel
diFerent ,unction! as described (re%iousl.
7etting a co'(uter u( to act as a router is co'(letel diFerent than setting u( a
co'(uter to act as a +rewall. 3lthough the two
,unctions are si'ilar in that the router or +rewall will act as a co''unication
'echanis' between two networks or subnets!
the si'ilarit ends there. 3 co'(uter can be either a router or a +rewall! but not
both. I, ou set u( a co'(uter to act as both a
router and a +rewall! ou ha%e de,eated the (ur(ose o, our +rewallK
I, ou re,er to the diagra' below! the 'achines on network #?".#6>.".- will obtain
ser%ices through gatewa / using IP
'as@uerading! when gatewa / is setu( (ro(erl. Ahat basicall ha((ens when IP
'as@uerading is set u( on gatewa / is
described in the ,ollowing e-a'(le. I, 'achine 76 tries to (ing 7"! its (ing (ackages
will be wra((ed in a (ackage ,or its
de,ault gatewa! gatewa /! because 76 knows b its net'ask that 7" in on
another network. Ahen gatewa / recei%es the
(ackages ,ro' 76! it con%erts the' to (ing (ackages as though the were sent ,ro'
itsel, and sends the' to 7". 3s ,ar as 7"
can tell! gatewa / has (inged it. 7" recei%es the (ackages and res(onds to
gatewa /. Gatewa / then con%erts the (ackages
to be addressed to 76 and sends the'. This is wh it is called IP 'as@uerading!
since gatewa / 'as@uerades ,or 'achines 7&!
7;! and 76. 2achines 7# through 73 and gatewa 3 cannot initiate an
co''unication with 7& through 76. In ,act the ha%e
no wa to know that those 'achines e%en e-istK
IP 2as@uerading
IP 'as@uerading allows internal 'achines that donIt ha%e an oEciall assigned IP
addresses to co''unicate to other networks
and es(eciall the internet. In 8inu-! IP 'as@uerading su((ort is (ro%ided b the
kernel. To get it to work ou 'ust do
essentiall three things.
#. /e sure the kernel has su((ort ,or IP 'as@uerading.
". /e sure 'odules needed ,or su((ort are loaded into the kernel.
3. 7et u( the +rewall rules.
For co'(lete in,or'ation on the setu( o, IP 'as@uerading! see the ,ollowing 8inu-
how0tos.
l IPCB3IN70B6AT6
l Firewall0B6AT6
l IP02as@uerade0B6AT6
7o'e o, the in,or'ation in this section is based on these how0tos. This section
su''ariHes and (uts in si'(le ste(s so'e o,
the ite's ou will be re@uired to (er,or' to set u( IP 'as@uerading. It is not a
re(lace'ent ,or the 8inu- how to docu'ents!
but a co'(le'ent to the' b gi%ing an o%er%iew o, what 'ust be done. Dou 'a
access the howtos ,ro' one o, the websites
listed in the 8inu- websites section. The 8inu- Docu'entation ProCect or 2etalabIs
Inde- o, 8inu- (ublications will ha%e
co(ies i, these howtos.
To set u( IP 'as@uerading in 8inu- ou 'ust +rst be sure our kernel su((orts IP
'as@uerading with the ,ollowing o(tions set
4This is ,or a ".".- kernel or higher5.
Pro'(t ,or de%elo('ent and)or inco'(lete code)dri%ers 4C6NFIGS19P1$I21NT385
MD)n)JO0 D17
1nable loadable 'odule su((ort 4C6NFIGS26D:8175 MD)n)JO 0 D17
Networking su((ort 4C6NFIGSN1T5 MD)n)JO 0 D17
Packet socket 4C6NFIGSP3CN1T5 MD)')n)JO 0 D17
Nernel):ser netlink socket 4C6NFIGSN1T8INN5 MD)n)JO 0 D17
$outing 'essages 4C6NFIGS$TN1T8INN5 MD)n)JO 0 N6
Network +rewalls 4C6NFIGSFI$1A3885 MD)n)JO 0 D17
TCP)IP networking 4C6NFIGSIN1T5 0 D17
IP. ad%anced router 4C6NFIGSIPS3DV3NC1DS$6:T1$5 MD)n)JO 0 N6
IP. %erbose route 'onitoring 4C6NFIGSIPS$6:T1SV1$/6715 MD)n)JO 0 D17
IP. +rewalling 4C6NFIGSIPSFI$1A3885 MD)n)JO 0 D17
IP. +rewall (acket netlink de%ice 4C6NFIGSIPSFI$1A388SN1T8INN5 MD)n)JO 0 D17
IP. alwas de,rag'ent 4re@uired ,or 'as@uerading5 4C6NFIGSIPS38A3D7SD1F$3G5
MD)n)JO 0 D17
IP. 'as@uerading 4C6NFIGSIPS237Q:1$3D1 MD)n)JO 0 D17
IP. IC2P 'as@uerading 4C6NFIGSIPS237Q:1$3D1SIC2P5 MD)n)JO 0 D17
IP. 'as@uerading s(ecial 'odules su((ort 4C6NFIGSIPS237Q:1$3D1S26D5 MD)n)JO 0
D17
IP. i(auto,w 'as@uerade su((ort 419P1$I21NT385
4C6NFIGSIPS237Q:1$3D1SIP3:T6FA5 MD)n)JO 0 N6
IP. i((ort,w 'as@ su((ort 419P1$I21NT385 4C6NFIGSIPS237Q:1$3D1SIPP6$TFA5
MD)n)JO 0 D17
IP. i( ,w'ark 'as@0,orwarding su((ort 419P1$I21NT385
4C6NFIGSIPS237Q:1$3D1S2FA5 MD)')n)JO 0 N6
IP. o(ti'iHe as router not host 4C6NFIGSIPS$6:T1$5 MD)n)JO 0 D17
IP. G$1 tunnels o%er IP 4C6NFIGSN1TSIPG$15 MN))')JO 0 N6
IP. TCP sncookie su((ort 4not enabled (er de,ault5 4C6NFIGS7DNSC66NI175 MD)n)JO 0
D17
Network de%ice su((ort 4C6NFIGSN1TD1VIC175 MD)n)JO 0 D17
Du'' net dri%er su((ort 4C6NFIGSD:22D5 M2)n))JO 0 D17
)(roc +lesste' su((ort 4C6NFIGSP$6CSF75 MD)n)JO 0 D17
These are the kernel o(tions ou need ,or IP 2as@uerade. Dou will need to select
other o(tions ,or our s(eci+c hardware and
network setu(. $ead the IP 'as@uerade and kernel howtos ,or 'ore in,or'ation.
Dou 'a also want the section about how to
co'(ile the 8inu- kernel on the 8inu- :serIs Guide in the 8inu- section o, this
docu'entation. IP 2as@uerading
Create the ,ollowing te-t and (lace it in a +le <)etc)rc.d)rc.+rewall<. This will load
our needed 'odules into our kernel and
set u( our basic +rewall rules. I, ou co( the +le ,ro' this (age! be sure to
re'o%e carriage returns when ou get it into
8inu- or it 'a not work (ro(erl.
V rc.+rewall 0 Initial 7I2P81 IP 2as@uerade setu( ,or ".0.- kernels using IPFA3D2
V
V 8oad all re@uired IP 237Q 'odules
V
V N6T1. 6nl load the IP 237Q 'odules ou need. 3ll current a%ailable IP 237Q
'odules
V are shown below but are co''ented out ,ro' loading.
V Needed to initiall load 'odules
V
)sbin)de('od 0a
V 7u((orts the (ro(er 'as@uerading o, FTP +le trans,ers using the P6$T 'ethod
V
)sbin)'od(robe i(S'as@S,t(
V 7u((orts the 'as@uerading o, $eal3udio o%er :DP. Aithout this 'odule!
V $eal3udio AI88 ,unction but in TCP 'ode. This can cause a reduction
V in sound @ualit
V
V)sbin)'od(robe i(S'as@Sraudio
V 7u((orts the 'as@uerading o, I$C DCC +le trans,ers
V
)sbin)'od(robe i(S'as@Sirc
V 7u((orts the 'as@uerading o, Quake and QuakeAorld b de,ault. This 'odules
is
V ,or ,or 'ulti(le users behind the 8inu- 237Q ser%er. I, ou are going to (la
V Quake I! II! and III! use the second e-a'(le.
V
VQuake I ) QuakeAorld 4(orts "6000 and "=0005
V)sbin)'od(robe i(S'as@S@uake
V
VQuake I)II)III ) QuakeAorld 4(orts "6000! "=000! "=?#0! "=?605
V )sbin)'od(robe i(S'as@S@uake (ortsP"6000!"=000!"=?#0!"=?60
V 7u((orts the 'as@uerading o, the Cu7ee'e %ideo con,erencing so,tware
V
V)sbin)'od(robe i(S'as@Scusee'e
V7u((orts the 'as@uerading o, the VD60li%e %ideo con,erencing so,tware
V
V)sbin)'od(robe i(S'as@S%doli%e
VC$ITIC38. 1nable IP ,orwarding since it is disabled b de,ault since
V
V $edhat :sers. ou 'a tr changing the o(tions in )etc)sscon+g)network
,ro'.IP 2as@uerading
V
V F6$A3$DSIPV&P,alse
V to
V F6$A3$DSIPV&Ptrue
V
echo <#< W )(roc)ss)net)i(%&)i(S,orward
V Dna'ic IP users.
V
V I, ou get our Internet IP address dna'icall ,ro' 78IP! PPP! or DBCP! enable
this ,ollowing
V o(tion. This enables dna'ic0i( address hacking in IP 237Q! 'aking the li,e
V with DialD! PPPd! and si'ilar (rogra's 'uch easier.
V
echo <#< W )(roc)ss)net)i(%&)i(Sdnaddr
V 237Q ti'eouts
V
V " hrs ti'eout ,or TCP session ti'eouts
V #0 sec ti'eout ,or traEc a,ter the TCP)IP <FIN< (acket is recei%ed
V #60 sec ti'eout ,or :DP traEc 4I'(ortant ,or 237QIed ICQ users5
V
)sbin)i(chains 02 07 ="00 #0 #60
V DBCP. For (eo(le who recei%e their e-ternal IP address ,ro' either DBCP or
/66TP
V such as 3D78 or Cable'ode' users! it is necessar to use the ,ollowing
V be,ore the den co''and. The <boot(SclientSnetSi,Sna'e< should be
re(laced
V the na'e o, the link that the DBCP)/66TP ser%er will (ut an address on toJ
V This will be so'ething like <eth0<! <eth#<! etc.
V
V This e-a'(le is currentl co''ented out.
V
V
)sbin)i(chains 03 in(ut 0C 3CC1PT 0i eth# 0s 0)0 6= 0d 0)0 6> 0( ud(
V 1nable si'(le IP ,orwarding and 2as@uerading
V
V N6T1. The ,ollowing is an e-a'(le ,or an internal 83N address in the
#?".#6>.0.-
V network with a ";;.";;.";;.0 or a <"&< bit subnet 'ask.
V
V Please change this network nu'ber and subnet 'ask to 'atch our internal
83N setu(
V
)sbin)i(chains 0P ,orward D1ND
)sbin)i(chains 03 ,orward 0s #0.#.#??.0)"& 0C 237Q
3dd the ,ollowing line to the <)etc)rc.d)rc.local< +le.
)etc)rc.d)rc.+rewall
6, course the 'achines that ou are con+guring to be behind the 'achine (ro%iding
the 'as@uerading ser%ice should be
con+gured to use that as their gatewa. In this case 7& through 76 should use
gatewa / as their de,ault gatewa. Firewalls
Firewalls
Firewalls are 'ainl used as a 'eans to (rotect an organiHationIs internal network
,ro' those on the outside 4internet5. It
is used to kee( outsiders ,ro' gaining in,or'ation to secrets or ,ro' doing da'age
to internal co'(uter sste's.
Firewalls are also used to li'it the access o, indi%iduals on the internal network to
ser%ices on the internet along with
kee(ing track o, what is done through the +rewall. Please note the diFerence
between +rewalls and routers as described
in the second (aragra(h in the IP 2as@uerading section.
T(es o, Firewalls
#. Packet Filtering 0 /locks selected network (ackets.
". Circuit 8e%el $ela 0 76CN7 is an e-a'(le o, this t(e o, +rewall. This t(e o,
(ro- is not aware o,
a((lications but Cust cross links our connects to another outside connection. It can
log acti%it! but not as
detailed as an a((lication (ro-. It onl works with TCP connections! and doesnIt
(ro%ide ,or user authentication.
3. 3((lication Pro- Gatewa 0 The users connect to the outside using the (ro-.
The (ro- gets the in,or'ation
and returns it to the user. The (ro- can record e%erthing that is done. This t(e o,
(ro- 'a re@uire a user
login to use it. $ules 'a be set to allow so'e ,unctions o, an a((lication to be
done and other ,unctions denied.
The <get< ,unction 'a be allowed in the FTP a((lication! but the <(ut< ,unction
'a not.
Pro- 7er%ers can be used to (er,or' the ,ollowing ,unctions.
l Control outbound connections and data.
l 2onitor outbound connections and data.
l Cache re@uested data which can increase sste' bandwidth (er,or'ance and
decrease the ti'e it takes ,or other
users to read the sa'e data.
3((lication (ro- ser%ers can (er,or' the ,ollowing additional ,unctions.
l Pro%ide ,or user authentication.
l 3llow and den a((lication s(eci+c ,unctions.
l 3((l stronger authentication 'echanis's to so'e a((lications. Firewalls
Packet Filtering Firewalls
In a (acket +ltering +rewall! data is ,orwarded based on a set o, +rewall rules. This
+rewall works at the network le%el.
Packets are +ltered b t(e! source address! destination address! and (ort
in,or'ation. These rules are si'ilar to the
routing rules e-(lained in an earlier section and 'a be thought o, as a set o,
instructions si'ilar to a case state'ent or i,
state'ent. This t(e o, +rewall is ,ast! but cannot allow access to a (articular user
since there is no wa to identi, the
user e-ce(t b using the IP address o, the userIs co'(uter! which 'a be an
unreliable 'ethod. 3lso the user does not
need to con+gure an so,tware to use a (acket +ltering +rewall such as setting a
web browser to use a (ro- ,or access
to the web. The user 'a be unaware o, the +rewall. This 'eans the +rewall is
trans(arent to the client.
Circuit 8e%el $ela Firewall
3 circuit le%el rela +rewall is also trans(arent to the client. It listens on a (ort such
as (ort >0 ,or htt( re@uests and
redirect the re@uest to a (ro- ser%er running on the 'achine. /asicall! the
redirect ,unction is set u( using i(chains
then the (ro- will +lter the (ackage at the (ort that recei%ed the redirect.
Con+guring a Pro- 7er%er
The ,ollowing (ackages are a%ailable in 8inu-.
l I(chains soon to be re(laced b net+lter 4Packet +ltering su((orted b the 8inu-
kernel5. It co'es with 8inu- and
is used to 'odi, the kernel (acket routing tables.
l 76CN7 0 Circuit 7witching +rewall. Nor'all doesnIt co'e with 8inu-! but is ,ree.
l 7@uid 0 3 circuit switching (ro-. Nor'all co'es with 8inu-.
l Runi(er Firewall Toolkit 0 3 +rewall toolkit (roduct used to build a +rewall. It uses
trans(arent +ltering! and is
circuit switching. It is a%ailable as o(en source.
l The TI7 Firewall Toolkit 4FATN5. 3 toolkit that co'es with a((lication le%el
(ro-ies. The a((lications include
Telnet! $login! 72TP 'ail! FTP! htt(! and 9 windows. it can also (er,or' as a
trans(arent (ro- ,or other
ser%ices.
I(chains and 8inu- Packet +ltering
For co'(lete in,or'ation on the use o, IP chains and setting u( a +rewall! see the
,ollowing 8inu- how0tos.
l IPCB3IN70B6AT6
l Firewall0B6AT6
l IP02as@uerade0B6AT6
7o'e o, the in,or'ation in this section is based on these how0tos. This section
su''ariHes and (uts in si'(le ste(s
so'e o, the ite's ou will be re@uired to (er,or' to set u( a +rewall. It is not 'eant
as a re(lace'ent ,or the 8inu- how
to docu'ents! but a co'(le'ent to the' b gi%ing an o%er%iew o, what 'ust be
done. Dou 'a access the howtos ,ro'
one o, the websites listed in the 8inu- websites section. The 8inu- Docu'entation
ProCect or 2etalabIs Inde- o, 8inu-
(ublications will ha%e co(ies i, these howtos.
The ad'inistration o, data (acket 'anage'ent is controlled b the kernel.
There,ore to (ro%ide su((ort ,or things like IP
'as@uerading! (acket ,orwarding! and (ort redirects! the su((ort 'ust be co'(iled
into the kernel. The kernel contains a
series o, tables that each contain 0 or 'ore rules. 1ach table is called a chain. 3
chain is a se@uence o, rules. 1ach rule Firewalls
contains two ite's.
#. Characteristics 0 Characteristics such as source address! destination address!
(rotocol t(e 4:DP! TCP! IC2P5!
and (ort nu'bers.
". Instructions 0 Instructions are carried out i, the rule characteristics 'atch the
data (acket.
The kernel +lters each data (acket ,or a s(eci+c chain. For instance when a data
(acket is recei%ed! the <in(ut< chain
rules are checked to deter'ine the acce(tance (olic ,or the data (acket. The rules
are checked starting with the +rst rule
4rule #5. I, the rule characteristics 'atch the data (acket! the associated rule
instruction is carried out. I, the donIt 'atch!
the ne-t rule is checked. The rules are se@uentiall checked! and i, the end o, the
chain is reached! the de,ault (olic ,or
the chain is returned.
Chains are s(eci+ed b na'e. There are three chains that are a%ailable and canIt be
deleted. The are.
#. In(ut 0 $egulates acce(tance o, inco'ing data (ackets.
". Forward 0 De+nes (er'issions to ,orward (ackets that ha%e another host as a
destination.
3. 6ut(ut 0 Per'issions ,or sending (ackets.
1ach rule has a branch na'e or (olic. Policies are listed below.
l 3CC1PT 0 3cce(t the data (acket.
l $1R1CT 0 Dro( and the (acket but send a IC2P 'essage indicating the (acket
was re,used.
l D1ND 0 Dro( and ignore the (acket.
l $1DI$1CT 0 $edirect to a local socket with in(ut rules onl e%en i, the (acket is
,or a re'ote host. This a((lies
to TCP or :DP (ackets.
l 237Q 0 7ets u( IP 'as@uerading. Aorks on TCP or :DP (ackets.
l $1T:$N 0 The ne-t rule in the (re%ious calling chain is e-a'ined.
Dou can create 'ore chains then add rules to the'. The co''ands used to 'odi,
chains are as ,ollows.
l 0N Create a new chain
l 09 Delete an e'(t chain
l 08 8ist the rules in the chain
l 0P Change the (olic ,or a chain
l 0F FlushPDelete all the rules in a chain
l 0G Gero the (acket and bte counters in all chains
Co''ands to 'ani(ulate rules inside the chain are.
l 03 3((end a new rule to a chain.
l 0I Insert a new rule at so'e (osition in a chain.
l 0$ $e(lace a rule at so'e (osition in a chain.
l 0D Delete a rule at so'e (osition in a chain.
l 6(tions ,or 'as@uerading.
' 02 with 08 to list the currentl 'as@ueraded connection.
' 02 with 07 to set the 'as@uerading ti'eout %alues.
IPchains 6(tions ,or setting rule s(eci+cations. Firewalls
l 0s 7ource
l 0d Destination
l 0( ProtocolPtc(! u(d! ic'(! all or a na'e ,ro' )etc)(rotocols
l 0C Ru'( target! 7(eci+es the target o, the rule. The target can be a user de+ned
chain! but not the one this rule is
in.
l 0i Inter,acePNa'e o, the inter,ace the (acket is recei%ed on or the inter,ace
where the (acket will be sent
l 0t 2ask used to 'odi, the t(e o, ser%ice 4T675 +eld in the IP header. This
o(tion is ,ollowed b two %alues! the
+rst one is andIed with the T67 +eld! and the second is e-clusi%e orIed. The 'asks
are eight bit he-adeci'al
%alues. 3n e-a'(le o, use is <i(chains 03 out(ut 0( tc( 0d 0.0.0.0)0 telnet 0t 0-0#
0-#0< These bits are used to set
(riorit. 7ee the section on IP 'essage ,or'ats.
l 0, Frag'ent
Ahen 'aking changes to +rewall rules! it is a good idea to den all (ackages (rior
to 'aking changes with the ,ollowing
three co''ands.
i(chains 0I in(ut # 0C D1ND
i(chains 0I out(ut # 0C D1ND
i(chains 0I ,orward # 0C D1ND
These co''ands inserts a rule at location # that denies all (ackages ,or in(ut!
out(ut! or ,orwarding. This is done so no
unauthoriHed (ackets are not let through while doing the changes. Ahen our
changes ha%e been co'(leted! ou need to
re'o%e the rules at (osition # with the ,ollowing co''ands.
i(chains 0D in(ut #
i(chains 0D out(ut #
i(chains 0D ,orward #
1-a'(les o, the use o, i(chains to allow %arious ser%ices
Create a new chain.
i(chains 0N chaina'e
The o(tion <0N< creates the chain.
3dd the chain to the in(ut chain.
i(chains 03 in(ut 0C chaina'e
3llow connections to outside htt( ser%ers ,ro' inside our network.
i(chains 03 chaina'e 0s #0.#.0.0)#6 #0"&. 0d 0.0.0.0)0 www 0C 3CC1PT
The <03 chaina'e< adds a rule to the chain called <chaina'e<. The <0s #0.#.0.0)#6
#0"&.< s(eci+es an traEc on
network #0.#.0.0 at (ort #0"& or abo%e. The <0d 0.0.0.0)0 www< s(eci+es an
destination ,or www ser%ice 4in the
)etc)ser%ices +le5 and the <0C 3CC1PT< sets the rule to acce(t the traEc. Firewalls
3llow connections ,ro' the internet to connect with our htt( ser%er.
i(chains 03 chaina'e 0s 0.0.0.0)0 www 0d #0.#.#.36 #0"&. 0C 3CC1PT
The <03 chaina'e< adds a rule to the chain called <chaina'e<. The <0s 0.0.0.0)0
www< s(eci+es traEc ,ro' an source
,or www ser%ice. The <0d #0.#.#.36 #0"&.< s(eci+es the htt( ser%er at IP address
#0.#.#.36 at (orts abo%e #0"& and the <0
C 3CC1PT< sets the rule to acce(t the traEc.
3llow DN7 to go through the +rewall.
i(chains 03 chaina'e 0( :DP 0s 0)0 dns 0d #0.#.0.0)#6 0C 3CC1PT
The <03 chaina'e< adds a rule to the chain called <chaina'e<. The <0( :DP<
s(eci+es :DP (rotocol. The <0s 0)0 dns<
s(eci+es an dns traEc ,ro' an location. The <0d #0.#.0.0)#6< s(eci+es our
network and the <0C 3CC1PT< sets the rule
to acce(t the traEc. This allows DN7 @ueries ,ro' co'(uters inside our network to
be recei%ed.
3llow e0'ail to go ,ro' our internal 'ail ser%er to 'ailser%ers outside the network.
i(chains 03 chaina'e 0s #0.#.#."& 0d 0)0 s't( 0C 3CC1PT
The <03 chaina'e< adds a rule to the chain called <chaina'e<. The <0s #0.#.#."&<
s(eci+es an traEc ,ro' #0.#.#."& IP
address. The <0d 0)0 s't(< s(eci+es an s't( t(e o, ser%ice going anwhere and
the <0C 3CC1PT< sets the rule to
acce(t the traEc.
3llow e0'ail to co'e ,ro' an location to our 'ail ser%er.
i(chains 03 chaina'e 0s 0)0 s't( 0d #0.#.#."& s't( 0C 3CC1PT
The <03 chaina'e< adds a rule to the chain called <chaina'e<. The <0s 0)0 s't(<
s(eci+es 'ail traEc ,ro' anwhere.
The <0d #0.#.#."& s't(< s(eci+es 'ail traEc going to our 'ail ser%er and the <0C
3CC1PT< sets the rule to acce(t the
traEc.
Per,or' a BTTP (ort redirect ,or a trans(arent (ro- ser%er.
i(chains 03 in(ut 0( tc( 0s #0.#.0.0)#6 0d 0)0 >0 0C $1DI$1CT >0>0
The <03 in(ut< adds a rule to the in(ut chain. The <0( tc(< s(eci+es the (rotocol TCP.
The <0s #0.#.0.0)#6< s(eci+es the
source as a network with net'ask ";;.";;.0.0. The <0d 0)0< s(eci+es a destination
o, anwhere. The nu'ber >0 is the
BTTP (ort nu'ber! and the co''and <0C $1DI$1CT >0>0< redirects the traEc to
(ort >0>0.
Gi%e telnet trans'issions a higher (riorit
i(chains 03 out(ut 0( tc( 0d 0.0.0.0)0 telnet 0t 0-0# 0-#0<
The bits at the end o, the line s(eci+ed in he-adeci'al ,or'at are used to set the
(riorit o, the IP 'essage on the
network. The +rst %alue is andIed with the T67 +eld in the IP 'essage header! and
the second %alue is e-clusi%e orIed.
7ee the section on IP 'essage ,or'ats ,or 'ore in,or'ation. Firewalls
:sing i(chains0sa%e and i(chains0restore to 'ake rules (er'anent
Ahen ou are done setting our i(chains rules! use the ,ollowing (rocedure while
logged on as root to 'ake the'
(er'anent.
#. T(e the co''and <i(chains0sa%e W )etc)i(rules.sa%e<.
". Create the ,ollowing scri(t na'ed <(acket,w<.
VK )bin)sh
V Packet +ltering +rewall scri(t to be used turn the +rewall on or oF

i, M 0, )etc)i(rules.sa%e O
then
case <X#< in
start5
echo 0n <Turning on (acket +ltering +rewall.<
)sbin)i(chains0restore Y )etc)i(rules.sa%e
echo # W )(roc)ss)net)i(%&)i(S,orward
echo <.<
UU
sto(5
echo 0n <Turning oF (acket +ltering.<
echo 0 W )(roc)ss)net)i(%&)i(S,orward
)sbin)i(chains 09
)sbin)i(chains 0F
)sbin)i(chains 0P in(ut 3CC1PT
)sbin)i(chains 0P out(ut 3CC1PT
)sbin)i(chains 0P ,orward 3CC1PT
echo <.<
UU
L5
echo <:sage. )etc)init.d)(acket,w TstartZsto([<
e-it #
UU
esac
e-it 0
else
echo the )etc)i(rules.sa%e +le does not e-ist.
e-it #
+
3. 7a%e the +le in the )etc)rc.d)init.d director.
&. In the )etc)rc.d)rc3.d and the )etc)rc.d)rc;.d directories 'ake a s'bolic link
called 70=(acket,w to the
)etc)rc.d)init.d)(acket,w +le with the co''and <ln 0s )etc)rc.d)rc3)70=(acket,w
)etc)rc.d)init.d)(acket,w<. This
a((lies to runle%el 3. Do the sa'e ,or the runle%el ; initialiHation director. Note.
Dou 'a need to use a diFerent
nu'ber than the <70=< string to nu'ber our link +le. 8ook in our )etc)rc.d)rc3.d
and )etc)rc.d)rc;.d directories
to deter'ine what nu'ber is a%ailable to gi%e this +le. Tr to gi%e it a nu'ber Cust
below our network nu'ber
+le. 6n ' sste' the 7#0network +le is used to start ' network. Do'ain Na'e
7er%ice
Do'ain Na'e 7er%ice
Bost Na'es
Do'ain Na'e 7er%ice 4DN75 is the ser%ice used to con%ert hu'an readable na'es
o, hosts to IP addresses. Bost na'es are
not case sensiti%e and can contain al(habetic or nu'eric letters or the h(hen.
3%oid the underscore. 3 ,ull @uali+ed do'ain
na'e 4FQDN5 consists o, the host na'e (lus do'ain na'e as in the ,ollowing
e-a'(le.
co'(uterna'e.do'ain.co'
The (art o, the sste' sending the @ueries is called the resol%er and is the client
side o, the con+guration. The na'eser%er
answers the @ueries. $ead $FCs #03& and #03;. These contain the bulk o, the DN7
in,or'ation and are su(erceded b $FCs
#;3;0#;3=. Na'ing is in $FC #;?#. The 'ain ,unction o, DN7 is the 'a((ing o, IP
addresses to hu'an readable na'es.
Three 'ain co'(onents o, DN7
#. resol%er
". na'e ser%er
3. database o, resource records4$$s5
Do'ain Na'e 7ste'
The Do'ain Na'e 7ste' 4DN75 is basicall a large database which resides on
%arious co'(uters and it contains the na'es
and IP addresses o, %arious hosts on the internet and %arious do'ains. The Do'ain
Na'e 7ste' is used to (ro%ide
in,or'ation to the Do'ain Na'e 7er%ice to use when @ueries are 'ade. The ser%ice
is the act o, @uering the database! and
the sste' is the data structure and data itsel,. The Do'ain Na'e 7ste' is si'ilar
to a +le sste' in :ni- or D67 starting
with a root. /ranches attach to the root to create a huge set o, (aths. 1ach branch
in the DN7 is called a label. 1ach label can
be 63 characters long! but 'ost are less. 1ach te-t word between the dots can be
63 characters in length! with the total do'ain
na'e 4all the labels5 li'ited to ";; btes in o%erall length. The do'ain na'e
sste' database is di%ided into sections called
Hones. The na'e ser%ers in their res(ecti%e Hones are res(onsible ,or answering
@ueries ,or their Hones. 3 Hone is a subtree o,
DN7 and is ad'inistered se(aratel. There are 'ulti(le na'e ser%ers ,or a Hone.
There is usuall one (ri'ar na'eser%er and
one or 'ore secondar na'e ser%ers. 3 na'e ser%er 'a be authoritati%e ,or 'ore
than one Hone.
DN7 na'es are assigned through the Internet $egistries b the Internet 3ssigned
Nu'ber 3uthorit 4I3N35. The do'ain
na'e is a na'e assigned to an internet do'ain. For e-a'(le! 'college.edu
re(resents the do'ain na'e o, an educational
institution. The na'es 'icroso,t.co' and 3Co'.co' re(resent the do'ain na'es
at those co''ercial co'(anies. Na'ing
hosts within the do'ain is u( to indi%iduals ad'inister their do'ain.
3ccess to the Do'ain na'e database is through a resol%er which 'a be a (rogra'
or (art o, an o(erating sste' that resides
on users workstations. In :ni- the resol%er is accessed b using the librar ,unctions
<gethostbna'e< and <gethostbaddr<.
The resol%er will send re@uests to the na'e ser%ers to return in,or'ation re@uested
b the user. The re@uesting co'(uter tries
to connect to the na'e ser%er using its IP address rather than the na'e.
7tructure and 'essage ,or'at
The drawing below shows a (artial DN7 hierarch. 3t the to( is what is called the
root and it is the start o, all other branches
in the DN7 tree. It is designated with a (eriod. 1ach branch 'o%es down ,ro' le%el
to le%el. Ahen re,erring to DN7
addresses! the are re,erred to ,ro' the botto' u( with the root designator 4(eriod5
at the ,ar right. 1-a'(le.
<'host.'co'(an.co'.<. Do'ain Na'e 7er%ice
DN7 is hierarchical in structure. 3 do'ain is a subtree o, the do'ain na'e s(ace.
Fro' the root! the assigned to(0le%el
do'ains in the :.7. are.
l G6V 0 Go%ern'ent bod.
l 1D: 0 1ducational bod.
l INT 0 International organiHation
l N1T 0 Networks
l C62 0 Co''ercial entit.
l 2I8 0 :. 7. 2ilitar.
l 6$G 0 3n other organiHation not (re%iousl listed.
6utside this list are to( le%el do'ains ,or %arious countries.
1ach node on the do'ain na'e sste' is se(arated b a <.<. 1-a'(le.
<''achine.'co'(an.co'.<. Note that an na'e
ending in a <.< is an absolute do'ain na'e since it goes back to root.
DN7 2essage ,or'at.
/its Na'e Descri(tionDo'ain Na'e 7er%ice
00#; Identi+cation :sed to 'atch res(onses to re@uests. 7et b client and returned
b ser%er.
#603# Flags
Tells i, @uer or res(onse! t(e o, @uer! i, authoritati%e answer! i, truncated!
i, recursion desired! and i, recursion is a%ailable.
3"0&= Nu'ber o, @uestions
&>063 Nu'ber o, answer $$s
6&0=? Nu'ber o, authorit $$s
>00?; Nu'ber o, additional $$s
?60JJ Questions 0 %ariable lengths There can be %ariable nu'bers o, @uestions sent.
JJ0JJ 3nswers 0 %ariable lengths 3nswers are %ariable nu'bers o, resource records.
JJ0JJ 3uthorit 0 %ariable lengths
JJ0JJ 3dditional In,or'ation 0 %ariable lengths
Question ,or'at includes @uer na'e! @uer t(e and @uer class. The @uer na'e
is the na'e being looked u(. The @uer
class is nor'all # ,or internet address. The @uer t(es are listed in the table
below. The include N7! CN321! 3! etc.
The answers! authorit and additional in,or'ation are in resource record 4$$5
,or'at which contains the ,ollowing.
#. Do'ain na'e
". T(e 0 6ne o, the $$ codes listed below.
3. Class 0 Nor'all indicates internet data which is a #.
&. Ti'e to li%e +eld 0 The nu'ber o, seconds the $$ is sa%ed b the client.
;. $esource data length s(eci+es the a'ount o, data. The data is de(endent on its
t(e such as CN321! 3! N7 or others
as shown in the table below. I, the t(e is <3< the data is a & bte IP address.
The table below shows resource record t(es.
T(e $$ %alue Descri(tion
3 # BostIs IP address
N7 " BostIs or do'ainIs na'e ser%er4s5
CN321 ; BostIs canonical na'e! host identi+ed b an alias do'ain na'e
PT$ #" BostIs do'ain na'e! host identi+ed b its IP address
BINF6 #3 Bost in,or'ation
29 #; BostIs or do'ainIs 'ail e-changer
39F$ ";" $e@uest ,or Hone trans,er
3ND ";; $e@uest ,or all records
:sage and +le ,or'ats
I, a do'ain na'e is not ,ound when a @uer is 'ade! the ser%er 'a search ,or the
na'e elsewhere and return the in,or'ation
to the re@uesting workstation! or return the address o, a na'e ser%er that the
workstation can @uer to get 'ore in,or'ation.
There are s(ecial ser%ers on the Internet that (ro%ide guidance to all na'e ser%ers.
These are known as root na'e ser%ers.
The do not contain all in,or'ation about e%er host on the Internet! but the do
(ro%ide direction as to where do'ains are
located 4the IP address o, the na'e ser%er ,or the u((er'ost do'ain a ser%er is
re@uesting5. The root na'e ser%er is the
starting (oint to +nd an do'ain on the Internet. Do'ain Na'e 7er%ice
Na'e 7er%er T(es
There are three t(es o, na'e ser%ers.
#. The (ri'ar 'aster builds its database ,ro' +les that were (recon+gured on its
hosts! called Hone or database +les.
The na'e ser%er reads these +les and builds a database ,or the Hone it is
authoritati%e ,or.
". 7econdar 'asters can (ro%ide in,or'ation to resol%ers Cust like the (ri'ar
'asters! but the get their in,or'ation
,ro' the (ri'ar. 3n u(dates to the database are (ro%ided b the (ri'ar.
3. Caching na'e ser%er 0 It gets all its answers to @ueries ,ro' other na'e ser%ers
and sa%es 4caches5 the answers. It is a
non0authoritati%e ser%er.
The caching onl na'e ser%er generates no Hone trans,er traEc. 3 DN7 7er%er that
can co''unicate outside o, the (ri%ate
network to resol%e a DN7 na'e @uer is re,erred to as ,orwarder.
DN7 Quer T(es
There are two t(es o, @ueries issued.
#. $ecursi%e @ueries recei%ed b a ser%er ,orces that ser%er to +nd the in,or'ation
re@uested or (ost a 'essage back to
the @uerier that the in,or'ation cannot be ,ound.
". Iterati%e @ueries allow the ser%er to search ,or the in,or'ation and (ass back the
best in,or'ation it knows about. This
is the t(e that is used between ser%ers. Clients used the recursi%e @uer.
3. $e%erse 0 The client (ro%ides the IP address and asks ,or the na'e. In other
@ueries the na'e is (ro%ided! and the IP
address is returned to the client. $e%erse looku( entries ,or a network
#?".#6>.#00.0 is <#00.#6>.#?".in0addr ar(a<.
Generall 4but not alwas5! a ser%er0to0ser%er @uer is iterati%e and a client0
resol%er0to0ser%er @uer is recursi%e. Dou should
also note that a ser%er can be @ueried or it can be the (erson (lacing a @uer.
There,ore! a ser%er contains both the ser%er and
client ,unctions. 3 ser%er can trans'it either t(e o, @uer. I, it is handed a
recursi%e @uer ,ro' a re'ote source! it 'ust
trans'it other @ueries to +nd the s(eci+ed na'e! or send a 'essage back to the
originator o, the @uer that the na'e could not
be ,ound.
DN7 Trans(ort (rotocol
DN7 resol%ers +rst atte'(t to use :DP ,or trans(ort! then use TCP i, :DP ,ails.
The DN7 Database
3 database is 'ade u( o, records and the DN7 is a database. There,ore! co''on
resource record t(es in the DN7 database
are.
l 3 0 BostIs IP address. 3ddress record allowing a co'(uter na'e to be translated
into an IP address. 1ach co'(uter
'ust ha%e this record ,or its IP address to be located. These na'es are not assigned
,or clients that ha%e dna'icall
assigned IP addresses! but are a 'ust ,or locating ser%ers with static IP addresses.
l PT$ 0 Bost\s do'ain na'e! host identi+ed b its IP address
l CN321 0 Bost\s canonical na'e allows additional na'es or aliases to be used to
locate a co'(uter.
l 29 0 Bost\s or do'ain\s 'ail e-changer.
l N7 0 Bost\s or do'ain\s na'e ser%er4s5.
l 763 0 Indicates authorit ,or the do'ain Do'ain Na'e 7er%ice
l T9T 0 Generic te-t record
l 7$V 0 7er%ice location record
l $P 0 $es(onsible (erson
l BINF6 0 Bost in,or'ation record with CP: t(e and o(erating sste'.
Ahen a resol%er re@uests in,or'ation ,ro' the ser%er! the DN7 @uer 'essage
indicates one o, the (receding t(es.
DN7 Files
l C3CB1.DN7 0 The DN7 Cache +le. This +le is used to resol%e internet DN7
@ueries. 6n Aindows sste's! it is
located in the AINNT$66T]sste'3"]DN7 director and is used to con+gure a DN7
ser%er to use a DN7 ser%er on
the internet to resol%e na'es not in the local do'ain.
1-a'(le Files
/elow is a (artial e-(lanation o, so'e records in the database on a 8inu- based
sste'. The reader should %iew this
in,or'ation because it e-(lains so'e i'(ortant DN7 settings that are co''on to
all DN7 ser%ers. 3n e-a'(le
)%ar)na'ed)db.'co'(an.co'.hosts +le is listed below.
'co'(an.co'. IN 763 ''achine.'co'(an.co'.
root.''achine.'co'(an.co'. 4
#???##"=0# U 7erial nu'ber as date and two digit nu'ber
DD22DD99
#0>00 U $e,resh in seconds ">>00P>B
3600 U $etr in seconds ="00P"B
60&>00 U 1-(ire 3600000P# week
>6&00 5 U 2ini'u' TT8 >6&00P"&Bours
'co'(an.co'. IN N7 ''achine.'co'(an.co'.
'co'(an.co'. IN 29 #0
'ail'achine.'co'(an.co'.
''achine.'co'(an.co'. IN 3 #0.#.0.#00
'ail'achine.'co'(an.co'. IN 3 #0.#.0.&
george.'co'(an.co'. IN 3 #0.#.3.#6
3 8ine b line descri(tion is as ,ollows.
#. The entries on this line are.
#. 'co'(an.co'. 0 Indicates this ser%er is ,or the do'ain 'co'(an.co'.
". IN 0 Indicates Internet Na'e.
3. 763 0 Indicates this ser%er is the authorit ,or its do'ain! 'co'(an.co'.
&. ''achine.'co'(an.co'. 0 The (ri'ar na'eser%er ,or this do'ain.
;. root.''achine.'co'(an.co'. 0 The (erson to contact ,or 'ore in,or'ation.
The lines in the (arenthesis! listed below! are ,or the secondar na'eser%er4s5
which run as sla%e4s5 to this one 4since it
is the 'aster5.
". #???##"=0# 0 7erial nu'ber 0 I, less than 'asterIs 7N! the sla%e will get a new
co( o, this +le ,ro' the 'aster.
3. #0>00 0 $e,resh 0 The ti'e in seconds between when the sla%e co'(ares this
+leIs 7N with the 'aster.
&. 3600 0 $etr 0 The ti'e the ser%er should wait be,ore asking again i, the 'aster
,ails to res(ond to a +le u(date 4763
re@uest5.
;. 60&>00 0 1-(ire 0 Ti'e in seconds the sla%e ser%er can res(ond e%en though it
cannot get an u(dated Hone +le.
6. >6&00 0 TT8 0 The ti'e to li%e 4TT85 in seconds that a resol%er will use data
recei%ed ,ro' a na'eser%er be,ore it will Do'ain Na'e 7er%ice
ask ,or the sa'e data again.
=. This line is the na'eser%er resource record. There 'a be se%eral o, these i,
there are sla%e na'e ser%ers.
'co'(an.co'. IN N7 ''achine.'co'(an.co'.
3dd an sla%e ser%er entries below this like.
'co'(an.co'. IN N7 ourna'es%#.'co'(an.co'.
'co'(an.co'. IN N7 ourna'es%".'co'(an.co'.
'co'(an.co'. IN N7 ourna'es%3.'co'(an.co'.
>. This line indicates the 'ailser%er record.
'co'(an.co'. IN 29 #0
'ail'achine.'co'(an.co'.
There can be se%eral 'ailser%ers. The nu'eric %alue on the line indicates the
(re,erence or (recedence ,or the use o,
that 'ail ser%er. 3 lower nu'ber indicates a higher (re,erence. The range o, %alues
is ,ro' 0 to 6;;3;. To enter 'ore
'ailser%ers! enter a new line ,or each one si'ilar to the na'eser%er entries abo%e!
but be sure to set the (re,erences
%alue correctl! at diFerent %alues ,or each 'ailser%er.
?. The rest o, the lines are the na'e to IP 'a((ings ,or the 'achines in the
organiHation. Note that the na'eser%er and
'ailser%er are listed here with IP addresses along with an other ser%er 'achines
re@uired ,or our network.
''achine.'co'(an.co'. IN 3 #0.#.0.#00
'ail'achine.'co'(an.co'. IN 3 #0.#.0.&
george.'co'(an.co'. IN 3 #0.#.3.#6
Do'ain na'es written with a dot on the end are absolute na'es which s(eci, a
do'ain na'e e-actl as it e-ists in the DN7
hierarch ,ro' the root. Na'es not ending with a dot 'a be a subdo'ain to so'e
other do'ain.
3liases are s(eci+ed in lines like the ,ollowing.
''achine.'co'(an.co' IN CN321 na'eser%er.'co'(an.co'.
george.'co'(an.co' IN CN321 dataser%er.'co'(an.co'.
8inu-#.'co'(an.co' IN CN321 engser%er.'co'(an.co'.
8inu-".'co'(an.co' IN CN321 'ailser%er.'co'(an.co'.
Ahen a client 4resol%er5 sends a re@uest! i, the na'eser%er +nds a CN321 record! it
re(laces the re@uested na'e with the
CN321! then +nds the address o, the CN321 %alue! and return this %alue to the
client.
3 host that has 'ore than one network card which is set to address two diFerent
subnets can ha%e 'ore than one address ,or a
na'e.
''achine.'co'(an.co' IN 3 #0.#.0.#00
IN 3 #0.#.#.#00
Ahen a client @ueries the na'eser%er ,or the address o, a 'ulti ho'ed host! the
na'eser%er will return the address that is
closest to the client address. I, the client is on a diFerent network than both the
subnet addresses o, the 'ulti ho'ed host! the
ser%er will return both addresses.Do'ain Na'e 7er%ice
For 'ore in,or'ation on (ractical a((lication o, DN7! read the DN7 section o, the
8inu- :serIs Guide. Virtual Pri%ate Networking
Virtual Pri%ate Networking
I, ouI%e understood 'ost o, this docu'ent so ,ar! the (rinci(les o, Virtual (ri%ate
networking 4VPN5 will be
eas to understand. The 'ost con,using (art o, VPN is that 'an acron's show
u(. This is (artl because VPN
re@uires data encr(tion to be <(ri%ate< and there are 'an encr(tion techni@ues
and ter's. 3lso there are 'an
co'(licated securit issues relating to VPN concerning encr(tion and user
authentication. This section will +rst
e-(lain the conce(t and 'ethodolog behind VPN! then e-(lain so'e o, the
acron's. I canIt e-(lain the' all!
there will be 'ore to'orrow.
Pur(ose o, VPN
The ,unction o, VPN is to allow two co'(uters or networks to talk to each other o%er
a trans(ort 'edia that is not
secure. To do this VPN uses a co'(uter at each o, the two or 'ore (oints on the
%arious ends o, the trans(ort
'edia such as the internet. 1ach (oint at the end o, the trans(ort 'edia 4internet5
is called a (oint o, (resence
4P6P5. In this e-a'(le! the trans(ort 'edia is the internet. In the e-a'(le below our
co'(an </oats and 2ore!
Inc.< has ,our oEces. 6ne in /oston! 7t Petersburg! 7eattle! and 7an Diego. The
owner wants a networking setu(
so he can access an o, the & network locations at an ti'e through the internet.
Be wants his data secure since
so'e o, it is con+dential. Bis oEces are set u( on networks #0.#.-.-! #0.".-.-!
#0.3.-.-! and #0.&.-.-. 1ach o, the
,our networks! when the need to send a data (acket to one o, the other networks!
will route its data (acket to its
res(ecti%e router! 3! /! C! or D. For e-a'(le i, a co'(uter on the #0.#.-.- network
in /oston needs to send a
(acket to a co'(uter with address #0.3.6.# on the network in 7an Diego at #0.3.-.-!
it will send its (acket to its
router! 3. 7ince the network nu'ber! #0.-.-.-! is reser%ed ,or (ri%ate use! the
(acket canIt be sent going ,ro'
co'(uter 3 with #0.3.6.# as its intended address. This is because the routers on the
internet will not recogniHe
this address as a %alid destination. IP 'as@uerading wonIt sol%e this (roble' since
the co'(uter on the other end
would ha%e no wa o, knowing that a (acket that it didnIt send was a 'as@ueraded
(acket. Tunneling is the
techni@ue used to sol%e this (roble'. Virtual Pri%ate Networking

Tunneling 'eans that the co'(lete IP (acket to be sent ,ro' /oston to 7an Diego
'ust be enca(sulated into
another IP (acket. This new (acket will ha%e a legal internet IP address. There,ore!
'achine 3 will take the
(acket it needs to route 4alread has destination address #0.3.6.#5 and roughl the
,ollowing will ha((en.
#. 2achine 3 will e-tract the IP (acket.
". 2achine 3 will encr(t the (acket.
3. 2achine 3 will wra( the original IP (acket in a new IP (acket with destination
address "0#.&=.?>.#0#!
which is 'achine CIs true internet address.
&. 2achine 3 will wra( the new IP (acket in an ethernet (acket and send it to the
network.
;. The (acket will be routed through the internet until it reaches 'achine C.
6. 2achine C will e-tract the outer IP (acket.
=. 2achine C will deter'ine that the IP (acket contains another IP (acket and
e-tract it.
>. 2achine C will decr(t the (acket.
?. 2achine C will e-a'ine the destination address o, the inner IP (acket! wra( it in
an ethernet (acket with
the correct ethernet address! and send it to the internal network on its (ort
#0.3.#.#.
This descri(tion is si'(listic! but it is essentiall what ha((ens. This did not account
,or authentication and being
sure 'achine C had the authorit or abilit to decr(t the (acket. There,ore VPN
can be e-a'ined in two 'ain
,unctional areas which are the tunneling 'echanis' and the securit 'echanis's.
Virtual Pri%ate Networking
VPN tunneling Protocols
The list below describes the tunneling (rotocols which 'a be used ,or VPN.
l 8"F 0 8aer" Forwarding! works at the link laer o, the 67I 'odel. It has no
encr(tion. /eing re(laced
b 8"TP.
l PPTP 0 Point0to0Point Tunneling Protocol 4$FC "63=5 works at the link laer. No
encr(tion or ke
'anage'ent included in s(eci+cations.
l 8"TP 0 8aer" Tunneling Protocol. 4$FC "66#5 Co'bines ,eatures o, 8"F and PPTP
and works at the link
laer. No encr(tion or ke 'anage'ent included in s(eci+cations.
l IP7ec 0 Internet (rotocol securit! de%elo(ed b I1TF! i'(le'ented at laer 3. it
is a collection o, securit
'easures that address data (ri%ac! integrit! authentication! and ke
'anage'ent! in addition to
tunneling. Does not co%er ke 'anage'ent.
l 7ocks 0 handled at the a((lication laer
VPN 7ecurit
In addition ot tunneling! VPN needs to (ro%ide ,or authenti+cation! con+dentialit!
data integrit and ke
'anage'ent. This is i'(ortant i, ou need to kee( our data going across the
trans'ission 'edia! secret. The
ca(abilit o, sending the data is eas! but the securit 'easures necessar 'ake
VPN a 'uch 'ore co'(le-
subCect. 7ecurit ,unctions that 'ust be co%ered are.
l 3uthenti+cation 0 2aking sure the data is ,ro' where it is su((osed to be ,ro'.
l Con+dentialit 0 Nee(ing an third (arties ,ro' reading or understanding the
data.
l Data integrit 0 /eing sure the data recei%ed was not changed b a third (art
and that it is correct.
l 3ccess control 0 Nee(ing third (arties without authoriHation ,ro' getting access
to our data or network.
1ssentiall the (art o, the sste' that 'ust 'ake the data secure! 'ust encr(t
the data and (ro%ide a 'ethod to
decr(t the data. There are 'an diFerent encr(tion ,or'ulas! but t(icall
handling o, decr(tion is usuall
done b (ro%iding a <ke< to the (art that 'ust decr(t the data. Nes are secrets
shared between two (arties!
that allow one (art to (ass encr(ted in,or'ation ,ro' one to the other without
third (arties being able to read it.
It is si'ilar to a house or car ke that allows onl 'e'bers o, our ,a'il to enter
the house or use the car. Nes
are a digital code that will allow the second (art to decr(t the data. The digital
code 'ust be long enough to
kee( an third (arties ,ro' being able to break the code b guessing. Ne
'anage'ent can be a co'(le- subCect
since there are 'an was to i'(le'ent it! but it needs to be secure so no third
(art gets! interce(ts! or guesses
the ke.
There are 'an diFerent (rotocols used to su((ort each o, the abo%e ,unctions.
1ach ha%e %arious ad%antages
and disad%antages including the ,act that so'e are 'ore secure than others. I, ou
are going to use VPN as a data
e-change 'ethod! and ou want secure data! ou or so'eone on our staF had
better know what theIre doing
4Nnowledge o, the strengths and weaknesses o, the (rotocols and how to i'(le'ent
the' (ro(erl5! or sooner or
later! ou 'a get burned.
2anaging user access rights and Ne 2anage'ent or 3uthenti+cation Virtual
Pri%ate Networking
7ste's
Two ke 'anage'ent (rotocols are.
#. $3DI:7 0 $e'ote 3uthentication Dial0In :ser 7er%ice is used ,or dial in clients to
connect to other
co'(uters or a network. It (ro%ides authentication and accounting when using PPTP
or 8"TP tunneling.
". I73N2P)6akle 0 Internet 7ecurit 3ssociation and Ne 2anage'ent Protocol
3uthentication uses one
o, the ,ollowing three attributes to authenticate users.
#. 7o'ething ou ha%e such as a ke.
". 7o'ething ou know such as a secret.
3. 7o'ething ou are such as our +nger(rint.
2ore than one 'eans o, authenti+cation is reco''ended ,or stronger securit.
VPN ter's
VPN Protocols.
l PPTP 0 Point to (oint tunneling (rotocol 4$FC "63=5
l 8"TP 0 8aer " tunneling (rotocol 4$FC "66#5
l IPIP tunneling 0 Tunneling IP (ackets in IP (ackets.
1ncr(tion (rotocols! 'ethods and ter's.
l CIP1 0 Cr(to IP 1nca(sulation
l 778 0 7ecure sockets laer
l IP71C 0 Internet (rotocol securit
3uthentication Protocols.
l P3P 0 Password 3uthenti+cation Protocol is a two wa handshake (rotocol
designed ,or use with PPP.
l CB3P 0 Challenge Bandshake 3uthentication Protocol is a three wa handshake
(rotocol which is
considered 'ore secure than P3P.
l T3C3C7 0 6Fers authentication! accounting! and authoriHation.
l 7)Ne 0 3 one ti'e (assword sste'! secure against re(las. $FC "">?.
ProCects and so,tware.
l 7A3N 0 7ecure wide area network
l PoPToP Point to (oint tunneling (rotocol ser%er. DBCP
DBCP
Dna'ic Bost Con+guration Protocol 4DBCP5
This (rotocol is used to assign IP addresses to hosts or workstations on the network.
:suall a DBCP ser%er on the
network (er,or's this ,unction. /asicall it <leases< out address ,or s(eci+c ti'es to
the %arious hosts. I, a host does not
use a gi%en address ,or so'e (eriod o, ti'e! that IP address can then be assigned
to another 'achine b the DBCP ser%er.
Ahen assign'ents are 'ade or changed! the DBCP ser%er 'ust u(date the
in,or'ation in the DN7 ser%er.
3s with /66TP! DBCP uses the 'achineIs or NIC ethernet 423C5 or hardware
address to deter'ine IP address
assign'ents. The DBCP (rotocol is built on /66TP and re(laces /66TP. DBCP
e-tends the %endor s(eci+c area in
/66TP to 3#" btes ,ro' 6&. $FC #;&# de+nes DBCP.
DBCP $FCs
DBCP $FCs are #;33! #;3&! #;&#! and #;&". 7ent ,ro' DBCP ser%er.
l IP address
l Net'ask
l De,ault Gatewa address
l DN7 ser%er addresse4s5
l Net/I67 Na'e ser%er 4N/N75 address4es5.
l 8ease (eriod in hours
l IP address o, DBCP ser%er.
DBCP 8ease 7tages
#. 8ease $e@uest 0 The client sends a broadcast re@uesting an IP address
". 8ease 6Fer 0 The ser%er sends the abo%e in,or'ation and 'arks the oFered
address as una%ailable. The 'essage
sent is a DBCP6FF1$ broadcast 'essage.
3. 8ease 3cce(tance 0 The +rst oFer recei%ed b the client is acce(ted. The
acce(tance is sent ,ro' the client as a
broadcast 4DBCP$1Q:17T 'essage5 including the IP address o, the DN7 ser%er that
sent the acce(ted oFer.
6ther DBCP ser%ers retract their oFers and 'ark the oFered address as a%ailable
and the acce(ted address as
una%ailable.
&. 7er%er lease acknowledge'ent 0 The ser%er sends a DBCP3CN or a DBCPN3CN i,
an una%ailable address was
re@uested.
DBCP disco%er 'essage 0 The initial broadcast sent b the client to obtain a DBCP
lease. It contains the client 23C
address and co'(uter na'e. This is a broadcast using ";;.";;.";;.";; as the
destination address and 0.0.0.0 as the source
address. The re@uest is sent! then the client waits one second ,or an oFer. The
re@uest is re(eated at ?! #3! and #6 second
inter%als with additional 0 to #000 'illiseconds o, rando'ness. The atte'(t is
re(eated e%er ; 'inutes therea,ter. The
client uses (ort 6= and the ser%er uses (ort 6>.
DBCP 8ease $enewal
3,ter ;0^ o, the lease ti'e has (assed! the client will atte'(t to renew the lease
with the original DBCP ser%er that it
obtained the lease ,ro' using a DBCP$1Q:17T 'essage. 3n ti'e the client boots
and the lease is ;0^ or 'ore (assed! DBCP
the client will atte'(t to renew the lease. 3t >=.;^ o, the lease co'(letion! the
client will atte'(t to contact an DBCP
ser%er ,or a new lease. I, the lease e-(ires! the client will send a re@uest as in the
initial boot when the client had no IP
address. I, this ,ails! the client TCP)IP stack will cease ,unctioning.
DBCP 7co(e and 7ubnets
6ne DBCP sco(e is re@uired ,or each subnet.
DBCP $ela 3gents
2a be (laced in two (laces.
l $outers
l 7ubnets that donIt ha%e a DBCP ser%er to ,orward DBCP re@uests.
Client $eser%ation
Client $eser%ation is used to be sure a co'(uter gets the sa'e IP address all the
ti'e. There,ore since DBCP IP address
assign'ents use 23C addresses to control assign'ents! the ,ollowing are re@uired
,or client reser%ation.
l 23C 4hardware5 address
l IP address
1-clusion $ange
1-clusion range is used to reser%e a bank o, IP addresses so co'(uters with static
IP addresses! such as ser%ers 'a use
the assigned addresses in this range. These addresses are not assigned b the
DBCP ser%er.
7a'(le DCBP Con+guration File
In 8inu-! a sa'(le con+guration +le is.
subnet #?".#6>.#??.0 net'ask ";;.";;.";;.0 T
V 000 de,ault gatewa
o(tion routers #?".#6>.#??.#U
o(tion subnet0'ask ";;.";;.";;.0U
o(tion nis0do'ain <'net.net<U
o(tion do'ain0na'e <'net.net<U
o(tion do'ain0na'e0ser%ers #?".#6>.#??.#U
o(tion ti'e0oFset 0;U V 1astern 7tandard Ti'e
V o(tion nt(0ser%ers #?".#6>.#??.#U
V o(tion netbios0na'e0ser%ers #?".#6>.#??.#U
V 000 7elects (oint0to0(oint node 4de,ault is hbrid5. DonIt change this unless
V 00 ou understand Netbios %er well
V o(tion netbios0node0t(e "UDBCP
de,ault0lease0ti'e #"0?600U V " weeks
'a-0lease0ti'e #>#&&00U V 3 weeks
range #?".#6>.#??.#0 #?".#6>.#??.";0U
V we want the na'eser%er to a((ear at a +-ed address
host na'eser%er T
ne-t0ser%er na'eser%er.'net.netU
hardware ethernet 00.#0.&b.ca.db.b;U
+-ed0address #?".#6>.#??.#U
[
[
This de'onstrates that the IP addresses are based on lease ti'es to the %arious
clients. I, the are not used within the
(eriod o, their lease ti'e b the client! those IP addresses are ,reed u( ,or use b
other clients. /66TP
/66TP
/66TP 4/oot Protocol5 'a be used to boot re'ote co'(uters o%er a network.
/66TP 'essages are
enca(sulated inside :DP 'essages and there,ore itIs re@uests and re(lies are
,orwarded b routers. /66TP is
de+ned b $FCs ?;# and #;&". The drawing below illustrates the data
enca(sulation.

The diskless sste' reads its uni@ue hardware address ,ro' its network inter,ace
card then sends a /66TP
re@uest. The table below shows the /66TP (ackage ,or'at ,ro' 'ost signi+cant bit
to least signi+cant bit.
/it range V o, /its Na'e Descri(tion
00= > 6( code
Tells i, the 'essage is a /66TP re@uest or re(l. $e@uestP#!
re(lP"
>0#; > Bardware t(e
Indicates the t(e o, hardware 4link le%el5. 3 %alue o, 6 indicates
ethernet
#60"3 > Bardware address length
Tells the length in btes o, the hardware address nu'ber. 1thernet
addresses are 6 btes long.
"303# > Bo( count Initiall set to 0. Incre'ented each ti'e it is ,orwarded.
3"063 3" Transaction ID 3 rando' nu'ber set b the client and returned b the
ser%er.
:sed to 'atch re(lies with re@uests
6&0=? #6 Nu'ber o, seconds
The ti'e since the client started tring to bootstra(. :sed to tell i,
a backu( /66TP ser%er should res(ond.
>00?; #6 unused not used
?60#"= 3" Clients IP address The clients IP address. I, a re@uest! it is nor'all
0.0.0.0
#">0#;? 3" IP address ,or client The ser%er sets this in the re(l 'essage./66TP
#600#?# 3" 7er%er IP address Filled in b the ser%er.
#?"0""3 3" Gatewa IP address $eturned b the ser%er.
""&03;# #"> Clients hardware address Pro%ided b the client.
3;"0#3=; #0"& 7er%er hostna'e 3 null ter'inated string o(tionall +lled in b the
ser%er.
#3=603&"3 "0&> /oot +lena'e
3 ,ull @uali+ed boot +le na'e with (ath in,or'ation! ter'inated
with a null. 7u((lied b the ser%er.
3&"&0&&&= #0"& Vendor in,or'ation
:sed ,or %arious o(tions to /66TP including the subnet 'ask to
the client.
The /66TP ser%er uses (ort 6= and the /66TP client uses (ort 6>. The ,ollowing is
a brie, e-(lanation o, what
ha((ens when a re'ote client boots.
#. /66TP re@uest. The client sends a /66TP re@uest ,ro' 0.0.0.0.6> to
";;.";;.";;.";;.6= with its
ethernet address and nu'ber o, secondIs +elds +lled in.
". /66TP re(l. The ser%er res(onds with the clientIs IP address! the ser%erIs IP
address 4itIs own5! and the
IP address o, a de,ault gatewa.
3. 3$P re@uest. The client issues an 3$P to tell i, the IP address it Cust recei%ed is
being used. It uses 0.0.0.0
as itIs own address
&. 3$P re@uest. The client waits 0.; seconds and re(eats the sa'e 3$P re@uest.
;. 3$P re@uest. The client waits another 0.; seconds and re(eats the 3$P re@uest
with itIs own address as
the senders address.
6. /66TP re@uest. The client waits 0.; seconds and sends another /66TP re@uest
with its own IP address
in the IP header
=. /66TP re(l. The ser%er sends the sa'e /66TP re(l it sent the last ti'e.
>. 3$P re@uest. The client out(uts an 3$P re@uest ,or the ser%er hardware address
?. 3$P re(l. The ser%er re(lies with its own ethernet address.
#0. TFTP read re@uest. The client sends a TFTP read re@uest asking ,or its s(eci+ed
boot +le. $PC and NF7
$PC and NF7
Network File 7ste' 4NF75
NF7! de+ned b $FC #0?&! is a 'ethod ,or client sste's to use a +lesste' on a
re'ote host co'(uter.
NF7 uses the :DP (rotocol and is su((orted b $PC.
$e'ote Procedure Call 4$PC5
$PC! de+ned b $FC #0;=! is a set o, ,unction calls used b a client (rogra' to call
,unctions in a
re'ote ser%er (rogra'. The (ort 'a((er (rogra' is the (rogra' used to kee(
track o, which (orts
(rogra's su((orting $PC ,unctions use. The (ort 'a((ers (ort is ###. In $edhat
8inu- the (ort'a((er
dae'on is started in the )etc)rc.d)init.d)(ort'a( and the dae'on (rogra' is called
<(ort'a(<.
The r(cin,o co''and
The co''and <r(cin,o 0(< will show the (ort nu'bers that are assigned to the $PC
ser%ices.
(rogra' %ers (roto (ort
#00000 " tc( ### (ort'a((er
#00000 " ud( ### (ort'a((er
#000## # ud( =&= r@uotad
#000## " ud( =&= r@uotad
#0000; # ud( =;= 'ountd
#0000; # tc( =;? 'ountd
#0000; " ud( =6" 'ountd
#0000; " tc( =6& 'ountd
#00003 " ud( "0&? n,s
7er%ices that 'a be listed include.
l r@uotad 0 1n,orces the set @uotas ,or re'ote 'ounted NF7 sste's.
l 'ountd 0 Per,or's the re@uested 'ounts.
l n,s 0 Bandles the user inter,ace to the kernel 'odule that (er,or's NF7.
NF7 related ser%ices in 8inu- include.
l a'd 0 $uns the auto'ount dae'on ,or auto'atic re'ote +lesste' 'ounting
such as n,s. It is
es(eciall worthwhile ,or working with re'o%eable 'edia such as *o((ies or CD
$62 disks.
l auto,s 0 This is the startu(! sto(! and status scri(t ,or the auto'ount (rogra'
used to con+gure $PC and NF7
'ount (oints ,or auto'atic 'ounting o, +le sste's.
l n,s 0 Pro%ides Network File 7ste' ser%er ser%ices.
l net,s 0 2ounts and un'ounts Network Fils 7ste' 4NF75! Aindows 472/5! and
Netware 4NCP5
+le sste's. The 'ount co''and is used to (er,or' this o(eration and no dae'on
is run in the
background.
The )etc)e-(orts +le is used to con+gure e-(orted +lesste's. Network
/roadcasting and 2ulticasting
Network /roadcasting and 2ulticasting
Network inter,ace cards are usuall (rogra''ed to listen ,or three t(es o,
'essages. The are 'essages sent to
their s(eci+c address! 'essages broadcast to all NICs! and 'essages that @uali, as
a 'ulticast ,or the s(eci+c
card. There are three t(es o, addressing.
#. :nicast 0 3 trans'ission to a single inter,ace card.
". 2ulticast 0 3 trans'ission to a grou( o, inter,ace cards on the network.
3. /roadcast 0 3 trans'ission to all inter,ace cards on the network. $FC ?#? and
?"" describe IP broadcast
datagra's.
' 8i'ited /roadcast 0 7ent to all NICs on the so'e network seg'ent as the
source NIC. It is
re(resented with the ";;.";;.";;.";; TCP)IP address. This broadcast is not
,orwarded b routers
so will onl a((ear on one network seg'ent.
' Direct broadcast 0 7ent to all hosts on a network. $outers 'a be con+gured to
,orward directed
broadcasts on large networks. For network #?".#6>.0.0! the broadcast is
#?".#6>.";;.";;.
3ll other 'essages are +ltered out b the NIC so,tware unless the card is
(rogra''ed to o(erate in (ro'iscuous
'ode to (er,or' network sniEng.
/roadcasting
The t(es o, broadcasting uses on TCP)IP that I know about are.
#. 3$P on IP
". DBCP on IP
3. $outing table u(dates. /roadcasts sent b routers with routing table u(dates to
other routers.
The ethernet broadcast address in he-adeci'al is FF.FF.FF.FF.FF.FF. There are
se%eral t(es o, IP broadcasting.
#. The IP li'ited broadcast address is ";;.";;.";;.";;. This broadcast is not
,orwarded b a router.
". 3 broadcast directed to a network has a ,or' o, -.";;.";;.";; where - is the
address o, a Class 3
network. This broadcast 'a be ,orwarded de(ending on the router (rogra'.
3. 3 broadcast sent to all subnetworks. I, the broadcast is #0.#.";;.";; on network
#0.#.0.0 and the network
is subnetted with 'ulti(le networks #0.#.-.0! then the broadcast is a broadcast to
all subnetworks.
&. 3 broadcast sent to a subnet in the ,or' #0.#.#.";; is a subnet broadcast i, the
subnet 'ask is
";;.";;.";;.0.
2ulticasting
2ulticasting 'a be used ,or strea'ing 'ulti'edia! %ideo con,erencing! shared
white boards and 'ore as the
internet grows. 2ulticasting is still new to the internet and not widel su((orted b
routers. New routing
(rotocols are being de%elo(ed to enable 'ulticast traEc to be routed. 7o'e o,
these routing (rotocols are. Network /roadcasting and 2ulticasting
l Bierarchical Distance Vector 2ulticast $outing Protocol 4BDV2$P5
l 2ulticast /order Gatewa
l Protocol Inde(endent 2ulticast
7ince IP is not a reliable network (rotocol! a new reliable 'ulticast (rotocol that
works at the trans(ort laer and
uses IP at the network laer has been de%elo(ed. It is called 2ulticast Trans(ort
Protocol 42TP5
1thernet 3ddressing.
The internet assigned nu'bers authorit 4I3N35 allocates ethernet addresses ,ro'
0#.00.;1.00.00.00 through
0#.00.;1.=F.FF.FF ,or 'ulticasting. This 'eans there are "3 bits a%ailable ,or the
'ulticast grou( ID.
IP 3ddressing.
3n IP 'ulticast address is in the range ""&.0.0.0 through "3?.";;.";;.";;. In
he-adeci'al that is 10.00.00.00 to
1F.FF.FF.FF. To be a 'ulticast address! the +rst three bits o, the 'ost signi+cant bte
'ust be set and the ,ourth
bit 'ust be clear. In the IP address! there are "> bits ,or 'ulticasting. There,ore
there are ; 'ulticasting bits that
cannot be 'a((ed into an ethernet data (acket. The ; bits that are not 'a((ed are
the ; 'ost signi+cant bits.

The "> IP 'ulticast bits are called the 'ulticast grou( ID. 3 host grou( listening to a
'ulticast can s(an 'ulti(le
networks. There are so'e assigned hostgrou( addresses b the internet assigned
nu'bers authorit 4I3N35.
7o'e o, the assign'ents are listed below.
l ""&.0.0.# P 3ll sste's on the subnet
l ""&.0.0." P 3ll routers on the subnet
l ""&.0.#.# P Network ti'e (rotocol 4NTP5
l ""&.0.0.? P For $IP%"
l ""&.0.#." P 7ilicon gra(hicIs dog+ght a((lication
/eing on the 2/6N1 'eans ou are on a network that su((orts 'ulticasting.
:suall ou 'ust check with our
internet ser%ice (ro%ider 4I7P5 to see i, ou ha%e this ca(abilit. IG2P described in
the ne-t section is used to
'anage broadcast grou(s. Internet Grou( 2anage'ent Protocol
Internet Grou( 2anage'ent Protocol
Internet Grou( 2anage'ent Protocol 4IG2P5 is the (rotocol used to suoo(rt
'ulticasting. To use
'ulticasting! a (rocess on a host 'ust be able to Coin and lea%e a grou(. 3 (rocess
is a user (rogra' that
is using the network. Grou( access is identi+ed b the grou( address and the
inter,ace 4NIC5. 3 host
'ust kee( track o, the grou(s that at least one (rocess belongs to and the nu'ber
o, (rocesses that
belong to the grou(. IG2P is de+ned in $FC ###".
IG2P 'essages are used b 'ulticast routers to track grou( 'e'bershi(s on each
o, its networks. It
uses these rules.
#. The +rst ti'e a (rocess on a host Coins a 'ulticast grou(! the host will send an
IG2P re(ort. This
'eans that e%er ti'e the host needs to recei%e 'essages ,ro' a new grou( to
su((ort its
(rocesses! it will send a re(ort.
". 2ulticast routers will send IG2P @ueries regularl to deter'ine whether an
hosts are running
(rocesses that belong to an grou(s. The grou( address o, the @uer is set to 0! the
TT8 +eld is
set to #! and the destination IP address is ""&.0.0.# which is the all hosts grou(
address which
address all the 'ulticast ca(able routers and hosts on a network.
3. 3 host sends one IG2P res(onse ,or each grou( that contains one or 'ore
(rocesses. The router
e-(ects one res(onse ,ro' each host ,or each grou( that one or 'ore o, its
(rocesses re@uire
access to.
&. 3 host does not send a re(ort when its last (rocess lea%es a grou( 4when the
grou( access is no
longer re@uired b a (rocess5. The 'ulticast router relies on @uer res(onses to
u(date this
in,or'ation.
IG2P is de+ned in $FC ###". Bosts and routers use IG2P to su((ort 'ulticasting.
2ulticast routers
'ust know which hosts belong to what grou( at an gi%en (oint o, ti'e. The IG2P
'essage is > btes.
consisting o,.
#. /its 0 to 3 0 IG2P %ersion nu'ber
". /its & to = 0 IG2P t(e. #P@uer sent b a 'ulticast router. " is a res(onse sent
b a host.
3. /its > to #; 0 unused
&. /its #6 to 3# 0 Checksu'
;. The last & btes 0 3" bit grou( address which is the sa'e as the class D IP
address.
IG2P 'essage ,or'ats are enca(sulated in an IP datagra' which contain a ti'e to
li%e 4TT85 +eld. The
de,ault is to set the TT8 +eld to # which 'eans the datagra' will not lea%e its
subnetwork. an
a((lication can increase its TT8 +eld in a 'essage to locate a ser%er distance in
ter's o, ho(s.
3ddresses ,ro' ""&.0.0.0 to ""&.0.0.";; are not ,orwarded b 'ulticast routers
since these addresses are
intended ,or a((lications that do not need to co''unicate with other networks.
There,ore these Internet Grou( 2anage'ent Protocol
addresses can be used ,or grou( 'ulticasting on (ri%ate networks with no concern
,or addresses being
used ,or 'ulticasting on other networks. Dna'ic $outing
Dna'ic $outing
Dna'ic routing (er,or's the sa'e ,unction as static routing e-ce(t it is 'ore
robust. 7tatic routing
allows routing tables in s(eci+c routers to be set u( in a static 'anner so network
routes ,or (ackets are
set. I, a router on the route goes down the destination 'a beco'e unreachable.
Dna'ic routing allows
routing tables in routers to change as the (ossible routes change. There are se%eral
(rotocols used to
su((ort dna'ic routing including $IP and 67PF.
$outing cost
Counting route cost is based on one o, the ,ollowing calculations.
l Bo( count 0 Bow 'an routers the 'essage 'ust go through to reach the
reci(ient.
l Tic count 0 The ti'e to route in #)#> seconds 4ticks5.
Dna'ic routing (rotocols do not change how routing is done. The Cust allow ,or
dna'ic altering o,
routing tables.
There are two classi+cations o, (rotocols.
#. IGP 0 Interior Gatewa Protocol. The na'e used to describe the ,act that each
sste' on the
internet can choose its own routing (rotocol. $IP and 67PF are interior gatewa
(rotocols.
". 1GP 0 1-terior Gatewa Protocol. :sed between routers o, diFerent sste's.
There are two o,
these! the +rst ha%ing the sa'e na'e as this (rotocol descri(tion.
#. 1GP 0 1-terior Gatewa Protocol
". /GP 0 /order Gatewa Protocol.
The dae'en <routed< uses $IP. The dae'on <gated< su((orts IGPIs and 1GPIs.
$oute Disco%er 2ethods
l Distance %ector 0 Periodicall sends route table to other routers. Aorks best on
83Ns! not A3Ns.
l 8ink0state 0 $outing tables are broadcast at startu( and then onl when the
change. 67PF uses
link0state.
$outing In,or'ation Protocol 4$IP5
The $IP $FC is #0;>.
The routing dae'on dae'on adds a routing (olic to the sste'. I, there are
'ulti(le routes to a
destination! it chooses the best one. The $IP 'essage can con contain in,or'ation
on u( to "; routes.
The $IP 'essage contains the ,ollowing co'(onents. Dna'ic $outing
#. Co''and
". Version 0 Nor'all # but set to " ,or $IP %ersion ".
3. ,a'il 0 7et to " ,or IP addresses.
&. IP address 0 3" bit IP address
;. 2etrics 0 Indicate the nu'ber o, ho(s to a gi%en network! the ho( count.
$IP sends (eriodicall broadcasts its routing table to neighboring routers. The $IP
'essage ,or'at
contains the ,ollowing co''ands.
l # 0 re@uest
l " 0 re(l
l 3 _ & 0 obsolete
l ; 0 (oll entr
l 6 0 3sks ,or sste' to send all or (art o, routing table
Ahen the dae'on <routed< starts! it sends a re@uest out all its inter,aces ,or other
routerIs routing tables.
The re@uest is broadcast i, the network su((orts it. For TCP)IP the address ,a'il in
the 'essage is
nor'all "! but the initial re@uest has address ,a'il set to 0 with the 'etric set to
#6.
$egular routing u(dates are sent e%er 30 seconds with all or (art o, the route
table. 3s each router sends
routing tables 4ad%ertises routes to networks its NICs inter,ace to5 routes are
deter'ined to each network.
Drawbacks o, $IP.
l $IP has no knowledge o, subnet addressing
l It takes a long ti'e to stabiliHe a,ter a router or link ,ailure.
l :ses 'ore broadcasting than 67PF re@uiring 'ore network bandwidth.
$IP Version "
De+ned b $FC #3>>. It (asses ,urther in,or'ation in so'e o, the +elds that are set
to 0 ,or the $IP
(rotocol. These additional +elds include a 3" bit subnet 'ask and a ne-t ho( IP
address! a routing
do'ain! and route tag. The routing do'ain is an identi+er o, the dae'on the (acket
belongs to. The route
tags su((orts 1GPs.
6(en 7hortest Path First 467PF5
67PF 4$FC #";=5 is a link state (rotocol rather than a distance %ector (rotocol. It
tests the status o, its
link to each o, its neighbors and sends the ac@uired in,or'ation to the'. It
stabiliHes a,ter a route or link
,ailure ,aster than a distance %ector (rotocol based sste'. 67PF uses IP directl!
not reling on TCP or
:DP. 67PF can. Dna'ic $outing
l Ba%e routes based on IP t(e o, ser%ice 4(art o, IP header 'essage5 such as FTP
or Telnet.
l 7u((ort subnets.
l 3ssign cost to each inter,ace based on reliabilit! round tri( ti'e! etc.
l Distribute traEc e%enl o%er e@ual cost routes.
l :ses 'ulticasting.
Costs ,or s(eci+c ho(s can be set b ad'inistrators. 3dCacent routers swa(
in,or'ation instead o,
broadcasting to all routers.
/order Gatewa Protocol 4/GP5
Described b $FC #"6=! #"6>! and #&?=. It uses TCP as a trans(ort (rotocol. Ahen
two sste's are
using /GP! the establish a TCP connection! then send each other their /GP routing
tables. /GP uses
distance %ectoring. It detects ,ailures b sending (eriodic kee( ali%e 'essages to its
neighbors e%er 30
seconds. It e-changes in,or'ation about reachable networks with other /GP
sste's including the ,ull
(ath o, sste's that are between the'. 7i'(le 2ail Trans,er Protocol
7i'(le 2ail Trans,er Protocol
7i'(le 2ail Trans,er Protocol 472TP5 is used to send 'ail across the internet. There
are ,our t(es o,
(rogra's used in the (rocess o, sending and recei%ing 'ail. The are.
l 2:3 0 2ail users agent. This is the (rogra' a user will use to t(e e0'ail. It
usuall incor(orates
an editor ,or su((ort. The user t(es the 'ail and it is (assed to the sending 2T3.
l 2T3 0 2essage trans,er agent is used to (ass 'ail ,ro' the sending 'achine to
the recei%ing
'achine. There is a 2T3 (rogra' running on both the sending and recei%ing
'achine. 7end'ail is
a 2T3.
l 8D3 0 8ocal deli%er agent on the recei%ing 'achine recei%es the 'ail ,ro' its
2T3. This
(rogra' is usuall (roc'ail.
l 2ail noti+er 0 This (rogra' noti+es the reci(ient that the ha%e 'ail. Nor'all
this re@uires two
(rogra's! biF and co'sat. /iF allows the ad'inistrator or user to turn on co'sat
ser%ice.
The 2T3 on both 'achines use the network 72TP 4si'(le 'ail trans,er (rotocol5 to
(ass 'ail between
the'! usuall on (ort ";.
6ther co'(onents o, 'ail ser%ice include.
l Director ser%ices 0 3 list o, users on a sste'. 2icroso,t (ro%ides a Global
3ddress 8ist and a
Personal 3ddress /ook.
l Post 6Ece 0 This is where the 'essages are stored.
2ail Protocols
l 72TP 0 7i'(le 2ail Trans(ort Protocol is used on the internet! it is not a
trans(ort laer (rotocol
but is an a((lication laer (rotocol.
l P6P3 0 Post 6Ece Protocol %ersion 3 is used b clients to access an internet 'ail
ser%er to get
'ail. It is not a trans(ort laer (rotocol.
l I23P& 0 Internet 2ail 3ccess Protocol %ersion & is the re(lace'ent ,or P6P3.
l 2I21 0 2ulti(ur(ose Internet 2ail 1-tension is the (rotocol that de+nes the wa
+les are attached
to 72TP 'essages.
l 9.&00 0 International Teleco''unication :nion standard de+nes trans,er
(rotocols ,or sending
'ail between 'ail ser%ers.
l 2B7 0 2essage Bandling 7er%ice b No%ell is used ,or 'ail on Netware
networks.
Director 7er%ices
l 8ightweight Director 3ccess Protocol 48D3P5
l 9.;00 0 This is a reco''endation outlining how an organiHation can share
obCects and na'es on a 7i'(le 2ail Trans,er Protocol
large network. It is hierarchical si'ilar to DN7! de+ning do'ains consisting o,
organiHations!
di%isions! de(art'ents! and workgrou(s. The do'ains (ro%ide in,or'ation about the
users and
a%ailable resources on that do'ain! This 9.;00 sste' is like a director. Its
reco''endation
co'es ,ro' the International Telegra(h and Tele(hone Consultati%e Co''ittee
4CCITT5
2ail 3PI
2ail a((lication (rogra''ing inter,aces 43PIs5 allow e0'ail su((ort to be integrated
into a((lication
(rogra's.
l 23PI 0 2icroso,tIs 2essaging 3PI which is incor(orated throughout 2icroso,tIs
oEce (roducts
su((orts 'ail at the a((lication le%el
l VI2 0 Vendor0Inde(endent 2essaging (rotocol ,ro' 8otus is su((orted b 'an
%endors
e-clusi%e o, 2icroso,t.
Three (arts o, a 'ail 'essage.
#. 1n%elo(e 0 Includes reci(ient and sender addresses using the 23I8 and $CPT
co''ands.
". Beaders 0 1ach header has a na'e ,ollowed b a colon and its %alue. 7o'e
headers are Fro'! Date!
$e(l To! $ecei%ed! 2essage ID! To! and 7ubCect.
3. /od 0 The contents o, the 'essage sent in = bit 37CII code.
72TP Co''ands.
l B186 0 7ent b client with do'ain na'e such as ''achine.'co'(an.co'.
l 23I8 0 Fro' Y'sel,`''achine.'co'(an.co'W
l $CPT 0 To Y',riend`their'achine.theirorg.orgW
l D3T3 0 7ends the contents o, the 'essage. The headers are sent! then a blank
line! then the
'essage bod is sent. 3 line with <.< and no other characters indicates the end o,
the 'essage.
l Q:IT
I, ou recall ,ro' the DN7 section 'ail ser%ers are s(eci+ed in DN7 con+guration
+les as ,ollows.
de(t#.'co'(an.co'. IN 29 ; 'ail.'co'(an.co'.
de(t#.'co'(an.co'. IN 29 #0 'ail#.'co'(an.co'.
de(t#.'co'(an.co'. IN 29 #; 'ail".'co'(an.co'.
The host de(t#.'co'(an.co' 'a not be directl connected to the internet or
network but 'a be
connected (eriodicall using a PPP line. The ser%ers 'ail! 'ail#! and 'ail" are used
as 'ail ,orwarders to
send 'ail to the host de(t#. The one with the lowest nu'ber! ;! is nor'all used ,or
sending the 'ail! but
the others are used when the +rst one or ones are down. 7i'(le Network
2anage'ent Protocol
7i'(le Network 2anage'ent Protocol
7i'(le Network 2anage'ent Protocol 47N2P5 is used as the trans(ort (rotocol ,or
network
'anage'ent. Network 'anage'ent consists o, network 'anage'ent stations
co''unicating with
network ele'ents such as hosts! routers! ser%ers! or (rinters. The agent is the
so,tware on the network
ele'ent 4host! router! (rinter5 that runs the network 'anage'ent so,tware.
There,ore when the word
agent is used it is re,erring to the network ele'ent. The agent will store in,or'ation
in a 'anage'ent
in,or'ation base 42I/5. 2anage'ent so,tware will (oll the %arious network de%ices
and get the
in,or'ation stored in the'. $FC ##;;! ##;=! and #"#3 de+ne 7N2P with $FC ##;=
de+ning the
(rotocol itsel,. The 'anager uses :DP (ort 6# to send re@uests to the agent and the
agent uses :DP (ort
6" to send re(lies or 'essages to the 'anager. The 'anager can ask ,or data ,ro'
the agent or set
%ariable %alues in the agent. 3gents can re(l and re(ort e%ents.
There are three su((orting (ieces to TCP)IP network 'anage'ent.
#. 2anage'ent In,or'ation /371 42I/5 s(eci+es %ariables the network ele'ents
'aintain.
". 3 set o, co''on structures and a wa to re,erence the %ariables in the
database.
3. The (rotocol used to co''unicate between the 'anager and the network
ele'ent agent which is
7N2P.
7N2P collects in,or'ation two was.
#. The de%ices on the network are (olled b 'anage'ent stations.
". De%ices send alerts to 7N2P 'anage'ent stations. The (ublic co''unit 'a
be added to the
alert list so all 'anage'ent stations will recei%e the alert.
7N2P 'ust be installed on the de%ices to do this. 7N2P ter's.
l /aseline 0 3 re(ort outlining the state o, the network.
l Tra( 0 3n alert that is sent to a 'anage'ent station b agents.
l 3gent 0 3 (rogra' at de%ices that can be set to watch ,or so'e e%ent and send
a tra( 'essage to a
'anage'ent station i, the e%ent occurs.
The network 'anager can set the threshold o, the 'onitored e%ent that will trigger
the sending o, the tra(
'essage. 7N2P enables counters ,or 'onitoring the (er,or'ance o, the network
used in conCunction
with Per,or'ance 2onitor.
7N2P Co''unities
3n 7N2P co''unit is the grou( that de%ices and 'anage'ent stations running
7N2P belong to. It 7i'(le Network 2anage'ent Protocol
hel(s de+ne where in,or'ation is sent. The co''unit na'e is used to identi, the
grou(. 3 7N2P
de%ice or agent 'a belong to 'ore than one 7N2P co''unit. It will not res(ond
to re@uests ,ro'
'anage'ent stations that do not belong to one o, its co''unities. 7N2P de,ault
co''unities are.
l Arite P (ri%ate
l $ead P (ublic
7N2P 7ecurit
7N2P should be (rotected ,ro' the internet with a +rewall. /eond the 7N2P
co''unit structure!
there is one tra( that adds so'e securit to 7N2P.
l 7end 3uthentication Tra( 0 Ahen a de%ice recei%es an authentication that ,ails! a
tra( is sent to a
'anage'ent station.
6ther con+guration (ara'eters that aFect securit are.
l 3cce(ted Co''unit Na'es 0 6nl re@uests ,ro' co'(uters in the list o,
co''unit na'es will
be acce(ted.
l 3cce(t 7N2P Packets ,ro' 3n Bost 0 This is checked b de,ault. 7etting s(eci+c
hosts will
increase securit.
l 6nl 3cce(t 7N2P Packets ,ro' These Bosts 0 6nl re@uests ,ro' hosts on the
list o, IP
addresses are acce(ted. :se IP! or IP9 address or host na'e to identi, the host.
7N2P 2essage T(es
There are +%e t(es o, 'essages e-changed in 7N2P. The are re,erred to b
Protocol Data :nit 4PD:5
t(e.
PD: T(e Na'e Descri(tion
0 get0re@uest Get one or 'ore %ariables .4'anager to ele'ent5
# get0ne-t0re@uest
Get ne-t %ariable a,ter one or 'ore s(eci+ed %ariables. 4'anager to
ele'ent5
" set0re@uest 7et one or 'ore %ariables. 4'anager to ele'ent5
3 get0res(onse $eturn %alue o, one or 2ore %ariables. 4ele'ent to 'anager5
& tra( Noti, 'anager o, an e%ent. 4ele'ent to 'anager5
The 7N2P 'essage with PD: t(e 003 consists o,. 7i'(le Network 2anage'ent
Protocol
#. Version o, 7N2P
". Co''unit 0 3 clear te-t (assword character string
3. PD: t(e
&. $e@uest ID 0 :sed to associate the re@uest with the res(onse. For PD: 00"! it is
set b the
'anager.
;. error status 0 3n integer sent b the agent to identi, an error condition
1rror Na'e Descri(tion
0 no error 6N
# too big $e(l does not +t into one 'essage
" no such na'e The %ariable s(eci+ed does not e-ist
3 bad %alue In%alid %alue s(eci+ed in a set re@uest.
& read onl The %ariable to be changed is read onl.
; general error General error
6. error inde- 0 7(eci+es which %ariable was in error when an error occurred. It is an
integer oFset.
=. na'e 0 The na'e o, the %ariable 4being set or read5.
>. %alue 0 The %alue o, the %ariable 4being set or read5
?. an other na'es and %alues to get)set
The 7N2P 'essage with PD: t(e & 4tra(5 consists o,.
#. PD: t(e
". 1nter(rise 0 The agents 6/R1CT ID1NTIFI1$ or sste' obCects ID. Falls under a
node in the
2I/ tree.
3. agent addr 0 The IP address o, the agent.
&. Tra( t(e 0 Identi+es the t(e o, e%ent being re(orted.
Tra( T(e Na'e Descri(tion
0 cold start 3gent is booting
# war' start 3gent is rebooting
" link down 3n inter,ace has gone down
3 link u( 3n inter,ace has co'e u(
& authenti+cation ,ailure 3n in%alid co''unit 4(assword5 was recei%ed in a
'essage.
; eg( neighbor loss 3n 1GP (eer has gone down.
6 enter(rise s(eci+c 8ook in the enter(rise code ,or in,or'ation on the tra(
;. 7(eci+c code 0 2ust be 0.
6. Ti'e sta'( 0 The ti'e in #)#00ths o, seconds since the agent initialiHed.
=. na'e
>. Value
?. 3n other na'es and %alues 7i'(le Network 2anage'ent Protocol
T(es o, data used.
l INT1G1$ 0 7o'e ha%e 'ini'u' and 'a-i'u' %alues.
l 6CT1T 7T$ING 0 The nu'ber o, btes in the string is be,ore the string.
l DI7P83D 7T$ING 0 1ach bte 'ust be an 37CII %alue
l 6/R1CT ID1NTIFI1$ 0 7(eci+es a data t(e allocated b an organiHation with
res(onsibilit ,or
a grou( o, identi+ers. 3 se@uence o, integers se(arated b deci'als which ,ollow a
tree structure.
l N:88 0 :sed as the %alue o, all %ariables in a get re@uest.
l I(3ddress 0 3 & bte long 6CT1T 7T$ING. 6ne bte ,or each bte o, the IP
address.
l Phs3ddress 0 3 6 bte octet string s(eci,ing an ethernet or hardware address.
l Counter 0 3 3" bit unsigned integer
l Gauge3n unsigned 3" bit integer with a %alue that can increase or decrease but
wont ,all below a
'ini'u' or e-ceed a 'a-i'u'.
l Ti'eTicks 0 Ti'e counter. Counts in #)#00 o, seconds.
l 71Q:1NC1 0 7i'ilar to a (rogra''ing structure with entries o, t(e IP3ddress
called
ud(8ocal3ddress and t(e INT1G1$ called ud(8ocalPort.
l 71Q:1NC1 6F 0 3n arra with ele'ents with one t(e.
The 2I/ data structure $FC #"#3
In the abo%e list the data t(e <6/R1CT ID1NTIFI1$< is listed as a (art o, the
'anage'ent in,or'ation
database. These obCect identi+ers are re,erenced %er si'ilar to a DN7 tree with a
director at the to(
called root. 1ach node in the tree is gi%en a te-t na'e and is also re,erenced
nu'ericall si'ilar to IP
addresses. There are 'ulti(le le%els in the tree with the botto' le%el being
%ariables! and the ne-t one u(
is called grou(. The (ackets sent in 7N2P use nu'eric identi+ers rather than te-t.
3ll identi+ers begin
with iso4#5.org435.dod465.internet4#5.'g't4"5.'ib4#5. Nu'ericall! that is
#.3.6.#.".#. In te-t it is
<iso.org.dod.internet.'g't.'ib<. :nder 'ib are the ,ollowing grou(s. The
in,or'ation in these grou(s is
not co'(lete and ou should re,er to the $FC ,or ,ull in,or'ation.
#. sste'
#. ssDesc 4Dis(la7tring5 0 Descri(tion o, entit
". ss6bCectID 46bCectID5 0 Vendors ID in the subtree 4#.3.6.#.&.#.
3. ss:PTi'e 4Ti'er5 0 Ti'e the sste' has been u(
&. ssContact 4Dis(la7tring5 0 Na'e o, contact (erson
;. ssNa'e 4Dis(la7tring5 0 Do'ain na'e o, the ele'ent such as
''achine.'co'(an.co'
6. ss8ocation 4Dis(la7tring5 0 Phsical location o, the ele'ent.
=. ss7er%ices 0-#0(hsical! 0-0"0datalink! 0-0&0internet! 0-0> end to end! 0-&00
a((lication.
I, the bit is set the ser%ice is (ro%ided
". inter,aces
#. i,Nu'ber 4INT1G1$5 0 Nu'ber o, network inter,aces
". i,Table 4table5 7i'(le Network 2anage'ent Protocol
#. i,Inde-
". i,Descr 0 Descri(tion o, inter,ace
3. i,T(e 0 6Pethernet! =P>0".3 ethernet! ?P>0".; token ring! "3 P PPP! ">P78IP
&. i,2tu
;. i,7(eed 0 /its)second
6. i,Phs3ddress
=. i,3d'in7tatus 0 Desired state o, inter,ace #Pu(! "Pdown! 3Ptesting
>. i,6(er7tatus 0 Current state o, inter,ace #Pu(! "Pdown! 3Ptesting
?. i,8astchange
#0. i,In6ctets 0 Total btes recei%ed
##. i,In:castPkts
#". i,InN:castPkts
#3. i,InDiscards
#&. i,In1rrors
#;. i,In:nknownProtos
#6. i,6ut6ctets
#=. i,6ut:castPkts
#>. i,6utN:castPkts
#?. i,6utDiscards
"0. i,6ut1rrors
"#. i,6utQ8en
"". i,7(eci+c
3. at 0 3ddress translation grou(
#. atI,Inde- 4INT1G1$5 0 Inter,ace nu'ber
". atPhs3ddress 4Ph3ddress5
3. atNet3ddress 4Network3ddress5 0 IP address
&. i(
#. i(Forwarding
". i(De,aultTT8 4INT1G1$5
3. i(In$ecei%es 4counter5
&. i(InBdr1rrors 4counter5
;. i(In3ddr1rrors 4counter5
6. i(ForwDatagra's 4counter5
=. i(In:nknownProtos 4counter5
>. i(InDiscards 4counter5
?. i(InDeli%ers 4counter5
#0. i(6ut$e@uests 4counter5
##. i(6utDiscards 4counter5
#". i(6utNo$outes 4INT1G1$5
#3. i($eas'Ti'eout 4counter5
#&. i($eas'$e@ds 4counter5 0 Nu'ber o, IP ,rag'ents recei%ed that need to be
reasse'bled.
#;. i($eas'6Ns 4counter5
#6. i($eas'Fails 4counter5 7i'(le Network 2anage'ent Protocol
#=. i(Frag6Ns 4counter5
#>. i(FragFails 4counter5
#?. i(FragCreates 4counter5
"0. i($outingDiscards 4counter5
"#. i(3ddrTable 4table5
#. i(3ddr1ntr 4inde-5
#. i(3d1nt3ddr
". i(3d1ntI,Inde-
3. i(3d1ntNet2ask
&. i(3d1nt/cast3ddr
;. i(3d1nt$eas'2a-7iHe
;. ic'(
6. tc(
=. ud(
#. ud(InDatagra's 4counter5 0 :DP datagra's deli%ered to user (rocesses.
". ud(NoPorts 4counter5 0 :DP datagra's which were not recei%ed at the (ort since
there
was no a((lication to recei%e it.
3. ud(In1rrors 4counter5 0 Nu'ber o, :DP datagra's not deli%ered ,or reasons
other than no
a((lications a%ailable to recei%e the'.
&. ud(6utDatagra's 4counter5 0 Nu'ber o, :DP datagra's sent.
;. ud(Table 4table5
#. ud(1ntr 0 7(eci+es the table entr nu'ber
#. ud(8ocal3ddress
". ud(8ocalPort
The ordering o, data in the 2I/ is nu'eric. Ahen the getne-t ,unction is used it gets
the ne-t data based
on the nu'eric ordering. Network 7er%ices
Network 7er%ices
Networking 7er%ices and Ports
There are two general t(es o, network ser%ices! which are connection less and
connection oriented.
Connection oriented ser%ice (er,or's connection establish'ent! data trans,er! and
connection
ter'ination.
Ping
The <(ing< (rogra' uses IC2P echo 'essage re@uests and listens ,or IC2P echo
'essage re(l
'essages ,ro' its intended host. :sing the 0$ o(tion with (ing enables the record
route ,eature. I, this
o(tion is used (ing will set the record route 4$$5 in the outgoing IC2P IP datagra'
Traceroute
The <traceroute< (rogra' uses IC2P 'essaging and the ti'e to li%e 4TT85 +eld in
the IP header. It
works b sending a (acket to the intended host with a TT8 %alue o, #. The +rst
router will send back the
IC2P <ti'e e-ceeded< 'essage to the sending host. Then the traceroute (rogra'
will send a 'essage
with a TT8 o, "! then 3! etc. This wa it will get in,or'ation about each router using
the in,or'ation
recei%ed in the IC2P (ackets. To get in,or'ation about the recei%ing host! the
'essage is sent to a (ort
that is not likel to be ser%iced b that host. 3 IC2P <(ort unreachable< error
'essage is generated and
sent back.
Telnet
7o'e telnet co''and codes and their 'eanings
Co''and Code Descri(tion
"36 16F
"3= 7:7P 0 7us(end the current (rocess
"3> 3/6$T 0 3bort (rocess
"3? 16$ 0 1nd o, record
"&0 71 0 7ubo(tion end
"&# N6P 0 No o(eration
"&" D2 0 Data 2ark
"&3 /$N 0 /reakNetwork 7er%ices
"&& IP 0 Interru(t (rocess
"&; 36 0 3bort out(ut
"&6 3DT 0 3re ou there
"&= 1C 0 1sca(e character
"&> 18 0 1rase 8ine
"&? G3 0 Go ahead
";0 7/ 0 7ubo(tion begin
";# AI88 0 7ender wants to enable o(tion ) $ecei%er sas 6N
";" A6NT 0 7ender wants to disable o(tion ) $ecei%er sas not 6N
";3 D6 0 7ender wants recei%er to enable o(tion ) $ecei%er sas 6N
";& D6NT 0 7ender wants recei%er to disable o(tion ) $ecei%er sas not 6N
6n ite's ";# through ";& abo%e! a third bte s(eci+es o(tions as ,ollows.
ID Na'e $FC
# 1cho >;=
3 7u(ress go ahead >;>
; 7tatus >;?
6 Ti'ing 2ark >60
"& Ter'inal t(e #0?#
3# Aindow siHe #0=3
3" Ter'inal s(eed #0=?
33 $e'ote *ow control #3="
3& 8ine 'ode ##>&
36 1n%iron'ent %ariables #&0>Network Dri%ers
Network Dri%ers
Dri%er inter,aces allow 'ulti(le (rotocol stacks to use one network inter,ace card.
The two in use toda
are listed below. the are not co'(atible with each other.
6(en Dri%er Inter,ace 46DI5
6DI is nor'all ,ound on NetAare networks and was de%elo(ed b No%ell and
3((le. It consists o,.
l 2ulti(le Protocol Inter,ace 0 Pro%ides connecti%it ,ro' the data link laer to the
network laer.
l 8ink 7u((ort 8aer 0 It includes ,unctions ,or 'anaging (rotocol stack
assign'ents and
coordinating nu'bers assigned to 28IDs.
l 2ulti(le08ink Inter,ace Dri%er 428ID5 0 Passes data between the data link laer
and the hardware
or the network 'edia. The dri%ers are (rotocol0inde(endent.
3llows 'ulti(le dri%ers to be used on one card and lets one (rotocol use 'ulti(le
cards.
Network Dri%er Inter,ace 7(eci+cation 4NDI75
NDI7! ,ro' 2icroso,t! is used on 2icroso,t networks. It allows 'ulti(le (rotocols to
be used on a
network card and su((orts the data link laer o, the network 'odel.
Trans(ort Dri%er Inter,ace 4TDI5
This is a standard ,or (assing 'essages between the dri%ers at the data link laer
and the (rotocols
working at the network laer such as IP or Net/1:I. It was (roduced b 2icroso,t.
Network 6(erating 7ste's
Network 6(erating 7ste's
Network o(erating sste's 4N675 t(icall are used to run co'(uters that act as
ser%ers. The (ro%ide
the ca(abilities re@uired ,or network o(eration. Network o(erating sste's are also
designed ,or client
co'(uters and (ro%ide ,unctions so the distinction between network o(erating
sste's and stand alone
o(erating sste's is not alwas ob%ious. Network o(erating sste's (ro%ide the
,ollowing ,unctions.
l File and (rint sharing.
l 3ccount ad'inistration ,or users.
l 7ecurit.
Installed Co'(onents
l Client ,unctionalit
l 7er%er ,unctionalit
Functions (ro%ided.
l 3ccount 3d'inistration ,or users
l 7ecurit
l File and (rint sharing
Network ser%ices
l File 7haring
l Print sharing
l :ser ad'inistration
l /acking u( data
:ni%ersal Na'ing Con%ention 4:NC5
3 uni%ersal na'ing con%ention 4:NC5 is used to allow the use o, shared resources
without 'a((ing a
dri%e to the'. The :NC s(eci+es a (ath na'e and has the ,or'.
]]ser%erna'e](athna'e
I, I ha%e a 8inu- ser%er called <linu-3< with a ,older na'ed <downloads< with a +le
called <read'e.t-t<
in the ,older! the :NC is.
]]linu-3]downloads]read'e.t-t Network 3((lications
Network 3((lications
There are three categories o, a((lications with regard to networks.
#. 7tand alone a((lications 0 Includes editors
". Network %ersions o, stand alone a((lications 0 2a be licensed ,or 'ulti(le
users.
3. 3((lications onl ,or a network include databases! 'ail! grou( scheduling!
grou(ware.
2odels ,or network a((lications
#. Client0ser%er 0 Processing is s(lit between the client which interacts with the user
and the ser%er
(er,or'ing back end (rocessing.
". 7hared +le sste's 0 The ser%er is used ,or +le storage and the (rocessing o, the
+le is done on
the client co'(uter.
3. 3((lications that are centraliHed 0 3n e-a'(le is a Telnet session. The data and
the (rogra' run
on the central co'(uter and the user uses an inter,ace such as the Telnet client or
9 ser%er to send
co''ands to the central co'(uter and to see the results.
10'ail 7ste's
l No%ell Grou(Aise 0 3lso called Aindows 2essaging
l 2icroso,t 2ail
l 2icroso,t 1-change 0 This is ,or the 2icroso,t 1-change 7er%er. There is a
2icroso,t 1-change
client ,or the 2icroso,t 1-change ser%er and a client ,or an internet 'ail account
onl.
l 8otus Notes
l cc.2ail 0 Fro' 8otus and I/2
There are se%eral t(es o, (rogra's used in the (rocess o, sending and recei%ing
'ail. The are.
l 2:3 0 2ail users agent. This is the (rogra' a user will use to t(e e0'ail. It
usuall incor(orates
an editor ,or su((ort. The user t(es the 'ail and it is (assed to the sending 2T3.
This 'a also
be called the user agent 4:35.
l 2T3 0 2essage trans,er agent is used to (ass 'ail ,ro' the sending 'achine to
the recei%ing
'achine. There is a 2T3 (rogra' running on both the sending and recei%ing
'achine. 7end'ail
is a 2T3.
l 27 0 2essage 7tore is a storage area ,or 'essages that canIt be deli%ered
i''ediatel when the
reci(ient is oF0line.
l 3: 0 3ccess :nit (ro%ides access to resources like ,a-! tele-! and telete-.
l 8D3 0 8ocal deli%er agent on the recei%ing 'achine recei%es the 'ail ,ro' its
2T3. This
(rogra' is usuall (roc'ail.
l 2ail noti+er 0 This (rogra' noti+es the reci(ient that the ha%e 'ail. Nor'all
this re@uires two Network 3((lications
(rogra's! biF and co'sat. /iF allows the ad'inistrator or user to turn on co'sat
ser%ice.
6ther co'(onents o, 'ail ser%ice include.
l Director ser%ices 0 3 list o, users on a sste'. 2icroso,t (ro%ides a Global
3ddress 8ist and a
Personal 3ddress /ook.
l Post 6Ece 0 This is where the 'essages are stored.
2ail 3PI
2ail a((lication (rogra''ing inter,aces 43PIs5 allow e0'ail su((ort to be integrated
into a((lication
(rogra's.
l 23PI 0 2icroso,tIs 2essaging 3PI incor(orated throughout 2icroso,tIs oEce
(roducts (ro%ides
su((ort ,or 'ail at the a((lication le%el.
l VI2 0 Vendor0Inde(endent 2essaging (rotocol ,ro' 8otus is su((orted b 'an
%endors
e-clusi%e o, 2icroso,t.
2essage Bandling 7er%ice 42B75
l 2B7 and Global 2B7 b No%ell
l 2B7 b 67I 0 It is called 26TI7 4'essage0oriented te-t interchange sste'5.
9.;00
This is a reco''endation outlining how an organiHation can share obCects and
na'es on a large network.
It is hierarchical si'ilar to DN7! de+ning do'ains consisting o, organiHations!
di%isions! de(art'ents!
and workgrou(s. The do'ains (ro%ide in,or'ation about the users and a%ailable
resources on that
do'ain! This 9.;00 sste' is like a director. Its reco''endation co'es ,ro' the
International
Telegra(h and Tele(hone Consultati%e Co''ittee 4CCITT5.
7cheduling sste's
l 2icroso,t 7chedulea
l 8otus 6rganiHer
Grou(ware
:sed ,or %arious electronic co''unication to enable a grou( to work together
better. Functions 'a
include grou( discussion! sub'ission o, re(orts and ti'e sheets electronicall! an
on line hel( desk Network 3((lications
database! ,or's design and access! and creating a docu'ent as a grou( such as
con+guration
'anage'ent.
Database 2anage'ent 7ste's 4D/275
The are used to share data on a network. D/27 standards ,or distributed
databases.
l 7Q8 0 7tructured Quer 8anguage is a database access language. It is used b
'ost client)ser%er
database a((lications.
l 6D/C 0 6(en Database Connecti%it 46D/C5 ,ro' 2icroso,t lets a((lication
de%elo(ers
integrate database connections in a((lications. It is an a((lication (rogra''ing
inter,ace 43PI5.
6D/C dri%ers con%ert an a((licationIs @uer int 7Q8 and send it to the database
engine (rogra'.
l D$D3 0 Distributed $elational Database 3rchitecture is ,ro' I/2.
Ahen in,or'ation is (rocessed in a distributed database! it is called a transaction.
The two (hases o, a
transaction are.
#. Arite or :(date 0 The data is te'(oraril u(dated. 3n abort can cancel what this
(hase did b
re'o%ing the changed data ,ro' a te'(orar storage area.
". Co''it 0 The changed data is 'ade (er'anent in the database.
Databases store 'ulti(le co(ies o, the data which is called re(lication. The 'ust
be sure the %arious
co(ies o, the database on %arious ser%ers is accurate with identical data. Data is
also (artitioned into
s'aller blocks o, data. Aide 3rea Networks
Aide 3rea Networks
Aide 3rea Networks 4A3N5 re,ers to the technologies used to connect oEces at
re'ote loactions. The
siHe o, a network is li'ited due to siHe and distance constraints. Bowe%er networks
'a be connected
o%er a high s(eed co''unications link 4called a A3N link5 to link the' together
and thus beco'e a
A3N. A3N links are usuall.
l Dial u( connection
l Dedicated connection 0 It is a (er'anent ,ull ti'e connection. Ahen a dedicated
connection is
used! the cable is leased rather than a (art o, the cable bandwidth and the user has
e-clusi%e use.
l 7witched network 0 7e%eral users share the sa'e line or the bandwidth o, the
line. There are two
t(es o, switched networks.
#. Circuit switching 0 This is a te'(orar connection between two (oints such as
dial0u( or
I7DN.
". Packet switching 0 This is a connection between 'ulti(le (oints. It breaks data
down into
s'all (ackets to be sent across the network. 3 %irtual circuit can i'(ro%e
(er,or'ance b
establishing a set (ath ,or data trans'ission. This will sha%e so'e o%erhead o, a
(acket
switching network. 3 %ariant o, (acket switching is called cell0switching where the
data is
broken into s'all cells with a +-ed length.
A3N Connection Technologies
l 9."; 0 This is a set o, (rotocols de%elo(ed b the CCITT)IT: which s(eci+es how
to connect
co'(uter de%ices o%er a internetwork. These (rotocols use a great deal o, error
checking ,or use
o%er unreliable tele(hone lines. Their s(eed is about 6&Nb(s. Nor'all 9."; is used
on (acked
switching PDNs 4Public Data Networks5. 3 line 'ust be leased ,ro' the 83N to a
PDN to
connect to an 9."; network. 3 P3D 4(acket asse'bler)disasse'bler5 or an 9.";
inter,ace is used
on a co'(uter to connect to the 9."; network. CCITT is an abbre%iation ,or
International
Telegra(h and Tele(hone Consultati%e Co''ittee. The IT: is the International
Teleco''unication :nion.
l Fra'e $ela 0 1rror checking is handled b de%ices at both sides o, the
connection. Fra'e rela
uses ,ra'es o, %aring length and it o(erates at the data link laer o, the 67I
'odel. 3 (er'anent
%irtual circuit 4PVC5 is established between two (oints on the network. Fra'e rela
s(eed is
between ;6Nb(s and #.;&&2b(s. Fra'e rela networks (ro%ide a high0s(eed
connection u( to
#.;&&2b(s using %ariable0length (acket0switching o%er digital +ber0o(tic 'edia.
l 7witched 2ulti0'egabit Data 7er%ice 472D75 0 :ses +-ed length cell switching
and runs at
s(eeds o, #.;33 to &;2b(s. It (ro%ides no error checking and assu'es de%ices at
both ends
(ro%ide error checking.
l Tele(hone connections
' Dial u(
' 8eased lines 0 These are dedicated analog lines or digital lines. Dedicated
digital lines are Aide 3rea Networks
called digital data ser%ice 4DD75 lines. 3 'ode' is used to connect to analog lines!
and a
Channel 7er%ice :nit)Data 7er%ice :nit or Digital 7er%ice :nit4C7:)D7:5 is used to
connect to digital lines. The D7: connects to the 83N and the C7: connects to the
line.
' T Carrier lines 0 2ulti(le-ors are used to allow se%eral channels on one line.
The T# line is
basic T Carrier ser%ice. The a%ailable channels 'a be used se(aratel ,or data or
%oice
trans'issions or the 'a be co'bined ,or 'ore trans'ission bandwidth. The
6&Nb(s
data trans'ission rate is re,erred to as D700 4Digital 7ignal le%el 05 and a ,ull T# line
is
re,erred to as D70#.
7ignal 7ste' Total Nb(s Channels Nu'ber o, e@ui%alent T# lines
D70# T# #;&& "& #
D70" T" 63#" ?6 &
D703 T3 &&=36 6=" ">
D70& T& "=&=60 &03" 366>
T# and T3 lines are the 'ost co''on lines in use toda. T# and T" lines can use
standard
co((er wire. T3 and T& lines re@uire +ber0o(tic cable or other high0s(eed 'edia.
These
lines 'a be leased (artiall called ,ractional T# or ,ractional T3 which 'eans a
custo'er
can lease a certain nu'ber o, channels on the line. 3 C7:)D7: and a bridge or
router is
re@uired to connect to a T# line.
' Integrated 7er%ices Digital Network 4I7DN5 0 Co'es in two t(es and con%erts
analog
signals to digital ,or trans'ission.
n /asic $ate I7DN 4/$I5 0 Two 6&Nb(s /0channels with one #6Nb(s D channel.
The D0channel is used tor call control and setu(.
n Pri'ar $ate I7DN 4P$I5 0 "3 /0channels and one D channel.
3 de%ice rese'bling a 'ode' 4called an I7DN 'ode'5 is used to connect to I7DN.
The
co'(uter and tele(hone line are (lugged into it.
' 7witched0;6 0 3 switched line si'ilar to a leased line where custo'ers (a ,or
the ti'e
the use the line.
l 3snchronous Trans,er 2ode 43T25 0 2a be used o%er a %ariet o, 'edia with
both
baseband and broadband sste's. It uses +-ed length data (ackets o, ;3 btes
called cell
switching. ; btes contain header in,or'ation. It uses hardware de%ices to (er,or'
the switching
o, the data. 7(eeds o, u( to 6"" 2b(s can be achie%ed. 1rror checking is done at
the recei%ing
de%ice! not b 3T2. 3 (er'anent %irtual connection is established 4PVC5.
l 7nchronous 6(tical Network 476N1T5 0 a (hsical laer standard that de+nes
%oice! data! and
%ideo deli%er 'ethods o%er +ber o(tic 'edia. It de+nes data rates in ter's o,
o(tical carrier
46C5 le%els. The trans'ission rate o, 6C0# is ;#.> 2b(s. 1ach le%el runs at a
'ulti(le o, the +rst.
The 6C0; data rate is ; ti'es ;#.> 2b(s which is ";? 2b(s. 76N1T also de+nes
snchronous
trans(ort signals 47T75 ,or co((er 'edia which use the sa'e s(eed scale o, 6C
le%els. 7T703
runs at the sa'e s(eed o, 6C03. 2esh or ring to(olog is used to su((ort 76N1T.
76N1T uses
'ulti(le-ing. The IT: has incor(orated 76N1T into their 7nchronous Digital
Bierarch 47DB5
reco''endations. Aide 3rea NetworksNetwork /acku(
Network /acku(
Ite's to do when considering network backu(s.
l 7et a backu( schedule
l Deter'ine data to be backed u( and its i'(ortance to deter'ine a backu(
schedule.
l Deter'ine backu( 'ethods! 'edia! and e@ui('ent to use. /acku( 'ethods
include ,ull backu(!
+le co(! backu( changed +les without 'arking +les as backed u( 4diFerential
backu(5! or
backu( onl the +les that ha%e changed since the last backu( and 'ark the' as
backed u(
4incre'ental backu(5.
l Deter'ine where to store backu( in,or'ation such as a sa,e.
l Test the backu( and restore ca(abilit o, the backu( sste' and its 'edia to be
sure it reall
works.
l 2aintain backu( logs.
l Create and 'aintain a disaster reco%er (lan. $otate ta(es so ou could reco%er
our data i, our
ser%er roo' or 'ain (lace o, o(erations was destroed. Network Fault Tolerance
Network Fault Tolerance
$edundant 3rra o, Ine-(ensi%e disks 4$3ID5
$3ID is a ,ault tolerant 'ethod o, storing data! 'eaning that a ,ailure can occur and
the sste' will still
,unction. The %arious $3ID categories are.
l 0 0 Disk stri(ing 0 Data is written across 'ulti(le dri%es in (arallel. DiFerent
(arts o, the data is
written at the sa'e ti'e to 'ore than one dri%e. I, there are two dri%es! hal, the
data is written to
one dri%e! while the rest o, the data is written to the other dri%e. 3ll (artitions on
stri(ed dri%es
'ust be the sa'e siHe. No ,ault tolerance is (ro%ided with $3ID00.
l # 0 Disk 'irroring 0 3ll the data is written to two dri%es so each dri%e has a
co'(lete o, all stored
data. I, one dri%e ,ails! the other can be used to get a co( o, the data. To be 'ore
,ault tolerant!
'ore than one controller card 'a be used to control the 'irrored hard dri%es. This
is called disk
du(le-ing and will allow the sste' to kee( ,unctioning i, one controller card ,ails.
l " 0 Disk stri(ing with error correction codes 41CC5.
l 3 0 Disk stri(ing with 1CC (arit in,or'ation stored on a se(arate dri%e.
l & 0 Disk stri(ing with blocks with (arit in,or'ation stored on a se(arate dri%e.
l ; 0 Disk stri(ing with blocks with (arit in,or'ation stored using 'ulti(le dri%es.
:ses +%e disks
with one +,th o, each one to store (arit in,or'ation.
7ector 7(aring
7ector s(aring will detect when data is going to be read ,ro' or written to a bad
sector on the hard dri%e
and will 'o%e the data to a good sector. The bad sector is 'arked as not a%ailable
so it is not used again.
Aindows NT su((ort
7u((orts $3ID00!#! and ; along with sector s(aring.
Ter's.
l D3T 0 Digital 3udio Ta(e
l 7ector 7(aring 0 3 'ethod o, ,ault tolerance that auto'aticall identi+es and
'arks bad sectors as
not a%ailable. It is also called hot0+-ing.
l 781D 0 7ingle 8arge Ine-(ensi%e disk 0 The conce(t that a large disk costs less
(er a'ount o,
storage than se%eral s'aller ones. 7o'ehow this conce(t is used as a 'eans o,
,ault tolerance. Network Trouble 7hooting
Network Troubleshooting
Docu'entation
Docu'ent the network installation and con+guration
l Cable installation in,or'ation 0 Cable t(es with network diagra's showing
Cacks
l 1@ui('ent in,or'ation 0 Ahere the e@ui('ent was (urchased with serial
nu'bers! %endors and
warrant in,or'ation.
l Network resources 0 Docu'ent co''onl used resources including dri%e
'a((ings.
l Network addressing 0 $ecord the allocation o, network addresses with diagra's.
l Network connections 0 Docu'ent or diagra' how our network is connected to
other networks.
l 7o,tware con+guration 0 7o,tware is installed on each network node outlining the
se@uence o,
so,tware and dri%er installation re@uired. 3lso docu'ent con+guration +les.
l :ser ad'inistration 0 Deter'ine 'ethods and (olicies ,or user na'es!
(asswords! and grou(s.
l Policies and (rocedures 0 /e sure network (olicies and (rocedures are de+ned
and necessar
(ersonnel are aware o, the'.
l /ase network (er,or'ance 0 Deter'ine nor'al traEc le%els on the network.
l Bardware or so,tware changes 0 docu'ent all changes to the network and
record dates.
l 7o,tware licenses 0 /e sure ou ha%e %alid so,tware licenses ,or all so,tware with
license serial
nu'bers recorded.
l Nee( a histor o, troubleshooting 0 $ecord network (roble's and their solutions.
Troubleshooting and network 'anage'ent tools
l 727 0 7ste's 2anage'ent 7er%er ,ro' 2icroso,t can collect in,or'ation o,
so,tware on each
co'(uter and can install and con+gure new so,tware on the client co'(uters. It will
also 'onitor
network traEc.
Per,or'ance 2onitoring /ene+ts
l Identi, network bottlenecks.
l Identi,ing network traEc (attern trends.
l Pro%ide in,or'ation to hel( de%elo( (lans ,or increasing network (er,or'ance.
l Deter'ine the eFects o, hardware or so,tware changes.
l Pro%ide in,or'ation to hel( ,orecast ,uture needs.
2icroso,t Co'(le- Proble' 7tructured 3((roach
#. 7et the (roble'Is (riorit
+le.)))DZ)7ste's)inde(endent)ht'l^"0docs)(d,guides)netguide)nettrouble.ht'l 4#
o, "5 M#")#)"00" &.#;.;& P2ONetwork Trouble 7hooting
". Identi, the s'(to's.
3. Deter'ine (ossible causes.
&. Per,or' tests to deter'ine the (roble' cause.
;. Identi, a solution b studing the test results.
Troubleshooting Tools
l DV2 0 Digital %olt 'eter.
l TD$ 0 Ti'e0do'ain re*ecto'eter sends a sonar like electrical (ulse down a
cable and can
deter'ine the location o, a break in the cable. The (ulse is re*ected back to the
TD$ and the
TD$ can tell where the break is b ti'ing the ti'e it takes ,or the (ulse to return.
l 3d%anced Cable testers 0
l Protocol analHers 0 The are usuall a 'i- o, hardware and so,tware and 'a
also be re,erred to
as network analHers. The 'onitor network traEc and e-a'ining (ackets!
collecting data that
hel(s deter'ine the network (er,or'ance. The can locate.
' Fault NICs or co'(onents
' Network bottlenecks
' 3bnor'al network traEc ,ro' a co'(uter
' Con*icting a((lications
' Connection errors
Aindows NT 7er%er &.0 includes the Network 2onitor tool which is a so,tware based
(rotocol
analHer.
l 3d%anced cable testers 0 Can deter'ine a cableIs i'(edance! resistance!
attenuation! and i, the
cable is broke or shorted. 3d%anced cable testers can ac@uire in,or'ation about
'essage network
collisions! ,ra'e counts! and congestion errors.
I, thinnet cable is broken its resistance would go ,ro' the nor'al o, ;0 oh's to
in+nit.
l Network 'onitors 0 :sed to 'onitor network traEc. The can e-a'ine network
(ackets! where
the are ,ro' and where the are going. The can also generate re(orts and shows
gra(hic
statistics about the network. The network 'onitors work through all laers o, the
67I 'odel
e-ce(t the hardware laer. Aindows NT (ro%ides the Per,or'ance 2onitor tool
so,tware as a
network 'onitor.
l Ter'inators 0 The are (laced on one end o, a network cable so the cable will
ha%e (ro(er
i'(edance. This is also a wa to check the cable to be sure it is not broken. Network
Ports
Network Ports
Not all (orts are included here! Cust the 'ost co''on ones.
Neword Nu'ber Protocol4s5 Descri(tion
tc('u- # TCP! :DP TCP Port 7er%ice 2ulti(le-er
echo = TCP! :DP 1cho
discard ? TCP! :DP Discard
sstat ## TCP 3cti%e :sers
dati'e #3 TCP! :DP Dati'e 4$FC >6=5
@otd #= TCP Quote o, the Da
's( #> TCP! :DP 'essage send (rotocol
chargen #? TCP! :DP Character Generator
,t(0data "0 TCP! :DP File trans,er de,ault data
,t( "# TCP! :DP File trans,er control
ssh "" TCP! :DP $e'ote login (rotocol
telnet "3 TCP! :DP Telnet
s't( "; TCP! :DP 7i'(le 2ail Trans,er
ti'e 3= TCP! :DP Ti'e
rl( 3? TCP! :DP $esource location (rotocol
na'eser%er &" TCP! :DP Bost na'e ser%er
whois &3 TCP! :DP Aho is
re0'ail0ck ;0 TCP! :DP $e'ote 'ail checking (rotocol
do'ain ;3 TCP! :DP Do'ain na'e ser%er
boot(s 6= TCP! :DP /ootstra( (rotocol ser%er
boot(c 6> TCP! :DP /ootstra( (rotocol client
t,t( 6? TCP! :DP Tri%ial +le trans,er (rotocol
go(her =0 TCP! :DP Go(her
+nger =? TCP! :DP Finger
www >0 TCP! :DP Aorld wide web or BTTP
kerberos >> TCP! :DP Nerberos
su(du( ?; TCP! :DP 7:PD:P
hostna'e #0# TCP! :DP NIC Bost Na'e 7er%er
iso0tsa( #0" TCP! :DP I760T73P Class 0
csnet0ns #0; TCP! :DP CC76 na'e ser%er (rotocol
rtelnet #0= TCP! :DP $e'ote Telnet 7er%ice
(o(0" #0? TCP! :DP Post 6Ece Protocol 0 Version "
(o(03 ##0 TCP! :DP Post 6Ece Protocol 0 Version 3
sunr(s ### TCP! :DP 7:N $e'ote Procedure Call
auth ##3 TCP! :DP 3uthentication 7er%ice
s,t( ##; TCP! :DP 7i'(le File Trans,er Protocol
uuc(0(ath ##= TCP! :DP ::CP Path 7er%ice
nnt( ##? TCP! :DP Network News Trans,er ProtocolNetwork Ports
n( #"3 TCP! :DP Network Ti'e Protocol
netbios0ne #3= TCP! :DP N1T/I67 Na'e 7er%ice
netbios0dgra' #3> TCP! :DP N1T/I67 Datagra' 7er%ice
netbios0ssn #3? TCP! :DP N1T/I67 7ession 7er%ice
i'a( #&3 TCP! :DP Internet 2essage 3ccess Protocol
sn'( #6# TCP! :DP 7N2P
sn'(0tra( #6" TCP! :DP 7N2PT$3P
c'i(0'an #63 TCP! :DP C2IP)TCP 2anager
c'i(0agent #6& TCP! :DP C2IP)TCP 3gent
-d'c( #== TCP! :DP 9 Dis(la 2anager Control Protocol
ne-tste( #=> TCP! :DP Ne-t7te( Aindow 7er%er
bg( #=? TCP! :DP /order Gatewa Protocol
(ros(ero #?# TCP! :DP Pros(ero Director 7er%ice
irc #?& TCP! :DP Internet $ela Chat Protocol
s'u- #?? TCP! :DP 72:9
at0rt'( "0#)tc( V 3((leTalk routing
at0rt'( "0#)ud(
at0nb( "0")tc( V 3((leTalk na'e binding
at0nb( "0")ud(
at0echo "0&)tc( V 3((leTalk echo
at0echo "0&)ud(
at0His "06)tc( V 3((leTalk Hone in,or'ation
at0His "06)ud(
@'t( "0?)tc( V The Quick 2ail Trans,er Protocol
@'t( "0?)ud( V The Quick 2ail Trans,er Protocol
H3?;0 "#0)tc( wais V NI76 G3?.;0 database
H3?;0 "#0)ud( wais
i(- "#3)tc( V IP9
i(- "#3)ud(
i'a(3 ""0)tc( V Interacti%e 2ail 3ccess
i'a(3 ""0)ud( V Protocol %3
r(c"(ort'a( 36?)tc(
r(c"(ort'a( 36?)ud( V Coda (ort'a((er
codaauth" 3=0)tc(
codaauth" 3=0)ud( V Coda authentication ser%er
ulistser% 3=")tc( V :NI9 8istser%
ulistser% 3=")ud(
htt(s &&3)tc( V 2Co'
htt(s &&3)ud( V 2Co'
sn(( &&&)tc( V 7i'(le Network Paging Protocol
sn(( &&&)ud( V 7i'(le Network Paging Protocol
sa,t &>=)tc( V 7i'(le 3snchronous File Trans,er
sa,t &>=)ud( V 7i'(le 3snchronous File Trans,er
n('(0local 6#0)tc( d@s3#3S@'aster V n('(0local ) DQ7
n('(0local 6#0)ud( d@s3#3S@'aster V n('(0local ) DQ7
n('(0gui 6##)tc( d@s3#3Se-ecd V n('(0gui ) DQ7
n('(0gui 6##)ud( d@s3#3Se-ecd V n('(0gui ) DQ7
h''(0ind 6#")tc( d@s3#3SintercellV B22P Indication ) DQ7
h''(0ind 6#")ud( d@s3#3SintercellV B22P Indication ) DQ7Network
Ports
V
V :NI9 s(eci+c ser%ices
V
e-ec ;#")tc(
biF ;#")ud( co'sat
login ;#3)tc(
who ;#3)ud( whod
shell ;#&)tc( c'd V no (asswords used
sslog ;#&)ud(
(rinter ;#;)tc( s(ooler V line (rinter s(ooler
talk ;#=)ud(
ntalk ;#>)ud(
route ;"0)ud( router routed V $IP
ti'ed ;";)ud( ti'eser%er
te'(o ;"6)tc( newdate
courier ;30)tc( r(c
con,erence ;3#)tc( chat
netnews ;3")tc( readnews
netwall ;33)ud( V 0,or e'ergenc broadcasts
uuc( ;&0)tc( uuc(d V uuc( dae'on
a,(o%ertc( ;&>)tc( V 3FP o%er TCP
a,(o%ertc( ;&>)ud( V 3FP o%er TCP
re'ote,s ;;6)tc( r,sSser%er r,s V /runhoF re'ote +lesste'
klogin ;&3)tc( V NerberiHed brloginI 4%;5
kshell ;&&)tc( krc'd V NerberiHed brshI 4%;5
kerberos0ad' =&?)tc( V Nerberos bkad'inI 4%;5
V
webster =6;)tc( V Network dictionar
webster =6;)ud(
V
V Fro' bb3ssigned Nu'bersII.
V
VW The $egistered Ports are not controlled b the I3N3 and on 'ost sste's
VW can be used b ordinar user (rocesses or (rogra's e-ecuted b ordinar
VW users.
V
VW Ports are used in the TCP M&;!#06O to na'e the ends o, logical
VW connections which carr long ter' con%ersations. For the (ur(ose o,
VW (ro%iding ser%ices to unknown callers! a ser%ice contact (ort is
VW de+ned. This list s(eci+es the (ort used b the ser%er (rocess as its
VW contact (ort. Ahile the I3N3 can not control uses o, these (orts it
VW does register or list uses o, these (orts as a con%ienence to the
VW co''unit.
V
ingreslock #;"&)tc(
ingreslock #;"&)ud(
(ros(ero0n( #;";)tc( V Pros(ero non0(ri%ileged
(ros(ero0n( #;";)ud(
data'etrics #6&;)tc( old0radius V data'etrics ) old radius entr
data'etrics #6&;)ud( old0radius V data'etrics ) old radius entr
sa0'sg0(ort #6&6)tc( old0radacct V sa0'sg0(ort ) old radacct entr
sa0'sg0(ort #6&6)ud( old0radacct V sa0'sg0(ort ) old radacct entr
radius #>#")tc( V $adius
radius #>#")ud( V $adiusNetwork Ports
radacct #>#3)tc( V $adius 3ccounting
radacct #>#3)ud( V $adius 3ccounting
c%s(ser%er "&0#)tc( V CV7 client)ser%er o(erations
c%s(ser%er "&0#)ud( V CV7 client)ser%er o(erations
%enus "&30)tc( V codacon (ort
%enus "&30)ud( V Venus callback)wbc inter,ace
%enus0se "&3#)tc( V tc( side eFects
%enus0se "&3#)ud( V ud( s,t( side eFect
codasr% "&3")tc( V not used
codasr% "&3")ud( V ser%er (ort
codasr%0se "&33)tc( V tc( side eFects
codasr%0se "&33)ud( V ud( s,t( side eFect
's@l 3306)tc( V 27Q8
's@l 3306)ud( V 27Q8
r,e ;00")tc( V $adio Free 1thernet
r,e ;00")ud( V 3ctuall uses :DP onl
c,engine ;30>)tc( V CFengine
c,engine ;30>)ud( V CFengine
bbs =000)tc( V //7 ser%ice
V
V
V Nerberos 4ProCect 3thena)2IT5 ser%ices
V Note that these are ,or Nerberos %&! and are unoEcial. 7ites running
V %& should unco''ent these and co''ent out the %; entries abo%e.
V
kerberos& =;0)ud( kerberos0i% kdc V Nerberos 4ser%er5 ud(
kerberos& =;0)tc( kerberos0i% kdc V Nerberos 4ser%er5 tc(
kerberosS'aster =;#)ud( V Nerberos authentication
kerberosS'aster =;#)tc( V Nerberos authentication
(asswdSser%er =;")ud( V Nerberos (asswd ser%er
krbS(ro( =;&)tc( V Nerberos sla%e (ro(agation
krbu(date =60)tc( kreg V Nerberos registration
k(asswd =6#)tc( k(wd V Nerberos <(asswd<
k(o( ##0?)tc( V Po( with Nerberos
knetd "0;3)tc( V Nerberos de0'ulti(le-or
He(hr0sr% "#0")ud( V Ge(hr ser%er
He(hr0clt "#03)ud( V Ge(hr ser%0h' connection
He(hr0h' "#0&)ud( V Ge(hr host'anager
eklogin "#0;)tc( V Nerberos encr(ted rlogin
V
V :noEcial but necessar 4,or Net/7D5 ser%ices
V
su(+lesr% >=#)tc( V 7:P ser%er
su(+ledbg ##"=)tc( V 7:P debugging
V
V Datagra' Deli%er Protocol ser%ices
V
rt'( #)dd( V $outing Table 2aintenance Protocol
nb( ")dd( V Na'e /inding Protocol
echo &)dd( V 3((leTalk 1cho Protocol
Hi( 6)dd( V Gone In,or'ation Protocol
V
V 7er%ices added ,or the Debian GN:)8inu- distribution
(o((assd #06)tc( V 1udoraNetwork Ports
(o((assd #06)ud( V 1udora
'ail@ #=&)tc( V 2ailer trans(ort @ueue ,or G'ailer
'ail@ #=&)tc( V 2ailer trans(ort @ueue ,or G'ailer
ss't( &6;)tc( V 72TP o%er 778
gdo'a( ;3>)tc( V GN:ste( distributed obCects
gdo'a( ;3>)ud( V GN:ste( distributed obCects
snews ;63)tc( V NNTP o%er 778
ssl0lda( 636)tc( V 8D3P o%er 778
o'irr >0>)tc( o'irrd V online 'irror
o'irr >0>)ud( o'irrd V online 'irror
rsnc >=3)tc( V rsnc
rsnc >=3)ud( V rsnc
si'a( ??3)tc( V I23P o%er 778
s(o(3 ??;)tc( V P6P03 o%er 778
socks #0>0)tc( V socks (ro- ser%er
socks #0>0)ud( V socks (ro- ser%er
r'tc,g #"36)tc( V Gracilis Packeten re'ote con+g
ser%er
-tel #3#3)tc( V ,rench 'initel
su((ort #;"?)tc( V GN3T7
c+nger "003)tc( V GN: Finger
ninstall "#;0)tc( V ninstall ser%ice
ninstall "#;0)ud( V ninstall ser%ice
a,backu( "?>>)tc( V 3,backu( sste'
a,backu( "?>>)ud( V 3,backu( sste'
ic( 3#30)tc( V Internet Cache Protocol 47@uid5
ic( 3#30)ud( V Internet Cache Protocol 47@uid5
(ostgres ;&3")tc( V P67TG$17
(ostgres ;&3")ud( V P67TG$17
,a- &;;=)tc( V F39 trans'ission ser%ice
4old5
hla,a- &;;?)tc( V BlaF39 client0ser%er (rotocol
4new5
noclog ;3;&)tc( V noclogd with TCP 4nocol5
noclog ;3;&)ud( V noclogd with :DP 4nocol5
host'on ;3;;)tc( V host'on uses TCP 4nocol5
host'on ;3;;)ud( V host'on uses TCP 4nocol5
ircd 666=)tc( V Internet $ela Chat
ircd 666=)ud( V Internet $ela Chat
webcache >0>0)tc( V AAA caching ser%ice
webcache >0>0)ud( V AAA caching ser%ice
t(ro- >0>#)tc( V Trans(arent Pro-
t(ro- >0>#)ud( V Trans(arent Pro-
'andels(awn ?3;?)ud( 'andelbrot V network 'andelbrot
a'anda #00>0)ud( V a'anda backu( ser%ices
ka'anda #00>#)tc( V a'anda backu( ser%ices 4Nerberos5
ka'anda #00>#)ud( V a'anda backu( ser%ices 4Nerberos5
a'andaid- #00>")tc( V a'anda backu( ser%ices
a'id-ta(e #00>3)tc( V a'anda backu( ser%ices
isdnlog "00##)tc( V isdn logging sste'
isdnlog "00##)ud( V isdn logging sste'
%bo-d "00#")tc( V %oice bo- sste'
%bo-d "00#")ud( V %oice bo- sste'
bink( "&;;&)tc( V /inkleNetwork Ports
bink( "&;;&)ud( V /inkle
as( "=3=&)tc( V 3ddress 7earch Protocol
as( "=3=&)ud( V 3ddress 7earch Protocol
t+do 60#==)tc( V I,'ail
t+do 60#==)ud( V I,'ail
+do 60#=?)tc( V I,'ail
+do 60#=?)ud( V I,'ail
V 8ocal ser%ices
linu-con, ?>)tc(
swat ?0#)tc( V 3dd swat ser%ice used %ia inetdNetwork
Ter's
Network Ter's
#. 3D7P 0 3((leTalk data strea' (rotocol 'anages the *ow o, data between two
established socket
connections.
". 31P 0 3((leTalk echo (rotocol uses echoes to tell i, a co'(uter! or node! is
a%ailable.
3. 3FP 0 3((leTalk Filing (rotocol 0 2akes network +les a((ear local b 'anaging
+le sharing at
the (resentation laer.
&. 3GP 0 3ccelerated Gra(hics Port. This bus is de%elo(ed ,or ,ast %ideo cards. It is
currentl u( to
&9 'ode s(eed.
;. 32P7 0 3d%anced 2obile Phone 7er%ice is analog cellular (hone ser%ice.
6. 3PI 0 3((lication Progra''ing Inter,ace.
=. 3PPC 0 3d%anced Peer0to0Peer Co''unications (ro%ides (eer to (eer ser%ices at
the trans(ort
and session laer.
>. 3PPN 0 3d%anced Peer0to0Peer Networking su((orts the co'(uter connections at
the network
and trans(ort laers.
?. 3rchitecture 0 The 'ethod that is used to trans'it (ackets on a network.
7o'eti'es the ter'
architecture includes to(olog. 3n e-a'(le is ethernet.
#0. 3$Cnet 0 3ttached $esource Co'(uter Network is an architecture using star
and bus to(olog.
##. 3$P 0 3ddress resolution Protocol is used to resol%e the hardware address o, a
card to (ackage
the ethernet data. It works at the data link laer. $FC >"6.
#". 3$:P 0 3((leTalk u(date routing is a newer %ersion o, $T2P.
#3. 37P 0 3((leTalk session (rotocol controls the starting and ending o, sessions
between co'(uters
called nodes. It works at the session le%el.
#&. 37P 0 3cti%e 7er%er Pages is 2icroso,tIs web ser%er technolog which can run
Visual /asic or
R3V3 scri(t.
#;. 3T2 0 3snchronous Trans,er 2ode 'a be used o%er a %ariet o, 'edia with
both baseband
and broadband sste's. It uses +-ed length data (ackets o, ;3 btes called cell
switching.
#6. 3TP 0 3((leTalk Transaction Protocol (ro%ides a Trans(ort 8aer connection
between
co'(uters.
#=. attenuation 0 signal loss due to i'(edance.
#>. 3: 0 3ccess :nit (ro%ides access to resources like ,a-! tele-! and telete-.
#?. /ackbone 0 2ain cable used to connect co'(uters on a network.
"0. /andwidth 0 Indicates the a'ount o, data that can be sent in a ti'e (eriod.
2easured in 2b(s
which is one 'illion bits (er second.
"#. /aseband 0 Data bits are de+ned b discrete signal changes.
"". /DC 0 /acku( Do'ain Controller is a backu( ,or a PDC
"3. /GP 0 /order Gatewa Protocol! a dna'ic routing (rotocol. $FC #"6=.
"&. /NC 0 /ritish Na%al Connector.
";. /66TP 0 /oot Protocol. $FC ?;#! #;&".
"6. /ridge 0 $ead the outer'ost section o, data on the data (acket! to tell where
the 'essage is going.
It reduces the traEc on other network seg'ents! since it does not send all (ackets
but onl sends
(ackets intended ,or that seg'ent the are attached to. Network Ter's
"=. /roadband 0 :ses analog signals to di%ide the cable into se%eral channels with
each channel at its
own ,re@uenc. 1ach channel can onl trans'it one direction.
">. /roadcast 0 3 trans'ission to all inter,ace cards on the network.
"?. /router 0 Aill ,unction si'ilar to a bridge ,or network trans(ort (rotocols that
are not routable!
and will ,unction as a router ,or routable (rotocols.
30. /7C 0 /inar 7nchronous Co''unication sends bits in ,ra'es which are ti'ed
se@uences o,
data. 3 (ossible 7N3 co''unications architecture!
3#. CCITT 0 International Telegra(h and Tele(hone Consultati%e Co''ittee.
3". CD23 0 Code di%ision 'ulti(le access allows trans'ission o, %oice and data
o%er a shared (art
o, radio ,re@uencies. This is also called s(read s(ectru'.
33. CDPD 0 Cellular Digital Packet Data will allow network connections ,or 'obile
users using
satellites.
3&. cellular 0 3n >00 2hH band ,or 'obile (hone ser%ice.
3;. CB3P 0 Challenge Bandshake 3uthentication Protocol is a three wa handshake
(rotocol which
is considered 'ore secure than P3P.
36. CID$ 0 Classless Inter Do'ain $outing.
3=. Client 0 This co'(uter re@uests resources ,or its use ,ro' a co'(uter that
(ro%ides the resource 4a
ser%er5.
3>. C$C 0 Cclic $edundanc check is a set o, trailing data btes in a 'essage used
to deter'ine i,
an error occurred in a 'essage.
3?. C723)CD 0 Carrier0sense 'ulti(le0access with collision detection ,or controlling
access to the
network 'edia.
&0. C7: 0 Channel ser%ice unit used to connect to digital leased lines on the line
side.
&#. D032P7 0 Digital 32P7 using TD23 to di%ide the channels into three channels.
&". D37 0 Dual attach'ent stations are used b FDDI networks ,or ser%ers and
concentrators are
attached to both rings.
&3. D3T 0 Digital 3udio Ta(e
&&. Datagra' 0 IP header and what is called a 'essage or seg'ent. The 'essage
or seg'ent is a
trans(ort header 4TCP or :DP5 and a((lication data. The ter' datagra' is used to
describe the
in,or'ation be,ore IP ,rag'entation or a,ter reasse'bl.
&;. D/27 0 Database 2anage'ent 7ste's are used to share data on a network.
&6. DD1 0 Dna'ic data e-change.
&=. DDP 0 Datagra' Deli%er Protocol is a routable (rotocol that (ro%ides ,or data
(acket
trans(ortation. It o(erates at the network laer at the sa'e le%el o, the IP (rotocol.
&>. DD7 0 Digital data ser%ice is a leased dedicated digital line.
&?. D1Cnet 0 Fro' Digital 1@ui('ent Cor(oration is a suite o, (rotocols which 'a
be used on large
networks that integrate 'ain,ra'e and 'inico'(uter sste's
;0. DBCP 0 Dna'ic Bost Con+guration Protocol is used to assign IP addresses
dna'icall to
network cards works at the a((lication laer. $FC #;&#.
;#. Direct se@uence 'odulation 0 The data is broken into (arts and trans'itted
si'ultaneousl on
'ulti(le ,re@uencies.
;". D8C 0 Data 8ink Control o(erates at the data link laer and is designed ,or
co''unications
between Bewlett0Packard network (rinters and I/2 'ain,ra'e co'(uters on a
D1Cnet network. Network Ter's
;3. DN3 0 Digital Network 3rchitecture is a ter' ,ro' D1CNet
;&. DN7 0 Do'ain Na'e 7ste' is used on the internet to correlate between IP
address and readable
na'es. $FC #03&! #03;! #;3;0#;3=! #;?#.
;;. D$D3 0 Distributed $elational Database 3rchitecture is ,ro' I/2.
;6. D7: 0 Digital ser%ice unit used to connect to digital leased lines on the 83N
side.
;=. DTD 0 Docu'ent T(e De+nition.
;>. D:N 0 Dial u( networking.
;?. DV2 0 Digital %olt 'eter.
60. 1GP 0 1-terior Gatewa Protocol. :sed between routers o, diFerent sste's.
6#. 1I3 0 1lectronic Industries 3ssociation .
6". 1IG$P 0 1nhanced Interior Gatewa $outing Protocol integrates the bese
ca(abilities o, link0state
(rotocols with distance %ector (rotocols ca(abilities.
63. 1I73 0 1-tended I73 used when the >0">6 through >0&>6 series
'icro(rocessors were being
(roduced. It is backward co'(atible with I73.
6&. 12I 0 1lectro'agnetic Inter,erence.
6;. 1thernet 0 3 network architecture that uses carrier0sense 'ulti(le0access with
collision detection
4C723)CD5 ,or controlling access to the network 'edia and baseband broadcasts. It
uses star
to(olog.
66. FDDI 0 Fiber Distributed Data Inter,ace is a network architecture nor'all used
to send longer
distances. To(olog is ring with two counter rotating rings ,or reliabilit with no
hubs. Cable t(e
is +ber0o(tic.
6=. FD23 0 Fre@uenc Di%ision 2ulti(le 3ccess di%ides the cellular network into
30NhH channels.
6>. Fra'e 0 The unit o, trans'ission in a link laer (rotocol! consisting o, a link0
laer header
4ethernet5 ,ollowed b a (acket 4IP header and data5. It 'a be a (art o, a
,rag'ented datagra'.
6?. Fra'e $ela 0 1rror checking is handled b de%ices at both sides o, the
connection. Fra'e rela
uses ,ra'es o, %aring length and it o(erates at the data link laer o, the 67I
'odel. 3 (er'anent
%irtual circuit 4PVC5 is established between two (oints on the network. Fra'e rela
s(eed is
between ;6Nb(s and #.;&&2b(s.
=0. Fre@uenc ho((ing 0 The trans'itter and recei%er change (redeter'ined
,re@uencies at the sa'e
ti'e 4in a snchroniHed 'anner5.
=#. FTP 0 File Trans(ort Protocol is a TCP)IP (rotocol running at the a((lication laer.
=". Gatewa 0 3 gatewa can translate in,or'ation between diFerent network data
,or'ats or
network architectures. It can translate TCP)IP to 3((leTalk so co'(uters su((orting
TCP)IP can
co''unicate with 3((le brand co'(uters. Not the sa'e as a de,ault gatewa used
b a client to
send (ackets to.
=3. G72 0 Global 7ste' ,or 2obile Co''unications.
=&. BD28 0 Bandheld De%ice 2arku( 8anguage is a %ersion o, BT28 onl allowing
te-t to be
dis(laed.
=;. BT28 0 B(erte-t 2arku( 8anguage is the ,or'at 'an +les ,or web %iewing
are in. It is a
language with <'ark0u(< te-t included ,or ,or'atting.
=6. BTTP 0 B(erte-t Trans,er Protocol is the (rotocol used to co''unicate
between web ser%ers
and web browser so,tware clients.
==. Bub 0 3 t(e o, re(eater used on se%eral network architectures which usuall
connects se%eral Network Ter's
stations.
=>. I3/ 0 Internet 3rchitecture /oard
=?. I3N3 0 Internet 3ssigned Nu'bers 3uthorit.
>0. IC2P 0 Internet Control 2essage Protocol is used to (er,or' network error
re(orting and status.
It works at the trans(ort laer. $FC =?".
>#. IDC 0 Internet Database collector.
>". I1TF 0 Internet 1ngineering Task Force. 7ets Internet technical standards.
>3. IG2P 0 Internet Grou( 2anage'ent Protocol! used ,or 'anaging 'ulticast
grou(s. $FC ###".
>&. I23P& 0 Internet 2ail 3ccess Protocol %ersion & is the re(lace'ent ,or P6P3
>;. I'(edance 0 The a'ount o, resistance to the trans'ission de%ice.
>6. In,ared 0 In,ared is Cust below the %isible range o, light between #00GhH and
#000ThH.
>=. Inter,erence 0 1lectro'agnetic Inter,erence 412I5. Crosstalk 0 Ahen wires (ick
u(
electro'agnetic signals ,ro' nearb wires also carring signals.
>>. Internetwork 0 7e%eral subnets connected together using routers.
>?. InterNIC 0 Internet Network In,or'ation Center! the authorit ,or allocating
internet addresses.
?0. Intranet 0 $e,ers to using internet technologies such as a web ser%er on an
internal network.
?#. IP 0 Internet Protocol os used ,or so,tware addressing o, co'(uters and works at
the data link
laer. $FC =?#.
?". IPIP tunneling 0 Tunneling IP (ackets in IP (ackets. :sed ,or VPN tunneling.
?3. IP7ec 0 Internet (rotocol securit! de%elo(ed b I1TF! i'(le'ented at laer 3. it
is a collection o,
securit 'easures that address data (ri%ac! integrit! authentication! and ke
'anage'ent! in
addition to tunneling. :sed ,or VPN.
?&. IP9 0 Internetwork Packet 1-change su((orts the trans(ort and network laers
o, the 67I
network 'odel. Pro%ides ,or network addressing and routing. It (ro%ides ,ast!
unreliable!
co''unication with network nodes using a connection less datagra' ser%ice.
?;. I$Q0 Interru(t $e@uest
?6. I$TF 0 Internet $esearch Task ,orce.
?=. I73 0 Industr 7tandard 3rchitecture internal co'(uter bus. :sed when the
original >0>> >bit
'icro(rocessor based (ersonal co'(uters were (roduced. 4#6 bit5.
?>. I73N2P)6akle 0 Internet 7ecurit 3ssociation and Ne 2anage'ent Protocol
3uthentication.
??. I73PI 0 Internet 7er%er 3((lication Progra''ing Inter,ace
#00. I7DN 0 Integrated 7er%ices Digital Network is a 'ethod o, sending %oice and
data in,or'ation on
a digital (hone line. Two 6&Nb(s /0channels with one #6Nb(s D channel is (ro%ided
with basic
I7DN ser%ice
#0#. I7P 0 Internet 7er%ice Pro%ider
#0". I76C 0 Internet 7ociet! (ro'otes internet (olicies.
#03. IT: 0 International Teleco''unication :nion.
#0&. FTP 0 File Trans,er Protocol.
#0;. 8"F 0 8aer" Forwarding! works at the link laer o, the 67I 'odel. It has no
encr(tion. /eing
re(laced b 8"TP. It is used ,or VPN.
#06. 8"TP 0 8aer " tunneling (rotocol 4$FC "66#5. :sed ,or VPN tunneling.
#0=. 83N 0 8ocal 3rea Network
#0>. 8D3 0 8ocal deli%er agent on the recei%ing 'achine recei%es the 'ail ,ro' its
2T3. This Network Ter's
(rogra' is usuall (roc'ail.
#0?. 8CP 0 8ink Control Protocol
##0. 8ink 0 Connects two network de%ices. I'(le'ented b the data link laer.
###. 88C 0 8oc]gical link control is the inter,ace between the lower and u((er laer
networking
(rotocols.
##". 8: 0 8ogical :nits are (orts that users use to access network resources is an
7N3 ter'.
##3. 23C 0 2edia 3ccess Control address. /asicall a network card uni@ue
hardware address.
##&. 2ail noti+er 0 This (rogra' noti+es the reci(ient that the ha%e 'ail. Nor'all
this re@uires two
(rogra's! biF and co'sat. /iF allows the ad'inistrator or user to turn on co'sat
ser%ice.
##;. 23N0 2etro(olitan area network re,ers to a network which connects se%eral
83N7 o%er %arious
'edia that is large enough to co%er an area the siHe o, a cit.
##6. 23PI 0 2icroso,tIs 2essaging 3PI which is incor(orated throughout 2icroso,tIs
oEce (roducts
su((orts 'ail at the a((lication le%el.
##=. 23: 0 2ultistation access unit used b Token $ing Networks.
##>. 2/6N1 0 /eing on the 2/6N1 'eans ou are on a network that su((orts
'ulticasting.
##?. 2CI 0 2icrochannel architecture b I/2 and used 'ainl on I/2 brand
co'(uters ,or the
internal bus. 1stablished in #?>>. 4#6 or 3" bits5.
#"0. 2D/7 0 2obile Data /ase 7tation re%iews all cellular channels at cellular sites.
#"#. 2edia 0 The hardware 'ethod used to connect co'(uters o%er a network. The
three 'ain t(es
are co((er cable! +ber o(tic cable! and wireless.
#"". 2essage 0 The unit o, trans'ission in a trans(ort laer (rotocol. 3 TCP
seg'ent is a 'essage
which consists o, a trans(ort (rotocol header ,ollowed b a((lication data.
#"3. 2B7 0 2essage Bandling 7er%ice b No%ell is used ,or 'ail on Netware
networks.
#"&. 2I/ 0 2anage'ent In,or'ation /371 s(eci+es %ariables the network ele'ents
'aintain. Aorks
with the TCP)IP (rotocol 7N2P.
#";. 2I21 0 2ulti(ur(ose Internet 2ail 1-tension is the (rotocol that de+nes the
wa +les are
attached to 72TP 'essages.
#"6. 26TI7 0 2essage0oriented te-t interchange sste'.
#"=. 27 0 2essage 7tore is a storage area ,or 'essages that canIt be deli%ered
i''ediatel when the
reci(ient is oF0line.
#">. 2T3 0 2essage trans,er agent is used to (ass 'ail ,ro' the sending 'achine
to the recei%ing
'achine. There is a 2T3 (rogra' running on both the sending and recei%ing
'achine. 7end'ail
is a 2T3.
#"?. 2TP 0 2ulticast Trans(ort Protocol is a new trans(ort laer (rotocol designed
,or reliable
'ulticast network 'essage trans(ort.
#30. 2T: 0 2a-i'u' Trans'ission :nit is the 'a-i'u' siHe o, each data (acket
,or the ethernet
(rotocol.
#3#. 2:3 0 2ail users agent. This is the (rogra' a user will use to t(e e0'ail. It
usuall incor(orates
an editor ,or su((ort. The user t(es the 'ail and it is (assed to the sending 2T3.
This 'a also
be called the user agent 4:35.
#3". 2ulticasting 0 Trans'itting to a grou( o, inter,ace cards on the network.
#33. 2ultiho'ed 0 3 host with 'ulti(le IP addresses.
#3&. N3DN 0 Nearest 3cti%e Downstrea' Neighbor is a Token ring 3rchitecture
ter'. Network Ter's
#3;. N3: 0 Network 3ddressable :nits is an 7N3 ter'.
#36. N3:N 0 Nearest 3cti%e :(strea' Neighbor is a Token ring 3rchitecture ter'.
#3=. N3T 0 Network 3ddress Translation.
#3>. N/F 0 Net/I67 Fra'e Protocol.
#3?. N/N7 0 Net/I67 Na'e 7er%er. 3 ser%er that 'a(s Net/I67 na'es to IP
addresses. This ser%ice
is (ro%ided b the n'bd dae'on on 8inu-.
#&0. N/P 0 Na'e0binding (rotocol o, the 3((leTalk suite o, (rotocols translates
addresses into na'es.
#&#. N/T 0 Net/I67 o%er TCP)IP de+ned b $FC #00".
#&". NCP 0 NetAare Core Protocol (ro%ides ,or client)ser%er interactions such as +le
and (rint
sharing. It works at the a((lication! (resentation! and session le%els.
#&3. NCP 0 Network Control Progra' (er,or's routing! session 'anage'ent tasks.
It runs in the
co''unications controller. It is an 7N3 networking ter'.
#&&. NDI7 0 Network Dri%er Inter,ace 7(eci+cation ,ro' 2icroso,t! is used on
2icroso,t networks. It
allows 'ulti(le (rotocols to be used on a network card and su((orts the data link
laer o, the
network 'odel.
#&;. Net/1:I 0 Net/I67 1-tended :ser Inter,ace works at the trans(ort laer and
(ro%ides data
trans(ortation. It is not a routable trans(ort (rotocol which is wh N/T e-ists on
large networks
to use routable TCP (rotocol on large networks.
#&6. Net/I67 0 Network /asic In(ut 6ut(ut 7ste' b 2icroso,t.
#&=. NetDD1 0 Network dna'ic data e-change.
#&>. Network 6(erating 7ste' 0 T(icall used to run co'(uters that act as
ser%ers! but 'a be used
on %arious t(es o, co'(uters toda.
#&?. NF7 0 Network File 7ste'. 3 (rotocol that allows :NI9 and 8inu- sste's
re'otel 'ount
each otherIs +le sste's. $FC #0?&
#;0. NIC 0 Network inter,ace card. 3lso called 83N ada(ters.
#;#. NNTP 0 Network News Trans(ort Protocol is used to link newsgrou(s ,or
discussions on the web
#;". 6C 0 6(tical Carrier le%el! see 76N1T.
#;3. 6D/C 0 6(en Database Connecti%it 46D/C5 ,ro' 2icroso,t lets a((lication
de%elo(ers
integrate database connections in a((lications. It is an a((lication (rogra''ing
inter,ace 43PI5.
6D/C dri%ers con%ert an a((licationIs @uer int 7Q8 and send it to the database
engine (rogra'.
#;&. 6DI 0 6(en Data0link Inter,ace o(erates at the data link laer allowing IP9 to
work with an
network inter,ace card.
#;;. 67I 0 6(en 7ste's Interconnect is a suite o, (rotocols de%elo(ed b the
International 7tandards
6rganiHation 4I765 which corres(onds with the laers o, the 67I 'odel.
#;6. 67PF 0 6(en 7hortest Path First! a dna'ic routing (rotocol. $FC #"&=.
#;=. Packet 0 Includes an IP header and data. It 'a be a co'(lete IP datagra' or
a ,rag'ent o, an IP
datagra'.
#;>. PCI 0 Peri(heral Co'(onent Interconnect internal co'(uter bus. The (o(ular
e-(ansion bus o,
choice. It is signi+cantl ,aster than 1I73. This is a 3"bit bus with (lug and (la
ca(abilit ,ro'
Intel.
#;?. PDC 0 Pri'ar Do'ain Controller is an NT ser%er (ro%iding central control o,
user access
(er'issions and accounts on a network.
#60. P3P 0 Password 3uthenti+cation Protocol is a two wa handshake (rotocol
designed ,or use with Network Ter's
PPP.
#6#. P3P 0 Printer access (rotocol o, the 3((leTalk suite o, (rotocols 'anages
in,or'ation between
workstations and (rinters.
#6". PC7 0 Personal co''unications 7er%ice is a #.? GhH band ,or 'obile (hones.
#63. Peer 0 3 co'(uter that can act as both a client and a ser%er.
#6&. Plenu' 0 7(ace abo%e a ,alse ceiling in an oEce area where heat ducts and
cables 'a be run.
Plenu' cabling is s(ecial +re resistant cabling re@uired ,or use in these areas due to
+re haHards.
#6;. P6P 0 Point o, (resence is each (oint at the end o, the trans(ort 'edia
4internet5 when talking
about VPN.
#66. P6P3 0 Post 6Ece Protocol %ersion 3 is used b clients to access an internet
'ail ser%er to get
'ail. It is not a trans(ort laer (rotocol.
#6=. Protocol 0 3 set o, standards sets o, standards that de+ne all o(erations within
a network. There
are %arious (rotocols that o(erate at %arious le%els o, the 67I network 'odel such
as trans(ort
(rotocols include TCP! 7P9.
#6>. PPP 0 Point to Point Protocol! used ,or serial connections to a network ot the
internet. 4$FC #33"!
#;&>5
#6?. PPTP 0 Point to (oint tunneling (rotocol 4$FC "63=5 :sed ,or VPN tunneling.
#=0. P: 0 Phsical :nits are a network de%ice used to co''unicate with hosts. It is
an 7N3 ter'.
#=#. $3DI:7 0 $e'ote 3uthentication Dial0In :ser 7er%ice is used ,or dial in clients
to connect to
other co'(uters or a network. It (ro%ides authentication and accounting when
using PPTP or
8"TP tunneling.
#=". $3ID 0 $edundant 3rra o, Ine-(ensi%e disks is a ,ault tolerant 'ethod o,
storing data! 'eaning
that a ,ailure can occur and the sste' will still ,unction.
#=3. $3$P 0$e%erse 3ddress $esolution Protocol used ,or diskless co'(uters to
deter'ine their IP
address using the network. It works at the data link laer. $FC ?03.
#=&. $37 0 $e'ote 3ccess 7er%ice 4$375 with Aindows NT allows users connecting
to the network
using a 'ode' to use network resources. The NT $37 ser%er can handle ";6
connections.
#=;. $edirector 0 it runs on a windows o(erating sste' and directs re@uests ,or
network resources to
the a((ro(riate ser%er and 'akes network resources see' to be local resources.
#=6. $e(eater 0 :sed on a network to regenerate signals to be sent o%er long
distances or tie co'(uters
together on a network.
#==. $esol%er 0 :sed as (art o, DN7! it is the client side asking ,or DN7 in,or'ation.
#=>. $IP 0 $outing In,or'ation Protocol! a dna'ic routing (rotocol. 3 distance0
%ector algorith' is
used to calculate the best route ,or a (acket. $FC #0;>! #3>> 4$IP"5.
#=?. $login 0 $e'ote login between :NI9 hosts. This is outdated and is re(laced b
Telnet.
#>0. $outer 0 $outes data (ackets between two networks. It reads the in,or'ation
in each (acket to tell
where it is going.
#>#. $PC 0 $e'ote Procedure Call. 3 (rotocol in%ented b 7un 2icrosste' to allow
re'ote
co'(uters to in%oke ,unctions on other hosts. $FC #0;=.
#>". $$ 0 $esource $ecords are a (art o, the DN7 database.
#>3. $T2P 0 $outing table 'aintenance (rotocol is used to u(date routers with
in,or'ation about
network status and address tables. The whole address table is sent across the
network.
#>&. 7)Ne 0 3 one ti'e (assword sste'! secure against re(las. $FC "">?.
Network Ter's
#>;. 73P 0 7er%ice 3d%ertising Protocol (ackets are used b +le and (rint ser%ers to
(eriodicall
ad%ertise the address o, the ser%er and the ser%ices a%ailable. It works at the
a((lication!
(resentation! and session le%els.
#>6. 737 0 7ingle 3ttach'ent stations attached to one ring and used b FDDI
networks to attach
workstations to concentrators.
#>=. 7DB 0 7nchronous Digital Bierarch
#>>. 7D87 0 7nchronous Data 8ink Control is a (ossible 7N3 co''unications
architecture.
#>?. 7ector 7(aring 0 3 'ethod o, ,ault tolerance that auto'aticall identi+es and
'arks bad sectors as
not a%ailable. It is also called hot0+-ing.
#?0. 7eg'ent 0 The unit o, end0to0end trans'ission in the TCP (rotocol which
consists o, a TCP
header ,ollowed b a((lication data.
#?#. 7er%er 0 For the 'ost (art it (ro%ides resources on the network ,or other
co'(uters to use.
#?". 7G28 0 7tandardiHed General 2arku( 8anguage is the base language ,or
docu'ent (ublishing
and is used to de+ne 928! BT28 and 'ore.
#?3. 7hielding 0 :sed to 'ini'iHe inter,erence.
#?&. 781D 0 7ingle 8arge Ine-(ensi%e disk 0 The conce(t that a large disk costs less
(er a'ount o,
storage than se%eral s'aller ones. 7o'ehow this conce(t is used as a 'eans o,
,ault tolerance.
#?;. 78IP 0 7erial 8ine inter,ace Protocol used to connect seriall to a network or
internet. $FC #0;;!
##&& 4Co'(ressed5. $e(laced b PPP.
#?6. 723: 0 7'art 2ultistation 3ccess :nit.
#?=. 72/ 0 7er%er 2essage /lock (rotocol works at the (resentation le%el to
(ro%ide (eer to (eer
co''unication.
#?>. 72D7 0 7witched 2ulti0'egabit Data 7er%ice uses +-ed length cell switching
and runs at s(eeds
o, #.;33 to &;2b(s.
#??. 727 0 727 0 7ste's 2anage'ent 7er%er ,ro' 2icroso,t can collect
in,or'ation o, so,tware on
each co'(uter and can install and con+gure new so,tware on the client co'(uters.
It will also
'onitor network traEc.
"00. 72TP 0 7i'(le 2ail Trans,er Protocol is a TCP (rotocol ,or 'ail trans(ort
running at the
a((lication laer. $FC >"#! >"".
"0#. 7N3 0 7ste' Network 3rchitecture b I/2 is a suite o, (rotocols 'ainl used
with I/2
'ain,ra'e and 37)&00 co'(uters.
"0". 7N2P 0 7i'(le Network 2anage'ent Protocol. $FC ##;;! ##;=! #"#3! #&&#.
"03. 76N1T 0 7nchronous 6(tical Network is a (hsical laer standard that de+nes
%oice! data! and
%ideo deli%er 'ethods o%er +ber o(tic 'edia. It de+nes data rates in ter's o,
o(tical carrier
46C5 le%els.
"0&. 7(read s(ectru' 0 It uses se%eral ,re@uencies at the sa'e ti'e.
"0;. 7P9 0 7e@uenced Packet 1-change o(erates at the trans(ort laer (ro%iding
connection oriented
co''unication on to( o, IP9.
"06. 7Q8 0 7tructured Quer 8anguage is a database access language. It is used b
'ost client)ser%er
database a((lications.
"0=. 77CP 0 7ste's 7er%ices Control Point 'anages all resources in the hostIs
do'ain. 3n 7N3 ter'.
"0>. 7TP 0 7hielded Twisted Pair cable. #00 'eter 'a-i'u' length. #60#;; 2b(s
s(eed. 8ower
electrical inter,erence than :TP Network Ter's
"0?. 7ubnet 0 3 (art o, a network. 3 class / network 'a ha%e se%eral class C
subnets. :suall
routers are used to connect subnets.
"#0. T3C3C7 0 6Fers authentication! accounting! and authoriHation.
"##. T Carrier 0 2ulti(le-ors are used to allow se%eral channels on one line. The T#
line is basic T
Carrier ser%ice.
"#". TCP 0 Trans(ort Control (rotocol is a connection oriented reliable (rotocol
working at the
trans(ort laer. $FC =?3.
"#3. TDI 0 Trans(ort Dri%er Inter,ace is a standard ,or (assing 'essages between
the dri%ers at the
data link laer and the (rotocols working at the network laer such as IP or Net/1:I.
It was
(roduced b 2icroso,t.
"#&. TD23 0 Ti'e Di%ision 2ulti(le 3ccess uses ti'e di%ision 'ulti(le-ing to di%ide
each cellular
channel into three sub channels to ser%ice three users at a ti'e.
"#;. TD$ 0 Ti'e0do'ain re*ecto'eter sends a sonar like electrical (ulse down a
cable and can
deter'ine the location o, a break in the cable.
"#6. TFTP 0 Tri%ial File Trans,er Protocol. $FC #3;0.
"#=. Telnet 0 $e'ote session at the a((lication laer. $FC >;&.
"#>. Thicknet 0 Bal, inch rigid cable. 2a-i'u' cable length is ;00 'eters.
Trans'ission s(eed is
#02b(s. 1-(ensi%e and is not co''onl used. 4$G0## or $G0>5.
"#?. Thinnet 0 Thinnet uses a /ritish Na%al Connector 4/NC5 on each end. Thinnet is
(art o, the $G0
;> ,a'il o, cableL. 2a-i'u' cable length is #>; 'eters. Trans'ission s(eed is
#02b(s.
""0. TI3 0 Teleco''unications Industries 3ssociation .
""#. T8D 0 To( 8e%el do'ain
""". Token $ing 0 3 network architecture de%elo(ed b I/2 which sends tokens
around a ring o,
co'(uters to allow 'edia access. 7tandardiHed to I111 >0".;
""3. To(olog 0 The sha(e o, the (hsical connection o, a network with regard to
re(eaters and
networked co'(uters. The three 'ain t(es are ring! bus! and star.
""&. :3 0 :sers agent. This is the (rogra' a user will use to t(e e0'ail. It usuall
incor(orates an
editor ,or su((ort. The user t(es the 'ail and it is (assed to the sending 2T3. This
'a also be
called the 'ail user agent 42:35.
"";. :DP 0 :ser Datagra' Protocol is a connection less unreliable (rotocol working
at the trans(ort
laer. $FC =6>.
""6. :NC 0 :ni%ersal Na'ing Con%ention is used to allow the use o, shared
resources without
'a((ing a dri%e to the'.
""=. :nicast 0 3 trans'ission to a single inter,ace card.
"">. :$8 0 :ni%ersal $esource $elocator is a ter' used to describe the na'e o, a
web based resource
such as a web (age or location o, a +le ,or down loading.
""?. :TP 0 :nshielded Twisted Pair cable. Nor'all :TP contains > wires or & (air.
#00 'eter
'a-i'u' length. &0#00 2b(s s(eed.
"30. VI2 0 Vendor0Inde(endent 2essaging (rotocol ,ro' 8otus su((orts 'ail at the
a((lication le%el
and is su((orted b 'an %endors e-clusi%e o, 2icroso,t.
"3#. VPN 0 Virtual Pri%ate Networking. The ,unction o, VPN is to allow two
co'(uters or networks to
talk to each other o%er a trans(ort 'edia that is not secure! but the network is
'ade secure b
VPN securit (rotocols. Network Ter's
"3". A3C 0 Aorld Aide Aeb Consortiu'! sets standards ,or the web working with
the I1TF.
"33. A3N 0 Aide 3rea Network is larger than a 23N and 'a be an enter(rise
network or a global
network.
"3&. AIN7 0 Aindows Internet Na'e 7er%ice is the 2icroso,t i'(le'entation o,
Net/I67 na'e
ser%ice.
"3;. wireless bridge 0 2icrowa%e or in,ared is used between two line o, site (oints
where it is diEcult
to run wire.
"36. A28 0 Aireless 'arku( language is another na'e ,or BD28.
"3=. 9."; 0 This is a set o, (rotocols de%elo(ed b the CCITT)IT: which s(eci+es
how to connect
co'(uter de%ices o%er a internetwork.
"3>. 9.&00 0 International Teleco''unication :nion standard de+nes trans,er
(rotocols ,or sending
'ail between 'ail ser%ers.
"3?. 9.;00 0 This is a reco''endation outlining how an organiHation can share
obCects and na'es on
a large network. It is hierarchical si'ilar to DN7! de+ning do'ains consisting o,
organiHations!
di%isions! de(art'ents! and workgrou(s.
"&0. 928 0 1-tensible 2arku( 8anguage is a subset o, 7G28 and is used widel on
the web.
"&#. GIP 0 Gone in,or'ation (rotocol used with $T2P to 'a( Hones. $outers use
Hone in,or'ation
tables 4GITs5 to de+ne network addresses and Hone na'es. Network $FCs
Network $FCs
Network $FCs and 3ssociated Protocols
The table below lists Protocols and their associated $FCs.
Protocol 3ssociated $FC
Port Nu'bers #3&0! #=00
6Ecial Protocol 7tandards
#600! #6#0! #="0! #>00! #>>0! #?"0! "000! ""00! "300!
"&00
Bost $e@uire'ents
##"" 48INN! N1TA6$N! T$3N7P6$T! ##"3
43((lication5
$outer $e@uire'ents #00?! #>#"! "6&&
IP Datagra's >?&! #0&"! ?#?! ?""
78IP #0;;
Co'(ressed 78IP ##&&
PPP ##3&! #33"! #333! #;&=! #;&>! #;&?! #;;"! #66#! "#;3
Path 2T: Disco%er ##?#
IP =?#
Checksu' #0=#! ##&#! #6"&
3ssign'ent o, 7ubnet Nu'bers #"#?
3$P >"6
$3$P ?03
IC2P =?"! ?;0
$IP #0;>
$IP%" #3>>! #="3! "&;3
67PF #"&=! #;>3! #"&6! #"&;! "#=>
/GP #"6=! #"6>! #&6=! #6;;! #=="
:DP =6>
IG2P ###"! ""36 4IP 'ulticasting5
8ink Control Protocol 48CP5 #;=0
DN7
#03&! #03;! #06;! "30>! ##0#! ##>3! #3&>! #>=6! #?>"!
"06;! ";3;! #??;! #??6! "#36! "#3=
1CB6 >6"
TFTP =>3! #3;0! #=>"! #=>3! #=>&! #=>;! "3&=! "3&>! "3&?Network $FCs
/66TP ?;#! #3?;! #&?=! #;3"! #;&"
TCP =?3! #3"3
7N2P ##;=
7N2P%" #&&#
2anage'ent In,or'ation /ase 42/I/5 #"#3! "0##! "0#"! "0#3
7tructure o, 2anage'ent In,or'ation 472I5 ##;;
$login #">"
Telnet >;&
FTP ?;?! """>! "6&0
72TP >"#! >""! ##3>! ##&>! #3"=! "#;6
72TP 2essage Trans,er 3gent 42T35 >"#
$PC #0;=
NF7 #0?&! #>#3
Finger #">>
Net/I67 #00#! #00"
IP on Token $ing #0&"
8ine Printer ##=?
IP on FDDI ##>>
IP on 3$CNet #"0#
DBCP and /66TP #;33! #;3&! #;&#! #;&"
IP9 #;;3
8ink to 8isting o, $FCs at 6hio 7tate The CTDP Networking Guide 0 Further $eading
Further $eading
Title.
TCP)IP Illustrated! Volu'e#! The Protocols
3uthor.
A. $ichard 7te%ens
Publisher.
3ddison Aesle
I7/N
0"0#633&6? The CTDP Networking Guide 0 Credits
The CTDP Networking Guide Credits
Docu'ent.
The CTDP Networking Guide Version 0.6.3
3uthor.
2ark 3llen