Networking 101

cursefarmΔίκτυα και Επικοινωνίες

24 Οκτ 2013 (πριν από 3 χρόνια και 10 μήνες)

92 εμφανίσεις

Networking 101

An Introduction to Networking

Roger Connell

Innova Solutions

Overview


IP


TCP


Private Address Ranges


Small Office Network


TCP/IP Tools


Symbolic Name Translation


Windows Resource Sharing


Routers and Firewalls


Analysers



IP


Datagram


Send it let it rattle around to its destination


If it takes too long throw it away


Address Format (V4)


192.168.0.188 4 Octets


Sits on top of a Data Link Protocol


Ethernet


MAC Address Allocated by Card Manufacturer


https://wwwcoms.murdoch.edu.au/macaddress.html


But could be


IEEE 802
-
2, Token Ring, FDDI, SMDS,SDLC, LAPB, etc.

IP V4 Packet Format

Version

Header

Length

Type of

Service

Total Length

Identification

Fragment Info

Time to Live

Protocol

Header Checksum

Source Address

Destination Address

Multiple 32 bit words of “Options”

Data

IP Address Aspects


The IP Address applies to a connection not a host


“Networks” and Subnets


Conceptual Class A,B,C


Actual implementation is Subnets


Defined by Subnet Mask 255.255.255.0


255.255.255.128 or 255.255.255.192?


Works with IP Address


192.168.26.34


Broadcast all 1’s in subnet 192.168.26.63?


The Network Address is all 0’s used in routing tables (192.168.26.192)


Network Address Translation


Original concept every connection owns an IP address


Not enough addresses in IP4


IP6 was solution but


NAT has solved the problem


Local Network uses a range of Private IP Addresses


ISP allocates one Global IP Address for each WAN connection


NAT used to Translate Address from Local to Global


http://en.wikipedia.org/wiki/Private_network





??

Private IP Address


Private IP Address Ranges


10.0.0.0 to 10.255.255.255


172.16.0.0 to 172.31.255.255


192.168.0.0 to 192.168.255.255


Gateway provides Address Translation (and other fire wall services)


Typically the ADSL modem or router or Gateway Computer (for dial up)


Typical gateway uses .1 or .254 of subnet


ISP provides global (WAN) IP address



either dynamically or fixed


From the WAN all calls are to and from the WAN IP address


For outgoing calls NAT maintains a cross reference table


Special rules for some protocols supported by “good” firewalls


Eg. FTP Data Channel


Incoming calls must have handling rules (Port forwarding)


Private IP address ranges not supported in the WAN


Protects your computers from outside attacks


Loopback Address


Localhost, lo or lo0 >> 127.0.0.1

Small Office Network


Choose a Private Network Range


Allocation Method


Auto Requires a DCHP server


Generally supplied with router


Provides an IP address, Mask, Gateway and DNS details


You need to set auto allocate range to not conflict with manual Allocations


Address may change so servers and shares need to use Windows Host names


Manual Allocation


You need to have a plan and configure details otherwise supplied by DHCP


Servers and Shares can be referred to by IP address and avoid Windows drop outs


Or distributed using Hosts and LMHosts


Suggestion


Auto for Laptops and Manual for servers and shares.


Internet


IntraNet

192.168.3.0

NAT

DHCP

215.56.89.234

192.168.3.254

192.168.3.101

192.168.3.100

Changing IP Properties


Control Panel>>Network Connections


Select the connection to change


Select Properties and on the General Tag


Select Internet Protocol and press Properties

NB.

The Link Layer Configuration is at the

top of the Connection Properties Dialog

TCP and UDP


UDP and TCP Add a Port Number


Destination Port No is the “application” or “service” address on the host


Applications/services register to listen for incoming data on the defined port


IANA port numbers:
http://www.iana.org/assignments/port
-
numbers



0 to 1023 Well Known ports managed by IANA


1024 to 49151 Registered by IANA as a convenience


49152 to 65535 Dynamic (used for source address)


C:
\
WINDOWS
\
system32
\
drivers
\
etc
\
services


Source Port number used with IP addresses and destination port number to
create a unique identifier for the connection.


Source port number incremented at each use


UDP


User Datagram Protocol


really only IP with port number and optional checksum


source port optional


TCP Transport Connection Protocol


Provides a reliable stream connection


Requests retransmission of lost or corrupted data and reassembles the original
order.

TCP/IP

IP

TCP

TCP PDU Format

Source Port

Destination Port

Protocol

Header Checksum

Sequence Number

Acknowledgement Number



Multiple 32 bit words of “Options”

Data

Window

Checksum (Hdr + Data)

Urgent Pointer

IP

Header

Header

Length

Code Bits

Reserved

TCP IP Tools


Ping


ping

[
-
t
] [
-
a
] [
-
n

Count
] [
-
l
Size
] [
-
f
] [
-
i

TTL
] [
-
v

TOS
] [
-
r

Count
] [
-
s

Count
]
[{
-
j

HostList

|
-
k
HostList
}] [
-
w

Timeout
] [
TargetName
]


IPConfig


ipconfig

[
/all
] [
/renew

[
Adapter
]] [
/release

[
Adapter
]] [
/flushdns
]
[
/displaydns
] [
/registerdns
] [
/showclassid

Adapter
]
[
/setclassid

Adapter

[
ClassID
]]


http://www.microsoft.com/resources/documentation/windows/xp/all/prod
docs/en
-
us/ipconfig.mspx?mfr=true



TraceRt


tracert
[
-
d
] [
-
h
MaximumHops
] [
-
j
HostList
] [
-
w
Timeout
]

[
TargetName
]


NsLookup


nslookup

[
-
SubCommand ...
] [{
ComputerToFind
|

[
-
Server
]}


Others


NetStat,

Meaningful Names


All packets are directed by IP address but that
has no “meaning”


Symbolic Name


Directory Services


Name Servers translate a symbolic name to an
IP address


Two main participants


Domain Name Server (DNS)


Netbios name service (NBNS)


Windows Internet Name Service (WINS)


Domain Name Server


DNS uses a distributed database protocol to delegate control of domain
name hierarchies among
zones
, each managed by a group of
name
servers
.


Manual Configuration but distributed


Resolution starts from global root nameservers


Logically only 13 root nameservers


Physically more using anycast


Each holds delegations for all Top Level Domains


.com, .edu, .org, .au, .uk, .at, .nz ………


Locally configured by ISPs etc.


Records delegating sub domains


Records give IP address for servers part of this domain


Local DNS resolve any unknown name on request


Having resolved an address a DNS server caches it for a time to live parameter


There are now services which will allow handling of dynamic IP addresses


Presumably via very short time to live values


www.dyndns.org



WINS and Netbios


Windows Name Resolution


Is Dynamic


Local broadcast


Windows Internet Name Server


LMHosts file


Mode Determines order of look up


b (broadcast), p (peer), m (mixed), h (hybrid)


Name Cache


Additional functions resolve services available


Host Files


\
%SystemRoot%
\
System32
\
drivers
\
etc
\
LMHost
-

For Lookups?


\
%SystemRoot%
\
System32
\
drivers
\
etc
\
Host
-

For IP Tools Ping, NetStat, …. Why???


Flat


Name must be unique


Group (Work Group) just for presentation (I think?)


Broadcast may be blocked by IP Routers


Who has TheDomainIWant


Register name by broadcast


Disappearing Hosts


Attempting to use a host when it is not available sometimes flushes the cache?


Firewalls can block broadcasts


Radio connections seem to drop the stack while changing log in


Using the Network wizard will reconfigure a host name


It does not default to existing


Limited number of connections available in XP


Hosts in excess cannot see services

Wins Setup

WINS and DNS


WINS


Resolves NetBios IP Addresses


Flat and Dynamic Structure


Supports DHCP


DNS


Resolves hostnames to IP Address


Hierarchical and static structure


Supports TCP/IP applications that require more
information than hostnames and IP addresses.


DHCP Dynamic update is possible with Windows NT
Server 5 and higher

Finding Workgroup Computers


My Computer >


My Network Places


Should show all shares on network


View Work Group Computers


Should show all computers in the workgroup


View Entire Network


Seems a little convoluted and hit and miss to me.


Mapping a Drive


By Mapping a drive you get a drive indicator in “My computer”


Can map to IP address and browse


Browse shows all “Shares” which are network enabled.


My Computer>> Tools >> Map Network Drive

Network Enable a Directory


My Computer




Directory



Properties


Sharing


Share Folder on the Network


Share Name


Set writeable


Share Limit



XPHome 5 Resources


XPPro 10 Resources


http://support.microsoft.com/kb/328459



Notes
•For Windows XP Professional
-
based
computers, the maximum number of concurrent
network connections that are allowed is 10. This
limit includes all transfer and all resource share
protocols. For Windows XP Home Edition
-
based
computers, the maximum number of concurrent
network connections that are allowed is 5. This limit
is the number of sessions that can be hosted at the
same time from other computers. Therefore, we
cannot use the administrative tool usage to connect
to the system from a remote computer.

Router Configuration


Router establishes your trusted boundary


ADSL Modem/Router


Router connecting to WAN


Functions


NAT


Router determines private network used


Firewall


Port forwarding


Response to WAN Ping, Echo, etc


WAN Configuration (NO NO NO)


Virtual Private Network Support


DHCP


For dynamic IP addresses

Router Firewall


The trusted boundary


Preferably running no other stuff that can
expose it

Internet


IntraNet

Block all
Requests

That are not
“Expected”

Allow calls
based on

Permissions


For me
unrestricted


Corporates
often restrict
to only
authenticated
proxies

DMZ

Host

Basic Setup


ADSL Password


WAN IP Address


Dynamic IP Address from WAN or Fixed IP address


LAN IP Address and Mask

Router DHCP Setup



Starting IP Address


Lease Time

Wireless Setup


Security Mode


Must have


MAC Address Filtering


Port Forwarding


Enable some applications on the LAN servers to accept WAN traffic


Zebedee Tunnel


Secure Database


Traffic is addressed to the IP address of the router WAN Connection


Demilitarized Zone Host implies all (other?) ports


Should be seen as being outside the firewall


If it is compromised it should not be able to attack LAN computers


Seems not the case with this router

Remote Admin


NO Way


If you need to support remotely use a VPN or a Tunnel
(Zebedee) via a LAN server to the LAN address.


You may turn on remote support via this means before editing the
box configuration

Internet

Virtual Private Network


Enables operation of a distributed private
network using encrypted tunnels


May need to use same model router


Different Address Spaces





215.56.89.234

192.168.3.101

192.168.3.100


IntraNet
1

192.168.3.0


IntraNet
2

192.168.4.0

124.65.93.178

192.168.4.1

192.168.4.100

192.168.3.1

Network Analyser


Gives a view of data on the
wire


Ethereal


The latest version of
Ethereal

can
be found at



http://www.ethereal.com
.

Analyser Filters


Follow A Stream


4033 to 80 Tools >> Follow TCP Stream

References


An Internet Encyclopedia
http://www.freesoft.org/CIE/index.htm


Port Numbers
http://www.iana.org/assignments/port
-
numbers



Private Networks
http://en.wikipedia.org/wiki/Private_network


Linux Implementation
http://us3.samba.org/samba/docs/using_samba/ch01.html


Windows Netbios parameters in Registry
http://asksomeone.net/tcpxp.html



Windows NT TCP/IP by Karanjit s Siyan


Data Communications, Computer Networks and Open
Systems by Fred Halsall