Upload
ayaz-ali
View
218
Download
0
Embed Size (px)
Citation preview
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 1/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 1
Networking Introduction
What is a Network?
A network is simply a group of two or more Personal Computers linked together.
What Types of Netw orks Are There?
Many types of networks exist, but the most common types of networks are Local-
Area Networks (LANs), and Wide-Area Networks (WANs). In a LAN, computers
are connected together within a "local" area (for example, an office or home). In
a WAN, computers are further apart and are connected viatelephone/communication lines, radio waves or other means of connection.
How are Networks Categorized?
Networks are usually classified using three properties: Topology, Protocol and
Architecture.
Topology specifies the geometric arrangement of the network. Common
topologies are a bus, ring and star. You can check out a figure showing the threecommon types of network topologies here.
Protocol specifies a common set of rules and signals the computers on the
network use to communicate. Most networks use Ethernet, but some networks
may use IBM's Token Ring protocol. We recommend Ethernet for both home and
office networking.
Architecture refers to one of the two major types of network architecture: Peer-
to-peer or client/ server. In a Peer-to-Peer networking configuration, there is
no server, and computers simply connect with each other in a workgroup to sharefiles, printers and Internet access.
This is most commonly found in home configurations and is only practical for
workgroups of a dozen or less computers. In a client/server network there is
usually an NT Domain Controller, to which all of the computers log on. This server
can provide various services, including centrally routed Internet Access, mail
(including e-mail), file sharing and printer access, as well as ensuring security
across the network. This is most commonly found in corporate configurations,where network security is essential.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 2/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 2
Network Cabling
Introduction
This section talks about the cabling used in today's networks. There's a lot of
different type of cabling in today's networks and I am not going to cover all of them, but I will be talking about the most common cables, which include UTPCAT5 straight through and crossover, Coax and a few more.
Cabling is very important if you want a network to work properly with minimum
problems and bandwidth losses. There are certain rules which must never be
broken when you're trying to design a network, otherwise you'll have problems
when computers try to communicate. I have seen sites which suffer from
enormous problems because the initial desgin of the network was not doneproperly !
In the near future, cabling will probably be something old and outdated since
wireless communication seems to be gaining more ground, day by day. With thatin mind, around 95% of companies still rely on cables, so don't worry about it toomuch :)
Let's have a quick look at the history of cabling which will allow us to appreciatewhat we have today !
The Beginning
We tend to think of digital communication as a new idea but in 1844 a man called
Samuel Morse sent a message 37 miles from Washington D.C. to Baltimore, using
his new invention ‘The Telegraph’. This may seem a far cry from today's
computer networks but the principles remain the same.Morse code is type of binary system which uses dots and dashes in different
sequences to represent letters and numbers. Modern data networks use 1s and
0s to achieve the same result. The big difference is that while the telegraph
operators of the mid 19th Century could perhaps transmit 4 or 5 dots and dashes
per second, computers now communicate at speeds of up to 1 Giga bit, or to putit another way, 1,000,000,000 separate 1s and 0s every second.
Although the telegraph and the teletypewriter were the forerunners of data
communications, it has only been in the last 35 years that things have really
started to speed up. This was borne out of the necessity for computers to
communicate at ever ncreasing speeds and has driven the development of faster
and faster networking equipment, higher and higher specification cables andconnecting hardware.
Development of new netw ork technology
Ethernet was developed in the mid 1970's by the Xerox Corporation at its Palo
Alto Research Centre (PARC) in California and in 1979 DEC and Intel joined forces
with Xerox to standardize the Ethernet system for everyone to use. The first
specification by the three companies, called the 'Ethernet Blue Book', was
released in 1980, it was also known as the 'DIX standard' after their initials.
It was a 10 Mega bits per second system (10Mbps, = 10 million 1s and 0s per
second) and used a large coaxial backbone cable running throughout the building,with smaller coax cables tapped off at 2.5m intervals to connect to the
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 3/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 3
workstations. The large coax, which was usually yellow, became known as 'Thick
Ethernet' or 10Base5 - the '10' refers to the speed (10Mbps), the 'Base' because
it is a base band system (base band uses all of its bandwidth for each
transmission, as opposed to broad band which splits the bandwidth into separate
channels to use concurrently) and the '5' is short for the system's maximum cablelength, in this case 500m.
The Institute of Electrical and Electronic Engineers (IEEE) released the official
Ethernet standard in 1983 called the IEEE 802.3 after the name of the working
group responsible for its development and, in 1985, version 2 (IEEE 802.3a) was
released. This second version is commonly known as 'Thin Ethernet' or 10Base2;
in this case the maximum length is 185m even though the '2' suggest that itshould be 200m.
Since 1983, various standard have been introduced because of the increasedbandwidth requirements, so far we are up to the Gigabit rate !
Unshielded Tw isted PairIntroduction
Unshielded Twisted Pair cable is most certainly by far the most popular cable
around the world. UTP cable is used not only for networking but also for the
traditional telephone (UTP-Cat 1). There are 6 different types of UTP categories
and, depending on what you want to achieve, you would need the appropriate
type of cable. UTP-CAT5 is the most popular UTP cable, it came to replace the
good old coaxial cable which was not able to keep up with the constant growing
need for faster and more reliable networks.
Characteristics
The characteristics of UTP are very good and make it easy to work with, install,
expand and troubleshoot and we are going to look at the different wiring schemes
available for UTP, how to create a straight through UTP cable, rules for safeoperation and a lot of other cool stuff !
So let's have a quick look at each of the UTP categories available today:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 4/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 4
Category 1/2/3/4/5/6 – a specification for the type of copper wire (most
telephone and network wire is copper) and jacks. The number (1, 3, 5, etc) refers
to the revision of the specification and in practical terms refers to the number of
twists inside the wire (or the quality of connection in a jack).
CAT1 is typically telephone wire. This type of wire is not capable of supporting
computer network traffic and is not twisted. It is also used by phone companies
who provide ISDN, where the wiring between the customer's site and the phonecompany's network uses CAT 1 cable.
CAT2, CAT3, CAT4, CAT5 and CAT6 are network wire specifications. This type of
wire can support computer network and telephone traffic. CAT2 is used mostly for
token ring networks, supporting speeds up to 4 Mbps. For higher network speeds
(100Mbps plus) you must use CAT5 wire, but for 10Mbps CAT3 will suffice. CAT3,
CAT4 and CAT5 cable are actually 4 pairs of twisted copper wires and CAT5 has
more twists per inch than CAT3 therefore can run at higher speeds and greater
lengths. The "twist" effect of each pair in the cables will cause any interference
presented/picked up on one cable to be cancelled out by the cable's partner which
twists around the initial cable. CAT3 and CAT4 are both used for Token Ring, theonly difference is CAT3 can be as long as 100 meters while CAT4 can only be 200meters.
CAT6 wire was originally designed to support gigabit Ethernet (although there are
standards that will allow gigabit transmission over CAT5 wire, that's CAT 5e). It is
similar to CAT5 wire, but contains a physical separator between the 4 pairs tofurther reduce electromagnetic interference.
The next pages (check menu) show you how UTP cable is wired and the different
wiring schemes. It's well worth visiting and reading about.
Straight Thru UTP Cables
Introduction
We will be mainly focussing on the wiring of CAT5 cables here because they are
the most popluar cables around ! You will find info on wiring the classic CAT1
phone cables as well. It is very important you know how exactly to wire UTP
cables because it's the base of a solid network and will help you avoid hours of
frustration and troubleshooting if you do it right the first time :) On the other
hand, if you are dealing with a poorly cabled network, then you will be able tofind the problem and fix it more efficiently.
Wiring the UTP cables !
We are now going to look at how UTP cables are wired. There are 2 popular
wiring schemes that most people use today: the T-568A and T-568B, that differ
only in which color coded pairs are connected - pair 2 and 3 are reversed. Both
work equally well, as long as you don't mix them! If you always use only one
version, you're OK, but if you mix A and B in a cable run, you will get crossedpairs!
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 5/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 5
UTP cables are terminated with standard connectors, jacks and punchdowns. The
jack/plug is often referred to as an "RJ-45", but that is really a telco designation
for the "modular 8 pin connector" terminated with a USOC pinout used for
telephones. The male connector on the end of a patchcord is called a "plug" andthe receptacle on the wall outlet is a "jack."
As I've already mentioned, UTP has 4 twisted pairs of wires, we'll now look at thepairs to see what colour codes they have :
As you can see in the picture on the left, the 4 pairs are labeled. Pairs 2 & 3 are
used for normal 10/100Mbit networks, while Pairs 1 & 4 are reserved. In Gigabit
Ethernet, all 4 pairs are used.CAT5 cable is the most common type of UTP aroundthe world ! It's flexible, easy to install and very reliable when wired properly :)
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 6/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 6
The left and center pictures show the end of a CAT5 cable with an RJ-45
connector; used by all cables to connect to a hub or to your computer's network
card. The picture to the right shows a stripped CAT5 cable, indicating the 4
twisted pairs.
And to be a bit fancy, don't think that UTP CAT5 cable only comes in one boring
colour... those days are over ! You get a wide range of choices today :
T-568A & T-568B 4-pair Wiring
Ethernet is generally carried in 8-conductor cables with 8-pin modular plugs and
jacks. The connector standard is called "RJ-45" and is just like a standard RJ-11modular telephone connector, except it is a bit wider to carry more pins.
Note: Keep in mind that the wiring schemes we are going to talk about are all forstraight through cables only! Cross over cables are examined on a separate page!
The eight-conductor data cable contains 4 pairs of wires. Each pair consists of a
solid colored wire and a white wire with a stripe of the same color. The pairs aretwisted together. To maintain reliability on Ethernet, you should not untwist them
any more than necessary (like about 1 cm). The pairs designated for 10 and 100
Mbit Ethernet are Orange and Green. The other two pairs, Brown and Blue, canbe used for a second Ethernet line or for phone connections.
There are two wiring standards for these cables, called "T568A" (also called
"EIA") and "T568B" (also called "AT&T" and "258A"). They differ only in
connection sequence - that is, which color is on which pin, not in the definition of what electrical signal is on a particular color.
T-568A is supposed to be the standard for new installations, while T-568B is an
acceptable alternative. However, most off-the-shelf data equipment and cablesseem to be wired to T568B. T568B is also the AT&T standard. In fact, I have seen
very few people using T568A to wire their network. It's important not to mix
systems, as both you and your equipment will become hopelessly confused.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 7/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 7
Pin Number Designations for T568B
Note that the odd pin numbers are always the white with stripe color (1,3,5,7).The wires connect to RJ-45 8-pin connectors as shown below:
Color Codes for T568B
Pin color - pair name
1 white/orange (pair 2) TxData +
2 orange (pair 2) ........ TxData -
3 white/green (pair 3) .. RecvData+
4 blue (pair 1)
5 white/blue (pair 1)
6 green (pair 3) ........... RecvData-
7 white/brown (pair 4)
8 brown (pair 4)
The wall jack may be wired in a different sequence because the wires are often
crossed inside the jack. The jack should either come with a wiring diagram or at
least designate pin numbers. Note that the blue pair is on the centre pins; this
pair translates to the red/green pair for ordinary telephone lines which is also in
the centre pair of an RJ-11. (green= wh/blu; red=blu)
Pin Number Designations for T568AThe T568A specification reverses the
orange and green connections so that pairs 1 and 2 are on the centre 4 pins,
which makes it more compatible with the telco voice connections. (Note that inthe RJ-11 plug at the top, pairs 1 and 2 are on the centre 4 pins.) T568A goes:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 8/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 8
Color Codes for T568A
Pin color - pair name
1 white/green (pair 3) .. RecvData+
2 green (pair 3) .......... RecvData-
3 white/orange (pair 2) TxData +
4 blue (pair 1)
5 white/blue (pair 1)6 orange (pair 2) ......... TxData -
7 white/brown (pair 4)8 brown (pair 4)
The diagram below shows the 568A and 568B in comparison:
Where are they used ?
The most common application for a straight through cable is a connection
between a PC and a hub/switch. In this case the PC is connected directly to the
hub/switch which will automatically cross over the cable internaly, using special
circuits. In the case of a CAT1 cable, which is usually found in telephone lines,
only 2 wires are used, these do not require any special cross over since thephones connect directly to the phone socket.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 9/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 9
The picture above shows us a standard CAT5 straight thru cable, used to connect
a PC to a HUB. You might get a bit confused because you might expect the TX+
of one side to connect to the TX+ of the other side but this is not the case. When
you connect a PC to a HUB, the HUB it will automatically x-over the cable for you
by using its internal circuits, this results Pin 1 from the PC (which is TX+) to
connect to Pin 1 of the HUB (which connects to RX+).This happens for the rest of
the pinouts aswell.
If the HUB didn't x-over the pinouts using its internal circuits (this happens when
you use the Uplink port on the hub) then Pin 1 from the PC (which is TX+) would
connect to Pin 1 of the HUB (which would be TX+ in this case). So you notice that
no matter what we do with the HUB port (uplink or normal), the signals assigned
to the 8 Pins on the PC side of things, will always remain the same, the HUB'spinouts though will change depending wether the port is set to normal or uplink.
This pretty much concludes our discussion on straight thru UTP cables !
CAT5 UTP X-Over Cable
Introduction
The cross-over (x-over) CAT5 UTP cable has to be one of the most used cables
after the classic straight-thru cable. The x-over cable allows us to connect two
computers without needing a hub or switch. If you recall, the hub does the x-over
for you internally, so you only need to use a straight thru cable from the PC tothe hub. Since now we don't have a hub, we need to manually do the x-over.
Why do w e need an x-over ?
When sending or receiving data between two devices, e.g computers, one will besending while the other receives. All this is done via the network cable and if you
look at a network cable you will notice that it contains multiple cables. Some of
these cables are used to send data, while others are used to receive data and this
is exactly what we take into account when creating an x-over cable. We basicallyconnect the TX (transmit) of one end to the RX (receive) of the other !
The diagram below shows this in the simplest way possible:
CAT5 X-ove r
There is only one way to make a CAT5 x-over cable and it's pretty simple. Thosewho read the "wiring utp" section know an x-over cable is a a 568A on one end
and a 568B on the other. If you haven't read the wiring section, don't worry
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 10/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 10
because I'll be giving you enough information to understand what we are talkingabout.
As mentioned previously, an x-over cable is as simple as connecting the TX fromone end to the RX of the other and vice versa.
Let's now have a look at the pinouts of a typical x-over CAT5 cable:
As you can see, only 4 pins are needed for a x-over cable. When you buy a x-
over cable, you might find that all 8 pins are used, these cables aren't any
different from the above, it's just that there are cables running to the unsed pins.
This won't make any difference in performance, but is just a habit some peoplefollow.
Here are the pinouts for a x-over cable which has all 8 pins connected:
Where else can I use a x-over ?
X-over cables are not just used to connect computers, but a variety of other
devices. Prime example are switches and hubs. If you have two hubs and you
need to connect them, you would usually use the special uplink port which, when
activated through a little switch (in most cases), makes that particular port not
cross the tx and rx, but leave them as if they where straight through. Whathappens though if you haven't got any uplink ports or they are already used ?
The X-over cable will allow you to connect them and solve your problem. The
diagram below shows a few examples to make it simpler:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 11/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 11
As you can see in the above diagram, thanks to the uplink port, there is no needfor a x-over cable.
Let's now have have look at how to cope when we don't have an uplink to spare,in which case we must make a x-over cable to connect the two hubs:
All the above should explain a x-over cable, where we use it and why we need it.
I thought it would be a good idea to include, as a last picture, the pinouts of astraight thru and a x-over cable so you can compare them side by side:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 12/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 12
10Base-T/ 2/ 5/ F/ 35 - Ethernet
Introduction
The 10Base-T UTP Ethernet and 10Base-2 Coax Ethernet were very popular
around the early to mid 1990's when 100Mbit network cards and hubs/switcheswere very expensive. Today's prices have dropped so much that most vendors
don't focus on the 10Base networks but the 100Base ones and, at the same time,
support the 10 BaseT and 10Base-2 standard. We will also talk about the10Base5/F and 35 shortly.
So what does 10 BaseT/ 2/ 5/ F/ 35 mean ?
To make it simpler to distinguish cables they are categorised; that's how we got
the CAT1, 2, 3 etc cables. Each category is specific for speed and type of
network. But since one type of cable can support various speeds, depending on
its quality and wiring, the cables are named using the "BaseT" to show exactly
what type of networks the specific cable is made to handle.
We are going to break the "10 Base T (and the rest) " into 3 parts so we canmake it easier to understand:
10
The number 10 represents the frequency in MHz (Mega HertZ) for which this
cable is made. In this case it is 10 MHz. The greater the MHz, the greater speeds
the cable can handle. If you try to use this type of cable for greater frequencies
(and, therefore, speeds) then it either will not work or become extremely
unreliable. The 10 MHz speed translates to 10Mbit per second, which in theory
means 1.2 MBytes per second. In practice though, you wouldn't get more than800 KBytes per second.
Base
The word "Base" refers to Baseband. Baseband is the type of communication used
by Ethernet and it means that when a computer is transmitting, it uses all the
available bandwith, whereas Broadband (cable modems) shares the bandwidth
available. This is the reason cable modem users notice a slowdown in speed when
they are connected on a busy node, or when their neighbour is downloading all
the time at maximum speed ! Of course with Ethernet you will notice a slowdownin speed but it will be smaller in comparison to broadband.
T/2/5/F /35
The "T" refers to "Twisted Pair" physical medium that carries the signal. This
shows the structure of the cable and tells us it contains pairs which are twisted.
For example, UTP has twisted pairs and this is the cable used in such cases. For
more information, see the "UTP -Unshielded Twisted Pair" page where you can
find information on pinouts for the cables.
10Base-T
A few years ago, the 10 BaseT cables used CAT3 cables, which are used for
speeds up to 10Mbit, but today you will find mostly CAT5 cables, which are good
for speeds up to 100 Mhz or 100Mbit, these cables are also used for 10Mbit
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 13/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 13
networks. Only 2 pairs of the UTP cable are used with the 10Base-T specificationand the maximum length is 100 meters.
10Base-2
This specification uses Coaxial cable which is usually black, sometimes also called
"Thinwire coax", "Thin Ethernet" or "RJ-58" cable. Maximum length is 185 meters
and it uses BNC connectors which, depending on the configuration, require special
terminators.
10Base-5
This specification uses what's called "Thick wire" coaxial cable, which is usually
yellow. The maximum length is 500 meters and special connectors are used to
interface to the network card, these are called AUI (Attachment Unit Interface)
connectors and are similar to the DB-15 pin connectors most soundcards use for
their joystick/MIDI port. Most networks use UTP cable and RJ-45 connectors or
Coaxial cable with BNC "T" connectors, for this reason special devices made their
way to the market that allow you to connect an AUI network card to thesedifferent cable networks.
The picture below shows you a few of these devices:
10Base-F
This specification uses fibre optic cable. Fibre optic cable is considered to be moresecure than UTP or any other type of cabling because it is nearly impossible to
tap into. It is also resistant to electro magnetic interference and attenuation.
Even though the 10Base-F specification is for speeds up to 10Mbits per second,
depending on the type of fibre and equiptment you use, you can get speeds of upto 2Gigabits per second !
10Base-35
The 10Base-35 specification uses broadband coaxial cable. It is able to carrymultiple baseband channels for a maximum length of 3,600 meters or 3.6 Kms.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 14/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 14
Summary
To summarise, keep the following in mind:
• 10Base-T works for 10Mbit networks only and uses unshielded twisted pair
cable with RJ-45 connectors at each end and maximum length of 100
meters. They also only use 2 pairs of cables. • 10Base-2 works for 10Mbit networks only and uses Coaxial cable.
Maximum length is 185 meters and BNC "T" connectors are used to
connect to the computers; there are special terminators at each of the
coaxial cable. • 10Base-5 works for 10Mbit networks only and uses Thick Coaxial cable.
Maximum length is 500 meters and special "AUI" connectors (DB-15) are
used to interface with the network card. • 10Base-F works for 10Mbit networks only and uses cool fibre optic cable :)
100Base-(T) TX/ T4/ FX - Ethernet
Introduction
The 100Base-TX (sometimes referred to 100Base-T) cable is the most popular
cable around since it has actually replaced the older 10Base-T and 10Base-2
(Coaxial). The 100Base-TX cable provides fast speeds up to 100Mbits and is more
reliable since it uses CAT5 cable (see the CAT 1/2/3/4/5 page).There is also100Base-T4 and 100Base-FX available, which we discuss later.
So what does 100Base-TX/ T4/ FX mean ?
To make it simpler to distinguish cables they are categorised; that's how we got
the CAT1, 2, 3 etc cables. Each category is specific for speed and type of network. But since one type of cable can support various speeds, depending on
its quality and wiring, the cables are named using the "BaseT" to show exactlywhat type of networks the specific cable is made to handle.
We are going to break the "100Base-T? " into 3 parts so we can make it easier to
understand:
100
The number 100 represents the frequency in MHz (Mega HertZ) for which this
cable is made. In this case it is 100 MHz. The greater the MHz, the greater speeds
the cable can handle. If you try to use this type of cable for greater frequencies
(and, therefore, speeds) it will either not work or become extremely unreliable.
The 100 MHz speed translates to 100Mbit per second, which in theory means 12
MBytes per second. In practice though, you wouldn't get more than 4 MBytes persecond.
Base
The word "Base" refers to Baseband. Baseband is the type of communication used
by Ethernet and it means that when a computer is transmitting, it uses all the
available bandwith, whereas Broadband (cable modems) shares the bandwidth
available. This is the reason cable modem users notice a slowdown in speed when
they are connected on a busy node, or when their neighbour is downloading all
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 15/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 15
the time at maximum speed ! Of course with Ethernet you will notice a slowdownin speed but it will be smaller in comparison to broadband.
TX/ T4/ FX
The "T" refers to "Twisted Pair" physical medium that carries the signal. This
shows the structure of the cable and tells us it contains pairs which are twisted.
For example, UTP has twisted pairs and this is the cable used in such cases. The
100Base-T is used sometimes to refer to the 100Base-TX cable specification.
100Base-TX
The TX (sometimes refered as "T" only) means it's a CAT5 UTP straight through
cable using 2 of the 4 available pairs and supports speeds up to 100Mbits.Maximum length is 100 meters
100Base-T4
The T4 means it's a CAT5 UTP straight through cable using all 4 available pairs
and supports speeds up to 100Mbits. Maximum length is 100 meters.
100Base-FX
The FX means it's a 2 strand fiber cable and supports speeds up to 100Mbits.
Summary
To summarise, keep the following in mind:
• 100Base-TX/T4 works for 100Mbit networks only and uses unshielded
twisted pair cable with RJ-45 connectors at each end • All CAT5 UTP cables have 4 pairs of cables (8 wires). • 100Base-TX (sometimes called 100Base-T) uses 2 of the 4 available pairs
within the UTP cable, whereas the 100Base-T4 uses all 4 pairs. • 100Base-FX also works for speeds up to 100Mbits but uses fibre optic
cable instead of UTP.
Fiber Optic Cable
Introduction
In the 1950's more research and development into the transmission of visible
images through optical fibres led to some success in the medical world where it
was being used in remote illumination and viewing instruments. In 1966 Charles
Kao and George Hockham proposed the transmission of information over glass
fibre and realised that to make it a practical proposition, much lower losses in the
cables were essential.
This was the driving force behind the developments to improve the optical losses
in fibre manufacturing and today optical losses are significantly lower than theoriginal target set by Charles Kao and George Hockham.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 16/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 16
The advantages of using fibre optics
Because of the Low loss, high bandwidth properties of fibre cables they can be
used over greater distances than copper cables. In data networks this can be as
much as 2km without the use of repeaters. Their light weight and small size also
make them ideal for applications where running copper cables would be
impractical and, by using multiplexors, one fibre could replace hundreds of copper
cables. This is pretty impressive for a tiny glass filament, but the real benefit in
the data industry is its immunity to Electro Magnetic Interference (EMI), and thefact that glass is not an electrical conductor.
Because fibre is non-conductive it can be used where electrical isolation is
needed, for instance, between buildings where copper cables would require cross
bonding to eliminate differences in earth potentials. Fibres also pose no threat in
dangerous environments such as chemical plants where a spark could trigger an
explosion. Last but not least is the security aspect, it is very, very difficult to tapinto a fibre cable to read the data signals.
Fibre construction
There are many different types of fibre cable, but for the purposes of this
explanation we will deal with one of the most common types, 62.5/125 micron
loose tube. The numbers represent the diameters of the fibre core and cladding,these are measured in microns which are millionths of a metre.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 17/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 17
Loose tube fibre cable can be indoor or outdoor, or both, the outdoor cables
usually have the tube filled with gel to act as a moisture barrier to the ingress of water. The number of cores in one cable can be anywhere from 4 to 144.
Over the years a variety of core sizes have been produced but these days there
are three main sizes that are used in data communications, these are 50/125,
62.5/125 and 8.3/125. The 50/125 and 62.5/125 micron multi-mode cables are
the most widely used in data networks, although recently the 62.5 has become
the more popular choice. This is rather unfortunate because the 50/125 has beenfound to be the better option for Gigabit Ethernet applications.
The 8.3/125 micron is a single mode cable which until now hasn't been widely
used in data networking due to the high cost of single mode hardware. Things are
beginning to change because the length limits for Gigabit Ethernet over 62.5/125
fibre has been reduced to around 220m and now using 8.3/125 may be the only
choice for some campus size networks. Hopefully, this shift to single mode maystart to bring the costs down.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 18/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 18
What's the difference between single-mode and multi-mode?
With copper cables larger size means less resistance and therefore more current,
but with fibre the opposite is true. To explain this we first need to understandhow the light propagates within the fibre core.
Light propagation
Light travels along a fibre cable by a process called 'Total Internal Reflection'
(TIR), this is made possible by using two types of glass which have different
refractive indexes. The inner core has a high refractive index and the outer
cladding has a low index. This is the same principle as the reflection you see
when you look into a pond. The water in the pond has a higher refractive index
than the air and if you look at it from a shallow angle you will see a reflection of
the surrounding area, however, if you look straight down at the water you cansee the bottom of the pond.
At some specific angle between these two view points the light stops reflecting off
the surface of the water and passes through the air/water interface allowing you
to see the bottom of the pond. In multi-mode fibres, as the name suggests, there
are multiple modes of propagation for the rays of light. These range from low
order modes, which take the most direct route straight down the middle, to high
order modes, which take the longest route as they bounce from one side to the
other all the way down the fibre. This has the effect of scattering the signal
because the rays from one pulse of light arrive at the far end at different times;
this is known as Intermodal Dispersion (sometimes referred to as Differential
Mode Delay, DMD). To ease the problem, graded index fibres were developed.
Unlike the examples above which have a definite barrier between core and
cladding, these have a high refractive index at the centre which gradually reduces
to a low refractive index at the circumference. This slows down the lower order
modes allowing the rays to arrive at the far end closer together, thereby reducingintermodal dispersion and improving the shape of the signal.
So what about the single-mode fibre?
Well, what's the best way to get rid of Intermodal Dispersion?, easy, only allow
one mode of propagation. So a smaller core size means higher bandwidth andgreater distances. Simple as that ! :)
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 19/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 19
Direct Cable Connection
Introduction
From the early PC days, Direct Cable Connection (dcc) was the most popular way
to transfer data from one PC to another. Of course, it might seem a bit of an "oldfashioned" way to transfer data these days but remember that back then mostPC's were running Dos 6.22 or Windows for Workgroups 3.11 if you were lucky !
Today, most computers are equipped with a network card and have an x-over or
hub which will allow you to transfer data a lot faster than a serial or parallel
cable. But still, there is always a time when you require a simple transfer via
serial or parallel and that's what this page is about.
There is a variety of programs which allow you to use the above mentioned
cables to successfully transfer data between PCs but you should know that you
can achieve your goal without them as well since Windows 95 and above supports
the direct cable connection method.
Installing Windows programs or components to transfer data is out of this
section's scope, but I have included some notes on what you should check before
attempting the Direct Connection via cable, this info is included in the "Important
DCC Info". We will also be learning how to create the cables required to meet our
goals and comparing the speed of the two (Serial and Parallel)
Because the page ended up being quite long, I decided to split it in order to makeit easier to read. Simply click on the subject you'd like to read about:
• Serial Direct Connecti on • Paral lel Direct Connection
Serial Direct Cable Connection
Serial Direct Connection
The Serial Direct Connection is the one which utilizes the COM ports of your
computers. Every computer has at least 2 COM ports, COM1 and COM2. The
"COM" stands for "Communications". It's pinouts are a lot simpler when comparedto the parallel port, but the speed is also a lot slower :)
To give you an idea of how fast (or slow) a serial port is, at its best you will getaround 12 to 14 KB per second. That's pretty slow when you're used to a network
connection, but let me show you how serial data is transferred so you can also
understand why it's a lot slower:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 20/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 20
The above picture gives you an idea on how serial data is transferred. Each
coloured block that is numbered is sent from PC 1 to PC 2. PC 2 will receive the
data in the same order it was sent, in other words it will receive data block 1 first
and then 2, all the way to block 7. This is a pretty good representation of data
flow in a serial cable. Serial ports transmit data sequentially over one pair of wires (the rest of the wires are used to controll the transfer).
Another way you can think of it is like a one lane road where the road is wide
enough to only fit one car at a time (one data block at a time in our example
above), so you would imagine that the road cannont process several cars at one
time.
The Serial port
Most new computers have two COM ports with 9 pins each, these are DB-9 male
connectors. Older computers would have one DB-9 male connector and one DB-
25 male connector. The 25 pin male connector is pretty much the same as the 9pin, it's just bigger.
Let's have a look at a serial port to see what we are talking about:
Different pinouts are used for the DB-9 and DB-25 connectors and we will have alook at them in a moment. Let's just have another quick look at the COM ports of
a new computer:
Notice the COM ports, they are both DB-9 connectors, there is no more DB-25 !The connector above the two blue COM ports is an LPT or Parallel port.
The serial port of a computer is able to run at different speeds, thus allowing us
to connect different devices which communicate at different speeds with the
computer. The following table shows the speeds at which most computers' serialports are able to run and how many KB/sec they translate to:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 21/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 21
Now we will have a look at the pin outs of both DB-9 and DB-25 connectors:
The Cable
All that's left now is the pinouts required to allow us to use the serial cable for
direct connection. There is a special term for this type of a cable, it's call a "null
modem" cable, which basically means you need to have TX and RX crossed over.
Because you can have different configurations, e.g DB-9 to DB-9, DB-9 to DB-25,
and DB-25 to DB-25, I have created different tables to show you the pinouts foreach one:
1) DB-9 to DB-9. You use this configuration when you need a cable with a DB-9connector on each end:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 22/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 22
2) DB-9 to DB-25. You use this configuration when you need a cable with one DB-9 and one DB-25 connector on either end:
3) DB-25 to DB-25. You use this configuration when you need a cable with a DB-
25 connector on each end:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 23/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 23
Well, that pretty much covers everything about serial direct connection via a nullmodem cable.
If you're using third party software to connect your computers, you probably
won't stumble into big problems, but if you're using Windows software be sure
you have unique names for each of your computers because Windows will treat
the direct connection as a "network" connection. This means you will be able to
see the other computer via Network Neighborhood.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 24/100
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 25/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 25
What does the parallel port (LPT) look like ?
The picture below shows a parallel port, also known as LPT port, of a newcomputer.
With new computers, you will always find the LPT port right above the two COMports and it's usually colour coded purple. No matter what type of LPT port you
have, they all look the same, it's the electronic characteristics which changes
amongst the 4 different types of LPT ports and that's transparent to everyone. AllLPT ports are female DB-25 connectors.
So what are the different LPT ports ?
Before we get stuck into the pinouts of the LPT port, let's have a look at the
different types of LPT ports available. Again, depending on the LPT port, youwould expect different speed rates:
Because it might seem a bit confusing at the begining, I have include a bit more
techincal information on the various ports to help you understand more about
them. To keep it simple, I have categorised and colour coded them to show which
ports match the table above:
4 bit ports
The port can do 8 bit byte output and 4 bit nibble input. These ports are often
called "unidirectional" and are most commonly found on desktop bus cards (also
called IO expansion cards, serial/parallel cards, or even 2S+P cards) and olderlaptops. This is still the most common type of port, especially on desktop
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 26/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 26
systems. 4 bit ports are capable of effective transfer rates of about 40-60 KBytes
per second in typical devices but can be pushed upwards of 140 KBytes/sec withcertain design tricks.
8 bit ports
These ports can do both 8 bit input and output and are sometimes called
"bidirectional ports" but that term is often misused by vendors to refer to 4 bit
ports as well. Most newer laptops have 8 bit capability although it may need to be
enabled with the laptop's vendor-specific CMOS setup function. This is discussed
below. A relatively smaller percentage of LPT bus cards have 8bit capability that
sometimes must be enabled with a hardware jumper on the board itself. True 8
bit ports are preferable to 4 bit ports because they are considerably faster when
used with external devices that take advantage of the 8 bit capability. 8 bit ports
are capable of speeds ranging from 80-300 KBytes per second, again depending
on the speed of the attached device, the quality of the driver software and theport's electrical characteristics.
EPP ports
Can do both 8bit input and output at ISA bus speeds. These ports are as fast as 8
bit bus cards and can achieve transfer rates upwards of 600 KByte per second.
These ports are usually used by non-printer peripheral devices such as external
CDROMs, tape drives, hard drives, network adaptors and more.
ECP ports
Can do both 8 bit input and output at bus speeds. The specification for this port
type was jointly developed by Microsoft and Hewlett-Packard. ECP ports are
distinguished by having DMA capability, on-board FIFOs at least 16 bytes deep,some hardware data compression capability and are generally featured more than
other ports. These ports are as fast as 8 bit bus cards and can achieve transfer
rates upwards of 1 Mbyte per second and faster on PCs whose buses will support
it. The design is capable of faster transfer rates in the future.
Laplink cable is used to link two PCs with MSDOS 6.0 or later very effectively by
using INTERSVR.EXE (on Host) and INTERLNK.EXE (on GUEST) PCs. But it can
also be used to data-transfer at faster speed with DCC Feature of Win9x/Me/2000. Let's now have a quick look at the pinouts of an LPT port:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 27/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 27
The Cable
As explained, there are different LPT ports, but the cable used is the same for all
types of LPT ports. Depending on your computer bios LPT settings you will be ableto achieve different speed transfers as outlined in the table above.
The picture below clearly shows the pin outs of the required cable:
One wire should be attached to the metal body of the Male pins on both sides,this is also shown as the "metal body" on the diagram.
Now, because I understand how much trouble someone can fall into when trying
to create a cable and get it to work properly, I have included the DirectParallel
Connection Monitor Utility, for all the DCC users to troubleshoot and test DCC
connection and cable on both computers. It provides detailed information about
the connection, the cable being used for the connection, the I/O mode (4-bit, 8-bit, ECP, EPP), the parallel port types, I/O address, and IRQ.
And that pretty much finishes the discussion on Parallel Cable Connections !
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 28/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 28
USB Direct Cable Connection
Introduction
Serial and Parallel Direct Cable Connections are considered to be a bit "old
fashioned" these days. USB Direct Cable Connection (DCC), on the other hand,belongs in the "new fashioned" category :) USB DCC is a few years old, but
because most people would use their network card to transfer data, the DCC
hasn't been very well known for the USB port, but does exist.... and the catch is
that you can't make it, but you must buy it ! But don't be tempted to leave the
page just as yet, there is a lot of information on USB which is always good toknow. Keep reading .... :)
Let's have a closer look and see what it's all about !
About USB
USB stands for Universal Serial Bus. Most peripherals for computers these dayscome in a USB version. The USB port was designed to be very flexible and for this
reason you are able to connect printers, external hard drives, cdroms, joysticks,scanners, digital cameras, modems, hubs and a lot of other cool stuff to it.
The Universal Serial Bus gives you a single, standardized, easy-to-use way to
connect up to 127 devices to a computer. The 127 number is a theoretical
number :) In practice it's a lot less ! The devices you connect can even power
through the USB port of your computer if they draw less than 500mA, which is
half an Ampere (I). A good example is my little Canon scanner, it only has one
cable which is used to power the scanner up and to transfer the data to thecomputer !
Currently there are 2 versions of the USB port, the initial version which is USB
v1.1 and the newer version USB v2 which has hit the market since the end of
2001. Most people have computers and devices which use the first version, but all
new computers will now come with USB v2. This new version of the USB port is
backwards compatible with the older version and also a lot faster.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 29/100
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 30/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 30
As mentioned earlier, the USB port can power certain devices and also transfer
data at the same time. For this to happen, the USB port must have at least 4cables of which 2 are for the power, and 2 for the data.
The diagram is to help you understand what the cable contains:
The USB DCC (Final ly :) )
As I mentioned in the introduction of this page, the USB DCC cable cannot be
made, because it requires special electronic circuits built around the cable.
Parallel Technologies manufacture USB DCC cables and they call it the "NET-LinQ":
The USB DCC cable can also be used to connect a computer to your network. The
way it works is pretty simple. Assuming you have Computers A, B , C and D.
Computer A, B and C are connected via an Ethernet LAN and Computer D hasn't
got a network card to connect to the network. Using the NET-LinQ or other similar
cables you can connect Computer D with any of the other 3 computers as long as
they have a USB port, then by configuring the network protocols on Computer D,it will be able to see and connect to the rest of the network !
This completes the discusion about USB Direct Cable Connection.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 31/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 31
Network Topologies
Introduction
Network topologies can take a bit of time to understand when you're all new to
this kind of cool stuff, but it's very important to fully understand them as they arekey elements to understanding and troubleshooting networks and will help youdecide what actions to take when you're faced with network problems.
I will try to be as simple as possible and give some examples you can relate to,so let's get stuck right into this stuff !
The Stuff :)
There are two types of topologies: Physical and Logical. The physical topology
of a network refers to the layout of cables, computers and other peripherals. Try
to imagine yourself in a room with a small network, you can see network cables
coming out of every computer that is part of the network, then those cables pluginto a hub or switch. What you're looking at is the physical topology of thatnetwork!
Logical topology is the method used to pass the information between the
computers. In other words, looking at that same room, if you were to try to see
how the network works with all the computers talking (think of the computers
generating traffic and packets of data going everywhere on the network) you
would be looking at the logical part of the network. The way the computers will be
talking to each other and the direction of the traffic is controlled by the variousprotocols (like Ethernet) or, if you like, rules.
If we used token ring, then the physical topology would have to change to meetthe requirements of the way the token ring protocol works (logically).
If it's all still confusing, consider this: The physical topology describes the layout
of the network, just like a map shows the layout of various roads, and the logical
topology describes how the data is sent across the network or how the cars are
able to travel (the direction and speed) at every road on the map.
The most common types of physical topologies, which we are going to analyse,
are: Bus, Hub/Star and Ring
The Physical Bus Topology
Bus topology is fairly old news and you probably won't be seeing much of these
around in any modern office or home.
With the Bus topology, all workstations are connect directly to the main backbone
that carries the data. Traffic generated by any computer will travel across the
backbone and be received by all workstations. This works well in a small network
of 2-5 computers, but as the numbers of computers increases so will the network
traffic and this can greatly decrease the performance and available bandwidth of your network.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 32/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 32
As you can see in the above example, all computers are attached to a continuous
cable which connects them in a straight line. The arrows clearly indicate that the
packet generated by Node 1 is transmitted to all computers on the network,
regardless the destination of this packet.
Also, because of the way the electrical signals are transmitted over this cable, its
ends must be terminated by special terminators that work as "shock absorbers",
absorbing the signal so it won't reflect back to where it came from. The value of
50Ohms has been selected after carefully taking in consideration all the electrical
characteristics of the cable used, the voltage that the signal which runs throughthe cables, the maximum and minimum length of the bus and a few more.
If the bus (the long yellow cable) is damaged anywhere in its path, then it will
most certainly cause the network to stop working or, at the very least, cause bigcommunication problems between the workstations.
Thinnet - 10 Base2, also known as coax cable (Black in colour) and Thicknet - 10Base 5 (Yellow in colour) is used in these type of topologies.
The Physical HUB or STAR Topology
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 33/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 33
The Star or Hub topology is one of the most common network topologies found in
most offices and home networks. It has become very popular in contrast to the
bus type (which we just spoke about), because of the cost and the ease of
troubleshooting.
The advantage of the star topology is that if one computer on the star topology
fails, then only the failed computer is unable to send or receive data. Theremainder of the network functions normally.
The disadvantage of using this topology is that because each computer isconnected to a central hub or switch, if this device fails, the entire network fails !
A classic example of this type of topology is the UTP (10 base T), which normally
has a blue color. Personally I find it boring, so I decided to go out and get myself green, red and yellow colors :)
The Physical Ring Topology
In the ring topology, computers are connected on a single circle of cable. Unlike
the bus topology, there are no terminated ends. The signals travel around the
loop in one direction and pass through each computer, which acts as a repeater
to boost the signal and send it to the next computer. On a larger scale, multiple
LANs can be connected to each other in a ring topology by using Thick net coaxialor fiber-optic cable.
The method by which the data is transmitted around the ring is called token
passing. IBM's token ring uses this method. A token is a special series of bits that
contains control information. Possession of the token allows a network device totransmit data to the network. Each network has only one token.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 34/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 34
The Physical Mesh Topology
In a mesh topology, each computer is connected to every other computer by a
separate cable. This configuration provides redundant paths through the newwork, so if one computer blows up, you don't lose the network :) On a large
scale, you can connect multiple LANs using mesh topology with leased telephonelines, Thick net coaxial cable or fiber optic cable.
Again, the big advantage of this topology is its backup capabilities by providingmultiple paths through the network.
The Physical Hybrid Topology
With the hybrid topology, two or more topologies are combined to form a
complete network. For example, a hybrid topology could be the combination of a
star and bus topology. These are also the most common in use.
Star-Bus
In a star-bus topology, several star topology networks are linked to a bus
connection. In this topology, if a computer fails, it will not affect the rest of the
network. However, if the central component, or hub, that attaches all computers
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 35/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 35
in a star, fails, then you have big problems since no computer will be able tocommunicate.
Star-Ring
In the Star-Ring topology, the computers are connected to a central component
as in a star network. These components, however, are wired to form a ringnetwork.
Like the star-bus topology, if a single computer fails, it will not affect the rest of the network. By using token passing, each computer in a star-ring topology has
an equal chance of communicating. This allows for greater network traffic
between segments than in a star-bus topology.
Data Transmission
Introduction
Routable protocols enable the transmission of data between computers in
different segments of a network. However, high volumes of certain kinds of
network traffic can affect network efficiency because they slow down transmission
speed. The amount of network traffic generated varies with the 3 types of datatransmissions:
• Broadcast
• Multicast • Unicast
We are going to have a look at each one of these data transmissions because it's
very important to know the type of traffic they generate, what they are used for
and why they exist on the network.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 36/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 36
Before we proceed, please note that understanding the OSI Model (especially
Layer 2 and 3), Ethernet and the way a packet is structured is fundamental tounderstanding a broadcast, multicast or Unicast.
Media Access Control - MAC Addresses
Introduction
Media Access Control (MAC) addresses are talked about in various sections on the
site, such as the OSI-Layer 2, Multicast, Broadcast and Unicast. We are going to
analyse them in depth here so we can get a firm understanding of them sincethey are part of the fundamentals of networking.
MAC addresses are physical addresses, unlike IP addresses which are logical
addresses. Logical addresses require you to load special drivers and protocols in
order to be able to configure your network card/computer with an IP Address,
whereas a MAC address doesn't require any drivers whatsoever. The reason for
this is that the MAC address is actually "burnt-in" into your network card'smemory chipset.
The Reason for MAC
Each computer on a network needs to be identified in some way. If you're
thinking of IP addresses, then you're correct to some extent, because an IP
address does identify one unique machine on a network, but that is not enough.
Got you mixed up?
Check the diagram and explanation below to see why:
You see, the IP address of a machine exists on the 3rd Layer of the OSI model
and, when a packet reaches the computer, it will travel from Layer 1 upwards, so
we need to be able to identify the computer before Layer 3.
This is where the MAC address - Layer 2 comes into the picture. All machines on
a network will listen for packets that have their MAC address in the destinationfield of the packet (they also listen for broadcasts and other stuff, but that's
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 37/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 37
analysed in other sections). The Physical Layer understands the electrical signals
on the network and creates the frame which gets passed to the Data link layer. If
the packet is destined for the computer then the MAC address in the destination
field of the packet will match, so it will accept it and pass it onto the Layer above
(3) which, in turn, will check the network address of the packet (IP Address), to
make sure it matches with the network address to which the computer has been
configured.
Looking at a MAC
Let's now have a look at a MAC address and see what it looks like! I have takenmy workstations MAC address as an example:
When looking at a MAC address, you will always see it in HEX format. It is very
rare that a MAC address is represented in Binary format because it is simplytooooo long as we will see further on.
When a vendor, e.g. Intel, creates network cards, they don't just give them any
MAC address they like, this would create a big confusion in identifying who
created this network card and could possibly result in clashing with another MAC
address from another vendor e.g. D-link, who happened to choose the same MAC
address for one of their network cards !
To make sure problems like this are not experienced, the IEEE group split the
MAC address in half, and used the first half to identify the vendor, and the secondhalf is for the vendor to allocate as serial numbers:
The Vendor code is specified by RFC - 1700. You might find a particular vendor
having more than just one code; this is because of the wide range of productsthey might have. They just apply for more, as they need!
Keep in mind that even though the MAC address is "burnt-in" to the network
card's memory, some vendors will allow you to download special programs to
change the second half of the MAC address on the card. This is because the
vendors actually reuse the same MAC addresses for their network cards because
they create so many that they run out of numbers! But at the same time, the
chances of you buying two network cards which have the same MAC address areso small that it's almost impossible!
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 38/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 38
Let's starting talking bits and bytes!
Now that we know what a MAC address looks like, we need to start analysing it. A
MAC address of any network card is always the same length, that is, 6 Bytes long
or 48 Bits long. If you're scratching your head wondering where these figures
came from, then just have a look at the picture below which makes it a bit easier
to understand:
So that completes the discussion regarding MAC Addresses! I hope you have
understood it all because it's very important so you can expand your knowledge
and truly understand what happens in a network!
Unicast
Introduction
Compaired to broadcasts and Multicasts, a Unicast is very simple and one of themost common data transmissions in a network.
The Reason for Unicast
Well it's pretty obvious why they came up with Unicast; imagine trying to send
data between 2 computers on a network, using broadcasts! All you would get
would be a very slow transfer and possibly a congested network with lowbandwidth availability.
Data transfers are almost all of the times, Unicast. You have the sender e.g. a
web server and the receiver e.g. a workstation. Data is transferred between these
two hosts only, where as a broadcast or a multicast is destined either everyone or just a group of computers.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 39/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 39
In example above, my workstation sends a request to the Windows 2000 Server.
The request is a simple Unicast because it's directed to one machine (the server)and nothing else. You just need to keep in mind that because we are talking
about a Ethernet network, the traffic, hence the packets, are seen by all
machines (in this case the Linux Server as well) but they will not process them
once they see that the destination MAC address in the packets do not match their
own and are also not set to FF:FF:FF:FF:FF:FF which would indicate that thepacket is a broadcast.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 40/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 40
Data Transmission - Introduction To Multicast
Introduction
To understand what we are going to talk about, you must be familiar with how
MAC addresses are structured and how they work. The MAC Addresses page isavailable to help you learn more about them...
A multicast is similar to a broadcast in the sense that its target is a number of
machines on a network, but not all. Where a broadcast is directed to all hosts on
the network, a multicast is directed to a group of hosts. The hosts can choose
whether they wish to participate in the multicast group (often done with the
Internet Group Management Protocol), whereas in a broadcast, all hosts are partof the broadcast group whether they like it or not :).
As you are aware, each host on an Ethernet network has a unique MAC address,
so here's the million dollar question: How do you talk to a group of hosts (our
multicast group), where each host has a different MAC address, and at the same
time ensure that the other hosts, which are not part of the multicast group, don'tprocess the information? You will soon know exactly how all this works.
To keep things in perspective and make it easy to understand, we are going to
concentrate only on an Ethernet network using the IP protocol, which is what 80-90 % of home networks and offices use.
Breaking things dow n...
In order to explain Multicasting the best I can and to make it easier for youunderstand, I decided to break it down into 3 sections:
1) Hardw are/ Ethernet Multicasting 2) IP M ulticasting 3) Mapping I P Multicast to Ethernet Multicast
A typical multicast on an Ethernet network, using the TCP/IP protocol, consists of two parts: Hardware/Ethernet multicast and IP Multicast. Later on I will talk about
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 41/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 41
Mapping IP Multicast to Ethernet Multicast which is really what happens withmulticasting on our Ethernet network using the TCP/IP protocol.
The brief diagram below shows you the relationship between the 3 and how theycomplete the multicasting model:
Hardware/ Ethernet Multicasting
When a computer joins a multicast group, it needs to be able to distinguish
between normal Unicast (which are packets directed to one computer or one MAC
address) and multicasts. With hardware multicasting, the network card is
configured, via its drivers, to watch out for particular MAC addresses (in this case,
multicast MAC addresses) apart from its own. When the network card picks up a
packet which has a destination MAC that matches any of the multicast MACaddresses, it will pass it to the upper layers for further processing.
And this is how they do it:
Ethernet uses the low-order bit of the high-order octet to distinguish conventional
Unicast addresses from multicast addresses. A Unicast would have this bit set to
ZERO (0), whereas a multicast would be set to ONE (1)
To understand this, we need to analyse the destination MAC address of a Unicast
and multicast packet, so you can see what we are talking about:
When a normal (Unicast) packet is put on the network by a computer, it contains
the Source and Destination MAC address, found in the 2nd Layer of the OSI
model. The following picture is an example of my workstation (192.168.0.6)sending a packet to my network's gateway (192.168.0.5):
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 42/100
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 43/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 43
particular host-computer but the MAC address that can be recognised by
computers that are part of the multicast group. I should also note that you will
never find a source address that is a multicast MAC address; the source address
will always be a real one, to identify which computer the packet came from.
The IEEE group used a special Rule to determine the various MAC addresses that
will be considered for multicasting. This Rule is covered in the last section of this
page, but you don't need to know it now in order to understand Hardware
multicasting. Using this special rule it was determined that MAC address
01:00:5E:00:00:05 will be used for the OSPF protocol, which happens to be a
routing protocol, and then this MAC address also maps to an IP address which isanalysed in IP Multicast.
IP M ulticast
The IP Multicast is the second part of multicasting which combined with the
hardware multicasting, gives us a multicasting model that works for our Ethernet
network. If hardware multicasting fails to work, then the packet will never arrive
at the network layer upon which IP multicasting is based, so the whole modelfails.
With IP multicasting the hardware multicasting MAC address is mapped to an IP
Address. Once Layer 2 (Data link) picks the multicast packet from the network
(because it recognises it, as the destination MAC address is a multicast) it will
strip the MAC addresses off and send the rest to the above layer, which is the
Network Layer. At that point, the Network Layer needs to be able to understand
it's dealing with a multicast, so the IP address is set in a way that allows the
computer to see it as a multicast datagram. A host may send multicast
datagram’s to a multicast group without being a member.
Multicasts are used a lot between routers so they can discover each other on an
IP network. For example, an Open Shortest Path First (OSPF) router sends a
"hello" packet to other OSPF routers on the network. The OSPF router must send
this "hello" packet to an assigned multicast address, which is 224.0.0.5, and theother routers will respond.
IP Multicast uses Class D IP Addresses:
Let's have a look at an example so we can understand that a bit better:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 44/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 44
The picture below is a screenshot from my packet sniffer, it shows a multicast
packet which was sent from my NetWare server, notice the destination IPaddress:
The screenshot above shows the packet which was captured, it's simply
displaying a quick summary of what was caught. But, when we look on the left wesee the above packet in much more detail.
You can clearly see the markings I have put at the bottom which show you that
the destination IP for this packet is IP Address 224.0.0.5. This corresponds to a
multicast IP and therefore is a multicast packet.
The MAC header also shows a destination MAC address of 01-00-5E-00-00-05
which we analysed in the previous section to show you how this is identified as a
multicast packet at Layer 2 (Data link Layer).
Some examples of IP multicast addresses:
224.0.0.0 Base Address (Reserved) [RFC1112,JBP]
224.0.0.1 All Systems on this Subnet [RFC1112,JBP]
224.0.0.2 All Routers on this Subnet [JBP]
224.0.0.3 Unassigned [JBP]
224.0.0.4 DVMRP Routers [RFC1075,JBP]224.0.0.5 OSPFIGP OSPFIGP All Routers [RFC2328,JXM1]
Remember that these IP Addresses have been assigned by the IEEE !
Now all that's left is to explain how the IP multicast and MAC multicast map
between each other...
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 45/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 45
Mapping IP Multicast to Ethernet Multicast
The last part of multicast which combines the Hardware Multicasting and IP
Multicasting is the Mapping between them. There is a rule for the mapping, andthis is it:
To map an IP Multicast address to the corresponding Hardware/Ethernet multicast
address, place the low-order 23 bits of the IP multicast address into the low-order
23 bits of the special Ethernet multicast address. The rest of the high-order bitsare defined by the IEEE (yellow color in the example)
The above rule basically determines the Hardware MAC address. Let's have a lookat a real example to understand this.
We are going to use Multicast IP Address 224.0.0.5 - a multicast for the OSPF
routing protocol. The picture below shows us the analysis of the IP address inbinary so we can clearly see all the bits:
It might seem a bit confusing at first, but let's break it down:
We have an IP Address of 224.0.0.5; this is then converted into binary so we can
clearly see the mapping of the 23 bits to the MAC address of the computer. The
MAC Address part which is in yellow has been defined by the IEEE group. So the
yellow and pink line make the one MAC Address as shown in binary mode, thenwe convert it from binary to hex and that's about it !
NOTE You should keep in mind that multicast routers should not forward any multicast
datagram with destination addresses in the following 224.0.0.0 and 224.0.0.255.The next page (multicasting list) gives a bit more information on this.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 46/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 46
Multicast IP List
Introduction
This page contains all the Multicast IP Addresses and shows what protocol they
are mapped to. Should you ever use a packet sniffer to try and see what's on thenetwork and you capture a packet with a destination IP Address of 224.X.X.X,
then simply look up this list and you will know what the purpose of that packetwas :)
INTERNET MULTI CAST ADDRESSES
Host Extensions for IP Multicasting [RFC1112] specifies the extensions required of
a host implementation of the Internet Protocol (IP) to support multicasting.Current addresses are listed below.
The range of addresses between 224.0.0.0 and 224.0.0.255, inclusive, is
reserved for the use of routing protocols and other low-level topology discoveryor maintenance protocols, such as gateway discovery and group membership
reporting. Multicast routers should not forward
any multicast datagram with destination addresses in this range, regardless of itsTTL.
224.0.0.0 Base Address (Reserved) [RFC1112,JBP]
224.0.0.1 All Systems on this Subnet [RFC1112,JBP]
224.0.0.2 All Routers on this Subnet [JBP]
224.0.0.3 Unassigned [JBP]
224.0.0.4 DVMRP Routers [RFC1075,JBP]
224.0.0.5 OSPFIGP OSPFIGP All Routers [RFC1583,JXM1]
224.0.0.6 OSPFIGP OSPFIGP Designated Routers [RFC1583,JXM1]224.0.0.7 ST Routers [RFC1190,KS14]
224.0.0.8 ST Hosts [RFC1190,KS14]
224.0.0.9 RIP2 Routers [RFC1723,GSM11]
224.0.0.10 IGRP Routers [Dino Farinacci]
224.0.0.11 Mobile-Agents [Bill Simpson]
224.0.0.12 DHCP Server / Relay Agent [RFC1884]
224.0.0.12 - 224.0.0.255 Unassigned [JBP] 224.0.1.0 VMTP Managers Group [RFC1045,DRC3]
224.0.1.1 NTP Network Time Protocol [RFC1119,DLM1]
224.0.1.2 SGI-Dogfight [AXC]
224.0.1.3 Rwhod [SXD]224.0.1.4 VNP [DRC3]
224.0.1.5 Artificial Horizons - Aviator [BXF]
224.0.1.6 NSS - Name Service Server [BXS2]
224.0.1.7 AUDIONEWS - Audio News Multicast [MXF2]
224.0.1.8 SUN NIS+ Information Service [CXM3]
224.0.1.9 MTP Multicast Transport Protocol [SXA]
224.0.1.10 IETF-1-LOW-AUDIO [SC3]
224.0.1.11 IETF-1-AUDIO [SC3]
224.0.1.12 IETF-1-VIDEO [SC3]
224.0.1.13 IETF-2-LOW-AUDIO [SC3]
224.0.1.14 IETF-2-AUDIO [SC3]
224.0.1.15 IETF-2-VIDEO [SC3]
224.0.1.16 MUSIC-SERVICE [Guido van Rossum]
224.0.1.17 SEANET-TELEMETRY [Andrew Maffei]
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 47/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 47
224.0.1.18 SEANET- IMAGE [Andrew Maffei]
224.0.1.19 MLOADD [Braden]
224.0.1.20 any private experiment [JBP]
224.0.1.21 DVMRP on MOSPF [John Moy]
224.0.1.22 SVRLOC [Veizades]
224.0.1.23 XINGTV <[email protected]>
224.0.1.24 microsoft-ds <[email protected]>224.0.1.25 nbc-pro <[email protected]>
224.0.1.26 nbc-pfn <[email protected]>
224.0.1.27 lmsc-calren-1 [Uang]
224.0.1.28 lmsc-calren-2 [Uang]
224.0.1.29 lmsc-calren-3 [Uang]
224.0.1.30 lmsc-calren-4 [Uang]
224.0.1.31 ampr-info [Janssen]
224.0.1.32 mtrace [Casner]
224.0.1.33 RSVP-encap-1 [Braden]
224.0.1.34 RSVP-encap-2 [Braden]
224.0.1.35 SVRLOC-DA [Veizades]
224.0.1.36 rln-server [Kean]224.0.1.37 proshare- mc [Lewis]
224.0.1.38 - 224.0.1.255 Unassigned [JBP] 224.0.2.1 "rwho" Group (BSD) (unofficial) [JBP]
224.0.2.2 SUN RPC PMAPPROC_CALLIT [BXE1] 224.0.3.000-224.0.3.255 RFE Generic Service [DXS3]
224.0.4.000-224.0.4.255 RFE Individual Conferences [DXS3]
224.0.5.000-224.0.5.127 CDPD Groups [Bob Brenner]
224.0.5.128-224.0.5.255 Unassigned [IANA]
224.0.6.000-224.0.6.127 Cornell ISIS Project [Tim Clark]
224.0.6.128-224.0.6.255 Unassigned [IANA]
224.0.7.000-224.0.7.255 Where-Are-You [Simpson]
224.0.8.000-224.0.8.255 INTV [Tynan]224.0.9.000-224.0.9.255 Internet Railroad [Malamud] 224.1.0.0-224.1.255.255 ST Multicast Groups [RFC1190,KS14]
224.2.0.0-224.2.255.255 Multimedia Conference Calls [SC3] 224.252.0.0-224.255.255.255 DIS transient groups [Joel Snyder] 232.0.0.0-232.255.255.255 VMTP transient groups [RFC1045,DRC3] These addresses are listed in the Domain Name Service under MCAST.NET
and 224.IN-ADDR.ARPA.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 48/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 48
Data Transmission - Broadcast
Introduction
The term "Broadcast" is used very frequently in the networking world. You will
see it in most networking books and articles, or see it happening on yourhub/switch when all the LED's start flashing at the same time!
If you have been into networking for a while you most probably have come across
the terms "broadcast" and "subnet broadcast”. When I first dived into the
networking world, I was constantly confused between the two, because they both
carried the "broadcast" term in them. We will analyse both of them here, to help
you understand exactly what they are and how they are used!
Broadcast
A Broadcast means that the network delivers one copy of a packet to each
destination. On bus technologies like Ethernet, broadcast delivery can beaccomplished with a single packet transmission. On networks composed of
switches with point-to-point connections, software must implement broadcasting
by forwarding copies of the packet across individual connections until all switcheshave received a copy. We will be focusing only on Ethernet broadcasts.
The picture below illustrates a router which has sent a broadcast to all devices onits network:
Normally, when the computers on the network receive a packet, they will first try
to match the MAC address of the packet with their own and if that is successful,
they process the packet and hand it to the OSI layer above (Network Layer), if
the MAC address is not matched, then the packet is discarded and not processed.
However, when they see a MAC address of FF:FF:FF:FF:FF:FF, they will processthis packet because they recognise it as a broadcast.
But what does a "broadcast" look like?
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 49/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 49
Check out the image below, which is taken from my packet sniffer:
Let's now have a closer look at the above packet:
The image above shows a broadcast
packet. You can clearly see that the "MAC
destination address" is set to
FF:FF:FF:FF:FF:FF. The "Address IP
destination" is set to 255.255.255.255,
this is the IP broadcast address and
ensures that no matter what IP address
the receiving computer(s) have, they will
not reject the data but process it.
Now you might ask yourself "Why would a
workstation want to create a broadcastpacket?”
The answer to that lies within the variousprotocols used on our networks!
Let's take for example Address Resolution
Protocol, or ARP. ARP is used to find out
which MAC address (effectively, which
network card or computer) has aparticular IP address bound to it. You will
find a detailed example of the wholeprocess in the IP Routing section.
For a network device such as a router to ask "Who has IP address
192.168.0.100? ", it must "shout" it out so it can grab everyone's attention,
which is why it will use a broadcast to make sure everyone listens and processesthe packet on the network.
In the example image above, the particular machine was looking for a DHCP
server (notice the "bootps" protocol under the UDP Header - Layer 4, which is
basically DHCP).
Subnet Broadcast or Direct Broadcast
A Subnet or Direct broadcast is targeted not to all hosts on a network, but to all
hosts on a subnet. Since a physical network can contain different
subnets/networks e.g 192.168.0.0 and 200.200.200.0, the purpose of this specialbroadcast is to send a message to all the hosts in a particular subnet.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 50/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 50
In the example below, Router A sends a subnet broadcast onto the network.
Hosts A,B,C and the Server are configured to be part of the 192.168.0.0 network
so they will receive and process the data, but Host D is configured with a different
IP Adress, so it's part of a different network, it will accept the packet cause of its
broadcast MAC address, but will drop the packet when it reaches its NetworkLayer, where it will see that this packet was for a different IP network.
It is very similar to the network broadcast we just talked about but varies slightly
in the sense that its IP broadcast is not set to 255.255.255.255 , but is set to the
subnet broadcast address. For example, my home network is a Class C network :
192.168.0.0 with a subnet mask of 255.255.255.0 or, if you like to keep itsimple, : 192.168.0.0/24.
This means that the available valid hosts for this network are from 192.168.0.1 to
192.168.0.254. In this Class C network, as in every other network, there are 2
addresses which I can't use. The first one is preserved to identify the network(192.168.0.0) and the second one for the subnet broadcast (192.168.0.255).
The above packet, captured from my packet sniffer, shows my workstationbroadcasting to the subnet 192.168.0.0. From the broadcast address you can tell
that I am using a full Class C network range, otherwise the Destination IPwouldn't be 192.168.0.255.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 51/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 51
The Packet decoder on the right shows
you the contents of each header fromthe above packet.
Looking at the MAC Header (Data link
Layer), the destination MAC address is
set to FF:FF:FF:FF:FF:FF and the IP
Header (Network Layer) has the
Destination IP set to 192.168.0.255
which is, as I said, the Subnet Broadcast Address. Again, all
computers on the network which are
part of the 192.168.0.0 subnet will
process this packet; the rest will drop
the packet once they see it's for a
network to which they do not belong.
In this example, I double clicked at my
"Network Places" and was searchingfor a computer; this forced my
workstation to send out a Subnet
Broadcast on the network asking if aparticular computer existed on the network.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 52/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 52
Controlling Broadcasts and Unicasts
The first step in controlling broadcast and multicast traffic is to identify which
devices are involved in a broadcast or multicast storm. The following protocols
can send broadcast or multicast packets:
• Address Resolution Protocol (ARP) • Open Shortest Path First (OSPF) • IP RoutinControlling broadcasts and unicasts Information Protocol Version
1 (RIP1) • Service Advertising Protocol (SAP) • IPX Routing Information Protocol (RIP) • NetWare Link Services Protocol (NLSP) • AppleTalk Address Resolution Protocol (AARP)
After identifying the source of the broadcast or multicast storm, you mustexamine the packets to find out which protocol or application triggered the
broadcast or multicast storm. For example, if a single device is responsible for a
broadcast storm, you can examine the device's broadcast traffic to determine
exactly what the device was doing. For example, you can find out what the devicewas looking for or what the device was announcing.
Broadcast or multicast storms are often caused by a fault that occurs during the
device discovery process. For example, if an IPX-based printing environment has
been miss configured, a print driver client may continually send SAP packets to
locate a specific print server. Unanswered broadcast or multicast requests usuallyindicate that a device is missing or has been miss configured.
Examine the broadcast traffic on your company's network. Do you see numerous
unanswered, repeat queries? Do you see protocols (such as IP RIP1, SAP, and IPXRIP) that just "blab" all day even when no other devices may be listening?
Or, is the majority of the broadcast and multicast traffic on your company's
network purposeful? That is, does the broadcast and multicast traffic have a
request-reply communication pattern? For example, are broadcast lookupsanswered?
Do broadcast packets contain meaningful information? For example, if a network
has numerous routers, do broadcast packets contain routing update information?
Is the broadcast rate acceptable? Does your company's network need RIP
updates every 30 seconds, or can you increase the interval to one minute?
BROADCAST/ MULTICAST DOMAINS If your company's network is experiencing excessive broadcast or multicast
traffic, you should also check the scope of the broadcast or multicast domain. (A
broadcast or multicast domain is the range of devices that are affected by a
broadcast or a multicast packet.) Understanding broadcast and multicast domains
can help you determine how harmful a broadcast storm can be from any point onthe network.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 53/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 53
The scope of a broadcast and multicast domain depends, to some degree, on the
network design. For example, the picture below shows two networks, a switchednetwork and a routed network:
On a switched network, Device 1
sends a broadcast or multicast
packet that is propagated to all
ports of the switch. (A typical
layer-2 switch does not filter
either broadcast or multicast
traffic.)
On a routed network, however, a
router does not forward
broadcast traffic. If Device 1
sends a broadcast packet, only
Device 2 and the router see the
broadcast packet. If appropriate,
the router processes thebroadcast packet and sends a
reply. Because the broadcast
packet is not forwarded, it doesnot affect Devices 3 or 4.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 54/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 54
Protocols
Introduction - Definition
In the networking and communications area, a protocol is the formal specification
that defines the procedures that must be followed when transmitting or receivingdata. Protocols define the format, timing, sequence, and error checking used onthe network.
In plain English, the above means that if you have 2 or more devices e.g
computers which want to communicate, then they need a common "Protocol"
which is a set of rules that guide the computers on how and when to talk to eachother.
The way this "defenition" happens in computer land is by the RFC's ( Requests For
Comments) where the IETF (a group of enginners with no life) make up the new
standards and protocols and then the major vendors (IBM, Cisco, Mic rosoft,
Novell) follow these standards and implement them in their products to makemore money and try to take over this world !
There are hundreads of protocols out there and it is impossible to list them all
here, but instead we have included some of the most popular protocols around soyou can read up on them and learn more about them.
The table below (clickable) shows the most popular TCP/IP protocols. The OSImodel is there for you to see which layer each of these protocols work at.
One thing which you should keep in mind is that as you move from the lower
layers (Physical) to the upper layers (Applications), more processing time is
needed by the device that's dealing with the protocol.
Please note: All routing protocols can be found under the "Networking/Routing"menu option.
TCP/ IP Protocol Stack ..................The OSI M odel
...
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 55/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 55
Currently available protocols to read about are :
• TCP
• UDP
• ICMP
• DNS
• FTP
• TFTP
• Ethernet
• Internet Protocol (IP )
• RIP• OSPF
Transmission Control Protocol - TCP
Some common protocols which use TCP are: FTP,
Telnet, HTTP, HTTPS, DNS, SMTP and POP3. Whenpeople refer to "TCP/IP" remember that they are
talking about a suite of protocols and not just one (as
most people think). TCP/IP is NOT one protocol. Please
see the Protocols section for more information.
The Transmission Control Protocol (TCP) is defined by
IETF RFC 793
TCP - Transmission Control P rotocol
So TCP is one of the two protocols used at the Transport layer, so what exactly
does this "TCP" do? Well as the name suggests, it's used to transport (move) datafrom one host to another. What makes TCP so popular is the way it works in
order to send and receive data. Unlike UDP, TCP will check for errors in every
packet it receives to avoid data corruption. Let's have a close look at the maincharacteristics of this wonderful protocol.
Reliable Transport
It's a reliable transport because of the different techniques it uses to ensure that
the data received is error free. TCP is a robust protocol used for file transfers
where data error is no option. When you decide to download a 3MB file from a
website, you wouldn't want to find out after the download has finished that the
file has errors! Even though, in reality, this does happen it just shows that youcan't be perfect in some things *8-)
The picture below shows us the TCP header within a data packet. This is to showyou the different fields a TCP header contains:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 56/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 56
Connection Oriented
What this basically means is that a connection is established between the two
hosts (computers) before any data is transferred and when I say "connection is
established" I mean that both computers know about each other and have agreed
on the exchange of data. This is where the famous 3-way handshake happens.
You will find the SYN,ACK bits in the TCP header diagrame above, they are
marked in RED (Code Bits field) and are 6 bits long. Thanks to this field, TCP is
connection oriented.
The following diagram explains the basic function of the 3-way handshake:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 57/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 57
STEP 1: Host A sends a packet to Host B. This packet has the "SYN" bit enabled
and when Host B receives it and reads the packet, it sees the "SYN" bit which has
a value of "1" (in binary, this means ON) so it knows that Host A is trying tosynchronise with it.
STEP 2: Host B then sends a packet back to Host A and within this packet, the
"SYN and ACK" bits are enabled (value =1). The SYN that Host B sends means 'I
want to synchronise with you' and the ACK means 'I acknowlege your previous
SYN request'.
STEP 3: So... after all that, Host A sends another packet to Host B and has the"ACK" bit set to 1, which tells HOST B 'Yeah I acknowlege your previous request'.
And after all that, the connection is established (virtual circuit) and the datatransfer begins, and should end without any errors!
Flow Control
This is how the flow of data is controlled. You see, once the data transfer has
started, the flow of data between the two hosts is not constant but varies and
sometimes stops for a few seconds when one of the two hosts is busy doing othertasks as well.
For example, if Host B was a webserver from which people could download
games, then obviously Host A is not going to be the only computer downloading
from this webserver, so Host B must regulate the data flow to every computer
downloading from it. This means it might turn around to Host A and tell it to wait
for a while until more resources are available because it has another 20 users
trying to download at the same time! There is simply too much traffic for a smallcapacity.
Below is a diagram which will help you understand all this jargon about flowcontrol :
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 58/100
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 59/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 59
I am quickly going to explain what is happening in the above picture. It is obvious
that Host B is sending data to Host A, so with a window size equal to one this
means that Host B needs an "ACK" for each data segment it sends to Host A.
Once the first data segment is sent, Host A receives it and sends a "ACK 2" to
Host B. You might be wondering why "ACK 2" and not just "ACK" ? Well the "ACK
2" tells Host B 'I acknowledge (ACK) the packet you just sent me and I am ready
to receive the second (2) segment'. So Host B gets the second data segmentready and sends it off to Host A, expecting an "ACK 3" response from Host A so it
can send the third data segment which, as the picture shows, it receives the "ACK
3". However, if it received an "ACK 2" again, this would mean something went
wrong with the previous transmission and Host B will retransmit the lost segment.
We will see how this works in the Acknowledgments section. Let's now try a
different Window size to get a better understanding.... Hmmm.. let's say 3! Keep
in mind the way the "ACKs" work, otherwise you might find the following example
a bit confusing. If you can't understand it, read again the previous examplewhere the Window size was equal to one.
So, explaining what is happening here, we have a window size equal to 3, which
means that Host B can send 3 data segments to Host A before expecting an
"ACK" back. Host B sends the first 3 segments (Send 1, Send 2 and Send 3), Host
A receives them all in good condition and then sends the "ACK 4" to Host B. Thismeans that Host A acknowledged the 3 data segments Host B sent and awaits the
next data segments which, in this case, would be 4, 5 and 6.
Acknowledgments
Reliable data delivery ensures the integrity of a stream of data sent from one
machine to the other through a fully functional data link. This guarantees the data
won't be duplicated or lost. The method that achieves this is known as positive
acknowledgment with retransmission. This technique requires a receiving
machine to communicate with the transmitting source by sending an
acknowledgment message back to the sender when it receives data. The sender
documents each segment it sends and waits for this acknowledgment beforesending the next segment. When it sends a segment, the transmitting machine
starts a timer and retransmits if it expires before an acknowledgment is returnedfrom the receiving end.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 60/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 60
The above figure shows us how the Acknowledgments work. Note that if you
carefully study the figure you will see clearly the window size of this transfer,
which is equal to 3. At first, Host B sends 3 data segments to Host A and they are
received in perfect condition so, based on what we learned 2 minutes ago, Host A
sends an "ACK 4" acknowledging the 3 data segments and requesting the next 3
data segments which will be 4, 5, 6. So Host B sends data segments 4, 5, 6 but 5
gets lost somewhere along the way and Host A doesn't receive it so, after a bit of
waiting, it realises that 5 got lost and sends an "ACK 5" to Host B, indicating that
it would like data segment 5 retransmitted. Now you see why this method iscalled "positive acknowledgment with retransmission".
At this point Host B sends data segment 5 and waits for Host A to send an "ACK"
so it can continue sending the rest of the data. Host A receives the 5th data
segment and sends "ACK 7" which means 'I received the previous data segment,
now please send me the next 3'. The next step is not shown on the diagram but itwould be Host B sending data segments 7, 8, 9.
More Overhead
As you can see, all the above discussion means that there is a lot more overhead
when using TCP in order to get the data transferred without errors. Everything
comes with a downside and this is TCP's. But since everyone has fast connectionsto the Internet, it really doesn't make that much of a performance impact.
And that completes our discussion on TCP !
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 61/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 61
User Datagram Protocol – UDP
Some common protocols which use UDP are: DNS,
TFTP, ARP, RARP and SNMP.When people refer to
"TCP/IP" remember that they are talking about a
suite of protocols, and not just one (as most
people think). TCP/IP is NOT one protocol. Please
see the Protocols section for more information.
The User Datagram Protocol (UDP) is defined by
IETF RFC768
UDP - User Datagram Protocol
The second protocol used at the Transport layer is UDP. Application developers
can use UDP in place of TCP. UDP is the scaled-down economy model and is
considered a thin protocol. Like a thin person in a car, a thin protocol doesn't takeup a lot of room - or in this case, much bandwidth on a network.
UDP as mentioned dosen't offer all the bells and whistles of TCP, but it does a
fabulous job of transporting information that doesn't require reliable delivery andit does so using far fewer network resources.
Unreliable Transport
UDP is considered to be an unreliable transport protocol. When UDP sends
segments over a network, it just sends them and forgets about them. It doesn't
follow through, check on them, or even allow for an acknowledgment of safearrival, in other words .... complete abandonment! This does not mean that UDP
is ineffective, only that it doesn't handle issues of reliability.
The picture below shows us the UDP header within a data packet. This is to showyou the different fields a UDP header contains:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 62/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 62
Connection-less Oriented
For those who read about TCP, you would know it is a connection oriented
protocol, but UDP isn't. This is because UDP doesn't create a virtual circuit
(establish a connection before data transfer), nor does it contact the destination
before delivering information to it. No 3-way handshake or anything like thathere!
Since UDP assumes that the application will use its own reliability method, itdoesn't use any, which obviously makes things transfer faster.
Less Overhead
The very low overhead, compared to TCP, is a result of the lack of windowing or
acknowledgments. This certainly speeds things up but you get an unreliable (in
comparison to TCP) service. There really isn't much more to write about UDP so
i'll finish here.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 63/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 63
Domain Name System (DNS) Introduction
Introduction
DNS is a very well known protocol. It is used for resolving host names and
domain names to IP addresses. The fact is that when you type www.firewall.cx itis translated into an IP address via special queries that take place from your PC,but I'll explain how that works later on.
Because there is a fair bit of material to cover for the DNS protocol, and I don't
want to confuse you with too much information on one page, I have broken itdown into 5 sections, each covering a specific part of the protocol.
People who want specific information on the DNS protocol can go straight to the
section they need, the rest of us who just want to learn it all can start reading in
the order presented:
Section 1: The DNS Protocol. How and why the DNS protocol was born. Pagecontains a bit of historical information and also compares DNS with the OSI
Reference model, where you will see the layers on which DNS works. Internet
DNS hierarchy is also analysed here, giving you the chance to understand howdomains on the Internet are structured.
Section 2: The DNS Resolution Process. What really happens when a host
requests a DNS resolution. Full analysis of the whole resolution process using a
real life example. Understand Name Servers and the role they play in the DNSsystem.
Section 3: The DNS Query Message Format. This section, along with the next one
gives you the DNS packet format in all its glory. Learn how DNS queries aregenerated and formatted. See, learn and understand the various fields within the
packets as your taken through a full detailed analysis of the packet structureusing the cool 3D diagrams.
Section 4: The DNS Response Message Format. This is the continuation of the
section above, dealing with the DNS response that's received. You will learn how
the response packet is generated, formatted and sent to the resolver. Again,
you're taken through a full detailed analysis of the packet structure using the cool3D diagrams.
Section 5: The DNS Server (BIND). Based on BIND for Linux, this section is
broken into a futher 6 pages:
• Section 5.1: Introduction to the DNS Server. Learn how a DNS server is
setup on a Linux machine. Over 85% of DNS servers on the Internet run
on Linux and Unix based systems while Microsoft and Novell DNS servers
follow the same structure. DNS Zones and Domains are also covered onthis page, this is essential for understanding how DNS Servers work.
• Section 5.2: The db.DOMAIN file. Complete analysis of the zone data file
for a Primary DNS server. See what is contains and understand how itsstructured.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 64/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 64
• Section 5.3: The db.ADDR file. Complete analysis of the zone data file for
a Primary DNS server. See what is contains and understand how itsstructured.
• Section 5.4: Other common files. Analysing the rest of the files which arecommon to all DNS servers.
• Section 5.5: Slave DNS Server. Instructions on setting up a secondary
DNS server.
• Section 5.6: DNS Caching. The key to an efficient DNS server. This is a
must for any DNS Administrator. Learn how DNS caching helps improve
performance and reduce traffic. Includes analysis of specific parameters
within the DNS packet, which helps make DNS caching a reality, and find
out how to avoid problems that come with Domain redelegation or websitetransfers.
As you can see, there's plenty of stuff to cover. But don't despair because is all
cool stuff ! Grab something to drink and let's dive into the DNS waters ! You willbe amazed at the stuff you'll find :)
The DNS Protocol
Introduction
If you ever wondered where DNS came from, this is your chance to find out ! The
quick summary on DNS's history will also help you understand why DNS servers
are run mostly on Linux and Unix-type systems. We then get to see the layers of
the OSI Model on which DNS works and, towards the end of the page, you will
find out how the Domains (and DNS servers) are structured on the Internet toensure uptime and effectiveness.
The History
DNS began in the early days when the Internet was only a small network created
by the Department of Defence for research purposes. Host names (simple
computer names) of computers were manually entered into a file (called HOSTS)
which was located on a central server. Each site/computer that needed to resolve
host names had to download this file. But as the number of hosts grew, so did the
HOSTS file (Linux, Unix, Windows and NetWare still use such files) until it was far
too large for computers to download and it was generating great amounts of
traffic ! So they thought ... Stuff this .. let's find a better solution ... and in 1984the Domain Name System was introduced.
The Protocol
The Domain Name System is a 'hierarchically distributed database', which is a
fancy way of saying that its layers are arranged in a definite order and that its
data is distributed across a wide range of machines (just like the roots of a treebranch out from the main root).
Most companies today have their own little DNS server to ensure the computers
can find each other without problems. If you're using Windows 2000 and Active
Directory, then you surely are using DNS for the name resolutions of your
computers. Microsoft has created its own version of a "DNS" server, called a
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 65/100
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 66/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 66
port, something possible depending on the operating system and DNS server youare running.
In the following pages we'll be looking at the actual DNS packet format, where
you are able to see exactly the contents of DNS query, so we won't analyse thepacket structure here.
Next we'll take a close look at how the Internet domains and DNS servers are
structured to make sure the model works flawlessly and efficiently !
The Internet Domain Name Server Hierarchy
This interesting section will help you understand how domain names on the
Internet are structured and where DNS servers fit in to the picture. When you
think about the millions of domain names registered today, you probably thinkthat you have to be superhuman to manage such a structure of DNS servers !
Well that's not that case. The DNS structure has been designed in such a waythat no DNS server needs to know about all possible domains, but only thoseimmediately above and below it.
The picture below shows part of the Internet DNS hierarchical structure:
.......
Let's explain how it works :
Internic controls the "root" domain, which includes all the top level domains.
These are marked in a green oval for clarity. Within the green oval you have the
ROOT DNS servers, which know all about the authoritative DNS servers for the
domains immediately below them e.g firewall.cx, cisco.com, microsoft.com etc.
These ROOT DNS servers can tell you which DNS server takes care of firewall.cx,cisco.com, microsoft.com and the rest.
Each domain, including the ones we are talking about (cisco, firewall, microsoft),
have what we call a "Primary DNS" and "Secondary DNS". The Primary DNS is the
one that holds all the information about its domain. The Secondary acts as a
backup in case the Primary DNS fails. The process in which a Primary DNS server
sends its copy to the Secondary DNS server is called Zone Transfer and iscovered in the DNS Database section.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 67/100
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 68/100
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 69/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 69
Explanation :
1. You open your web browser and enter www.cisco.com in the address field. At
that point, the computer doesn't know the IP address for www.cisco.com, so it
sends a DNS query to your ISP's DNS server (It's querying the ISP's DNS because
this has been set through the dial-up properties; if you're on a permanent
connection then it's set through your network card's TCP/IP properties).
2. Your ISP's DNS server doesn't know the IP for www.cisco.com, so it will askone of the ROOT DNS servers.
3. The ROOT DNS server checks its database and finds that the Primary DNS forCisco.com is 198.133.219.25. It replies to your ISP's server with that answer.
4. Your ISP's DNS server now knows where to contact Cisco's DNS server and find
out if www.cisco.com exists and its IP. Your ISP's DNS server sends a recursivequery to Cisco.com's DNS server and asks for an IP address for www.cisco.com.
5. Cisco's DNS server checks its database and finds an entry for
"www.cisco.com". This entry has an IP address of 198.133.219.25. In other
words, the webserver is running on the same physical server as the DNS ! If it
wasn't running on the same server, then it would have a different IP. (Just a
note, you can actually make it look like it's on the same physical server, but
actually run the web server on a different box. This is achieved by using someneat tricks like port forwarding)
6. Your ISP's DNS server now knows the IP address for www.cisco.com and sendsthe result to your computer.
7. Your computer now knows who it needs to contact to get to the website. So itsends an http request directly to Cisco's webserver and downloads the webpage.
I hope you didn't find it too hard to follow. Remember that this query is the most
common type. The other type of query (non recursive) follows the same
procedure, the difference is that the client does all the running around trying to
find the authoritative DNS server for the desired domain, I like to think of it as"self service" :)
DNS Query Message Format
Introduction
This section will deal with the analysis of the DNS packets. This will allow us to
see the way DNS messages are formatted and the options and variables they
contain. To understand a protocol, you must understand the information theprotocol carries from one host to another.
Because the DNS message format can vary, depending on the query and the
answer, I've broken this analysis into two parts. Part 1 analyses the DNS format
of a query, in other words, it shows how the packet looks when we ask a DNS
server to resolve a domain. Part 2 analyses the DNS format of an answer, where
the DNS server is responding to our query.
I find this method more informative and easy to understand rather thancombining the analysis of queries and answers.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 70/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 70
DNS Analysis - Host Query
As mentioned in the previous sections of the DNS Protocol, a DNS query is
generated when the client needs to resolve a domain name into an IP Address.
This could be the result of entering "www.firewall.cx" in the url field of your web
browser, or simply by launching a program that uses the Internet and therefore
generates DNS queries in order to successfully communicate with the host orserver it needs.
Now, I've also included a live example (using my packet analyser), so you can
compare theory with practice for a better understanding. After this we will have a
look at the meaning of each field in the packet, so let's check out what a packetcontaining a DNS query would look like on our network:
This is the captured packet we are going to deal with. To generate this packet, I
typed "ping www.firewall.cx" from my linux prompt. The command generated this
packet, which was put on my network with the destination being a name server in
Australia. Notice the Port Destination which is set to 53, on which the port DNSworks, and the protocol used for the DNS Query, which is UDP.
Ethernet II (Check Ethernet Frames for more info.) is the most common type of
frame found on LANs, in fact it probably is the only type you will find on 85% of
all networks if you're only running TCP/IP and Windows or Unix-like machines.
This particular one contains a DNS section, which could be either a Query orResponse. We are assuming a Query, so it can fit nicely in our example.
We are going to take the DNS Section above and analyse its contents, which are
already shown in the picture above (Right hand side, labeled "Capture") takenfrom my packet analyser.
Here they are again in a cool 3D diagram:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 71/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 71
From this whole packet, the DNS Query Section is the part we're interested in
(analysed shortly), the rest is more or less overhead and information to let theserver know a bit more information about our query.
The analysis of each 3D block (field) is shown in the left picture below so you can
understand the function of each field and the DNS Query Section captured by mywonderful packet sniffer on the right:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 72/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 72
All fields in the DNS Query section except the DNS Name field (underlined in red
in the picture above), have set lengths. The DNS Name field has no set length
because it varies depending on the domain name length as we are going to see
soon.
For example, a query for www.cisco.com will require DNS Name field to be
smaller than a query for support.novell.com simply because the second domain islonger.
The DNS Name Field
To prove this I captured a few packets that show different lengths for the domain
names I just mentioned but, because the DNS section in a packet provides no
length field, we need to look one level above, which is the UDP header, in order
to calculate the DNS section length. By subtracting the UDP header length
(always 8 bytes - check UDP page for more information) from the bytes in the
Length field, we are left with the length of the DNS section:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 73/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 73
The two examples clearly show that the Length Field in the UDP header varies
depending on the domain we are trying to resolve. The UDP header is 8 bytes in
both examples and all fields in the DNS Section, except for the DNS Name field,
are always 2 bytes.
The Flags/ Parameters Field
The Parameter Field (labeled Flags) is one of the most important fields in DNS
because it is responsible for letting the server or client know a lot of important
information about the DNS packet. For example, it contains information as to
whether the DNS packet is a query or response and, in the case of a query, if it
should be a recursive or non-recursive type. This is most important because aswe've already seen, it determines how the query is handled by the server.
Let's have a closer look at the flags and explain the meaning of each one. I've
marked the bit numbers with black on the left hand side of each flag parameter
so you can see which ones are used during a response. The picture on the right
hand side explains the various bits. You won't see all 16 bits used in a query asthe rest are used during a response or might be reserved:
As you can see, only bits 1, 2-5, 7, 8 and 12 are used in this query. The rest will
be a combination of reserved bits and bits that are used only in responses. When
you read the DNS response message format page, you will find a similar packet
captured which is a reponse to the above query and the rest of the bits used are
analysed.
And that just about does it for the DNS Query message format page. Next up is
the DNS Response message format page which I'm sure you will find just asinteresting!
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 74/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 74
DNS Response Message Format
Introduction
The previous page delt with the DNS Query message formats. We analysed them
in great detail and showed how various options are selected by the host using theFlags/Parameters field.
On this page we will see and analyse the responses we get from the generated
queries. These responses, in the case of a recursive query, come directly from the
DNS server to which we sent the query and, in the case of a non-recursive query,
will come from the last DNS server the client contacts in order to get the required
information.
Lastly, keep in mind that this page is the continuation of the previous page, so
it's important to understand the previous material ! If you have any doubts, readthe previous section again.
Now that we have all that out of the way ....let's grab a few DNS responses andget our hands dirty :)
DNS Analysis - Server Response
Here is the response (highlighted) to the previous DNS query sent to an
Australian DNS server (139.130.4.4), where I asked for the resolution of www.firewall.cx:
Something worth paying attention to is the time this query took to come back to
my Linux file server. The time taken, from the moment the packet was sent fromthe Linux file server, until it received the answer, was only 0.991 seconds !
During this short period of time the packet travelled from Greece to Australia,
reached the DNS server, which sent its queries to other DNS servers until it found
the answer and then generated a DNS response that was sent back to Greecewhere my home network is !
There are a lot of factors that contribute to this fairly fast reponse. The transportprotocol UDP, which does not require any 3-way handshake, the load of the DNS
server to which I sent the query, the load of DNS servers it then had to ask, the
speed at which all these servers and myself are connected to the Internet and the
general load between the routers that my packet had to travel in order to get toits various destinations !
As you can clearly see, there is a lot happening for just one DNS query and
response. Try to consider what happenes when you have 20,000,000 DNS queries
happening at once on the Internet and you have a good idea on how well thisprotocol and the underlying technology have been designed !
Following is the Ethernet II packet that runs on the local network. The structure isthe same, but varies in size, regardless of whether it's a DNS Query or Response:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 75/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 75
Now, to make the analysis of the DNS Section easier I have also included the
DNS Query (left hand side) and DNS Response (right hand side). This allows youto compare what we sent and what we received :
By comparing the two packets, you can see that there are fields in the DNS
Response packet (marked with green arrows) that didn't exist in the Query. Let's
see again what each field means and anaylse them again as we did in theprevious page.
The DNS Section in a response packet is considerably larger and more complex
than that of a query. For this reason we are going to analyse it in parts rather
than all together. The query had only one section that required in-depth analysis
whereas the response has three since the first one is the original query sent.
Here is the DNS Section of a DNS response in 3D:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 76/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 76
You can clearly see that everything after the light green 3D block labeled "DNS
Query Section" is new. We are going to focus on these 3 new blocks, which are
part of the DNS Response Section, as the rest has been covered in the previous
page.
DNS Response Section
The analysis of this section won't be too difficult because the format that is
followed in each 3D block of our DNS Response Section is identical. For this
reason, I have not analysed all 3 3D blocks, but only a few to help you get theidea.
The diagram below shows you the contents of the 3 3D blocks (sections) we are
looking at: Answers Section, Authoritative Name Servers Section and theAdditional Records Sections:
What we need to need understand is that each one of these three sections have
identical fields. Even though the information they contain might seem a bit
different, the fields are exactly the same and we will see this shortly.
In the picture above, I have only expanded the first part of the Answer section
which is underlined in green so you can compare the fields with the ones
contained in the left hand picture.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 77/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 77
This next picture shows you the expanded version from the first part of the
Answers and Authoritative sections. I have already marked and labeled the fields
to prove to you that they are all identical and vary only in the information they
contain:
If you look carefully you
will notice that the
Resource Data field is
presented first, where
according to the analysis
of the sections in the
picture above (left side),
you would expect it last.
The truth is that it is last,
but it's presented first just
because my packet sniffer
likes to make the data
more readable and less
confusing.
This is also the reason the
first line of each part in
each section is used to
give you a quick summary
of the information
captured.
For example, looking at
line 1, part 1 in the
Answers Section
(underlined in green), you
get a summary of what's
to follow: www.firewall.cx,
type INET, cname firewall.
This proves that all fields
in all of these 3 sections
contained in the DNS
Response Section are
identical, but contain
different values/data.
You also might wonder why there are 2 parts in each section ?
Could there be more or less parts, depending on the domain name or is therealways 2 parts in each section ?
The answer is simple and logical, there are as many parts as needed, depending
always on the domain setup. For example, if I had more than two name servers
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 78/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 78
for the Firewall.cx domain, you would see more than two parts in theAuthoritative nameserver section and the other sections.
Our example has only 2 parts per section whereas the one we see below has a lotmore :
This DNS Response Section is based on a query generated for the IBM.COMdomain:
As you can see, our query
for IBM.COM gave us a
response which has 4 parts
per section !
Again, each part in every
section has identical fields,but different data/values.
You might have noticed a
pattern here as well. In
every DNS Response you
will find the same number of parts per section.
For example, the picture on
the left shows us 4 parts for
the Answers, Authoritative
and Additional records
sections and this is no
coincidence.
The reason this is no
coincidence - between the 3
sections (Answers,
Authoritative and Additional
records) is the Type field
and I will explain why.
The Type Field
The Type field determines the type or part of information we require about a
domain. To give you the simplest example, when we have a Type=A , we aregiven the IP Address of the domain or host (look at Answers section above),
whereas a Type=NS means we are given the Authoritative Name Servers that are
responsible for the domain (look at Authoritative Name Servers section above).
Looking at the picture below, which is from our first example (query for
firewall.cx) we can see exactly how the Type field is responsible for the data wereceive about a domain:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 79/100
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 80/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 80
The above values the Type field can take are contained within the DNS database,
which is covered next.
Our discussion on the DNS Response message format is now complete !
File Transfer Protocol - FTP
Introduction
File transfer is among the most frequently used TCP/IP applications and it
accounts for a lot of the network traffic on the Internet. Various standard file
transfer protocols existed even before the Internet was available to everyone and
it was these early versions of the file transfer software that helped create today's
standard known as the File Transfer Protocol (FTP). Most recent specifications of the protocol are listed in RFC 959.
The Protocol
FTP uses TCP as a transport protocol. This means that FTP inherits TCP's
robustness and is very reliable for transferring files. Chances are if you download
files, you've probably used ftp a few hundred times without realising it ! And if you have a huge warez collection, then make that a couple of thousand times :)
The picture below shows where FTP stands in contrast to the OSI model. As I
have noted in other sections, it's important to understand the concept of the OSImodel, because it will greatly helpyou understand all this too :)
Now, we mentioned that FTP uses
TCP as a transport, but we didn't say
which ports it uses ! Port numbers 21
and 20 are used for FTP. Port 21 is
used to establish the connection
between the 2 computers (or hosts)
and port 20 to transfer data (via theData channel).
But there are some instances where
port 21 is used for both, establishing
a connection and data transfer and Iwill analyse them shortly.
The best thing you can do to "see" it
yourself is to grab a packet sniffer
which you will conveniently find in
our download section and try to
capture a few packets while you'reftp'ing to a site.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 81/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 81
Both P orts - 20 and 21 - Active FTP Mode
I have included a screenshot from my workstation which clearly shows the 2 portsused. In the example,
Only Port 21 - Passive FTP Mode
Now, in the next picture I ftp'ed into my NetWare server here at home and guesswhat .... Only Port 21 was used ! Here is the screen shot:
Please click here to view the full picture.
Let me explain why this is happening:
FTP has two separate modes of operation: Active and Passive. You will use eitherone depending on whether your PC is behind a firewall.
Active Mode FTP
Active mode is usually used when there isn't any firewall between you and the
FTP server. In such cases you have a direct connection to the Internet. When you
(the client) try to establish a connection to a FTP server, your workstation
includes a second port number (using the PORT command) that is used when
data is to be exchanged, this is known as the Data Channel .
The FTP server then starts the exchange of data from its own port 20 to whatever
port was designated by your workstation (in the screen shot, my workstation
used port 1086), and because the server initiated the communication, it's not
controlled by the workstation client. This can also potentially allow uninvited data
to arrive to your computer from anywhere posing as a normal FTP transfer. Thisis one of the reasons Passive FTP is more secure.
Passive Mode FTP
Using normal or passive FTP, a client begins a session by sending a request to
communicate through TCP port 21, the port that is conventionally assigned for
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 82/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 82
this use at the FTP server. This communication is known as the Control Channelconnection.
At this point, a PASV command is sent instead of a PORT command. Instead of
specifying a port that the server can send to, the PASV command asks the server
to specify a port it wishes to use for the Data Channel connection. The server
replies on the Control Channel with the port number which the client then uses to
initiate an exchange on the Data Channel. The server will thus always be
responding to client-initiated requests on the Data Channel and the firewall cancorrelate these.
It's simple to configure your client FTP program to use either Active or Passive
FTP. For example, in Cute FTP, you can set your program to use Passive FTP by
going to FTP--> Settings --> Options and then selecting the "Firewall" tab :
If you remove the above options, then your workstation will be using (if possible)
Active FTP mode, and I say "if possible" cause if your already behind a firewall,
there is probably no way you will be using Active FTP, so the program will
automatically change to Passive FTP mode. So let's have a look at the process of
a computer establishing an FTP connection with a server: .
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 83/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 83
The above is assuming a direct connection to the FTP server. For simplicity
reasons, we are looking at the way the FTP connection is created and not worring
if it's a Passive or Active FTP connection. Since FTP is using TCP as a transport,
you would expect to see the 3-way handshake . Once that is completed and there
is data connection established, the client will send its login name and then
password. After the authentication sequence is finished and the user is
authenticated to the Server, it's allowed access and is ready to leach the site dry:)
Finally, below are the most commonly used FTP commands:
ABOR: abort previous FTP command
LIST and NLST: list file and directories
DELE: delete a file
RMD: remove a directory
MKD: create a directory
PWD: print current working directory ( show you which dir. your at)
PASS: send password
PORT: request open port number on specific IP address/port number
QUIT: log off from server
RETR: retrieve file
STOR: send or put file
SYST: identity system type
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 84/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 84
TYPE: specify type (A for ASCII, I for binary)
USER: send username
And that just about complete's our analysis on the FTP protocol !
Trivial File Transport Protocol - TFTP
Introduction
TFTP is a file transport protocol and its name suggests it's something close to the
FTP protocol (File Transfer Protocol), which is true .. to a degree. TFTP isn't very
popular because it's not really used on the Internet because of its limitations
which we'll explore next.
The Protocol
TFTP's main difference from FTP is the transport protocol it uses and the lack of
any authentication mechanisim. Where FTP uses the robust TCP to establish
connections and complete the file transfers, TFTP uses UDP which is unsecure and
has no error checking built in to it (unless they have implemented some type of
error checking in the program you are using to transfer files), this also explains
why you are more likely to find TFTP in a LAN, rather than a WAN (Wide Area
Network) or on the Internet.
The major limitations with TFTP
are authentication and directory
visibility, meaning you don't get
to see the files and directories
available at the TFTP server.
As mentioned, TFTP uses UDP
as a transport, as opposed to
TCP which FTP uses, and works
on port 69, you can clearly see
that in the cool 3D diagram onthe left.
Port 69 is the default port for
TFTP, but if you like, you can
modify the settings on your
TFTP server so it runs on adifferent port.
Now, to make things a bit clearer I have included a screen shot of my workstation
tftp'ing into a TFTP server which I have setup in my little network.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 85/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 85
You can see my workstation (192.168.0.100) contacting the TFTP server
(192.168.0.1) on port 69 (destination port). In this first packet, my workstation is
contacting the server and requesting the file I entered before I connected to theserver. Click here for the full picture.
Because you don't get a listing of the files and directories, you must know which
file you want to download ! In the response I received (2nd packet) the server
gets straight into business and starts sending the file. No authenticationwhatsoever !
Note: The workstation usally won't send back any acknowlegement (because
UDP, which is the transport protocol, by nature, never sends acknowledgements),
but the software developers can incorporate such a feature by forcing the
workstation to send a small packet which the TFTP server is able to pickup as anacknowledgement of the previous data packet it sent to the workstation.
In the example I provide, you can see my workstation sending small packets to
the server after it receives one packet from it. These small acknowledgements
have been added by the software company who created the program I was usingfor this example.
Below is a screen shot of the program I used to TFTP (TFTP Client) to the server:
Notice how I entered the file I wanted to downloaded (server.exe), and selected
the name which the file will be saved as on my local computer (Local File). If I
didn't provide the Remote File name, I would simply get an error poping up at the
server side, complaing that no such file exists. You can also send files using TFTP,as it's not just for downloading :)
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 86/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 86
So where is TFTP used ?
TFTP is used mostly for backing up router configuration files like Cisco and its IOS
images, it is also used for diskless booting PC's where, after the workstation has
booted from the network card's ROM, TFTP is used to download the program itneeds to load and run from a central server.
Below is a diagram which shows what takes place during a TFTP session:
.....
In this diagram we are assuming that there is no error checking built into thesoftware running at both ends (client and server).
And that pretty much sums it all up for the TFTP protocol.
Internet Control Message Protocol - ICMP
Introduction
The Internet Control Message Protocol, or ICMP as we will be calling it, is a very
popular protocol and actually part of an Internet Protocol (IP) implementation.
Because IP wasn't designed to be absolutely reliable, ICMP came into the scene toprovide feedback on problems which existed in the communication environment.
If I said the word 'Ping' most people who work with networks would recognisethat a 'ping' is part of ICMP and in case you didn't know that, now you do :)
ICMP is one of the most useful protocols provided to troubleshoot network
problems like DNS resolutions, routing, connectivity and a lot more. Personally, I
use ICMP a lot, but you need to keep its limits in mind beause you might end upspending half a day trying to figure out why you're not getting a 'ping reply'
('echo reply' is the correct term) from, for example, www.firewall.cx when, in
fact, the site's webserver is configured NOT to reply to 'pings' for security reasons!
Cool Note
A few years ago there was a program released, which still circulates around the
Internet, called Click ( I got my hands on version 1.4). Click was designed to run
on a Windows platform and work against Mirc users. The program would utilise
the different messages available within the ICMP protocol to send special error
messages to Mirc users, making the remote user's program think it had lostconnectivity with the IRC server, thus disconnecting them from the server ! The
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 87/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 87
magic is not what the program can do, but how it does it ! This is where a truenetworking guru will be able to identify and fix any network security weakness.
The Protocol
ICMP is defined in RFC (Request For Comments) 792. Looking at its position in
the OSI model we can see that it's sitting in the Network layer (layer 3) alongside
IP. There are no ports used with ICMP, this is because of where the protocol sits
in the OSI model. Ports are only used for protocols which work at the Sessionlayer and above:
The ICMP protocol uses
different 'messages' to identify
the purpose of an ICMP packet,
for example, an 'echo' (ping) is
one type of ICMP message.
I am going to break down the
different message descriptions
as they have been defined bythe RFC792.
There is a lot of information to
cover in ICMP so I have broken
it down to multiple pages rather
than sticking everything into one
huge page that would bore you!
Also, I haven't included all the messages which ICMP supports, rather I selected a
few of the more common ones that you're likely to come across. You can alwaysrefer to the RFC792 to get the details on all messages.
We will start with a visual example of where the ICMP header and information areput in a packet, to help you understand better what we are dealing with :)
The structure is pretty simple, not a lot involved, but the contents of the ICMP
header will change depending on the message it contains. For example, the
header information for an 'echo' (ping) message (this is the correct term) isdifferent to that of a 'destination unreachable' message, also a function of ICMP.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 88/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 88
NOTE: If you were to run a packet sniffer on your LAN and catch a "ping" packet
to see what it looks like, you would get more than I am showing here. There will
be an extra header, the datalink header, which is not shown here because that
header will change (or more likely be removed) as the packet moves from your
LAN to the Internet, but the 2 headers you see in this picture will certainly remainthe same until they reach their destination.
So, that now leaves us to analyse a few of the selected ICMP messages !
The picture below shows all the ICMP messages. The messages in green are theones which we cover here.
Please click on the ICMP message you wish to read about.
ICMP - Echo or Echo Reply
Introduction
Aaaaa... The famous ping :)
Analysis
As mentioned in the previous page, an Echo is simply what most people call a'ping'. The Echo Reply is the 'ping reply'. ICMP Echos are used mostly for
troubleshooting. When there are 2 hosts which have communication problems, a
few simple ICMP Echo requests will show if the 2 hosts have their TCP/IP stacks
configured correctly and if there are any problems with the routes packets are
taking in order to get to the other side.
The 'ping' command is very well known, but the results of it are very often
misunderstood and for that reason I have chosen to explain all those otherparameters next to the ping reply, but we will have a look at that later on.
Let's have a look at what an ICMP-Echo or Echo Reply packet looks like:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 89/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 89
If the above packet was an ICMP Echo (ping), then the Type field takes a value of 8. If it's an ICMP Echo Reply (ping reply) then it would take a value of 1.
The picture below is a screen shot I took when doing a simple ping from my
workstation:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 90/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 90
Okay, now looking at the screen shot above, you can see I 'pinged'
www.firewall.cx. The first thing my workstation did was to resolve that URL to an
IP address. This was done using DNS. Once the DNS server returned the IP
address of www.firewall.cx, the workstation generated an ICMP packet with theType field set to 8.
Here is the proof:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 91/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 91
The picture above is a screenshot from my packet sniffer the same time this
experement was taking place. The packet displayed is one of the 4 packets whichwere sent from my workstation to the webserver of firewall.cx
Notice the ICMP type = 8 Echo field right under the ICMP Header section. This
clearly shows that this packet is being sent from the workstation and not
received. If it was received, it would have been an 'Echo Reply' and have a valueof 1.
The next weird thing, if anyone noticed, is the data field. Look at the screen shot
from command prompt above and notice the value there and the value the packetsniffer is showing on the left. One says 32 Bytes, and the other 40 Bytes !
The reason for this is that the packet sniffer is taking into account the ICMP
header files (ICMP type, code, checksum and identifier), and I'll prove it to youright now.
Look at the top of this page where we analysed the ICMP headers (the 3d
picture), you will notice that the lengths (in Bits) of the various fields are as
follows: 8, 8, 16, 16, 16. These add up to a total of 64 Bits. Now 8 Bits = 1 Byte,
therefore 64 Bits = 8 Bytes. Take the 32 Bytes of data the workstation'scommand prompt is showing and add 8 Bytes .... and you have 40 Bytes in total.
ICMP - Destination Unreachable
Introduction
This ICMP message is quite interesting, because it doesn't actually contain one
message, but six ! This means that the ICMP Destination unreachable futher
breaks down into 6 different messages.
We will be looking at them all and analysing a few of them to help you get theidea.
To make sure you don't get confused, keep one thing in mind: The ICMP
Destination unreachable is a generic ICMP message, the different code values or
messages which are part of it are there to clarify the type of "Destination
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 92/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 92
unreachable" message was received. It goes something like this: ICMPDestination <Code value or message> unreachable.
The ICMP - Destination net unreachable message is one which a user would
usually get from the gateway when it doesn't know how to get to a particularnetwork.
The ICMP - Destination host unreachable message is one which a user would
usually get from the remote gateway when the destination host is unreachable.
If, in the destination host, the IP module cannot deliver the packet because the
indicated protocol module or process port is not active, the destination host maysend an ICMP destination protocol / port unreachable message to the source host.
In another case, when a packet received must be fragmented to be forwarded by
a gateway but the "Don't Fragment" flag (DF) is on, the gateway must discard the
packet and send an ICMP destination fragmentation needed and DF setunreachable message to the source host.
These ICMP messages are most useful when trying to troubleshoot a network.
You can check to see if all routers and gateways are configured properly and have
their routing tables updated and synchronised.
Let's look at the packet structure of an ICMP destination unreachable packet:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 93/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 93
Please read on as the following example will help you understand all the above.
The Analysis
When you open a DOS command prompt and type "ping 200.200.200.200",assuming that your workstation is NOT part of that network, then it would
forward the ICMP Echo request to the gateway that's configured in your TCP/IP
properties. At that point, the gateway should be able to figure out where toforward the ICMP Echo request.
The gateway usually has a "default route" entry, this entry is used when the
gateway doesn't know where the network is. Now, if the gateway has no "default
route" you would get an "ICMP Destination net unreachable" message when you
try to get to a network which the gateway doesn't know about. When you'reconnected to the Internet via a modem, then your default gateway is the modem.
In order for me to demonstrate this, I set up my network in a way that shouldmake it easy for you to see how everything works. I have provided a lot of pictures hoping to make it as easy as possible to understand.
I will analyse why and how you get an "ICMP - Destination net unreachable"message.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 94/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 94
In the example above, I've setup my workstation to use the Linux server as a
default gateway, which has an IP of 192.168.0.5. The Linux server also has adefault gateway entry and this is IP: 192.168.0.1 (the Windows 2000 Server).
When my workstation attempts to ping (send an ICMP Echo request) to IP
200.200.200.200, it realises it's on a different network, so it sends it to the Linux
server, which in turn forwards it to its default gateway (the Win2k server) so it
can then be forwarded to the Internet and eventually I should get a ping reply
(ICMP Echo reply) if the host exists and has no firewall blocking ICMP echorequests.
Here is the packet which I captured:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 95/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 95
When looking at the decoded section (picture above) you can see in the ICMP
header section that the ICMP Type is equal to 8, so this confirms that it's an ICMP
Echo (ping). As mentioned earlier, we would expect to receive an ICMP echoreply.
Check out though what happens when I remove the default gateway entry fromthe Linux server .....
Now what I did was to remove the default gateway entry from the Linux server.
So when it gets a packet from my workstation, it wouldn't know what to do with
it. This is how you get the gateway to generate an "ICMP Destination netunreachable" message and send it back to the source host (my workstation).
Here is a screen shot from the command prompt:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 96/100
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 97/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 97
Let's now take a look what the packet sniffer caught :
The decoder on the left shows that
the Linux server (192.168.0.5) sent
back to my workstation
(192.168.0.100) an ICMP
Destination unreachable message
(look at the ICMP type field, right
under the ICMP header) but if you
also check out the ICMP Code
(highlighted field), it's equal to 0,
which means "net unreachable".
Scrolling right at the top of this
page, the first table clearly shows
that when the code field has a value
of 0, this is indeed a "netunreachable" message.
It is also worth noticing the
"Returned IP header" which exists
within the ICMP header. This is the
IP header of the packet my
workstation sent to the Linux server
when it attempted to ping
200.200.200.200, and following
that is 64 bits (8 bytes) of the
original data.
I hope I haven't confused you too
much :)
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 98/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 98
ICMP - Source Quench
Introduction
The ICMP - Source quench message is one that can be generated by either a
gateway or host. You won't see any such message pop up on your workstationscreen unless you're working on a gateway which will output to the screen all
ICMP messages it gets. In short, an ICMP - Source quench is generated by a
gateway or the destination host and tells the sending end to ease up because itcannot keep up with the speed at which it's receiving the data.
Analysis
Now let's get a bit more technical: A gateway may discard internet datagrams (or
packets) if it does not have the buffer space needed to queue the datagrams for
output to the next network on the route to the destination network. If a gateway
discards a datagram, it may send an ICMP - Source quench message to the
internet source host of the datagram.
Let's have a look at the packet structure of the ICMP - Source quench message:
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 99/100
I n t r o d u c t i o n t o N e t w o r k i n g
M uhammad K ashif Riaz System A dministr ator L ogit ech Email: [email protected]
Web: www.logitech.net 99
A destination host may also send an ICMP - Source quench message if datagrams
arrive too fast to be processed. The ICMP - Source quench message is a request
to the host to cut back the rate at which it is sending traffic to the internet
destination. The gateway may send an ICMP - Source quench for every message
that it discards. On receipt of an ICMP - Source quench message, the source host
should cut back the rate at whic h it is sending traffic to the specified destination
until it no longer receives ICMP - Source quench messages from the gateway. Thesource host can then gradually increase the rate at which it sends traffic to the
destination until it again receives ICMP - Source quench messages.
The gateway or host may also send the ICMP - Source quench message when it
approaches its capacity limit rather than waiting until the capacity is exceeded.
This means that the data datagram which triggered the ICMP - Source quenchmessage may be delivered.
That pretty much does it for this ICMP message.
ICMP - Redirect Message
Introduction
The ICMP - Redirect message is always sent from a gateway to the host and theexample below will illustrate when this is used.
Putting it simply (before we have a look at the example) the ICMP - Redirect
message occurs when a host sends a datagram (or packet) to its gateway
(destination of this datagram is a different network), which in turn forwards the
same datagram to the next gateway (next hop) and this second gateway is on
the same network as the host. The second gateway will generate this ICMPmessage and send it to the host from which the datagram originated.
There are 4 different ICMP - Redirect message types and these are:
The format of this ICMP message is as follows: ICMP - Redirect (0, 1, 2, 3 or 4) message.
8/3/2019 Networking Notes Part 1
http://slidepdf.com/reader/full/networking-notes-part-1 100/100
I n t r o d u c t i o n t o N e t w o r k i n g
Our example:
The gateway (Win2k Server) sends a redirect message (arrow No. 3) to the host
in the following situation:
Gateway 1 (the linux server), receives an Internet datagram (arrow No. 1) from a
host on the same network. The gateway checks its routing table and obtains the
address of the next gateway (hop) on the route to the datagram's Internetdestination network and sends the datagram to it (arrow No. 2).
Now, gateway 2 receives the datagram and, if the host identified by the Internet
source address of the datagram (in other words, it checks the source IP of the
datagram, which will still be 192.168.0.100), is on the same network, a redirect
message (arrow No. 3) is sent to the host. The redirect message advises the host
to send its traffic for the Internet network directly to gateway 2 as this is a
shorter path to the destination. The gateway then forwards the originaldatagram's data (arrow No. 1) to its Internet destination (arrow No.4).
For datagrams (or packets) with the IP source options and the gateway address
in the destination address field, a redirect message is not sent even if there is a
better route to the ultimate destination than the next address in the source route.
Analysis
Let's have a look at the structure of an ICMP - Redirect message: