Skill Based Elective – VI: TCP/IP and Protocol

Unit – 1: Introduction, Understanding the Purpose and Function of Networking Models,

Networking Model, Network Interface, Media Access Control, Network Interface

Hardware/Software, OSI Model, The Microsoft Model, TCP/IP Protocol Suite.

Unit - 2: Host-to-Host Transport, Transmission Control Protocol, User Datagram

Protocol, Application, NetBIOS over TCP, Windows Internet Name Service Server

Message Block/Common Internet File System, Internet Printing Protocol, Windows

Sockets, Telnet Dynamic Host Configuration Protocol Simple Mail Transport Protocol -

Post Office Protocol - Internet Message Access Protocol - Hypertext Transport Protocol -

Network News Transfer Protocol - File Transfer Protocol - Domain Naming System -

Routing Information Protocol - SNMP

Unit - 3: IP Addressing - Converting from Decimal to Binary - Network ID and Host ID

- Rules for Network IDs - Rules for Host IDs - Class A - Class B - Class C - Class D

and Class E

Unit - 4: Determine the Number of Host Bits to Be Used-Determine the New Sub netted

Network IDs - Determine the IP Addresses for Each New Subnet Creating the Subnet

Mask - Public and Private IP Addresses - Basic IP Routing - Name and Address

Resolution - Host Name Resolution - How Packets Travel from Network to Network - IP

Routing Tables - Route Processing - Physical Address Resolution - Inverse ARP - Proxy

ARP - Static and Dynamic IP Routers – Routing

Unit - 5: Exam Objectives Fast Track Self Test Example of a Simple Glassful Network -

Summary of Exam Objectives

References:

1) Richard Stevens, Advanced programming in the UNIX Environment, Addison

Wesley, 1999.

2) Richard Stevens, UNIX Network Programming Volume 1,2, Prentice Hall

International,1998.

3) William Stallings, Data and Computer Communications, 5th edition, PHI, 1997.

UNIT-I

Purpose of Network Architecture:

Network architecture is making better commanication and decrease the administrative task as well as to

avoid to have error and conflicte in between so it will work in healthy condition and we can provide better

security for data's to avoid misuse fo data and servicess so we can architecte network in the such a way.

We can implement server stucture and software deployment servicess whitch will make better and less

administrative task whitch is really provide good communication and very good foult taularence and security

for data mind it in any company data is the main important source it may be software code, or as accounts so

network architecture is very necessory thing for this kind structures.

Networking Model

When dealing with networking, you may hear the terms "network model" and "network layer" used often.

Network models define a set of network layers and how they interact. There are several different network

models depending on what organization or company started them. The most important two are:

The TCP/IP Model - This model is sometimes called the DOD model since it was designed for the

department of defense. It is also called the internet model because TCP/IP is the protocol used on the

internet.

OSI Network Model - The International Standards Organization (ISO) has defined a standard called

the Open Systems Interconnection (OSI) reference model. This is a seven layer architecture listed in

the next section.

The International Standards Organization (ISO) has defined a standard called the Open Systems

Interconnection (OSI) reference model. This is a seven layer architecture listed below. Each layer is

considered to be responsible for a different part of the communications. This concept was developed to

accommodate changes in technology. The layers are arranged here from the lower levels starting with the

physical (hardware) to the higher levels.

1. Physical Layer - The actual hardware. Concerned with the connection between the computer and the

network.

2. Data Link Layer - Data transfer method (802x ethernet). Puts data in frames and ensures error free

transmission. Also controls the timing of the network transmission. IEEE divided this layer into the

two following sublayers.

1. Media Access Control (MAC) - Used to coordinate the sending of data between computers.

The 802.3, 4, 5, and 12 standards apply to this layer. If you hear someone talking about the

MAC address of a network card, they are referring to the hardware address of the card.

2. Logical Link control (LLC) - Maintains the Link between two computers by establishing

Service Access Points (SAPs) which are a series of interface points. IEEE802.2.

3. Network Layer - IP network protocol. Routes messages using the best path available. Concerned

with message priority, status, and data congestion.

4. Transport Layer - TCP, UDP. Provides properly sequenced and error free transmission.

Recombines fragmented packets.

5. Session Layer - Determines when the session is begun or opened, how long it is used, and when it is

closed. concerned with security and name recognition.

6. Presentation Layer - ASCII or EBCDEC data syntax. Makes the type of data transparent to the

layers around it. Used to translate date to computer specific format such as byte ordering. It may

include compression. It prepares the data, either for the network or the application depending on the

direction it is going.

7. Application Layer - Provides the ability for user applications to interact with the network.

Many protocol stacks overlap the borders of the seven layer model. Transmission Control Protocol (TCP)

provides the function of session and some of the transport layer. The Internet Protocol (IP) provides the

function of the rest of the transport and most of the network layer. Netware Core Protocol (NCP) provides

the function of the application, presentation, and the session layer.

When we talk about Local Area Network (LAN) technology the IEEE 802 standard may be heard. This

standard defines networking connections for the interface card and the physical connections, describing how

they are done. The 802 standards were published by the Institute of Electrical and Electronics Engineers

(IEEE). The 802.3 standard is called Ethernet.

The ethernet standard data encapsulation method is defined by RFC 894. RFC 1042 defines the IP to link

layer data encapsulation for networks using the IEEE 802 standards. The 802 standards define the two lowest

levels of the seven layer network model and primarily deal with the control of access to the network media.

The network media is the physical means of carrying the data such as network cable. The control of access to

the media is called media access control (MAC). The 802 standards are listed below:

802.1 - Internetworking

802.2 - Logical Link Control *

802.3 - Ethernet or CSMA/CD, Carrier-Sense Multiple Access with Collision detection LAN *

802.4 - Token-Bus LAN *

802.5 - Token Ring LAN *

802.6 - Metropolitan Area Network (MAN)

802.7 - Broadband Technical Advisory Group

802.8 - Fiber-Optic Technical Advisory Group

802.9 - Integrated Voice/Data Networks

802.10 - Network Security

802.11 - Wireless Networks

802.12 - Demand Priority Access LAN, 100 Base VG-AnyLAN

*The ones with stars should be remembered in order for network certification testing.

Network Access Methods

Contention

o Carrier-Sense Multiple Access with Collision Detection (CSMA/CD) - Used by Ethernet

o Carrier-Sense Multiple Access with Collision Avoidance

Token Passing

Demand Priority - Describes a method where intelligent hubs control data transmission. A computer

will send a demand signal to the hub indicating that it wants to transmit. The hub will respond with

an acknowledgement that will allow the computer to transmit. The hub will allow computers to

transmit in turn. An example of a demand priority network is 100VG-AnyLAN (IEEE 802.12). It

uses a star-bus topology.

Polling - A central controller, also called the primary device will poll computers, called secondary

devices, to find out if they have data to transmit of so the central controller will allow them to

transmit for a limited time, then the next device is polled.

Network interface

The most important PC device is the network interface card (NIC). Each computer on the network, including

the servers, is required to have one installed. It is the NIC that provides connectivity between the PC and the

network's physical medium, the copper or fiber-optic cable.

NICs provide computers with a connection to the network, but they also handle an important data-conversion

function. Data travels in parallel on the PCI's bus system, but the network medium demands a serial

transmission. The transceiver, a transmitter and receiver, on the NIC has the ability to move data from

parallel to serial and vice versa. This isn't any different than an automobiles travelling down a multi-lane

superhighway where all lanes must merge into one lane.

Network interface cards also have the ability of supplying a basic addressing system that can be used to get

data from one computer to another on the network. The hardware or MAC address is burned into a ROM

chip on the NIC. This is referred to as the MAC address because the Media Access Control (MAC) layer is

acutally a sublayer of the OSI model's Data Link layer.

Most of the new motherboards available today for PCs and servers have the network interface card integrated

with the motherboard. Older computers and some newer computers do not provide onboard network

interfaces which will equire a NIC to be added.

Network interface may refer to:

Network interface controller, the device a computer uses to connect to a computer network

Network interface device, a demarcation point for a telephone network

Media Access Control

The Media Access Control is often said to be a sub-layer of the OSI data Link layer.

On every network interface adaptor card there is a set of computer chips that handle

communication with the physical media (copper wire, fiber optic cable or the air) by

controlling the communication signal (electricity, light or radio frequencies) over the

physical media. In plain english, the computer chips that control the electricity

transmitted and received on a copper wire are MAC-related hardware.

The MAC sublayer provides the means to access the the physical medium used for

communication. The MAC sublayer also communicates with the Logical Link Control

(LLC) sub-layer above it allowing it to access and speak to the upper layer network

protocols such as IP.

MAC Addresses

The MAC sub-layer must supply a 48-bit (6 byte) address. The MAC address is most frequently represented

as 12 hexadecimal digits. The MAC address uniquely identifies a specific network device and MAC

addresses must be unique on a given LAN. The first 12-bit portion of the MAC address identifies the vendor

of the network device; the next 12-bit portion identifies the unique id of the device itself. When looking at a

hexadecimal representation of the MAC address, the first six hexadecimal digits identify the vendor and the

last six hexadecimal digits identify the specific network interface card.

Application

Presentation

Session

Transport

Network

Data Link LLC

MAC

Physical

Here are some examples of what a MAC address looks like. There is some difference in how they are

displayed on different types of computers. The hexadecimal digits are the same, but they are separated or

grouped differently when displayed. Different companies like to show MAC addresses different ways.

MAC Address As Displayed by

Vendor/Manufacturer

Command Used

to display MAC

00:00:0C:12:B1:CF Cisco, Unix/SUN, Linux ifconfig -a

00000C-12B1CF ProCurve Switches show bridge

00-00-0C-12-B1-CF Microsoft ipconfig /all

Manufacturers of network interface adaptor cards 'burn' a MAC address into the memory of the chips on

every card they produce. The pattern of bits in the first set of 24 bits of the MAC address is assigned to a

specific vendor. Cisco was assigned the hexadecimal prefix '00000C' to use on their first set of network

interface adaptors.

In the case of the protocols specified in the IEEE's 802.x series of documents, the first 24 bits of a MAC

address identify the vendor-manufacturer of the network interface card and the last 24 bits identify the card

itself, or more precisely, the last 24 bits identifies the specific host the network inteface card is attached to.

The 24 bits used to identify a host allows for up to 16.7 million unique card addresses on one network. Since

there are more than 16.7 million computers in the world, this clearly isn't enough addresses for every

computer on earth, is it?

Duplicate MAC Addresses

Manufacturers re-use MAC addresses and they ship cards with duplicate addresses to different parts of the

United States or the World so that there is only a very small chance two computers with network cards with

the same MAC address will end up on the same network.

MAC addresses are 'burned' into the Network Interface Card (NIC), and cannot be changed. See ARP and

RARP on how IP addresses are tranlated into MAC addresses and vice versa.

In order for a network device to be able to communicate, the MAC address it is using must be unique. No

other device on that local network subnet can use that MAC address. If two devices have the same MAC

address (which occurs more often than network administrators would like), neither computer can

communicate properly. On an Ethernet LAN, this will cause a high number of collisions. Duplicate MAC

addresses on the same LAN are a problem. Duplicate MAC addresses separated by one or more routers is not

a problem since the two devices won't see each other and will use the router to communicate.

MAC Frame Format

Since there are various types of Network Interfaces (Ethernet, Token Ring, FDDI etc.) the MAC frame

format differs by protocol according to its design. However most will have at a minimum the following

fields:

The MAC protocol encapsulates a SDU (payload data) by adding a 14 byte header (Protocol Control

Information (PCI)) before the data and appending a 4-byte (32-bit) Cyclic Redundancy Check (CRC) after

the data. The entire frame is preceded by a small idle period (the minimum inter-frame gap, 9.6 microsecond

(µS)) and a 8 byte preamble (including the start of frame delimiter).

MAC encapsulation of a packet of data

Header

The header consists of three parts:

A 6-byte destination address, which specifies either a single recipient node (unicast mode), a group

of recipient nodes (multicast mode), or the set of all recipient nodes (broadcast mode).

A 6-byte source address, which is set to the sender's globally unique node address. This may be used

by the network layer protocol to identify the sender, but usually other mechanisms are used (e.g.

arp). Its main function is to allow address learning which may be used to configure the filter tables in

a bridge.

A 2-byte type field, which provides a Service Access Point (SAP) to identify the type of protocol

being carried

MAC Control Field or type

The MAC control field contains all information used for flow control, connection establishment and

teardown as well as error control. Not all protocols provide for establishment/teardown, flow control and

error recovery. The content of this field is dependent upon the specified standards for that particular data link

layer protocol (Ethernet, Token Ring, FDDI etc.)

DESTINATION / SOURCE MAC Fields

The source MAC address field contains the MAC address of the source machine--the transmitting device

(since some computers with MAC addresses aren't called computers--cell phones have MAC addresses), and

the destination device is the receiver. The destination MAC is closer to the 'front' (left side in the diagram) of

the frame for easier scanning, mostly because it is the destination device that is important as that is the device

we are trying to reach.

When the receiver responds to the frame, it will use the source address to generate the destination portion of

the frame it sends out. In other words, the source MAC in the frame received becomes the destination MAC

in the frame transmitted as a response.

LLC PDU Field

When talking about network communication protocols such as Ethernet or FDDI or Token Ring, they are

described as being Physical and Data Link layer protocols--they perform functions that are said to be

Physical and Data Link Layer functions as listed in the OSI Model of networking. For Ethernet and Token

Ring the Data Link layer is described as being broken into two sub-layers, the MAC sublayer (for the MAC

address and Media Access Control functions) and the Logical Link Control sublayer LLC.

The Logical Link Control Packet Data Unit field (LLC PDU) contains data from the from the LLC sub-layer

of the data link layer protocol (eg. Ethernet, FDDI, Token Ring etc.). The LLC information is used to keep

track of which piece of data is sent to which IP address and application. For example, the LLC information

helps a web browser keep track of which data being received is part of an image in a web page, and which

data is the text in the body of the web page itself.

CRC Checksum Field

The final field in an Ethernet MAC frame is called a 'checksum' that is the product of a Cyclic Redundancy

Check (CRC check). A CRC check is a mathematical forumula that uses the data as input and produces a

numeric result that is almost as unique as the input data. Using the CRC checksum value it is possible to

verify the the integrity of the frame. Before transmitting the frame, the source computer calculates the

checksum and places the checksum value in this field. The receiving computer looks at the same data in the

frame and also calculates the checksum. If the CRC it calculates is different from the CRC checksum in the

CRC checksum field, the CRC check has failed. Frames that fail this checksum test are discarded because

there is a near certainty that the frame is damaged.

A 32-bit CRC provides error detection in the case where line errors (or transmission collisions in Ethernet)

result in corruption of the MAC frame. Any frame with an invalid CRC is discarded by the MAC receiver

without further processing. The MAC protocol does not provide any indication that a frame has been

discarded due to an invalid CRC.

The link layer CRC therefore protects the frame from corruption while being transmitted over the physical

mediuym (cable). A new CRC is added if the packet is forwarded by the router on another Ethernet link.

While the packet is being processed by the router the packet data is not protected by the CRC. Router

processing errors must be detected by network or transport-layer checksums.

A Network Interface H/W

A network interface unit (NIU) (sometimes called a network interface device) is a device that serves as a

common interface for various other devices within a local area network (LAN), or as an interface to allow

networked computers to connect to an outside network. The NIU enables communication between devices

that use different protocols by supplying a common transmission protocol, which may be used instead of the

devices' own protocols, or may be used to convert the specific device protocol to the common one. To enable

an interface between a LAN and another network, the NIU converts protocols and associated code and acts

as a buffer between the connected hardware. A network interface card (NIC) is a type of NIU.

Types of NIC Cards

NIC is an acronym for Network Interface Card or Network Interface Controller. However, a NIC is actually

referred to as a network adapter by most of the population. A NIC is an expansion card, a hardware device

attached to a non-portable computer (like a desktop) allowing that computer some new ability. As an

expansion card, the NIC specifically allows a computer the ability to connect to a network (such as Ethernet

or Wi-FI).

Function

NIC cards serve as conduits between a computer and a network (like Internet). They translate the data on the

computer into a form that is transferrable via a network cable and control the data as it is sent to other

devices on the network.

Configuration Types

There are three different types of NIC arrangements, or configurations: jumper, software and the newest

technology, Plug-and-Play (PnP).

Jumper Configurable NIC Cards

Jumper configurable NIC cards are efficient and easy to use for older equipment. They have physical

jumpers (small devices that control computer hardware without the need for software) that determine settings

for the interrupt request line, input/output address, upper memory block and type of transceiver.

Software Configurable NIC Cards

Software configurable NIC must be manually configured when installed, but contain a proprietary software

program that allows the operator to configure the NIC via a menu, or choose the auto configuration mode

that determines what configuration is most suitable.

Plug-and-Play Configurable NIC Cards

Most NICs today use the PnP technology as it does not have to be manually configured, though it can be.

PnP NICs will auto-configure upon installation during the system boot-up sequence, but can cause conflicts

with the hard drive.

Virtual Network Adapters

Certain types of network adapters have no hardware component but rather consist of software only. These are

often called virtual adapters in contrast to a physical adapter. Virtual adapters are commonly found in

virtual private networks (VPNs). A virtual adapter may also be used with research computers or IT business

servers that run virtual machine technology.

OSI model

The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection

effort at the International Organization for Standardization. It is a way of sub-dividing a communications

system into smaller parts called layers. A layer is a collection of conceptually similar functions that provide

services to the layer above it and receives services from the layer below it. On each layer an instance

provides services to the instances at the layer above and requests service from the layer below.

History

In 1978, work on a layered model of network architecture was started and the International Organization for

Standardization (ISO) began to develop its OSI framework architecture. OSI has two major components: an

abstract model of networking, called the Basic Reference Model or seven-layer model, and a set of specific

protocols.

Data unit Layer Function

Host layers

Data

7. Application Network process to application

6. Presentation Data representation, encryption and decryption, convert

machine dependent data to machine independent data

5. Session Interhost communication

Segments 4. Transport End-to-end connections and reliability, flow control

Media layers

Packet 3. Network Path determination and logical addressing

Frame 2. Data Link Physical addressing

Bit 1. Physical Media, signal and binary transmission

Advantages of Layered Approach

The layered approach to network communications provides the following benefits:

• reduced complexity

• improved teaching and learning

• modular engineering

• accelerated evolution

• interoperable technology

• standard interfaces

As the information to be sent descends through the layers of a system it looks less and less like human

language and more and more like the 1s and 0s that a computer understands.

Layer 1: Physical Layer

The physical layer is concerned with the interface to the transmission medium. At the physical layer, data is

transmitted onto the medium (e.g. coaxial cable or optical fiber) as a stream of bits. So, the physical layer is

concerned, not with networking protocols, but with the transmission media on the network. The physical

layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining,

and deactivating the physical link between end systems. This layer puts 1's & 0's onto the wire.

Characteristics specified by the physical layer include

• voltage levels

• timing of voltage changes

• physical data rates

• maximum transmission distances

• physical connectors

To understand the function of the Physical Layer, contrast it with the functions of the Data Link Layer. Think

of the Physical Layer as concerned primarily with the interaction of a single device with a medium, whereas

the Data Link Layer is concerned more with the interactions of multiple devices (i.e., at least two) with a

shared medium.

The major functions and services performed by the Physical Layer are:

Establishment and termination of a connection to a communications medium.

Participation in the process whereby the communication resources are effectively shared among

multiple users. For example, contention resolution and flow control.

Modulation, or conversion between the representation of digital data in user equipment and the

corresponding signals transmitted over a communications channel. These are signals operating over

the physical cabling (such as copper and optical fiber) or over a radio link.

Devices:-

Hubs, FDDI Hardware, Fast Ethernet, Token Ring Hardware.

Layer 2: Data Link Layer

The Data Link Layer provides the functional and procedural means to transfer data between network entities

and to detect and possibly correct errors that may occur in the Physical Layer. Originally, this layer was

intended for point-to-point and point-to-multipoint media, characteristic of wide area media in the telephone

system.

This layer is responsible for providing reliable transit of data across a physical link. The data-link layer is

concerned with

• physical addressing; Bridges, Transparent Bridges, Layer 2 Switches

• network topology; CDP

• line discipline (how end systems will use the network link)

• error notification

• ordered delivery of frames

• flow control

• Frame Relay, PPP, SDLC, X.25, 802.3, 802.3, 802.5/Token Ring, FDDI.

At the data-link layer, the bits that come up from the physical layer are formed into data frames, using any of

a variety of data-link protocols. Frames consist of fields, containing bits.

The data-link layer is subdivided into two sub layers:

• the logical link control (LLC) sub layer

• the media access control (MAC) sub layer

Layer 3: Network Layer

The Network Layer provides the functional and procedural means of transferring variable length data

sequences from a source host on one network to a destination host on a different network, while maintaining

the quality of service requested by the Transport Layer (in contrast to the data link layer which connects

hosts within the same network). The Network Layer performs network routing functions, and might also

perform fragmentation and reassembly, and report delivery errors. Routers operate at this layer—sending

data throughout the extended network and making the Internet possible. This is a logical addressing scheme –

values are chosen by the network engineer. The addressing scheme is not hierarchical.

Careful analysis of the Network Layer indicated that the Network Layer could have at least three sublayers:

1. Subnetwork Access - that considers protocols that deal with the interface to networks, such as X.25;

2. Subnetwork Dependent Convergence - when it is necessary to bring the level of a transit network up

to the level of networks on either side;

3. Subnetwork Independent Convergence - which handles transfer across multiple networks.

The network layer is the domain of routing. Routing protocols select optimal paths through the series of

interconnected networks. Network layer protocols then move information along these paths.

One of the functions of the network layer is "path determination". Path determination enables the router to

evaluate all available paths to a destination and determine which to use. It can also establish the preferred

way to handle a packet. After the router determines which path to use it can proceed with switching the

packet. It takes the packet it has accepted on one interface and forwards it to another interface or port that

reflects the best path to the packet's destination.

Devices:-

IP, IPX, Routers, Routing Protocols (RIP, IGRP, OSPF, BGP etc), ARP, RARP, ICMP.

Layer 4: Transport Layer

The Transport Layer provides transparent transfer of data between end users, providing reliable data transfer

services to the upper layers. The Transport Layer controls the reliability of a given link through flow control,

segmentation/desegmentation, and error control. Some protocols are state and connection oriented. This

means that the Transport Layer can keep track of the segments and retransmit those that fail. The Transport

layer also provides the acknowledgement of the successful data transmission and sends the next data if no

errors occurred.

You can think of the transport layer of the OSI model as a boundary between the upper and lower protocols.

The transport layer provides a data transport service that shields the upper layers from transport

implementation issues such as the reliability of a connection. The transport layer provides mechanisms for:-

• multiplexing upper layer applications

• the establishment, maintenance, and orderly termination of virtual circuits

• information flow control

• transport fault detection and recovery

Although not developed under the OSI Reference Model and not strictly conforming to the OSI definition of

the Transport Layer, typical examples of Layer 4 are the Transmission Control Protocol (TCP) and User

Datagram Protocol (UDP).

Devices:-

TCP, UDP, SPX and Sliding Windows.

Layer 5: Session Layer

The Session Layer controls the dialogues (connections) between computers. It establishes, manages and

terminates the connections between the local and remote application. It provides for full-duplex, half-duplex,

or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures.

Half-duplex conversations require a good deal of session layer control, because the start and end of each

transmission need to be monitored. Most networks are of course capable of full-duplex transmission, but in

fact many conversations are in practice half-duplex.

The OSI model made this layer responsible for graceful close of sessions, which is a property of the

Transmission Control Protocol, and also for session checkpointing and recovery, which is not usually used in

the Internet Protocol Suite. The Session Layer is commonly implemented explicitly in application

environments that use remote procedure calls.

Devices:-

Some examples of session layer protocols and interfaces are:

• Concurrent database access

• Remote Procedure Call (RPC)

• NetBIOS Names

• AppleTalk Session Protocol (ASP)

• Digital Network Architecture

Layer 6: Presentation Layer

The Presentation Layer establishes context between Application Layer entities, in which the higher-layer

entities may use different syntax and semantics if the presentation service provides a mapping between them.

If a mapping is available, presentation service data units are encapsulated into session protocol data units,

and passed down the stack.

This layer provides independence from data representation (e.g., encryption) by translating between

application and network formats. The presentation layer transforms data into the form that the application

accepts. This layer formats and encrypts data to be sent across a network. It is sometimes called the syntax

layer.

It provides a common format for transmitting data across various systems, so that data can be understood,

regardless of the types of machines involved. The presentation layer concerns itself not only with the format

and representation of actual user data, but also with data structure used by programs. Therefore, the

presentation layer negotiates data transfer syntax for the application layer.

Devices:-

• Encryption

• EBCDIC and ASCII

• GIF & JPEG

The original presentation structure used the basic encoding rules of Abstract Syntax Notation One (ASN.1),

with capabilities such as converting an EBCDIC-coded text file to an ASCII-coded file, or serialization of

objects and other data structures from and to XML.

Layer 7: Application Layer

The Application Layer is the OSI layer closest to the end user, which means that both the OSI application

layer and the user interact directly with the software application. This layer interacts with software

applications that implement a communicating component. Such application programs fall outside the scope

of the OSI model. Application layer functions typically include identifying communication partners,

determining resource availability, and synchronizing communication. When identifying communication

partners, the application layer determines the identity and availability of communication partners for an

application with data to transmit. When determining resource availability, the application layer must decide

whether sufficient network or the requested communication exist. In synchronizing communication, all

communication between applications requires cooperation that is managed by the application layer.

It's services are often part of the application process. Main functions are:-

• identifies and establishes the availability of the intended communication partner.

• synchronizes the sending and receiving applications.

• establishes agreement on procedures for error recovery and control of data integrity.

• determines whether sufficient resources for the intended communications exist.

Some examples of application layer implementations include:

On OSI stack:

o FTAM File Transfer and Access Management Protocol

o X.400 Mail

o Common management information protocol (CMIP)

On TCP/IP stack:

o Hypertext Transfer Protocol (HTTP),

o File Transfer Protocol (FTP),

o Simple Mail Transfer Protocol (SMTP)

o Simple Network Management Protocol (SNMP)

Devices:-

• Browsers

• Search engines

• E-mail programs

• Newsgroup and chat programs

• Transaction services

• Audio/video conferencing

• Telnet

• SNMP

TCP/IP Architecture and the TCP/IP Model:

TCP/IP Model Layers

The TCP/IP model uses four layers that logically span the equivalent of the top six layers of the OSI

reference model; this is shown in Figure 20. (The physical layer is not covered by the TCP/IP model because

the data link layer is considered the point at which the interface occurs between the TCP/IP stack and the

underlying networking hardware.) The following are the TCP/IP model layers, starting from the bottom.

The TCP/IP architectural model has four layers that approximately match six of the seven layers in the OSI

Reference Model. The TCP/IP model does not address the physical layer, which is where hardware devices

reside. The next three layers—network interface, internet and (host-to-host) transport—correspond to layers

2, 3 and 4 of the OSI model. The TCP/IP application layer conceptually ―blurs‖ the top three OSI layers. It’s

also worth noting that some people consider certain aspects of the OSI session layer to be arguably part of

the TCP/IP host-to-host transport layer.

Figure 20: OSI Reference Model and TCP/IP Model Layers

Network Interface Layer

As its name suggests, this layer represents the place where the actual TCP/IP protocols running at higher

layers interface to the local network. This layer is somewhat ―controversial‖ in that some people don't even

consider it a ―legitimate‖ part of TCP/IP. This is usually because none of the core IP protocols run at this

layer. Despite this, the network interface layer is part of the architecture. It is equivalent to the data link layer

(layer two) in the OSI Reference Model and is also sometimes called the link layer. You may also see the

name network access layer.

On many TCP/IP networks, there is no TCP/IP protocol running at all on this layer, because it is simply not

needed. For example, if you run TCP/IP over an Ethernet, then Ethernet handles layer two (and layer one)

functions. However, the TCP/IP standards do define protocols for TCP/IP networks that do not have their

own layer two implementation. These protocols, the Serial Line Internet Protocol (SLIP) and the Point-to-

Point Protocol (PPP), serve to fill the gap between the network layer and the physical layer. They are

commonly used to facilitate TCP/IP over direct serial line connections (such as dial-up telephone

networking) and other technologies that operate directly at the physical layer.

Internet Layer

This layer corresponds to the network layer in the OSI Reference Model (and for that reason is sometimes

called the network layer even in TCP/IP model discussions). It is responsible for typical layer three jobs,

such as logical device addressing, data packaging, manipulation and delivery, and last but not least, routing.

At this layer we find the Internet Protocol (IP), arguably the heart of TCP/IP, as well as support protocols

such as ICMP and the routing protocols (RIP, OSFP, BGP, etc.) The new version of IP, called IP version 6,

will be used for the Internet of the future and is of course also at this layer.

(Host-to-Host) Transport Layer

This primary job of this layer is to facilitate end-to-end communication over an internetwork. It is in charge

of allowing logical connections to be made between devices to allow data to be sent either unreliably (with

no guarantee that it gets there) or reliably (where the protocol keeps track of the data sent and received to

make sure it arrives, and re-sends it if necessary). It is also here that identification of the specific source and

destination application process is accomplished

The formal name of this layer is often shortened to just the transport layer; the key TCP/IP protocols at this

layer are the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The TCP/IP

transport layer corresponds to the layer of the same name in the OSI model (layer four) but includes certain

elements that are arguably part of the OSI session layer. For example, TCP establishes a connection that can

persist for a long period of time, which some people say makes a TCP connection more like a session.

Application Layer

This is the highest layer in the TCP/IP model. It is a rather broad layer, encompassing layers five through

seven in the OSI model. While this seems to represent a loss of detail compared to the OSI model, I think this

is probably a good thing! The TCP/IP model better reflects the ―blurry‖ nature of the divisions between the

functions of the higher layers in the OSI model, which in practical terms often seem rather arbitrary. It really

is hard to separate some protocols in terms of which of layers five, six or seven they encompass. (I didn't

even bother to try in this Guide which is why the higher-level protocols are all in the same chapter, while

layers one through four have their protocols listed separately.)

Numerous protocols reside at the application layer. These include application protocols such as HTTP, FTP

and SMTP for providing end-user services, as well as administrative protocols like SNMP, DHCP and DNS.

The Microsoft Network Model:

Microsoft has developed an informal network model that is discussed in the Microsoft books and training

materials. This informal model is never clearly stated. This model can be beneficial to people setting up local

area networks (LANs) that are predominately using one of the operating systems in the Microsoft product

line. The Microsoft network model attempts to simplify many concepts and in some cases this results in an

incomplete and misleading understanding of the material.

Focuses on the Local Area network the core areas that are discussed in Microsoft literature are

Clients and Server

Network Topology

Network Media

Network Protocols

Network Devices (Hubs and routers) are placed outside of the core areas. Network devices are discussed in a

section on "Expanding your network". This omission is probably because of the models emphasis on

simplicity. As a result of not having a category for network devices, network cards are grouped along with

the network media.

Microsoft Model Overview

Before Windows NT 3.1 was released, users had to obtain the TCP/IP protocol suite from a third party, and

then install it. This was necessary for users to connect to the network, which in turn usually resulted in a

number of issues. When it came to network communication, the TCP/IP software which was obtained and

installed often functioned differently to that of the particular operating system.

With the release of Windows NT 3.1, TCP/IP was included as a component of the operating system. Because

of TCP/IP being built into the operating system, integration existed between networking functionality in the

OS.

The Microsoft model modularily defines hardware and software; and the actual connections between these

components that enable networking. The Microsoft model provides a standard platform for application

developers and programmers that enable developers to use standard

interfaces that provide specific functionality which they can use to

develop applications. The Microsoft model is therefore mainly

utilized by application developers and programmers.

The advantages of using the Microsoft model are:

Decreased application development time

Common interfaces are provided for users

Simplifies application usage.

Understanding Boundary Layers

Boundary layers are interfaces which exist at the boundaries of functionality. By interacting between the

layer above and beneath it, the boundary layers actually provide the interfaces between layers.

The Boundary layers defined in the Microsoft model are:

Network Driver Interface Specification (NDIS) Boundary layer: The Network Driver Interface

Specification (NDIS) Boundary layer relates to the Network Interface layer of the DoD model, and

the Data-link layer of the OSI model. The NDIS Boundary layer therefore functions at the bottom of

the stack. The NDIS Boundary layer provides the following:

o Standard functions which enable transport protocols to utilize any network device driver

which works at this layer.

o Programming flexibility and reliability to developers

Transport Driver Interface Boundary (TDI) Boundary layer: This is the gateway between the

Transport layer and the Session layer in the OSI model. It provides the interface which developers

can utilize to access functions of the Transport layer, and functions at the Session layer of the OSI

model.

Application Program Interface Boundary (API) Boundary layer: This is the interface that enables

developers to access Application layer protocols, including:

o Domain Name Service (DNS)

o Dynamic Host Configuration Protocol (DHCP)

o Windows Internet Name Service (WINS)

The components that perform functions at the lower layers include

o Windows Sockets (WinSock)

o Messaging APIs

o NetBIOS

o Telephony

Understanding Component Layers

The Component layers provide the following functionality

Network Transport Protocols: The network transport protocols enable applications to transmit and

receive data across the network. Common network transport protocols include:

o TCP/IP

o ATM

o Internet Packet Exchange/Sequenced Packet Exchange (IPX/SPX)

o NetBEUI

o AppleTalk

o Infrared Data Association (IrDA)

o SNA

NDIS Wrapper: The NDIS wrapper is implemented via the ndis.sys file. This is the software code

that encircles the NDIS device drivers. The NDIS wrapper is a library of common NDIS functions

which both the MAC protocols and TCP/IP can utilize. The NDIS wrapper assists in reducing

platform dependencies when network interface devices are developed.

File System Drivers: The file system drivers function at the Presentation layer and Session layer of

the OSI model, and include the:

o Redirector: Requests to access a shared file is sent to the Redirector. The Redirector then

chooses the proper Transport layer protocol.

o Server service: Requests to access a local file are sent to the Server service, which then

provides the access to the local file.

Applications and User Mode Services: APIs provide access to the lower transport protocols:

o WinSock API: The WinSock API provides standardized access to datagram and session

services over:

TCP/IP

IPX/SPX

AppleTalk

The WinSock API enables applications to communicate with the lower layers.

o Telephony API (TAPI): TAPI provide the standardized interface to network protocols for

different telephony applications.

o Messaging API (MAPI): MAPI enables applications to interface with messaging services

through one interface.

o NetBIOS API: The NetBIOS API is mainly supported in Windows Server 2003 to enable

backward compatibility.

UNIT – II

Transport Layer

The Transport Layer's responsibilities include end-to-end message transfer capabilities independent of the

underlying network, along with error control, segmentation, flow control, congestion control, and application

addressing (port numbers). End to end message transmission or connecting applications at the transport layer

can be categorized as either connection-oriented, implemented in Transmission Control Protocol (TCP), or

connectionless, implemented in User Datagram Protocol (UDP).

It is also here that identification of the specific source and destination application process is accomplished

The Transport Layer can be thought of as a transport mechanism, e.g., a vehicle with the responsibility to

make sure that its contents (passengers/goods) reach their destination safely and soundly, unless another

protocol layer is responsible for safe delivery.

The Transport Layer provides this service of connecting applications through the use of service ports. Since

IP provides only a best effort delivery, the Transport Layer is the first layer of the TCP/IP stack to offer

reliability. IP can run over a reliable data link protocol such as the High-Level Data Link Control (HDLC).

Protocols above transport, such as RPC, also can provide reliability.

For example, the Transmission Control Protocol (TCP) is a connection-oriented protocol that addresses

numerous reliability issues to provide a reliable byte stream:

data arrives in-order

data has minimal error (i.e. correctness)

duplicate data is discarded

lost/discarded packets are resent

includes traffic congestion control

The newer Stream Control Transmission Protocol (SCTP) is also a reliable, connection-oriented transport

mechanism. It is Message-stream-oriented — not byte-stream-oriented like TCP — and provides multiple

streams multiplexed over a single connection. It also provides multi-homing support, in which a connection

end can be represented by multiple IP addresses (representing multiple physical interfaces), such that if one

fails, the connection is not interrupted. It was developed initially for telephony applications (to transport SS7

over IP), but can also be used for other applications.

User Datagram Protocol is a connectionless datagram protocol. Like IP, it is a best effort, "unreliable"

protocol. Reliability is addressed through error detection using a weak checksum algorithm. UDP is typically

used for applications such as streaming media (audio, video, Voice over IP etc) where on-time arrival is more

important than reliability, or for simple query/response applications like DNS lookups, where the overhead

of setting up a reliable connection is disproportionately large. Real-time Transport Protocol (RTP) is a

datagram protocol that is designed for real-time data such as streaming audio and video.

TCP and UDP are used to carry an assortment of higher-level applications. The appropriate transport

protocol is chosen based on the higher-layer protocol application. For example, the File Transfer Protocol

expects a reliable connection, but the Network File System (NFS) assumes that the subordinate Remote

Procedure Call protocol, not transport, will guarantee reliable transfer. Other applications, such as VoIP, can

tolerate some loss of packets, but not the reordering or delay that could be caused by retransmission.

The applications at any given network address are distinguished by their TCP or UDP port. By convention

certain well known ports are associated with specific applications. (See List of TCP and UDP port numbers.)

Transmission Control Protocol:

The Transmission Control Protocol (TCP) is one of the core protocols of the Internet Protocol Suite. TCP

is one of the two original components of the suite, complementing the Internet Protocol (IP), and therefore

the entire suite is commonly referred to as TCP/IP. TCP provides the service of exchanging data directly

between two hosts on the same network, whereas IP handles addressing and routing message across one or

more networks. In particular, TCP provides reliable, ordered delivery of a stream of bytes from a program on

one computer to another program on another computer. TCP is the protocol that major Internet applications

rely on, applications such as the World Wide Web, e-mail, and file transfer. Other applications, which do not

require reliable data stream service, may use the User Datagram Protocol (UDP) which provides a datagram

service that emphasizes reduced latency over reliability.

The characteristics of TCP protocol

TCP (which means Transmission Control Protocol) is one of the main protocols of the transport layer of the

TCP/IP model. It makes it possible, at application level, to manage data coming from (or going to) the lower

layer of the model (i.e. the IP protocol). When data is provided to the IP protocol, it encapsulates them in IP

datagrams, by fixing the protocol field to 6 (so that it knows in advance that the protocol is TCP...). TCP is a

connection orientated protocol, i.e. it enables two machines which are communicating to control the status of

the transmission.

The main characteristics of the TCP protocol are as follows:

TCP makes it possible to put datagrams back in order when coming from the IP protocol

TCP enables the data flow to be monitored so as to avoid network saturation

TCP allows data to be formed in variable length segments in order to "return" them to the IP protocol

TCP makes it possible to multiplex data, i.e. so that information coming from distinct sources

(applications for example) on the same line can be circulated simultaneously

Finally, TCP allows communication to be courteously started and ended

The aim of TCP

Using the TCP protocol, applications can communicate securely (thanks to the TCP protocol's

acknowledgements system), independently from the lower layers. This means that routers (which work in the

internet layer) only have to route data in the form of datagrams, without being concerned with data

monitoring because this is performed by the transport layer (or more specifically by the TCP protocol).

During a communication using the TCP protocol, the two machines must establish a connection. The

originator machine (the one which requests the connection) is called the client, while the recipient machine is

called the server. So it is said that we are in a Client-Server environment. The machines in such an

environment communicate in online mode, i.e. the communication takes place in both directions.

To enable the communication and all the controls which accompany it to operate well, the data is

encapsulated, i.e. a header is added to data packets which will enable the transmissions to be synchronised

and ensure their reception.

Another feature of TCP is the ability to control the data speed using its capability to issue variably sized

messages, these messages are called segments.

TCP segment structure:

Transmission Control Protocol accepts data from a data stream, 'segments' it into chunks, and adds a TCP

header creating a TCP segment. The TCP segment is then encapsulated into an IP packet. A TCP segment is

"the packet of information that TCP uses to exchange data with its peers."

Note that the term TCP packet is now used interchangeably with the term TCP segment. Although in the

original RFC segment usually referred to the TCP unit of data, datagram to the IP unit and packet to the data

communications network unit:

Processes transmit data by calling on the TCP and passing buffers of data as arguments. The TCP packages

the data from these buffers into segments and calls on the internet module [e.g. IP] to transmit each segment

to the destination TCP.

A TCP segment consists of a segment header and a data section. The TCP header contains 10 mandatory

fields, and an optional extension field (Options, pink background in table).

The data section follows the header. Its contents are the payload data carried for the application. The length

of the data section is not specified in the TCP segment header. It can be calculated by subtracting the

combined length of the TCP header and the encapsulating IP segment header from the total IP segment

length (specified in the IP segment header).

TCP Header

Bit offset 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

0 Source port Destination port

32 Sequence number

64 Acknowledgment number

96 Data offset Reserved C W

R

E C

E

U R

G

A C

K

P S

H

R S

T

S Y

N

F I

N Window Size

128 Checksum Urgent pointer

160 ...

Options (if Data Offset > 5)

...

Meanings of the different fields:

Source port (16 bits) – identifies the sending port

Destination port (16 bits) – identifies the receiving port

Sequence number (32 bits) – has a dual role:

If the SYN flag is set, then this is the initial sequence number. The sequence number of the

actual first data byte (and the acknowledged number in the corresponding ACK) are then this

sequence number plus 1.

If the SYN flag is clear, then this is the accumulated sequence number of the first data byte

of this packet for the current session.

Acknowledgment number (32 bits) – if the ACK flag is set then the value of this field is the next

sequence number that the receiver is expecting. This acknowledges receipt of all prior bytes (if any).

The first ACK sent by each end acknowledges the other end's initial sequence number itself, but no

data.

Data offset (4 bits) – specifies the size of the TCP header in 32-bit words. The minimum size header

is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of

60 bytes, allowing for up to 40 bytes of options in the header. This field gets its name from the fact

that it is also the offset from the start of the TCP segment to the actual data.

Reserved (4 bits) – for future use and should be set to zero

Flags (8 bits) (aka Control bits) – contains 8 1-bit flags

CWR (1 bit) – Congestion Window Reduced (CWR) flag is set by the sending host to

indicate that it received a TCP segment with the ECE flag set and had responded in

congestion control mechanism (added to header by RFC 3168).

ECE (1 bit) – ECN-Echo indicates

If the SYN flag is set, that the TCP peer is ECN capable.

If the SYN flag is clear, that a packet with Congestion Experienced flag in IP header set is

received during normal transmission (added to header by RFC 3168).

URG (1 bit) – indicates that the Urgent pointer field is significant

ACK (1 bit) – indicates that the Acknowledgment field is significant. All packets after the

initial SYN packet sent by the client should have this flag set.

PSH (1 bit) – Push function. Asks to push the buffered data to the receiving application.

RST (1 bit) – Reset the connection

SYN (1 bit) – Synchronize sequence numbers. Only the first packet sent from each end

should have this flag set. Some other flags change meaning based on this flag, and some are

only valid for when it is set, and others when it is clear.

FIN (1 bit) – No more data from sender

Window size (16 bits) – the size of the receive window, which specifies the number of bytes (beyond

the sequence number in the acknowledgment field) that the receiver is currently willing to receive

(see Flow control and Window Scaling)

Checksum (16 bits) – The 16-bit checksum field is used for error-checking of the header and data

Urgent pointer (16 bits) – if the URG flag is set, then this 16-bit field is an offset from the sequence

number indicating the last urgent data byte

Options (Variable 0-320 bits, divisible by 32) – The length of this field is determined by the data

offset field. Options 0 and 1 are a single byte (8 bits) in length. The remaining options indicate the

total length of the option (expressed in bytes) in the second byte. Some options may only be sent

when SYN is set; they are indicated below as [SYN].

0 (8 bits) - End of options list

1 (8 bits) - No operation (NOP, Padding) This may be used to align option fields on 32-bit

boundaries for better performance.

2,4,SS (32 bits) - Maximum segment size (see maximum segment size) [SYN]

3,3,S (24 bits) - Window scale (see window scaling for details) [SYN]

4,2 (16 bits) - Selective Acknowledgement permitted. [SYN] (See selective

acknowledgments for details)

5,N,BBBB,EEEE,... (variable bits, N is either 10, 18, 26, or 34)- Selective ACKnowlegement

(SACK). These first two bytes are followed by a list of 1-4 blocks being selectively

acknowledged, specified as 32-bit begin/end pointers.

8,10,TTTT,EEEE (80 bits)- Timestamp and echo of previous timestamp (see TCP

timestamps for details)

14,3,S (24 bits) - TCP Alternate Checksum Request. [SYN]

15,N,... (variable bits) - TCP Alternate Checksum Data.

(The remaining options are obsolete, experimental, not yet standardized, or unassigned)

Protocol operation

TCP protocol operations may be divided into three phases. Connections must be properly established in a

multi-step handshake process (connection establishment) before entering the data transfer phase. After data

transmission is completed, the connection termination closes established virtual circuits and releases all

allocated resources.

A TCP connection is managed by an operating system through a programming interface that represents the

local end-point for communications, the Internet socket. During the lifetime of a TCP connection it

undergoes a series of state changes:

1. LISTEN : In case of a server, waiting for a connection request from any remote client.

2. SYN-SENT : waiting for the remote peer to send back a TCP segment with the SYN and ACK flags

set. (usually set by TCP clients)

3. SYN-RECEIVED : waiting for the remote peer to send back an acknowledgment after having sent

back a connection acknowledgment to the remote peer. (usually set by TCP servers)

4. ESTABLISHED : the port is ready to receive/send data from/to the remote peer.

5. FIN-WAIT-1

6. FIN-WAIT-2

7. CLOSE-WAIT

8. CLOSING

9. LAST-ACK

10. TIME-WAIT : represents waiting for enough time to pass to be sure the remote peer received the

acknowledgment of its connection termination request. According to RFC 793 a connection can stay

in TIME-WAIT for a maximum of four minutes.

11. CLOSED

The multiplexing function

TCP makes it possible to carry out an important task:

multiplexing/demultiplexing, i.e. to convey data from various

applications on the same line or in other words put information

arriving in parallel into order.

These operations are conducted using the concept of ports (or sockets),

i.e. a number linked to an application type which, when combined with an IP address, makes it possible to

uniquely determine an application which is running on a given machine.

Reliability of transfers

The TCP protocol makes it possible to ensure reliable data transfer, although it uses the IP protocol, which

does not include any monitoring of datagram delivery.

In reality, the TCP protocol has an acknowledgement system enabling

the client and server to ensure mutual receipt of data. When a

segment is issued, a sequence number is linked to it. Upon receipt of

a data segment, the recipient machine will return a data segment

where the ACK flag is set to 1 (in order to signal that it is an

acknowledgement) accompanied by an acknowledgement number

equal to the previous sequence number.

In addition, using a timer which starts upon receipt of a segment at

the level of the originator machine, the segment is resent when the

time allowed has passed, because in this case the originator machine

considers that the segment is lost...

However, if the segment is not lost and it arrives at the destination,

the recipient machine will know, thanks to the sequence number that

it is a duplication and will only retain the last segment arrived at the

destination...

Establishing a connection

Considering that this communication process, which takes place using data transmission and

acknowledgement, is based on a sequence number, the originator and recipient machines (client and server)

must know the initial sequence number of the other machine.

Establishing the connection between two applications is often done according to the following schema:

The TCP ports must be open

The application on the server is passive, i.e. the application is listening, awaiting a connection

The application on the client makes a connection request to the server where the application is

passive open. The application on the client is said to be "active open"

The two machines must then synchronise their sequences using a mechanism commonly called a three ways

handshake that is also found during the closure of the session.

This dialogue makes it possible to start the communication, it takes place in three stages, as its name

indicates:

In the first stage the originator machine (the client) transmits a segment where the SYN flag is set to

1 (to indicate that it is a synchronisation segment), with a sequence number N which is called the

initial sequence number of the client.

In the second stage, the recipient machine (the server) receives the initial segment coming from the

client, then sends it an acknowledgement which is a segment where the ACK flag is set to 1 and the

SYN flag is set to 1 (because it is again a synchronisation). This segment contains the sequence

number of this machine (the server) which is the initial sequence number for the client. The most

important field in this segment is the acknowledgement field which contains the initial sequence

number for the client, incremented by 1.

Finally, the client transmits an acknowledgement which is a segment where the ACK flag is set to 1

and the SYN flag is set to 0 (it is no longer a synchronisation segment). Its sequence number is

incremented and the acknowledgement number represents the initial sequence number for the server

incremented by 1.

Following this sequence involving three exchanges the two machines

are synchronised and communication can begin!

There is a hacking technique, called IP spoofing, which allows this

approval link to be corrupted for malicious purposes!

Sliding window method

In many cases, it is possible to limit the number of acknowledgements, in order to relieve traffic on the

network, by fixing a sequence number at the end of which an acknowledgement is required. This number is

in fact stored in the window field of the TCP/IP header.

This method is effectively called the "sliding window method" because to some extent a range of sequences

is defined that does not need acknowledgements and which moves as acknowledgements are received.

In addition, the size of this window is not fixed. In fact, the server can

include the size of the window which seems most suitable in its

acknowledgements by storing it in the window field. So, when the

acknowledgement indicates a request to increase the window, the client

will move the right border of the window.

Conversely, in the case of a reduction, the client will not move the right border of the window towards the

left but wait for the left border to advance (with the arrival of the acknowledgements).

Ending a connection

The client can request to end a connection in the same way as the server.

Ending a connection is done in the following way:

One of the machines sends a segment with the FIN flag set to 1, and the application puts itself in a

waiting state, i.e. it finishes receiving the current segment and ignores the following ones.

After receipt of this segment, the other machine sends an acknowledgement with the FIN flag set to

1 and continues to send the segments in progress. Following this, the machine informs the

application that a FIN segment has been received, then sends a FIN segment to the other machine,

which closes the connection.

User Datagram Protocol

The User Datagram Protocol (UDP) is one of the core members of the Internet Protocol Suite, the set of

network protocols used for the Internet. With UDP, computer applications can send messages, in this case

referred to as datagrams, to other hosts on an Internet Protocol (IP) network without requiring prior

communications to set up special transmission channels or data paths. The protocol was designed by David

P. Reed in 1980 and formally defined in RFC 768.

UDP uses a simple transmission model without implicit hand-shaking dialogues for providing reliability,

ordering, or data integrity. Thus, UDP provides an unreliable service and datagrams may arrive out of order,

appear duplicated, or go missing without notice. UDP assumes that error checking and correction is either

not necessary or performed in the application, avoiding the overhead of such processing at the network

interface level. Time-sensitive applications often use UDP because dropping packets is preferable to waiting

for delayed packets, which may not be an option in a real-time system. If error correction facilities are

needed at the network interface level, an application may use the Transmission Control Protocol (TCP) or

Stream Control Transmission Protocol (SCTP) which are designed for this purpose.

UDP's stateless nature is also useful for servers answering small queries from huge numbers of clients.

Unlike TCP, UDP is compatible with packet broadcast (sending to all on local network) and multicasting

(send to all subscribers).

Common network applications that use UDP include: the Domain Name System (DNS), streaming media

applications such as IPTV, Voice over IP (VoIP), Trivial File Transfer Protocol (TFTP) and many online

games.

Packet structure

UDP is a minimal message-oriented Transport Layer protocol that is documented in IETF RFC 768.

UDP provides no guarantees to the upper layer protocol for message delivery and the UDP protocol layer

retains no state of UDP messages once sent. For this reason, UDP is sometimes referred to as Unreliable

Datagram Protocol.

UDP provides application multiplexing (via port numbers) and integrity verification (via checksum) of the

header and payload. If transmission reliability is desired, it must be implemented in the user's application.

bits 0 – 15 16 – 31

0 Source Port Number Destination Port Number

32 Length Checksum

64 Data

The UDP header consists of 4 fields, each of which is 2 bytes (16 bits). The use of two of those is optional in

IPv4 (pink background in table). In IPv6 only the source port is optional (see below).

Source port number

This field identifies the sender's port when meaningful and should be assumed to be the port to reply

to if needed. If not used, then it should be zero. If the source host is the client, the port number is

likely to be an ephemeral port number. If the source host is the server, the port number is likely to be

a well-known port number.

Destination port number

This field identifies the receiver's port and is required. Similar to source port number, if the client is

the destination host then the port number will likely be an ephemeral port number and if the

destination host is the server then the port number will likely be a well-known port number.

Length

A field that specifies the length in bytes of the entire datagram: header and data. The minimum

length is 8 bytes since that's the length of the header. The field size sets a theoretical limit of 65,535

bytes (8 byte header + 65,527 bytes of data) for a UDP datagram. The practical limit for the data

length which is imposed by the underlying IPv4 protocol is 65,507 bytes (65,535 − 8 byte UDP

header − 20 byte IP header).

Checksum

The checksum field is used for error-checking of the header and data. If no checksum is generated by

the transmitter, the field uses the value all-zeros. This field is not optional for IPv6.

TCP/IP Application Layer Protocols, Services and Applications

The OSI Reference Model is used to describe the architecture of networking protocols and technologies and

to show how they relate to one another. In the chapter describing the OSI model, I mentioned that its seven

layers could be organized into two layer groupings: the lower layers (1 through 4) and the upper layers (5

through 7). While there are certainly other ways to divide the OSI layers, I feel this split best reflects the

different roles that the layers play in a network.

The lower layers are concerned primarily with the mechanics of formatting, encoding and sending data over

a network; they involve software elements but are often closely associated with networking hardware

devices. In contrast, the upper layers are concerned mainly with user interaction and the implementation of

software applications, protocols and services that let us actually make use of the network. These elements

generally don't need to worry about details, relying on the lower layers to ensure that data gets to where it

needs to go reliably.

In this chapter I describe the details of the many protocols and applications that run on the upper layers in

modern networks and internetworks. The organization of this chapter is quite different than the previous one.

I felt that there was benefit to explaining the technologies in each of the lower layers separately. This is

possible because with a few exceptions, the dividing lines between the lower layers are fairly well-

established, and this helped show how the layers differ.

The upper layers are much more difficult to separate from each other, because there are many technologies

and applications that implement more than one of layers 5 through 7. Furthermore, even differentiating

between these layers becomes less important near the top of the networking stack. In fact, the TCP/IP

protocol suite uses an architecture that lumps all the higher layers together anyway.

For these reasons, this chapter is divided functionally and not by layer. It contains four different sections that

cover distinct higher-layer protocol and application areas. The first discusses naming system, especially the

TCP/IP Domain Name System. The second overviews file and resource sharing protocols, with a focus on

the Network File System. The third covers network configuration and management protocols, which includes

the host configuration protocols BOOTP and DHCP. The last and largest section covers end-user

applications and application protocols, including general file transfer, electronic mail, Usenet, the World

Wide Web, interactive protocols (such as Telnet) and administration utilities.

NetBIOS over TCP/IP

NetBIOS over TCP/IP (NBT, or sometimes NetBT) is a networking protocol that allows legacy computer

applications relying on the NetBIOS API to be used on modern TCP/IP networks.

NetBIOS was developed in the early 1980s, targeting very small networks (about a dozen computers). Some

applications still use NetBIOS, and do not scale well in today's networks of hundreds of computers when

NetBIOS is run over NBF. When properly configured, NBT allows those applications to be run on large

TCP/IP networks (including the whole Internet, although that is likely to be subject to security problems)

without change.

NetBIOS Names

NetBIOS names are used to identify machines and workgroups and form the key building blocks of the NBT

system. The names are limited to sixteen characters that are always in upper case.

The sixteenth character of a NetBIOS name is used to indicate the type of service the name refers to. A

Windows machine will thus own several names that vary only by their sixteenth character.

NetBIOS names are usually encoded into a special 32 character format which makes them un-readable unless

they are decoded.

There are four separate services that are used to implement Windows networking.

KFSensor emulates each one of these as described in the following sections.

Service Port Description

NetBIOS

Name Service

(NBNS)

UDP 137 NBNS is also known as Windows Internet Name Service (WINS).

The job of NBNS is to match IP addresses with NetBIOS names and allow

queries to be made of the matches. The name service is usually the first service

that will be attacked. A visitor will need the information it can provide to begin a

session on the other services.

NetBIOS

Datagram

UDP 138 The Datagram service is used receive broadcasts of SMB packets via UDP.

This service receives a lot of legitimate traffic from other Windows machines on

the LAN as they broadcast their names and services. It is rare for an attacker to

use this service, unless they are trying to add their machine to the windows

network.

NetBIOS

Session

Service

TCP 139 The Session Service is used to handle NBT sessions. NBT sessions are a light

weight protocol used to contain an SMB session. The SMB protocol and sessions

based on it are used to provide the complex functionality of the services

supported by Window's networking; such as file and print sharing.

This is the service that attackers will be most interested in.

SMB Direct TCP 445 In Windows 2000 Microsoft introduced an implementation of SMB that does not

need NBT to communicate.

This service is in practice the same as the NetBIOS Session Service, but without

the additional NBT protocol around the SMB session. The SMB Direct is not

supported in older Windows versions. The older hacker tools do not target this

service, instead they go for the NetBIOS Session Service.

Windows Internet Name Service

Introduction to WINS

Windows Internet Name Service (WINS) is the Windows implementation of a NetBIOS name server

(NBNS), which provides a distributed database for registering and querying dynamic mappings of NetBIOS

names to IPv4 addresses used on your network. WINS is designed to provide NetBIOS name resolution in

routed TCP/IP networks with multiple subnets. Without WINS, you must maintain Lmhosts files.

Before two hosts that use NetBIOS over TCP/IP (NetBT) can communicate, the destination NetBIOS name

must be resolved to an IPv4 address. TCP/IP cannot establish communication using a NetBIOS computer

name. The basic procedure for WINS-based NetBIOS name resolution is the following:

1. Each time a WINS client starts, it registers its NetBIOS name-to-IPv4 address mappings with a

configured WINS server.

2. When a NetBIOS application running on a WINS client initiates communication with another host,

NetBT sends a NetBIOS Name Query Request message with the destination NetBIOS name directly

to the WINS server, instead of broadcasting it on the local network.

3. If the WINS server finds a NetBIOS name-to-IPv4 address mapping for the queried name in its

database, it returns the corresponding IPv4 address to the WINS client.

Using WINS provides the following advantages:

Client requests for name resolution are sent directly to a WINS server. If the WINS server can

resolve the name, it sends the IPv4 address directly to the client. As a result, a broadcast is not

needed and broadcast traffic is reduced. However, if the WINS server is unavailable or does not have

the appropriate mapping, the WINS client can still use a broadcast in an attempt to resolve the name.

The WINS database is updated dynamically so that it is always current. This process allows

NetBIOS name resolution on networks using DHCP and eliminates the need for local or centralized

Lmhosts files.

WINS provides computer browsing capabilities across subnets and domains. Computer browsing

provides the list of computers in My Network Places.

How WINS Works

The WINS Server service in Windows Server 2003 is an implementation of an NBNS as described in

Requests for Comments (RFCs) 1001 and 1002. WINS clients use a combination of the following processes:

Name registration

Each WINS client is configured with the IPv4 address of a WINS server. When a WINS client starts,

it registers its NetBIOS names and their corresponding IPv4 addresses with its WINS server. The

WINS server stores the client’s NetBIOS name-to-IPv4 address mappings in its database.

Name renewal

All NetBIOS names are registered on a temporary basis so that if the original owner stops using a

name, a different host can use it later. At defined intervals, the WINS client renews the registration

for its NetBIOS names with the WINS server.

Name resolution

A WINS client can obtain the IPv4 addresses for NetBIOS names by querying the WINS server.

Name release

When a NetBIOS application no longer needs a NetBIOS name, such as when a NetBIOS-based

service is shut down, the WINS client sends a message to the WINS server to release the name.

These processes are described in greater detail in the following sections.

All WINS communications between WINS clients and WINS servers use unicast NetBIOS name

management messages over User Datagram Protocol (UDP) port 137, the reserved port for the NetBIOS

Name Service.

Name Registration

When a WINS client initializes, it registers its NetBIOS names by sending a NetBIOS Name Registration

Request message directly to its configured WINS server. NetBIOS names are registered when NetBIOS

services or applications start, such as the Workstation, Server, and Messenger services.

If the NetBIOS name is unique and another WINS client has not already registered the name, the WINS

server sends a positive Name Registration Response message to the WINS client. This message contains the

amount of time, known as the Time to Live (TTL), that the NetBIOS name is registered to the WINS client.

The TTL is configured on the WINS server.

When a Duplicate Name Is Found

If a duplicate unique name is registered in the WINS database, the WINS server sends a challenge to the

currently registered owner of the name as a unicast NetBIOS Name Query Request message. The WINS

server sends the challenge three times at 500-millisecond intervals.

If the current registered owner responds to the challenge successfully, the WINS server sends a negative

Name Registration Response message to the WINS client that is attempting to register the duplicate name. If

the current registered owner does not respond to the WINS server, the server sends a positive Name

Registration Response message to the WINS client that is attempting to register the name and updates its

database with the new owner.

When WINS Servers are Unavailable

A typical WINS client is configured with a primary and a secondary WINS server, although you can

configure more than two WINS servers. A WINS client makes three attempts to register its names with its

primary WINS server. If the third attempt gets no response, the WINS client sends name registration requests

to its secondary WINS server (if configured) and any additional servers that have been configured. If none of

the WINS servers are available, the WINS client uses local broadcasts to register its NetBIOS names.

Name Renewal

To continue using the same NetBIOS name, a client must renew its registration before the TTL it received in

the last positive Name Registration Response message expires. If the client does not renew the registration,

the WINS server removes the NetBIOS name from its database. After that point, other computers cannot

resolve the NetBIOS name to the address of the former owner and another client can register the name for

itself.

Name Refresh Request

Every WINS client attempts to renew its NetBIOS names with its primary WINS server by sending a

NetBIOS Name Refresh message when half of the TTL has elapsed or when the computer or the service

restarts. If the WINS client does not receive a NetBIOS Name Registration Response message, the client

sends another refresh message to its primary WINS server every 10 minutes for one hour. If none of these

attempts is successful, the client then tries the secondary WINS server every 10 minutes for one hour. The

client continues to send refresh messages to the primary server for an hour and then to the secondary server

for an hour until either the name expires or a WINS server responds and renews the name.

If the WINS client succeeds in refreshing its name, the WINS server that responds to the NetBIOS Name

Refresh message resets the renewal interval. If the WINS client fails to refresh the name on either the

primary or secondary WINS server during the renewal interval, the name is released.

Name Refresh Response

When a WINS server receives the NetBIOS Name Refresh message, the server sends the client a positive

Name Registration Response message with a new TTL.

Name Release

When a NetBIOS application running on a WINS client is closed, NetBT instructs the WINS server to

release the unique NetBIOS name used by the application. The WINS server then removes the NetBIOS

name mapping from its database.

The name release process uses the following types of messages:

Name Release Request

The Name Release Request message includes the client’s IPv4 address and the NetBIOS name to be

removed from the WINS database.

Name Release Response

When the WINS server receives the Name Release Request message, the server checks its database

for the specified name. If the WINS server encounters a database error or if a different IPv4 address

maps to the registered name, the server sends a negative Name Release Response message to NetBT

on the WINS client.

Otherwise, the WINS server sends a positive Name Release Response message and then designates

the specified name as inactive in its database. The positive Name Release Response message

contains the released NetBIOS name and a TTL value of 0.

Server Message Block

In computer networking, Server Message Block (SMB), also known as Common Internet File System

(CIFS) operates as an application-layer network protocol mainly used to provide shared access to files,

printers, serial ports, and miscellaneous communications between nodes on a network. It also provides an

authenticated inter-process communication mechanism. Most usage of SMB involves computers running

Microsoft Windows, where it was known as "Microsoft Windows Network" before the subsequent

introduction of Active Directory.

SMB could refer to:

the SMB protocol specification

the "server" and "workstation" services that implement the protocol on Windows

the Samba daemons that implements the protocol on Unix and Unix-like systems

NetBIOS transport used by SMB on legacy versions of Windows

the DCE/RPC services that use SMB as an authenticated inter-process communication channel (over

named pipes)

the "Network Neighborhood" protocols which primarily (but not exclusively) run as datagram

services directly on the NetBIOS transport

Common Internet File System

The Common Internet File System (CIFS) is the standard way that computer users share files across

corporate intranets and the Internet. An enhanced version of the Microsoft open, cross-platform Server

Message Block (SMB) protocol, CIFS is a native file-sharing protocol in Windows 2000.

CIFS defines a series of commands used to pass information between networked computers. The redirector

packages requests meant for remote computers in a CIFS structure. CIFS can be sent over a network to

remote devices. The redirector also uses CIFS to make requests to the protocol stack of the local computer.

The CIFS messages can be broadly classified as follows:

Connection establishment messages consist of commands that start and end a redirector connection

to a shared resource at the server.

Namespace and File Manipulation messages are used by the redirector to gain access to files at the

server and to read and write them.

Printer messages are used by the redirector to send data to a print queue at a server and to get status

information about the print queue.

Miscellaneous messages are used by the redirector to write to mailslots and named pipes.

Some of the platforms that CIFS supports are:

Microsoft Windows 2000, Microsoft® Windows NT®, Microsoft® Windows® 98, Microsoft®

Windows® 95

Microsoft® OS/2 LAN Manager

Microsoft® Windows® for Workgroups

UNIX

VMS

Macintosh

IBM LAN Server

DEC PATHWORKS

Microsoft® LAN Manager for UNIX

3Com 3+Open

MS-Net

CIFS complements Hypertext Transfer Protocol (HTTP) while providing more sophisticated file sharing and

file transfer than older protocols, such as FTP. CIFS is shown servicing a user request for data from a

networked server in Figure.

Figure: CIFS Architecture

When there is a request to open a shared file, the I/O calls the redirector, which in turn requests the redirector

to choose the appropriate transport protocol. For NetBIOS requests, NetBIOS is encapsulated in the IP

protocol and transported over the network to appropriate server. The request is passed up to the server, which

sends data back to satisfy the request.

Components in the redirector provide support for CIFS, such as:

Rdbss.sys

All kernel-level interactions are encapsulated in this driver. This includes all cache managers,

memory managers, and requests for remote file systems so the specified protocol can use the

requested server.

Mrxsmb.sys

This mini-redirector for CIFS has commands specific to CIFS.

Mrxnfs.sys

This mini-redirector for the Network File System (NFS) provides support for NFS. Mrxnfs.sys is

included in Services for Unix.

In Windows NT 4.0, Windows Internet Name Service (WINS), and Domain Name System (DNS) name

resolution was accomplished by using TCP port 134. Extensions to CIFS and NetBT now allow connections

directly over TCP/IP with the use of TCP port 445. Both means of resolution are still available in

Windows 2000. It is possible to disable either or both of these services in the registry.

Features that CIFS offers are:

Integrity and Concurrency CIFS allows multiple clients to access and update the same file while

preventing conflicts by providing file sharing and file locking. File sharing and file locking is the process of

allowing one user to access a file at a time and blocking access to all other users. These sharing and locking

mechanisms can be used over the Internet and intranets. They also permit aggressive caching and read-ahead

and write-behind without loss of integrity. File caches of buffers must be cleared before the file is usable by

other clients. These capabilities ensure that only one copy of a file can be active at a time, preventing data

corruption.

Optimization for Slow Links The CIFS protocol has been tuned to run well over slow-speed dial-up lines.

The effect is improved performance for users who access the Internet using a modem.

Security CIFS servers support both anonymous transfers and secure, authenticated access to named files.

File and directory security policies are easy to administer.

Performance and Scalability CIFS servers are highly integrated with the operating system, and are tuned

for maximum system performance.

Unicode File Names File names can be in any character set, not just character sets designed for English or

Western European languages.

Global File Names Users do not have to mount remote file systems, but can refer to them directly with

globally significant names (names that can be located anywhere on the Internet), instead of ones that have

only local significance (on a local computer or LAN). Distributed File Systems (DFS) allows users to

construct an enterprise-wide namespace. Uniform Naming Convention (UNC) file names are supported so a

drive letter does not need to be created before remote files can be accessed.

Internet Printing Protocol

In computing, the Internet Printing Protocol (IPP) provides a standard network protocol for remote

printing as well as for managing print jobs, media size, resolution, and so forth.

Like all IP-based protocols, IPP can run locally or over the Internet to printers hundreds or thousands of

miles away. Unlike other printing protocols, IPP also supports access control, authentication, and encryption,

making it a much more capable and secure printing solution than older ones. It uses RAW and LPR printing

protocols to print over a network.

Implementation

IPP is implemented using the Hypertext Transfer Protocol (HTTP) and inherits all of the HTTP streaming

and security features. For example, authorization can take place via HTTP's Digest access authentication

mechanism, GSSAPI, or via public key certificates. Encryption is provided using the SSL/TLS protocol-

layer, either in the traditional always-on mode used by HTTPS or using the HTTP Upgrade extension to

HTTP (RFC 2817. Streaming is supported using HTTP chunking.

IPP uses the traditional client-server model, with clients sending IPP request messages with the MIME media

type "application/ipp" in HTTP POST requests to an IPP printer. IPP request messages consist of key/value

pairs using a custom binary encoding followed by an "end of attributes" tag and any document data required

for the request. The IPP response is send back to the client in the HTTP POST response, again using the

"application/ipp" MIME media type.

Among other things, IPP allows a client to:

1. query a printer's capabilities

2. submit print jobs to a printer

3. query the status of a printer

4. query the status of one or more print jobs

5. cancel previously submitted jobs

IPP uses TCP with port 631 as its well-known port. IPP implementations such as CUPS also use UDP with

port 631 for IPP printer discovery.

Products using the Internet Printing Protocol include, among others, CUPS which is part of Mac OS X and

many BSD and Linux distributions and is the reference implementation for IPP/2.0 and IPP/2.1, Novell

iPrint, and Microsoft Windows, starting with Windows 2000.[1]

Windows XP and Windows Server 2003

offer IPP printing via HTTPS. Windows Vista, Windows 7, Windows Server 2008 and 2008 R2 also support

IPP printing over RPC in the "Medium-Low" security zone. For reasons speculative Microsoft dropped

support of secure IPP via SSL with Windows Server 2008.

Windows Sockets

the Windows Sockets API (WSA), which was later shortened to Winsock, is a technical specification that

defines how Windows network software should access network services, especially TCP/IP. It defines a

standard interface between a Windows TCP/IP client application (such as an FTP client or a web browser)

and the underlying TCP/IP protocol stack. The nomenclature is based on the Berkeley sockets API model

used in BSD for communications between programs. Initially, all the participating developers resisted the

shortening of the name to Winsock for a long time, since there was much confusion among users between the

API and the DLL library file (winsock.dll) which only exposed the common WSA interfaces to applications

above it. Users would commonly believe that only making sure the DLL file was present on a system would

provide full TCP/IP protocol support.

Specifications

Version 1.0 (June 1992) defined the basic operation of Winsock. It was kept very close to the existing

interface of Berkeley sockets to simplify porting of existing applications. A few Windows-specific

extensions were added, mainly for asynchronous operations with message-based notifications.

Although the document didn't limit support to TCP/IP, TCP and UDP were the only protocols explicitly

mentioned. Most vendors only delivered TCP/IP support, although Winsock from DEC included DECNet

support as well.

Version 1.1 (January 1993) made many minor corrections and clarifications of the specification. The most

significant change was the inclusion of the gethostname() function.

Versions 2.0.x (May 1994 onwards) had internal draft status, and were not announced as public standards.

Version 2.1.0 (January 1996) was the first public release of the Winsock 2 specification.

Version 2.2.0 (May 1996) included many minor corrections, clarifications, and usage recommendations. It

was also the first version to remove support for 16-bit Windows applications.

Version 2.2.1 (May 1997) and Version 2.2.2 (August 1997) introduced minor functionality enhancements.

Mechanisms were added for querying and receiving notification of changes in network and system

configuration.

The IPv6 Technical Preview for Windows 2000 (December 2000) saw the first implementation of RFC 2553

(March 1999, later obsoleted by RFC 3493), a protocol-independent API for name resolution, which would

become part of Winsock in Windows XP.

Telnet

Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive

text-oriented communications facility using a virtual terminal connection. User data is interspersed in-band

with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control

Protocol (TCP).

Telnet was developed in 1969 beginning with RFC 15,extended in RFC 854, and standardized as Internet

Engineering Task Force (IETF) Internet Standard STD 8, one of the first Internet standards.

Historically, Telnet provided access to a command-line interface (usually, of an operating system) on a

remote host. Most network equipment and operating systems with a TCP/IP stack support a Telnet service

for remote configuration (including systems based on Windows NT). Because of security issues with Telnet,

its use for this purpose has waned in favor of SSH.

The term telnet may also refer to the software that implements the client part of the protocol. Telnet client

applications are available for virtually all computer platforms. Telnet is also used as a verb. To telnet means

to establish a connection with the Telnet protocol, either with command line client or with a programmatic

interface. For example, a common directive might be: "To change your password, telnet to the server, login

and run the passwd command." Most often, a user will be telnetting to a Unix-like server system or a

network device (such as a router) and obtain a login prompt to a command line text interface or a character-

based full-screen manager.

Security

When Telnet was initially developed in 1969, most users of networked computers were in the computer

departments of academic institutions, or at large private and government research facilities. In this

environment, security was not nearly as much of a concern as it became after the bandwidth explosion of the

1990s. The rise in the number of people with access to the Internet, and by extension, the number of people

attempting to hack other people's servers made encrypted alternatives much more of a necessity.

Experts in computer security, such as SANS Institute, recommend that the use of Telnet for remote logins

should be discontinued under all normal circumstances, for the following reasons:

Telnet, by default, does not encrypt any data sent over the connection (including passwords), and so

it is often practical to eavesdrop on the communications and use the password later for malicious

purposes; anybody who has access to a router, switch, hub or gateway located on the network

between the two hosts where Telnet is being used can intercept the packets passing by and obtain

login and password information (and whatever else is typed) with any of several common utilities

like tcpdump and Wireshark.

Most implementations of Telnet have no authentication that would ensure communication is carried

out between the two desired hosts and not intercepted in the middle.

Commonly used Telnet daemons have several vulnerabilities discovered over the years.

These security-related shortcomings have seen the usage of the Telnet protocol drop rapidly, especially on

the public Internet, in favor of the Secure Shell (SSH) protocol, first released in 1995. SSH provides much of

the functionality of telnet, with the addition of strong encryption to prevent sensitive data such as passwords

from being intercepted, and public key authentication, to ensure that the remote computer is actually who it

claims to be. As has happened with other early Internet protocols, extensions to the Telnet protocol provide

Transport Layer Security (TLS) security and Simple Authentication and Security Layer (SASL)

authentication that address the above issues. However, most Telnet implementations do not support these

extensions; and there has been relatively little interest in implementing these as SSH is adequate for most

purposes.

Dynamic Host Configuration Protocol

The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks.

Computers that are connected to IP networks must be configured before they can communicate with other

computers on the network. DHCP allows a computer to be configured automatically, eliminating the need for

intervention by a network administrator. It also provides a central database for keeping track of computers

that have been connected to the network. This prevents two computers from accidentally being configured

with the same IP address.

In the absence of DHCP, hosts may be manually configured with an IP address. Alternatively IPv6 hosts may

use stateless address autoconfiguration to generate an IP address. IPv4 hosts may use link-local addressing to

achieve limited local connectivity.

In addition to IP addresses, DHCP also provides other configuration information, particularly the IP

addresses of local caching DNS resolvers. Hosts that do not use DHCP for address configuration may still

use it to obtain other configuration information.

There are two versions of DHCP, one for IPv4 and one for IPv6. While both versions bear the same name

and perform much the same purpose, the details of the protocol for IPv4 and IPv6 are sufficiently different

that they can be considered separate protocols.

Hypertext Transfer Protocol

The Hypertext Transfer Protocol (HTTP) is a networking protocol for distributed, collaborative,

hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web.

The standards development of HTTP has been coordinated by the Internet Engineering Task Force (IETF)

and the World Wide Web Consortium, culminating in the publication of a series of Requests for Comments

(RFCs), most notably RFC 2616 (June 1999), which defines HTTP/1.1, the version of HTTP in common use.

HTTP is an application layer network protocol built on top of TCP. HTTP clients (such as Web browsers)

and servers communicate via HTTP request and response messages. The three main HTTP message types are

GET, POST, and HEAD.

HTTP utilizes TCP port 80 by default, though other ports such as 8080 can alternatively be used.

The current version of HTTP in widespread use - HTTP version 1.1 - was developed to address some of the

performance limitations of the original version - HTTP 1.0. HTTP 1.1 is documented in RFC 2068.

Network News Transfer Protocol

The Network News Transfer Protocol (NNTP) is an Internet application protocol used for transporting

Usenet news articles (netnews) between news servers and for reading and posting articles by end user client

applications. Brian Kantor of the University of California, San Diego and Phil Lapsley of the University of

California, Berkeley authored RFC 977, the specification for the Network News Transfer Protocol, in March

1986. Other contributors included Stan O. Barber from the Baylor College of Medicine and Erik Fair of

Apple Computer.

Usenet was originally designed based on the UUCP network, with most article transfers taking place over

direct point-to-point telephone links between news servers, which were powerful time-sharing systems.

Readers and posters logged into these computers reading the articles directly from the local disk.

As local area networks and Internet participation proliferated, it became desirable to allow newsreaders to be

run on personal computers connected to local networks. Because distributed file systems were not yet widely

available, a new protocol was developed based on the client-server model. It resembled the Simple Mail

Transfer Protocol (SMTP), but was tailored for exchanging newsgroup articles.

A newsreader, also known as a news client, is a software application that reads articles on Usenet, either

directly from the news server's disks or via the NNTP.

The well-known TCP port 119 is reserved for NNTP. When clients connect to a news server with Transport

Layer Security (TLS), TCP port 563 is used. This is sometimes referred to as NNTPS.

File Transfer Protocol

File Transfer Protocol (FTP) is a standard network protocol used to copy a file from one host to another

over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes

separate control and data connections between the client and server.[1]

FTP users may authenticate

themselves using a clear-text sign-in protocol but can connect anonymously if the server is configured to

allow it.

The first FTP client applications were interactive command-line tools, implementing standard commands and

syntax. Graphical user interface clients have since been developed for many of the popular desktop operating

systems in use today.

Routing Information Protocol

RIP is a dynamic routing protocol used in local and wide area networks. As such it is classified as an interior

gateway protocol (IGP). It uses the distance-vector routing algorithm. It was first defined in RFC 1058

(1988). The protocol has since been extended several times, resulting in RIP Version 2 (RFC 2453). Both

versions are still in use today, although they are considered to have been made technically obsolete by more

advanced techniques such as Open Shortest Path First (OSPF) and the OSI protocol IS-IS. RIP has also been

adapted for use in IPv6 networks, a standard known as RIPng (RIP next generation) protocol, published in

RFC 2080 (1997).

Versions

There are three versions of the Routing Information Protocol: RIPv1, RIPv2, and RIPng.

RIP version 1 (RIPv1).

This is a simple distance vector protocol. It has been enhanced with various techniques, including Split

Horizon and Poison Reverse in order to enable it to perform better in somewhat complicated networks.

The longest path cannot exceed 15 hops.

RIP uses static metrics to compare routes.

The maximum datagram size is 512 bytes not including the IP or UDP headers.

RIP version 2 (RIPv2).

This version added several new features.

External route tags.

Subnet masks.

Next hop router addresses.

Authentication.

Multicast support.

RIPng

RIPng (RIP next generation), defined in RFC 2080, is an extension of RIPv2 for support of IPv6, the next

generation Internet Protocol. The main differences between RIPv2 and RIPng are:

Support of IPv6 networking.

While RIPv2 supports RIPv1 updates authentication, RIPng does not. IPv6 routers were, at the time,

supposed to use IPsec for authentication.

RIPv2 allows attaching arbitrary tags to routes, RIPng does not;

RIPv2 encodes the next-hop into each route entries, RIPng requires specific encoding of the next hop

for a set of route entries.

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on

IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers,

modem racks, and more.‖. It is used mostly in network management systems to monitor network-attached

devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol

Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network

management, including an application layer protocol, a database schema, and a set of data objects.

The Simple Network Management Protocol (SNMP) is the standard operations and maintenance protocol for

the Internet. SNMP-based management not only produces management solutions for systems, applications,

complex devices, and environmental control systems, but also provides the Internet management solutions

supporting Web services. SNMPv3, the most recent standard approved by the Internet Engineering Task

Force (IETF)

Built Upon Open Standards

SNMP Research is a leading-edge producer of standards-based products and participates in the IETF SNMP

open management standards working groups. SNMP Research was the first company to support SNMPv3.

Dr. Jeff Case, founder of SNMP Research, and other engineers at SNMP Research authored or co-authored

SNMPv1, SNMPv2c, SNMPv3, and many related MIB documents. As a result, our implementations are

faithful to Internet standards, and, in many cases, the standards are based on our implementations.

Our engineering staff represents more than a half-century of management expertise. Our sales and

engineering teams work closely with you to match your requirements with the best solution.

UNIT - III

IP Address (Internet Protocol Address):

This number is an exclusive number all information technology devices (printers, routers, modems, et al) use

which identifies and allows them the ability to communicate with each other on a computer network. There is

a standard of communication which is called an Internet Protocol standard (IP). In laymans terms it is the

same as your home address. In order for you to receive snail mail at home the sending party must have your

correct mailing address (IP address) in your town (network) or you do not receive bills, pizza coupons or

your tax refund. The same is true for all equipment on the internet. Without this specific address, information

cannot be received. IP addresses may either be assigned permanently for an Email server/Business server or a

permanent home resident or temporarily, from a pool of available addresses (first come first serve) from your

Internet Service Provider. A permanent number may not be available in all areas and may cost extra so be

sure to ask your ISP.

IP Address Functions: Identification and Routing

The first point that bears making is that there are actually two different functions of the IP address:

o Network Interface Identification: Like a street address, the IP address provides unique

identification of the interface between a device and the network. This is required to ensure that the

datagram is delivered to the correct recipients.

o Routing: When the source and destination of an IP datagram are not on the same network, the

datagram must be delivered ―indirectly‖ using intermediate systems, a process called routing. The IP

address is an essential part of the system used to route datagrams.

IP Address Versions:

IP version 4: Currently used by most network devices. However, with more and more computers accessing

the internet, IPv4 addresses are running out quickly. Just like in a city, addresses have to be created for new

neighborhoods but, if your neighborhood gets too large, you will have to come up with an entire new pool of

addresses. IPv4 is limited to 4,294,967,296 addresses.

IP version 5: This is an experimental protocol for UNIX based systems. In keeping with standard UNIX (a

computer Operating System) release conventions, all odd-numbered versions are considered experimental. It

was never intended to be used by the general public.

IP version 6: The replacement for the aging IPv4. The estimated number of unique addresses for IPv6 is

340,282,366,920,938,463,463,374,607,431,768,211,456 or 2^128.

Converting from Decimal to Binary:

The address is made up of 32 binary bits which can be divisible into a network portion and host portion with

the help of a subnet mask. The 32 binary bits are broken into four octets (1 octet = 8 bits). Each octet is

converted to decimal and separated by a period (dot). For this reason, an IP address is said to be expressed in

dotted decimal format (for example, 172.16.81.100). The value in each octet ranges from 0 to 255 decimal,

or 00000000 - 11111111 binary.

Here is how binary octets convert to decimal: The right most bit, or least significant bit, of an octet holds a

value of 20. The bit just to the left of that holds a value of 2

1. This continues until the left-most bit, or most

significant bit, which holds a value of 27. So if all binary bits are a one, the decimal equivalent would be 255

as shown here:

1 1 1 1 1 1 1 1

128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)

Here is a sample octet conversion when not all of the bits are set to 1.

0 1 0 0 0 0 0 1

0 64 0 0 0 0 0 1 (0+64+0+0+0+0+0+1=65)

And this is sample shows an IP address represented in both binary and decimal.

10. 1. 23. 19 (decimal)

00001010.00000001.00010111.00010011 (binary)

These octets are broken down to provide an addressing scheme that can accommodate large and small

networks. There are five different classes of networks, A to E. This document focuses on addressing classes

A to C, since classes D and E are reserved and discussion of them is beyond the scope of this document.

Class D IP addresses are reserved for the multicast group ant cannot be assigned to hosts and the E class IP

addresses are the experimental addresses and cannot be assigned to the people. Every IP address consists of 4

octets and 32 bits. Every participating host and the devices on a network such as servers, routers, switches,

DNS, DHCP, gateway, web server, internet fax server and printer have their own unique addresses within the

scope of the network.

TCP/IP protocols are installed by default with the Windows based operating systems. After the TCP/IP

protocols are successfully installed you need to configure them through the Properties Tab of the Local Area

Connection.

IP Addressing Tips

A Network ID cannot be All 0s

A host ID cannot be All 1 because this represents a broadcast address for the local network.

Each host must have a unique host portion of the IP address.

All hosts on the same network segment should have the same network id.

A host address cannot be 127 because 127 has been reserved for the loop back

functionalities.

Subnet Mask

An IP (Internet Protocol) address is a unique identifier for a single device (node or host connection) on an IP

network. It is a 32 bit binary number that ranges from 0 to 4294967295. This means that theoretically, the

Internet can contain approximately 4.3 billion unique objects This binary number is usually represented as 4

decimal values, each representing 8 bits (octets), in the range 0 to 255 separated by decimal points. This is

known as ―dotted decimal‖ notation. IP address is a communications protocol used from the smallest private

network to the massive global Internet.

Increments of an IP Address:

0.0.0.0

0.0.0.1

…increment 252 hosts…

0.0.0.254

0.0.0.255

0.0.1.0

0.0.1.1

…increment 252 hosts…

0.0.1.254

0.0.1.255

0.0.2.0

0.0.2.1

…increment 4+ billion hosts…

255.255.255.255

Subnetting and Subnet Mask

A subnetwork, or subnet, describes networked computers and devices that have a common, designated IP

address routing prefix. Every IP address consists of two parts, one identifying the network and one

identifying the node. The Class of the address and the subnet mask determine which part belongs to the

network address and which part belongs to the node address. Routers are used to manage traffic and form

borders between subnets.

Subnetting is used to break the network into smaller, more efficient subnets to prevent excessive rates of

Ethernet packet collision in a large network. These subnets can be arranged hierarchically, with the

organization’s network address space partitioned into a tree-like structure.

A significant feature of subnetting is the subnet mask. Similar to IP addresses, a subnet mask contains four

bytes (32 bits) and is often written using the same ―dotted-decimal‖ notation. Applying a subnet mask to an

IP address allows you to identify the network and node parts of the address. The network bits are represented

by the ones in the mask, and the node bits are represented by the zeros which are identical to the subnet

length.

A subnet mask cannot replace an IP address; however they do work together and not independently.

Applying the subnet mask to an IP address splits the address into two parts, an ―extended network address‖

and a host address. The subnet mask determines the size of a subnet and pinpoints where the end points on

the subnet ar, if the IP address within the subnet is known. The mask aspect in a subnet mask comes from the

fact that it conceals the host bits and leaves the Network ID that starts the subnet. If the beginning and size of

the subnet is known, the end of the subnet (Broadcast ID) can be defined. The Network ID is the official

designation for a particular subnet, and the ending number is the broadcast address that every device on a

subnet listens to.

Uses of Subnet Masks

Identifies a Network

Isolates the Network ID and Host ID

Determines the number of host/terminals that could be used on the same network

Reduces Network traffic

Internet IP Address Structure:

As we just saw, each version 4 IP address is 32 bits long. When we refer to the IP address we use a dotted-

decimal notation, while the computer converts this into binary. However, even though these sets of 32 bits

are considered a single ―entity‖, they have an internal structure containing two components:

o Network Identifier (Network ID): A certain number of bits, starting from the left-most bit, is used

to identify the network where the host or other network interface is located. This is also sometimes

called the network prefix or even just the prefix.

o Host Identifier (Host ID): The remainder of the bits are used to identify the host on the network.

Note: By convention, IP devices are often called hosts for simplicity, as I do throughout this Guide. Even

though each host usually has a single IP address, remember that IP addresses are strictly associated with

network-layer network interfaces, not physical devices, and a device may therefore have more than one IP

address.

Basic IP Address Division: Network ID and Host ID

The fundamental division of the bits of an IP address is into a network ID and host ID. Here, the network ID

is 8 bits long, shown in cyan, and the host ID is 24 bits in length.

Implications of Including the Network ID in IP Addresses

The fact that the network identifier is contained in the IP address is what partially facilitates the routing of IP

datagrams when the address is known. Routers look at the network portion of the IP address to determine

first of all if the destination IP address is on the same network as the host IP address. Then routing decisions

are made based on information the routers keep about where various networks are located. Again, this is

conceptually similar to how the area code is used by the equivalent of ―routers‖ in the phone network to

switch telephone calls. The host portion of the address is used by devices on the local portion of the network.

Since the IP address can be split into network ID and host ID components, it is also possible to use either one

or the other by itself, depending on context. These addresses are assigned special meanings. For example, if

the network ID is used with all ones as the host ID, this indicates a broadcast to the entire network. Similarly,

if the host ID is used by itself with all zeroes for the network ID, this implies an IP address sent to the host of

that ID on ―the local network‖, whatever that might be.

It is the inclusion of the network identifier in the IP address of each host on the network that causes the IP

addresses to be network-specific. If you move a device from one network to a different one the network ID

must change to that of the new network. Therefore, the IP address must change as well. This is an

unfortunate drawback that shows up most commonly when dealing with mobile devices.

Network ID and Host ID

Location of the Division Between Network ID and Host ID

One difference between IP addresses and phone numbers is that the dividing point between the bits used to

identify the network and those that identify the host isn't fixed. It depends on the nature of the address, the

type of addressing being used, and other factors. Let's take the example from the last topic, 227.82.157.177.

It is possible to divide this into a network identifier of ―227.82‖ and a host identifier of ―157.177‖.

Alternately, the network identifier might be ―227‖ and the host identifier ―82.157.177‖ within that network.

To express the network and host identifiers as 32-bit addresses, we add zeroes to replace the missing

―pieces‖. In the latter example just above, the address of the network becomes ―227.0.0.0‖ and the address of

the host ―0.82.157.177‖. (In practice, network addresses of this sort are routinely seen with the added zeroes;

network IDs are not as often seen in 32-bit form this way.)

Lest you think from these examples that the division must always be between whole octets of the address, it's

also possible to divide it in the middle of an octet. For example, we could split the IP address 227.82.157.177

so there were 20 bits for the network ID and 12 bits for the host ID. The process is the same, but determining

the dotted decimal ID values is more tricky because here, the ―157‖ is ―split‖ into two binary numbers. The

results are ―227.82.144.0‖ for the network ID and ―0.0.0.13.177‖ for the host ID, as shown in Figure 58.

Mid-Octet IP Address Division

Since IP addresses are normally expressed as four dotted-decimal numbers, educational resources often show

the division between the Network ID and Host ID occurring on an octet boundary. However, it’s essential to

remember that the dividing point often appears in the middle of one of these eight-bit numbers. In this

example, the Network ID is 20 bits long and the Host ID 12 bits long. This results in the third number of the

original IP address, 157, being split into 144 and 13.

The place where the ―line is drawn‖ between the network ID and the host ID must be known in order for

devices such as routers to know how to interpret the address. This information is conveyed either implicitly

or explicitly depending on the type of IP addressing in use. I describe this in the following topic.

IP "Classful" Addressing Network and Host Identification and Address Ranges

Determining Address Class From the First Octet Bit Pattern:

As humans, of course, we generally work with addresses in dotted decimal notation and not in binary, but it's

pretty easy to see the ranges that correspond to the classes. For example, consider class B. The first two bits

of the first octet are ―10‖. The remaining bits can be any combination of ones and zeroes. This is normally

represented as ―10xx xxxx‖ (shown as two groups of four for readability.) Thus, the binary range for the first

octet can be from ―1000 0000‖ to ―1011 1111‖. This is 128 to 191 in decimal. So, in the ―classful‖ scheme,

any IP address whose first octet is from 128 to 191 (inclusive) is a class B address.

In Table to shown the bit patterns of each of the five classes, and the way that the first octet ranges can be

calculated. In the first column is the format for the first octet of the IP address, where the ―x‖s can be either a

zero or a one. Then I show the lowest and highest value for each class in binary (the ―fixed‖ few bits are

highlighted so you can see that they do not change while the others do.) I then also show the corresponding

range for the first octet in decimal.

Table 44: IP Address Class Bit Patterns, First-Octet Ranges and Address Ranges

IP

Address

Class

First Octet

of IP

Address

Lowest Value

of First Octet

(binary)

Highest Value

of First Octet

(binary)

Range of First

Octet Values

(decimal)

Octets in

Network ID /

Host ID

Theoretical IP

Address Range

Class A 0xxx xxxx 0000 0001 0111 1110 1 to 126 1 / 3 1.0.0.0 to

126.255.255.255

Class B 10xx xxxx 1000 0000 1011 1111 128 to 191 2 / 2 128.0.0.0 to

191.255.255.255

Class C 110x xxxx 1100 0000 1101 1111 192 to 223 3 / 1 192.0.0.0 to

223.255.255.255

Class D 1110 xxxx 1110 0000 1110 1111 224 to 239 — 224.0.0.0 to

239.255.255.255

Class E 1111 xxxx 1111 0000 1111 1111 240 to 255 — 240.0.0.0 to

255.255.255.255

Key Concept: In the ―classful‖ IP addressing scheme, the class of an IP address is identified by looking at

the first one, two, three or four bits of the address. This can be done both by humans working with these

addresses and routers making routing decisions. The use of these bit patterns means that IP addresses in

different classes fall into particular address ranges that allow an address’s class to be determined by looking

at the first byte of its dotted-decimal address.

Address Ranges for Address Classes:

I have also shown in Table the theoretical lowest and highest IP address ranges for each of the classes. This

means that the address ranges shown are just a result of taking the full span of binary numbers possible in

each class. In reality, some of the values are not available for normal use. For example, even though

192.0.0.0 to 192.0.0.255 is technically in class C, it is reserved and not actually used by hosts on the Internet.

Also, there are IP addresses that can't be used because they have special meaning. For example, you can't use

an IP address of 255.255.255.255, as this is a reserved ―all ones‖ broadcast address. In a similar vein, note

that the range for Class A is from 1 to 126 and not 0 to 127 like you might have expected. This is because

class A networks 0 and 127 are reserved; 127 is the network containing the IP loopback address. These

special and reserved addresses are discussed later in this section.

IP Address Class Bit Assignments and Network/Host ID Sizes

This illustration shows how the 32 bits of IP address are assigned for each of the five IP address classes.

Classes A, B and C are the ―normal‖ classes used for regular unicast addresses; each has a different dividing

point between the Network ID and Host ID. Classes D and E are special and are not divided in this manner.

Now, recall that classes A, B and C differ in where the dividing line is between the network ID and the host

ID: 1 for network and 3 for host for class A, 2 for each for class B, and 3 for network and 1 for host for class

C. Based on this division, I have highlighted the network ID portion of the IP address ranges for each of

classes A, B and C. The plain text corresponds to the range of host IDs for each allowable network ID.

Figure 62 shows graphically how bits are used in each of the five classes.

Let's look at class C. The lowest IP address is 192.0.0.0 and the highest is 223.255.255.255. The first three

octets are the network ID, and can range from 192.0.0 to 223.255.255. For each network ID in that range, the

host ID can range from 0 to 255.

IP Addresses Classes

Class A

The binary address for the class A starts with 0. The range of the IP addresses in the class A is between 1 to

126 and the default subnet mask of the class A is 255.0.0.0. Class A supports 16 million hosts on each of

125 networks. An example of the class A is 10.10.1.1. Class A is used for the large networks with many

network devices.

Class B

The binary address for the class B starts with 10. The range of the IP address in the class B is between 128 to

191 and the default subnet mast for the class B is 255.255.0.0. Class B supports 65,000 on each of 16,000

networks. An example of the class B address is 150.10.10.10. Class B addresses scheme is used for the

medium sized networks.

Class C

The binary address for the class C starts with 110. The range of the IP addresses in the class C is between

192 to 223 and the default subnet mask for the class C is 255.255.255. Class C hosts 254 hosts on each of 2

million networks. An example of the Class C IP address is 210.100.100.50. Class C is used for the small

networks with less then 256 devices and nodes in a network.

Class D

The binary addresses for the class D starts with 1110 and the IP addresses range can be between 224 to 239.

An example of the class D IP address is 230.50.100.1

Class E

The binary address can starts with 1111 and the decimal can be anywhere from 240 to 255. An example of

the class E IP address is 245.101.10.10

It is very important to know that all the computers in the same network segment should have the IP addresses

for the same class i.e. form A, B or C.

Note: It is common to see resources refer to the network ID of a ―classful‖ address as including only the

―significant‖ bits, that is, only the ones that are not common to all networks of that class. For example, you

may see a Class B network ID shown in a diagram as having 14 bits, with the ―10‖ that starts all such

networks shown separately, as if it were not part of the network ID. Remember that the network ID does

include those bits as well; it is 8 full bits for Class A, 16 for Class B and 24 for Class C. In the case of Class

D addresses, all 32 bits are part of the address, but only the lower 28 bits are part of the multicast group

address; see the topic on multicast addressing for more.

UNIT-IV

Determining Host Addresses For Each Subnet

Once we know the addresses of each of the subnets in our network, we use these addresses as the basis for

assigning IP addresses to the individual hosts in each subnet. We start by associating a subnet base address

with each physical network. We then sequentially assign hosts particular IP addresses within the subnet

Determining host addresses is really quite simple, once we know the subnet address. All we do is substitute

the numbers 1, 2, 3… and so on for the host ID bits in the subnet address. We must do this in binary of

course, and then convert the address to decimal form. Again, we can do some ―short-cutting‖ once the rather

obvious pattern of how to assign addresses emerges. We'll look at those later in the topic.

Class C Host Address Determination Example

Let's start with our Class C example again, 211.77.20.0, which we divided into 8 subnets using 3 subnet bits.

Here's how the address appears with the subnet bits shown highlighted, and the host ID bits shown

highlighted and underlined.:

11010011 01001101 00010100 00000000

The first subnet is subnet #0, which has all zeroes for those subnet bits, and thus the same address as the

network as a whole: 211.77.20.0. We substitute the numbers 1, 2, 3 and so on for the underlined bits to get

the host IDs. (Remember that we don't start with 0 here because for the host ID, the all-zero and all-one

binary patterns have special meaning). So it goes like this:

1. The first host address has the number 1 for the host ID, or ―00001‖ in binary. So, it is:

11010011 01001101 00010100 00000001

In decimal, this is 211.77.20.1.

2. The second host address has the number 2 for the host ID, or ―00010‖ in binary. Its binary value is:

11010011 01001101 00010100 00000010

In decimal, this is 211.77.20.2

I'm sure you get the picture already; the third host will be 211.77.20.3, the fourth 211.77.20.4 and so on.

There is a maximum of 30 hosts in each subnet, as we saw before. So, the last host in this subnet will be

found by substituting 30 (11110 in binary) for the host ID bits, resulting in a decimal address of

211.77.20.30.

Figure 80: Determining Host Addresses For A Class C Network

This diagram shows how both subnet addresses and host addresses are determined in a two-step

process. The subnet addresses are found by substituting subnet ID values (shown in red) for the

subnet ID bits of the network. Then, for any given subnet address, we can determine a host address

by substituting a host number (shown in blue) for the host ID bits within that subnet. So, for

example, host #2 in subnet #6 has ―110‖ for the subnet ID and ―00010‖ for the host ID, resulting in a

final octet value of ―11000010‖ or 194.

We can do the same thing for each of the other subnets; the only thing that changes is the values in the subnet

ID bits. Let's take for example, subnet #6. It has ―110‖ for the subnet bits instead of ―000‖. So, its subnet

base address is 211.77.20.192, or:

11010011 01001101 00010100 11000000

We assign hosts to this subnet by substituting 00001, then 00010, then 00011 for the host ID bits as before:

1. The first host address is:

11010011 01001101 00010100 11000001

Or 211.77.20.193.

2. The second host address is:

11010011 01001101 00010100 11000010

Or 211.77.20.194.

And so on, all the way up to the last host in the subnet, which is 211.77.20.222. Figure 80 shows graphically

how subnet and host addresses are calculated for this sample network.

Class B Host Address Determination Example

We can do the same thing for our Class B network, naturally. The address of that network is 166.113.0.0.

Now, say we want to define the hosts that go in subnet #13. We substitute 13 in binary (01101) for the subnet

ID bits, to get the following subnet address, shown with the subnet ID bits highlighted and the host ID bits

highlighted and underlined:

10100110 01110001 01101000 00000000

This is the subnet address 166.113.104.0. Now, we have 11 bits of host ID, so we can have a maximum of

2,046 hosts. The first is found by substituting ―000 00000001‖ for the host ID bits‖, to give an address of

166.113.104.1. The second host is 166.113.104.2, and so on. The last is found by substituting ―111

11111110‖, to give an address of 166.113.111.254. Note that since the host ID bits extend over two octets,

two octets change as we increment the host ID, unlike our Class C example. The broadcast address is

166.113.111.255.

"Shortcuts" For Quickly Computing Host Addresses

As you can see, defining the host IDs is really quite straight-forward. If you can substitute bits and convert to

decimal, you have all you need to know. You can also see that as was the case with defining the subnet

addresses, there are patterns that you can use in defining host IDs and understanding how they work. These

generally define ways that we can more quickly determine certain host addresses by working directly in

decimal instead of bothering with binary substitutions. This is a bit more complex conceptually, so only

proceed if you are feeling a bit brave.

The following are some of the ―shortcuts‖ you can use in determining host IP addresses in a subnet

environment:

o First Host Address: The first host address is always the subnet address with the last octet

incremented by 1. So, in our class C example, subnet #3's base address is 211.77.20.96. The first host

address in subnet #3 is thus 211.77.20.97.

o Subsequent Host Addresses: After you find the first host address, to get the next one you just add

one to the last octet of the previous address. If this makes the last octet 256 (which can happen only

if there are more than 8 host ID bits) you ―wrap around‖ this to zero and increment the third octet.

o Directly Calculating Host Addresses: If the number of host ID bits is 8 or less, you can find host

#N's address by adding ―N‖ to the last octet's decimal value. For example, in our class C example,

subnet #3's base address is 211.77.20.96. Therefore, host #23 in this subnet has an address of

211.77.20.119.

If there are more than 8 bits in the host ID, this only works for the first 255 hosts, after which you have to

―wrap around‖ and increase the value of the third octet. Consider again subnet #13 in our Class B example,

which has a base address of 166.113.104.0. Host #214 on this subnet has address 166.113.104.0, but host

#314 isn't 166.113.104.314. It is 166.113.105.58 (host #255 is 166.113.104.255, then host #256 is

166.113.105.0, and we count up 58 more (314-256) to get to #314, 166.113.105.58).

o Range Of Host Addresses: The range of hosts for any subnet is determined as follows:

First Address: Base address of subnet with last octet incremented by one.

Last Address: Base address of next subnet after this one, less two in the last octet (which

may require changing a ―0‖ in the last octet to ―254‖ and reducing the value of the third octet

by 1).

o Broadcast Address: The broadcast address for a subnet is always one less than the base address of

the subsequent subnet. Or alternately, one more than the last ―real‖ host address of the subnet. So, for

subnet #17 in our Class B example, the broadcast address is 166.113.143.255.

Did I just confuse you? Well, remember, these are shortcuts and sometimes when you take a shortcut you get

lost. J Just kidding, it's really not that hard once you play around with it a bit.

In closing, remember the following quick summary when working with IP addresses in a subnet

environment:

1. The network ID is the same for all hosts in all subnets, and all subnets in the network.

2. The subnet ID is the same for all hosts in each subnet, but unique to each subnet in the network.

3. The host ID is unique within each subnet. Each subnet has the same set of host IDs.

4. Subnetting is fun!

Determine the Network IDs

A network address, or IP address, is a series of numbers that a computer or other device uses to connect to a

network, like the internet. An example of an IP (or network) address would be 192.168.1.100. IP addresses

are individual and differ between devices and networks. An IP address is separated into two parts. The first

part is the network address, which is the first three series of numbers (192.168.1 as shown in the example.)

The last number or series of numbers (100 in the shown example) is the host address.

1. Find Your Address o Locate and click the Start menu on your computer. Find "Run" and click to open it. This will bring up the

window that allows you to locate files and folders on your computer.

o Type "cmd" in the drop down arrow box next to Open. Then click OK. This will open the command

prompt.

o Type "ipconfig" to bring up the network configurations of your computer and press "Enter" on your

keyboard.

o Locate the line that says "IP Address," IPv4 Address" or something similar. Follow the dotted lines over to

the right to locate your IP address.

How to determine an IP address:

Microsoft Windows Users

1. Click Start / Run and type: cmd or command to open a Windows command line.

2. From the prompt, type ipconfig and press enter. This should give you information similar to what is shown

below.

Windows 2000 IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . : 192.168.1.1

As seen in the above example, the IP address as well as other important network information is listed when using the

"ipconfig" command. If you have more than one network adapter, e.g. a wireless adapter and network adapter you'll see

each adapter listed when using this command.

Home network and corporate network users

This information is the IP address of your computer in your network. If you're computer is connected to the Internet the

IP address shown in this screen will more than likely not be the IP address other people and web pages see. To

determine this IP address easily see the below online service section.

Graphical representation of network settings

Microsoft Windows XP users may get a GUI representation of their network by right-clicking the network icon in their

systray and selecting "Status." Within the "Local Area Connection Status" window click the "Support" tab.

Microsoft Windows 98 users may also get a GUI representation of their network settings by clicking Start / Run and

typing "ipconfig" in the run line. Unfortunately, not all versions of Windows have this feature.

Linux / Unix, BSD 4.2+, and Apple OS X, Operating System Users

For Linux or Unix users, to view their IP address or network information, users must have administrator or

root privileges.

1. Open the Linux or Unix shell if you are utilizing a GUI interface for your Linux or Unix machine.

2. From the prompt, type "ifconfig eth0" (without the quotes) and press enter. This should give you a

listing of network information similar to what is seen below.

eth0 Link encap:Ethernet HWaddr 00:A0:24:72:EB:0A inet addr:10.10.10.2 Bcast:10.0.0.255

Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX

packets:5569799 errors:32 dropped:32 overruns:0 frame:6 TX packets:3548292 errors:0 dropped:0

overruns:0 carrier:3 Collisions:14 Interrupt:18 Base address:0xda00

As seen from the above example, users will commonly see the network settings for all their network devices

when running the "ifconfig" command. First in the above example we have the network settings for the "lo"

or "local loopback", next is the actual network settings of your network adapter.

Home network and corporate network users

This information is the IP address of your computer in your network. If you're computer is connected to the

Internet the IP address shown in this screen will more than likely not be the IP address other people and web

pages see. To determine this IP address easily see the below online service section.

Apple Macintosh Users

1. From the Apple menu, select the "Apple System Profiler"

2. Open the "Network overview"

3. Open "TCP/IP"

Within this window the user will be able to see the computer's network information including the IP address.

Public and Private IP Addresses:

What is the Difference Between Public and Private IP Addresses?

A unique Internet Protocol (IP) address, known as a public IP address, is assigned to every computer that

connects to the Internet. The IP addressing scheme makes it possible for computers to ―find each other‖

online and exchange information. Within a private network, computers use addresses excluded by convention

from use on the Internet. The difference between a private IP address and a public IP address then, is that

private IP addresses are reserved for private networks, and public IP addresses are reserved for the Internet.

The Internet Assigned Numbers Authority (IANA), a once-autonomous organization, now works within the

purview of the Internet Corporation for Assigned Names and Numbers (ICANN). IANA is responsible for

overseeing global allocation of IP numbers, among other related protocols. Within the range of publicly

available IP addresses are specific, excluded ranges withheld for private network use. These private IP ranges

are as follows:

10.0.0.0 – 10.255.255.255 (Total Addresses: 16,777,216)

172.16.0.0 – 172.31.255.255 (Total Addresses: 1,048,576)

192.168.0.0 – 192.168.255.255 (Total Addresses: 65,536)

Computers within a private network are each assigned a unique address in order to exchange files and share

resources with one another. The network router, which routes information, will pass data back and forth

among the connected computers, using the respective addresses. But how do computers on a private network

connect to the Internet?

Assuming the network has Internet connectivity, the computer connected to the digital subscriber line (DSL)

modem is assigned a public IP address by the Internet Service Provider (ISP). This single public IP address is

used to identify the network on the Internet. Now the network’s router acts as a gatekeeper between the

private network and the public Internet. Using a built-in Network Address Translator (NAT), the router

passes requests to the Internet using the assigned public IP address. Returning data is routed back to the

public IP address, with the router determining which private IP address requested the information. In

essence, the private IP address is daisy-chained to the public IP address through processes in the router.

A public IP address can be static or dynamic. A static public IP address does not change and is used

primarily for hosting webpages or services on the Internet. Some gamers also prefer static IPs for interactive

gaming. A dynamic public IP address is chosen from a pool of available addresses and changes each time

one connects to the Internet. Most people have a dynamic public IP address, as it is the standard type of

public IP address assigned when purchasing Internet connectivity.

Various freeware programs are available online that will display your computer’s assigned public IP address

for you. To see private IP addresses you can open your router’s configuration dialogs, or if using Windows

XP, type ipconfig at the command prompt. The command prompt is available through Start -> All Programs

-> Accessories -> Command Prompt. To leave the command prompt window, type exit.

What are Public IP Addresses?

A public IP address is assigned to every computer that connects to the Internet where each IP is

unique. Hence there cannot exist two computers with the same public IP address all over the Internet.

This addressing scheme makes it possible for the computers to ―find each other‖ online and exchange

information. User has no control over the IP address (public) that is assigned to the computer. The public IP

address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to

the Internet gateway.

A public IP address can be either static or dynamic. A static public IP address does not change and is used

primarily for hosting webpages or services on the Internet. On the other hand a dynamic public IP address is

chosen from a pool of available addresses and changes each time one connects to the Internet. Most Internet

users will only have a dynamic IP assigned to their computer which goes off when the computer is

disconnected from the Internet. Thus when it is re-connected it gets a new IP.

What are Private IP Addresses?

An IP address is considered private if the IP number falls within one of the IP address ranges reserved for

private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA)

has reserved the following three blocks of the IP address space for private networks (local networks):

10.0.0.0 – 10.255.255.255 (Total Addresses: 16,777,216)

172.16.0.0 – 172.31.255.255 (Total Addresses: 1,048,576)

192.168.0.0 – 192.168.255.255 (Total Addresses: 65,536)

Private IP addresses are used for numbering the computers in a private network including home, school and

business LANs in airports and hotels which makes it possible for the computers in the network to

communicate with each other. Say for example, if a network X consists of 10 computers each of them can be

given an IP starting from 192.168.1.1 to 192.168.1.10. Unlike the public IP, the administrator of the

private network is free to assign an IP address of his own choice (provided the IP number falls in the private

IP address range as mentioned above).

Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the

local network cannot connect directly to a device with a private IP. It is possible to interconnect two private

networks with the help of a router or a similar device that supports Network Address Translation.

If the private network is connected to the Internet (through an Internet connection via ISP) then each

computer will have a private IP as well as a public IP. Private IP is used for communication within the

network where as the public IP is used for communication over the Internet. Most Internet users with a

DSL/ADSL connection will have both a private as well as a public IP.

You can know your private IP by typing ipconfig command in the command prompt. The number that you

see against ―IPV4 Address:‖ is your private IP which in most cases will be 192.168.1.1 or 192.168.1.2.

Unlike the public IP, private IP addresses are always static in nature.

Unlike what most people assume, a private IP is neither the one which is impossible to trace (just like the

private telephone number) nor the one reserved for stealth Internet usage. In reality there is no public IP

address that is impossible to trace since the protocol itself is designed for transparency.

What is Network Routing

You will be able to find the basic network routing overview, router configuration, router working,

simulations static routes and routing table. Routing is the process of defining routes for the packets to its

destination through an internetwork and this is performed by the router.

Routing is consist of two separate tasks.

1. Defining paths for the packets through and internetwork.

2. Forwarding data packets based on their predefined paths.

Generally, there are two types of routing.

IP Routes and Routing Tables

Routers are responsible for forwarding traffic on an IP internetwork. Each router accepts datagrams from a

variety of sources, examines the IP address of the destination and decides what the next hop is that the

datagram needs to take to get it that much closer to its final destination. A question then naturally arises: how

does a router know where to send different datagrams?

Each router maintains a set of information that provides a mapping between different network IDs and the

other routers to which it is connected. This information is contained in a data structure normally called a

routing table. Each entry in the table, unsurprisingly called a routing entry, provides information about one

network (or subnetwork, or host). It basically says ―if the destination of this datagram is in the following

network, the next hop you should take is to the following device‖. Each time a datagram is received the

router checks its destination IP address against the routing entries in its table to decide where to send the

datagram, and then sends it on its next hop.

Obviously, the fewer the entries in this table, the faster the router can decide what to do with datagrams.

(This was a big part of the motivation for classless addressing, which aggregates routes into ―supernets‖ to

reduce router table size, as we will see in the next topic.) Some routers only have connections to two other

devices, so they don't have much of a decision to make. Typically, the router will simply take datagrams

coming from one of its interfaces and if necessary, send them out on the other one. For example, consider a

small company's router acting as the interface between a network of three hosts and the Internet. Any

datagrams sent to the router from a host on this network will need to go over the router's connection to the

router at the ISP.

When a router has connections to more than two devices, things become considerably more complex. Some

distant networks may be more easily reachable if datagrams are sent using one of the routers than the other.

The routing table contains information not only about the networks directly connected to the router, but also

information that the router has ―learned‖ about more distant networks.

Key Concept: A router make decisions about how to route datagrams using its internal routing table. The

table contains entries specifying to which router datagrams should be sent to reach a particular network.

Figure 93: IP Routing and Routing Tables

This diagram shows a small, simple internetwork consisting of four LANs each served by a router. The

routing table for each lists the router to which datagrams for each destination network should be sent, and is

color coded to match the colors of the networks. Notice that due to the ―triangle‖, each of R1, R2 and R3 can

send to each other. However, R2 and R3 must send through R1 to deliver to R4, and R4 must use R1 to reach

either of the others.

Routing Tables in an Example Internetwork

Let’s consider an example (see Figure 93) with routers R1, R2 and R3 connected in a ―triangle‖, so that each

router can send directly to the others, as well as to its own local network. Suppose R1's local network is

11.0.0.0/8, R2's is 12.0.0.0/8 and R3's is 13.0.0.0/8. (I'm just trying to keep this simple. ) R1 knows that

any datagram it sees with 11 as the first octet is on its local network. It will also have a routing entry that

says that any IP address starting with ―12‖ should go to R2, and any starting with ―13‖ should go to R3.

Let's suppose that R1 also connects to another router, R4, which has 14.0.0.0/8 as its local network. R1 will

have an entry for this local network. However, R2 and R3 also need to know how to reach 14.0.0.0/8, even

though they don't connect to it its router directly. Most likely, they will have an entry that says that any

datagrams intended for 14.0.0.0/8 should be sent to R1. R1 will then forward them to R4. Similarly, R4 will

send any traffic intended for 12.0.0.0/8 or 13.0.0.0/8 through R1.

Note: There is a difference between a routable protocol and a routing protocol. IP is a routable protocol,

which means its messages (datagrams) can be routed. Examples of routing protocols are RIP or BGP, which

are used to exchange routing information between routers.

IP Routing

Abstract

This chapter describes how IPv4 and IPv6 forward packets from a source to a destination and the basic

concepts of routing infrastructure. A network administrator must understand routing tables, route

determination processes, and routing infrastructure when designing IP networks and troubleshooting

connectivity problems.

Chapter Objectives

After completing this chapter, you will be able to:

Define the basic concepts of IP routing, including direct and indirect delivery, routing tables and

their contents, and static and dynamic routing.

Explain how IPv4 routing works with the TCP/IP component of Windows®, including routing table

contents and the route determination process.

Define IPv4 route aggregation and route summarization.

Configure Windows hosts, static routers, and dynamic routers for routing.

Define network address translation and how it is used on the Internet.

Explain how IPv6 routing works with the IPv6 component of Windows, including routing table

contents and the route determination process.

Configure hosts and static routers for the IPv6 component of Windows.

Define the use of the Route, Netsh, Ping, Tracert, and Pathping tools in IPv4 and IPv6 routing.

IP Routing Overview

IP routing is the process of forwarding a packet based on the destination IP address. Routing occurs at a

sending TCP/IP host and at an IP router. In each case, the IP layer at the sending host or router must decide

where to forward the packet. For IPv4, routers are also commonly referred to as gateways.

To make these decisions, the IP layer consults a routing table stored in memory. Routing table entries are

created by default when TCP/IP initializes, and entries can be added either manually or automatically.

Direct and Indirect Delivery

Forwarded IP packets use at least one of two types of delivery based on whether the IP packet is forwarded

to the final destination or whether it is forwarded to an IP router. These two types of delivery are known as

direct and indirect delivery.

Direct delivery occurs when the IP node (either the sending host or an IP router) forwards a packet to

the final destination on a directly attached subnet. The IP node encapsulates the IP datagram in a

frame for the Network Interface layer. For a LAN technology such as Ethernet or Institute of

Electrical and Electronic Engineers (IEEE) 802.11, the IP node addresses the frame to the

destination’s media access control (MAC) address.

Indirect delivery occurs when the IP node (either the sending host or an IP router) forwards a packet

to an intermediate node (an IP router) because the final destination is not on a directly attached

subnet. For a LAN technology such as Ethernet or IEEE 802.11, the IP node addresses the frame to

the IP router’s MAC address.

End-to-end IP routing across an IP network combines direct and indirect deliveries.

Direct and indirect delivery

In Figure 5-1, when sending packets to Host B, Host A performs a direct delivery. When sending packets to

Host C, Host A performs an indirect delivery to Router 1, Router 1 performs an indirect delivery to Router 2,

and then Router 2 performs a direct delivery to Host C.

IP Routing Table

A routing table is present on every IP node. The routing table stores information about IP destinations and

how packets can reach them (either directly or indirectly). Because all IP nodes perform some form of IP

routing, routing tables are not exclusive to IP routers. Any node using the TCP/IP protocol has a routing

table. Each table contains a series of default entries according to the configuration of the node, and additional

entries can be added manually, for example by administrators that use TCP/IP tools, or automatically, when

nodes listen for routing information messages sent by routers.

When IP forwards a packet, it uses the routing table to determine:

The next-hop IP address

For a direct delivery, the next-hop IP address is the destination address in the IP packet. For an

indirect delivery, the next-hop IP address is the IP address of a router.

The next-hop interface

The interface identifies the physical or logical interface that forwards the packet.

Routing Table Entries

A typical IP routing table entry includes the following fields:

Destination

Either an IP address or an IP address prefix.

Prefix Length

The prefix length corresponding to the address or range of addresses in the destination.

Next-Hop

The IP address to which the packet is forwarded.

Interface

The network interface that forwards the IP packet.

Metric

A number that indicates the cost of the route so that IP can select the best route, among potentially

multiple routes to the same destination. The metric sometimes indicates the number of hops (the

number of links to cross) in the path to the destination.

Routing table entries can store the following types of routes:

Directly-attached subnet routes

Routes for subnets to which the node is directly attached. For directly-attached subnet routes, the

Next-Hop field can either be blank or contain the IP address of the interface on that subnet.

Remote subnet routes

Routes for subnets that are available across routers and are not directly attached to the node. For

remote subnet routes, the Next-Hop field is the IP address of a neighboring router.

Host routes

A route to a specific IP address. Host routes allow routing to occur on a per-IP address basis.

Default route

Used when a more specific subnet or host route is not present. The next-hop address of the default

route is typically the default gateway or default router of the node.

Static and Dynamic Routing

For IP packets to be efficiently routed between routers on the IP network, routers must either have explicit

knowledge of remote subnet routes or be properly configured with a default route. On large IP networks, one

of the challenges that you face as a network administrator is how to maintain the routing tables on your IP

routers so that IP traffic travels along the best path and is fault tolerant.

Routing table entries on IP routers are maintained in two ways:

Manually

Static IP routers have routing tables that do not change unless a network administrator manually

changes them. Static routing requires manual maintenance of routing tables by network

administrators. Static routers do not discover remote routes and are not fault tolerant. If a static

router fails, neighboring routers do not detect the fault and inform other routers.

Automatically

Dynamic IP routers have routing tables that change automatically when the routers exchange routing

information. Dynamic routing uses routing protocols, such as Routing Information Protocol (RIP)

and Open Shortest Path First (OSPF), to dynamically update routing tables. Dynamic routers

discover remote routes and are fault tolerant. If a dynamic router fails, neighboring routers detect the

fault and propagate the changed routing information to the other routers on the network.

Dynamic Routing

Dynamic routing is the automatic updating of routing table entries to reflect changes in network topology. A

router with dynamically configured routing tables is known as a dynamic router. Dynamic routers build and

maintain their routing tables automatically by using a routing protocol, a series of periodic or on-demand

messages that contain routing information. Except for their initial configuration, typical dynamic routers

require little ongoing maintenance and, therefore, can scale to larger networks. The ability to scale and

recover from network faults makes dynamic routing the better choice for medium, large, and very large

networks.

Some widely used routing protocols for IPv4 are RIP, OSPF, and Border Gateway Protocol 4 (BGP-4).

Routing protocols are used between routers and represent additional network traffic overhead on the network.

You should consider this additional traffic if you must plan WAN link usage.

When choosing a routing protocol, you should pay particular attention to its ability to sense and recover from

network faults. How quickly a routing protocol can recover depends on the type of fault, how it is sensed,

and how routers propagate information through the network. When all the routers on the network have the

correct routing information in their routing tables, the network has converged. When convergence is

achieved, the network is in a stable state, and all packets are routed along optimal paths.

When a link or router fails, the network must reconfigure itself to reflect the new topology by updating

routing tables, possibly across the entire network. Until the network reconverges, it is in an unstable state.

The time it takes for the network to reconverge is known as the convergence time. The convergence time

varies based on the routing protocol and the type of failure, such as a downed link or a downed router.

The Routing and Remote Access service in the Microsoft Windows Server™ 2003 operating systems

supports the RIP and OSPF IPv4 routing protocols but no IPv6 routing protocols.

Routing Protocol Technologies

Typical IP routing protocols are based the following technologies:

Distance Vector

Distance vector routing protocols propagate routing information in the form of an address prefix and

its ―distance‖ (hop count). Routers use these protocols to periodically advertise the routes in their

routing tables. Typical distance vector-based routers do not synchronize or acknowledge the routing

information they exchange. Distance vector-based routing protocols are easier to understand and

configure, but they also consume more network bandwidth, take longer to converge, and do not scale

to large or very large networks.

Link State

Routers using link state-based routing protocols exchange link state advertisements (LSAs)

throughout the network to update routing tables. LSAs consist of address prefixes for the networks to

which the router is attached and the assigned costs of those networks. LSAs are advertised upon

startup and when a router detects changes in the network topology. Link state-based routers build a

database of LSAs and use the database to calculate the optimal routes to add to the routing table.

Link state-based routers synchronize and acknowledge the routing information they exchange.

Link state-based routing protocols consume less network bandwidth, converge more quickly, and

scale to large and very large networks. However, they can be more complex and difficult to

configure.

Path Vector

Routers use path vector–based routing protocols to exchange sequences of autonomous system

numbers that indicate the path for a route. An autonomous system is a portion of a network under the

same administrative authority. Autonomous systems are assigned a unique autonomous system

identifier. Path vector–based routers synchronize and acknowledge the routing information they

exchange. Path vector–based routing protocols consume less network bandwidth, converge more

quickly, and scale to networks the size of the Internet. However, they can also be complex and

difficult to configure.

IPv4 Routing

IPv4 routing is the process of forwarding an IPv4 packet based on its destination IPv4 address. IPv4 routing

occurs at a sending IPv4 host and at IPv4 routers. The forwarding decision is based on the entries in the local

IPv4 routing table.

Contents of the IPv4 Routing Table

The following are the fields of an IPv4 routing table entry for the TCP/IP component of Windows:

Destination

Can be either an IPv4 address or an IPv4 address prefix. For the IPv4 routing table of the TCP/IP

component of Windows, this column is named Network Destination in the display of the route print

command.

Network Mask

The prefix length expressed in subnet mask (dotted decimal) notation. The subnet mask is used to

match the destination IPv4 address of the outgoing packet to the value in the Destination field. For

the IPv4 routing table of the TCP/IP component of Windows, this column is named Netmask in the

display of the route print command.

Next-Hop

The IPv4 address to which the packet is forwarded. For the IPv4 routing table of the TCP/IP

component of Windows, this column is named Gateway in the display of the route print command.

For direct deliveries, the Gateway column lists the IPv4 address assigned to an interface on the

computer.

Interface

The network interface that is used to forward the IPv4 packet. For the IPv4 routing table of the

TCP/IP component of Windows, this column contains an IPv4 address assigned to the interface.

Metric

A number used to indicate the cost of the route so that the best route, among potentially multiple

routes to the same destination, can be selected. The metric can indicate either the number of links in

the path to the destination or the preferred route to use, regardless of number of links.

IPv4 routing table entries can store the following types of routes:

Directly attached subnet routes

For directly attached subnet routes, the Next-Hop field is the IPv4 address of the interface on that

subnet.

Remote subnet routes

For remote subnet routes, the Next-Hop field is the IPv4 address of a neighboring router.

Host routes

For IPv4 host routes, the destination is a specific IPv4 address, and the network mask is

255.255.255.255.

Default route

The default route is used when a more specific subnet or host route is not found. The default route

destination is 0.0.0.0 with the network mask of 0.0.0.0. The next-hop address of the default route is

typically the default gateway of the node.

Route Determination Process

IPv4 uses the following process to determine which routing table entry to use for forwarding:

1. For each entry in the routing table, IPv4 performs a bit-wise logical AND operation between the

destination IPv4 address and the Network Mask field. The result is compared with the Destination

field of the entry for a match.

As described in Chapter 4, "Subnetting," the result of the bit-wise logical AND operation is:

o For each bit in the subnet mask that is set to 1, copy the corresponding bit from the

destination IPv4 address to the result.

o For each bit in the subnet mask that is set to 0, set the corresponding bit in the result to 0.

2. IPv4 compiles the list of matching routes and selects the route that has the longest match (that is, the

route with the highest number of bits set to 1 in the subnet mask). The longest matching route is the

most specific route to the destination IPv4 address. If the router finds multiple routes with the longest

matches (for example, multiple routes to the same address prefix), the router uses the lowest metric

to select the best route. If the metrics are the same, IPv4 chooses the interface that is first in the

binding order.

Name Resolution Techniques

Conventional name resolution transforms a DNS name into an IP address. At the highest level, this process

can be considered to have two phases. In the first phase, we locate a DNS name server that has the

information we need: the address that goes with a particular name. In the second phase, we send that server a

request containing the name we want to resolve, and it sends back the address required.

The Difficult Part of Name Resolution: Finding The Correct Server

Somewhat ironically, the second phase (the actual mapping of the name into an address) is fairly simple. It is

the first phase—finding the right server—that is potentially difficult, and comprises most of the work in DNS

name resolution. While perhaps surprising, this is a predictable result of how DNS is structured. Name

information in DNS is not centralized, but rather distributed throughout a hierarchy of servers, each of which

is responsible for one zone in the DNS name space. This means we have to follow a special sequence of steps

to let us find the server that has the information we need.

The formal process of name resolution parallels the tree-like hierarchy of the DNS name space, authorities

and servers. Resolution of a particular DNS name starts with the most general part of the name, and proceeds

from it to the most specific part. Naturally, the most general part of every name is the root of the DNS tree,

represented in a name as a trailing ―dot‖, sometimes omitted. The next most-specific part is the top-level

domain, then the second-level domain and so forth. The DNS name servers are ―linked‖ in that the DNS

server at one level knows the name of the servers that are responsible for subdomains in zones below it at the

next level.

Suppose we start with the fully-qualified domain name (FQDN) ―C.B.A.‖. Formally, every name resolution

begins with the root of the tree—this is why the root name servers are so important. It's possible that the root

name servers are authoritative for this name, but probably not; that's not what the root name servers are

usually used for. What the root name server does know is the name of the server responsible for the top-level

domain, ―A.‖.

The name server for ―A.‖ in turn may have the information to resolve ―C.B.A.‖ It's still fairly high-level,

though, so ―C.B.A‖ is probably not directly within its zone. In that case, it will not know the address we

seek, but it will know the name of the server responsible for ―B.A.‖. In turn, that name server may be

authoritative for ―C.B.A.‖, or it may just know the address of the server for ―C.B.A.‖, which will have the

information we need. As you can see, it is very possible that several different servers may be needed in a

name resolution.

Key Concept: Since DNS name information is stored as a distributed database spread across many servers,

name resolution cannot usually be performed using a single request/response communication. It is first

necessary to find the correct server that has the information that the resolver requires. This usually requires a

sequence of message exchanges, starting from a root name server and proceeding down to the specific server

containing the resource records that the client requires.

DNS Name Resolution Techniques

The DNS standards actually define two distinct ways of following this hierarchy of servers to discover the

correct one. They both eventually lead to the right device, but they differ in how they assign responsibility

for resolution when it requires multiple steps.

Iterative Resolution

When a client sends an iterative request to a name server, the server responds back with either the answer to

the request (for a regular resolution, the IP address we want) or the name of another server that has the

information or is closer to it. The original client must then iterate by sending a new request to this referred

server, which again may either answer it or provide another server name. The process continues until the

right server is found; the method is illustrated in Figure 243.

In this example, the client is performing a name resolution for ―C.B.A.‖ using strictly iterative resolution. It

is thus responsible for forming all DNS requests and processing all replies. It starts by sending a request to

the root name server for this mythical hierarchy. That server doesn’t have the address of ―C.B.A.‖, so it

instead returns the address of the name server for ―A.‖. The client then sends its query to that name server,

which points the client to the server for ―B.A.‖. That name server refers the client to the name server that

actually has the address for ―C.B.A.‖, which returns it to the client. Contrast to Figure 244

Figure 243: Iterative DNS Name Resolution

Recursive Resolution

When a client sends a recursive request to a name server, the server responds back with the answer if it has

the information sought. If it doesn't, the server takes responsibility for finding the answer by becoming a

client on behalf of the original client and sending new requests to other servers. The original client only

sends one request, and eventually gets the information it wants (or an error message if it is not available).

This technique is shown in Figure 244.

This is the same theoretical DNS resolution that I showed in Figure 243, but this time, the client asks for the

name servers to perform recursive resolution and they agree to do so. As in the iterative case, the client sends

its initial request to the root name server. That server doesn’t have the address of ―C.B.A.‖, but instead of

merely returning to the client the address of the name server for ―A.‖, it sends a request to that server itself.

That name server sends a request to the server for ―B.A.‖, which in turn sends a request to the server for

―C.B.A.‖. The address of ―C.B.A.‖ is then carried back up the chain of requests, from the server of ―C.B.A.‖

to that of ―B.A.‖, then ―A.‖, then the root, and then finally, back to the client.

Figure 244: Recursive DNS Name Resolution

Domain Name System

The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers,

services, or any resource connected to the Internet or a private network. Most importantly, it translates domain names

meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating

and addressing these devices worldwide.

Domain name space

The domain name space consists of a tree of domain names. Each node or leaf in the tree has zero or more

resource records, which hold information associated with the domain name. The tree sub-divides into zones

beginning at the root zone. A DNS zone may consist of only one domain, or may comprise many domains

and sub-domains, depending on the administrative authority delegated to the manager.

Administrative responsibility over any zone may be divided by creating additional zones. Authority is said to

be delegated for a portion of the old space, usually in form of sub-domains, to another nameserver and

administrative entity. The old zone ceases to be authoritative for the new zone.

The hierarchical domain name system, organized into zones, each served by a name server

Physical Address Resolution

Based on the destination IP address and the route determination process, IP determines the forwarding IP

address and interface to be used to forward the packet. IP then hands the IP packet, the forwarding IP

address, and the interface, to ARP.

If the forwarding IP address is the same as the destination IP address, then ARP performs a direct delivery. In

a direct delivery, the MAC address corresponding to the destination IP address must be resolved.

If the forwarding IP address is not the same as the destination IP address, then ARP performs an indirect

delivery. The forwarding IP address is the IP address of a router between the current IP node and the final

destination. In an indirect delivery, the MAC address corresponding to the IP address of the router must be

resolved.

To resolve a forwarding IP address to its MAC address, ARP uses the broadcasting facility on shared access

networking technologies (such as Ethernet or Token Ring) to send out a broadcasted ARP Request frame. An

ARP Reply, containing the MAC address corresponding to the requested forwarding IP address, is sent back

to the sender of the ARP Request.

Host name resolution

Host name resolution means successfully mapping a host name to an IP address. A host name is an

alias that is assigned to an IP node to identify it as a TCP/IP host. The host name can be up to 255

characters long and can contain alphabetic and numeric characters, hyphens, and periods. You can

assign multiple host names to the same host.

Windows Sockets (Winsock) programs, such as Internet Explorer and the FTP utility, can use one

of two values for the destination to which you want to connect: the IP address or a host name. When

the IP address is specified, name resolution is not needed. When a host name is specified, the host

name must be resolved to an IP address before IP-based communication with the desired resource

can begin.

Host names can take various forms. The two most common forms are a nickname and a domain

name. A nickname is an alias to an IP address that individual people can assign and use. A domain

name is a structured name in a hierarchical namespace called the Domain Name System (DNS). An

example of a domain name is www.microsoft.com.

Nicknames are resolved through entries in the Hosts file, which is stored in the

systemroot\System32\Drivers\Etc folder. For more information, see TCP/IP database files.

Domain names are resolved by sending DNS name queries to a configured DNS server. The DNS

server is a computer that stores domain name-to-IP address mapping records or has knowledge of

other DNS servers. The DNS server resolves the queried domain name to an IP address and sends

the result back.

You are required to configure your computers with the IP address of your DNS server in order to

resolve domain names. You must configure Active Directory-based computers running

Windows XP Professional or Windows Server 2003 operating systems with the IP address of a DNS

server.

Host Name Resolution Process

Host name resolution is the process of resolving a host name to an IP address before the source host

sends the initial IP packet. Table 7-1 lists the standard methods of host name resolution for TCP/IP

for Windows XP and Windows Server 2003.

Resolution

Method Description

Local host

name

The configured host name for the computer as displayed in the output of the

Hostname tool. This name is compared to the destination host name.

Hosts file

A local text file in the same format as the 4.3 Berkeley Software Distribution (BSD)

UNIX \etc\hosts file. This file maps host names to IP addresses. For TCP/IP for

Windows XP and Windows Server 2003, the contents of the Hosts file are loaded into

the DNS client resolver cache. For more information, see "The DNS Client Resolver

Cache" in this chapter.

DNS server A server that maintains a database of IP address-to-host name mappings and has the

ability to query other DNS servers for mappings that it does not contain.

Table 7-1 Standard Methods of Host Name Resolution

Table 7-2 lists the additional methods used by TCP/IP for Windows XP and Windows Server 2003

to resolve host names.

Resolution

Method Description

DNS client

resolver cache

A random access memory (RAM)-based table of the entries listed in the local

Hosts file and the names that were attempted for resolution by using a DNS

server.

NetBIOS name

cache

A RAM-based table of recently resolved NetBIOS names and their associated

IPv4 addresses.

NetBIOS name

server (NBNS)

A server that resolves NetBIOS names to IPv4 addresses, as specified by

Requests for Comments (RFCs) 1001 and 1002. The Microsoft implementation

of an NBNS is a Windows Internet Name Service (WINS) server.

Local broadcast Up to three NetBIOS Name Query Request messages are broadcast on the local

subnet to resolve the IPv4 address of a specified NetBIOS name.

Lmhosts file A local text file that maps NetBIOS names to IPv4 addresses for NetBIOS

processes running on computers located on remote subnets.

Table 7-2 Windows-Specific Methods of Host Name Resolution

How Packets Travel from Network to Network

What Kinds of Devices Are on a Network?

Previously, we stated that a network is made up of devices connected together. Besides personal computers,

like the Dells, IBMs and Macintoshes with which you might be familiar, other types of computers, such as

printers, servers, switches and routers, can be found on computer networks.

Servers

Servers are computers that provide some centralized resource that other computers on the network can

access. Servers store and send out web pages, send e-mails and provide high-powered computing for users on

a network. To make an analogy with a highway network, servers are like manufacturing plants; they provide

the information, or goods, that must travel to the other parts of the network. The network applications section

discusses in detail some of the duties that servers can perform.

Switches and Routers

Switches and routers are computers that sit on the intersections of the links of a network and are often called

gateways. When a packet travels through a link in a computer network and encounters either of these types of

computers, the switch or router, if it can, takes the packet and places it on the next link required for the

packet to reach its destination. These types of machines do not change the data in packets; they simply direct

them. Switches and routers differ slightly in the way that they route packets, and because of their differences

routers can direct packets in more complicated ways than switches. To continue with the highway analogy,

gateways are like highway interchanges, shifting packets (or cars), from one link (or road) onto another.

What Actually Connects These Computers?

There are many methods of linking computers together, the most well-used of which are copper wires, fiber

optics and radio waves. Information can be transmitted through electrical impulses over copper wire, light

impulses over fiber optics or radio waves from one computer to another. The section on types of network

links discusses this topic in more detail.

How Do Computers Know How to Talk to Each Other?

When you hear someone speaking in an unfamiliar language, you cannot understand what she is saying, even

though your ear is picking up the sound waves coming from her vocal chords. Similarly, computers on a

network will not be able to communicate unless they are able to speak the same "language." The languages

by which computers communicate over a network are called protocols. Protocols tell computers how to send

and receive data and what to do with the data after they receive it.

Computers send data in small pieces instead of all at once. Since the data is digital, it is already divided into

bits, so sending the data piece by piece is easy. These pieces of data are then sent in packets across the

network. A packet is the computer equivalent of an envelope. On the outside of the envelope are a source

address, a destination address and some basic synchronization information. Inside the envelope is the original

data as well as protocol information. For more details, see the diagram of a packet in a later section.

Multiple protocols can be used during data transmission. For example, one protocol might be used to

determine how the packet is routed through the network, another protocol could be used to resolve any

congestion problems that the packet encounters during transmission and yet another protocol could tell the

recipient computer how to interpret the data it is receiving. You can think of protocols as placing the original

data in another envelope. When a packet arrives at its destination, therefore, the first envelope, which has

address information, is stripped off the packet and the next envelope is examined. After analyzing the

protocol instructions, that envelope is removed and the next is examined. This process continues until the

original data is recovered.

Basic protocols are usually installed as hardware or are part of the basic operating system of a computer.

TCP/IP, IPX, and AppleShare are examples of such protocols and are the three most commonly used

protocols at Princeton. For more information see the section on network protocols. Other protocols are

specific to certain types of applications. The transfer of web pages, for example, uses a protocol called

HyperText Transfer Protocol, or HTTP. These types of protocols are discussed in the network applications

section.

How Does a Packet Travel through a Network?

Let's say that I want to send information to one of the servers here at Princeton. Here's how it would happen:

My computer would take the first chunk of the data I want to send and wrap it in a protocol envelope. This

envelope would then be passed to my network card that is connected via copper wire, for example, to the rest

of the network. The network card would put another envelope around the data and then transmit the whole

packet over the wire. Any gateways connected to that wire would look at the destination address for the

packet and, if possible, pass the packet farther along the path towards its destination. This process would be

repeated at other gateways along the packet's path until the final gateway transmits the packet to its final

destination. The destination computer would then strip off the envelopes and process the data.

Address Resolution Protocol

Address Resolution Protocol - (ARP) A method for finding a host's Ethernet address from its Internet

address. The sender broadcasts an ARP packet containing the Internet address of another host and waits for it

(or some other host) to send back its Ethernet address. Each host maintains a cache of address translations to

reduce delay and loading. ARP allows the Internet address to be independent of the Ethernet address but it

only works if all hosts support it.

The Address Resolution Protocol (ARP) is a computer networking protocol for determining a

network host's Link Layer or hardware address when only its Internet Layer (IP) or Network Layer

address is known. This function is critical in local area networking as well as for routing

internetworking traffic across gateways (routers) based on IP addresses when the next-hop router

must be determined. ARP was defined by RFC 826 in 1982. It is Internet Standard STD 37.

ARP has been implemented in many types of networks, such as Internet Protocol (IP), CHAOS,

DECNET, Xerox PARC Universal Packet, Token Ring, FDDI, IEEE 802.11 and other LAN

technologies, as well as the modern high capacity networks, such as Asynchronous Transfer Mode

(ATM).

Packet structure

The Address Resolution Protocol uses a simple message format that contains one address

resolution request or response. The size of the ARP message depends on the upper layer and lower

layer address sizes, which are given by the type of networking protocol (usually IPv4) in use and

the type of hardware or virtual link layer that the upper layer protocol is running on. The message

header specifies these types, as well as the size of addresses of each. The message header is

completed with the operation code for request (1) and reply (2). The payload of the packet consists

of four addresses, the hardware and protocol address of the sender and receiver hosts.

The principal packet structure of ARP packets is shown in the following table which illustrates the

case of IPv4 networks running on Ethernet. In this scenario, the packet has 48-bit fields for the

sender hardware address (SHA) and target hardware address (THA), and 32-bit fields for the

corresponding sender and target protocol addresses (SPA and TPA). Thus, the ARP packet size in

this case is 28 bytes.

Internet Protocol (IPv4) over Ethernet ARP packet

bit

offset 0 – 7 8 – 15

0 Hardware type (HTYPE)

16 Protocol type (PTYPE)

32 Hardware address length (HLEN) Protocol address length (PLEN)

48 Operation (OPER)

64 Sender hardware address (SHA) (first 16 bits)

80 (next 16 bits)

96 (last 16 bits)

112 Sender protocol address (SPA) (first 16 bits)

128 (last 16 bits)

144 Target hardware address (THA) (first 16 bits)

160 (next 16 bits)

176 (last 16 bits)

192 Target protocol address (TPA) (first 16 bits)

208 (last 16 bits)

Hardware type (HTYPE)

This field specifies the Link Layer protocol type. Example: Ethernet is 1.

Protocol type (PTYPE)

This field specifies the upper layer protocol for which the ARP request is intended. For IPv4, this has

the value 0x0800. The permitted PTYPE values share a numbering space with those for Ethertype.

Hardware length (HLEN)

Length (in octets) of a hardware address. Ethernet addresses size is 6.

Protocol length (PLEN)

Length (in octets) of addresses used in the upper layer protocol. (The upper layer protocol specified

in PTYPE.) IPv4 address size is 4.

Operation

Specifies the operation that the sender is performing: 1 for request, 2 for reply.

Sender hardware address (SHA)

Hardware (MAC) address of the sender.

Sender protocol address (SPA)

Upper layer protocol address of the sender.

Target hardware address (THA)

Hardware address of the intended receiver. This field is ignored in requests.

Target protocol address (TPA)

Upper layer protocol address of the intended receiver.

Inverse ARP

Inverse Address Resolution Protocol - (InARP) Additions to ARP typically used for Frame Relay. Frame

Relay stations route frames of a higher level protocol between LANs, across a Permanent Virtual Circuit.

These stations are identified by their Data Link Control Identifier (DLCI), equivalent to an Ethernet address

in a LAN itself.

InARP allows a station to determine a protocol address (e.g. IP address) from a DLCI. This is useful if a new

virtual circuit becomes available. Signalling messages announce its DLCI, but without the corresponding

protocol address it is unusable: no frames can be routed to it.

Reverse ARP (RARP) performs a similar task on an Ethernet LAN, however RARP answers the question

"What is my IP Address?" whereas InARP answers the question "What is your protocol address?".

Proxy ARP

ARP was designed to be used by devices that are directly connected on a local network. Each device on the

network should be capable of sending both unicast and broadcast transmissions directly to each other one.

Normally, if device A and device B are separated by a router, they would not be considered local to each

other. Device A would not send directly to B or vice-versa; they would send to the router instead at layer two,

and would be considered ―two hops apart‖ at layer three.

Why Proxy ARP Is Needed

In contrast to the normal situation, in some networks there might be two physical network segments

connected by a router that are in the same IP network or subnetwork. In other words, device A and device B

might be on different networks at the data link layer level, but on the same IP network or subnet. When this

happens, A and B will each think the other is on the local network when they look to send IP datagrams.

In this situation, suppose that A wants to send a datagram to B. It doesn't have B's hardware address in the

cache, so it begins an address resolution. When it broadcasts the ARP Request message to get B's hardware

address, however, it will quickly run into a problem: B is in fact not on A's local network. The router between

them will not pass A's broadcast onto B's part of the network, because routers don't pass hardware-layer

broadcasts. B will never get the request and thus A will not get a reply containing B’s hardware address.

Proxy ARP Operation

The solution to this situation is called ARP proxying or Proxy ARP. In this technique, the router that sits

between the local networks is configured to respond to device A's broadcast on behalf of device B. It does not

send back to A the hardware address of device B; since they are not on the same network, A cannot send

directly to B anyway. Instead, the router sends A its own hardware address. A then sends to the router, which

forwards the message to B on the other network. Of course, the router also does the same thing on A's behalf

for B, and for every other device on both networks, when a broadcast is sent that targets a device not on the

same actual physical network as the resolution initiator. This is illustrated in Figure 50.

In this small internetwork, a single router connects two LANs that are on the same IP network or subnet. The

router will not pass ARP broadcasts, but has been configured to act as an ARP proxy. In this example, device

A and device D are each trying to send an IP datagram to the other, and so each broadcasts an ARP Request.

The router responds to the request sent by Device A as if it were Device D, giving to A its own hardware

address (without propagating Device A’s broadcast.) It will forward the message sent by A to D on D’s

network. Similarly, it responds to Device D as if it were Device A, giving its own address, then forwarding

what D sends to it over to the network where A is located.

Figure 50: ARP Proxy Operation

Proxy ARP provides flexibility for networks where hosts are not all actually on the same physical network

but are configured as if they were at the network layer. It can be used to provide support in other special

situations where a device cannot respond directly to ARP message broadcasts. It may be used when a

firewall is configured for security purposes. A type of proxying is also used as part of the Mobile IP protocol,

to solve the problem of address resolution when a mobile device travels away from its home network.

Key Concept: Since ARP relies on broadcasts for address resolution, and broadcasts are not propagated

beyond a physical network, ARP cannot function between devices on different physical networks. When

such operation is required, a device, such as a router, can be configured as an ARP proxy to respond to ARP

requests on the behalf of a device on a different network.

Advantages of Proxy ARP

The main advantage of proxy ARP is that it can be added to a single router on a network and does

not disturb the routing tables of the other routers on the network.

Proxy ARP must be used on the network where IP hosts are not configured with a default gateway

or do not have any routing intelligence.

Disadvantages of Proxy ARP

Hosts have no idea of the physical details of their network and assume it to be a flat network in

which they can reach any destination simply by sending an ARP request. But using ARP for

everything has disadvantages. These are some of the disadvantages:

It increases the amount of ARP traffic on your segment.

Hosts need larger ARP tables in order to handle IP-to-MAC address mappings.

Security can be undermined. A machine can claim to be another in order to intercept

packets, an act called "spoofing."

It does not work for networks that do not use ARP for address resolution.

It does not generalize to all network topologies. For example, more than one router that

connects two physical networks.

Subnet Masks

A subnet mask allows you to identify which part of an IP address is reserved for the network, and

which part is available for host use. If you look at the IP address alone, especially now with

classless inter-domain routing, you can't tell which part of the address is which. Adding the subnet

mask, or netmask, gives you all the information you need to calculate network and host portions of

the address with ease. In summary, knowing the subnet mask can allow you to easily calculate

whether IP addresses are on the same subnet, or not.

Determining network and host portions of an IP address using a subnet mask

To determine what the network address is for any given IP address, you merely have to convert both

octal addresses into binary, and do a bitwise AND operation. An example using an IP address of

156.154.81.56 used with a network mask of 255.255.255.240 follows:

IP Address: 10011100.10011010.01010001.00111000

Subnet mask: 11111111.11111111.11111111.11110000

Bitwise AND ———————————————–

Result: 10011100.10011010.01010001.00110000

As you can see, the network address for the IP address and subnet mask in question is

156.154.81.48. To determine the how many hosts are possible to be on this same subnet, it is a

simple operation. Count the number of bits from the right until you get to the first "1" in the binary

network address display. That number will be the power you raise 2 to for the calculation of

possible number of hosts. You must also subtract two from the result because one address is

reserved for broadcast and network addresses. This leaves you with the final algorithm of 2^n-2. In

this case there are 4 bits of 0 in the network address, leaving you with 2^4-2 hosts possible, or 14

hosts. This means that your network address is 156.54.81.48, that you have a range of addresses

available to hosts from 156.154.81.49 – 156.154.81.62, and that the broadcast address for this

network is 156.154.81.63.

Are subnet masks necessary?

Subnet masks are critical to communications on an IP network. Network devices use the IP address

targets and defined netmask to determine if the network the host is on is a local subnet, or a remote

network. This is important because devices act differently depending on the result. If the subnet is

local, the device will send an ARP request to retrieve the MAC or hardware address of the system in

question to communicate over the data-link layer. If the address is found to be on a remote network,

then the network device routes packets to the gateway in it's routing table that is set to handle that

network. If no routing table entry is found matching that network, the packets are routed to the

default route. If no default route is defined, the packets are dropped with nowhere left to go.

UNIT –V

Classful network:

A classful network is a network addressing architecture used in the Internet from 1981 until the introduction

of Classless Inter-Domain Routing in 1993. The method divides the address space for Internet Protocol

Version 4 (IPv4) into five address classes. Each class, coded in the first four bits of the address, defines

either a different network size, i.e. number of hosts for unicast addresses (classes A, B, C), or a multicast

network (class D). The fifth class (E) address range is reserved for future or experimental purposes.

Background

Originally, a 32-bit IPv4 address was logically subdivided into the network number field, the most-

significant 8 bits of an address, which specified the particular network a host was attached to, and the local

address, also called rest field (the rest of the address), which uniquely identifies a host connected to that

network. This format was sufficient at a time when only a few large networks existed, such as the

ARPANET which was assigned the network number 10, and before the wide proliferation of local area

networks (LANs). As a consequence of this architecture, the address space supported only a low number

(254) of independent networks, and it became clear very early on that this would not be enough.

Introduction of address classes

Expansion of the network had to ensure compatibility with the existing address space and the Internet

Protocol (IP) packet structure, and avoid the renumbering of the existing networks. The solution was to

expand the definition of the network number field to include more bits, allowing more networks to be

designated, each potentially having fewer hosts. All existing network numbers at the time were smaller than

64, they only used the 6 least-significant bits of the network number field. Thus it was possible to use the

most-significant bits of an address to introduce a set of address classes, while preserving the existing network

numbers in the first of these classes.

The new addressing architecture was introduced by RFC 791 in 1981 as a part of the specification of the

Internet Protocol. It divided the address space into primarily three address formats, henceforth called address

classes, and left a fourth range reserved to be defined later.

The first class, designated as Class A, contained all addresses in which the most significant bit is zero. The

network number for this class is given by the next 7 bits, therefore accommodating 128 networks in total,

including the zero network, and including the existing IP networks already allocated. A Class B network was

a network in which all addresses had the two most-significant bits set to 1 and 0. For these networks, the

network address was given by the next 14 bits of the address, thus leaving 16 bits for numbering host on the

network for a total of 65536 addresses per network. Class C was defined with the 3 high-order bits set to 1,

1, and 0, and designating the next 21 bits to number the networks, leaving each network with 256 local

addresses.

The leading bit sequence 111 designated an "escape to extended addressing mode", which was later

subdivided in to Class D (1110) for multicast addressing, while leaving as reserved for future use the 1111

block designated as Class E.

Class Leading

bits

Size of

network

number bit

field

Size of

rest

bit field

Number

of networks

Addresses

per network

Start

address End address

Class A 0 8 24 128 (27) 16,777,216 (2

24) 0.0.0.0 127.255.255.255

Class B 10 16 16 16,384 (214

) 65,536 (216

) 128.0.0.0 191.255.255.255

Class C 110 24 8 2,097,152 (221

) 256 (28) 192.0.0.0 223.255.255.255

Class D

(multicast) 1110 not defined

not

defined not defined not defined 224.0.0.0 239.255.255.255

Class E

(reserved) 1111

not

defined

not

defined not defined not defined 240.0.0.0 255.255.255.255

The number of addresses usable for addressing specific hosts in each network is always 2N - 2 (where N is

the number of rest field bits, and the subtraction of 2 adjusts for the use of the all-bits-zero host portion for

network address and the all-bits-one host portion as a broadcast address. Thus, for a Class C address with 8

bits available in the host field, the number of hosts is 254.

Bit-wise representation

In the following table:

n indicates a binary slot used for network ID.

H indicates a binary slot used for host ID.

X indicates a binary slot (without specified purpose)

Class A

0. 0. 0. 0 = 00000000.00000000.00000000.00000000

127.255.255.255 = 01111111.11111111.11111111.11111111

0nnnnnnn.HHHHHHHH.HHHHHHHH.HHHHHHHH

Class B

128. 0. 0. 0 = 10000000.00000000.00000000.00000000

191.255.255.255 = 10111111.11111111.11111111.11111111

10nnnnnn.nnnnnnnn.HHHHHHHH.HHHHHHHH

Class C

192. 0. 0. 0 = 11000000.00000000.00000000.00000000

223.255.255.255 = 11011111.11111111.11111111.11111111

110nnnnn.nnnnnnnn.nnnnnnnn.HHHHHHHH

Class D

224. 0. 0. 0 = 11100000.00000000.00000000.00000000

239.255.255.255 = 11101111.11111111.11111111.11111111

1110XXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX

Class E

240. 0. 0. 0 = 11110000.00000000.00000000.00000000

255.255.255.255 = 11111111.11111111.11111111.11111111

1111XXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX

The replacement of classes

The first architecture change extended the addressing capability in the Internet, but did not prevent IP address

shortage. The principal problem was that many sites needed larger address blocks than a Class C network

provided, and therefore they received a Class B block, which was in most cases much larger than required. In

the rapid growth of the Internet, the pool of unassigned Class B addresses (214

, or about 16,000) was rapidly

being depleted. Classful networking was replaced by Classless Inter-Domain Routing (CIDR), starting in

1993 with the specification of RFC 1518 and RFC 1519, to attempt to solve this problem.

Early allocations of IP addresses by the Internet Assigned Numbers Authority (IANA) were in some cases

not made efficiently, which contributed to the problem. However, the commonly held notion that some

American organizations unfairly or unnecessarily received Class A networks is wrong; most such allocations

date to the period before the introduction of address classes, when the only address blocks available were

what later became known as Class A networks.

Self Test Example

1.Need to retrieve a file from the file server for your word processing application, which layer of the

OSI model is responsible for this function?

1. Presentation layer 2. Application layer 3. Session layer

4. Transport layer 5. Datalink layer

2. You are working in a word processing program, which is run from the file server. Your data comes

back to you in an unintelligible manner. Which layer of the OSI model would you investigate?

1. Application layer 2. Presentation layer 3. Session layer

4. Network layer 5. Datalink layer

3. IEEE subdivided the datalink layer to provide for environments that need connectionless or

connection-oriented services. What are the two layers called?

1. Physical 2. MAC 3. LLC 4. Session 5. IP

4. You are working with graphic translations. Which layer of the OSI model is responsible for code

formatting and conversion and graphic standards.

1. Network layer 2. Session layer

3. Transport layer 4. Presentation layer

5. Which is the best definition of encapsulation?

1. Each layer of the OSI model uses encryption to put the PDU from the upper layer into its data field. It adds

header and trailer information that is available to its counterpart on the system that will receive it.

2. Data always needs to be tunneled to its destination so encapsulation must be used.

3. Each layer of the OSI model uses compression to put the PDU from the upper layer into its data field. It

adds header and trailer information that is available to its counterpart on the system that will receive it.

4. Each layer of the OSI model uses encapsulation to put the PDU from the upper layer into its data field. It

adds header and trailer information that is available to its counterpart on the system that will receive it.

6. Routers can be configured using several sources. Select which of the following sources can be used.

1. Console Port 2. Virtual Terminals 3. TFTP Server

4. Floppy disk 5. Removable media

7. Which memory component on a Cisco router contains the dynamic system configuration?

1. ROM 2. NVRAM 3. Flash 4. RAM/DRAM

8. Which combination of keys will allow you to view the previous commands that you typed at the

router?

1. ESC-P 2. Ctrl-P 3. Shift-P 4. Alt-P

9. Which commands will display the active configuration parameters?

1. show running-config 2. write term 3. show version 4. display term

10. You are configuring a router, which prompt tells you that you are in the privileged EXEC mode?

1. @ 2. > 3. ! 4. : 5. #

11. What does the command “IP name-server 255.255.255.255? accomplish?

1. It disables domain name lookup.

2. It sets the domain name lookup to be a local broadcast.

3. This is an illegal command.

4. The command is now defunct and has been replaced by ―IP server-name ip any‖

12. The following selections show the command prompt and the configuration of the IP network mask.

Which two are correct?

1. Router(config-if)#netmask-format { bitcount | decimal | hexadecimal }

2. Router#term IP netmask-format { bitcount | decimal | hexadecimal }

3. Router(config-if)#IP netmask-format { bitcount | decimal | hexadecimal }

4. Router#ip netmask-format { bitcount | decimal | hexadecimal }

15. Which layer is responsible for flow control with sliding windows and reliability with sequence

numbers and acknowledgments?

1. Transport 2. Application 3. Internet 4. Network Interface

16. Which processes does TCP, but not UDP, use?

1. Windowing 2. Acknowledgements 3. Source Port 4. Destination Port

17. Select which protocols use distance vector routing?

1. OSPF 2. RIP 3. IGRP 4. PPP

Probable Answers:

1. 2 2. 1 3. 3,4 4. 4

5. 2 6. 1,2,3 7. 4 8. 2

9. 1 10. 5 11. 4 12. 3

13. 1 14. 1 15. 2,3