Prerequisites
-
Network configuration (p. 31)
Goals
-
Understand formal TCP/IP network concepts
-
Understand the four layer TCP/IP model
-
Introduce service port numbers
1. Binary Numbers and the Dotted Quad
Binary numbers
-
10 = 21
|
100 = 22
|
101 = 22 + 1
|
111 = 100 + 010 + 001
|
This means that a binary number can easily be converted into a decimal as follows:
10000000 = 27 = 128
01000000 = 26 = 64
00100000 = 25 = 32
00010000 = 24 = 16
00001000 = 23 = 8
00000100 = 22 = 4
00000010 = 21 = 2
00000001 = 20 = 1
The Dotted Quad:
The familiar IP address assigned to an interface is called a dotted quad. In the case of an ipv.4 address this is 4 bytes (4 times 8 bits) separated by dots.
-
Decimal
|
Binary
|
192.168.1.1
|
11000000.10101000.00000001.00000001
|
2. Broadcast Address, Network Address and Netmask
An IP number contains information about both the host address (or interface) and network address.
A netmask is used to define which part of the IP address is used for the network, it is also called a subnet mask.
A 16 bit and 17 bit netmask:
-
255.255.0.0
|
16-bit
|
1 1 1 1 1 1 1 1 . 1 1 1 1 1 1 1 1 . 0 0 0 0 0 0 0 0 . 0
|
255.255.128.0
|
17-bit
|
1 1 1 1 1 1 1 1 . 1 1 1 1 1 1 1 1 . 1 0 0 0 0 0 0 0 . 0
|
The netmask is usually given in decimal.
Example: with a 16-bit netmask the following IPs are on the same networks:
00100000 .
|
10000000 .
|
00000001 .
|
00000001
|
00100000 .
|
10000000 .
|
00000000 .
|
00000011
|
This means that any bits that are changed inside the box (8+8=16 bits) will change the network address and the interfaces will need a gateway to connect to each other.
In the same way, any bits that are changed ouside the box will change the interface address without changing networks.
For example with a 24-bit netmask the above two IPs would be on different neworks:
00100000 .
|
10000000 .
|
00000001 .
|
00000001
|
00100000 .
|
10000000 .
|
00000000 .
|
00000011
|
Every network has a number which is needed when setting up routing. The network number is a portion of the dotted quad. The host address portion is replaced by zero’s.
Typical network address: 192.168.1.0
A machine’s broadcast address is a range of hosts/interfaces that can be accessed on the same network.
For example a host with the broadcast address 10.1.255.255 will access any machine with an IP address of the form 10.1.x.x. Typical broadcast: 192.168.1.255
The dotted quad revisited
Simple logical operations can be applied to the broadcast, netmask and network numbers.
To retrieve the network address from an IP number simply AND the IP with the netmask..
-
Network Address = IP AND Netmask
|
Similarly the broadcast address is found with the network address OR ‘not MASK’.
-
Broadcast Address = Network OR not[Netmask]
|
Here AND and OR are logical operations on the binary form of these addresses
Example:
Take the IP 192.168.3.5 with a net mask 255.255.255.0. We can do the following operations:
Network address = IP AND MASK
11000000. 10101000.00000011.00000101 (192.168.3.5)
AND
11111111.11111111.11111111.00000000 (255.255.255.000)
_____________________________________________
11000000.10101000.00000011.00000000 (192.168.3.0)
Broadcast Address = IP OR NOT-MASK
11000000. 10101000.00000011.00000101 (192.168.3.5)
OR
00000000.00000000.00000000.11111111 (000.000.000.255)
_____________________________________________
11000000.10101000.00000011.11111111 (192.168.3.255)
It is clear from the above example that an IP number together with a netmask is enough to retrieve all the information relative to the network and the host.
3. Network Classes
For private networks a certain number of IP addresses are allocated which are never used on the Internet. These reserved IP’s are typically used for LAN’s.
The following table displays the various private/reserved classes.
Table1: Reserved addresses
1
|
Class A
|
10.x.x.x
|
16
|
Class B
|
172.16.x.x -- 172.31.x.x
|
255
|
Class C
|
192.168.o.x
|
Class A: 8-bit network address and 24-bit host address
The first byte of the IP number is reserved for the network address. So the default subnet mask would be 255.0.0.0. The 3 remaining bytes are available to set host interfaces.
Since 255.255.255 and 0.0.0 are invalid host numbers there are 224 – 2 = 16 777 214 possible hosts.
IP numbers have the first byte ranging from 1 to 127. This corresponds to a binary range of 00000001 to 01111111. The first two bits of a class A address can be set to “00” or “01”.
Class B: 16-bit network address and 16-bit host address
The two first bytes of the IP number are reserved for the network address. The default subnet mask is 255.255.0.0. There are 216 – 2 = 65 534 possible hosts.
The first byte ranges from 128 to 191. Notice that the binary range of the first byte is 10000000 to 10111111. That is the first two bits of a class B address are always set to “10”.
Class C: 24-bit network address and 8-bit host address
The three first bytes are reserved for the network address. The default subnet mask is 255.255.255.0. There are 28 – 2 = 254 possible hosts.
The first byte ranges from 192 to 223. This corresponds to a binary range from 11000000 to 11011111. From this we conclude that the first two bits of a class C address is always set to “11”.
4. Classless Subnets
Subneting occurs when bits reserved for hosts are used for the network. This is determined by the netmask and results in networks being split.
For example a regular class A netmask 255.0.0.0 can be altered to allow the first 1-bit of the second byte to be part of the network. This results in a 9-bit network address and a 23-bit host address IP.
The binary netmask looks like
11111111.10000000.00000000.00000000 or 255.128.0.0
Slash Notation
A network can be described using a slash notation. The following notations are equivalent:
10.0.0.0/9
network 10.0.0.0, netmask 255.128.0.0
We will take the example of a class C address 192.168.1.0. We investigate a 25-bit then a 26-bit network.
25-bit network
Netmask: 11111111.11111111.11111111.10000000 or 255.255.255.128
Since Network = IP AND Netmask, we see from the netmask that two network addresses can be formed depending on the hosts range:
1. Host addresses in the 192.168.1.0xxxxxxx range result in a 192.168.1.0 network. We say the network number is 0
2. Host addresses in the 192.168.1.1xxxxxxx range result in a 192.168.1.128 network. We say the network number is 128
In both cases substitution of the x’s bye zeros or ones have a special meaning
Network address
|
Substitute with 0’s
|
Substitute with 1’s
|
0
|
Network: 0
|
Broadcast: 127
|
128
|
Network: 128
|
Broadcast: 255
|
We are left with the task of counting the number of hosts on each network. Since the host address is 7-bit long and we exclude 2 values (all 1’s and all 0’s) we have 27 – 2 = 126 hosts on each network or a total of 252 hosts.
Notice that if the default subnet mask 255.255.255.0 is used we have 254 available host addresses. In the above example 192.168.1.127 and 192.168.1.128 are taken for the first broadcast and second network respectively, this is why only 252 host addresses can be used.
26-bit network
Netmask: 11111111.11111111.11111111.11000000 or 255.255.255.192
Here again depending on the host’s address 4 different network addresses can be determined with the AND rule.
1. Host addresses in the 192.168.1.00xxxxxx range result in a 192.168.1.0 network.
2. Host addresses in the 192.168.1.01xxxxxx range result in a 192.168.1.64 network.
3. Host addresses in the 192.168.1.10xxxxxx range result in a 192.168.1.128 network.
4. Host addresses in the 192.168.1.11xxxxxx range result in a 192.168.1.192 network.
Substituting the x’s with 1’s in the numbers above give us the corresponding broadcast addresses: 192.168.1.63, 192.168.1.127, 192.168.1.191, 192.168.1.255
Each subnet has 26 – 2 = 62 possible hosts or a total of 248.
5. The TCP/IP Suite
TCP/IP is a suite of protocols used on the Internet. The name is meant to describe that several protocols are needed in order to carry data and programs accross a network. The main two protocols are TCP Transmission Control Protocol and IP Internet Protocol.
To simplify, IP handles packets or datagrams only (destination address, size...) whereas TCP handles the connection between two hosts. The idea is that protocols relay each other, each one doing its’ specialised task. In this context one speaks of the TCP/IP stack.
The protocols intervene therefore at various layers of the networking process.
The 4 layer TCP/IP model:
-
Application
|
application level (FTP, SMTP, SNMP)
|
Transport
|
handles hosts (TCP, UDP)
|
Internet
|
routing (IP, ICMP, IGMP, ARP)
|
Network Access
|
network cards, e.g Ethernet, token ring …
|
● Protocol Overview
-
IP
|
The Internet Protocol (IP) is the transport for TCP, UDP, and ICMP data. IP Provides an unreliable connectionless service, allowing all integrity to be handled by one of the upper layer protocols, I.e. TCP, or some application-specific devices. There is no guarantee that a datagram will reach the host using IP alone. The IP protocol handles the addressing and the routing between networks. IP is the datagram delivery service.
|
TCP
|
Transmission Control Protocol (TCP) provides a reliable connection orientated service to applications that use it. TCP is connection orientated and checks on each host the order in which the packets are sent/received and also verifies that all the packets are transmitted. Applications such as telnet or ftp use the TCP protocol and don’t need to handle issues over data loss etc …
|
UDP
|
The User Datagram Protocol provides direct access to IP for application programs but unlike TCP, is connectionless and unreliable. This provides less overhead for applications concentrated on speed. If some form of packet accounting is needed this has to be provided by the application.
|
ICMP
|
The Internet Control Message Protocol is used by routers and hosts to report on the status of the network. It uses IP datagrams and is itself connectionless
|
PPP
|
The Point to Point Protocol establishes a TCP/IP connection over phone lines. It can also be used inside encrypted connections such as pptp.
|
The list of known services and their relative ports is generally found in /etc/services. The official list of services and associated ports is managed by the IANA (Internet Assigned Numbers Authority).
Since the port field is a 16-bit digit there are 65535 available numbers. Numbers from 1 to 1023 are privileged ports and are reserved for services run by root. Most known applications will listen on one of these ports.
We will look at the output of portscans. Beware that unauthorised portscanning is illegal although many people use them.
Here is the output of a portscan:
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
70/tcp open gopher
79/tcp open finger
80/tcp open http
This shows open ports, these are ports being used by an application.
The /etc/services main ports:
ftp-data 20/tcp
ftp 21/tcp
ssh 22/udp
ssh 22/tcp
telnet 23/tcp
smtp 25/tcp mail
domain 53/tcp
domain 53/udp
http 80/tcp # www is used by some broken
pop-3 110/tcp # PostOffice V.3
sunrpc 111/tcp
sftp 115/tcp
uucp-path 117/tcp
nntp 119/tcp usenet # Network News Transfer
ntp 123/tcp # Network Time Protocol
netbios-ns 137/tcp nbns
netbios-ns 137/udp nbns
netbios-dgm 138/tcp nbdgm
netbios-dgm 138/udp nbdgm
netbios-ssn 139/tcp nbssn
imap 143/tcp # imap network mail protocol
NeWS 144/tcp news # Window System
snmp 161/udp
snmp-trap 162/udp
Dostları ilə paylaş: |