L120: Linux System Administration II



Yüklə 1,05 Mb.
səhifə6/16
tarix11.10.2017
ölçüsü1,05 Mb.
#4275
1   2   3   4   5   6   7   8   9   ...   16

TCP/IP Networks



Prerequisites


    • Network configuration (p. 31)


Goals


    • Understand formal TCP/IP network concepts

    • Manage subnets

    • Understand the four layer TCP/IP model

    • Introduce service port numbers


1. Binary Numbers and the Dotted Quad



Binary numbers


10 = 21

100 = 22

101 = 22 + 1

111 = 100 + 010 + 001

This means that a binary number can easily be converted into a decimal as follows:


10000000 = 27 = 128

01000000 = 26 = 64

00100000 = 25 = 32

00010000 = 24 = 16

00001000 = 23 = 8

00000100 = 22 = 4

00000010 = 21 = 2

00000001 = 20 = 1


The Dotted Quad:
The familiar IP address assigned to an interface is called a dotted quad. In the case of an ipv.4 address this is 4 bytes (4 times 8 bits) separated by dots.


Decimal

Binary

192.168.1.1

11000000.10101000.00000001.00000001

2. Broadcast Address, Network Address and Netmask

An IP number contains information about both the host address (or interface) and network address.



  • The Netmask

A netmask is used to define which part of the IP address is used for the network, it is also called a subnet mask.


A 16 bit and 17 bit netmask:


255.255.0.0

16-bit

1 1 1 1 1 1 1 1 . 1 1 1 1 1 1 1 1 . 0 0 0 0 0 0 0 0 . 0

255.255.128.0

17-bit

1 1 1 1 1 1 1 1 . 1 1 1 1 1 1 1 1 . 1 0 0 0 0 0 0 0 . 0

The netmask is usually given in decimal.


Example: with a 16-bit netmask the following IPs are on the same networks:



00100000 .

10000000 .

00000001 .

00000001

00100000 .

10000000 .

00000000 .

00000011

This means that any bits that are changed inside the box (8+8=16 bits) will change the network address and the interfaces will need a gateway to connect to each other.


In the same way, any bits that are changed ouside the box will change the interface address without changing networks.
For example with a 24-bit netmask the above two IPs would be on different neworks:


00100000 .

10000000 .

00000001 .

00000001

00100000 .

10000000 .

00000000 .

00000011


  • The Network Address

Every network has a number which is needed when setting up routing. The network number is a portion of the dotted quad. The host address portion is replaced by zero’s.

Typical network address: 192.168.1.0


  • The Broadcast Address

A machine’s broadcast address is a range of hosts/interfaces that can be accessed on the same network.

For example a host with the broadcast address 10.1.255.255 will access any machine with an IP address of the form 10.1.x.x. Typical broadcast: 192.168.1.255

The dotted quad revisited


Simple logical operations can be applied to the broadcast, netmask and network numbers.
To retrieve the network address from an IP number simply AND the IP with the netmask..


Network Address = IP AND Netmask

Similarly the broadcast address is found with the network address OR ‘not MASK’.




Broadcast Address = Network OR not[Netmask]

Here AND and OR are logical operations on the binary form of these addresses



Example:
Take the IP 192.168.3.5 with a net mask 255.255.255.0. We can do the following operations:

Network address = IP AND MASK
11000000. 10101000.00000011.00000101 (192.168.3.5)

AND


11111111.11111111.11111111.00000000 (255.255.255.000)

_____________________________________________


11000000.10101000.00000011.00000000 (192.168.3.0)
Broadcast Address = IP OR NOT-MASK
11000000. 10101000.00000011.00000101 (192.168.3.5)

OR

00000000.00000000.00000000.11111111 (000.000.000.255)



_____________________________________________
11000000.10101000.00000011.11111111 (192.168.3.255)

It is clear from the above example that an IP number together with a netmask is enough to retrieve all the information relative to the network and the host.



3. Network Classes


  • ● Reserved IP addresses

For private networks a certain number of IP addresses are allocated which are never used on the Internet. These reserved IP’s are typically used for LAN’s.

The following table displays the various private/reserved classes.
Table1: Reserved addresses


1

Class A

10.x.x.x

16

Class B

172.16.x.x -- 172.31.x.x

255

Class C

192.168.o.x




Class A: 8-bit network address and 24-bit host address

The first byte of the IP number is reserved for the network address. So the default subnet mask would be 255.0.0.0. The 3 remaining bytes are available to set host interfaces.

Since 255.255.255 and 0.0.0 are invalid host numbers there are 224 – 2 = 16 777 214 possible hosts.

IP numbers have the first byte ranging from 1 to 127. This corresponds to a binary range of 00000001 to 01111111. The first two bits of a class A address can be set to “00” or “01”.



Class B: 16-bit network address and 16-bit host address

The two first bytes of the IP number are reserved for the network address. The default subnet mask is 255.255.0.0. There are 216 – 2 = 65 534 possible hosts.

The first byte ranges from 128 to 191. Notice that the binary range of the first byte is 10000000 to 10111111. That is the first two bits of a class B address are always set to “10”.

Class C: 24-bit network address and 8-bit host address

The three first bytes are reserved for the network address. The default subnet mask is 255.255.255.0. There are 28 – 2 = 254 possible hosts.

The first byte ranges from 192 to 223. This corresponds to a binary range from 11000000 to 11011111. From this we conclude that the first two bits of a class C address is always set to “11”.


4. Classless Subnets

Subneting occurs when bits reserved for hosts are used for the network. This is determined by the netmask and results in networks being split.


For example a regular class A netmask 255.0.0.0 can be altered to allow the first 1-bit of the second byte to be part of the network. This results in a 9-bit network address and a 23-bit host address IP.
The binary netmask looks like
11111111.10000000.00000000.00000000 or 255.128.0.0
Slash Notation
A network can be described using a slash notation. The following notations are equivalent:
10.0.0.0/9

network 10.0.0.0, netmask 255.128.0.0


We will take the example of a class C address 192.168.1.0. We investigate a 25-bit then a 26-bit network.

25-bit network
Netmask: 11111111.11111111.11111111.10000000 or 255.255.255.128

Since Network = IP AND Netmask, we see from the netmask that two network addresses can be formed depending on the hosts range:


1. Host addresses in the 192.168.1.0xxxxxxx range result in a 192.168.1.0 network. We say the network number is 0

2. Host addresses in the 192.168.1.1xxxxxxx range result in a 192.168.1.128 network. We say the network number is 128




In both cases substitution of the x’s bye zeros or ones have a special meaning



Network address

Substitute with 0’s

Substitute with 1’s

0

Network: 0

Broadcast: 127

128

Network: 128

Broadcast: 255

We are left with the task of counting the number of hosts on each network. Since the host address is 7-bit long and we exclude 2 values (all 1’s and all 0’s) we have 27 – 2 = 126 hosts on each network or a total of 252 hosts.


Notice that if the default subnet mask 255.255.255.0 is used we have 254 available host addresses. In the above example 192.168.1.127 and 192.168.1.128 are taken for the first broadcast and second network respectively, this is why only 252 host addresses can be used.

26-bit network
Netmask: 11111111.11111111.11111111.11000000 or 255.255.255.192
Here again depending on the host’s address 4 different network addresses can be determined with the AND rule.
1. Host addresses in the 192.168.1.00xxxxxx range result in a 192.168.1.0 network.

2. Host addresses in the 192.168.1.01xxxxxx range result in a 192.168.1.64 network.

3. Host addresses in the 192.168.1.10xxxxxx range result in a 192.168.1.128 network.

4. Host addresses in the 192.168.1.11xxxxxx range result in a 192.168.1.192 network.


Substituting the x’s with 1’s in the numbers above give us the corresponding broadcast addresses: 192.168.1.63, 192.168.1.127, 192.168.1.191, 192.168.1.255

Each subnet has 26 – 2 = 62 possible hosts or a total of 248.




5. The TCP/IP Suite

TCP/IP is a suite of protocols used on the Internet. The name is meant to describe that several protocols are needed in order to carry data and programs accross a network. The main two protocols are TCP Transmission Control Protocol and IP Internet Protocol.


To simplify, IP handles packets or datagrams only (destination address, size...) whereas TCP handles the connection between two hosts. The idea is that protocols relay each other, each one doing its’ specialised task. In this context one speaks of the TCP/IP stack.
The protocols intervene therefore at various layers of the networking process.

The 4 layer TCP/IP model:



Application

application level (FTP, SMTP, SNMP)

Transport

handles hosts (TCP, UDP)

Internet

routing (IP, ICMP, IGMP, ARP)

Network Access

network cards, e.g Ethernet, token ring …




● Protocol Overview




IP

The Internet Protocol (IP) is the transport for TCP, UDP, and ICMP data. IP Provides an unreliable connectionless service, allowing all integrity to be handled by one of the upper layer protocols, I.e. TCP, or some application-specific devices. There is no guarantee that a datagram will reach the host using IP alone. The IP protocol handles the addressing and the routing between networks. IP is the datagram delivery service.

TCP

Transmission Control Protocol (TCP) provides a reliable connection orientated service to applications that use it. TCP is connection orientated and checks on each host the order in which the packets are sent/received and also verifies that all the packets are transmitted. Applications such as telnet or ftp use the TCP protocol and don’t need to handle issues over data loss etc …

UDP

The User Datagram Protocol provides direct access to IP for application programs but unlike TCP, is connectionless and unreliable. This provides less overhead for applications concentrated on speed. If some form of packet accounting is needed this has to be provided by the application.

ICMP

The Internet Control Message Protocol is used by routers and hosts to report on the status of the network. It uses IP datagrams and is itself connectionless

PPP

The Point to Point Protocol establishes a TCP/IP connection over phone lines. It can also be used inside encrypted connections such as pptp.

6. TCP/IP Services and Ports

The list of known services and their relative ports is generally found in /etc/services. The official list of services and associated ports is managed by the IANA (Internet Assigned Numbers Authority).


Since the port field is a 16-bit digit there are 65535 available numbers. Numbers from 1 to 1023 are privileged ports and are reserved for services run by root. Most known applications will listen on one of these ports.
We will look at the output of portscans. Beware that unauthorised portscanning is illegal although many people use them.


Here is the output of a portscan:
Port State Service

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

25/tcp open smtp

70/tcp open gopher

79/tcp open finger

80/tcp open http

This shows open ports, these are ports being used by an application.

The /etc/services main ports:
ftp-data 20/tcp

ftp 21/tcp

ssh 22/udp

ssh 22/tcp

telnet 23/tcp

smtp 25/tcp mail

domain 53/tcp

domain 53/udp

http 80/tcp # www is used by some broken

pop-3 110/tcp # PostOffice V.3

sunrpc 111/tcp

sftp 115/tcp

uucp-path 117/tcp



nntp 119/tcp usenet # Network News Transfer

ntp 123/tcp # Network Time Protocol

netbios-ns 137/tcp nbns

netbios-ns 137/udp nbns

netbios-dgm 138/tcp nbdgm

netbios-dgm 138/udp nbdgm



netbios-ssn 139/tcp nbssn

imap 143/tcp # imap network mail protocol

NeWS 144/tcp news # Window System



snmp 161/udp

snmp-trap 162/udp



Yüklə 1,05 Mb.

Dostları ilə paylaş:
1   2   3   4   5   6   7   8   9   ...   16



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©www.genderi.org 2024
rəhbərliyinə müraciət
    Ana səhifə
Psixologiya