Unit 10
Chapter 6
https://www.wireshark.org/download.html
… and learn to use it
https://web.archive.org/web/20190331203815/http://www.linux-mag.com/id/7896/2/
Network Commands
arp # (Linux and Windows) ping # (Linux and Windows) ipconfig # (Windows) ifconfig # (old Linux command; deprecated) ip # (new Linux command) iwconfig # (Linux wifi) nslookup # (Linux and Windows) dig # (Linux native, Windows installable) traceroute # (Linux) tracert # (Windows) net # (Windows) netstat # (Windows and Linux) nbtstat # (Windows) netsh # (Windows)
WAN Networking
DoD DARPA -> ARPA -> DARPA
DARPANET
80% model
TCP/IP Model (DoD Model)
The TCP/IP Model and the OSI Model
The OSI Model
ISO created the Open Systems Interconnect Model – the OSI Model
IP Networking
This is the addressing layer of the stack, obviously IP addresses. But there’s a little more to it.
-
-
-
- IPv4
- IPv6
- IPsec
- ICMP
-
-
IPv4 Addresses
-
-
- Are 32 bits long
- Are expressed in Decimal (Base 10, not Hexadecimal like MAC addresses)
- Are grouped in four groups separated by dots:
-
192.168.1.25
-
-
- Each group is called an “octet” because it consists of 8 bits.
- 8 bits can express any number from 0 – 255.
-
IPv4 addresses (external addresses that can be routed over the internet) are doled out by IANA (see https://www.iana.org/), as are port numbers. They were originally divided into Classes A, B, C, D and E.
These classes are all about the first octet of an IP address. So in an address like
107.180.0.194
only the 107 matters.
Class | First Octet | Number of addresses per Network |
A | 0 – 126 | 16.7 Million |
(loopback) | 127 | |
B | 128 – 191 | 65,534 |
C | 192 – 223 | 254 |
D | 224 – 239 | |
E | 240 – 255 |
Not that you should take my word for it. See these authorities:
https://www.tutorialspoint.com/ipv4/ipv4_address_classes.htm
https://www.meridianoutpost.com/resources/articles/IP-classes.php
Now For Some Simple Binary
Here’s one octet of an IPv4 address:
0 0 0 0 0 0 0 0
Any one of the bits can be flipped from 0 to 1. The Least Significant Bit (a fancy term for the smallest number) is on the right, and the Most Significant Bit is (duh) on the left. That means these 8 bits have the following values:
1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
See how each value is two times the value to its left? What we’ve got here, for us non-math-majors, is Powers of Two. And boy are we gonna take advantage of this little table.
Be clear that any octet can express values from 0 to 255, but nothing else.
Now we can see something interesting about the IP address classes above.
Class A starts at 0, so its first octet is 00000000
Class B starts at 128, so its first octet is 10000000
Class C starts at 192, so its first octet is 11000000
Class D starts at 224, so its first octet is 11100000
Class E starts at 240, so its first octet is 11110000
(And Universal Broadcast is 255.255.255.255, so its first octet is 11111111, just FYI)
Handy the way they divided the classes, isn’t it?
Getting Your Network Configuration From DHCP
Dynamic Host Configuration Protocol gives you:
-
-
-
- IP address
- Net mask (or “subnet mask”)
- Default gateway
- DNS server IPs
-
-
This protocol uses UDP ports 67 and 68. The transaction HAS to be UDP, because your computer can’t set up a TCP session: it doesn’t have an IP address yet!
Many years ago, ports 67 and 68 were used by a similar protocol called bootp, the boot protocol. In this operation, a diskless workstation would broadcast to port 67, and the bootp protocol would then upload an OS image via TFPT (trivial FTP) over port 69. TFTP should not be running on your network. It is a security risk.
APIPA Addresses
Most hosts get an IP address assigned to them by a DHCP server. But if that server is down, hosts won’t have a way to get onto the local network.
Microsoft solved this with a “fall-back” protocol: APIPA. It lets hosts self-assign an IP address in a special range:
169.254.x.x
So if you do an ipconfig and see a host has a 168.254.x.x IP address, that means it failed to get a DHCP assignment. This is a critical testing point.
Broadcast Addresses
At boot time, when your NIC BIOS is read and run,
-
- Your NIC broadcasts to the Ethernet broadcast address, ff:ff:ff:ff:ff:ff, to get noticed by the switch it’s plugged into.
- If you’re using NetBIOS, the local Browse Master computer will register A your computer’s NetBIOS name on the local (Ethernet) network.
- If you’re using DHCP, your NIC broadcasts to the IP universal broadcast IP address, 255.255.255.255. The DHCP server gives your computer an IP configuration, and now you’re ready to talk to computers on other networks.
Part of your IP configuration is, of course, your local network number, for instance 192.168.1.0. Notice that the last octet of this network number is 8 zeroes. If we switch all 8 bits of the Host ID area to ones, we have the broadcast address of our local network:
192.168.1.255
Net Mask / Subnet Mask
I don’t like the term “subnet mask” because it leads to confusing conversations like,
“What’s the subnet?”
“192.168.1”
“No, the one with the 255s.”
“Oh, 255.255.255.0”
However, Cisco, CompTIA, my friend SubnetD and more will confirm: Subnet Mask is a correct term. But so is Net Mask, and that’s what I try to use.
Classless Net Masks: Classless Inter-Domain Routing (CIDR)
Instead of expressing a 24-bit net mask as 255.255.255.0, express the number of bits directly: /24.
This makes a network number look like this:
192.168.1.0/24
It also allows us to break the network up into smaller pieces:
192.168.64.0/26
Which is called Subnetting.