Basic Networking July 16, 2006

A FREE GUIDE TO BASIC NETWORKING PROVIDED BY HEIDELBERG IT

Jakob H. Heidelberg

v1.15

p. 1/13

Basic Networking July 16, 2006

Index
Index .................................................................................................................................................................................... 2 Intro ..................................................................................................................................................................................... 2 What is your address? ................................................................................................................................................. 2 All routes lead to Rome .............................................................................................................................................. 4 You do the math!............................................................................................................................................................ 4 More than just the working class........................................................................................................................... 5 How much room do we have here? ...................................................................................................................... 5 Justf orgetaboutcl D and E f now .......................................................................................................... 6 ass or You can t t ouch t s .................................................................................................................................................. 6 hi The special loopback range ...................................................................................................................................... 7 Please keep out, this is private! .............................................................................................................................. 7 Will you please translate? ......................................................................................................................................... 7 No hands on .................................................................................................................................................................. 8 Did you just say APIPA? ............................................................................................................................................. 8 M asquerade m asks ................................................................................................................................................... 9 Can I have you real name? ..................................................................................................................................... 10 Did you receive my package? ............................................................................................................................... 10 Any ports open? .......................................................................................................................................................... 11 Shooting down trouble ............................................................................................................................................ 12 Tips, tricks and links ................................................................................................................................................. 12 Feedback ......................................................................................................................................................................... 13

Jakob H. Heidelberg

v1.15

p. 2/13

Basic Networking July 16, 2006

Intro
This document is a beginners guide to basic networking - it will deal with the most common IP protocol these days, namely version 4. We will start of with the basics and work our way up f rom t here All operating system functionality and commands mentioned are based on Microsoft Windows similar functionality might be available on UNIX/Linux or whatever OS you prefer.

What is your address?

As you may know all network devices have one or more addresses on the network. As a minimum they need a MAC (Media Access Control) address this is the physical address on the NIC (Network Interface Card). Physical addresses are burned into the NIC by the m anuf urer/vendor,i a 12 digit Hexadecimal number (a total of 48 bits) the first 6 act ts digits are the manufacturers footprint (from this you can see if the device is produced by Cisco, Intel, 3Com or any other manufacturer). The next 6 Hexadecimal digits are (supposed to be) a unique serial number this way you should not be able to find 2 identical MAC-address from Cisco - or any other manufacturer for that matter. MAC addresses are usually written in the following format: MM:MM:MM:SS:SS:SS M = Manufacturer ID S = Serial number As an example this MAC address: 00:A0:C9:B9:58:E4 has the prefix of 00:A0:C9 which tells us this must be from Intel Corporation. Many larger manufacturers have several different prefx I s. i D When 2 network devices or computers are on the same switched network they communicate by using physical addresses (layer 2 in the OSI model). If however a routing device is between the com m uni i part catng nerst hey can use physi addresses because they t cal are not capable of being routed. That is why we have TCP/IP (and other OSIi layer 3 network routing protocols) - with TCP/IP we use IP (Internet Protocol) addresses to communicate through routers, over the Internet etc. TCP means Transmission Control Protocol and will be described later on. Along the way from A to B, a packet (all network communication a split into small packets or ram es m ay be crossi m uli e rout and each tm e a new routing device handles the f ) ng tpl ers, i package, a translation between physical addresses and IP addresses is done this is mainly done by using the ARP (Address Resolution Protocol) /RARP (Reverse ARP) protocols which we will not deal with any further from here. You just have to know, that both physical/MAC addresses and IP addresses are necessary for Internet communication to occur. Most network devices have an ARP table or ARP cache where it saves information on what IP addresses is mapped to what MAC addresses. This ARP cache has a TTL (Time To Live)

Jakob H. Heidelberg

v1.15

p. 3/13

Basic Networking July 16, 2006 timeout for each entry f W i or ndow s XP i onl a f m i es when this time has passed ts y ew nut the entry is flushed and needs to be re-established the next time the devices needs to communicate. An ARP cache could look like this ( com m and: ARP ato show ARP table): 192.168.0.1 00-0E-08-DA-55-34 192.168.0.6 00-0E-08-DA-56-21 192.168.0.9 00-0E-08-DA-65-03 So if this computer needs to send a package to 192.168.0.6 it will use the physical destination address of 00-0E-08-DA-56-21.To fush t entre cache use t l he i he ARP dcom m and. To get your local MAC addresses use t he GETMACcom m and ( i W ndow s XP/2003 onl . y) To get you local IP addresses (and MAC addresses)use t IPCONFIG /ALLcom m and. he M AC addressed can be spoof ( aked)on t advanced t oft NI propertes i Devi ed f he ab he C i n ce Manager this could be useful if 2 or more NI s share t sam e M AC ( act l seen t s C he Ive ualy hi even t hough i shoul tbe possi e) t dn bl .

All routes lead to Rome

The Internet and almost any other network uses routing when computers are communicating with each other. By combining the local IP address and the associated subnet mask (see below), the computer can determine exactly what IP subnet it is on (like knowing what city you live in) if the computer needs to get a conversation going with another computer on the same subnet (or city) it will just send out the packet and hopefully the destination computer will answer (a bit like delivering the packet yourself if the lucky receiver is living in the same city as yourself). But, if the destination computer is on another network (another city) than the source computer, the source computer is going to use it Default gateway (or Next hop router or Gateway of Last Resort) to lead the way. This means, that the source computer passes on the responsibility of delivering the packet safely to the destination/target (like using a transport agency) and maybe even returning a response (the thank younote ). The thing is, that most routers have a Default gateway, this is because every router cannot know the routes to all destinations in the universe by itself. By asking other routers that are closer to the destination, eventually the packet will hopefully be received by the destination. The Default gateway is the router/firewall that is the closest to the largest undefined network(s) - in most cases this would be the Internet. This may sound chaotic, but actually networks are structured by relatively simple logical rules, in a very hierarchical manner. In many networks the first available host IP address is used by the Default gateway in most home networks with a default router setup ( out -of-the-box this would be 192.168.0.1. This )

Jakob H. Heidelberg

v1.15

p. 4/13

Basic Networking July 16, 2006 router is connected to the ISP (Internet Service Provider) w hi i connect t ot I s ch s ed o her SP around the world creating one big routable infrastructure better known as: The Internet .

You do the math!

First of all you need to know, that a bit is the numbers a computer uses when dealing with IP version 4 addresses. A bit is either off or on or when talking math either 0 or 1. An IP address consists of 32 bits - or 4 bytes, these bytes are also known as octets. When an admin configures TCP/IP settings on the properties of the NIC he or she does not need to worry much about bits and bytes only the notation called dotted decimal. In dotted decimal notation an IP looks like this: 192.168.0.1 Using binary notation (as the computer sees it) the same address looks like this: 11000000.10101000.00000000.00000001 With 8 bits you can describe values from 0 to 255 - being 256 (255 plus the zeroval ue) possible combinations - which means you can have addresses ranging from 0.0.0.0 to 255.255.255.255 that represents 256 x 256 x 256 x 256 = 4.294.967.296 possible combinations (in theory)! 4.294.967.296 is a pretty large number, but if these are to be divided between all network devices in the world we will not be able to provide every unit with a unique address. This is a real problem and the reason why a new IP version (v.6) is about to break loose but another technology has become our knight in shining armour pl , ease see t et ork Address he N w Transl i secton below. aton i Tip: Windows calculator can deal with binary numbers (in scientific mode). From here you can convert decimal numbers into binary values and the other way around.

More than just the working class

The IP version 4 address space is divided into 5 classes class A, B, C, D & E. Class A B C D E Left part IP in binary 0xxx 10xx 110x 1110 1111 First address 0.0.0.0 128.0.0.0 192.0.0.0 224.0.0.0 240.0.0.0 Last address 127.255.255.255 191.255.255.255 223.255.255.255 239.255.255.255 255.255.255.255

Jakob H. Heidelberg

v1.15

p. 5/13

Basic Networking July 16, 2006 To pick an example, the leftmost 3 bits in all Class C address i sett s o 110t rem ai ng 29 he ni bits can each be eiher or ( t 0 1 represent by i t f l i ed x n he olow ng): 110xxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx If you try to convert the above to decimal values convertng each x t eiher or - you i o t 0 1 will end up with an address from 192.0.0.0 up to 223.255.255.255 which is exactly what we expected in the above table.

How much room do we have here?

Well, how do we know how many hosts (network devices) we can use? Lets l ook at a class B network of 172.16.0.0 as you may know by now the first 2 octets are the network part (= 172.16) and the last 2 octets are the available host address. The host range is 256 x 256 = 65.536 2 (we are here subtracting the broadcast address 172.16.255.255 and the network address 172.16.0.0) = 65.534 hosts. Class B is the networks from 128.0.X.X through 191.255.X.X. From 128 to 191 (inclusive) we have 64 possibilities on the first octet and further 256 (from 0 to 255) possibilities on the second octet, giving us 64 x 256 combinations = 16.384 different class B networks! These are the results for the 3 most commonly used IP classes: Class Total # of networks # of hosts pr. Network A 126 16.777.214 B 16.384 65.534 C 2.097.152 254

Just forget about class D and E for now

Class D (multicast) & E (reserved) are very special address spaces which I will not cover here. So all we need to learn here is to forget that I ever mentioned class D and E

You can touch thi t s

The Broadcast address is a single address on every subnet that broadcasts any received packages to all network units on the local subnet! Broadcast are not routed by a router and that is why most corporate networks are divided into subnet simply to avoid the much feared network broadcast storms which can slow down a network in a very destructive way. To give you an example, the broadcast address on the class A network 10.0.0.0 is 10.255.255.255. If a package is send to this address it will actually be sent to all network devices on the local subnet.

Jakob H. Heidelberg

v1.15

p. 6/13

Basic Networking July 16, 2006 Do not touch the range from 127.0.0.0 to 127.255.255.255 (we just lost 16+ million addresses) This range is for loopback test purposes see bel ow Do not touch the range from 0.0.0.0 to 0.255.255.255 (now we lost another 16+ million addresses) Thi range cannotbe used,si pl a w ast ofgood address space s m y e Do not touch the range from 255.0.0.0 to 255.255.255.255 (now we lost another 16+ million I s) P This is the broadcast range, in my opinion another good exam pl ofa w ast offne I s e e i P In the good old days, som e rout di tlke subnetzero addressing, meaning that the ers dn i subnet part of the IP could not be all zeros, but this is hopefully not relevant to you anymore so l l ets eave i t t here.

The special loopback range

127.0.0.1 is a commonly known address used for testing the IP protocol stack on the local computer. If you receive a response from this address it basically means that your local machine is able to provide TCP/IP functionality. As you might have seen by now, 127.0.0.1 is a Class A address and actually we have an entire class A address space reserved just for testing local loopback (so much for saving IP address). We have the entire range from 127.0.0.0 through 127.255.255.255 reserved this gives us more than 16 million ways to ping our local machine (exactly 256 x 256 x 256 2 = 16.777.214)!!! This range is called the loopback range. The name Localhostwill be resolved t o127.0.0.1 on every computer, so if you try to ping localhost by the command PI G LO CALH O ST you should receive response from 127.0.0.1. N And by the way try to do a PI G LO O PBACK... N

Please keep out, this is private!

We have some specific address ranges within class A, B and C that are reserved for private networks. This table lists the private ranges: Class A B C Private start IP address 10.0.0.0 172.16.0.0 192.168.0.1 # of possible networks 1 16 256 Private end IP address 10.255.255.255 172.31.255.255 192.168.255.255 # of hosts pr. network 16.777.214 65.534 254 Default subnet mask 255.0.0.0 255.255.0.0 255.255.255.0

Jakob H. Heidelberg

v1.15

p. 7/13

Basic Networking July 16, 2006 Private IP addresses are not routed/send over the Internet, these address are not meant to be public in any way. So if your home computer has the IP of 192.168.1.2 you will not be able to access that computer by using the private IP over the Internet without using VPN or some other fancynetworking technology. M ostLAN ( s LocalArea Net orks)uses Pri e address ranges internally. w vat Private networks are closely connected to the NAT technology which makes these 3 address ranges possible, please see below.

Will you please translate?

NAT (Network Address Translation) is the translation between private IP addresses and (in most cases) one or more external address on the Public network (the Internet). This means, that even though a company has 30 computers, they need only 1 external IP to communicate over the Internet. The Internal network might be a class A network like 192.168.100.X and the external IP 11.12.13.14 = router WAN (Wide Area Network), the router will translate between i ernalclent and t s nt i s hi sharedext ernalI P. If a client computer with IP 192.168.100.56 wants to communicate with the Internet server 100. 102. 101. 103,t clent he i askshi Def tgat ay t l hi packages t t ext s aul ew o ead s o he ernal server and the router will have to make sure, that 192.168.100.56 receives the correct packages from the Internet server for web browsing to function properly. The magical part is that the external server will see the incoming communication as established from 11.12.13.14 not the internal/private address only the NAT device knows who initiated the traffic. A NAT device is normally a router, a firewall or a proxy server.

No hands on
Dynamic Host Configuration Protocol (DHCP) lets a network administrator define a range ofI addresses t be easedt com put on t net ork for a specified period of time. DHCP P o l o er he w makes the life of a network administrator a lot easier than if he or she had to manually assign I addresses t t com put ( atc I s) P o he ers st i P . Along with the IP address the DHCP server can provide clients with: a. subnet mask b. default gateway c. WINS servers (used for local name resolution) d. DNS servers (used for local and external name resolution) There are more than 100 DHCP options available you can set up automatically for clients

Jakob H. Heidelberg

v1.15

p. 8/13

Basic Networking July 16, 2006

Did you just say APIPA?

Automatic Private IP Addressing (APIPA) is a functionality that allows a computer to automatically assign itself a dynamic IP address even though no DHCP server is available on the network. This will only occur if no static IP has been provided for the computer. APIPA uses a range from 169.254.0.0 169.254.255.255 with a subnet mask of 255.255.0.0 (/16) meaning that we are dealing with a class B network with the maximum of 65.534 hosts. No default gateway or DNS is set by APIPA, so only limited local communication is available. With Windows XP we got a new tab on the NI s TCP/I set i caled Al ernat C P tngs l t e Conf gurat on. This tab is only available, if i i no static IP has been entered on General tab

Here you will notice t t t hat he Alernat e Confguratont i m i ng because the IP i i ab s ssi has been statically assigned by an administrator. What this does is that if no DHCP service is found on the network, then the Alternate configuration will be used t s coul be om at pri e I address( PA)or a U ser hi d Aut ed vat P API configured configuration (a static IP assignment).

You can disable APIPA completely by using a registry hack ii.

Jakob H. Heidelberg v1.15 p. 9/13

Basic Networking July 16, 2006

M asquerade m asks
Subnet masks are used by a network device to decide exactly what subnet it is on. The device needs to determine this to make a decision if it can reach the device by itself OR if it has to contact the Default gateway instead. 192.168.1.1 with a subnet mask of 255.255.255.0 or just 192.168.1.1/24 = 24 bits used for the network address itself 8 bits are left for hosts, making room for 254 actual hosts. In binary this it what we get: 11000000.10101000.00000001.00000001 = IP address 11111111.11111111.11111111.00000000 = subnet mask The net ork devi uses a so caled bi w ce l nary ANDng t l i hat ooks a bi lke t s t i hi 11000000.10101000.00000001.00000001 = IP address 11111111.11111111.11111111.00000000 = subnet mask -------------------------------------------------11000000.10101000.00000001.00000000 = subnet (= 192.168.1.x) From the above the network device knows what network it is on and if it needs to contact anther device 192.168.5.122 it will know the Default gateway will have to be contacted.
The mathematical rul w hen ANDng is: es i 1+1=1 1+0=0 0+1=0 0+0=0

By tweaking a bit with subnet masks we can divide our networks into smaller parts and even do the opposite thing called Super netting (most commonly used by routers/I s et to SP c. describe many small subnets in the shortest/most efficient way).

Can I have you real name?

A NetBIOS name is a short name for a device/computer on the network. This could be COM PUTER01or LESERVER FI . A FQDN (Fully Qualified Domain Name) is a bit longer than the NetBIOS name because it also has the domain name after the computer name. This could be LESERVER. FI COM PANY. LOCALor (as we see it all the time): W W . W COM PANY. COM . Well, most of us are not able to remember very many IP addresses and that is why we are using name resolution technologies. Throughout the years we have seen a few ways of translating names into IP addresses (and reverse). The local computer can lookup names in the following ways: - local cache where every lookup is saved for a short period of time - lookup within the HOSTS file ( dom ai nam es orFQDN - managed on the local n s computer) - lookup within the LMHOSTS file (NetBIOS names - managed on the local computer)

Jakob H. Heidelberg

v1.15

p. 10/13

Basic Networking July 16, 2006 broadcast on the local network and hope that somebody answers back WINS servers (NetBIOS names - centrally managed and maintained) DNS servers ( dom ai nam e or FQDN - centrally managed and maintained) n s

Today we are using DNS (Domain Name System) as the main name resolution service both within our corporate networks and when accessing the Internet. DNS is one of the main reasons why the Internet is so popular and easy to access. DNS servers are placed all around the world and they are constantly exchanging information about where different web servers, email-servers etc. are located around the entire world. DNS is a very efficient and (partly) dynamic system which is hierarchal structured and very easy to maintain. DNS translates names into IP address and sometimes even the other way around. DNS is m ore t j nam e resol i butIcan cover al t i t s begi hat ust uton, t l hat n hi nners gui t net orki de o w ng.

Did you receive my package?

Two leading transmission protocols are being used to control IP communication: 1. TCP = Transmission Control Protocol iii TCP is a connection-oriented protocol which means that for every data packet sent back and forth between the communicating partners, an acknowledge packet is sent from the destination host to confirm that a given package was received. 2. UDP = User Datagram Protocol iv UDP is a connectionless protocol which means, that the sending host will not request any confirmation from the destination host. This gives us a highly insecure method of communication, but it is a bit faster than TCP because no acknowledge-procedure is required.

Any ports open?

W hen t ki TCP and UDP w e have t l al ng o ook a bi atcom m uni i port Al net ork t caton s l w communication not only needs addressing and routing to be setup correctly an agreement of what transmission protocol will be used and what ports number will be used. When a client requests a webpage from a webserver on the Internet, the client uses TCP port 80 to tell the receiving firewall that this is an HTTP (HyperText Transfer Protocol) request and hopefully the firewall will allow the packet to reach the webserver for the webpage to be displayed. All other communication is working like this these are the most common Well-known ports (range from 0 1023) and Registered ports (range from 1024 49151) which you should probably memorisev.

Jakob H. Heidelberg

v1.15

p. 11/13

Basic Networking July 16, 2006

Protocol Name FTP TELNET SMTP DNS TFTP HTTP POP NNTP NTP NetBIOS IMAP SNMP HTTPS/SSL RDP Port 20/21 23 25 53 69 80 110 119 123 137/138/139 143 161 443 3389 Transmission Protocol TCP/UDP TCP/UDP TCP/UDP TCP/UDP UDP TCP TCP TCP UDP TCP/UDP TCP/UDP TCP/UDP TCP/UDP TCP

Shooting down trouble

Now let take a short look att t s he roubl eshootng process Troubleshooting is actually an art i form and basically is the process of eliminating possible causes to determine probable causes. If host A is having trouble accessing the Internet, the best way to locate the problem would be to start of by ping the local machine (ping ing localhost /127.0.0.1). If localhostis responding (the loopback address), we would ping the local workstations own IP address and then the name of the local machine.

A HOST SWITCH C D ROUTER

The Internet
E www.webserver.com

B DNS

Next we would ping our gateway, the LAN interface of router D. If D is answering we could test routing functionality and ping the external IP of the router before pingng the webserver i E. If the webserver is responding we will test name resolution to see if that is the problem this is done by pinging the webserver by name (www.webserver.com). If the webserver is not responding by name our problem might be the DNS server or connection to the DNS server.

Jakob H. Heidelberg

v1.15

p. 12/13

Basic Networking July 16, 2006

Tips, tricks and links

Try out Wildpackets free subnet calculator at
http://www.wildpackets.com/products/free_utilities/ipsubnetcalc/overview

Other links:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ip.htm http://compnetworking.about.com/od/tcpiptutorials/a/ipaddrnotation.htm http://www.troutman.org/tech/linux_guides/subnet.html http://www.computerhope.com/jargon/i/ip.htm http://www.broadband-help.com/articles/networking/guide_part1/ http://www.broadband-help.com/articles/networking/guide_part2/

Feedback
I hope you enjoyed reading this article, feel free to send me feedback: info@heidelbergit.dk

Best regards Jakob H. Heidelberg

MCDST,MCSA/MCSE,ITA,CCNA

HEIDELBERG IT www.heidelbergit.dk
OSI model: http://www.webopedia.com/quick_ref/OSI_Layers.asp Disable APIPA: http://www.petri.co.il/disable_apipa_in_windows_2000_xp_2003.htm iii TCP: http://en.wikipedia.org/wiki/Transmission_Control_Protocol iv UDP: http://en.wikipedia.org/wiki/User_Datagram_Protocol v TCP/UDP ports: http://www.iana.org/assignments/port-numbers
i ii

Jakob H. Heidelberg

v1.15

p. 13/13