MODULE TITLE: Identifying and Resolving Network Problems

Troubleshooting network problems

Troubleshooting network problems can be a frustrating experience, whether you're dealing with
one PC or the entire ball of wax. This is because today's networks are so complicated that the
point of failure could be virtually anywhere. Worse yet, your network could contain multiple
points of failure, resulting in confusing symptoms that are hard to diagnose. In this article, we'll
tell you how to troubleshoot networks by looking at the symptoms of the problem—for example,
we'll explain how to look for a potential PC protocol mismatch, using the dialog box shown in
Figure A.

Figure A To communicate, PCs must share a common protocol.

Where can a network fail?
When you're trying to troubleshoot something as complex as a network, it's often best to take
what you know about the problem and gradually narrow down the possible causes. With this in
mind, we'll begin with simple problems and work toward more complicated ones. Basically, only
four things can cause a network to fail:

 A problem with the server

 A problem with a hub, router, bridge, and so on
 A problem with the cabling
 A problem with a workstation
Once you figure out which of these four items is causing your problem, you can begin narrowing
your focus toward subcomponents.

For example, suppose you've determined that you have a cable problem. You've eliminated three
quarters of your network components from the list of possible failures. Next, you'll want to
investigate if you have a break in the cable, if an end is loose, if you have a missing terminator,
or if you have some other problem. Let's examine the steps you'll follow in the troubleshooting
process.
A starting point
The very first thing you need to find out is which PCs are affected. Are you having problems
with one PC, several PCs, or every computer on the network?

Problems with a single PC

If a problem is occurring only with a single PC, you've just narrowed the cause of your problem
considerably. The next question you should ask is, "Has this PC ever worked before at this
location?" If it has worked before and you know that nothing has changed in the configuration,
then a component may be unplugged, a cable may be broken, or a network card may have gone
out.

On the other hand, if the PC is brand-new, chances are good that it's experiencing a configuration
error. In a situation like this, your next step should be to plug a known good laptop computer into
the network connection currently used by the failing PC. If the laptop connects to the network
successfully, you know there are no cable breaks or problems with the hubs or routersthe
problem is with the PC itself. If the laptop also fails to connect, you've obviously got a cable
problem or a problem with a switching device (such as a hub or router).

Problems with several PCs

If you're having problems with several PCs, you need to consider which PCs are malfunctioning.
If they're all new, you've probably got a configuration problem. On the other hand, if all the PCs
were working previously, you most likely have a problem with a switching device or a cable
segment.

At this point, you should determine what the failing PCs have in common with one another but
not with the rest of the network. Many times, when multiple PCs fail simultaneously, a hub has
gone bad or a cable connecting one hub to another hub has gone bad. You should check whether
all the PCs share a common hub or are attached to the same cable segment.

Problems with the entire network

If no PCs on your network can log on, you've probably got problems with the server functioning
as your primary domain controller. You should go to this server to begin the troubleshooting
process.

Troubleshooting a PC

Because of the complexity of PCs and our space limitations, it's impossible for us to provide a
comprehensive guide to troubleshooting a PC. However, we can show you how to work through
some of the more common network problems.

Protocol mismatches

As you may know, in order for PCs on a network to communicate, they must share a common
protocol. A protocol is a language that the computers on a network use to speak to one another. If
you notice that a workstation can see only some of the other PCs on your network, there's a
chance you may have a protocol mismatch.

To solve this problem, begin by double-clicking the Network icon in Control Panel. When you
see the Network Properties dialog box, select the Protocols tab, as shown in Figure A. Then,
compare the protocols listed for this PC with the protocols installed on a PC it can't communicate
with. If the protocols match, the PCs should be able to communicate with each other.
The NetBEUI protocol is an exception to this rule. NetBEUI isn't a routable protocol. If a router
is located between two PCs using NetBEUI and you haven't made special provisions, the PCs
won't be able to communicate. The easiest solution to this problem is to install NWLink
IPX/SPX or TCP/IP.

A word about TCP/IP

With the increasing popularity of the Internet, TCP/IP is being used more often. Because of this
growing usage, we'll show you how to troubleshoot some common TCP/IP problems.

If you suspect that you have a problem with TCP/IP, the first thing you should do is PING your
own IP address. If the PING returns, then TCP/IP is functional. However, this means only that
the protocol is functionality doesn't necessarily mean that TCP/IP can communicate with the rest
of the world.

If the malfunctioning PC can successfully PING itself, you should PING the address of another
PC on the same network segment as the malfunctioning PC. Doing so will test your network
card. If the PING fails, the network card is malfunctioning.

If the PING is successful, PING the same PC using the PC's computer name rather than its IP
address. If this PING fails, you probably have a problem with your WINS or DNS configuration,
or possibly with your LMHosts file (if you use one).

If you can successfully PING a PC by name, it's time to PING a PC that's either on a different
network segment or in the outside world. For example, you might PING
http://www.xpressions.com. If this PING fails but previous PINGs have been successful, you
probably have either an incorrectly configured default gateway or a problem with your router.
However, if other PCs on the segment are functioning correctly, the problem is probably the
default gateway rather than the router.
Testing a network card
If you suspect that you have a bad network card, you'll need to check the card's configuration. To
do so, open Control Panel and click the Network icon. When the Network Properties dialog box
opens, select the Adapters tab and double-click your network adapter. When you do, you'll see
any configurable parameters, as shown in Figure B.

Figure B Compare Windows NT's network card settings to the settings used by the physical card.

Many plug-and-play network cards come with special software that you can use to manually
configure the card. For example, SMC cards use a piece of software called EZStart to configure
such things as the card's IRQ and base memory address, as shown in Figure C. If your network
card uses similar software, you should set the card's parameters to match the settings within
Windows NT.
Figure C Some network cards use software for configuration.

If your network card doesn't use configuration software, it may have jumpers on the card that
control these settings. If your card uses jumpers, consult the manual that came with the card to
learn how to use the jumpers to make the card's settings match the settings configured through
Windows NT.
THE FIVE MOST COMMON NETWORK PROBLEMS
1. Cable Problem: Cables that connect different parts of a network can be cut or shorted. A
short can happen when the wire conductor comes in contact with another conductive
surface, changing the path of the signal. Cable testers can be used to test for many types
of cable problems such as:
Cut cable, incorrect cable connections, Cable shorts, Interference level, Connector Problem
2. Connectivity Problem: A connectivity problem with one or more devices in a network
can occur after a change is made in configuration or by a malfunction of a connectivity
component, such as hub, a router or a Switch.
3. Excessive Network Collisions: These often lead to slow connectivity. The problem can
occur as a result of bad network setup/plan, a user transferring a lot of information or
jabbering network card.
NB: A jabbering Network card is a network card that is stuck in a transmit mode. This will be
evident because the transmit light will remain on constantly, indicating that the Network card is
always transmitting.

4. Software Problem: Network problems can often be traced to software configuration such
as DNS configuration, WINS configuration, the registry etc.
5. Duplicate IP Addressing: A common problem in many networking environments occurs
when two machines try to use the same IP address. This can result in intermittent
communications.

Troubleshooting a cable problem

Although many types of cables are used for networking, the most commonly used fall into two
categories: coax (which looks similar to the wire used for cable television) and twisted pair
(which is similar to telephone cable). Because these types of cable are so dissimilar, they require
different troubleshooting methods.

Troubleshooting coax

The sidebar "Coax Basics" provides some background on coax-based networks. Needless to say,
most cable problems on coax-based networks affect multiple PCs. If you have a communication
failure but your terminators are connected and are the correct type, you should check for a cable
break. A break in the cable causes the wire to function as two separate unterminated networks,
because the point at which the cable ends (the break) is unterminated.

Breaks or shorts in coax cables are often hard to find, because they aren't always visible to the
naked eye. A break could be caused by something as simple as a loose T-connector. Although
the wire may not be completely pulled out of the connector, it may be loose enough that it can't
make a good connection. It's also tricky to locate breaks and shorts when a coax cable snakes its
way through walls and conduit, under desks (where users often stack boxes on top of the wire),
and into other inaccessible places.
The easiest way to troubleshoot a coax segment is to take two known good terminators and use
one to terminate the cable at the source. The source is the place at which the cable connects to
the server, another segment, a hub, and so on. Go to the first PC on the segment and disconnect
the T-connector from the PC. Remove the portion of the line that goes to the rest of the network
and replace it with the second terminator. Now, reconnect the T-connector to the PC and try to
log on to the network with the PC. If the PC fails to connect, your problem is somewhere
between the two terminators.

If the PC does connect, remove the terminator from the T-connector on the PC, reattach the cable
to the T-connector, and repeat the process at the second PC on the line. As you get further down
the line, you'll reconnect and test one PC at a time until you come to the source of the problem. If
you fix a problem but the line still malfunctions, keep in mind that you may have multiple breaks
on the line.

Occasionally, you may trace a problem to a particular PC and yet be unable to find a break in the
line. If this happens, try disconnecting the T-connector from that PCbut enable the rest of the
PCs on the line and test the network. Sometimes, a network card will go bad and flood the line
with high-volume random packets. If this happens, it can cause symptoms similar to a cable
break or a missing terminator.

Troubleshooting twisted pair

Twisted pair is considerably easier to troubleshoot than coax. Because of the nature of twisted
pair, each line services only one PC (unless that line happens to run between two switching
devices). If you suspect a cable problem in a network that uses twisted pair, the first thing you
should check is the link light. If the link light isn't lit, it means that you don't have a complete
physical link. Usually this indicates a break in the cable or a loose RJ-45 connector. Note that the
link light can sometimes be illuminated even if you have a cable problema link light merely
indicates that the wire is connected at both ends.
If the link light is lit but you still suspect a cable problem, you should plug a known good laptop
computer into the cable. If the laptop establishes a network connection, the problem is with your
PC. Otherwise, you have a cable problem.
Troubleshooting switching devices

It's difficult to discuss techniques for troubleshooting switching devices in an article such as this,
because there are so many types of devices and our space is limited. However, you can use some
general techniques to troubleshoot such a failure.

Switching device failures usually affect groups of PCs, although it's possible for only one PC to
be affected. For example, a single port on a hub can go bad. If you've tried unsuccessfully to
troubleshoot a cable problem and that cable is plugged into a hub on one end, try plugging it into
a different port or into a different hub.

If a group of PCs goes down simultaneously, there's a good chance that the problem may be due
to a failed switching device. For example, suppose you have three hubs daisy-chained together,
as shown in Figure D. Now, suppose that Hub 1 controls PCs 1 through 8, Hub 2 controls PCs 9
through 16, and Hub 3 controls PCs 17 through 24.

Figure D Failures among switching devices often affect groups of computers.

Obviously, if Hub 3 fails, PCs 17 through 24 will malfunction. If Hub 2 fails, it will probably
cause PCs 9 through 16 to malfunction, because they're directly connected to the hubbut it may
also cause PCs 17 through 24 to malfunction, because data has to pass through Hub 2 to get to
Hub 3.

If a group of PCs malfunctions simultaneously, you should compile a list of the switching
devices they have in common with one another but not with the rest of the network. Although
we've used hubs in our example, this principle holds true with bridges, routers, and gateways as
well.
Troubleshooting server problems

Many people feel intimidated when it comes to troubleshooting a server. However, you should
keep in mind that Windows NT Server and Windows NT Workstation function identically. If
you're capable of fixing a workstation, you're equally capable of fixing a server (assuming your
server isn't running any of the BackOffice components, such as Exchange or SQL). If your server
is having trouble accessing the rest of the network, you should apply the same troubleshooting
techniques we've discussed for troubleshooting a workstation.
Network Diagnostic Tool (NDT)
The Network Diagnostic Tool (NDT) is a client/server program that provides network
configuration and performance testing to a users desktop or laptop computer. The system is
composed of a client program (command line or java applet) and a pair of server programs (a
webserver and a testing/analysis engine). Both command line and web-based clients
communicate with a Web100-enhanced server to perform these diagnostic functions. Multi-level
results allow novice and expert users to view and understand the test results.

Several studies have shown that the majority of network performance problems occur in or near
the users’ desktop/laptop computer. These problems include, but are not limited to, duplex
mismatch conditions on Ethernet/FastEthernet links, incorrectly set TCP buffers in the user’s
computer, or problems with the local network infrastructure. The NDT is designed to quickly
and easily identify a specific set of conditions that are known to impact network performance. A
multi-level series of plain language messages, suitable for novice users, and detailed test results,
suitable for a network engineer, are generated and available to the user. Finally, the test results
may be easily emailed to the appropriate administrator to assist in the problem resolution phase.

The NDT consists of several components. Both client and server processes are used to perform
a specific set of tests. The server processes include a basic web browser (fakewww) to handle
incoming web based client requests. The server also runs a second process (web100srv) that
performs the specific tests needed to determine what problems, if any, exist. The web100srv
process then analyzes the test results and returns these results to the client.

Both command line (web100clt) and Web based (java applet) based clients are included in the
NDT package. The command line client (web100clt) can be compiled and manually downloaded
onto numerous client computers. The web based client uses a java applet to automate the testing
process. This applet is downloaded when the web server is accessed, removing the restriction to
manually pre-load the software onto the client computer. This approach allows system
administrators to pre-load the command line client onto their main server class computers while
allowing the vast majority of users to automatically load the web based client on an as needed
bases.
Server, workstation and network configuration
Workstations

Computers that humans use are broadly categorized as workstations. A typical workstation is a
computer that is configured with a network interface card, networking software, and the
appropriate cables. Workstations do not necessarily need large storage hard drives, because files
can be saved on the file server. Almost any computer can serve as a network workstation.
File/Network Servers

One or more network servers is a part of nearly every local area network. These are very fast
computers with a large amount of RAM and storage space, along with a one or more fast
network interface card(s). The network operating system provides tools to share server resources
and information with network users. A sophisticated permissions-handling system is included, so
that access to sensitive information can be carefully tailored to the needs of the users. For small
networks, a single network server may provide access control, file sharing, printer sharing, email,
database, and other services.

The network server may be responding to requests from many network users simultaneously.
For example, it may be asked to load a word processor program to one workstation, receive a
database file from another workstation, and store an e-mail message during the same time period.
This requires a computer that can store and quickly share large amounts of information. When
configuring such a server, budget is usually the controlling factor. The following guidelines
should be followed:
 Fastest processor(s)
 Large amount of RAM
 multiple large, fast hard drives
 Extra expansion slots
 Fast network interface card(s)
Optionally (if no other such devices are available on the network):
 A RAID (Redundant Array of Inexpensive Disks) to preserve large amounts of data(even
after a disk failure)
 A back-up unit (i.e. DAT tape drive, removable hard drives, or CD/DVD/BluRay burner)

Network Configuration

When you initially installed Slackware, the setup program invoked the netconfig program.
netconfig attempted to perform the following functions for you:
 It asked you for the name of your computer, and the domain name for your computer.
 It gave a brief explanation of the various types of addressing schemes, told when they
should be used, and asked you which IP addressing scheme you wished to use to
configure your network card:
o Static-IP
o DHCP
 o Loopback
 It then offered to probe for a network card to configure.
netconfig will generally take care of about 80% of the work of configuring your LAN network
connection if you will let it. Note that I would strongly suggest that you review your config file
for a couple of reasons:
1. You should never trust a setup program to properly configure your computer. If you use a
setup program, you should review the configuration yourself.
2. If you are still learning Slackware and Linux system management, viewing a working
configuration can be helpful. You'll at least know what the configuration should look
like. This will allow you to correct problems due to misconfiguration of the system at a
later date.
Network Hardware Configuration
Having decided that you wish to bring your Slackware machine on to some form of network, the
first thing you'll need is a Linux-compatible network card. You will need to take a little care to
ensure that the card is truly Linux-compatible (please refer to the Linux Documentation Project
and/or the kernel documentation for information on the current status of your proposed network
card). As a general rule, you will most likely be pleasantly surprised by the number of
networking cards that are supported under the more modern kernels. Having said that, I'd still
suggest referring to any of the various Linux hardware compatibility lists (such as The
GNU/Linux Beginners Group Hardware Compatibility Links and The Linux Documentation
Project Hardware HOWTO) that are available on the Internet before purchasing your card. A
little extra time spent in research can save days or even weeks trying to troubleshoot a card that
isn't compatible with Linux at all.

When you visit the Linux Hardware Compatibility lists available on the Internet, or when you
refer to the kernel documentation installed on your machine, it would be wise to note which
kernel module you'll need to use to support your network card.
Loading Network Modules
Kernel modules that are to be loaded on boot-up are loaded from the rc.modules file in /etc/rc.d
or by the kernel's auto module loading started by /etc/rc.d/rc.hotplug. The default rc.modules file
includes a Network device support section. If you open rc.modules and look for that section,
you'll notice that it first checks for an executable rc.netdevice file in /etc/rc.d/. This script is
created if setup successfully autoprobes your network device during installation.

Below that “if” block is a list of network devices and modprobe lines, each commented out. Find
your device and uncomment the corresponding modprobe line, then save the file. Running
rc.modules as root should now load your network device driver (as well as any other modules
that are listed and uncommented). Note that some modules (such as the ne2000 driver) require
parameters; make sure you select the correct line.
LAN (10/100/1000Base-T and Base-2) cards

This heading encompasses all of the internal PCI and ISA networking cards. Drivers for these
cards are provided via loadable kernel modules as covered in the previous paragraph.
/sbin/netconfig should have probed for your card and successfully set up your rc.netdevice file. If
this did not occur, the most likely problem would be that the module that you're attempting to
load for a given card is incorrect (it is not unheard of for different generations of the same brand
of card from the same manufacturer to require different modules). If you are certain that the
module that you're attempting to load is the correct one, your next best bet would be to refer to
the documentation for the module in an attempt to discover whether or not specific parameters
are required during when the module is initialized.
Modems
Like LAN cards, modems can come with various bus support options. Until recently, most
modems were 8 or 16 bit ISA cards. With the efforts of Intel and motherboard manufacturers
everywhere to finally kill off the ISA bus completely, it is common now to find that most
modems are either external modems that connect to a serial or USB port or are internal PCI
modems. If you wish for your modem to work with Linux, it is VITALLY important to research
your prospective modem purchase, particularly if you are considering purchasing a PCI modem.
Many, if not most, PCI modems available on store shelves these days are WinModems.
WinModems lack some basic hardware on the modem card itself: the functions performed by
this hardware are typically offloaded onto the CPU by the modem driver and the Windows
operating system. This means that they do not have the standard serial interface that PPPD will
be expecting to see when you try to dial out to your Internet Service Provider.
If you want to be absolutely sure that the modem you're purchasing will work with Linux,
purchase an external hardware modem that connects to the serial port on your PC. These are
guaranteed to work better and be less trouble to install and maintain, though they require external
power and tend to cost more.

There are several web sites that provide drivers and assistance for configuring WinModem based
devices. Some users have reported success configuring and installing drivers for the various
winmodems, including Lucent, Conexant, and Rockwell chipsets. As the required software for
these devices is not an included part of Slackware, and varies from driver to driver, we will not
go into detail on them.
PCMCIA
As part of your Slackware install, you are given the opportunity to install the pcmcia package (in
the “A” series of packages). This package contains the applications and setup files required to
work with PCMCIA cards under Slackware. It is important to note that the pcmcia package only
installs the generic software required to work with PCMCIA cards under Slackware. It does
NOT install any drivers or modules. The available modules and drivers will be in the
/lib/modules/`uname -r`/pcmcia directory. You may need to do some experimentation to find a
module that will work with your network card.
You will need to edit /etc/pcmcia/network.opts (for an Ethernet card) or
/etc/pcmcia/wireless.opts (if you have a wireless networking card). Like most Slackware
configuration files, these two files are very well commented and it should be easy to determine
which modifications need to be made.
TCP/IP Configuration

At this point, your network card should be physically installed in your computer, and the relevant
kernel modules should be loaded. You will not yet be able to communicate over your network
card, but information about the network device can be obtained with ipconfig -a.
# ipconfig -a
eth0 Link encap:Ethernet HWaddr 00:A0:CC:3C:60:A4
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:110081 errors:1 dropped:0 overruns:0 frame:0
TX packets:84931 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:114824506 (109.5 Mb) TX bytes:9337924 (8.9 Mb)
Interrupt:5 Base address:0x8400

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2234 errors:0 dropped:0 overruns:0 frame:0
TX packets:2234 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:168758 (164.8 Kb) TX bytes:168758 (164.8 Kb)

If you just typed /sbin/ipconfig without the -a suffix, you would not see the eth0 interface, as
your network card does not yet have a valid IP address or route.

While there are many different ways to setup and subnet a network, all of them can be broken
down into two types: Static and Dynamic. Static networks are setup such that each node (geek
lingo for thing with an IP address) always has the same IP address. Dynamic networks are setup
in such a way that the IP addresses for the nodes are controlled by a single server called the
DHCP server.
DHCP
DHCP (or Dynamic Host Configuration Protocol), is a means by which an IP address may be
assigned to a computer on boot. When the DHCP client boots, it puts out a request on the Local
Area Network for a DHCP server to assign it an IP address. The DHCP server has a pool (or
scope) of IP addresses available. The server will respond to this request with an IP address from
the pool, along with a lease time. Once the lease time for a given IP address lease has expired,
the client must contact the server again and repeat the negotiation.
The client will then accept the IP address from the server and will configure the requested
interface with the IP address. There is one more handy trick that DHCP clients use for
negotiating the IP address that they will be assigned, however. The client will remember it's last
assigned IP address, and will request that the server re-assign that IP address to the client again
upon next negotiation. If possible, the server will do so, but if not, a new address is assigned. So,
the negotiation resembles the following:

Client: Is there a DHCP server available on the LAN?

Server: Yes, there is. Here I am.
Client: I need an IP address.
Server: You may take 192.168.10.10 for 19200 seconds.
Client: Thank you.

Client: Is there a DHCP server available on the LAN?

Server:Yes, there is. Here I am.
Client:I need an IP address. The last time we
talked, I had 192.168.10.10;
May I have it again?
Server:Yes, you may (or No, you may not: take 192.168.10.12 instead).
Client: Thank you.

The DHCP client in Linux is /sbin/dhcpcd. If you load /etc/rc.d/rc.inet1 in your favorite text
editor, you will notice that /sbin/dhcpcd is called about midway through the script. This will
force the conversation shown above. dhcpcd will also track the amount of time left on the lease
for the current IP address, and will automatically contact the DHCP server with a request to
renew the lease when necessary. DHCP can also control related information, such as what ntp
server to use, what route to take, etc.

Setting up DHCP on Slackware is simple. Just run netconfig and select DHCP when offered. If
you have more than one NIC and do not wish eth0 to be configured by DHCP, just edit the
/etc/rc.d/rc.inet1.conf file and change the related variable for your NIC to “YES”.
Static IP

Static IP addresses are fixed addresses that only change if manually told to. These are used in
any case where an administrator doesn't want the IP information to change, such for internal
servers on a LAN, any server connected to the Internet, and networked routers. With static IP
addressing, you assign an address and leave it at that. Other machines know that you are always
at that certain IP address and can contact you at that address always.
/etc/rc.d/rc.inet1.conf

If you plan on assigning an IP address to your new Slackware box, you may do so either through
the netconfig script, or you may edit /etc/rc.d/rc.inet1.conf. In /etc/rc.d/rc.inet1.conf , you will
notice:
# Primary network interface card (eth0)
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""

Then further at the bottom:

GATEWAY=""
In this case, our task is merely to place the correct information between the double-quotes. These
variables are called by /etc/rc.d/rc.inet1 at boot time to setup the nics. For each NIC, just enter
the correct IP information, or put “YES” for USE_DHCP. Slackware will startup the interfaces
with the information placed here in the order they are found.

The DEFAULT_GW variable sets up the default route for Slackware. All communications
between your computer and other computers on the Internet must pass through that gateway if no
other route is specified for them. If you are using DHCP, you will usually not need to enter
anything here, as the DHCP server will specify what gateway to use.
/etc/resolv.conf
Ok, so you've got an IP address, you've got a default gateway, you may even have ten million
dollars (give us some), but what good is that if you can't resolve names to IP addresses? No one
wants to type in 72.9.234.112 into their web browser to reach www.slackbook.org. After all, who
other than the authors would memorize that IP address? We need to setup DNS, but how? That's
where /etc/resolv.conf comes into play.

Chances are you already have the proper options in /etc/resolv.conf. If you setup your network
connection using DHCP, the DHCP server should handle updating this file for you. (Technically
the DHCP server just tells dhcpcd what to put here, and it obeys.) If you need to manually update
your DNS server list though, you'll need to hand edit /etc/resolv.conf. Below is an example:# cat

/etc/resolv.conf
nameserver 192.168.1.254
search lizella.net

The first line is simple. The nameserver directive tells us what DNS servers to query. By
necessity these are always IP addresses. You may have as many listed there as you like.
Slackware will happily check one after the other until one returns a match.

The second line is a little more interesting. The search directive gives us a list of domain names
to assume whenever a DNS request is made. This allows you to contact a machine by only the
first part of its FQDN (Fully Qualified Domain Name). For example, if “slackware.com” were in
your search path, you could reach http://store.slackware.com by just pointing your web browser
at http://store.#

ping -c 1 store
PING store.slackware.com (69.50.233.153): 56 data bytes
64 bytes from 69.50.233.153 : icmp_seq=0 ttl=64 time=0.251 ms
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.251/0.251/0.251 ms
/etc/hosts

Now that we've got DNS working fine, what if we want to bypass our DNS server, or add a DNS
entry for a machine that isn't in DNS? Slackware includes the oft-loved /etc/hosts file which
contains a local list of DNS names and IP addresses they should match to.

# cat /etc/hosts
127.0.0.1 localhost locahost.localdomain
192.168.1.101 redtail
172.14.66.32 foobar.slackware.com

Here you can see that localhost has an IP address of 127.0.0.1 (always reserved for localhost),
redtail can be reached at 192.168.1.101, and foobar.slackware.com is 172.14.66.32.

How to Check Network Interface Card (NIC) Status Using Windows 7 or Vista

Whether the network interface card (NIC) is part of your PC’s motherboard circuitry or attached
as an expansion card, you can inspect its status by using the Device Manager in Windows 7 and
Windows Vista.
Follow these steps to check on the NIC hardware:
1. Open the Control Panel.
2. Open the Device Manager.
o In Windows 7, choose Hardware and Sound, and then choose the Device Manager
link beneath the Devices and Printers heading.
o In Windows Vista, choose Hardware and Sound, and then choose Device
Manager.
You need to type the administrator password or click the Continue button to proceed in Windows
Vista.
3. Expand the Network Adapters item to view all network adapters installed on your PC.
 You most likely have only one.
 4. Double-click the Network Adapter entry to display your PC’s network adapter’s
Properties dialog box.
 The General tab in the Properties dialog box lists the device status. Any
problems detected by Windows appear in that message box. Otherwise, the
message reads This device is working properly.
5. Click the Resources tab in the Properties dialog box.
6. Check the Conflicting Device list.
 You should see no conflicts listed. If not, the source of the conflicts must be
resolved. Generally, it would mean removing whatever other device is
conflicting with the NIC or reconfiguring the device.
7. Click OK to close the Properties dialog box.
8. Close the Device Manager window as well as the Control Panel.

The first solution for fixing a bad NIC is first to view the suggestions listed in the Properties
dialog box. When those suggestions aren’t helpful, one alternative is to use another NIC.
If you have a NIC on an expansion card, simply remove the old expansion card and install a new
one.
When the NIC is on the motherboard, your alternative is simply to install a second NIC as an
expansion card.
For a laptop, get a USB NIC, either wired or wireless, when the laptop’s NIC fails.

o You will probably know when the NIC isn’t working properly before you even open its
Properties dialog box. That’s because bum devices are flagged with a yellow icon in the
Device Manager.
o If your PC came with a NIC diagnostics tool, using it would be, obviously, a better option
for checking on the NIC as well as for testing the NIC’s condition. Check the Start
button’s All Programs menu. Look for a folder (submenu) specific to the NIC
manufacturer, such as Intel, Netlink, or Linksys.
o Yes, you can have multiple network adapters in a PC. For example, a laptop computer
would have both wired and wireless NICs. When you have multiple NICs, you can repeat
these steps to review any problems or conflicts with each of the adapters.
 o To disable a NIC, open its Properties dialog box. Use the Disable button on the Driver
tab. By disabling the device, you ensure that Windows doesn’t use it and instead uses
another NIC that functions properly.
o To deal with a hardware conflict, you must reset the IRQ on one of the two conflicting
devices. Or, you can remove one device. See which devices can be replaced by a
comparable USB device. USB devices don’t have the conflicts that IRQ gizmos do.

How to Check the Network Interface Card (NIC) Status in Windows XP

Whether your network interface card (NIC) is part of your PC’s motherboard circuitry or
attached as an expansion card, you can inspect its status by using the Device Manager in
Windows XP.

Follow these steps to check on the NIC’s hardware in your Windows XP computer:

1. Press Win+Break to quickly summon the System Properties dialog box.

2. Click the Hardware tab.
3. Click the Device Manager button.
The Device Manager window appears.
4. Expand the Network Adapters area by clicking the plus sign [+] icon.

You see a list of all network adapters installed in your PC.

5. Double-click a network adapter entry.

The adapter’s Properties dialog box appears. On the General tab, you see the device status. It
should say This device is working properly. If not, any specific problems are noted.

6. Click the Resources tab.

 7. Review the Conflicting Device list.

No conflicts should be listed. When they are, resolve them by looking at the source of the
conflict.

8. Click the OK button to close the Properties dialog box.

9. Close the Device Manager and the Control Panel windows.

The first solution for fixing a bad NIC is first to view the suggestions listed in the Properties
dialog box. When those suggestions aren’t helpful, one alternative is to use another NIC.

If you have a NIC on an expansion card, simply remove the old expansion card and install a new
one.

When the NIC is on the motherboard, your alternative is simply to install a second NIC as an
expansion card.

For a laptop, get a USB NIC, either wired or wireless, when the laptop’s NIC fails.

 You will probably know when the NIC isn’t working properly before you even open its
Properties dialog box. That’s because bum devices are flagged with a yellow icon in the
Device Manager.
 When you’re having network adapter problems in Windows XP, click the Troubleshoot
button (after Step 5) to run the NIC Troubleshooter.
 If your PC came with a NIC diagnostics tool, using it would be, obviously, a better option
for checking on the NIC as well as for testing the NIC’s condition. Check the Start
button’s All Programs menu. Look for a folder (submenu) specific to the NIC
manufacturer, such as Intel, Netlink, or Linksys.
 Yes, you can have multiple network adapters in a PC. For example, a laptop computer
would have both wired and wireless NICs. When you have multiple NICs, you can repeat
these steps to review any problems or conflicts with each of the adapters.
  To disable a NIC, open its Properties dialog box. Choose Disable from the drop-down
menu at the bottom of the General tab. By disabling the device, you ensure that Windows
XP doesn’t use the problem NIC and, instead, uses another NIC that functions properly.
 To deal with a hardware conflict, you must reset the IRQ on one of the two conflicting
devices. Or, you can remove one device. My suggestion is to see which devices can be
replaced by a comparable USB device. USB devices don’t have the conflicts that IRQ
gizmos do.

Connectivity testing with Ping, Telnet, Tracert and PathPing:

All of the following command line tools are accessed from the command prompt. You can open
a command prompt window by selecting Start | All Programs | Accessories | Command Prompt.

You can also open the command prompt window by selecting Start | Run - and then entering
CMD.EXE into the dialog box and pressing the Enter key or the OK button.

Each tool in this KB is given only a very basic overview and usage description. We would
suggest that you research each of these in more detail to learn about advanced usage.

PING :

The ping command is a very simple connectivity testing tool. Ping verifies connectivity by
sending Internet Control Message Protocol (ICMP) echo packets to a host and listening for an
echo reply.

The ping command waits for each packet sent and prints the number of packets transmitted and
received. Each received packet is validated against the sent packet. The default setting will send
four echo packets containing 64 bytes of data. You can use the ping utility to test both the host
name and IP address of the host for DNS resolution. A successful IP ping and failed host name
ping could indicate name resolution issues.
Usage:

In a command prompt window, enter Ping followed by the Fully Qualified Domain Name
(FQDN) or IP address of the server you want to test. You may wish to use the –t command line
switch to send continuous echo requests to a host.

Ping 123.123.123.123

Common usage examples might be to test for a server to be restarted and start responding again.
You may wish to use the –t command line switch to send continuous echo requests:

Ping 123.123.123.123 –t

Another example may be to test what IP address is returned by a specific record or service
lookup:

Ping mail.domain_name.com
Ping www.domain_name.com

TELNET:

Telnet comes from the combination of the words telephone and network. It was originally
designed to allow for command line remote management over slower connection types. RFC 854
states: “The purpose of the TELNET Protocol is to provide a fairly general, bi-directional, eight-
bit byte orientated communications facility. “

It is a TCP based protocol that can also be used to test a variety of services for connectivity. You
can use it to test for SMTP, SQL or Remote Desktop connectivity. This is a good test to use for
service or port blocks resulting from a firewall configuration.

Usage:
In a command prompt, enter TELNET, followed by the Fully Qualified Domain Name (FQDN)
or IP address of the server you want to connect to - and then the port that the service uses.

TELNET 123.123.123.123 5678

The following is a list of common protocols and ports of interest:

FTP 21
SMTP 25
SQL 1433
RDP 3389

The response of a successful connection will be different for each service, but a failed
connection will always respond with a variation of the following message: "Could not open
connection to the host, on port n: Connect failed"

When testing your mail connection with Telnet, you will want to reference the mail record for
the domain:

TELNET mail.yourdomain.com 25

TRACERT:

Tracert is the Windows implementation of the traceroute tool that originated on UNIX and
Cisco systems. Tracert is a Windows command-line tool that displays the path a packet takes to
reach a destination from the machine that it is executed on. It does this by sending Internet
Control Message Protocol (ICMP) echo request messages to the destination. It does this by
incrementally increasing the Time To Live (TTL) values to find the path taken to the destination
address. The path is displayed as a list in the order of which it heard back from each node that it
passed through on its way to the destination.
When you run tracert, the top line shows the destination of the trace. It also lets us know that it
stops if it reaches a maximum of 30 hops. Next you will see each hop it takes to reach the
destination. The number of hops will go in order numerically from 1 to 30 depending on the path
to the destination. Following this tracert will normally include at least 4 pieces of information for
each hop; the number of the hop, the Round Trip Time (RTT is displayed in milliseconds or ms)
it takes to get from the interface of the current hop and then back again to your machine, the IP
address of the interface for that hop and the hostname corresponding to the IP address of the hop.
The default is to send out 3 packets to each hop. This is done in case a packet is lost and allows
you to get an idea of whether or not there is a variance in the time for a specific hop.

A high number on the first external hop from you machine is a good indication of possible Local
Area Network (LAN) issues.

An asterisk (*) indicates an echo request that was lost. These can be the result of security
implementations of firewalls or Access Control List (ACL’s). Additionally, routers may be
configured not to respond to this type of traffic. You may see a row of three asterisks with no IP
address or hostname. The trace may then continue responding normally again and display the
destination results.

Usage:

In a command prompt window, enter TRACERT followed by the Fully Qualified Domain Name
(FQDN) or IP address of the server you want to test. You may wish to use the –d command line
switch to prevent Tracert from resolving the name of the nodes from the IP address in the trace
route.

TRACERT 123.123.123.123

You can see the output results in the following example:

Tracing route to 123.123.123.123 over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 111.111.111.111
2 <1 ms <1 ms <1 ms 222.222.222.222
3 1 ms 1 ms 1 ms 111.222.111.222
4 1 ms 1 ms 12 ms 222.111.222.111
5 * * * Request timed out.
6 14 ms 13 ms 13 ms 123.123.123.123

Trace complete.

Additionally, you can use external tools such as www.traceroute.org or other ‘looking glass’
type sites to verify traces from different geographic locations throughout the world. You may
want to select multiple sites to test connectivity to your server.

PATHPING:

PathPing is a utility that combines many of the features of Ping and Tracert into one tool. You
can use it to verify connectivity to a host as well as see if you are taking an optimal path to a
remote host or suffering from a bottleneck somewhere in the connection route. The final output
provides statistics on the latency (packet loss) by sending multiple echo requests over a period of
time to each node between the local and remote host.

Initially, PathPing will produce results are similar to Tracert; you will see the hop number
followed by the IP address or node name. PathPing will then compute the statistics (the time this
takes depends on the number of hops) for each node in the connection route. After the
computation is complete, the window will display the following information for each node: Hop
number, Round Trip Time (RTT), percent of packets Lost and Sent for Source to Here, the
Address of the node at that hop and the percent of packets Lost and Sent from This Node/Link to
the next node. You can see the output results in the following example:
 Source to Here This Node/Link

Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address (Node)

0 111.111.111.111/
0/100 = 0% |
1 30ms 0/100 = 0% 0/100 = 0% 222.222.222.222/
0/100 = 0% |
2 30ms 0/100 = 0% 0/100 = 0% 111.222.111.222/
33/100 = 33% |
3 30ms 0/100 = 0% 0/100 = 0% 222.111.222.111/
0/100 = 0% |
0 30ms 0/100 = 0% 0/100 = 0% 123.123.123.123

Trace complete.

The “Source to Here” – is the first set of statistic after the hop number is equivalent to if you
pinged the node directly.

The “This Node/Link” is the set of statistic before the pipe and is the column you want to pay
the most attention to. This will show you the statistics for the links between the nodes.

In the above example, the link between 111.222.111.222 and 222.111.222.111 is dropping 33
percent of the packets. The router at hop 3 is dropping packets addressed to it, but this loss does
not affect their ability to forward traffic.

A 0/100 = 0% means that out of 100 packets, none were lost. A low single digit loss 1% or 2%
is common, but anything higher is an indication of

Usage:
In a command prompt window, enter PathPing followed by the Fully Qualified Domain Name
(FQDN) or IP address of the server you want to test. You may wish to use the –n command line
switch to prevent PathPing from resolving name from the IP address of the nodes in the
connection route.

PATHPING –n 123.123.123.123

PathPing offers slightly more accurate output over Tracert because it provides averages based on
multiple echo requests. One disadvantage to PathPing is that it can take longer to return results.

ipconfig

In computing, ipconfig (internet protocol configuration) in Microsoft Windows is a console

application that displays all current TCP/IP network configuration values and can modify
Dynamic Host Configuration Protocol DHCP and Domain Name System DNS settings.[1]

In most cases, the ipconfig command is used with the command-line switch /all. This results in
more detailed information than ipconfig alone.

Syntax
ipconfig [/all] [/renew [Adapter]] [/release [Adapter]] [/flushdns] [/displaydns] [/registerdns]
[/showclassid Adapter] [/setclassid Adapter [ClassID]]

Parameters

 /all : Displays the full TCP/IP configuration for all adapters. Without this parameter,
ipconfig displays only the IP address, subnet mask, and default gateway values for each
adapter. Adapters can represent physical interfaces, such as installed network adapters, or
logical interfaces, such as dial-up connections.
 /renew [Adapter] : Renews DHCP configuration for all adapters (if an adapter is not
specified) or for a specific adapter if the Adapter parameter is included. This parameter is
available only on computers with adapters that are configured to obtain an IP address
automatically. To specify an adapter name, type the adapter name that appears when you
use ipconfig without parameters.

 /release [Adapter] : Sends a DHCPRELEASE message to the DHCP server to release

the current DHCP configuration and discard the IP address configuration for either all
adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter
is included. This parameter disables TCP/IP for adapters configured to obtain an IP
address automatically. To specify an adapter name, type the adapter name that appears
when you use ipconfig without parameters.

 /flushdns : Flushes and resets the contents of the DNS client resolver cache. During DNS
troubleshooting, you can use this procedure to discard negative cache entries from the
cache, as well as any other entries that have been added dynamically.

 /displaydns : Displays the contents of the DNS client resolver cache, which includes both
entries preloaded from the local Hosts file and any recently obtained resource records for
name queries resolved by the computer. The DNS Client service uses this information to
resolve frequently queried names quickly, before querying its configured DNS servers.

 /registerdns : Initiates manual dynamic registration for the DNS names and IP addresses
that are configured at a computer. You can use this parameter to troubleshoot a failed
DNS name registration or resolve a dynamic update problem between a client and the
DNS server without rebooting the client computer. The DNS settings in the advanced
properties of the TCP/IP protocol determine which names are registered in DNS.

 /showclassid Adapter : Displays the DHCP class ID for a specified adapter. To see the
DHCP class ID for all adapters, use the asterisk (*) wildcard character in place of
 Adapter. This parameter is available only on computers with adapters that are configured
to obtain an IP address automatically.

 /setclassid Adapter [ClassID] : Configures the DHCP class ID for a specified adapter.
To set the DHCP class ID for all adapters, use the asterisk (*) wildcard character in place
of Adapter. This parameter is available only on computers with adapters that are
configured to obtain an IP address automatically. If a DHCP class ID is not specified, the
current class ID is removed.

 /?: Displays help at the command prompt.

Final note:;

All of these Windows utilities are based on ICMP echo request over TCP/IP - otherwise known
as ping packets. Many firewalls block ICMP traffic - so you may not get the response although
the site is up and responsive. Access rules can cause false negatives with the reporting of from
these network tools.

Troubleshoot network adapter problems

If you can't connect to a network, there might be a problem with your network adapter. Here are
some common reasons for network adapter problems and related solutions.

If you are having problems connecting to a Windows Meeting Space meeting, search Windows
Help and Support for "Troubleshoot Windows Meeting Space."
 The network adapter is disabled.
 The network adapter needs to be reset.
 The network adapter driver is missing, isn't working, or is out of date.
 The network adapter needs to be replaced.
1. The network adapter is disabled.

To enable the adapter:

  Open Network Connections by clicking the Start button , clicking Control Panel, clicking
Network and Internet, clicking Network and Sharing Center, and then clicking Manage
network connections.
 Right-click the network adapter icon, and then click Enable. If you are prompted for an
administrator password or confirmation, type the password or provide confirmation.
2. The network adapter needs to be reset.
To reset the adapter:
 Open Network Connections by clicking the Start button , clicking Control Panel, clicking
Network and Internet, clicking Network and Sharing Center, and then clicking Manage
network connections.
 Right-click the network adapter icon, and then click Disable. If you are prompted for an
administrator password or confirmation, type the password or provide confirmation.
 Right-click the adapter icon again, and then click Enable. If you are prompted for an
administrator password or confirmation, type the password or provide confirmation.

The adapter is now reset. Try connecting to the network again, or run Network Diagnostics to
verify that your network adapter is now working correctly.

Open Network Diagnostics by right-clicking the network icon in the notification area, and then
clicking Diagnose and repair.
3. The network adapter driver is missing, isn't working, or is out of date.
You must be logged on as an administrator to perform these steps.
If you reset your network adapter and you still can't connect to a network, you might need to
update the adapter driver. (Updating the driver can solve the problem of missing or failed
drivers, as well as outdated ones.) To update your network adapter driver, follow these steps:

 Open Device Manager by clicking the Start button , clicking Control Panel, clicking
System and Maintenance, and then clicking Device Manager.‌ If you are prompted for an
administrator password or confirmation, type the password or provide confirmation.
 Double-click Network Adapters, right-click your adapter, and then click Properties.
  Click the Driver tab, and then click Update Driver.

If Windows cannot find the driver on your computer and you do not have a connection to the
Internet, you might need to contact the network adapter manufacturer or your computer
manufacturer to get the driver. Check the information that came with your network adapter or
your computer to see if you have a disc that contains the drivers.

Once you've updated the driver, try connecting to the network again, or run Network Diagnostics
to verify that the adapter is updated.

Open Network Diagnostics by right-clicking the network icon in the notification area, and then
clicking Diagnose and repair.
4. The network adapter needs to be replaced.
If you've tried resetting the network adapter and updating the drivers, and Network Diagnostics
indicates that there is still a problem with your network adapter, try replacing the adapter. Buy a
new network adapter and install it in your computer by following the manufacturer's instructions,
or have a service technician replace the adapter for you.
NETWORK PROTOCOLS
Introduction to Protocols

The Function of Protocols

Protocols are rules and procedures for communicating. The term "protocol" is used in a variety
of contexts. For example, diplomats from one country adhere to rules of protocol designed to
help them interact smoothly with diplomats from other countries. Rules of protocol apply in the
same way in the computer environment. When several computers are networked, the rules and
technical procedures governing their communication and interaction are called protocols.

Keep three points in mind when you think about protocols in a network environment:

 There are many protocols. While each protocol facilitates basic communications, each
has different purposes and accomplishes different tasks. Each protocol has its own advantages
and restrictions.
 Some protocols work only at particular OSI layers. The layer at which a protocol works
describes its function. For example, a protocol that works at the physical layer ensures that the
data packet passes through the network interface card (NIC) and out onto the network cable.
 Protocols can also work together in a protocol stack, or suite. Just as a network
incorporates functions at every layer of the OSI reference model, different protocols also work
together at different levels in a single protocol stack. The levels in the protocol stack "map," or
correspond, to the layers of the OSI reference model. For instance, the TCP/IP protocol's
application layer maps to the OSI reference model's presentation layer. Taken together, the
protocols describe the entire stack's functions and capabilities.

How Protocols Work

The entire technical operation by which data is transmitted over the network has to be broken
down into discrete, systematic steps. At each step, certain actions take place that cannot take
place at any other step. Each step includes its own rules and procedures, or protocol.

The protocol steps must be carried out in a consistent order that is the same on every computer in
the network. In the sending computer, these steps must be executed from the top down. In the
receiving computer, these steps must be carried out from the bottom up.

The Sending Computer

Protocols at the sending computer:

1. Break the data into smaller sections, called packets, which the protocol can handle.
2. Add addressing information to the packets so that the destination computer on the
network can determine that the data belongs to it.
3. Prepare the data for transmission through the NIC and out onto the network cable.

The Receiving Computer

Protocols at the receiving computer carry out the same series of steps in reverse order. They:

1. Take the data packets off the cable.

2. Bring the data packets into the computer through the NIC.
3. Strip the data packets of all the transmitting information that was added by the sending
computer.
4. Copy the data from the packets to a buffer for reassembly.
5. Pass the reassembled data to the application in a usable form.

Both sending and receiving computers need to perform each step in the same way so that the data
will have the same structure when it is received as it did when it was sent.

For example, two different protocols might each break data into packets and add on various
sequencing, timing, and error-checking information, but each will do it differently. Therefore, a
computer using one of these protocols will not be able to communicate successfully with a
computer that is using the other protocol.

Routable Protocols
Until the mid-1980s, most local area networks (LANs) were isolated. A LAN served a single
department or company and was rarely connected to any larger environments. As LAN
technology matured, however, and the data communication needs of businesses expanded, LANs
evolved, becoming components in larger data communication networks in which LANs talked to
each other.

Data that is sent from one LAN to another along any of several available paths is said to be
routed. The protocols that support multipath LAN-to-LAN communications are known as
routable protocols. Because routable protocols can be used to tie several LANs together and
create new wide-area environments, they are becoming increasingly important.

Protocols in a Layered Architecture

In a network, several protocols have to work together. By working together, they ensure that the
data is properly prepared, transferred to the right destination, received, and acted upon.

The work of the various protocols must be coordinated so that no conflicts or incomplete
operations take place. The results of this coordination effort are known as layering.

Protocol Stacks
A protocol stack is a combination of protocols. Each layer of the stack specifies a different
protocol for handling a function or subsystem of the communication process. Each layer has its
own set of rules. Figure 1.9.1 shows the OSI reference model and the rules associated with each
layer. The protocols define the rules for each layer in the OSI reference model.

IP addressing
IP addresses are represented by a 32-bit unsigned binary value. It is usually expressed in
a dotted decimal format. For example, 9.167.5.8 is a valid IP 66 TCP/IP Tutorial and
Technical Overview address. The numeric form is used by IP software. The mapping
between the IP address and an easier-to-read symbolic name, for example
myhost.ibm.com, is done by the Domain Name System (DNS).
The IP address
IP addresses are used by the IP protocol to uniquely identify a host on the Internet (or
more generally, any internet). Strictly speaking, an IP address identifies an interface that
is capable of sending and receiving IP datagrams. One system can have multiple such
interfaces. However, both hosts and routers must have at least one IP address, so this
simplified definition is acceptable. IP datagrams (the basic data packets exchanged
between hosts) are transmitted by a physical network attached to the host. Each IP
datagram contains a source IP address and a destination IP address. To send a datagram
to a certain IP destination, the target IP address must be translated or mapped to a
physical address. This may require transmissions on the network to find out the
destination's physical network address. (For example, on LANs, the Address Resolution
is used to translate IP addresses to physical MAC addresses.)

IP addressing standards are described in RFC 1166 – Internet Numbers. To identify a

host on the Internet, each host is assigned an address, the IP address, or in some cases, the
Internet address. When the host is attached to more than one network, it is called multi-
homed and has one IP address for each network interface. The IP address consists of a
pair of numbers:
IP address = <network number><host number>
The network number portion of the IP address is administered by one of three
Regional Internet Registries (RIR):
  American Registry for Internet Numbers (ARIN): This registry is responsible
for the administration and registration of Internet Protocol (IP) numbers for North
America, South America, the Caribbean and sub-Saharan Africa.
 Reseaux IP Europeens (RIPE): This registry is responsible for the
administration and registration of Internet Protocol (IP) numbers for Europe,
Middle East, parts of Africa.
 Asia Pacific Network Information Centre (APNIC): This registry is
responsible for the administration and registration of Internet Protocol (IP)
numbers within the Asia Pacific region.
IP addresses are 32-bit numbers represented in a dotted decimal form (as the decimal
representation of four 8-bit values concatenated with dots). For example, 128.2.7.9 is an
IP address with 128.2 being the network number and 7.9 being the host number. The
rules used to divide an IP address into its network and host parts are explained below.
The binary format of the IP address 128.2.7.9 is:
10000000 00000010 00000111 00001001
Class-based IP addresses
The first bits of the IP address specify how the rest of the address should be separated
into its network and host part. The terms network address and netID are sometimes used
instead of network number, but the formal term, used in RFC 1166, is network number.
Similarly, the terms host address and hostID are sometimes used instead of host number.
There are five classes of IP addresses. They are shown in Figure 4.2.
Figure 4.2. IP - Assigned classes of IP addresses
Where:
 Class A addresses: These addresses use 7 bits for the <network> and 24 bits for the
<host> portion of the IP address. This allows for 2 7-2 (126) networks each with 224-2
(16777214) hosts; a total of over 2 billion addresses.
 Class B addresses: These addresses use 14 bits for the <network> and 16 bits for the
<host> portion of the IP address. This allows for 2 14-2 (16382) networks each with 216-2
(65534) hosts; a total of over 1 billion addresses.
 Class C addresses: These addresses use 21 bits for the <network> and 8 bits for the
<host> portion of the IP address. That allows for 2 21-2 (2097150) networks each with 2 8-
2 (254) hosts; a total of over half a billion addresses.
 Class D addresses: These addresses are reserved for multicasting (a sort of
broadcasting, but in a limited area, and only to hosts using the same class D address).
 Class E addresses: These addresses are reserved for future use.
A Class A address is suitable for networks with an extremely large number of hosts. Class C
addresses are suitable for networks with a small number of hosts. This means that medium-sized
networks (those with more than 254 hosts or where there is an expectation of more than 254
hosts) must use Class B addresses. However, the number of small- to medium-sized networks
has been growing very rapidly. It was feared that if this growth had been allowed to continue
unabated, all of the available Class B network addresses would have been used by the mid-
1990s. This was termed the IP address exhaustion problem. (The number of networks on the
Internet has been approximately doubling annually for a number of years. However, the usage of
the Class A, B, and C networks differs greatly. Nearly all of the new networks assigned in the
late 1980s were Class B, and in 1990 it became apparent that if this trend continued, the last
Class B network number would be assigned during 1994. On the other hand, Class C networks
were hardly being used.)
The division of an IP address into two parts also separates the responsibility for selecting the
complete IP address. The network number portion of the address is assigned by the RIRs. The
host number portion is assigned by the authority controlling the network. As shown in the next
section, the host number can be further subdivided: this division is controlled by the authority
which manages the network. It is not controlled by the RIRs.
Reserved IP addresses
A component of an IP address with a value all bits 0 or all bits 1 has a special meaning:
 All bits 0: An address with all bits zero in the host number portion is interpreted as this
host (IP address with <host address>=0). All bits zero in the network number portion is
this network (IP address with <network address>=0). When a host wants to
communicate over a network, but does not yet know the network IP address, it may send
packets with <network address>=0. Other hosts on the network interpret the address as
meaning this network. Their replies contain the fully qualified network address, which
the sender records for future use.
 All bits 1: An address with all bits one is interpreted as all networks or all hosts. For
example, the following means all hosts on network 128.2 (class B address):
128.2.255.255
This is called a directed broadcast address because it contains both a valid <network
address> and a broadcast <host address>.
 Loopback: The class A network 127.0.0.0 is defined as the loopback network. Addresses
from that network are assigned to interfaces that process data within the local system.
These loopback interfaces do not access a physical network.

IP subnets
Due to the explosive growth of the Internet, the principle of assigned IP addresses
became too inflexible to allow easy changes to local network configurations. Those
changes might occur when:
 A new type of physical network is installed at a location.
 Growth of the number of hosts requires splitting the local network into two or more
separate networks.
 Growing distances require splitting a network into smaller networks, with gateways
between them.
To avoid having to request additional IP network addresses, the concept of IP
 subnetting was introduced. The assignment of subnets is done locally. The entire network
still appears as one IP network to the outside world.
The host number part of the IP address is subdivided into a second network number and a
host number. This second network is termed a subnetwork or subnet. The main network
now consists of a number of subnets. The IP address is interpreted as:
<network number><subnet number><host number>
The combination of subnet number and host number is often termed the local address or
the local portion of the IP address. Subnetting is implemented in a way that is transparent
to remote networks. A host within a network that has subnets is aware of the subnetting
structure. A host in a different network is not. This remote host still regards the local part
of the IP address as a host number.
The division of the local part of the IP address into a subnet number and host number is
chosen by the local administrator. Any bits in the local portion can be used to form the
subnet. The division is done using a 32-bit subnet mask. Bits with a value of zero bits in
the subnet mask indicate positions ascribed to the host number. Bits with a value of one
indicate positions ascribed to the subnet number. The bit positions in the subnet mask
belonging to the original network number are set to ones but are not used (in some
platform configurations, this value was actually specified with zeros instead of ones, but
either way it is not used). Like IP addresses, subnet masks are usually written in dotted
decimal form.
The special treatment of all bits zero and all bits one applies to each of the three parts of a
subnetted IP address just as it does to both parts of an IP address that has not been
subnetted (see “Reserved IP addresses”). For example, subnetting a Class B network
could use one of the following schemes:
 The first octet is the subnet number; the second octet is the host number. This gives 2 8-2
(254) possible subnets, each having up to 2 8-2 (254) hosts. Recall that we subtract two
from the possibilities to account for the all ones and all zeros cases. The subnet mask is
255.255.255.0.
 The first 12 bits are used for the subnet number and the last four for the host number.
This gives 212-2 (4094) possible subnets but only 24-2 (14) hosts per subnet. The subnet
mask is 255.255.255.240.
In this example, there are several other possibilities for assigning the subnet and host portions of
the address. The number of subnets and hosts and any future requirements should be considered
before defining this structure. In the last example, the subnetted Class B network has 16 bits to
be divided between the subnet number and the host number fields. The network administrator
defines either a larger number of subnets each with a small number of hosts, or a smaller number
of subnets each with many hosts.
When assigning the subnet part of the local address, the objective is to assign a number of bits to
the subnet number and the remainder to the local address. Therefore, it is normal to use a
contiguous block of bits at the beginning of the local address part for the subnet number. This
makes the addresses more readable. (This is particularly true when the subnet occupies 8 or 16
bits.) With this approach, either of the subnet masks above are "acceptable" masks. Masks such
as 255.255.252.252 and 255.255.255.15 are “unacceptable.” In fact, most TCP/IP
implementations do not support non-contiguous subnet masks. Their use is universally
discouraged.
Types of subnetting
There are two types of subnetting: static and variable length. Variable length subnetting
is more flexible than static. Native IP routing and Routing IP (RIP) Version 1 support
only static subnetting. However, RIP Version 2 supports variable length subnetting
Static subnetting
 Static subnetting implies that all subnets obtained from the same network use the
same subnet mask.
 This is simple to implement and easy to maintain, it may waste address space in
small networks. Consider a network of four hosts using a subnet mask of
255.255.255.0. This allocation wastes 250 IP addresses.
 All hosts and routers are required to support static subnetting.
Variable length subnetting
 When variable length subnetting is used, allocated subnets within the same
network can use different subnet masks.
 A small subnet with only a few hosts can use a mask that accommodates this
need. A subnet with many hosts requires a different subnet mask.
  The ability to assign subnet masks according to the needs of the individual
subnets helps conserve network addresses.
 Variable length subnetting divides the network so that each subnet contains
sufficient addresses to support the required number of hosts.
 An existing subnet can be split into two parts by adding another bit to the subnet
portion of the subnet mask. Other subnets in the network are unaffected by the
change.
Mixing static and variable length subnetting
Not every IP device includes support for variable length subnetting. Initially, it would
appear that the presence of a host that only supports static subnetting prevents the use of
variable length subnetting. This is not the case. Routers interconnecting the subnets are
used to hide the different masks from hosts.
Hosts continue to use basic IP routing. This offloads subnetting complexities to dedicated
routers.
Static subnetting example
Consider the class A network shown in Figure 4.3

Figure 4.3. IP - Class A address without subnets

Using the following IP address:
00001001 01000011 00100110 00000001 a 32-bit address
9 67 38 1 decimal notation (9.67.38.1)
9.67.38.1 is an IP address (class A) having
9 as the <network address>
67.38.1 as the <host address>
The network administrator may wish to choose the bits from 8 to 25 to indicate the subnet
address. In that case, the bits from 26 to 31 indicate the actual host addresses. Figure 4.4 shows
the subnetted address derived from the original class A address.
Figure 4.4. IP - Class A address with subnet mask and subnet address
A bit mask, known as the subnet mask, is used to identify which bits of the original host address
field indicate the subnet number. In the above example, the subnet mask is 255.255.255.192 (or
11111111 11111111 11111111 11000000 in bit notation). Note that, by convention, the
<network address> is included in the mask as well.
Because of the all bits 0 and all bits 1 restrictions, this defines 2 18-2 (from 1 to 262143) valid
subnets. This split provides 262142 subnets each with a maximum of 26-2 (62) hosts.
The value applied to the subnet number takes the value of the full octet with non-significant bits
set to zero. For example, the hexadecimal value 01 in this subnet mask assumes an 8-bit value
01000000. This provides a subnet value of 64.
Applying the 255.255.255.192 to the sample class A address 9.67.38.1 provides the following
information:
00001001 01000011 00100110 00000001 = 9.67.38.1 (class A address)
11111111 11111111 11111111 11------ 255.255.255.192 (subnet mask)
===================================== logical_AND
00001001 01000011 00100110 00------ = 9.67.38.0(subnet base address)
This leaves a host address of:
-------- -------- -------- --000001 = 1 (host address)
IP will recognize all host addresses as being on the local network for which the logical_AND
operation described above produces the same result. This is important for routing IP datagrams
in subnet environments
The actual subnet number is:
-------- 01000011 00100110 00------ = 68760 (subnet number)
This subnet number is a relative number. That is, it is the 68760th subnet of network 9 with the
given subnet mask. This number bears no resemblance to the actual IP address that this host has
been assigned (9.67.38.1). It has no meaning in terms of IP routing.
The division of the original <host address> into <subnet><host> is chosen by the network
administrator. The values of all zeroes and all ones in the <subnet> field are reserved.
Note:
Because the range of available IP addresses is decreasing rapidly, many routers now support the
use of all zeroes and all ones in the <subnet> field.
This is not consistent with the defined standards.
Variable length subnetting example
Consider a corporation that has been assigned the Class C network 165.214.32.0. The
corporation has the requirement to split this address range into five separate networks each with
the following number of hosts:
• Subnet #1: 50 hosts
• Subnet #2: 50 hosts
• Subnet #3: 50 hosts
• Subnet #4: 30 hosts
• Subnet #5: 30 hosts
This cannot be achieved with static subnetting. For this example, static subnetting divides the
network into four subnets each with 64 hosts or eight subnets each with 32 hosts. This subnet
allocation does not meet the stated requirements.
To divide the network into five subnets, multiple masks should be defined. Using a mask of
255.255.255.192, the network can be divided into four subnets each with 64 hosts. The fourth
subnet can be further divided into two subnets each with 32 hosts by using a mask of
255.255.255.224. There will be three subnets each with 64 hosts and two subnets each with 32
hosts. This satisfies the stated requirements.
Determining the subnet mask
Usually, hosts will store the subnet mask in a configuration file. However, sometimes this
cannot be done, for example, as in the case of a diskless workstation. The ICMP protocol
includes two messages: address mask request and address mask reply. These allow
hosts to obtain the correct subnet mask from a server.
Addressing routers and multi-homed hosts
Whenever a host has a physical connection to multiple networks or subnets, it is
described as being multi-homed. By default, all routers are multi-homed since their
 purpose is to join networks or subnets. A multi-homed host has different IP addresses
associated with each network adapter. Each adapter connects to a different subnet or
network.

IP routing
An important function of the IP layer is IP routing. This provides the basic mechanism
for routers to interconnect different physical networks. A device can simultaneously
function as both a normal host and a router. A router of this type is referred to as a router
with partial routing information.
The router only has information about four kinds of destinations:
• Hosts that are directly attached to one of the physical networks to which the router is
attached.
• Hosts or networks for which the router has been given explicit definitions.
Hosts or networks for which the router has received an ICMP redirect message.

• A default for all other destinations.

Additional protocols are needed to implement a full-function router. These types of
routers are essential in most networks, because they can exchange information with other
routers in the environment. The protocols used by these routers are reviewed in Chapter
4, “Routing protocols” on page 137.
There are two types of IP routing: direct and indirect.
Direct routing
If the destination host is attached to the same physical network as the source host, IP
datagrams can be directly exchanged. This is done by encapsulating the IP datagram in
the physical network frame. This is called direct delivery and is referred to as direct
routing.
Indirect routing
Indirect routing occurs when the destination host is not connected to a network directly
attached to the source host. The only way to reach the destination is via one or more IP
gateways. (Note that in TCP/IP terminology, the terms gateway and router are used
 interchangeably. This describes a system that performs the duties of a router.) The
address of the first gateway (the first hop) is called an indirect route in the IP routing
algorithm. The address of the first gateway is the only information needed by the source
host to send a packet to the destination host.
In some cases, there may be multiple subnets defined on the same physical network. If
the source and destination hosts connect to the same physical network but are defined in
different subnets, indirect routing is used to communicate between the pair of devices. A
router is needed to forward traffic between subnets.
Figure 4.5 shows an example of direct and indirect routes.

Figure 4.3. IP - Direct and indirect routes - Host C has a direct route to hosts B and D, and an
indirect route to host A via gateway B

Network Protocols Analysis

OPEN SYSTEMS INTERCONNECTION (OSI) MODEL
The Needs of Standard in Network Communication
As we have seen in the previous sections, many software and hardware manufacturers supply
products for linking computers in a network. Networking is fundamentally a form of
communication, so the need for manufacturers to take steps to ensure that their products could
interact became apparent early in the development of networking technology. As networks and
suppliers of networking products have spread across the world, the need for standardization
has only increased. To address the issues surrounding standardization, several independent
organizations have created standard design specifications for computer-networking products.
When these standards are adhered to, communication is possible between hardware and software
products produced by a variety of vendors.

Network Communications
Network activity involves sending data from one computer to another. This complex process can
be broken into discrete, sequential tasks. The sending computer must:

1. Recognize the data.

2. Divide the data into manageable chunks.
3. Add information to each chunk of data to determine the location of the data and to
identify the receiver.
4. Add timing and error-checking information.
5. Put the data on the network and send it on its way.

Network client software operates at many different levels within the sending and receiving
computers. Each of these levels, or tasks, is governed by one or more protocols. These protocols,
or rules of behavior, are standard specifications for formatting and moving the data. When the
sending and receiving computers follow the same protocols, communication is assured. Because
of this layered structure, this is often referred to as the protocol stack.

With the rapid growth of networking hardware and software, a need arose for standard protocols
that could allow hardware and software from different vendors to communicate. In response, two
primary sets of standards were developed: the OSI reference model and a modification of that
standard called Project 802.

Acquiring a clear understanding of these models is an important first step in understanding the
technical aspects of how a network functions. Throughout this lesson we refer to various
protocols.
 The OSI Reference Model
In 1978, the International Organization for Standardization (ISO) released a set of specifications
that described network architecture for connecting dissimilar devices. The original document
applied to systems that were open to each other because they could all use the same protocols
and standards to exchange information.

The OSI reference model is the best-known and most widely used guide for visualizing
networking environments. Manufacturers adhere to the OSI reference model when they design
network products. It provides a description of how network hardware and software work together
in a layered fashion to make communications possible. The model also helps to troubleshoot
problems by providing a frame of reference that describes how components are supposed to
function.

A Layered Architecture
The OSI reference model architecture divides network communication into seven layers. Each
layer covers different network activities, equipment, or protocols. Layering specifies different
functions and services as data moves from one computer through the network cabling to another
computer. The OSI reference model defines how each layer communicates and works with the
layers immediately above and below it. For example, the session layer communicates and works
with the presentation and transport layers.

Each layer provides some service or action that prepares the data for delivery over the network to
another computer. The lowest layers define the network's physical media and related tasks, such
as putting data bits onto the network interface cards (NICs) and cable. The highest layers define
how applications access communication services. The higher the layer, the more complex its
task.

The layers are separated from each other by boundaries called interfaces. All requests are passed
from one layer, through the interface, to the next layer. Each layer builds upon the standards and
activities of the layer below it.

Relationships among OSI Reference Model Layers

Each layer provides services to the next-higher layer and shields the upper layer from the details
of how the services below it are actually implemented. At the same time, each layer appears to
be in direct communication with its associated layer on the other computer. This provides a
logical, or virtual, communication between peer layers, as shown in Figure 1.8.1 In reality, actual
communication between adjacent layers takes place on one computer only. At each layer,
software implements network functions according to a set of protocols.

Figure Relationships among OSI layers

Before data is passed from one layer to another, it is broken down into packets, or units of
information, which are transmitted as a whole from one device to another on a network. The
network passes a packet from one software layer to another in the same order as that of the
layers. At each layer, the software adds additional formatting or addressing to the packet, which
is needed for the packet to be successfully transmitted across the network.

At the receiving end, the packet passes through the layers in reverse order. A software utility at
each layer reads the information on the packet, strips it away, and passes the packet up to the
next layer. When the packet is finally passed up to the application layer, the addressing
information has been stripped away and the packet is in its original form, which is readable by
the receiver.

With the exception of the lowest layer in the OSI networking model, no layer can pass
information directly to its counterpart on another computer. Instead, information on the sending
computer must be passed down through each successive layer until it reaches the physical layer.
The information then moves across the networking cable to the receiving computer and up that
computer's networking layers until it arrives at the corresponding layer. For example, when the
network layer sends information from computer A, the information moves down through the
data-link and physical layers on the sending side, over the cable, and up the physical and data-
link layers on the receiving side to its final destination at the network layer on computer B.

In a client/server environment, an example of the kind of information sent from the network
layer on computer A to the network layer on computer B would be a network address, with
perhaps some error-checking information added to the packet.

Interaction between adjacent layers occurs through an interface. The interface defines the
services offered by the lower networking layer to the upper one and further defines how those
services will be accessed. In addition, each layer on one computer appears to be communicating
directly with the same layer on another computer.

The following sections describe the purpose of each of the seven layers of the OSI reference
model, and identify the services that each provides to adjacent layers. Beginning at the top of the
stack (layer 7, the application layer), we work down to the bottom (layer 1, the physical layer).

Application Layer
Layer 7, the topmost layer of the OSI reference model, is the application layer. This layer relates
to the services that directly support user applications, such as software for file transfers, database
access, and e-mail. In other words, it serves as a window through which application processes
can access network services. A message to be sent across the network enters the OSI reference
model at this point and exits the OSI reference model's application layer on the receiving
computer. Application-layer protocols can be programs in themselves, such as File Transfer
Protocol (FTP), or they can be used by other programs, such as Simple Mail Transfer Protocol
(SMTP), used by most e-mail programs, to redirect data to the network. The lower layers support
the tasks that are performed at the application layer. These tasks include general network access,
flow control, and error recovery.

Presentation Layer
Layer 6, the presentation layer, defines the format used to exchange data among networked
computers. Think of it as the network's translator. When computers from dissimilar systems—
such as IBM, Apple, and Sun—need to communicate, a certain amount of translation and byte
reordering must be done. Within the sending computer, the presentation layer translates data
from the format sent down from the application layer into a commonly recognized, intermediary
format. At the receiving computer, this layer translates the intermediary format into a format that
can be useful to that computer's application layer. The presentation layer is responsible for
converting protocols, translating the data, encrypting the data, changing or converting the
character set, and expanding graphics commands. The presentation layer also manages data
compression to reduce the number of bits that need to be transmitted.

The redirector, which redirects input/output (I/O) operations to resources on a server, operates at
this layer.

Session Layer
Layer 5, the session layer, allows two applications on different computers to open, use, and close
a connection called a session. (A session is a highly structured dialog between two workstations.)
The session layer is responsible for managing this dialog. It performs name-recognition and other
functions, such as security, that are needed to allow two applications to communicate over the
network.

The session layer synchronizes user tasks by placing checkpoints in the data stream. The
checkpoints break the data into smaller groups for error detection. This way, if the network fails,
only the data after the last checkpoint has to be retransmitted. This layer also implements dialog
control between communicating processes, such as regulating which side transmits, when, and
for how long.

Transport Layer
Layer 4, the transport layer, provides an additional connection level beneath the session layer.
The transport layer ensures that packets are delivered error free, in sequence, and without losses
or duplications. At the sending computer, this layer repackages messages, dividing long
messages into several packets and collecting small packets together in one package. This process
ensures that packets are transmitted efficiently over the network. At the receiving computer, the
transport layer opens the packets, reassembles the original messages, and, typically, sends an
acknowledgment that the message was received. If a duplicate packet arrives, this layer will
recognize the duplicate and discard it.

The transport layer provides flow control and error handling, and participates in solving
problems concerned with the transmission and reception of packets. Transmission Control
Protocol (TCP) and Sequenced Packet Exchange (SPX) are examples of transport-layer
protocols.

Network Layer
Layer 3, the network layer, is responsible for addressing messages and translating logical
addresses and names into physical addresses. This layer also determines the route from the
source to the destination computer. It determines which path the data should take based on
network conditions, priority of service, and other factors. It also manages traffic problems on the
network, such as switching and routing of packets and controlling the congestion of data.

If the network adapter on the router cannot transmit a data chunk as large as the source computer
sends, the network layer on the router compensates by breaking the data into smaller units. At the
destination end, the network layer reassembles the data. Internet Protocol (IP) and Internetwork
Packet Exchange (IPX) are examples of network-layer protocols.

Data-Link Layer
Layer 2, the data-link layer, sends data frames from the network layer to the physical layer. It
controls the electrical impulses that enter and leave the network cable. On the receiving end, the
data-link layer packages raw bits from the physical layer into data frames. (A data frame is an
organized, logical structure in which data can be placed). The electrical representation of the data
(bit patterns, encoding methods, and tokens) is known to this layer only.

Figure 1.8.2 shows a simple data frame. In this example, the sender ID represents the address of
the computer that is sending the information; the destination ID represents the address of the
computer to which the information is being sent. The control information is used for frame type,
routing, and segmentation information. The data is the information itself. The cyclical
redundancy check (CRC) provides error correction and verification information to ensure that the
data frame is received correctly.
Figure 1.8.2 A simple data frame

The data-link layer is responsible for providing error-free transfer of these frames from one
computer to another through the physical layer. This allows the network layer to anticipate
virtually error-free transmission over the network connection.

Usually, when the data-link layer sends a frame, it waits for an acknowledgment from the
recipient. The recipient data-link layer detects any problems with the frame that might have
occurred during transmission. Frames that were damaged during transmission or were not
acknowledged are then re-sent.

Physical Layer
Layer 1, the bottom layer of the OSI reference model, is the physical layer. This layer transmits
the unstructured, raw bit stream over a physical medium (such as the network cable). The
physical layer is totally hardware-oriented and deals with all aspects of establishing and
maintaining a physical link between communicating computers. The physical layer also carries
the signals that transmit data generated by each of the higher layers.

This layer defines how the cable is attached to the NIC. For example, it defines how many pins
the connector has and the function of each. It also defines which transmission technique will be
used to send data over the network cable.

This layer provides data encoding and bit synchronization. The physical layer is responsible for
transmitting bits (zeros and ones) from one computer to another, ensuring that when a
transmitting host sends a 1 bit, it is received as a 1 bit, not a 0 bit. Because different types of
media physically transmit bits (light or electrical signals) differently, the physical layer also
defines the duration of each impulse and how each bit is translated into the appropriate electrical
or optical impulse for the network cable.

This layer is often referred to as the "hardware layer." Although the rest of the layers can be
implemented as firmware (chip-level functions on the NIC), rather than actual software, the other
layers are software in relation to this first layer.

Memorizing the OSI Reference Model

Memorizing the layers of the OSI reference model and their order is very important. Table below
provides two ways to help you recall the seven layers of the OSI reference model.

Table OSI Reference Model Layers

OSI Layer Down the Stack Up the Stack

Application All Away
Presentation People Pizza
Session Seem Sausage
Transport To Throw
Network Need Not
Data Link Data Do
Physical Processing Please

Transport Control Protocol / Internet Protocol (TCP/IP)

Transmission Control Protocol/Internet Protocol (TCP/IP) is an industry-standard suite of
protocols that provide communications in a heterogeneous (made up of dissimilar elements)
environment. In addition, TCP/IP provides a routable, enterprise networking protocol and access
to the Internet and its resources. Because of its popularity, TCP/IP has become the de facto
standard for what's known as internetworking, the intercommunication in a network that's
composed of smaller networks. This lesson examines the TCP/IP protocol and its relationship to
the OSI reference model.
TCP/IP has become the standard protocol used for interoperability among many different types
of computers. This interoperability is a primary advantage of TCP/IP. Most networks support
TCP/IP as a protocol. TCP/IP also supports routing and is commonly used as an internetworking
protocol.

Other protocols written specifically for the TCP/IP suite include:

 SMTP (Simple Mail Transfer Protocol): E-mail.

 FTP (File Transfer Protocol): For exchanging files among computers running TCP/IP.
 SNMP (Simple Network Management Protocol): For network management.

Designed to be routable, robust, and functionally efficient, TCP/IP was developed by the United
States Department of Defense as a set of wide area network (WAN) protocols. Its purpose was to
maintain communication links between sites in the event of nuclear war. The responsibility for
TCP/IP development now resides with the Internet community as a whole. TCP/IP requires
significant knowledge and experience on the user's part to install and configure. Using TCP/IP
offers several advantages; it:

 Is an industry standard: As an industry standard, it is an open protocol. This means it is

not controlled by a single company, and is less subject to compatibility issues. It is the de
facto protocol of the Internet.
 Contains a set of utilities for connecting dissimilar operating systems: Connectivity
from one computer to another does not depend on the network operating system used on
either computer.
 Uses scalable, cross-platform client-server architecture: TCP/IP can expand (or
shrink) to meet future needs and circumstances. It uses sockets to make the computer
operating systems transparent to one another.

TCP/IP is a suite of protocols that provides the foundation for Windows networks and the
Internet. The TCP/IP protocol stack is based on a four-layer reference model, including the
network interface, internet, transport, and application layers.
The core of TCP/IP services exists at the internet and transport layers. In particular, Address
Resolution Protocol (ARP), IP, TCP, User Datagram Protocol (UDP), and Internet Control
Message Protocol (ICMP) are used in all TCP/IP installations.
Exploring the Layers of the TCP/IP Model End-to-end communication through TCP/IP is based
on four conceptual steps, or layers.

Figure 4-1 Four-layer TCP/IP model and protocol stack

TCP/IP is broken into the following four layers:

 Network interface layer

 Internet layer
 Transport layer
 Application layer

Network Interface Layer

The network interface layer is the step in the communication process that describes standards
for physical media and electrical signaling, Communicates directly with the network.
Examples of standards defined at the network interface layer include Ethernet, Token Ring,
Fiber Distributed Data Interface (FDDI), X.25, Frame Relay, RS-232, and V.35.

Internet Layer
 The internet layer of the TCP/IP model is the step in the communication process during
which information is packaged, addressed, and routed to network destinations.
ARP, IP, and ICMP are examples of internet-layer protocols within the TCP/IP suite.

Address Resolution Protocol (ARP)

■ ARP Whereas IP routes packets to logical addresses that might be dozens of network
segments away, ARP finds the physical computers for which IP packets are destined
within each network segment. After using ARP to look up hardware addresses, TCP/IP
hosts store known IP-to-MAC address mappings in a local ARP cache.

In general ARP translate/ maps IP (Internet protocol) address to physical MAC

(Medium Access Control) address

Internet Protocol (IP)

Internet Protocol (IP) is a packet-switched protocol that performs addressing and route
selection. As a packet is transmitted, this protocol appends a header to the packet so that
it can be routed through the network using dynamic routing tables.

IP is a connectionless protocol and sends packets without expecting the receiving

host to acknowledge receipt. In addition, IP is responsible for packet assembly and
disassembly as required by the physical and data-link layers of the OSI reference model.

Each IP packet is made up of a source and a destination address, protocol identifier,

checksum (a calculated value), and a TTL (which stands for "time to live"). The TTL tells
each router on the network between the source and the destination how long the packet
has to remain on the network. It works like a countdown counter or clock. As the packet
passes through the router, the router deducts the larger of one unit (one second) or the
time that the packet was queued for delivery. For example, if a packet has a TTL of 128,
it can stay on the network for 128 seconds or 128 hops (each stop, or router, along the
way), or any combination of the two. The purpose of the TTL is to prevent lost or
 damaged data packets (such as missing e-mail messages) from endlessly wandering the
network. When the TTL counts down to zero, the packet is eliminated from the network.

An IP packet can be lost, delivered out of sequence, duplicated, or delayed, as can

information in any other protocol. However, IP itself does not attempt to recover from
these types of errors. The acknowledgment of packets delivered, the sequencing of
packets, and the recovery of lost packets are the responsibility of a higher-layer protocol,
such as TCP.

Internet Control Message Protocol (ICMP)

The ICMP is used by IP and higher-level protocols to send and receive status reports
about information being transmitted. Routers commonly use ICMP to control the flow, or
speed, of data between themselves. If the flow of data is too fast for a router, it requests
that other routers slow down.

The two basic categories of ICMP messages are reporting errors and sending queries.

Transport Layer
The transport layer, corresponding to the transport layer of the OSI reference model, is
responsible for establishing and maintaining end-to-end communication between two
hosts. The transport layer provides acknowledgment of receipt, flow control, and
sequencing of packets. It also handles retransmissions of packets. The transport layer can
use either TCP or User Datagram Protocol (UDP) protocols depending on the
requirements of the transmission.

Transmission Control Protocol (TCP)

The TCP is responsible for the reliable transmission of data from one node to another. It
is a connection-based protocol and establishes a connection (also known as a session,
virtual circuit, or link), between two machines before any data is transferred. To establish
a reliable connection, TCP uses what is known as a "three-way handshake." This
establishes the port number and beginning sequence numbers from both sides of the
transmission. The handshake contains three steps:
 1. The requestor sends a packet specifying the port number it plans to use and its initial
sequence number (ISN) to the server.
2. The server acknowledges with its ISN, which consists of the requestor's ISN, plus 1.
3. The requestor acknowledges the acknowledgement with the server's ISN, plus 1.

In order to maintain a reliable connection, each packet must contain:

 A source and destination TCP port number.

 A sequence number for messages that must be broken into smaller pieces.
 A checksum to ensure that information is sent without error.
 An acknowledgement number that tells the sending machine which pieces of the
message have arrived.
 TCP Sliding Windows.( A sliding window is used by TCP for transferring data
between hosts)

User Datagram Protocol (UDP)

A connectionless protocol, the UDP, is responsible for end-to-end transmission of data.

Unlike TCP, however, UDP does not establish a connection. It attempts to send the data
and to verify that the destination host actually receives the data. UDP is best used to send
small amounts of data for which guaranteed delivery is not required. While UDP uses
ports, they are different from TCP ports; therefore, they can use the same numbers
without interference.

UDP enables fast transport of datagram’s by eliminating the reliability features of TCP
such as delivery guarantees and sequence verification. Unlike TCP, UDP is a
connectionless service that provides only best-effort datagram delivery to network hosts.
A source host that needs reliable communication must use either TCP or a program that
provides its own sequencing and acknowledgment services.
Application Layer
The application layer of the TCP/IP model is the step in the communication process
during which end-user data is manipulated, packaged, and sent to and from transport
layer ports. Application-layer protocols often describe a user-friendly method of
 presenting, naming, sending, or receiving data over TCP/IP. Common examples of
application- layer protocols native to the TCP/IP suite include HTTP, Telnet, FTP,
Trivial File Transfer Protocol (TFTP), Simple Network Management Protocol (SNMP),
Domain Name System (DNS), Post Office Protocol 3 (POP3), Simple Mail Transfer
Protocol (SMTP), and Network News Transfer Protocol (NNTP).

Analysing Server and Client performance

Factor which affect system performance

Four Factors That Affect Your Network Performance

Solving issues related to poor Application Response Time (ART) is a key task that network
engineers have to tackle all the time. Is it the application itself or a slow network that is driving
users mad? Maybe it’s the server that’s simply stalling too much?

Finding the cause of your users’ frustration – the application or the network – is important
because knowing exactly where to look is the first step to solving slow response times. Here are
four factors that affect network performance you might want to check when faced with network
issues:

1. Latency: Think of latency as the speed limit on a highway. Traffic speed on a motorway
is affected by many variables such as weather, other traffic, and highway signs. Likewise,
data packets traversing a network are affected by many variables as well. The first step in
mitigating latency is to break down the overall latency into that due to the network and
that due to the application and its associated servers. With that determination made,
visually graph both the application and network latency to help identify patterns and
anomalies that deserve closer attention so that you can later drill down and figure out
exactly what is causing the bottleneck.
 2. Throughput: Throughput is the amount of traffic a network can carry at any one time.
Like the analogy of traffic used to explain latency above, think of throughput as
analogous to the number of lanes on a highway. The more lanes, the more traffic a
highway can accommodate. When thinking of networks, the higher the bit rate, the faster
files transfer. Slow response times might be an issue with your network not having
enough throughput.

3. Packet Loss: Glitches, errors, or network overloading might result in the loss of data
packets. Sometimes routers or switches might shed traffic intentionally to maintain
overall network performance or to enforce a particular service level. In a well-tuned
network intentional packet loss is hopefully a rare occurrence, though packet loss is still
something that happens regularly due to a host of other reasons, and must be monitored
closely to ensure overall network performance.

4. Retransmission: When packet loss does occur, those lost packets are retransmitted. This
retransmission process can cause two delays; one from re-sending the data and the second
delay resulting from waiting until the data is received in the correct order before
forwarding it up the protocol stack.

These factors are not exclusive, but they do help paint a picture of the many things that can
contribute to a slow network. Hopefully, armed with this information, you can start accurately
diagnosing your network before performance issues arise.

Identify system bottle necks

A bottleneck is the "slowest" part of a system. If you examine a beer bottle, the neck is smaller
than the base and so limits the amount of sweet wonderful nectar that you can drink. Mmmm!
Beeer! (sorry, got carried away).
In terms of bandwidth, it's the slowest device in the chain. For example, it makes little difference
having gigabit ethernet on your PC if your router only runs at 10meg. The router there is the
bottleneck.

And it doesn't matter how fast your ethernet card and router and internet infrastructure are, if the
site you're trying to download from is running with a 1200/75 acoustic modem from the early
'80s. The other end is the bottleneck in that case.

Bottlenecks are everywhere. Your network devices, the disk in your PC, having to fetch from
RAM rather than L2 cache, critical paths on your Gantt chart, trying to walk your kids to school
when one is a 7yo speed daemon and the other a 5yo "want to stop and look at every single god-
damned flower"-type :-)

Basically, the thing that, if it was faster, would make the system (as a whole) faster. It's the
bottlenecks where you need to optimise since the return on investment should be higher there.

Proactive Network Maintenance

Unexpected computer and server failures are costly. We prevent many

network failures from ever happening with our proactive managed
services solution and keep your critical IT systems working properly so your
office can stay productive.

By combining regular preventative maintenance and comprehensive real-time monitoring of your

critical network and desktop services, we ensure the reliability and stability of your IT assets.
This solution is so effective; our customers see almost immediate results. A regularly
maintained network means fewer failures, yielding higher productivity and savings on support
costs for you.
At the same time, your exposure to security risks is dramatically lessened, and frustration from
the unstable IT resources almost vanishes. We allow our customers to focus on their core
business functions by taking the worry out of owning a computer network.

 Proactive Maintenance Plans include the following:

 Real-time server state and error monitoring
 Preemptive failure prediction on workstations and servers
 Business data backup monitoring and failure response
 Network-wide virus monitoring
 Desktop optimization and tuning
 Server file system health monitoring and maintenance
 Desktop file system health monitoring and maintenance
 IT asset tracking

Our proactive maintenance systems put us in constant touch with your IT assets, allowing us to
provide you with better care and uptime than even a full-time in-house network administrator.

Troubleshooting Steps
Stage One: Identifying the Problem

Before being able to confront a problem its existence needs to be identified. This might seem an
obvious statement but, quite often, problems will have an impact for some time before they are
recognised or brought to the attention of someone who can do anything about them.

In many organisations it is possible to set up formal systems of communication so that problems

are reported early on, but inevitably these systems do not always work. Once a problem has
been identified, its exact nature needs to be determined: what are the goal and barrier
components of the problem? Some of the main elements of the problem can be outlined, and a
first attempt at defining the problem should be made. This definition should be clear enough for
you to be able to easily explain the nature of the problem to others.
GOAL (I want to...) BARRIER (but…)
Tell a friend that we find something they do I don't want to hurt their feelings.
irritating.
Buy a new computer. I'm not sure which model to get or how much
money is reasonable to spend.
Set up a new business. I don't know where to start.

Looking at the problem in terms of goals and barriers can offer an effective way of defining
many problems and splitting bigger problems into more manageable sub-problems.

Sometimes it will become apparent that what seems to be a single problem, is more accurately a
series of sub-problems. For example, in the problem “I have been offered a job that I want, but I
don't have the transport to get there and I don't have enough money to buy a car.”

“I want to take a job” (main problem)

“But I don't have transport to get there” (sub-problem 1)
“And I don't have enough money to buy a car” (sub-problem 2)

Useful ways of describing more complex problems are shown in the section, 'Structuring the
Problem', below.

During this first stage of problem solving, it is important to get an initial working definition of
the problem. Although it may need to be adapted at a later stage, a good working definition
makes it possible to describe the problem to others who may become involved in the problem
solving process. For example:
Problem Working Definition
“I want to take a job, but I don’t have the “I want to take this job.”
transport to get there and I don’t have enough
money to buy a car.”
Stage Two: Structuring the Problem

This second stage involves gaining a deeper understanding of the problem. Firstly, facts need to
be checked.
Problem Checking Facts
“I want to take a job, but I don’t have the “Do I really want a job?”
transport to get there and I don’t have enough
money to buy a car.”

“Do I really have no access to transport?”

“Can I really not afford to buy a car?”

The questions have to be asked, is the stated goal the real goal? Are the barriers actual barriers
and what other barriers are there? In this example, the problem at first seems to be:
Goal Barrier 1 Barrier 2
Take the job No transport No money

This is also a good opportunity to look at the relationships between the key elements of the
problem. For example, in the 'Job-Transport-Money' problem, there are strong connections
between all the elements.

By looking at all the relationships between the key elements, it appears that the problem is more
about how to achieve any one of three things, i.e. job, transport or money, because solving one of
these sub-problems will, in turn, solve the others.

This example shows how useful it is to have a representation of a problem. Problems can be
represented in the following ways:
 Visually: using pictures, models or diagrams.
 Verbally: describing the problem in words.
Visual and verbal representations include:
 Chain diagrams
 Flow charts
 Tree diagrams
 Lists

Chain Diagrams: These are powerful ways of representing problems using a combination of
diagrams and words. The elements of the problem are set out in words, usually placed in boxes,
and positioned in different places on a sheet of paper, using lines to represent the relationship
between them.

Chain Diagrams are the simplest type, where all the elements are presented in an ordered list,
each element being connected only with the elements immediately before and after it. Chain
diagrams usually represent a sequence of events needed for a solution. A simple example of a
chain diagram illustrates the job-transport-money example as as follows:

GET MONEY GET TRANSPORT TAKE JOB

Flow Charts, by comparison, allow for inclusion of branches, folds, loops, decision points and
many other relationships between the elements. In practice, flow charts can be quite complicated
and there are many conventions as to how they are drawn but, generally, simple diagrams are
easier to understand and aid in 'seeing' the problem more readily.

Tree diagrams and their close relative, the Decision Tree, are ways of representing situations
where there are a number of choices or different possible events to be considered. These types of
diagram are particularly useful for considering all the possible consequences of solutions.
Remember that the aim of a visualisation is to make the problem clearer. Over-complicated
diagrams will just confuse and make the problem harder to understand.

Listing the elements of a problem can also help to represent priorities, order and sequences in
the problem. Goals can be listed in order of importance and barriers in order of difficulty.
Separate lists could be made of related goals or barriers. The barriers could be listed in the order
in which they need to be solved, or elements of the problem classified in a number of different
ways. There are many possibilities, but the aim is to provide a clearer picture of the problem.
Stage Three: Possible Solutions

Brainstorming

Brainstorming is perhaps one of the most commonly used techniques for generating a large
number of ideas in a short period of time. Whilst it can be done individually, it is more often
practised in groups.

Before a brainstorming session begins, the leader or facilitator encourages everyone to

contribute as many ideas as possible, no matter how irrelevant or absurd they may seem.

There should be lots of large sheets of paper, Post-It notes and/or flip charts available, so that
any ideas generated can be written down in such a way that everyone present can see them.

The facilitator should explain the purpose of the brainstorming session (outline the problem/s),
and emphasise the four rules of brainstorming that must be adhered to:
 Absolutely no criticism of suggestion or person is allowed. Positive feedback for all
ideas should be encouraged.
 The aim is to produce as many ideas as possible.
 The aim is to generate a sense of creative momentum. There should be a feeling of
excitement in the group with ideas being produced at a rapid pace. All ideas should be
encouraged, regardless of how irrelevant, 'stupid' or 'off the mark' they might seem.
  Ideas should cross-fertilise each other, in other words everyone should continually look at
the suggestions of the rest of the group and see if these spark any new ideas. Each person
is then feeding off the ideas of the others.

Warming-up exercises encourage participants to get in the right frame of mind for creative
thinking. The exercises should be fun and exciting, with the facilitator encouraging everyone to
think up wild and creative ideas in rapid succession. Possible topics could be: 'What would you
wish to have with you if you were stranded on a desert island?' or 'Design a better mousetrap!'

It is better if the warm-up problems are somewhat absurd as this will encourage the uncritical,
free-flowing creativity needed to confront the later, real problem. A time limit of ten minutes is
useful for the group to come up with as many ideas as possible, each being written down for all
to see. Remember, the aim is to develop an uncritical, creative momentum in the group.

The definition of the problem arrived at earlier in the problem solving process should be written
up, so that everyone is clearly focused on the problem in hand. Sometimes it may be useful to
have more than one definition.

As in the warm-up exercises, a time limit is usually set for the group to generate their ideas,
each one being written up without comment from the facilitator. It helps to keep them in order
so the progression of ideas can be seen later. If the brainstorming session seems productive, it is
as well to let it continue until all possible avenues have been explored. However setting a time
limit may also instill a sense of urgency and may result in a flurry of new ideas a few minutes
before the time runs out.

At the end of the session, time is given to reflect on and to discuss the suggestions, perhaps to
clarify some of the ideas and then consider how to deal with them. Perhaps further
brainstorming sessions may be valuable in order to consider some of the more fruitful ideas.

Divergent and Convergent Thinking

Divergent thinking is the process of recalling possible solutions from past experience, or
inventing new ones. Thoughts spread out or 'diverge' along a number of paths to a range of
possible solutions. It is the process from which many of the following creative problems solving
techniques have been designed.

Convergent thinking is the subsequent process of narrowing down the possibilities to 'converge'
on the most appropriate form of action. The elements necessary for divergent thinking include:

 Releasing the mind from old patterns of thought and other inhibiting influences.
 Bringing the elements of a problem into new combinations.
 Not rejecting any ideas during the creative, problem solving period.
 Actively practicing, encouraging and rewarding the creation of new ideas.

Techniques of Divergent Thinking: Often when people get stuck in trying to find a solution to a
problem, it is because they are continually trying to approach it from the same starting point.
The same patterns of thinking are continually followed over and over again, with reliance placed
on familiar solutions or strategies.

If problems can be thought of in different ways - a fresh approach - then previous patterns of
thought, biases and cycles may be avoided.

Three techniques of divergent thinking are to:

 Bring in someone else from a different area.
 Question any assumptions being made.
 Use creative problem solving techniques such as 'brainstorming'.

Bring in Someone Else from a Different Area: While it is obviously helpful to involve people
who are more knowledgeable about the issues involved in a problem, sometimes non-experts can
be equally, or more valuable. This is because they do not know what the 'common solutions' are,
and can, therefore, tackle the problem with a more open mind and so help by introducing a fresh
perspective.

Another advantage of having non-experts on the team is that it forces the 'experts' to explain
their reasoning in simple terms. This very act of explanation can often help them to clarify their
own thinking and sometimes uncovers inconsistencies and errors in their thinking.

Another way of gaining a fresh viewpoint, if the problem is not urgent, is to put it aside for a
while and then return to it at a later date and tackle it afresh. It is important not to look at any of
your old solutions or ideas during this second look in order to maintain this freshness of
perspective.

Questioning Assumptions: Sometimes problem solving runs into difficulties because it is based
on the wrong assumptions. For example, if a new sandwich shop is unsuccessful in attracting
customers, has it been questioned whether there are sufficient office workers or shoppers in the
local area? Great effort might be spent in attempting to improve the range and quality of the
sandwiches, when questioning this basic assumption might reveal a better, if perhaps unpopular,
solution. Listing assumptions is a good starting point. However, this is not as easy as it first
appears for many basic assumptions might not be clearly understood, or seem so obvious that
they are not questioned. Again, someone totally unconnected with the problem is often able to
offer a valuable contribution to this questioning process, acting as 'devil's advocate', i.e.
questioning the most obvious of assumptions.

Such questions could include:

 What has been done in similar circumstances in the past? Why was it done that way? Is
it the best/only way?
 What is the motivation for solving the problem? Are there any influences such as
prejudices or emotions involved?

Of course, many assumptions that need to be questioned are specific to a particular problem.
Following our example from earlier:
Stage Four: Making a Decision

Once a number of possible solutions have been arrived at, they should be taken forward through
the decision making process. Decision Making is a an important skill in itself and you may want
to read our Decison Making articles for more information. For example, information on each
suggestion needs to be sought, the risks assessed, each option evaluated through a pros and cons
analysis and, finally, a decision made on the best possible option.
Stage Five: Implementation

Making a decision and taking a decision are two different things. Implementation involves:
 Being committed to a solution.
 Accepting responsibility for the decision.
 Identifying who will implement the solution.
 Resolving to carry out the chosen solution.
 Exploring the best possible means of implementing the solution.

Stage Six: Feedback

The only way for an individual or group to improve their problem solving, is to look at how they
have solved problems in the past. To do this, feedback is needed and, therefore, it is important to
keep a record of problem solving, the solutions arrived at and the outcomes. Ways of obtaining
feedback include:
 Monitoring
 Questionnaires
 Follow-up phone calls
 Asking others who may have been affected by your decsions.
It is important to encourage people to be honest when seeking feedback, regardless whether it is
positive or negative.

Problems solving involves seeking to achieve goals and overcoming barriers. The stages of
problem solving include identification of the problem, structuring the problem through the use of
some forms of representation, and looking for possible solutions often through techniques of
divergent thinking. Once possible solutions have been arrived at, one of them will be chosen
through the decision making process.

The final stages of problem solving involve implementing your solution and seeking feedback as
to the outcome, feedback can be recorded for help with future problem solving scenarios.