Introduction to Networking

Networking Introduction
What is a Network? A network is simply a group of two or more Personal Computers linked together. What Types of Networks Are There? Many types of networks exist, but the most common types of networks are LocalArea Networks (LANs), and Wide-Area Networks (WANs). In a LAN, computers are connected together within a "local" area (for example, an office or home). In a WAN, computers are further apart and are connected via telephone/communication lines, radio waves or other means of connection. How are Networks Categorized? Networks are usually classified using three properties: Topology, Protocol and Architecture. Topology specifies the geometric arrangement of the network. Common topologies are a bus, ring and star. You can check out a figure showing the three common types of network topologies here. Protocol specifies a common set of rules and signals the computers on the network use to communicate. Most networks use Ethernet, but some networks may use IBM's Token Ring protocol. We recommend Ethernet for both home and office networking. Architecture refers to one of the two major types of network architecture: Peerto-peer or client/server. In a Peer-to-Peer networking configuration, there is no server, and computers simply connect with each other in a workgroup to share files, printers and Internet access. This is most commonly found in home configurations and is only practical for workgroups of a dozen or less computers. In a client/server network there is usually an NT Domain Controller, to which all of the computers log on. This server can provide various services, including centrally routed Internet Access, mail (including e- mail), file sharing and printer access, as well as ensuring security across the network. This is most commonly found in corporate configurations, where network security is essential.

Muhammad Kashif Riaz

System Administrator Logitech Web: www.logitech.net

Email: sardarkashif@logitech.net

1

Introduction to Networking
Network Cabling
Introduction This section talks about the cabling used in today's networks. There's a lot of different type of cabling in today's networks and I am not going to cover all of them, but I will be talking about the most common cables, which include UTP CAT5 straight through and crossover, Coax and a few more. Cabling is very important if you want a network to work properly with minimum problems and bandwidth losses. There are certain rules which must never be broken when you're trying to design a network, otherwise you'll have problems when computers try to communicate. I have seen sites which suffer from enormous problems because the initial desgin of the network was not done properly ! In the near future, cabling will probably be something old and outdated since wireless communication seems to be gaining more ground, day by day. With that in mind, around 95% of companies still rely on cables, so don't worry about it too much :) Let's have a quick look at the history of cabling which will allow us to appreciate what we have today ! The Beginning We tend to think of digital communication as a new idea but in 1844 a man called Samuel Morse sent a message 37 miles from Washington D.C. to Baltimore, using his new invention ‘The Telegraph’. This may seem a far cry from today's computer networks but the principles remain the same. Morse code is type of binary system which uses dots and dashes in different sequences to represent letters and numbers. Modern data networks use 1s and 0s to achieve the same result. The big difference is that while the telegraph operators of the mid 19th Century could perhaps transmit 4 or 5 dots and dashes per second, computers now communicate at speeds of up to 1 Giga bit, or to put it another way, 1,000,000,000 separate 1s and 0s every second. Although the telegraph and the teletypewriter were the forerunners of data communications, it has only been in the last 35 years that things have really started to speed up. This was borne out of the necessity for computers to communicate at ever ncreasing speeds and has driven the development of faster and faster networking equipment, higher and higher specification cables and connecting hardware. Development of new network technology Ethernet was developed in the mid 1970's by the Xerox Corporation at its Palo Alto Research Centre (PARC) in California and in 1979 DEC and Intel joined forces with Xerox to standardize the Ethernet system for everyone to use. The first specification by the three companies, called the 'Ethernet Blue Book', was released in 1980, it was also known as the 'DIX standard' after their initials. It was a 10 Mega bits per second system (10Mbps, = 10 million 1s and 0s per second) and used a large coaxial backbone cable running throughout the building, with smaller coax cables tapped off at 2.5m intervals to connect to the Muhammad Kashif Riaz System Administrator Logitech Web: www.logitech.net Email: sardarkashif@logitech.net

2

Introduction to Networking
workstations. The large coax, which was usually yellow, became known as 'Thick Ethernet' or 10Base5 - the '10' refers to the speed (10Mbps), the 'Base' because it is a base band system (base band uses all of its bandwidth for each transmission, as opposed to broad band which splits the bandwidth into separate channels to use concurrently) and the '5' is short for the system's maximum cable length, in this case 500m. The Institute of Electrical and Electronic Engineers (IEEE) released the official Ethernet standard in 1983 called the IEEE 802.3 after the name of the working group responsible for its development and, in 1985, version 2 (IEEE 802.3a) was released. This second version is commonly known as 'Thin Ethernet' or 10Base2; in this case the maximum length is 185m even though the '2' suggest that it should be 200m. Since 1983, various standard have been introduced because of the increased bandwidth requirements, so far we are up to the Gigabit rate !

Unshielded Twisted Pair
Introduction Unshielded Twisted Pair cable is most certainly by far the most popular cable around the world. UTP cable is used not only for networking but also for the traditional telephone (UTP-Cat 1). There are 6 different types of UTP categories and, depending on what you want to achieve, you would need the appropriate type of cable. UTP-CAT5 is the most popular UTP cable, it came to replace the good old coaxial cable which was not able to keep up with the constant growing need for faster and more reliable networks. Characteristics The characteristics of UTP are very good and make it easy to work with, install, expand and troubleshoot and we are going to look at the different wiring schemes available for UTP, how to create a straight through UTP cable, rules for safe operation and a lot of other cool stuff ! So let's have a quick look at each of the UTP categories available today:

Muhammad Kashif Riaz

System Administrator Logitech Web: www.logitech.net

Email: sardarkashif@logitech.net

3

pair 2 and 3 are reversed. the only difference is CAT3 can be as long as 100 meters while CAT4 can only be 200 meters. It is also used by phone companies who provide ISDN. CAT2. CAT3. This type of wire is not capable of supporting computer network traffic and is not twisted. you're OK. This type of wire can support computer network and telephone traffic.net Email: sardarkashif@logitech.net 4 .logitech. but for 10Mbps CAT3 will suffice. etc) refers to the revision of the specification and in practical terms refers to the number of twists inside the wire (or the quality of connection in a jack). 3. The "twist" effect of each pair in the cables will cause any interference presented/picked up on one cable to be cancelled out by the cable's partner which twists around the initial cable. that's CAT 5e). CAT1 is typically telephone wire. if you are dealing with a poorly cabled network. 5. then you will be able to find the problem and fix it more efficiently. that differ only in which color coded pairs are connected . Both work equally well. as long as you don't mix them! If you always use only one version. Wiring the UTP cables ! We are now going to look at how UTP cables are wired. CAT3. CAT2 is used mostly for token ring networks. but contains a physical separator between the 4 pairs to further reduce electromagnetic interference. CAT4. but if you mix A and B in a cable run. The next pages (check menu) show you how UTP cable is wired and the different wiring schemes. Straight Thru UTP Cables Introduction We will be mainly focussing on the wiring of CAT5 cables here because they are the most popluar cables around ! You will find info on wiring the classic CAT1 phone cables as well. It is very important you know how exactly to wire UTP cables because it's the base of a solid network and will help you avoid hours of frustration and troubleshooting if you do it right the first time :) On the other hand. It's well worth visiting and reading about. you will get crossed pairs! Muhammad Kashif Riaz System Administrator Logitech Web: www. There are 2 popular wiring schemes that most people use today: the T-568A and T-568B. supporting speeds up to 4 Mbps. CAT3 and CAT4 are both used for Token Ring. where the wiring between the customer's site and the phone company's network uses CAT 1 cable. For higher network speeds (100Mbps plus) you must use CAT5 wire. CAT4 and CAT5 cable are actually 4 pairs of twisted copper wires and CAT5 has more twists per inch than CAT3 therefore can run at higher speeds and greater lengths. CAT5 and CAT6 are network wire specifications. It is similar to CAT5 wire.Introduction to Networking Category 1/2/3/4/5/6 – a specification for the type of copper wire (most telephone and network wire is copper) and jacks. The number (1. CAT6 wire was originally designed to support gigabit Ethernet (although there are standards that will allow gigabit transmission over CAT5 wire.

we'll now look at the pairs to see what colour codes they have : As you can see in the picture on the left." As I've already mentioned. easy to install and very reliable when wired properly :) Muhammad Kashif Riaz System Administrator Logitech Web: www.CAT5 cable is the most common type of UTP around the world ! It's flexible. UTP has 4 twisted pairs of wires. The jack/plug is often referred to as an "RJ-45". while Pairs 1 & 4 are reserved. The male connector on the end of a patchcord is called a "plug" and the receptacle on the wall outlet is a "jack. but that is really a telco designation for the "modular 8 pin connector" terminated with a USOC pinout used for telephones.Introduction to Networking UTP cables are terminated with standard connectors. In Gigabit Ethernet.logitech. all 4 pairs are used. jacks and punchdowns. Pairs 2 & 3 are used for normal 10/100Mbit networks.net 5 .net Email: sardarkashif@logitech. the 4 pairs are labeled.

Brown and Blue. used by all cables to connect to a hub or to your computer's network card.. T568B is also the AT&T standard. don't think that UTP CAT5 cable only comes in one boring colour. It's important not to mix systems. Each pair consists of a solid colored wire and a white wire with a stripe of the same color. The connector standard is called "RJ-45" and is just like a standard RJ-11 modular telephone connector. There are two wiring standards for these cables. The pairs designated for 10 and 100 Mbit Ethernet are Orange and Green. The picture to the right shows a stripped CAT5 cable. not in the definition of what electrical signal is on a particular color. while T-568B is an acceptable alternative.Introduction to Networking The left and center pictures show the end of a CAT5 cable with an RJ-45 connector. except it is a bit wider to carry more pins. those days are over ! You get a wide range of choices today : T-568A & T-568B 4-pair Wiring Ethernet is generally carried in 8-conductor cables with 8-pin modular plugs and jacks.. you should not untwist them any more than necessary (like about 1 cm). The other two pairs. To maintain reliability on Ethernet. In fact. most off-the-shelf data equipment and cables seem to be wired to T568B.that is. Muhammad Kashif Riaz System Administrator Logitech Web: www. which color is on which pin. I have seen very few people using T568A to wire their network.net Email: sardarkashif@logitech. The pairs are twisted together.net 6 . T-568A is supposed to be the standard for new installations. called "T568A" (also called "EIA") and "T568B" (also called "AT&T" and "258A"). indicating the 4 twisted pairs.logitech. can be used for a second Ethernet line or for phone connections. They differ only in connection sequence . Note: Keep in mind that the wiring schemes we are going to talk about are all for straight through cables only! Cross over cables are examined on a separate page! The eight-conductor data cable contains 4 pairs of wires. And to be a bit fancy. as both you and your equipment will become hopelessly confused. However.

which makes it more compatible with the telco voice connections..net 7 .5.logitech.. 3 white/green (pair 3) .net Email: sardarkashif@logitech. 7 white/brown (pair 4) 8 brown (pair 4) TxData + TxData RecvData+ RecvData- The wall jack may be wired in a different sequence because the wires are often crossed inside the jack. The wires connect to RJ-45 8-pin connectors as shown below: Color Codes for T568B Pin color . (Note that in the RJ-11 plug at the top. Note that the blue pair is on the centre pins... The jack should either come with a wiring diagram or at least designate pin numbers. 4 blue (pair 1) 5 white/blue (pair 1) 6 green (pair 3) .) T568A goes: Muhammad Kashif Riaz System Administrator Logitech Web: www..3..Introduction to Networking Pin Number Designations for T568B Note that the odd pin numbers are always the white with stripe color (1...... red=blu) Pin Number Designations for T568AThe T568A specification reverses the orange and green connections so that pairs 1 and 2 are on the centre 4 pins... (green= wh/blu.7)... pairs 1 and 2 are on the centre 4 pins. this pair translates to the red/green pair for ordinary telephone lines which is also in the centre pair of an RJ-11...pair name 1 white/orange (pair 2) 2 orange (pair 2) ..

... In this case the PC is connected directly to the hub/switch which will automatically cross over the cable internaly......net Email: sardarkashif@logitech.Introduction to Networking Color Codes for T568A Pin color .pair name 1 white/green (pair 3) . 7 white/brown (pair 4) 8 brown (pair 4) RecvData+ RecvDataTxData + TxData - The diagram below shows the 568A and 568B in comparison: Where are they used ? The most common application for a straight through cable is a connection between a PC and a hub/switch.net 8 . only 2 wires are used. 2 green (pair 3) ... In the case of a CAT1 cable....... which is usually found in telephone lines. using special circuits. 3 white/orange (pair 2) 4 blue (pair 1) 5 white/blue (pair 1) 6 orange (pair 2) .logitech.. these do not require any special cross over since the phones connect directly to the phone socket. Muhammad Kashif Riaz System Administrator Logitech Web: www..

g computers. the HUB's pinouts though will change depending wether the port is set to normal or uplink. If the HUB didn't x-over the pinouts using its internal circuits (this happens when you use the Uplink port on the hub) then Pin 1 from the PC (which is TX+) would connect to Pin 1 of the HUB (which would be TX+ in this case). This pretty much concludes our discussion on straight thru UTP cables ! CAT5 UTP X-Over Cable Introduction The cross-over (x-over) CAT5 UTP cable has to be one of the most used cables after the classic st raight-thru cable. Since now we don't have a hub. e.net 9 . while others are used to receive data and this is exactly what we take into account when creating an x-over cable. Some of these cables are used to send data.This happens for the rest of the pinouts aswell. the signals assigned to the 8 Pins on the PC side of things.net Email: sardarkashif@logitech. Why do we need an x-over ? When sending or receiving data between two devices. When you connect a PC to a HUB.logitech. If you haven't read the wiring section. so you only need to use a straight thru cable from the PC to the hub. don't worry Muhammad Kashif Riaz System Administrator Logitech Web: www. will always remain the same. used to connect a PC to a HUB. the hub does the x-over for you internally. we need to manually do the x-over. one will be sending while the other receives. Those who read the "wiring utp" section know an x -over cable is a a 568A on one end and a 568B on the other. So you notice that no matter what we do with the HUB port (uplink or normal). this results Pin 1 from the PC (which is TX+) to connect to Pin 1 of the HUB (which connects to RX+). the HUB it will automatically x-over the cable for you by using its internal circuits.Introduction to Networking The picture above shows us a standard CAT5 straight thru cable. All this is done via the network cable and if you look at a network cable you will notice that it contains multiple cables. You might get a bit confused because you might expect the TX+ of one side to connect to the TX+ of the other side but this is not the case. The x -over cable allows us to connect two computers without needing a hub or switch. We basically connect the TX (transmit) of one end to the RX (receive) of the other ! The diagram below shows this in the simplest way possible: CAT5 X-over There is only one way to make a CAT5 x-over cable and it's pretty simple. If you recall.

you would usually use the special uplink port which. The diagram below shows a few examples to make it simpler: Muhammad Kashif Riaz System Administrator Logitech Web: www. As mentioned previously. you might find that all 8 pins are used. these cables aren't any different from the above.Introduction to Networking because I'll be giving you enough information to understand what we are talking about. Here are the pinouts for a x-over cable which has all 8 pins connected: Where else can I use a x-over ? X-over cables are not just used to connect computers. but a variety of other devices. only 4 pins are needed for a x -over cable. Let's now have a look at the pinouts of a typical x-over CAT5 cable: As you can see. an x-over cable is as simple as connecting the TX from one end to the RX of the other and vice versa.net Email: sardarkashif@logitech. When you buy a x over cable. Prime example are switches and hubs. What happens though if you haven't got any uplink ports or they are already used ? The X-over cable will allow you to connect them and solve your problem.logitech. If you have two hubs and you need to connect them. makes that particular port not cross the tx and rx. when activated through a little switch (in most cases). it's just that there are cables running to the unsed pins. but leave them as if they where straight through. This won't make any difference in performance. but is just a habit some people follow.net 10 .

I thought it would be a good idea to include.logitech.net 11 . Let's now have have look at how to cope when we don't have an uplink to spare. thanks to the uplink port. the pinouts of a straight thru and a x-over cable so you can compare them side by side: Muhammad Kashif Riaz System Administrator Logitech Web: www.net Email: sardarkashif@logitech.Introduction to Networking As you can see in the above diagram. in which case we must make a x-over cable to connect the two hubs: All the above should explain a x-over cable. where we use it and why we need it. there is no need for a x-over cable. as a last picture.

Introduction to Networking
10Base-T/2/5/F/35 - Ethernet
Introduction The 10Base-T UTP Ethernet and 10Base-2 Coax Ethernet were very popular around the early to mid 1990's when 100Mbit network cards and hubs/switches were very expensive. Today's prices have dropped so much that most vendors don't focus on the 10Base networks but the 100Base ones and, at the same time, support the 10 BaseT and 10Base-2 standard. We will also talk about the 10Base5/F and 35 shortly. So what does 10 BaseT/2/5/F/35 mean ? To make it simpler to distinguish cables they are categorised; that's how we got the CAT1, 2, 3 etc cables. Each category is specific for speed and type of network. But since one type of cable can support various speeds, depending on its quality and wiring, the cables are named using the "BaseT" to show exactly what type of networks the specific cable is made to handle. We are going to break the "10 Base T (and the rest) " into 3 parts so we can make it easier to understand: 10 The number 10 represents the frequency in MHz (Mega HertZ) for which this cable is made. In this case it is 10 MHz. The greater the MHz, the greater speeds the cable can handle. If you try to use this type of cable for greater frequencies (and, therefore, speeds) then it either will not work or become extremely unreliable. The 10 MHz speed translates to 10Mbit per second, which in theory means 1.2 MBytes per second. In practice though, you wouldn't get more than 800 KBytes per second. Base The word "Base" refers to Baseband. Baseband is the type of communication used by Ethernet and it means that when a computer is transmitting, it uses all the available bandwith, whereas Broadband ( cable modems) shares the bandwidth available. This is the reason cable modem users notice a slowdown in speed when they are connected on a busy node, or when their neighbour is downloading all the time at maximum speed ! Of course with Ethernet you will notice a slowdown in speed but it will be smaller in comparison to broadband. T/2/5/F/35 The "T" refers to "Twisted Pair" physical medium that carries the signal. This shows the structure of the cable and tells us it contains pairs which are twisted. For exa mple, UTP has twisted pairs and this is the cable used in such cases. For more information, see the "UTP -Unshielded Twisted Pair" page where you can find information on pinouts for the cables. 10Base-T A few years ago, the 10 BaseT cables used CAT3 cables, which are used for speeds up to 10Mbit, but today you will find mostly CAT5 cables, which are good for speeds up to 100 Mhz or 100Mbit, these cables are also used for 10Mbit Muhammad Kashif Riaz System Administrator Logitech Web: www.logitech.net Email: sardarkashif@logitech.net

12

Introduction to Networking
networks. Only 2 pairs of the UTP cable are used with the 10Base-T specification and the maximum length is 100 meters. 10Base-2 This specification uses Coaxial cable which is usually black, sometimes also called "Thinwire coax", "Thin Ethernet" or "RJ-58" cable. Maximum length is 185 meters and it uses BNC connectors which, depending on the configuration, require special terminators. 10Base-5 This specification uses what's called "Thick wire" coaxial cable, which is usually yellow. The maximum length is 500 meters and special connectors are used to interface to the network card, these are called AUI (Attachment Unit Interface) connectors and are similar to the DB-15 pin connectors most soundcards use for their joystick/MIDI port. Most networks use UTP cable and RJ-45 connectors or Coaxial cable with BNC "T" connectors, for this reason special devices made their way to the market that allow you to connect an AUI network card to these different cable networks. The picture below shows you a few of these devices:

10Base-F This specification uses fibre optic cable. Fibre optic cable is considered to be more secure than UTP or any other type of cabling because it is nearly impossible to tap into. It is also resistant to electro magnetic interference and attenuation. Even though the 10Base-F specification is for speeds up to 10Mbits per second, depending on the type of fibre and equiptment you use, you can get speeds of up to 2Gigabits per second ! 10Base-35 The 10Base-35 specification uses broadband coaxial cable. It is able to carry multiple baseband channels for a maximum length of 3,600 meters or 3.6 Kms.

Muhammad Kashif Riaz

System Administrator Logitech Web: www.logitech.net

Email: sardarkashif@logitech.net

13

Introduction to Networking
Summary To summarise, keep the following in mind: • • 10Base-T works for 10Mbit networks only and uses unshielded twisted pair cable with RJ-45 connectors at each end and maximum length of 100 meters. They also only use 2 pairs of cables. 10Base-2 works for 10Mbit networks only and uses Coaxial cable. Maximum length is 185 meters and BNC "T" connectors are used to connect to the computers; there are special terminators at each of the coaxial cable. 10Base-5 works for 10Mbit networks only and uses Thick Coaxial cable. Maximum length is 500 meters and special "AUI" connectors (DB-15) are used to interface with the network card. 10Base-F works for 10Mbit networks only and uses cool fibre optic cable :)

• •

100Base-(T) TX/T4/FX - Ethernet
Introduction The 100Base-TX (sometimes referred to 100Base-T) cable is the most popular cable around since it has actually replaced the older 10Base-T and 10Base-2 (Coaxial). The 100Base-TX cable provides fast speeds up to 100Mbits and is more reliable since it uses CAT5 cable (see the CAT 1/2/3/4/5 page).There is also 100Base-T4 and 100Base-FX available, which we discuss later. So what does 100Base-TX/T4/FX mean ? To make it simpler to distinguish cables they are categorised; that's how we got the CAT1, 2, 3 etc cables. Each category is specific for speed and type of network. But since one type of cable can support various speeds, depending on its quality and wiring, the cables are named using the "BaseT" to show exactly what type of networks the specific cable is made to handle. We are going to break the "100Base- T?" into 3 parts so we can make it easier to understand: 100 The number 100 represents the frequency in MHz (Mega HertZ) for which this cable is made. In this case it is 100 MHz. The greater the MHz, the greater speeds the cable can handle. If you try to use this type of cable for greater frequencies (and, therefore, speeds) it will either not work or become extremely unreliable. The 100 MHz speed translates to 100Mbit per second, which in theory means 12 MBytes per second. In practice though, you wouldn't get more than 4 MBytes per second. Base The word "Base" refers to Baseband. Baseband is the type of communication used by Ethernet and it means that when a computer is transmitting, it uses all the available bandwith, whereas Broadband (cable modems) shares the bandwidth available. This is the reason cable modem users notice a slowdown in speed when they are connected on a busy node, or when their neighbour is downloading all

Muhammad Kashif Riaz

System Administrator Logitech Web: www.logitech.net

Email: sardarkashif@logitech.net

14

much lower losses in the cables were essential. 100Base-TX (sometimes called 100Base-T) uses 2 of the 4 available pairs within the UTP cable. used in such cases. TX/T4/FX The "T" refers to "Twisted Pair" physical medium that shows the structure of the cable and tells us it contains For example. whereas the 100Base-T4 uses all 4 pairs. 100Base-FX also works for speeds up to 100Mbits but u ses fibre optic cable instead of UTP. carries the signal. Summary To summarise. The cable specification. Maximum length is 100 meters 100Base-T4 The T4 means it's a CAT5 UTP straight through cable using all 4 available pairs and supports speeds up to 100Mbits. This was the driving force behind the developments to improve the optical losses in fibre manufacturing and today optical losses are significantly lower than the original target set by Charles Kao and George Hockham. Muhammad Kashif Riaz System Administrator Logitech Web: www.net Email: sardarkashif@logitech.Introduction to Networking the time at maximum speed ! Of course with Ethernet you will notice a slowdown in speed but it will be smaller in comparison to broadband. In 1966 Charles Kao and George Hockham proposed the transmission of information over glass fibre and realised that to make it a practical proposition. keep the following in mind: • • • • 100Base-TX/T4 works for 100Mbit networks only and uses unshielded twisted pair cable with RJ-45 connectors at each end All CAT5 UTP cables have 4 pairs of cables (8 wires).logitech. Fiber Optic Cable Introduction In the 1950's more research and development into the transmission of visible images through optical fibres led to some success in the medical world where it was being used in remote illumination and viewing instruments. 100Base-FX The FX means it's a 2 strand fiber cable and supports speeds up to 100Mbits.net 15 . Maximum length is 100 meters. This pairs which are twisted. UTP has twisted pairs and this is the cable 100Base-T is used sometimes to refer to the 100Base-TX 100Base-TX The TX (sometimes refered as "T" only) means it's a CAT5 UTP straight through cable using 2 of the 4 available pairs and supports speeds up to 100Mbits.

Their light weight and small size also make them ideal for applications where running copper cables would be impractical and. but the real benefit in the data industry is its immunity to Electro Magnetic Interference (EMI).Introduction to Networking The advantages of using fibre optics Because of the Low loss.logitech. these are measured in microns which are millionths of a metre. by using multiplexors. Because fibre is non-conductive it can be used where electrical isolation is needed. and the fact that glass is not an electrical conductor. Muhammad Kashif Riaz System Administrator Logitech Web: www.net 16 . The numbers represent the diameters of the fibre core and cladding. very difficult to tap into a fibre cable to read the data signals. high bandwidth properties of fibre cables they can be used over greater distances than copper cables.5/125 micron loose tube.net Email: sardarkashif@logitech. 62. between buildings where copper cables would require cross bonding to eliminate differences in earth potentials. This is pretty impressive for a tiny glass filament. it is very. Fibre construction There are many different types of fibre cable. for instance. Last but not least is the security aspect. Fibres also pose no threat in dangerous environments such as chemical plants where a spark could trigger an explosion. but for the purposes of this explanation we will deal with one of the most common types. In data networks this can be as much as 2km without the use of repeaters. one fibre could replace hundreds of copper cables.

3/125. the outdoor cables usually have the tube filled with gel to act as a moisture barrier to the ingress of water.logitech.5 has become the more popular choice. or both. although recently the 62. Things are beginning to change because the length limits for Gigabit Ethernet over 62.net 17 .5/125 fibre has been reduced to around 220m and now using 8.net Email: sardarkashif@logitech.Introduction to Networking Loose tube fibre cable can be indoor or outdoor. Muhammad Kashif Riaz System Administrator Logitech Web: www.mode cables are the most widely used in data networks. Hopefully. The 8. these are 50/125. This is rather unfortunate because the 50/125 has been found to be the better option for Gigabit Ethernet applications. this shift to single mode may start to bring the costs down.3/125 may be the only choice for some campus size networks. Over the years a variety of core sizes have been produced but these days there are three main sizes that are used in data communications.5/125 and 8.3/125 micron is a single mode cable which until now hasn't been widely used in data networking due to the high cost of single mode hardware. The 50/125 and 62.5/125 micron multi. The number of cores in one cable can be anywhere from 4 to 144. 62.

easy. In multi. thereby reducing intermodal dispersion and improving the shape of the signal. So what about the single-mode fibre? Well. however.mode fibres. which take the most direct route straight down the middle. these have a high refractive index at the centre which gradually reduces to a low refractive index at the circumference.Introduction to Networking What's the difference between single-mode and multi-mode? With copper cables larger size means less resistance and therefore more current. Unlike the examples above which have a definite barrier between core and cladding. At some specific angle between these two view points the light stops reflecting off the surface of the water and passes through the air/water interface allowing you to see the bottom of the pond.net 18 . there are multiple modes of propagation for the rays of light. The inner core has a high refractive index and the outer cladding has a low index. DMD). only allow one mode of propagation.logitech. The water in the pond has a higher refractive index than the air and if you look at it from a shallow angle you will see a reflection of the surrounding area.net Email: sardarkashif@logitech. To ease the problem. This slows down the lower order modes allowing the rays to arrive at the far end closer together. what's the best way to get rid of Intermodal Dispersion?. but with fibre the opposite is true. Light propagation Light travels along a fibre cable by a process called 'Total Internal Reflection' (TIR). if you look straight down at the water you can see the bottom of the pond. this is known as Intermodal Dispersion (sometimes referred to as Differential Mode Delay. which take the longest route as they bounce from one side to the other all the way down the fibre. This has the effect of scattering the signal because the rays from one pulse of light arrive at the far end at different times. graded index fibres were developed. this is made possible by using two types of glass which have different refractive indexes. to high order modes. These range from low order modes. To explain this we first need to understand how the light propagates within the fibre core. So a smaller core size means higher bandwidth and greater distances. Simple as that ! :) Muhammad Kashif Riaz System Administrator Logitech Web: www. as the name suggests. This is the same principle as the reflection you see when you look into a pond.

this info is included in the "Important DCC Info".11 if you were lucky ! Today.net Email: sardarkashif@logitech.22 or Windows for Workgroups 3. but let me show you how serial data is transferred so you can also understand why it's a lot slower: Muhammad Kashif Riaz System Administrator Logitech Web: www. That's pretty slow when you're used to a network connection. Every computer has at least 2 COM ports.Introduction to Networking Direct Cable Connection Introduction From the early PC days. The "COM" stands for "Communications". We will also be learning how to create the cables required to meet our goals and comparing the speed of the two (Serial and Parallel) Because the page ended up being quite long. Installing Windows programs or components to transfer data is out of this section's scope. most computers are equipped with a network card and have an x-over or hub which will allow you to transfer data a lot faster than a serial or parallel cable. it might seem a bit of an "old fashioned" way to transfer data these days but remember that back then most PC's were running Dos 6.logitech. I decided to split it in order to make it easier to read. COM1 and COM2. It's pinouts are a lot simpler when compared to the parallel port. But still. but the speed is also a lot slower :) To give you an idea of how fast (or slow) a serial port is. There is a variety of programs which allow you to use the above mentioned cables to successfully transfer data between PCs but you should know that you can achieve your goal without them as well since Windows 95 and above supports the direct cable connection method. but I have included some notes on what you should check before attempting the Direct Connection via cable.net 19 . Of course. there is always a time when you require a simple transfer via serial or parallel and that's what this page is about. Simply click on the subject you'd like to read about: • • Serial Direct Connection Parallel Direct Connection Serial Direct Cable Connection Serial Direct Connection The Serial Direct Connection is the one which utilizes the COM ports of your computers. at its best you will get around 12 to 14 KB per second. Direct Cable Connection (dcc) was the most popular way to transfer data from one PC to another.

PC 2 will receive the data in the same order it was sent. The serial port of a computer is able to run at different speeds. The following table shows the speeds at which most computers' serial ports are able to run and how many KB/sec they translate to: Muhammad Kashif Riaz System Administrator Logitech Web: www. This is a pretty good representation of data flow in a serial cable.net Email: sardarkashif@logitech. Older computers would have one DB-9 male connector and one DB25 male connector. Another way you can think of it is like a one lane road where the road is wide enough to only fit one car at a time (one data block at a time in our example above). in other words it will receive data block 1 first and then 2.logitech. The 25 pin male connector is pretty much the same as the 9 pin. Serial ports transmit data sequentially over one pair of wires (the rest of the wires are used to controll the transfer). thus allowing us to connect different devices which communicate at different speeds with the computer.Introduction to Networking The above picture gives you an idea on how serial data is transferred. Let's just have another quick look at the COM ports of a new computer: Notice the COM ports. they are both DB-9 connectors.net 20 . these are DB-9 male connectors. all the way to block 7. it's just bigger. Let's have a look at a serial port to see what we are talking about: Different pinouts are used for the DB-9 and DB-25 connectors and we will have a look at them in a moment. so you would imagine that the road cannont process several cars at one time. there is no more DB-25 ! The connector above the two blue COM ports is an LPT or Parallel port. Each coloured block that is numbered is sent from PC 1 to PC 2. The Serial port Most new computers have two COM ports with 9 pins each.

it's call a "null modem" cable. e. and DB-25 to DB-25.Introduction to Networking Now we will have a look at the pin outs of both DB-9 and DB-25 connectors: The Cable All that's left now is the pinouts required to allow us to use the serial cable for direct connection. DB-9 to DB-25. I have created different tables to show you the pinouts for each one: 1) DB-9 to DB-9. There is a special term for this type of a cable. which basically means you need to have TX and RX crossed over.logitech. Because you can have different configurations.net Email: sardarkashif@logitech. You use this configuration when you need a cable with a DB-9 connector on each end: Muhammad Kashif Riaz System Administrator Logitech Web: www.net 21 .g DB-9 to DB-9.

You use this configuration when you need a cable with one DB9 and one DB-25 connector on either end: 3) DB-25 to DB-25.net 22 .net Email: sardarkashif@logitech.logitech. You use this configuration when you need a cable with a DB25 connector on each end: Muhammad Kashif Riaz System Administrator Logitech Web: www.Introduction to Networking 2) DB-9 to DB-25.

Muhammad Kashif Riaz System Administrator Logitech Web: www. that pretty much covers everything about serial direct connection via a null modem cable. but if you're using Windows software be sure you have unique names for each of your computers because Windows will treat the direct connection as a "network" connection.net 23 .net Email: sardarkashif@logitech. If you're using third party software to connect your computers.Introduction to Networking Well.logitech. This means you will be able to see the other computer via Network Neighborhood. you probably won't stumble into big problems.

Because of the variety of parallel (LPT) ports. Most people would know the parallel Direct Cables as "Laplink" cables. with a standard LPT port you're looking at around 40 to 60 KB per second whereas with the faster LPT ports you should expect something around 1MB per second ! Whichever way you see it. Hope that helps :) Muhammad Kashif Riaz System Administrator Logitech Web: www. Parallel ports transmit data simultaneously over multiple lines and are therefore faster than serial. You get one when you buy the Laplink program or PCAnywhere.Introduction to Networking Parallel Direct Cable Connection Parallel Direct Connection The Parallel Direct Connection is the second solution to transfer data from one computer to another.net 24 . it's a huge improvement in comparison to the serial cable (Null modem cable). as far as speed's concerned.net Email: sardarkashif@logitech. In serial transfer there is one block of data moved at a time. If you're having difficulties understanding the diagram just think of a 4 lane highway. The cable required is slightly more complicated as it has more wires that need to be connected. it's usually a yellow cable. more specificaly in our example. Let's have a quick look at the way data is transferred over a parallel link. where 4 cars at a time are moving whereas the serial cable is like a one lane highway with one car at a time moving. 4 to be precise.logitech. We will have a look at them all to make sure we cover everything :) Now. but you'll be able to make your own by the time you finish reading this page. whereas with parallel and. there are 4 data blocks moved at a time. which is our parallel cable. but we use the same cable for everyone one of them. this will help us understand why it's also a lot faster than the serial method of transfer: This diagram shows a parallel transfer. but the speeds you will get from it will make it well worth the time and effort required to make the cable.

logitech.net 25 . depending on the LPT port. I have categorised and colour coded them to show which ports match the table above: 4 bit ports The port can do 8 bit byte output and 4 bit nibble input. of a new computer. it's the electronic characteristics which changes amongst the 4 different types of LPT ports and that's transparent to everyone. This is still the most common type of port. also known as LPT port. I have include a bit more techincal information on the various ports to help you understand more about them. serial/parallel cards. To keep it simple. you will always find the LPT port right above the two COM ports and it's usually colour coded purple. No matter what type of LPT port you have. So what are the different LPT ports ? Before we get stuck into the pinouts of the LPT port. All LPT ports are female DB-25 connectors.Introduction to Networking What does the parallel port (LPT) look like ? The picture below shows a parallel port. they all look the s ame. especially on desktop Muhammad Kashif Riaz System Administrator Logitech Web: www. With new computers. These ports are often called "unidirectional" and are most commonly found on desktop bus cards (also called IO expansion cards. or even 2S+P cards) and older laptops. Again. let's have a look at the different types of LPT ports available. you would expect different speed rates: Because it might seem a bit confusing at the begining.net Email: sardarkashif@logitech.

ECP ports are distinguished by having DMA capability. some hardware data compression capability and are generally featured more than other ports. 4 bit ports are capable of effective transfer rates of about 40-60 KBytes per second in typical devices but can be pushed upwards of 140 KBytes/sec with certain design tricks. 8 bit ports These ports can do both 8 bit input and output and are sometimes called "bidirectional ports" but that term is often misused by vendors to refer to 4 bit ports as well. Let's now have a quick look at the pinouts of an LPT port: Muhammad Kashif Riaz System Administrator Logitech Web: www. the quality of the driver software and the port's electrical characteristics. These ports are as fast as 8 bit bus cards and can achieve transfer rates upwards of 600 KByte per second. ECP ports Can do both 8 bit input and output at bus speeds.logitech. Most newer laptops have 8 bit capability although it may need to be enabled with the laptop's vendor-specific CMOS setup function. EPP ports Can do both 8bit input and output at ISA bus speeds.net Email: sardarkashif@logitech. True 8 bit ports are preferable to 4 bit ports because they are considerably faster when used with external devices that take advantage of the 8 bit capability. 8 bit ports are capable of speeds ranging from 80-300 KBytes per second. These ports are as fast as 8 bit bus cards and can achieve transfer rates upwards of 1 Mbyte per second and faster on PCs whose buses will support it.Introduction to Networking systems. on-board FIFOs at least 16 bytes deep. network adaptors and more. hard drives. The design is capable of faster transfer rates in the future. A relatively smaller percentage of LPT bus cards have 8bit capability that sometimes must be enabled with a hardware jumper on the board itself.EXE (on GUEST) PCs. Laplink cable is used to link two PCs with MSDOS 6. But it can also be used to data-transfer at faster speed with DCC Feature of Win9x/Me/2000. The specification for this port type was jointly developed by Microsoft and Hewlett-Packard. This is discussed below. tape drives.0 or later very effectively by using INTERSVR. again depending on the speed of the attached device.EXE (on Host) and INTERLNK. These ports are usually used by non-printer peripheral devices such as external CDROMs.net 26 .

net 27 . Depending on your computer bios LPT settings you will be able to achieve different speed transfers as outlined in the table above.net Email: sardarkashif@logitech. there are different LPT ports. because I understand how much trouble someone can fall into when trying to create a cable and get it to work properly. And that pretty much finishes the discussion on Parallel Cable Connections ! Muhammad Kashif Riaz System Administrator Logitech Web: www. It provides detailed information about the connection. the parallel port types. the I/O mode (4-bit. the cable being used for the connection. Now. 8bit. I/O address. ECP.logitech. for all the DCC users to troubleshoot and test DCC connection and cable on both computers. The picture below clearly shows the pin outs of the required cable: One wire should be attached to the metal body of the Male pins on both sides.Introduction to Networking The Cable As explained. I have included the DirectParallel Connection Monitor Utility. this is also shown as the "metal body" on the diagram. EPP). but the cable used is the same for all types of LPT ports. and IRQ.

Introduction to Networking
USB Direct Cable Connection
Introduction Serial and Parallel Direct Cable Connections are considered to be a bit "old fashioned" these days. USB Direct Cable Connection (DCC), on the other hand, belongs in the "new fashioned" category :) USB DCC is a few years old, but because most people would use their network card to transfer data, the DCC hasn't been very well known for the USB port, but does exist.... and the catch is that you can't make it, but you must buy it ! But don't be tempted to leave the page just as yet, there is a lot of information on USB which is always good to know. Keep reading .... :) Let's have a closer look and see what it's all about ! About USB USB stands for Universal Serial Bus. Most peripherals for computers these days come in a USB version. The USB port was designed to be very flexible and for this reason you are able to connect printers, external hard drives, cdroms, joysticks, scanners, digital cameras, modems, hubs and a lot of other cool stuff to it. The Universal Serial Bus gives you a single, standardized, easy-to-use way to connect up to 127 devices to a computer. The 127 number is a theoretical number :) In practice it's a lot less ! The devices you connect can even power through the USB port of your computer if they draw less than 500mA, which is half an Ampere (I). A good example is my little Canon scanner, it only has one cable which is used to power the scanner up and to transfer the data to the computer !

Currently there are 2 versions of the USB port, the initial version which is USB v1.1 and the newer version USB v2 which has hit the market since the end of 2001. Most people have computers and devices which use the first version, but all new computers will now come with USB v2. This new version of the USB port is backwards compatible with the older version and also a lot faster.

Muhammad Kashif Riaz

System Administrator Logitech Web: www.logitech.net

Email: sardarkashif@logitech.net

28

Introduction to Networking
The table below compares the two USB ports so you can see the speed difference:

Keep in mind that when you're using a USB DCC cable, you won't get such great speeds, but somewhere around the 500KBytes/sec. This also depends on the type of CPU, O/S, the quality of the cable and electronic components and protocols running on your system. Another thing which you should keep in mind is the Windows operating system that supports the USB port:

The USB Cable the USB standard uses A and B connectors to avoid confusion. "A" connectors head "upstream" toward the computer, while "B" connectors head "downstream" and connect to individual devices. This might seem confusing to some, but it was designed to avoid confusion between consumers because it would be more complicated for most people to try and figure out which end goes where. And this is what the USB cable and connectors actually look like:

Muhammad Kashif Riaz

System Administrator Logitech Web: www.logitech.net

Email: sardarkashif@logitech.net

29

Introduction to Networking
As mentioned earlier, the USB port can power certain devices and also transfer data at the same time. For this to happen, the USB port must have at least 4 cables of which 2 are for the power, and 2 for the data. The diagram is to help you understand what the cable contains:

The USB DCC (Finally :) ) As I mentioned in the introduction of this page, the USB DCC cable cannot be made, because it requires special electronic circuits built around the cable. Parallel Technologies manufacture USB DCC cables and they call it the "NETLinQ":

The USB DCC cable can also be used to connect a computer to your network. The way it works is pretty simple. Assuming you have Computers A, B , C and D. Computer A, B and C are connected via an Ethernet LAN and Computer D hasn't got a network card to connect to the network. Using the NET-LinQ or other similar cables you can connect Computer D with any of the other 3 computers as long as they have a USB port, then by configuring the network protocols on Computer D, it will be able to see and connect to the rest of the network ! This completes the discusion about USB Direct Cable Connection.

Muhammad Kashif Riaz

System Administrator Logitech Web: www.logitech.net

Email: sardarkashif@logitech.net

30

If it's all still confusing. if you were to try to see how the network works with all the computers talking (think of the computers generating traffic and packets of data going everywhere on the network) you would be looking at the logical part of the network.net Email: sardarkashif@logitech. just like a map shows the layout of various roads. Traffic generated by any computer will travel across the backbone and be received by all workstations. The physical topology of a network refers to the layout of cables. The way the computers will be talking to each other and the direction of the traffic is controlled by the various protocols (like Ethernet) or. If we used token ring. but it's very important to fully understand them as they are key elements to understanding and troubleshooting networks and will help you decide what actions to take when you're faced with network problems. Muhammad Kashif Riaz System Administrator Logitech Web: www.Introduction to Networking Network Topologies Introduction Network topologies can take a bit of time to understand when you're all new to this kind of cool stuff. then those cables plug into a hub or switch. What you're looking at is the physical topology of that network! Logical topology is the method used to pass the information between the computers. then the physical topology would have to change to meet the requirements of the way the token ring protocol works (logically). and the logical topology describes how the data is sent across the network or how the cars are able to travel (the direction and speed) at every road on the map.net 31 . Hub/Star and Ring The Physical Bus Topology Bus topology is fairly old news and you probably won't be seeing much of these around in any modern office or home. With the Bus topology. you can see network cables coming out of every computer that is part of the network. computers and other peripherals. which we are going to analyse. I will try to be as simple as possible and give some examples you can relate to. are: Bus. if you like. This works well in a small network of 2-5 computers. consider this: The physical topology describes the layout of the network. but as the numbers of computers increases so will the network traffic and this can greatly decrease the performance and available bandwidth of your network. looking at that same room. In other words. Try to imagine yourself in a room with a small network. rules. so let's get stuck right into this stuff ! The Stuff :) There are two types of topologies: Physical and Logical. The most common types of physical topologies. all workstations are connect directly to the main backbone that carries the data.logitech.

The arrows clearly indicate that the packet generated by Node 1 is transmitted to all computers on the network. If the bus (the long yellow cable) is damaged anywhere in its path. The Physical HUB or STAR Topology Muhammad Kashif Riaz System Administrator Logitech Web: www. the maximum and minimum length of the bus and a few more. also known as coax cable (Black in colour) and Thicknet . Also.logitech.net Email: sardarkashif@logitech.10 Base2. at the very least. Thinnet . The value of 50Ohms has been selected after carefully taking in consideration all the electrical characteristics of the cable used. regardless the destination of this packet. then it will most certainly cause the network to stop working or.Introduction to Networking As you can see in the above example. the voltage that the signal which runs through the cables. absorbing the signal so it won't reflect back to where it came fro m.10 Base 5 (Yellow in colour) is used in these type of topologies. its ends must be terminated by special terminators that work as "shock absorbers". because of the way the electrical signals are transmitted over this cable.net 32 . cause big communication problems between the workstations. all computers are attached to a continuous cable which connects them in a straight line.

because of the cost and the ease of troubleshooting. Muhammad Kashif Riaz System Administrator Logitech Web: www. The signals travel around the loop in one direction and pass through each computer. Each network has only one token. The remainder of the network functions normally. which acts as a repeater to boost the signal and send it to the next computer. IBM's token ring uses this method. there are no terminated ends. red and yellow colors :) The Physical Ring Topology In the ring topology. Personally I find it boring. so I decided to go out and get myself green.Introduction to Networking The Star or Hub topology is one of the most common network topologies found in most offices and home networks.net 33 . The advantage of the star topology is that if one computer on the star topology fails. if this device fails. On a larger scale. The disadvantage of using this topology is that because each computer is connected to a central hub or switch. Possession of the token allows a network device to transmit data to the network. the entire network fails ! A classic example of this type of topology is the UTP (10 base T).net Email: sardarkashif@logitech. then only the failed computer is unable to send or receive data. multiple LANs can be connected to each other in a ring topology by using Thick net coaxial or fiber-optic cable. Unlike the bus topology. computers are connected on a single circle of cable. The method by which the data is transmitted around the ring is called token passing. which normally has a blue color. A token is a special series of bits that contains control information. It has become very popular in contrast to the bus type (which we just spoke about).logitech.

several star topology networks are linked to a bus connection. you don't lose the network :) On a large scale. if a computer fails. each computer is connected to every other computer by a separate cable.net 34 . a hybrid topology could be the combination of a star and bus topology. or hub. two or more topologies are combined to form a complete network. you can connect multiple LANs using mesh topology with leased telephone lines.net Email: sardarkashif@logitech. the big advantage of this topology is its backup capabilities by providing multiple paths through the network. Again. The Physical Hybrid Topology With the hybrid topology. However. This configuration provides redundant paths through the new work. if the central component. Thick net coaxial cable or fiber optic cable. Star-Bus In a star-bus topology.logitech. For example. In this topology.Introduction to Networking The Physical Mesh Topology In a mesh topology. it will not affect the rest of the network. that attaches all computers Muhammad Kashif Riaz System Administrator Logitech Web: www. so if one computer blows up. These are also the most common in use.

net 35 . Muhammad Kashif Riaz System Administrator Logitech Web: www.logitech. what they are used for and why they exist on the network. fails.Introduction to Networking in a star. Data Transmission Introduction Routable protocols enable the transmission of data between computers in different segments of a network. are wired to form a ring network. Like the star-bus topology. This allows for greater network traffic between segments than in a star-bus topology. each comp uter in a star-ring topology has an equal chance of communicating. The amount of network traffic generated varies with the 3 types of data transmissions: • • • Broadcast Multicast Unicast We are going to have a look at each one of these data transmissions because it's very important to know the type of traffic they generate. These components. the computers are connected to a central component as in a star network. However.net Email: sardarkashif@logitech. it will not affect the rest of the network. then you have big problems since no computer will be able to communicate. if a single computer fails. high volumes of certain kinds of network traffic can affect network efficiency because they slow down transmission speed. By using token passing. Star-Ring In the Star-Ring topology. however.

Ethernet and the way a packet is structured is fundamental to understanding a broadcast. Broadcast and Unicast. it will travel from Layer 1 upwards. but that's Muhammad Kashif Riaz System Administrator Logitech Web: www. Media Access Control . but that is not enough. All machines on a network will listen for packets that have their MAC address in the destination field of the packet (they also listen for broadcasts and other stuff. because an IP address does identify one unique machine on a network. This is where the MAC address . the IP address of a machine exists on the 3rd Layer of the OSI model and. unlike IP addresses which are logical addresses. The reason for this is that the MAC address is actually "burnt-in" into your network card's memory chipset. Got you mixed up? Check the diagram and explanation below to see why: You see. please note that understanding the OSI Model (especially Layer 2 and 3).net Email: sardarkashif@logitech. whereas a MAC address doesn't require any drivers whatsoever.MAC Addresses Introduction Media Access Control (MAC) addresses are talked about in various sections on the site. If you're thinking of IP addresses. The Reason for MAC Each computer on a network needs to be identified in some way.Introduction to Networking Before we proceed. multicast or Unicast. when a packet reaches the computer. so we need to be able to identify the computer before Layer 3. Multicast. then you're correct to some extent. MAC addresses are physical addresses. We are going to analyse them in depth here so we can get a firm understanding of them since they are part of the fundamentals of networking.net 36 . such as the OSI-Layer 2.logitech.Layer 2 comes into the picture. Logical addresses require you to load special drivers and protocols in order to be able to configure your network card/computer with an IP Address.

g. When a vendor.net 37 . the IEEE group split the MAC address in half. and the second half is for the vendor to allocate as serial numbers: The Vendor code is specified by RFC . so it will accept it and pass it onto the Layer above (3) which. and used the first half to identify the vendor. D-link. The Physical Layer understands the electrical signals on the network and creates the frame which gets passed to the Data link layer. this would create a big confusion in identifying who created this network card and could possibly result in clashing with another MAC address from another vendor e. e. You might find a particular vendor having more than just one code.logitech. It is very rare that a MAC address is represented in Binary format because it is simply tooooo long as we will see further on. you will always see it in HEX format.Introduction to Networking analysed in other sections).1700. Intel. to make sure it matches with the network address to which the computer has been configured.net Email: sardarkashif@logitech. the chances of you buying two network cards which have the same MAC address are so small that it's almost impossible! Muhammad Kashif Riaz System Administrator Logitech Web: www. If the packet is destined for the computer then the MAC address in the destination field of the packet will match. creates network cards.g. this is because of the wide range of products they might have. as they need! Keep in mind that even though the MAC address is "burnt-in" to the network card's memory. in turn. they don't just give them any MAC address they like. who happened to choose the same MAC address for one of their network cards ! To make sure problems like this are not experienced. some vendors will allow you to download special programs to change the second half of the MAC address on the card. This is because the vendors actually reuse the same MAC addresses for their network cards because they create so many that they run out of numbers! But at the same time. They just apply for more. will check the network address of the packet (IP Address). Looking at a MAC Let's now have a look at a MAC address and see what it looks like! I have taken my workstations MAC address as an example: When looking at a MAC address.

imagine trying to send data between 2 computers on a network.net Email: sardarkashif@logitech. where as a broadcast or a multicast is destined either everyone or just a group of computers. The Reason for Unicast Well it's pretty obvious why they came up with Unicast. Unicast. using broadcasts! All you would get would be a very slow transfer and possibly a congested network with low bandwidth availability. a Unicast is very simple and one of the most common data transmissions in a network.g. 6 Bytes long or 48 Bits long. If you're scratching your head wondering where these figures came from. Data transfers are almost all of the times. Muhammad Kashif Riaz System Administrator Logitech Web: www. a web server and the receiver e.g.net 38 . we need to start analysing it.Introduction to Networking Let's starting talking bits and bytes! Now that we know what a MAC address looks like. Data is transferred between these two hosts only. a workstation.logitech. You have the sender e. then just have a look at the picture below which makes it a bit easier to understand: So that completes the discussion regarding MAC Addresses! I hope you have understood it all because it's very important so you can expand your knowledge and truly understand what happens in a network! Unicast Introduction Compaired to broadcasts and Multicasts. A MAC address of any network card is always the same length. that is.

net Email: sardarkashif@logitech.Introduction to Networking In example above. The request is a simple Unicast because it's directed to one machine (the server) and nothing else. hence the packets.logitech. You just need to keep in mind that because we are talking about a Ethernet network. the traffic. my workstation sends a request to the Windows 2000 Server. Muhammad Kashif Riaz System Administrator Logitech Web: www. are seen by all machines (in this case the Linux Server as well) but they will not process them once they see that the destination MAC address in the packets do not match their own and are also not set to FF:FF:FF:FF:FF:FF which would indicate that the packet is a broadcast.net 39 .

In order to explain Multicasting the best I can and to make it easier for you understand. which is what 8090 % of home networks and offices use. Breaking things down. A multicast is similar to a broadcast in the sense that its target is a number of machines on a network. Later on I will talk about Muhammad Kashif Riaz System Administrator Logitech Web: www. I decided to break it down into 3 sections: 1) Hardware/Ethernet Multicasting 2) IP Multicasting 3) Mapping IP Multicast to Ethernet Multicast A typical multicast on an Ethernet network.Introduction To Multicast Introduction To understand what we are going to talk about. The hosts can choose whether they wish to participate in the multicast group (often done with the Internet Group Management Protocol).net Email: sardarkashif@logitech. Where a broadcast is directed to all hosts on the network..logitech. each host on an Ethernet network has a unique MAC address. and at the same time ensure that the other hosts. To keep things in perspective and make it easy to understand.Introduction to Networking Data Transmission . all hosts are part of the broadcast group whether they like it or not :). using the TCP/IP protocol.. The MAC Addresses page is available to help you learn more about them. whereas in a broadcast. don't process the information? You will soon know exactly how all this works.. where each host has a different MAC address. you must be familiar with how MAC addresses are structured and how they work.. so here's the million dollar question: How do you talk to a group of hosts (our multicast group). a multicast is directed to a group of hosts. we are going to concentrate only on an Ethernet network using the IP protocol. consists of two parts: Hardware/Ethernet multicast and IP Multicast. but not all. which are not part of the multicast group. As you are aware.net 40 .

it will pass it to the upper layers for further processing. A Unicast would have this bit set to ZERO (0).net 41 .logitech. multicast MAC addresses) apart from its own. The following picture is an example of my workstation (192. it contains the Source and Destination MAC address. found in the 2nd Layer of the OSI model.168. so you can see what we are talking about: When a normal (Unicast ) packet is put on the network by a computer.Introduction to Networking Mapping IP Multicast to Ethernet Multicast which is really what happens with multicasting on our Ethernet network using the TCP/IP protocol. With hardware multicasting.5): Muhammad Kashif Riaz System Administrator Logitech Web: www. When the network card picks up a packet which has a destination MAC that matches any of the multicast MAC addresses. it needs to be able to distinguish between normal Unicast (which are packets directed to one computer or one MAC address) and multicasts.6) sending a packet to my network's gateway (192. via its drivers.net Email: sardarkashif@logitech. whereas a multicast would be set to ONE (1) To understand this. the network card is configured. And this is how they do it: Ethernet uses the low-order bit of the high-order octet to distinguish conventional Unicast addresses from multicast addresses. The brief diagram below shows you the relationship between the 3 and how they complete the multicasting model: Hardware/Ethernet Multicasting When a computer joins a multicast group. to watch out for particular MAC addresses (in this case. we need to analyse the destination MAC address of a Unicast and multicast packet.0.168.0.

Notice the destination MAC address (it's a multicast): Analysis of a multicast destination MAC address: So now you should be able to understand how computers can differentiate between a normal or unicast packet and a multicast packet.logitech. but the computers which are part of the multicast group will recognise the destination MAC address and accept it for processing.Introduction to Networking Now let's analyse the destination MAC address: When my gateway receives the packet. the destination MAC address 01-00-5E-00-00-05 is not the MAC address of a Muhammad Kashif Riaz System Administrator Logitech Web: www.net 42 . The following multicast packet was sent from my NetWare server. it knows it's a unicast packet as explained in the above picture.net Email: sardarkashif@logitech. Let's now have a look at the MAC address of a multicast packet. a multicast packet is not directed to one host but a number of hosts. Keep in mind. so the destination MAC address will not match the unique MAC address of any computer. Again.

At that point. gives us a multicasting model that works for our Ethernet network. and then this MAC address also maps to an IP address which is analysed in IP Multicast. then the packet will never arrive at the network layer upon which IP multicasting is based.net Email: sardarkashif@logitech. Using this special rule it was determined that MAC address 01:00:5E:00:00:05 will be used for the OSPF protocol.Introduction to Networking particular host-computer but the MAC address that can be recognised by computers that are part of the multicast group. and the other routers will respond. For example.0. which happens to be a routing protocol. Multicasts are used a lot between routers so they can discover each other on an IP network. Once Layer 2 (Data link) picks the multicast packet from the network (because it recognises it. to identify which computer the packet came from. With IP multicasting the hardware multicasting MAC address is mapped to an IP Address. I should also note that you will never find a source address that is a multicast MAC address.5. IP Multicast The IP Multicast is the second part of multicasting which combined with the hardware multicasting. The OSPF router must send this "hello" packet to an assigned multicast address. A host may send multicast datagram’s to a multicast group without being a member. The IEEE group used a special Rule to determine the various MAC addresses that will be considered for multicasting.net 43 . which is the Network Layer. If hardware multicasting fails to work. an Open Shortest Path First (OSPF) router sends a "hello" packet to other OSPF routers on the network.logitech. so the whole model fails. This Rule is covered in the last section of this page. but you don't need to know it now in order to understand Hardware multicasting. which is 224.0. as the destination MAC address is a multicast) it will strip the MAC addresses off and send the rest to the above layer. the Network Layer needs to be able to understand it's dealing with a multicast. so the IP address is set in a way that allows the computer to see it as a multicast datagram. IP Multicast uses Class D IP Addresses: Let's have a look at an example so we can understand that a bit better: Muhammad Kashif Riaz System Administrator Logitech Web: www. the source address will always be a real one.

But. You can clearly see the markings I have put at the bottom which show you that the destination IP for this packet is IP Address 224.JXM1] Remember that these IP Addresses have been assigned by the IEEE ! Now all that's left is to explain how the IP multicast and MAC multicast map between each other. notice the destination IP address: The screenshot above shows the packet which was captured.2 224. when we look on the left we see the above packet in much more detail.4 224.0.1 224. it shows a multicast packet which was sent from my NetWare server. Muhammad Kashif Riaz System Administrator Logitech Web: www.0.0.5 Base All All DVMRP OSPFIGP Address (Reserved) Systems on this Subnet Routers on this Subnet Unassigned Routers OSPFIGP All Routers [RFC1112.0.0.JBP] [JBP] [JBP] [RFC1075.3 224.0.net 44 .0.0.0. The MAC header also shows a destination MAC address of 01-00-5E-00-00-05 which we analysed in the previous section to show you how this is identified as a multicast packet at Layer 2 (Data link Layer).0.0.0.5.. it's simply displaying a quick summary of what was caught.logitech.. Some examples of IP multicast addresses: 224.JBP] [RFC2328.net Email: sardarkashif@logitech.Introduction to Networking The picture below is a screenshot from my packet sniffer.JBP] [RFC1112.0 224.0. This corresponds to a multicast IP and therefore is a multicast packet.0.

Introduction to Networking Mapping IP Multicast to Ethernet Multicast The last part of multicast which combines the Hardware Multicasting and IP Multicasting is the Mapping between them. Muhammad Kashif Riaz System Administrator Logitech Web: www.0.0.5 . There is a rule for the mapping. The rest of the high-order bits are defined by the IEEE (yellow color in the example) The above rule basically determines the Hardware MAC address.0.0. then we convert it from binary to hex and that's about it ! NOTE You should keep in mind that multicast routers should not forward any multicast datagram with destination addresses in the following 224. but let's break it down: We have an IP Address of 224.0.net Email: sardarkashif@logitech.logitech.a multicast for the OSPF routing protocol. place the low-order 23 bits of the IP multicast address into the low-order 23 bits of the special Ethernet multicast address. The next page (multicasting list) gives a bit more information on this. The picture below shows us the analysis of the IP address in binary so we can clearly see all the bits: It might seem a bit confusing at first. and this is it: To map an IP Multicast address to the corresponding Hardware/Ethernet multicast address. Let's have a look at a real example to understand this. The MAC Address part which is in yellow has been defined by the IEEE group.0 and 224.0.0. So the yellow and pink line make the one MAC Address as shown in binary m ode. We are going to use Multicast IP Address 224.5.255. this is then converted into binary so we can clearly see the mapping of the 23 bits to the MAC address of the computer.0.net 45 .

13 224.0.0.8 224.X.1.0.0.12 224.0.0.0. is reserved for the use of routing protocols and other low-level topology discovery or maintenance protocols.0.1.6 224.1.0.1.JBP] OSPFIGP OSPFIGP All Routers [RFC1583.0 224.15 224.2 224.JBP] All Routers on this Subnet [JBP] Unassigned [JBP] DVMRP Routers [RFC1075. Multicast routers should not forward any multicast datagram with destination addresses in this range.KS14] ST Hosts [RFC1190. then simply look up this list and you will know what the purpose of that packet was :) INTERNET MULTICAST ADDRESSES Host Extensions for IP Multicasting [RFC1112] specifies the extensions required of a host implementation of the Internet Protocol (IP) to support multicasting.1.GSM11] IGRP Routers [Dino Farinacci] Mobile-Agents [Bill Simpson] DHCP Server / Relay Agent [RFC1884] 224.0.0 and 224.0. regardless of its TTL. inclusive.1.9 224.10 224.11 224.0. such as gateway discovery and group membership reporting.Audio News Multicast [MXF2] SUN NIS+ Information Service [CXM3] MTP Multicast Transport Protocol [SXA] IETF-1-LOW-AUDIO [SC3] IETF-1-AUDIO [SC3] IETF-1-VIDEO [SC3] IETF-2-LOW-AUDIO [SC3] IETF-2-AUDIO [SC3] IETF-2-VIDEO [SC3] MUSIC-SERVICE [Guido van Rossum] SEANET-TELEMETRY [Andrew Maffei] System Administrator Logitech Web: www.JXM1] ST Routers [RFC1190.1.0 224.0.KS14] RIP2 Routers [RFC1723.1. 224.X.0.16 224.0.0.2 224.0.14 224.1.1.0.DLM1] SGI-Dogfight [AXC] Rwhod [SXD] VNP [DRC3] Artificial Horizons .4 224.0.1 224.JXM1] OSPFIGP OSPFIGP Designated Routers [RFC1583.X.0.0.0.1.1.3 224.0.17 Base Address (Reserved) [RFC1112.Introduction to Networking Multicast IP List Introduction This page contains all the Multicast IP Addresses and shows what protocol they are mapped to.0.8 224.0.0.0.DRC3] NTP Network Time Protocol [RFC1119.12 224.7 224.0.0.1.0.4 224.5 224.0.11 224.0.3 224.0.0.0.1.logitech.1 224.0.7 224.12 224.JBP] All Systems on this Subnet [RFC1112.net Muhammad Kashif Riaz 46 . The range of addresses between 224.0.0.0.255 Unassigned [JBP] VMTP Managers Group [RFC1045.10 224.net Email: sardarkashif@logitech.Aviator [BXF] NSS .Name Service Server [BXS2] AUDIONEWS .0.255.0.0.0.5 224.0. Current addresses are listed below.0.0.0.0.1.1.6 224.0. Should you ever use a packet sniffer to try and see what's on the network and you capture a packet with a destination IP Address of 224.1.0.9 224.1.0.0.

31 ampr-info [Janssen] 224.0.0.ge.255 VMTP transient groups [RFC1045.255.0-224.3.1.2.0.com> 224.127 CDPD Groups [Bob Brenner] 224.6.1.0.crd.252.4.000-224.000-224.1.1.1 "rwho" Group (BSD) (unofficial) [JBP] 224.0.2.000-224.0.0.255 Multimedia Conference Calls [SC3] 224.1. Muhammad Kashif Riaz System Administrator Logitech Web: www.000-224.1.DA [Veizades] 224.1.0.27 lmsc-calren-1 [Uang] 224.0.0.255 INTV [Tynan] 224.37 proshare.255 Where-Are-You [Simpson] 224.20 any private experiment [JBP] 224.0-232.0.0.128-224.0-224.0-224.1.0.1.9.0.1.1.0.0.255.0.0.0.19 MLOADD [Braden] 224.6.2.255.1.000-224.29 lmsc-calren-3 [Uang] 224.8.4.255.6.3.1.0.1.35 SVRLOC.0.255 RFE Generic Service [DXS3] 224.21 DVMRP on MOSPF [John Moy] 224.36 rln-server [Kean] 224.0.5.0.0.mc [Lewis] 224.255 DIS transient groups [Joel Snyder] 232.0.5.0.0.1.0.0.1.25 nbc-pro <bloomer@birch.0.com> 224.32 mtrace [Casner] 224.1.23 XINGTV <hgxing@aol.0.0.crd.34 RSVP-encap-2 [Braden] 224.22 SVRLOC [Veizades] 224.26 nbc-pfn <bloomer@birch.IN-ADDR.128-224.33 RSVP-encap-1 [Braden] 224.1.28 lmsc-calren-2 [Uang] 224.255.24 microsoft-ds <arnoldm@microsoft.ge.0.0.255 Unassigned [IANA] 224.logitech.1.000-224.1.0.1.0.38 224.000-224.0.255 Unassigned [IANA] 224.0.com> 224.0.1.30 lmsc-calren-4 [Uang] 224.0.ARPA.18 SEANET-IMAGE [Andrew Maffei] 224.0.2 SUN RPC PMAPPROC_CALLIT [BXE1] 224.0.0.255 Unassigned [JBP] 224.0.255 RFE Individual Conferences [DXS3] 224.1.9.0.7.255 Internet Railroad [Malamud] 224.0.5.5.255.net Email: sardarkashif@logitech.8.com> 224.6.1.net 47 .KS14] 224.Introduction to Networking 224.2.127 Cornell ISIS Project [Tim Clark] 224.NET and 224.255 ST Multicast Groups [RFC1190.7.0.DRC3] These addresses are listed in the Domain Name Service under MCAST.

But what does a "broadcast" look like? Muhammad Kashif Riaz System Administrator Logitech Web: www. then the packet is discarded and not processed. when they see a MAC address of FF:FF:FF:FF:FF:FF. or see it happening on your hub/switch when all the LED's start flashing at the same time! If you have been into networking for a while you most probably have come across the terms "broadcast" and "subnet broadcast”. if the MAC address is not matched. On networks composed of switches with point-to-point connections.net 48 .Broadcast Introduction The term "Broadcast" is used very frequently in the networking world. because they both carried the "broadcast" term in them. to help you understand exactly what they are and how they are used! Broadcast A Broadcast means that the network delivers one copy of a packet to each destination. On bus technologies like Ethernet.Introduction to Networking Data Transmission . When I first dived into the networking world. they will first try to match the MAC address of the packet with their own and if that is successful. The picture below illustrates a router which has sent a broadcast to all devices on its network: Normally. broadcast delivery can be accomplished with a single packet transmission. I was constantly confused between the two. when the computers on the network receive a packet.net Email: sardarkashif@logitech. We will be focusing only on Ethernet broadcasts. However. software must implement broadcasting by forwarding copies of the packet across individual connections until all switches have received a copy. they process the packet and hand it to the OSI layer above (Network Layer).logitech. We will analyse both of them here. they will process this packet because they recognise it as a broadcast. You will see it in most networking books and articles.

net Email: sardarkashif@logitech.logitech. For a network device such as a router to ask "Who has IP address 192.0.168.0.net 49 . Muhammad Kashif Riaz System Administrator Logitech Web: www. they will not reject the data but process it. The "Address IP destination" is set to 255. which network card or computer) has a particular IP address bound to it. the particular machine was looking for a DHCP server (notice the "bootps" protocol under the UDP Header .Layer 4.200.255. ARP is used to find out which MAC address (effectively. which is taken from my packet sniffer: Let's now have a closer look at the above packet: The image above shows a broadcast packet. this is the IP broadcast address and ensures that no matter what IP address the receiving computer(s) have.g 192. which is basically DHCP).255. You can clearly see that the "MAC destination address" is set to FF:FF:FF:FF:FF:FF.200. Since a physical network can contain different subnets/networks e. Subnet Broadcast or Direct Broadcast A Subnet or Direct broadcast is targeted not to all hosts on a network.168. Now you might ask yourself "Why would a workstation want to create a broadcast packet?” The answer to that lies within the various protocols used on our networks! Let's take for example Address Resolution Protocol. which is why it will use a broadcast to make sure everyone listens and processes the packet on the network.100? ".Introduction to Networking Check out the image below.0 and 200. but to all hosts on a subnet. or ARP. it must "shout" it out so it can grab everyone's attention.0.255. the purpose of this special broadcast is to send a message to all the hosts in a particular subnet. You will find a detailed example of the whole process in the IP Routing section. In the example image above.

168.168. Muhammad Kashif Riaz System Administrator Logitech Web: www. it will accept the packet cause of its broadcast MAC address. Hosts A.255). : 192.255. It is very similar to the network broadcast we just talked about but varies slightly in the sense that its IP broadcast is not set to 255.0/24. The above packet.168. but Host D is configured with a different IP Adress.0) and the second one for the subnet broadcast (192.0 or.0.168.C and the Server are configured to be part of the 192.0. shows my workstation broadcasting to the subnet 192.net 50 .logitech.255.168.255. otherwise the Destination IP wouldn't be 192. This means that the available valid hosts for this network are from 192.255.255 .168. there are 2 addresses which I can't use.0 network so they will receive and process the data.net Email: sardarkashif@logitech.0.0.Introduction to Networking In the exa mple below. so it's part of a different network.255.168. where it will see that this packet was for a different IP network. if you like to keep it simple. From the broadcast address you can tell that I am using a full Class C network range.0.168.168. The first one is preserved to identify the network (192. my home network is a Class C network : 192. but is set to the subnet broadcast address.0.0.B.1 to 192.0. but will drop the packet when it reaches its Network Layer. as in every other network. For example. Router A sends a subnet broadcast onto the network.0 with a subnet mask of 255.0.0. captured from my packet sniffer. In this Class C network.254.

0. Muhammad Kashif Riaz System Administrator Logitech Web: www.net Email: sardarkashif@logitech.Introduction to Networking The Packet decoder on the right shows you the contents of each header from the above packet.168. as I said. Looking at the MAC Header (Data link Layer).0 subnet will process this packet. all computers on the network which are part of the 192. I double clicked at my "Network Places" and was searching for a computer. the destination MAC address is set to FF:FF:FF:FF:FF:FF and the IP Header (Network Layer) has the Destination IP set to 192. Again.168. the Subnet Broadcast Address. In this example.255 which is. the rest will drop the packet once they see it's for a network to which they do not belong.logitech.net 51 .0. this forced my workstation to send out a Subnet Broadcast on the network asking if a particula r computer existed on the network.

Broadcast or multicast storms are often caused by a fault that occurs during the device discovery process. do broadcast packets contain routing update information? Is the broadcast rate acceptable? Does your company's network need RIP updates every 30 seconds.net Email: sardarkashif@logitech. you must examine the packets to find out which protocol or application triggered the broadcast or multicast storm. For example. or can you increase the interval to one minute? BROADCAST/MULTICAST DOMAINS If your company's network is experiencing excessive broadcast or multicast traffic.) Understanding broadcast and multicast domains can help you determine how harmful a broadcast storm can be from any point on the network. Do you see numerous unanswered. SAP. Examine the broadcast traffic on your company's network. For example. The following protocols can send broadcast or multicast packets: • • • • • • • Address Resolution Protocol (ARP) Open Shortest Path First (OSPF) IP RoutinControlling broadcasts and unicasts Information Protocol Version 1 (RIP1) Service Advertising Protocol (SAP) IPX Routing Information Protocol (RIP) NetWare Link Services Protocol (NLSP) AppleTalk Address Resolution Protocol (AARP) After identifying the source of the broadcast or multicast storm. you can examine the device's broadcast traffic to determine exactly what the device was doing. you should also check the scope of the broadcast or multicast domain. repeat queries? Do you see protocols (such as IP RIP1. Unanswered broadcast or multicast requests usually indicate that a device is missing or has been miss configured. are broadcast lookups answered? Do broadcast packets contain meaningful information? For example. a print driver client may continually send SAP packets to locate a specific print server. is the majority of the broadcast and multicast traffic on your company's network purposeful? That is. and IPX RIP) that just "blab" all day even when no other devices may be listening? Or. does the broadcast and multicast traffic have a request-reply communication pattern? For example.net 52 .Introduction to Networking Controlling Broadcasts and Unicasts The first step in controlling broadcast and multicast traffic is to identify which devices are involved in a broadcast or multicast storm. if a network has numerous routers. if a single device is responsible for a broadcast storm. you can find out what the device was looking for or what the device was announcing.logitech. if an IPX-based printing environment has been miss configured. For example. Muhammad Kashif Riaz System Administrator Logitech Web: www. (A broadcast or multicast domain is the range of devices that are affected by a broadcast or a multicast packet.

the picture below shows two networks. it does not affect Devices 3 or 4. Because the broadcast packet is not forwarded. Muhammad Kashif Riaz System Administrator Logitech Web: www. If appropriate.) On a routed network. If Device 1 sends a broadcast packet. Device 1 sends a broadcast or multicast packet that is propagated to all ports of the switch.net Email: sardarkashif@logitech. (A typical layer-2 switch does not filter either broadcast or multicast traffic. to some degree.logitech. For example. a switched network and a routed network: On a switched network. a router does not forward broadcast traffic. only Device 2 and the router see the broadcast packet. the router processes the broadcast packet and sends a reply. however. on the network design.Introduction to Networking The scope of a broadcast and multicast domain depends.net 53 .

.net 54 ......net Email: sardarkashif@logitech.. the above means that if you have 2 or more devices e.Introduction to Networking Protocols Introduction . Protocols define the format.. The way this "defenition" happens in computer land is by the RFC's (Requests For Comments) where the IETF (a group of enginners with no life) make up the new standards and protocols and then the major vendors (IBM.. then they need a common "Protocol" which is a set of rules that guide the computers on how and when to talk to each other. Please note: All routing protocols can be found under the "Networking/Routing" menu option.g computers which want to communicate.. but instead we have included some of the most popular protocols around so you can read up on them and learn more about them.The OSI Model .. TCP/IP Protocol Stack .. timing.. The OSI model is there for you to see which layer each of these protocols work at.Definition In the networking and communications area. a protocol is the formal specification that defines the procedures that must be followed when transmitting or receiving data. more processing time is needed by the device that's dealing with the protocol.logitech. The table below (clickable) shows the most popular TCP/IP protocols..... Cisco. In plain English. and error checking used on the network. Mic rosoft... sequence. Novell) follow these standards and implement them in their products to make more money and try to take over this world ! There are hundreads of protocols out there and it is impossible to list them all here. Muhammad Kashif Riaz System Administrator Logitech Web: www. One thing which you should keep in mind is that as you move from the lower layers (Physical) to the upper layers (Applications).

so what exactly does this "TCP" do? Well as the name suggests. TCP/IP is NOT one protocol.net Email: sardarkashif@logitech. This is to show you the different fields a TCP header contains: Muhammad Kashif Riaz System Administrator Logitech Web: www.net 55 . you wouldn't want to find out after the download has finished that the file has errors! Even though. Please see the Protocols section for more information. in reality. Telnet. TCP is a robust protocol used for file transfers where data error is no option. What makes TCP so popular is the way it works in order to send and receive data. SMTP and POP3. DNS. HTTPS. it's used to transport (move) data from one host to another. When people refer to "TCP/IP" remember that they are talking about a suite of protocols and not just one (as most people think).TCP Some common protocols which use TCP are: FTP. this does happen it just shows that you can't be perfect in some things *8-) The picture below shows us the TCP header within a data packet. HTTP. TCP will check for errors in every packet it receives to avoid data corruption. Let's have a close look at the main characteristics of this wonderful protocol.Transmission Control Protocol So TCP is one of the two protocols used at the Transport layer. Reliable Transport It's a reliable transport because of the different techniques it uses to ensure that the data received is error free. The Transmission Control Protocol (TCP) is defined by IETF RFC 793 TCP . When you decide to download a 3MB file from a website.Introduction to Networking Currently available protocols to read about are : • • • • • • • • • • TCP UDP ICMP DNS FTP TFTP Ethernet Internet Protocol (IP) RIP OSPF Transmission Control Protocol .logitech. Unlike UDP.

TCP is connection oriented. they are marked in RED (Code Bits field) and are 6 bits long.Introduction to Networking Connection Oriented What this basically means is that a connection is established between the two hosts (computers) before any data is transferred and when I say "connection is established" I mean that both computers know about each other and have agreed on the exchange of data.net Email: sardarkashif@logitech. This is where the famous 3 -way handshake happens. The following diagram explains the basic function of the 3-way handshake: Muhammad Kashif Riaz System Administrator Logitech Web: www. You will find the SYN. Thanks to this field.logitech.ACK bits in the TCP header diagrame above.net 56 .

. You see. this means ON) so it knows that Host A is trying to synchronise with it. then obviously Host A is not going to be the only computer downloading from this webserver. For example.net Email: sardarkashif@logitech. And after all that.Introduction to Networking STEP 1: Host A sends a packet to Host B. This means it might turn around to Host A and tell it to wait for a while until more resources are available because it has another 20 users trying to download at the same time! There is simply too much traffic for a small capacity. the connection is established (virtual circuit) and the data transfer begins. STEP 2: Host B then sends a packet back to Host A and within this packet.logitech. Below is a diagram which will help you understand all this jargon about flow control : Muhammad Kashif Riaz System Administrator Logitech Web: www. This packet has the "SYN" bit enabled and when Host B receives it and reads the packet.. it sees the "SYN" bit which has a value of "1" (in binary.net 57 . and should end without any errors! Flow Control This is how the flow of data is controlled. once the data transfer has started. the "SYN and ACK" bits are enabled (value =1). if Host B was a webserver from which people could download games. after all that. STEP 3: So. Host A sends another packet to Host B and has the "ACK" bit set to 1. which tells HOST B 'Yeah I acknowlege your previous request'. the flow of data between the two hosts is not constant but varies and sometimes stops for a few seconds when one of the two hosts is busy doing other tasks as well. The SYN that Host B sends means 'I want to synchronise with you' and the ACK means 'I acknowlege your previous SYN request'. so Host B must regulate the data flow to every computer downloading from it.

Windowing controls how much information is transferred from one end to the other. if the data burst continues it will eventually exhaust the memory of the receiving end and that will result in the arriving data being discarded.logitech. Windowing Data throughput (you could also say the transfer efficiency) would be low if the transmitting machine had to wait for an acknowledgment after sending each packet of data (the correct term is segment). it sends out a "Ready" or "Go" transport indicator and the sending machine receives this "Go" indicator and resumes its transmission. Muhammad Kashif Riaz System Administrator Logitech Web: www.net Email: sardarkashif@logitech. the amount of times transmitting is allowed) the transmitting machine is allowed to send without receiving an acknowledgment for them.Introduction to Networking Generaly speaking. While some protocols q uantify information by observing the number of packets. This buffering action solves the problem only if the data bursts are small and don't last long. the sender uses the break to transmit more data. TCP/IP measures it by counting the number of bytes. Because there is time available after the sender transmits the data segment and before it finishes processing acknowledgments from the receiving machine. when a machine receives a flood of data too quickly for it to process. If we wanted to define Windowing then it would be the quantity of data segments (in plain English. After the receiver processes the data it already has in its memory. it stores it in a memory section called a buffer. or source of the flood. So in this situation the receiving end will simply issue a "Not ready" or "Stop" indicator to the sender. However.net 58 .

Once the first data segment is sent. Acknowledgments Reliable data delivery ensures the integrity of a stream of d ata sent from one machine to the other through a fully functional data link. so with a window size equal to one this means that Host B needs an "ACK" for each data segment it sends to Host A. expecting an "ACK 3" response from Host A so it can send the third data segment which. This technique requires a receiving machine to communicate with the transmitting source by sending an acknowledgment message back to the sender when it receives data. the transmitting machine starts a timer and retransmits if it expires before an acknowledgment is returned from the receiving end. Host A receives it and sends a "ACK 2" to Host B. otherwise you might find the following example a bit confusing. If you can't understand it. When it sends a segment. You might be wondering why "ACK 2" and not just "ACK" ? Well the "ACK 2" tells Host B 'I acknowledge (ACK) the packet you just sent me and I am ready to receive the second (2) segment'. if it received an "ACK 2" again. The method that achieves this is known as positive acknowledgment with retransmission. However.. would be 4.net Email: sardarkashif@logitech. So.Introduction to Networking I am quickly going to explain what is happening in the above picture. This means that Host A acknowledged the 3 data segments Host B sent and awaits the next data segments which.. it receives the "ACK 3". So Host B gets the second data segment ready and sends it off to Host A. read again the previous example where the Window size was equal to one. Host A receives them all in good condition and then sends the "ACK 4" to Host B.logitech. The sender documents each segment it sends and waits for this acknowledgment before sending the next segment. This guarantees the data won't be duplicated or lost. We will see how this works in the Acknowledgments section. Muhammad Kashif Riaz System Administrator Logitech Web: www. Send 2 and Send 3). which means that Host B can send 3 data segments to Host A before expecting an "ACK" back. Host B sends the first 3 segments (Send 1.net 59 .. we have a window size equal to 3. in this case. Hmmm. It is obvious that Host B is sending data to Host A. let's say 3! Keep in mind the way the "ACKs" work. explaining what is happening here. 5 and 6.. as the picture shows. this would mean something went wrong with the previous transmission and Host B will retransmit the lost segment. Let's now try a different Window size to get a better understanding.

5. Note that if you s carefully study the figure you will see clearly the window size of this transfer. it really doesn't make that much of a performance impact. all the above discussion means that there is a lot more overhead when using TCP in order to get the data transferred without errors.net 60 . So Host B sends data segments 4. 9. Everything comes with a downside and this is TCP's. Host B sends 3 data segments to Host A and they are received in perfect condition so. 6. And that completes our discussion on TCP ! Muhammad Kashif Riaz System Administrator Logitech Web: www. 5. But since everyone has fast connections to the Internet. 6 but 5 gets lost somewhere along the way and Host A doesn't receive it so. Now you see why this method is called "positive acknowledgment with retransmission". At this point Host B sends data segment 5 and waits for Host A to send an "ACK" so it can continue sending the rest of the data. 8. which is equal to 3. it realises that 5 got lost and sends an "ACK 5" to Host B. At first. indicating that it would like data segment 5 retransmitted. Host A sends an "ACK 4" acknowledging the 3 data segments and requesting the next 3 data segments which will be 4.net Email: sardarkashif@logitech. after a bit of waiting. Host A receives the 5th data segment and sends "ACK 7" which means 'I received the previous data segment. The next step is not shown on the diagram but it would be Host B sending data segments 7. More Overhead As you can see. now please send me the next 3'.Introduction to Networking The above figure shows u how the Acknowledgments work. based on what we learned 2 minutes ago.logitech.

.. RARP and SNMP. Like a thin person in a car. but it does a fabulous job of transporting information that doesn't require reliable delivery and it does so using far fewer network resources.or in this case. and not just one (as most people think).net 61 . TCP/IP is NOT one protocol. Unreliable Transport UDP is considered to be an unreliable transport protocol. a thin protocol doesn't take up a lot of room .logitech.Introduction to Networking User Datagram Protocol – UDP Some common protocols which use UDP are: DNS.When people refer to "TCP/IP" remember that they are talking about a suite of protocols. check on them. in other words . only that it doesn't handle issues of reliability. ARP. complete abandonment! This does not mean that UDP is ineffective.User Datagram Protocol The second protocol used at the Transport layer is UDP.net Email: sardarkashif@logitech. it just sends them and forgets about them. Please see the Protocols section for more information. It doesn't follow through. This is to show you the different fields a UDP header contains: Muhammad Kashif Riaz System Administrator Logitech Web: www. much bandwidth on a network. UDP is the scaled-down economy model and is considered a thin protocol. When UDP sends segments over a network. The User Datagram Protocol (UDP) is defined by IETF RFC768 UDP . or even allow for an acknowledgment of safe arrival.. Application developers can use UDP in place of TCP. The picture below shows us the UDP header within a data packet. UDP as mentioned dosen't offer all the bells and whistles of TCP. TFTP.

Introduction to Networking Connection-less Oriented For those who read about TCP. Less Overhead The very low overhead. compared to TCP. it doesn't use any.net 62 . Muhammad Kashif Riaz System Administrator Logitech Web: www. which obviously makes things transfer faster. This is because UDP doesn't create a virtual circuit (establish a connection before data transfer).logitech. There really isn't much more to write about UDP so i'll finish here. This certainly speeds things up but you get an unreliable (in comparison to TCP) service. is a result of the lack of windowing or acknowledgments. nor does it contact the destination before delivering information to it. you would know it is a connection oriented protocol.net Email: sardarkashif@logitech. No 3-way handshake or anything like that here! Since UDP assumes that the application will use its own reliability method. but UDP isn't.

Section 2: The DNS Resolution Process.1: Introduction to the DNS Server. Section 4: The DNS Response Message Format. It is used for resolving host names and domain names to IP addresses. Section 5: The DNS Server (BIND). along with the next one gives you the DNS packet format in all its glory.cx it is translated into an IP address via special queries that take place from your PC.firewall. Full analysis of the whole resolution process using a real life example. Over 85% of DNS servers on the Internet run on Linux and Unix based systems while Microsoft and Novell DNS servers follow the same structure. Learn how a DNS server is setup on a Linux machine. What really happens when a host requests a DNS r esolution.net Email: sardarkashif@logitech. Section 3: The DNS Query Message Format. This is the continuation of the section above. Based on BIND for Linux. See. Because there is a fair bit of material to cover for the DNS protocol.Introduction to Networking Domain Name System (DNS) Introduction Introduction DNS is a very well known protocol.logitech. where you will see the layers on which DNS works. How and why the DNS protocol was born. and I don't want to confuse you with too much information on one page. giving you the chance to understand how domains on the Internet are structured. DNS Zones and Domains are also covered on this page. dealing with the DNS response that's received. formatted and sent to the resolver.2: The db. the rest of us who just want to learn it all can start reading in the order presented: Section 1: The DNS Protocol. this is essential for understanding how DNS Servers work. • Muhammad Kashif Riaz System Administrator Logitech Web: www.net 63 . Complete analysis of the zone data file for a Primary DNS server. Page contains a bit of historical information and also compares DNS with the OSI Reference model. See what is contains and understand how its structured. Understand Name Servers and the role they play in the DNS system.DOMAIN file. Section 5. but I'll explain how that works later on. This section. learn and understand the various fields within the packets as your taken through a full detailed analysis of the packet structure using the cool 3D diagrams. this section is broken into a futher 6 pages: • Section 5. You will learn how the response packet is generated. People who want specific information on the DNS protocol can go straight to the section they need. The fact is that when you type www. Learn how DNS queries are generated and formatted. I have broken it down into 5 sections. Internet DNS hierarchy is also analysed here. Again. you're taken through a full detailed analysis of the packet structure using the cool 3D diagrams. each covering a specific part of the protocol.

. But don't despair because is all cool stuff ! Grab something to drink and let's dive into the DNS waters ! You will be amazed at the stuff you'll find :) The DNS Protocol Introduction If you ever wondered where DNS came from.net Email: sardarkashif@logitech.logitech.5: Slave DNS Server. Most companies today have their own little DNS server to ensure the computers can find each other without problems. Unix. and in 1984 the Domain Name System was introduced. Section 5. Windows and NetWare still use such files) until it was far too large for computers to download and it was generating great amounts of traffic ! So they thought . this is your chance to find out ! The quick summary on DNS's history will also help you understand why DNS servers are run mostly on Linux and Unix-type systems.. But as the number of hosts grew. so did the HOSTS file (Linux. let's find a better solution .net 64 . which helps make DNS caching a reality. See what is contains and understand how its structured. Section 5.3: The db. and find out how to avoid problems that come with Domain redelegation or website transfers.4: Other common files. The key to an efficient DNS server. Each site/computer that needed to resolve host names had to download this file.6: DNS Caching. We then get to see the layers of the OSI Model on which DNS works and. Includes analysis of specific parameters within the DNS packet. then you surely are using DNS for the name resolutions of your computers.. The History DNS began in the early days when the Internet was only a small network created by the Department of Defence for research purposes. there's plenty of stuff to cover.. This is a must for any DNS Administrator. Stuff this . called a Muhammad Kashif Riaz System Administrator Logitech Web: www.. Instructions on setting up a secondary DNS server.ADDR file. which is a fancy way of saying that its layers are arranged in a definite order and that its data is distributed across a wide range of machines (just like the roots of a tree branch out from the main root). Host names (simple computer names) of computers were manually entered into a file (called HOSTS) which was located on a central server. Microsoft has created its own version of a "DNS" server. If you're using Windows 2000 and Active Directory.Introduction to Networking • Section 5. Learn how DNS caching helps improve performance and reduce traffic. The Protocol The Domain Name System is a 'hierarchically distributed database'. Analysing the rest of the files which are common to all DNS servers. • • • As you can see. you will find out how the Domains (and DNS servers) are structured on the Internet to ensure uptime and effectiveness. Complete analysis of the zone data file for a Primary DNS server. towards the end of the page. Section 5.

This means that a DNS server listens on Port 53 and expects any client wishing to use the service to use the same port. This process. the less overhead a protocol has. depends on the operating system you're using. you type "www. The DNS protocol normally uses the UDP protocol as a means of transport because of its small overhead in comparison to TCP. but this is old technology and uses protocols that are nowhere near as efficient as DNS. Some operating systems might not allow DNS to use the TCP protocol.Introduction to Networking WINS server.net 65 .firewall. There are. which stands for Windows Internet Name Service. which your computer sends to a DNS server in order to get the website's IP Address ! There is a detailed example on the pages to follow so I won't get into too much detail for the moment. cases where you might need to use a different Muhammad Kashif Riaz System Administrator Logitech Web: www. the faster it is ! In the case where there are constant errors and the computer trying to request a DNS resolution can't get an error free answer. it will switch to TCP to ensure the data arrives without errors. after all.cx" in your web browser. thus limiting it to UDP only. this triggers a DNS request. however. the whole Internet works on DNS :) The DNS protocol works when your computer sends out a DNS query to a name server to resolve a domain. The DNS protocol utilises Port 53 for its service.logitech. or any answer at all. For example.net Email: sardarkashif@logitech. so it was natural for Microsoft to move away from WINS and towards DNS. though. It is rare that you will get so many errors that you can't resolve any hostname or domain name to an IP Address.

The Secondary acts as a backup in case the Primary DNS fails.Introduction to Networking port. have what we call a "Primary DNS" and "Secondary DNS". including the ones we are talking about (cisco.g firewall.com etc. cisco... microsoft. These ROOT DNS servers can tell you which DNS server takes care of firewall.com and the rest. cisco. The Primary DNS is the one that holds all the information about its domain.com. firewall.cx. where you are able to see exactly the contents of DNS query.com. but only those immediately above and below it. so we won't analyse the packet structure here. Muhammad Kashif Riaz System Administrator Logitech Web: www. The DNS structure has been designed in such a way that no DNS server needs to know about all possible domains. which includes all the top level domains. something possible depending on the operating system and DNS server you are running. microsoft). Let's explain how it works : Internic controls the "root" domain. The picture below shows part of the Internet DNS hierarchical structure: ... These are marked in a green oval for clarity. Each domain. microsoft.net 66 .net Email: sardarkashif@logitech. In the following pages we'll be looking at the actual DNS packet format. When you think about the millions of domain names registered today. The process in which a Primary DNS server sends its copy to the Secondary DNS server is called Zone Transfer and is covered in the DNS Database section. Within the green oval you have the ROOT DNS servers..logitech.cx. Next we'll take a close look at how the Internet domains and DNS servers are structured to make sure the model works flawlessly and efficiently ! The Internet Domain Name Server Hierarchy This interesting section will help you understand how domain names on the Internet are structured and where DNS servers fit in to the picture.. you probably think that you have to be superhuman to manage such a structure of DNS servers ! Well that's not that case. which know all about the authoritative DNS servers for the domains immediately below them e.

cx.Introduction to Networking Today there are hundreds of websites at which you are able to register your own domain and. These will be analysed in depth on the next pages. One of these involves the client contacting the name servers (this is also called a non Recursive query) one at a time until it finds the authority server that contains the information it requires. There are two ways to use the domain name system in order to resolve a host or domain name to an IP Address and we're going to look at them here.net Email: sardarkashif@logitech. That completes our first section. In the example above.firewall.net 67 .CX domains. So here comes the mi llion dollar question :) How do you create subdomains and www's (known as resouce records) ? The answer is pretty simple: You use a special DNS administration interface (usually web based . www's or whatever resource record you can come up with. once you've done that.cx in turn will let your computer know the IP Address of ftp.provided by the guys with whom you registered your domain) that allows you to create. Some examples of resource records for the Cisco domain in our example are: support . if you need to resolve ftp.cx domain. Cisco bought the "Cisco. which will let you know the DNS server that's in charge of the Firewall.cx because it holds all the information for the firewall. your computer will locate and contact the DNS Server responsible for the . The DNS server of Firewall. there are two ways for a client to use the domain name system to get an answer. you have the power to manage it yourself.com" domain and then created your resource records. www and routers. while the other way is to ask the name server system to perform the complete translation (this is also called a Recursive query). Queries and Resolution As mentioned in the introduction section. change and delete the subdomains.firewall. When you're making changes to the DNS settings of your domain. you're actually changing the contents of specific files that are located on that server. which are responsible for your domain area and then the whole Internet will contact these DNS servers when they need to access any section of your domain. It's not that hard after all ! DNS Resolution Process Introduction This section will help you understand how the DNS queries work on the Internet and your home network. For example.logitech.cx domain. Muhammad Kashif Riaz System Administrator Logitech Web: www. These changes then slowly propagate to the authoritative DNS servers. in which case the client will send the query and get a response that contains the IP Address of the domain it's looking for. There is also a detailed example later on this page to help you understand it better.

they go to their web browser and type "http://www.com). I 'm going to show you how the client chooses the method by which it wants its query to be resolved. so you will truly understand how these cool features work ! The DNS Query/Response Message Format pages contain all this packet analysis information.Introduction to Networking It's really exciting to see how DNS queries work. so make sure you take your time to read it and understand it ! When someone wants to visit the Cisco website (www.cisco.net Email: sardarkashif@logitech.com" or just "www. That's what we are going to find out now ! The picture below shows us what would happen in the above example: (for simplicity we are not illustrating both Primary and Secondary DNS servers. after a few seconds.com" and.cisco. The example that follows will show you the whole procedure step by step. the website is displayed. so let's continue and prepare for it ! Our Example DNS Resolution We will now look at what happens when your workstation requests a domain to be resolved.net 68 .logitech. While analysing with you the packets that are sent and received from the DNS server.cisco. only the Primary) Muhammad Kashif Riaz System Administrator Logitech Web: www. But what happens in the background after they type the address and hit enter is pretty much unknown to most users.

25.cisco. (Just a note. 5.logitech.net 69 . so it sends a DNS query to your ISP's DNS server (It's querying the ISP's DNS because this has been set through the dial-up properties. I like to think of it as "self service" :) DNS Query Message Format Introduction This section will deal with the analysis of the DNS packets. The other type of query (non recursive) follows the same procedure. Remember that this query is the most common type. Cisco's DNS server checks its database and finds an entry for "www.219. Your computer now knows who it needs to contact to get to the website. Your ISP's DNS server now knows the IP address for www. Muhammad Kashif Riaz System Administrator Logitech Web: www.cisco. Your ISP's DNS server sends a recursive query to Cisco.Introduction to Networking Explanation : 1. To understand a protocol. Your ISP's DNS server doesn't know the IP for www.com". This entry has an IP address of 198.com exists and its IP. It replies to your ISP's server with that answer. depending on the query and the answer.com is 198.cisco.219. the difference is that the client does all the running around trying to find the authoritative DNS server for the desired domain.25. the computer doesn't know the IP address for www.com in the address field. Your ISP's DNS server now knows where to contact Cisco's DNS server and find out if www. 3. where the DNS server is responding to our query. then it would have a different IP. Part 1 analyses the DNS format of a query.133. the webserver is running on the same physical server as the DNS ! If it wasn't running on the same server. This will allow us to see the way DNS messages are formatted and the options and variables they contain. you must understand the information the protocol carries from one host to another. but actually run the web server on a different box. So it sends an http request directly to Cisco's webserver and downloads the webpage. You open your web browser and enter www. it shows how the packet looks when we ask a DNS server to resolve a domain.com. 7. so it will ask one of the ROOT DNS servers.cisco. 2.com.com's DNS server and asks for an IP address for www. Because the DNS message format can vary. At that point. 4. This is achieved by using some neat tricks like port forwarding) 6. in other words. I hope you didn't find it too hard to follow. you can actually make it look like it's on the same physical server.cisco.cisco.133. if you're on a permanent connection then it's set through your network card's TCP/IP properties).cisco.com and sends the result to your computer. I've broken this analysis into two parts. In other words.com. Part 2 analyses the DNS format of an answer.net Email: sardarkashif@logitech. The ROOT DNS server checks its database and finds that the Primary DNS for Cisco. I find this method more informative and easy to understand rather than combining the analysis of queries and answers.

We are assuming a Query. Here they are again in a cool 3D diagram: Muhammad Kashif Riaz System Administrator Logitech Web: www. Notice the Port Destination which is set to 53. This could be the result of entering "www. so you can compare theory with practice for a better understanding. so let's check out what a packet containing a DNS query would look like on our network: This is the captured packet we are going to deal with. We are going to take the DNS Section above and analyse its contents. on which the port DNS works.cx" from my linux prompt.Host Query As mentioned in the previous sections of the DNS Protocol.firewall. a DNS query is generated when the client needs to resolve a domain name into an IP Address.logitech. labeled "Capture") taken from my packet analyser. which are already shown in the picture above (Right hand side. or simply by launching a program that uses the Internet and therefore generates DNS queries in order to successfully communicate with the host or server it needs.net 70 . which was put on my network with the destination being a name server in Australia.) is the most common type of frame found on LANs. This particular one contains a DNS section. so it can fit nicely in our example. and the protocol used for the DNS Query. To generate this packet. Ethernet II (Check Ethernet Frames for more info. I typed "ping www. which is UDP. After this we will have a look at the meaning of each field in the packet.Introduction to Networking DNS Analysis . The command generated this packet.net Email: sardarkashif@logitech. in fact it probably is the only type you will find on 85% of all networks if you're only running TCP/IP and Windows or Unix-like machines. I've also included a live example (using my packet analyser). which could be either a Query or Response. Now.cx" in the url field of your web browser.firewall.

the rest is more or less overhead and information to let the server know a bit more information about our query.net 71 .net Email: sardarkashif@logitech. the DNS Query Section is the part we're interested in (analysed shortly).logitech. The analysis of each 3D block (field) is shown in the left picture below so you can understand the function of each field and the DNS Query Section captured by my wonderful packet sniffer on the right: Muhammad Kashif Riaz System Administrator Logitech Web: www.Introduction to Networking From this whole packet.

novell. which is the UDP header.logitech.com simply because the second domain is longer. The DNS Name Field To prove this I captured a few packets that show different lengths for the domain names I just mentioned but. we are left with the length of the DNS section: Muhammad Kashif Riaz System Administrator Logitech Web: www. By subtracting the UDP header length (always 8 bytes .check UDP page for more information) from the bytes in the Length field. The DNS Name field has no set length because it varies depending on the domain name length as we are going to see soon.net Email: sardarkashif@logitech. For example. because the DNS section in a packet provides no length field. a query for www.cisco. have set lengths. we need to look one level above.net 72 .com will require DNS Name field to be smaller than a query for support.Introduction to Networking All fields in the DNS Query section except the DNS Name field (underlined in red in the picture above). in order to calculate the DNS section length.

The picture on the right hand side explains the various bits. And that just about does it for the DNS Query message format page. When you read the DNS response message format page. if it should be a recursive or non-recursive type. This is most important because as we've already seen. 2-5. You won't see all 16 bits used in a query as the rest are used during a response or might be reserved: As you can see. The rest will be a combination of reserved bits and bits that are used only in responses. The UDP header is 8 bytes in both examples and all fields in the DNS Section. in the case of a query. Let's have a closer look at the flags and explain the meaning of each one. 7. I've marked the bit numbers with black on the left hand side of each flag parameter so you can see which ones are used during a response. only bits 1.Introduction to Networking The two examples clearly show that the Length Field in the UDP header varies depending on the domain we are trying to resolve. are always 2 bytes. 8 and 12 are used in this query. Next up is the DNS Response message format page which I'm sure you will find just as interesting! Muhammad Kashif Riaz System Administrator Logitech Web: www. it contains information as to whether the DNS packet is a query or response and.net Email: sardarkashif@logitech. you will find a similar packet captured which is a reponse to the above query and the rest of the bits used are analysed. it determines how the query is handled by the server. except for the DNS Name field.logitech. The Flags/Parameters Field The Parameter Field (labeled Flags) is one of the most important fields in DNS because it is responsible for letting the server or client know a lot of important information about the DNS packet. For example.net 73 .

the speed at which all these servers and myself are connected to the Internet and the general load between the routers that my packet had to travel in order to get to its various destinations ! As you can clearly see. Now that we have all that out of the way . These responses.4.net Email: sardarkashif@logitech.4).991 seconds ! During this short period of time the packet travelled from Greece to Australia. which sent its queries to other DNS servers until it found the answer and then generated a DNS response that was sent back to Greece where my home network is ! There are a lot of factors that contribute to this fairly fast reponse. there is a lot happening for just one DNS query and response.Introduction to Networking DNS Response Message Format Introduction The previous page delt with the DNS Query message formats.net 74 . but varies in size.000. On this page we will see and analyse the responses we get from the generated queries. We analysed them in great detail and showed how various options are selected by the host using the Flags/Parameters field.let's grab a few DNS responses and get our hands dirty :) DNS Analysis . until it received the answer. Try to consider what happenes when you have 20. the load of the DNS server to which I sent the query. regardless of whether it's a DNS Query or Response: Muhammad Kashif Riaz System Administrator Logitech Web: www. Lastly. so it's important to understand the previous material ! If you have any doubts. reached the DNS server. in the case of a non-recursive query. come directly from the DNS server to which we sent the query and. was only 0. The transport protocol UDP. will come from the last DNS server the client contacts in order to get the required information. The structure is the same. The time taken. where I asked for the resolution of www...000 DNS queries happening at once on the Internet and you have a good idea on how well this protocol and the underlying technology have been designed ! Following is the Ethernet II packet that runs on the local network. from the moment the packet was sent from the Linux file server. keep in mind that this page is the continuation of the previous page. in the case of a recursive query. the load of DNS servers it then had to ask.logitech.cx: Something worth paying attention to is the time this query took to come back to my Linux file server.130.firewall.Server Response Here is the response (highlighted) to the previous DNS query sent to an Australian DNS server (139.. which does not require any 3-way handshake. read the previous section again.

Here is the DNS Section of a DNS response in 3D: Muhammad Kashif Riaz System Administrator Logitech Web: www. The query had only one section that required in-depth analysis whereas the response has three since the first one is the original query sent.Introduction to Networking Now.net Email: sardarkashif@logitech.net 75 .logitech. to make the analysis of the DNS Section easier I have also included the DNS Query (left hand side) and DNS Response (right hand side). For this reason we are going to analyse it in parts rather than all together. The DNS Section in a response packet is considerably larger and more complex than that of a query. This allows you to compare what we sent and what we received : By comparing the two packets. Let's see again what each field means and anaylse them again as we did in the previous page. you can see that there are fields in the DNS Response packet (marked with green arrows) that didn't exist in the Query.

DNS Response Section The analysis of this section won't be too difficult because the format that s i followed in each 3D block of our DNS Response Section is identical. but only a few to help you get the idea. In the picture above. Even though the information they contain might seem a bit different. as the rest has been covered in the previous page. I have not analysed all 3 3D blocks.logitech. We are going to focus on these 3 new blocks. the fields are exactly the same and we will see this shortly. The diagram below shows you the contents of the 3 3D blocks (sections) we are looking at: Answers Section.net Email: sardarkashif@logitech. For this reason.net 76 . which are part of the DNS Response Section. Muhammad Kashif Riaz System Administrator Logitech Web: www. Authoritative Name Servers Section and the Additional Records Sections: What we need to need understand is that each one of these three sections have identical fields. I have only expanded the first part of the Answer section which is underlined in green so you can compare the fields with the ones contained in the left hand picture.Introduction to Networking You can clearly see that everything after the light green 3D block labeled "DNS Query Section" is new.

but it's presented first just because my packet sniffer likes to make the data more readable and less confusing. part 1 in the Answers Section (underlined in green). For example. This is also the reason the first line of each part in each section is used to give you a quick summary of the information captured. cname firewall. if I had more than two name servers Muhammad Kashif Riaz System Administrator Logitech Web: www. You also might wonder why there are 2 parts in each section ? Could there be more or less parts.logitech.Introduction to Networking This next picture shows you the expanded version from the first part of the Answers and Authoritative sections. For example.net 77 . depending on the domain name or is there always 2 parts in each section ? The answer is simple and logical. you would expect it last. but contain different values/data. where according to the analysis of the sections in the picture above (left side).net Email: sardarkashif@logitech. type INET. This proves that all fields in all of these 3 sections contained in the DNS Response Section are identical. you get a summary of what's to follow: www.firewall. I have already marked and labeled the fields to prove to you that they are all identical and vary only in the information they contain: If you look carefully you will notice that the Resource Data field is presented first. there are as many parts as needed. The truth is that it is last. looking at line 1. depending always on the domain setup.cx.

Looking at the picture below.cx domain. To give you the simplest example. but different data/values.logitech. You might have noticed a pattern here as well.Introduction to Networking for the Firewall.net 78 .COM domain: As you can see. In every DNS Response you will find the same number of parts per section. the picture on the left shows us 4 parts for the Answers. Our example has only 2 parts per section whereas the one we see below has a lot more : This DNS Response Section is based on a query generated for the IBM.COM gave us a response which has 4 parts per section ! Again. when we have a Type=A . Authoritative and Additional records) is the Type field and I will explain why. our query for IBM. whereas a Type=NS means we are given the Authoritative Name Servers that are responsible for the domain (look at Authoritative Name Servers section above).between the 3 sections (Answers. Authoritative and Additional records sections and this is no coincidence. each part in every section has identical fields. The Type Field The Type field determines the type or part of information we require about a domain.net Email: sardarkashif@logitech. we are given the IP Address of the domain or host (look at Answers section above). The reason this is no coincidence .cx) we can see exactly how the Type field is responsible for the data we receive about a domain: Muhammad Kashif Riaz System Administrator Logitech Web: www. which is from our first example (query for firewall. you would see more than two parts in the Authoritative nameserver section and the other sections. For example.

This is the reason in this example we have been told about the Name Servers for the firewall.cx Authoritative name server for the domain Symbolic link for a domain.net Email: sardarkashif@logitech.g www Name of CPU and Operating System Info about a mailbox or mail list 16-bit preference and name of the host that acts as a mail exchange server for a domain e.g net.Introduction to Networking As you can see. So where is the logic to all this ? Well.firewall. this will also give you an insight into the information we can request and receive about any domain: Type A CNAME HINFO MINFO MX Meaning Host Address Canonical Name (Alias) CPU & OS Mailbox Mail Exchange Contents 32-Bit IP Address of host or domain Canonical domain name for and alias e. it would be useless if I answered you without giving you their IP Addresses (Additional Records Section).The same rule and logic explains why there are 2 parts for all three sections of this example. if I told you which servers are authoritative for a domain (Authoritative Name Server Section). which means the data contained in this part is an IP Address for a particular host.firewall. Let's have a look at the different values the Type field can have. e. which means this part contains information about the Authoritative name servers of the queried domain.g mail.firewall.net 79 .cx domain (Authoritative Name Server Section). but also given their IP Address (Additional Records Section).cx Multiple fields that specify which parts of the naming hiererchy a server implements Uninterpreted string of ASCII text NS PTR SOA TXT Name Server Pointer Start Of Authority Arbitrary Text Muhammad Kashif Riaz System Administrator Logitech Web: www.logitech. the Type field in the first part of the Authoritative Name Servers section is set to NS. Going to the first part of the Additional records.cx points to www. we can see that the Type field here is set to A.

Our discussion on the DNS Response message format is now complete ! File Transfer Protocol . which is covered next. Muhammad Kashif Riaz System Administrator Logitech Web: www.logitech. then make that a couple of FTP inherits TCP's are if you download realising it ! And if thousand times :) The picture below shows where FTP stands in contrast to the OSI model. it's important to understand the concept of the OSI model.Introduction to Networking The above values the Type field can take are contained within the DNS database.net 80 . you've probably used ftp a few hundred times without you have a huge warez collection. This means that robustness and is very reliable for transferring files. The best thing you can do to "see" it yourself is to grab a packet sniffer which you will conveniently find in our download section and try to capture a few packets while you're ftp'ing to a site. because it will greatly help you understand all this too :) Now. but we didn't say which ports it uses ! Port numbers 21 and 20 are used for FTP.FTP Introduction File transfer is among the most frequently used TCP/IP applications and it accounts for a lot of the n etwork traffic on the Internet. establishing a connection and data transfer and I will analyse them shortly. As I have noted in other sections. Chances files. we mentioned that FTP uses TCP as a transport. But there are some instances where port 21 is used for both. Port 21 is used to establish the connection between the 2 computers (or hosts) and port 20 to transfer data (via the Data channel). The Protocol FTP uses TCP as a transport protocol. Most recent specifications of the protocol are listed in RFC 959.net Email: sardarkashif@logitech. Various standard file transfer protocols existed even before the Internet was available to everyone and it was these early versions of the file transfer software that helped create today's standard known as the File Transfer Protocol (FTP).

This is one of the reasons Passive FTP is more secure. When you (the client) try to establish a connection to a FTP server.Introduction to Networking Both Ports . it's not controlled by the workstation client. this is known as the Data Channel . Passive Mode FTP Using normal or passive FTP.20 and 21 . In the example.. Let me explain why this is happening: FTP has two separate modes of operation: Active and Passive.. my workstation used port 1086). In such cases you have a direct connection to the Internet. Only Port 21 . and because the server initiated the communication.net 81 .logitech. your workstation includes a second port number (using the PORT command) that is used when data is to be exchanged. a client begins a session by sending a request to communicate through TCP port 21.Active FTP Mode I have included a screenshot from my workstation which clearly shows the 2 ports used. The FTP server then starts the exchange of data from its own port 20 to whatever port was designated by your workstation (in the screen shot.Passive FTP Mode Now.. in the next picture I ftp'ed into my NetWare server here at home and guess what . You will use either one depending on whether your PC is behind a firewall. the port that is conventionally assigned for Muhammad Kashif Riaz System Administrator Logitech Web: www. This can also potentially allow uninvited data to arrive to your computer from anywhere posing as a normal FTP transfer. Only Port 21 was used ! Here is the screen shot: Please click here to view the full picture. Active Mode FTP Active mode is usually used when there isn't any firewall between you and the FTP server.net Email: sardarkashif@logitech.

and I say "if possible" cause if your already behind a firewall. The server will thus always be responding to client-initiated requests on the Data Channel and the firewall can correlate these. Instead of specifying a port that the server can send to.net 82 . At this point. The server replies on the Control Channel with the port number which the client then uses to initiate an exchange on the Data Channel. a PASV command is sent instead of a PORT command. in Cute FTP. For example. So let's have a look at the process of a computer establishing an FTP connection with a server: . This communication is known as the Control Channel connection. It's simple to configure your client FTP program to use either Active or Passive FTP.Introduction to Networking this use at the FTP server. Muhammad Kashif Riaz System Administrator Logitech Web: www. so the program will automatically change to Passive FTP mode. the PASV command asks the server to specify a port it wishes to use for the Data Channel connection. you can set your program to use Passive FTP by going to FTP--> Settings --> Options and then selecting the "Firewall" tab : If you remove the above options.logitech.net Email: sardarkashif@logitech. then your workstation will be using (if possible) Active FTP mode. there is probably no way you will be using Active FTP.

Since FTP is using TCP as a transport.logitech. your at) PASS: send password PORT: request open port number on specific IP address/port number QUIT: log off from server RETR: retrieve file STOR: send or put file SYST: identity system type Muhammad Kashif Riaz System Administrator Logitech Web: www.net 83 . Once that is completed and there is data connection established. the client will send its login name and then password.Introduction to Networking The above is assuming a direct connection to the FTP server. we are looking at the way the FTP connection is created and not worring if it's a Passive or Active FTP connection.net Email: sardarkashif@logitech. it's allowed access and is ready to leach the site dry :) Finally. For simplicity reasons. below are the most commonly used FTP commands: ABOR: abort previous FTP command LIST and NLST: list file and directories DELE: delete a file RMD: remove a directory MKD: create a directory PWD: print current working directory ( show you which dir. After the authentication sequence is finished and the user is authenticated to the Server. you would expect to see the 3-way handshake .

net 84 . Where FTP uses the robust TCP to establish connections and complete the file transfers. Port 69 is the default port for TFTP. TFTP isn't very popular because it's not really used on the Internet because of its limitations which we'll explore next.Introduction to Networking TYPE: specify type (A for ASCII.TFTP Introduction TFTP is a file transport protocol and its name suggests it's something close to the FTP protocol (File Transfer Protocol). and works on port 69.net Email: sardarkashif@logitech. you can modify the settings on your TFTP server so it runs on a different port. TFTP uses UDP which is unsecure and has no error checking built in to it (unless they have implemented some type of error checking in the program you are using to transfer files). you can clearly see that in the cool 3D diagram on the left. The major limitations with TFTP are authentication and directory visibility. which is true . to make things a bit clearer I have included a screen shot of my workstation tftp'ing into a TFTP server which I have setup in my little network. this also explains why you are more likely to find TFTP in a LAN.logitech. Now.. but if you like. TFTP uses UDP as a transport. meaning you don't get to see the files and directories available at the TFTP server. as opposed to TCP which FTP uses. to a degree. I for binary) USER: send username And that just about complete's our analysis on the FTP protocol ! Trivial File Transport Protocol . The Protocol TFTP's main difference from FTP is the transport protocol it uses and the lack of any authentication mechanisim. As mentioned. rather than a WAN (Wide Area Network) or on the Internet. Muhammad Kashif Riaz System Administrator Logitech Web: www.

by nature. Because you don't get a listing of the files and directories.exe). Click here for the full picture. These small acknowledgements have been added by the software company who created the program I was using for this example.0. my workstation is contacting the server and requesting the file I entered before I connected to the server. If I didn't provide the Remote File name. never sends acknowledgements).Introduction to Networking You can see my workstation (192.logitech. No authentication whatsoever ! Note: The workstation usally won't send back any acknowlegement (because UDP. In the example I provide. and selected the name which the file will be saved as on my local computer (Local File).168. In this first packet.168.0. you must know which file you want to download ! In the response I received (2nd packet) the server gets straight into business and starts sending the file.net 85 . but the software developers can incorporate such a feature by forcing the workstation to send a small packet which the TFTP server is able to pickup as an acknowledgement of the previous data packet it sent to the workstation. Below is a screen shot of the program I used to TFTP (TFTP Client) to the server: Notice how I entered the file I wanted to downloaded (server. complaing that no such file exists. which is the transport protocol. You can also send files using TFTP.1) on port 69 (destination port). I would simply get an error poping up at the server side.100) contacting the TFTP server (192. you can see my workstation sending small packets to the server after it receives one packet from it. as it's not just for downloading :) Muhammad Kashif Riaz System Administrator Logitech Web: www.net Email: sardarkashif@logitech.

TFTP is used to download the program it needs to load and run from a central server.. In this diagram we are assuming that there is no error checking built into the software running at both ends (client and server). Personally.logitech. it is also used for diskless booting PC's where. Internet Control Message Protocol . thus disconnecting them from the server ! The Muhammad Kashif Riaz System Administrator Logitech Web: www. the site's webserver is configured NOT to reply to 'pings' for security reasons ! Cool Note A few years ago there was a program released. in fact. or ICMP as we will be calling it.. but you need to keep its limits in mind beause you might end up spending half a day trying to figure out why you're not getting a 'ping reply' ('echo reply' is the correct term) from.net 86 .ICMP Introduction The Internet Control Message Protocol. which still circulates around the Internet. making the remote user's program think it had lost connectivity with the IRC server. called Click ( I got my hands on version 1. www. Below is a diagram which shows what takes place during a TFTP session: . I use ICMP a lot. If I said the word 'Ping' most people who work with networks would recognise that a 'ping' is part of ICMP and in case you didn't know that.Introduction to Networking So where is TFTP used ? TFTP is used mostly for backing up router configuration files like Cisco and its IOS images. Because IP wasn't designed to be absolutely reliable. for example..net Email: sardarkashif@logitech.firewall. after the workstation has booted from the network card's ROM. routing.cx when. The program would utilise the different messages available within the ICMP protocol to send special error messages to Mirc users. now you do :) ICMP is one of the most useful protocols provided to troubleshoot network problems like DNS resolutions.4). connectivity and a lot more. Click was designed to run on a Windows platform and work against Mirc users. And that pretty much sums it all up for the TFTP protocol. ICMP came into the scene to provide feedback on problems which existed in the communication environment. is a very popular protocol and actually part of an Internet Protocol (IP) implementation..

For example. to help you understand better what we are dealing with :) The structure is pretty simple. rather I selected a few of the more common ones that you're likely to come across. Ports are only used for protocols which work at the Session layer and above: The ICMP protocol uses different 'messages' to identify the purpose of an ICMP packet. I am going to break down the different message descriptions as they have been defined by the RFC792. Looking at its position in the OSI model we can see that it's sitting in the Network layer (layer 3) alongside IP. There is a lot of information to cover in ICMP so I have broken it down to multiple pages rather than sticking everything into one huge page that would bore you! Also. I haven't included all the messages which ICMP supports. There are no ports used with ICMP. for example. You can always refer to the RFC792 to get the details on all messages. not a lot involved. We will start with a visual example of where the ICMP header and information are put in a packet. an 'echo' (ping) is one type of ICMP message. The Protocol ICMP is defined in RFC (Request For Comments) 792. the header information for an 'echo' (ping) message (this is the correct term) is different to that of a 'destination unreachable' message.net 87 . also a function of ICMP. but the contents of the ICMP header will change depending on the message it contains. but how it does it ! This is where a true networking guru will be able to identify and fix any network security weakness. this is because of where the protocol sits in the OSI model.logitech.Introduction to Networking magic is not what the program can do. Muhammad Kashif Riaz System Administrator Logitech Web: www.net Email: sardarkashif@logitech.

Introduction to Networking NOTE: If you were to run a packet sniffer on your LAN and catch a "ping" packet to see what it looks like. you would get more than I am showing here. ICMP Echos are used mostly for troubleshooting. Let's have a look at what an ICMP-Echo or Echo Reply packet looks like: Muhammad Kashif Riaz System Administrator Logitech Web: www.. The messages in green are the ones which we cover here. The 'ping' command is very well known. a few simple ICMP Echo requests will show if the 2 hosts have their TCP/IP stacks configured correctly and if there are any problems with the routes packets are taking in order to get to the other side. which is not shown here because that header will change (or more likely be removed) as the packet moves from your LAN to the Internet. ICMP . but we will have a look at that later on. but the results of it are very often misunderstood and for that reason I have chosen to explain all those other parameters next to the ping reply. Please click on the ICMP message you wish to read about. There will be an extra header. When there are 2 hosts which have communication problems.Echo or Echo Reply Introduction Aaaaa.net Email: sardarkashif@logitech. that now leaves us to analyse a few of the selected ICMP messages ! The picture below shows all the ICMP messages.logitech. The Echo Reply is the 'ping reply'. the datalink header.net 88 . So.. but the 2 headers you see in this picture will certainly remain the same until they reach their destination. an Echo is simply what most people call a 'ping'. The famous ping :) Analysis As mentioned in the previous page.

net 89 .net Email: sardarkashif@logitech.logitech. The picture below is a screen shot I took when doing a simple ping from my workstation: Muhammad Kashif Riaz System Administrator Logitech Web: www.Introduction to Networking If the above packet was an ICMP Echo (ping). If it's an ICMP Echo Reply (ping reply) then it would take a value of 1. then the Type field takes a value of 8.

The first thing my workstation did was to resolve that URL to an IP address. now looking at the screen shot above.cx. Here is the proof: Muhammad Kashif Riaz System Administrator Logitech Web: www. you can see I 'pinged' www. the workstation generated an ICMP packet with the Type field set to 8.firewall.cx.Introduction to Networking Okay.net 90 .logitech.net Email: sardarkashif@logitech. Once the DNS server returned the IP address of www. This was done using DNS.firewall.

it would have been an 'Echo Reply' and have a value of 1.Introduction to Networking The picture above is a screenshot from my packet sniffer the same time t his experement was taking place.net 91 . because i doesn't actually contain one t message. To make sure you don't get confused. This clearly shows that this packet is being sent from the workstation and not received. 16.. keep one thing in mind: The ICMP Destination unreachable is a generic ICMP message. If it was received.net Email: sardarkashif@logitech. Look at the top of this page where we analysed the ICMP headers (the 3d picture).cx Notice the ICMP type = 8 Echo field right under the ICMP Header section. if anyone noticed. therefore 64 Bits = 8 Bytes. and I'll prove it to you right now.Destination Unreachable Introduction This ICMP message is quite interesting. 16. ICMP . These add up to a total of 64 Bits. The next weird thing. One says 32 Bytes. Take the 32 Bytes of data the workstation's command prompt is showing and add 8 Bytes . code. 8. is the data field. and the other 40 Bytes ! The reason for this is that the packet sniffer is taking into account the ICMP header files (ICMP type.. you will notice that the lengths (in Bits) of the various fields are as follows: 8. We will be looking at them all and analysing a few of them to help you get the idea.logitech. but six ! This means that the ICMP Destination unreachable futher breaks down into 6 different messages.. 16. checksum and identifier). and you have 40 Bytes in total. Now 8 Bits = 1 Byte. the different code values or messages which are part of it are there to clarify the type of "Destination Muhammad Kashif Riaz System Administrator Logitech Web: www. The packet displayed is one of the 4 packets which were sent from my workstation to the webserver of firewall. Look at the screen shot from command prompt above and notice the value there and the value the packet sniffer is showing on the left.

You can check to see if all routers and gateways are configured properly and have their routing tables updated and synchronised. The ICMP .logitech. These ICMP messages are most useful when trying to troubleshoot a network. the destination host may send an ICMP destination protocol / port unreachable message to the source host.net 92 .net Email: sardarkashif@logitech.Destination net unreachable message is one which a user would usually get from the gateway when it doesn't know how to get to a particular network. In another case. in the destination host. If. like this: ICMP The ICMP .Destination host unreachable message is one which a user would usually get from the remote gateway when the destination host is unreachable. when a packet received must be fragmented to be forwarded by a gateway but the "Don't Fragment" flag (DF) is on. the gateway must discard the packet and send an ICMP destination fragmentation needed and DF set unreachable message to the source host. the IP module cannot deliver the packet because the indicated protocol module or process port is not active. It goes something Destination <Code value or message> unreachable. Let's look at the packet structure of an ICMP destination unreachable packet: Muhammad Kashif Riaz System Administrator Logitech Web: www.Introduction to Networking unreachable" message was received.

200". At that point.200. assuming that your workstation is NOT part of that network.200. the gateway should be able to figure out where to forward the ICMP Echo request. if the gateway has no "default route" you would get an "ICMP Destination net unreachable" message when you try to get to a network which the gateway doesn't know about. Muhammad Kashif Riaz System Administrator Logitech Web: www. I will analyse why and how you get an "ICMP .Introduction to Networking Please read on as the following example will help you understand all the above. I have provided a lot of pictures hoping to make it as easy as possible to understand. then your default gateway is the modem. The Analysis When you open a DOS command prompt and type "ping 200. I set up my network in a way that should make it easy for you to see how everything works.net Email: sardarkashif@logitech. this entry is used when the gateway doesn't know where the network is. When you're connected to the Internet via a modem. Now.Destination net unreachable" message.logitech. then it would forward the ICMP Echo request to the gateway that's configured in your TCP/IP properties. The gateway usually has a "default route" entry. In order for me to demonstrate this.net 93 .

168. I've setup my workstation to use the Linux server as a default gateway.168.0. When my workstation attempts to ping (send an ICMP Echo request) to IP 200.net 94 .net Email: sardarkashif@logitech.1 (the Windows 2000 Server). Here is the packet which I captured: Muhammad Kashif Riaz System Administrator Logitech Web: www. so it sends it to the Linux server.200.Introduction to Networking In the example above.200. The Linux server also has a default gateway entry and this is IP: 192.5.logitech.0. which has an IP of 192.200. which in turn forwards it to its default gateway (the Win2k server) so it can then be forwarded to the Internet and eventually I should get a ping reply (ICMP Echo reply) if the host exists and has no firewall blocking ICMP echo requests. it realises it's on a different network.

net 95 .net Email: sardarkashif@logitech. Now what I did was to remove the default gateway entry from the Linux server. so this confirms that it's an ICMP Echo (ping). As mentioned earlier.logitech. This is how you get the gateway to generate an "ICMP Destination net unreachable" message and send it back to the source host (my workstation)... it wouldn't know what to do with it. So when it gets a packet from my workstation. Check out though what happens when I remove the default gateway entry from the Linux server ...Introduction to Networking When looking at the decoded section (picture above) you can see in the ICMP header section that the ICMP Type is equal to 8. Here is a screen shot from the command prompt: Muhammad Kashif Riaz System Administrator Logitech Web: www. we would expect to receive an ICMP echo reply.

200. The Linux server doesn't know what to do with the packet since it has no way of getting to that 200. Muhammad Kashif Riaz System Administrator Logitech Web: www.net 96 . the Linux server has returned an "ICMP Destination net unreachable".200. so it sends the "ICMP Destination net unreachable" message to my workstation.net Email: sardarkashif@logitech.logitech. This is one of the six possible 'ICMP Destination Unreachable' messages as listed at the beginning of this page.0 network. notifiying it that it doesnt know how to get to that network.Introduction to Networking As you can see.

200. right under the ICMP header) but if you also check out the ICMP Code (highlighted field).168. This is the IP header of the packet my workstation sent to the Linux server when it attempted to ping 200. It is also worth noticing the "Returned IP header" which exists within the ICMP header. Scrolling right at the top of this page.net Email: sardarkashif@logitech. which means "net unreachable". the first table clearly shows that when the code field has a value of 0. it's equal to 0.200. and following that is 64 bits (8 bytes) of the original data.logitech.168.100) an ICMP Destination unreachable message (look at the ICMP type field. this is indeed a "net unreachable" message.Introduction to Networking Let's now take a look what the packet sniffer caught : The decoder on the left shows that the Linux server (192. I hope I haven't confused you too much :) Muhammad Kashif Riaz System Administrator Logitech Web: www.0.0.200.net 97 .5) sent back to my workstation (192.

it may send an ICMP . You won't see any such message pop up on your workstation screen unless you're working on a gateway which will output to the screen all ICMP messages it gets. Analysis Now let's get a bit more technical: A gateway may discard internet datagrams (or packets) if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network. Let's have a look at the packet structure of the ICMP .Source quench is generated by a gateway or the destination host and tells the sending end to ease up because it cannot keep up with the speed at which it's receiving the data.logitech. an ICMP . If a gateway discards a datagram.Source quench message is one that can be generated by either a gateway or host.Source quench message: Muhammad Kashif Riaz System Administrator Logitech Web: www.net Email: sardarkashif@logitech. In short.Introduction to Networking ICMP .Source quench message to the internet source host of the datagram.net 98 .Source Quench Introduction The ICMP .

The gateway or host may also send the ICMP .Source quench messages.Source quench message if datagrams arrive too fast to be processed.Redirect (0.Source quench message when it approaches its capacity limit rather than waiting until the capacity is exceeded. 1.Redirect message is always sent from a gateway to the host and the example below will illustrate when this is used. 3 or 4) message.Redirect message types and these are: The format of this ICMP message is as follows: ICMP . Muhammad Kashif Riaz System Administrator Logitech Web: www. The gateway may send an ICMP .net 99 . The second gateway will generate this ICMP message and send it to the host from which the datagram originated.Redirect message occurs when a host sends a datagram (or packet) to its gateway (destination of this datagram is a different network).Source quench for every message that it discards. The source host can then gradually increase the rate at which it sends traffic to the destination until it again receives ICMP . the source host should cut back the rate at whic h it is sending traffic to the specified destination until it no longer receives ICMP .net Email: sardarkashif@logitech.Source quench messages from the gateway.Source quench message is a request to the host to cut back the rate at which it is sending traffic to the internet destination. ICMP .Source quench message.Redirect Message Introduction The ICMP .logitech. 2. On receipt of an ICMP .Introduction to Networking A destination host may also send an ICMP . The ICMP .Source quench message may be delivered. There are 4 different ICMP . That pretty much does it for this ICMP message. Putting it simply (before we have a look at the example) the ICMP . This means that the data datagram which triggered the ICMP . which in turn forwards the same datagram to the next gateway (next hop) and this second gateway is on the same network as the host.

0. which will still be 192.168. if the host identified by the Internet source address of the datagram (in other words. The redirect message advises the host t o send its traffic for the Internet network directly to gateway 2 as this is a shorter path to the destination. The gateway then forwards the original datagram's data (arrow No. a redirect message (arrow No.Redirect message: Muhammad Kashif Riaz System Administrator Logitech Web: www.logitech.100). The gateway checks its routing table and obtains the address of the next gateway (hop) on the route to the datagram's Internet destination network and sends the datagram to it (arrow No. Now. Analysis Let's have a look at the structure of an ICMP . 2). receives an Internet datagram (arrow No. gateway 2 receives the datagram and. 3) to the host in the following situation: Gateway 1 (the linux server). a redirect message is not sent even if there is a better route to the ultimate destination than the next address in the source route. it checks the source IP of the datagram. 1) to its Internet destination (arrow No.net 100 . is on the same network.4). For datagrams (or packets) with the IP source options and the gateway address in the destination address field.net Email: sardarkashif@logitech. 1) from a host on the same network. 3) is sent to the host.Introduction to Networking Our example: The gateway (Win2k Server) sends a redirect message (arrow No.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.