|
|
|
|
address pool |
if considered as a range of available IP addresses from which unused addresses
may be allocated in DHCP |
|
address scope |
if considered as a range of numeric IP addresses that fall under DHCP's control,
usually oniguous range |
|
ABR |
area border router a router used
to connect separate areas (backbone) |
|
ARP |
Address Resolution
Protocol see #PROTOCOLS |
|
ASBR |
autonomous system border routers - connect autonomous systems |
|
AS |
autonomous system - a goroup of routers that is under a single
administrative authority |
|
BGP |
Border Gateway Protocol the exterior routing protocol in use on the internet.
as a general rule, only networks that connect to multiple internet providers
should use BGP. - part of the internet backbone - distance-vector protocol
used to exchange information between separate autonomous systems.
RFC1771 It offers three types of routing a) inter-autonomous system
routing, b) intra-autonomous system routing, c) pass-through autonomous system
routing |
|
BOOTP |
Bootstrap Protocol
A layer 3 or TCP/IP Internet layer protocol designed
to permit diskless workstations to obtain network access and an operating system
image across the network as they begin booting. Developed in the 1970s, it is
seldom used anymore for workstations, however is used for JetDirect. - replaced by DHCP. Interoperability reference: RFC
1534. |
|
IP CLASS ADDRESS RANGE
RESERVED ADDRESS:
127.x.x.x addresses are
reserved
127.0.0.1 is the local loopback
address for the NIC used to troubleshoot TCP/IP bindings
all-hosts multicast address:
224.0.0.1
subnet mask: 225.0.0.0
|
|
CLASS |
Network RANGE
green is network addr |
Classful Subnet Mask
Classful IP address |
Classless Subnet Mask
Classless
IP address |
|
|
|
all IP Addresses that use the default subnet mask, where
the first one, two, or three octets of the subnet mask are always
network ID. You can’t use all zeros or all ones in an IP address.
The values are not incremented by 1 as they are in an IP address, but
incremented by the powers of 2, up to 2^8. |
a subnet mask other than the default results in the
standard Host bits being divided
in to two parts: a Subnet ID and Host ID,
Where we must extend the original subnet mask to the right, thereby
turning our one network ID into multiple network IDs
SEE: CIDR |
|
A
begins with 0xxx, or 1 to 126 decimal |
1.0.0.0
to 126.255.255.255 |
225.0.0.0 (8 bit)
or /8 |
|
|
private IP address range for a Class A
network* |
10.0.0.0 to 10.255.255.255 |
|
|
|
B
begins with 10xx, or 128 to 191 decimal |
128.0.0.0 to
191.255.255.255 |
225.225.0.0 (16 bit)
or /16 |
|
|
private IP address range for a Class B
Network* |
172.16.0.0 to 172.31.255.255 |
|
|
|
C
begins with 110x or 192 to 223 decimal |
192.0.0.0 to
223.255.255.255 |
225.225.225.0 (24 bit)
or /24 |
|
|
D begins
with 1110 or 224 to 239 decimal
this class is mainly used for multicasting |
224.0.0.0 to 239.255.255.255 |
|
|
|
E
begins with 111 or 240 to 254 (reserved for
Internet experimentation) |
240.0.0.0 to 254.255.255.255 |
|
|
When the node section is set to all "1"s, it specifies a broadcast that
is sent to all hosts on the network.
What two addresses are “deducted” from the total number of IP addresses
that may be calculated?
Answer: The Network address and the Broadcast address.1
NOTE: in binary numbering:
Everywhere there is a 1 in the subnet mask, you are looking
at part of the network ID. Everywhere there is a zero, you are looking at
part of the host ID, see Class C Subnetting
Private IP
addresses
RFC1918 *private IP addresses are not routable on the internet
10.0.0.0 network -
10.255.255.255 (10/8 prefix)
172.16.0.0 network - 172.31.255.255
(172.16/12 prefix)
192.168.0.0 network - 192.168.255.255
(192.168/16 prefix)
all routers multicast address: 224.0.0.1 or 224.0.0.2
|
|
CLASS A
(1-126)
NETWORK ADDRESS
( 001.x.x.x through
126.x.x.x)
(No more available)
|
IP ADDRESS:
(the first four octets are the Network portion of the address) You
can’t use all zeros or all ones in an IP address
A 32-bit binary number broken into four 8-bit binary numbers separated by
dotted decimals
Of the first set of numbers, if the first bit is set to 0, and it has a
subnet mask of 255.0.0.0, the remaining 7 bits
identify the network address ( 001.x.x.x through
126.x.x.x)
The remaining 24-bits are used for host address space (
x. 0.0.1 through x.255.255.254)
Subnetting a network address allows it to be broken into
more subnet networks with fewer hosts per network, see
Class C Subnetting
NETWORK ADDRESS:
First bit is set to 0
Network has subnet mask of 255.0.0.0
The 7-bit network address space can accommodate 126 network addresses
Acceptable range is 001.x.x.x through 126.x.x.x
HOST ADDRESS:
After the network address space, the remaining 24-bit host address space can
accommodate up to 16,777,214 hosts per network
Acceptable range is x.0.0.1 through x.255.255.254
NETWORK IDENTIFIER is the left part of the address.
HOST IDENTIFIER is the right part of the address.
NOTE: in binary numbering:
Everywhere there is a 1 in the subnet mask, you
are looking at part of the network ID. Everywhere there is a zero, you are
looking at part of the host ID, see Class C
Subnetting |
|
CLASS B (128-151)
NETWORK ADDRESS
(128.0.x.x through 191.255.x.x)
(No more available)
|
IP ADDRESS:
(the first eight octets are the Network portion of the address) You can’t
use all zeros or all ones in an IP address
A 32-bit binary number broken into four 8-bit binary numbers separated by
dotted decimals
If the first 2 bits are set to 10 it has a subnet mask of
255.255.0.0, the remaining 14 bits identify the
network address (128.0.x.x through 191.255.x.x)
The remaining 14 bits are used for host address space (x.x.0.1
through x.x.255.254).
Subnetting a network address allows it to be broken into more subnet
networks with fewer hosts per network, see
Class C Subnetting
NETWORK ADDRESS:
Network has subnet address 255.255.0.0
The 14-bit network address space can accommodate 16,382 network addresses
Acceptable range is 128.0.x.x through 191.255.x.x
HOST ADDRESS:
After the network address space, the remaining 14-bit host address space can
accommodate up to 65,534 hosts per network
Acceptable range of host addresses is x.x.0.1 through x.x.255.254
NETWORK IDENTIFIER is the left part of the address.
HOST IDENTIFIER is the right part of the address. You can’t use all zeros or
all ones in an IP address
NOTE: in binary numbering:
Everywhere there is a 1 in the subnet mask, you
are looking at part of the network ID. Everywhere there is a zero, you are
looking at part of the host ID, see Class C
Subnetting |
|
CLASS C (192-223)
NETWORK ADDRESS
(192.0.0.x through 223.255.255.x
|
IP ADDRESS:
(the first twelve octets are the Network portion of the address)
A 32-bit binary number broken into four 8-bit binary numbers separated by
dotted decimals
If the first 3 bits are set to 110 and it has a subnet mask of
255.255.255.0, the remaining 21 bits define the
network address (192.0.0.x through 223.255.255.x)
The remaining 8 bits are used for host address space (x.x.x.1
through x.x.x.254 )
Subnetting a network address allows it to be broken into more subnet
networks with fewer hosts per network, see
Class C Subnetting
NETWORK ADDRESS:
Network has subnet address 255.255.255.0
The 21-bit network address space can accommodate 2,097,150 network addresses
The acceptable range is 192.0.0.x through 332.255.255.x
HOST ADDRESS:
After the network address space, the remaining 8-bit host address space can
accommodate 254 hosts per network
The acceptable range is x.x.x.1 through x.x.x.254
In this class of network are you most likely to
supernet. Class C networks are smaller and more
plentiful than Class A and B networks. Therefore, they are more available
to be use, and, because of their size, often need to be combined in order to
support larger networks.
NETWORK IDENTIFIER is the left part of the address
HOST IDENTIFIER is the right part of the address
|
|
CLASS C SUBNETTING:
You can’t use all zeros or all ones in an IP address
Everywhere there is a 1 in the subnet mask, you
are looking at part of the network ID. Everywhere there is a zero, you are
looking at part of the host ID |
|
SUBNET MASK |
BINARY VALUE OF LAST BYTE |
SUBNETS AVAILABLE |
HOSTS PER SUBNET |
|
255.255.255.254 |
11111111.11111110 |
128 |
0 |
|
255.255.255.252 |
11111111.11111100 |
64 |
2 |
|
255.255.255.248 |
11111111.11111000 |
32 |
6 |
|
255.255.255.240 |
11111111.11110000 |
16 |
14 |
|
255.255.255.224 |
11111111.11100000 |
8 |
30 |
|
255.255.255.192 |
11111111.11000000 |
4 |
62 |
|
255.255.255.128 |
11111111.10000000 |
2 |
126 |
|
255.255.255.0 |
11111111.00000000 |
1 |
254
|
|
CLASS D
(224-239)
NETWORK ADDRESS |
known as “multicast” addresses, are often
used by routers to transmit changes in routing tables to other routers using
a single message - voice over IP |
|
CLASS E (240-254)
NETWORK ADDRESS |
exclusively reserved for Internet
experimentation (currently not going on) |
|
CIDR |
Classless
Inter-Domain Routing A form of subnet masking that does away with
placing network and host address portions precisely on octet boundaries, but
instead uses the /n prefix notation, where n indicates the number
of bits in the network portion of whatever address is presented.
A. Class
Licenses
1. Class A
i.
Default netmask is 255.0.0.0
ii.
Binary always starts with 0
iii.
CIDR is /8
iv.
IP address first octet range is 1-126
2. Class B
i.
Default netmask is 255.255.0.0
ii.
Binary always starts with “10”
iii.
CIDR is /16
iv.
IP address first octet range is 128-191
3. Class C
i.
Default netmask is 255.255.255.0
ii.
Binary always starts with 11
iii.
CIDR is /24
iv.
IP address first octet range is 192-223
|
|
Classless
Subnetting
see Subnetting |
Make subnets that aren’t Class A, B or C by defining the subnet mask
at some point other than /8, /16, or /242. Classless subnetting is simple in concept but complex in practice. To make classless
subnets, we must extend the original subnet mask to the right (in binary)
|
|
CLSM |
Constant-Length
Subnet Masks, see subnetting |
|
COMMON SUBNET MASKS |
Number of bits |
Class A
NNN.nnn.nnn.nnn |
Class B
NNN.NNN.nnn.nnn |
Class C
NNN.NNN.NNN.nnn |
|
0
( default mask) |
255.0.0.0
(default mask) |
255.255.0.0
(default mask) |
255.255.255.0
(default mask) |
|
1 |
255.128.0.0
(default +1) |
255.255.128.0
(default +1) |
255.255.255.128
(default +1) |
|
|
2 |
255.192.0.0
(default +2) |
255.255.192.0
(default +2) |
255.255.255.192
(default +2) |
|
|
3 |
255.224.0.0
(default +3) |
255.255.224.0
(default +3) |
255.255.255.224
(default +3) |
|
|
4 |
255.240.0.0
(default +4) |
255.255.240.0
(default +4) |
255.255.255.240
(default +4) |
|
|
5 |
255.248.0.0
(default +5) |
255.255.248.0
(default +5) |
255.255.255.248
(default +5) |
|
|
6 |
255.252.0.0
(default +6) |
255.255.252.0
(default +6) |
255.255.255.252
(default +6) |
|
|
7 |
255.254.0.0
(default +7) |
255.255.254.0
(default +7) |
255.255.255.254
(default +7) |
|
|
8 |
255.255.0.0
(default +8) |
255.255.255.0
(default +8) |
255.255.255.255*
(default +8)
*reserved for Broadcasts |
|
Private IP
addresses |
Private IP
addresses
RFC1918 *private IP addresses are not routable on the internet
10.0.0.0 network -
10.255.255.255 (10/8 prefix)
172.16.0.0 network - 172.31.255.255
(172.16/12 prefix)
192.168.0.0 network - 192.168.255.255
(192.168/16 prefix) |
|
DHCP |
·
Dynamic Host Control Protocol allows the administrator to set up zones, or ranges, of
IP addresses to be distributed dynamically to the network clients upon boot.
UsingDHCP centralizes IP administration; is easier to maintain than static IP addresses.
It eliminates the tedious labor involved in manually managing IP addresses. DHCP also allows the
administrator to establish static IP addresses.
DHCP CLIENT The software component on a TCP/IP client, usually
implemented as part of the protocol stack software, that issues address
requests, lease renewals and other DHCP messages to a DHCP server.
DHCP DISCOVERY The four-packet process ;used to obtain an IP
address, lease time and configuration parameters. The four-packet
process includes the Discover, Offer, Request and Acknowledgement packets.
DHCP OPTIONS Parameter and configuration information that
defines what the DHCP client is looking for. Two special options
--):Pad and 255:END--are used for housekeeping. Pad simply
ensures that the DHCP fields end on an acceptable boundary, and End denotes
that there are no more options listed in the packet.
DHCP RELAY AGENT A special purpose piece of software built to
recognize and redirect DHCP Discovery packets to known DHCP servers.
When any cable segment or broadcast domain has no DHCP server directly
attached, but includes DHCP clients that will need address management
services and configuration data, it is necessary to install a DHCP relay
agent on that cable segment or broadcast domain (or to enable routers to
forward BOOTP packets to segments where DHCP servers
are available.)
DHCP REPLY a DHCP message that contains a reply from a server to a
client's DHCP request message.
DHCP REQUEST a DHCP message from a client to a server, requesting some
kind of service; such messages occur only after a client receives an IP
address and can use unicast packets (not broadcasts) to communicate with a
specific DHCP server.
DHCP SERVER The software component that runs on a network server,
responsible for managing TCP/IP address pools or scopes and for interacting
with clients to provide them with IP addresses and related TCP/IP
configuration data on demand.
|
|
DHCP discovery |
When a DHCP clients boots up, it performs the Standard Address Discovery
Process before it can communicate on the network. The DHCP Discovery
Process uses four packets: 1) DHCP Discover packet; 2) DHCP Offer
packet; 3) DHCP Request packet 4) DHCP
Acknowledgement packet. |
|
DHCP relay
agent |
If no DHCP server is present in the broadcast domain, the DHCP relay agent
forwards the address request to a DHCP server whose address it knows
(software must be installed). Such relays may be installed on Win 2K or 2003
servers, or on routers attached to other subnets that are not part of a DHCP
broadcast domain. The relay agent acts as an intermediary between the
DHCP server and the client. |
|
DNS
Domain Name System |
DNS is the standard protocol across all
releases of TCP/IP see BIND
A hierarchical routing structure that links domain names to IP
addresses.
DNS servers convert domain names to IP addresses
1. Uses
name resolution to resolve a hostname or URL to an ip address
2.
On older systems, DNS uses a special file called a HOSTS file
3. DNS is not a dynamic environment, so all address updates must be
entered manually.
·
The Domain Name Service (DNS) is used to resolve a URL or computer name to a
known IP address. For example, when you type in the URL
www.myplace.com , that web site name is resolved by DNS to the IP
address 216.109.118.70. DNS is used because it is much easier to remember a
web site URL than it is an IP address. It is the default naming resolution
of the Internet.
DNS
Country Codes
TLDs |
|
DDNS |
Dynamic DNS - Starting with Win 2K, requiring that a Windows DNS
implementation be linked to an Active Directory database to work (with DHCP
also communicating with Active Directory) Active directory actually
tracks domain name-to-address relationships with the help of DHCP and
submits necessary update requests to the DNS server. (RFC 2136) Win
2003 is best for implementation - still some problems though. (p335) |
|
DNS RRs
(databases) |
DNS Resource Records
- the DNS resource records database is divided into four classes. (RFC
1035). The nine most commonly used RR types, of interest to most users
are:
SOA - start of Authority record:
SOA identifies the name server that is
authoritative for a specific DNS database segment; it identifies the master
DNS server for a specific domain or subdomain. The first entry in any DNS
file must be the SOA record. (p318)
NS - name server record: used to identify all DNS servers in a domain, this
field must be in the zone file.
A - Address record: provide name-to-address mapping
data; stores domian name-to-IP address translation data (uses FQDN)
CNAME - canonical name record: used to create aliases for hosts in your zone
HINFO - host information record: stores descriptive information about
a specific internet host
MX - mail exchange record: used to route SMTP based email on the Internet
and identify the IP address for a domain's master email server
PTR - pointer record: provide address-to-name
mapping data; stores IP address-to-domain name translation
data and supports the operation known as a reverse DNS lookup (uses
FQDN)
TXT - Text record: may be used to add arbitrary text information to a DNS
database, usually for documentation
WKS - Well-known services record: lists the IP-based services, such as
Telnet, FTP, HTTP, that an Internet host can supply |
|
DNS Servers |
There are three kinds of DNS servers.
DHCP SERVER The software component that runs on a network server,
responsible for managing TCP/IP address pools or scopes and for interacting
with clients to provide them with IP addresses and related TCP/IP
configuration data on demand. Most current DHCP servers can handle multiple
address pools. There are three types of servers as follows:
PRIMARY, aka, master server: is where the primary DNS database files
for the domain(s) or subdomain(s) for which that server is authoritative
reside. The server loads into memory an ASCII snapshot of the DNS database.
The file is sometimes called a zone file, or zone data file.
For any DNS zone, there can be only one primary master name server.
It's good practice to point clients at a caching-only server where one is
available, and by definition, such a server can never be a primary DNS
server. Often primary servers for specific zones also function as
slave DNS servers for other nearby zones.
SECONDARY, aka, slave server or secondary master: gets its data for
the zone from a master server. It checks its SOA file, comparing it to
the value in the master server's database to make sure the data is current.
The zone data on a secondary server always originates from a primary server.
Multiple secondary servers may exist, but only one primary.
CACHING : store recently accessed DNS records from other domains to
avoid incurring the performance overhead involved in making a remote query
each time a resource outside the local domain is accessed.
Obtain Root Server Data file for a DNS server:
ftp.ns.internic.net look in the
/domain subdirectory for file: named.root ; copy file and
rename it cache.dns to save it to %SystemRoot%System32\DNS
directory;
REVERSE LOOKUP: The file structure of reverse DNS lookups is classful.
Filesnames that map host names for reverse lookups are usually
called: addr.in-addr.arpa.dns (in which addr is the network
number for the domain in reverse order, without the trailing 0s). e.g,,
lanu.com, IP 206.224.65.0, filename would be
65.224.206.in-addr.arpa.dns. Such files are also called in--addr.arpa files
in the label that appears at the end of each reversed address in the files'
PTR records. Note that other DNS implementations , primarily BIND, use a
different naming convention, but all DNS require these files to operate no
matter how they are named. |
|
FTP |
The protocol used when you
transfer a file from one computer to another |
|
FQDN |
Fully Qualified Domain Name -
consists of all elements of a domain name, in which each name on the
directory tree is followed by a period, the final period stands for the
root of the DNS hierarchy itself. Each node in that directory tree forms the
root of a new subtree in the overall hierarchy, in which each such subtree
represents a database segment. You must use FQDNs in DNS
A and PTR resource records. |
|
GATEWAY |
The gateway is the default route for all TCP/IP packets that are not
destined for the local subnet.
1. When an IP address is specified that is not part of the subnet of the
workstation, the workstation must forward those packets to the default
gateway or gateway router.
2. The gateway then determines whether the IP subnet is located on any of
its ports.
3. If the packet is not destined for a local subnet connected to the
gateway, it will forward the packet to its default gateway.
The router connecting a local network must know how to address packets for
other systems that are not part of its local network
We call this router the default gateway, gateway router, or sometimes
just gateway.
A gateway might be a router or it might be a PC that runs routing software
Gateways are used by traffic destined for a remote system.
·
The default gateway address should be that of a forwarding
router. The default gateway has one sole responsibility: to forward packets
destined for a subnet other than the local subnet (a remote subnet). |
|
HOSTS file |
You can use the HOSTS file to assign static IP addresses to domain names.
The more dynamic properties of DNS servers have replaced the static database
HOSTS file. It is still in used on some older systems, especially UNIX.
The windows HOSTS file is located in the winnt\system32\drivers\etc
directory. Syntax for assigning an address::
192.168.10.1coriolis_ws99 # (the pound sign # is for remarks) |
|
ICMP
|
Internet
Control Message Protocol
ICMP
Router Discovery Messages RFC 1256
ICMP messages consists of single packet, They are
connectionless, They show how IP packets are doing between any two hosts
ICMP ECHO PROCESS a process whereby a host sends an Echo packet to
another host on an internetwork. If the destination host is active and
able, it echoes back the data that is contained in the ICMP echo packet.
ICMP ECHO REQUEST PACKET a packet that is sent to a device to test
connectivity. If the receiving device is functional and can reply, it
should echo back the data that is contained in the data portion of the Echo
Request packet.
ICMP ERROR MESSAGE Error messages sent using the ICMP protocol.
Destination Unreachable, Time Exceeded and Parameter Problem are examples of
ICMP messages.
ICMP QUERY MESSAGES messages that contain requets for configuration or
other information. ICMP Echo, Router Solicitation and Address Mask
Request are examples of ICMP messages.
ICMP ROUTER DIRECTORY a process in which hosts send ICMP Router
Solicitation messages to the all-router multicast address (224.0.0.2).
Local routers that support the ICMP Router Discovery process reply with an
ICMP Router Advertisement unicast to the host. The advertisement
contains the router's address and a Lifetime value for the router's
information.
ICMP ROUTER SOLICITATION the process that a host can perform to learn
of local routers. ICMP Router Solicitation messages are sent to the
all routers multicast address of 224.0.0.2
|
|
IGPs |
interior gateway protocol intra-domain routing protocol - is used to
exchange routing information within an AS. Most commonly used are RIP
v1,v2 and OPSE |
|
IP ADDRESS FORMAT |
A. IP Address Format
1. 32-bit number divided into four 8-bit octets
2. Octets are delimited by a period
3. Value of Octets must be between 0 and 255
B. Converting IP addresses
1.
Dotted decimal notation
i. Divide
the IP address into four pieces of eight bits
ii. A
group of eight bits has a limited number of permutations of ones and zeros.
The exact number of permutations is 28 or 256 different
patterns of ones and zeros
2.
Can convert by hand or by using a calculator
3.
Use Windows command—IPCONFIG (Windows NT/2000/XP) and WINIPCFG
(Windows 9x/ME) to obtain IP address.
|
|
IPP |
Internet Printing Protocol Using the appropriate software on your
system, you can create an IPP print path from your system to any HP
Jetdirect-connected printer over the Internet. IPP requests can be
transmitted outbound through firewalls. the network administrator must
configure the firewall to accept incoming IPP requests.
|
|
IPv6
IPng
with dual stack nodes |
IPng (Internet Protocol next generation)
NO MORE BROADCASTS! In IPv6, broadcast is replaced
with a multicast.- thanks to new ScopeField. Nodes must announce that they
wish to recieve multicast traffic bound for a particular broadcast address.
p584
IPv^Multicast address format:
|
8 |
4 |
4 |
112 bits |
| 11111111 |
FLAGS |
SCOPE |
GROUP ID |
IPV6 May be viewed as a string that uniquely identifies on single network
interface on the global Internet. Alternately, that address can
understood as an address with network and host portions. How much of
the address belongs to either portion depends on who's looking at it, where
they are located in relation to the host with that address.
Uses a colon as a separator, instead of the period
Has six groupings of numbers compared to four for IPv4 (128 bits long) (more
than 20 orders of magnitude over IPv4)
Each grouping is an eight bit number
The eight bits are made up of two, four-bit “nibbles”
Each group is a hexadecimal number between 0000 and FFFF
Leading zeros can be dropped from a group, so 00CF becomes simply CF
Use a pair of colons (::) to represent a string of consecutive 16-bit groups
with a value of zero
The unspecified address (all zeros) can never be used, nor can an address
that contains all ones
IPv6 offers an immense amount of additional IP addresses
Example: 1234:5678:90AB:CDEF:5555:6666
·
IPv6 addresses consist of eight octets of 4 hexadecimal numbers. These
numbers can have values ranging from 0000 to FFFF, and each set is delimited
by a colon (:). Just like IPv4 addresses, no IPv6 address may contain all
zeros or all F’s.
IPv^ includes important changes to security handling, auto configuration,
efficiency of routing and handling of mobile users
Nodes that need to tunnel IPv6 packets through IPv4 routers use the
IPv4-compatable address, called dual stack
nodes. They understand both IPc4 and IPv6. (IPv6 nodes that
need to communicate with IPv4 nodes that do not understand IPv6, all use the
IPv4-mapped address)
SCOPE IDENTIFIER: Multicast addresses use a 4-bit scope
identifier, which is a 4-bit field that limits the valid range for a
multicast address to define the portion of the Internet over which the
multicast group is valid. p581-2
INTERFACE IDENTIFIERS (RFC
3041): Follow the EUI-64 format. p581 following table
Global/local and individual/group bits in IPv6
| Bit 6 |
Bit 7 |
Meaning |
| 0 |
0 |
Locally unique, individual |
| 0 |
1 |
locally unique, group |
| 1 |
0 |
Globally unique, individual |
| 1 |
1 |
Globally unique, group |
|
IP MOBILE
see LAM |
mobile IP is described in
RFC2003
2004
2005
2006
and
3220 |
|
LAM |
Local Area Mobility Cisco proprietary feature that is similar to Mobile
IP, but operates by using the routing table - simpler, with very little
impact on the network. When a router is configured with LAM it watches
for traffic on its LAN that does not match its own IP address. When it
finds this traffic, it installs an ARP entry in its cache and a host route
(a route entry with a 32-bit subnet mask) in its routing table. The
LAM is redistrubuted into the primary routing protocol, so that soon, all
the other routes learn of the host route and forward the appropriate
traffic. Hosts on the home subnet are still able to communicate with
the estranged node because the router on the home subnet proxies ARP (RFC826)
and then routes the packets to the next hop listed in its routing table. |
MIB
p502
HP MIB list |
Management Information Base Within any MIB, SMI (Structure of
Management Information) defines the format for all objects maintained in
that MIB.
The SNMP protocol is extensible by design. This is
achieved through the notion of a
management information base or MIB, which specifies the management data
of a specific subsystem of an SNMP-enabled device, using a hierarchical
namespace
containing
object identifiers, implemented via
ASN.1. The MIB hierarchy can be depicted as a tree with a nameless root,
the levels of which are assigned by different organizations. This model
permits management across all
layers of the
OSI reference model, extending into
applications such as
databases,
email, and
the
Java EE reference model, as MIBs can be defined for all such
area-specific information and operations
http://en.wikipedia.org/wiki/Snmp
MIB2 RFCs
1213
2011
2012
2013; ATM MIB RFC2515;
PRINTER MIB RFC1759;
Intefaces Group MIB RFC2863;
IPv6 MIB RFC2465 |
MIB-2
subordinates |
SUBORDINATE (branches of the object tree) MIBs: (about System,
Interfaces, Address Translation, IP, ICMP, UDP, EGP RFC1213
); (about IP RFC
2011 ); (about IP RFC
2012) ; (about Appletalk RFC1742);
(about OSPF RFC1850);
(BGP RFC1657);
(about Remote Network Monitoring RFCs1271
1513-tokenring); (about RIPv2 RFC1724);
(about Token Ring Station Route RFCs1748
1749); (printer RFC1759) |
|
MSS |
Maximum Segment Size is the amount of data that can fit in a packet
after the TCP header. Each TCP peer shares the MSS during the
handshake process. |
|
MTU |
MTU is the amount of data that can fit inside a MAC header. |
|
multicast
address |
address used to transmit
information to multiple network hosts ,but using only ONE address.
All-hosts multicast address:
224.0.0.1
|
|
NetBIOS |
see WINS NetBIOS over TCP
RFC1001
RFC1002 |
|
Network ID |
A number that identifies the
network on which a device or machine exists; this is true in both IP and IPX
protocol suites |
|
OSPF |
Open Shortest Path First
RFC2328 the parimeter link-state routing protocol used on TCP/IP
networks. |
|
PORTS - Common Well Known TCP and UDP port numbers:
for Security, Ports in Red Should be ASSIGNED OR blocked Trojan
Horse Port Numbers
see:
IANA
Assigned Port Numbers |
|
|
Windows port
support file located at \system32\drivers\etc\services\NETWORKS |
|
Well Known Port
Numbers (0 - 123) |
Well known port numbers are assigned
to the key, or core services that systems offer. |
|
Registered Port
Numbers (1025 - 49151) |
Registered port numbers are assigned
to industry applications and processes.
NOTE: Some TCP-IP systems use
between 1024 and 5000 for temporary numbers, although IANA includes that range
as part of its dynamic port numbers range. |
|
Dynamic Port
Numbers (49152 - 65535) |
Dynamic ports (also referred to as
ephemeral ports) are used a temporary ports for specific communications. |
|
Port Number |
Used by |
Identifier |
Description |
|
7 |
UDP |
UDP |
Echo process can be used to determine if a router is active.
should not be used on client/server for security reasons |
|
7 |
TCP |
TCP echo |
RFC 862 |
|
15 |
UDP |
NETSTAT |
Network Status |
|
20, 21 |
TCP;UDP |
FTP |
File Transfer Protocol data/control |
|
23 |
TCP;UDP |
TELNET |
Telnet
Novell and Win NT do not support port 23
connections for terminal emulation |
|
25 |
TCP;UDP |
SMTP |
Simple Mail Transport Protocol |
|
53 |
TCP |
DOMAIN |
Domain Name System (DNS zone file transfers) |
|
65 |
UDP |
TFTP |
Trivial File Transfer Protocol |
|
67 |
UDP |
DHCP |
(DHCP server)
Client to Server Bootstrap Protocol |
|
68 |
UDP |
DHCP |
(DHCP client)
Server to Client Bootstrap Protocol |
|
69 |
UDP |
TFTP |
Trivial File Transfer Protocol tftpd |
|
80 |
TCP;UDP |
HTTP |
World Wide Web HTTP/Web applications |
|
87 |
TCP |
|
Link port |
|
110 |
TCP;UDP |
POP3 |
Post Office Protocol 3 |
|
111 & 2049 |
UDP; TCP |
|
SunRPC and NFS |
|
119 |
TCP;UDP |
NNTP |
Network News Transfer Protocol |
|
135 |
UDP;TCP |
|
NetBIOS related port |
|
136 |
UDP; TCP |
|
NetBIOS related port |
|
137 |
UDP; TCP |
|
NetBIOS Name Services |
|
138 |
UDP/TCP |
|
NetBIOS Datagrams |
|
139 |
UDP/TCP |
|
NetBIOS session services |
|
router ports 137 138,139 |
used by UDP at Internet routers;
TCP |
|
ports 137, 138 and 139 should be
blocked at the Internet router to close off external traffic. NetBIOS
related port |
|
143 |
TCP/IP |
IMAP |
|
|
161 |
TCP/IP;UDP |
SNMP |
Simple Network
Management Protocol |
|
162 |
UDP |
SNMP Trap |
SNMP Trap -system
management messages |
|
199 |
TCP;UDP (UNIX)
(recommended
by CERT) |
smux |
SNMP Unix
Multiplexer |
|
220 |
TCP;UDP |
IMAP3 |
Interactive Mail Access Protocol 3 |
|
443 |
TCP/IP |
HTTPS |
secure Web
applications |
|
512 |
TCP |
|
BSD unix "R" CMDS |
|
513 |
TCP |
|
BSD unix "R" CMDS |
|
514 |
TCP UDP |
|
BSD unix "R" CMDS; UNIX systems provide a daemon, syslogd, that
monitors UDP for incoming messages - the messages are processed depending
their priority and how syslogd is set to operate |
|
515 |
TCP |
|
lpd |
|
520 |
UDP |
RIP |
Routing
Information Protocol |
|
520 |
TCP |
EFS |
Extended Rile Name Server process. |
|
540 |
TCP |
|
uucpd Daemon. Handles communications between BNU and TCP/IP |
|
1433 |
UDP |
SQL |
Assigned to MS SQL
process |
|
1993 |
TCP;UDP (recommended
by CERT) |
snmp-tcp-port |
cisco SNMP TCP port |
|
2000 |
TCP; UDP |
|
openwindows |
|
2049 & 111 |
SunRPC and NFS |
|
SunRPC and NFS |
|
6000+ |
UDP; TCP |
|
X Windows |
|
PMTU
MSS (Maximum Segment Size). |
RFC1191 Path Maximum Transmission Unit. A technique
for dynamically discovering the maximum transmission unit (MTU) of an
arbitrary internet path (using ICMP) -the largest
size that does not require fragmentation anywhere along the path
from the source to the destination -it is equal to the minimum of the
MTUs of each hop in the path - host MUST never reduce its
estimate of the Path MTU below 68 octets -A host MUST not
increase its estimate of the Path MTU in response to the contents of a
Datagram Too Big message. - A message purporting to announce an
increase in the Path MTU might be a stale datagram that has been floating
around in the Internet, a false packet injected as part of a
denial-of-service attack, or the result of having multiple paths to the
destination |
|
registry
settings |
see Windows Registry settings the
settings are used to manage TCP/IP protocols on a WIN based operating system
|
|
resolver |
or name
resolver - the piece of software that accesses DNS name servers
on behalf of the network client. These requests for service are called
name queries or address requests. Also known as an inverse DNS query.
In most cases the name resolve is built right into the TCP/IP stack for
whatever operating system is in use. |
|
reverse lookup |
The file structure of reverse DNS lookups is classful. Filesnames that
map host names for reverse lookups are usually called:
addr.in-addr.arpa.dns (in which addr is the network number for the domain in
reverse order, without the trailing 0s). e.g,, lanu.com, IP 206.224.65.0,
filename would be 65.224.206.in-addr.arpa.dns. Such files are also called
in--addr.arpa files in the label that appears at the end of each reversed
address in the files' PTR records. Note that other DNS
implementations , primarily BIND, use a different naming convention, but all
DNS require these files to operate no matter how they are named. (RFC 2317 -
if you need to configure reverse lookup for a classless network) |
|
RIP
v1
RFC1058
v2
RFC2453 |
Routing Information Protocol - interior gateway protocol to support internal
routing. Others are OSPF Open Shortest Path First.
RIP communications are UDP based, using UDP port number 520. v1 can contain
information for up to 25 networks - it does not support non-default subnet
masks. v2 adds support for variable-length subnets. v2 is still
commonly used, easy to set-up and manage. For more complex networks,
however the OSPF protocol fits much better.
RFC 1723With
the advent of OSPF and IS-IS, there are those who believe that RIP is
obsolete. While it is true that the newer IGP routing protocols
are far superior to RIP, RIP does have some advantages.
Primarily, in a small network, RIP has very little overhead in terms
of bandwidth used and configuration and management time. RIP
is also very easy to implement, especially in relation to the newer
IGPs |
|
RMON |
Remote Monitoring p504 RFC1271
and RFC1513
for taken ring;
RMON2 extends capabilities RFC2021
with further definition at RFC2819 |
|
router
see: ICMP SNMP
pathping |
a system that forwards IP
datagrams. Routers support groups of
separate, interconnected networks. Routers direct network traffic.
Routers read the IP addresses in each incoming packet. Routers use that
information to then send the packet out on its way toward the intended
recipient. The creators of the TCP/IP protocol suite invented the concept of
routers.
all-router multicast address: 224.0.0.1 SPF
MULTICAST ADDRESS: 224.0.0.5 DR multicast address: 224.0.0.6 (p470)
Network troubleshooting often use ICMP Destination
Unreachable packets which can indicate a configuration service fault
somewhere on the network. (ping) The destination Unreachable packet
must return the IP header and eight bytes of the original datagram that
triggered this response. E.g., A DNA query to a host that does not support
DNS.
ICMP Router
Discovery Messages RFC 1256 |
|
subnetting |
Using bits borrowed from the host section of an IP address to
extend and subdivide the address space that falls beneath the network
portion of a range of IP addresses
Enables a system to distinguish between local and remote IP
addresses. Uses networks IDs.
Whenever you see an IP address that ends with zeros, it is a network ID.
The Internet Assigned Numbers Authority (IANA) is the ultimate source
of all network IDs.
1.
Every TCP/IP computer uses the subnet mask to compare network IDs
2.
Every network has a subnet mask
i.
Determined by the length of its network ID
ii.
Everywhere there is a 1 in the subnet mask, you are looking at part
of the network ID
iii.
Everywhere there is a zero, you are looking at part of the host ID
3.
By placing a subnet mask on top of an IP address, a computer can tell
which part of the IP address is the network ID and which part is the host ID
i.
Can determine which IP address is local
ii.
Can determine which IP address is remote
4.
Subnet masks are represented in dotted decimal just like IP addresses
Subnetting secrets
Start with the given subnet mask and move it to the right until you have the
number of subnets you need
Never try to subnet without first converting to binary. Forget the
dots.
You can’t use all zeros or all ones in an IP address
CLSM:
(Constant-length subnet masks) In
CLSM, all the networks created will support only the same number of hosts.
The more common name, in a production environment, is “subnet”
VLSM: (variable-length subnet mask) for
subnetting across a class boundary, it’s subnetting a subnet. The protocol
used by routers in these network environments must support extended network
prefix information
Yu would use VLSM if your subnets needed to support different numbers of
network hosts. |
|
supernet |
It is the C class of network that you are most likely to
supernet. Class C networks are smaller and more
plentiful than Class A and B networks. Therefore, they are more available
to be use, and, because of their size, often need to be combined in order to
support larger networks. |
|
supernet |
see
Class C Network Address |
|
superscope |
Win 2K and 2003 support the combining of multiple sets of IP address ranges
in DHCP- this is a superscope. |
|
SYN attack |
SYN Flood Attack an attack that sends multiple handshake establishment
request packets (SYN) in an attempt to fill the connection que and force the
victim to refuse future valid requests. |
|
TCP
[SOCKET - PORT - SMTP]
IP |
TCP Transmission Control Protocol is a Transport layer component
TCP is a connection-oriented protocol that guarantees delivery of the data.
It is at the Transport layer of the TCP/IP protocol suite. It establishes
a virtual network between two computers by setting up end-to-end
connections, across all routers in the affected network. To make a
connection between two computers, the sender makes a connection request,
which the receiver grants. It waits for authorization to send data and then
checks to make sure that it was delivered in its entirety. TCP uses IP as
the transport mechanism between the host computers
TCP
Separates functions of its individual application programs by port number.
One computer’s NIC can keep track of several applications at once
TCP/IP is not a protocol in and unto itself. It is actually a stack of protocols
that are designed to operate a particular service such as email, web browsing
and file transfers. Each service with this protocol stack has a corresponding
port number that is used between systems to establish the appropriate session(s)
for that service.
SOCKET Each computer in a communications session creates a socket, each of which
has an address (a port number).
PORTS The client and server work together to set up a temporary connection using
ports to transport data. The ports form an end-to-end connection using TCP
or the UDP (User Datagram Protocol)
SMTP: When a process, such as a SMTP (Simple Mail Transport
Protocol) gateway, is installed on a host computer, it monitors port 25
and retrieves any data sent to that port.
UDP: (User Datagram Protocol) is a connectionless-oriented
protocol that does not guarantee data delivery.
IP (Internet Protocol)
see IPv6
IP is the transport protocol. TCP uses IP to deliver the datagram
across the network. to the appropriate computer. |
|
TCP/IP PROTOCOLS
SEE
TCP UTILITIES |
NOTE: Protocols in Green
cells are some of the primary protocols. All TCP/IP services such as SMTP, FTP, Telnet or HTTP use ports to
transfer data between host computers. The TCP/IP hosts create a virtual
session and these sessions use the port numbers to pass the data between
them.
TCP
OPTION NUMBERS
|
ARP
command:
arp -a |
Address Resolution Protocol
- ( -a Used to correlate a MAC address with an IP address.) Converts
between numeric IP network addresses and MAC addresses on a specific
cable segment (always used for the final step of packet delivery)
In order to map an IP address into a hardware address the computer uses
the ARP protocol which broadcasts a request message that contains an IP
address, to which the target computer replies with both the original IP
address and the hardware address.
Used to map a MAC address with a known IP address.
1) For local networks, ARP requests are broadcasts, thus
routers cannot forward ARP requests
2) Sending systems sends an ARP request to every node on the
network
3) Receiving system who claims that IP address sends back an ARP reply
with its MAC address |
|
BIND
(p306) |
Berkeley
Internet Name Domain - implementation of DNS developed in 1988 for UNIX,
still popular for most UNIX as well as for Win 2K and Win server
2003. |
|
BGP |
Border Gateway Protocol defines a widely used routing
protocol that connects to common Internet Backbones or other routing
domains within the Internet where multiple parties jointly share
responsibility for managing traffic. |
|
BOOTP |
Bootstrap Protocol is the precursor to DHCP. BOOTP
permits network devices to obtain boot and configuration data across the
network, instead of from a local drive, also does not change as may
happen with DHCP. |
|
EGPs |
Exterior Gateway Protocol - Routers use EGPs to connect
ASs (autonomous systems), which are groups of routers under a single
administrative authority. BGP border gateway ptotocol is an
example of an EGP |
|
FTP
port 21 |
File Transfer Protocol
- port 21
FTP enables transferring of text and binary files over TCP connection.
FTP allows to transfer files according to a strict mechanism of
ownership and access restrictions. It is one of the most commonly used
protocols over the internet .
A TCP/IP service that runs on a host computer and allows files to be
uploaded and downloaded. The service monitors port 21 for incoming
requests. The client software opens a TCP session on port 21 with an FTP
server. Some of the more common FTP commands are GET, PUT, BINARY and
ASCII. FTP is also the protocol that UNIX hosts use to transfer files. |
|
HTTP
port
80 |
Hyper Text Transport
Protocol - port 80
TCP:UDP
A protocol used to transfer hypertext pages across the world wide web.
HTTP is the Web-browser-to-server protocol for the Internet. It users port
80 of the TCP protocol to form the connection. |
|
ICMP
host probes often represent early stages
of attack |
Network
troubleshooting often use ICMP Destination Unreachable packets which can
indicate a configuration service fault somewhere on the network. (ping)
The destination Unreachable packet must return the IP header and eight
bytes of the original datagram that triggered this response. E.g., A DNA
query to a host that does not support DNS.
Internet Control Message Protocol (ICMP),
documented in RFC
792, is a required protocol tightly integrated with IP. ICMP
messages, delivered in IP packets, are used for out-of-band messages
related to network operation or mis-operation. Of course, since ICMP
uses IP, ICMP packet delivery is unreliable, so hosts can't count on
receiving ICMP packets for any network problem.
Commonly used for testing and troubleshooting routers. ICMP messages consist of a single packet. They are
connectionless. They show how IP packets are doing between any two
hosts. ping is one of its utilities.
-
Announce network errors, such as a host or entire
portion of the network being unreachable, due to some type of failure.
A TCP or UDP packet directed at a port number with no receiver
attached is also reported via ICMP.
-
Announce network congestion. When a router begins
buffering too many packets, due to an inability to transmit them as
fast as they are being received, it will generate ICMP Source Quench
messages. Directed at the sender, these messages should cause the rate
of packet transmission to be slowed. Of course, generating too many
Source Quench messages would cause even more network congestion, so
they are used sparingly.
-
Assist Troubleshooting. ICMP supports an Echo
function, which just sends a packet on a round--trip between two
hosts. Ping, a
common network management tool, is based on this feature. Ping will
transmit a series of packets, measuring average round--trip times and
computing loss percentages.
-
Announce Timeouts. If an IP packet's TTL field
drops to zero, the router discarding the packet will often generate an
ICMP packet announcing this fact.
TraceRoute is a
tool which maps network routes by sending packets with small TTL
values and watching the ICMP timeout announcements ((not commonly used
for security reasons) (p201).
ICMP
Packet Types 1
TYPE 8 and 0: Echo Reply and
Echo Packets (p 187)
TYPE 3: Destination Unreachable Packets (p 188)
TYPE 4: Source Quench (p194)
TYPE 5: Redirect (p195)
TYPE 9 and 10: Router Advertisement and Router Solicitation (p196)
TYPE 11: Time Exceeded (p198)
TYPE 12: Parameter Problem (p199)
TYPE 13 or 14: Timestamp and Timestamp Reply (p199)
TYPE 15 or16: Information Request and Information Reply (p200)
TYPE 17 or18: Address Mask Request and Address Mask Reply (p200)
TYPE 30: Traceroute (not
commonly used for security reasons)
(p201) |
|
IGPs |
Interior Gateway Protocols - support internal
routing. RIP and OSPF are examples of IGPs. See EGPs for
exterior Gateway Protocols. |
|
IP |
Internet Protocol -
IP is the underline protocol for all the other protocols in the TCP/IP
protocol suite. IP defines the means to identify and reach a target
computer on the network. |
|
NNTP
port 119 |
Network News Transport
Protocol -
Used to carry USENET posting between News clients and USENET servers. |
|
OSPF |
Open Shortest Path First defines a widely used link-state
routing protocol for local or interior routing regions within local
internetworks. |
|
PDU |
protocol data unit
-
PDUs are often generically described as packets, irrespective of
the layer in the model addressed |
|
PING |
Packet Internetwork Grouper checks accessibility and
round-trip time between a specific sender and receiver pair of IP
addresses. Ping is a basic diagnostic utility that allows network
administrators to verify the connectivity of a remote computer by
sending and receiving test ICMP (Internet Control Message Protocol) echo
packets to it, and measuring its response time (in milliseconds). |
|
POP3
port 110
TCP:UDP |
POST OFFICE PROTOCOL v3
A TCP/IP mail server protocol that delivers mail to clients on a TCP/IP
network. POP3 delivers mail only to a client.
POP3 is how Internet mail clients receive mail
from Internet mail servers. |
|
PPP
|
Point-to-Point Protocol
-
Protocol for creating a TCP/IP connection over both synchronous and
asynchronous systems. PPP provides connections for host to network or
between two routers, It also has a security mechanism. PPP is well known
as a protocol for connections over regular telephone lines using modems
(see ppoa below) on both ends. This protocol is widely used for connecting personal
computers to the internet. see ppoe, below) |
|
PPPOA or PPPoA |
,Point-to-Point Protocol
(PPP) over ATM a network protocol for encapsulating PPP frames in ATM AAL5. It is
used mainly with cable modem and DSL services |
|
PPPoE |
point-to-point protocol over
Ethernet - a network protocol for encapsulating PPP frames in Ethernet frames. It is used mainly with cable modem and DSL services. |
|
PPP RFC
number |
Internet Engineering Task Force (IETF) Title |
|
1549 |
PPP in HDLC Framing |
|
1552 |
The PPP Internetwork Packet Exchange Control Protocol (IPXCP)
|
|
1334 |
PPP Authentication Protocols |
|
1332 |
The PPP Internet Protocol Control Protocol (IPCP)
|
|
1661 |
Link Control Protocol (LCP) |
|
1990 |
PPP Multilink Protocol |
|
2125 |
The PPP Bandwidth Allocation Protocol (BAP), The PPP
Bandwidth Allocation Control Protocol (BACP) |
|
2097 |
The PPP NetBIOS Frames Control Protocol (NBFCP)
|
|
1962 |
The PPP Compression Control Protocol (CCP)
|
|
1570 |
PPP LCP Extensions |
|
2284 |
PPP Extensible Authentication Protocol (EAP)
|
|
RARP |
Reverse Address Resolution Protocol converts a MAC layer
address into a numeric IP address |
|
RIP |
Routing
Information Protocol , UDP based. Defines the original and most basic
routing protocol for local routing regions within local networks. |
|
S-HTTP |
SECURE HTTP |
|
SLIP
|
Serial Line Internet
Protocol -
A point-to-point protocol to use over a serial connection, a
predecessor of PPP. There is also an advanced version of this protocol
known as CSLIP (compressed serial line internet
protocol) which reduce overhead on a SLIP connection by sending just a
header information when possible, thus increasing packet throughput.
-
Serial Line Internet Protocol (SLIP) is an older remote access
standard typically used by UNIX remote access servers
-
You cannot configure a computer running Windows 2000 as a SLIP
server. Only Windows 2000 clients that connect to other SLIP servers
are supported.
-
You must use the TCP/IP protocol and a serial COM port to connect
to a SLIP server.
-
The
RFCs supported in Windows 2000 remote access are:
-
RFC 1144, "Compressing TCP/IP Headers for Low-Speed Serial
Links"
-
RFC 1055, "A Nonstandard for Transmission of IP Datagrams Over
Serial Lines: SLIP"
|
|
SMTP
port
25
TCP:UDP
|
Simple
Mail Transfer Protocol - CERT
definition FAQ
This protocol is dedicated for sending EMail messages originated on a
local host, over a TCP connection, to a remote server. SMTP defines a
set of rules which allows two programs to send and receive mail over
the network. The protocol defines the data structure that would be
delivered with information regarding the sender, the recipient (or
several recipients) and, of course, the mail's body.
SMTP is used to transfer mail between internet mail servers.
The main protocol used to send electronic mail on the Internet Transfers mail between mail servers on a TCP/IP network, LAN and
Internet. It can be set up as a mail relay server or a post office to which
it delivers. Using Telnet, on port 25 and entering SMTP commands
individually, you can record the results from the SMTP server and determine
if there are any errors. |
|
SNMP
see, MIB
p506 |
Simple Network
Management Protocol - SNMP is the primary protocol for managing your
network.
A
In newer
Windows implementations,
MOM
(microsoft Operations Manager) handles DNMP monitoring and alerts
without introducing security problems, e.g., fixed loginname parameters
of older systems. (there is also
SMS) simple protocol that defines messages related to network management.
Through the use of SNMP network devices such as routers can be
configured by any host on the LAN.
A set of standards for communication with devices connected to a
TCP/IP network. A network management protocol that collects statistics from devices
on TCP/IP networks. The device loads an agent that collects information and
forwards that information to a network management console. You can configure
the device with specific threshold parameters. When those thresholds are
exceeded, an alert message is sent to the management console, which then
creates a baseline for future reference.
The SNMP
protocol operates at the
application layer (layer 7) of the
OSI
model. It specified (in version 1) five core
protocol data units (PDUs):
-
GET REQUEST,
used to retrieve a piece of management information.
-
GETNEXT
REQUEST, used iteratively to retrieve sequences of management
information.
-
GET RESPONSE
-
SET, used to
make a change to a managed subsystem.
-
TRAP, used
to report an alert or other asynchronous
event
about a managed subsystem. In SNMPv1, asynchronous
event
reports are called traps while they are called notifications in later
versions of SNMP. In SMIv1 MIB modules, traps are defined using the
TRAP-TYPE macro; in SMIv2 MIB modules, traps are defined using the
NOTIFICATION-TYPE macro.
Other PDUs
were added in later versions, including:
-
GETBULK
REQUEST, a faster iterator used to retrieve sequences of management
information.
-
INFORM, an
acknowledged trap.
Typically,
SNMP uses UDP ports 161 for the agent and 162 for the manager. The
Manager may send Requests from any available port (source port) to port
161 in the agent (destination port). The agent response will be given
back to the source port. And the Manager will receive traps on port 162.
The agent may generate trap from any available port.
http://en.wikipedia.org/wiki/Snmp |
|
SSL |
SECURE SOCKETS LAYER
- |
|
TCP
ports 21 23 25 80 110 110 220 |
Transmission
Control Protocol - port
80 the maximum segment size is 65,495 bytes
Like UDP, a protocol that enables a computer to send data to a remote
computer. Unlike UDP, TCP is reliable i.e. packets are guaranteed to
wind up at their target, at the correct order.
TCP is a Transport layer component -
TCP is a connection-oriented protocol that guarantees delivery of the data.
It is at the Transport layer of the TCP/IP protocol suite. It establishes
a virtual network between two computers by setting up end-to-end
connections, across all routers in the affected network. To make a
connection between two computers, the sender makes a connection request,
which the receiver grants. It waits for authorization to send data and then
checks to make sure that it was delivered in its entirety. TCP uses IP as
the transport mechanism between the host computers |
|
TFTP |
Trivial File Transfer Protocol
A connectionless oriented protocol used to transfer files, e.g. BOOTP/TFTP
is useful for JetDirect print server configuration. |
|
Telnet
port 23 |
Telnet is
a terminal emulation protocol, defined in RFC854, for use over a TCP
connection. It enables users to login to remote hosts and use their
resources from the local host.
Novell and Win NT do not support port 23 connections for terminal
emulation |
|
UDP
ports 15 21 23 24 53 69 80 100 119
137 138 220 |
User Datagram Protocol
- port 15
a connectionless transport layer protocol, best-effort
delivery (p218). It is the only connectionless TCP/IP protocol at
the Transport layer.
A simple protocol that transfers datagram (packets of data) to a remote
computer. UDP doesn't guarantee that packets will be received in the
same order they were sent. In fact it doesn't guarantee delivery at all.
UDP port 137 is a Transport
layer component
Normally handles system maintenance tasks in the background of a
network’s operations. Provides unreliable data delivery service in the TCP/IP protocol
stack. It is a connectionless-oriented direct interface between
applications and the IP protocol in the Network layer of the OSI stack.
Commonly used in audio and video applications. Packets don't have
error detection or correction.
The UDP header'ds main function is to define the process or application
that is using the IP and UDP Network and Transport layers. UDP
Layer is only 8 bytes long. It contains only four fields. Source
and Destination port numbers, Length and Checksum. |
|
|
TDI |
Transport
Driver Interface The Windows Transport Data
interface (TDI) is sometimes referred to as the "native" Windows NT
networking interface. It is a kernel-mode interface between two types of
device drivers |
|
TLD |
Top Level Domain name - new
TLDs
DNS
Country Codes
|
|
TCP/IP UTILITIES |
arp command line|
arp -a used to view ARP table contents on
Windows based computers.
IPCONFIG and IPCONFIG
/All ipconfig /release ipconfig /renew
IPCONFIG displays the TCP/IP settings of a WIN NT
computer. IPCONFIG/ALL displays the IP address, subnet mask, default
gateway, WINS and DNS configurations. You can also release an IP address
from a DHCP server using this command.
winipconfig
A graphical representation os all the TCP/IP configurations in
a Windows 95/98/ME workstation. For
troubleshooting TCP/IP problems to include DHCP, WINS and DNS problems.
nbstat
Powerful for troubleshooting NetBIOS problems.
Command removes or corrects preloaded BetBIOS entries
nbtstat
returns statistics on NetBIOS, using NetBT if TCP/IP is
installed on the machine from which it is run -n = list of all
local NetBIOS names; -s = list of names resolved by broadcast
and WINS and includes a summary count of name resolutions/registrations;
-s = NetBIOS sessions table, showing open sessions with their
destination IP address. The "S" does the same, but attempts to resolve
the remote host name using the HOSTS file.
nslookup Used to query a Domain Name Service server.
Usually access is privileged for sequrity reasons. nslookup
domainname [nameserver] (In Win, the configuration is
located in the TCP/IP properties window, available through Start, Control
Panel, Network Connections)
PING Packet Internet Groper
PING is a utility that sends an ICMP echo request message to a host on a
TCP/IP network to test network connectivity. It waits for a response from
the remote host and registers the time it takes to respond. To stop a
looping ping use either ctrl+c or delete command.
ICMP Internet
Control Message Protocol
pathping
- (post Win 2k) utility that uses ICMP
Echo packets to test router and link latency, including packet loss along a
path to a host. pathping
uses a combination of tracert and ping to first determine the path to a
specified host, and then test the round trip to the host. It tests
packet loss to the destination and each router along the way.
ping localhost
telnet port 23
1. Telnet provides a terminal emulation window through which you can access
remote routers and Unix systems on a TCP/IP network.
2. Telnet is used to modify router commands and run host applications in
Unix systems.
3. Windows NT and Novell do not support Telnet port
23 connections for terminal emulation.
Telnet connection on port 23 is used to connect to a host machine and run an
application on the connected host once the security subsystem has
authenticated the user.
4. The Telnet utility can be set up to connect to a host with a port number
other than 23 to troubleshoot problems. With Telnet, using port 25 and
entering SMTP commands individually you can record the results from the SMTP
server and determine if there are any errors.
5. Telnet is one of the mail utilities used to
connect to ports on host computers to determine whether the port is working
properly.
tracert [-d
(do not resolve addresses to hostname [-h
max number of hops to search for target] [ -j
-w ] (invoked as tracert in the Windows environment -
traceroute in others)
This utility traces the route of a packet between two locations and displays
the router hops taken to get there. It is a good tool to determine where a
packet is stopping on its way to the TCP/IP destination. You can also use
it to determine which route is taken on a dual port router.
Tracert is a great utility to map the route that a
packet takes through an intranet or the internet.
Trace Route is used primarily to trace a route from a local computer
to any other computer on the Internet. In other words, it determines how
many hops there are between the local and target machine, and displays
response time, name, and IP address of each intermediate hop
traceroute
traces the end-to end path through an internetwork. Traceroute alters
the TTL value to find routers (not commonly used for security reasons)
(p201). tracert is used in the Windows environment.
|
|
VLSM: |
Variable
Length Subnet Mask, see subnetting |
|
watchdog process |
Netware uses the watchdog
process to maintain a connection between a NetWare host and server. If
the application cannot maintain a connection, the TCP keep alive procerss
may be responsible for maintain the connection. If implemented, only
the server process initiates TCP keep-alives. |
|
windows clustering |
Win server 2003 allows 2 or more servers to be managed as a single system.
Clustering provides failover detection of an application or server and
automatically transfers the server role to an alternative server. |
|
WINS p548
Windows Internet Name Service
Scope ID |
In essence, WINS is Microsoft's
imitation of DNS, repurposed for the NetBIOS namespace.
A LAN service. WINS is a database that correlates IP addresses to NetBIOS
computer names in a Windows-only networking environment. A non-routable
protocol that is best used on small LANs of less than 50 people.
The WINS address is a TCP/IP address that points to a
WINS server that has the WINS database installed on it. It is a
configuration tab associated with the TCP/IP protocol.
WINS resolution is not required if the network is not using NetBios
names.
Scope ID: is a WINS option that provides
a way to isolate a group of computers that are permitted communication only
with one another. The Scope ID is a case-sensitive string value that is
appended to the NetBIOS name and is used for all NetBIOS over TCP/IP
communications from that computer.
The maximum requirements for setting up WINS on a
Window 9x workstation are: Enable WINS resolution and then enter a
primary WINS server. If you have a secondary WINS server, enter it
also.
command line tools to configure WINS: netsh> wins
Enter ? to display Help. |
