COMPUTER AND NETWORK
SYSTEM ADMINISTRATION
Summer 1997 - Lesson 13
TCP/IP and Routing
I. TCP/IP Theory
A. Protocol Stacks
1. ISO/OSI -- Rarely implemented
a. 7 layer approach
b. Describe layers
2. IPX -- Novell's networking implementation
a. Mainly used in NetWare
b. Also used in PC games for LAN games
3. AppleTalk
a. Primarily used on Macintoshes, but Unix/Linux implementations exist
b. Can be run across different hardware
i. LocalTalk -- serial lines
ii. EtherTalk -- standard ethernet
4. TCP/IP -- We will learn about this protocol stack next
5. How data travel down layers
6. How data travel across media
7. How data travel up layers
B. Description of TCP/IP
1. 4 layer approach
a. Some layers are combinations of multiple ISO/OSI layers
b. Appears to be missing some ISO/OSI features
c. Hardware independent
d. Application layer
e. Transport layer
f. IP layer
g. Network access layer
2. Popularized by the Internet
3. Two main transport layer protocols
a. TCP -- Transmission Control Protocol
b. UDP -- User Datagram Protocol
4. IP layer fragmentation
a. Different packet sizes
b. MTU -- Maximum Transmission Unit
C. Software that looks into TCP/IP
1. Useful for debugging network problems
2. Also used by hackers to determine weaknesses
3. Two main kinds
a. The kind that peeks into a packet
i. tcpdump (BSD/Linux)
1) Output is too raw and verbose to be included
in the notes, but will show in class
ii. etherfind (SunOS)
1) Output from Jeff's previous lecture:
command: etherfind -x -v -between sed sig
UDP from sed.2049 to sig.1020 52 bytes
08 00 20 07 4b c4 08 00 20 1d f1 aa 08 00 45 00
00 48 9f 85 00 00 ff 11 27 a3 80 ba 79 9d 80 ba
79 6a 08 01 03 fc 00 34 00 00 2f 40 80 6c 00 00
00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 0c 2e 2e 2f 76 61 72
2f 73 70 6f 6f 6c
frame size = 86 bytes
iii. snoop (Solaris)
1) Output from snoop -v linuxfs1:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 82 arrived at 9:53:53.59
ETHER: Packet size = 60 bytes
ETHER: Destination = 0:c0:f0:16:37:1c,
ETHER: Source = 8:0:20:1d:f1:aa, Sun
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 44 bytes
IP: Identification = 65103
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 60 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 8bca
IP: Source address = 128.186.121.157, sed
IP: Destination address = 128.186.121.160, sim
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 3138
TCP: Destination port = 23 (TELNET)
TCP: Sequence number = 1271424000
TCP: Acknowledgement number = 0
TCP: Data offset = 24 bytes
TCP: Flags = 0x02
TCP: ..0. .... = No urgent pointer
TCP: ...0 .... = No acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..1. = Syn
TCP: .... ...0 = No Fin
TCP: Window = 4096
TCP: Checksum = 0xd752
TCP: Urgent pointer = 0
TCP: Options: (4 bytes)
TCP: - Maximum segment size = 1460 bytes
TCP:
TELNET: ----- TELNET: -----
TELNET:
TELNET: ""
TELNET:
iv. They let us see all of a packet
b. The kind that probes a system to see what's running
i. netstat -- local machines only
Sample netstat output:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 linuxfs1.cs.fsu.ed:6606 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.ed:6776 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.ed:6790 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.ed:6841 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.ed:6858 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.ed:6924 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.ed:6984 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.ed:1023 exec.cs.fsu.edu:shell FIN_WAIT2
tcp 0 0 linuxfs1.cs.fsu.ed:1022 exec.cs.fsu.edu:1023 ESTABLISHED
tcp 32 0 linuxfs1.cs.fsu.ed:7050 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.ed:7116 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.ed:7182 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.ed:7742 exec.cs.fsu.edu:6000 ESTABLISHED
tcp 0 0 linuxfs1.cs.fsu.:login nb1.acns.fsu.edu:1023 ESTABLISHED
ii. strobe -- probe a system's ports
Sample strobe output:
strobe (c) 1994 *Proff* All Rights Reserved.
linuxfs1 ftp 21/tcp
linuxfs1 unknown 22/tcp unassigned
linuxfs1 telnet 23/tcp
linuxfs1 smtp 25/tcp mail
linuxfs1 time 37/tcp timserver
linuxfs1 gopher 70/tcp # gopher server
linuxfs1 finger 79/tcp
linuxfs1 pop-2 109/tcp # PostOffice V.2
linuxfs1 pop-3 110/tcp # PostOffice V.3
#linuxfs1 pop 110/tcp # PostOffice V.3
linuxfs1 sunrpc 111/tcp
#linuxfs1 sunrpc 111/tcp portmapper # RPC 4.0 portmapper UDP
linuxfs1 auth 113/tcp ident # User Verification
linuxfs1 imap 143/tcp # imap network mail protocol
linuxfs1 login 513/tcp # BSD rlogind(8)
linuxfs1 shell 514/tcp cmd # BSD rshd(8)
linuxfs1 printer 515/tcp spooler # BSD lpd(8)
linuxfs1 unknown 791/tcp unassigned
linuxfs1 unknown 827/tcp unassigned
linuxfs1 unknown 926/tcp unassigned
linuxfs1 unknown 1032/tcp unassigned
linuxfs1 unknown 2049/tcp unassigned
D. Physical network types
1. Many different types
2. Token Ring
3. FDDI
4. ATM
5. Ethernet
6. Others
E. Description of ethernet
1. Several hardware implementations here, too
a. Hardware, but won't steal Jeff's thunder... :)
b. Thicknet (10Base5)
c. Thinnet (10Base2)
d. Twisted Pair (10BaseT/100BaseT)
e. Fiber (10BaseF/100BaseF)
2. Ethernet headers and trailers
3. Ethernet header/trailer contents
F. Software that looks into ethernet
1. tcpdump/etherfind/snoop also allow you to see the ethernet header
G. Ethernet addresses
1. Unique MAC (Media Access Control) addresses
2. These are how the cards talk to each other
3. ARP -- Address Resolution Protocol
4. Description of ARP
5. ARP table
Sample ARP table (arp -a on linuxfs1):
Address HWtype HWaddress Flags Mask Iface
ug2.cs.fsu.edu ether 00:C0:F0:13:18:78 C * eth0
ug3.cs.fsu.edu ether 00:C0:F0:13:18:74 C * eth0
fe0.c4500.lov.fsu.edu ether 00:00:0C:36:F9:B2 C * eth0
upsilon.cs.fsu.edu ether 08:00:20:75:FE:D0 C * eth0
export.cs.fsu.edu ether 08:00:20:04:D2:F5 C * eth0
access.cs.fsu.edu ether 08:00:20:0E:B0:40 C * eth0
sync.cs.fsu.edu ether 00:C0:F0:16:4D:13 C * eth0
exec.cs.fsu.edu ether 00:A0:24:8E:31:06 C * eth0
rho.cs.fsu.edu ether 08:00:20:04:D3:E5 C * eth0
mary.cs.fsu.edu ether 08:00:20:75:D8:60 C * eth0
annexcs.cs.fsu.edu ether 00:C0:F0:16:34:66 C * eth0
xi.cs.fsu.edu ether 08:00:20:7D:4F:49 C * eth0
nu.cs.fsu.edu ether 08:00:20:1D:F0:37 C * eth0
linuxfs2.cs.fsu.edu ether 00:C0:F0:16:30:E0 C * eth0
brk.cs.fsu.edu ether 00:05:9A:A0:4C:5E C * eth0
sed.cs.fsu.edu ether 08:00:20:1D:F1:AA C * eth0
ug1.cs.fsu.edu ether 00:C0:F0:13:1F:F0 C * eth0
midas.cs.fsu.edu ether 08:00:69:0C:8D:4A C * eth0
6. WindowsNT
Sample WindowsNT arp -a command output:
Interface: 128.186.121.35
Internet Address Physical Address Type
128.186.121.10 08-00-20-1d-f0-37 dynamic
128.186.121.36 00-a0-24-8e-31-06 dynamic
128.186.121.41 08-00-20-7d-4f-49 dynamic
128.186.121.83 00-c0-f0-16-4d-13 dynamic
128.186.121.160 00-c0-f0-16-37-1c dynamic
128.186.121.174 00-c0-f0-16-25-45 dynamic
128.186.121.236 00-00-a7-00-b5-b0 dynamic
7. RARP -- Reverse Adress Resolution Protocol
8. How RARP works
a. RARP mappings in /etc/ethers under Unix/Linux or in
NIS map (like us). CS Dept's is called ethers
Sample /etc/ethers from nu:
[501]$ cat /etc/ethers
8:0:20:10:49:81 nu
8:0:20:1:b4:36 sync
8:0:1:1:83:8f omicron
8:0:20:0:ce:46 exec
8:0:20:1a:f3:86 grep
8:0:20:c:5f:d8 ioctl
8:0:20:10:48:24 brk
8:0:20:4:d2:f5 export
8:0:20:10:4c:de access
8:0:20:e:b0:40 mu
8:0:20:10:55:5d shmop
8:0:20:10:3c:a9 dup
8:0:20:10:49:93 eta
Sample ypcat ethers:
[511]$ ypcat ethers
0:0:c:e:4d:84 Dirac_local_net
2:60:8C:29:19:83 pc27-dead
2:60:8C:28:50:63 pc26-dead
2:60:8c:1b:e2:19 adm-pc1
8:0:4c:0:21:65 tcpts1
08:00:20:03:f4:f6 sy2000
8:0:20:1:de:49 sigma
8:0:14:11:39:36 ocean
8:0:20:f:a2:bb mount
8:0:14:10:92:49 iris1
aa:00:04:00:3b:1d evax3 # 7.315
aa:00:04:00:36:1d evax1 # 7.310
8:0:20:0:a0:cc yogi
8:0:20:0:ba:93 sun5
8:0:20:1a:f3:86 grep
0:0:a7:14:54:f0 bent
02:60:8c:0b:3a:01 ug1
0:80:42:9:1:54 sim
9. Why is RARP useful?
H. IP Addresses
1. Two parts: Network and Host
2. IP Address is 4 bytes long (32 bits)
a. How many potential addresses?
b. 2^32 = > 4 billion -- this ought to be enough, but...
c. IP addresses are doled out in networks, not hosts...
d. so, we are running out.
3. Class-based addressing
a. 3 main classes: A, B, C
b. Class A addresses -- First bit of first byte is 0
c. Class B addresses -- First two bits of first byte are 10
d. Class C addresses -- First three bits of first byte are 110
e. 2 other classes: D, E
f. Class D addresses -- First four bits of first byte are 1110
g. Class E addresses -- First five bits of first byte are 11110
h. Solution to running out of addresses: IPng
i. IPv6 (we are currently using IPv4)
ii. 16 byte (128 bit) IP addresses
iii. For a total of 665,570,793,348,866,943,898,599 addresses
per sq. meter of the Earth.
iv. Should be enough
v. Will be backward compatible with IPv4
I. Subnetting
1. Creates additional networks under another net for various reasons:
a. Hardware may have a length limitation per strand
b. Simplify the topology of your network
c. Different networking media that need to be linked together
2. "Steals" some of the host part of the IP address for the network part
3. Uses a bitmask (called a subnet mask or simply a netmask)
4. Example -- CS department (cs.fsu.edu)
a. IP address is 128.186.121.0
b. This is a class B address
c. With a netmask of 255.255.255.0, we ACNS has...
d. Seperated it into another network under 128.186.0.0
5. Harder example -- netmasks don't have to be on a byte boundary
a. IP address of network is 128.186.121.88
b. This is a class B address
c. Netmask is 255.255.255.248
d. Space for 6 addresses (not eight since bit combinations
000 and 111 are reserved)
e. They are 128.186.121.89, 128.186.121.90, 128.186.121.91
128.186.121.92, 128.186.121.93, and 128.186.121.94
J. Setting up TCP/IP
1. First, you need NIC(s)
2. Configure OS for NIC(s)
3. Unix/Linux
a. Configure interface(s) in the computer
b. ifconfig command
c. How ifconfig is used
d. Once interface is up, make sure you have routes for packets
destined outside your network
e. Some other things (DNS/routing) will be discussed later
f. Configuring system for name resolving (/etc/resolv.conf)
4. WindowsNT/95
a. Similar to Unix/Linux, but with pretty GUI dialogs
(pun intended)
b. Walkthrough of GUI dialog for TCP/IP setup
K. Virtual Hosting (* optional *)
1. IP addresses assigned to NIC, not computer
2. A computer can have multiple NICs
3. Interfaces don't have to be physical devices
4. Loopback device
5. Dummy interface
6. Can configure dummy interfaces to respond to any IP Address
7. My setup at home
8. Setting up virtual interface
9. Commands for my setup
10. How I route packets to my device
11. This is known as Virtual Hosting
12. Why is this helpful?
II. Routing Theory
A. Why do we need routing?
1. Machines on same network don't need it
2. Two disparate physical nets DO need it
3. Routers/Gateways (slightly different, but we will use the
terms interchangeably)
B. Main types of routing
1. Two types
2. Static
3. Dynamic
C. Static routes in depth
1. Entered manually
2. Every machine should have at least one: the default route
3. Advantage
4. Disadvantage
5. Method for adding (route command)
6. Adding an imaginary route to met.fsu.edu through xi would be:
i. route add -net 128.186.5.0 netmask 255.255.255.0 gw \
128.186.121.41 (Linux)
ii. route add net 128.186.5.0 128.186.121.41 (SunOS/Solaris)
iii. route add -net 128.186.5.0 128.186.121.41 (Irix)
D. Dynamic routes in depth
1. Uses routing daemons
2. Two main daemons
i. routed (pronounced route-dee)
ii. gated (pronounced gate-dee)
3. Advantages
4. Disadvantage (a HUGE one)
E. Kernel routing table
1. What is it?
2. How is it used?
3. How does routing work? Do we have routes to everywhere?
F. Routing protocols
1. Three main ones: RIP, EGP, BGP
2. RIP -- Routing Information Protocol
a. Interior routing protocol
b. Selects the route with lowest "hop count"
c. RIP's assumption...
3. EGP -- Exterior Gateway Protocol
a. Older exterior routing protocol
b. Announces what networks it can reach
c. Unlike RIP, do not choose routes that are best
4. BGP -- Border Gateway Protocol
a. Newer exterior routing protocol
b. Provides more info than EGP for policy-based routing
5. Most systems never actually run the exterior protocols
G. Setting up Routing
1. First of all, choose a routing strategy (static v. dynamic)
2. How CS Dept. is set up...
3. Choosing exterior routing protocol...
4. What machines can you use for routing?
5. Some tidbits about routers and what they can be used for
in securing your networks
H. Supernetting (* optional *)
1. Reverse analogue of subnetting
2. Why is this useful? It groups several networks together into
one routing table entry to save routing table space
3. It provides relief for clogging of routing tables in the
core routers that are the core of the internet
III. TCP/IP and Routing in Practice
A. Using software to debug network problems
1. Some of above software is useful for this
2. Ping is a good candidate to discover if a host is up or down,
and to see if network connectivity has been lost to a net
3. It's a good idea to ping hosts every now and then to see if
things are at least running...running smoothly is another
matter, right Chris? :)
4. Traceroute is another VERY useful program
5. Finally, tcpdump/etherfind/snoop are also useful to make sure
that traffic is proceeding well