Networking Guide Part 3 - TCP/IP Fundamentals
Networking Guide Part 3 - TCP/IP Fundamentals
Introducing TCP/IP
Because TCP/IP is so central to working with the Internet and with intranets, you should understand it in detail. You’ll start with some background on TCP/IP and how it came about and then move on to the descriptions of the technical goals defined by the original designers. Then you’ll get a look at how TCP/IP compares to a theoretical model, the Open Systems Interconnect (OSI) model.
A Brief History of TCP/IP
The TCP/IP protocol was first proposed in 1973, but it was not until 1983 that a standardized version was developed and adopted for wide area use. In that same year, TCP/IP became the official transport mechanism for all connections to ARPAnet, a forerunner of the Internet.
Much of the original work on TCP/IP was done at the University of California at Berkeley, where computer scientists were also working on the Berkeley version of Unix (which eventually grew into the Berkeley Software Distribution [BSD] series of Unix releases). TCP/IP was added to the BSD releases, which in turn was made available to universities and other institutions for the cost of a distribution tape. Thus, TCP/IP began to spread in the academic world, laying the foundation for today’s explosive growth of the Internet and of intranets as well.
During this time, the TCP/IP family continued to evolve and add new members. One of the most important aspects of this growth was the continuing development of the certification and testing program carried out by the U.S. government to ensure that the published standards, which were free, were met. Publication ensured that the developers did not change anything or add any features specific to their own needs. This open approach has continued to the present day; use of the TCP/IP family of protocols virtually guarantees a trouble-free connection between many hardware and software platforms.
TCP/IP Design Goals
When the U.S. Department of Defense began to define the TCP/IP network protocols, their design goals included the following:
TCP/IP had to be independent of all hardware and software manufacturers. Even today, this is fundamentally why TCP/IP makes such good sense in the corporate world: It is not tied to IBM, Novell, Microsoft, DEC, or any other specific company.
It had to have good built-in failure recovery. Because TCP/IP was originally a military proposal, the protocol had to be able to continue operating even if large parts of the network suddenly disappeared from view, say, after an enemy attack.
It had to handle high error rates and still provide completely reliable end-to-end service.
It had to be efficient and have a low data overhead. The majority of data packets using the IP protocol have a simple, 20-byte header, which means better performance in comparison with other networks. A simple protocol translates directly into faster transmissions, giving more efficient service.
It had to allow the addition of new networks without any service disruptions.
As a result, TCP/IP was developed with each component performing unique and vital functions that allowed all the problems involved in moving data between machines over networks to be solved in an elegant and efficient way. Before looking at both TCP and IP individually, you should understand where TCP/IP fits into the broader world of network protocols and, particularly, how it compares to the theoretical reference model published by the International Organization for Standardization (ISO) as the OSI model.
Benefits of Using TCP/IP over Other Networking Protocols
There are several benefits to using the TCP/IP networking protocol:
TCP/IP is a widely published open standard and is completely independent of any hardware or software manufacturer.
TCP/IP can send data between different computer systems running completely different operating systems, from small PCs all the way to mainframes and everything in between.
TCP/IP is separated from the underlying hardware and will run over Ethernet, Token Ring, or X.25 networks and even over dial-up telephone lines.
TCP/IP is a routable protocol, which means it can send datagrams over a specific route, thus reducing traffic on other parts of the network.
TCP/IP has reliable and efficient data-delivery mechanisms.
TCP/IP uses a common addressing scheme. Therefore, any system can address any other system, even in a network as large as the Internet
(The popularity that the TCP/IP family of protocols enjoys today did not arise just because the protocols were there, or even because the U.S. government mandated their use. They are popular because they are robust, solid protocols that solve many of the most difficult networking problems, and do so in an elegant and efficient way.)
The Transmission Control Protocol
The Transmission Control Protocol
Transmission Control Protocol (TCP) is the transmission layer of the protocol and serves to ensure a reliable, verifiable data exchange between hosts on a network. TCP breaks data into pieces, first wrapping it with the information needed to route it to its destination and then reassembling the pieces at the receiving end of the communications link. The wrapped and bundled pieces are called datagrams . TCP puts a header on the datagram that provides the information needed to get the data to its destination. The most important information in the header includes the source and destination port numbers, a sequence number for the datagram, and a checksum.
The source port number and the destination port number ensure that the data is sent back and forth to the correct process running on each computer. The sequence number allows the datagrams to be rebuilt in the correct order in the receiving computer, and the checksum allows the protocol to check whether the data sent is the same as the data received. It does this by first totaling the contents of a datagram and inserting that number in the header. This is when IP enters the picture. Once the header is in the datagram, TCP passes the datagram to IP to be routed to its destination. The receiving computer then performs the same calculation, and if the two calculations do not match, an error has occurred somewhere along the line, and the datagram is re-sent.
In addition to the source and destination port numbers, the sequence number, and the checksum, a TCP header contains the following information:
Acknowledgment Number Indicates that the data was received successfully. If the datagram is damaged in transit, the receiver throws the data away and does not send an acknowledgment back to the sender. After a predefined time-out expires, the sender retransmits the data for which no acknowledgment was received.
Offset Specifies the length of the header.
Reserved Variables set aside for future use.
Flags Indicates that this packet is the end of the data or that the data is urgent.
Window Provides a way to increase packet size, which improves efficiency in data transfers.
Urgent Pointer Gives the location of urgent data.
Options A set of variables reserved for future use or for special options as defined by the user of the protocol.
Padding Ensures that the header ends on a 32-bit boundary.
The data in the packet immediately follows this header information.
The Actual Use of TCP Communications
The following list summarizes the TCP process:
Flow control allows two systems to cooperate in datagram transmission to prevent overflows and lost packets.
Acknowledgment lets the sender know that the recipient has received the information.
Sequencing ensures that packets arrive in the proper order.
Checksums allow easy detection of lost or corrupted packets.
Retransmission of lost or corrupted packets is managed in a timely way.
The Application Protocols
The Application Protocols
The following 12 applications were built on top of the TCP/IP protocol suite and are available on most implementations
Simple Network Management Protocol (SNMP)
SNMP allows network administrators to collect information about the network. It is a communications protocol for collecting information about devices on the network, including hubs, routers, and bridges. Each piece of information to be collected about a device is defined in a Management Information Base (MIB). SNMP uses UDP to send and receive messages on the network.
File Transfer Protocol (FTP)
FTP provides a mechanism for single or multiple file transfers between computer systems; when written in lowercase as “ftp,” it is also the name of the client software used to access the FTP server running on the remote host. The FTP package provides all the tools needed to look at files and directories, change to other directories, and transfer text and binary files from one system to another. FTP uses TCP to actually move the files.
Trivial File Transfer Protocol (TFTP)
TFTP is a “stripped down” version of FTP, primarily used to boot diskless workstations and to transfer boot images to and from routers. It uses a reduced feature set (fewer commands and a smaller overall program size). In addition to its reduced size, it also uses UDP instead of TCP, which makes for faster transfers, but with less reliability.
Simple Mail Transfer Protocol (SMTP)
SMTP allows for a simple e-mail service and is responsible for moving messages from one e-mail server to another. The e-mail servers run either Post Office Protocol (POP) or Internet Mail Access Protocol (IMAP) to distribute e-mail messages to users.
Post Office Protocol (POP)
POP provides a storage mechanism for incoming mail; the latest version of the standard is known as POP3. When a client connects to a POP3 server, all the messages addressed to that client are downloaded; there is no way to download messages selectively. Once the messages are downloaded, the user can delete or modify messages without further interaction with the server. In some locations, POP3 is being replaced by another standard, IMAP.
Internet Mail Access Protocol (IMAP)
IMAP allows users to download mail selectively, look at the message header, download just a part of a message, store messages on the e-mail server in a hierarchical structure, and link to documents and Usenet newsgroups. Search commands are also available so that users can locate messages based on their subject, header, or content. IMAP has strong authentication features and supports the Kerberos authentication scheme originally developed at MIT.
Telnet
Telnet is a terminal emulation package that provides a remote logon to another host over the network.
Internet Control Message Protocol (ICMP)
ICMP works at the IP Network layer level and provides the functions used for Network layer management and control. Routers send ICMP messages to respond to undeliverable datagrams by placing an ICMP message in an IP datagram and then sending the datagram back to the original source. The Ping command—used in network troubleshooting and described in Chapter 5, “Major Network Operating Systems”—uses ICMP.
Hypertext Transfer Protocol (HTTP)
HTTP is the command and control protocol used to manage communications between a web browser and a web server. When you access a web page on the Internet or on a corporate intranet, you see a mixture of text, graphics, and links to other documents or other Internet resources. HTTP is the mechanism that opens the related document when you select a link, no matter where that document is actually located.
Note Secure Hypertext Transfer Protocol (which you will see abbreviated as SHTTP, S-HTTP, or even HTTPS) is a secure version of HTTP that provides a variety of security mechanisms to the transactions between a web browser and the server. S-HTTP allows browsers and servers to sign, authenticate, and encrypt an HTTP network packet.
Address Resolution Protocol (ARP)
ARP helps to reference the physical hardware address of a network node to its IP address. Under ARP, a network interface card (NIC) contains a table (known as the address resolution cache) that maps logical addresses to the hardware addresses of nodes on the network. When a node needs to send a packet, it first checks the address resolution cache to see if the physical address information is already present. If so, that address is used, and network traffic is reduced; otherwise, a normal ARP request is made to determine the address
Network Time Protocol (NTP)
NTP, originally developed by Professor David Mills at the University of Delaware, is used to synchronize (or set) computer clocks to some standard time source, which is usually a nuclear clock. This protocol (along with synchronization utilities) keeps all computers on a network set to the same time. Time synchronization is important because many transactions are time and date stamped (in a database, for example). If the time on a server is out of synchronization with the time on two different computers, even by just a few seconds, the server will get confused. For example, one computer can seemingly enter a transaction, but the server will indicate that it occurred before it actually did. Because this time problem will crash the database server, it is important that these servers (and workstations) use NTP.
User Datagram Protocol (UDP)
UDP is a Transport layer connectionless protocol that does not provide the reliability services available with TCP. UDP gives applications a direct interface with IP and the ability to address a specific application process running on a host via a port number without setting up a connection session. UDP also uses IP to deliver its packets.
The Novell NetWare IPX/SPX Protocol Suite
The Novell NetWare proprietary protocol suite consists of two main parts:
Internetwork Packet eXchange (IPX)
Sequenced Packet eXchange (SPX)
IPX is based on the Xerox Network System (XNS) protocol developed in the 1970s and is an internetworking protocol that provides datagram services in the Network layer and also provides routing services. IPX is very efficient and uses a simple addressing scheme that is based on a 4-byte network number, a 6-byte node number, and a 2-byte socket number. A network number is assigned to each segment in the network. The node number or hardware address identifies a specific network interface card or device, and the socket number identifies a particular process in the computer.
IPX packets consist of a 30-byte header that includes the network, node, and socket addresses for the source and the destination, followed by the data area, which can be from 30 bytes (just the header) to 65,535 bytes in length. Most networks impose a more realistic maximum packet size of about 1500 bytes.
The IPX packet header contains the following fields:
Checksum For data integrity checking.
Packet Length Length of the packet in bytes.
Transport Control Number of routers a packet can cross before being discarded.
Packet Type The service that created the packet.
Destination Network Network address of the destination network.
Destination Node Media access control (MAC) address of the destination node.
Destination Socket Address of the process running on the destination node. Source Network Network address of the source network.
Source Node MAC address of the source node.
Source Socket Address of the process running on the source node.
The other part of the protocol suite, SPX, works at the Transport layer and guarantees packet delivery by making the destination node verify that the data was received correctly. If no response is received within a specified time, SPX retransmits the packet. If several retransmissions fail to return an acknowledgment, SPX assumes the connection has failed and informs the outside world of the error condition. All packets in the transmission are sent in sequence, and they all take the same path to their destination.
If we compare the IPX/SPX protocol suite to the TCP/IP family, IP and IPX are connectionless datagram protocols, and SPX and TCP are connectionoriented protocols. IPX provides routing and internetwork services similar to IP, and SPX provides Transport layer services similar to TCP. Novell NetWare uses two routing protocols:
Routing Information Protocol (RIP)
NetWare Link Services Protocol (NLSP)
NLSP is more efficient at maintaining routing information and adapting to changes in the network configuration and allows large or small networks to be connected without causing routing inefficiencies. This is because NLSP doesn’t determine a route based on the number of routers, but rather on the individual route’s “cost” (a value determined by several factors like speed, available bandwidth, etc.).
NetWare Core Protocol (NCP) is the main protocol used to manage service requests between a client and a server. It includes routines for logon requests, for manipulating files and directories, for opening semaphores, for printing, and for creating and destroying service connections. NCP was designed with the assumption that client and server would be physically close; once a router is added to the system, and connections are made over a wide area link, NCP creates network traffic congestion.
Ports and Sockets Explained
Ports and Sockets Explained
On a TCP/IP network, data travels from a port on the sending computer to a port on the receiving computer. A port is an address that identifies the application associated with the data. The source port number identifies the application that sent the data, and the destination port number identifies the application that receives the data. Each port is assigned a unique 16-bit number in the range of 0 through 65535. Additionally, there are two types of ports, TCP and UDP, that are based on their respective protocols.
Today, the very existence of ports and their numbers is more or less transparent to the users of the network, as many ports are standardized. Thus, a remote computer will know which port it should connect to for a specific service. For example, all servers that offer Telnet services do so on TCP port 23, and web servers normally run on TCP port 80. This means that when you dial up the Internet to connect to a web server via the Internet, you automatically connect to port 80, and when you use Telnet, you automatically connect to port 23. The TCP/IP protocol uses a modifiable lookup table to determine the correct port for the data type. Table 3.1 lists some of the well-known port numbers for common protocols.
Well-Known Port Numbers for Common Protocols
UDP port 15 NETSTAT
TCP port 21 FTP
TCP port 23 Telnet
TCP port 25 SMTP
UDP port 53 DNS
UDP port 69 TFTP
TCP port 70 Gopher
TCP port 79 Finger
TCP/UDP port 80 HTTP
TCP port 110 POP3
UDP port 111 RPC
TCP port 119 NNTP (Network News Transfer Protocol)
TCP port 123 NTP
UDP port 137 NetBIOS name service
UDP port 161 SNMP network monitor
UDP port 2049 NFS
In multiuser systems, a program can define a port on the fly if more than one user requires access to the same service at the same time. Such a port is known as a dynamically allocated port and is assigned only when needed— for example, when two remote computers dial into a third computer and simultaneously request Telnet services on that system.
The combination of an IP address (more on IP addresses in a moment) and a port number is known as a socket. A socket identifies a single network process in terms of the entire Internet. Two sockets—one on the sending system and one on the receiving host—are needed to define a connection for connection-oriented protocols, such as TCP. You may hear or see the terms socket and port used as if they are interchangeable terms, but they are not.
Note In the Novell NetWare world, a socket is part of an IPX internetwork address and acts as a destination for the IPX data packet. Most socket numbers are allocated dynamically, but a few are associated with specific functions.
Sockets were first developed as a part of the BSD Unix system kernel, in which they allow processes that are not running at the same time or on the same system to exchange information. You can read data from or write data to a socket just as you can do with a file. Socket pairs are bidirectional so that either process can send data to the other.
Understanding IP Addressing
Understanding IP Addressing
IP moves data between computer systems in the form of a datagram, and each datagram is delivered to the destination port number that is contained in the datagram header. This destination port number, or address, is a standard 16-bit number that contains enough information to identify the receiving network and the specific host on that network for which the datagram is intended.
In this section, you’ll learn what IP addresses are, why they are so necessary, and how they are used in TCP/IP networking. But first, let’s clear up a possible source of confusion: Ethernet addresses and IP addresses.
Ethernet Addresses Explained
You may remember from an earlier section that TCP/IP is independent of the underlying network hardware. If you are running on an Ethernet-based network, be careful not to confuse the Ethernet hardware address and the IP address required by TCP/IP.
Each Ethernet network card (and any other NIC, for that matter) has its own unique hardware address, known as the media access control (MAC) address. This hardware address is predefined and preprogrammed on the NIC by the manufacturer of the board as a unique 48-bit number.
The first three parts of this address are called the Organizationally Unique Identifier (OUI) and are assigned by the Institute of Electrical and Electronics Engineers (IEEE). Manufacturers purchase OUIs in blocks and then assign the last three parts of the MAC address, making each assignment unique. Remember that the Ethernet address is predetermined and is hard-coded onto the NIC. IP addresses, however, are very different.
IP Addresses Explained
TCP/IP requires that each computer on a TCP/IP network have its own unique IP address. There are two addressing schemes for TCP/IP: IPv4 and IPv6. You should know how each of these schemes differs.
IPv4
An IPv4 address is a 32-bit number, usually represented as a four-part number, with each of the four parts separated by a period or decimal point. You may also hear this method of representation called dotted decimal or quad decimal. In the IPv4 address, each individual byte, or octet as it is sometimes called, can have a value in the range of 0 through 255.
Note The term octet is the Internet community’s own term for an 8-bit byte. It came into common use because some of the early computers attached to the Internet had bytes of more than 8 bits; for example, DEC’s systems have blocks of 18 bits.
The way these addresses are used varies according to the class of the network, so all you can say with certainty is that the 32-bit IPv4 address is divided in some way to create an address for the network and an address for each host. In general, though, the higher-order bits of the address make up the network part of the address, and the rest constitutes the host part of the address. In addition, the host part of the address can be divided further to allow for a subnetwork address. For more detail on this addressing scheme, see the “IPv4 Address Classifications” and “Understanding Subnets” sections later in this chapter.
Some host addresses are reserved for special use. For example, in all network addresses, host numbers 0 and 255 are reserved. An IPv4 host address with all host bits set to 0 identifies the network itself; so 52.0.0.0 refers to network 52. An IP address with all host bits set to 255 is known as a broadcast address. The broadcast address for network 204.176 is 204.176.255.255. A datagram sent to this address is automatically sent to every individual host on the 204.176 network.
ARIN (American Registry of Internet Numbers) assigns and regulates IP addresses on the Internet; you can get one directly from ARIN, or you can ask your Internet service provider (ISP) to secure an IP address on your behalf. Another strategy is to obtain your address from ARIN and only use it internally until you are ready to connect to the Internet.
Note If you are setting up an intranet and you don’t want to connect to the outside world through the Internet, you don’t need to register the IP addresses you use on your intranet with ARIN. Registering your addresses with ARIN simply ensures that the addresses you propose to use are unique over the entire Internet. If you are never going to connect to the Internet, there's no reason to worry about whether those addresses are redundant with a computer that isn't even on your network.
IPv6
IPv6 was originally designed because the number of available unregistered IPv4 addresses was running low. Because IPv6 uses a 128-bit addressing scheme, it has more than 79 octillion (that’s 79,000,000,000,000,000,000,000,000,000 to you and me) times as many available addresses as IPv4. Also, instead of using binary digits or decimal digits, IPv6 uses eight sets of four hexadecimal digits, like so:
3FFE:0B00:0800:0002:0000:0000:0000:000C
In addition, you can abbreviate these very long addresses by dropping leading zeros (like the zero before the B in “0B00”). You can also drop any single grouping of zero octets (as in the number above) between numbers as long as you replace them with a double colon (::) and they are complete octets (you can’t drop the three zeros in the second octet to make it just “B” instead of “0B00,” for example). If you apply this rule (known as the zero compression rule) to the above address, it would make the example address look like so:
3FFE:0B00:0800:0002::000C
Warning You can’t use the zero compression rule to drop more than one grouping of zero octets. For example, you can’t make 3FFE:0000:0000:0002:0000:0000: 0000:000C into 3FFE::0002::000C. This is also part of the zero compression rule: There can be only one set of double colons!
As with IPv4, there are several addresses that are reserved for special uses. The IPv6 address ::/0 is the default address for a host (like 0.0.0.0 in IPv4). The address ::1/128 is reserved for the local loopback (like 127.0.0.1 in IPv4). IPv6 also includes provisions for the old IPv4 hosts so they can be migrated to the new addressing scheme. This is accomplished by using the address ::xxx.xxx.xxx.xxx where the last four sets of digits refer to the old IPv4 address.
The way a host is configured is one very unique aspect of the IPv6 addressing scheme. Instead of an IP address, subnet mask, and default gateway, each station is required to have three different addresses. First of all, the host has an address from each upstream supplier, a local address, and a link-local address. The local address is a number like ::1/128 that defines the local host. The link-local address is the address for the local subnet.
Finally, IPv6 has some other unique addressing concepts, like autoconfiguration (similar to DHCP, but extended further) and neighbor discovery, whereby the IPv6 host discovers its network surroundings.
Note For more information on IPv6, check out RFC 2373 at www.faqs.org/rfcs.
IPv4 Address Classifications
In the 32-bit IP address, the number of bits used to identify the network and the host vary according to the network class of the address. If you never connect your intranet to the outside world and the Internet, you have no need to concern yourself with this information. If you do plan to connect to the Internet (and to do well on the exam), you’ll need to know that the several classes are as follows:
Class A is used for very large networks only. The high-order bit in a Class A network is always 0, which leaves 7 bits available to define 127 networks. The remaining 24 bits of the address allow each Class A network to hold as many as 16,777,214 hosts. Examples of Class A networks include General Electric, IBM, Hewlett-Packard, Apple, Xerox, DEC, Columbia University, and MIT. All possible Class A networks are in use; no more are available.
Class B is used for medium-sized networks. The two high-order bits are always 10 (that’s “one zero”, not “ten”), and the remaining bits are used to define 16,384 networks, each with as many as 65,534 hosts attached. Examples of Class B networks include Microsoft and Exxon. All Class B networks are in use; no more of them are available.
Class C is for smaller networks. The three high-order bits are always 110, and the remaining bits are used to define 2,097,152 networks, but each network can have a maximum of only 254 hosts. Class C networks are still available.
Class D is a special multicast address and cannot be used for networks. The four high-order bits are always 1110, and the remaining 28 bits allow access to more than 268 million possible addresses.
Class E is reserved for experimental purposes. The first four bits in the address are always 1111.
Because the bits used to identify the class are combined with the bits that define the network address, we can draw the following conclusions from the size of the first octet, or byte, of the address:
A value of 126 or less indicates a Class A address. The first octet is the network number; the next three, the host address.
A value of exactly 127 is reserved as a loopback test address. If you send a message to 127.0.0.1, the Ping doesn’t actually generate any network traffic. It does, however, test that TCP/IP is installed correctly. Using this number as a special test address has the unfortunate effect of wasting more than 24 million possible IP addresses.
A value of 128 through 191 is a Class B address. The first two octets are the network number, and the last two are the host address.
A value of 192 through 223 is a Class C address. The first three octets are the network address, and the last octet is the host address.
A value greater than 223 indicates a reserved address.
Tip Three other special address types are 10.x.x.x, 192.168.xxx.xxx, and 172.16.x.x– 172.31.x.x. These addresses are specified in RFC 1918 as being available to anyone who wants to use IP addressing on a private network, but does not want to connect to the Internet. Private addresses are those addresses that are not routed by Internet routers. Public addresses are those IP addresses that will be passed by Internet routers. You can use this address without the risk of compromising someone else’s registered network address.
Classless Internetwork Domain Routing (CIDR)
Classless Internetwork Domain Routing (CIDR)
InterNIC no longer gives out addresses under the Class A, B, or C designations. Instead, it uses a method called Classless Internetwork Domain Routing (or CIDR, which is usually pronounced “cider”). CIDR networks are described as “slash x” networks; the x represents the number of bits in the IP address range that InterNIC controls. This allows InterNIC to define networks that fall between the old classifications, which means that you can get a range of addresses much better suited to your needs than in times past. In CIDR terms, a network classified as a Class C network under the old scheme becomes a slash 24 network, because InterNIC controls the leftmost 24 bits and you control the rightmost 8 bits.
Examples of CIDR Network Types
InterNIC Network Type - Subnet Mask - Approximate Number of IP Addresses
slash 8 255.0.0.0 16,000,000
slash 12 255.240.0.0 1,000,000
slash 16 255.255.0.0 65,536
slash 20 255.255.240.0 4,096
slash 21 255.255.248.0 2,048
slash 22 255.255.252.0 1,024
slash 23 255.255.254.0 512
slash 24 255.255.255.0 256
slash 25 255.255.255.128 128
slash 26 255.255.255.192 64
slash 27 255.255.255.224 32
slash 28 255.255.255.240 16
slash 29 255.255.255.248 8
slash 30 255.255.255.252 4
Note You can also combine multiple Class C networks into a single network using this same designation system. This process is known as supernetting
IP Proxy Servers Explained
IP Proxy Servers Explained
A proxy server is one of several solutions to the problems associated with connecting your intranet or corporate network to the Internet. A proxy server is a program that handles traffic to external host systems on behalf of the client software running on the protected network; this means that clients access the Internet through the proxy server. It’s a bit like those oneway mirrors—you can see out, but a potential intruder cannot see in.
Note Another mechanism used to monitor and control traffic between the Internet and an internal network is a firewall. Although the functions performed by proxy servers and firewalls are related and are starting to appear in combination products, they’ll be presented in different chapters here
A proxy server sits between a user on your network and a server out on the Internet. Instead of communicating with each other directly, each talks to the proxy (in other words, to a “stand-in”). From the user’s point of view, the proxy server presents the illusion that the user is dealing with a genuine Internet server. To the real server on the Internet, the proxy server gives the illusion that the real server is dealing directly with the user on the internal network. So a proxy server can be both a client and a server; it depends on which way you are facing. The point to remember here is that the user is never in direct contact with the Internet server
The proxy server does more than just forward requests from your users to the Internet and back. Because it examines and makes decisions about the requests that it processes, it can control what your users can do. Depending on the details of your security policy, client requests can be approved and forwarded, or they can be denied. And rather than requiring that the same restrictions be enforced for all users, many advanced proxy server packages can offer different capabilities to different users.
Warning A proxy server can be effective only if it is the only type of connection between an internal network and the Internet. As soon as you allow a connection that does not go through a proxy server, your network is at risk.
Proxy Server Caching
Many proxy servers can cache documents, which is particularly useful if a number of clients request the same document independently. With caching, the client request is filled more quickly, and Internet traffic is reduced. The types of caching are as follows:
Active Caching The proxy server uses periods of low activity to go out and retrieve documents that it thinks will be requested by clients in the near future.
Passive Caching The proxy server waits for a client to make a request, retrieves the document, and then decides whether or not to cache the document.
Note Some documents, such as those from a paid subscription service or those requiring specific authentication, cannot be cached.
Large companies may have multiple proxy servers, and two caching standards have emerged: Internet Cache Protocol and Cache Array Routing Protocol.
Internet Cache Protocol (ICP)
Internet Cache Protocol (ICP) specifies a message format to be used for communications between proxy servers; these messages are used to exchange information about the presence or absence of a specific web page in the proxy server cache. Unfortunately, ICP is not scalable, and the number of ICP messages exchanged between proxy servers climbs rapidly as the number of proxy servers increases.
Cache Array Routing Protocol (CARP)
Cache Array Routing Protocol (CARP) offers a solution to the ICP problem by using multiple proxy servers with a single large cache. CARP removes the need for proxy server–to–proxy server communications and also prevents the information in the cache from becoming redundant over time. CARP is referred to as queryless distributed caching and is supported in Netscape and Microsoft proxy server products.
Configuring TCP/IP on Windows Workstations
Configuring TCP/IP on Windows Workstations
You will now take a look at how you can configure a Windows client to use TCP/IP. The information in this section assumes that you already have Windows 98 or Windows NT Workstation running on the client.
If you are using Plug and Play network interface cards, Microsoft Windows may have already recognized your TCP/IP network, however, Windows has not automatically recognized your TCP/IP connection or if you want to look at or change some of the configuration settings, stay with this guide.
Note There is very little difference between installing TCP/IP on a Windows 98 client and installing TCP/IP on a Windows NT Workstation client; the dialog boxes you use are virtually identical. Windows 98 is used in the discussion that follows.
To begin installing TCP/IP, follow these steps:
Quote:
Choose Start - Settings - Control Panel Ø Network to open the Network dialog box, which lists all of the currently installed network components.
(Tip You can also right-click the Network Neighborhood icon on the Windows Desktop and select Properties from the Shortcut menu to open the Network dialog box.)
Click Add to open the Select Network Component Type dialog box.
Select Protocol from the list of network components, and click Add to open the Select Network Protocol dialog box. This dialog box lists the various software manufacturers and their respective networking protocols.
Select Microsoft from the list of manufacturers, and select TCP/IP from the Network Protocols list.
Click OK to continue.
When you click OK, Windows installs the Microsoft TCP/IP protocol and displays it in the list of networking components in the Network dialog box. Clicking OK completes the installation, and the system prompts you to restart the computer so the changes can take effect.
TCP/IP Properties
Many configuration settings are associated with TCP/IP. To look at or change them, follow these steps:
Quote:
Choose Start - Settings - Control Panel - Network to open the Network dialog box.
Select TCP/IP, and click the Properties button to open the TCP/IP Properties dialog box.
Across the top of the TCP/IP Properties dialog box, you will see several tabs that you can choose from, including:
IP Address
Bindings
Gateway
Advanced
WINS Configuration
DNS Configuration
NetBIOS (if used)
Each tab controls the settings associated with a specific aspect of using TCP/IP under Windows, and in the sections that follow, you’ll get a look at all the settings you can configure on these tabs. The settings that you use on your system will obviously depend on the configuration of that system and exactly how you intend to use it. And in certain circumstances, you may see other tabs in the TCP/IP Properties dialog box. For example, if you are using NetBIOS, you will see a tab that lets you use NetBIOS over TCP/IP.
The IP Address Tab
You use the IP Address tab, to specify an IP address for this client. If you accept the default option, Obtain an IP Address Automatically, your computer obtains this address from the Dynamic Host Configuration Protocol (DHCP) server on your network or from an ISP if you are connecting directly to the Internet. (You can read more about DHCP in the following “DHCP” sidebar.)
If you select Specify an IP Address, you can enter the appropriate IP address and subnet mask for use on this computer
Real World Scenario: Using DHCP
The primary reason for using DHCP is to centralize the management of IP addresses. When the DHCP service is used, pools of IP addresses are assigned for automatic distribution to client computers on an as-needed basis. The address pools are centralized on the DHCP server, allowing all IP addresses on your network to be administered from a single server. It should be apparent that this saves loads of time when changing the IP addresses on your network. Instead of running around to every workstation and server and resetting the IP address to a new address, you simply reset the IP address pool on the DHCP server. The next time the client machines are rebooted, they are assigned new addresses.
If the client workstation cannot locate the DHCP server on the network automatically, you will see an error message to that effect when you restart the client workstation.
DHCP can, however, manage much more than the IP addresses of client computers. It can also assign DNS servers, gateway addresses, subnet masks, and many other tasks.
In the Windows family of operating systems, only computers running Windows NT Server 3.51 or later can act as a DHCP server; a computer running Windows 98 cannot be a DHCP server. In the Novell world, NetWare 4.11 comes with DHCP as a standard service. In NetWare 5, this service is administered using a Java-based snap-in module for the administrator utility called the DNS/DHCP Management Console.
The Bindings Tab
The Bindings tab of the TCP/IP Properties dialog box displays the bindings available on the computer and also lets you select the ones you want to use. When you install a new protocol, Windows binds the new protocol to all possible client and service components. In some cases, certain network components may not work if you have the wrong protocol bindings selected, so make sure that the bindings shown reflect the appropriate protocol.
The Network Driver Interface Specification
The Network Driver Interface Specification (NDIS), originally developed by Microsoft and 3Com in 1990, is a device driver specification that is independent of both the underlying network hardware and the networking protocol in use.
NDIS also provides protocol multiplexing so that multiple protocol stacks can be used at the same time on the same computer
The Gateway Tab
You use the Gateway tab to specify the IP address of one or more of the gateway routers installed on your network. To enter the information for a new gateway, type the IP address in the New Gateway box and click the Add button. The IP address will appear in the Installed Gateways box of this dialog box.
Note Windows uses the first gateway listed in the Installed Gateways box as the default gateway. To remove an installed gateway, select it from the list in the Installed Gateways box and click Remove.
The Advanced Tab
You use the Advanced tab to specify that Windows should use this protocol as the default if no protocol has been selected. No other configurable properties are available in this tab.
The WINS Configuration Tab
Selecting Disable WINS Resolution in the WINS Configuration tab, turns off the use of WINS; this is the default setting
If you select Enable WINS Resolution, you can enter IP address values for the primary WINS server and for a secondary WINS server on your network if one is available. The system first tries to use the primary WINS server for name resolution, but if it can’t find the primary WINS server, it will try to locate a secondary WINS server.
The Scope ID field may contain a set of text characters if you have an internetwork connection that uses NetBIOS over TCP/IP. When all of the computers in a group share the same Scope ID, they are able to communicate with each other, but not with computers outside the group. In most cases, the Scope ID field is left blank.
At the bottom of this dialog box, you will see the option button Use DHCP for WINS Resolution. Click this button if you want to enable DHCP to set up the WINS configuration.
The DNS Configuration Tab
You use the DNS Configuration tab of the TCP/IP Properties dialog box, to enable or disable DNS. When DNS is enabled, you can enter information into the Host, Domain, DNS Server Search Order, and Domain Suffix Search Order fields.
The Host field contains the name of the local computer, usually the name used to configure networking services, but it can be different. The name can include a set of alphanumeric characters and a hyphen, and a period is used as a separator.
You know from earlier in this chapter that an FQDN consists of the name of the host followed by the domain name. For example, if the name of the local computer is wallaby, and the domain is sybek.com, the FQDN is wallaby.sybek.com.
The Domain field is optional and, if used, contains the name of the DNS domain to which this computer belongs.
Note The term “domain” is used in different ways in different contexts. The domain specified here for DNS is not the same domain as a Windows NT domain, an OS/2 LAN Server domain, or a LAN Manager domain.
The DNS Server Search Order field can contain the IP addresses of as many as three DNS servers that can be used for name resolution services. To add the IP address of a DNS server, type the IP address in the entry field and click Add. To delete an IP address from the list, select an IP address and click Remove.
The Domain Suffix Search Order field contains a list of domain suffixes that the system can use when creating an FQDN from a short name. The system adds the local domain name to the short name and queries the DNS server for name resolution. If the FQDN is not resolved, the system appends each successive domain suffix in this list to the short name and retries for name resolution. To add a domain suffix to the list, type the domain name you want to add and click Add. If you want to delete a domain name from the list, select it and click Remove.
Tip If a Windows 98 client does not respond to the network as you expect, run the Windows 98 Networking Troubleshooter as a first step in tracking down the problem.
The Windows Registry
All of this TCP/IP configuration information is stored in the Windows Registry database, along with lots of other hardware and software configuration information. You can change most of the TCP/IP parameters by using the Network applet in Control Panel as you have just seen. Certain parameters, however, such as Time to Live and the default Type of Service, can be changed only by using the Registry Editor ( regedit.exe on Windows 98 or regedit32 on Windows NT). If you change some of these Registry parameters without detailed knowledge of TCP/IP configuration parameters, you may affect the performance of TCP/IP on your system in an adverse and unexpected way.
Tip If you are configuring TCP/IP on a Windows NT Workstation client, and you want to know more, check out the Microsoft KnowledgeBase article Q120642 on the Microsoft website at www.microsoft.com. This article covers all the standard, optional, and nonconfigurable TCP/IP parameters, and describes which parameters are updated by using the Network applet in Control Panel and which are changed using the Registry Editor.
Exam Essentials - Helpful tip for users here
To Be able to recognize the different protocols within TCP/IP and be able to define the purpose and function of protocols within TCP/IP. The TCP/IP stack is made up of several protocols, which each perform such functions as protocol transport, file access, file transfer, and mail transfer. Some of these protocols include TCP, SMTP, IP, NNTP, HTTP, and FTP.
Be able to define the function of common TCP and UDP ports. You should know how to coordinate protocol name and function with port number.
Know how to identify IP addresses (IP v4, IPv6) and their default subnet masks. IPv4 = xxx.xxx.xxx.xxx where xxx is a number from 0 to 255, the default subnet mask is 255.0.0.0 for a Class A address (IP range is 0.x.x.x to 126.x.x.x), 255.255.0.0 for a Class B (IP range is 128.x.x.x to 191), and 255.255.255.0 for a Class C (192.x.x.x to 223.x.x.x).
IPv6 = xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx where x is a hexadecimal digit. IPv6 has no default subnet mask.
Know how to identify the purposes of subnetting and default gateways. The purpose of subnetting is to divide a network into two or more segments, gaining more addressable segments from a single address space. Default gateways are configured so that a host has an address to send a packet to when it can’t figure out a route to the destination address.
Know how to identify the difference between public and private networks. Public networks are networks that are open to the general public and, as such, use valid IP addresses that can be “seen” by the general public. The Internet is an example of a public network. Private networks, on the other hand, use addresses that cannot be seen by the general public and are generally not available for public use. Your company’s LAN is an example of a private network.
Be able to describe the main characteristics of VLANs. Virtual LANs (VLANs) are a feature of network switches that allow machines on different physical network segments to be organized into a virtual segment, or VLAN.