 Internet SecurityCollege of Engineering & CS Wright State University Dayton, Ohio 45435-0001 |
|
| 2002 |
The Internet is comprised of thousands of regional networks scattered throughout the globe. The Web refers to a body of information - an abstract space of knowledge, while the Internet refers to the physical side of the global network, a giant mass of cables and computers. The WWW uses the Internet to transmit hypermedia documents between computer users internationally.
There are many ways of setting up a LAN. The ruling king of such technologies
is Ethernet for the hardware layer, and TCP/IP for software layer. The 10
megabits/sec (Mb/s) is now (1999) considered obsolete. The 100 Mb/s is
current, and 1000 Mb/s (Gigabit Ethernet) is becoming common.
Network Topology refers to how the computers are connected. In the Star Topology, all the computers are connected to a common point. It is fault-tolerant, and is easy to add new clients and easy for management and monitoring of network performance. The Bus Topology is a straight line with a tap for each computer. It is simple, easy to add new computers by inserting a T-connector, but problems are hard to isolate and the network slows down during periods of heavy use.
Network Interface Cards: Professional workstations have built-in
network hardware. In PCs, NICs are hardware boards that you insert into
empty slots in the PC. Today (1999), a good PCI-based card for 10 or 100
megabits/sec (Mb/s) sells for about $15. A typical card will have two
connectors at the back: a telephone-jack like RJ45, and an RCA-like BNC
connector. 
Through this physical connection, the data
bits go from the computer to the cable and back again when receiving.
Each NIC is identified by a unique 6-byte number called its Ethernet address that is stored, at manufacture time, in a ROM on the card. This number is also called a MAC (media access control) address.
The
RJ45 Twisted Pair Cable, whose connector is shown at right, is made from
insulated strands of wire twisted together inside a sheath that may or may not
be shielded. Unshielded Twisted Pair (UTP) is the most commonly used cable for
small LANs. It is often referred to as 10BaseT because the most popular size of
this cable can carry 10 Mb/s. It comes in different categories that carry
between 4 Mb/s and 100 Mb/s of data to about 300 feet before the signal strength
suffers.
If you connecting only two computers, you do not need any hubs. You use
one RJ45 cross over cable that has two of their signal wires transposed
between the connectors as described below.
cross over cable connections:
| Pin Name | End1 Pin | End2 Pin | Pin Name |
|---|---|---|---|
| TX+ | 1 | 3 | RX+ |
| TX- | 2 | 6 | RX- |
| RX+ | 3 | 1 | TX+ |
| RX- | 6 | 2 | TX- |
(You may also connect 4-4, 5-5, 7-7, 8-8.) This cable can be used to cascade hubs, or for connecting two Ethernet stations back-to-back without a hub. It works with both 10Base-T and 100Base-TX.
To connect more than two computers, you need network hubs or switches. All the PCs connect to the hub. An inexpensive starter network kit for home sells for $50 (in 1999) and includes two NICs and a hub that has 5 RJ45 ports.
The Thin Coaxial Cable looks similar to a TV cable but its
impedance rating and other characteristics are different. It has a core of solid
or braided copper wire surrounded by insulation, braided metal shielding, and an
outer cover. These cables can carry a signal about 600 feet before the signal
starts to suffer from loss of strength.
The thin coaxial cable does not need hubs. It uses the bus
topology. Imagine it as a long unbroken line of cable terminated with
50-ohm resistors at either end, and with a T-connector for each computer.
Hubs and Switches
If more than two devices are to be networked, a hub is the central device into which all networks cables are connected. Hubs typically connect from 4-24 devices and can be "stacked" or "cascaded" together for more capacity. A hub is a place of convergence where data arrives from one or more directions and is forwarded out in one or more other directions. An arriving packet is sent out to all the connections.
Repeaters repeat an Ethernet transmission (frame) on other ports.
Repeaters operate at the electrical level; they don't have any intelligence.
Switch is a term for a multi-port bridge. A bridge is a
small computer with at least two network interfaces. It receives Ethernet
frames, figures out which interface the destination is on, and sends it
appropriately (or not at all, if the destination and source interface are the
same). If the bridge doesn't know which interface the destination is on, it
sends the frame out on all of them (except the source interface). A switch
analyzes the packet and sends an arriving packet to only the destination NIC,
and not to all the connections that are made on the switch.
Typically, a packet may travel through a number of network points with
routers before arriving at its destination. A router is a hardware device or, in
some cases, software in a computer, that determines the next network point to
which a packet should be forwarded toward its destination. The router is
connected to at least two networks and decides which way to send each
information packet based on
its current understanding of the state of the networks it is connected to. A
router is located at any juncture of networks or gateway, including each
Internet point-of-presence. A router is often included as part of a network
switch.
A gateway is a computer that lies at the intersection of two networks, and routes traffic correctly between them, while keeping traffic internal to the two networks separated.
Used to segment networks into smaller connected subnets. Networks can easily
overload: switching them into separate subnets can enhance performance easily
and inexpensively while preserving existing investments.
Modem stands for MOdulator/DEModulator. A modem converts (modulates) digital signals generated by the computer into analog signals which can be transmitted over a telephone line and transforms (demodulates) incoming analog signals into their digital equivalents. The specific techniques used to encode the digital bits into analog signals are called modulation protocols. This encoding process puts the transmission into a mode that is compatible with the various transmission media used by the telephone company, such as copper wire, microwave, satellite, and fiber optics. Most new modems can send and receive data at 57.6 kbps (kilo bits per second) and faxes at 14.4 kbps. ISDN (Integrated Services Digital Network) modems use digital telephone lines to achieve a transmission speed of 128 kbps.
LAN software consists of layers of software that is an integral part of an operating system, and various clients and servers. There is an ISO defined stack of seven layers, but in a practical setting of Windows and Unix OSs, we will briefly describe the Ethernet NIC device driver layer, the IP layer, and the TCP + UDP + ICMP layers.
Internet has a rigid and word-wide enforced addressing scheme that every computer on the network understands. Each NIC is rigidly identifed by a MAC address and an IP address. Each NIC is identified by a unique 6-byte number called its Ethernet or MAC address that is stored, at manufacture time, in a ROM on the card. An IP address is a 4-byte number that uniquely identifies a specific computer connected to the Internet. The four bytes are written as four numbers, separated by periods, as in 130.108.1.20. In this form each byte is converted to a decimal number (0-255) dropping any leading zero's unless the number is zero and written with each byte separated by a `.' character.
Groups of these numbers are assigned by a world-wide authority. For example, all computers at WSU have IP addresses of the form 130.108.*.* and 130.108.1.20 is the address of a specific server at WSU. When you connect to an ISP, your computer has an IP address (the same one all the time or a different address each time you connect). Isolated LANs, such as the on that we will use in this course, or one that you can setup at home, should have IP addresses in the group of 192.168.*.*.
All addresses within a network have the same prefix. The portion of the address that is common amongst all addresses within the network is called the `network portion' of the address. The remaining digits are called the `host portion'. The number of bits that are shared by all addresses within a network is called the netmask. For example, consider the following:
----------------- --------------- Host Address 192.168.110.23 Network Mask 255.255.255.0 Network Portion 192.168.110. Host portion .23 ----------------- --------------- Network Address 192.168.110.0 Broadcast Address 192.168.110.255 ----------------- ---------------
The broadcast address is a special address that every host on the network listens to in addition to its own unique address. If every host on the network is meant to receive a a packet, you send the packet to the broadcast address.
For administrative reasons, certain groups of addresses were formed into networks and these networks were grouped into what are called network classes. These classes provide a number of standard size networks that could be allocated. The ranges allocated are:
---------------------------------------------------------- | Network | Netmask | Network Addresses | | Class | | | ---------------------------------------------------------- | A | 255.0.0.0 | 0.0.0.0 - 127.255.255.255 | | B | 255.255.0.0 | 128.0.0.0 - 191.255.255.255 | | C | 255.255.255.0 | 192.0.0.0 - 223.255.255.255 | |Multicast| 240.0.0.0 | 224.0.0.0 - 239.255.255.255 | ----------------------------------------------------------
Internet domain names are the next level of Internet addressing, just as the street name is followed by the city and state. IP addresses are hard to remember, so we use names. All hosts registered on the Internet must have names that reflect them domains under which they are registered. Such names are called Fully Qualified Domain Names (FQDNs). The domain name identifies all the computers in a group. Domain names create a single identity for a set of locally connected computers used by a company or an institution. So while there may be 38 servers at a given organization, each with its own IP address, they all share a common domain name, such as wright.edu. In a name such as gamma.cs.wright.edu the "edu" shows that this host is sponsored by an education related organization. The top-level domain is wright.edu, and the second level domain is cs.wright.edu, and gamma is the name of the host machine.
A packet is the unit of data that is routed between an origin and a destination on the network. When any file (e-mail message, HTML file, GIF file, URL request, and so forth) is sent from one machine to another on the net, the Transmission Control Protocol (TCP) layer of TCP/IP divides the file into "chunks" of an efficient size for routing. Each of these packets is separately numbered and includes the Internet address of the destination. The individual packets for a given file may travel different routes through the net. When they have all arrived, they are reassembled into the original file (by the TCP software layer at the receiving end).
Ethernet is just a "party" line. When packets are sent out on the Ethernet, every host on the Ethernet sees them. To make sure the packets get to the right place, the Ethernet designers wanted to make sure that each address is different. For this reason 48 bits are allocated for the Ethernet address, and a built in Ethernet address on the Ethernet controller. The Ethernet packets have a 14-octet header, this includes address "to" and "from."
A protocol is the set of rules that a telecommunication connection uses when the two end points send signals back and forth. Protocols exist at several levels in a telecommunication connection. There are hardware telephone protocols. There are protocols between the end points in communicating programs within the same computer or at different locations, etc. Both end points must recognize and observe the protocol. Protocols are implemented as software in the network operating system.
Transports are the enabling network components that let clients talk to the server and that let one network talk with another network of a different brand. NetBEUI stands for Network Basic End User Interface. It supports small LANs and it is fast and simple.
On the Internet, there are the TCP/IP protocols, consisting of: TCP
(Transmission Control Protocol), which uses a set of rules to exchange messages
with other Internet points at the information packet level. IP (Internet
Protocol), which uses a set of rules to send and receive messages at the
Internet address level. These were developed to be routable and can
accommodate large networks. TCP/IP is a general term relating to the whole
family of Internet protocols. The protocols in this family are IP, TCP, UDP,
ICMP, ARP. The most accurate name for the set of protocols we are describing is
the "Internet protocol suite". TCP and IP are two of the protocols in
this suite. Even NFS, which uses UDP and not TCP, is often considered part of
this suite. TCP (Transmission Control Protocol) is a method (protocol) used
along with the Internet Protocol (IP) to send data in the form of message units
between computers over the Internet. While IP takes care of handling the actual
delivery of the data, TCP takes care of keeping track of the individual units of
data (called packets) that a message is divided into for efficient routing
through the Internet. The figure below is of a basic TCP/IP network node.
-----------------------------------
| Network Application |
| |
| ... \ | / .. \ | / ... |
| ------- ------- |
| | TCP | | UDP | |
| ------- ------- |
| \ / | % Key %
| ------- --------- | ~~~~~~~
| | ARP | | IP | | UDP User Datagram Protocol
| ------- --------- | TCP Transmission Control Protocol
| \ | | IP Internet Protocol
| \ | | ENET Ethernet
| ------------- | ARP Address Resolution Protocol
| | ENET | |
| -------@----- | O Transceiver
| | | @ Ethernet Address
-------------- | ------------------ * IP address
|
========================O=================================================
^
|
Ethernet Cable
We recommend the TCP/IP Refresher in the References for further details.
All network computing is based on the idea of clients and servers. Occasionally, a so-called client may become a server for a brief transient period, and vice-versa, but generally speaking servers are programs listening for requests from clients, and work on the requests after some authentication.
The meaning of clients and servers is some what narrow in the world of PCs running Windows because not all variants of Windows provide "services."
In a peer-to-peer network, a group of PCs are hooked together, with each PC, having equal status in the network. All the PCs can share files, send each other messages, and share a printer or two. You can setup one of the computers as a server. The other PCs are then known as client computers. The server stores the applications, files, and e-mail messages. This server delivers applications such as database, word processors, as well as data and e-mail. It also acts as the center for sharing printers, doing backup, etc. Windows 9x by itself, without additional software, cannot be a server. Windows NT Server, a higher priced version of NT, comes with all required software to setup as a server to Windows 9x and Windows NT Workstation clients.
Computers running Unix are typically configured as servers even when they are otherwise puny machines.
The domain name service is expected to run on selected server machines at port 53. These selected server machines are called the ``name servers'' which are authoritative for the names of a particular domain. All other machines describe how they resolve names in a file; on Unix, it is /etc/resolv.conf. Typically, a client machine has a table of host names and their IP addresses in a file called hosts. If a host name is not found in this file, the client machine requests the name servers listed in resolv.conf.
For every domain, such as wright.edu, there is only one primary name server and any number of secondary name servers. The primary name server is the most authoritative name server for that domain. The secondary name servers get their information about a domain from the primary name server. The DNS stores such information as name-to-IP-address mappings, name servers for subdomains, mail exchangers for hosts and domains, gateway pointers and host information.
NFS permits multiple systems to share a file system. An NFS server ``exports'' a file system to certain client machines with certain permission regarding read / write as described in the file /etc/exports.
The Network Information System (NIS) allows the sharing of a single password system by a large number of users who may wish to login on any one of a number of systems.
Telnet is the name of a client program and an underlying TCP/IP protocol for accessing remote computers.
FTP (File Transfer Protocol) is an application protocol that uses the Internet's TCP/IP protocols.
Ping is a standard network client that sends a packet to the target machine you named, and waits for a response. So you verify that a particular Internet address exists and alive through a ping. Ping can also be used with a host that is operating to see how long it takes to get a response back. Using ping, you can learn the dot-decimal number form of the IP address from the symbolic domain name.
paladin% /usr/sbin/ping -s www.mit.edu PING DANDELION-PATCH.MIT.EDU: 56 data bytes 64 bytes from DANDELION-PATCH.MIT.EDU (18.181.0.31): icmp_seq=0. time=118. ms 64 bytes from DANDELION-PATCH.MIT.EDU (18.181.0.31): icmp_seq=1. time=54. ms 64 bytes from DANDELION-PATCH.MIT.EDU (18.181.0.31): icmp_seq=2. time=46. ms 64 bytes from DANDELION-PATCH.MIT.EDU (18.181.0.31): icmp_seq=3. time=118. ms 64 bytes from DANDELION-PATCH.MIT.EDU (18.181.0.31): icmp_seq=4. time=84. ms 64 bytes from DANDELION-PATCH.MIT.EDU (18.181.0.31): icmp_seq=5. time=80. ms 64 bytes from DANDELION-PATCH.MIT.EDU (18.181.0.31): icmp_seq=6. time=280. ms 64 bytes from DANDELION-PATCH.MIT.EDU (18.181.0.31): icmp_seq=7. time=57. ms 64 bytes from DANDELION-PATCH.MIT.EDU (18.181.0.31): icmp_seq=8. time=95. ms 64 bytes from DANDELION-PATCH.MIT.EDU (18.181.0.31): icmp_seq=9. time=63. ms ^C ----DANDELION-PATCH.MIT.EDU PING Statistics---- 10 packets transmitted, 10 packets received, 0% packet loss round-trip (ms) min/avg/max = 46/99/280
Traceroute (some times also spelled as tracert) is a client that records the path (route) through the net between your computer and a specified destination computer. It also calculates and displays the amount of time each hop took. Traceroute is a handy tool both for understanding where problems are in the Internet network and for getting a detailed sense of the Internet itself. Another utility, ping, is often used prior to using traceroute to see whether a host is present on the network. Here is an example that traces the route taken from Paladin to Yahoo.com.
paladin% traceroute www.yahoo.com traceroute to www.yahoo.com (204.71.200.67), 30 hops max, 40 byte packets 1 130.108.128.4 (130.108.128.4) 1.755 ms 0.831 ms 0.859 ms 2 server-fw (130.108.128.65) 0.799 ms 0.862 ms 0.702 ms 3 130.108.1.2 (130.108.1.2) 2.458 ms 3.233 ms 2.265 ms 4 dlp2-sl3-2.dayton.oar.net (199.18.109.125) 133.789 ms 190.015 ms 223.619 ms 5 tlp3-atm1-0.toledo.oar.net (199.18.202.53) 34.568 ms 10.086 ms 85.328 ms 6 atm9-0-0-153.br1.CHI1.globalcenter.net (204.246.198.73) 62.788 ms 43.312 m s 42.406 ms 7 pos4-1-155M.cr1.CHI1.globalcenter.net (206.132.118.85) 43.675 ms 43.714 ms 83.308 ms 8 www2.yahoo.com (204.71.200.67) 82.251 ms 88.184 ms 83.306 ms
To allow anyone from a host H to remote login into host A, you add H to /etc/hosts.equiv
file on the machine A. This needs super user privileges. A
user can permit himself to rlogin to A from H without a password as follows. For
example, to allow pmateti who is currently logged on gamma.cs.wright.edu
to rlogin without having to supply a password on machine A, pmateti would
add one line of text ``gamma.cs.wright.edu pmateti'' to his ~/.rhosts
file on the machine A. Note that the .rhosts feature is needed only
between machines that do not share file systems via NFS.
Our goal in this lab is to learn the hardware and software setup of peer-to-peer networking of two PCs, and a LAN of several PCs running Linux.
Do the following prior to your scheduled lab. Turn in your work as you enter the lab.
Write your answers to the questions marked (Q1 to Q4) in the above procedure, and turn them in to your TA as you leave the lab.
|
A few acronyms and their
expansions are collected in the table here. If you are curious about an
acronym or term not listed, type it in the input box below, and then
press the button to look it up in the TechEncyclopedia. |
| 04/08/05 02:13:35 AM |
| Copyright © 2004 pmateti@cs.wright.edu |