Introduction to Networking
An introduction to Networking Basics with Linux
One of the most important aspects of any computer system is its ability to participate in a network. This may be in an enclosed office environment or a standalone device that has access to the internet (World Wide Web). Today virtually all computers are networked in one way or another. For all these devices to communicate with each other, they have to all understand the same language. To understand how a computer communicates with other computers and networks, we need to have a basic understanding of networking and the protocols that are used.
In the Beginning....
The internet as we know it today was an idea that was created and developed back in the early 1960s. During this period the US Government were concerned with possible Military threats that could cause a break in communication between one location and another within the United States. It was decided that a communication network should be devised that could handle possible large scale disasters and disruption. This task was originally given to DARPA (Defence Advanced Research Projects Agency). Over the next few years some of the greatest minds worked on this project where they designed the physical layout to this resilient system. These people were also responsible for the creation of a method of moving one data from one device to another. This protocol later became known as Transmission Control Protocol Internet Protocol (TCP/IP).
Originally the internet was known as the ARPANET (Advanced Research Project Agency Network). This original network existed at various Government locations and Universities across the United States. Over time more and more Educational institutes became involved in this project. Overtime new applications emerged that utilised this new TCP/IP protocol. FTP (File Transfer Protocol) and SMTP (Simple mail Transfer Protocol).
OSI Networking Model
The OSI (Open System Interconnection) defines how devices that are involved in data communication (internetworking) should interact with each other. The OSI model is a technology standard maintained by the International Standards Organisation (ISO). Within this theoretical model there are seven layers that organise various network functions.
The seven layers are defined as:
Application Layer, Presentation Layer, Session Layer, Transport Layer, Network Layer, Datalink Layer and Physical Layer
These seven layers are then split into two further levels Upper (layers 7,6 and 5) and Lower (layers 4,3,2 and 1):
|7||Application||Comprises the applications that use the network.|
|6||Presentation||Ensures that data is presented to the applications in a consistent fashion.|
|5||Session||Manages the connections between applications.|
|4||Transport||How data is moved from Point 'A' to Point 'B'. Data checks are carried out here and the retransmission of data in the event of a failure. Protocols here are TCP and UDP.|
|3||Network||The routing of data between two links. The main goal here is to get data from Point 'A' to Point 'B'.|
|2||Link||Provides reliable delivery of data across the physical layer.|
|1||Physical||This layer is responsible for the transmission of data over network communications medium|
TCP/IP is actually a suite of protocols (TCP) Transmission Control Protocol, (IP) Internet Protocol, (UDP) User Datagram Protocol and (ICMP) Internet Control Message Protocol being the most prevalent. Many of these protocols use a handshake method for reliable communication, whereby they maintain packet arrival order and error handling. A protocol that doesn't exchange this information is known as connectionless and classed as unreliable. TCP is a reliable protocol whereas UDP is not.
Generally the application will pick the appropriate protocol to use. For example, if you are surfing the web, you do not want to loose data as this could be quite bad. If you are downloading a program you do not want to loose a few bytes of the code!. This is why TCP would be the chosen protocol. Such services such as DNS will use UDP as this can return a fast response time.
TCP is a connection orientated transport agent used by applications to establish network connectivity. TCP guarantees packet arrival and the maintains the correct order of packets received. TCP is one of the main protocols used by other network services. These include FTP (File Transfer Protocol), ssh (Secure Shell) and SMTP (Simple Mail Transfer Protocol). TCP is chosen because of its in built error checking mechanism.
IP which is a connectionless protocol defines datagrams, addressing schemes (Ip Address). IP is considered to be the building block of the Internet.
UDP is a connectionless transport agent. This means that UDP provides no assurance that a packet will arrive at its destination. Programs that use UDP will have to carry out their own error checking. UDP is used by applications like DNS and NFS.
ICMP (Internet Control Message Protocol) is a control protocol meaning that it does not carry application data, but carries information relating to the network itself. ICMP is used for error reporting and flow control within a network. ICMP can be used to detect unreachable networks, used by networking components to instruct a sender to use a different gateway. One popular use of the ICMP protocol is the ping command.
Network Addressing and Routing
Over the years IPv4 (Internet Protocol Version 4) has been the default standard used for the assigning of unique addresses to hosts and devices on a network. These 32 bit addresses are commonly known as the "dotted quad" because they are four 8 bit fields divided by a period "." Under IPv4 there are 4.29 billion addresses. However, large blocks of these addresses are reserved and are not available for public allocation.
An example of a dotted IPv4 address and its Binary equivalent: 192.168.0.5 (11000000 10101000 00000000 00000101)
IPv4 addresses are organised into classes:
|Class of Address||IP Address Range|
|Class 'A'||0.0.0.0 to 127.255.255.255|
|Class 'B'||220.127.116.11 to 18.104.22.168|
|Class 'C'||192.0.0.0 to 22.214.171.124|
|Class 'D'||126.96.36.199 to 188.8.131.52|
|Class 'E'||240.0.0.0 to 247.255.255.255|
Overtime these IPv4 addresses have been heavily utilised and there have been worries that we would run completely out of addresses. To try and alleviate this various technologies have emerged that have helped the situation. NAT (Network Address Translation), (CIDR) Classless Inter Domain Routing and the creation of IPv6. One popular method was to use what is known as Private IP Addressing. Basically these means that companies, home networks can all use the same internal IP addresses as these are not rout-able and can not be accessed over the internet. This is where NAT comes into its own. Most ISP (Internet Service Providers) will give you only one IP address. If you have a router as part of your network, this will use NAT to allow multiple devices to utilise this single IP address yet allow each device to remain unique within the internal network. This will then give access to the internet to all devices.
The Private address ranges of an IPv4 network are as follows:
|Class of Address||Private IP Address Range|
|Class 'A'||10.0.0.0 to 10.255.255.255|
|Class 'B'||172.16.0.0 to 172.31.255.255|
|Class 'C'||192.168.0.0 to 192.168.255.255|
If you issue the ip address show command, you will probably see that you have an ip address in the range of "192.168.0.x":
john@john-desktop:~$ ip -4 a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.0.14/24 brd 192.168.0.255 scope global eth0
All devices on my network are issued IP addresses within this range, yet I only have one external IP address supplied from my ISP!
CIDR - Classless Inter Domain Routing
Another method to combat the utilisation of the IPv4 addresses was to use CIDR (Classless Inter Domain Routing). This method moved away from the familiar assigning IP addresses based on "Classes". IPV4 addresses are now specified using CIDR notation. The format of an IP address using CIDR would be Address/Prefix. The prefix specifies the number of bits that are used by the subnet mask.
An example using the IP address of 192.168.0.1/24 would give you:
|Netmask:||255.255.255.0 = 24||11111111.11111111.11111111. 00000000|
|Hosts/Net:||254||Class C, Private Internet|
IPv6 - Internet Protocol Version 6
IPV6 is the latest version of the internet protocol (IP). This is the protocol that is going to replace IPv4. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the exhaustion of the IPv4 addresses. As more and more devices became connected, there was a need for more IP addresses. To combat this, IPV6 uses a 128-bit address thus dramatically increasing the number of IP address to a staggering "340,282,366,920,938,000,000,000,000,000,000,000,000" number of unique IP addresses.
IPv6 addresses consist of eight groups of four hexadecimal digits separated by a colon ":". On my local system I have an IPv6 address of: "fe80::211:11ff:fe88:4f44". It is also possible to abbreviate IPv6 addresses:
IPV6 address: 1040:0000:0000:0000:0005:0060:125c:135d - Can be expressed as:
1040:0:0:0:5:60:125c:135d - Here any leading zeros have been removed. Again, this can be further reduced to:
1040::5:60:125c:135d - Here the double colon ":" notation represents a series of zeros
Subnet Masks, Broadcast Addresses and IP Address Ranges
The Subnet mask is a 32-bit number that masks an IP address, and divides the IP address into network address and host address. Subnet Mask is made by setting network bits to all ones "1" and setting host bits to all zeros "0". Two host addresses are generally reserved for special purposes. The "0" address is assigned a Network Address and "255" is assigned to a Broadcast Address. These addresses can not be assigned to a host.
A Broadcast Address is an address to which all devices connected to a network are enabled to receive datagrams. A message sent to a broadcast address is typically received by all network attached hosts.
The Network ID is the network portion of an IP address that identifies which subnet a host is on. The subnet that the computer is on is determined by the netmask and the IP address. The Subnet Address is the same as the Network ID and is the beginning part of the IP address.
Example of Subnet Mask, Broadcast Address and Network ID calculations
Example: server01 IP Addr : 10.52.56.250 00001010.00110100.00111000.11111010 Netmask : 255.255.252.0 11111111.11111111.11111100.00000000/22
To work out the Network id we do a bit wise & of the IP address and Netmask:
IP Addr : 10.52.56.250 00001010.00110100.00111000.11111010 Netmask : 255.255.252.0 11111111.11111111.11111100.00000000/22 00001010.00110100.00111000.00000000 10 52 56 0
To work out the broadcast address for server01 we do a bit wise | of the IP address and the Netmask
(invert the netmask 1 to 0's and 0's 1)
To work out the Network id we do a bit wise & of the IP address and Netmask:
IP Addr : 10.52.56.250 00001010.00110100.00111000.11111010 Netmask : 255.255.252.0 11111111.11111111.11111100.00000000/22 00001010.00110100.00111011.11111111 10 52 59 255
To calculate the address range from the IP address and Netmask:
For 255.255.252 netmask 22 bits are used for the network and 10 bits for the host id's
IP Addr : 10.52.56.250 00001010.00110100.00111000.11111010 Netmask : 255.255.252.0 11111111.11111111.11111100.00000000/22 Network Address bit wise & 00001010.00110100.00111011.11111111 10 52 56 0
To work out the address range look at the last 10 bits (ie 32-22=10) which will be used for the hostid.
(n=network, h=host) nnnnnnnn.nnnnnnnn.nnnnnnhh.hhhhhhhh
To calculate the number of hosts (2^N-2) 2^10-2=1022 (first address for the network and the last address for the broadcast address hence the -2.
To calculate the address range we look at the last 2 octets:
From : 00111000.00000000 to 00111011.11111111 56 0 59 255 So the Address Range is: 10.52.56.0 to 10.52.56.255 10.52.57.0 to 10.52.57.255 10.52.58.0 to 10.52.58.255 10.52.59.0 to 10.52.59.255
Common Ports used within a TCP/IP Network
The following are a list of ports that are used by various services. It worth committing these to memory as you will come across these quite frequently:
|20 and 21||FTP Data and FTP Control||During a FTP session, data flows through Port 20 whilst control information flows down Port 21|
|23||Telnet||Telnet requests sent to this port|
|25||SMTP||Port 25 used by MTAs (Mail Transfer Agents - email)|
|53||DNS||Domain Name System|
|67||BOOTP/DHCP Server||Handing out of IP addresses|
|68||BOOTP/DHCP Client||Client side for BOOTP/DHCP|
|80||HTTP Server||Web Servers listen on this port|
|110||POP3||Post Office Protocol - Used by mail client programs for the transferring of mail to a server|
|119||NNTP||Used by News servers and Usenet news|
|143||IMAP||Internet Message Access Protocol - Alternative to POP3|
|161||SNMP||Simple Network management Protocol|
The ports which are known to your system can be found in "/etc/services". Port numbers 1 to 1023 are generally known as privileged ports as the services that use these ports are generally running with root privileges. The term "Well known" ports refers to ports such as port 21 for FTP, port 23 for Telnet, port 25 for SMTP and port 80 for HTTP. The port number range from 1024 to 65535 are known as unprivileged ports. These can be used by ordinary users.