Docstoc

Networking Essentials

Document Sample
Networking Essentials Powered By Docstoc
					    Technical Support Academy
    Networking Concepts

                  44030




Compiled by:
Patrick Clifton   ETTC-Floyd College
Edward Gowen      ETTC-Macon State College
David Rogers      ETTC-Heart of Georgia RESA
Hoke Wilcox       ETTC-Columbus State University
                                                     Table of Contents
Table of Contents ............................................................................................................................ 2
Introduction ..................................................................................................................................... 5
   So just what is a network anyway? ............................................................................................. 5
     Local Area Network................................................................................................................ 5
     Metropolitan Area Network .................................................................................................... 6
     Wide Area Network ................................................................................................................ 6
     The Internet ............................................................................................................................. 6
     Intranet .................................................................................................................................... 6
   Protocols...................................................................................................................................... 6
   Open Systems Interconnect (OSI) Reference Model .................................................................. 7
   Media Connection Protocols ....................................................................................................... 8
     Ethernet ................................................................................................................................... 8
     Fast Ethernet ........................................................................................................................... 8
     Gigabit Ethernet ...................................................................................................................... 8
     LocalTalk ................................................................................................................................ 9
     Token Ring.............................................................................................................................. 9
     FDDI ....................................................................................................................................... 9
     ATM........................................................................................................................................ 9
   Physical Network Topologies ................................................................................................... 10
     Bus ........................................................................................................................................ 10
     Star ........................................................................................................................................ 10
     Star-Wired Ring .................................................................................................................... 12
     Tree ....................................................................................................................................... 13
     5-4-3 Rule ............................................................................................................................. 13
     Considerations When Choosing a Topology ........................................................................ 14
Hardware ....................................................................................................................................... 15
   What is Networking Hardware?................................................................................................ 15
   Workstation and Server Network Interfaces ............................................................................. 15
     Network Interface Cards ....................................................................................................... 15
     Ethernet Cards....................................................................................................................... 16
     Token Ring Cards ................................................................................................................. 16
     LocalTalk Connectors ........................................................................................................... 17
   Hubs .......................................................................................................................................... 17
   Switches .................................................................................................................................... 18
   Repeaters ................................................................................................................................... 18
   Bridges ...................................................................................................................................... 19
   Routers ...................................................................................................................................... 19
   Media (Cabling) ........................................................................................................................ 20
     Unshielded twisted pair......................................................................................................... 20
     Unshielded Twisted Pair Connector ..................................................................................... 20
     Shielded Twisted Pair (STP) Cable ...................................................................................... 21
     Coaxial Cable ........................................................................................................................ 21
     Coaxial Cable Connectors..................................................................................................... 22
     Fiber Optic Cable .................................................................................................................. 22
     Facts about fiber optic cables:............................................................................................... 23
     Ethernet Cable Summary ...................................................................................................... 23
     Wireless LANs ...................................................................................................................... 23
     Installing Cable - Some Guidelines ...................................................................................... 24
Introduction to TCP/IP.................................................................................................................. 26
   Addresses .................................................................................................................................. 27
   Subnets ...................................................................................................................................... 27
   A Uncertain Path ....................................................................................................................... 28
   Undiagnosed Problems ............................................................................................................. 29
   Need to Know ........................................................................................................................... 30
DHCP ............................................................................................................................................ 32
Networking Commands and Tools ............................................................................................... 39
   ADDRESS RESOLUTION PROTOCOL ................................................................................ 39
   FILE TRANSFER PROTOCOL (ftp) ...................................................................................... 40
   IPCONFIG ................................................................................................................................ 42
   WINIPCFG ............................................................................................................................... 45
   NET ........................................................................................................................................... 45
   Net accounts .............................................................................................................................. 45
   Net computer............................................................................................................................. 45
   Net config.................................................................................................................................. 46
   Net continue .............................................................................................................................. 46
   Net file....................................................................................................................................... 46
   Net group................................................................................................................................... 47
   Net help ..................................................................................................................................... 47
   Net helpmsg .............................................................................................................................. 47
   Net localgroup........................................................................................................................... 47
   Net name ................................................................................................................................... 47
   Net pause................................................................................................................................... 47
   Net print .................................................................................................................................... 47
   Net send..................................................................................................................................... 47
   Net session ................................................................................................................................ 47
   Net share ................................................................................................................................... 48
   Net start ..................................................................................................................................... 48
   Net statistics .............................................................................................................................. 48
   Net stop ..................................................................................................................................... 48
   Net time..................................................................................................................................... 48
   Net use....................................................................................................................................... 48
   Net user ..................................................................................................................................... 48
   Net view .................................................................................................................................... 48
   NETSH...................................................................................................................................... 48
   NETSH...................................................................................................................................... 49
   NSLOOKUP ............................................................................................................................. 50
   PATHPING ............................................................................................................................... 51
   PING ......................................................................................................................................... 53
   ROUTE ..................................................................................................................................... 55
   TELNET.................................................................................................................................... 56
   TRACE ROUTE ....................................................................................................................... 57
   Microsoft Support Tools ........................................................................................................... 58
    Parameters ............................................................................................................................. 60
  Third Party Tools ...................................................................................................................... 62
Appendix 1 - Glossary .................................................................................................................. 65
Appendix 2 - Reference material on TCP/IP ................................................................................ 73
Appendix 3 - Commonly Used TCP/IP ports ............................................................................... 74
Introduction
The Networking Concepts class is the fourth class in the Technical Support Academy course
sequence. Our intention is to provide participants with an introduction to network design,
implementation, maintenance and troubleshooting. Our particular emphasis will be on Ethernet
style networking as this is most frequently used in schools.


So just what is a network anyway?

A network is a way to share a collection of equipment such as servers, computers, printers, and
modems connected together by some type of transport media. A network helps people work
collectively, not just individually. Networking is all about sharing data, software, and
peripherals such as printers, modems, fax machines, Interne t connections, CD-ROM and tape
drives, hard disks and other data storage equipment. A small network may be as simple as just
two computers linked together by cable. A large network can link hundreds or thousands of
computers and peripherals together in various configurations. A variety of equipment may be
used in a network. Depending on how many computers and other equipment you need to
connect, your choice of networking devices will vary. There are many kinds of networks. One
way to differentiate networks is by their size. The most common is the Local Area Network or
LAN but there others as described below.


Local Area Network

A Local Area Network (LAN) is a network that is confined to a relatively small area. It is
generally limited to a geographic area such as a writing lab, school, or building. Rarely are LAN
computers more than a mile apart.

In a typical LAN configuration, one computer is designated as the file server. It stores all of the
software that controls the network, as well as the softwa re that can be shared by the computers
attached to the network. Computers connected to the file server are called workstations. The
workstations can be less powerful than the file server, and they may have additional software on
their hard drives. On most LANs, cables are used to connect the network interface cards in each
computer.

LANs are often further classified by topology - the manner in which the individual components
are connected together. Typical topologies include Bus, Star, Ring, Tree and Web. Topologies
are closely associated with the Protocols used within the network such as Ethernet, Local Talk
(AppleTalk), Token Ring, FDDI, ATM, etc.




                                                                                           5
Metropolitan Area Network

A Metropolitan Area Network (MAN) covers larger geographic areas, such as a c ity.
Interconnecting smaller networks (LANS) within a large geographic area permits the more
efficient sharing of information and resources throughout the network. Local libraries and
government agencies often use a MAN to connect to citizens and private industries.

Wide Area Network

Wide Area Networks (WANs) are also used to connect multiple LANs together. A school
district that has multiple Elementary, Middle and High School campuses in several cities within
a county would likely want to tie the building or campus LANs together into a WAN which
would include the Board of Education LAN.

The Internet

The Internet could be considered to be a world-wide collection of LANs, MANs and WANs
connected together by multiple redundant paths to insure that survivability of the network as a
whole even if some of the connecting links were damaged. The Internet is a system of linked
networks that are worldwide in scope and facilitate data communication services such as remote
login, file transfer, electronic mail, the World Wide Web and newsgroups.

The Internet was initially restricted to military and academic institutions, but now it is a full-
fledged conduit for any and all forms of information and commerce. Internet websites now
provide personal, educational, political and economic resources to every corner of the planet.

Intranet

With the advancements made in browser-based software for the Internet, many private
organizations are implementing intranets. An intranet is a private network utilizing Internet-type
tools, but available only within that organization. For large organizations, an intranet provides an
easy access mode to information for employees. Most Intranets have some connection to the
Internet typically through a Firewall to provide protection for the organization’s data. In some
cases widely separate LANs are connected to each other through the Internet to form a virtual
Intranet typically using a protocol such as Point-to-Point Tunneling Protocol (PPTP) to protect
the data that must be kept safe from other Internet users.


Protocols

A protocol is a set of rules that governs the communications between devices on a network.
These rules include guidelines that regulate the following characteristics of a network: access
method, allowed physical topologies, types of cabling, speed, bandwidth, etc. The term protocol
is also used with respect to the handling of data. For example: TCP/IP is described as being a
suite of protocols designed to move data from one device to another on a network or between
networks.

                                                                                             6
Open Systems Interconnect (OSI) Reference Model

A discussion of networking protocols and standards will often encounter the OSI 7 Layer
Networking Model. It should be pointed out that this is a theoretical model that has never
actually been fully implemented; however the concepts presented are valid and some familiarity
with the OSI Model makes it possible to understand network and protocols, such as TCP/IP that
are partial implementations of the model.

The seven layers of the OSI Reference Model are:

#   Layer                                              Purpose
7 Application      The Application layer represents the level at which applications access
                   network services. This layer represents the services that directly support
                   applications such as software for file transfers, database access, and
                   electronic mail.
6 Presentation     The Presentation layer translates data from the Application layer into an
                   intermediary format. This layer also manages security issues by providing
                   services such as data encryption, and compresses data so that fewer bits need
                   to be transferred on the network.
5 Session          The Session layer allows two applications on different computers to
                   establish, use, and end a session. This layer establishes dialog control
                   between the two computers in a session, regulating which side trans mits, plus
                   when and how long it transmits.
4 Transport        The Transport layer handles error recognition and recovery. It also
                   repackages long messages when necessary into small packets for
                   transmission and, at the receiving end, rebuilds packets into the original
                   message. The receiving Transport layer also sends receipt acknowledgments.
3 Network          The Network layer addresses messages and translates logical addresses and
                   names into physical addresses. It also determines the route from the source to
                   the destination computer and manages traffic problems, such as switching,
                   routing, and controlling the congestion of data packets.
2 Data Link        The Data Link layer packages raw bits from the Physical layer into frames
                   (logical, structured packets for data). This layer is responsible for transferring
                   frames from one computer to another, without errors. After sending a frame,
                   it waits for an acknowledgment from the receiving computer.
1 Physical         The Physical layer transmits bits from one computer to another and regulates
                   the transmission of a stream of bits over a physical medium. This layer
                   defines how the cable is attached to the network adapter and what
                   transmission technique is used to send data over the cable.

Note: A handy way to remember the seven layers is the sentence "All People Seem To Need
Data Processing." The beginning letter of each word corresponds to a layer starting at the top
layer (7) and proceeding downward to the Physical layer (1). The sentence “Please Do Not
Throw Sausage Pizza Away” operates in a similar fashion although in the reverse direction.



                                                                                           7
The OSI model describes the flow of data in a network, from the lowest layer (the physical
connections) up to the layer containing the user’s applications. Data going to and from the
network is passed layer to layer. Each layer is able to communicate with the layer immediately
above it and the layer immediately below it. This way, each layer is written as an efficient,
streamlined software component. When a layer receives a packet of information, it c hecks the
destination address, and if its own address is not there, it passes the packet to the next layer.

When two computers communicate on a network, the software at each layer on one computer
assumes it is communicating with the same layer on the other computer. For example, the
Transport layer of one computer communicates with the Transport layer on the other computer.
The Transport layer on the first computer has no regard for how the communication actually
passes through the lower layers of the first computer, across the physical media, and then up
through the lower layers of the second computer.


Media Connection Protocols
Ethernet
Contrary to one old joke, an “Ethernet” is not the net you use to catch the “Ether Bunny”.

The Ethernet protocol is by far the most widely used. Ethernet uses an access method called
CSMA/CD (Carrier Sense Multiple Access/Collision Detection). This is a system where each
host listens before sending anything through the network. If the network is clear, the host will
transmit. If some other node is already transmitting, the host will wait and try again when the
line is clear. When two or more hosts attempt to transmit at the same instant a collision occurs.
Each host then backs off and waits a random amount of time before a ttempting to retransmit.
With this access method, it is normal to have collisions. However, the delay caused by collisions
and retransmitting is very small and does not normally effect the speed of transmission on the
network as long as the number of hosts on any network segment is not excessive.

The Ethernet protocol allows for linear bus, star, or tree topologies. Data can be transmitted over
twisted pair, coaxial, or fiber optic cable at a speed of 10 Mbps up to 1000 Mbps.

Fast Ethernet
To allow for an increased speed of transmission, the Ethernet protocol has a standard that
supports 100 Mbps. This is commonly called Fast Ethernet. Fast Ethernet requires the use of
different, more expensive network concentrators/hubs and network interface cards. In add ition,
category 5 twisted pair or fiber optic cable is necessary. Fast Ethernet is common in schools that
have been wired within the last ten years or so..

Gigabit Ethernet
The most recent development in the Ethernet standard is a protocol that has a transmission speed
of 1 Gbps. Gigabit Ethernet is primarily used for backbones on a network at this time. In the
future, it will probably be used for workstation and server connections also. It can be used with
both fiber optic cabling and copper. The 1000BaseTX, the copper cable used for Gigabit
Ethernet requires the use of Category 6 cable and hardware.



                                                                                           8
LocalTalk
LocalTalk, originally called AppleTalk, is a network protocol that was developed by Apple
Computer, Inc. for Macintosh computers. The method used b y LocalTalk is called CSMA/CA
(Carrier Sense Multiple Access with Collision Avoidance). It is similar to CSMA/CD except that
a computer signals its intent to transmit before it actually does so. LocalTalk adapters and special
twisted pair cable can be used to connect a series of computers through the serial port. The
Macintosh operating system allows the establishment of a peer-to-peer network without the need
for additional software. With the addition of the server version of AppleShare software, a
client/server network can be established.

The LocalTalk protocol allows for linear bus, star, or tree topologies using twisted pair cable. A
primary disadvantage of LocalTalk is speed. Its speed of transmission is only 230 Kbps.


Token Ring
The Token Ring protocol was developed by IBM in the mid-1980s. The access method used
involves token-passing. In Token Ring, the computers are connected so that the signal travels
around the network from one computer to another in a logical ring. A single electronic token
moves around the ring from one computer to the next. If a computer does not have information to
transmit, it simply passes the token on to the next workstation. If a computer wishes to transmit
and receives an empty token, it attaches data to the token. The token then proceeds around the
ring until it comes to the computer for which the data is meant. At this point, the data is captured
by the receiving computer. The Token Ring protocol requires a star-wired ring using twisted pair
or fiber optic cable. It can operate at transmission speeds of 4 Mbps or 16 Mbps. Due to the
increasing popularity of Ethernet, the use of Token Ring in school environments has decreased.


FDDI
Fiber Distributed Data Interface (FDDI) is a network protocol that is used primarily to
interconnect two or more local area networks, often over large distances. The access method
used by FDDI involves token-passing. FDDI uses a dual ring physical topology. Transmission
normally occurs on one of the rings; however, if a break occurs, the system keeps information
moving by automatically using portions of the second ring to create a new complete ring. A
major advantage of FDDI is speed. It operates over fiber optic cable at 100 Mbps to 1Gbps.


ATM
Asynchronous Transfer Mode (ATM) is a network protocol that transmits data at a speed of 155
Mbps and higher. ATM works by transmitting all data in small packets of a fixed size; whereas,
other protocols transfer variable length packets. ATM supports a variety of media such as video,
CD-quality audio, and imaging. ATM employs a star topology, which can work with fiber optic
as well as twisted pair cable.

ATM is most often used to interconnect two or more local area networks. It is also frequently
used by Internet Service Providers to utilize high-speed access to the Internet for their clients. As



                                                                                            9
Physical Network Topologies

The physical topology of a network refers to the configuration of cables, computers, and other
peripherals. Physical topology should not be confused with logical topology which is the method
used to pass information between workstations. The most common topology in use to day is the
Star.


Bus
Bus topology consists of a main run of cable with a terminator at each end. All nodes (file server,
workstations, and peripherals) are connected to the linear cable. Ethernet and LocalTalk
networks use a linear bus topology.




Advantages of a Linear Bus Topology
    Easy to connect a computer or peripheral to a linear bus.
    Requires less cable length than a star topology.

Disadvantages of a Linear Bus Topology
    Entire network shuts down if there is a break in the main cable.
    Terminators are required at both ends of the backbone cable.
    Difficult to identify the problem if the entire network shuts down.
    Not meant to be used as a stand-alone solution in a large building.



Star
A star topology is designed with each node (file server, workstations, and peripherals) connected
directly to a central network hub or concentrator.

Data on a star network passes through the hub or concentrator before continuing to its
destination. The hub or concentrator manages and controls all functions of the network. It also
acts as a repeater for the data flow. This configuration is common with twisted pair cable;
however, it can also be used with coaxial cable or fiber optic cable.




                                                                                         10
Advantages of a Star Topology
    Easy to install and wire.
    No disruptions to the network then connecting or removing devices.
    Easy to detect faults and to remove parts.

Disadvantages of a Star Topology
    Requires more cable length than a linear topology.
    If the hub or concentrator fails, nodes attached are disabled.
    More expensive than linear bus topologies because of the cost of the concentrators.

The protocols used with star configurations are usually Ethernet or LocalTalk. Token Ring uses a
similar topology, called the star-wired ring.




                                                                                      11
Star-Wired Ring
A star-wired ring topology may appear (externally) to be the same as a star topology. Internally,
the MAU (multistation access unit) of a star-wired ring contains wiring that allows information
to pass from one device to another in a circle or ring. The Token Ring protocol uses a star-wired
ring topology. Token Ring networks were once popular in schools but have largely been replace
with Ethernets.




                                                                                       12
Tree
A tree topology combines characteristics of linear bus and star topologies. It consists of groups
of star-configured workstations connected to a linear bus backbone cable (See fig. 4). Tree
topologies allow for the expansion of an existing network, and enable schools to configure a
network to meet their needs.




Advantages of a Tree Topology
    Point-to-point wiring for individual segments.
    Supported by many hardware and software venders.

Disadvantages of a Tree Topology
    Overall length of each segment is limited by the type of cabling used.
    If the backbone line breaks, the entire segment goes down.
    More difficult to configure and wire than other topologies.


5-4-3 Rule
A consideration in setting up a tree topology using Ethernet protocol is the 5-4-3 rule. One aspect
of the Ethernet protocol requires that a signal sent out on the network cable reach every part of
the network within a specified length of time. Each concentrator or repeater that a signal goes
through adds a small amount of delay. This leads to the rule that between any two hosts on the
network there can only be a maximum of 5 segments, connected through 4
repeaters/concentrators. In addition, only 3 of the segments may be populated (trunk) segments if
they are made of coaxial cable. A populated segment is one which has one or more hosts
attached to it . In the illustration, the 5-4-3 rule is adhered to. The furthest two nodes on the
network have 4 segments and 3 repeaters/concentrators between them.




                                                                                         13
This rule does not apply to other network protocols or Ethernet networks where all fiber optic
cabling or a combination of a fiber backbone with UTP cabling is used. If there is a combination
of fiber optic backbone and UTP cabling, the rule is altered to 7-6-5.


Considerations When Choosing a Topology
      Cost. A linear bus network may be the least expensive way to install a network; you do
       not have to purchase concentrators.
      Length of cable needed. The linear bus network uses shorter lengths of cable.
      Future growth. With a star topology, expanding a network is easily done by adding
       another concentrator.
      Cable type. The most common cable in schools is unshielded twisted pair, which is most
       often used with star topologies.




                                                                                       14
Hardware
What is Networking Hardware?
Networking hardware includes all computers and peripherals interface cards and other equipment
(hubs, switches, bridges, routers, etc.) needed to permit communications within and between
networks. Also included is the network media (wiring), patch panels, patch cords and outlets.




Workstation and Server Network Interfaces
Workstations and Servers must have a network interface installed to connect to a network. Most
modern desktop and laptop computers now come with one or more types of network interface
preinstalled. In many cases the circuitry is embedd ed on the motherboard and the network
interface connector is a part of the case/motherboard design. Servers also are sold with network
interfaces however they are more often separate components rather than being embedded on the
motherboard. Most current model laptops also include some form of wireless networking either
embedded or as a PC card option.


Network Interface Cards
The network interface card (NIC) provides the physical connection between the network and the
computer workstation. Most NICs are internal, with the card fitting into an expansion slot inside
the computer. Some computers, such as Mac Classics, use external boxes which are attached to a
serial port or a SCSI port. Modern Macintoshes now come with a standard Ethernet NIC and
RJ45 connector. Laptop computers can now be purchased with a network interface card built- in
or with network cards that slip into a PC Card slot.

Network interface cards are a major factor in determining the speed and performance of a
network. It is a good idea to use the fastest network card available for the type of workstation
you are using.




                                                                                          15
The three most common network interface connections are Ethernet cards, LocalTalk connectors,
and Token Ring cards. According to a International Data Corporation study, Ethernet is the most
popular, followed by Token Ring and LocalTalk.


Ethernet Cards
Ethernet cards may be purchased separately from a computer, although most modern computers
include a pre-installed Ethernet interface. Ethernet cards contain connections for either coaxial or
twisted pair cables (or both). If it is designed for coaxial cable, the connection will be BNC. If it
is designed for twisted pair, it will have a RJ-45 connection. Some Ethernet cards also contain an
AUI connector. This can be used to attach coaxial, twisted pair, or fiber optics cable to an
Ethernet card. When this method is used there is an external transceiver attached to the
workstation.




        Older Ethernet NIC (EISA)                            Newer Ethernet NIC (PCI)




         Ethernet (RJ-45) PC Card                         Wireless Ethernet PC Card NIC


Token Ring Cards
Token Ring network cards look similar to Ethernet cards. One visible difference is the type of
connector on the back end of the card. Token Ring cards generally have a nine pin DIN type
connector to attach the card to the network cable.




                                                                                          16
LocalTalk Connectors
LocalTalk is Apple's built- in solution for networking older Macintosh computers. It utilizes a
special adapter box and a cable that plugs into the printer port of a Macintosh. A major
disadvantage of LocalTalk is that it is slow in comparison to Ethernet. Most Ethernet
connections operate at 10 or 100 Mbps (Megabits per second). In contrast, LocalTalk operates at
only 230 Kbps (or .23 Mbps).




Hubs
A hub is a concentrator device that provides a central connection point for cables from
workstations, servers, and peripherals. In a star topology, twisted-pair wire is run from each
workstation to a central switch/hub. Most hubs are active, that is they electrically amplify the
signal as it moves from one device to another. Hubs are:

      Usually configured with 4, 8, 12, or 24 RJ-45 ports
      Used in a star or star-wired ring topology
      Sold with specialized software for port management
      Often installed in a standardized metal rack




                   Netgear 16 Port Hub                                 Linksys 5 Port Hub



                                                                                          17
As networks grow larger, hubs are often replaced with switches to reduce collisions.


Switches
A switch is also a concentrator device that provides a central connection point for cables from
workstations, servers, and peripherals. In a star topology, twisted-pair wire is run from each
workstation to a central switch. Most switches are active, that is they electrically amplify the
signal as it moves from one device to another. Switches do not pass all packets to each port as
hubs do. Switches learn the MAC Address of hosts on each port and send packets, other than
broadcasts, only to the addresses host. Switches are:

      Usually configured with 4, 8, 12, 24 or 48 RJ-45 ports
      Used in a star configuration
      Sold with specialized software for port management
      Often installed in a standardized metal rack




              Cisco Catalyst Switch showing 3 – 48 Port Ethernet 10BaseT blades


Repeaters
Since a signal loses strength as it passes along a cable, it may be necessary to boost the signal
with a device called a repeater. Repeaters amplifies the signal it receives and rebroadcasts it.
Repeaters can be separate devices or they can be incorporated into a concentrator. They are used
when the total length of your network cable exceeds the standards set for the type of cable being
used.



                                                                                         18
An example of the use of repeaters would be in a local area network using a star topology with
unshielded twisted-pair cabling. The length limit for unshielded twisted-pair cable is 100 meters.
The most common configuration is for each workstatio n to be connected by twisted-pair cable to
a multi-port active concentrator. The concentrator amplifies all the signals that pass through it
allowing for the total length of cable on the network to exceed the 100 meter limit.


Bridges
A bridge is a device that allows you to segment a large network into two smaller, more efficient
networks. A bridge monitors the information traffic on both sides of the network so that it can
pass packets of information to the correct location. Bridges can monitor the network and build a
table containing the MAC address of each computer on both sides of the bridge. The bridge
inspects each message and, if necessary, passes it on to the other side of the network.

The bridge manages the traffic to maintain optimum performance on both sides of the network.
You might say that the bridge is like a traffic cop at a busy intersection during rush hour. It keeps
information flowing on both sides of the network, but it does not allow unnecessary traffic
through. Bridges can be used to connect different types of cabling, or physical topologies. They
must, however, be used between networks with the same protocol.

Switches have essentially replaced bridges in modern networks. A switch could be considered a
multi-port bridge or a bridge could be described as a two-port switch.


Routers
A router translates and directs data from one network to another. Routers select the best path to
route a message, based on the destination address and origin. The router can direct traffic to
prevent head-on collisions, and is able to direct traffic along alternate paths when the most direct
path is unavailable. Simple Routers typically have only two network interfaces however Routers
with more than two interfaces are commonly used in complex WANs and by ISPs.

While bridges know the addresses of all computers on each side of the network, routers know the
addresses of computers, bridges, and other routers on the network. Routers can a network to
determine which sections are busiest -- they can then redirect data around those sections until
they clear up.

School LANs connected to the Internet will typically have a Router supplied by the ISP. The
router serves as the translator between the information on your LAN and the ISPs connection to
the Internet. It also determines the best route to send the data over the Internet. Routers can:

      Direct signal traffic efficiently
      Route messages between any two protocols
      Route messages between linear bus, star, and star-wired ring topologies
      Route messages across fiber optic, coaxial, and twisted-pair cabling




                                                                                           19
Media (Cabling)
Cable is the medium through which information usually moves from one network device to
another. There are several types of cable which are commonly used with LANs. In some cases, a
network will utilize only one type of cable, other networks will use a variety of cable types. The
type of cable chosen for a network is related to the network's topology, protocol, and size.
Understanding the characteristics of different types of cable and how they relate to other aspects
of a network is necessary for the development of a successful network.


Unshielded twisted pair
The quality of UTP may vary from telephone- grade wire to extremely high-speed cable. The
cable has four pairs of wires inside the jacket. Each pair is twisted with a different number of
twists per inch to help eliminate interference from adjacent pairs and other electrical devices.
The tighter the twisting, the higher the supported transmission rate and the greater the cost per
foot. The EIA/TIA (Electronic Industry Association/Telecommunication Industry Association)
has established standards of UTP and rated five categories of wire.




Categories of Unshielded Twisted Pair

       Type            Use
       Category 1      Voice Only (Telephone Wire)
       Category 2      Data to 4 Mbps (LocalTalk)
       Category 3      Data to 10 Mbps (Ethernet)
       Category 4      Data to 20 Mbps (16 Mbps Token Ring)
       Category 5      Data to 100 Mbps (Fast Ethernet)
       Category 5E     Data to 500 Mbps
       Category 6      Data to 1000 Mbps (Gigabit Ethernet)

Buy the best cable you can afford; most schools purchase Category 5, 5E or 6. 10BaseT refers to
the specifications for unshielded twisted pair cable (Category 3, 4, 5 or 6) carrying Ethernet
signals. Category 6 is relatively new and is used for gigabit connections.


Unshielded Twisted Pair Connector
The standard connector for unshielded twisted pair cabling is an RJ-45 connector. This is a
plastic connector that looks like a large telephone-style connector (See fig. 2). A slot allows the
RJ-45 to be inserted only one way. RJ stands for Registered Jack, implying that the connector
follows a standard borrowed from the telephone industry. This standard designates which wire


                                                                                          20
goes with each pin inside the connector. RJ-45 connectors can be difficult to install correctly. It
is not unusual for beginners to waste half of the connectors they attempt to install. The hardest
part is to trim and organize the individual wires and then get them in exactly the right order and
pushed all the way into the connector before crimping. The RJ-45EZ connector is more
forgiving that the standard RJ-45 and permits the individual wires to be pulled all the way
through the connector before being crimped and clipped. RJ-46EZ connectors are available for
both Cat 5 and 6.




                     RJ-45
                                                                        RJ-45EZ



Shielded Twisted Pair (STP) Cable
A disadvantage of UTP is that it may be susceptible to radio and electrical frequency
interference. Shielded twisted pair (STP) is suitable for environments with electrical interference;
however, the extra shielding can make the cables quite bulky. Shielded twisted pair is often used
on networks using Token Ring topology.




Coaxial Cable
Coaxial cabling has a single copper conductor at its center. A plastic layer provides insulation
between the center conductor and a braided metal shield. The metal shield helps to block any
outside interference from fluorescent lights, motors, and other computers.




Although coaxial cabling is difficult to install, it is highly resistant to signal interference. In
addition, it can support greater cable lengths between network devices than twisted pair cable.
The two types of coaxial cabling are thick coaxial and thin coaxial.


                                                                                            21
Thin coaxial cable is also referred to as 10Base2 or thinnet. 10Base2 refers to the specifications
for thin coaxial cable carrying Ethernet signals. The 2 refers to the approximate maximum
segment length being 200 meters. In actual fact the maximum segment length is 185 meters.
Thin coaxial cable was popular in school networks, especially linear bus backbone networks
however Fiber is more often used for backbones today.

Thick coaxial cable is also referred to as thicknet. 10Base5 refers to the specifications for thick
coaxial cable carrying Ethernet signals. The 5 refers to the maximum segment length being 500
meters. Thick coaxial cable has an extra protective plastic cover that helps keep moisture away
from the center conductor. This makes thick coaxial a great choice when running longer lengths
in a linear bus or backbone network. Thick coax does not bend easily, is difficult to install and
expensive.


Coaxial Cable Connectors
The most common type of connector used with coaxial cables is the Bayone-Neill-Concelman
(BNC) connector (See fig. 4). Different types of adapters are available for BNC connectors,
including a T-connector, barrel connector, and terminator. Connectors on the cable are the
weakest points in any network. To help avoid problems with your network, always use the BNC
connectors that crimp, rather than screw, onto the cable.




Fiber Optic Cable
Fiber optic cabling consists of a center glass core surrounded by several layers of protective
materials. It transmits light rather than electronic signals eliminating the problem of electrical
interference. This makes it ideal for certain environments that contain a large amount of
electrical interference. It has also made it the standard for connecting networks between
buildings, due to its immunity to the effects of moisture and lighting.




Fiber optic cable has the ability to transmit signals over much longer distances than coaxial and
twisted pair. It also has the capability to carry information at vastly greater speeds. This capacity
broadens communication possibilities to include services such as video conferencing and
interactive services. The cost of fiber optic cabling is comparable to copper cabling; however, it
is more difficult to install and modify. 10BaseF refers to the specifications for fiber optic cable
carrying Ethernet signals.




                                                                                           22
Facts about fiber optic cables:

       Outer insulating jacket is made of Teflon or PVC.
       Kevlar fiber helps to strengthen the cable and prevent breakage.
       A plastic coating is used to cushion the fiber center.
       Center (core) is made of glass or plastic fibers.
       Fiber Optic Connector (ST, SC or MTRJ)
       Generally comes in two sizes 62.5 or 50 microns
       Single Mode fiber is more expensive and generally used for long hauls measured in
        miles.
     Multimode fiber is more common in schools and is much cheaper.
The most common connector used with fiber optic cable is an ST and SC connectors. The ST is
barrel shaped, similar to a BNC connector. The SC connector, has two squared faced connectors
and is easier to connect in a confined space. MTRJ is newer and becoming more popular. It is a
single connector with the single square faced connector similar to the SC connection.

An easy way to remember the different fiber connections is:

ST = Squeeze and twist (barrel shaped)
SC = Squeeze and clip (square face)




Ethernet Cable Summary

       Specification    Cable Type                  Maximum length
       10BaseT          Unshielded Twisted Pair     100 meters
       10Base2          Thin Coaxial                185 meters
       10Base5          Thick Coaxial               500 meters
       10BaseF          Fiber Optic                 2000 meters
       100BaseT         Unshielded Twisted Pair     100 meters
       100BaseTX        Unshielded Twisted Pair     220 meters



Wireless LANs

Not all networks are connected with cabling; some networks are wireless. Wireless LANs use
high frequency radio signals, infrared light beams, or lasers to communicate between the
workstations and the file server or hubs. Each workstation and file server on a wireless network


                                                                                        23
has some sort of transceiver/antenna to send and receive the data. Information is relayed between
transceivers as if they were physically connected. For longer distance, wireless communications
can also take place through cellular telephone technology, microwave transmission, or by
satellite.

Wireless networks are great for allowing laptop computers or remote computers to connect to the
LAN. Wireless networks are also beneficial in older buildings where it may be difficult or
impossible to install cables.

The two most common types of infrared communications used in schools are line-of-sight and
scattered broadcast. Line-of-sight communication means that there must be an unblocked direct
line between the workstation and the transceiver. If a person walks within the line-of-sight while
there is a transmission, the information would need to be sent again. This kind of obstruction can
slow down the wireless network.

Scattered infrared communication is a broadcast of infrared transmissions sent out in multiple
directions that bounces off walls and ceilings until it eventually hits the receiver. Networking
communications with laser are virtually the same as line-of-sight infrared networks.

Wireless LANs have several disadvantages. They provide poor security, and are susceptible to
interference from lights and electronic devices. They are also slower than LANs using cabling.

Wi-Fi Standards

802.11b                        2.4 GHz                              11 mbs
802.11a                        5 GHz                                54 mbs
802.11g                        2.4 GHz                              54 mbs
802.11n*                       5 GHz                                100+mbs
* Proposed standard expected 2005-2006



Installing Cable - Some Guidelines
When running cable, it is best to follow a few simple rules:

      Professional installation may actually be more cost effective.
      If you have your cable commercially installed, inspect the cable and make sure you
       actually get what you paid for.
      Always use more cable than you need. Leave plenty of slack. Cable should never be
       spliced.
      Test every part of a network as you install it. Even if it is brand new, it may have
       problems that will be difficult to isolate later.
      Stay at least 3 feet away from fluorescent light boxes and other sources of electrical
       interference such as electrical motors and dimmers.
      If it is necessary to run cable across the floor, cover the cable with cable protectors.
      Label both ends of each cable.
      Document the network and keep the documentation updated and available.

                                                                                          24
   Use cable ties (not tape) to keep cables in the same location together.




                                                                              25
Introduction to TCP/IP
The initial host-to-host communications protocol introduced in the ARPANET was called the
Network Control Protocol (NCP). Over time, however, NCP proved to be incapable of keeping
up with the growing network traffic load. In 1974, a new, more robust suite of communications
protocols was proposed and implemented throughout the ARPANET, based upon the
Transmission Control Protocol (TCP) for end-to-end network communication. But it seemed like
overkill for the intermediate gateways (what we would today call routers) to needlessly have to
deal with an end-to-end protocol so in 1978 a new design split responsibilities between a pair of
protocols; the new Internet Protocol (IP) for routing packets and device-to-device
communication (i.e., host-to-gateway or gateway-to-gateway) and TCP for reliable, end-to-end
host communication. Since TCP and IP were originally envisioned functionally as a single
protocol, the protocol suite, which actually refers to a large collection of protocols and
applications, is usually referred to simply as TCP/IP.

The original versions of both TCP and IP that are in common use today were written in
September 1981, although both have had several modifications applied to them (in addition, the
IP version 6, or IPv6, specification was released in December 1995). In 1983, the DoD mandated
that all of their computer systems would use the TCP/IP protocol suite for long- haul
communications, further enhancing the scope and importance of the ARPANET.(1)

As with all other communications protocol, TCP/IP is composed of layers:

      IP - is responsible for moving packet of data from node to node. IP forwards each packet
       based on a four byte destination address (the IP number). The Internet authorities assign
       ranges of numbers to different organizations. The organizations assign groups of their
       numbers to departments. IP operates on gateway machines that move data from
       department to organization to region and then around the world.
      TCP - is responsible for verifying the correct delivery of data from client to server. Data
       can be lost in the intermediate network. TCP adds support to detect errors or lost data and
       to trigger retransmission until the data is correctly and completely received.
      Sockets - is a name given to the package of subroutines that provide access to TCP/IP on
       most systems.

To insure that all types of systems from all vendors can communicate, TCP/IP is absolutely
standardized on the LAN. However, larger networks based on long distances and phone lines are
more volatile. In the US, many large corporations would wish to reuse large internal networks
based on IBM's SNA. In Europe, the national phone companies traditionally standardize on
X.25. However, the sudden explosion of high speed microprocessors, fiber optics, and digital
phone systems has created a burst of options: ISDN, frame relay, FDDI, Asynchronous Transfer
Mode (ATM). New technologies arise and become obsolete within a few years. Cable modem
and phone companies add daily to the Internet, therefore no single standard can govern citywide,
nationwide, or worldwide communications.

The original design of TCP/IP as a Network of Networks fits nicely within the current
technological uncertainty. TCP/IP data can be sent across a LAN, or it can be carried within an


                                                                                        26
internal corporate SNA network, or it can be delivered on DSL (digital subscriber lines) and
cable modems into homes. Furthermore, machines connected to any of these networks can
communicate to any other network through gateways supplied by the network vendor.

Addresses

Each technology has its own convention for transmitting messages between two machines within
the same network. On a LAN, messages are sent between machines by supplying the six byte
unique identifier (the "MAC" address). In an SNA network, every machine has Logical Units
with their own network address. DECNET, Appletalk, and Novell IPX all have a scheme for
assigning numbers to each local network and to each workstation attached to the network.

On top of these local or vendor specific network addresses, TCP/IP assigns a unique number to
every workstation in the world. This "IP number" is a four byte value that, by convention, is
expressed by converting each byte into a decimal number (0 to 255) and separating the bytes
with a period. For example, Widget International’s server is located at 66.218.71.198.

An organization begins by sending electronic mail to Hostmaster@INTERNIC.NET requesting
assignment of a network number. It is still possible for almost anyone to get assignment of a
number for a small "Class C" network in which the first three bytes identify the network and the
last byte identifies the individual computer. The author followed this procedure and was assigned
the numbers 192.35.91.* for a network of computers at his house. Larger organizations can get a
"Class B" network where the first two bytes identify the network and the last two bytes identify
each of up to 64 thousand individual workstations. Widget International’s Class B network is
130.132, so all computers with IP address 130.132.*.* are connected through it’s world wide
headquarters in Red Bay, AL.

The organization then connects to the Internet through one of a dozen regional or specialized
network suppliers. The network vendor is given the subscriber network number and adds it to the
routing configuration in its own machines and those of the other major network suppliers.

There is no mathematical formula that translates the numbers 192.35.91 or 130.132 into "Widget
International" or "Red Bay, AL." The machines that manage large regional networks or the
central Internet routers managed by the National Science Foundation can only locate these
networks by looking each network number up in a table. There are potentially thousands of Class
B networks, and millions of Class C networks, but computer memory costs are low, so the tables
are reasonable. Customers that connect to the Internet, even customers as large as IBM, do not
need to maintain any information on other networks. They send all external data to the regional
carrier to which they subscribe, and the regional carrier maintains the tables and does the
appropriate routing.

Subnets
Although the individual subscribers do not need to tabulate network numbers or provide explicit
routing, it is convenient for most Class B networks to be internally managed as a much s maller
and simpler version of the larger network organizations. It is common to subdivide the two bytes



                                                                                       27
available for internal assignment into a one byte department number and a one byte workstation
ID.




The enterprise network is built using commercially available TCP/IP router boxes. Each router
has small tables with 255 entries to translate the one byte department number into selection of a
destination Ethernet connected to one of the routers. Messages to the Widget International
server (130.132.59.234) are sent through the national and Southeast regional networks based on
the 130.132 part of the number. Arriving at Widgets International world campus, the 59
department ID selects an Ethernet connector in the WICC (Widget International Computer
Control) building. The 234 selects a particular workstation on that LAN. The Widget
International network must be updated as new Ethernets and departments are added, but it is not
affected by changes outside the university or the movement of machines within the department.

A Uncertain Path
Every time a message arrives at an IP router, it makes an individual decision about where to send
it next. There is concept of a session with a preselected path for all traffic. Consider a company
with facilities in New York, Los Angeles, Chicago and Atlanta. It could build a network from
four phone lines forming a loop (NY to Chicago to LA to Atlanta to NY). A message arriving at
the NY router could go to LA via either Chicago or Atlanta. The reply could come back the other
way.

How does the router make a decision between routes? There is no correct answer. Traffic could
be routed by the "clockwise" algorithm (go NY to Atlanta, LA to Chicago). The routers could
alternate, sending one message to Atlanta and the next to Chicago. More sophisticated routing
measures traffic patterns and sends data through the least busy link.

If one phone line in this network breaks down, traffic can still reach its destination through a
roundabout path. After losing the NY to Chicago line, data can be sent NY to Atlanta to LA to
Chicago. This provides continued service though with degraded performance. This kind of
recovery is the primary design feature of IP. The loss of the line is immediately detected by the
routers in NY and Chicago, but somehow this information must be sent to the other nodes.
Otherwise, LA could continue to send NY messages through Chicago, where they arrive at a


                                                                                         28
"dead end." Each network adopts some Router Protocol which periodically updates the routing
tables throughout the network with information about changes in route status.

If the size of the network grows, then the complexity of the routing updates will increase as will
the cost of transmitting them. Building a single network that covers the entire US would be
unreasonably complicated. Fortunately, the Internet is designed as a Network of Networks. This
means that loops and redundancy are built into each regional carrier. The regional network
handles its own problems and reroutes messages internally. Its Router Protocol updates the tables
in its own routers, but no routing updates need to propagate from a regional carrier to the NSF
spine or to the other regions (unless, of course, a subscriber switches permanently from one
region to another).

Undiagnosed Problems
IBM designs its SNA networks to be centrally managed. If any error occurs, it is reported to the
network authorities. By design, any error is a problem that should be corrected or repaired. IP
networks, however, were designed to be robust. In battlefield conditions, the loss of a node or
line is a normal circumstance. Casualties can be sorted out later on, but the network must stay up.
So IP networks are robust. They automatically (and silently) reconfigure themselves when
something goes wrong. If there is enough redundancy built into the system, then communication
is maintained.

In 1975 when SNA was designed, such redundancy would be prohibitively expensive, or it might
have been argued that only the Defense Department could afford it. Today, however, simple
routers cost no more than a PC. However, the TCP/IP design that, "Errors are normal and can be
largely ignored," produces problems of its own.

Data traffic is frequently organized around "hubs," much like airline traffic. One could imagine
an IP router in Atlanta routing messages for smaller cities throughout the Southeast. The problem
is that data arrives without a reservation. Airline companies experience the problem around
major events, like the Super Bowl. Just before the game, everyone wants to fly into the city.
After the game, everyone wants to fly out. Imbalance occurs on the network when something
new gets advertised. Occasionally web sites grossly underestimate the amount of traffic one
simple advertisement can generate. When the leader in Encyclopedia’s Britannica elected to
provide a online version they were overwhelmed by the public response. The access to the web
site was inadequate both in hardware and network infrastructure.

Occasionally a snow storm cancels flights and airports fill up with stranded passengers. Many go
off to hotels in town. When data arrives at a congested router, there is no place to send the
overflow. Excess packets are simply discarded. It beco mes the responsibility of the sender to
retry the data a few seconds later and to persist until it finally gets through. This recovery is
provided by the TCP component of the Internet protocol.

TCP was designed to recover from node or line failures where the network propagates routing
table changes to all router nodes. Since the update takes some time, TCP is slow to initiate
recovery. The TCP algorithms are not tuned to optimally handle packet loss due to traffic



                                                                                         29
congestion. Instead, the traditional Internet response to traffic problems has been to increase the
speed of lines and equipment in order to say ahead of growth in demand.

TCP treats the data as a stream of bytes. It logically assigns a sequence number to each byte. The
TCP packet has a header that says, in effect, "This packet starts with byte 379642 and contains
200 bytes of data." The receiver can detect missing or incorrectly sequenced packets. TCP
acknowledges data that has been received and retransmits data that has been lost. The TCP
design means that error recovery is done end-to-end between the Client and Server machine.
There is no formal standard for tracking problems in the middle of the network, though each
network has adopted some ad hoc tools.

Need to Know

There are three levels of TCP/IP knowledge. Those who administer a regional or national
network must design a system of long distance phone lines, dedicated routing devices, and very
large configuration files. They must know the IP numbers and physical locations of thousands of
subscriber networks. They must also have a formal network monitor strategy to detect problems
and respond quickly.

Each large company or university that subscribes to the Internet must have an intermediate level
of network organization and expertise. A half dozen routers might be configured to connect
several dozen departmental LANs in several buildings. All traffic outside the organization would
typically be routed to a single connection to a regional network provider.

However, the end user can install TCP/IP on a personal computer without any knowledge of
either the corporate or regional network. Three pieces of information are required:

   1. The IP address assigned to this personal computer
   2. The part of the IP address (the subnet mask) that distinguishes other machines on the
      same LAN (messages can be sent to them directly) from machines in other departments
      or elsewhere in the world (which are sent to a router machine)
   3. The IP address of the router machine that connects this LAN to the rest of the world.

In the case of the WI (Widget International) server, the IP address is 130.132.59.234. Since the
first three bytes designate this department, a "subnet mask" is defined as 255.255.255.0 (255 is
the largest byte value and represents the number with all bits turned on). It is a Yale convention
(which we recommend to everyone) that the router for each department have station number 1
within the department network. Thus the PCLT router is 130.132.59.1. Thus the WI server is
configured with the values:

      My IP address: 130.132.59.234
      Subnet mask: 255.255.255.0
      Default router: 130.132.59.1

The subnet mask tells the server that any other machine with an IP address beginning
130.132.59.* is on the same department LAN, so messages are sent to it directly. Any IP address



                                                                                          30
beginning with a different value is accessed indirectly by sending the message through the router
at 130.132.59.1 (which is on the departmental LAN).




                                                                                       31
DHCP
        In this module, we will discuss and explore DHCP. DHCP is an acronym for; Dynamic
Host Configuration Protocol. What that really means is, when a computer (Host) on your
network wants to join the network, it must be configured (Configuration) with a networking
protocol (Protocol). You only have two choices to configure the network settings, statically and
dynamically (Dynamic). In this course, you will explore both. I am sure that most people have,
at one time or another, gone into the network settings, and configured the TCP/IP network
settings. In order for a computer to be able to successfully communicate over the network and
Internet, it must have the proper protocol and associated network information. In the networking
world, each node or host on a network must be assigned a network, or IP number. That IP
number must have a subnet mask of the proper number class. In the most primitive form, that is
really all you need to communicate over a network. To successfully communicate over the
Internet you must also have a valid gateway number that will point you in the direction of the
Internet. If the world of the Internet and networking used IP numbers only, then we would be set
with just the above information. In real life, it is easier for us (most of us anyway) to remember
names instead of numbers. That’s where DNS comes in. Now, this isn’t a howto on DNS, but we
must mention it and how it works. DNS stands for Domain Name System. DNS is a “distributed
Internet directory service”. That is just a fancy way of saying that it converts names to IP
addresses and vice versa. All over the world, we have DNS servers that are nothing more that
giant databases that contain IP addresses and the associated domain name. We will not get tied
up with DNS in this module, but you should realize that DNS is vital for Internet
communications and as part of the DHCP total package.
        In review; in order to successfully communicate over the Internet and/or your network,
each host needs the following:
              A valid IP address.
              A valid matching subnet mask.
              A valid gateway address.
              A valid DNS address.

In order to take advantage of DHCP, no matter which operating system you are using, you need
to specify that you want to obtain an IP address automatically. For instance, in Windows XP, you
can open the Network Connections windows and select Local Area Connections and select
Properties. Then you select Internet Protocol (TCP/IP) and choose Properties. In the
Inte rnet Protocol Properties window, you have two options.
     Obtain an IP address automatically
     Use the following IP address:

The first option allows your host to accept an IP address from a DHCP server; the second option
allows you to enter static IP information.

In the following pages of the module, we will cover the steps taken between the host and the
DHCP server in order for the host to successfully obtain an IP address.




                                                                                        32
How does DHCP work?

        A DHCP server is the automatic network IP-address issuer. An administrator configures a
DHCP server with a pool of addresses to lease out to hosts. Ideally, the IP pool is a private IP
range usable only to the internal network. Many times the pool of information that the DHCP
server leases is referred to as the scope. But how does the host actually tell the DHCP server that
it needs an address and how is the address actually obtained? To break it down in simple terms, it
is a four-step process:
      Discover
      Offer
      Request
      Acknowledgme nt

This process can be remembered by using the DORA mnemonic.

DHCP Discover (step 1)
         The first step in the process is for the client to issue a DHCP Discover packet. As the
client is building the TCP/IP stack, it will broadcast a message that states that “I need an IP
address from a DHCP server”. Keep in mind that this is a network broadcast that happens
every time the client is switched on. If you were to look at a DHCP Discover packet, you would
see that the source ethernet address is the actual MAC address (Ethernet hardware address) of
the client that is requesting the IP address. Each Ethernet card has a unique hardware address
embedded in it that looks like this:
                          00:b0:d0:2c:df:2f
or                        00b0d02cdf2f

To continue, the IP source address of the client is 0.0.0.0 because it does not yet have a valid IP
address yet. Since the client is sending the discover packet as a broadcast, the destination
address is:
                       FFFFFFFFFFFF
or                     255.255.255.255

The client places the MAC address in the discover packet because it is unique and will
distinguish that client from the other clients on the network. The client will send out the DHCP
Discover packet several times until it either receives a DHCP Offer or until it times out and
displays an error message on the screen. After the initial attempts to get the attention of a DHCP
server, it will try again in about five minutes or so. The user will usually get error messages that
the client still cannot receive an IP address.

DHCP Offe r (step 2)

        The DHCP server monitors incoming packets and checks whether or not it is a DHCP
Discover packet. When a discover packet is received, the server examines the pool of leased IP
addresses to see if any of the addresses corresponds to the host the request is coming from. You
see, when a DHCP server issues an IP address, it keeps track of the address, the host name, the
MAC address, and the lease times. If you examine a DHCP Lease file, you would basically see
the following (the format will vary depending on what OS the DHCP server is running on):


                                                                                           33
lease 192.168.1.201 {
       starts 02/21/04     12:24:36;
       ends 03/21/04       12:24:36;
       hardware ethernet 00:b0:df:2f:00:df;
       uid 10:00:b0:df:2f:00:df;
       client-hostname  “JDOE_LAPTOP”;
}

This allows the DHCP server to keep up with which IP addresses are being used from the
available pool, who they are issued to, and whether the lease time is still valid. Since the
computers are generally turned on within the lease time, the DHCP server will re- issue the same
IP address that is already associated to the requesting client. If the lease time expires, then the IP
address becomes available and is placed back in the pool. In most office applications, a host will
keep the same IP address due to the length of the lease.

At this point, the server creates a DHCP offer packet to send to the host. The DHCP offer packet
includes the IP address that the server is offering to the client. This packet will also contain the
subnet mask, the length of the lease, as well as other parameters depending on the configuration
information of the DHCP server. This DHCP offer packet has to be broadcast over the network
because the client doesn’t yet have its own IP address that the packet can be directed to. The
client will know that the packet is intended for it, since the packet will include the ethernet
hardware address.

DHCP Request (step 3)
         When a client receives a DHCP offer, it will send back a DHCP request packet. This
packet lets the DHCP server know that it is accepting the DHCP offer. You should keep in mind
that the client broadcasts the DHCP request to the network. There are a few reasons that the
client is still communicating by sending out network broadcast. The first reason is that the client
still does not have a valid lease on the address (the deal hasn’t been sealed yet). The only way, at
this point, that the client can communicate with is a broadcast. The second reason is, the network
could have more than one DHCP server employed. Any time a DHCP server sends out an offer,
it marks that particular IP address as reserved until the deal is finalized. So when the client
returns a DHCP request, all DHCP servers will examine it to see if it is meant for them. Now,
this is not something that one would see in an educational institution or even a small to medium
business (especially with a class A pool) but it is possible. The DHCP server must examine the
DHCP request packet and make sure that:
       The IP address is one that came out of its pool.
       The MAC address is the same one that originally sent the discover packet

DHCP Acknowledgment (step 4)
        The deal is almost complete. The client has sent out a discover packet, a server
responded with an offer, the client has verified that the offer was received, and is what he needs,
with a request packet. At this point, almost everything is in place. All that is left is the DHCP
Acknowledgme nt (ack). This is ack packet will be sent by the client to the DHCP server. This
packet still has to be broadcast since the deal has not yet been finalized. What the DHCP
Acknowledgme nt packet says in human terms is:


                                                                                            34
       Hey, network client, I received the request for the IP address that I offered to you and
you can have it. I will place your address information in my lease file, you can keep this address
for X number of days, and here is the rest of your network information (gateway IP, DNS IP
etc…). Oh, and have a good day!

(It really doesn’t tell the client to have a good day, I just threw that in.) Now the DHCP deal is
finalized and the client can communicate to other devices on the network and the Internet, and
other devices can communicate with the client.

In review of the initial DHCP process:
    1. The client yells out, “I need a DHCP server”.
    2. The DHCP server yells out, “Here I am, would yo u like this IP address”?
    3. The client yells out, “Sure, that looks like a good address to me”.
    4. The server yells out, ”Ok, it’s yours, and he re is your additional IP information“
(The reason they are yelling at each other is, they have to broadcast the messages over the
network).

Now we will look at some of the other issues concerning DHCP.

DHCP Leases
        Because IP addresses are on a lease basis, they have to be renewed before the lease runs
out. Just think about it, if the ability to renew a lease were not in place, when the lease ran out,
the computer would suddenly be disconnected from the network. What happens is, when half the
time to live (ttl) has expired, the client will send out a DHCP request to renew the lease. So, if
the lease is set for 48 hours, the client would send out a DHCP request packet 24 hours into the
lease period. One of the differences this time is the client doesn’t broadcast the DHCP request
packet. There is no need to send out a broadcast since the client has a valid IP address and it
knows the DHCP server IP address also. The DHCP server, in turn, sends back a DHCP ack to
the client and gives the client a new ttl or lease time. The reason leases are handled this way is, it
gives the client and/or the server enough time to rectify any problems before the lease runs out. If
the lease time reaches 7/8 of the lease and still has not received a DHCP ack, then the client will
broadcast a DHCP request to see if any DHCP server will acknowledge.


DHCP Address Renewal
        When a network client using DHCP is restarted within the lease time of its IP address, it
will broadcast the leased address onto the network. The DHCP server will send a DHCP ack and
lease renewal to the client. The DHCP server will update the lease information with the new
lease time. If the client does not get a DHCP ack, it will continue to use the IP address until the
½ or 7/8 time limit and start the request process again. When a client shuts down, it does not
release the IP address; however sometimes there is need to release it (like when a visitor is using
a laptop, it would be nice to release the IP before disconnecting). Most DHCP client packages
have the ability to release and/or renew IP addresses. It is interesting to note that Microsoft’s
TCP/IP package has an automatic IP addressing for instances when a DHCP server cannot be
contacted. The range used is 169.254.0.1 – 169.254.255.254. This feature can be confusing at
times, especially the new tech support personnel. If they are troubleshooting a client network
problem and doesn’t pay close attention to the IP range of the client, they might not realize that
the address is in the wrong range for their particular network.

                                                                                           35
DHCP Reservations
       Using regular DHCP, the server randomly issues addresses to network hosts. But it is
good practice to have certain hosts, such as servers, switches, routers, and printers, to have the
same IP address all the time. The network administrator can always go to each device and
manually configure them (static IP configuration). A much more efficient way is to use DHCP
Reservations.

A DHCP address reservation is configured at the DHCP server. The DHCP administrator sets up
the reservation for a host by entering the host’s hardware address and the IP address reserved for
the host in the DHCP configuration reservation list. Whenever a DHCP request is received by the
server, it compares the hardware address to the reservations to see the hardware address matches.
If it does, the reserved IP address is sent to the host. Other reasons to reserve IP addresses
include, reserving an IP address for the boss to make sure that he/she always gets an address or
giving a specific IP address to a host that needs certain restrictions or monitoring. Below is an
example of an IP address reservation for a Linux DHCP server

host printer03 {
hardware ethernet 00:c0:4e:38:f9:8b;
fixed-address 192.168.1.243;
}

The first line contains the host name.
The second line contains the hardware (MAC) address of the host.
The third line contains the reserved IP address for the host.

IP reservations have many advantages. One advantage is not having to physically configure each
host that needs a static IP. Consider this scenario:
        You have a DHCP server setup for your entire network using a class C IP range. You
have a large increase in computers and need more IP address to service the network. Instead of
going to many different devices and physically changing the IP information, you could simply
edit the configuration file by replacing the net portion of the IP addresses with a class B or class
A and change the subnet mask. When you restarted the computers and/or devices, they would
automatically be updated. I have actually updated DHCP servers this way using the replace
command in a text processor. You literally have one point of control for your entire network
configuration. The main thing you need to be aware of when using DHCP reservations is, if a
host has to have the NIC replaced you will have to update the reservation information to reflect
the change. You simply have to enter the new MAC address into the reservation info.

Lease Duration
         A few things needs to be considered when setting the lease time on a DHCP server. If
you have more than enough IP addresses in a pool, you will probably do fine with a long lease
time. A long lease time cuts down on network traffic also. For instance, if you have a lease time
set for twelve hours, every six hours the clients will be sending out a request. This will certainly
increase traffic.




                                                                                           36
        If you are tight on available IP addresses, you might want to consider using a shorter
lease time, especially if you have lots of visitors using laptops. That way, the unused addresses
can be returned to the pool sooner.

Setting DHCP Options
       To correctly configure DHCP, the administrator must include all needed information.
Information such as DNS information, Gateway information, scope options, and reservation
information. Careful planning will make this job much easier. Here are a few things to consider
when setting up a DHCP server.
     Start with a private IP range.
     Choose a range with more than enough addresses for your needs.
     Assign different portions of the range for specific uses, such as, 5 to 25 for servers, 30 to
       50 for switches, 60 to 80 for printers and 100 to 254 for the available pool etc… This
       would work well for a small to medium network while allowing for growth.
     Configure two or more DNS servers.

DHCP is certainly the smart way to manage IP addressing. When setup properly and with
thought, changes are only needed when new equipment is deployed. Listed below, for your
review, is a sample DHCP configuration file for a Linux DHCP server.

Sample DHCP configuration file:

ddns-update-style ad-hoc;
default-lease-time 2592000;
max-lease-time 5184000;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option domain-name-servers 131.147.3.20,198.42.52.42;
option domain-name "somedomainname.com";
subnet 192.168.1.0 netmask 255.255.255.0 {
           range 192.168.1.11 192.168.1.119;
}

#IP reservation section

################# Servers ###########################

host printer03 {
hardware ethernet 00:c0:4e:38:f9:8b;
fixed-address 192.168.1.246;
}

host dataserver {
hardware ethernet 0c:9f:26:2a:77:3e;
fixed-address 192.168.1.245;
}

host officeserver{
hardware ethernet 00:01:b4:15:1f:f5;
fixed-address 192.168.1.244;
}

################## Switches ########################

host switch5 {


                                                                                          37
hardware ethernet 00:02:ef:71:fe:00;
fixed-address 192.168.1.235;
}

host switch4 {
hardware ethernet 00:03:ea:3f:e4:8f;
fixed-address 192.168.1.234;
}


host switch3 {
hardware ethernet 00:01:e5:72:f2:80;
fixed-address 192.168.1.233;
}

host switch2 {
hardware ethernet 00:01:e4:71:bf:40;
fixed-address 192.168.1.232;
}

host switch1 {
hardware ethernet 00:01:e2:6a:2b:80;
fixed-address 192.168.1.231;
}

################## Printers ########################

host color {
hardware ethernet 00:32:d1:2c:63:8f;
fixed-address 192.168.1.230;
}

host hp4050 {
hardware ethernet 00:64:c0:d6:f5:78;
fixed-address 192.168.1.229;
}

host officehp {
hardware ethernet 00:60:c0:f6:15:af;
fixed-address 192.168.1.228;
}

host sharedhp {
hardware ethernet 00:31:c3:2c:fa:7c;
fixed-address 192.168.1.227;
}




                                                       38
Networking Commands and Tools
ADDRESS RESOLUTION PROTOCOL

ARP is short for Address Resolution Protocol cache. The arp command is used to display the
route tables that store IP address and their resolved physical Ethernet address.

ARP COMMANDS:

C:\>arp

Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]

 -a              Displays current ARP entries by interrogating the current
          protocol data. If inet_addr is specified, the IP and Physical
                 addresses for only the specified computer are displayed. If
                 more than one network interface uses ARP, entries for each ARP
                 table are displayed.

 -g              Same as -a.

 inet_addr       Specifies an internet address.

-N if_addr       Displays the ARP entries for the network interface specified
                 by if_addr.

-d               Deletes the host specified by inet_addr. inet_addr may be
                 wildcarded with * to delete all hosts.

 -s              Adds the host and associates the Internet address inet_addr
                 with the Physical address eth_addr. The Physical address is
                 given as 6 hexadecimal bytes separated by hyphens. The entry
                 is permanent.

eth_addr         Specifies a physical address.

if_addr          If present, this specifies the Internet address of the
                 interface whose address translation table should be modified.
                 If not present, the first applicable interface will be used.
Example:
 > arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry.


                                                                                    39
 > arp -a                                    .... Displays the arp table.



This command allows the display of the current ARP cache tables for all interfaces.

C:\>arp -a

Interface: 168.31.222.49 on Interface 0x1000003
 Internet Address Physical Address        Type
 168.31.222.1        00-10-7b-87-85-61 dynamic
 168.31.222.19        00-04-75-86-b6-fb dynamic
 168.31.222.41        00-01-e6-6d-c5-e9 dynamic




FILE TRANSFER PROTOCOL (ftp)
Ftp is used to transfers files to and from a computer running a File Transfer Protocol (FTP)
server. Ftp can be executed from a command prompt; however, it is typically easier using a GUI
(Graphical User Interface) program.



FTP COMMANDS:
Commands may be abbreviated. Commands are:

!           delete       literal    prompt     send
?           debug         ls        put        status
append      dir          mdelete    pwd        trace
ascii       disconnect   mdir       quit        type
bell        get          mget       quote      user
binary      glob         mkdir      recv       verbose
bye         hash         mls        remotehelp
cd          help         mput       rename
close        lcd         open       rmdir

LOGGING ON

C:\>ftp edtech.floyd.edu
Connected to edtech.floyd.edu.
220 edtech.floyd.edu FTP server ready
User (edtech.floyd.edu:(none)): login_here
331 Password required for name
Password:
230 User name logged in.
ftp> help

                                                                                      40
To List files on the Server

ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
html
dreamweaver
226 Transfer complete.
ftp: 19 bytes received in 0.00Seconds 19000.00Kbytes/sec.



To Change Directories on Server

ftp> cd html
250 CWD command successful.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
index.html
images
button_my_first_page.gif
center_logo.jpg
first.html
test.html
adaptive.html
montage- links.gif
test.doc
226 Transfer complete.
ftp: 130 bytes received in 0.04Seconds 3.25Kbytes/sec.


To Transfer Files from Server

ftp> get first.html
200 PORT command successful
150 Opening ASCII mode data connection for first.html (1135 bytes)
226 Transfer complete.
ftp: 1178 bytes received in 0.03Seconds 39.27Kbytes/sec.


To Send Files to Server

ftp> send first.html
200 PORT command successful

                                                                     41
150 Opening ASCII mode data connection for first.html
226 Transfer complete.
ftp: 1178 bytes sent in 0.00Seconds 1178000.00Kbytes/sec.
ftp>

IPCONFIG
This is another excellent utility which can be used to display network settings currently assigned
and given by a network. This command is great for verifying a network connection and to make
sure that your network setting are correct. This command is most useful on computers that are
configured to obtain an IP address automatically. This enables users to determine which TCP/IP
configuration values have been configured by DHCP, Automatic Private IP Addressing
(APIPA), or an alternate configuration.

If you are using Windows Millennium Edition, Windows 98, and Windows 95 then winipcfg is
the command for using ipconfig.

IPCONFIG COMMANDS:
This command is used with Windows XP and Windows 2000.

C:\>ipconfig /?

Windows 2000 IP Configuration

USAGE:
 ipconfig [/? | /all | /release [adapter] | /renew [adapter]
      | /flushdns | /registerdns
      | /showclassid adapter
      | /setclassid adapter [classidtoset] ]

  adapter Full name or pattern with '*' and '?' to 'match',* matches any character, ? matches one
  character.

  Options
    /?                  Display this help message.
    /all                Display full configuration information.
    /release            Release the IP address for the specified adapter.
    /renew              Renew the IP address for the specified adapter.
    /flushdns           Purges the DNS Resolver cache.
    /registerdns        Refreshes all DHCP leases and re-registers DNS names
    /displaydns         Display the contents of the DNS Resolver Cache.
    /showclassid        Displays all the dhcp class IDs allowed for adapter.
    /setclassid         Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and default gateway for each adapter
bound to TCP/IP.




                                                                                         42
For Release and Renew, if no adapter name is specified, then the IP address leases for all
adapters bound to TCP/IP will be released or renewed.

For SetClassID, if no class id is specified, then the classid is removed.

Examples:
  > ipconfig                        ... Show information.
  > ipconfig /all                   ... Show detailed information
  > ipconfig /renew                 ... renew all adapaters
  > ipconfig /renew EL*             ... renew adapters named EL....
  > ipconfig /release *ELINK?21*    ... release all matching adapters,
                                    eg. ELINK-21, myELELINKi21adapter.
________________________________________________________________

This command allows the display of the basic TCP/IP configuration for all adapters.

C:\>ipconfig

Windows 2000 IP Configuration

Ethernet adapter Local Area Connection:

     Connection-specific DNS Suffix . :
     IP Address. . . . . . . . . . . . . . : 168.31.222.49
     Subnet Mask . . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 168.31.222.1


A response if there is no configuration. Several things might cause this response. For example,
if the DHCP server is not handing out addresses, if there is no network cable plugged in, or the
network card is not working properly. These are just a few basic reasons why you might get this
response.

C:\>ipconfig

Windows 2000 IP Configuration

Ethernet adapter Local Area Connection:

     Media State . . . . . . . . . . . : Cable Disconnected




                                                                                        43
This command allows the display the full TCP/IP configuration for all adapters.


C:\>ipconfig /all

Windows 2000 IP Configuration

     Host Name . . . . . . . . . . . . . . . : MY_LAPTOP
     Primary DNS Suffix . . . . . . . :
     Node Type . . . . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . . : No
     WINS Proxy Enabled. . . . . . . .: No

Ethernet adapter Local Area Connection 2:

     Connection-specific DNS Suffix . :
     Description . . . . . . . . . . . . . . : Dell TrueMobile 1300 WLAN Mini-PCI Card
     Physical Address. . . . . . . . . . : 00-90-4B-12-65-2B
     DHCP Enabled. . . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . : Yes
     IP Address. . . . . . . . . . . . . . . .: 168.31.222.49
     Subnet Mask . . . . . . . . . . . . . .: 255.255.255.0
     Default Gateway . . . . . . . . . . .: 168.31.222.1
     DHCP Server . . . . . . . . . . . . . : 168.31.222.19
     DNS Servers . . . . . . . . . . . . . . :168.30.218.13
                                                168.30.218.14
                                                198.72.72.149
                                                131.144.4.10
     Primary WINS Server . . . . . . . :168.30.223.15
     Secondary WINS Server . . . . . :168.30.223.14
     Lease Obtained. . . . . . . . . . . . . :Wednesday, March 10, 2004 8:00:21 AM

     Lease Expires . . . . . . . . . . . . . .:Thursday, March 11, 2004 8:00:21 AM

Ethernet adapter Local Area Connection:

     Media State . . . . . . . . . . . : Cable Disconnected
     Description . . . . . . . . . . . : Broadcom 570x Gigabit Integrated Controller
     Physical Address. . . . . . . : 00-0D-56-31-7B-76




                                                                                         44
WINIPCFG

This is used with Windows Millennium Edition, Windows 98, and Windows 95.


NET

There are many services that are associated with NET. Below is a list of all the commands that
can be executed with NET.

C:\>net
The syntax of this command is:

NET [ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
  HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION |
  SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ]



Net accounts

This command displays the current settings for password, logo n limitations, and domain
information.


C:\>net accounts
Force user logoff how long after time expires?:    Never
Minimum password age (days):                       0
Maximum password age (days):                       42
Minimum password length:                           0
Length of password history maintained:             None
Lockout threshold:                                 Never
Lockout duration (minutes):                        30
Lockout observation window (minutes):              30
Computer role:                                     WORKSTATION
The command completed successfully.



Net computer

This command Adds or deletes computers from a domain database. Basically, net computer
forwards all computer additions and deletions to a domain controller


C:\>net computer


                                                                                      45
The syntax of this command is:

NET COMPUTER \\computername {/ADD | /DEL}


Net config

Displays the configurable services that are running, or displays and changes settings for a Server
service or a Workstation service. Used without parameters, net config displays a list of
configurable services.



C:\>net config workstation
Computer name                         \\USER_LAPTOP
Full Computer name                    USER_LAPTOP
User name                             jdoe

Workstation active on
    NetbiosSmb (000000000000)
    NetBT_Tcpip_{25BEE1EE-C74C-4F95-9B17-E306E2165E97} (00904B12652B)

Software version                             Windows 2000

Workstation domain                           FLOYD
Workstation Domain DNS Name                  (null)
Logon domain                                 FLOYD

COM Open Timeout (sec)                       0
COM Send Count (byte)                        16
COM Send Timeout (msec)                      250
The command completed successfully.



Net continue
This command continues a service that has been suspended by net pause.

Net file

This command displays the names of all open shared files on a server and the number of file
locks, if any, on each file. This command also closes individual shared files and removes file
locks. Used without parameters, net file displays a list of the open files on a server.




                                                                                         46
Net group

This command allows for the addition, display, or modification of global groups in domains.

Net help
This provides a list of network commands and topics for which you can get help, or provides
information about a specific command. Used without parameters, net help displays a list of
commands and topics for which you can get help.

Net helpmsg

Explains why an error occurred and provides problem-solving information.

Net localgroup
Adds, displays, or modifies local groups. Used without parameters, net localgroup displays the
name of the server and the names of local groups on the computer.

Net name
Adds or deletes a messaging name (that is, an alias), or displays the list of names for which the
computer can accept messages. Used without parameters, net name displays a list of names
currently in use.

Net pause

Pauses services that are currently running.

Net print
Displays information about a specified print queue, displays information about all print queues
hosted by a specified print server, displays information about a specified print job, or controls a
specified print job. Used without parameters, net print displays command- line help for the net
print command.

Net send

This command sends messages to other users, computers, or messaging names on the network.

Net session
This will manage server computer connections. Used without parameters, net session displays
information about all sessions with the local computer.


                                                                                           47
Net share

This will manage shared resources. Used without parameters, net share displays information
about all of the resources that are shared on the local computer.

Net start

Net Start will start a service. Used without parameters, net start displays a list of services that
are currently operating.

Net statistics

Displays the statistics log for the local Workstation or Server service, or the running services for
which statistics are available. Used without parameters, net statistics lists the running services
for which statistics are available.

Net stop
Stops a running service.

Net time

Synchronizes the computer's clock with that of another computer or domain. Used without
parameters, net time displays the time for another computer or domain.

Net use

Connects a computer to or disconnects a computer from a shared resource, or displays
information about computer connections. The command also controls persistent net connections.
Used without parameters, net use retrieves a list of network connections.

Net user

Adds or modifies user accounts or displays user account information.

Net view
Displays a list of domains, computers, or resources that are being shared by the specified
computer. Used without parameters, net vie w displays a list of computers in your current
domain.

NETSH



                                                                                           48
Netsh is a command- line scripting utility that allows you to, either locally or remotely, display or
modify the network configuration of a computer that is currently running. Netsh also provides a
scripting feature that allows you to run a group of commands in batch mode against a specified
computer. Netsh can also save a configuration script in a text file for archival purposes or to help
you configure other servers.


C:\>netsh
netsh>?

The following commands are available:

Commands in this context:
..           - Goes up one context level.
?            - Displays a list of commands.
abort        - Discards changes made while in offline mode.
add          - Adds a configuration entry to a list of entries.
alias        - Adds an alias.
bye          - Exits the program.
commit       - Commits changes made while in offline mode.
delete       - Deletes a configuration entry from a list of entries.
dump         - Displays a configuration script.
exec         - Runs a script file.
exit         - Exits the program.
help         - Displays a list of commands.
interface    - Changes to the `interface' context.
offline      - Sets the current mode to offline.
online       - Sets the current mode to online.
popd         - Pops a context from the stack.
pushd        - Pushes current context on stack.
quit         - Exits the program.
ras          - Changes to the `ras' context.
routing      - Changes to the `routing' context.
set          - Updates configuration settings.
show         - Displays information.
unalias      - Deletes an alias.

The following subcontexts are available:
routing interface ras

To view help for a command, type the command, followed by a space, and then
type ?.

NETSH

Netsh is a command- line scripting utility that allows you to, either locally or remotely, display or
modify the network configuration of a computer that is currently running. Netsh also provides a


                                                                                           49
scripting feature that allows you to run a group of commands in batch mode against a specified
computer. Netsh can also save a configuration script in a text file for archival purposes or to help
you configure other servers.

C:\>netsh
netsh>?

The following commands are available:

Commands in this context:
..           - Goes up one context level.
?            - Displays a list of commands.
abort        - Discards changes made while in offline mode.
add          - Adds a configuration entry to a list of entries.
alias        - Adds an alias.
bye          - Exits the program.
commit       - Commits changes made while in offline mode.
delete       - Deletes a configuration entry from a list of entries.
dump         - Displays a configuration script.
exec         - Runs a script file.
exit         - Exits the program.
help         - Displays a list of commands.
interface    - Changes to the `interface' context.
offline      - Sets the current mode to offline.
online       - Sets the current mode to online.
popd         - Pops a context from the stack.
pushd        - Pushes current context on stack.
quit         - Exits the program.
ras          - Changes to the `ras' context.
routing      - Changes to the `routing' context.
set          - Updates configuration settings.
show         - Displays information.
unalias      - Deletes an alias.

The following subcontexts are available:
routing interface ras

To view help for a command, type the command, followed by a space, and then
type ?.

NSLOOKUP
NSLOOKUP allows for the display of information that you can use to identify DNS (Do main Name System)

NSLOOKUP COMMANDS:
Co mmands: (identifiers are shown in uppercase, [] means optional)
NAME                              - print info about the host/domain NAME using default server


                                                                                                 50
NAME1 NAM E2                          - as above, but use NAME2 as server
help or ?                             - print info on co mmon co mmands
set OPTION                            - set an option
   all                                - print options, current server and host
   [no]debug                          - print debugging informat ion
   [no]d2                  - print exhaustive debugging information
   [no]defname                        - append domain name to each query
   [no]recurse                        - ask for recursive answer to query
   [no]search                         - use domain search list
   [no]vc                  - always use a virtual circuit
   do main=NAME                       - set default domain name to NAM E
   srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
   root=NAM E                         - set root server to NAME
   retry=X                            - set number of retries to X
   t imeout=X                         - set initial t ime -out interval to X seconds
   type=X                             - set query type (ex. A,ANY,CNAM E,M X,NS,PTR,SOA,SRV)
   querytype=X                        - same as type
   class=X                            - set query class (ex. IN (Internet), ANY)
   [no]ms xfr                         - use MS fast zone transfer
   ixfrver=X                          - current version to use in IXFR transfer request
server NAME                - set default server to NAME, us ing current default server
lserver NAM E              - set default server to NAME, using init ial server
finger [USER]                         - finger the optional NAM E at the current default host
root                                  - set current default server to the root
ls [opt] DOMAIN [> FILE]              - list addresses in DOMAIN (optional: output to FILE)
   -a                                 - list canonical names and aliases
   -d                                 - list all records
   -t TYPE                            - list records of the given type (e.g. A,CNAM E,MX,NS,PTR etc.)
view FILE                  - sort an 'ls' output file and view it with pg
exit                                  - exit the program


This command allows you to i dentify the server name and the IP address associated wi th it.

C:\>nslookup www.google.com
Server: www.floyd.edu
Address: 168.30.218.14

Non-authoritative answer:
Name: www.google.akadns.net
Addresses: 216.239.37.147, 216.239.37.99, 216.239.37.104
Aliases: www.google.com


PATHPING
This command will provide information about network latency and network loss at intermediate
hops between a source and destination. Pathping sends multiple Echo Request messages to each
router between a source and destination over a period of time and then computes results based on
the packets returned from each router. Because pathping displays the degree of packet loss at any
given router or link, you can determine which routers or subnets might be having network
problems. Pathping performs the equivalent of the tracert command by identifying which routers
are on the path. It then sends pings periodically to all of the routers over a specified time period
and computes statistics based on the number returned from each.

                                                                                                        51
PATHPING COMMANDS:
C:\>pathping

Usage: pathping [-n] [-h maximum_hops] [-g host- list] [-p period]
         [-q num_queries] [-w timeout] [-t] [-R] [-r] target_name

Options:
  -n                               Do not resolve addresses to hostnames.
  -h maximum_hops                  Maximum number of hops to search for target.
  -g host- list                    Loose source route along host- list.
  -p period                        Wait period milliseconds between pings.
  -q num_queries                   Number of queries per hop.
  -w timeout                       Wait timeout milliseconds for each reply.
  -T                               Test connectivity to each hop with Layer-2 priority tags

  -R                               Test if each hop is RSVP aware.




C:\>pathping www.google.co m

Tracing route to www.google.akadns.net [64.233.161.104]
over a maximu m of 30 hops:
 0 PATRICK_ LAPTOP [168.31.222.49]
 1 168.31.222.1
 2 168.31.192.121
 3 131.144.209.45
 4 131.144.207.1
 5 131.144.101.1
 6 ge-9-0-123.hsa2.Atlanta1.Level3.net [64.156.232.17]
 7 ge-6-0-1.bbr1.Atlanta1.Level3.net [64.159.1.253]
 8 so-0-1-0.bbr2.Washington1.Level3.net [64.159.0.230]
 9 ge-9-1.ipcolo2.Washington1.Level3.net [64.159.18.100]
10 unknown.Level3.net [166.90.148.174]
11 216.239.47.150
12 64.233.174.230
13 216.239.49.214
14 64.233.161.104

Co mputing statistics for 350 seconds...
      Source to Here Th is Node/Link
Hop RTT Lost/Sent = Pct             Lost/Sent = Pct   Address
 0                                                              PATRICK_ LAPTOP [168.31.222.49]
                                    0/ 100 = 0% |
 1 0ms 0/ 100 = 0%                  0/ 100 = 0%                 168.31.222.1
                                    0/ 100 = 0% |
 2 9ms 0/ 100 = 0%                  0/ 100 = 0%                 168.31.192.121
                                    0/ 100 = 0% |
 3 22ms 0/ 100 = 0%                 0/ 100 = 0%                 131.144.209.45


                                                                                                  52
                                   0/ 100 =   0% |
 4 28ms       0/ 100 = 0%          0/ 100 =   0%             131.144.207.1
                                   0/ 100 =   0% |
 5 26ms       0/ 100 = 0%          0/ 100 =   0%             131.144.101.1
                                   0/ 100 =   0% |
 6 24ms 0/ 100 = 0%                0/ 100 =   0%             ge-9-0-123.hsa2.Atlanta1.Level3.net
[64.156.232.17]
                                   0/ 100 = 0% |
 7 24ms 0/ 100 = 0%                0/ 100 = 0%               ge-6-0-1.bbr1.Atlanta1.Level3.net
[64.159.1.253]
                                   0/ 100 = 0% |
 8 35ms 1/ 100 = 1%                1/ 100 = 1%               so-0-1-0.bbr2.Washington1.Level3.n
et [64.159.0.230]
                                   0/ 100 = 0% |
 9 36ms 0/ 100 = 0%                0/ 100 = 0%               ge-9-1.ipcolo2.Washington1.Level3.
net [64.159.18.100]
                                   0/ 100 = 0% |
10 39ms       1/ 100 = 1%          1/ 100 = 1%            unknown.Level3.net 166.90.148.174
                                   0/ 100 = 0% |
11 ---    100/ 100 =100%           100/ 100 =100% 216.239.47.150
                                   0/ 100 = 0% |
12 ---    100/ 100 =100%           100/ 100 =100% 64.233.174.230
                                   0/ 100 = 0% |
13 ---    100/ 100 =100%           100/ 100 =100% 216.239.49.214
                                   0/ 100 = 0% |
14 37ms       0/ 100 = 0%          0/ 100 = 0%            64.233.161.104

Trace co mplete.

PING
One of the easiest network trouble shooting tools is a command pro mpt program called Ping. Ping is a basic
command that lets you verify an IP address of a remote computer on a network. In short, ping means to check the
presence of another computer online. The co mputer acronym for PING is Packet Internet or Inter-Groper.


PING COMMANDS:
Usage: ping [-t] [-a] [-n count] [- l size] [-f] [- i TTL] [-v TOS]
       [-r count] [-s count] [[-j host- list] | [-k host-list]]
       [-w timeout] destination- list

Options:
  -t                      Ping the specified host until stopped.
                          To see statistics and continue - type Control-Break;
                          To stop - type Control-C.
   -a                     Resolve addresses to hostnames.
   -n count               Number of echo requests to send.
   -l size                Send buffer size.
   -f                     Set Don't Fragment flag in packet.
   -i TTL          Time To Live.
   -v TOS                 Type Of Service.
   -r count        Record route for count hops.


                                                                                                      53
  -s count      Timestamp for count hops.
  -j host- list Loose source route along host- list.
  -k host- list        Strict source route along host-list.
  -w timeout           Timeout in milliseconds to wait for each reply.

COMMAND LINE EXAMPLES
________________________________________________________________

Pinging a internet address

C:\>ping www.yahoo.com

Pinging www.yahoo.akadns.net [216.109.118.69] with 32 bytes of data:

Reply from 216.109.118.69: bytes=32 time=40ms TTL=50
Reply from 216.109.118.69: bytes=32 time=20ms TTL=50
Reply from 216.109.118.69: bytes=32 time=20ms TTL=50
Reply from 216.109.118.69: bytes=32 time=40ms TTL=50

Ping statistics for 216.109.118.69:
  Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
  Minimum = 20ms, Maximum = 40ms, Average = 30ms
________________________________________________________________

Pinging an IP address

C:\>ping 216.109.118.69

Pinging 216.109.118.69 with 32 bytes of data:

Reply from 216.109.118.69: bytes=32 time=30ms TTL=50
Reply from 216.109.118.69: bytes=32 time=20ms TTL=50
Reply from 216.109.118.69: bytes=32 time=140ms TTL=50
Reply from 216.109.118.69: bytes=32 time=130ms TTL=50

Ping statistics for 216.109.118.69:
  Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
  Minimum = 20ms, Maximum = 140ms, Average = 80ms


Pinging an IP address with no reply

C:\>ping 208.12.211.12

Pinging 208.12.211.12 with 32 bytes of data:


                                                                         54
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 208.12.211.12:
  Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
  Minimum = 0ms, Maximum = 0ms, Average = 0ms

________________________________________________________________

Inte rpreting a Ping Response
A ping response sends one request per second and produces one line for each response it gets in return. Each output
line tells whether the remote address replies or if the request times out. If the remote address replies then it will give
the dot address (IP Address) from where it replies. It will also give its byte size, the time it took to reply, and the
TTL (Time to Live) wh ich indicates how long a packet is allowed to stay or be discarded. If the request times out
then that address is unavailable or o ff-line.

The Ping statistics will tell you how many packets where sent, received, and lost. It will also give you the round trip
times for the Min imu m, Maximu m, and the Average times milliseconds

ROUTE

The route command allows for the ability to manipulate network routing tables.

ROUTE COMMANDS:
ROUTE [-f] [-p] [co mmand [destination]
         [MASK net mask] [gateway] [M ETRIC metric] [IF interface]

-f       Clears the routing tables of all gateway entries. If this is
                  used in conjunction with one of the co mmands, the tables are
         cleared prior to running the command.

-p       When used with the ADD co mmand, makes a route persistent across
         boots of the system. By default, routes are not preserved
         when the system is restarted. Ignored for all other co mmands,
         which always affect the appropriate persistent routes. This
                  option is not supported in Windows 95.

command           One of these:
                  PRINT Prints a route
                  ADD      Adds a route
                  DELETE Deletes a route
                  CHANGE Modifies an existing route

destination       Specifies the host.

MASK              Specifies that the next parameter is the 'netmask' value.



                                                                                                              55
netmask           Specifies a subnet mask value for this route entry.
                  If not specified, it defaults to 255.255.255.255.

gateway           Specifies gateway.

interface         the interface number for the specified route.

METRIC            specifies the metric, ie. cost for the destination.

All sy mbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.

If the co mmand is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star '*'), or the gateway argu ment may be o mitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only
matching destination routes are printed. The '*' matches any string,
and '?' matches any one char. Examp les: 157.*.1, 157.*, 127.*, * 224*.

Diagnostic Notes:
  Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
  Examp le> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
        The route addition failed: The specified mask parameter is invalid.
         (Destination & Mask) != Destination.

Examples:

  > route PRINT
  > route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 M ETRIC 3 IF 2
        destination^ ^mask             ^gateway metric^ ^
                                         Interface^
   If IF is not given, it tries to find the best interface for a given
   gateway.
  > route PRINT
  > route PRINT 157*             .... On ly prints those matching 157*
  > route DELETE 157.0.0.0
  > route PRINT




TELNET


The telnet commands allow you to communicate with a remote computer that is using the Telnet
protocol. You can run telnet without parameters in order to enter the telnet context, indicated by
the Telnet prompt (telnet>). From the Telnet prompt, use the following commands to manage a
computer running Telnet Client.



TELENET COMMANDS:

telnet [host [port]]

                                                                                         56
 host   specifies the hostname or IP address of the remote
        computer to connect to.

 port   Specifies the port number or
        service name.

Microsoft (R) Windows 2000 (TM) Version 5.00 (Build 2195)
Welcome to Microsoft Telnet Client
Telnet Client Build 5.00.99206.1

Escape Character is 'CTRL+]'

Microsoft Telnet> help

Commands may be abbreviated. Supported commands are:

close         close current connection
display       display operating parameters
open          connect to a site
quit          exit telnet
set           set options (type 'set ?' for a list)
status        print status information
unset         unset options (type 'unset ?' for a list)
?/help        print help information
Microsoft Telnet>

TRACE ROUTE

Trace Route is a network diagnostics tool that allows you to find address of all routers in
between the user’s computer and the destination. In each hop it shows the amount of time that
each hop takes between routes. This tool is helpful in showing where a problem might be at in a
routed network and for getting an understanding of how a network is tied together.

TRACE ROUTE COMMANDS:
C:\>tracert

Usage: tracert [-d] [-h maximum_hops] [-j host- list] [-w timeout] target_name

Options:
  -d                           Do not resolve addresses to hostnames.
  -h maximum_hops              Maximum number of hops to search for target.
  -j host- list                Loose source route along host- list.
  -w timeout                   Wait timeout milliseconds for each reply.




                                                                                      57
This command allows the display of the path to www.google.com.

C:\>tracert www.google.co m

Tracing route to www.google.akadns.net [64.233.161.104]
over a maximu m of 30 hops:

 1     10 ms   20 ms   10   ms   168.31.222.1
 2     10 ms   10 ms   10   ms   168.31.192.121
 3     20 ms   11 ms   10   ms   131.144.209.45
 4     11 ms   10 ms   10   ms   131.144.207.1
 5     10 ms   31 ms   10   ms   131.144.101.1
 6     10 ms   10 ms   11   ms   ge-9-0-123.hsa2.Atlanta1.Level3.net [64.156.232.17]
 7     10 ms   10 ms   10   ms   ge-6-0-1.bbr1.Atlanta1.Level3.net [64.159.1.253]

8 30 ms 30 ms           20 ms    so-0-1-0.bbr2.Washington1.Level3.net [64.159.0.230]
9 20 ms 40 ms           30 ms    ge-9-1.ipcolo2.Washington1.Level3.net [64.159.18.100]
10 20 ms 30 ms          20 ms    unknown.Level3.net [166.90.148.174]
11 30 ms 20 ms          30 ms    64.233.175.242
12 30 ms 20 ms          30 ms    64.233.174.230
13 30 ms 30 ms          20 ms    216.239.48.198
14 40 ms 30 ms          41 ms    64.233.161.104

Trace co mplete.


Microsoft Support Tools

These tools available on CD or by download. To install these tools by CD
simply insert Windows XP install disc.

     1 START INSTALLATION
     Uninstall any previous version of the Support Tools first. Insert the Windows XP disc, if the Windows XP splash
     screen appears click on Exit. Double-click on My Co mputer, right-click on your CD drive and choose Exp lore.
     Locate the Support\Tools folder and double-click on Setup.exe.




                                                                                                         58
  2 CHOOS E YOUR INSTALLATION
  This launches the Windows Support Wizard, click on Next and the End User Licence Agreement appears. Click
  on I agree and then enter your name and organisation (if applicable). Choose either a Typical or Co mplete
  installation and click Next . Confirm the location and click Install.




3 TOOLS INSTALLED
The installation may pause for a few minutes. When the installation has finished the support tools will have been
installed in the Program Files\Support Tools directory with shortcuts on the All Programs menu to the command
prompt, the Support Tools Help file and the Release Notes.




WINDOWS XP SUPPORT TOOLS:
http://support.microsoft.com/default.aspx?scid=/directory/worldwide/en -gb/utility.asp



DHCPLOC

This command-line tool displays the DHCP servers active on the subnet. If it detects any
unauthorized DHCP servers, it beeps and sends out alert messages. It also displays packets that it


                                                                                                         59
detects from DHCP servers; you can specify whether to display packets from all DHCP servers
or only from unauthorized servers.

You can also use this tool to determine which DHCP servers are available to a DHCP client and
to detect unauthorized DHCP servers on a subnet.


NETDIAG

This command-line diagnostic tool helps to isolate networking and connectivity problems, by
performing a series of tests to determine the state of your network client, and whether it is
functional. These tests, and the key network status information they expose, give network
administrators and support personnel a more direct means of identifying and isolating network
problems. Moreover, because this tool does not require that parameters or switches be specified,
support personnel and network administrators can focus on analyzing the output, rather than on
training users how to use the tool.

NetDiag uses the following syntax:

 netdiag [/q] [/v] [/l] [/debug] [/d: DomainName] [/fix] [/DcAccountEnum] [/test: testname]
[/skip: testname]

Parameters
/q                    Specifies quiet output (errors only).
/v                    Specifies verbose output.
/l                    Sends output to Netdiag.log. Log file is created in the same directory
                      where netdiag.exe was run.
/debug                Specifies even more verbose output; may take a few minutes to complete.
/d:                   DomainName : Finds a domain controller in the specified domain.
/fix                  Fixes minor problems.
/DcAccountEnum        Enumerates domain controller computer accounts.

/test: TestName
        Execute only listed test or tests. TCP/IP must be bound to one or more adapters before
        running any of the tests. Non-skippable tests will still be run. Valid tests are:

              Autonet - Automatic Private IP Addressing (APIPA) address test
              Bindings - Bindings test
              Browser - Redir and Browser test
              DcList - Domain controller list test
              DefGw - Default gateway test
              DNS - DNS test
              DsGetDc - Domain controller discovery test
              IpConfig - IP address configuration test
              IpLoopBk - IP address loopback ping test
              IPX - IPX test
              Kerberos - Kerberos test


                                                                                       60
              Ldap - LDAP test
              Member - Domain membership test
              Modem - Modem diagnostics test
              NbtNm - NetBT name test
              Ndis - Netcard queries test
              NetBTTransports - NetBT transports test
              Netstat - Netstat information test
              Netware - Netware test
              Route - Routing table test
              Trust - Trust relationship test
              WAN - WAN configuration test
              WINS - WINS service test
              Winsock - Winsock test

/skip: TestName
        Skip the named test. Valid tests are:

              Autonet - Automatic Private IP Addressing (APIPA) address test
              Bindings - Bindings test
              Browser - Redir and browser test
              DcList - Domain controller list Test
              DefGw - Default gateway Test
              DNS - DNS Test
              DsGetDc - Domain controller discovery test
              IpConfig - IP address configuration test
              IpLoopBk - IP address loopback ping test
              IPX - IPX test
              Kerberos - Kerberos test
              Ldap - LDAP test
              Modem - Modem diagnostics test
              NbtNm - NetBT name test
              Netstat - Netstat information test
              Netware - Netware test
              Route - Routing table test
              Trust - Trust relationship test
              WAN - WAN configuration test
              WINS - WINS service test
              Winsock - Winsock test

NLTEST

This command-line tool helps perform network administrative tasks. You can use NLTest to:

      Get a list of primary domain controllers (PDCs).
      Force a shutdown.
      Query and check the status of trust.



                                                                                   61
       Test trust relationships and the state of domain controller (DC) replication in a Windows
        domain.
       Force a user-account database to synchronize on Windows NT 4.0 or earlier domain
        controllers. (Windows 2000 domain controllers use a completely different mechanism for
        maintaining user accounts.)

WINDOWS 2000 SUPPORT TOOLS:

You can download the Windows 2000 Resource Kit software tools by going to the link below.
These tools are free and you can install them on your computer.

2000:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/




WNTIPCFG




Third Party Tools

Q-Check – is a FREE network troubleshooting utility from Ixia, slices, dices, and checks
network response time, throughput, and streaming performance. It even runs anywhere-to-
anywhere traceroute!


                                                                                       62
http://www.ixiaco m.co m/products/performance_applications/pa_display.php?skey=pa_q_check

Chariot – Chariot evaluates the performance of networked applications, performs stress tests on
network devices and predicts networked application performance before deployment. You can
use Chariot's performance data to optimize your network and predict the impact of proposed
network changes.

http://www.netiq.com/products/chr/default.asp

Ethereal – Ethereal is used by network professionals around the world for troubleshooting,
analysis, software and protocol development, and education. It runs on all popular computing
platforms, including Unix, Linux, and Windows.

http://www.ethereal.com/download.html


Solarwinds – Free subnet calculator and Tftp server. You can also download a free 45 day trial
evaluation of there network management tools.

http://support.solarwinds.net/updates/New-customerFree.cfm

Netstumbler – a tool used for wireless security checks, signal coverage, and discovering
wireless networks.

http://www.netstumbler.com/

Airsnort – A linux tool similar to netstumbler. A windows version is in the works.

http://airsnort.shmoo.com/


IPerf – Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of various
parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss.

http://dast.nlanr.net/Projects/Iperf/

3D Trace Route – Replace all your ugly ping plotters and traceroute programs with a full-blown
three dimensional traceroute program. FREE!

http://www.hlembke.de/prod/3dtraceroute/

What’s UP Gold from Ips witch – Trail evaluation software for FTP and network monitoring
tools.

http://www.ipswitch.com/



                                                                                            63
LINUX ONLY
Ette rcap – Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN.

http://ettercap.sourceforge.net/

Nessus – The "Nessus" Project aims to provide to the internet community a free, powerful, up-
to-date and easy to use remote security scanner.

http://www.nessus.org/

tcpdump – network sniffer/analyzer

http://www.tcpdump.org/

EtherApe – is a graphical network monitor for Unix modeled after etherman. Featuring link
layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size
with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP
and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live
from the network.

http://etherape.sourceforge.net/

IPTraf - IPTraf is a console-based network statistics utility for Linux. It gathers a variety of
figures such as TCP connection packet and byte counts, interface statistics and activity
indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

http://iptraf.seul.org/

PHLAK – “Professional Hacker’s Linux Assault Kit” Runs on a CD and numerous features
available.

http://www.phlak.org/modules/news/




                                                                                           64
Appendix 1 - Glossary
10BASE-T cable - A popular Ethernet cable using twisted-pair wiring with RJ-45 plugs at each
end. Category 3 10BASE-T cable is the minimum cable quality for use in 10 Mbps Ethernet
networks. Category 5, 5E or even 6 is recommended for use even if the network will initially
only be operated at 10 Mbps.

10 Mbps - 10 Megabits per second; standard Ethernet operating speed. (Also called bandwidth.)

100 BASE-TX cable - An Ethernet cable system using Category 5 twisted-pair wiring with RJ-
45 plugs at each end. Used with 100 Mbps Fast Ethernet networks.

100 Mbps - 100 Megabits per second; Fast Ethernet operating speed. (Also called bandwidth.)

address learning - Each node on a network has a unique node address automatically assigned to
it (embedded in the adapter card). Bridges and Switches “learn” this address to enable accurate
transmission to and from each node.

auto partitioning - A feature on some network devices that isolates a node within the
workgroup when the node becomes disabled, so as not to affect the entire workgroup or network.

backbone - A central network cable system that connects a number of other networks. A
backbone network was often constructed using thin Ethernet. Modern schools are more often
wired with Gigabyte fiber optic cable backbones which convert to 100 Mbps copper for
distribution from switched to hosts.

baud - An older term meaning the rate of speed of a modem. Baud is often confused with bps, or
bits per second. (Actually, a 1200 bit per second modem runs at 300 baud.)

bandwidth - The term bandwidth is loosely used in networking terminology to describe the rate
at which a network can transfer data. Standard Ethernet - operates at 10 Mbps. Fast Ethernet
operates at 100 Mbps.

BIAs – Burned in address – see MAC Address

BNC - A high grade locking connector used with thin and thick Ethernet cabling.

bridge - Bridges are used to connect two or more network segments together so that equipment
on the networks can communicate. (See also switch.)

broadcast - A network transmission sent to all nodes on the network.

broadcast storm - Network messages that overload the network capacity. Broadcast storms also
occur when old and new TCP/IP routers are on the same network.




                                                                                      65
bus topology - A networking setup in which a single cable, such as network coaxial cable,
referred to as coax (or thin Ethernet), is used to connect one computer to another in a chain to
carry data over a network

cascading - Connecting hubs together with 10BASE-T cabling. Sometimes requires a crossover
cable. Also called daisy-chaining.

Category 3 cable - A 10BASE-T unshielded twisted-pair cabling type commonly used in
today’s 10 Mbps Ethernet networks.

Category 5 cable - A higher grade of unshielded twisted-pair cabling required for networking
applications such as 100 Mbps Fast Ethernet. It is most commonly found in buildings that were
wired within the last ten years.

Category 5E cable - Category 5E is usually tested to a bandwidth of 350 MHz, despite its 100-
MHz specified bandwidth. Testing is more stringent with Cat 5E than it was with Cat 5 and
includes additional measurements, several of which help to better quantify the UTP cable's noise
characteristics.

Category 6 cable - Category 6 is tested to a bandwidth of 1 GHz.. Testing is more stringent with
Cat 6 than it was with Cat 5 or 5E and includes additional measurements, several of which help
to better quantify the UTP cable's noise characteristics.

client - A computer connected to a network or shared resource server.

client software - Web browsers such as Microsoft Internet Explorer, Netscape Navigator,
Mosaic, Mozilla etc., are all client software programs used for accessing the Internet. Each client
must have software compatible with the server in order to communicate properly.

Client/Serve r - A network computing system in which individual computers (clients), use a
central computer (server) for such services as file storage, printing, and communications. (See
peer-to-peer.)

coaxial cable - Thin or thick coax cable used in Ethernet networking, usually in a bus topology
or backbone use. (Also called 10BASE 2 or thinnet.)

collisions - Two packets sent over the network segment simultaneously will collide and be
rejected. Ethernet will automatically resend them at altered timing to ensure proper receipt.

communications software - Software (such as email and faxing software) that allows users to
send or receive data remotely.

CPU - The term Central Processing Unit started out meaning the brain or processing chip of the
computer and has evolved to mean the box of the computer. On a network, known as a node.

crossover cable - A cable in which the receive and transmit lines (input and output) are crossed.
Crossover cables are sometimes needed to connect hubs together.


                                                                                          66
crosstalk - Signal noise passed between network cable or devices.

data transmission speed - The number of bits that are transmitted per second over a network
cable.

dedicated server - A computer on a network that is assigned to function only as a resource
server and cannot be used as a client.

device - a piece of networking equipment such as a hub, switch, repeater, bridge, router, etc.

drive r - A software program that allows a computer system to communicate with other
equipment. The driver manipulates the hardware in order to transmit data to the equipment.

DSL – Digital Subscriber Line. Digital switching and carrying data, voice, computer
transmissions, music and video at speeds exceeding that of traditional analog telephone lines.
DSL has largely replaced ISDN

email - Method of sending electronic messages using client and server software.

Ethernet - Networking standards originally developed in 1973 by Xerox and formalized in 1980
by DEC, Intel, and Xerox which transmits data at 10 Mbps using a specified protocol. The most
popular LAN technology in use today. (See Fast Ethernet.)

Ethernet address - Each networking devices such as Network Adapter Cards, has its own
unique Ethernet address pre-programmed. The address is obtained automatically when required
by network transmission. This number identifies the node or networking device as a unique
communication item and enables direct communications to and from that particular computing
device.

Fast Ethernet - An Ethernet networking system which transmits data at 100 Mbps.
file server - A dedicated network computer used by client computers to store and access software
and work files.

filtering process - An Ethernet switch or bridge process that reads the contents of a packet and
discards it if it does not need to be forwarded.

filtering rate - A filtering rate is the rate at which an Ethernet device can receive packets and
drop them without any loss of incoming packets or delay in processing.

full-duplex - Two-way simultaneous communication. The ability to send and receive electronic
signals at the same time.(See half-duplex.)

half-duplex - One way communication at any one time. The send and receive portions of
electronic communication are separate. Half-duplex is the standard mode.

hardware - Components of a computer system including monitors, hard drives, CD-ROMs,
printers, keyboards, a mouse, portable hard drives, modems, etc.


                                                                                           67
hop count - A term used when counting components and sections of wire in an Ethernet network
to determine whether Ethernet compliance has been met.

hub - Also referred to as a “repeater” or “concentrator”, its primary function is to receive and
send signals along the network between the nodes connected to it. In a LAN, a hub is the core of
an Ethernet star network. A hub can be either an active or passive wiring hub. Its useful
management capability isolates nodes from disruption on the network.
Internet - A worldwide network of information which can be accessed by a modem and
communication software through an Internet Service Provider.

internetwork - A large, multi-segment network that includes communication between two
networks or two types of networks. Bridges or routers are the devices that join LANs.

Intranet - While similar to the Internet, this is a private, network within a company or other
organization that does not run on the Internet. It usually looks just like the Internet, but is
separated by a firewall. See also Intranet.

IP - Internet Protocol. TCP/IP protocol for packet forwarding. (See also TCP/IP)

IPX - (Internet Packet eXchange.) A Novell NetWare protocol similar to IP (Internet Protocol).

ISA - Industry Standard Architecture. The most common bus architecture on a DOS based
computer. Also called classic bus. A unique network interface card slot specifically designed for
an ISA card on the motherboard of a computer.

ISDN - Integrated Services Digital Network. Digital switching and carrying data, voice,
computer transmissions, music and video at speeds exceeding that of traditional analog telephone
lines.

kilobit - One thousand bits of data. 240 kilobits per second means 240,000 bits of information
are being transmitted per second over a network (240 Kbps).

LAN - Local Area Network. A network in a localized (not remote) location that allows users to
share files, printers and other print services.

LEDs - Light emitting diode. Small indicator lights on electronics and networking devices that
provide indication of status and other information about the device.

MAC Address - Media Access Control (MAC) addresses identify network entities in LANs that
implement the IEEE MAC addresses of the data link layer. MAC addresses are unique for each
LAN interface. MAC addresses are 48 bits in length and are expressed as 12 hexadecimal digits.
The first 6 hexadecimal digits, which are administered by the IEEE, identify the manufacturer or
vendor. The last 6 hexadecimal digits comprise the interface serial number, or another value
assigned by the specific vendor. MAC addresses are sometimes referred to as burned-in
addresses (BIAs) because they are burned into read-only memory (ROM) and are copied into
random-access memory (RAM) when the interface card initializes.



                                                                                          68
MAU (Multiple Access Unit) – A Token Ring wiring hub that implements the logical ring
topology as a physical star. Multiple MAUs can be connected using special cables.

media - networking wiring such as 10BASE- T and 100BASE-TX UTP cable, and coax cable is
referred to as media. Other media includes radiowave and fibre optic.

Megabit - One million bits of data. (10 Megabits per second, or Mbps, means that 10 million bits
of data are being transmitted over the network per second.)

mode m - An acronym from “modulator and demodulator.” It converts analog to digital and
digital to analog signals. A communications product that sends computer transmission over a
standard telephone line at preset speeds.

NetBIOS/NetBEUI - The acronym for NetBIOS is “network based input/output system.” The
acronym for NetBEUI is “NetBIOS extended user interface.” Often used in Microsoft’s LAN
Manager and Windows NT protocols.

network - The means by which computers and other networking devices are connected together
so that print services, files, equipment, and software applications may be shared.

Network Adapter Card (NIC) - One of several PC cards designed for different computer types,
it installs easily into your computer. Connector choices are BNC and/or RJ-45 to link the card to
your network. Provided software (drivers) converts your data into a format usable over an
Ethernet network. 10 and/or 100Mbps cards are available. Modern desktop and laptop
computers often have the NIC hardware built- in to the motherboard. Those that do not have an
embedded NIC can use a PCI bases NIC or in the case of laptops – a PC Card Network Adapter.
Other methods of establishing network connectivity include adapters that join the computer to
the network via a USB or IEE 1394 (FireWire) port.

node - Computing equipment such as a computer, printer, modem, server, etc. that is connected
in a LAN containing the capability of communicating with other network nodes, and networking
devices such as hubs, switches, routers, bridges, etc.

Network Operating System - NOS. A special application that allows computers and other
devices on the network to send and receive information.

packet - A unit of transmitted information that follows specific protocols and contains codes that
include precise sending and receiving of information from one networked node to another.

PC Card - Communication cards roughly the size of a credit card that fit into the small PC Card
slot of portable computers or other networking devices. Formerly called PCMCIA cards, these
adapters offer Ethernet access, data/fax/modem capability and other services to portable
computers.

PCI - Peripheral Component Interconnect bus architecture. This is a 32/64 bit local bus
architecture on the motherboard of a computer inside a PC or Macintosh, designed by Intel. It is
used to connect network interface cards. Its operation is faster than an ISA or EISA bus.


                                                                                        69
PCMCIA – see PC Card

peer-to-peer - All connected computers on this network type communicate directly without the
use of a dedicated server. (See Client/Server.)

periphe rals - Equipment such as disk drives, CD-ROM drives, modems, printers, fax machines,
keyboards, etc. that are connected to a computer.

Plug and Play - An identifying specification in the PC market that assures the user that the
product is as simple or automatic to install as possible; both hardware and software installation.
Plug and Play is sometimes euphemistically referred to as Plug and Pray.

port - A connector on your computer or networking device that is used to attach the cabling. A
connector type includes RJ-11 (telephone connection), RJ-45 (communications connection), and
BNC (locking-type connector for coax or backbone connections). A typical port would be used
to connect the adapter card in your computer to the hub, or the modem to your Internet Station,
or any of the connections on a hub, switch, or router.

protocol - A set of procedures or rules for sending and receiving information on a network.

repeater - A network device that regenerates signals so they can extend the cable length.

ring topology - A basic networking topology where all nodes are connected in a circle, with no
terminated ends on the cable, like token ring.

RJ-11 - A standard telephone connector.

RJ-45 plug - The connector on the end of 10BASE- T or 100BASE-TX twisted-pair cabling;
looks much like a telephone plug but RJ-45 is larger containing 8 rather than the 4 connection
supported by RJ-11.

RJ-45 jack - The connector on the back of a computer or printer that accepts the RJ-45 plug;
looks much like an RJ-11 telephone jack, but is larger.

ROM - Read Only Memory.

route r - A complex network device used to connect two or more networks together. A router
reads information sent along the network and determines its correct destination.

segment - the length of cable on a network between two terminators.

serial port - Communications path through which data is transferred in bytes. Only one wire
each is available for transmitted and received data; character bits are sent sequentially between
two nodes, one at a time.server - A computer that provides shared resources to network users.

server-based network - A network in which all client computers use a dedicated central server
computer for network functions such as storage, security and other resources.


                                                                                          70
shared data - Files on the server that can be shared across the network.

shared Ethernet - Standard 10BASE-T Ethernet method of sending data to a hub which then
rebroadcasts this data to every node or port on the network until it reaches all nodes. (See
switched Ethernet.)

shared resources - Files, printers, peripherals and other services that can be shared across the
network.

signal bounce - When a bus topology network cable has not been properly terminated at each
end of every open cable, the signal from the network will travel from one end of the cable to the
other and then will continually bounce back the way it came.

star topology - A networking setup used with 10BASE-T or 100BASE-TX cabling. Each node
on the network is connected to the hub like points of a star. (See bus topology.)

store-and-forward - The most accurate data transferring technique used by switches, it
examines each packet of a transmission to verify accuracy, and ensure bad or misaligned packets
are eliminated, then sends good packets to their destination. When the network is busy, packets
are stored until the network is able to carry the traffic and packets are transmitted without error.

subnet - A network segment connected by hubs or repeaters. Subnets can stand alone, can be
connected to other subnetworks to form a small LAN, or can be connected to a larger network.

switch - Similar to but more sophisticated than a hub, a switch learns network addresses
automatically, providing a private line to the network. A node or a fully populated hub can
connect to a switch. A switch is a key component in network expansion (See also bridge.)

switched Ethe rnet - Unlike shared Ethernet, it provides a “private” connection between two
nodes on a network, speeding up the rate at which data is sent along the network and eliminating
collisions. (See Shared Ethernet.)

TCP/IP - Transmission Control Protocol/Internet Protocol. Originally two separate protocols,
now they are almost always used together. The term TCP has evolved to mean the family of
common Internet protocols used by industry. It is the protocol for the Internet. It became widely
accepted first in UNIX environments. It is a networking protocol with the ability to connect
many widely different elements.

terminator - A 50 ohm resistor at each open end of an Ethernet coax cable that absorbs energy
to prevent reflected energy back along the cable (signal bounce). It is usually attached to an
electrical ground at one end.

thicknet cable - Also called standard Ethernet, used with 10 Mbps baseband networking. Often
used in a backbone topology or network.

thin Ethe rnet cable - Usually quarter- inch black coaxial cable, identified by type as RG-58/U.
Sometimes called 10BASE-2 or thinnet cable.


                                                                                          71
topology - A wiring configuration used for a network; think of it as a layout or structure.
Examples are the ring, star, bus, and so on.

transceiver - Derived from transmitter/receiver, a transceiver is a device that sends and receives
signals, and can connect a computer to the network, such as a network adapter card. It often
provides packet collision detection, too.

twisted-pair cable - A cable used for both network communications and telephone
communications. Also known as UTP (unshielded twisted-pair), it comes as 10BASE-T and
100BASE-TX cable in Categories 3, 5E, and 6 depending on bandwidth.

UTP - Unshielded twisted-pair. Also referred to as 10BASE-T or 100BASE-TX network cable.

WAN - Wide Area Network. A very large sophisticated network that extends beyond a single
building, and often extends across a city, state or farther.

workgroup - Nodes connected to a hub or switch to form a small communication grouping. For
instance, a Workgroup LAN might have the five student workstations and 1 instructor station in
a remote classroom where connectivity to the larger network is impractical or undesirable.

WWW - World Wide Web. Sometimes referred to as W3. It is an incredible body of accessible
information available on the many computers around the world and attached to the global
computer network called the Internet. The Internet’s multimedia service contains countless areas
of information, documentation, entertainment, as well as business and personal home pages.




                                                                                         72
Appendix 2 - Reference material on TCP/IP
What is TCP/IP

Abbreviation for Transmission Control Protocol/Internet Protocol, the suite of communicat ions protocols used to
connect hosts on the Internet. TCP/ IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built
into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data
over networks. Even network operating systems that have their own protocols, such as Netware, also support
TCP/ IP.

TCP/IP addresses that you can obtain and that are routable on the Internet are broken into three
classes. These are:

      CLASS                              SIZE                                         RANGE
                          supports 16 million hosts on each of               1.0.0.0 to 127.0.0.0
          A
                          126 networks
                          supports 65,000 hosts on each of                   128.0.0.0 to 191.255.0.0
          B
                          16,000 networks
                          supports 254 hosts on each of 2                    192.0.0.0 to
          C
                          million networks                                   223.255.255.0

For computer not on the Internet, certain addresses have been reserved and will not be issues or
routed on the Internet. This allows organizations that do not wish to assign or do not posses IP
address to assign internal or private IP addresses to devices on the network. These addresses
are…



                       CLASS                                               Range
                         A                                       10.0.0.0 - 10.255.255.255
                         B                                      172.16.0.0 - 172.31.255.255
                         C                                     192.168.0.0 - 192.168.255.255




                                                                                                        73
Appendix 3 - Commonly Used TCP/IP ports
                                      59     NFILE
                                      63     whois++
Port#   Description                   66     sql*net
                                      67     bootps
0
                                      68     bootpd/dhcp
1       tcpmux                                Trivial File Transfer Protocol
                                      69
3                                           (tftp)
4                                     70     Gopher
5       rje                           79     finger
7       echo                          80     www-http
9       discard                       87
11      systat                        88     Kerberos, WWW
13      daytime                       95     supdup
15      netstat                       96     DIXIE
17      qotd                          98     linuxconf
18      send/rwp                      101    HOSTNAME
19      chargen                       102    ISO, X.400, ITOT
20      ftp-data                      105    cso
21      ftp                           106    poppassd
22      ssh, pcAnywhere               109    POP2
23      Telnet                        110    POP3
25      SMTP                          111    Sun RPC Port mapper
27      ETRN                          113    identd/auth
29      msg-icp                       115    sftp
31      msg-auth                      116
33      dsp                           117    uucp
37      time                          118
38      RAP                           119    NNTP
39      rlp                           120    CFDP
40                                    123    NTP
41                                    124    SecureID
42      nameserv, WINS                129    PWDGEN
43      whois, nickname               133    statsrv
49      TACACS, Login Host Protocol   135    loc-srv/epmap
50      RMCP, re- mail-ck             137    netbios-ns
53      DNS                           138    netbios-dgm (UDP)
57      MTP                           139    NetBIOS



                                                                       74
143    IMAP                           511
144    NewS                           512     biff, rexec
150                                   513     who, rlogin
152    BFTP                           514     syslog, rsh
153    SGMP                           515     lp, lpr, line printer
156                                   517     talk
161    SNMP                                   RIP (Routing Information
                                      520
175    vmnet                                 Protocol)

177    XDMCP                          521     RIPng

178    NextStep Window Server         522     ULS

179    BGP                            531     IRC

180    SLmail admin                   543     KLogin, AppleShare over IP

199    smux                           545     QuickTime

210    Z39.50                         548     AFP

213                                   554     Real Time Streaming Protocol

218    MPP                            555     phAse Zero

220    IMAP3                          563     NNTP over SSL

259    ESRO                           575     VEMMI

264    FW1_topo                       581     Bundle Discovery Protocol

311    Apple WebAdmin                 593     MS-RPC

350    MATIP type A                   608     SIFT/UFT

351    MATIP type B                   626     Apple ASIA

360                                   631     IPP (Internet Printing Protocol)

363    RSVP tunnel                    635     mountd

366    ODMR (On- Demand Mail Relay)   636     sldap

371                                   642     EMSD

       AURP (AppleTalk Update-Based           RRP (NSI Registry Registrar
387                                   648
      Routing Protocol)                      Protocol)

389    LDAP                           655     tinc

407    Timbuktu                       660     Apple MacOS Server Admin

427                                   666     Doom

434    Mobile IP                      674     ACAP

443    ssl                            687     AppleShare IP Registry

       snpp, Simple Network Paging    700     buddyphone
444
      Protocol                        705     AgentX for SNMP
445    SMB                            901     swat, realsecure
458    QuickTime TV/Conferencing      993     s-imap
468    Photuris                       995     s-pop
475                                   1062    Veracity
500    ISAKMP, pluto                  1080    SOCKS


                                                                       75
1085   WebObjects                       1812    RADIUS server
1227   DNS2Go                           1813    RADIUS accounting
1234                                    1818    ETFTP
1243   SubSeven                         1968
1338   Millennium Worm                  1973    DLSw DCAP/DRAP
1352   Lotus Notes                      1985    HSRP
1381   Apple Network License Manager    1999    Cisco AUTH
1417   Timbuktu                         2000
1418   Timbuktu                         2001    glimpse
1419   Timbuktu                         2049    NFS
1420                                    2064    distributed.net
1433   Microsoft SQL Server             2065    DLSw
1434   Microsoft SQL Monitor            2066    DLSw
1477                                    2080
1478                                    2106    MZAP
1490                                    2140    DeepThroat
1494   Citrix ICA, MS Terminal Server           Compaq Insight Management
                                        2301
1498                                           Web Agents

1500                                    2327    Netscape Conference

1503   T.120                            2336    Apple UG Control

1521   Oracle SQL                       2345

1522                                    2427    MGCP gateway

1524                                    2504    WLBS

1525   prospero                         2535    MADCAP

1526   prospero                         2543    sip

1527   tlisrv                           2565

1529                                    2592    netrek

1547                                    2727    MGCP call agent

1604   Citrix ICA, MS Terminal Server   2766

1645   RADIUS Authentication            2628    DICT

1646   RADIUS Accounting                        ISS Real Secure Console Service
                                        2998
                                               Port
1680   Carbon Copy
                                        3000    Firstclass
1701   L2TP/LSF
                                        3001
1717   Convoy
                                        3031    Apple AgentVU
1720   H.323/Q.931
                                        3052
1723   PPTP control port
                                        3128    squid
1731
                                        3130    ICP
1755   Windows Media .asf
                                        3150    DeepThroat
1758   TFTP multicast
                                        3264    ccmail


                                                                      76
3283    Apple NetAssitant        6502     Netscape Conference
3288    COPS                     6667     IRC
3305    ODETTE                            VocalTec Internet Phone,
                                 6670
3306    mySQL                            DeepThroat

3352                             6699     napster

3389    NT Terminal Server       6776     Sub7

3520                             6968

3521    netrek                   6969

3879                             6970     RTP

4000    icq, command-n-conquer   6971

4321    rwhois                   7000

4333    mSQL                     7007     MSBD, Windows Media encoder

4444                             7070     RealServer/QuickTime

47017                            7778     Unreal

4827    HTCP                     7640

5004    RTP                      7648     CU-SeeMe

5005    RTP                      7649     CU-SeeMe

5010    Yahoo! Messenger         8010     WinGate 2.1

5050                             8080     HTTP

5060    SIP                      8100

5135                             8181     HTTP

5150                             8383     IMail WWW

5190    AIM                      8765

5500    securid                  8875     napster

5501    securidprop              8888     napster

5300                             8890     cheese worm

5423    Apple VirtualUser        9000

5555                             9090

5556                             9200     PGP 5 Keyserver

5631    PCAnywhere data          9704

5632    PCAnywhere               9669

5678                             9876     PowWow

5800    VNC                      9989     PowWow

5801    VNC                      9998

5900    VNC                      10008    Palm

5901    VNC                      10752    Palm

5843                             12345

6000    X Windows                11371

6112    BattleNet                12346    LiquidAudio



                                                                 77
13000   Activision
14237   PowWow
14238   PowWow
14690   EvilFTP
16969   Quake
18888
21157   QuakeWorld
22555   Half-Life
22703   Half-Life
22793   QuakeIII
23213   AOL Admin
23214   Back Orifice
23456
26000
27000   rpc.ttdbserverd
27001   rpc.spray
27010   rpc.walld
27015   rpc.cmsd
27960
28000   timestep
28001   Novell
28002   arcserve discovery
28003   Cisco NetRanger postofficed
28004   hidden
28005   hidden




                                      78

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:46
posted:10/3/2011
language:English
pages:78