Networking computers

Unit objectives: Describe how various types of

addresses are used to identify devices on a network

Create client network connections through wired, wireless, and dial-up methods

Topic A

Topic A: Addressing Topic B: Client configuration

Network protocol

Communication language between network devices

Sends data in packets Common network LAN protocols used

in Windows– TCP/IP– IPX/SPX– AppleTalk– NetBEUI

Addressing

MAC address IPv4 address IPv6 address Character-based name

Identifying addresses

MAC address

Also known as:– Physical address– Adapter address– Ethernet address

Unique value: – Expressed as 6 pairs of hexadecimal

numbers– Often separated by hyphens or colons

continued

MAC address, continued

Address contains:– Manufacturer ID– Unique number

MAC addresses don’t change Used on LAN:

– Functions at OSI Data Link layer– All hosts on LAN communicate by their

MAC addresses – MAC addresses alone can’t be used to

communicate between two computers on different LANs

IPv4 address

32 bits long 4 bytes separated by periods; each

part called an octet Largest binary 11111111 = 255 4.3 billion potential IP addresses Divided into two parts:

– Network ID– Host ID

Classful IPv4 addresses

Class Addresses Description

A 1.0.0.0 – 126.0.0.0

First octet: network ID Last 3 octets: host ID Default subnet mask: 255.0.0.0

B 128.0.0.0 – 191.255.0.0

First 2 octets: network IDLast 3 octets: host IDDefault subnet mask: 255.255.0.0

C 192.0.0.0 – 223.255.255.0

First 3 octets: network IDLast octet: host IDDefault subnet mask: 255.255.255.0

D 224.0.0.0 – 239.0.0.0

Multicasting addresses

E 240.0.0.0 – 255.0.0.0

Experimental use

APIPA

Automatic Private IP Addressing (APIPA)

169.254.0.0 network Windows OSs, and Windows Server

2000 & later, auto-generate APIPA addresses when necessary

IPv6 address

128-bit address 16 bytes Displayed in hexadecimal Group address in hexadecimal, 2 bytes at a

time, separated by colons (:) – 3FFE:FFFF:0000:2F3B:02AA:00FF:FE28:9C5A

Can remove leading zeros Can compress address by using double

colons (::) for bytes with all zeros– 3FFE:FFFF::2F3B:02AA:00FF:FE28:9C5A

IPv6 address types

Unicast– Link-local

IPv6 version of IPv4’s APIPASelf-assigned using Neighbor Discovery

processStarts with FE8, FE9, FEA, or FEB

– Site-local (FEC0::/10) – deprecated– Unique local address

IPv6 version of IPv4 private addressBegins with FC or FD

continued

IPv6 address types, continued

– Global unicastIPv6 version of IPv4 public addressIdentified for a single interfaceRoutable and reachable on IPv6 InternetFirst 3 allowed bits are 001 in binary Global addresses could start with binary

values 001 (2000::/3) through 111 (E000::/3)

Exception: FF00::/8, reserved for multicasts Following 45 bits designate global routing

prefixNext 16 bits designate subnet IDLast 64 bits identify individual network node

continued

IPv6 address types, continued

Multicast – Sends information or services to all interfaces

that are defined as members of multicast group– First 8 bits, FF = multicast address

Anycast – New, unique type of address in IPv6– Cross between unicast and multicast – Identifies a group of interfaces– Packets are delivered to the nearest interface

as identified by the routing protocol’s distance measurement

Subnet masks

Used to identify network ID and host ID portions of IP address

IP address Subnet mask Network ID Host ID

192.168.100.33 255.255.255.0 192.168.100.0 0.0.0.33

172.16.43.207 255.255.0.0 172.16.0.0 0.0.43.207

Network IDs

Always contiguous and start on the left

Valid subnet masks Invalid subnet masks

255.0.0.0 0.255.255.255

255.255.0.0 255.0.255.0

255.255.255.0 255.255.0.255

Default gateway

Term for TCP/IP router Hosts use default gateway to deliver

packets to remote networks Router

– Often a dedicated hardware device– Sometimes computer with multiple NICs– Supports IPv4, IPv6, or both– Moves packets between networks– Has an IP address for every network it’s

attached to

Routing example

DHCP and DHCPv6

Dynamic Host Configuration Protocol Automated mechanism to assign IP

addresses to clients Two versions

– Original DHCP used for IPv4 addressing– DHCPv6 used for IPv6 addressing

Can hand out IP addresses plus other TCP/IP configuration parameters

Fully qualified domain names (FQDNs)

Hierarchical naming scheme:– Domain Name System (DNS)– Berkeley Internet Name Domain (BIND)

Three parts:– Host name– Domain name– Top-level domain name

Example:– www.microsoft.com

Subdomains allowed:– server1.corporate.microsoft.com

FQDN naming specifications

RFC 1123:– ASCII letters a through z (not case-

sensitive)– Numbers 0 through 9– Hyphens

Maximum 255 characters Two nodes with same FQDN, except

host name, don’t need to enter entire FQDN to connect

Domain Name System (DNS)

Server with database matching host names to IP addresses

DNS name has three parts – Computer name– Domain name– Top-level domain name

Can also have subdomains to further divide

NetBIOS

16-character name First 15 characters available for the

name 16th character reserved to describe a

particular service or functionality Can include:

– Letters– Numbers– ! @ # $ % ^ & ( ) - _ ' { } . ~

Must be uniquecontinued

NetBIOS, continued

Can’t contain:– Spaces– \ * + = | : ; “ ? < > ,

Not case-sensitive 16th character reserved

– Expressed as hexadecimal– In brackets <>

Example:– SUPERCORP<1C> – SUPERCORP domain controllers

Flat namespace

Activity A-1

Examining addresses

IPCONFIG

Use to retrieve a computer’s IP configuration– ipconfig /all

Display and modify the current TCP/IP stack

Can be used with switches – ipconfig /?

Examples:– ipconfig /release – ipconfig /renew

Example of ipconfig /all results

Activity A-2

Using IPCONFIG to view IP configuration

Ping

Packet Internet Groper Simple program to test IP connectivity

between two computers Uses ICMP packets Syntax: ping computer

– Where computer is the other computer’s name or IP address

Successful ping

Steps after unsuccessful ping

Use IP address of remote host instead Ping a different computer Use ipconfig to verify computer’s IP

configuration Verify configuration settings in

Network window Check physical connections Reboot computer Remove TCP/IP and reinstall

Activity A-3

Testing TCP/IP connectivity

TCP/IP architecture

Activity A-4

Discussing the TCP/IP architecture

Application-layer protocols

Accept information from applications on the computer

Send information to requested service provider

Available only on TCP/IP networks Each Application-layer protocol is

associated with a client application and service

HTTP

Hypertext Transfer Protocol TCP port 80 Most common protocol used on the

Internet Used by Web browsers and Web

servers Defines what commands Web

browsers can send and how Web servers can respond

Can use HTTP to upload informationcontinued

HTTP, continued

Mechanisms for passing data:– Common Gateway Interface (CGI)– Internet Server Application Programmer

Interface (ISAPI)– Netscape Server Application

Programmer Interface (NSAPI)

HTTPS connections

Secure Web servers use SSL (Secure Sockets Layer) or TLS (Transport Layer Security)

TCP port 443 Create an encrypted communication

channel Use https:// instead of http://

FTP

File Transfer Protocol TCP ports 20 (data) and 21 (control) Simple file-sharing protocol Includes commands for

– Uploading files– Downloading files– Requesting directory listings

Transfers binary files over the Internet without encoding and decoding

Trivial File Transfer Protocol

Trivial FTP or TFTP UDP port 69 Has fewer commands than FTP Can be used only to send and receive

files Can be used for multicasting

Telnet

Terminal emulation protocol TCP port 23 Used for remotely logging on to a

networking device Specifies how Telnet server and

Telnet clients communicate Supports only text-based interface

Simple Mail Transfer Protocol

SMTP TCP port 25 Used to send and receive e-mail

between e-mail servers Also used by e-mail clients to send

messages to the server Never used by clients to retrieve

e-mail from server

Post Office Protocol

Version 3 (POP3) TCP port 110 Most common protocol for retrieving

e-mail messages Has commands to download and

delete messages from the mail server Doesn’t support sending messages

Internet Message Access Protocol

Version 4 (IMAP4) TCP port 143 Used to retrieve e-mail messages More features than POP3 Examples:

– Can choose which messages to download

– Allows for multiple folders for storing messages on the server side

Transport-layer protocols

Responsible for getting data ready to move across the network

Two Transport-layer protocols:– Transmission Control Protocol (TCP) – User Datagram Protocol (UDP)

TCP breaks messages down into smaller pieces called segments

Identify applications by port numbers Combination of IP address and port

number is called a socket

Port numbers 16-bit integer, ranging from 0 to 65535 Three types:

IP address + port number = socket

Port type Description

Well-known ports

Port numbers 0 to 1023 are reserved for privileged services.

Registered ports

These port numbers range from 1024 through 49151. Port 1024 is reserved for TCP and UDP and shouldn’t be used. A list of registered ports can be found on the IANA Web site: www.iana.org/assignments/port-numbers

Dynamic ports A short-lived (dynamic) port is a Transport-protocol port for IP communications. It is allocated automatically by the TCP/IP stack software from the IANA-suggested range of 49152 to 65535. Dynamic ports are typically used by TCP, UDP, or the Stream Control Transmission Protocol (SCTP).

Service port numbersService TCP & UDP

port

FTP TCP 21, 20

SSH TCP 22

Telnet TCP 23

SMTP TCP 25

DNS TCP & UDP 53

BOOTP and DHCP

UDP 67, 68

Trivial FTP

(TFTP) UCP 69

Service TCP & UDP port

HTTP TCP 80

POP3 TCP 110

NTP UDP 123

IMAP TCP 143

SNMP UDP 161 & 162

Secure HTTP

TCP 443

Activity A-5

Using port numbers

802.1x standard

Frequency band divisions – Military– Broadcasters– Amateur radio operators

Broadcast signal is a security issue IEEE 802.1x

– Port-based authentication framework for access to Ethernet networks

– Designed for wired Ethernet networks– Applies to 802.11 WLANs

continued

802.1x standard, continued

Requires three roles in authentication process– Device requesting access– Authenticator– Authentication server

Allows multiple authentication algorithms

Is an open standard

802.11 standard

Operates in 2.4–2.5 GHz band Used for wireless networks OSI Data Link layer Two ways to configure a network

– Ad hoc – Infrastructure

Places specification on Physical and MAC layers

Access point

Transparent bridge between wireless clients and wired network

Includes– At least one interface to connect to wired

network– Transmitting equipment to connect with

wireless clients– IEEE 802.1D bridging software

Major wireless standardsStandard Speeds Frequency Indoor

distanceOutdoor distance

Interference

802.11b <= 11 Mbps

2.4 GHz 50 m 300 m Yes

802.11a <= 54 Mbps

5 GHz 15 m 30 m No; Not compatible with 802.11b

802.11g 20+ Mbps

Ad. to 54 Mbps

2.4 GHz 45 m 90 m Yes; Compatible with 802.11b

802.11n <= 600 Mbps

2.4 or 5 GHz

70 m 250 m No; Compatible with 802.11g, b, & a

802.16 <= 11 Mbps

10–66 or 2–11 GHz

Avg 4-5 miles; 31 miles

No

Bluetooth

A standard for short-range wireless communication and data synchronization between devices

Transmitters and receivers are application-specific integrated circuits (ASICs)

Rates in excess of 1 Mbps Up to three voice channels available 2.4-GHz frequency range 10 meters range

Activity A-6

Comparing wireless network protocols

Topic B

Topic A: Addressing Topic B: Client configuration

Static TCP/IP configuration

Manually entered on each network device

Pitfalls– Time consuming– Error-prone– Making changes is not an efficient

process

NETSH can be used to control TCP/IP parameters

Activity B-1

Comparing TCP/IP parameters

DHCP and DHCP6

Simplifies administration Avoids incorrect IP information Lease is for a fixed period of time

IPv4 lease process

IPv6 lease process

Network devices autoconfigure when connected to a routed IPv6 network

Process1. Performs stateless address

autoconfiguration

2. Sends link-local multicast router solicitation request for configuration parameters

3. Router responds with a router advertisement packet containing network configuration parameter flags

IPv6 router flags

Managed Address Configuration Flag (M flag)– When set to 1, device should use

DHCPv6 to obtain a stateful IPv6 address

Other Stateful Configuration Flag (O flag) – When set to 1, device should use

DHCPv6 to obtain other TCP/IP configuration settings

IPv6 router flags

Managed Address Configuration Flag (M flag)– When set to 1, device should use

DHCPv6 to get a stateful IPv6 address

Other Stateful Configuration Flag (O flag) – When set to 1, device should use

DHCPv6 to get other TCP/IP configuration settings

M and O flags

Both M and O flags are 0 – No DHCPv6 server– Device uses router advertisement to obtain a

non-link-local address – Device uses other methods, such as manual

configuration, to configure other IPv6 configuration parameters

Both M and O flags are 1 – Device should get IPv6 address and other

configuration parameters from DHCPv6 server– DHCPv6 stateful addressing

continued

M and O flags, continued

M flag is 0 and O flag is 1 – Device should use its stateless

autoconfiguration IPv6 address– Device should retrieve other configuration

parameters from DHCPv6 server– DHCPv6 stateless addressing

M flag is 1 and O flag is 0 – Device should obtain IPv6 address from

DHCPv6 server– Doesn’t obtain other TCP/IP configuration

parameters– Combination is rarely used

Activity B-2

Discussing the DHCP lease process

Wireless nodes on a network

Can use infrared (IR) technology 10-20 feet maximum range Devices must aim their transceivers at

each other (line-of-sight technology)– No more than a 30° angle

Often found on notebook computers and PDAs

Most often, “wireless” refers to 802.11

Wireless connection components

Requires– Wireless network card in computer – Wireless router or wireless access point

device on network

Router or WAP broadcasts radio signals

Wireless network cards pick up the broadcasts

Wireless NICs

Wireless access points

Wireless speeds

Distance and data rate affected by– Obstructions within building– Environment noise

Recommend wireless LAN access points within 60 to 90 meters of wireless clients

IEEE speed Data rate Distance (meters)

High 4.3 Mbps 40 to 125

Medium 2.6 Mbps 55 to 200

Standard 1.4 Mbps 90 to 400

Standard low 0.8 Mbps 115 to 550

WAP placement

Informal site survey– Temporary installation of WAPs– Use wireless client to test signal– Use actual locations for clients

Formal site survey– Use field-strength measuring equipment – Install test antenna in estimated WAP locations– Determine strength of test signal at various

points within the range the WAP will service– Move test antenna to get the best signal for the

wireless coverage area

Activity B-3

Examining wireless devices

WLAN security risks

Devices can be lost or stolen Session hijacking Man-in-the-middle attacks Rogue AP WAP has no default security Broadcasts make breaking in easy IEEE and the Wi-Fi Alliance developed

standards for user authentication and media access control

Additional risks

Detectable radio-frequency traffic Data is passed in plain text form Encryption isn’t always strong

– WEP

One-way authentication mechanism One-way open broadcast client

connection War driving War chalking

Wireless security

Access control– Turn off SSID broadcasts– Enable MAC filtering

Encryption– Clients must use same encryption as AP– Static or dynamically changing key

Authentication– RADIUS or other similar systems– Use with encryption

Isolation– Wireless client isolation (AP isolation)– Network isolation

Transmission encryption

WEP WPA/WPA2 Personal WPA2 WPA/WPA2 Enterprise RADIUS 802.11i

802.1x authentication process

Activity B-4

Identifying the technology used to implement WLANs

WAP configuration

Assign a service set identifier (SSID)– Clients use SSID to distinguish between

WLANs

AP typically broadcasts the SSID – Broadcasts identify the security

mechanisms to enable clients to auto-configure connections

continued

WAP configuration, continued

Securing your AP

Set the most secure encryption method compatible with clients

Update AP’s firmware Change AP default admin passwords Change default SSID Disable SSID broadcasts Separate wireless network from wired

network Put wireless network in an Internet-

access-only zone or DMZ continued

Securing your AP, continued

Disable DHCP within WLAN Enable MAC address filtering on AP Enable 802.1x Periodically survey site with wireless

sniffing tool

Activity B-5

Configuring a wireless access point (instructor demo)

Wireless Auto Configuration

Dynamically selects wireless network connection attempt

Based on– Configured preferences – Default settings

Wireless Zero Configuration – Windows 7, Vista, and XP– Windows 2000 with download

Automatically configures address items:– TCP/IP settings– DNS server addresses– IAS server addresses

continued

Auto Configuration, continued

IEEE 802.1x authentication defaults– Infrastructure before ad hoc mode– Computer authentication before user

authentication– If NIC is preconfigured with WEP shared

key, tries to perform IEEE 802.11 shared key authentication

Otherwise, NIC reverts to open system authentication

Windows CE wireless clients

Windows CE .NET palmtop computers include Wireless Zero Configuration

Manual configuration options similar to those in Windows 7, Vista, and XP

Support 802.11a and Native Wireless Fidelity (Wi-Fi)

Non-.NET palmtop wireless configuration is like Windows 2000

RADIUS servers

Submit credentials to the authenticating server

Secured or 802.1x authenticated connections– Wireless AP issues a challenge to client– AP sets up restricted channel, allowing client to

communicate only with RADIUS server– RADIUS server accepts only trusted AP

connections– RADIUS server validates the client credentials– Transmits client master key to wireless AP

Wireless network problems

Determine network name Identify security configurations Check power of notebook’s wireless

NIC Check wireless antenna position Check signal strength Test with

another wireless card

Activity B-6

Configuring a wireless client (instructor demo)

Creating a dial-up connection

Home users connect to ISP Business users connect to remote

access server In Windows 7 and Vista, use the “Set

up a connection or network” wizard

Windows 7 dial-up connection wizard

Activity B-7

Creating a dial-up connection

Dial-up connection properties

Phone number Dialing rules Dialing options Redial attempts Security — Advanced (custom

settings) Protocols and services Internet connection sharing

Activity B-8

Examining a dial-up connection object’s properties

Unit summary

Described how various types of addresses are used to identify devices on a network

Created client network connections through wired, wireless, and dial-up methods