Description: Candidates should demonstrate a proper understanding of TCP/IP network fundamentals.
Key Knowledge Areas:
Demonstrate an understanding of network masks and CIDR notation
Knowledge of the differences between private and public “dotted quad” IP addresses
Knowledge about common TCP and UDP ports and services (20, 21, 22, 23, 25, 53, 80, 110, 123, 139, 143, 161, 162, 389, 443, 465, 514, 636, 993, 995)
Knowledge about the differences and major features of UDP, TCP and ICMP
Knowledge of the major differences between IPv4 and IPv6
Knowledge of the basic features of IPv6
Terms and Utilities:
TCP, UDP, ICMP
The IP (Internet Protocol) is the fundamental protocol for communications on the Internet. It specifies the way information is packetized, addressed, transferred, routed, and received by networked devices.
An IP address is a number identifying of a computer or another device on the Internet. It is similar to a mailing address, which identifies where postal mail comes from and where it should be delivered. IP addresses uniquely identify the source and destination of data transmitted with the Internet Protocol.
IPv4 addresses are 32 bits long (four bytes). An example of an IPv4 address is 22.214.171.124, which is the front page of Google.com.
The maximum value of a 32-bit number is 232, or 4,294,967,296. So the maximum number of IPv4 addresses, which is called its address space, is about 4.3 billion. In the 1980s, this was sufficient to address every networked device, but scientists knew that this space would quickly become exhausted.
Technologies such as NAT have delayed the problem by allowing many devices to use a single IP address, but a larger address space is needed to serve the modern Internet.
A major advantage of IPv6 is that it uses 128 bits of data to store an address, permitting 2128 unique addresses, or 340,282,366,920,938,463,463,374,607,431,768,211,456. The size of IPv6's address space — 340 duodecillion — is much, much larger than IPv4.
With an IPv4 IP address, there are five classes of available IP ranges: Class A, Class B, Class C, Class D and Class E, while only A, B, and C are commonly used.
Within an Internet Protocol or IP network, every connected host must have both an IP host address and a subnet mask to operate properly. Any device using the IP protocol can refer to itself with the IP address 127.0.0.1 and subnet mask 255.0.0.0, but to communicate with other devices on the network, each device must have a (private or public) IP address and subnet mask.
netmask is a 32-bit binary which bounds that IP class to have prefixed number of Networks and prefixed number of Hosts per network.
Netid: The part of an IP address that identifies the network.
Hostid: The part of an IP address that identifies a host in a network.
The netid and hostid are of varying lengths, depending on the class of the address.
Each IP class is equipped with its own default subnet mask (netmask) and allows for a range of valid IP addresses, shown in the following table:
126.96.36.199 to 188.8.131.52
Supports 16 million hosts on each of 127 networks.
184.108.40.206 to 220.127.116.11
Supports 65,000 hosts on each of 16,000 networks.
18.104.22.168 to 22.214.171.124
Supports 254 hosts on each of 2 million networks.
126.96.36.199 to 188.8.131.52
Reserved for multicast groups.
240.0.0.0 to 254.255.255.254
Reserved for future use, or research and development purposes.
Ranges 127.x.x.x are reserved for the loopback or localhost, for example, 127.0.0.1 is the loopback address. Range 255.255.255.255 broadcasts to all hosts on the local network.
Classful IP addressing does not provide any flexibility of having less number of Hosts per Network or more Networks per IP Class, where subnetting comes to play.
The process of deviding an IP Class into smaller blocks, or groups of IPs, known as subnetting.
Subnetting can improve security and help to balance overall network traffic.
How subnetting works ?subnetting is a bitwise operation on a network of ip addresses which take place using netmask (subnetmask).
it provides the flexibility of borrowing bits of Host part of the IP address and using them as Network in Network, called Subnet. By using subnetting, one single Class A IP address can be used to have smaller sub-networks which provides better network management capabilities.
Class A Subnets
In Class A, only the first octet is used as Network identifier and rest of three octets are used to be assigned to Hosts (i.e. 16777214 Hosts per Network). To make more subnet in Class A, bits from Host part are borrowed and the subnet mask is changed accordingly.
Class B Subnets
By default, using Classful Networking, 14 bits are used as Network bits providing (2^14) 16384 Networks and ((2^16)-2) 65534 Hosts. Class B IP Addresses can be subnetted the same way as Class A addresses, by borrowing bits from Host bits. Below is given all possible combination of Class B subnetting.
Class C Subnets
Class C IP addresses are normally assigned to a very small size network because it can only have 254 hosts in a network. Given below is a list of all possible combination of subnetted Class B IP address
A network protocol defines the rules and procedures in which data communication occurs between devices over a network. Without predefined rules or procedures, the messages traversing a network would be without any particular formatting and may not be meaningful to the receipt device.
let’s discuss some of the popular protocols (ITCP/UDP/ICMP) and their respective port numbers :
Transmission Control Protocol (TCP) is a connection-oriented protocol which operates are the Transport Layer of both the (OSI) reference model and the (TCP/IP) protocol stack. It is designed to provide reliable transportation of the datagrams over a network. It provides reassurance by initializing a 3-way handshake before communicating data between the sender the receiver.
User Datagram Protocol (UDP), is a connectionless protocol. This protocol also operates at the Transport Layer of both the (OSI) reference model and the (TCP/IP) protocol stack. However, unlike Transmission Control Protocol (TCP), the User Datagram Protocol (UDP) does not provide any guarantee or reassurance of the delivery of datagrams across a network. Not all protocols at the Application Layer uses TCP, there are many Layer 7 protocols which uses the User Datagram Protocol (UDP).
Very fast in delivery of data
Uses Acknowledgments to confirm receipt of data
Very low overhead on the network
Re-sends data of any of the packets are lost during transmission
Does not require any acknowledgment packets
Delivers the data in sequential order and handles reassembly
If packets are lost during transmission, it does not resend any lost data
Applications: HTTP, FTP, SMTP, Telnet.
Applications: DHCP, DNS, SNMP, TFTP, VoIP, IPTV.
On a network, whether on a Local Area Network (LAN) or a Wide Area Network (WAN), host devices will be communicating to exchange data and information between each other and sometimes an error can occur.
Internet Control Message Protocol (ICMP) is typically used to provide error reporting on a network. There are many types of Internet Control Message Protocol (ICMP) messages which provide different actions and give feedback if an error occurs, and also the issue which exists. A good example of using ICMP Protocol is ping command:
[email protected]:~# ping google.com -c 3PING google.com (184.108.40.206) 56(84) bytes of data.64 bytes from arn02s05-in-f142.1e100.net (220.127.116.11): icmp_seq=1 ttl=128 time=141 ms64 bytes from arn02s05-in-f142.1e100.net (18.104.22.168): icmp_seq=2 ttl=128 time=95.8 ms64 bytes from arn02s05-in-f142.1e100.net (22.214.171.124): icmp_seq=3 ttl=128 time=95.7 ms--- google.com ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 6251msrtt min/avg/max/mdev = 95.746/110.869/141.042/21.337 ms
As we said on a TCP/IP network every device must have an IP address.The IP address identifies the device e.g. computer. However an IP address alone is not sufficient for running network applications, as a computer can run multiple applications and/or services.
Just as the IP address identifies the computer, The network port identifies the application or service running on the computer. The use of ports allow computers/devices to run multiple services/applications.
The diagram below shows a computer to computer connection and identifies the IP addresses and ports:
The default port of some protocols are as follow. These are very important and most admins know them:
FTP (One data, one control)
all ports above 400 ends with S, which stands for Secure
The /etc/services file contains information regarding the known services available in the Internet. For each service, a single line should be present with the following information:
official_service_name port_number/protocol_name aliases
[email protected]:~# cat /etc/services# Network services, Internet style## Note that it is presently the policy of IANA to assign a single well-known# port number for both TCP and UDP; hence, officially ports have two entries# even if the protocol doesn't support UDP operations.## Updated from http://www.iana.org/assignments/port-numbers and other# sources like http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services .# New ports will be added on request if they have been officially assigned# by IANA and used in the real-world or are needed by a debian package.# If you need a huge list of used numbers please install the nmap package.tcpmux 1/tcp # TCP port service multiplexerecho 7/tcpecho 7/udpdiscard 9/tcp sink nulldiscard 9/udp sink nullsystat 11/tcp usersdaytime 13/tcpdaytime 13/udpnetstat 15/tcpqotd 17/tcp quotemsp 18/tcp # message send protocolmsp 18/udpchargen 19/tcp ttytst sourcechargen 19/udp ttytst sourceftp-data 20/tcpftp 21/tcpfsp 21/udp fspdssh 22/tcp # SSH Remote Login Protocolssh 22/udptelnet 23/tcpsmtp 25/tcp mail...
and so on ... .