Networking

Layers

Some of you (especially any who took Internet Tech or Principles of Telecommunication Networks) may be familiar with the OSI 7-layer model. Regardless, the model on the website is both simpler and more practical, since it represents an actual system... what namely, the kind we use on the internet. Why the protocol is TCP/IP and not TCPUDP/IP is left as an exercise to the reader.

The kernel handles the three intermediate layers. The application layer is handled by the software program (which generates HTTP, FTP, SSH, etc. traffic) and the lowest level is left to the electronics on your network card. Technically, the TCP stack handles the TCP part, etc... those of you who used Windows 3.1 might remember trumpet winsock, which was the add-on stack for Win31 (which did not do native TCP/IP).

Protocol Descriptions

If you actually are interested in the precise makeup of the header fields... go to google. The only things you need to know to be a power user are that each layer encapsulates the higher up in the basic format of [HEADER|DATA]. So by the time you get to the lowest layer, you basically have something that looks like this:

[SSH]
[TCPHEADER|SSH]
[IPHEADER|TCPHEADER|SSH]
[ETHERNETHEADER|IPHEADER|TCPHEADER|SSH]
etc.

As a practical note, standard packet sizes are about 1500 bytes on ethernet, and the total header overhead is less than 50 or so bytes. Those of you who have Verizon DSL use something called PPPoE, which simulates a PPP connection over Ethernet (why they do that is a different issue... suffice it to say that it's a pain for users). Note that PPP and Ethernet are supposed to be the same layer, so you know have an extra layer of encapsulation that a straight Ethernet (or PPP) connection wouldn't have, thus forcing smaller packets on the application (14 bytes smaller, IIRC) to prevent fragmentation. It's also slower. Boo.

IP Addresses

Basic Review stuffs

All machines have IP address, in the forms of dotted quads (byte.byte.byte.byte). Part of the IP address identifies the network the machine is on, part identifies the host. Class A is 8 bits network, 24 bits machine, Class B is 16 bits for the network, and 16 bits for the machine, etc. Subnet masks tell you what part of the address is network, what part is machine.

Subnets

Note that there can only be 256 class A networks. However, each can have up to 2^24 = 16,777,216 machines. Conversely, there's "only" 2,031,616 (192-223 * 256 * 256) class C address, and each one has a whopping 256 machines (note sarcasm). We'll get to multicast in a minute. To determine which bits are network and which are machine, we use a subnet mask. Subnet masks are somewhat confusing if you think of them as decimals (what's a 255.255.255.192??), but not so bad if you look at it as binary. Let's look at an IP address in binary (we'll use the address of capone (128.6.238.69). In binary, it's:

1000 0000   0000 0110   1110 1110   0100 0101

If that doesn't make sense, review your binary. Now, let's say we want it to be on a classic class B address. We set the subnet mask to:

1111 1111   1111 1111   0000 0000   0000 0000

Everything that lines up with a 1 is a network part, and everything that lines up with a 0 is a machine part. Easy, no? Now, what's 11111111.11111111.00000000.00000000 in decimal? It's 255.255.0.0.

But life ain't that easy. Capone's actual subnet mask is 255.255.255.240. Looks confusing, but let's see it in binary:

1111 1111   1111 1111   1111 1111   1111 0000

Doesn't look so bad. Now we know that the first 28 bits are network, and the last 4 are machine. Thus, capone is on a subnet with (no more than) 2^4 = 16 machines.

Couple of points. First, all subnets are the form 111...100...0. Namely (if that didn't make any sense, which it didn't), the first digits are 1's, the rest are 0's. You can't have a 0 within the ones section, or a 1 within the 0 section. Therefore, the only possible decimals are 255 (8 1's), 254 (7 1's), 252 (6 1's), 248 (5 1's), 240 (4 1's), 224 (3 1's), 192 (2 1's), 128 (1 1), or 0 (all zeros). Class A is (by default) 255.0.0.0), etc.

If you're not having fun yet... try this. Technically, none of the above is completely true. Well, ok, it's mostly true.. just one tiny little lie. You see, there are two reserved addresses on any subnet... the first and the last. So if the network is 192.168.1.0/255.255.255.0, then 192.168.1.0 and 192.168.1.255 are reserved. If it's 192.168.1.0/255.255.255.192, it's 192.168.1.0 and 192.168.1.63. These are the network and broadcast addresses, respectively. Do a google search to find out what they do.

Private Subnets

For machines not directly connected to the internet, (like our unisys network, or your home network), use a private address.

Misc

I don't use netstat -nr, I use route -n. Same thing. Try it without the n, too... see what that does.

SSH

Note that I sorta skipped everything in between. Seemed kinda obvious

Fun SSH tricks

I'm going to skip the best part of SSH... tunneling, b/c I don't like it. Actually, I love it, but I don't like writing out everything you need to know about it. Suffice it to say that you can use SSH to do all kinds of cool stuff with tunneling, including encrypting non-ssh traffic (POP3, regular FTP, anything), and/or breaking through cheesy firewalls that don't let you use AIM, HTTP, whatever, assuming you can SSH. Shhh.

A few ssh things you should know... RSA/DSA is incredibly useful. These instructions only work for machines that run OpenSSH.. machines running SSH2 (the program, not the protocol) are slightly different. OpenSSH machines include engsoft, and remus/romulus. Eden is quirky, because it's a cluster, so you never know what machine you're getting.

Useful SSH options incluse -X (for X11 forwarding) and -c for compression. It's fun... play around.

[TA Homepage | Course Homepage | Email Me | Contact Info]