TCP/IP Networking Resources

DS3 interfaces on a Cisco 7000 series router.

DS3 interfaces on a Cisco 7000 series router.

Table of contents, → indicates a link to a dedicated page.

The OSI Model

This academic model organizes any look at network protocols. Remember this by reading from bottom to top:

Advice
         Application
People's          Presentation
Sales'          Session
Take          Transport
Not          Network
Do          Data-Link
Please          Physical
Application Let's be honest: The top three layers are pretty much academic. Practical implementations like TCP/IP leave this to the application itself. Some network applications like NFS really have seven or so layers, analogous to these, but they are the exception!
Presentation
Session
Transport Deals with end-to-end process addressing using ports. TCP is a connection-oriented protocol, UDP is a message-passing protocol.
Network Route a packet from its source to its destination, including hops through routers across multiple networks. IP is the protocol.
Data Link Data link layer uses hardware addresses (also called MAC addresses or physical addresses) to transmit a frame across a network link.
Physical layer is physics and electrical engineering — how to modulate electrical signals and photons to send zeros and ones.
Both these layers are done in the network interface. ARP is a protocol mapping MAC address to IP address.
Physical

Understanding the Protocols


Operating System Details

TCP/IP commands for UNIX, MacOS, Cisco IOS, and Windows

OS Specifics for UNIX, Switches, and Routers

Typical racks of network equipment.

Typical racks of network equipment: switches, routers, and WAN interfaces.

Physical / Data Link Layers

Network and Telecommunication Cables

Undersea Cables

Cisco Catalyst 2900 XL Ethernet switch disassembly and repair

IEEE OUI assignments — Organizationally Unique Identifiers, or Ethernet MAC address manufacturer codes.

WLAN link specifications

WAN link specifications

Ethernet 5-4-3 rule (the IEEE way)

VLAN (Virtual LAN)

This is where you program your collection switches to partition themselves into multiple virtual LANs. The switch only forwards frames between ports on the same VLAN. Put another way, each VLAN is its own broadcast domain. It also has a unique logical IP address block. You can reconfigure which VLAN a physical port belongs to, and effectively move a host to a new LAN without changing any cabling.

The packets have to pass through a router to travel between VLANs. The VLANs logically partition the large physical LAN to increase security. Routers can forward packets between VLANs, but only subject to any packet filtering rules. This leads to the odd looking situation of a router with multiple Ethernet interfaces plugged into the same switch.

Multiple switches can be connected via a trunk connected to specially designated ports. Cisco switches can run the proprietary DTP Dynamic Trunking Protocol to manage the VLAN configuration.

a = port on VLAN "a"  }
b = port on VLAN "b"  }- three activities done in each of three rooms
c = port on VLAN "c"  }
T = trunking port
                room 1              room 2              room 3
           +--------------+    +--------------+    +--------------+
           |  Switch #1   |    |  Switch #2   |    |  Switch #3   |
           |abcaaaabbbbccT|    |TaaaabbbbbbccT|    |Taabbbbccccccc|
           ++++++++++++++++    ++++++++++++++++    ++++++++++++++++
+---------+ ||||||||||||||      ||||||||||||||      ||||||||||||||
|        a+-+||||||||||||+------+||||||||||||+------+|||||||||||||
| router b+--+|||||||||||        ////||||||||        //|||||||||||
|        c+---+||||||||||       //// ||||||||       // ||||\\\\\\\
+---------+    ////||||\\      ////  ||||||\\   VLAN a |||| \\\\\\\
              //// |||| \\   VLAN a  |||||| \\         ||||  \\\\\\\
             ////  ||||  \\          VLAN b  VLAN c   VLAN b  VLAN C
          VLAN a  VLAN b  VLAN c

	Firefox users may find that "monospace" isn't really a constant-width
	font, and Courier works much better for ASCII art.

In the above example, every host on VLAN "a" is directly connected to every other VLAN "a" host and can send a frame directly across the trunked switches. But to send a packet to host on VLAN "b" or "c", it would see the destination's IP address was on another logical network (see below for IP routing details), and it would send it to the router port on VLAN "a". The router would then send the packet directly across the other VLAN from its port connected to the appropriate VLAN.

Consider the complicated alternative required if you used simple switches that did not support VLAN. VLAN-capable Cisco 2900-XL 100 Mbps switches are available used on eBay for $30-60 each including shipping:


                   room 1                room 2                room 3
                +----------+          +----------+          +----------+
                |Switch #1a|          |Switch #2a|          |Switch #3a|
                | aaaaaaaa |          | aaaaaaaa |          | aaaaaaaa |
+--------+      +-++++++++-+          +-++++++++-+          +-++++++++-+
|        |        ||||||||              ||||||||              ||||||||
|        +--------+||||||+--------------+||||||+--------------+|||||||
|        |         aaaaaa                aaaaaa                aaaaaaa
| router +----+
|        |    | +----------+          +----------+          +----------+
|        +--+ | |Switch #1b|          |Switch #2b|          |Switch #3b|
|        |  | | | bbbbbbbb |          | bbbbbbbb |          | bbbbbbbb |
+--------+  | | +-++++++++-+          +-++++++++-+          +-++++++++-+
            | |   ||||||||              ||||||||              ||||||||
            | +---+||||||+--------------+||||||+--------------+|||||||
            |      bbbbbb                bbbbbb                bbbbbbb
            | 
            |   +----------+          +----------+          +----------+
            |   |Switch #1c|          |Switch #2c|          |Switch #3c|
            |   | cccccccc |          | cccccccc |          | cccccccc |
            |   +-++++++++-+          +-++++++++-+          +-++++++++-+
            |     ||||||||              ||||||||              ||||||||
            +-----+||||||+--------------+||||||+--------------+|||||||
                   cccccc                cccccc                ccccccc

Network Layer — IP — Internet Protocol

Rack of Cisco 3600 and 2600 routers.

A rack of Cisco 3600 and 2600 routers forwarding packets based on their destination IP addresses.

Understanding IP Addressing

In order to understand IP addresses, netmasks, subnet design, VLSM, CIDR, etc., you should read the 3com paper! Click on Understanding IP Addressing on this page.

If that doesn't work, try this direct link.

If all else fails, search for it at Google

IP Address Assignment Authorities

Here is information on your IP address block — a lookup of the DNS PTR record, the network assignment and possibly some routing information:

client IP address information

Slash Versus Dotted-Quad Notation

The key to all this is the following relations of decimal versus binary:

Decimal  Binary   How the binary is built
    0   00000000
  128   10000000  (128)
  192   11000000  (128 + 64)
  224   11100000  (128 + 64 + 32)
  240   11110000  (128 + 64 + 32 + 16)
  248   11111000  (128 + 64 + 32 + 16 + 8)
  252   11111100  (128 + 64 + 32 + 16 + 8 + 4)
  254   11111110  (128 + 64 + 32 + 16 + 8 + 4 + 2)
  255   11111111  (128 + 64 + 32 + 16 + 8 + 4 + 2 + 1) 

Given that, we can build the following table of netmasks:

Useful only for| Useful for subnets |  Useful for subnets  | Useful for subnets
  CIDR blocks  | of /8, or for CIDR | of /8 or /16, or for |   of any networks
of any networks| blocks of /16 and  |  CIDR blocks of /24  |
               |   /24 networks     |       networks       |
               |                    |                      |
  0.0.0.0  /0  |  255.0.0.0    /8   |  255.255.0.0    /16  |  255.255.255.0    /24
128.0.0.0  /1  |  255.128.0.0  /9   |  255.255.128.0  /17  |  255.255.255.128  /25
192.0.0.0  /2  |  255.192.0.0  /10  |  255.255.192.0  /18  |  255.255.255.192  /26
224.0.0.0  /3  |  255.224.0.0  /11  |  255.255.224.0  /19  |  255.255.255.224  /27
240.0.0.0  /4  |  255.240.0.0  /12  |  255.255.240.0  /20  |  255.255.255.240  /28
248.0.0.0  /5  |  255.248.0.0  /13  |  255.255.248.0  /21  |  255.255.255.248  /29
252.0.0.0  /6  |  255.252.0.0  /14  |  255.255.252.0  /22  |  255.255.255.252  /30
254.0.0.0  /7  |  255.254.0.0  /15  |  255.255.254.0  /23  |  255.255.255.254  /31 

Note that not all combinations are really useful, apply the follow exceptions.

0.0.0.0 isn't useful for much of anything at all. Plus, those CIDR blocks represented by the first column are awfully big! Unless you're running a backbone, or selling IP space to a continent, you probably won't encounter them.

255.0.0.0, 255.255.0.0, and 255.255.255.0 define the classful /8, /16, and /24, or Class A, B, and C, respectively. They cannot define subnets of their own classful nets.

255.254.0.0, 255.255.254.0, and 255.255.255.254 cannot define subnets of /8, /16, and /24 nets, respectively, as that would only allow one bit for the host number, and that is not allowed by the RFC's.

Really Simple CIDR Block Rule

CIDR is an acronym for Classless Inter-Domain Routing, and relates to higher level abstractions of IP address blocks.

To answer the question, "Does this set of classful network addresses form a CIDR block", instead answer the following question.
Is there a netmask /X such that:

If so, the answer is "Yes", and the CIDR block description is the first network address followed by /X.

As an example, this is a CIDR block, divided as indicated:

                                             |    Host bits
                                             |    ---------
200.201.200.0 = 1100 1000  1100 1001  1100 10|00  xxxx xxxx
200.201.201.0 = 1100 1000  1100 1001  1100 10|01  xxxx xxxx
200.201.202.0 = 1100 1000  1100 1001  1100 10|10  xxxx xxxx
200.201.203.0 = 1100 1000  1100 1001  1100 10|11  xxxx xxxx
                <----- 22 constant bits ---->|<- varying ->
CIDR block = 200.201.200.0/22 

But this is not a CIDR block:

                                            |     Host bits
                                            |     ---------
200.201.201.0 = 1100 1000  1100 1001  1100 1|001  xxxx xxxx
200.201.202.0 = 1100 1000  1100 1001  1100 1|010  xxxx xxxx
200.201.203.0 = 1100 1000  1100 1001  1100 1|011  xxxx xxxx
200.201.204.0 = 1100 1000  1100 1001  1100 1|100  xxxx xxxx
                <----- 22 constant bits --->|<-- varying -> 

The above is not a CIDR block, because not all eight possible combinations of the last three bits of the classful network designations are used, 001, 101, 110 and 111 are missing. But this shows us what would have to be added to make it a CIDR block:

                                            |     Host bits
                                            |     ---------
200.201.200.0 = 1100 1000  1100 1001  1100 1|000  xxxx xxxx  <-- added!
200.201.201.0 = 1100 1000  1100 1001  1100 1|001  xxxx xxxx
200.201.202.0 = 1100 1000  1100 1001  1100 1|010  xxxx xxxx
200.201.203.0 = 1100 1000  1100 1001  1100 1|011  xxxx xxxx
200.201.204.0 = 1100 1000  1100 1001  1100 1|100  xxxx xxxx
200.201.205.0 = 1100 1000  1100 1001  1100 1|101  xxxx xxxx  <-- added!
200.201.206.0 = 1100 1000  1100 1001  1100 1|110  xxxx xxxx  <-- added!
200.201.207.0 = 1100 1000  1100 1001  1100 1|111  xxxx xxxx  <-- added!
                <----- 22 constant bits --->|<-- varying ->
CIDR block = 200.201.200.0/21 

A VLSM Example

VLSM stands for Variable Length Subnet Mask, and is used with CIDR.

The best place to look is the 3com paper (see above), but here's a fairly simple example. Let's say you're allocated the /24 address space 200.201.202.0/24, and you have to address hosts on the following networks:

Assign the addresses as below, where bits marked "x" can take all possible patterns other than all zeros and all ones.

								 Number   Final
   IP Addresses, Dotted-Quad and Binary       Net Base Address  of Hosts  Octet
--------------------------------------------------------------------------------
   200    .   201    .   202    .   ???
1100 1000  1100 1001  1100 1010  01xx xxxx   200.201.202.64/26     62     65-126
1100 1000  1100 1001  1100 1010  10xx xxxx   200.201.202.128/26    62    128-190
1100 1000  1100 1001  1100 1010  001x xxxx   200.201.202.32/27     30     33- 62
1100 1000  1100 1001  1100 1010  110x xxxx   200.201.202.192/27    30    193-222
1100 1000  1100 1001  1100 1010  1110 xxxx   200.201.202.224/28    14    225-238
1100 1000  1100 1001  1100 1010  0001 xxxx   200.201.202.16/28     14     17- 30
1100 1000  1100 1001  1100 1010  0000 01xx   200.201.202.4/30       2      5-  6
1100 1000  1100 1001  1100 1010  0000 10xx   200.201.202.8/30       2      9- 10
1100 1000  1100 1001  1100 1010  0000 11xx   200.201.202.12/30      2     13- 14
1100 1000  1100 1001  1100 1010  1111 00xx   200.201.202.240/30     2    241-242
1100 1000  1100 1001  1100 1010  1111 01xx   200.201.202.244/30     2    245-246
1100 1000  1100 1001  1100 1010  1111 10xx   200.201.202.248/30     2    249-250

Final octet for host addresses on each network:
    Minimum = final octet of base address plus one
    Maximum = final octet of base address plus number of hosts
Final octet for broadcast on each net:
  Broadcast = final octet of base address plus one plus number of hosts 

Inadequately theoretical for you? Then read the paper by Mikail Atallah and Doug Comer.

IPsec

Click here for my simple explanation of what IPsec is, what cryptographic security it provides, and a little about how to set it up. For more details:

Multicast and Anycast

See http://www.iana.org/assignments/multicast-addresses for the assigned multicast addresses and address blocks.

RFC 1112 describes how to do multicast.

Anycast, on the other hand, is described in RFC 1546 and RFC 4786.

IPv6

RFC 2460 is the formal specification of IPv6 or Internet Protocol, Version 6. RFC 4291 defines the IPv6 addressing architecture. And RFC 2461, RFC 2462, RFC 2463, RFC 2464, RFC 2465, RFC 2466, RFC 2471, and RFC 2473 address various details and applications of IPv6.

Geolocation

See the NSA's US Patent 6,947,978, "Method for Geolocating Logical Network Addresses". It builds a network latency topology map using latency to and between known nodes.

Routing, NAT, and DNS

The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

Check the current Internet backbone activity with the Internet Traffic Report. The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

Cisco 2514 router, Cisco 2912 Catalyst switch, and Cisco 4500 router

Cisco 2514 router, Cisco 2912XL Catalyst switch, Cisco 4500 router

How Routing Works

Click here to see how routing works.

NAT (Network Address Translation)

Click here to see how NAT (Network Address Translation) works.

DNS / BIND

Transport Layer — TCP and UDP

Cisco Router Simulators

An article about virtual Cisco routers and Linux servers:
http://nirlog.com/2007/07/09/simulating-cisco-and-linux-networks/

Dynamips, the Cisco 7200 simulator itself:
http://www.ipflow.utc.fr/index.php/Cisco_7200_Simulator

VNUML (Virtual Network User Mode Linux), the Linux simulator: http://www.dit.upm.es/vnumlwiki/index.php/Main_Page

Odds & Ends

TCP/IP Haikus

I was working on this networking project in Japan, and ... Click here to be subjected to them.

Client IP / OS / Browser Identification

A demonstration of how a PHP script on the server can read and reformat the connection information and the client's request: http://www.moanmyip.com/

RouterGod Magazine

Including Jessica Simpson's thoughts on open-source routers, Gillian Anderson's on LAN switching, Elizabeth Hurley on the Cisco 2600 series routers, Mr Rogers on the RS-232 standard, and other really odd stuff: http://routergod.com/

History of the Internet

If you're curious, look here:

Just What Is A "Daemon", Anyway?

According to the Oxford English Dictionary, it is "an attendant, ministering, or indwelling spirit." Socrates wrote of his daemon as his inner spirit. The designers of daemons in Unix (a concept later ported to most other operating systems) intended this meaning, as pointed out in some manual pages. It's an uncommon word these days, we usually use the Arabic djinn, these days often spelled genie, when we're talking about what used to be called a daemon in the Middle Ages.

Click here to inquire about advertising on this or any page on this site.
Home Unix/Linux Networking Infosec Travel Technical Radio Site Map Contact
Use /bin/vi! Manipulate images with ImageMagick! Hosted on OpenBSD
Hosted on Apache This site is viewable with any browser Valid XHTML 1.0! Valid CSS!
© Bob Cromwell Sep 2010. Created with /bin/vi and ImageMagick, hosted on OpenBSD with Apache.    Root password available here, privacy policy here.