TCP/IP Networking Resources

Table of contents          → indicates a link to a dedicated page. Networking Fundamentals and Terminology → Network monitoring, also known as packet sniffing → The OSI Model Understanding The Protocols References, recommended books, etc Quick Overview of Protocol Headers → Operating System Details Commands for Linux, UNIX, Apple OS X, Cisco IOS, Windows → Hardening Linux / UNIX hosts → Break in, initialize, and configure Cisco routers → Break in, initialize, and configure Cisco and 3com switches → Physical / Data Link Layers Network and Telecommunication Cables with Ethernet and WAN link details → Telecommunications Infrastructure in Manhattan → Undersea cables Cisco Catalyst 2900 XL Ethernet switch disassembly and repair → Ethernet details WAN & WLAN specs VLAN (Virtual LAN) → Network Layer — IP — Internet Protocol Cisco's great paper IP address assignment authorities Slash vs dotted-quad notation CIDR and VLSM IPsec → Multicast and Anycast IPv6 Geolocation Routing, NAT, and DNS How routing works → How NAT (Network Address Translation) works → DNS & BIND Transport Layer — TCP and UDP SSL/TLS Security → Cisco router simulators Odds & Ends

DS3 interfaces on a Cisco 7000 series router.

The OSI Model

This idealized model organizes any look at network protocols. Remember this by reading from bottom to top:

Understanding the Protocols

• Quick Overview of Protocol Header Structures
• The protocols are defined by RFCs and those RFCs can be found at rfc-editor.org and tools.ietf.org/html.
• These organizations design protocols, identify standards, and define and dissemenate The Truth:
  • Internet Engineering Task Force (IETF)
  • Internet Assigned Numbers Authority (IANA)
  • Internet International Ad-Hoc Committee
  • Internet Society (ISOC)
  • Institute of Electrical and Electronics Engineers (IEEE)
• Here are some of the books on my shelf:
  • Internetworking with TCP/IP, Volume 1, Douglas Comer, Prentice Hall. A very readable description of the major components (and many of the minor ones) of the TCP/IP internetworking protocol suite. Comer's book is the best place to start. His web site is http://www.cs.purdue.edu/faculty/dec.html
  • TCP/IP Illustrated, Volume 1, W. Richard Stevens, Addison-Wesley. A bit tough for an introduction, but a good one to follow Comer's book with lots more details. Comer's book is readable, this is more like an encyclopedia.
  • DNS and BIND, Paul Albitz and Cricket Liu, O'Reilly and Associates. Since you use DNS, use it correctly!
  • Managing IP Networks with Cisco Routers, Scott M. Ballew, O'Reilly and Associates. And use those routers correctly, too!
  • Interconnections: Bridges and Routers, Radia Perlman, Addison-Wesley. Loads of details on routing algorithms and protocols.
• The weekly Network World is a good source of what's happening in TCP/IP development and deployment. Free to qualified readers, see http://www.nwfusion.com

Operating System Details

TCP/IP commands for Linux, UNIX, Apple OS X, Cisco IOS, and Windows

• Linux UNIX, Apple OS X, Cisco IOS, and Windows TCP/IP commands — Click here for a list

OS Specifics for Linux, UNIX, Switches, and Routers

• UNIX — How to harden the TCP/IP stack of Linux or any other UNIX-like operating systems
• Cisco IOS — How to break in, initialize, and configure a Cisco router
• Cisco and 3Com switch programming — How to program Cisco Catalyst and 3com 3000 switches
• Cisco and switch repair — Cisco Catalyst 2900 XL Ethernet switch disassembly and repair
• To use TCP/IP securely, see my big web page on computer network and system security

Typical racks of network equipment: switches, routers, and WAN interfaces.

Physical / Data Link Layers

Network and Telecommunication Cables

Undersea Cables

• The interactive Submarine Cable Map is a great resource for investigating undersea cables.

Cisco Catalyst 2900 XL Ethernet switch disassembly and repair

IEEE OUI assignments — Organizationally Unique Identifiers, or Ethernet MAC address manufacturer codes.

WLAN link specifications

WAN link specifications

Ethernet 5-4-3 rule (the IEEE way)

• There can only be a maximum of five LAN segments,
  connected via four repeaters,
  and only three may have user connections.
• The rule was needed in the days of 10BASE5 and 10BASE2 bus topologies built from coaxial cable, as the Ethernet standard required that a signal reach every part of the network within a specified time.
• Modern switched Ethernet LANs are exempt from the 5-4-3 rule because switches have buffers to temporarily store frames and all nodes can access a switched Ethernet LAN simultaneously.

Network Layer — IP — Internet Protocol

A rack of Cisco 3600 and 2600 routers forwarding packets based on their destination IP addresses.

Understanding IP Addressing

In order to understand IP addresses, netmasks, subnet design, VLSM, CIDR, etc., you should read this paper: Understanding IP Addressing

IP Address Assignment Authorities

• The Internet Assigned Numbers Authority handles global coordination of the DNS root servers and IP address allocation.
• North and South America — ARIN, the American Registry of Internet Numbers, has a page listing the the IP address space allocated to ARIN.
• Latin America and Caribbean — LACNIC or Latin American and Caribbean Internet Addresses Registry.
• Europe — RIPE, Reseaux IP Europeens, is the European authority.
• Asia and Pacific — APNIC, Asia Pacific Network Information Center, is the Asia-Pacific authority.
• AfriNIC is the Africa IP address registry.
• Click here for a list of all Class A networks
• U.S. Government/Military — The U.S. Department of Defense Network Information Center is no longer accessible to non-DoD users.

Here is information on your IP address block — a lookup of the DNS PTR record, the network assignment and possibly some routing information:

Slash Versus Dotted-Quad Notation

The key to all this is the following relations of decimal versus binary:

Given that, we can build the following table of netmasks:

Note that not all combinations are really useful, apply the follow exceptions.

0.0.0.0 isn't useful for much of anything at all. Plus, those CIDR blocks represented by the rest of the first column are awfully big! You probably won't encounter them unless you're running a backbone or selling IP space to a continent.

255.0.0.0, 255.255.0.0, and 255.255.255.0 define the classful /8, /16, and /24, or Class A, B, and C, respectively. They cannot define subnets of their own classful nets.

255.254.0.0, 255.255.254.0, and 255.255.255.254 cannot define subnets of /8, /16, and /24 nets, respectively, as that would only allow one bit for the host number, and that is not allowed by the RFC's.

Really Simple CIDR Block Rule

CIDR is an acronym for Classless Inter-Domain Routing, and relates to higher level abstractions of IP address blocks.

To answer the question, "Does this set of classful network addresses form a CIDR block", instead answer the following question.
Is there a netmask /X such that:

• The first X bits of all network addresses in the set are identical, and
• The remaining bits of all network addresses exhibit all possible patterns.

If so, the answer is "Yes", and the CIDR block description is the first network address followed by /X.

As an example, this is a CIDR block, divided as indicated:

But this is not a CIDR block:

The above is not a CIDR block, because not all eight possible combinations of the last three bits of the classful network designations are used, 001, 101, 110 and 111 are missing. But this shows us what would have to be added to make it a CIDR block:

A VLSM Example

VLSM stands for Variable Length Subnet Mask, and is used with CIDR.

The best place to look is the 3com paper (see above), but here's a fairly simple example. Let's say you're allocated the /24 address space 200.201.202.0/24, and you have to address hosts on the following networks:

• Six point-to-point WAN links (2 IP addresses each for end points)
• Six LAN's:
  • 60 hosts (LAN #1)
  • 50 hosts (LAN #2)
  • 25 hosts (LAN #3)
  • 20 hosts (LAN #4)
  • 10 hosts (LAN #5)
  • 10 hosts (LAN #6)

Assign the addresses as below, where bits marked "x" can take all possible patterns other than all zeros and all ones.

Final octet for host addresses on each network:
     Minimum = final octet of base address plus one
     Maximum = final octet of base address plus number of hosts
Final octet for broadcast on each net:
     Broadcast = final octet of base address plus one plus number of hosts

Inadequately theoretical for you? Then read the paper by Mikail Atallah and Doug Comer.

IPsec

Click here for my simple explanation of what IPsec is, what cryptographic security it provides, and a little about how to set it up. For more details:

• RFC 4301 — Security Architecture for the Internet Protocol
• RFC 4302 — IP Authentication Header
• RFC 4303 — IP Encapsulating Security Payload (ESP)
• RFC 4306 — Internet Key Exchange (IKEv2) Protocol

Multicast and Anycast

See http://www.iana.org/assignments/multicast-addresses for the assigned multicast addresses and address blocks.

RFC 1112 describes how to do multicast.

Anycast, on the other hand, is described in RFC 1546 and RFC 4786.

IPv6

RFC 2460 is the formal specification of IPv6 or Internet Protocol, Version 6. RFC 4291 defines the IPv6 addressing architecture. And RFC 2461, RFC 2462, RFC 2463, RFC 2464, RFC 2465, RFC 2466, RFC 2471, and RFC 2473 address various details and applications of IPv6.

Geolocation

See the NSA's US Patent 6,947,978, "Method for Geolocating Logical Network Addresses". It builds a network latency topology map using latency to and between known nodes.

Routing, NAT, and DNS

Check the current Internet backbone activity with the Internet Traffic Report. The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

Cisco 2514 router, Cisco 2912XL Catalyst switch, Cisco 4500 router

How Routing Works

Click here to see how routing works.

NAT (Network Address Translation)

Click here to see how NAT (Network Address Translation) works.

DNS / BIND

• DNS security issues — how DNS should work, exploits based on stateless DNS, and the Kaminsky DNS Vulnerability.
• Mapping DNS to geographic information
  • IP2geo
  • cities.lk.net
  • dns-loc
• The standard introductory RFC's to read are RFC 1034 and RFC 1035. for the truth about DNS. Also see:
  • RFC 1032 and RFC 1033, the Domain Adminstrator's Guides
  • RFC 1535 for security issues
  • RFC 1536 for implementation problems
  • RFC 1537 and RFC 1912 for common configuration problems
  • RFC 1591 for DNS structure and delegation
  • RFC 1706 for integrating DNS and OSI protocols
  • RFC 2181 and RFC 2182 for DNS security issues
• Other great DNS and BIND documents are at isc.org and Team Cymru's Secure BIND Template.
• You can get BIND at isc.org.

Transport Layer — TCP and UDP

• All the assigned TCP/UDP port numbers: http://www.iana.org/assignments/port-numbers
• The netstat command gives you loads of information on a machine's network communications. Listening TCP ports, currently active sockets, etc. It's available under Linux, Unix, Apple OS X, and Windows, but the precise format of the output varies between operating systems. Here are some examples of netstat -s output.

Cisco Router Simulators

An article about virtual Cisco routers and Linux servers.

Dynamips, the Cisco 7200 simulator itself.

VNUML (Virtual Network User Mode Linux), the the Linux simulator.

Odds & Ends

TCP/IP Haikus

I was working on this networking project in Japan, and ... Click here to be subjected to them.

Client IP / OS / Browser Identification

A demonstration of how a PHP script on the server can read and reformat the connection information and the client's request: moanmyip.com.

RouterGod Magazine

Including Jessica Simpson's thoughts on open-source routers, Gillian Anderson's on LAN switching, Elizabeth Hurley on the Cisco 2600 series routers, Mr Rogers on the RS-232 standard, and other really odd stuff: routergod.com.

History of the Internet

If you're curious, look here:

• The history of the Internet.
• The isoc.org Internet history.
• Also, see RFC 2235.

Just What Is A "Daemon", Anyway?

According to the Oxford English Dictionary, it is "an attendant, ministering, or indwelling spirit." Socrates wrote of his daemon as his inner spirit. The designers of daemons in Linux/Unix (a concept later ported to most other operating systems) intended this meaning, as pointed out in some manual pages. It's an uncommon word these days, we usually use the Arabic djinn, these days often spelled genie, when we're talking about what used to be called a daemon in the Middle Ages.

Home Linux/Unix Networking Cybersecurity Travel Technical Radio Site Map Contact