Download - Networking computers
Networking computers
Unit objectives: Describe how various types of
addresses are used to identify devices on a network
Create client network connections through wired, wireless, and dial-up methods
Topic A
Topic A: Addressing Topic B: Client configuration
Network protocol
Communication language between network devices
Sends data in packets Common network LAN protocols used
in Windows– TCP/IP– IPX/SPX– AppleTalk– NetBEUI
Addressing
MAC address IPv4 address IPv6 address Character-based name
Identifying addresses
MAC address
Also known as:– Physical address– Adapter address– Ethernet address
Unique value: – Expressed as 6 pairs of hexadecimal
numbers– Often separated by hyphens or colons
continued
MAC address, continued
Address contains:– Manufacturer ID– Unique number
MAC addresses don’t change Used on LAN:
– Functions at OSI Data Link layer– All hosts on LAN communicate by their
MAC addresses – MAC addresses alone can’t be used to
communicate between two computers on different LANs
IPv4 address
32 bits long 4 bytes separated by periods; each
part called an octet Largest binary 11111111 = 255 4.3 billion potential IP addresses Divided into two parts:
– Network ID– Host ID
Classful IPv4 addresses
Class Addresses Description
A 1.0.0.0 – 126.0.0.0
First octet: network ID Last 3 octets: host ID Default subnet mask: 255.0.0.0
B 128.0.0.0 – 191.255.0.0
First 2 octets: network IDLast 3 octets: host IDDefault subnet mask: 255.255.0.0
C 192.0.0.0 – 223.255.255.0
First 3 octets: network IDLast octet: host IDDefault subnet mask: 255.255.255.0
D 224.0.0.0 – 239.0.0.0
Multicasting addresses
E 240.0.0.0 – 255.0.0.0
Experimental use
APIPA
Automatic Private IP Addressing (APIPA)
169.254.0.0 network Windows OSs, and Windows Server
2000 & later, auto-generate APIPA addresses when necessary
IPv6 address
128-bit address 16 bytes Displayed in hexadecimal Group address in hexadecimal, 2 bytes at a
time, separated by colons (:) – 3FFE:FFFF:0000:2F3B:02AA:00FF:FE28:9C5A
Can remove leading zeros Can compress address by using double
colons (::) for bytes with all zeros– 3FFE:FFFF::2F3B:02AA:00FF:FE28:9C5A
IPv6 address types
Unicast– Link-local
IPv6 version of IPv4’s APIPASelf-assigned using Neighbor Discovery
processStarts with FE8, FE9, FEA, or FEB
– Site-local (FEC0::/10) – deprecated– Unique local address
IPv6 version of IPv4 private addressBegins with FC or FD
continued
IPv6 address types, continued
– Global unicastIPv6 version of IPv4 public addressIdentified for a single interfaceRoutable and reachable on IPv6 InternetFirst 3 allowed bits are 001 in binary Global addresses could start with binary
values 001 (2000::/3) through 111 (E000::/3)
Exception: FF00::/8, reserved for multicasts Following 45 bits designate global routing
prefixNext 16 bits designate subnet IDLast 64 bits identify individual network node
continued
IPv6 address types, continued
Multicast – Sends information or services to all interfaces
that are defined as members of multicast group– First 8 bits, FF = multicast address
Anycast – New, unique type of address in IPv6– Cross between unicast and multicast – Identifies a group of interfaces– Packets are delivered to the nearest interface
as identified by the routing protocol’s distance measurement
Subnet masks
Used to identify network ID and host ID portions of IP address
IP address Subnet mask Network ID Host ID
192.168.100.33 255.255.255.0 192.168.100.0 0.0.0.33
172.16.43.207 255.255.0.0 172.16.0.0 0.0.43.207
Network IDs
Always contiguous and start on the left
Valid subnet masks Invalid subnet masks
255.0.0.0 0.255.255.255
255.255.0.0 255.0.255.0
255.255.255.0 255.255.0.255
Default gateway
Term for TCP/IP router Hosts use default gateway to deliver
packets to remote networks Router
– Often a dedicated hardware device– Sometimes computer with multiple NICs– Supports IPv4, IPv6, or both– Moves packets between networks– Has an IP address for every network it’s
attached to
Routing example
DHCP and DHCPv6
Dynamic Host Configuration Protocol Automated mechanism to assign IP
addresses to clients Two versions
– Original DHCP used for IPv4 addressing– DHCPv6 used for IPv6 addressing
Can hand out IP addresses plus other TCP/IP configuration parameters
Fully qualified domain names (FQDNs)
Hierarchical naming scheme:– Domain Name System (DNS)– Berkeley Internet Name Domain (BIND)
Three parts:– Host name– Domain name– Top-level domain name
Example:– www.microsoft.com
Subdomains allowed:– server1.corporate.microsoft.com
FQDN naming specifications
RFC 1123:– ASCII letters a through z (not case-
sensitive)– Numbers 0 through 9– Hyphens
Maximum 255 characters Two nodes with same FQDN, except
host name, don’t need to enter entire FQDN to connect
Domain Name System (DNS)
Server with database matching host names to IP addresses
DNS name has three parts – Computer name– Domain name– Top-level domain name
Can also have subdomains to further divide
NetBIOS
16-character name First 15 characters available for the
name 16th character reserved to describe a
particular service or functionality Can include:
– Letters– Numbers– ! @ # $ % ^ & ( ) - _ ' { } . ~
Must be uniquecontinued
NetBIOS, continued
Can’t contain:– Spaces– \ * + = | : ; “ ? < > ,
Not case-sensitive 16th character reserved
– Expressed as hexadecimal– In brackets <>
Example:– SUPERCORP<1C> – SUPERCORP domain controllers
Flat namespace
Activity A-1
Examining addresses
IPCONFIG
Use to retrieve a computer’s IP configuration– ipconfig /all
Display and modify the current TCP/IP stack
Can be used with switches – ipconfig /?
Examples:– ipconfig /release – ipconfig /renew
Example of ipconfig /all results
Activity A-2
Using IPCONFIG to view IP configuration
Ping
Packet Internet Groper Simple program to test IP connectivity
between two computers Uses ICMP packets Syntax: ping computer
– Where computer is the other computer’s name or IP address
Successful ping
Steps after unsuccessful ping
Use IP address of remote host instead Ping a different computer Use ipconfig to verify computer’s IP
configuration Verify configuration settings in
Network window Check physical connections Reboot computer Remove TCP/IP and reinstall
Activity A-3
Testing TCP/IP connectivity
TCP/IP architecture
Activity A-4
Discussing the TCP/IP architecture
Application-layer protocols
Accept information from applications on the computer
Send information to requested service provider
Available only on TCP/IP networks Each Application-layer protocol is
associated with a client application and service
HTTP
Hypertext Transfer Protocol TCP port 80 Most common protocol used on the
Internet Used by Web browsers and Web
servers Defines what commands Web
browsers can send and how Web servers can respond
Can use HTTP to upload informationcontinued
HTTP, continued
Mechanisms for passing data:– Common Gateway Interface (CGI)– Internet Server Application Programmer
Interface (ISAPI)– Netscape Server Application
Programmer Interface (NSAPI)
HTTPS connections
Secure Web servers use SSL (Secure Sockets Layer) or TLS (Transport Layer Security)
TCP port 443 Create an encrypted communication
channel Use https:// instead of http://
FTP
File Transfer Protocol TCP ports 20 (data) and 21 (control) Simple file-sharing protocol Includes commands for
– Uploading files– Downloading files– Requesting directory listings
Transfers binary files over the Internet without encoding and decoding
Trivial File Transfer Protocol
Trivial FTP or TFTP UDP port 69 Has fewer commands than FTP Can be used only to send and receive
files Can be used for multicasting
Telnet
Terminal emulation protocol TCP port 23 Used for remotely logging on to a
networking device Specifies how Telnet server and
Telnet clients communicate Supports only text-based interface
Simple Mail Transfer Protocol
SMTP TCP port 25 Used to send and receive e-mail
between e-mail servers Also used by e-mail clients to send
messages to the server Never used by clients to retrieve
e-mail from server
Post Office Protocol
Version 3 (POP3) TCP port 110 Most common protocol for retrieving
e-mail messages Has commands to download and
delete messages from the mail server Doesn’t support sending messages
Internet Message Access Protocol
Version 4 (IMAP4) TCP port 143 Used to retrieve e-mail messages More features than POP3 Examples:
– Can choose which messages to download
– Allows for multiple folders for storing messages on the server side
Transport-layer protocols
Responsible for getting data ready to move across the network
Two Transport-layer protocols:– Transmission Control Protocol (TCP) – User Datagram Protocol (UDP)
TCP breaks messages down into smaller pieces called segments
Identify applications by port numbers Combination of IP address and port
number is called a socket
Port numbers 16-bit integer, ranging from 0 to 65535 Three types:
IP address + port number = socket
Port type Description
Well-known ports
Port numbers 0 to 1023 are reserved for privileged services.
Registered ports
These port numbers range from 1024 through 49151. Port 1024 is reserved for TCP and UDP and shouldn’t be used. A list of registered ports can be found on the IANA Web site: www.iana.org/assignments/port-numbers
Dynamic ports A short-lived (dynamic) port is a Transport-protocol port for IP communications. It is allocated automatically by the TCP/IP stack software from the IANA-suggested range of 49152 to 65535. Dynamic ports are typically used by TCP, UDP, or the Stream Control Transmission Protocol (SCTP).
Service port numbersService TCP & UDP
port
FTP TCP 21, 20
SSH TCP 22
Telnet TCP 23
SMTP TCP 25
DNS TCP & UDP 53
BOOTP and DHCP
UDP 67, 68
Trivial FTP
(TFTP) UCP 69
Service TCP & UDP port
HTTP TCP 80
POP3 TCP 110
NTP UDP 123
IMAP TCP 143
SNMP UDP 161 & 162
Secure HTTP
TCP 443
Activity A-5
Using port numbers
802.1x standard
Frequency band divisions – Military– Broadcasters– Amateur radio operators
Broadcast signal is a security issue IEEE 802.1x
– Port-based authentication framework for access to Ethernet networks
– Designed for wired Ethernet networks– Applies to 802.11 WLANs
continued
802.1x standard, continued
Requires three roles in authentication process– Device requesting access– Authenticator– Authentication server
Allows multiple authentication algorithms
Is an open standard
802.11 standard
Operates in 2.4–2.5 GHz band Used for wireless networks OSI Data Link layer Two ways to configure a network
– Ad hoc – Infrastructure
Places specification on Physical and MAC layers
Access point
Transparent bridge between wireless clients and wired network
Includes– At least one interface to connect to wired
network– Transmitting equipment to connect with
wireless clients– IEEE 802.1D bridging software
Major wireless standardsStandard Speeds Frequency Indoor
distanceOutdoor distance
Interference
802.11b <= 11 Mbps
2.4 GHz 50 m 300 m Yes
802.11a <= 54 Mbps
5 GHz 15 m 30 m No; Not compatible with 802.11b
802.11g 20+ Mbps
Ad. to 54 Mbps
2.4 GHz 45 m 90 m Yes; Compatible with 802.11b
802.11n <= 600 Mbps
2.4 or 5 GHz
70 m 250 m No; Compatible with 802.11g, b, & a
802.16 <= 11 Mbps
10–66 or 2–11 GHz
Avg 4-5 miles; 31 miles
No
Bluetooth
A standard for short-range wireless communication and data synchronization between devices
Transmitters and receivers are application-specific integrated circuits (ASICs)
Rates in excess of 1 Mbps Up to three voice channels available 2.4-GHz frequency range 10 meters range
Activity A-6
Comparing wireless network protocols
Topic B
Topic A: Addressing Topic B: Client configuration
Static TCP/IP configuration
Manually entered on each network device
Pitfalls– Time consuming– Error-prone– Making changes is not an efficient
process
NETSH can be used to control TCP/IP parameters
Activity B-1
Comparing TCP/IP parameters
DHCP and DHCP6
Simplifies administration Avoids incorrect IP information Lease is for a fixed period of time
IPv4 lease process
IPv6 lease process
Network devices autoconfigure when connected to a routed IPv6 network
Process1. Performs stateless address
autoconfiguration
2. Sends link-local multicast router solicitation request for configuration parameters
3. Router responds with a router advertisement packet containing network configuration parameter flags
IPv6 router flags
Managed Address Configuration Flag (M flag)– When set to 1, device should use
DHCPv6 to obtain a stateful IPv6 address
Other Stateful Configuration Flag (O flag) – When set to 1, device should use
DHCPv6 to obtain other TCP/IP configuration settings
IPv6 router flags
Managed Address Configuration Flag (M flag)– When set to 1, device should use
DHCPv6 to get a stateful IPv6 address
Other Stateful Configuration Flag (O flag) – When set to 1, device should use
DHCPv6 to get other TCP/IP configuration settings
M and O flags
Both M and O flags are 0 – No DHCPv6 server– Device uses router advertisement to obtain a
non-link-local address – Device uses other methods, such as manual
configuration, to configure other IPv6 configuration parameters
Both M and O flags are 1 – Device should get IPv6 address and other
configuration parameters from DHCPv6 server– DHCPv6 stateful addressing
continued
M and O flags, continued
M flag is 0 and O flag is 1 – Device should use its stateless
autoconfiguration IPv6 address– Device should retrieve other configuration
parameters from DHCPv6 server– DHCPv6 stateless addressing
M flag is 1 and O flag is 0 – Device should obtain IPv6 address from
DHCPv6 server– Doesn’t obtain other TCP/IP configuration
parameters– Combination is rarely used
Activity B-2
Discussing the DHCP lease process
Wireless nodes on a network
Can use infrared (IR) technology 10-20 feet maximum range Devices must aim their transceivers at
each other (line-of-sight technology)– No more than a 30° angle
Often found on notebook computers and PDAs
Most often, “wireless” refers to 802.11
Wireless connection components
Requires– Wireless network card in computer – Wireless router or wireless access point
device on network
Router or WAP broadcasts radio signals
Wireless network cards pick up the broadcasts
Wireless NICs
Wireless access points
Wireless speeds
Distance and data rate affected by– Obstructions within building– Environment noise
Recommend wireless LAN access points within 60 to 90 meters of wireless clients
IEEE speed Data rate Distance (meters)
High 4.3 Mbps 40 to 125
Medium 2.6 Mbps 55 to 200
Standard 1.4 Mbps 90 to 400
Standard low 0.8 Mbps 115 to 550
WAP placement
Informal site survey– Temporary installation of WAPs– Use wireless client to test signal– Use actual locations for clients
Formal site survey– Use field-strength measuring equipment – Install test antenna in estimated WAP locations– Determine strength of test signal at various
points within the range the WAP will service– Move test antenna to get the best signal for the
wireless coverage area
Activity B-3
Examining wireless devices
WLAN security risks
Devices can be lost or stolen Session hijacking Man-in-the-middle attacks Rogue AP WAP has no default security Broadcasts make breaking in easy IEEE and the Wi-Fi Alliance developed
standards for user authentication and media access control
Additional risks
Detectable radio-frequency traffic Data is passed in plain text form Encryption isn’t always strong
– WEP
One-way authentication mechanism One-way open broadcast client
connection War driving War chalking
Wireless security
Access control– Turn off SSID broadcasts– Enable MAC filtering
Encryption– Clients must use same encryption as AP– Static or dynamically changing key
Authentication– RADIUS or other similar systems– Use with encryption
Isolation– Wireless client isolation (AP isolation)– Network isolation
Transmission encryption
WEP WPA/WPA2 Personal WPA2 WPA/WPA2 Enterprise RADIUS 802.11i
802.1x authentication process
Activity B-4
Identifying the technology used to implement WLANs
WAP configuration
Assign a service set identifier (SSID)– Clients use SSID to distinguish between
WLANs
AP typically broadcasts the SSID – Broadcasts identify the security
mechanisms to enable clients to auto-configure connections
continued
WAP configuration, continued
Securing your AP
Set the most secure encryption method compatible with clients
Update AP’s firmware Change AP default admin passwords Change default SSID Disable SSID broadcasts Separate wireless network from wired
network Put wireless network in an Internet-
access-only zone or DMZ continued
Securing your AP, continued
Disable DHCP within WLAN Enable MAC address filtering on AP Enable 802.1x Periodically survey site with wireless
sniffing tool
Activity B-5
Configuring a wireless access point (instructor demo)
Wireless Auto Configuration
Dynamically selects wireless network connection attempt
Based on– Configured preferences – Default settings
Wireless Zero Configuration – Windows 7, Vista, and XP– Windows 2000 with download
Automatically configures address items:– TCP/IP settings– DNS server addresses– IAS server addresses
continued
Auto Configuration, continued
IEEE 802.1x authentication defaults– Infrastructure before ad hoc mode– Computer authentication before user
authentication– If NIC is preconfigured with WEP shared
key, tries to perform IEEE 802.11 shared key authentication
Otherwise, NIC reverts to open system authentication
Windows CE wireless clients
Windows CE .NET palmtop computers include Wireless Zero Configuration
Manual configuration options similar to those in Windows 7, Vista, and XP
Support 802.11a and Native Wireless Fidelity (Wi-Fi)
Non-.NET palmtop wireless configuration is like Windows 2000
RADIUS servers
Submit credentials to the authenticating server
Secured or 802.1x authenticated connections– Wireless AP issues a challenge to client– AP sets up restricted channel, allowing client to
communicate only with RADIUS server– RADIUS server accepts only trusted AP
connections– RADIUS server validates the client credentials– Transmits client master key to wireless AP
Wireless network problems
Determine network name Identify security configurations Check power of notebook’s wireless
NIC Check wireless antenna position Check signal strength Test with
another wireless card
Activity B-6
Configuring a wireless client (instructor demo)
Creating a dial-up connection
Home users connect to ISP Business users connect to remote
access server In Windows 7 and Vista, use the “Set
up a connection or network” wizard
Windows 7 dial-up connection wizard
Activity B-7
Creating a dial-up connection
Dial-up connection properties
Phone number Dialing rules Dialing options Redial attempts Security — Advanced (custom
settings) Protocols and services Internet connection sharing
Activity B-8
Examining a dial-up connection object’s properties
Unit summary
Described how various types of addresses are used to identify devices on a network
Created client network connections through wired, wireless, and dial-up methods