Chapter 2

Checkpoint
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
30/07/02 13:20
Copyright 2000 RMIT Computer Science

All Rights Reserved
1. What is the main benefit of a network?

2. Why is the Internet a "heterogeneous" network?
Overview
COSC1300 - Lecture Notes
Web Servers and Web Technology
Network Layer Models
Note: The story of the Internet makes fascinating reading. Take a look at A Brief History of the
Internet .
So, keep in mind that the Internet is a network made up of a large number of heterogeneous
systems and networks.
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Networking and HTTP
Network Layer Models
Homer Simpson, The Simpsons
Wow! Theyve got the Internet on computers now!

Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:20 2 of 2
The internet was implemented as a means of connecting these different networks together; it is an
"internetwork of networks". The individual systems and networks connected to the Internet are
very varied in nature. Your personal computer (running almost any operating system), a WAP
(Wireless Application Protocol) mobile phone, and an NEC SX-5 supercomputer can all be
connected to the Internet, and can communicate with each other through this medium. Whole
networks can be connected to the Internet; again, there are many types of networks, but systems
communicating over the Internet dont need to know anything about each others network details.
So the computers in a building were connected as a local area network (LAN), and bigger
organisations would use a wide area network (WAN) to connect systems across a country or even
the world. These networks were self-contained within a particular organisation, and typically could
not interact with each other. Data interchange between them was commonly done by physically
transporting reels of magnetic tape to the target computer. Worse still, the systems were often
incompatible, and data interchange was a nontrivial task.
Commercial computing typically started out in the form of a mainframe system with many "dumb"
clients. The IBM PC and its clones made the slogan "a computer on every desk" a practical reality.
However, it was soon realised that while standalone systems are very useful, most organisations
would benefit from connecting them together to allow fast and economical sharing of data.
Why computers are networked.

The heterogeneous nature of the Internet.
Networking protocols.
The TCP/IP protocol suite.
The functions of each of the TCP/IP layers.
Routers and Gateways.
Examining TCP packets using snoop or
sniffit.
n this chapter, we cover
1. Introduction
Overview
COSC1300
C1300: Networking and HTTP
30/07/02 13:20
Each layer source system communicates with its peer in the destination machine. The source
physical layer takes the data passed to it by data link layer A, and passes it to physical layer B,
which passes the data to the data link layer above it. In this way, the two data link layers can be
said to have exchanged data. This scheme holds for all the layers.
As we move up the hierarchy, we move away from the details of how the data gets from A to B,
and towards a more abstract level. Each layer uses the services provided by the layer below.
Figure 1: The OSI reference model
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Network Layers
TCP/IP Network Model
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
30/07/02 13:20 2 of 3
The large number of possible combinations of hardware, software and protocols make networking
a fertile ground for disaster; this can only be avoided by clearly defining the function and interface
of each component. There is actually a standardised model for deciding where in the hierarchy a
particular network component is located. It is called the OSI (Open Systems Interconnection)
reference model, and consists of seven layers as shown in Figure 1.
It is clear that the systems physically connected to each other (on a single segment) must all speak
the same "language"; the role of the language is played by communications protocols. The protocol
determines how the data should be packaged and addressed in order to reach its destination. In
many cases, the data packets may travel by different routes and arrive at the destination in the
wrong order or corrupted; they may never arrive at all. The protocol must ensure that all packets
are received correctly; it must extract the data and present it to the user application.
A computer network consists of many components: the entities (called "hosts") to be connected
(computers, printers etc.), the physical medium connecting them (coaxial cable, unshielded twisted
pair (UTP), optic fibre etc.), interface devices to connect the hosts to the medium, and the
necessary software to make everything work.
Networking protocols.
Network protocol models.
n this section you will cover:
2. The Network Layer Models
Introduction to Networking and the Internet
COSC1300
C1300: Network Layers
Introduction to Networking and the Internet

At the destination host:
Link Layer
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
30/07/02 13:20
finds out the network address of the destination.

breaks the data to be transferred into packets.
attaches a header to each packet indicating source address, destination address,
error-detection code etc.
sends the packets (now called "datagrams") to the physical interface (e.g. ethernet network
card driver).
handles the low-level details of sending data down a physical link to the correct destination
listens for the destination to acknowledge receipt of the datagrams; if any are not
acknowledged, sends them again.
At the source host:
The protocols part of the TCP/IP suite perform the following functions:
Just as the systems on a local area network must use the same protocol to communicate, the
systems on the Internet must also have a common protocol. The set of protocols used on the
Internet is referred to as the TCP/IP (Transmission Control Protocol/Internet Protocol) suite.
TCP/IP networks support three types of data packets: IP, TCP and UDP. These will be discussed
later.
The TCP/IP protocol suite.

The TCP/IP network model.
The functions of the TCP/IP protocols.
The concept of the datagram.
Networking Layer Models
COSC1300
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: TCP/IP Network Model
TCP/IP Network Model
30/07/02 13:20 1 of 4

All Rights Reserved
1. What is a protocol?
2. What do we mean by logical connections between peer layers?
Checkpoint
Figure 2: Logical data flow between peer OSI model layers
C1300: Network Layers
Figure 4: Logical data flow between peer TCP model layers
Figure 5: Protocol Data Unit down the TCP/IP model layers
Checkpoint
30/07/02 13:20
Application layer
The top layer is the application layer; any program that uses network services (such as telnet,
ftp etc.) is placed in this layer. It represents the consumers of network services, which the
lower three layers work together to provide.
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: TCP/IP Network Model
30/07/02 13:20 3 of 4
Link layer
The link layer comprises of the physical communications hardware and the associated
device drivers. It handles the details of sending the data over the physical medium. An
ethernet network card and its driver (software/firmware) are considered to be in this layer.
The same would be true for a satellite modem and its associated drivers.
Network (internet) layer
The network layer provides addressing, routing, and flow control services. The
non-guaranteed delivery protocols (IP, ICMP, IGMP) are located in this layer.
Host-to-Host Transport layer
The transport layer is responsible for ensuring that the destination correctly receives all the
data sent to it. TCP is the main protocol used in this layer, although UDP can also be used if
required.
Figure 3: Comparison of OSI and TCP/IP models
Note that another name for layer 2 is the "internet" layer (not the "Internet" layer); a TCP/IP
network doesnt have to be connected to the "Internet". As in the OSI model, each layer has a
specific function and provides services to the layers above. Figure 3 shows how the two models
stack up against each other.
While the OSI model allows us to separate the different tasks involved in implementing a network
into clearly defined categories, it has not been widely implemented. TCP/IP has its own network
model, which is composed of four layers; the link (or data link), network (or internet), transport,
and application layers.
Note that TCP/IP does not "know" what the data is; it just takes the data given to it and ensures that
it gets to the destination. From this discussion, we can judge that TCP/IP provides a "service" to
the user application, i.e. it is lower down on the "network hierarchy".
receives the datagrams from the physical interface device.

checks that the individual datagrams have arrived without corruption; if a datagram has been
received intact, sends an acknowledgement to the source.
waits for all the necessary datagrams to arrive intact, places them in the correct order, and
passes them to the user application.
C1300: TCP/IP Network Model
Addressing
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
30/07/02 13:21
One important factor in network speed is the number of links a packet must travel along in order to
reach its destination. Let us see how a data packet gets from yallara.cs.rmit.edu.au to
Depending on the consumer requirements (and budget!), the physical layer can be anything from
an ordinary telephone line to a T1 carrier. For details of some of the technologies used to connect
to the Internet, see Physical Layer.
From this discussion, it is clear that data transfer speeds are constrained by the capacity of the
physical medium (the bandwidth), and the ability of the devices at either end (the link terminators)
to use this bandwidth. Other factors, such as sharing a physical link between several devices
(multiplexing) affect data transfer rates.
Different media have different "bandwidths", which limits the speed with which information may
be transmitted along them. For example, most people connect to the Internet from home using the
standard telephone system, which was designed to pack many voice channels onto a single wire. In
practical terms, this limits modems using analog telephone lines to around 33.6 kilobits per second.
On the other hand, the bandwidth may be available, but our equipment cant use it. For example,
we may have a slower 14.4 kbps modem, which doesnt make use of the capacity of the medium.
Two devices can only communicate if they are connected via a physical medium, such as ordinary
telephone wire, broadband cable, or radio. At either end, there needs to be hardware that serves as
an interface between the computer and the physical medium.
Physical media types.

Hops.
Datagram Time To Live (TTL).
The traceroute command.
3.1. The Link layer
The TCP/IP Networking Model
COSC1300
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Link Layer
Link Layer
30/07/02 13:20 1 of 2

All Rights Reserved
Why do we call the TCP/IP protocols a "protocol suite"?

List some of the functions of the TCP/IP protocol suite.
What are the TCP/IP model layers?
What is a datagram?

Networking Layer Models
1.
2.
3.
4.
C1300: TCP/IP Network Model

Link Layer
Network Layer
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
30/07/02 13:21

All Rights Reserved
Network Layer
Incidentally, since the MAC is unique and part of the network card, it identifies the host, and has
been the topic of a number of privacy concerns.
Each ethernet network interface card (NIC) has a unique identification number stored into it at the
factory, called the Media Access Control (MAC) address. Just like everything else computers deal
with, system addresses are binary numbers. The NIC MAC address is 6 bytes (48 bits) long.
Hosts on a network must be assigned an address which is unique within the network so that they
can communicate with each other. Note that the address is actually for the network interface, not
the machine itself. If a machine is connected to more than one network, it is called "multihomed".
A multihomed machine needs a separate address for each of its interfaces.
MAC addresses
MAC addresses.
Link Layer
COSC1300
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Physical Addressing
30/07/02 13:21 1 of 1

All Rights Reserved
List some physical layer media.

What is bandwidth?
What is a hop?
What is TTL?
Which unix command displays datagram progress through the network?
Checkpoint
1.
2.
3.
4.
5.
The TCP/IP Networking Model

Addressing
If a packet cannot find a way to its destination, it must not be allowed to bounce around the
Internet for ever; to ensure this, packets are assigned a Time To Live (TTL) specified in hops. In
the traceroute output, the TTL is stated as 30 hops. At each intermediate node, the packet TTL is
decremented by one, and if it reaches zero, it is not sent onwards.
Take a look at Telstra BigPond.
This shows that the packet had to travel through 19 intermediate nodes (make 19 "hops") to reach
the target machine. The packet takes time to travel along each hop; more importantly, some
processing must be undertaken at each node. The machine must decide whether this packet must be
sent forward, and if so, where to. If the machine has to translate between different protocols or
provide buffering to synchronise protocols of different speeds, even more time is needed. The time
taken for a packet to reach its destination is referred to as the network latency.
Note: The Windows NT equivalent of this command is tracert
yallara.cs.rmit.edu.au% /usr/local/sbin/traceroute www.bbc.co.uk

traceroute to www.bbc.net.uk (212.58.240.32), 30 hops max, 40 byte packets
1 r1021a (131.170.24.250) 0.894 ms r1003a (131.170.24.254) 1.663 ms 2.043 ms
2 131.170.5.254 (131.170.5.254) 3.819 ms 3.368 ms 4.909 ms
3 fw-subnet4.its.rmit.edu.au (131.170.4.254) 2.475 ms * 2.499 ms
4 131.170.75.254 (131.170.75.254) 3.749 ms 3.413 ms 2.731 ms
5 vic-gw.vrn.edu.au (203.21.130.129) 3.414 ms 3.473 ms 3.209 ms
6 ATM2-0-0-5.ia4.optus.net.au (192.65.88.193) 18.744 ms 18.488 ms 18.847 ms
7 202.139.191.21 (202.139.191.21) 19.008 ms 18.031 ms 18.703 ms
8 Hssi11-0-0.sf1.optus.net.au (192.65.89.234) 279.163 ms 264.839 ms 339.100 ms
9 205.174.74.165 (205.174.74.165) 277.527 ms 286.570 ms 337.615 ms
10 s2-0-0.paloalto-cr18.bbnplanet.net (4.1.142.253) 207.691 ms 361.878 ms 338.257 ms
11 p3-2.paloalto-nbr2.bbnplanet.net (4.0.3.85) 318.680 ms 283.250 ms 340.615 ms
12 p4-0.sanjose1-nbr1.bbnplanet.net (4.0.1.2) 349.907 ms 282.473 ms 243.778 ms
13 p1-0.sanjose1-nbr2.bbnplanet.net (4.0.5.86) 349.956 ms 363.348 ms 339.923 ms
14 p3-0.nycmny1-br2.bbnplanet.net (4.24.7.57) 352.540 ms 422.911 ms 410.041 ms
15 p4-0.nycmny1-br1.bbnplanet.net (4.24.6.225) 350.805 ms 353.262 ms 423.527 ms
16 p4-0.nyc4-nbr2.bbnplanet.net (4.0.5.98) 416.172 ms 417.789 ms 392.489 ms
17 p0-0-0.nyc4-cr6.bbnplanet.net (4.0.1.137) 271.169 ms 420.154 ms 430.668 ms
18 h0.bbc.bbnplanet.net (4.1.79.18) 405.584 ms 424.183 ms 416.847 ms
19 38.160.150.32 (38.160.150.32) 382.315 ms 445.534 ms *
www.bbc.co.uk (bold indicates my typing):
C1300: Link Layer

The IP Protocol.
The ICMP Protocol.
The IGMP Protocol.
The ping command.
IP Addressing
yallara.cs.rmit.edu.au% /usr/sbin/ping vaughanpc.mds.rmit.edu.au

ICMP Host redirect from gateway r1021a.cs.rmit.edu.au (131.170.24.250)
to r1003a.cs.rmit.edu.au (131.170.24.254)
for vaughanpc.mds.rmit.edu.au (131.170.70.158)
ICMP Host Unreachable from gateway 131.170.13.128
for icmp from yallara.cs.rmit.edu.au (131.170.24.42) to
vaughanpc.mds.rmit.edu.au (131.170.70.158)
to r1003a.cs.rmit.edu.au (131.170.24.254) for
30/07/02 13:22
We could look up a machine that does exist (i.e. we can look it up in a DNS table), but which is
disconnected (actually switched off):
yallara.cs.rmit.edu.au% /usr/sbin/ping mystery.ipm.ac.ir

/usr/sbin/ping: unknown host mystery.ipm.ac.ir
Notice that we called the machine "rose", but ping returned messages about "vax". Clearly, "rose"
is an alias for the machine called "vax" (194.225.70.70). Now, lets make up a name for a machine
on the ipm.ac.ir network, and ping it:
yallara.cs.rmit.edu.au% /usr/sbin/ping rose.ipm.ac.ir

to r1003a.cs.rmit.edu.au (131.170.24.254) for vax.ipm.ac.ir (194.225.70.70)
vax.ipm.ac.ir is alive
Ping is a very useful tool that makes use of ICMP (the messages ping gives are basically ICMP
error messages). For example, lets see if the machine rose.ipm.ac.ir can be reached:
been found.
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Network Layer
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
30/07/02 13:22 2 of 3
The Internet Control Message Protocol (ICMP) provides a degree of intelligence to IP operations;
for example, if the packets cannot be sent out because the gateway is down or the address has not
ICMP
The Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP)
are placed alongside IP in the network layer, but actually make use of IP services.
ICMP and IGMP
IP cannot broadcast in search of the destination address, since the machines are often not
physically on the same network. Instead, it must ask another host to pass on the datagram towards
the destination.
Routing packets through the network

Best effort at delivery; it does not guarantee delivery.
Connectionless transfer; it does not guarantee that the data packets will arrive at the
destination in correct order.
The functions handled by IP are:
IP
3.2. Network layer
Physical Addressing
COSC1300
C1300: Network Layer
Checkpoint
Routing
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
30/07/02 13:22
For a IP network, the network address is a four-byte (32-bit) number called the IP address. To make life
easier, it is custom to write IP addreses as a sequence of four decimal numbers, separated by dots (the dotted
decimal notation), such as "131.170.70.36". As discussed above, a multihomed machine needs a separate IP
address for each of the TCP/IP networks it is connected to.
IP addresses
IP addresses.
Host names and aliases.
Address Hierarchy and CIDR
Netmasks
The ifconfig, hostname, and nslookup commands.
The ifcfg-eth0 and /etc/netmasks files.
3.2.1. IP Addressing
Network Layer
COSC1300
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: IP Addressing
30/07/02 13:22 1 of 5

All Rights Reserved
1. Why is IP referred to as connectionless?

2. What are ICMP and IGMP?
3. Name one common command that uses ICMP.
Physical Addressing
IP Addressing
The Internet Group Management Protocol (IGMP) provides a mechanism for sending data to a
number of different hosts on a network. The hosts are configured as members of the IGMP address
group, and receive all packets sent to the group.
IGMP
So, the host is unreachable. Can you see the tell-tale "for icmp" in the messages?

no answer from vaughanpc.mds.rmit.edu.au
C1300: Network Layer
lo
yallara.cs.rmit.edu.au% hostname
yallara.cs.rmit.edu.au
decimal address range

network 1 131.170.0.1 to 131.170.63.254
network 2 131.170.64.1 to 131.170.127.254
binary address range
10000011.10101010.00000000.00000001 to
10000011.10101010.00111111.11111110
10000011.10101010.01000000.00000001 to
10000011.10101010.01111111.11111110
30/07/02 13:22
The address prefix length for RMIT is 16, meaning that the first 16 bits of the IP address represent the
RMIT network and the final 16 bits can be broken down into more specific physical networks and then into
individual hosts. This means that any packet with an IP address beginning with 10000011.10101010 will be
delivered to RMIT. Coincidentally, this prefix is also at a byte boundary, corresponding to IP addresses
beginning with 131.170. Further down the heirarchy, this isnt the case. For instance, we may decide to
break the RMIT network into four. To do this we would tell the router at the top of the RMIT network that
there are four networks with a prefix length of 18, which means that 131.170.24.36 and 131.170.174.18
would be delivered to different networks. The table below demonstrates this for address prefix length of 18.
The IP address for www.cs.rmit.edu.au is 131.170.24.36, which translates to

10000011.10101010.00011000.00100100 in binary. You should verify this by converting the number
yourself. The address prefix is the number of bits of the IP address that represent the current network. This
is also known as the netmask. There are a number of different notations for the prefix or netmask, which we
will discuss below.
The same is true for IP addresses, but the heirarchy is a binary heirarchy. This addressing scheme is known
as Classless Inter-Domain Routing or CIDR (usually pronounced cider). In order to understand how IP
addresses and netmasks interact, it is important to understand binary and how to convert between decimal
and binary. See the links page of the subject website for references.
An example of heirarchical addressing is the telephone system. If you are making a call to the RMIT
Computer Science office from overseas you would dial 61 3 99252348. The telephone switch in the country
that you are dialing from doesnt know that this number corresponds to a specific extension at RMIT, but it
does know that 61 is the country code for Australia, so it knows to which switch to forward the call. In the
same way, 3 is the area code for Victoria and Tasmania and 992 is RMIT. It isnt until the call gets to RMIT
that a switch needs to know that the extension number is 52348.
A 32-bit IP address can represent more than four billion hosts. Obviously, it is not possible for every router
to store the addresses of all hosts, so there needs to be a system where a router can at least forward packets
to the next hop on its journey. This is done by assigning IP addresses heirarchically, meaning that IP
addresses that are physically close, all share the same prefix.
Address Hierarchy and CIDR:
Usually, an organisation is allocated a range of addresses which it is free to allocate as it wishes. Often a
local ISP can provide clients with IP addresses from the range they administer.
We can assign any nickname we want to a machine, on condition that it is unique within its immediate
network. However, we must apply for an unallocated IP address. IP addresses used to be obtained from
InterNIC (Internet Network Information Center), but many private companies are now authorised to provide
this service. A list of these companies is available at InterNIC.
We see that the name "www" is an alias for the machine "io", which has the IP address "131.170.70.10".
The alias allows the network administrator to change the physical machine acting as the web server, without
having to tell the world about it.
Name:
io.mds.rmit.edu.au
Address: 131.170.70.10
Aliases: www.mds.rmit.edu.au
yallara.cs.rmit.edu.au% /usr/sbin/nslookup www.mds.rmit.edu.au

Server: ns1.cs.rmit.edu.au
Address: 131.170.24.1
Multimedia Database Systems Group has a web server, which, not surprisingly, is called
www.mds.rmit.edu.au. Lets see what its IP address is:
To see the relationship between an IP address and a machine name, you can use the unix nslookup
command.
yallara.cs.rmit.edu.au% /usr/sbin/nslookup yallara
Server: ns1.cs.rmit.edu.au
Address: 131.170.24.1
Name:
yallara.cs.rmit.edu.au
Address: 131.170.24.42
From this we see that the machine "yallara" has the IP address "131.170.24.42". The "Server"
ns1.cs.rmit.edu.au is a name server, which well discuss later.
A machine may have names other than its real one; these are called "aliases". For example, the RMIT
30/07/02 13:22 3 of 5
Since humans are bad at memorising strings of numbers, hosts are often given a name, such as "kroid",
"goanna", "yallara". Host names are not case-sensitive. You can determine the name of a unix system by
using the hostname command:
We see the ethernet card (called eth0) has the MAC address "00:06:29:85:7F:6C", and has been allocated
the IP address "131.170.70.156". The device "lo" is a loopback device, and points to the host itself (more on
this below).
Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:3131 errors:0 dropped:0 overruns:0 frame:0
TX packets:3131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
[root@seyedpc /root]# ifconfig

eth0
Link encap:Ethernet HWaddr 00:06:29:85:7F:6C
inet addr:131.170.70.156 Bcast:131.170.70.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92356 errors:0 dropped:0 overruns:0 frame:0
TX packets:61149 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0x7c60
My PC connects to the local IP network with an ethernet card. I can list the network interfaces using the
ifconfig command:
Figure 6: A portion of a network showing IP addresses
C1300: IP Addressing
30/07/02 13:22
Routing

All Rights Reserved
What is an alias?
What does a netmask do?
What are subnetting and supernetting?
What do the ifconfig, hostname, and nslookup commands do?

Network Layer
1.
2.
3.
4.
Checkpoint
Figure 7: IP Calculator results for 131.170.70.156
30/07/02 13:22 5 of 5
You could play around with IP Calculator to get an idea about how addresses and netmasks interact.
You can also download ipsc for use on Linux machines. Heres an example for seyedpc (131.170.70.156):
yallara.cs.rmit.edu.au% cat /etc/netmasks

131.170.0.0
255.255.255.0
We see that the netmask is 255.255.255.0, equivalent to a prefix length of 24, which means that the local
network is actually 131.170.70.0 For yallara, we can look at /etc/netmasks:
[stahagho@seyedpc /etc]$ cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
IPADDR="131.170.70.156"
NETMASK="255.255.255.0"
...
We need to know the network mask in order to determine whether a host is on the local network. For
example, 131.170.0.0 might refer to the network on which seyedpc (131.170.70.156) is located. As a matter
of fact, we can find this out by looking at the file /etc/sysconfig/network-scripts/ifcfg-eth0 (for Linux
systems):
The RMIT network is generally represented as 131.170/16 or 131.170.0.0/16, the 16 representing the prefix.
As a netmask this would be written as 11111111.11111111.00000000.00000000 or, in decimal notation,
255.255.0.0. These notations all mean the same thing; the first 16 bits represent the specific network. All
packets beginning with the 16 bits 10000011.10101010 will be delivered to the router at the top of the
RMIT heirarchy.
As you can see, the first 16 bits are all the same, relating to the RMIT network. The two bolded bits
represent the four possible networks that we have created by dividing our network with a 16 bit prefix into
networks using an 18 bit prefix.
network 4 131.170.192.1 to 131.170.255.254
10000011.10101010.10000000.00000001 to
network 3 131.170.128.1 to 131.170.191.254
10000011.10101010.10111111.11111110
10000011.10101010.11000000.00000001 to
10000011.10101010.11111111.11111110
C1300: IP Addressing
Networking
30/07/02 13:23
Address Resolution

All Rights Reserved
1. What is the difference between a router and a gateway?
Checkpoint
Figure 10: Router operation.
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Routers
Address Resolution
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
30/07/02 13:23 2 of 2
The router must know the exact size of the IP address network portion, so it must compare the destination
address with the netmask. If the destination is on the local network, ARP is used to determine its MAC
address. If a destination is not on the local network, it is most often sent to the default gateway; this sends
the data on to another host which may be able to look up the address.
The router needs a link layer (such as a network card and drivers) for each of the networks it is connected to.
The router looks at the datagram destination address and decides which way to send it. This means that it
must incorporate network (IP) layer capabilities; it doesnt need anything from the upper two levels.
A gateway is a special type of router; it connects networks that use different protocols. For example, we
may use an ethernet network within a company, but would require a gateway (which can communicate
using both ethernet and TCP/IP) to connect to the Internet.
A router is a device (dedicated device or perhaps a PC) that takes data packets from one network and sends
them down another network towards their destination.
A datagram is routed by choosing its next-hop destination at each router along its path.
Routers.
Gateways.
3.2.2. Routing
Networking
COSC1300
C1300: Routers
Transport Layer
We can also display the IP addresses instead of the names:
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------131.170.24.254
UGHD
0
2
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
yallara.cs.rmit.edu.au% netstat -nr

Routing Table:
Destination
-------------------203.21.64.250
210.9.224.159
131.170.70.10
144.132.50.174
204.71.200.138
202.106.184.200
202.106.187.140
202.92.93.147
202.106.184.199
30/07/02 13:23
If we look carefully at the second column, we notice that all data must pass through r1003a or
r1021a, which are routers. The name "localhost" refers back to the current machine, i.e. yallara.
The Flags U, G, and H designate that the specified machine is up (running), a gateway, and a host
respectively. From the "Use" column, we can see which route has been used the most.
Destination
Gateway
Flags Ref
Use
Interface
------------------------------------ ---------------hg1.hitbox.com
r1003a
UGHD 0
1
208.178.148.50
r1003a
UGHD 0
1
io.mds.rmit.edu.au
r1003a
UGHD 0
1
LDIP-T-005-p-59-47.tmns.net.au
r1003a
UGHD 0
1
216.52.6.39
r1003a
UGHD 0
2
a203-166-10-137.deploy.akamaitechnologies.com r1003a
UGHD 0
1
dzzk.net
r1003a
UGHD 0
1
ppp20116.its.rmit.edu.au
r1003a
UGHD 0
1
ppp20150.its.rmit.edu.au
r1003a
UGHD 0
1
203.36.162.63
r1003a
UGHD 0
0
CPE-24-192-0-14.vic.bigpond.net.au
r1003a
UGHD 0
1
208.49.239.150
r1003a
UGHD 0
1
203.89.237.102
r1003a
UGHD 0
1
usa.nedstat.net
r1003a
UGHD 0
1
131.170.24.0
yallara
U
3
97920 ge0
BASE-ADDRESS.MCAST.NET
yallara
U
3
0
ge0
default
r1021a
UG
01385711
localhost
localhost
UH
04377798
lo0
Routing Table:
yallara.cs.rmit.edu.au% netstat -r
Lets see how yallara decides where to send data packets by looking at its routing table:
Note that the root name server probably doesnt know about the machine "yallara" or "kroid"; it
does know which DNS server is responsible for the associated domain, and can help it fulfil the
request. Several DNS servers may be contacted until the IP address is resolved. If a DNS server has
to ask a remote authoritative server, it updates its own cache with the lookup result.
A name server has a longer lookup table. If it, too, cant find the destination in its list, it has to ask
another machine. Name servers are organised in a hierarchical fashion, with local machines
handling common requests, and a small number of root name servers at the top of each domain
hierarchy. The root name servers hold lists of DNS servers operating directly under them.
yallara.cs.rmit.edu.au% cat /etc/resolv.conf

;
$Id: resolv.conf,v 1.1 1998/12/01 03:34:59 lukem Exp $
;
domain
cs.rmit.edu.au
search
cs.rmit.edu.au rmit.edu.au
nameserver
131.170.24.1
nameserver
144.205.16.1
have an entry for the destination. The system administrator has specified two name servers for
yallara:
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Address resolution
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
30/07/02 13:23 2 of 3
In addition, we specify a Domain Name Service (DNS) server that we can ask for help if we dont
However, there are many millions of IP addresses in use, and listing every host on the Internet is
practically impossible. To circumvent this problem, each machine has a short list of addresses that
it needs regularly, such as those shown above for yallara.
yallara.cs.rmit.edu.au% cat /etc/hosts

127.0.0.1
localhost
131.170.24.34
yallara-2.cs.rmit.edu.au yallara2
131.170.24.38
platypus.cs.rmit.edu.au platypus
131.170.24.39
echidna.cs.rmit.edu.au echidna
131.170.24.40
goanna.cs.rmit.edu.au
goanna
131.170.24.42
yallara.cs.rmit.edu.au yallara
131.170.24.45
taipan.cs.rmit.edu.au
taipan
144.205.16.13
trouser.cs.rmit.edu.au trouser
We could have a list of machine names and their IP addresses on each machine. Yallara knows the
names and addresses of several other hosts:
We mentioned that machines can have names which are easier to remember than numerical IP
addresses. However, computers can only use the IP address, so there must be a mechanism to
translate a name to an IP address.
Hostname Resolution
Hostname resolution.
IP address resolution.
The ARP protocol.
The netstat command.
The /etc/hosts and /etc/resolv.conf files.
3.2.3. Address Resolution
Routing
COSC1300
C1300: Address resolution
131.170.24.42
131.170.24.42
131.170.24.250
127.0.0.1
U
U
UG
UH
ge0
ge0
lo0
The TCP protocol.

Sliding window acknowledgement.
The UDP protocol.
Figure 8: TCP virtual circuit setup.
30/07/02 13:23
Application Layer
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
With IP, we have no way of knowing whether the datagrams have arrived at the destination in
order, or indeed, whether they have arrived at all. The role of TCP in the transport layer is to
supply data to the IP layer and monitor its operation; if any packets are lost (the destination
transport layer has not acknowledged receiving them), they should be resent.
TCP
Address Resolution
COSC1300
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Transport Layer

3 101020
3
0
01418445
04380143
30/07/02 13:23 1 of 3

All Rights Reserved
What does hostname resolution involve?

What is IP address resolution?
What is the relationship between MAC and ARP?
What does the netstat command do?
Checkpoint
1.
2.
3.
4.
Routing
Transport Layer
For a destination host that is not on the local network, the destination MAC address is resolved as
the MAC address of the default gateway. Host A sends the datagram to the default gateway using
Host Bs IP address, but the gateways MAC address.
A broadcasts a message on the network, specifying Bs IP address, and asking for its MAC
address.
B receives this request, and sends a short message to System A, informing it of its MAC
address.
A then adds this address to its ARP cache, so that it doesnt have to ask every time.
If host A wants to communicate with host B, it needs to know Bs MAC address. If it doesnt have
it already, it needs to ask. This procedure is carried out according to the Address Resolution
Protocol (ARP).
A server posing as a DNS server could redirect requests (given by name) to the wrong site (IP
address). It is possible for a hacker to modify some of the DNS table entries. Secure DNS attempts
to address this issue.
131.170.24.0
224.0.0.0
default
127.0.0.1
C1300: Address resolution
Checkpoint
30/07/02 13:23

All Rights Reserved
1. Why is TCP referred to as connection-oriented?

2. What is the benefit of sliding window acknowledgement?
3. What is UDP and where would it be used?
Address Resolution
Application Layer
TCP sets up a virtual circuit between hosts, and provides sequenced and reliable transfers.
UDP is connectionless, unsequenced, and not reliable; however, it has much lower overhead than
TCP.
The user data protocol (UDP) interfaces to the IP and Application layers in much the same way as
TCP does, but does not guarantee delivery. If we use UDP and want reliable transfers, the
application must ensure reliability itself.
a. The destination is not any particular host (it is a broadcast). From the printers point of view,
it is not critical that I know that it has run out of paper.
b. The data doesnt have a particular start and end, i.e. a machine which starts listening to the
message wouldnt need to ask for the previous packets to be sent again. I can connect to a
radio station broadcasting on the Internet at any time.
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Transport Layer
The two points to keep in mind are that in most cases:

30/07/02 13:23 3 of 3
TCP provides guaranteed end-to-end delivery of data. However, ensuring that packets are delivered
to the destination involves a lot of overhead. Some applications, such as web broadcasting, do not
require delivery to be guaranteed. The data is sent out to the destination with the hope that it
reaches the destination. Imagine live streaming audio; the delays inherent in guaranteed delivery
would make it impractical. Another such application is for devices attached to the network to
broadcast their status, such as "printer out of paper".
UDP
Figure 9: Data transmission with sliding window.
We can imagine a window covering the packets which have been sent but not yet acknowledged.
As the acknowledge signals come through, the window is reduced from the left, and as new
packets are sent, it is expanded to the right, and so it effectively "slides" forward. Keep in mind
that the destination hosts receive buffer is cleared as the target application reads it; a slow target
application or a busy machine will keep transfer rates low.
However, this approach is quite slow. The "sliding window" method is used in most packet data
systems. Here, the source will send a specified number of packets without waiting for them to be
acknowledged. For example, for a window size of seven, the source will send packets 1-7, then
wait. When packet 1 is acknowledged, packet 8 can be sent, and so on.
The source TCP layer resends any packets that have not been acknowledged. A copy of the sent
data must be kept until we are sure that the target has received it intact (with an Acknowledge
signal). In a primitive case, it would send a packet, wait for it to be acknowledged, and then move
on to the next packet. If a packet has not been acknowledged by a certain time (a timeout), it is
resent.
Sliding window acknowledgement
Due to long delays, the source machine might decide that a packet has been lost, and so it will send
it again. The destination machine will receive two copies of this packet. At the receiving end, the
transport layer acknowledges received datagrams, discards duplicates, orders them, and extracts the
data for presentation to the application layer. Since TCP handles all the management of the data
transfer, the programs in the application layer need not be concerned with any of the details.
C1300: Transport Layer
Packet Sniffing
Service
Telnet
Finger
Gopher
HTTP
SSL
DNS
FTP
SMTP
110
119
6667
19
Table 1: Some Well-known ports

Port Description
23 Protocol to log into and use another host.
79 Display information about a remote user.
70 Menu-based data access (outdated).
80 Base protocl of the World-Wide Web.
443 Provides security services to applications.
53 Resolve hostnames to IP addresses.
21 File Transfer Protocol
25 Used for sending email
yallara.cs.rmit.edu.au% cat /etc/services

tcpmux
1/tcp
echo
7/tcp
echo
7/udp
discard
9/tcp
sink null
discard
9/udp
sink null
systat
11/tcp
users
daytime
13/tcp
daytime
13/udp
netstat
15/tcp
chargen
19/tcp
ttytst source
30/07/02 13:24
The list of services and ports is kept in the file /etc/services on unix systems. You should be able to
pick out the main services from the services file on yallara:
A server application must listen to its assigned port and service any requests. However, a port may
be idle for long periods, which makes it inefficient to keep the server application in memory all the
time. Instead, the "inet.d" daemon (pronounced "demon") runs in the background and listens to all
the assigned ports, and launches the application associated with the port when a request arrives.
When the application finishes servicing the request, it terminates. For services which receive a lot
of requests, the overhead of loading the application each time is often prohibitive. Thus,
highly-used servers such as web servers are often run in standalone mode.
Used for downloading email

Internet News and News Groups
Internet Relay Chat
Network Time Protocol
POP3
NNTP
IRC
NTP
You can set up applications to listen on any port, but youd have to tell prospective clients to
specify that port. For example, you can set up your own web server on yallara to use port 54321,
but anyone who wanted to see your web page would need to write the URL as
http://yallara.cs.rmit.edu.au:54321
In general, port numbers below 1024 are restricted to use only by the system administrator. Port
numbers 1024-5,000 are usually allocated dynamically by the operating system for client
applications, and are referred to as "ephemeral" ports.
This is possible due to the use of "ports". Each application type (service) uses a unique and
standard 16-bit port number. For example, a telnet program will connect to yallara on port 23,
while a web browser will use port 80. Table 1 shows a list of common port numbers. These are
sometimes referred to as "well-known", "documented" or "assigned" port numbers. You can find a
more comprehensive list at www.chami.com.
applications on yallara?
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Application Layer
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
30/07/02 13:24 2 of 4
A host could have a number of applications that use network services. For example, I can use telnet
to connect to yallara.cs.rmit.edu.au; I can concurrently run a web browser and open the web page
at yallara.cs.rmit.edu.au. I have two client programs (telnet and the web browser) running on my
system, and two server applications are running on yallara. Since yallara only has one IP address
(131.170.24.42, see IP addresses), how can my client applications connect to two different server
Telnet (Telecommunications Network Protocol)

HTTP (HyperText Transfer Protocol)
NNTP (Network News Transfer Protocol)
SMTP (Simple Mail Transfer Protocol)
POP (Post Office Protocol)
IMAP (Internet Message Access Protocol)
FTP (File Transfer Protocol)
TFTP (Trivial File Transfer Protocol); this can only take public files, with no authentication.
It is used to boot diskless workstations etc.
Common application layer protocols include:
At the top level of the protocol hierarchy are the application protocols. Applications communicate
with each other by using the services provided by the Transport layer, usually by using a socket. A
TCP socket is a input/output stream that an application can use to send and receive data, similar to
the manner in which it can use a file handle.
Application layer protocols.

Application ports.
The /etc/services file.
Transport Layer
COSC1300
C1300: Application Layer
pop3
ident
imap
simap
spop3
radius
radacct
chargen
ftp-data
ftp
telnet
smtp
time
time
name
whois
domain
domain
bootps
bootpc
hostnames
sunrpc
sunrpc
tftp
rje
finger
link
supdup
iso-tsap
x400
x400-snd
csnet-ns
pop-2
uucp-path
nntp
ntp
ntp
NeWS
exec
login
shell
printer
courier
uucp
biff
who
syslog
talk
route
new-rwho
rmonitor
monitor
pcserver
kerberos
kerberos
ufsd
ufsd
ingreslock
listen
nfsd
nfsd
lockd
lockd
dtspc
fs
xaudio
1489/tcp
1490/tcp
110/tcp
113/tcp
143/tcp
993/tcp
995/tcp
1645/udp
1646/udp
19/udp
20/tcp
21/tcp
23/tcp
25/tcp
37/tcp
37/udp
42/udp
43/tcp
53/udp
53/tcp
67/udp
68/udp
101/tcp
111/udp
111/tcp
69/udp
77/tcp
79/tcp
87/tcp
95/tcp
102/tcp
103/tcp
104/tcp
105/tcp
109/tcp
117/tcp
119/tcp
123/tcp
123/udp
144/tcp
512/tcp
513/tcp
514/tcp
515/tcp
530/tcp
540/tcp
512/udp
513/udp
514/udp
517/udp
520/udp
550/udp
560/udp
561/udp
600/tcp
750/udp
750/tcp
1008/tcp
1008/udp
1524/tcp
2766/tcp
2049/udp
2049/tcp
4045/udp
4045/tcp
6112/tcp
7100/tcp
1103/tcp
ttytst source
mail
timserver
timserver
nameserver
nicname
hostname
rpcbind
rpcbind
ttylink
usenet
news
cmd
spooler
rpc
uucpd
comsat
whod
router routed
new-who
rmonitord
kdc
kdc
ufsd
ufsd
#
#
#
#
no passwords used
line printer spooler
experimental
uucp daemon
Network News Transfer

Window System
30/07/02 13:24 4 of 4
Transport Layer
Packet Sniffing
30/07/02 13:24

All Rights Reserved
3. What is a daemon?
4. Why dont we always use daemons for server applications?
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Application Layer
# usually to sri-nic
# BOOTP/DHCP server
# BOOTP/DHCP client
# usually to sri-nic
# ISO Mail
#
#
#
#
experimental
experimental
experimental
ECD Integrated PC board srvr
Kerberos key server
Kerberos key server
UFS-aware server
# Post Office
#
#
#
#
#
#
#
System V listener port

NFS server daemon (clts)
NFS server daemon (cots)
NFS lock daemon/manager
# CDE subprocess control

# Font server
# X Audio Server
#
#
#
#
Xaserver
# POP
# identd
nfs
nfs
auth tap
# POP
# documentum nameserver/broker
# Main docbase
1. What is a port?
2. Name some well-known ports.
Checkpoint
dmdocbroker
docubase
C1300: Application Layer

Application Layer
30/07/02 13:24

All Rights Reserved
Useful Commands
1. What command would you use to examine TCP packets on a unix system?
Checkpoint
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Packet Sniffing/Snooping
Useful Commands
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
30/07/02 13:24 2 of 2
We can see the source IP address (131.170.70.10) and port (53915), and the destination IP address
(131.170.70.156) and port(23). These, together with the packet sequence number (C6890B54,
C6890B55, and C6890B55) uniquely identify each packet.
TCP Packet ID (from_IP.port-to_IP.port): 131.170.70.10.53915-131.170.70.156.23

SEQ (hex): C6890B55
ACK (hex): BA0F52A1
FLAGS: -AP--Window: 2238

SEQ (hex): C6890B55
ACK (hex): BA0F52A1
FLAGS: -A---Window: 2238

SEQ (hex): C6890B54
FLAGS: ----S-
[root@seyedpc sniffit-0.3.7.beta]# sniffit -x -t131.170.70.156

Supported Network device found. (eth0)
Sniffit.0.3.7 Beta is up and running.... (131.170.70.156)
Lets monitor the first few packets that arrive at machine seyedpc (131.170.70.156) when
somebody tries to open a telnet session to it from machine io (131.170.70.10); notice that the
session is trying to connect to port 23 on seyedpc:
The snoop utility demonstrated in the lecture slides must be run by the system administrator (root).
You can download sniffit to use on Linux systems:
Examining TCP packets using snoop or sniffit.
Application Layer
COSC1300
C1300: Packet Sniffing/Snooping
Unix:
NT: ipconfig /all

NT: tracert
9x: winipconfig
MS Windows:
30/07/02 13:24 2 of 3
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
IP Calculator .
NetScan Tools .
Network Toolbox .
30/07/02 13:24
/etc/hosts
/etc/services
/etc/netmasks
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0 (on most Linux systems).
TCP/IP Illustrated, W. Richard Stevens, Volume 1; Addison Wesley.

TCP/IP Signature Edition, Sidnie Feit; McGraw-Hill.
Internet Core Protocols, Eric A. Hall; OReilly.
TCP/IP Network Administration, Craig Hunt, OReilly.
Microsoft attaches a GUID to all Office documents!

Connected: An Internet Encyclopedia
W. Richard Stevens Home Page
Knowledge Base Glossary
Electrodata Telecom Acronym List.
InterNIC Home Page
IANA Home Page
Brad Huggins Web Site - BradHuggins.com
HTTP, FTP, TELNET, ECHO, POP3, SMTP...
Speed of Internet Connections
ITPRC - Physical Layer
Data Communications Tutorials.
Data Comm for Business, Inc. T1
ADSL FORUM SITE MAP
ADSL Australasia Pty. Ltd.
Micronet Communications Rates
Cairns Net - Pricing
TechFest - Wide Area Networks (WAN)
ABC of Cable Modem - What is a Cable Modem?
Cable Modem Basics
Cable modems burn up the wires
Break the Bandwidth Barrier
Modem FAQ
Telsyte. G.LITE (G.992.2)
On-line material:
1.
2.
3.
4.
Printed material:
6. Useful Links.
NT: winnt\system32\drivers\etc\hosts
9x: windows\hosts
MS Windows:
Unix:
Files
You may find the following tools handy; they can be downloaded as limited-time demos:
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Useful Commands & Files
Table Of Contents
1. Introduction.
3.1. The Link layer
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
Hostname Resolution
TCP
UDP
6. Useful Links.
ifconfig
netstat -r, netstat -nr
ping
nslookup
traceroute
hostname
gated, routed: can be used to make a unix system function as a gateway or a router.
named: can be used to make a unix system function as a name server.
snoop; sniffit is available for Linux systems.
ipsc for Linux machines.
Useful Commands
Packet Sniffing/Snooping
COSC1300
C1300: Useful Commands & Files
Packet Sniffing/Snooping
30/07/02 13:24

All Rights Reserved
Saied Tahaghoghi (stahagho@cs.rmit.edu.au)
Contributors:
C1300: Useful Commands & Files

Chapter 2

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Chapter 2

Hochgeladen von

Copyright:

Verfügbare Formate

Checkpoint

Copyright 2000 RMIT Computer Science

1. What is the main benefit of a network?

Network Layer Models

https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Networking and HTTP

Network Layer Models

Homer Simpson, The Simpsons

Wow! Theyve got the Internet on computers now!

Why computers are networked.

n this chapter, we cover

C1300: Networking and HTTP

Figure 1: The OSI reference model

https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Network Layers

TCP/IP Network Model

n this section you will cover:

2. The Network Layer Models

Introduction to Networking and the Internet

C1300: Network Layers

Introduction to Networking and the Internet

At the destination host:

finds out the network address of the destination.

At the source host:

The TCP/IP protocol suite.

n this section you will cover:

3. The TCP/IP network model

Networking Layer Models

https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: TCP/IP Network Model

TCP/IP Network Model

Copyright 2000 RMIT Computer Science

Figure 2: Logical data flow between peer OSI model layers

C1300: Network Layers

Figure 4: Logical data flow between peer TCP model layers

Figure 5: Protocol Data Unit down the TCP/IP model layers

https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: TCP/IP Network Model

Figure 3: Comparison of OSI and TCP/IP models

receives the datagrams from the physical interface device.

C1300: TCP/IP Network Model

Physical media types.

n this section you will cover:

3.1. The Link layer

The TCP/IP Networking Model

https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Link Layer

Copyright 2000 RMIT Computer Science

Why do we call the TCP/IP protocols a "protocol suite"?

COSC1300 - Lecture Notes

Networking Layer Models

C1300: TCP/IP Network Model

COSC1300 - Lecture Notes

Copyright 2000 RMIT Computer Science

n this section you will cover:

3.1.1. Physical Addressing

https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Physical Addressing

Copyright 2000 RMIT Computer Science

List some physical layer media.

The TCP/IP Networking Model

Take a look at Telstra BigPond.

Note: The Windows NT equivalent of this command is tracert

yallara.cs.rmit.edu.au% /usr/local/sbin/traceroute www.bbc.co.uk

www.bbc.co.uk (bold indicates my typing):

C1300: Link Layer

n this section you will cover:

yallara.cs.rmit.edu.au% /usr/sbin/ping vaughanpc.mds.rmit.edu.au

yallara.cs.rmit.edu.au% /usr/sbin/ping mystery.ipm.ac.ir

yallara.cs.rmit.edu.au% /usr/sbin/ping rose.ipm.ac.ir