| Add comments here | |
|
|
| |
IP stands for Internet Protocol. It is the method by which data
gets transmitted over the Internet. At a hardware level, network cards are capable
of transmitting packets (also called datagrams) of data between
one another. A packet contains a small block of say, 1 kilobyte of data. (In
contrast to serial lines which transmit continuously.) All Internet communication
occurs via transmission of packets, which travel intact between machines on either
side of the world.
|
| |
Each packet contains a header preceding the data of 24 bytes or more. Hence
slightly more than the said 1 kilobyte of data would be found on the wire. When
a packet is transmitted, the header would obviously contain the destination
machine. Each machine is hence given a unique IP address -- a 32 bit
number. There are no machines on the Internet that do not have an IP address.
|
| |
The header actually looks as follows:
|
| |
| Bytes |
Description |
| 0 |
bits 0-3: Version, bits 4-7: Internet Header Length (IHL) |
| 1 |
Type of service (TOS) |
| 2-3 |
Length |
| 4-5 |
Identification |
| 6-7 |
bits 0-3: Flags, bits 4-15: Offset |
| 8 |
Time to live (TTL) |
| 9 |
Type |
| 10-11 |
Checksum |
| 12-15 |
Source IP address |
| 16-19 |
Destination IP address |
| 20-IHL*4-1 |
Options + padding to round up to four bytes |
| Data begins at IHL*4 and ends at Length-1 |
|
| |
Version will for the mean time be 4, although IP Next Generation
(version 6) is in the process of development. IHL is the length of
the header divided by 4. TOS (Type of Service) is a somewhat esoteric field for tuning
performance and will not be explained. The Length field is the length
in bytes of the entire packet inclusive of the header. The Source and
Destination are the IP addresses from and to where the packet
is coming/going.
|
| |
|
| |
The above description constitutes the view of the Internet that a machine has.
However, physically, the Internet
consists of many small high speed networks (like a company or a university)
called Local Area Networks, or LANs. These are all connected to each other
via lower speed long distance links. On a LAN, the raw medium of transmission is not a packet but
an Ethernet frame. Frames are analogous to packets (having both a header
and a data portion) but are sized to
be efficient with particular hardware. IP packets are encapsulated within frames,
where the IP packet fits within the Data part of the frame. A frame
may however be to small to hold an entire IP packet, in which case the IP packet
is split into several smaller packets. This group of smaller IP packets is then
given an identifying number and each smaller packet will then have the Identification
field set with that number and the Offset field set to indicate its
position within the actual packet. On the other side, the destination machine
will reconstruct a packet from all the smaller sub-packets that have the same
Identification field.
|
| |
The convention for writing IP address in human readable form in
dotted decimal notation like 152.2.254.81, where
each number is a byte and is hence in the range of 0 to 255.
Hence the entire address space is in the range of
0.0.0.0 to 255.255.255.255. Now to further organise
the assignment of addresses, each 32 bit address is divided into
two parts, a network and a host part of the
address.
|
| |
The network part of the address designates the LAN and the host part the particular
machine on the LAN. Now, because it was unknown at the time of specification
whether there would one day be more LANs or more machines on a LAN, three different
classes of address were created. Class A addresses begin with the first
bit of the host part set to 0 (hence a Class A address always has the first
dotted decimal number less than 128). The next 7 bits give the identity of the
LAN and the remaining 24 bits give the identity of an actual machine on that
LAN. A Class B address begins with a 1 then a 0 (first decimal number is 128
through 192). The next 14 bits give the LAN and the remaining 16 bits give the
machine -- most universities, like the address above, are Class B addresses.
Finally, Class C addresses start with a 1 1 0 (first decimal number is 192 through
223), and the next 21 bits and then the next 8 bits are the LAN and machine
respectively. Small companies tend use Class C addresses.
|
| |
In practice, there are few organisations that require Class A addresses. A university
or large company might use a Class B address, but then it would have its own
further subdivisions, like using the third dotted decimal as a department (bits
16 through 23) and the last dotted decimal (bits 24 through 31) as the machine
within that department. In this way the LAN becomes a micro Internet in itself. Here
the LAN is called a network and the various departments are each called
a subnet.
|
| |
|
| |
There are also some IP addresses that have special purposes that are never used
on the open Internet. 192.168.0.0-192.168.255.255 are private
addresses perhaps used inside a local LAN that does not communicate directly with
the Internet. 127.0.0.0-127.255.255.255 are used for communication
with the localhost -- i.e. the machine itself. Usually 127.0.0.1
is an IP address pointing to the machine itself.
10.0.0.0-10.255.255.255 are additional private address.
|
| |
|
| |
Consider again the example of a University with a Class B
address. It might have an IP address range of the
137.158.0.0-137.158.255.255. It has decided that
the astronomy department should get 512 of its own IP
addresses 137.158.26.0-137.158.27.255. We say
that astronomy has a network address of 137.158.26.0.
The machines there all have a network mask of
255.255.254.0. A particular machine in astronomy may
have an IP address of 137.158.27.158. This
terminology will be used later.
|
| |
|
| |
|
| |
Here we will define the term LAN as a network of computers that are all more-or-less
connected directly together by Ethernet cables (this is common for the small business with up to
about 50 machines). Each machine has an Ethernet card which is refered to as
eth0 when configuring the network from the commandline. If there is more than
one card on a single machine, then these are named eth0, eth1, eth2 etc. and
are each called a network interface
(or just interface) of the machine. LANs work as follows:
network cards transmit a frame to the LAN and other network cards read that
frame from the LAN. If any one network card transmits a frame then all
other network cards can see that frame. If a card starts to transmit a frame
while another card is in the process of transmitting a frame, then a clash
is said to have occurred and the card waits a random amount of time and then
tries again. Each network card has a physical address (that is inserted at the
time of its manufacture, and has nothing to do with IP addresses) of 48 bits
called the hardware address. Each frame has a destination address in
its header that tells what network card it is destined for, so that network
cards ignore frames that are not addressed to them.
|
| |
Now since frame transmission is governed by the network cards, the destination
hardware address must be determined from the destination IP address before sending
a packet to a particular machine. The way this is done is through a protocol
called the Address Resolution Protocol (ARP). A machine will transmit
a special packet that asks `What hardware address is this IP address?'. The
guilty machine then responds and the transmitting machine stores the result
for future reference. Of course if you suddenly switch network cards, then other
machines on the LAN will have the wrong information, so ARP has timeouts and
re-requests built into the protocol.
|
| |
|
| |
Most distributions have a generic way to configure your interfaces.
Here we will show the raw method.
|
| |
We first have to create a lo interface. This is called
the loopback device (and has nothing to do with loopback block devices:
/dev/loop? files). This is an imaginary device that is
used to communicate with the machine itself, if for instance you are
telneting to the local machine, you are actually connecting
via the loopback device. The ifconfig (interfaceconfigure)
command is used to do anything with interfaces. First run,
|
/sbin/ifconfig lo down
/sbin/ifconfig eth0 down
|
to delete any existing interfaces, then
|
/sbin/ifconfig lo 127.0.0.1
|
which creates the loopback interface.
|
| |
The Ethernet interface can be
created with:
|
/sbin/ifconfig eth0 192.168.3.9 broadcast 192.168.3.255 netmask 255.255.255.0
|
|
| |
Now do
to view the interfaces. The output will be,
5
10
|
eth0 Link encap:Ethernet HWaddr 00:00:E8:3B:2D:A2
inet addr:192.168.3.9 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1359 errors:0 dropped:0 overruns:0 frame:0
TX packets:1356 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xe400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:53175 errors:0 dropped:0 overruns:0 frame:0
TX packets:53175 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
|
which shows various interesting bits, like the 48 bit
hardware address of the network card (00:00:E8:3B:2D:A2).
|
| |
|
| |
The interfaces are now active, however there is nothing telling
the kernel what packets should go to what interface, even
though we might expect such behaviour to happen on its own.
With UNIX, you must explicitly tell the kernel to send particular
packets to particular interfaces.
|
| |
Any packet arriving through any interface is pooled by the
kernel. The kernel then looks at each packet's destination
address and decides based on the destination where it should
be sent. It doesn't matter where the packet came from, once the
kernel has it, its what its destination address says that
matters. Its up to the rest of the network to ensure that packets
do not arrive at the wrong interfaces in the first place.
|
| |
We know that any packet having the network address
127.???.???.??? must go
to the loopback device (this is more or less a convention.
The command,
|
/sbin/route add -net 127.0.0.0 netmask 255.0.0.0 lo
|
adds a route to the network 127.0.0.0 albeit
an imaginary one.
|
| |
The eth0 device can be routed as follows:
|
/sbin/route add -net 192.168.3.0 netmask 255.255.255.0 eth0
|
The command to display the current routes is:
(-n causes route to not print IP
addresses as hostnames) gives the output
|
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
|
This has the meaning: ``packets with destination address 127.0.0.0/255.0.0.028.1 must be sent to the loopback device'', and ``packets with destination address
192.168.3.0/255.255.255.0 must be sent to the eth0'' Gateway
is zero, hence is not set (see later).
|
| |
The routing table now routes 127. and
192.168.3. packets. Now we need a route
for the remaining possible IP addresses. UNIXcan have a route
that says to send packets with particular destination IP
addresses to another machine on the LAN, from where they
might be forwarded elsewhere. This is sometimes called the
gateway machine. The command is:
|
/sbin/route add -net <network-address> netmask <netmask> gw <gateway-ip-address> <interface>
|
This is the most general form of the command, but its often
easier to just type:
|
/sbin/route add default gw <gateway-ip-address> <interface>
|
when we want to add a route that applies to all packets.
The default signifies all packets; it is the same as
|
/sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw <gateway-ip-address> <interface>
|
but since routes are ordered according to netmask,
more specific routes are used in preference to less specific
ones.
|
| |
Finally, you can set your hostname with:
|
hostname cericon.obsidian.co.za
|
|
| |
A summary of the example commands so far:
5
|
/sbin/ifconfig lo down
/sbin/ifconfig eth0 down
/sbin/ifconfig lo 127.0.0.1
/sbin/ifconfig eth0 192.168.3.9 broadcast 192.168.3.255 netmask 255.255.255.0
/sbin/route add -net 127.0.0.0 netmask 255.0.0.0 lo
/sbin/route add -net 192.168.3.0 netmask 255.255.255.0 eth0
/sbin/route add default gw 192.168.3.254 eth0
hostname cericon.obsidian.co.za
|
|
| |
Although these 7 commands will get your network working,
you should not do such a manual configuration. The next section
explains how to configure your startup scripts.
|
| |
|
| |
Most distributions will have an modular and extensible system of
startup scripts which initiate networking. RedHat systems
contain the directory /etc/sysconfig/, which contains
configuration files to bring up networking automatically.
|
| |
The file /etc/sysconfig/network-scripts/ contains:
5
|
DEVICE=eth0
IPADDR=192.168.3.9
NETMASK=255.255.255.0
NETWORK=192.168.3.0
BROADCAST=192.168.3.255
ONBOOT=yes
|
|
| |
The file /etc/sysconfig/network contains:
5
|
NETWORKING=yes
FORWARD_IPV4=false
HOSTNAME=cericon.obsidian.co.za
DOMAINNAME=obsidian.co.za
GATEWAY=192.168.3.254
|
|
| |
You can see that these two files are equivalent to the example
configuration done above. There are an enormous amount of
options that these two files can take for the various protocols
besides TCP/IP, but this is the most common configuration.
|
| |
The file /etc/sysconfig/network-scripts/ifcfg-lo for the
loopback device will be configured automatically at installation,
you should never need to edit it.
|
| |
To stop and and start networking (i.e. bring up and down the
interfaces and routing), type
|
/etc/rc.d/init.d/network stop
/etc/rc.d/init.d/network start
|
which indirectly will read your /etc/sysconfig/
files.
|
| |
|
| |
|
| |
|
| |
The ping command is the most common network utility.
IP packets come in three types on the Internet, represented
in the Type field of the IP header: UDP,
TCP and ICMP. (The former two will be discussed
later, and represent the two basic methods of communication
between to programs running on different machines.) ICMP
however, stands for Internet Control Message Protocol,
and are diagnostic packets that are responded to in a special way.
Try:
or some other well known host. You will get output
like:
5
|
PING metalab.unc.edu (152.19.254.81) from 192.168.3.9 : 56(84) bytes of data.
64 bytes from 152.19.254.81: icmp_seq=0 ttl=238 time=1059.1 ms
64 bytes from 152.19.254.81: icmp_seq=1 ttl=238 time=764.9 ms
64 bytes from 152.19.254.81: icmp_seq=2 ttl=238 time=858.8 ms
64 bytes from 152.19.254.81: icmp_seq=3 ttl=238 time=1179.9 ms
64 bytes from 152.19.254.81: icmp_seq=4 ttl=238 time=986.6 ms
64 bytes from 152.19.254.81: icmp_seq=5 ttl=238 time=1274.3 ms
64 bytes from 152.19.254.81: icmp_seq=6 ttl=238 time=930.7 ms
|
What is happening is that ping is sending ICMP packets
to metalab.unc.edu which is automatically responding
with a return ICMP packet. Being able to ping a machine
is often the acid test of whether you have communications with
it. Note that some site specifically filter ICMP packets, hence
ping cnn.com doesn't work.
|
| |
ping sends a packet every second and measures
the time it takes to receive the return packet -- like a
submarine sonar ``ping''. Over the Internet, you can get times
in excess of 2 seconds if the place is remote enough. On a local
LAN this will drop to under a millisecond.
|
| |
If ping does not even get to the line PING metalab.unc.edu...,
it means that it cannot resolve the hostname. You should then check that
your DNS is set up correctly -- see Chapter 31. If it
gets to that line, but no further, it means that the packets are not
getting there, or are not getting back. In all other cases,
ping gives an error message indicating either the absence
of routes or interfaces.
|
| |
|
| |
traceroute is a rather fascinating utility to identify
where a packet has been. It makes use of facilities built
into the the ICMP protocol. On my machine,
|
traceroute metalab.unc.edu
|
gives,
5
10
15
20
|
traceroute to metalab.unc.edu (152.19.254.81), 30 hops max, 38 byte packets
1 192.168.3.254 (192.168.3.254) 1.197 ms 1.085 ms 1.050 ms
2 192.168.254.5 (192.168.254.5) 45.165 ms 45.314 ms 45.164 ms
3 obsgate (192.168.2.254) 48.205 ms 48.170 ms 48.074 ms
4 obsposix (160.124.182.254) 46.117 ms 46.064 ms 45.999 ms
5 cismpjhb.posix.co.za (160.124.255.193) 451.886 ms 71.549 ms 173.321 ms
6 cisap1.posix.co.za (160.124.112.1) 274.834 ms 147.251 ms 400.654 ms
7 saix.posix.co.za (160.124.255.6) 187.402 ms 325.030 ms 628.576 ms
8 ndf-core1.gt.saix.net (196.25.253.1) 252.558 ms 186.256 ms 255.805 ms
9 ny-core.saix.net (196.25.0.238) 497.273 ms 454.531 ms 639.795 ms
10 bordercore6-serial5-0-0-26.WestOrange.cw.net (166.48.144.105) 595.755 ms 595.174 ms *
11 corerouter1.WestOrange.cw.net (204.70.9.138) 490.845 ms 698.483 ms 1029.369 ms
12 core6.Washington.cw.net (204.70.4.113) 580.971 ms 893.481 ms 730.608 ms
13 204.70.10.182 (204.70.10.182) 644.070 ms 726.363 ms 639.942 ms
14 mae-brdr-01.inet.qwest.net (205.171.4.201) 767.783 ms * *
15 * * *
16 * wdc-core-03.inet.qwest.net (205.171.24.69) 779.546 ms 898.371 ms
17 atl-core-02.inet.qwest.net (205.171.5.243) 894.553 ms 689.472 ms *
18 atl-edge-05.inet.qwest.net (205.171.21.54) 735.810 ms 784.461 ms 789.592 ms
19 * * *
20 * * unc-gw.ncren.net (128.109.190.2) 889.257 ms
21 unc-gw.ncren.net (128.109.190.2) 646.569 ms 780.000 ms *
22 * helios.oit.unc.edu (152.2.22.3) 600.558 ms 839.135 ms
|
So you can see that there were twenty machines (or hops) between
mine and metalab.unc.edu.
|
| |
|
| |
|
| |
tcpdump watches a particular interface for all
the traffic that passes it -- i.e. all the traffic of all the
machines connected to the same hub. A network card usually
grabs only the frames destined for it, but tcpdump
puts the card into promiscuous mode, meaning for it
to retrieve all frames regardless of their destination
hardware address. Try
tcpdump is also discussed in
Section 43.4. Deciphering the output of
tcpdump is left for now as an exercise for the reader. More
on the tcp part of tcpdump in Chapter ![[*]](crossref.png) .
|
| |
|
