Amiga ISO Collection

home *** CD-ROM | disk | FTP | other *** search

/ Amiga ISO Collection / AmigaDemoCD2.iso / ASCII / TEXTE / TheInternet / HAKINNET.TXT < prev next >

Wrap

Text File | 1994-03-26 | 93.8 KB | 2,177 lines

@BEGIN_FILE_ID.DIZHacking the internet @END_FILE_ID.DIZ A Hacker's Guide to the Internet By The Gatsby Version 2.00 / AXiS / July 7, 1991 ______________________________________________________________________________ 1 Index ~~~~~~~~~ Part: Title: ~~~~ ~~~~~ 1 Index 2 Introduction 3 Glossary, Acronyms, and Abbreviations 4 What is the Internet? 5 Where You Can Access The Internet 6 TAC 7 Basic Commands a TELNET command b ftp ANONYMOUS to a Remote Site c Basic How to tftp the Files d Basic Fingering 8 Networks 9 Internet Protocols 10 Host Names and Addresses 2 Introduction ~~~~~~~~~~~~~~~~ The original release of this informative file was in an IRG newsletter, but it had some errors that I wanted to correct. I have also added more technical information. This file is intended for the newcomer to Internet and people (like me) who are not enrolled at a university with Internet access. It covers the basic commands, the use of Internet, and some tips for hacking through Internet. There is no MAGICAL way to hacking a UNIX system. If you have any questions, I can be reached on a number of boards. - The Crypt - - 619/457+1836 - - Call today - - Land of Karrus - - 215/948+2132 - - Insanity Lane - - 619/591+4974 - - Apocalypse NOW - - 2o6/838+6435 - <*> AXiS World HQ <*> Mail me on the Internet: gats@ryptyde.cts.com bbs.gatsby@spies.com The Gatsby *** Special Thanks go to Haywire (a/k/a Insanity: SysOp of Insanity Lane), Doctor Dissector, and all the members of AXiS. 3 Glossary, Acronyms, and Abbreviations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ACSE - Association Control Service Element, this is used with ISO to help manage associations. ARP - Address Resolution Protocol, this is used to translate IP protocol to Ethernet Address. ARPA - Defense Advanced Research Project Agency ARPANET - Defense Advanced Research Project Agency or ARPA. This is an experimental PSN which is still a sub network in the Internet. CCITT - International Telegraph and Telephone Consultative Committee is a international committee that sets standard. I wish they would set a standard for the way they present their name! CERT - Computer Emergency Response Team, they are responsible for coordinating many security incident response efforts. They have real nice reports on "holes" in various UNIX strands, which you should get because they are very informative. CMIP - Common Management Information Protocol, this is a new HIGH level protocol. CLNP - Connection Less Network Protocol is OSI equivalent to Internet IP DARPA - Defence Advanced Research Project Agency. See ARPANET DDN - Defence Data Network driver - a program (or software) that communicates with the network itself, examples are TELNET, FTP, RLOGON, etc. ftp - File Transfer Protocol, this is used to copy files from one host to another. FQDN - Fully Qualified Domain Name, the complete hostname that reflects the domains of which the host is a part. Gateway - Computer that interconnects networks. Host - Computer that is connected to a PSN. Hostname - Name that officially identifies each computer attached internetwork. Internet - The specific IP-base internetwork. IP - Internet Protocol which is the standard that allows dissimilar host to connect. ICMP - Internet Control Message Protocol is used for error messages for the TCP/IP. LAN - Local Area Network MAN - Metropolitan Area Network MILNET - DDN unclassified operational military network. NCP - Network Control Protocol, the official network protocol from 1970 until 1982. NIC - DDN Network Information Center NUA - Network User Address OSI - Open System Interconnection. An international standardization program facilitate to communications among computers of different makes and models. Protocol - The rules for communication between hosts, controlling the information by making it orderly. PSN - Packet Switched Network RFC - Request For Comments, is technical files about Internet protocols one can access these from anonymous ftp at NIC.DDN.MIL. ROSE - Remote Operations Service Element, this is a protocol that is used along with OSI applications. TAC - Terminal Access Controller; a computer that allow direct access to Internet. TCP - Transmission Control Protocol TELNET - Protocol for opening a transparent connection to a distant host. tftp - Trivial File Transfer Protocol, one way to transfer data from one host to another. UDP - User Datagram _Protocol Unix - This is copyrighted by AT&T, but I use it to cover all the look-alike Unix systems, which you will run into more often. UUCP - Unix-to-Unix Copy Program, this protocol allows UNIX file transfers. This uses phone lines using its own protocol, X.25 and TCP/IP. This protocol also exist for VMS and MS-DOS. uucp - uucp when in lower case refers to the UNIX command uucp. For more information on uucp read files by The Mentor in the Legion of Doom Technical Journals. WAN - Wide Area Network X.25 - CCITTs standard protocol that rules the interconnection of two hosts. In this file I have used several special charters to signify certain things. Here is the key; * - Buffed from UNIX itself. You will find this on the left side of the margin. This is normally "how to do" or just "examples" of what to do when using Internet. # - This means these are commands, or something that must be typed in. 4 What is the Internet? ~~~~~~~~~~~~~~~~~~~~~~~~~ To understand the Internet you must first know what it is. The Internet is a group of various networks, ARPANET (an experimental WAN) was the first. ARPANET started in 1969, this experimental PSN used Network Control Protocol (NCP). NCP was the official protocol from 1970 until 1982 of the Internet (at this time also known as DARPA Internet or ARPA Internet). In the early 80's DARPA developed the Transmission Control Protocol/Internet Protocol which is the official protocol today, but much more on this later. Due to this fact, in 1983 ARPANet split into two networks, MILNET and ARPANET (both are still part of the DDN). The expansion of Local Area Networks (LAN) and Wide Area Networks (WAN) helped make the Internet connecting 2,000+ networks strong. The networks include NSFNET, MILNET, NSN, ESnet and CSNET. Though the largest part of the Internet is in the United States, the Internet still connects the TCP/IP networks in Europe, Japan, Australia, Canada, and Mexico. 5 Where You Can Access Internet ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Internet is most likely to be found on Local Area Networks or LANs and Wide Area networks or WANs. LANs are defined as networks permitting the interconnection and intercommunication of a group of computers, primarily for the sharing of resources such as data storage device and printers. LANs cover a short distance (less than a mile) and are almost always within a single building complex. WANs are networks which have been designed to carry data calls over long distances (many hundreds of miles). You can also access Internet through TymNet or Telenet via gateway. You'll have to find your own NUAs though. 6 TAC ~~~~~~~ TAC (terminal access controller) is another way to access Internet. This is just dial-up terminal to a terminal access controller. You will need to get a password and an account. TAC has direct access to MILNET. One example of a TAC dialup is (800)368-2217, but there are several out there to be found. In fact, CERT has a report circulating about people attempting to find these dialups through social engineering. If you want the TAC manual you can write a letter to: Defense Communications Agency Attn: Code BIAR Washington, DC 2o3o5-2ooo Be sure to write that you want the TAC User Guide, 310-p70-74. In order to logon, you will need a TAC Access Card. You would probably get it from the DDN NIC. Here is a sample logon: Use Control-Q for help... * * PVC-TAC 111: 01 \ TAC uses to this to identify itself * @ #o 124.32.5.82 \ Use ``O'' for open and the internet * / address which yea want to call. * * TAC Userid: #THE.GATSBY * Access Code: #10kgb0124 * Login OK * TCP trying...Open * * 7 Basic Commands ~~~~~~~~~~~~~~~~~~ a: Basic TELNET Commands Situation: You have an account on a UNIX system that is a host on Internet. Now you can access the entire world! Once the UNIX system you should see a prompt, which can look like a '$' or '%' (it also depends on what shell you are in and the type of Unix system). At the prompt you can do all the normal UNIX commands, but when on a Internet host you can type 'telnet' which will bring you to the 'telnet' prompt. * * $ #telnet * ^ ^ | | | the command that will bring you to the telnet prompt | a normal UNIX prompt You should get this: * * telnet> * At this prompt you will have a whole different set of commands which are as follows (This comes from UCSD, so it may vary from place to place). * * telnet> #help * * close close current connection * display display operating parameters * open connect to a site * quit exit telnet * send transmit special character * set set operating parameters * status print status information * toggle toggle operating parameters * ? to see what you are looking at now * close - this command is used to 'close' a connection, when multitasking or jumping between systems. display - this set the display setting, commands for this are as follow. ^E echo. ^] escape. ^H erase. ^O flushoutput. ^C interrupt. ^U kill. ^\ quit. ^D eof. open - type 'open [host]' to connect to a system * * $ #telnet ucsd.edu * or * * telnet> #open 125.24.64.32.1 * quit - to get out of telnet and back to UNIX send - send files set - set echo - character to toggle local echoing on/off escape - character to escape back to telnet command mode The following need 'localchars' to be toggled: erase - character to cause an Erase Character flushoutput - character to cause an Abort Output interrupt - character to cause an Interrupt Process kill - character to cause an Erase Line quit - character to cause a Break eof - character to cause an EOF ? - display help information b: ftp ANONYMOUS to a remote site ftp or file transfer protocol is used to copy files from a remote host to the one that you are on. You can copy anything. Security has really clamped down on the passwd file, but it will still work here and there (always worth a shot). This could be useful when you see a Internet CuD (Computer Underground Digest) site that accepts a anonymous ftps, and you want to read the CuDs, but do not feel like wasting your time on boards downloading them. The best way to start out is to ftp a directory to see what you are getting. Example: The CuD archive site has an Internet address of 192.55.239.132 and my account name is "gats". * * $ #ftp * ^ ^ | | | ftp command | UNIX prompt * * ftp> #open 192.55.239.132 * Connected to 192.55.239.132 * 220 192.55.239.132 FTP Server (sometimes the date, etc) * Name (192.55.239.132:gats): #anonymous * ^ ^ ^ | | | | | This is where you type 'anonymous' unless | | you have a account on 192.55.239.132. | | | This is the name of my account or [from] | This is the Internet address or [to] * * Password: #gats * ^ | For this just type your username or anything you feel like typing in at that time. It doesn't matter. * * % ftp 192.55.239.132 * Connected to 192.55.239.132 * ftp> #ls * ^ | You are connected now, thus you can ls it. Just move around like you would in a normal unix system. Most of the commands still apply on this connection. Here is a example of me getting a copy of the Electronic Frontier Foundation's Effector (issue 1.04) from Internet address 192.55.239.132. * * % #ftp * ftp> #open 128.135.12.60 * Trying 128.135.12.60... * 220 chsun1 FTP server (SunOS 4.1) ready. * Name (128.135.12.60:gatsby): anonymous * 331 Guest login ok, send ident as password. * Password: #gatsby * 230 Guest login ok, access restrictions apply. * ftp> #ls * 200 PORT command successful. * 150 ASCII data connection for /bin/ls (132.239.13.10,4781) * (0 bytes). * .hushlogin * bin * dev * etc * pub * usr * README * 226 ASCII Transfer complete. * 37 bytes received in 0.038 seconds (0.96 Kbytes/s) * ftp> _________________________________________________________________________ | | This is where you can try to 'cd' the "etc" dir or just 'get' | /etc/passwd, but grabbing the passwd file this way is a dieing art. |_________________________________________________________________________ * ftp> #cd pub * 200 PORT command successful. * ftp> #ls * ceremony * cud * dos * eff * incoming * united * unix * vax * 226 ASCII Transfer cmplete. * 62 bytes received in 1.1 seconds (0.054 Kbytes/s) * ftp> #cd eff * 250 CWD command successful. * ftp> #ls * 200 PORT command successful. * 150 ASCII data connection for /bin/ls (132.239.13.10,4805) (0 bytes). * Index * eff.brief * eff.info * eff.paper * eff1.00 * eff1.01 * eff1.02 * eff1.03 * eff1.04 * eff1.05 * realtime.1 * 226 ASCII Transfer complete. * 105 bytes received in 1.8 seconds (0.057 Kbytes/s) * ftp> #get * (remote-file) #eff1.04 * (local-file) #eff1.04 * 200 PORT command successful. * 150 Opening ASCII mode data connection for eff1.04 (909 bytes). * 226 Transfer complete. * local: eff1.04 remote: eff1.04 * 931 bytes received in 2.2 seconds (0.42 Kbytes/s) * ftp> #close * Bye... * ftp> #quit * % * To read the file you can just 'get' the file and buffer it. If the files are just too long, you can 'xmodem' it off the host you are on. Just type 'xmodem' and that will make it much faster to get the files. Here is the set up (as found on ocf.berkeley.edu). If you want to: type: send a text file from an apple computer to the ME xmodem ra <filename> send a text file from a non-apple home computer xmodem rt <filename> send a non-text file from a home computer xmodem rb <filename> send a text file to an apple computer from the ME xmodem sa <filename> send a text file to a non-apple home computer xmodem st <filename> send a non-text file to a home computer xmodem sb <filename> xmodem will then display: * * XMODEM Version 3.6 -- UNIX-Microcomputer Remote File Transfer Facility * File filename Ready to (SEND/BATCH RECEIVE) in (binary/text/apple) mode * Estimated File Size (file size) * Estimated transmission time (time) * Send several Control-X characters to cancel * Hints- File transfer can be an iffy endeavor; one thing that can help is to tell the annex box not to use flow control. Before you do rlogin, type stty oflow none stty iflow none at the annex prompt. This works best coming through 2-6092. Some special commands used during ftp session are cdup (same as cd ..) and dir (gives a detailed listing of the files). c: How to tftp the Files tftp (Trivial File Transfer Protocol, the command is NOT in caps, because UNIX is case sensitive) is a command used to transfer files from host to host. This command is used sometimes like ftp, in that you can move around using UNIX commands. I will not go into this part of the command, but I will go into the basic format, and structure to get files you want. Moreover, I will be covering how to flip the /etc/passwd out of remote sites. There is a little trick that has been around a while. It helps you to "flip" the /etc/passwd file out of different sites, which gets you the passwd file without out breaking into the system. Then just run Brute Hacker (the latest version) on the thing and you save time and energy. This 'hole' (not referring to the method of obtaining Unix superuser status) may can be found on SunOS 3.X, but has been fixed in 4.0. It has sometimes appeared in System V, BSD and a few others. The only problem with this 'hole' is that the system manager will often realize what you are doing. The problem occurs when attempts to tftp the /etc/passwd is happen too many times. You may see this (or something like this) when you logon on to your account. This was buffered off of plague.berkeley.edu. I guess they knew what I was doing. * * DomainOS Release 10.3 (bsd4.3) Apollo DN3500 (host name): * This account has been deactivated due to use in system cracking * activities (specifically attempting to tftp /etc/passwd files from remote * sites) and for having been used or broken in to from <where the calls are * from>. If the legitimate owner of the account wishes it reactivated, * please mail to the staff for more information. * * - Staff * The tftp is used in this format: tftp -<command> <any name> <Internet Address> /etc/passwd <netascii> Command -g is to get the file, this will copy the file onto your 'home' directory, thus you can do anything with the file. Any Name If your going to copy it to your 'home' directory, it needs a name. Internet This is the address that you want to snag the passwd file from. Address There are hundreds of thousands of them. /ETC/PASSWD THIS IS THE FILE THAT YOU WANT. You do not want John Smith's even though it would be trivial to retreive it. netascii This how you want the file to be transferred. & Welcome to the power of UNIX, it is multitasking, this little symbol place at the end will allow you to do other things (such as grab the passwd file from the UNIX that you are on). Here is the set up: We want to get the passwd file from sunshine.ucsd.edu. The file in your 'home' directory is going to be named 'asunshine'. * * $ #tftp -g asunshine sunshine.ucsd.edu /etc/passwd & * d Basic Fingering Fingering is a real good way to get an account on remote sites. Typing 'who' or just 'finger <account name> <CR>' you can have names to "finger". This will give you all kinds information on the person's account. Here is a example of how to do it: * * % #who * joeo ttyp0 Jun 10 21:50 (bmdlib.csm.edu) * gatsby ttyp1 Jun 10 22:25 (foobar.plague.mil) * ddc crp00 Jun 10 11:57 (aogpat.cs.pitt.edu) * liliya display Jun 10 19:40 /and fingering what you see * % #finger bbc * Login name: ddc In real life: David Douglas Cornwall * Office: David C. Co * Directory: //aogpat/users_local/bdc Shell: /bin/csh * On since Jun 10 11:57:46 on crp00 from aogpat Phone 555-1212 * 52 minutes Idle Time * Plan: I like to eat apples and bananas. * % * Now you could just call (or Telnet to) 'aogpat.cs.pit.edu' and try to hack out an account. Try the last name as the password, the first name, the middle name, and try them all backwards. The chances are real good that you WILL get in because people are stupid. If there are no users online for you to type "who" you can just type "last" and all of the users who logged on will come rolling out. Now "finger" them. The only problem with using the "last" command is aborting it. You can also try telephoning individual users and tell them you are the system manager (i.e. social engineer them). However, I have not always seen phone numbers in everyone's ".plan" file (the file you see when you finger the user). 8 Other Networks ~~~~~~~~~~~~~~~~~ AARNet - Australian Academic and Research Network. This network supports research for various Australian Universities. This network supports TCP/IP, DECnet, and OSI (CLNS). ARPANET - We've already discussed this network. BITNET - Because It's Time NETwork (BITNET) is a worldwide network that connects many colleges and universities. This network uses many different protocols, but it dose use the TCP/IP. CREN CSNET - Corporation for Research and Educational Network (CREN) or Computer + Science research NETwork (CSNET). This network links scientists at sites all over the world. CSNET providing access to the Internet, CREN to BITNET. CREN is the name more often used today. CSUNET - California State University Network (CSUNET). This network connects the California State University campuses and other universities in California. This network is based on the CCITT X.25 protocol, and also uses TCP/IP, SNA/DSLC, DECnet, and others. The Cypress Net - This network started as a experimental network. The use of this network today is as a connection to the TCP/IP Internet as a cheap price. DRI - Defense Research Internet is a WAN that is used as a platform from which to work from. This network has all kind of services, such as multicast service, real-time conference and more. This network uses the TCP/IP (also see RFC 907-A for more information on this network). ESnet - This is the new network operated by the Department of Energy's Office of Energy Research (DoE OER). This net is the backbone for all DoE OER programs. This network replaced the High Energy Physics DECnet (HEPnet) and also the Magnetic Fusion Energy network (MFEnet). The protocols offered are IP/TCP and also DECnet service. JANET - JANET is a Joint Academic NETwork based in the UK, connected to the Internet. JANET is a PSN (information has pass through a PAD) using the protocol X.25 though it does support the TCP/IP. This network also connects PSS (Packet Switched Service is a PSN that is owned and operated by British telecom). JUNET - Japan's university message system using UUCP, the Internet as its backbone, and X.25 (see RFC 877). This network is also a part of USENET (this is the network news). Los Nettos - Los Nettos is a high speed MAN in the Los Angeles area. This network uses the IP/TCP. MILNET - When ARPANET split, the DDN was created and MILNET (MILitary NETwork) is also a part of the network. MILNET is unclassified, but there are three other classified networks that make up the DDN. NORDUNet - This net is the backbone to the networks in the Nordic Countries, Denmark (DENet), Finland (FUNET), Iceland (SURIS), Norway (UNINETT), and Sweden (SUNET). NORDUnet supports TCP/IP, DECNet, and X.25. NSN - NASA Science Network (NSN). This network is used by NASA to send and relay information. The protocols used are TCP/IP. NSN has a sister network called Space Physics Analysis Network (SPAN) for DECNet. ONet - Ontario Network is a TCP/IP network used for research. NSFNet - National Science Foundation Network, this network is in the IP/TCP family, but in any case it uses UDP (User Diagram Protocol) and not TCP. NSFnet is the network for the US scientific and engineering research community. Listed below are all the NSFNet Sub-networks: BARRNet - Bay Area Regional Research Network is located in the San Francisco area. This network uses TCP/IP. CERFnet - California Education and Research Federation Network is a research based network supporting Southern California Universities communication services. This network uses TCP/IP. CICNet - Committee on Institutional Cooperation. This network services the BIG 10, and University of Chicago. This network uses TCP/IP. JvNCnet - John von Neumann National Supercomputer Center. This network uses TCP/IP. Merit - Merit connects Michigan's academic and research computers. This network supports TCP/IP, X.25 and Ethernet for LANs. MIDnet - MIDnet connects 18 universities and research centers in the midwest United States. The support protocols are TELNET, FTP and SMTP. MRNet - Minnesota Regional Network, this network services Minnesota. The network protocols are TCP/IP. NEARnet - New England Academic and Research Network, connects various research/educational institutions. You can get more information about this net by mailing 'nearnet-staff@bbn.com'. NCSAnet - The National Center for Supercomputing Applications supports the whole IP family (TCP, UDP, ICMP, etc). NWNet - North West Network provides service to the Northwestern United States and Alaska. This network supports IP and DECnet. NYSERNet - New York Service Network is a autonomous nonprofit network. This network supports the TCP/IP. OARnet - Ohio Academic Resources Network gives access to the Ohio Supercomputer Center. This network supports TCP/IP. PREPnet - Pennsylvania Research and Economic Partnership is a network operated and managed by Bell of Pennsylvania. It supports TCP/IP. PSCNET - Pittsburgh Supercomputer Center serving Pennsylvania, Maryland, and Ohio. It supports TCP/IP, and DECnet. SDSCnet - San Diego Super Computer Center is a network whose goal is to support research in the field of science. The Internet address is 'y1.ucsc.edu' or call Bob at (619)534-5060 and ask for a account on his Cray. Sesquinet - Sesquinet is a network based in Texas. It supports TCP/IP. SURAnet - Southeastern Universities Research Association Network is a network that connects institutions in the Southeast United States. THEnet - Texas Higher Education Network is a network that is run by Texas A&M University. This network connects to hosts in Mexico. USAN/NCAR - University SAtellite Network (USAN)/National Center for Atmospheric Research is a network for information exchange. Westnet - Westnet connects the western part of the United States, but not including California. The network is supported by Colorado State University. USENET - USENET is the network news (the message base for the Internet). This message base is quite large with over 400 different topics and connecting to 17 different countries. 9 Internet Protocols ~~~~~~~~~~~~~~~~~~~~~ TCP/IP is a general term relating to the whole family of Internet protocols. The protocols in this family are IP, TCP, UDP, ICMP, ROSE, ACSE, CMIP, ISO, ARP and Ethernet for LANs. If if you want more information, get the RFCs. TCP/IP protocol is a "layered" set of protocols. In this diagram taken from RFC 1180 you will see how the protocol is layered when connection is made. Figure is of a Basic TCP/IP Network Node: ----------------------------------- | Network Application | | | | ... \ | / .. \ | / ... | | ------- ------- | | | TCP | | UDP | | | ------- ------- | | \ / | % Key % | ------- --------- | ~~~~~~~ | | ARP | | IP | | UDP User Diagram Protocol | ------- ------*-- | TCP Transfer Control Protocol | \ | | IP Internet Protocol | \ | | ENET Ethernet | ------------- | ARP Address Resolution | | ENET | | Protocol | -------@----- | O Transceiver | | | @ Ethernet Address -------------- | ------------------ * IP address | ========================O================================================= ^ | Ethernet Cable TCP/IP: If connection is made is between the IP module and the TCP module the packets are called a TCP datagram. TCP is responsible for making sure that the commands get through the other end. It keeps track of what is sent, and retransmits anything that does not go through. The IP provides the basic service of getting TCP datagram from place to place. It may seem like the TCP is doing all the work, this is true in small networks, but when connection is made to a remote host on the Internet (passing through several networks) this is a complex job. Say I am connected from a server at UCSD to LSU (SURAnet) the data grams have to pass through a NSFnet backbone. The IP has to keep track of all the data when the switch is made at the NSFnet backbone from the TCP to the UDP. The only NSFnet backbone that connects LSU is the University of Maryland, which has different circuit sets. The cable (trunk)/circuit types are the T1 (a basic 24-channel 1.544 Md/s pulse code modulation used in the US) to a 56 Kbps. Keeping track of all the data from the switch from T1 to 56Kbs and TCP to UDP is not all it has to deal with. Datagrams on their way to the NSFnet backbone (at the University of Maryland) may take many different paths from the UCSD server. All the TCP does is break up the data into datagrams (manageable chunks), and keeps track of the datagrams. The TCP keeps track of the datagrams by placing a header at the front of each datagram. The header contains 160 (20 octets) pieces of information about the datagram. Some of this information is the FQDN (Fully Qualified Domain Name). The datagrams are numbers in octets (a group of eight binary digits, say there are 500 octets of data, the numbering of the datagrams would be 0, next datagram 500, next datagram 1000, 1500 etc. UDP/IP: UDP is one of the two main protocols of the IP. In other words the UDP works the same as TCP, it places a header on the data you send, and passes it over to the IP for transportation throughout the Internet. The difference is that it offers service to the user's network application. It does not maintain an end-to-end connection, it just pushes the datagrams out. ICMP: ICMP is used for relaying error messages. For example you might try to connect to a system and get a message back saying "Host unreachable", this is ICMP in action. This protocol is universal within the Internet, because of its nature. This protocol does not use port numbers in it's headers, since it talks to the network software itself. Ethernet: Most of the networks use Ethernet. Ethernet is just a party line. When packets are sent out on the Ethernet, every host on the Ethernet sees them. To make sure the packets get to the right place, the Ethernet designers wanted to make sure that each address is different. For this reason 48 bits are allocated for the Ethernet address, and a built in Ethernet address on the Ethernet controller. The Ethernet packets have a 14-octet header, this includes address "to" and "from." The Ethernet is not too secure, it is possible to have the packets go to two places, thus someone can see just what you are doing. You need to take note that the Ethernet is not connected to the Internet. A host on both the Ethernet and on the Internet has to have both an Ethernet connection and an Internet server. ARP: ARP translates the IP address into an Ethernet address. A conversion table is used (the table is called ARP Table) to convert the addresses. Therefore, you would never even know if you were connected to the Ethernet because you would be connecting to the IP address. The following is a real sketchy description of a few Internet protocols, but if you would like to get more information you can access it via anonymous ftp from several hosts. Here is a list of RFCs that deal with the topic of protocols. |~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | RFC: | Description: | | | | |~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | rfc1011 | Official Protocols of the Internet | | rfc1009 | NSFnet gateway specifications | | rfc1001/2 | netBIOS: networking for PC's | | rfc894 | IP on Ethernet | | rfc854/5 | telnet - protocols for remote logins | | rfc793 | TCP | | rfc792 | ICMP | | rfc791 | IP | | rfc768 | UDP | | | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 10 Host Name and Address ~~~~~~~~~~~~~~~~~~~~~~~~~ Internet addresses are long and difficult hard to remember (i.e., 128.128.57.83) so we use host names. All hosts registered on the Internet must have names that reflect them domains under which they are registered. Such names are called Fully Qualified Domain Names (FQDNs). Lets dissect a name and see the domains: lilac.berkeley.edu ^ ^ ^ | | | | | |____ "edu" shows that this host is sponsored by an | | education related organization. This is a top-level | | domain. | | | |___________ "berkeley" is the second-level domain. This shows | that it is an organization within University of | Calironia at Berkeley. | |__________________ "lilac" is the third-level domain. This indicates the local host name is 'lilac'. Common Top-Level Domains COM - commercial enterprise EDU - educational institutions GOV - nonmilitary government agencies MIL - military (non-classified) NET - networking entities ORG - nonprofit intuitions A network address is the numerical address of a host, gateway, or TAC. The addresses are made up of four decimal numbered slots, which are separated by a period. There are three classes that are used most, these are Class A, Class B, and Class C. Class A - from '0' to '127' Class B - from '128' to '191' Class C - from '192' to '223' Class A - Is for MILNET net hosts. The first part of the address has the network number. The second is for the physical PSN port number. The third is for the logical port number, since it is on MILNET, it is a MILNET host. The fourth part is for which PSN it is on. On 29.34.0.9. '29' is the network it is on. '34' means it is on port '34'. '9' is the PSN number. Class B - This is for the Internet hosts, the first two "clumps" are for the network portion. The second two are for the local port. 128.28.82.1 \_/ \_/ | |_____ Local portion of the address | |___________ Potation address. Class C - The first three "clumps" are the network portion and the last one is the local port. 193.43.91.1 \_|_/ |_____ Local Portation Address | |__________ Network Portation Address _______________________________________________________________________________ A TCP/IP Tutorial : Behind The Internet Part One of Two September 12, 1991 by The Not Table of Contents 1. Introduction 2. TCP/IP Overview 3. Ethernet 4. ARP 1. Introduction This tutorial contains only one view of the salient points of TCP/IP, and therefore it is the "bare bones" of TCP/IP technology. It omits the history of development and funding, the business case for its use, and its future as compared to ISO OSI. Indeed, a great deal of technical information is also omitted. What remains is a minimum of information that must be understood by the professional working in a TCP/IP environment. These professionals include the systems administrator, the systems programmer, and the network manager. This tutorial uses examples from the UNIX TCP/IP environment, however the main points apply across all implementations of TCP/IP. Note that the purpose of this memo is explanation, not definition. If any question arises about the correct specification of a protocol, please refer to the actual standards defining RFC. The next section is an overview of TCP/IP, followed by detailed descriptions of individual components. 2. TCP/IP Overview The generic term "TCP/IP" usually means anything and everything related to the specific protocols of TCP and IP. It can include other protocols, applications, and even the network medium. A sample of these protocols are: UDP, ARP, and ICMP. A sample of these applications are: TELNET, FTP, and rcp. A more accurate term is "internet technology". A network that uses internet technology is called an "internet". 2.1 Basic Structure To understand this technology you must first understand the following logical structure: ---------------------------- | network applications | | | |... \ | / .. \ | / ...| | ----- ----- | | |TCP| |UDP| | | ----- ----- | | \ / | | -------- | | | IP | | | ----- -*------ | | |ARP| | | | ----- | | | \ | | | ------ | | |ENET| | | ---@-- | ----------|----------------- | ----------------------o--------- Ethernet Cable Figure 1. Basic TCP/IP Network Node This is the logical structure of the layered protocols inside a computer on an internet. Each computer that can communicate using internet technology has such a logical structure. It is this logical structure that determines the behavior of the computer on the internet. The boxes represent processing of the data as it passes through the computer, and the lines connecting boxes show the path of data. The horizontal line at the bottom represents the Ethernet cable; the "o" is the transceiver. The "*" is the IP address and the "@" is the Ethernet address. Understanding this logical structure is essential to understanding internet technology; it is referred to throughout this tutorial. 2.2 Terminology The name of a unit of data that flows through an internet is dependent upon where it exists in the protocol stack. In summary: if it is on an Ethernet it is called an Ethernet frame; if it is between the Ethernet driver and the IP module it is called a IP packet; if it is between the IP module and the UDP module it is called a UDP datagram; if it is between the IP module and the TCP module it is called a TCP segment (more generally, a transport message); and if it is in a network application it is called a application message. These definitions are imperfect. Actual definitions vary from one publication to the next. More specific definitions can be found in RFC 1122, section 1.3.3. A driver is software that communicates directly with the network interface hardware. A module is software that communicates with a driver, with network applications, or with another module. The terms driver, module, Ethernet frame, IP packet, UDP datagram, TCP message, and application message are used where appropriate throughout this tutorial. 2.3 Flow of Data Let's follow the data as it flows down through the protocol stack shown in Figure 1. For an application that uses TCP (Transmission Control Protocol), data passes between the application and the TCP module. For applications that use UDP (User Datagram Protocol), data passes between the application and the UDP module. FTP (File Transfer Protocol) is a typical application that uses TCP. Its protocol stack in this example is FTP/TCP/IP/ENET. SNMP (Simple Network Management Protocol) is an application that uses UDP. Its protocol stack in this example is SNMP/UDP/IP/ENET. The TCP module, UDP module, and the Ethernet driver are n-to-1 multiplexers. As multiplexers they switch many inputs to one output. They are also 1-to-n de-multiplexers. As de-multiplexers they switch one input to many outputs according to the type field in the protocol header. 1 2 3 ... n 1 2 3 ... n \ | / | \ | | / ^ \ | | / | \ | | / | ------------- flow ---------------- flow |multiplexer| of |de-multiplexer| of ------------- data ---------------- data | | | | | v | | 1 1 Figure 2. n-to-1 multiplexer and 1-to-n de-multiplexer If an Ethernet frame comes up into the Ethernet driver off the network, the packet can be passed upwards to either the ARP (Address Resolution Protocol) module or to the IP (Internet Protocol) module. The value of the type field in the Ethernet frame determines whether the Ethernet frame is passed to the ARP or the IP module. If an IP packet comes up into IP, the unit of data is passed upwards to either TCP or UDP, as determined by the value of the protocol field in the IP header. If the UDP datagram comes up into UDP, the application message is passed upwards to the network application based on the value of the port field in the UDP header. If the TCP message comes up into TCP, the application message is passed upwards to the network application based on the value of the port field in the TCP header. The downwards multiplexing is simple to perform because from each starting point there is only the one downward path; each protocol module adds its header information so the packet can be de- multiplexed at the destination computer. Data passing out from the applications through either TCP or UDP converges on the IP module and is sent downwards through the lower network interface driver. Although internet technology supports many different network media, Ethernet is used for all examples in this tutorial because it is the most common physical network used under IP. The computer in Figure 1 has a single Ethernet connection. The 6-byte Ethernet address is unique for each interface on an Ethernet and is located at the lower interface of the Ethernet driver. The computer also has a 4-byte IP address. This address is located at the lower interface to the IP module. The IP address must be unique for an internet. A running computer always knows its own IP address and Ethernet address. 2.4 Two Network Interfaces If a computer is connected to 2 separate Ethernets it is as in Figure 3. ---------------------------- | network applications | | | |... \ | / .. \ | / ...| | ----- ----- | | |TCP| |UDP| | | ----- ----- | | \ / | | -------- | | | IP | | | ----- -*----*- ----- | | |ARP| | | |ARP| | | ----- | | ----- | | \ | | / | | ------ ------ | | |ENET| |ENET| | | ---@-- ---@-- | ----------|-------|--------- | | | ---o--------------------------- | Ethernet Cable 2 ---------------o---------- Ethernet Cable 1 Figure 3. TCP/IP Network Node on 2 Ethernets Please note that this computer has 2 Ethernet addresses and 2 IP addresses. It is seen from this structure that for computers with more than one physical network interface, the IP module is both a n-to-m multiplexer and an m-to-n de-multiplexer. 1 2 3 ... n 1 2 3 ... n \ | | / | \ | | / ^ \ | | / | \ | | / | ------------- flow ---------------- flow |multiplexer| of |de-multiplexer| of ------------- data ---------------- data / | | \ | / | | \ | / | | \ v / | | \ | 1 2 3 ... m 1 2 3 ... m Figure 4. n-to-m multiplexer and m-to-n de-multiplexer It performs this multiplexing in either direction to accommodate incoming and outgoing data. An IP module with more than 1 network interface is more complex than our original example in that it can forward data onto the next network. Data can arrive on any network interface and be sent out on any other. TCP UDP \ / \ / -------------- | IP | | | | --- | | / \ | | / v | -------------- / \ / \ data data comes in goes out here here Figure 5. Example of IP Forwarding a IP Packet The process of sending an IP packet out onto another network is called "forwarding" an IP packet. A computer that has been dedicated to the task of forwarding IP packets is called an "IP-router". As you can see from the figure, the forwarded IP packet never touches the TCP and UDP modules on the IP-router. Some IP-router implementations do not have a TCP or UDP module. 2.5 IP Creates a Single Logical Network The IP module is central to the success of internet technology. Each module or driver adds its header to the message as the message passes down through the protocol stack. Each module or driver strips the corresponding header from the message as the message climbs the protocol stack up towards the application. The IP header contains the IP address, which builds a single logical network from multiple physical networks. This interconnection of physical networks is the source of the name: internet. A set of interconnected physical networks that limit the range of an IP packet is called an "internet". 2.6 Physical Network Independence IP hides the underlying network hardware from the network applications. If you invent a new physical network, you can put it into service by implementing a new driver that connects to the internet underneath IP. Thus, the network applications remain intact and are not vulnerable to changes in hardware technology. 2.7 Interoperability If two computers on an internet can communicate, they are said to "interoperate"; if an implementation of internet technology is good, it is said to have "interoperability". Users of general-purpose computers benefit from the installation of an internet because of the interoperability in computers on the market. Generally, when you buy a computer, it will interoperate. If the computer does not have interoperability, and interoperability can not be added, it occupies a rare and special niche in the market. 2.8 After the Overview With the background set, we will answer the following questions: When sending out an IP packet, how is the destination Ethernet address determined? How does IP know which of multiple lower network interfaces to use when sending out an IP packet? How does a client on one computer reach the server on another? Why do both TCP and UDP exist, instead of just one or the other? What network applications are available? These will be explained, in turn, after an Ethernet refresher. 3. Ethernet This section is a short review of Ethernet technology. An Ethernet frame contains the destination address, source address, type field, and data. An Ethernet address is 6 bytes. Every device has its own Ethernet address and listens for Ethernet frames with that destination address. All devices also listen for Ethernet frames with a wild- card destination address of "FF-FF-FF-FF-FF-FF" (in hexadecimal), called a "broadcast" address. Ethernet uses CSMA/CD (Carrier Sense and Multiple Access with Collision Detection). CSMA/CD means that all devices communicate on a single medium, that only one can transmit at a time, and that they can all receive simultaneously. If 2 devices try to transmit at the same instant, the transmit collision is detected, and both devices wait a random (but short) period before trying to transmit again. 3.1 A Human Analogy A good analogy of Ethernet technology is a group of people talking in a small, completely dark room. In this analogy, the physical network medium is sound waves on air in the room instead of electrical signals on a coaxial cable. Each person can hear the words when another is talking (Carrier Sense). Everyone in the room has equal capability to talk (Multiple Access), but none of them give lengthy speeches because they are polite. If a person is impolite, he is asked to leave the room (i.e., thrown off the net). No one talks while another is speaking. But if two people start speaking at the same instant, each of them know this because each hears something they haven't said (Collision Detection). When these two people notice this condition, they wait for a moment, then one begins talking. The other hears the talking and waits for the first to finish before beginning his own speech. Each person has an unique name (unique Ethernet address) to avoid confusion. Every time one of them talks, he prefaces the message with the name of the person he is talking to and with his own name (Ethernet destination and source address, respectively), i.e., "Hello Jane, this is Jack, ..blah blah blah...". If the sender wants to talk to everyone he might say "everyone" (broadcast address), i.e., "Hello Everyone, this is Jack, ..blah blah blah...". 4. ARP When sending out an IP packet, how is the destination Ethernet address determined? ARP (Address Resolution Protocol) is used to translate IP addresses to Ethernet addresses. The translation is done only for outgoing IP packets, because this is when the IP header and the Ethernet header are created. 4.1 ARP Table for Address Translation The translation is performed with a table look-up. The table, called the ARP table, is stored in memory and contains a row for each computer. There is a column for IP address and a column for Ethernet address. When translating an IP address to an Ethernet address, the table is searched for a matching IP address. The following is a simplified ARP table: ------------------------------------ |IP address Ethernet address | ------------------------------------ |223.1.2.1 08-00-39-00-2F-C3| |223.1.2.3 08-00-5A-21-A7-22| |223.1.2.4 08-00-10-99-AC-54| ------------------------------------ TABLE 1. Example ARP Table The human convention when writing out the 4-byte IP address is each byte in decimal and separating bytes with a period. When writing out the 6-byte Ethernet address, the conventions are each byte in hexadecimal and separating bytes with either a minus sign or a colon. The ARP table is necessary because the IP address and Ethernet address are selected independently; you can not use an algorithm to translate IP address to Ethernet address. The IP address is selected by the network manager based on the location of the computer on the internet. When the computer is moved to a different part of an internet, its IP address must be changed. The Ethernet address is selected by the manufacturer based on the Ethernet address space licensed by the manufacturer. When the Ethernet hardware interface board changes, the Ethernet address changes. 4.2 Typical Translation Scenario During normal operation a network application, such as TELNET, sends an application message to TCP, then TCP sends the corresponding TCP message to the IP module. The destination IP address is known by the application, the TCP module, and the IP module. At this point the IP packet has been constructed and is ready to be given to the Ethernet driver, but first the destination Ethernet address must be determined. The ARP table is used to look-up the destination Ethernet address. 4.3 ARP Request/Response Pair But how does the ARP table get filled in the first place? The answer is that it is filled automatically by ARP on an "as-needed" basis. Two things happen when the ARP table can not be used to translate an address: 1. An ARP request packet with a broadcast Ethernet address is sent out on the network to every computer. 2. The outgoing IP packet is queued. Every computer's Ethernet interface receives the broadcast Ethernet frame. Each Ethernet driver examines the Type field in the Ethernet frame and passes the ARP packet to the ARP module. The ARP request packet says "If your IP address matches this target IP address, then please tell me your Ethernet address". An ARP request packet looks something like this: --------------------------------------- |Sender IP Address 223.1.2.1 | |Sender Enet Address 08-00-39-00-2F-C3| --------------------------------------- |Target IP Address 223.1.2.2 | |Target Enet Address <blank> | --------------------------------------- TABLE 2. Example ARP Request Each ARP module examines the IP address and if the Target IP address matches its own IP address, it sends a response directly to the source Ethernet address. The ARP response packet says "Yes, that target IP address is mine, let me give you my Ethernet address". An ARP response packet has the sender/target field contents swapped as compared to the request. It looks something like this: --------------------------------------- |Sender IP Address 223.1.2.2 | |Sender Enet Address 08-00-28-00-38-A9| --------------------------------------- |Target IP Address 223.1.2.1 | |Target Enet Address 08-00-39-00-2F-C3| --------------------------------------- TABLE 3. Example ARP Response The response is received by the original sender computer. The Ethernet driver looks at the Type field in the Ethernet frame then passes the ARP packet to the ARP module. The ARP module examines the ARP packet and adds the sender's IP and Ethernet addresses to its ARP table. The updated table now looks like this: ---------------------------------- |IP address Ethernet address | ---------------------------------- |223.1.2.1 08-00-39-00-2F-C3| |223.1.2.2 08-00-28-00-38-A9| |223.1.2.3 08-00-5A-21-A7-22| |223.1.2.4 08-00-10-99-AC-54| ---------------------------------- TA BLE 4. ARP Table after Response 4.4 Scenario Continued The new translation has now been installed automatically in the table, just milli-seconds after it was needed. As you remember from step 2 above, the outgoing IP packet was queued. Next, the IP address to Ethernet address translation is performed by look-up in the ARP table then the Ethernet frame is transmitted on the Ethernet. Therefore, with the new steps 3, 4, and 5, the scenario for the sender computer is: 1. An ARP request packet with a broadcast Ethernet address is sent out on the network to every computer. 2. The outgoing IP packet is queued. 3. The ARP response arrives with the IP-to-Ethernet address translation for the ARP table. 4. For the queued IP packet, the ARP table is used to translate the IP address to the Ethernet address. 5. The Ethernet frame is transmitted on the Ethernet. In summary, when the translation is missing from the ARP table, one IP packet is queued. The translation data is quickly filled in with ARP request/response and the queued IP packet is transmitted. Each computer has a separate ARP table for each of its Ethernet interfaces. If the target computer does not exist, there will be no ARP response and no entry in the ARP table. IP will discard outgoing IP packets sent to that address. The upper layer protocols can't tell the difference between a broken Ethernet and the absence of a computer with the target IP address. Some implementations of IP and ARP don't queue the IP packet while waiting for the ARP response. Instead the IP packet is discarded and the recovery from the IP packet loss is left to the TCP module or the UDP network application. This recovery is performed by time-out and retransmission. The retransmitted message is successfully sent out onto the network because the first copy of the message has already caused the ARP table to be filled. _______________________________________________________________________________ A TCP/IP Tutorial : Behind The Internet Part Two of Two October 4th, 1991 Presented by The Not 5. Internet Protocol The IP module is central to internet technology and the essence of IP is its route table. IP uses this in-memory table to make all decisions about routing an IP packet. The content of the route table is defined by the network administrator. Mistakes block communication. To understand how a route table is used is to understand internetworking. This understanding is necessary for the successful administration and maintenance of an IP network. The route table is best understood by first having an overview of routing, then learing about IP network addresses, and then looking at the details. 5.1 Direct Routing The figure below is of a tiny internet with 3 computers: A, B, and C. Each computer has the same TCP/IP protocol stack as in Figure 1. Each computer's Ethernet interface has its own Ethernet address. Each computer has an IP address assigned to the IP interface by the network manager, who also has assigned an IP network number to the Ethernet. A B C | | | --o------o------o-- Ethernet 1 IP network "development" Figure 6. One IP Network When A sends an IP packet to B, the IP header contains A's IP address as the source IP address, and the Ethernet header contains A's Ethernet address as the source Ethernet address. Also, the IP header contains B's IP address as the destination IP address and the Ethernet header contains B's Ethernet address as the des ---------------------------------------- |address source destination| ---------------------------------------- |IP header A B | |Ethernet header A B | ---------------------------------------- TABLE 5. Addresses in an Ethernet frame for an IP packet from A to B For this simple case, IP is overhead because the IP adds little to the service offered by Ethernet. However, IP does add cost: the extra CPU processing and network bandwidth to generate, transmit, and parse the IP header. When B's IP module receives the IP packet from A, it checks the destination IP address against its own, looking for a match, then it passes the datagram to the upper-level protocol. This communication between A and B uses direct routing. 5.2 Indirect Routing The figure below is a more realistic view of an internet. It is composed of 3 Ethernets and 3 IP networks connected by an IP-router called computer D. Each IP network has 4 computers; each computer has its own IP address and Ethernet address. A B C ----D---- E F G | | | | | | | | | --o------o------o------o- | -o------o------o------o-- Ethernet 1 | Ethernet 2 IP network "development" | IP network "accounting" | | | H I J | | | | --o-----o------o------o-- Ethernet 3 IP network "factory" Figure 7. Three IP Networks; One internet Except for computer D, each computer has a TCP/IP protocol stack like that in Figure 1. Computer D is the IP-router; it is connected to all 3 networks and therefore has 3 IP addresses and 3 Ethernet addresses. Computer D has a TCP/IP protocol stack similar to that in Figure 3, except that it has 3 ARP modules and 3 Ethernet drivers instead of 2. Please note that computer D has only one IP module. The network manager has assigned a unique number, called an IP network number, to each of the Ethernets. The IP network numbers are not shown in this diagram, just the network names. When computer A sends an IP packet to computer B, the process is identical to the single network example above. Any communication between computers located on a single IP network matches the direct routing example discussed previously. When computer D and A communicate, it is direct communication. When computer D and E communicate, it is direct communication. When computer D and H communicate, it is direct communication. This is because each of these pairs of computers is on the same IP network. However, when computer A communicates with a computer on the far side of the IP-router, communication is no longer direct. A must use D to forward the IP packet to the next IP network. This communication is called "indirect". This routing of IP packets is done by IP modules and happens transparently to TCP, UDP, and the network applications. If A sends an IP packet to E, the source IP address and the source Ethernet address are A's. The destination IP address is E's, but because A's IP module sends the IP packet to D for forwarding, the destination Ethernet address is D's. ---------------------------------------- |address source destination| ---------------------------------------- |IP header A E | |Ethernet header A D | ---------------------------------------- TABLE 6. Addresses in an Ethernet frame for an IP packet from A to E (before D) D's IP module receives the IP packet and upon examining the destination IP address, says "This is not my IP address," and sends the IP packet directly to E. ---------------------------------------- |address source destination| ---------------------------------------- |IP header A E | |Ethernet header D E | ---------------------------------------- TABLE 7. Addresses in an Ethernet frame for an IP packet from A to E (after D) In summary, for direct communication, both the source IP address and the source Ethernet address is the sender's, and the destination IP address and the destination Ethernet addrss is the recipient's. For indirect communication, the IP address and Ethernet addresses do not pair up in this way. This example internet is a very simple one. Real networks are often complicated by many factors, resulting in multiple IP-routers and several types of physical networks. This example internet might have come about because the network manager wanted to split a large Ethernet in order to localize Ethernet broadcast traffic. 5.3 IP Module Routing Rules This overview of routing has shown what happens, but not how it happens. Now let's examine the rules, or algorithm, used by the IP module. For an outgoing IP packet, entering IP from an upper layer, IP must decide whether to send the IP packet directly or indirectly, and IP must choose a lower network interface. These choices are made by consulting the route table. For an incoming IP packet, entering IP from a lower interface, IP must decide whether to forward the IP packet or pass it to an upper layer. If the IP packet is being forwarded, it is treated as an outgoing IP packet. When an incoming IP packet arrives it is never forwarded back out through the same network interface. These decisions are made before the IP packet is handed to the lower interface and before the ARP table is consulted. 5.4 IP Address The network manager assigns IP addresses to computers according to the IP network to which the computer is attached. One part of a 4- byte IP address is the IP network number, the other part is the IP computer number (or host number). For the computer in table 1, with an IP address of 223.1.2.1, the network number is 223.1.2 and the host number is number 1. The portion of the address that is used for network number and for host number is defined by the upper bits in the 4-byte address. All example IP addresses in this tutorial are of type class C, meaning that the upper 3 bits indicate that 21 bits are the network number and 8 bits are the host number. This allows 2,097,152 class C networks up to 254 hosts on each network. The IP address space is administered by the NIC (Network Information Center). All internets that are connected to the single world-wide Internet must use network numbers assigned by the NIC. If you are setting up your own internet and you are not intending to connect it to the Internet, you should still obtain your network numbers from the NIC. If you pick your own number, you run the risk of confusion and chaos in the eventuality that your internet is connected to another internet. 5.5 Names People refer to computers by names, not numbers. A computer called alpha might have the IP address of 223.1.2.1. For small networks, this name-to-address translation data is often kept on each computer in the "hosts" file. For larger networks, this translation data file is stored on a server and accessed across the network when needed. A few lines from that file might look like this: 223.1.2.1 alpha 223.1.2.2 beta 223.1.2.3 gamma 223.1.2.4 delta 223.1.3.2 epsilon 223.1.4.2 iota The IP address is the first column and the computer name is the second column. In most cases, you can install identical "hosts" files on all computers. You may notice that "delta" has only one entry in this file even though it has 3 IP addresses. Delta can be reached with any of its IP addresses; it does not matter which one is used. When delta receives an IP packet and looks at the destination address, it will recognize any of its own IP addresses. IP networks are also given names. If you have 3 IP networks, your "networks" file for documenting these names might look something like this: 223.1.2 development 223.1.3 accounting 223.1.4 factory The IP network number is in the first column and its name is in the second column. From this example you can see that alpha is computer number 1 on the development network, beta is computer number 2 on the development network and so on. You might also say that alpha is development.1, Beta is development.2, and so on. The above hosts file is adequate for the users, but the network manager will probably replace the line for delta with: 223.1.2.4 devnetrouter delta 223.1.3.1 facnetrouter 223.1.4.1 accnetrouter These three new lines for the hosts file give each of delta's IP addresses a meaningful name. In fact, the first IP address listed has 2 names; "delta" and "devnetrouter" are synonyms. In practice "delta" is the general-purpose name of the computer and the other 3 names are only used when administering the IP route table. These files are used by network administration commands and network applications to provide meaningful names. They are not required for operation of an internet, but they do make it easier for us. 5.6 IP Route Table How does IP know which lower network interface to use when sending out a IP packet? IP looks it up in the route table using a search key of the IP network number extracted from the IP destination address. The route table contains one row for each route. The primary columns in the route table are: IP network number, direct/indirect flag, router IP address, and interface number. This table is referred to by IP for each outgoing IP packet. On most computers the route table can be modified with the "route" command. The content of the route table is defined by the network manager, because the network manager assigns the IP addresses to the computers. 5.7 Direct Routing Details To explain how it is used, let us visit in detail the routing situations we have reviewed previously. --------- --------- | alpha | | beta | | 1 | | 1 | --------- --------- | | --------o---------------o- Ethernet 1 IP network "development" Figure 8. Close-up View of One IP Network The route table inside alpha looks like this: -------------------------------------------------------------- |network direct/indirect flag router interface number| -------------------------------------------------------------- |development direct <blank> 1 | -------------------------------------------------------------- TABLE 8. Example Simple Route Table This view can be seen on some UNIX systems with the "netstat -r" command. With this simple network, all computers have identical routing tables. For discussion, the table is printed again without the network number translated to its network name. -------------------------------------------------------------- |network direct/indirect flag router interface number| -------------------------------------------------------------- |223.1.2 direct <blank> 1 | -------------------------------------------------------------- TABLE 9. Example Simple Route Table with Numbers 5.8 Direct Scenario Alpha is sending an IP packet to beta. The IP packet is in alpha's IP module and the destination IP address is beta or 223.1.2.2. IP extracts the network portion of this IP address and scans the first column of the table looking for a match. With this network a match is found on the first entry. The other information in this entry indicates that computers on this network can be reached directly through interface number 1. An ARP table translation is done on beta's IP address then the Ethernet frame is sent directly to beta via interface number 1. If an application tries to send data to an IP address that is not on the development network, IP will be unable to find a match in the route table. IP then discards the IP packet. Some computers provide a "Network not reachable" error message. 5.9 Indirect Routing Details Now, let's take a closer look at the more complicated routing scenario that we examined previously. --------- --------- --------- | alpha | | delta | |epsilon| | 1 | |1 2 3| | 1 | --------- --------- --------- | | | | | --------o---------------o- | -o----------------o-------- Ethernet 1 | Ethernet 2 IP network "Development" | IP network "accounting" | | -------- | | iota | | | 1 | | -------- | | --o--------o-------- Ethernet 3 IP network "factory" Figure 9. Close-up View of Three IP Networks The route table inside alpha looks like this: --------------------------------------------------------------------- |network direct/indirect flag router interface number| --------------------------------------------------------------------- |development direct <blank> 1 | |accounting indirect devnetrouter 1 | |factory indirect devnetrouter 1 | -------------------------------------------------------------------- TABLE 10. Alpha Route Table For discussion the table is printed again using numbers instead of names. -------------------------------------------------------------------- |network direct/indirect flag router interface number| -------------------------------------------------------------------- |223.1.2 direct <blank> 1 | |223.1.3 indirect 223.1.2.4 1 | |223.1.4 indirect 223.1.2.4 1 | -------------------------------------------------------------------- TABLE 11. Alpha Route Table with Numbers The router in Alpha's route table is the IP address of delta's connection to the development network. 5.10 Indirect Scenario Alpha is sending an IP packet to epsilon. The IP packet is in alpha's IP module and the destination IP address is epsilon (223.1.3.2). IP extracts th network portion of this IP address (223.1.3) and scans the first column of the table looking for a match. A match is found on the second entry. This entry indicates that computers on the 223.1.3 network can be reached through the IP-router devnetrouter. Alpha's IP module then does an ARP table translation for devnetrouter's IP address and sends the IP packet directly to devnetrouter through Alpha's interface number 1. The IP packet still contains the destination address of epsilon. The IP packet arrives at delta's development network interface and is passed up to delta's IP module. The destination IP address is examined and because it does not match any of delta's own IP addresses, delta decides to forward the IP packet. Delta's IP module extracts the network portion of the destination IP address (223.1.3) and scans its route table for a matching network field. Delta's route table looks like this: ---------------------------------------------------------------------- |network direct/indirect flag router interface number| ---------------------------------------------------------------------- |development direct <blank> 1 | |factory direct <blank> 3 | |accounting direct <blank> 2 | ---------------------------------------------------------------------- TABLE 12. Delta's Route Table Below is delta's table printed again, without the translation to names. ---------------------------------------------------------------------- |network direct/indirect flag router interface number| ---------------------------------------------------------------------- |223.1.2 direct <blank> 1 | |223.1.3 direct <blank> 3 | |223.1.4 direct <blank> 2 | ---------------------------------------------------------------------- TABLE 13. Delta's Route Table with Numbers The match is found on the second entry. IP then sends the IP packet directly to epsilon through interface number 3. The IP packet contains the IP destination address of epsilon and the Ethernet destination address of epsilon. The IP packet arrives at epsilon and is passed up to epsilon's IP module. The destination IP address is examined and found to match with epsilon's IP address, so the IP packet is passed to the upper protocol layer. 5.11 Routing Summary When a IP packet travels through a large internet it may go through many IP-routers before it reaches its destination. The path it takes is not determined by a central source but is a result of consulting each of the routing tables used in the journey. Each computer defines only the next hop in the journey and relies on that computer to send the IP packet on its way. 5.12 Managing the Routes Maintaining correct routing tables on all computers in a large internet is a difficult task; network configuration is being modified constantly by the network managers to meet changing needs. Mistakes in routing tables can block communication in ways that are excruciatingly tedious to diagnose. Keeping a simple network configuration goes a long way towards making a reliable internet. For instance, the most straightforward method of assigning IP networks to Ethernet is to assign a single IP network number to each Ethernet. Help is also available from certain protocols and network applications. ICMP (Internet Control Message Protocol) can report some routing problems. For small networks the route table is filled manually on each computer by the network administrator. For larger networks the network administrator automates this manual operation with a routing protocol to distribute routes throughout a network. When a computer is moved from one IP network to another, its IP address must change. When a computer is removed from an IP network its old address becomes invalid. These changes require frequent updates to the "hosts" file. This flat file can become difficult to maintain for even medium-size networks. The Domain Name System helps solve these problems. 6. User Datagram Protocol UDP is one of the two main protocols to reside on top of IP. It offers service to the user's network applications. Example network applications that use UDP are: Network File System (NFS) and Simple Network Management Protocol (SNMP). The service is little more than an interface to IP. UDP is a connectionless datagram delivery service that does not guarantee delivery. UDP does not maintain an end-to-end connection with the remote UDP module; it merely pushes the datagram out on the net and accepts incoming datagrams off the net. UDP adds two values to what is provided by IP. One is the multiplexing of information between applications based on port number. The other is a checksum to check the integrity of the data. 6.1 Ports How does a client on one computer reach the server on another? The path of communication between an application and UDP is through UDP ports. These ports are numbered, beginning with zero. An application that is offering service (the server) waits for messages to come in on a specific port dedicated to that service. The server waits patiently for any client to request service. For instance, the SNMP server, called an SNMP agent, always waits on port 161. There can be only one SNMP agent per computer because there is only one UDP port number 161. This port number is well known; it is a fixed number, an internet assigned number. If an SNMP client wants service, it sends its request to port number 161 of UDP on the destination computer. When an application sends data out through UDP it arrives at the far end as a single unit. For example, if an application does 5 writes to the UDP port, the application at the far end will do 5 reads from the UDP port. Also, the size of each write matches the size of each read. UDP preserves the message boundary defined by the application. It never joins two application messages together, or divides a single application message into parts. 6.2 Checksum An incoming IP packet with an IP header type field indicating "UDP" is passed up to the UDP module by IP. When the UDP module receives the UDP datagram from IP it examines the UDP checksum. If the checksum is zero, it means that checksum was not calculated by the sender and can be ignored. Thus the sending computer's UDP module may or may not generate checksums. If Ethernet is the only network between the 2 UDP modules communicating, then you may not need checksumming. However, it is recommended that checksum generation always be enabled because at some point in the future a route table change may send the data across less reliable media. If the checksum is valid (or zero), the destination port number is examined and if an application is bound to that port, an application message is queued for the application to read. Otherwise the UDP datagram is discarded. If the incoming UDP datagrams arrive faster than the application can read them and if the queue fills to a maximum value, UDP datagrams are discarded by UDP. UDP will continue to discard UDP datagrams until there is space in the queue. 7. Transmission Control Protocol TCP provides a different service than UDP. TCP offers a connection- oriented byte stream, instead of a connectionless datagram delivery service. TCP guarantees delivery, whereas UDP does not. TCP is used by network applications that require guaranteed delivery and cannot be bothered with doing time-outs and retransmissions. The two most typical network applications that use TCP are File Transfer Protocol (FTP) and the TELNET. Other popular TCP network applications include X-Window System, rcp (remote copy), and the r- series commands. TCP's greater capability is not without cost: it requires more CPU and network bandwidth. The internals of the TCP module are much more complicated than those in a UDP module. Similar to UDP, network applications connect to TCP ports. Well- defined port numbers are dedicated to specific applications. For instance, the TELNET server uses port number 23. The TELNET client can find the server simply by connecting to port 23 of TCP on the specified computer. When the application first starts using TCP, the TCP module on the client's computer and the TCP module on the server's computer start communicating with each other. These two end-point TCP modules contain state information that defines a virtual circuit. This virtual circuit consumes resources in both TCP end-points. The virtual circuit is full duplex; data can go in both directions simultaneously. The application writes data to the TCP port, the data traverses the network and is read by the application at the far end. As with all sliding window protocols, the protocol has a window size. The window size determines the amount of data that can be transmitted before an acknowledgement is required. For TCP, this amount is not a number of TCP segments but a number of bytes. 8. Network Appliations Why do both TCP and UDP exist, instead of just one or the other? They supply different services. Most applications are implemented to use only one or the other. You, the programmer, choose the protocol that best meets your needs. If you need a reliable stream delivery service, TCP might be best. If you need a datagram service, UDP might be best. If you need efficiency over long-haul circuits, TCP might be best. If you need efficiency over fast networks with short latency, UDP might be best. If your needs do not fall nicely into these categories, then the "best" choice is unclear. However, applications can make up for deficiencies in the choice. For instance if you choose UDP and you need reliability, then the application must provide reliability. If you choose TCP and you need a record oriented service, then the application must insert markers in the byte stream to delimit records. What network aplications are available? There are far too many to list. The number is growing continually. Some of the applications have existed since the beginning of internet technology: TELNET and FTP. Others are relatively new: X-Windows and SNMP. The following is a brief description of the applications mentioned in this tutorial. 8.1 TELNET TELNET provides a remote login capability on TCP. The operation and appearance is similar to keyboard dialing through a telephone switch. On the command line the user types "telnet delta" and receives a login prompt from the computer called "delta". TELNET works well; it is an old application and has widespread interoperability. Implementations of TELNET usually work between different operating systems. For instance, a TELNET client may be on VAX/VMS and the server on UNIX System V. 8.2 FTP File Transfer Protocol (FTP), as old as TELNET, also uses TCP and has widespread interoperability. The operation and appearance is as if you TELNETed to the remote computer. But instead of typing your usual commands, you have to make do with a short list of commands for directory listings and the like. FTP commands allow you to copy files between computers. 8.3 rsh Remote shell (rsh or remsh) is one of an entire family of remote UNIX style commands. The UNIX copy command, cp, becomes rcp. The UNIX "who is logged in" command, who, becomes rwho. The list continues and is referred to collectively to as the "r" series commands or the "r*" (r star) commands. The r* commands mainly work between UNIX systems and are designed for interaction between trusted hosts. Little consideration is given to security, but they provide a convenient user environment. To execute the "cc file.c" command on a remote computer called delta, type "rsh delta cc file.c". To copy the "file.c" file to delta, type "rcp file.c delta:". To login to delta, type "rlogin delta", and if you administered the computers in a certain wa, you will not be challenged with a password prompt. 8.4 NFS Network File System, first developed by Sun Microsystems Inc, uses UDP and is excellent for mounting UNIX file systems on multiple computers. A diskless workstation can access its server's hard disk as if the disk were local to the workstation. A single disk copy of a database on mainframe "alpha" can also be used by mainframe "beta" if the database's file system is NFS mounted commands to use the NFS mounted disk as if it were local disk. 8.5 SNMP Simple Network Management Protocol (SNMP) uses UDP and is designed for use by central network management stations. It is a well known fact that if given enough data, a network manager can detect and diagnose network problems. The central station uses SNMP to collect this data from other computers on the network. SNMP defines the format for the data; it is left to the central station or network manager to interpret the data. 8.6 X-Window The X Window System uses the X Window protocol on TCP to draw windows on a workstation's bitmap display. X Window is much more than a utility for drawing windows; it is entire philosophy for designing a user interface. 9. Other Information Much information about internet technology was not included in this tutorial. This section lists information that is considered the next level of detail for the reader who wishes to learn more. o administration commands: arp, route, and netstat o ARP: permanent entry, publish entry, time-out entry, spoofing o IP route table: host entry, default gateway, subnets o IP: time-to-live counter, fragmentation, ICMP o RIP, routing loops o Domain Name System 10. References [1] Comer, D., "Internetworking with TCP/IP Principles, Protocols, and Architecture", Prentice Hall, Englewood Cliffs, New Jersey, U.S.A., 1988. [2] Feinler, E., et al, DDN Protocol Handbook, Volume 2 and 3, DDN Network Information Center, SRI International, 333 Ravenswood Avenue, Room EJ291, Menlow Park, California, U.S.A., 1985. [3] Spider Systems, Ltd., "Packets and Protocols", Spider Systems Ltd., Stanwell Street, Edinburgh, U.K. EH6 5NG, 1990. 11. Relation to other RFCs This RFC is a tutorial and it does not UPDATE or OBSOLETE any other RFC. 12. Security Considerations There are security considerations within the TCP/IP protocol suite. To some people these considerations are serious problems, to others they are not; it depends on the user requirements. This tutorial does not discuss these issues, but if you want to learn more you should start with the topic of ARP-spoofing, then use the "Security Considerations" section of RFC 1122 to lead you to more information. 13. Authors' Addresses Theodore John Socolofsky EMail: TEDS@SPIDER.CO.UK Claudia Jeanne Kale EMail: CLAUDIAK@SPIDER.CO.UK Note: This info taken from RFC-1180. _______________________________________________________________________________