CIS2153.gif (14009 bytes)

Resource Page   CIS 2153 Syllabus    Chapter Lesson Notes: 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11

IP Addressing Notes     IP Subnetting Notes

Chapter 6 Lesson Notes

Installing, Configuring, Managing, Monitoring, and Troubleshooting Network Protocols 

  1. Windows 2000 TCP/IP
    1. Introduction to TCP/IP
      1. Understanding Protocols
        1. A protocol is a set of rules or syntax that is used to specify the manner in which the process of communication takes place between two computers. Each of the two computers must be running the same protocol to "speak" to each other.
        2. TCP/IP is a set of protocols, called a protocol stack or protocol suite.
        3. A stack has two or more protocols working together to accomplish a task.
        4. A suite is a more elaborate collection of communication protocols, utilities, tools, and applications.
        5. TCP and IP make up the stack, whereas the suite is made up of a large number of additional protocols such as SMTP, SNMP, and FTP.
        6. TCP/IP is an open standard protocol, which indicates it is vendor non-specific.
      2. TCP/IP Standards
        1. Standards are derived from RFCs (Request for Comments) on the Internet as well as networking models such as the OSI (Open Systems Interconnection) and the DoD (Department of Defense).
      3. Brief History of TCP/IP
        1. The DoD established ARPA (Advanced Research Projects Agency) in response to the need for communications between major military installations in the event of mass destruction during the Cold War of the 1960’s.
        2. In 1968, ARPA built a network called ARPANet based on packet-switching, which is a connectionless technology. Packet-switching sends individual packets instead of the entire data file to its destination, with each packet taking a different physical route.
        3. MILNET is a spin-off of ARPANet for the military, with the remaining segment comprised of major universities.
        4. Focus of ARPANet and today’s Internet is reliability rather than speed.
      4. Advantages and Disadvantages of TCP/IP versus other LAN Protocols
        1. Advantages include reliability, compatibility, scalability, and routability.
        2. Disadvantages include its lack of speed as compared to NetBEUI and NWLink, more resource overhead, and it is difficult to configure.
    2. The TCP/IP Protocol Suite
      1. TCP/IP and the DoD/OSI Networking Models
        1. Rather than being proprietary (vendor-specific), TCP/IP uses open standards set by the ISO (International Organization for Standardization) in their OSI Model (Open Systems Interconnection). (See Figures 6-2 and 6-3 on pages 396 and 397.)
        2. TCP/IP was developed before the OSI Model, therefore the layers of the DoD (Department of Defense) Networking Model map directly to these four layers: Application, Host-to-Host, Internetwork, and Network Interface. (See Figure 6-4 on page 398.)
        3. The Presentation Layer contains gateways that act as translators, as in thefollowing examples: SMTP (e-mail gateway), SNA gateway, and GSNW (Gateway Services for Netware).
      2. The Internetwork Layer Protocols
        1. IP is a connectionless protocol, which resides at the Network layer. It depends on TCP in the Transport Layer above for connection-oriented functionality.
        2. ICMP (Internet Control Message Protocol) is a TCP/IP standard that allows hosts and routers using IP to report errors.
        3. IGMP (Internet Group Management Protocol) is used for multicasting (sending a message to multiple hosts but addressing it to a single address).
        4. ARP (Address Resolution Protocol) resolves logical IP addresses to Media Access Control (MAC) physical hardware addresses.
        5. RARP reverses this process. ARP information is stored in the arp cache (see Figure 6-5).
      3. The Transport Layer Protocols

        4. Transport protocols’ primary purpose is to ensure that data arrives complete and in good condition.

        1. TCP is a connection-oriented protocol and is based on point-to-point communication between two hosts. A session is established before transmission begins by using a three-way handshake. Segments are sent and acknowledgements are received by the originator. If a segment fails to arrive, TCP tells the sending computer so that the segment can be resent.
        2. UDP is a connectionless protocol, which is faster because no error-checking or acknowledgement takes place.
        3. Ports ensure that information sent to the same IP address is received correctly, for example; an e-mail message and a web page both sent to 24.12.145.101 will arrive in Outlook and Internet Explorer respectively because each uses a different port.
        4. The TCP sliding windows protocol determines how much data is being transmitted based on actual bytes, rather than segments (see Figure 6-6).
        5. FTP (File Transfer Protocol) is used to transfer files from one computer to another (download or upload).
        6. Telnet is used to connect to a remote computer and run programs or view files.
        7. SMTP (Simple Mail Transfer Protocol) is used for sending Internet mail and POP (Post Office Protocol) is used to retrieve it.
        8. SNMP (Simple Network Management Protocol) is used to monitor and manage TCP/IP networks.

     

    Beyond the Basics

    Today’s IP addressing scheme uses Internet Protocol Version 4 (IPv4), which is a 32-bit binary address. There is a drive in the IT field to migrate to IP version 6 (IPv6). The most obvious reason for this is the depletion of IPv4 addresses. Today, a commercial organization cannot apply for a Class C license from the InterNIC. If a commercial organization needs an Internet IP address, it must either lease or buy IP addresses from an ISP (Internet Service Provider). The remaining Class C licenses are reserved for not-for-profit and government agencies. The InterNIC is trying to reclaim network IDs from organizations that are not using all of the hosts available to them. Despite these efforts, it won’t be long before all of the available network IDs will be used up and IPv6 will become imperative.

    IPv4 addresses are broken into two levels of hierarchy: network and host. This is an inefficient use of IP addresses. It is not uncommon for a company to have a Class B address with only a few thousand hosts on the Internet. This is a waste of nearly 60,000 host IDs.

    IPv6 provides for 128-bit addresses, which allows for
    340,282,366,920,938,463,463,374,607,431,768,211,456 host IDs (340 decillions). This allows enough host IDs in this addressing scheme for approximately 665,570,793,348,866,943,898,599 addresses for every square meter on the surface of the earth.

    The designers of the IPv6 protocol chose to represent the 128-bit address as eight 16-bit integers separated by colons. Each integer is represented in hexadecimal form, skipping leading zeros. An example address would be 1075:3A:AEF3:0:0:0:210:A6EB. You can abbreviate this further, since consecutive null (zero) fields within an address can be marked with two colons, reducing the above example to 1075:3A:AEF3::210:A6EB. Only one double-colon can be used within an address, otherwise we would get ambiguous addresses (::CA74::, for example). For more information, visit www.ipv6.org.
  2. IP Addressing
    1. Locating IP Addressing Information
      1. Properties box for the protocol
      2. IPConfig
      3. WinIPConfig (Windows 9x systems)
    2. How IP Addressing Works
      1. An IP address is required on a TCP/IP network. It can be manually assigned by the administrator, or dynamically provided through DHCP, APIPA (discussed in Chapter 5), or ICS (Internet Connection Sharing).
      2. The IP address is represented in a "dotted quad" or "dotted decimal" notation using four sections, called octets, separated by dots. This format is simply a user-friendly way to display the binary number that the computers is actually using.
      3. The TCP/IP address is made up of four eight-bit binary numbers called an octet. Each octet is separated by a period (pronounced "dot").
      4. Each octet is often given the letter of W, X, Y, or Z. For example, in the IP address 24.12.145.101, the 12 is in the "X" position.
    3. One’s and Zeros: Binary Addressing
      1. The IP address 192.168.1.185 is actually communicated through the network as 11000000.10101000.00000001.10111001. Note that each octet has eight ones or zeros, thus, "octet."
      2. Binary uses base 2, which limits the number of unique characters to just two (1 or 0), whereas base10 uses characters 0 through 9.
      3. Use Table 6-1 to convert 10011011 to the decimal number 155.

        4. Beyond the Basics

        The decimal, hexadecimal, and binary numbering systems all start with zero. Our habit is to think of the "first" of something as being number 1, but in the world of computers and technology, you’ll need to become accustomed to that first thing being number 0.

        If you remember your elementary school math, the number of digits that can fit into the units (ones) column is called the base. Decimal comes from the Latin "ten" and allows 10 digits in the ones column (0-9). Decimal numbering is also called base-10. When you have more than 10 digits, you cross over to the tens column.

        In regular counting, we would start with a one and go to a nine. When we added one more number, we would put a zero in the ones column, and a one in the tens column, making a 10. In computer math, we start with zero. When we get to the end of the allowed numbers in the ones column, we go back to the beginning, put down a zero, and move a one to the tens column.

        Binary refers to base-2 numbers, in that there are only two units before you begin using the tens column. In base-2 numbering, you can only have a zero and a one in the ones column. There is no two, and you have to go to the tens column instead. One moves to the left of the zero after two digits, just as one moves to the left of zero after 10 digits in base-10 numbers (decimal).

        Text counting in binary would be: zero, one, ten, eleven, one hundred, one hundred and one, one hundred and ten, one hundred and eleven, and one thousand. The same sequence in symbols would be 0, 1, 10, 11, 100, 101, 110, 111, and 1000, respectively. Because binary has only ones and zeros, there’s no such thing as a two. The two is replaced by what we think of as a 10.

        The largest eight-bit number is 11111111, which is made up of eight "ones," and converts to 255 in decimal. The last character in the ASCII keyboard character translation table is 255—a blank space. On the other hand, decimal/binary zero is also a space, so maybe it’s not that incredible.

        Hexadecimal (hex) is base-16 numbering, where numbers in the ones column must go beyond 10 digits all the way to 16 digits. This requires the use of letters, since decimal numbering (base-10) has only 10 available digits (0, 1, 2, 3, 4, 5, 6, 7, 8, 9) before making a 10. Hexadecimal (often abbreviated as hex, H, or h) adds A, B, C, D, E, and F.

        Counting a full sequence would be 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. The F represents the "tens" column crossover point, just like the nine does in decimal numbers. In this case, 15 (the F) is the sixteenth digit and the last that can fit in the ones column. Don’t forget that zero was the first digit.

        Following F (in base-16) would come a "tens unit," so the next number is 10. The sequence continues as 11, 12, 13, 14, 15, 16, 17, 18, 19, 1A, 1B, 1C, 1D, 1E, 1F, and then another tens unit, making 20.

        Hexadecimal numbering allows for cramming more information into a smaller space. For example, the decimal 255 (three digits) becomes FFh (two bits) in hex. The small "h" following the number ensures that the reader realizes the number is in base 16 (hex).

        For more practice on hexadecimal, try the exercise at the end of this chapter.

      4. The Components of an IP Address
        1. IP addresses consist of two parts: the Network ID and the Host ID. The subnet mask determines which part is Network ID and which part is Host ID.
      5. The subnet mask is another 32-bit binary number that is expressed in the same format as the IP address to indicate which part of the IP address is masked. Masked bits are always 1, or "on."
        1. Example: 11111111.00000000.00000000.00000000 in binary would equal 255.0.0.0 in decimal. Therefore, the first octet is the Network ID, and the last three octets identify the specific computer (or Host ID) on that network.
        2. Other Examples:
          1. The IP address of 103.204.124.34 with a subnet mask of 255.255.0.0 indicates that the Network ID is 103.204 and the Host ID is 124.34.
          2. The IP address of 103.204.124.34 with a subnet mask of 255.255.255.0 indicates that the Network ID is 103.204.124 and the Host ID is 34.
          3. The "All 1’s and all 0’s Rule" indicates that you cannot have a Network ID or a Host ID that uses all 1’s or all 0’s since those addresses are used for special purposes such as broadcasting.
    4. Address Classes

      5. InterNIC has assigned blocks of IP addresses in small, medium, and large "lumps" to organizations and Internet Service Providers (ISPs), depending on their networking demands. These blocks are called Class A, Class B, or Class C networks.

      1. Class A: Used for large networks
        1. The first octet of the TCP/IP address is used for the network ID, and the remaining three octets are used to address host computers.
          1. W.X.Y.Z IP Address
          2. 255.0.0.0 Subnet Mask (W octet specifies the Network IDs; X, Y and Z can be used for Host IDs)
      2. Class B: Used for medium networks
        1. The first two octets of the TCP/IP address are used for the network ID; the remaining two octets are used to address host computers.
          1. W.X.Y.Z IP Address
          2. 255.255.0.0 Subnet Mask (W and X octets specify the Network IDs; Y and Z can be used for Host IDs)
      3. Class C: Used for small networks
        1. The first three octets of the TCP/IP address are used for the network ID; the remaining octet can be used to address host computers.
          1. W.X.Y.Z IP Address
          2. 255.255.255.0 Subnet Mask (W, X and Y octets specify the Network IDs; Z can be used for Host IDs)

        Beyond the Basics

        InterNIC

        In cooperation with the Internet community, the National Science Foundation developed and released in April of 1992 a solicitation for one or more Network Information Service (NIS) Managers to provide and/or coordinate services for the NSFNet community. Three organizations were selected to receive cooperative agreements in the areas of Information Services, Directory and Database Services, and Registration Services. Together these three awards constitute the InterNIC. General Atomics provides information services, AT&T provides directory and database services, and Network Solutions, Inc. (NSI) provides registration services.

      4. Address ranges 10.x.x.x and 172.16.x.x and 192.168.x.x are reserved for use as private addresses. These addresses cannot directly send to or receive traffic from the Internet. These addresses are ideal for home networking or for those segments on a corporate network that need to be invisible to the Internet (payroll or sensitive information). If the host computer cannot get out to the Internet, hackers cannot get in.
      5. Class D addresses are those whose four high order bits (leftmost or the W octet) are 1110. Class D addresses are reserved for multicasting.
      6. Class E addresses are those whose four high order bits are 1111. Class E addresses are reserved for experimental and/or testing purposes.
      7. Default Subnet Masks are set when an entire block of addresses from a specified class are used as one network (Class A, B, or C). See the chart above.
      8. Subnetting occurs when a block of addresses needs to be split into two or more smaller networks. Supernetting is just the opposite; that is, it involves combining two or more class networks together to create a larger network.
    5. Subnetting and supernetting

      6. Both are done by "stealing" bits from one portion of the network ID or host ID to "give" to the other.

      1. Subnetting Basics
        1. Refer to pages 417 and 418 on the process of stealing bits.
        2. Table 6-2 on page 418 illustrates how many new subnets can be created for each bit you "steal" from the host ID.
        3. To determine the subnet mask when "stealing" bits, use the following three steps:
          1. Determine the number of subnets you need.
          2. Convert the number to binary. Notice how many bits are required.
          3. Convert the number of bits required to decimal.
      2. With supernetting, you can combine two Class C networks using a subnet mask of 255.255.254.0 to provide 512 hosts on the network instead of the usual 254 assigned to a Class C network.
    6. Classless Addressing: CIDR
      1. CIDR (pronounced "cider") is Classless InterDomain Routing, and networks using CIDR are often called "slash x" networks, with the "x" representing the number of bits assigned before subnetting.
      2. An example CIDR address is 192.168.1.27/24. Use Table 6-3 to determine CIDR network designations and their subnet masks.
  3. Installing, Configuring, Managing, and Monitoring TCP/IP

    4. Installing TCP/IP under Windows 2000 is different than it is under Windows NT 4.0, where you could right-click Network Neighborhood and bring up the Properties sheet to install new protocols.

    1. Installing TCP/IP in Windows 2000
      1. Network protocols are installed via the Network and Dial-up Connections window (see Figure 6-7 on page 421
    2. Configuring TCP/IP in Windows 2000

      3. You must enter the proper configuration information before the computer can communicate on the network. Perform Exercise 6-4 on page 423: Configuring TCP/IP.

      1. Advanced TCP/IP Properties allows you to finely tune your TCP/IP settings.
      2. IP Settings, found under Advanced Settings, enable the computer to use more than one IP address or default gateway. See Figure 6-8 on page 425.
  4. Assigning Multiple IP Addresses
    1. Multiple IP addresses are used in a number of situations, including public addresses used for Internet access and private addresses used for internal networking.
  5. Assigning Multiple Default Gateways
    1. Dead gateway detection in Windows 2000 is used to detect downed routers. Multiple default gateways keep the IP routing table updated by using the next default gateway in the list.
  6. The Interface Metric
    1. A metric is the cost of using a particular route from one destination to another, and is generally measured in the number of hops to the IP destination. Any travel within the local subnet is one hop, then one hop is added to the hop count for each router that is crossed. The lowest metric is the least number of hops, and is therefore the fastest.
    2. Advanced DNS Settings can be made as shown in Figure 6-9 on page 426, and include the following:
      1. Multiple DNS Servers
      2. Unqualified name resolution
      3. Connection-specific DNS suffixes
      4. DNS dynamic update behavior
    3. Advanced WINS Settings can be made as shown in Figure 6-10 on page 428, and include the following:
      1. Multiple WINS servers
      2. Enabling and disabling the use of the LMHosts file. The LMHosts.sam file is used to manually specify TCP/IP to NetBIOS name resolutions at the client level. The file is stored in \winnt\system32\drivers\etc.
      3. Enabling and disabling the use of NetBIOS over TCP/IP
    4. Other Advanced Options: This tab, shown in Figure 6-11 on page 429, is the last in the Advanced TCP/IP settings sheet, which allows you to change the default setting of "disabled" to the following:
      1. Enable Internet Protocol security (IPSec)
      2. Enable TCP/IP filtering
      3. See Figure 6-11 on page 429
    5. TCP/IP Best Practices
      1. Microsoft recommends that if your local network is connected to the Internet, either obtain registered public IP addresses for all computers and use an IP router, or establish the Internet connection using one computer and use NAT (Network Address Translation).
      2. Microsoft also recommends that if you assign private addresses, you use the address ranges in each class that are designated as reserved for that purpose by IANA. (Internet Assigned Numbers Authority).
    6. Troubleshooting TCP/IP

      7. Refer to Troubleshooting Windows 2000 TCP/IP, by Debra Littejohn Shinder and Thomas W. Shinder (published by Syngress Media), for more information on this topic. The following utilities can be used to troubleshoot TCP/IP:

      1. IPConfig (see Figure 6-12 on page 431)
        1. Used to view the current TCP/IP configuration, and can be used manually to release and renew a TCP/IP configuration received from a DHCP server
      2. Ping and PathPing (see Figure 6-13 on page 432)
        1. A simple tool used to test connectivity to remote systems; used most often in initial efforts to resolve Network problems
      3. TraceRt (see Figure 6-14 on page 433)
        1. Traces the network route taken by an IP datagram as it travels the network; also provides the number of hops
      4. NetStat and NBTStat (see Figure 6-15 on page 434)
        1. NetStat: displays protocol statistics and current TCP/IP connections
        2. NBTStat: checks the state of current NetBIOS over TCP/IP (NetBT) connections; can also be used to troubleshoot NetBIOS name resolution problems
      5. NetDiag (found on Windows 2000 Professional Resource Kit CD)
    7. Managing and Monitoring Network Traffic
      1. Windows 2000 Network Monitor can be installed on Windows 2000 Server using the Add/Remove Programs applet. It cannot be run in promiscuous mode, which is the state in which the network card can listen to all the traffic on the network. This means that only the traffic on that one server can be analyzed. Figure 6-16 on page 436 shows the Network Monitor interface.
      2. Microsoft recommends that you run Network Monitor at off-peak (low usage) times due to its negative impact on network performance. Figure 6-17 on page 437 shows capture detail from Network Monitor.
  7. Installing and Configuring NWLink
    1. NWLink is a routable protocol, but it does not support connection to the Internet. Consider using NWLink and IPX/SPX even if there are no NetWare servers on your network. This will allow faster communication than TCP/IP but will not allow a computer to access the Internet directly.
    2. Installing the NWLink Protocol is done through the Network and Dial-up Connections properties box—the same as TCP/IP.
    3. Configuring NWLink: When asked for a network number you are not sure of, the default value of 00000000 will usually work. Perform Exercise 6-5 on page 439: Installing and Configuring NWLink in Windows 2000. Client Services for NetWare (CSNW) must be installed on clients for access to NetWare resources.
    4. Protocol Binding Order is determined when multiple protocols are used with multiple network services. The protocol listed at the top will be used first, and so on. The Binding Order can be changed in the Advanced menu under Advanced Setting of the Network and Dial-up Connections folder.
1