Ict-innovation/LPI/109.1

From Wikibooks, open books for an open world
Jump to navigation Jump to search

109.1 Fundamentals of Internet Protocols[edit | edit source]

Candidates should demonstrate a proper understanding of TCP/IP network fundamentals.


Key Knowledge Areas

  • Demonstrate an understanding network masks.
  • Knowledge of the differences between private and public "dotted quad" IP-Addresses.
  • Setting a default route.
  • Knowledge about common TCP and UDP ports (20, 21, 22, 23, 25, 53, 80, 110, 119, 139, 143, 161, 443, 465, 993, 995).
  • Knowledge about the differences and major features of UDP, TCP and ICMP.
  • Knowledge of the major differences between IPv4 and IPV6.
  • Knowledge of the basic features of IPv6.



IP addresses and the Dotted Quad Notation


Binary numbers

10 = 21 100 = 22 101 = 22 + 1 111 = 100 + 010 + 001


This means that a binary number can easily be converted into a decimal as follows:

10000000 =27 =128

01000000=26 =64

00100000=25=32

00010000=24=16

00001000=23=8

00000100=22=4

00000010=21=2

00000001=20=1


The Dotted Quad notation:

Each network interface connected to an IP network is assigned a 32-bit IP address. This address is normally written down by breaking it into 4 bytes, writing each byte value in decimal, and separating them with dots. This is called "dotted quad" or "dotted decimal" notation. For example:

Decimal Binary
192.168.1.1 11000000.10101000.00000001.00000001


Broadcast Address, Network Address and Netmask[edit | edit source]

An IP address is split into two parts. The top (left-hand) part is the network address. It identities the network that the interface is connected to. It is this part of the IP address that is used to make routing decisions if an IP packet needs to be routed through intervening routers. The bottom (right-hand) part is the host address. This identifies a specific machine (host) on the network.


The Netmask

A netmask ( also called a subnet mask) is used to define which part of the IP address is used as the network address. Netmasks can also be written using dotted quad notation, for example:

A 16 bit and 17 bit netmask:

255.255.0.0 16-bit 1 1 1 1 1 1 1 1 . 1 1 1 1 1 1 1 1 . 0 0 0 0 0 0 0 0 . 0
255.255.128.0 17-bit 1 1 1 1 1 1 1 1 . 1 1 1 1 1 1 1 1 . 1 0 0 0 0 0 0 0 . 0

If you know the netmask that's in use, you can determine if two IP addresses are on the same network. As an example, consider the IP addresses 32.128.1.1 and 32.128.0.11. In binary these look like this:

00100000 . 10000000 . 00000001 . 00000001
00100000 . 10000000 . 00000000 . 00000011

With a 16-bit netmask (255.255.0.0) these IP addresses are on the same network (because their top 16 bits are identical). So, a packet being sent between these two IP addresses would not need to be routed; it can be sent directly to its destination.

However, with a 24-bit netmask (255.255.255.0) the above two addresses would be on different networks:

00100000 . 10000000 . 00000001 . 00000001
00100000 . 10000000 . 00000000 . 00000011

So, a packet being sent between these two IP addresses would need to be routed; that is, it would need to pass through one or more intervening routers (gateways) to reach the correct network.


The Network Address

Every network has a number which is needed when setting up routing. The network number is a portion of the dotted quad. The host address portion is replaced by zero’s.

Typical network address: 192.168.1.0


Network Classes

In the early days of IP networking there were only three places that the division between network part and host part of an IP address could be placed. These were called Class A , Class B and Class C. In detail:


Class A: 8-bit network address and 24-bit host address

The first byte of the IP number is used for the network address. So the default subnet mask would be 255.0.0.0. The 3 remaining bytes are available to set host interfaces.

Since 255.255.255 and 0.0.0 are invalid host numbers there are 224 – 2 = 16 777 214 possible hosts.

IP numbers have the first byte ranging from 1 to 127. This corresponds to a binary range of 00000001 to 01111111. The first two bits of a class A address can be set to “00” or “01”.


Class B: 16-bit network address and 16-bit host address

The two first bytes of the IP number are used for the network address. The default subnet mask is 255.255.0.0. There are 216 – 2 = 65 534 possible hosts.

The first byte ranges from 128 to 191. Notice that the binary range of the first byte is 10000000 to 10111111. That is the first two bits of a class B address are always set to “10”.


Class C: 24-bit network address and 8-bit host address

The three first bytes are used for the network address. The default subnet mask is 255.255.255.0. There are 28 – 2 = 254 possible hosts.

The first byte ranges from 192 to 223. This corresponds to a binary range from 11000000 to 11011111. From this we conclude that the first two bits of a class C address is always set to “11”.


The Broadcast Address

The broadcast address for a network is obtained by setting the host address to "all ones". For example, the broadcast address for the class C network 192.168.1.0 is 192.168.1.255. The broadcast address for the class B network 150.66.0.0 is 150.66.255.255. Packets sent to the broadcast address will be received by all hosts on the network. Usually, you can only send to the broadcast address of your own network because routers are usually configured to not forward directed broadcast packets. For example a machine on the 192.168.1.0 network cannot use the address 192.168.7.255 to broadcast to the 192.168.7.255 network.

Given an IP address and a netmask, simple logical operations can be applied to calculate the network number and the broadcast address.

To retrieve the network address from an IP number simply AND the IP with the netmask..

Network Address =IPAND Netmask

Similarly the broadcast address is found with the network address OR ‘not MASK’.

Broadcast Address=NetworkORnot[Netmask]

Here AND and OR are logical operations on the binary form of these addresses. 'not' means 'ones complement'

Example:

Take the IP 192.168.3.5 with a net mask 255.255.255.0. We can do the following operations:

Network address=IPAND MASK

11000000.10101000.00000011.00000101(192.168.3.5)

AND

11111111.11111111.11111111.00000000(255.255.255.000)

_____________________________________________


11000000.10101000.00000011.00000000 (192.168.3.0)


Broadcast Address=IPORNOT-MASK


11000000. 10101000.00000011.00000101(192.168.3.5)

OR

00000000.00000000.00000000.11111111(000.000.000.255)

_____________________________________________


11000000.10101000.00000011.11111111(192.168.3.255)


Reserved IP addresses

Three IP address blocks (one each for class A, B, and C) are reserved for use on private (internal) networks These addresses are never used on the Internet. The following table shows the three private address blocks.

Class A 10.x.x.x
Class B 172.16.x.x -- 172.31.x.x
Class C 192.168.0.x

Around the world, large numbers of private internal networks (intranets) re-use these address blocks. Typically, a small corporate network consumes only one one "real" IP address (that is, one that can be routed on the Internet). This address is assigned to the external-facing interface of the company's external gateway. This re-use of private addresses has greatly reduced the rate of allocation of IP address space that would otherwise have occurred.


Subnets

In the early days of IP networking, a technique called subnetting was used to allow an organisation to divide its allocated IP address block amongst multiple physical networks. For example, consider an organisation that has the class B address block 140.3.0.0. In theory this identifies a single network that can accommodate 65,534 hosts as noted above. This number is much too large for practical use. Sub-netting is used to split the address block into multiple networks. Essentially, bits allocated in the IP address for hosts are actually used to select the network. The boundary between the network ID and host ID parts of an IP address is determined by the netmask.

For example, our example organisation with the 140.3.0.0 address block might choose to use a 24-bit netmask (255.255.255.0) to split its address block into 256 networks of up to 254 hosts each – a much more practical solution.

As another example, a company with a class C address block 199.48.6.0 might choose to use a 26-bit netmask (255.255.255.192), allowing it to split its address space into 4 networks of up to 62 hosts each.


CIDR notation

From 1993 the internet moved away from Class A, B, and C addressing to use Classless Inter-domain Routing (CIDR). Using CIDR the boundary between network and host address can be placed in any bit position. Using CIDR notation, a network address is written down in dotted-quad form followed by the number of bits that define the network ID. For example, the following notations are equivalent:


10.0.0.0/9

network 10.0.0.0, netmask 255.128.0.0

We will take the example of the class C address block 192.168.1.0. We investigate a 25-bit then a 26-bit network.


25-bit network

Netmask: 11111111.11111111.11111111.10000000 or 255.255.255.128

Since Network = IP AND Netmask, we see from the netmask that two network addresses can be formed depending on the hosts range:

1. Host addresses in the 192.168.1.0xxxxxxx range result in a 192.168.1.0 network. In CIDR notation this would be written as 192.168.1.0/25

2. Host addresses in the 192.168.1.1xxxxxxx range result in a 192.168.1.128 network. In CIDR notation this would be written as 192.168.1.128/26


In both cases substitution of the x’s by zeros or ones yield the network number and the broadcast address:

Network address Substitute with 0’s Substitute with 1’s
0 Network: 0 Broadcast: 127
128 Network: 128 Broadcast: 255

We can also determine the maximum number of hosts on each network. Since the host address is 7-bit long and we exclude 2 values (all 1’s and all 0’s) we have 27 – 2 = 126 hosts on each network or a total of 252 hosts.

Notice that if the default subnet mask 255.255.255.0 is used we have 254 available host addresses. In the above example 192.168.1.127 and 192.168.1.128 are taken for the first broadcast and second network respectively, this is why only 252 host addresses can be used.


26-bit network

Netmask: 11111111.11111111.11111111.11000000 or 255.255.255.192

Here again depending on the host’s address 4 different network addresses can be determined with the AND rule.

1. Host addresses in the 192.168.1.00xxxxxx range result in a 192.168.1.0 network.

2. Host addresses in the 192.168.1.01xxxxxx range result in a 192.168.1.64 network.

3. Host addresses in the 192.168.1.10xxxxxx range result in a 192.168.1.128 network.

4. Host addresses in the 192.168.1.11xxxxxx range result in a 192.168.1.192 network.

Substituting the x’s with 1’s in the numbers above give us the corresponding broadcast addresses: 192.168.1.63, 192.168.1.127, 192.168.1.191, 192.168.1.255

Each subnet has 26 – 2 = 62 possible hosts or a total of 248.

Routing[edit | edit source]

Figure 109.1-1: Sample Network

Part of the task of the Internet Protocol (IP) is to route packets to the correct machine. On each machine Linux maintains a routing table. For example, machine B in the picture above would contain an entry that says, in effect, "to get to network 192.168.1.0, go via the router at 192.167.0.254" In topic 109.2 we will see how to configure these routes. This machine would also contain a routing entry for the default route; this tells it where to send packets to reach other networks for which it does not have a more specific route. For machine B the default route would be 192.168.0.4. The default route is often called the default gateway. For many so-called stub networks, which have only one gateway connected, the default route is all that's needed. For example machines P, Q and R simply need a default route, pointing to 192.168.1.254

IPV6 Basics


IPv6 is an Internet-layer protocol that provides end-to-end datagram transmission across multiple IP networks. IPv6 comes with more features not present in IPv4. It is described in Internet standard document RFC 2460, published in December 1998. IPv6 prides itself as a protocol that supports many dynamic plug and play functionalities. As a result, there are multiple ways to assign IP addresses in IPv6. This guide will go over two methods of IPv6 address assignment: stateless and stateful.


IPv6 Address Allocation

Internet Assigned Numbers Authority (IANA) assigned Regional Internet Registrars 23/12 bit blocks . Regional Internet registrars RIR (Afrinic) assign blocks 19/32 to local Internet registrars


Local Internet registries (ISP) assign IPv6 address to end users.

Recommended home users get 46 or 56 bit blocks.- meaning multiple subnets are possible.


There is provision for individuals to apply for own provider independent IPv6 address block with

Regional Internet Registrar (RIR)– A provider-independent address space is a block of ip addresses assigned by a (RIR) directly to an end-user. The user must contract with an ISP to obtain routing of the address block within the internet.


Goals and benefits of IPv6.

Goals of IPv6 Benefits of IPv6 Benefits of IPv6
Simplify address allocation Built in multi-casting Stateless auto configuration
Simplify network administration, No need to renumber network as number of devices grow e.g from class C to class A. User can keep session while moving from location to location – e.g. wireless and mobile networking in bus, airplane
Simplify routing No need to renumber network when location changes Simplified IPv6 headers means faster processing even though larger than IPv4
Resolve security and mobility issues No need for NAT Better route aggregation,
Increase address space No need for address re-use Built in multi-casting


IP Address Notation

The primary difference between IPv4 and IPv6 addresses is length. IPv4 addresses are 32 bits long and IPv6 addresses are 128 bits long. This means that an IPv4 address is made up of 32 1s and 0s while an IPv6 address is made up of 128 of them – 128 binary digits. This massive length forces IPv6 addresses to be written using a different notation than IPv4 addresses and thus makes them very easy to distinguish from IPv4 addresses.


As with IPv4, an IPv6 address serves as an identifier for an interface or group of interfaces. Also like IPv4, IPv6 addresses come in several types, based on how they represent those interfaces. IPv6 has three types of addresses. This post covers all three, plus some special purpose addresses as well.

IPv4 - Dotted quad notation : Addresses written as 4 groups of 3 digit

decimal values separated by a .


192.168.253.018

Abbreviation rule

Drop leading 0194.168.253.18



IPV4 DECIMAL: BINARY NOTATION
194. 168. 253. 18
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
byte byte byte byte
x represents bits either a 1 or 0


IPv6 addresses, as commonly displayed as eight groups of four hexadecimal digits separated by colons, for example 2001:0dbb:fe01:fe01:0000:0000:0000:2000“case insensitive”.

IPV6 HEX: BINARY NOTATION

2001: 0DBB: FE01: FE01: 0DBB: 0000: 0000: 2000
XXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXX:
2bytes 2bytes 2bytes 2bytes 2bytes 2bytes 2bytes 2bytes
x represents bits either a 1 or 0


128 bit address, 2^128 = 3,402823669×10³⁸ unique addresses.


Abbreviation rules

  1) Drop leading zeros in a 16 bit value 

e.g. 2001:0dbb:fe01:fe01:0:0:0:2000

2. Replace a group of sequential 0 with a double

colon ::

e.g. 2001:0dbb:fe01:fe01::2000


EXAMPLE 2

2001:0db8:0000:0000:8a2e:0000:0000:7334

After rule 1

– 2001:db8:0:0:8a2e:0:0:7334

After rule 2 done only once in any address

– 2001:db8:85a3::8a2e:0:0:7334


All devices that connects to the Internet requires a globally unique addresses. IPv4 uses 32 bits for an IP address that allows about 4 billion unique IP addresses. When IPv4 was started as the protocol for the Inter-networking, they did not anticipate an explosion in usage or the extent to which online technologies would become popular. An escalating demand for IP addresses was the main driving force behind the development of IPv6.

Some technologies were implemented in IPV4 as a interim measure but still that wasn't enough, some of these technologies includes natting, DHCP and sub-netting. According to estimates, in the wireless domain, more than a billion mobile phones, Personal Digital Assistants (PDA), and other wireless devices will require Internet access, and each device will need its own unique IP address.

IPv6 supports 128-bit address space and theoretically there are 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses available. With this large address-space scheme, IPv6 has the capability to provide unique addresses to each and every device or node attached to the Internet.





Simplified Header


The improved routing, or movement of information from a source to a destination, is more efficient in IPv6 because it incorporates a hierarchical addressing structure and has a simplified header. The large amount of address space allows organizations with large numbers of employees to obtain blocks of contiguous address space. Contiguous address space allows organizations to aggregate addresses under one prefix for identification on the Internet. This structured approach to addressing reduces the amount of information Internet routers must maintain and store and promotes faster routing of data. In addition, as shown in above, IPv6 has a simplified header because of the elimination of six fields from the IPv4 header. The simplified header also contributes to faster routing.




IPv6 Address types


Address Type Description Binary Pref Prefix
Unspecified Only used during hist initialisaion 0000...0 (128 bits) ::/128
loopback Address used when when talks to itself 0000...01(128 bits) ::1/128
Link-Local Unicast Used on a single link or non routed LAN eq to 169.254.0.0/16 in IPV4 1111 1110 10 FE80::/10
Site local Can not be used on the internet, sim to priv ranges in IPV4 1111 1110 1100 FEC0::/10
Multicast Identifies multicast grps, used as dest add never as source 1111 1111 FF00::/8
IPV4-Mapped Used to embed IPV4 in an IPV6 address ::FFFF:192.168.0.1 ::FFFF/96
Unique Local(ULAs)



These are reserved for home and private enterprise not public


1111 1100


FC00::/7
Global unicast




All other except those reserved



2000::/3



IPv6 ADDRESS ASSIGNMENT

IPv6 Neighbour Discovery combines and improves upon the functionality found in Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP), Router Discovery and ICMP-Redirects in IPv4, and adds some new features as well.

Neighbour Discovery Services includes four main functions:

  1) Router Discovery: 

Routers periodically send out router advertisement messages to announce their presence, advertise prefixes that are on-link, assist in address configuration and share other information about the link (MTU, hop limit, etc.) Router Advertisements support multiple prefixes on the same link. Hosts can learn on-link prefixes from router advertisements or, when the router is configured to withhold them, from redirects as needed.

  1) Neighbour Discovery: 

IPv6 nodes communicate their link-layer addresses to each other using neighbor solicitation and neighbor advertisement messages. These messages are also used to detect duplicate addresses and test reachability. Neighbor Discovery has many improvements and new features when compared to the corresponding IPv4 protocols. Some of the most notable differences are:

  1)    Neighbour Discovery moves address resolution to the ICMP layer which makes it much less media dependant than ARP as well as adding the ability to use IP layer security when needed. 
  1)    Neighbour Discovery uses link-local addresses. This allows all nodes to maintain their router associations even when the site is renumbered to a new global prefix. 
  1)    All Neighbour Discovery messages carry link-layer address information so a single message (or pair of messages) is all that is needed for nodes to resolve the other’s addresses; no additional address resolution is needed. 


  1) Neighbour Unreachability Detection: 

IPv6 nodes rely on positive confirmation of packet delivery. This is accomplished in two ways. First, nodes “listen” for new acknowledgements being returned or similar upper-layer protocol confirmation that packets sent to a neighbour are in fact reaching their destination. When such confirmation is absent, the node sends unicast neighbour solicitation messages to confirm next-hop reachability. Neighbour Unreachability Detection is built in, making packet delivery much more robust in a changing network. Using Neighbour Unreachability Detection, Neighbour Discovery will detect router failures, link failures and most notably partial link failures such as one-way communication.


  1) Redirects: 

Very similar to the ICMPv4 redirect feature, the ICMPv6 Redirect message is used by routers to inform on-link hosts of a better next-hop for a given destination. The intent is to allow the router(s) to help hosts make the most efficient local routing decisions possible.

SLAAC

In addition to everything discussed above, Neighbour Discovery also enables address autoconfiguration – namely Stateless Address Autoconfiguration (SLAAC). SLAAC provides plug-and-play IP connectivity in two phases: Phase 1 – Link-Local address assignment and then in Phase 2 – Global address assignment.


IPv6 still maintains the capability for stateful address assignment through DHCPv6 (and static assignment) but SLAAC provides a very lightweight address configuration method that may be desirable in many circumstances. In the stateful autoconfiguration model, a host obtains the interface addresses as well as other required information such as the configuration information and parameters from a server. The DHCP server maintains a manually administered list of hosts and keeps track of which addresses have been assigned to which hosts. DHCP is necessary at sites where central management of hosts is important.

Phase 1 – Link-Local Address

Phase 1 steps for local connectivity:

  1) Link-Local Address Generation: Any time that a multicast-capable IPv6-enabled interface is turned up, the node generates a link-local address for that interface. This is done by appending an interface identifier to the link-local prefix (FE80::/10). 
  1) Duplicate Address Detection: Before assigning the new link-local address to its interface, the node verifies that the address is unique. This is accomplished by sending a neighbor solicitation message destined to the new address. If there is a reply than the address is a duplicate and the process stops (requiring operator intervention). 
  1) Link-Local Address Assignment: If the address is unique, the node assigns it to the interface it was generated for. 

At this point, the node has IPv6 connectivity to all other nodes on the same link. Only hosts move on to Phase 2; a router’s interface addresses must be configured by other means.

Phase 2 – Global Address

And phase 2 steps for global connectivity:

  1) Router Advertisement: The node sends a router solicitation to prompt all on-link routers to send it router advertisements. When the router is enabled to provide stateless autoconfiguration support, the router advertisement will contain a subnet prefix for use by neighbouring hosts. 
  1) Global Address Generation: Once it receives a subnet prefix from a router, the host generates a global address by appending the interface id to the supplied prefix. 
  1) Duplicate Address Detection: The host again performs duplicate detection, this time for the new global address. 
  1) Global Address Assignment: Assuming that the address is not a duplicate, the host assigns it to the interface.


Use of Stateless Address Auto-Configuration (SLAAC) where a Router Advertisement message announces the on-link prefixes as well as the link-local address of the router. The prefix is then combined with either the node link-layer address to form a EUI-64 address or with a random number to form a privacy extension address..

Better Security

The Internet has functioned for the last three decades with IPv4 as the underlying protocol. However, because of this end-to-end model, IPv4 was designed with almost no security in mind and assumes that the required security will be provided at the end nodes. For example, consider an application such as email that may require encryption services - under IPv4, it is the responsibility of the email client at the end nodes to provide those services. Today, the Internet faces threats such as Denial of Service Attacks, Malicious code distribution, Man-in -the-middle attacks, Fragmentation attacks and Reconnaissance attacks.


Better Quality of Service

IPv6 provides ways to use features like flow label and the traffic fields for applications to request special handling of certain packets without delay “low latency” throughout the WAN. This enables the support of multi media or real-time applications that requires good degree of consistent throughput, delay, or jitter. These types of applications are known as multi media or real-time applications. The term often used to describe this is low latency. Streaming audio and video requires low latency through high priority.


Improved Connectivity.

Without Network Address Translation (NAT), true end-to-end connectivity at the IP layer is restored, enabling new and valuable services. Peer-to-peer networks and applications such as multi-player online games, video-conferencing (streaming media), file sharing are easier to create and maintain, and services such as VoIP and Quality of Service (QoS) becomes much better as group of computers can communicate directly with each other without need a central server.

Better Optimization

In a multicast technique a packet is copied from one stage down to another in a hierarchical tree-like structure, instead of sending it from the source directly. This means that there are fewer packets in the network thereby optimizing bandwidth utilization and also reducing the resources required at each network node. This multicast technique is particularly useful when streams of information have to be made available to a wide variety of connected devices and not just one single destination. For example multicast technique is used to relay audio data, video data, news feeds, financial data feeds and so on.

Mobility In-built

Mobility in IPv4 is optional and could be made available through a set of extensions. With IPv6, mobility support is mandatory by the use of Mobile IPv6 (MIPv6). Route optimization is a built-in feature for mobile IPv6. Auto discovery and configuration services allows mobile nodes to work in any location without needing the services of any special router.
When a mobile node is not on the home network, it sends information about its present location “care-of-address” to the home agent. Routing of packets to this host occurs like this: if any host or node wants to communicate with this mobile node, it will first send the information packets to the home address. The home agent receives these packets and using a routing table, sends these packets to the care-of-address of the mobile node.


Better Administration

When an existing network is to be expanded or two networks to be merged, or when service providers are changed the network no longer needs to be renumbered. IPv6 provides capabilities so that network renumbering can happen automatically. It simplifies aspects of address assignment stateless address autoconfiguration network renumbering and router announcements when changing network connectivity providers. Network address management in IPv6 will no longer requires manual configuration for IP devices, hosts and routers. Multihoming techniques have been made easy to implement. If simultaneous connections are established to two ISPS, when service goes down from one ISP there is a back-up connection to the Internet. This ensures far greater reliability of services.


Easy Transition

IPv6 uses many design features that made IPv4 so successful. This enable smooth transition from IPv4 to IPv6. IPv6 transition will be a gradual even though it offer many competitive advantages to IPv4. Surely many application will operate faster and soother on the IPv6 platform compared to the current IPv4 on.


Commands to use with IPv6

trust@trust-desktop:~$ ifconfig -a

eth0 Link encap:Ethernet HWaddr 00:a1:b0:01:09:90

inet addr:192.168.10.19 Bcast:192.168.10.255 Mask:255.255.255.0

inet6 addr: fe80::2a1:b0ff:fe01:990/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:26710 errors:0 dropped:0 overruns:0 frame:0

TX packets:19011 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:32377321 (32.3 MB) TX bytes:2365746 (2.3 MB)

Interrupt:17 Base address:0xde00


lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:141 errors:0 dropped:0 overruns:0 frame:0

TX packets:141 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:11796 (11.7 KB) TX bytes:11796 (11.7 KB)

trust@trust-desktop:~$


trust@trust-desktop:~$ netstat -r -6

Kernel IPv6 routing table

Destination Next Hop Flag Met Ref Use If

fe80::/64 :: U 256 0 0 eth0

fe80::/64 :: U 256 0 0 virbr0

/0 :: !n -1 1 3 lo
1/128 :: Un 0 1 46 lo

fe80::2a1:b0ff:fe01:990/128 :: Un 0 1 0 lo

fe80::c8a5:5aff:fe06:7adc/128 :: Un 0 1 0 lo

ff00::/8 :: U 256 0 0 eth0

ff00::/8 :: U 256 0 0 virbr0

/0 :: !n -1 1 3 lo

trust@trust-desktop:~$


trust@trust-desktop:~$ route -A inet6

Kernel IPv6 routing table

Destination Next Hop Flag Met Ref Use If

fe80::/64 :: U 256 0 0 eth0

fe80::/64 :: U 256 0 0 virbr0

/0 :: !n -1 1 3 lo
1/128 :: Un 0 1 46 lo

fe80::2a1:b0ff:fe01:990/128 :: Un 0 1 0 lo

fe80::c8a5:5aff:fe06:7adc/128 :: Un 0 1 0 lo

ff00::/8 :: U 256 0 0 eth0

ff00::/8 :: U 256 0 0 virbr0

/0 :: !n -1 1 3 lo

trust@trust-desktop:~$


trust@trust-desktop:~$ ping6 ::1

PING ::1(::1) 56 data bytes

64 bytes from ::1: icmp_seq=1 ttl=64 time=0.022 ms

64 bytes from ::1: icmp_seq=2 ttl=64 time=0.027 ms

64 bytes from ::1: icmp_seq=3 ttl=64 time=0.032 ms

64 bytes from ::1: icmp_seq=4 ttl=64 time=0.029 ms

^C

--- ::1 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 2998ms

rtt min/avg/max/mdev = 0.022/0.027/0.032/0.006 ms

trust@trust-desktop:


To see ping6 potions $ ping6 -?

trust@trust-desktop:~$ ping6 -?

Usage: ping6 [-LUdfnqrvVaA] [-c count] [-i interval] [-w deadline]

[-p pattern] [-s packetsize] [-t ttl] [-I interface]

[-M mtu discovery hint] [-S sndbuf]

[-F flow label] [-Q traffic class] [hop1 ...] destination

trust@trust-desktop:~$


trust@trust-desktop:~$ traceroute6 ::1

traceroute to ::1 (::1) from ::1, port 33434, from port 62840, 30 hops max, 60 byte packets

1 localhost (::1) 0.004 ms 0.001 ms 0.001 ms

trust@trust-desktop:~$


In ubuntu you must have application ndisc6 installed to run tracert6 command.

trust@trust-desktop:~$ sudo apt-get install ndisc6


trust@trust-desktop:~$ tracert6 ::1

traceroute to ::1 (::1) from ::1, 30 hops max, 60 byte packets

1 localhost (::1) 0.004 ms 0.001 ms 0.001 ms

trust@trust-desktop:~$


To verify you have Ipv6 running enter command

trust@trust-desktop:~$ cat /proc/net/if_inet6

00000000000000000000000000000001 01 80 10 80 lo

fe8000000000000002a1b0fffe010990 02 40 20 80 eth0

fe80000000000000c8a55afffe067adc 03 40 20 80 virbr0

trust@trust-desktop:~$




File:Graphics305
Figure 109.1-2: The 4 Layer TCP/IP Model



The 4 layer TCP/IP model:

Application application level (FTP, SMTP, SNMP, HTTP, ...)
Transport Delivery to specific end-points (TCP, UDP)
Internet Packet delivery and routing (IP, ICMP, IGMP, ARP)
Network Access network cards, e.g Ethernet, token ring …



The table below shows some of the key protocols in the TCP/IP suite

File:Graphics12


TCP/IP Services and Ports

File:Graphics307
Figure 109.1-3: Services on Host 192.168.0.5

At the application layer, each service listens for connections on a specific port number. This is a 16-bit number that identifies a specific transport endpoint in the machine. The transport-layer protocols (TCP and UDP) are responsible for delivering a packet to the correct port.


The list of known services and their ports is found in /etc/services. The official list of services and associated ports is managed by the IANA (Internet Assigned Numbers Authority).


Since the port number is 16 bits there are 65535 available numbers. Numbers from 1 to 1023 are known as privileged ports and are reserved for services run by root. Most standard services use port numbers in this range.


The /etc/services main ports:

ftp-data 20/tcp

ftp 21/tcp

ssh 22/udp

ssh 22/tcp

telnet 23/tcp

smtp 25/tcp mail

domain 53/tcp

domain 53/udp

http 80/tcp # www is used by some broken

pop-3 110/tcp # PostOffice V.3

sunrpc 111/tcp

sftp 115/tcp

uucp-path 117/tcp

nntp 119/tcp usenet # Network News Transfer

ntp 123/tcp # Network Time Protocol

netbios-ns 137/tcp nbns

netbios-ns 137/udp nbns

netbios-dgm 138/tcp nbdgm

netbios-dgm 138/udp nbdgm

netbios-ssn 139/tcp nbssn

imap 143/tcp # imap network mail protocol

NeWS 144/tcp news # Window System

snmp 161/udp

snmp-trap 162/udp


IPV4 and IPV6[edit | edit source]

A new version of the IP protocol (IPV6) uses 128-bit addressing instead of 32-bit addressing. IPV6 has existed for some time and is fully supported in Linux but is not yet widely deployed. Part of the motivation for IPV6 is to address the exhaustion of IPV4 addresses which will occur soon. IPV6 also includes a mandatory security feature (IPSec) that provides authentication and encryption of IP traffic.

IPV6 addresses are written down by splitting the number into 8 16-bit groups, writing each 16-bit value in hexadecimal and separating the groups with colons, for example:

2001:ABCD:FE07:665C:0000:0000:0000:0000

Addresses can be abbreviated by omitting groups of consecutive zeros. The example above can also be written as:

2001:ABCD:FE07:665C::

There's an introduction to IPV6 and its use in Linux at http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO

The TCP/IP Suite

TCP/IP is a suite of protocols used on the Internet. The main two protocols are TCP Transmission Control Protocol and IP Internet Protocol, but there are a number of other protocols in the suite.

The protocols are layered in a stack as shown below. Packets are passed down the stack on the transmitting end. Each layer adds a header to enable that layer to do its job. The packets pass up the stack at the receiving end. Each layer removes its own header before passing it to the layer above.

To simplify, the IP layer is responsible for delivery of the packet to the destination machine, routing it though intervening gateways if necessary. It is not a "guaranteed" delivery service; that is, no check is made to verify that the packet arrived. The TCP handles connections between client and server applications It is a "reliable" protocol, because packets are acknowledged when they are received, and will be re-transmitted if no acknowledgement is received.

[[Image:|thumb|Figure 109.1-2: The 4 Layer TCP/IP Model]]

The 4 layer TCP/IP model:
Application application level (FTP, SMTP, SNMP, HTTP, ...)
Transport Delivery to specific end-points (TCP, UDP)
Internet Packet delivery and routing (IP, ICMP, IGMP, ARP)
Network Access network cards, e.g Ethernet, token ring …

The table below shows some of the key protocols in the TCP/IP suite

[[Image:|thumb]]

TCP/IP Services and Ports

[[Image:|thumb|Figure 109.1-3: Services on Host 192.168.0.5]]At the application layer, each service listens for connections on a specific port number. This is a 16-bit number that identifies a specific transport endpoint in the machine. The transport-layer protocols (TCP and UDP) are responsible for delivering a packet to the correct port.

The list of known services and their ports is found in /etc/services. The official list of services and associated ports is managed by the IANA (Internet Assigned Numbers Authority).

Since the port number is 16 bits there are 65535 available numbers. Numbers from 1 to 1023 are known as privileged ports and are reserved for services run by root. Most standard services use port numbers in this range.

The /etc/services main ports:

ftp-data 20/tcp

ftp 21/tcp

ssh 22/udp

ssh 22/tcp

telnet 23/tcp

smtp 25/tcp mail

domain 53/tcp

domain 53/udp
 
http 80/tcp # www is used by some broken

pop-3 110/tcp # PostOffice V.3

sunrpc 111/tcp

sftp 115/tcp

uucp-path 117/tcp 

nntp 119/tcp usenet # Network News Transfer

ntp 123/tcp # Network Time Protocol

netbios-ns 137/tcp nbns

netbios-ns 137/udp nbns

netbios-dgm 138/tcp nbdgm

netbios-dgm 138/udp nbdgm

netbios-ssn 139/tcp nbssn

imap 143/tcp # imap network mail protocol

NeWS 144/tcp news # Window System

snmp 161/udp

snmp-trap 162/udp



The following is a partial list of the used files, terms and utilities:* /etc/services

  • ftp
  • telnet
  • host
  • ping
  • dig
  • traceroute
  • tracepath


Previous Chapter | Next Chapter