what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

tcp2.htm

tcp2.htm
Posted Sep 1, 2000
Authored by Erik Iverson | Site dragonmount.net

Dragonmount Networks has released Part 2 of a multipart series on the Transmission Control Protocol. This installment looks at how to use tools provided with your operating system to see TCP and related protocols in action. It also describes the flow of data between machines at multiple levels during simple network operations.

tags | tcp, protocol
SHA-256 | f51add40b996ecf1990c275bbd083fcae7cd466641b1e38a2b0bf55d8417a4af

tcp2.htm

Change Mirror Download
<BASE HREF="http://www.dragonmount.net/tutorials/tcpip/part2/">
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Tutorials</title>
<link rel="stylesheet" type="text/css" href="../../../styles.css">

<meta name="Microsoft Border" content="tb, default"></head>

<body><!--msnavigation--><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td>

<script language="javascript">
function NavRollOver(oTd)
{
if (navigator.userAgent.indexOf("MSIE") != -1)
if (!oTd.contains(event.fromElement)){oTd.bgColor="CCCC99";}
}
function NavRollOut(oTd)
{
if (navigator.userAgent.indexOf("MSIE") != -1)
if (!oTd.contains(event.toElement)){oTd.bgColor="006699";}
}
</script>

<table border="0" width="100%" cellspacing="1" bgcolor="#E0E0E0" height="10">
<tr>
<td width="75" bgcolor="#006699" onmouseover="NavRollOver(this);" onmouseout="NavRollOut(this);" align="center" height="6"><a href="http://www.dragonmount.net/index.html" class="topnav-link">Home</a></td>
<td width="75" bgcolor="#006699" onmouseover="NavRollOver(this);" onmouseout="NavRollOut(this);" align="center" height="6"><a href="javascript:" onclick="window.external.AddFavorite('http://www.dragonmount.net','Dragonmount Networks')" class="topnav-link">Favorites</a></td>
<td width="75" bgcolor="#006699" onmouseover="NavRollOver(this);" onmouseout="NavRollOut(this);" align="center" height="6"><a href="http://www.dragonmount.net/software/index.htm" class="topnav-link">Software</a></td>
<td width="75" bgcolor="#006699" onmouseover="NavRollOver(this);" onmouseout="NavRollOut(this);" align="center" height="6"><a href="http://www.dragonmount.net/security/index.htm" class="topnav-link">Security</a></td>
<td width="75" bgcolor="#006699" onmouseover="NavRollOver(this);" onmouseout="NavRollOut(this);" align="center" height="6"><a href="http://www.dragonmount.net/tutorials/index.htm" class="topnav-link">Tutorials</a></td>
<td width="75" bgcolor="#006699" onmouseover="NavRollOver(this);" onmouseout="NavRollOut(this);" align="center" height="6"><a href="../../../about.htm" class="topnav-link">About
us</a></td>
<td width="75" bgcolor="#006699" onmouseover="NavRollOver(this);" onmouseout="NavRollOut(this);" align="center" height="6"><a href="http://www.dragonmount.net/contact.htm" class="topnav-link">Contact</a></td>
<td width="75" bgcolor="#006699" onmouseover="NavRollOver(this);" onmouseout="NavRollOut(this);" align="center" height="6"><a href="http://www.dragonmount.net/privacy_usage.html" class="topnav-link">Privacy</a></td>
<td width="75" bgcolor="#006699" onmouseover="NavRollOver(this);" onmouseout="NavRollOut(this);" align="center" height="6"><a href="http://www.dragonmount.net/projects/" class="topnav-link">Projects</a></td>
<td bgcolor="#006699" align="right" height="6"><a href="javascript:history.go(-1)"><img border="0" src="http://www.dragonmount.net/images/back.gif" alt="Back" WIDTH="13" HEIGHT="13"></a></td>
</tr>
</table>
&nbsp;
<table border="0" cellspacing="0" cellpadding="0" height="16">
<tr>
<td rowspan="2"><img border="0" src="http://www.dragonmount.net/images/left.jpg" usemap="#FPMap0" alt="Dragonmount Logo" WIDTH="288" HEIGHT="145"></td>
<td valign="top" height="36"><img border="0" src="http://www.dragonmount.net/images/right.jpg" alt="Bar" WIDTH="258" HEIGHT="36"></td>
</tr>
<tr>
<td valign="top">
<!--- start of focusIN code --->
<center>
<iframe src="http://focusin.ads.targetnet.com/ad/id=Falcon&opt=hhj&cv=210&uid=6740416" height=60 width=468 frameborder=0 marginheight=0 marginwidth=0 scrolling="no"><A href="http://focusin.ads.targetnet.com/ad/id=Falcon&opt=cij&cv=210&uid=6740416" target="_top"> <IMG src="http://focusin.ads.targetnet.com/ad/id=Falcon&opt=hij&cv=210&uid=6740416" alt="Click here to visit our sponsor" width=468 height=60 border=0></A><BR><FONT face="arial" size="1"><A href="http://www.focusin.com">focusIN Specialty Web Network</A></FONT></iframe>

</CENTER>




</TD>
</TR>
</TABLE>
<BR>
 

</TD></TR></TABLE><TABLE border="0" cellpadding="0" cellspacing="0" width="100%"><TR><TD valign="top">

<TABLE border="0" width="750" cellspacing="0" cellpadding="0">
<TR>
<TD width="115" valign="top" align="right">
<A href="http://www.dragonmount.net/tutorials/index.htm" class="navlinkb">Tutorials
Home</A><BR>
<BR>
<A href="http://www.dragonmount.net/tutorials/tcpip/part1/intro.htm" class="navlink">TCP/IP
for the Uninitiated: Part 1</A>
<P>
<A href="http://www.dragonmount.net/tutorials/tcpip/part2/index.htm" class="navlink">TCP/IP
for the Uninitiated: Part 2</A>


<P> </P>
</TD>
<TD valign="top" align="center" width="17"><IMG border="0" src="../../../images/orangepixel.gif" width="1" height="100%"></TD>
<TD valign="top">
<H1>TCP for the Uninitiated - Part II (Expanding the Basics / Using Tools)</H1>
<P>By: <A href="mailto:erik@dragonmount.net">Erik Iverson</A><BR>
<A href="http://www.dragonmount.net/">http://www.dragonmount.net</A></P>
<H2>Introduction</H2>
<P class="MsoNormal">Today many of us are finding ourselves in a common
Internet connectivity situation.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Either
at home or at work, we have a local area network.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Your office probably has a LAN, your home may, and for college
students in the dorms, your PC is probably on a LAN too.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>So just how does data get all around when you're chatting
on IRC, reading web pages, and sending email?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>What different steps are necessary, why are they necessary, how
does it all work together?</P>
<H2>Ethernet</H2>
Most of our LANS are Ethernet LANS.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Ethernet is an older technology, first introduced in the 1970's.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>By no means is it state of the art, but it is still very popular.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>The reasons for this are speed and interoperability.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Practically any device available can be hooked up to an Ethernet
network, and when people ask if you have a "network card" they almost
certainly are referring to an Ethernet adapter.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The standard has been around long enough to gain acceptance, and
even though it isn't that fastest technology, it still holds up well
enough for today's applications.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The
standard Ethernet speed is 10 megabits per second, but newer cards support
100 megabits per second.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Ethernet
can be run across different types of cabling.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>By far the most common type today is unshielded twisted pair, or
UTP.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The UTP is terminated
with an RJ-45 jack, which looks similar to a normal phone jack, but a bit
wider.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The connectors have 8
pins, of which 4 are used.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Two
for receiving, and two for sending. <SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes"> </SPAN>Ethernet uses unique Media Access Control (MAC) addresses to
address data.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The MAC address
is a property of the actual network card, and although it can be
configured, it is very rare that you would want to change the MAC on your
card.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Data on the Ethernet is
addressed to the 6-byte address on the card, not the IP address.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>The IP address is contained within the data, but the Ethernet
doesn't need to know about it, only the MAC address.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>Ok, so how does Ethernet fit in with TCP/IP?<H2>Pinging a Machine</H2>
<P class="MsoNormal">Let's just start with something simple.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>I want to ping a machine.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>If
you don't know what a ping is, it is a helpful and incredibly simple
network diagnostic tool.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The
main function of the ping command is to check if a remote host is
"alive" or able to send and receive datagrams on a network.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>I have a home network with a half dozen PC's.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Let's try pinging one.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>To
ping a machine, I must know its host name or IP address.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>I know the machine's IP address (I assigned it myself), so
let's try pinging it and see what happens.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Below is a dump of what PING looks like on my Windows 2000 machine.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>I am going to ping the IP address 192.168.0.1.
</P>
<P class="MsoNormal"><B>Microsoft Windows 2000 [Version 5.00.2195]</B>
</P>
<P class="MsoNormal"><B>(C) Copyright 1985-1999 Microsoft Corp.</B>
</P>
<P class="MsoNormal"><B>C:\>ping 192.168.0.1</B>
</P>
<P class="MsoNormal"><B>Pinging 192.168.0.1 with 32 bytes of data:</B>
</P>
<P class="MsoNormal"><B>Reply from 192.168.0.1: bytes=32 time<10ms TTL=255</B>
</P>
<P class="MsoNormal"><B>Reply from 192.168.0.1: bytes=32 time<10ms TTL=255</B></P>
<P class="MsoNormal"><B>Reply from 192.168.0.1: bytes=32 time<10ms TTL=255</B></P>
<P class="MsoNormal"><B>Reply from 192.168.0.1: bytes=32 time<10ms TTL=255</B></P>
<P class="MsoNormal"><B>Ping statistics for 192.168.0.1:</B>
</P>
<P class="MsoNormal"><B>Packets:
Sent = 4, Received = 4, Lost = 0 (0% loss),</B></P>
<P class="MsoNormal"><B>Approximate round trip times in milli-seconds:</B></P>
<P class="MsoNormal"><B>Minimum
= 0ms, Maximum =<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>0ms, Average
=<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>0ms</B></P>
<P class="MsoNormal">And here is a ping dump from an OpenBSD machine.
</P>
<P class="MsoNormal"><B>bash-2.03$ ping 192.168.0.10</B>
</P>
<P class="MsoNormal"><B>PING 192.168.0.10 (192.168.0.10): 56 data bytes</B></P>
<P class="MsoNormal"><B>64 bytes from 192.168.0.10: icmp_seq=0 ttl=128
time=0.450 ms</B></P>
<P class="MsoNormal"><B>64 bytes from 192.168.0.10: icmp_seq=1 ttl=128
time=0.432 ms</B></P>
<P class="MsoNormal"><B>64 bytes from 192.168.0.10: icmp_seq=2 ttl=128
time=0.442 ms</B></P>
<P class="MsoNormal"><B>64 bytes from 192.168.0.10: icmp_seq=3 ttl=128
time=0.413 ms</B></P>
<P class="MsoNormal"><B>--- 192.168.0.10 ping statistics ---</B></P>
<P class="MsoNormal"><B>4 packets transmitted, 4 packets received, 0% packet
loss</B></P>
<P class="MsoNormal"><B>round-trip min/avg/max = 0.413/0.434/0.450 ms</B></P>
<P class="MsoNormal">So what just happened here?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Pinging a machine may seem trivial in practice, but what is going
on behind the scenes?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>How
does data get from my machine to the other machine, and then how does it
know what to do with that data?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> </SPAN>
</P>
<P class="MsoNormal">Ethernet has no concept of IP addresses; any number
of different protocols can be run on top of Ethernet.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>It is a layer 2 (link layer) protocol and layer 1 (physical)
protocol.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>If you think about
this, it makes sense.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>You
shouldn't be locked into having to use TCP/IP just because you use
Ethernet cabling and network cards.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Novell
LANs use IPX instead of IP, IPX works just fine across Ethernet.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>So how do Ethernet adapters communicate with one another?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Clearly there must be some type of addressing mechanism available.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The answer is that each adapter has a unique MAC address.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>A MAC address is a 6-byte (48-bit) number usually represented
in hex.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>All network on the
Ethernet destined to a particular machine will have that machines MAC
address as the destination in the Ethernet header.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>But I didn't tell the ping program the remote machines MAC
address, so how did it know what MAC address to send the data to if I only
gave it the remote IP?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The
answer is the Address Resolution Protocol, or ARP.
</P>
<H2>Address Resolution Protocol (ARP)</H2>ARP is a simple protocol used to map physical (MAC)
addresses, to network layer (IP) addresses.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>It can be used to map different addressing mechanisms too, but
we're using IP and MAC addresses, by far the most popular use of ARP.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>How it does this is quite simple.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Each machine has an ARP table that can be looked at by us, the
users.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Go to a command prompt
in your operating system, which would be a DOS prompt for Windows9x users.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Type ARP at the command prompt and you'll get a list of
parameters.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>Most likely, all you'll want to do is view your ARP table,
so type "arp -a" (no quotes however).<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Here is what happens on my machines.<P class="MsoNormal">Windows2000
</P>
<P class="MsoNormal"><B>C:\>arp -a</B></P>
<P class="MsoNormal"><B>Interface: 192.168.0.10 on Interface 0x2</B>
</P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Internet
Address<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      </SPAN>Physical
Address<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      </SPAN>Type</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>192.168.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">          
</SPAN>00-00-92-91-80-9a<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>dynamic</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>192.168.0.11<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">         
</SPAN>00-50-da-06-c6-e7<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>dynamic</B></P>
<P class="MsoNormal">OpenBSD
</P>
<P class="MsoNormal"><B>bash-2.03$ arp -a</B></P>
<P class="MsoNormal"><B>24-216-87-1.hsacorp.net (24.216.87.1) at
0:30:80:5f:71:38</B></P>
<P class="MsoNormal"><B>furby.dragonmount.net (192.168.0.10) at
0:10:5a:19:cd:bc</B></P>
<P class="MsoNormal"><B>paradise.dragonmount.net (192.168.0.11) at
0:50:da:6:c6:e7</B></P>
<P class="MsoNormal"><B>lith.dragonmount.net (192.168.0.12) at 8:0:9:85:bc:c1</B></P>
<P class="MsoNormal">Ok, the output is similar.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The Internet Address column in the Windows 2000 screen tells us the
machines IP address.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The
Physical Address tells us the MAC address of the Ethernet adapter.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>And finally Type can either by set to dynamic or static.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Except in rare situations, you won't see static entries in the
ARP table.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Dynamic entries
eventually timeout, and will needed to be looked up again.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>This is a good idea because IP addresses can change over time, and
you wouldn't want to be sending data to the wrong MAC address.
</P>
<P class="MsoNormal">Great, how did the information get in the ARP table
though?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Well remember how we
wanted to send a ping to 192.168.0.1 originally.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>At first our ARP table had no entry for that IP address, so how did
it get one?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>It sent out an
ARP request.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>ARP requests are
broadcast to every machine on the network.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>We're talking about Ethernet LANs still, so the broadcast address
is FF:FF:FF:FF:FF:FF.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>This is
a 6 byte MAC reserved for broadcast messages.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>So in English, here is what my machine did.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>"The user wants me to ping 192.168.0.1, so I'm going to look up
the physical (MAC) address in my ARP table.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>I don't have an entry for 192.168.0.1 in my ARP table yet, I
don't know to which physical address to send that request, so I have to
ask.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>I'm going to ask every
adapter out there `Who has the IP 192.168.0.1?' by sending an ARP
request to the broadcast address."
</P>
<P class="MsoNormal">Next, what happens is that the machine that has that
IP (192.168.0.1) sends an ARP reply back, saying "I have this IP
address, and here is my physical address. (MAC address)" Then my
machine, using the remote machines physical address, sends out an Ethernet
frame on the wire, destined to the remote machine's MAC address, which
has an IP datagram containing an ICMP Ping request.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>All that, and a bit more, happens just to ping a machine.  I
didn't go into the details of how the data is actually sent out on the
wire.  Ethernet uses something called Carrier Sense Multiple Access
with Collision Detection (CSMA/CD) to regulate what machine is "in
control" of the LAN at any point in time.  The basic idea is
that no two machines can be transmitting to the same LAN at any point in
time, or a collision will occur.  In the case of a collision, both
machines need to transmit, and will wait a "random" amount of
time, thus the "collision detection."  A machine will not
attempt to transmit if it sees that another machine is transmitting, thus
the "carrier sense."  And multiple machines share the same
media, thus the "multiple access."  Easy, eh?  Like I
said, the example is slightly simplified; I'm assuming the data
doesn't have to cross
any routers in this example.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>However,
in a small home or office network, they most likely wouldn't have to.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>We'll look at an example soon that needs to leave the LAN, the
situation differs slightly.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> </SPAN>
</P>
<P class="MsoNormal">Ok great, so where do TCP and the three-way handshake
fit into this picture?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>They
don't in this example.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>To ping a machine,
we don't have to use TCP.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Ping
uses ICMP, which is a protocol on about the same level as IP.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>TCP would come into play if we were doing more than a simple ping.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Say I wanted to access a web page on the computer.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The same sequence of events would occur, except instead of sending
a ping request, I'd send the first part of the 3-way handshake described
in my previous article.  From that point on, the MAC address would be
mapped to the IP in the ARP table, and would remain there until its value
timed out.  When we're talking about the LAN level protocols such as
Ethernet, they really could care less if they are carrying TCP, UDP, or
anything else.  These things, for the most part, only matter to the
machines at either end of the communication.  
</P>
<H2>More Tools: traceroute, netstat, route</H2>
<P class="MsoNormal">I've slowly been introducing various tools
including ping and arp.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>These
are just two of many tools provided with most operating systems for
network management and diagnostics.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Another
tool sure to come in handy is traceroute on UNIX based systems, and
tracert on Windows based systems.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>What
traceroute does is just that, traces the route datagrams take to get from
point A (your computer), to point B (some remote computer).<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>I'll show you a couple examples and you'll get the hang of it.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Then I'll briefly explain how traceroute does its job.  </P>
<P class="MsoNormal">Windows 2000
</P>
<P class="MsoNormal"><B>C:\>tracert 192.168.0.1</B>
</P>
<P class="MsoNormal"><B>Tracing route to 192.168.0.1 over a maximum of 30
hops</B>
</P>
<P class="MsoNormal"><B> <o:p>
</o:p>1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  
</SPAN><10 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   </SPAN><10
ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   </SPAN><10 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>192.168.0.1</B>
</P>
<P class="MsoNormal"><B>Trace complete.</B>
</P>
<P class="MsoNormal"><B>C:\>tracert www.hampsterdance2.com</B>
</P>
<P class="MsoNormal"><B>Tracing route to www.hampsterdance2.com
[64.7.160.90] over a maximum of 30 hops:</B>
</P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  
</SPAN><10 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   </SPAN><10
ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   </SPAN><10 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>192.168.0.1</B>
</P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>2<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>10 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>10
ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>10 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>24-240-42-1.hsacorp.net [24.240.42.1]</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>3<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>10 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>10
ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     </SPAN>*<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>24-216-181-1.hsacorp.net [24.216.181.1]</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>4<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>80 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>50
ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>40 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>512.Hssi5-0-0.GW1.MSP1.ALTER.NET [157.130.114.29]</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>5<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>60 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>70
ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>50 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>151.ATM1-0.XR2.CHI4.ALTER.NET [146.188.209.110]</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>6<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>90 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>90
ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>40 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>194.ATM2-0.TR2.CHI4.ALTER.NET [146.188.208.226]</B>
</P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>7<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>91 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>80
ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>90 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>106.ATM7-0.TR1.DCA8.ALTER.NET [146.188.138.126]</B>
</P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>8<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>90 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>80
ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>71 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>196.ATM5-0.XR2.TCO1.ALTER.NET [152.63.32.209]</B>
</P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>9<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  
</SPAN>100 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     </SPAN>*<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     
</SPAN>161 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>192.ATM8-0-0.GW3.DCA3.ALTER.NET
[152.63.32.69]</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> </SPAN>10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>70 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>70
ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>80 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>dn4-gw.customer.ALTER.NET [157.130.15.230]</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> </SPAN>11<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>91 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   </SPAN>120 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>80 ms<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>64.7.160.90</B></P>
<P class="MsoNormal"><B>Trace complete.</B>
</P>
<P class="MsoNormal">Ok, the first output is from me tracing to a machine
on my LAN.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Notice that it
only takes one "hop" to get there, as there are no intermediate
computers between Point A and Point B.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The second trace, to <A href="http://www.hampsterdance.com/">www.hampsterdance2.com</A>,
is a different story.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Here it
takes 11 hops, meaning my data goes through 10 nodes on the Internet
before reaching hampsterdance2.com.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>These
nodes may be other computers, or simply routers.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Each node is queried three times, and the resulting data is showed
along with the machines host name and/or IP address.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>"*"'s in the data represent lost datagrams, where either my
datagram never made it to the machine, or their reply never made it back.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Since traceroute is implemented using UPD, not TCP (a reliable
protocol), no effort to retransmit the lost packets was made. UDP is
unreliable, a best effort protocol.  No acknowledgement of the data
is made by the receiving end, as in TCP.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Only
TCP can ensure data delivery, at least within the protocols of the TCP/IP
suite.
</P>
<P class="MsoNormal">You might think, did an ARP request occur when trying
to access hampsterdance2.com?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The
answer is yes, but not to hampsterdance2.com.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Don't get confused.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>We're
going to introduce the basics of routing tables, how to view them, how
routing decisions are made, and default gateways.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> </SPAN>
</P>
<H2>Routing</H2>
<P class="MsoNormal">Routing is what it sounds like.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>Your packets are directed by routers to get to their
destination.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Routers have
routing tables, and they are often very large.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Complex protocols and algorithms are used to update router's
large and ever-changing tables.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Your
machine connected to the Internet also has a routing table; it is most
likely small.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Let's look at
my routing table and then explain what it means.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>To get the routing table we spawn a Cmd.exe shell and type "route
print".<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Windows 9x users
use command.com.
</P>
<P class="MsoNormal">Routing Table of Windows 2000 Machine.
</P>
<P class="MsoNormal"><B>C:\>route print</B>
</P>
<P class="MsoNormal"><B>Interface List</B></P>
<P class="MsoNormal"><B>0x1 ........................... MS TCP Loopback
interface</B></P>
<P class="MsoNormal"><B>0x2 ...00 10 5a 19 cd bc ...... 3Com EtherLink PCI</B></P>
<P class="MsoNormal"><B>Active Routes:</B>
</P>
<P class="MsoNormal"><B>Network Destination<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">       
</SPAN>Netmask<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">           
</SPAN>Gateway<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">        
</SPAN>Interface<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">         </SPAN>Metric</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">       
</SPAN>0.0.0.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">                 
</SPAN>0.0.0.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">       
      </SPAN>192.168.0.1<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">      </SPAN>192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>1</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">       </SPAN>127.0.0.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">              
</SPAN>255.0.0.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     
      </SPAN>127.0.0.1<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">        </SPAN>127.0.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">           
</SPAN>1</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>192.168.0.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">           
</SPAN>255.255.255.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>192.168.0.10<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">    </SPAN>192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>1</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">         
</SPAN>255.255.255.255<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>127.0.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>127.0.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">           
</SPAN>1</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">       </SPAN>192.168.0.255<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">       
</SPAN>255.255.255.255<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   </SPAN>192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>1</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">       
</SPAN>224.0.0.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">             
</SPAN>224.0.0.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">           
</SPAN>192.168.0.10<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">    </SPAN>192.168.0.10 <SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      </SPAN>1</B></P>
<P class="MsoNormal"><B><SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>255.255.255.255<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>255.255.255.255<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>1</B></P>
<P class="MsoNormal"><B>Default Gateway:<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>192.168.0.1</B></P>
<P class="MsoNormal">Look under Active Routes.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>There are four fields.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>First,
at the top there is an interface list.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Each interface on a machine has one or more IP addresses associated
with it.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>My machine has two
interfaces.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>One of these is
simply the loopback interface.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>This
is used to connect to my own machine.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Using the IP address 127.0.0.1 will connect me back to my machine,
which helps for a variety of debugging and testing reasons.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The other interface on my machine is the 3Com EtherLink PCI card,
which is my network card in my computer.  You'll see the MAC address
is 00:10:5A:19:CD:BC.  Look back at the ARP output from the OpenBSD
machine, see how the IP address matches up with the MAC address?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>When I show the OpenBSD output, you'll see that there are two
network cards installed.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> </SPAN></P>
<P class="MsoNormal">So here's the situation.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>There
are two things that are depended on when deciding to route data.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>The first is the destination of the data; clearly this makes
sense.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The second is a more
difficult idea to grasp, and that is subnet masking.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>You have to know a little about binary representation of numbers
for this to all make sense.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>I'll
withhold talking about that for now and concentrate on the Network
Destination column.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Usually,
traffic won't be destined for your local LAN.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>You may be sending emails to correspondents across the globe,
surfing the web, or sending ICQ messages to your friend across town, it
doesn't really matter.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The
point is, traffic needs to leave your LAN and go over the Internet.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The Network Destination of 0.0.0.0 is the default entry in the
routing table.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>When data
needs to be sent, and it doesn't match up to anything in the routing
table, it uses the default route.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  In
our example above, the default route goes to 192.168.0.1, which is my
routing machine on my LAN.  When I need to send data to
hampsterdance2.com, first my machine looks up hampsterdance2.com's IP
address via the DNS system.  It then determines that to send data to
hampsterdance2, the traffic has to leave the LAN.  This is because no
addresses matches up in the routing table, so it uses the default
gateway.  It will issue an ARP request to my default gateway, then
address the Ethernet packet to the default gateway, but the destination IP
address will not be the default gateway, it is hampsterdance2.com's. 
See how the different layers work together?  We'll see in a bit how
and why my OpenBSD machine, the default gateway, knows where to send the
data.  It has to do with something called NAT.</SPAN></P>
<P class="MsoNormal">Gateways are very important.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The
gateway column tells the IP address of the machine to send the data to
when a match is found in the routing table.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>If a match isn't found, the default route is used, and the data
is sent to the IP address of the gateway machine for the default route.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>This machine, the gateway for the 0.0.0.0 (default) destination, is
called the default gateway.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>You'll
see here my default gateway is 192.168.0.1, that is the IP of my OpenBSD
machine, which indeed acts as a gateway to the Internet for my machine and
the other machines on my LAN.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>No
traffic goes to the Internet without passing through my OpenBSD machine,
and no traffic gets back to my LAN without first coming back through the
OpenBSD machine.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Hopefully
you understand how to read the default entry in the routing table, but
what about the rest of those entries?</P>
<P class="MsoNormal">As mentioned before, the next line is for the destination
127.0.0.1.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>If a packet is
destined for this address, it will use itself as the gateway.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>This number is reserved and will connect you back to your own
machine. <SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> </SPAN>I'll mention in a
bit why this might be useful.</P>
<P class="MsoNormal">192.168.0.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>255.255.255.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>1
</P>
<P class="MsoNormal">This line is important.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>It is how I communicate with machines on my LAN.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The first field means, "this information applies to data that is
addressed to machines starting with 192.168.*.*".<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The "0"'s effectively are wild characters in the routing
table.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>(Note that this
isn't completely accurate, but it will suffice for this discussion.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Not every "0" is a wild card character.)<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Notice how the gateway is 192.168.0.10.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>That happens to be my machine's IP address on my private LAN.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Machines from the Internet can't connect to this address, but on
my private LAN it works just fine.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>So
I'm using myself as the gateway.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>This
is because for data to get to another machine on my LAN, it doesn't need
to pass between any intermediate machines, my machine simply puts the data
out on the wire addressed to the listening machine, and the machine who is
interested in the data receives it.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Keep
in mind it would be doing ARP requests and actually addressing the data to
the other machines MAC address, the IP address is only used to make
routing decisions.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Now
let's look at my OpenBSD machines routing table to get the hang of it.
</P>
<P class="MsoNormal">The command to view it on this machine is "route
show".<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>I believe Linux
varies but I'll leave that for you to find out.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>I think the command "netstat -r" usually shows the same
output, too.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The "-n"
parameter causes route not to look up hostnames for the IP addresses.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> </SPAN>
</P>
<P class="MsoNormal"><B>bash-2.03$ route -n show</B>
</P>
<P class="MsoNormal"><B>Routing tables</B></P>
<P class="MsoNormal"><B>Internet:</B>
</P>
<P class="MsoNormal"><B>Destination<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     
</SPAN>Gateway<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">           
</SPAN>Flags</B></P>
<P class="MsoNormal"><B>default<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">         
</SPAN>24.216.87.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">       
</SPAN>UG<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN></B></P>
<P class="MsoNormal"><B>24.216.87.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     
</SPAN>link#1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">            
</SPAN>U<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     </SPAN></B></P>
<P class="MsoNormal"><B>24.216.87.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     
</SPAN>0:30:80:5f:71:38<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   </SPAN>UH<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN></B></P>
<P class="MsoNormal"><B>24.216.87.119<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   
</SPAN>127.0.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">         
</SPAN>UGH<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   </SPAN></B></P>
<P class="MsoNormal"><B>127.0.0.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">       
</SPAN>127.0.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">         
</SPAN>UG<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN></B></P>
<P class="MsoNormal"><B>127.0.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">       
</SPAN>127.0.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">         
</SPAN>UH<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN></B></P>
<P class="MsoNormal"><B>192.168.0.0<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     
</SPAN>link#2<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">            
</SPAN>U<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     </SPAN></B></P>
<P class="MsoNormal"><B>192.168.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">     
</SPAN>127.0.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">         
</SPAN>UGH<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   </SPAN></B></P>
<P class="MsoNormal"><B>192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>0:10:5a:19:cd:bc<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">   </SPAN>UH<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN></B></P>
<P class="MsoNormal"><B>192.168.0.11<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>0:50:da:6:c6:e7<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN>UH<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN></B></P>
<P class="MsoNormal"><B>192.168.0.12<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>8:0:9:85:bc:c1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    
</SPAN>UH<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">    </SPAN></B></P>
<P class="MsoNormal">See how there are four quasi-categories in the
Destination column.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>First is
the default one, which means when data doesn't match any of the rest of
the entries, send it onward.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>In
this case, it is being sent to 24.216.87.1.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>This is my gateway to the Internet.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>When I can't get on the Internet, I try pinging this host.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>If I can't ping it, then the problem almost certainly rests
either on my network or with that machine.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>If I can ping that machine, or router as the case maybe, and still
can't reach web sites and things like that, the problem most likely
rests further away than I can help.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Pinging
your default gateway should be one of the first steps you take when
diagnosing network connectivity problems.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> </SPAN>
</P>
<P class="MsoNormal">Ok, the other groups we can see are ones starting
with 24.217.87.*.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>This makes
sense; this is my IP address that I have on the Internet, it is
24.216.87.119 right now.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Link#1
refers to the first network card in the machine, there are two.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>You'll see the default gateway has its own entry in the routing
table, but it is a MAC address, not an IP address.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Also notice how 24.216.87.119 uses 127.0.0.1 (the localhost) as the
interface.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>This is because
that is my IP on the Internet, so sending data to it is equivalent to
sending to the localhost.
</P>
<P class="MsoNormal">The next group is the local loopback entries in the
routing table.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>127.0.0.1 is
the localhost, your own machine.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>You
can ping your own machine and connect to open ports on it.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>It is a very handy IP address to know if you're developing a
network application.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>You can
start a server and then connect to the server on the same machine by
directing the client to connect to localhost, or 127.0.0.1.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>It is always best to actually test network applications across a
real network, but sometimes the best you can do is locally.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>When working on machines not connected to the Internet, it works
wonders.
</P>
<P class="MsoNormal">The next group is the 192.168.0.* group.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>This is my local network.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>192.168.*.*
addresses were set aside by the IANA as private addresses.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Many organizations and home users can use these addresses, and then
route their traffic through a device that translates these addresses into
usable Internet addresses.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>This
is the function of the OpenBSD machine in my network; it translates
private addresses into my real Internet address.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>This is called Network Address Translation (NAT).<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The same functionality on Linux is obtained with ipchains.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>To other machines on the Internet, my network has only one machine,
the OpenBSD one with the 24.216.87.119 IP address.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>They send data back to that machine, which sends it on to my
private machines.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>You'll see that there are four entries in the 192.168.0.
range.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>These are my four
machines on my LAN, addressable by MAC addresses.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The 192.168.0.1 is the private address of my OpenBSD machine.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>So really, it has two addresses, one for each network card.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>With IP, get in the habit of thinking about the address as the
address of the interface, not of the machine itself.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> </SPAN>
</P>
<P class="MsoNormal">The first network card receives all the data on the
private LAN and determines if it needs to change the IP address to the
real Internet address.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>It
will then send the data out on the Internet if needed, on the second
network card.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>It keeps track
of all the connections so when data comes back, it is addressed to the
OpenBSD machine.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>The program
running on it then works some magic, it knows to send the data out on the
first network card to my machine on the private network.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Cool, eh?
</P>
<P class="MsoNormal">You'll remember my Windows 2000 machine had the
private address 192.168.0.1 as its default gateway, which is my OpenBSD
machine.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>All the computers on
my LAN have this as the default gateway, except the OpenBSD machine
itself, which has a router owned by someone other than myself as the
default gateway.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes"> </SPAN>
</P>
<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"><H2>Hosts File</H2></SPAN>
<P class="MsoNormal">Ok, I know, a lot of information.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>One more thing for this installment, and it's easy.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Sometimes working with IP addresses is cumbersome.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Typing in 192.168.0.1, although second nature for system admin
types, takes time and may be difficult to remember.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>There is a very simple solution to this; it is called a hosts file.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Windows comes with a hosts.sam (sample) file.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>I believe it is located in C:\windows.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>For Windows 2000, the file is c:\winnt\system32\drivers\etc\hosts.sam.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>For all Windows, the .sam just means sample, you'll want a file
just called hosts.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>For Unix
like operating systems, the file is /etc/hosts.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>This file simply maps IP addresses to names that you can choose.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Here is mine on this machine.</P>
<P class="MsoNormal">192.168.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>gateway
</P>
<P class="MsoNormal">192.168.0.10<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>furby</P>
<P class="MsoNormal">192.168.0.11<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>jeremy</P>
<P class="MsoNormal">192.168.0.12 jenna</P>
<P class="MsoNormal">192.168.100.1 modem</P>
<P class="MsoNormal">127.0.0.1<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">      
</SPAN>localhost</P>
<P class="MsoNormal">This is why localhost is synonymous with 127.0.0.1.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>You'll see instead of pinging 192.168.0.1, I can type "ping
gateway" and get the same results.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>This file comes in handy; you can put any IP address you want
in there.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>If you visit a
certain web site quite often, make a shortcut to it in your hosts file, or
just bookmark it.
</P>
<P class="MsoNormal">One more program that is really, really useful is
netstat.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Your homework is to
use netstat, and find out what it does and learn how to read the output.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Also mess around with some of the command line switches available
on your operating system.
</P>
<H2>Conclusion</H2>
<P class="MsoNormal">You have learned how to use some of the utilities
provided with most operating systems to see protocols in action.  We
took a look at interactions between various layers of the OSI model. 
Our example used a tool called ping and showed how IP interfaces with the
lower level LAN protocols, in this case our LAN was running on
Ethernet.  
</P>
<P class="MsoNormal">We also took a first look at routing IP addresses,
and how you can tell where data addressed to different places will go on
the Internet or your LAN.  This is a fairly complex subject to get a
good handle on, below are links to help further your knowledge, along with
recommended books.  The big idea I want you to take away, is that
things like ARP and the six-byte LAN addresses are only used on the
LAN.  Once your data leaves the LAN, routing decisions are made using
the network layer protocol, IP.  IP is a network layer protocol, its
addresses let you talk to anyone else on any connected network running IP,
theoretically speaking.  Things such as firewalls can and will
prohibit you from talking directly with another machine running IP, but
the point is that the layer 3 protocol, the network layer protocol, allows
you to leave the LAN.  Within the LAN, your data will get
where it's going by using the MAC address.  Off the LAN, various
other protocols besides Ethernet will most likely come into effect, none
of which your LAN needs to know about.  At that point, the IP address
will assist the intermediary routers in deciding where your data
goes.  Note that between the routers, various addressing schemes
other than Ethernet might be used, but from the IP layer up (TCP/UDP and
application layers), the data in the packet remains unmolested.  As always, I appreciate any feedback and
criticism, along with any errors that you have discovered in this
document.  I can be reached via email at <A href="mailto:erik@dragonmount.net">erik@dragonmount.net</A>. 
I want to do a tutorial specifically showing what ARP packets look like
going over the network compared to other packets.   </o:p>
</P>
<H2>Links and References</H2>
<P class="MsoNormal">Ok, with all this information, I can imagine you'd
like some other ways of learning it.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>After all, how I arrange my words might not work best for everyone.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Below are links relevant to this discussion that I found helpful
learning things of this sort.<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>Good luck, and like always, ask me anything, correct me if
I'm wrong.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>I have received
many wonderful comments about my last tutorial, along with some
suggestions for improving the technical accuracy of the document.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>I appreciate all of them and hope you'll continue to get
something beneficial out of these tutorials.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>The best way to learn these things is to run the programs described
here with different command line options and see what output you get.<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes"> 
</SPAN>Please don't hesitate to ask me anything, I'm more than willing
to help.  Once again, my email is <A href="mailto:erik@dragonmount.net">erik@dragonmount.net</A>.  </P>
<P class="MsoNormal">I hate linking to links pages, but this one is worth
it:
</P>
<P class="MsoNormal"><A href="http://www.private.org.il/tcpip_rl.html">http://www.private.org.il/tcpip_rl.html</A></P>
<P class="MsoNormal">Explains subnetting very well.
</P>
<P class="MsoNormal"><A href="http://www.3com.com/nsc/501302.html">http://www.3com.com/nsc/501302.html</A></P>
<P class="MsoNormal">IBM's redbook on TCP/IP, yah!<SPAN style="mso-spacerun:
yes"><SPAN Ttyle="mso-spacerun:
yes">  </SPAN>Free and 700+ pages!
</P>
<P class="MsoNormal"><A href="http://www.redbooks.ibm.com/abstracts/gg243376.html">http://www.redbooks.ibm.com/abstracts/gg243376.html</A></P>
<P class="MsoNormal">I didn't cover netmasks here, but this does!
</P>
<P class="MsoNormal"><A href="http://sw.expert.com/C4/SE.C4.MAY.98.pdf">http://sw.expert.com/C4/SE.C4.MAY.98.pdf</A></P>
<P class="MsoNormal">Still confused on subnetting?
</P>
<P class="MsoNormal"><A href="http://www.nwc.com/unixworld/tutorial/001.html">http://www.nwc.com/unixworld/tutorial/001.html</A></P>
<P class="MsoNormal">Microsoft takes its stab at explaining addressing and
subnetting.
</P>
<P class="MsoNormal"><A href="http://support.microsoft.com/support/kb/articles/q164/0/15.asp">http://support.microsoft.com/support/kb/articles/q164/0/15.asp</A></P>
<P class="MsoNormal">Great tutorials on TCP/IP, routing, ATM, and frame
relay!
</P>
<P class="MsoNormal"><A href="http://www.scan-technologies.com/tutorials.htm">http://www.scan-technologies.com/tutorials.htm</A></P>
<P class="MsoNormal">The Ethernet Authority!
</P>
<P class="MsoNormal"><A href="http://www.ots.utexas.edu/ethernet/">http://www.ots.utexas.edu/ethernet/ethernet.html</A></P>
<H2>Books
</H2>
<P><U>TCP/IP Illustrated: Volume 1</U></P>
<P class="MsoNormal">Stevens classic, you still don't own it?</P>
<P class="MsoNormal"><A href="http://www.amazon.com/exec/obidos/ASIN/0201633469/o/qid=964759739/sr=2-1/103-7181052-7123007">http://www.amazon.com/exec/obidos/ASIN/0201633469/o/qid=964759739/sr=2-1/103-7181052-7123007</A></P>
<P class="MsoNormal"><U>Interconnections, Second Edition</U>
</P>
<P class="MsoNormal">Concentrates on connecting networks into larger
networks, also a classic!</P>
<P class="MsoNormal"><A href="http://www.amazon.com/exec/obidos/ASIN/0201634481/o/qid=964759789/sr=2-1/103-7181052-7123007">http://www.amazon.com/exec/obidos/ASIN/0201634481/o/qid=964759789/sr=2-1/103-7181052-7123007</A></P>
<P class="MsoNormal"><U>Designing Routing and Switching Architectures</U>
</P>
<P class="MsoNormal">Need to build a high performance network by next
month?<SPAN style="mso-spacerun: yes"><SPAN Ttyle="mso-spacerun: yes">  </SPAN>Get some caffeine and
read this book.</P>
<P class="MsoNormal"><A href="http://www.amazon.com/exec/obidos/ASIN/1578700604/ref=sim_books/103-7181052-7123007">http://www.amazon.com/exec/obidos/ASIN/1578700604/ref=sim_books/103-7181052-7123007</A></P>
<P class="MsoNormal"> <o:p>
</o:p>
</P>
<P class="MsoNormal"> <o:p>
</o:p>
</P>
<P class="MsoNormal"> <o:p>
</o:p>
</P>
<P> </P>
<HR>
</TD>
</TR>
<TR>
<TD width="115" valign="top" align="right">
</TD>
<TD valign="top" align="center" width="17"></TD>
<TD valign="top">
</TD>
</TR>
</TABLE>
 </TD></TR></TABLE><TABLE border="0" cellpadding="0" cellspacing="0" width="100%"><TR><TD>

<TABLE border="0" width="100%" cellspacing="0" cellpadding="0">
<TR>
<TD width="25"></TD>
<TD width="718">
<P align="left" class="footertext"><A href="#top" class="goto">Top of page</A></P>
<P align="center" class="footertext">This page was last modified Thursday, August 31, 2000<BR>
Copyright © 2000 Dragonmount Networks. All rights reserved.<BR>
<A href="../../../privacy_usage.html" class="navlink">Privacy and Usage Policy</A>.
Questions or comments? <A href="../../../contact.htm" class="navlink">Contact us</A>.<BR>
</TD>
</TR>
</TABLE>
<P> 

</TD></TR></TABLE></BODY>

</HTML>
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close