Академический Документы
Профессиональный Документы
Культура Документы
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
30/07/02 13:20
Overview
COSC1300 - Lecture Notes
Web Servers and Web Technology
Note: The story of the Internet makes fascinating reading. Take a look at A Brief History of the
Internet .
So, keep in mind that the Internet is a network made up of a large number of heterogeneous
systems and networks.
30/07/02 13:20 2 of 2
The internet was implemented as a means of connecting these different networks together; it is an
"internetwork of networks". The individual systems and networks connected to the Internet are
very varied in nature. Your personal computer (running almost any operating system), a WAP
(Wireless Application Protocol) mobile phone, and an NEC SX-5 supercomputer can all be
connected to the Internet, and can communicate with each other through this medium. Whole
networks can be connected to the Internet; again, there are many types of networks, but systems
communicating over the Internet dont need to know anything about each others network details.
So the computers in a building were connected as a local area network (LAN), and bigger
organisations would use a wide area network (WAN) to connect systems across a country or even
the world. These networks were self-contained within a particular organisation, and typically could
not interact with each other. Data interchange between them was commonly done by physically
transporting reels of magnetic tape to the target computer. Worse still, the systems were often
incompatible, and data interchange was a nontrivial task.
Commercial computing typically started out in the form of a mainframe system with many "dumb"
clients. The IBM PC and its clones made the slogan "a computer on every desk" a practical reality.
However, it was soon realised that while standalone systems are very useful, most organisations
would benefit from connecting them together to allow fast and economical sharing of data.
1. Introduction
Overview
COSC1300
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
30/07/02 13:20
Each layer source system communicates with its peer in the destination machine. The source
physical layer takes the data passed to it by data link layer A, and passes it to physical layer B,
which passes the data to the data link layer above it. In this way, the two data link layers can be
said to have exchanged data. This scheme holds for all the layers.
As we move up the hierarchy, we move away from the details of how the data gets from A to B,
and towards a more abstract level. Each layer uses the services provided by the layer below.
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:20 2 of 3
The large number of possible combinations of hardware, software and protocols make networking
a fertile ground for disaster; this can only be avoided by clearly defining the function and interface
of each component. There is actually a standardised model for deciding where in the hierarchy a
particular network component is located. It is called the OSI (Open Systems Interconnection)
reference model, and consists of seven layers as shown in Figure 1.
It is clear that the systems physically connected to each other (on a single segment) must all speak
the same "language"; the role of the language is played by communications protocols. The protocol
determines how the data should be packaged and addressed in order to reach its destination. In
many cases, the data packets may travel by different routes and arrive at the destination in the
wrong order or corrupted; they may never arrive at all. The protocol must ensure that all packets
are received correctly; it must extract the data and present it to the user application.
A computer network consists of many components: the entities (called "hosts") to be connected
(computers, printers etc.), the physical medium connecting them (coaxial cable, unshielded twisted
pair (UTP), optic fibre etc.), interface devices to connect the hosts to the medium, and the
necessary software to make everything work.
Networking protocols.
Network protocol models.
COSC1300
Link Layer
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:20
The protocols part of the TCP/IP suite perform the following functions:
Just as the systems on a local area network must use the same protocol to communicate, the
systems on the Internet must also have a common protocol. The set of protocols used on the
Internet is referred to as the TCP/IP (Transmission Control Protocol/Internet Protocol) suite.
TCP/IP networks support three types of data packets: IP, TCP and UDP. These will be discussed
later.
COSC1300
30/07/02 13:20 1 of 4
1. What is a protocol?
2. What do we mean by logical connections between peer layers?
Checkpoint
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Checkpoint
30/07/02 13:20
Application layer
The top layer is the application layer; any program that uses network services (such as telnet,
ftp etc.) is placed in this layer. It represents the consumers of network services, which the
lower three layers work together to provide.
30/07/02 13:20 3 of 4
Link layer
The link layer comprises of the physical communications hardware and the associated
device drivers. It handles the details of sending the data over the physical medium. An
ethernet network card and its driver (software/firmware) are considered to be in this layer.
The same would be true for a satellite modem and its associated drivers.
Network (internet) layer
The network layer provides addressing, routing, and flow control services. The
non-guaranteed delivery protocols (IP, ICMP, IGMP) are located in this layer.
Host-to-Host Transport layer
The transport layer is responsible for ensuring that the destination correctly receives all the
data sent to it. TCP is the main protocol used in this layer, although UDP can also be used if
required.
Note that another name for layer 2 is the "internet" layer (not the "Internet" layer); a TCP/IP
network doesnt have to be connected to the "Internet". As in the OSI model, each layer has a
specific function and provides services to the layers above. Figure 3 shows how the two models
stack up against each other.
While the OSI model allows us to separate the different tasks involved in implementing a network
into clearly defined categories, it has not been widely implemented. TCP/IP has its own network
model, which is composed of four layers; the link (or data link), network (or internet), transport,
and application layers.
Note that TCP/IP does not "know" what the data is; it just takes the data given to it and ensures that
it gets to the destination. From this discussion, we can judge that TCP/IP provides a "service" to
the user application, i.e. it is lower down on the "network hierarchy".
Addressing
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:21
One important factor in network speed is the number of links a packet must travel along in order to
reach its destination. Let us see how a data packet gets from yallara.cs.rmit.edu.au to
Depending on the consumer requirements (and budget!), the physical layer can be anything from
an ordinary telephone line to a T1 carrier. For details of some of the technologies used to connect
to the Internet, see Physical Layer.
From this discussion, it is clear that data transfer speeds are constrained by the capacity of the
physical medium (the bandwidth), and the ability of the devices at either end (the link terminators)
to use this bandwidth. Other factors, such as sharing a physical link between several devices
(multiplexing) affect data transfer rates.
Different media have different "bandwidths", which limits the speed with which information may
be transmitted along them. For example, most people connect to the Internet from home using the
standard telephone system, which was designed to pack many voice channels onto a single wire. In
practical terms, this limits modems using analog telephone lines to around 33.6 kilobits per second.
On the other hand, the bandwidth may be available, but our equipment cant use it. For example,
we may have a slower 14.4 kbps modem, which doesnt make use of the capacity of the medium.
Two devices can only communicate if they are connected via a physical medium, such as ordinary
telephone wire, broadband cable, or radio. At either end, there needs to be hardware that serves as
an interface between the computer and the physical medium.
COSC1300
Link Layer
30/07/02 13:20 1 of 2
1.
2.
3.
4.
Link Layer
Network Layer
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:21
Network Layer
Incidentally, since the MAC is unique and part of the network card, it identifies the host, and has
been the topic of a number of privacy concerns.
Each ethernet network interface card (NIC) has a unique identification number stored into it at the
factory, called the Media Access Control (MAC) address. Just like everything else computers deal
with, system addresses are binary numbers. The NIC MAC address is 6 bytes (48 bits) long.
Hosts on a network must be assigned an address which is unique within the network so that they
can communicate with each other. Note that the address is actually for the network interface, not
the machine itself. If a machine is connected to more than one network, it is called "multihomed".
A multihomed machine needs a separate address for each of its interfaces.
MAC addresses
MAC addresses.
Link Layer
COSC1300
30/07/02 13:21 1 of 1
Checkpoint
1.
2.
3.
4.
5.
Addressing
If a packet cannot find a way to its destination, it must not be allowed to bounce around the
Internet for ever; to ensure this, packets are assigned a Time To Live (TTL) specified in hops. In
the traceroute output, the TTL is stated as 30 hops. At each intermediate node, the packet TTL is
decremented by one, and if it reaches zero, it is not sent onwards.
This shows that the packet had to travel through 19 intermediate nodes (make 19 "hops") to reach
the target machine. The packet takes time to travel along each hop; more importantly, some
processing must be undertaken at each node. The machine must decide whether this packet must be
sent forward, and if so, where to. If the machine has to translate between different protocols or
provide buffering to synchronise protocols of different speeds, even more time is needed. The time
taken for a packet to reach its destination is referred to as the network latency.
IP Addressing
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
30/07/02 13:22
We could look up a machine that does exist (i.e. we can look it up in a DNS table), but which is
disconnected (actually switched off):
Notice that we called the machine "rose", but ping returned messages about "vax". Clearly, "rose"
is an alias for the machine called "vax" (194.225.70.70). Now, lets make up a name for a machine
on the ipm.ac.ir network, and ping it:
Ping is a very useful tool that makes use of ICMP (the messages ping gives are basically ICMP
error messages). For example, lets see if the machine rose.ipm.ac.ir can be reached:
been found.
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:22 2 of 3
The Internet Control Message Protocol (ICMP) provides a degree of intelligence to IP operations;
for example, if the packets cannot be sent out because the gateway is down or the address has not
ICMP
The Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP)
are placed alongside IP in the network layer, but actually make use of IP services.
IP cannot broadcast in search of the destination address, since the machines are often not
physically on the same network. Instead, it must ask another host to pass on the datagram towards
the destination.
IP
Physical Addressing
COSC1300
Checkpoint
Routing
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:22
For a IP network, the network address is a four-byte (32-bit) number called the IP address. To make life
easier, it is custom to write IP addreses as a sequence of four decimal numbers, separated by dots (the dotted
decimal notation), such as "131.170.70.36". As discussed above, a multihomed machine needs a separate IP
address for each of the TCP/IP networks it is connected to.
IP addresses
IP addresses.
Host names and aliases.
Address Hierarchy and CIDR
Netmasks
The ifconfig, hostname, and nslookup commands.
The ifcfg-eth0 and /etc/netmasks files.
3.2.1. IP Addressing
Network Layer
COSC1300
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: IP Addressing
30/07/02 13:22 1 of 5
Physical Addressing
COSC1300 - Lecture Notes
Web Servers and Web Technology
IP Addressing
The Internet Group Management Protocol (IGMP) provides a mechanism for sending data to a
number of different hosts on a network. The hosts are configured as members of the IGMP address
group, and receive all packets sent to the group.
IGMP
So, the host is unreachable. Can you see the tell-tale "for icmp" in the messages?
lo
yallara.cs.rmit.edu.au% hostname
yallara.cs.rmit.edu.au
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
10000011.10101010.00000000.00000001 to
10000011.10101010.00111111.11111110
10000011.10101010.01000000.00000001 to
10000011.10101010.01111111.11111110
30/07/02 13:22
The address prefix length for RMIT is 16, meaning that the first 16 bits of the IP address represent the
RMIT network and the final 16 bits can be broken down into more specific physical networks and then into
individual hosts. This means that any packet with an IP address beginning with 10000011.10101010 will be
delivered to RMIT. Coincidentally, this prefix is also at a byte boundary, corresponding to IP addresses
beginning with 131.170. Further down the heirarchy, this isnt the case. For instance, we may decide to
break the RMIT network into four. To do this we would tell the router at the top of the RMIT network that
there are four networks with a prefix length of 18, which means that 131.170.24.36 and 131.170.174.18
would be delivered to different networks. The table below demonstrates this for address prefix length of 18.
The same is true for IP addresses, but the heirarchy is a binary heirarchy. This addressing scheme is known
as Classless Inter-Domain Routing or CIDR (usually pronounced cider). In order to understand how IP
addresses and netmasks interact, it is important to understand binary and how to convert between decimal
and binary. See the links page of the subject website for references.
An example of heirarchical addressing is the telephone system. If you are making a call to the RMIT
Computer Science office from overseas you would dial 61 3 99252348. The telephone switch in the country
that you are dialing from doesnt know that this number corresponds to a specific extension at RMIT, but it
does know that 61 is the country code for Australia, so it knows to which switch to forward the call. In the
same way, 3 is the area code for Victoria and Tasmania and 992 is RMIT. It isnt until the call gets to RMIT
that a switch needs to know that the extension number is 52348.
A 32-bit IP address can represent more than four billion hosts. Obviously, it is not possible for every router
to store the addresses of all hosts, so there needs to be a system where a router can at least forward packets
to the next hop on its journey. This is done by assigning IP addresses heirarchically, meaning that IP
addresses that are physically close, all share the same prefix.
Usually, an organisation is allocated a range of addresses which it is free to allocate as it wishes. Often a
local ISP can provide clients with IP addresses from the range they administer.
We can assign any nickname we want to a machine, on condition that it is unique within its immediate
network. However, we must apply for an unallocated IP address. IP addresses used to be obtained from
InterNIC (Internet Network Information Center), but many private companies are now authorised to provide
this service. A list of these companies is available at InterNIC.
We see that the name "www" is an alias for the machine "io", which has the IP address "131.170.70.10".
The alias allows the network administrator to change the physical machine acting as the web server, without
having to tell the world about it.
Name:
io.mds.rmit.edu.au
Address: 131.170.70.10
Aliases: www.mds.rmit.edu.au
Multimedia Database Systems Group has a web server, which, not surprisingly, is called
www.mds.rmit.edu.au. Lets see what its IP address is:
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: IP Addressing
To see the relationship between an IP address and a machine name, you can use the unix nslookup
command.
yallara.cs.rmit.edu.au% /usr/sbin/nslookup yallara
Server: ns1.cs.rmit.edu.au
Address: 131.170.24.1
Name:
yallara.cs.rmit.edu.au
Address: 131.170.24.42
From this we see that the machine "yallara" has the IP address "131.170.24.42". The "Server"
ns1.cs.rmit.edu.au is a name server, which well discuss later.
A machine may have names other than its real one; these are called "aliases". For example, the RMIT
30/07/02 13:22 3 of 5
Since humans are bad at memorising strings of numbers, hosts are often given a name, such as "kroid",
"goanna", "yallara". Host names are not case-sensitive. You can determine the name of a unix system by
using the hostname command:
We see the ethernet card (called eth0) has the MAC address "00:06:29:85:7F:6C", and has been allocated
the IP address "131.170.70.156". The device "lo" is a loopback device, and points to the host itself (more on
this below).
My PC connects to the local IP network with an ethernet card. I can list the network interfaces using the
ifconfig command:
C1300: IP Addressing
30/07/02 13:22
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Routing
What is an alias?
What does a netmask do?
What are subnetting and supernetting?
What do the ifconfig, hostname, and nslookup commands do?
Network Layer
1.
2.
3.
4.
Checkpoint
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: IP Addressing
30/07/02 13:22 5 of 5
You could play around with IP Calculator to get an idea about how addresses and netmasks interact.
You can also download ipsc for use on Linux machines. Heres an example for seyedpc (131.170.70.156):
We see that the netmask is 255.255.255.0, equivalent to a prefix length of 24, which means that the local
network is actually 131.170.70.0 For yallara, we can look at /etc/netmasks:
We need to know the network mask in order to determine whether a host is on the local network. For
example, 131.170.0.0 might refer to the network on which seyedpc (131.170.70.156) is located. As a matter
of fact, we can find this out by looking at the file /etc/sysconfig/network-scripts/ifcfg-eth0 (for Linux
systems):
The RMIT network is generally represented as 131.170/16 or 131.170.0.0/16, the 16 representing the prefix.
As a netmask this would be written as 11111111.11111111.00000000.00000000 or, in decimal notation,
255.255.0.0. These notations all mean the same thing; the first 16 bits represent the specific network. All
packets beginning with the 16 bits 10000011.10101010 will be delivered to the router at the top of the
RMIT heirarchy.
As you can see, the first 16 bits are all the same, relating to the RMIT network. The two bolded bits
represent the four possible networks that we have created by dividing our network with a 16 bit prefix into
networks using an 18 bit prefix.
10000011.10101010.10000000.00000001 to
network 3 131.170.128.1 to 131.170.191.254
10000011.10101010.10111111.11111110
10000011.10101010.11000000.00000001 to
10000011.10101010.11111111.11111110
C1300: IP Addressing
Networking
COSC1300 - Lecture Notes
Web Servers and Web Technology
30/07/02 13:23
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Address Resolution
Checkpoint
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...COSC1300: Routers
Address Resolution
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:23 2 of 2
The router must know the exact size of the IP address network portion, so it must compare the destination
address with the netmask. If the destination is on the local network, ARP is used to determine its MAC
address. If a destination is not on the local network, it is most often sent to the default gateway; this sends
the data on to another host which may be able to look up the address.
The router needs a link layer (such as a network card and drivers) for each of the networks it is connected to.
The router looks at the datagram destination address and decides which way to send it. This means that it
must incorporate network (IP) layer capabilities; it doesnt need anything from the upper two levels.
A gateway is a special type of router; it connects networks that use different protocols. For example, we
may use an ethernet network within a company, but would require a gateway (which can communicate
using both ethernet and TCP/IP) to connect to the Internet.
A router is a device (dedicated device or perhaps a PC) that takes data packets from one network and sends
them down another network towards their destination.
A datagram is routed by choosing its next-hop destination at each router along its path.
Routers.
Gateways.
3.2.2. Routing
Networking
COSC1300
C1300: Routers
Transport Layer
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------131.170.24.254
UGHD
0
2
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
131.170.24.254
UGHD
0
1
30/07/02 13:23
If we look carefully at the second column, we notice that all data must pass through r1003a or
r1021a, which are routers. The name "localhost" refers back to the current machine, i.e. yallara.
The Flags U, G, and H designate that the specified machine is up (running), a gateway, and a host
respectively. From the "Use" column, we can see which route has been used the most.
Destination
Gateway
Flags Ref
Use
Interface
------------------------------------ ---------------hg1.hitbox.com
r1003a
UGHD 0
1
208.178.148.50
r1003a
UGHD 0
1
io.mds.rmit.edu.au
r1003a
UGHD 0
1
LDIP-T-005-p-59-47.tmns.net.au
r1003a
UGHD 0
1
216.52.6.39
r1003a
UGHD 0
2
a203-166-10-137.deploy.akamaitechnologies.com r1003a
UGHD 0
1
dzzk.net
r1003a
UGHD 0
1
ppp20116.its.rmit.edu.au
r1003a
UGHD 0
1
ppp20150.its.rmit.edu.au
r1003a
UGHD 0
1
203.36.162.63
r1003a
UGHD 0
0
CPE-24-192-0-14.vic.bigpond.net.au
r1003a
UGHD 0
1
208.49.239.150
r1003a
UGHD 0
1
203.89.237.102
r1003a
UGHD 0
1
usa.nedstat.net
r1003a
UGHD 0
1
131.170.24.0
yallara
U
3
97920 ge0
BASE-ADDRESS.MCAST.NET
yallara
U
3
0
ge0
default
r1021a
UG
01385711
localhost
localhost
UH
04377798
lo0
Routing Table:
yallara.cs.rmit.edu.au% netstat -r
Lets see how yallara decides where to send data packets by looking at its routing table:
Note that the root name server probably doesnt know about the machine "yallara" or "kroid"; it
does know which DNS server is responsible for the associated domain, and can help it fulfil the
request. Several DNS servers may be contacted until the IP address is resolved. If a DNS server has
to ask a remote authoritative server, it updates its own cache with the lookup result.
A name server has a longer lookup table. If it, too, cant find the destination in its list, it has to ask
another machine. Name servers are organised in a hierarchical fashion, with local machines
handling common requests, and a small number of root name servers at the top of each domain
hierarchy. The root name servers hold lists of DNS servers operating directly under them.
have an entry for the destination. The system administrator has specified two name servers for
yallara:
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:23 2 of 3
In addition, we specify a Domain Name Service (DNS) server that we can ask for help if we dont
However, there are many millions of IP addresses in use, and listing every host on the Internet is
practically impossible. To circumvent this problem, each machine has a short list of addresses that
it needs regularly, such as those shown above for yallara.
We could have a list of machine names and their IP addresses on each machine. Yallara knows the
names and addresses of several other hosts:
We mentioned that machines can have names which are easier to remember than numerical IP
addresses. However, computers can only use the IP address, so there must be a mechanism to
translate a name to an IP address.
Hostname Resolution
Hostname resolution.
IP address resolution.
The ARP protocol.
The netstat command.
The /etc/hosts and /etc/resolv.conf files.
Routing
COSC1300
131.170.24.42
131.170.24.42
131.170.24.250
127.0.0.1
U
U
UG
UH
ge0
ge0
lo0
30/07/02 13:23
Application Layer
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
With IP, we have no way of knowing whether the datagrams have arrived at the destination in
order, or indeed, whether they have arrived at all. The role of TCP in the transport layer is to
supply data to the IP layer and monitor its operation; if any packets are lost (the destination
transport layer has not acknowledged receiving them), they should be resent.
TCP
Address Resolution
COSC1300
30/07/02 13:23 1 of 3
Checkpoint
1.
2.
3.
4.
Routing
COSC1300 - Lecture Notes
Web Servers and Web Technology
Transport Layer
For a destination host that is not on the local network, the destination MAC address is resolved as
the MAC address of the default gateway. Host A sends the datagram to the default gateway using
Host Bs IP address, but the gateways MAC address.
A broadcasts a message on the network, specifying Bs IP address, and asking for its MAC
address.
B receives this request, and sends a short message to System A, informing it of its MAC
address.
A then adds this address to its ARP cache, so that it doesnt have to ask every time.
If host A wants to communicate with host B, it needs to know Bs MAC address. If it doesnt have
it already, it needs to ask. This procedure is carried out according to the Address Resolution
Protocol (ARP).
IP address resolution
A server posing as a DNS server could redirect requests (given by name) to the wrong site (IP
address). It is possible for a hacker to modify some of the DNS table entries. Secure DNS attempts
to address this issue.
131.170.24.0
224.0.0.0
default
127.0.0.1
Checkpoint
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
30/07/02 13:23
Address Resolution
COSC1300 - Lecture Notes
Web Servers and Web Technology
Application Layer
TCP sets up a virtual circuit between hosts, and provides sequenced and reliable transfers.
UDP is connectionless, unsequenced, and not reliable; however, it has much lower overhead than
TCP.
The user data protocol (UDP) interfaces to the IP and Application layers in much the same way as
TCP does, but does not guarantee delivery. If we use UDP and want reliable transfers, the
application must ensure reliability itself.
a. The destination is not any particular host (it is a broadcast). From the printers point of view,
it is not critical that I know that it has run out of paper.
b. The data doesnt have a particular start and end, i.e. a machine which starts listening to the
message wouldnt need to ask for the previous packets to be sent again. I can connect to a
radio station broadcasting on the Internet at any time.
TCP provides guaranteed end-to-end delivery of data. However, ensuring that packets are delivered
to the destination involves a lot of overhead. Some applications, such as web broadcasting, do not
require delivery to be guaranteed. The data is sent out to the destination with the hope that it
reaches the destination. Imagine live streaming audio; the delays inherent in guaranteed delivery
would make it impractical. Another such application is for devices attached to the network to
broadcast their status, such as "printer out of paper".
UDP
We can imagine a window covering the packets which have been sent but not yet acknowledged.
As the acknowledge signals come through, the window is reduced from the left, and as new
packets are sent, it is expanded to the right, and so it effectively "slides" forward. Keep in mind
that the destination hosts receive buffer is cleared as the target application reads it; a slow target
application or a busy machine will keep transfer rates low.
However, this approach is quite slow. The "sliding window" method is used in most packet data
systems. Here, the source will send a specified number of packets without waiting for them to be
acknowledged. For example, for a window size of seven, the source will send packets 1-7, then
wait. When packet 1 is acknowledged, packet 8 can be sent, and so on.
The source TCP layer resends any packets that have not been acknowledged. A copy of the sent
data must be kept until we are sure that the target has received it intact (with an Acknowledge
signal). In a primitive case, it would send a packet, wait for it to be acknowledged, and then move
on to the next packet. If a packet has not been acknowledged by a certain time (a timeout), it is
resent.
Due to long delays, the source machine might decide that a packet has been lost, and so it will send
it again. The destination machine will receive two copies of this packet. At the receiving end, the
transport layer acknowledges received datagrams, discards duplicates, orders them, and extracts the
data for presentation to the application layer. Since TCP handles all the management of the data
transfer, the programs in the application layer need not be concerned with any of the details.
Packet Sniffing
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Service
Telnet
Finger
Gopher
HTTP
SSL
DNS
FTP
SMTP
110
119
6667
19
30/07/02 13:24
The list of services and ports is kept in the file /etc/services on unix systems. You should be able to
pick out the main services from the services file on yallara:
A server application must listen to its assigned port and service any requests. However, a port may
be idle for long periods, which makes it inefficient to keep the server application in memory all the
time. Instead, the "inet.d" daemon (pronounced "demon") runs in the background and listens to all
the assigned ports, and launches the application associated with the port when a request arrives.
When the application finishes servicing the request, it terminates. For services which receive a lot
of requests, the overhead of loading the application each time is often prohibitive. Thus,
highly-used servers such as web servers are often run in standalone mode.
POP3
NNTP
IRC
NTP
You can set up applications to listen on any port, but youd have to tell prospective clients to
specify that port. For example, you can set up your own web server on yallara to use port 54321,
but anyone who wanted to see your web page would need to write the URL as
http://yallara.cs.rmit.edu.au:54321
In general, port numbers below 1024 are restricted to use only by the system administrator. Port
numbers 1024-5,000 are usually allocated dynamically by the operating system for client
applications, and are referred to as "ephemeral" ports.
This is possible due to the use of "ports". Each application type (service) uses a unique and
standard 16-bit port number. For example, a telnet program will connect to yallara on port 23,
while a web browser will use port 80. Table 1 shows a list of common port numbers. These are
sometimes referred to as "well-known", "documented" or "assigned" port numbers. You can find a
more comprehensive list at www.chami.com.
applications on yallara?
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:24 2 of 4
A host could have a number of applications that use network services. For example, I can use telnet
to connect to yallara.cs.rmit.edu.au; I can concurrently run a web browser and open the web page
at yallara.cs.rmit.edu.au. I have two client programs (telnet and the web browser) running on my
system, and two server applications are running on yallara. Since yallara only has one IP address
(131.170.24.42, see IP addresses), how can my client applications connect to two different server
At the top level of the protocol hierarchy are the application protocols. Applications communicate
with each other by using the services provided by the Transport layer, usually by using a socket. A
TCP socket is a input/output stream that an application can use to send and receive data, similar to
the manner in which it can use a file handle.
Transport Layer
COSC1300
pop3
ident
imap
simap
spop3
radius
radacct
chargen
ftp-data
ftp
telnet
smtp
time
time
name
whois
domain
domain
bootps
bootpc
hostnames
sunrpc
sunrpc
tftp
rje
finger
link
supdup
iso-tsap
x400
x400-snd
csnet-ns
pop-2
uucp-path
nntp
ntp
ntp
NeWS
exec
login
shell
printer
courier
uucp
biff
who
syslog
talk
route
new-rwho
rmonitor
monitor
pcserver
kerberos
kerberos
ufsd
ufsd
ingreslock
listen
nfsd
nfsd
lockd
lockd
dtspc
fs
xaudio
1489/tcp
1490/tcp
110/tcp
113/tcp
143/tcp
993/tcp
995/tcp
1645/udp
1646/udp
19/udp
20/tcp
21/tcp
23/tcp
25/tcp
37/tcp
37/udp
42/udp
43/tcp
53/udp
53/tcp
67/udp
68/udp
101/tcp
111/udp
111/tcp
69/udp
77/tcp
79/tcp
87/tcp
95/tcp
102/tcp
103/tcp
104/tcp
105/tcp
109/tcp
117/tcp
119/tcp
123/tcp
123/udp
144/tcp
512/tcp
513/tcp
514/tcp
515/tcp
530/tcp
540/tcp
512/udp
513/udp
514/udp
517/udp
520/udp
550/udp
560/udp
561/udp
600/tcp
750/udp
750/tcp
1008/tcp
1008/udp
1524/tcp
2766/tcp
2049/udp
2049/tcp
4045/udp
4045/tcp
6112/tcp
7100/tcp
1103/tcp
ttytst source
mail
timserver
timserver
nameserver
nicname
hostname
rpcbind
rpcbind
ttylink
usenet
news
cmd
spooler
rpc
uucpd
comsat
whod
router routed
new-who
rmonitord
kdc
kdc
ufsd
ufsd
#
#
#
#
no passwords used
line printer spooler
experimental
uucp daemon
30/07/02 13:24 4 of 4
Transport Layer
COSC1300 - Lecture Notes
Web Servers and Web Technology
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
Packet Sniffing
30/07/02 13:24
3. What is a daemon?
4. Why dont we always use daemons for server applications?
# usually to sri-nic
# BOOTP/DHCP server
# BOOTP/DHCP client
# usually to sri-nic
# ISO Mail
#
#
#
#
experimental
experimental
experimental
ECD Integrated PC board srvr
Kerberos key server
Kerberos key server
UFS-aware server
# Post Office
#
#
#
#
#
#
#
#
#
#
#
Xaserver
# POP
# identd
nfs
nfs
auth tap
# POP
# documentum nameserver/broker
# Main docbase
1. What is a port?
2. Name some well-known ports.
Checkpoint
dmdocbroker
docubase
Application Layer
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
30/07/02 13:24
Useful Commands
1. What command would you use to examine TCP packets on a unix system?
Checkpoint
Useful Commands
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
30/07/02 13:24 2 of 2
We can see the source IP address (131.170.70.10) and port (53915), and the destination IP address
(131.170.70.156) and port(23). These, together with the packet sequence number (C6890B54,
C6890B55, and C6890B55) uniquely identify each packet.
Lets monitor the first few packets that arrive at machine seyedpc (131.170.70.156) when
somebody tries to open a telnet session to it from machine io (131.170.70.10); notice that the
session is trying to connect to port 23 on seyedpc:
The snoop utility demonstrated in the lecture slides must be run by the system administrator (root).
You can download sniffit to use on Linux systems:
4. Packet sniffing/snooping
Application Layer
COSC1300
Unix:
MS Windows:
30/07/02 13:24 2 of 3
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
IP Calculator .
NetScan Tools .
Network Toolbox .
30/07/02 13:24
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
/etc/hosts
/etc/services
/etc/netmasks
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0 (on most Linux systems).
On-line material:
1.
2.
3.
4.
Printed material:
6. Useful Links.
NT: winnt\system32\drivers\etc\hosts
9x: windows\hosts
MS Windows:
Unix:
Files
You may find the following tools handy; they can be downloaded as limited-time demos:
Table Of Contents
1. Introduction.
2. The network layer models.
3. The TCP/IP network model
3.1. The Link layer
3.1.1. Physical Addressing
MAC addresses
3.2. Network layer
IP
ICMP and IGMP
3.2.1 IP addresses
Address Hierarchy
3.2.2. Routing
3.2.3 Address Resolution
Hostname Resolution
IP address resolution
3.3. Transport layer
TCP
UDP
3.4. Application layer
4. Packet sniffing/snooping
5. Useful commands and files
6. Useful Links.
ifconfig
netstat -r, netstat -nr
ping
nslookup
traceroute
hostname
gated, routed: can be used to make a unix system function as a gateway or a router.
named: can be used to make a unix system function as a name server.
snoop; sniffit is available for Linux systems.
ipsc for Linux machines.
Useful Commands
Packet Sniffing/Snooping
COSC1300
Packet Sniffing/Snooping
COSC1300 - Lecture Notes
Web Servers and Web Technology
https://inside.cs.rmit.edu.au/~miharris/webservers/online/chapter...
30/07/02 13:24
Contributors: