Week 15: Day 042 - TCP/IP Applications #2

Hello again people, today I'm here with the second blog entry for this chapter. There are a lot of pages left, but let's hope we can do this in three blog posts! Let's start.

The sheer power of TCP/IP can be understood by going into the port numbers. To pass the Network+ exam, it's essential to know how TCP/IP uses port numbers. Basically, port numbers are what make NAT work. Network Administrators should be able to manipulate port numbers to their network's needs. A port number is a 16-bit value between 0 and 65535, to give an example of a popular one, port 80 is used for HTML and other important web stuff. When a web client sends an HTTP ACK to request a web page, the IP packet will look like the figure on pg. 281 in which the destination port is 80. The web client's source port is generated by the web client randomly. The value varies between 1024-5000 which are port numbers that were classically ephemeral port numbers, while 49152-65535 are the dynamic/private ports. Then when the serving system responds to the web client, it uses the ephemeral port number as the destination port to receive info from the web client on the client computer.

Now, the port numbers from 1024-49151 are registered ports. Unlike well-known ports, anyone can use those port numbers for servers or ephemeral numbers on clients. Most operating systems won't use those ports, just the classic ephemeral ports, which are dynamic/private ports. Here's the list:

Well known port numbers: 0-1023
Registered ports: 1024-49151
Dynamic or private ports: 49152-65535

Every computer in a session has to keep the status of communication. In TCP/IP the session info is stored in the RAM, and it's called a "socket" or "endpoint". The session as we know is the connection itself. Here are the summary of terms:

- Terms for the connection data stored on a single computer: socket or endpoint
- terms for the connection data stored on two computer about the same connection: socket pairs or endpoints
- Terms for the whole interconnection - connection or session

When two computers communicate, they store info about the session so they know where to send and receive the data. All operating systems have "netstat" which is a utility to find the endpoint. It works on command line as "netstat -n" to see something like the figure on pg. 283, and you'll see many connections. One thing to note is that just cause a single application is open, that doesn't mean that it's automatically a single connection. The example on pg. 285 will show you what it looks like when you type that command. A single web page will need but one connection, although if it's complex it will need more. The Network+ test will have questions on netstat. The powerful netstat tool will be used a lot since it's important. Mike Meyers recommends getting TCPView, it's open source. It only works on Windows.

Then there's the connection status which changes all the time, and it's useful to have netstat and TCPView to see what's happening on the networked computers. A socket responds to any IP packets that's destined for it's respective port number, and it's called an "open port" or "listening port". Every serving applicatiosn will have an open port. If you happened to run a web server on a computer like my friend Marco, then you will need port 80 open. Start netstat and type "netstat -an" to see all the listening ports. It will give information like the figure on pg. 287. From that point most of the information is based on figures, so just look at that to learn more about listening ports and netstat. The only difficulty really, is identifying what certain connections do. You'll notice my entries are getting shorter. I'm covering more in a smaller amount of time. With that said thanks for reading and goodbye!


Completion Status: 43%
Pages Left:
- Book: 388 pages
- Chapter: 22 pages

Week 15: Day 041 - TCP/IP Applications #1

Hello ladies and gentlemen, today I am starting a new chapter! This one is called TCP/IP Applications, and I will start rushing. So hold on tight, cause there will be no more specificities, now I'm all-in. Let's go!

Now, TCP/IP is extremely broad since there are hundreds of terms that go into it (Ex: UDP, ICMP, HTTP, DHCP, POP), but it's the simplest way of establishing the protocol as a whole. Imagine that you were having a friendly conversation with someone, in networking that's known as connection-oriented communication. Any communication between a computer and another is called a "session". For example, when you open a webpage, a session has started. Transmission Control Protocol (TCP) enables this type of connection-oriented communication, and it also happens to be the most popular session type on the average TCP/IP network. As is obvious there is the server which hosts the webpage, while the client has the web browser. When you enter a web page ,the client sends a SYN (synchronize) packet to the web server. The server will return it, if it does indeed receive it, while also sending an ACK (acknowledgement) packet. Then the Client will send an ACK to the server. This is known as a TCP "three-way handshake". When the server finished sending the web page, it will send a FIN, ACK (finished, acknowledgment) packet. Client responds with an ACK packet with its own FIN, ACK packet. Then both the client and server will consider the session closed.

 Most TCP/IP applications will use TCP because despite the fact that some packets will not reach the destination, the computer receiving will just ask for a repeat to receive it. The User Datagram Protocol (UDP) is used a lot, but not as much as TCP by a mile. It's great for sessions that don't require connection-oriented things. Then there's Dynamic Host Configuration Protocol (DHCP) and heck, we already know what that is. This is an example of an application which uses UDP. Every DHCP session will just send information without confirmation. It uses two port numbers, 67 and 68 for sending data to DHCP clients. More examples, there's NTP/STNP which are also popular applications which happen to use UDP. they stand for Network Time Protocol (NTP) and the lightweight version Simple Network Time Protocol (SNTP). Those protocols will sync the clocks of devices on a network to the right time. It uses port 123. Then there's Trivial File Transfer Protocol (TFTP) which enables file transfers from one machine to another. This is a critical data transfer, which shows that UDP can be used for such things as well. However, TFTP using UDP doesn't have data protection, so across the Internet you wouldn't use it.

We know that TCP and UDP have extreme differences, one being connection-oriented, the other not. However, both will modify and manage packets with a destination IP and port numbers, as well as source IP and port numbers. Although a session could have one packet or several take place during the transfer, sometimes applications are so simple they're always connectionless and don't need more than one packet. Ping is one way that you can see ICMP in action. It sends a single ICMP packet called an "echo request" to the IP address you want to send it to. All computers with TCP/IP will respond to those requests with an "echo reply".

Back in Chapter 7 there was talk of IP multi-cast addresses. The challenge of doing such a thing is to determine who wants the multi-cast and who doesn't. The Internet Group Management Protocol (IGMP) enables routers to communicate with hosts to determine a group membership, as my textbook puts it. Also, multi-cast is in the Class D range, meaning it uses a small subnet of the Class D range. Those who want multi-cast must tell their router or switch they want it. To do that, they have to join the IGMP group. This ends my entry for today, more to come tomorrow! Thanks for reading, and goodbye. 


Completion Status: 41%
Pages Left:
- Book: 399 pages
- Chapter: 33 pages

Week 14: Day 040 - Routing #5

Hi people! Today is what I anticipate to be the last entry of this chapter, fingers crossed it is. When you get to the end of reading the post you'll see, but for me, I'm just starting out this entry. I take notes as I go.

Firstly, we're going to cover working with routers. This should really take a jiffy, because it's probably not stuff that I haven't covered. So, how do you go about connecting a router to a network? Well, there's several methods to doing that. One ancient one is using the serial connection. However, that's unique to Cisco routers. But Cisco's massive userbase make it a must know for the Network+ test. The serial cable is known as a "rollover" or "Yost cable". Switches and routers both have a configuration interface. Although, let's be honest, what is there really to configure on a switch? Both routers and switches are known as "managed devices". When I refer to router later in the entry, it's good to note that it will work with a switch as well. So when you've made your connection with the cable and the router, you'll need a terminal program to communicate with the router. The popular ones are PuTTY and HyperTerminal. To use the programs you may need to know a bit about serial ports, these settings will get you connected though:

- 9600 baud
- 8 data bits
- 1 stop bit
- No parity

After configuring it, then it's time to connect. Cisco products will run Cisco IOS, which is their operating system. The Network+ exam won't test me on my knowledge of the terms, so I won't focus on that. Then when I've connected to the router, set up the terminal emulator, then I'll see the initiating router prompt. You can't do much without knowing the commands. Type "enable", then the prompt will change to Router# which I don't know what that means. Then it will get more complex, blah blah, who cares. It's not my problem right now, since the Network+ exam won't cover that.

Routers usually come with a built-in Web interface, which will let me do what I need, and it's easier than that Cisco nonsense command line IOS. For the interface to work properly, the router should have a built-in IP, or you must assign it one. The point is, the Router has to have one. If it has a default IP, it will tell you in the manual. One thing to never do, is plug in a new router into an existing network. It might start doing all sorts of crazy stuff. If it had DHCP, then you'd have a rouge DHCP server ruining your network. Now that I think about it, it would make for such a sinister plan haha. Connect a router to your arch nemisis' network, boom "I got internet problems". Jokes aside, most router techs will use a laptop and crossover cable to connect to the new router. To get to the web interface you would try and set your network ID to the same of the router, then connect to the router. Enter the default IP into the browser, then do "admin" for user and pass, since that's the default. When you've accessed the web interface, you can do whatever. Then there's also Network Management Software (NMS) which knows how to talk to everything in your network pretty much (i.e: routers, switches, computers) and it enables you to have an overall look at your network. Usually it's a web site, which is why you type your default IP in the browser to take a look at the NMS. Sometimes the NMS tool isn't that good, and guess what. I have personal experience, Belkin released a firmware update for my router, and the new firmware is trash! Continuing, there are other ways that your router can connect, like USB and blah, who cares?

Next, we got the basic router configuration. A router MUST have two connections at the very least. When you set up a router, every port has to be configured for the router to work with its network IDs. Therouting table must send packets to where it needs to go. Here are the steps:

Step 1: You set up the router's WAN connection, DHCP is strongly suggested. Note: ISPs will still sell you static IPs apparently. In such a case you'd need to set your router to Static IP (through the NMS.)

Step 2: Set up the LAN, you have complete control over this, unlike the WAN side. You choose a network ID, then assign the correct IP information to the LAN-side NIC. You can also see the LAN NIC on your NMS (very useful, isn't it?)

Step 3: Establish routes on your network.

Step 4 (Optional): Configure a Dynamic Protocol. I'm not even going into this, cause I probably will never be doing this (and it's irrelevant to the exam.)

When you've finish configuring routes, document what you did. I should do that with a lot of things, but I'm too lazy. Let me tell you my memory is not the best, so yes document things! Also backing up your configuration is probably a good idea just in case you forget or something goes wrong.

Finally, router problems! Fun stuff, right? Well the Network+ exam is great at giving you problems so I'll need to be solving them. The questions are straightforward as long as I know this:

- Consider other issues first because routers don't fail very often.
- Keep in mind what your router is supposed to do.
- Know how to use a few basic tools that can help you check the router.

Router problems begin with someone not being able to connect ot someone else. Even a small network has several NICs, computers, switches, and routers. These are a lot of devices, so it could be a lot problems. The last thing you should look at as the culprit is the router, since it's robust. With that said, it's a good idea to mention that there could be some serious, but rare, problems with the router. Just look at your routing table first, to determine why packets aren't being transferred properly. I'll end it here, because the last pages of this chapter 270 and forward give specific examples, LOOK AT IT! It gives good examples. With that said, thanks for reading, and have a good weekend.

Completion Status: 40%
Pages Left:
- Book: 409 pages
- Chapter: 0 pages

Week 14: Day 039 - Routing #4

Well hello again! Today, we're gonna do some more routing, I think this will be the second to last one. I anticipate doing about 8 pages today. I might also start doing entries from home. Regardless, let's get right in!

So last time we talked a bit about RIP and BGP. Well basically, the limitation of RIP motivated people to create a fast protocol, with low bandwidth requirement. This brought forth the "Link State" dynamic routing protocols. There are only two protocols for Link State, they are: OSPF and IS-IS (Not Islamic State.)

Firstly, Open Shortest Path First (OSPF) is the most common one of the two. Even most ISPs use OSPF, chances are, you do too! It converges at a much faster rate than RIP, and works within a single AS. However, if you plan on using it, it's a pretty complicated protocol. There will be no OSPF on low-end routers cause it takes a lot of computational power. The main reason this is important to cover, is cause it will be on the Network+ exam! The difference with OSPF and RIP, is that OSPF is designed to work with the Internet. Let's use the example from last time of RIP, and this time use OSPF. By the way, if you don't have this textbook, you'll probably be out of luck (I'm using "All-in-One CompTIA Network+ Fifth Edition.) If you do, I refer you to Pg. 255, and go back a couple pages for the example on RIP (I forgot to put that it was based on a textbook figure last entry.)

This time we're giving Router B an upstream connection to the ISP. Starting an OSPF capable router for the first time will cause it to send out LSAs (Link State Advertisements), a.k.a "hello packets", which are used to look for other OSPF capable routers. The new router will send many LSAs upon starting it, and this is known as "flooding", for obvious reasons. Another difference with OSPF and RIP are the hop costs. In RIP, the cost of a hop was always 1, unless changed manually. For OSPF however, it's dependent on the speed of the link. The formula is 100,000,000/bandwidth in bps. The 10BaseT link's OSPF was 10 based on "100,000,000/10,000,000 = 10". This shows, the faster the bandwidth, the lower the costs. You may override it manually as you could with RIP, but I don't know why you would. When an OSPF router sends its hellos, it will exchange info and update their link state databases. The hello message is project throughout the network to any other routers. Of course you wouldn't want the flood to leak out of the network, so you'd assign an Area ID to the router. Usually it's assigned one by default, and it will accept the area ID like the well behaved router it is! All routers are in the example, given let's say, 0.0.0.0 which is known as "Area 0". I wonder what Area 51 would be, haha. So Area 0 is actually important in the OSPF world, as you could make more areas if the network is to get more complex, but Area 0 would remain the default backbone, and the most important part. The reason why areas are even important are to minimize traffic between routers. Every area has one router which is the "Designated Router" (DR), I'd say it's like the President of the United Network. Then there's a backup designated router (BDR), which is like the Vice President. When the routers communicate, there's an election for the DR and BDR! Could you imagine, these routers have minds of their own! It's like if the Terminator was electing a leader (it would probably be him.) In this case, the DR is Router B, and Router A is the BDR. The election will take place during the hello packets. Most of the tie you'd just let the router decide (unless you're a dictator!), but you can manually change it, but you would be violating the humanity of the routers, I say! It's very rare that anyone sets the DR, since the routers are good at picking.

After the elections, the routes are distributed across the area. Routers A and B will send separate LSAs telling each other that they are connect to NIX and NIY. These messages don't contain the entire routing table from the respective routers however. Basically, as you can tell this process is going a lot quicker than with RIP. These routers will send each other LSAs and hello messages in intervals of 30 minutes. They also keep alternate routes, unlike RIP, which would simply discard them. Now, what if there were to be a sudden disconnection between Routers A and B? Well they'd detect the break instantly, and would try and reconnect. If that failed, then the routers would send out an LSA announcing the broken connection. It's no surprise that OSPF became so popular. In addition to all these great features, it also supports authentication and the prevention of loops. Is there any reason to why people would want an alternative? Well for a while it didn't have support for IPv6, but it does now. So there really is no reason not to use it!

Then there are the other protocols which aren't as widely used. First, IS-IS which is really the only other Link State option. It's basically a lot like OSPF, except it had an advantage to the IPv6 addressing. However, that's not much of an issue anymore. To put it bluntly, this isn't even a close second to OSPF. Then there's EIGRP which isn't either a distance vector or link state protocol. This protocol belongs to the mighty Cisco. They released it when people were demanding a better version of RIP, so Cisco released this. It's fading away as well. without dynamic routing, the Internet would cease to exist, so appreciate this, cause it make it all possible. I'll refer to the chart on Pg. 259 to give you a description of all the protocols and a couple notes. On that bombshell, thanks for reading, and until next time!

Completion Status: 38%
Pages Left:
- Book: 420 pages
- Chapter: 11 pages

Week 14: Day 038 - Routing #3

Hello again, get ready for some more routing today! I will be going over Dynamic Routing today. Here's a new thing I'll be doing, I will give a brief at the end of the entry on how much is left in the book and chapter to motivate myself.

Firstly, Dynamic routing are the protocols given to the router so it can do more things on its own. By this I mean, instead of tediously doing static routing, which is prone to human error, why not just let the router do everything itself? This is essentially what dynamic routing is. A hop is each time a packet goes through a router. If you're using a computer and are on Network ID X, you ping a computer in network ID Y, you go one hop, but if you ping Network ID Z, you go two hops. Routing protocols have been around like any tech, there are many types. The Network+ Test breaks the protocols into three groups: distance vector, link state, and hybrid. There will be a lot covering this, so I will cover it a lot as well.

Routing tables contain metrics. A metric is a value that routers use when they have more than one route to get to another network. Unlike our gateway routers at home, usually more advanced routers will have more connections to a certain network. This is used just in case a route is lost, to maintain a connection.

Here is the textbook's criteria for determining a metric:
- Maximum Transmission Unit: Better known as MTU, this determines the largest frame a particular technology can handle. Ethernet likes to use 1,500-byte-frames. Other technologies use smaller or larger frames. I fan IP packet is too big for a particular technology, that packet is broken into pieces to fit into the network protocol in what is called "fragmentation". Fragmentation is bad because it slows down the movement of IP packets. By setting the optimal MTU size before IP packets are sent, you avoid or t least reduce fragmentation.
- Costs: Connecting to the Internet isn't free. Some connections cost more than others, and some incur costs based on usage.
- Bandwidth: Some connections handle more data than others. An old dial-up connection moves at best 64 Kbps. A cable modem easily handles many millions of bits per second.
- Latency: Say you have a race car that has a top speed of 200 mph, but it takes 25 minutes to start the car. If you press the gas pedal, it takes 15 seconds to start accelerating. If the engine runs for more than 20 minutes, the care won't go faster than 50 mph. These issues prevent the car from doing what it should be able to do: go 200 miles per hour. Latency is like that. Hundreds of issues occur that slow down network connections between routers. These issues are known collectively as latency. A great example is a satellite connection. The distance between the satellite and the antenna causes a delay that has nothing to do with the peed of the connection.

Different dynamic routing protocls will use one ore more of those routing metrics in order to calculate it's own routing metric.

Then there's distance vector routing protocols, which were the first in the TCP/IP routing business. The distance vectors have some form of total cost. The simplest total cost of the hops between the router and the network would be 1, and if it were two hops a way it would be 2. However, not all network connections are equal! A router could have two, one-hop routes to a network each one going at different speeds. The slower one could have, for example, a metric of 10 instead of 1. What distance vectors essentially do, are calculating the total cost to get to a particular network ID, and compare it to the total cost on all other routes. The router will then choose the lowest cost. But for it to work, routers using distance vector must transfer their routing table to the other routers in the WAN. Each distance vector has a max number of hops, which the router will send its routing table to lower traffic. Now it's time to give some examples (to understand the next paragraph, go to Pg. 248-onwards)...

Say you have four routers, all of them have static routes set up between each other (metrics shown.) You add two new networks, one connects to Router A, the other to Router D. Let's call them NIX (Network ID X) and NIY (Network ID Y).  A computer on one network wants to send packets to a computer on the other, but the routers between Routers A and D don't know about the two new network IDs. This is when distance vector kicks in. Because all of the routers use a distance vector routing protocol, the problem is solved quickly. On a certain defined time interval, the routers will give each other their routing tables. Router A sends its route to NIX to Routers B and C. Router D sends its to NIY to Router C. Great, so now Routers B and C know how to get to  NIX and Router C can get to NIY. There is no completed path, between NIX and NIY though. This will need another interval. After another set amount of time, the routers send their updating routing tables to each other. Router A knows a path to get to NIY, and Router D knows a path to NIX. But a side effect, Router B and Router C have two routes to NIX. Router B can get to NIX through Router A and through Router C. But, Router C can get to NIX through Router A and through Router B. What should we do? When the router discovers multiple routes to teh same network ID, the distance vector routing protocol deletes everything except the route with the lowest total cost. Then Routers A and D get updated info about the lower total-cost hops to connect to NIX and NIY. Just as Routers B and C only kept the routes with lowest costs, Routers A and D will do the same, only keep the lowest-cost routes to the networks. Now Routers A and D have a lower-cost router to NIX an NIY. They got rid of the higher cost routes and begin sending data. Routers using the distance vector protocol are not as smart as you think though. They'll just keep sending each other routing tables, even though the information is the same. The routers are then in a steady state (or "convergence), which means that the routing tables have completed. Nothing has changed in terms of connections, and the routing tables won't change. What happens if the route between Routers B and C break? the routers have deleted the other routes, so the connection will go down temporarily, and they'll go through the process all over again! Distance vector routing protocols work fine in a situation with four routers, but it isn't good for large networks. Routers can use one of three distance vector routing protocols: RIPv1, RIPv2, or BGP.

The RIPv1 is the grandfather of all these distance vector protocols. RIP stands for "Routing Information Protocol". The first version is from back in the 80s. It has a max hop count of 15, so you could only have a max of 15 routers. That was a problem because the routing table requests would loop back to the initial router. RIPv1 sent out updates every 30 seconds all at the same time, causing network overloads. To ad don it didn't know VLSM (Variable-length subnet masking.) they also had no authentication which is extremely insecure. Then in 1994, RIPv2 came out. Since then VLSM was added plus authentication, but it still has the same hop count of 15. Basically, RIP is available in all routers, but no one uses RIP anymore, cause its convergence time sucks. The growth of the internet required a better routing protocol.

The one that's widely used today is BGP, which is due to the explosive growth of the internet. Lots of organisations, such as ISOC (Internet Society), IANA, and IETF (Internet Engineering Task Force) were trying to find a standardized dynamic protocol to implement. What ended up coming out of all of this was Autonomous System (AS) which is when one or more networks are governed by a single dynamic routing protocol. These Autonomous Systems do not use IP addresses, but ASNs (Autonomous System Number) assigned by IANA. It was originally 16-bit, but now it's 32-bit. An example of an ASN would be "1.33457". Just like you would assign an IP address to a router, you would configure the router to use ASN, by default ASN is assignment the IANA, however. Autonomous Systems communicate using a protocol called Exterior Gateway Protocol (EGP). the networks within AS communicate with protocols as well. They're called Interior Gateway Protocols (IGP). Neither EGP or IGP are dynamic routing protocols, it's just lingo used by ISPs. Many procols are used within AS, such as RIP. The Internet, however, have settled on one protocol to communicate between AS: the Border Gateway Protocol (BG-4). The Network+ exam objectives have BGP as a distance vector routing protocol, but it's really kinda different. It doesn't give you the same type of routing table. They're are instead manually configured ,and send out info passed to them from different AS' edge routers, which is what AS-to-AS routers are called. Then BGP will forward that info to include ASN and other non-IP stuff. BGP knows how to handle several situations unique to the internet. If a router gives a crappy new route, it will ignore it. BGP is great, is basically what I'm saying. On that bombshell, thanks for reading, and goodbye.

Completion Status: 37%
Pages Left:
- Book: 426 pages
- Chapter: 17 pages

Week 14: Day 037 - Routing #2

Hello everybody, today's entry will not be like it normally is. What I will do in this entry will become a regularity, and the normal entry. Basically, to pick of the pace, I will be doing shorter entries, which end up covering more topics. Anyways, let's get right into it!

Routers, they let you connect to many types of network technologies. They can also connect to anything that stores IP packets. As a typical alternative to Ethernet, people use DOCSIS (Data-Over-Cable Service Interface Specification) or more commonly known as "cable modems" and much less known as, Frame Relay, and ATM (Asynchronous Transfer Mode). These technologies as you can imagine, work very differently from Ethernet. The only thing they have in common is that they carry IP packets within their Layer 2 capsules. Most professional, not home, routers let you add interfaces. To do so, you buy snap in interfaces to fit your needs. If you connect Ethernet to ATM, but an Ethernet and ATM module. While if it's Ethernet to Cable Modem/DOCSIS, buy an Ethernet module and DOCSIS module.

Now, it's time to get to one of the most important, and coolest things of networking. This is called Network Address Translation (NAT) a form of network security. Basically, when you have got something as good as TCP/IP and routers, that's great and all, but it poses a security risk. What will stop a jerk from putting malicious programs on your computer? The IANA assigned it's last IPv4 addresses, February 2011. You now get your IP address from an ISP. Routers all run NAT, which will essentially hide the IP addresses of computers on your LAN, and let you connect to the internet at the same time. This is used all around the world, and I must know more about it! Now let's get this clear, NAT is not routing, it's a separate technology. My textbook gives a hypothetical situation which I will follow here. I have LAN with eight computers which need to access internet. First, I will call my ISP and buy a network ID. Then I will give an IP address to every computer that I want on the network, and then will connect these devices to the LAN of the router. Third, I will assign the ISP router's IP address to my WAN connection on the local routed (ex: 1.2.4.1) All the clients on the network will have the same default gateway. The gateway router acts as the default gateway. That network stlye is how computers in LAN connected to the internet for the first 20 years, but the security issues heightened the more computers were added to the world wide web. Now, NAT fixed these issues, and here's the concept: The router replaces the source IP  with its outside interface address in outgoing packets. The simplest NAT is "basic NAT", and it does just that (translating private IP to global.) Then we've got "dynamic NAT" which in contrast can share a pool of routable IPs fewer than the amount of computers. Like if it had 10 routable IPs for 40 computers. It's known as Pooled NAT as well.

Then there's PAT (Port Address translation) is a form of NAT, the most common, which handles the one-too-many problem. This is how it works. You have a network at your office, it uses private IP addressing of 192.168.1.0/24 and all the computers in the private network will have to connect somehow. It uses a single PAT router, with the global IP address 208.190.121/24 for example. When a machine within the network wants to start a session with an external machine, it uses the source and destination IP, and port numbers for the TCP or UDP datagrams, which are then recorded in the PATs translation table, and the private IP gets swapped for the public IP on every packet sent. The port number is used by the internal computer for the session, and is translated into a unique port number for the router. Then when the receiving system sends the packet back,  the IP addresses and ports are reversed. The PAT router then compares the incoming destination port and source IP to what's in the NAT translation table, so it can decide which IP address to put back on the packet.The packet is then sent to the correct computer. This whole mapping enables perfect tracking of what goes in and out. PAT handles many internal computers with one public IP address, because the TCP/IP port is big. The TCP/IP port literally has values ranging from 1 to 65535. Some of those port numbers are common, but many are available for PAT to do its job. Since the router is revising and sending the packets, why not enable it to handle ports? This stage is called port forwarding.
But... I ALREADY KNOW PORT FORWARDING! HAHA! Because of this, I will not go over it. However a couple of things to note, port forwarding is when a specific local address is designated for network services. Port 80 is for HTML (kind of already knew that...just in case.) Finally you should configure NAT on home routers. By default the router is set to Gateway, which means "NAT is turned on." Mike Meyers says "If I wanted to turn of NAT, I would set the radio button to Router." okay, sir. That ends my entry for today, thanks for reading. 

Week 13: Day 036 - Routing #1

Hello once again! Today we're starting a new chapter on routing. We'll be covering a lot of stuff about how routers work, including NAT, I'm not going to tell you what the acronym represents until later, cause we'll find out soon enough. Let's get right in!

Firstly, as we all know a router is hardware that forwards packets. Because of this, routers are classified in the Network layer of the OSI model, and the Internet layer of the TCP/IP model. Routers generally have at least two connections, but they can contain way more connections than that. In an office you may find the Cisco 2600 series device, which is one of the most popular routers ever made. Although it might be an old router, it's durable, and reliable. Cisco just has a way of doing that! One port within these routers leads to one network, while the other connection (port) leads to another. The router reads the IP addresses of the packets and determines where it should send the packets.
The majority of techs nowadays deal with home routers which are meant to connect to DSL or cable modems. The typical router will combine the router and the switch, while also providing DHCP and a firewall. Routers are great! The LAN side of say for example, a Linksys home router will connect immediately to the built-in switch. Because of this, it's not necessary to connect multiple computers into a separate switch which you would have had to buy to connect it to the the cable modem or DSL receiver. Some would look at the said router, and think that since it may have for example, 6 ports, that it would connect to 6 different networks. In reality, it can really only connect two networks. Yhe extra physical ports are part of the built-in switch. All routers will examine packets and send them to their destination, so let's see how!

Routing starts with packets which go to the router awaiting further transport.  Basically, the router will discard any information from Layer 2 and will drop the IP packet which was inside it, into a queue. The router doesn't discriminate, so it doesn't give a crap where the packet came from. It just unpacks the packets and drops it into a queue. The router then reads each packet's destination IP then sends it straight there, through the correct port. To perform such an inspection, the router has a something called a "routing table" which tells the router where it should send packets. As we established before, the router has two ports internally, one which connects to your ISP. This is called WAN in the routing table. Then there is another four ports which is the built in switch, and that's connect to LAN. Here is an example of a routing table:

Each row defines a single route. Each column specifies criteria. Here's the meaning of the columns that you see above, according to my textbook.

- Destination LAN IP: A defined network ID. Every network ID directly connected to one of the router's ports is always listed here.
- Subnet Mask: To define a network ID, you need a subnet mask
- Gatway: The IP address for the next hop router; in other words, wher ethe packet should go. I fhte outgoing packet is for a network ID that's not directly connected to teh router, the Gateway column tells the router the IP address of a router to which to send this packet. That router then handles the packet and your router is done. If the network ID is directly connected, then you don't need a gateway. Based on what's needed, this is set to 0.0.0.0 or to the IP address of the directly connected port.
- Interface: Tells the router which of its ports to use. On this router, it uses the terms "LAN" and "WAN". Other routing tables use the port's IP address or osme other type of abbreviation. Cisco routers, for example use f0/0, f0/1 and so on.

The router looks at its destination IP, then proceeds to consult the routing table to see which device will receive the packets. Some routers read the table top-down and some bottom-up. One trick when reading a routing table is to think, every zero you use means "anything". Like if you saw the IP 10.12.14.0, compare that to subnet mask 255.255.255.0 you'll see that it's a /24 network ID and that any number between 1-254 for the last value will work. Continuing, every router has a default route. For example, it may forward it to 76.30.4.1 by default, through the WAN port. It's important to have a default route cause it's a guide for the router with what it may do when it receives an incoming packet. Sometimes though, if you decide to add another line to the routing table, it will give another route. One important thing to note is that not only Routers use routing tables. You'll find them on just about every device which is connected to the network. You might ask why they have them. It's because the NICs and the other devices need to know the IPs coming in and going out. Here's what a routing table looks for Windows:

Not much different than a home router, it just usually has a lot more routes. The interface has an actual  IP, and a loopback, instead of LAN protocol. In the world of routing there is something called "metric", this is part of the beauty of routing because a metric is a value which defines the cost of using a certain route. Lowest routes always win. The router will always use a metric of 1 unless it stopped working for some reason. If it were to stop work it would switch to the 10 metric. That's basically how the internet works if you think about it. A bunch of routers connected to even bigger, more powerful routers. Connections will go up and down all the time , so routers are constantly talking to each other. Let's try to make out what the routing table is saying. The bottom line defines default IP broadcast (it doesn't matter whether the default ip starts bottom or top). The next line up is the multicast address range. The next route say sthat any adress in the 147.100/16 network ID are part of the LAN. If your computer DHCP client isn't receiving an IP address, this route would enable you to communicate with outer computers on the network which may have the same problem. The next line is a loopback, and the line after that is the directed broadcast. The next line means anything addressed to the machine goes to the loopback. Then the one after that defines the local connection. Another note, local connections do not use default gateway, but every routing table still has a gateway column. This is because Microsoft had to put something there, so they just put the IP address of the NIC. In Windows 7 and I assume further, the gateway value for local connections says "on-link". FINALLY, the top line deifnes the default route. On Windows use PuTTY and then type the command "show ip route" and it's pretty self-explanatory what it does. The last three lines will be the routing table. That's basically how you look at routing table, and actually understand it. In the end what they basically do is list the routes so the IP packets can be moved to the correct interface. On that note, thanks for reading, and until next time!

Week 13: Day 035 - TCP/IP Basics #6

Hello everybody, today is the day when I finally end this chapter! This entry will mainly focus on using IP Addresses. One thing to note is that next chapter will cover a lot important stuff about routing. Let's dive right in.

Funny enough for me, I already know a lot of the stuff that's about to be covered. This is static addressing vs. DHCP which is although is obvious to me now, perhaps I may forget! Basically to make the network function, each computer must have an IP address, subnet mask, and a default gateway. First I must decide what network ID I want to use. Back then, you were given a bloc of IPs, so I'll just pretend that I was given a Class C license of 197.156.4/24 in this scenario. The main rule of network addressing is that I can do whatever the heck I wanna do with my network ID. The only other rules are fairly obvious, every computer has to get a legit IP and subnet mask for my network ID. Also another thing, every IP on the network must be unique. I don't have to go in numerical order when distributing the IPs, but a lot of people do cause it's easier to identify the computers. Most networks follow these principles:

1. Give default gateway the first IP address of network ID.
2. Try to put them in numerical/sequencial order.
3. Attempt to seperate servers from clients.
4. Write down what you've decided, so your successor will understand.

Although those standards are unofficial, it's convenient, and much appreciated to whoever succeeds you as network admin. At this point you can give each and every device on the network an IP address, subnet mask, and default gateway.
Usually you'll find on the operating system you're using, the static IP information. On Windows, which I'm a million times more familiar with, there is the Internet Protocol Version 4 (TCP/IPv4) Properties dialog. Next on Mac OSX there is the Network utility in System Preferences. Then on Unix/Linux systems there is the command-line ifconfig commands. Thankfully most distros provide a GUI, which I prefer, and it's usually called Network Configuration. When you've added the IP info, you should verify using the ping command. This is the basis of Static addressing, and it's still used a lot. However there is something much simpler which is more widely used, as the average user is not as well versed as a network administrator.

This is called "Dynamic Addressing" or better known as "Dynamic Host Configuration Protocol" (DHCP), and if your old then Bootstrap Protocol (BOOTP) which is no longer used. Basically what DHCP does, is distribute IPs to the computers on the network automatically, which makes things a lot easier! When a computer is configured to use DHCP, it's called a DHCP client. When a DHCP then boots up, it sends out a DHCP Discover packet which uses the broadcast address, which was used by other functions earlier in my entries. What the message essentially say is, "Are there any DHCP servers out there?" as my textbook puts it. However, for all of this to work, one system on the LAN has to be running DHCP server software. It's designed to respond to DHCP Discover requests while also providing a response to those requests. The DHCP server hands out IP addresses from a range and subnet mask. It pass out other information as well, known as options which have many choices such as default gateway, DNS server, network time, etc. To me, the most popular DHCP server I know of, is by far Windows Server 2008.

The acceptance from the DHCP client of the DHCP server's data is a DHCP lease. The DHCP lease is set for a certain amount of time, ranging from five to eight days. It renews it after that amount of time, unless some other device took that lease, or if the said device is no longer connected to the network. The biggest problem that can happen regarding DHCP, is if a DHCP client does not receive an IP from the DHCP server. You can figure this out through some kind of error on the OS or maybe through finding out that the IP is something weird.
That weird looking special IP is created by APIPA (Automatic Private IP Addressing). All DHCP clients are designer to generate one of those addresses automatically, if no DHCP discover message is received. However APIPA can't issues a default gateway, so you can't get on the interpet using APIPA, you can only do LAN activities. When you can connect to local computers but not the internet, that gives you a big clue as to what the DHCP problem is. One way of fixing it is by reestablishing a DHCP lease, but manually. Every OS has an application which does it for you. For example, on a Mac you'd go onto System Preferences and use the Network utility to find it, which on Windows you'd type the command "ipconfig /renew". Sometimes that won't work on Windows, so you'd force it! Basically you'd type "ip config /release" followed by "ipconfig /renew" into Command Prompt. In Unix/Linux use the ifconfig command to release and renew the DHCP address. You would type "sudo ifconfig eth0 down", and then to renew "sudo ifconfig eth0 up". The reason you use sudo for that is cause you need root privileges.

Finally, the creators of TCP/IP created some special IP addresses that are important to know about. The first one is 127.0.0.1 aka the "loopback address". If you were to try to send data to that IP, you'd be sending yourself data! It's main use is to use the ping command with it, a test as to whether your NIC is capable of sending and receiving packets. A lot of people try to hide themselves from the internet by using Private IP Addresses. Routers usually destroy Private IP Addresses after they're done being used. The catch to these Private IPs is that they're useless on the internet... unless you use NAT! Before I go, take a look at these ranges of addresses designated as private IPs:
- 10.0.0.0 through 10.255.255.255 (1 Class A license)
- 172.16.0.0 through 172.31.255.255 (16 Class B licenses)
- 192.168.0.0 through 192.168.255.255 (256 Class C licenses)

One last thing, be expecting talk of NAT next chapter! On that bombshell, thanks for reading, and goodbye.