7. Application e-mail package or ftp.
6. Presentation for apps to exchange data - handled within tcp/ip
5. Session manages sessions between apps - sockets/ports used instead of session
4. Transport data is exaclty as it was sent
3. Network isolates upper layers from the net. ip handles packet addressing + delivery
2. Data Link reliable delivery of data is handle - not used inTCP/IP
1. Physical defines statndards for hardware, ie. cable length, voltage
Application | data |
Tranport |header | data |
Internet |header |header | data |
Network Access |header |header |header | data |
IP - Internet Protocol
1. Defines datagram and the Internet address scheme.
2. Moves data between Network Access and Transport layers.
3. Route datagrams to remote hosts and performs fragmentation + reassembly of datagrams.
4. IP does no error checking and will only route datagrams to the host. In fact IP doesn't even check if data was recieved. Error checking is left up to protocols in other layers
TCP - Transmission Control Protocol
1. Provides reliable, connection oriented, byte stream protocol.
2. Verifies delivery of data and performs error checking.
3. Uses Positive Acknowledgment with Retransmission (PAR) - the system will send data again unless it gets a positive acknowledgment that data was received okay.
4. Responsible for passing data to and from applications
ping. ifconfig, nslockup, arp, netstat, ripquery, etherfind, tcpdump
NFS - Network File System
nfsd on NFS servers - services nfs client's requests
biod on NFS clients - client side if NFS i/o
rpc.lockd handles file locks on both server and client
rpc.statd required by rpc.lockd to reset locks after crash
rpc.mountd on NFS server - processes the clients mount requests
IP knows the 3 classes by the first 3 bits of the address.
class A 1st bit 0 < 128 n.h.h.h
class B 1st 2bits 10 128 .. 191 n.n.h.h
class C 1st 3bits 110 192 .. 223 n.n.n.h
class D 1st 3bits 111 multicast addresses
network 0 = default route
host 0 and 255 reserved (host 0 does not exist since that would identify a network)
Subnet is determined by the subnet mask bit that is on ... the network mask is anded with the address. This says that the address it is interpreted as the network part.
22.214.171.124 in binary is 1000 0010.0110 0001.0001 0000.0100 0010
255.255.255.192 in binary is 1111 1111.1111 1111.1111 1111.1100 0000
produces this 1000 0010.0110 0001.0001 0000.0100 0010
The subnet and host number in this case is transparent when dealing with a host file. Just take note that host address from 126.96.36.199 to 188.8.131.52 are the only hosts addresses available with that netmask. The address 184.108.40.206 uses the 1st bit instead of the 2nd and therefore effectively changes the network.
UDP - User Datagram Protocol
Dynamic ports are assigned as needed. For example, telnet uses 3044 as the source and 23 (well known) as the destination port at a remote host. The remote host responds with 23 as it's source and 3044 as it's destination
A socket is a combination of IP address and port
Routing and Gateways
Autonomous system is a collection of internal networks
gateway is defined as moving data between different protocols, ie. Novell - TCP/IP
router is defined as moving data between networks
Routing forwards datagrams based on information within the routing table.
Routing Protocols are programs that exchange information to build routing tables and usually fall into two groups: interior and exterior
interior is within an autonomous network
exterior is between autonomous networks
DNS - Domain Name Service - provides Internet information
BIND - Berkley Internet Name Domain
NIS - Network Information Service - provides local information
RIP - Routing Information Protocol
/etc/protocols provides protocol numbers used by IP to deliver the datagrams.
/etc/services provides port numbers used by TCP to deliver data to applications and contains all services used by /etc/inetd.conf.
/etc/networks contain subnet information or network information.
/etc/gateway specifies information at startup of routed and usually the default gateway is placed here. Example: net 0.0.0.0 gateway 220.127.116.11 metric 1 active
active means RIP can remove entry if gateway is inactive
passive means gateway is not required to provide updates
routed - starts RIP (accepts 15 hops as max) for advertising and receiving routing information
inetd - users the /etc/inetd.conf file for port information
wait status stream type servers allow "nowait"
datagam type servers require "wait"
uid user name which sever runs
arguments 1st argument is server's name
when changing this file do a kill -HUP PID
gated is used for EGP (Exterior Gateway Protocol) and RIP
arp -a address resolution protocol
ifconfig metric 3 causes the interface to have a higher cost than other interfaces on the host (which is usually 0 by default) so packets will go those routes before this route.
route add 18.104.22.168 22.214.171.124 1
route add default 126.96.36.199 1
the metric value is only used to determine if route is local or not - that's it for static routes.
the default gateway should be determined by the number of routes through a gatewy and not the amount of traffic.
static routes are lost upon reboot.
find / -user root -perm 4000 -print
/usr/adm/sulog or messages
cops exposes security holes ... cert.sei.cmu.edu pub/cops/cops.tar.Z
/etc/inetd -c passwd root from 3 to 1
Internet Control Message Protocol (ICMP)
PPP - Point to Point Protocol
prevents multihomed host from forwarding packets
Firewall must provide DNS name service for outside worl - DNS for internal network is provided internally
Firewall will not provide any information about internal hosts to the outside world
You must login to host first then ftp
Your system must have a route table entry for every network that it will communicate with ... explicit route for 1 network or a default route for all networks
For a firewall to become a secure router there must be no routing protocol, no default route in table, neither starts at boot time.
wrapper - provides access control available on cert.sei.cmu.edu at pub/network_tools/tcp_wrapper.shar