TCP/IP Resources

The OSI Model

This academic model organizes any look at network protocols. Remember this by reading from bottom to top:

Understanding the Protocols

• Quick Overview of Protocol Header Structures
• The protocols are defined by RFCs, and the RFCs can be found at http://www.rfc-editor.org/.
• Here's what's on my bookshelf:
  • Internetworking with TCP/IP, Volume 1, Douglas Comer, Prentice Hall. A very readable description of the major components (and many of the minor ones) of the TCP/IP internetworking protocol suite. Comer's book is the best place to start. His web site is http://www.cs.purdue.edu/faculty/dec.html
  • TCP/IP Illustrated, Volume 1, W. Richard Stevens, Addison-Wesley. A bit tough for an introduction, but a good one to follow Comer's book with lots more details. Comer's book is readable, this is more like an encyclopedia.
  • DNS and BIND, Paul Albitz and Cricket Liu, O'Reilly and Associates. Since you use DNS, use it correctly!
  • Managing IP Networks with Cisco Routers, Scott M. Ballew, O'Reilly and Associates. And use those routers correctly, too!
  • Interconnections: Bridges and Routers, Radia Perlman, Addison-Wesley. Loads of details on routing algorithms and protocols.
• These organizations design protocols, identify standards, and define and dissemenate The Truth:
  • Internet Engineering Task Force (IETF) http://www.ietf.org
  • Internet Assigned Numbers Authority (IANA) http://www.iana.org
  • Internet International Ad-Hoc Committee http://www.iahc.org
  • Internet Society (ISOC) http://www.isoc.org
  • Institute of Electrical and Electronics Engineers (IEEE) http://www.ieee.org/
• The weekly Network World is a good source of what's happening in TCP/IP development and deployment. Free to qualified readers, see http://www.nwfusion.com

Operating System Details

TCP/IP commands for UNIX, MacOS, Cisco IOS, and Windows

• UNIX, MacOS, Cisco IOS, and Windows TCP/IP commands — Click here for a list

OS Specifics for UNIX, Switches, and Routers

• UNIX — How to harden the TCP/IP stack of UNIX-like operating systems
• Cisco IOS — How to break in, initialize, and configure a Cisco router
• Cisco and 3Com Switch programming — How to program Cisco Catalyst and 3com 3000 switches
• To use TCP/IP securely, see my big web page on computer network and system security

Physical / Data Link Layers

• Network link specifications:
  • WLAN link specifications
  • WAN link specifications

Network Layer — IP — Internet Protocol

In order to understand IP addresses, netmasks, subnet design, VLSM, CIDR, etc., you should read the 3com paper! Click on Understanding IP Addressing here:
http://www.3com.com/corpinfo/en_US/technology/index.jsp
If that doesn't work, try this direct link:
http://www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf
If all else fails, search for it at Google

Slash Versus Dotted-Quad Notation

The key to all this is the following relations of decimal versus binary:

Decimal  Binary   How the binary is built
    0   00000000
  128   10000000  (128)
  192   11000000  (128 + 64)
  224   11100000  (128 + 64 + 32)
  240   11110000  (128 + 64 + 32 + 16)
  248   11111000  (128 + 64 + 32 + 16 + 8)
  252   11111100  (128 + 64 + 32 + 16 + 8 + 4)
  254   11111110  (128 + 64 + 32 + 16 + 8 + 4 + 2)
  255   11111111  (128 + 64 + 32 + 16 + 8 + 4 + 2 + 1) 

Given that, we can build the following table:

Useful only for| Useful for subnets |  Useful for subnets  | Useful for subnets
  CIDR blocks  | of /8, or for CIDR | of /8 or /16, or for |   of any networks
of any networks| blocks of /16 and  |  CIDR blocks of /24  |
	       |   /24 networks     |       networks       |
	       |                    |                      |
  0.0.0.0  /0  |  255.0.0.0    /8   |  255.255.0.0    /16  |  255.255.255.0    /24
128.0.0.0  /1  |  255.128.0.0  /9   |  255.255.128.0  /17  |  255.255.255.128  /25
192.0.0.0  /2  |  255.192.0.0  /10  |  255.255.192.0  /18  |  255.255.255.192  /26
224.0.0.0  /3  |  255.224.0.0  /11  |  255.255.224.0  /19  |  255.255.255.224  /27
240.0.0.0  /4  |  255.240.0.0  /12  |  255.255.240.0  /20  |  255.255.255.240  /28
248.0.0.0  /5  |  255.248.0.0  /13  |  255.255.248.0  /21  |  255.255.255.248  /29
252.0.0.0  /6  |  255.252.0.0  /14  |  255.255.252.0  /22  |  255.255.255.252  /30
254.0.0.0  /7  |  255.254.0.0  /15  |  255.255.254.0  /23  |  255.255.255.254  /31 

Note that not all combinations are really useful, apply the follow exceptions.

0.0.0.0 isn't useful for much of anything at all. Plus, those CIDR blocks represented by the first column are awfully big! Unless you're running a backbone, or selling IP space to a continent, you probably won't encounter them.

255.0.0.0, 255.255.0.0, and 255.255.255.0 define the classful /8, /16, and /24, or Class A, B, and C, respectively. They cannot define subnets of their own classful nets.

255.254.0.0, 255.255.254.0, and 255.255.255.254 cannot define subnets of /8, /16, and /24 nets, respectively, as that would only allow one bit for the host number, and that is not allowed by the RFC's.

Really Simple CIDR Block Rule

To answer the question, "Does this set of classful network addresses form a CIDR block", instead answer the following question.
Is there a netmask /X such that:

• The first X bits of all network addresses in the set are identical, and
• The remaining bits of all network addresses exhibit all possible patterns.

If so, the answer is "Yes", and the CIDR block description is the first network address followed by /X.

As an example, this is a CIDR block, divided as indicated:

					     |    Host bits
					     |    ---------
200.201.200.0 = 1100 1000  1100 1001  1100 10|00  xxxx xxxx
200.201.201.0 = 1100 1000  1100 1001  1100 10|01  xxxx xxxx
200.201.202.0 = 1100 1000  1100 1001  1100 10|10  xxxx xxxx
200.201.203.0 = 1100 1000  1100 1001  1100 10|11  xxxx xxxx
		<----- 22 constant bits ---->|<- varying ->
CIDR block = 200.201.200.0/22 

But this is not a CIDR block:

					    |     Host bits
					    |     ---------
200.201.201.0 = 1100 1000  1100 1001  1100 1|001  xxxx xxxx
200.201.202.0 = 1100 1000  1100 1001  1100 1|010  xxxx xxxx
200.201.203.0 = 1100 1000  1100 1001  1100 1|011  xxxx xxxx
200.201.204.0 = 1100 1000  1100 1001  1100 1|100  xxxx xxxx
		<----- 22 constant bits --->|<-- varying -> 

Not all combinations of the last three bits of the classful network designations are used, so the above is not a CIDR block. But it shows us what would have to be added to make it one, as seen below:

					    |     Host bits
					    |     ---------
200.201.200.0 = 1100 1000  1100 1001  1100 1|000  xxxx xxxx  <-- added!
200.201.201.0 = 1100 1000  1100 1001  1100 1|001  xxxx xxxx
200.201.202.0 = 1100 1000  1100 1001  1100 1|010  xxxx xxxx
200.201.203.0 = 1100 1000  1100 1001  1100 1|011  xxxx xxxx
200.201.204.0 = 1100 1000  1100 1001  1100 1|100  xxxx xxxx
200.201.205.0 = 1100 1000  1100 1001  1100 1|101  xxxx xxxx  <-- added!
200.201.206.0 = 1100 1000  1100 1001  1100 1|110  xxxx xxxx  <-- added!
200.201.207.0 = 1100 1000  1100 1001  1100 1|111  xxxx xxxx  <-- added!
		<----- 22 constant bits --->|<-- varying ->
CIDR block = 200.201.200.0/21 

A VLSM Example

The best place to look is the 3com paper (see above), but here's a fairly simple example. Let's say you're allocated the /24 address space 200.201.202.0/24, and you have to address hosts on the following networks:

• Six point-to-point WAN links (2 IP addresses each for end points)
• Six LAN's:
  • 60 hosts (LAN #1)
  • 50 hosts (LAN #2)
  • 25 hosts (LAN #3)
  • 20 hosts (LAN #4)
  • 10 hosts (LAN #5)
  • 10 hosts (LAN #6)

Assign the addresses as below, where bits marked "x" can take all possible patterns other than all zeros and all ones.

								 Number   Final
   IP Addresses, Dotted-Quad and Binary       Net Base Address  of Hosts  Octet
--------------------------------------------------------------------------------
   200    .   201    .   202    .   ???
1100 1000  1100 1001  1100 1010  01xx xxxx   200.201.202.64/26     62     65-126
1100 1000  1100 1001  1100 1010  10xx xxxx   200.201.202.128/26    62    128-190
1100 1000  1100 1001  1100 1010  001x xxxx   200.201.202.32/27     30     33- 62
1100 1000  1100 1001  1100 1010  110x xxxx   200.201.202.192/27    30    193-222
1100 1000  1100 1001  1100 1010  1110 xxxx   200.201.202.224/28    14    225-238
1100 1000  1100 1001  1100 1010  0001 xxxx   200.201.202.16/28     14     17- 30
1100 1000  1100 1001  1100 1010  0000 01xx   200.201.202.4/30       2      5-  6
1100 1000  1100 1001  1100 1010  0000 10xx   200.201.202.8/30       2      9- 10
1100 1000  1100 1001  1100 1010  0000 11xx   200.201.202.12/30      2     13- 14
1100 1000  1100 1001  1100 1010  1111 00xx   200.201.202.240/30     2    241-242
1100 1000  1100 1001  1100 1010  1111 01xx   200.201.202.244/30     2    245-246
1100 1000  1100 1001  1100 1010  1111 10xx   200.201.202.248/30     2    249-250

Final octet for host addresses on each network:
    Minimum = final octet of base address plus one
    Maximum = final octet of base address plus number of hosts
Final octet for broadcast on each net:
  Broadcast = final octet of base address plus one plus number of hosts 

Inadequately theoretical for you? Then read the paper by Mikail Atallah and Doug Comer.

Multicast

• See http://www.mbone.com and http://www.netlab.indiana.edu/iunet/mbone.html for details on joining the multicast world.
• See http://www.iana.org/assignments/multicast-addresses for the assigned multicast addresses and address blocks.

IP Address Assignment Authorities

• U.S. Government/Military — DDN NIC, the Defense Data Network NIC, http://nic.ddn.mil. A stuttering acronum, it ultimately stands for "Defense Data Network Network Information Center".
• North and South America — ARIN, the American Registry of Internet Numbers, http://www.arin.net/
• Europe — RIPE, Reseaux IP Europeens, http://www.ripe.net.
• Asia and Pacific — APNIC, Asia Pacific Network Information Center, http://www.apnic.net.
• Africa — ARIN, the American Registry of Internet Numbers, http://www.arin.net/, allocates IP address space. Presumably the InterNIC does their domain registration? There's not much Internet activity in Africa outside South Africa, so it's not that big a job and hardly anyone has been involved.
• Lists of all Class A networks (2 versions):
  • A short summary of each net (15 kbytes)
  • The complete output of "whois". (71 kbytes)

Routing, NAT, and DNS

Check the current Internet backbone activity with the Internet Traffic Report. The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

How Routing Works

Click here to see how routing works.

NAT (Network Address Translation)

Click here to see how NAT (Network Address Translation) works.

DNS / BIND

• World-wide DNS use and domain structure — see: http://nw.com/zone/WWW/
• Mapping DNS to geographic information
  • http://www.private.org.il/IP2geo.html
  • http://cities.lk.net
  • http://www.ckdhr.com/dns-loc/
• http://www.samspade.org/ has an whois page.
• The DNS Resource Directory: http://www.dns.net/dnsrd.
• The standard RFC's to read are RFC 1034 and RFC 1035 for the truth about DNS. Also see:
  • RFC 1032 and RFC 1033, the Domain Adminstrator's Guides
  • RFC 1535 for security issues
  • RFC 1536 for implementation problems
  • RFC 1537 and RFC 1912 for common configuration problems
  • RFC 1591 for DNS structure and delegation
  • RFC 1706 for integrating DNS and OSI protocols
  • RFC 2181 and RFC 2182 for DNS security issues
• Other great DNS and BIND documents are at http://www.dns.net/dnsrd/ and http://www.isc.org/bind.html and http://web.syr.edu/~jmwobus/comfaqs/faq-dns and http://www.cymru.com/~robt/Docs/Articles/secure-bind-template.html
• You can get BIND at http://www.isc.org or ftp://ftp.vix.com/pub/bind (maybe instead at http://ww.vix.com/isc/bind.html). The second has BIND for both Unix and Windows NT.

Transport Layer — TCP and UDP

• All the assigned TCP/UDP port numbers: http://www.iana.org/assignments/port-numbers
• The netstat command gives you loads of information on a machine's network communications. Listening TCP ports, currently active sockets, etc. It's available under Unix, MacOS, and Windows, but the precise format of the output varies between operating systems. Here are some examples of "netstat" output.

Cisco Router Simulators

An article about virtual Cisco routers and Linux servers:
http://nirlog.com/2007/07/09/simulating-cisco-and-linux-networks/

Dynamips, the Cisco 7200 simulator itself:
http://www.ipflow.utc.fr/index.php/Cisco_7200_Simulator

VNUML (Virtual Network User Mode Linux), the Linux simulator: http://www.dit.upm.es/vnumlwiki/index.php/Main_Page

Odds & Ends

TCP/IP Haikus

I was working on this networking project in Japan, and ... Click here to be subjected to them.

Client IP / OS / Browser Identification

A demonstration of how a PHP script on the server can read and reformat the connection information and the client's request: http://www.moanmyip.com/

RouterGod Magazine

Including Jessica Simpson's thoughts on open-source routers, Gillian Anderson's on LAN switching, Elizabeth Hurley on the Cisco 2600 series routers, Mr Rogers on the RS-232 standard, and other really odd stuff: http://routergod.com/

History of the Internet

If you're curious, look here:

• Timeline History of the Internet: http://ds.internic.net/rfc/rfc2235.txt
• Also, see: http://www.isoc.org/internet-history/

Just What Is A "Daemon", Anyway?

According to the Oxford English Dictionary, it is "an attendant, ministering, or indwelling spirit." Socrates wrote of his daemon as his inner spirit. The designers of daemons in Unix (a concept later ported to most other operating systems) intended this meaning, as pointed out in some manual pages. It's an uncommon word these days, we usually use the Arabic djinn, these days often spelled genie, when we're talking about what used to be called a daemon in the Middle Ages.

© Bob Cromwell Oct 2008. Created with /bin/vi and ImageMagick, hosted on OpenBSD with Apache.    Root password available here