------------------------- Week 06 Notes for CST8165 ------------------------- -Ian! D. Allen - idallen@idallen.ca - www.idallen.com Remember - knowing how to find out an answer is more important than memorizing the answer. Learn to fish! RTFM! (Read The Fine Manual) Term Test #1 is marked and emailed. Answers are in Notes. Lab 3 was due on Monday evening (October 8). Lab 4 is coming up. See next week's notes. Review: - encapsulation - TCP four layer stack (or five layer stack) with examples: process/application, host-to-host transport, Internet, network - dotted-quad IP addresses and masks - IP routing TCP/IP References ----------------- http://www.tcpipguide.com/ Test Cases ---------- What test cases did you apply to your port scanner? Debugging C language using gdb ------------------------------ "If you have eight hours to cut down a tree, it is best to spend six hours sharpening your axe and then two hours cutting down the tree." Google search: gdb tutorial - gdb reference card: http://sources.redhat.com/gdb/download/onlinedocs/refcard.ps.gz - the full manual http://www.gnu.org/software/gdb/ http://www.gnu.org/software/gdb/documentation/ http://sourceware.org/gdb/current/onlinedocs/gdb_toc.html http://sources.redhat.com/gdb/download/onlinedocs/gdb.html - debugging multi-process programs (fork): http://sourceware.org/gdb/current/onlinedocs/gdb_5.html#SEC28 http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/gdb/processes.html http://www.delorie.com/gnu/docs/gdb/gdb_26.html http://www.cs.toronto.edu/~maclean/csc209/ddd-gdb-children.html - gdb normally follows the parent; to debug a child process (gdb) set follow-fork-mode child You can put these kinds of init commands in file .gdbinit Q: If you overflow an auto variable buffer in main() and then return, your program faults and dies. If you call exit(), the program doesn't die. In both cases, the program is terminating. Why does "return" fault and the other exit() cleanly? ---------------------------------------------------------------------------- IP Routing (review - continued) ---------- Ref: http://www.freesoft.org/CIE/Topics/116.htm Pre-classless (the old Class A,B,C way) - Classful addressing, Figure 5: A nice diagram of how the top bits determined the old Class A,B,C addressing: http://www.garykessler.net/library/tcpip.html#IPadd Routing vs. Switching http://www.networkcomputing.com/netdesign/1122ippart2.html - routers forward based on IP address (OSI Layer 3) - must open up the Ethernet packet and look at the IP header - switches and hubs forward packets based on MAC address (OSI Layer 2) - don't look inside the Ethernet packets - no IP info used Q: T/F Ethernet switches and hubs forward based on IP addresses. Routing is a way of getting packets from one place to another Routing software determines the next hop for a datagram Specifically does 2 things: 1. Determines the (optimal) path 2. Delivers the datagram Q: What is the purpose of network routing? Indirect routing is used when the network numbers of the source and destination do not match: - the packet must leave the local network (not in this ARP domain) - must be forwarded by a known "gateway" (a router) - a gateway is a node that knows how to reach the destination, or at least knows where to send a packet if it doesn't know - may have different gateways for different networks Q: T/F To send packets to machines on your local network, you first send the packet to the gateway. Path Determination - which way to send a packet? - http://www.freesoft.org/CIE/Topics/117.htm - http://www.freesoft.org/CIE/Topics/118.htm Algorithms use 'metrics' to determine path. Metrics - cost, length, etc Algorithms populate routing tables, tables are used for determination * If two routing prefix paths match, the *longest* prefix match is preferred. - 1.2.3.0/25 is preferred over 1.2.3.0/24 Default route: 0.0.0.0/0 or 0.0.0.0/0.0.0.0 - every /nn match has more 1-bits in the mask than /0; always a last choice Q: If two routing prefixes match a packet, which one is chosen? Q: Why is the default address always chosen last? http://www.freesoft.org/CIE/Topics/116.htm The network can adjust routing tables according to network changes: Router receives change notifications and recalculates its routing table Updates to a routing table triggers notifications sent out to other routers Minimalized human config required (setup) Be careful that the updates don't cause a "storm" or route instability Routing Protocols needed to decide on global Internet routing tables: Ref: http://www.freesoft.org/CIE/Topics/87.htm - interior protocols: http://www.freesoft.org/CIE/Topics/119.htm - RIP - Router Information Protocol (old - not CIDR) - used internally http://www.freesoft.org/CIE/Topics/90.htm - very widely used - but 1970s design, no CIDR - OSPF - Open Shortest Path First - replaces RIP, used internally http://www.geocities.com/Heartland/4394/work/ospf.html http://www.freesoft.org/CIE/Topics/89.htm - exterior protocols: http://www.freesoft.org/CIE/Topics/120.htm - BGP4 - Border Gateway Protocol (v4) - used between large nets http://www.freesoft.org/CIE/Topics/88.htm - Cisco protocols (IGRP, EIGRP) - etc. Q: What do BGP and OSPF stand for? What is each used for? Q: What interior/internal routing protocol is replacing the old RIP protocol? Q: T/F - Both BGP and OSPF are designed to work on a local network. Tracing routing in Unix/Linux: mtr and traceroute, "traceroute -n" (RTFM) - lost or blocked return ICMP packets print "*" Q: What do all the fields in the output of a traceroute mean? Display the local routing tables in Unix/Linux kernel: Linux Commands: "ip route list" or just "ip route" Old way (Unix): "route" and "netstat -r" - shows the known network interface routes Q: T/F "ip route" will show the IP address of your gateway ---------------------------------------------------------------------------- Subnetting (Review) ---------- RFC: http://tools.ietf.org/html/rfc950 http://www.zegelin.com/computers_files/ref/IP_Addressing.html Subnetting is the process of being handed a network address and being able to subdivide it into subnets, correctly deciding how many bits to use for the subnet and how many bits to leave for the host addresses. http://www.zegelin.com/computers_files/ref/IP_Addressing.html Figure 14: "Notice how sequential subnet numbers do not appear to be sequential when expressed in dotted-decimal notation. This can cause a great deal of misunderstanding and confusion since everyone believes that dotted-decimal notation makes it much easier for human users to understand IP addressing. In this example, the dotted-decimal notation obscures rather than clarifies the subnet numbering scheme!" Q: Know how to divide a network into subnets. Q: Given an IP address and network mask, determine the network prefix (the /nn number), the network number, and the broadcast address. Q: Given an IP network address, apply subnetting to the address to supply a certain number of subnets, or a certain number of hosts. Q: What is the maximum number of hosts you can have (avoiding the all-zero and all-one networks and hosts) for a Class C address and a 4-bit subnet mask? (How many usable subnets are available with with four bits? How many usable hosts can reside on each of those sub-networks? Multiply.) Answer: 196 http://www.ralphb.net/IPSubnet/example.html http://www.ralphb.net/IPSubnet/restr.html Q: What if you didn't have to avoid the all-zero or all-ones subnets? x.x.x.x/24+4 -> 16 usable subnets, each with 32-(24+4)=4 bits for hosts -> 16 subnets times (2**4 minus two hosts) = 224 hosts Q: What is the next available subnet address above this one 192.168.1.0/24 ? Answer: 192.168.2.0 (/24) - add one to the network part of the 32-bit number Q: What is the next available subnet address above this one 192.168.1.0/25 ? Answer: 192.168.1.128 (/25) - add one to the network part of the 32-bit number Q: What is the lowest usable host address in the 192.168.1.128/25 network? Answer: 192.168.1.129 (/25) - avoid the all-zero host address 192.168.1.128 (/25) Q: T/F Recent standards let you use subnets that are all zeroes and all ones. ( http://www.ralphb.net/IPSubnet/restr.html ) CIDR (supernetting review) -------------------------- "a supernet is a block of contiguous subnetworks addressed as a single subnet." -- http://en.wikipedia.org/wiki/Supernet http://www.zegelin.com/computers_files/ref/IP_Addressing.html - diagrams of bits for traditional Class A,B,C networking http://tools.ietf.org/html/rfc1518 - the CIDR proposal Originally, IP addresses were classified strictly as Class A, B, C depending on the size of the network part. Class A addresses used the top 8 bits for the network number (starting with 0); Class B used 16 bits (starting with 10); Class C used 24 bits (starting with 110). The top few bits of an IP address decided whether an address was A, B, or C. Q: Give an example (network and mask) of a Class A,B,C address. "Although the original intent of having Classes was to allow for flexible addressing, experience showed that the hard boundary of the three Classes actually made the addressing less flexible. For example, if a site connecting to the Internet needed to address 300 hosts, then a Class C network wouldn't be adequate and a Class B would need to be assigned. This resulted in poor utilization of the assigned address space and caused a faster-than-necessary rate of consumption of the available IP address space." http://www3.ietf.org/proceedings/99jul/I-D/draft-ietf-idr-aggregation-tutorial-01.txt When the number of IP numbers started to run scarce, the Internet changed to using an arbitrary number of bits: "CIDR removed the idea of Classes from IP. Instead of having networks with an implied number of bits referring to network/host, there are "prefixes" with an associated mask explicitly identifying which bits refer to network/host. For example, the prefix "38.245.76.0" with a mask of "255.255.255.0" has 24 bits of network and 8 bits of host (i.e., it can address the same number of hosts as a Class C network even though the prefix is in the Class A range). The CIDR paradigm prefers the term "prefix" over "network" because it's more clear that no Class is being implied. Another way to write this example prefix is "38.245.76.0/24", meaning that the mask contains 24 1s in the high-order portion of the mask." http://www3.ietf.org/proceedings/99jul/I-D/draft-ietf-idr-aggregation-tutorial-01.txt July 1997 CIDR throws out all the traditional classes and subnetting. You are allowed to have subnets that are all-zeroes or all-ones. "The solution is simple: someone just issued an edict saying "forget everything you learned, we won't bother with those rules any more". There's even a command to tell the routers themselves that they should ignore the rules - "ip classless" When you break the rules like this, and allow netmasks that end in all 0's or all 1's, it's called "CIDR" - Classless InterDomain Routing." http://www.gtoal.com/subnet.html Subnet calculator tool (with explanations!): http://www.subnetmask.info/ http://www.ipprimer.com/addressing.cfm "Although RFC 1812 came out in June of 1995(!), most certification tests still test you on the RFC 950 rules, for (in my opinion) one of the following reasons: * Their software still follows RFC 950 rules (this is rare.) * Since RFC 1812 simplifies things significantly, there's not enough material to test on. Test items from RFC 950 are added as "filler". * They are ignorant of the fact that the material on their tests has been out of date for more than five years. * They are mean-spirited, perniciously forcing you to learn material that will never be relevant to your job." Q: You can super-net 192.168.2.0 and 192.168.3.0 into a single /23 subnet with 510 usable addresses, by using a network mask of 255.255.254.0. Why can't you super-net 192.168.5.0 and 192.168.6.0 the same way? ( http://www.ipprimer.com/addressing.cfm ) ----------------------------------------------------------------------------- Domain Name System (DNS) (review) ------------------------ DNS turns names into IP addresses. Not essential for a raw Internet connection; but, very, very useful. The Unix/Linux file /etc/resolv.conf ("man resolv.conf") contains your machine's domain name and the IP addresses of your DNS servers. Important Fact: DNS uses (almost exclusively) unreliable UDP, not reliable TCP, for queries and responses. Q: What type of IP protocol does DNS use (most of the time)? Q: T/F The choice of DNS transport protocol means a DNS request is automatically retried if it fails. Unix/Linux Network Diagnostic Tools ----------------------------------- These tools are helpful in diagnosing network problems. Please re-read the "Acceptable Use Warning" on the course home page. Note that at Algonquin College many/most network probe ports and protocols (even ping and traceroute) may be blocked and will *NOT* work. Sorry! Try them at home instead. arp - show/change MAC addresses currently known to this host ethereal - GUI packet sniffer fuser - (-n tcp, -n udp) list processes with open TCP or UDP ports mtr - ping-style traceroute: packet route diagnostic netcat (nc) - Network Swiss Army Knife: connect/listen to ports netstat -natup - list open and listening TCP and UDP connections and procs nmap - Network Mapper - port prober ping - ICMP echo generator/receiver tcpdump - command-line (non-GUI) packet sniffer telnet - TCP connection program: use when netcat is not available traceroute - packet route diagnostic host, dig - DNS resolvers - ifconfig, "ifconfig eth0" - show MAC, IP address, and network mask of each network interface - ifconfig may be in /sbin which may not be in your default $PATH - ip route (or "netstat -r -n" or "route -n") - show IP routing tables, including route to default gateway - arp, "arp -a" - show known (cached, with time-out) MAC addresses on local net - traceroute - using increasing small TTLs, find the route of an outgoing packet - may be blocked at Algonquin College - see also "mtr" for a nicer display (not available at Algonquin) - tcpdump (privileged under Linux - needs root permissions) - show the raw network activity on a network card - ethereal (privileged under Linux - needs root permissions) - show the raw network activity on a network card (GUI) Q: What Unix command shows the MAC, IP address, and network mask of each network interface? Q: What Unix command shows the machine's routing tables? Q: What Unix command shows the machine's ARP MAC address tables? Q: What Unix command traces the route a packet takes to a remote host? ----------------------------------------------------------------------------- Getting a machine on the net ---------------------------- At minimum, your machine needs two network parameters to be a good network citizen: 1. an IP address assigned to at least one connected network card 2. a network mask or prefix length, so you know which IP addresses are on the local net and which are not Q: What are the two minimum network parameters needed to allow your machine to talk on the local network? If you want to talk to more than your local network, you also need: 3. the IP address of a gateway machine (for off-net access) Naturally, the gateway machine must be on your local network! Q: What are the three minimum network parameters needed to allow your machine to talk to machines that are *not* on your local network? If you want to use names instead of IP addresses, you need: 4. addresses of DNS server(s) to resolve host names, and 5. a host name for your machine (fully qualified with a domain name) You can program your machine with all or some these things directly (static addressing); or, you can have your machine broadcast a request to see if some other machine on the network has its configuration info: DHCP, BOOTP(old), RARP The Unix "hostname" command shows and sets the machine host name. The Unix "ifconfig" command shows and sets IP addresses and network masks on interfaces. The "arp" command shows the current kernel table listing known (cached, with time-out) MAC addresses on the local network. It can also manage the ARP table and enter/remove addresses. "ARP requests" broadcast to the local network, requesting the MAC address that maches a particular IP address. 19:59:31.658132 arp who-has 192.168.1.251 tell 192.168.1.253 19:59:31.658469 arp reply 192.168.1.251 is-at 00:60:08:ce:43:02 19:59:33.542320 arp who-has 192.168.9.183 tell 192.168.9.251 19:59:33.542736 arp reply 192.168.9.183 is-at 00:19:5b:8c:90:b8 A "gateway" machine is a machine on your local network to which packets will be sent if your machine doesn't know where else to send them. (The packets are presumed to be destined for an off-network machine.) Without a gateway, your machine can only communicate with other machines on the local network segment (the local ARP domain). The "ip route" (Linux) or "route" (Unix) command shows you your routing tables, including the "default" route to your gateway machine: default via 192.168.9.253 dev eth0 src 192.168.9.251 metric 30 You can run your machine without defining any DNS servers, in which case you will have to use IP addresses (not names) for all hosts. If you want to use the DNS, the file /etc/resolv.conf ("man resolv.conf") contains definitions of your domain name and the IP addresses of your DNS servers. Your network broadcast address can be calculated from your IP and mask. Q: What Internet network access is possible without a DNS server? Q: What Internet network access is possible without a gateway machine? Q: What Internet network access is possible without a network mask? Q: I want my computer to talk to another computer on the same network as mine. What minimum network configuration do I need? Q: I want my computer to talk to another computer on a different network from mine. What minimum network configuration do I need?