Internet PC Networking

Wireshark is a very useful tool for the study of network protocol!

In my previous post on ARP, we have learned some basic about the ARP protocol. Let’s look more detail into the ARP request packet in this post.

When the MAC address for a next hop device is not found in the local ARP cache, a broadcast is sent out on the network, with a special format called the ARP request. The following diagram shows an example of an ARP request packet captured using Wireshark.

As shown in the diagram, the ARP packet is contained directly in an Ethernet packet and does not have an IP header. On Ethernet networks, these packets use an EtherType of 0×0806 as indicated in the Packet Details Pane of Wireshark.

As Ethernet protocol specification only assigns a single type value to ARP, an Ethernet frame that contains an ARP request or ARP response message will have the same type indicated. As such, the receiver must examine the Opcode field in the ARP packet to determine whether it is a ARP request or ARP response message.
Read the rest of this entry »

ICMP or Internet Control Message Protocol is one of the most important network protocols in TCP/IP protocol suite. The Internet Protocol is not designed to be absolutely reliable. As such, ICMP is designed to be used by networked computers‘ operating systems to send error messages to show that a requested service is not available or that a PC or router could not be reached.

In a TCP/IP network, every router on the network that forwards an IP datagram has to decrement the time to live (TTL) field of the IP header by one. When the TTL field reaches 0, an ICMP TTL exceeded in transit message is sent back to the source of the datagram. This attribute is utilized by many commonly used network utilities like traceroute and ping.

Basically, the traceroute command is implemented by sending UDP datagrams with specially set IP TTL header fields. When ICMP TTL reach 0 in transit, an ICMP “Destination unreachable” messages is generated. In the case of ping utility, it is implemented using the ICMP “Echo request” and “Echo reply” messages. In the following ping test example, the output of ping tells us that network connectivity to www.google.com is working. It also tells us the time each packet took to return.

C:\>ping www.google.com

Pinging www.l.google.com [216.239.61.104] with 32 bytes of data:

Reply from 216.239.61.104: bytes=32 time=13ms TTL=246
Reply from 216.239.61.104: bytes=32 time=11ms TTL=246
Reply from 216.239.61.104: bytes=32 time=12ms TTL=246
Reply from 216.239.61.104: bytes=32 time=10ms TTL=246

Ping statistics for 216.239.61.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 13ms, Average = 11ms

Read the rest of this entry »

A PC in an Ethernet network can communicate with another PC, if only it knows the Ethernet address (MAC address) of that PC. Address Resolution Protocol (ARP) is a network protocol uses to translate a PC’s IP address to physical (hardware) address. From OSI model point of view, ARP belongs to the OSI data link layer (Layer 2).

When a PC to resolve a given IP address to Ethernet address, an ARP request packet is broadcasted to the whole network. This ARP request packet contains the source MAC address, the source IP address and the destination IP address. Every PC in the local network receives this packet - whether it is connected to a hub or switch as this is a broadcast packet. This ARP request is then processed by all the PCs in the network and the PC with the specified destination IP address will send an ARP reply packet to the originating host with its MAC and IP address.

ARP maintains the mapping between IP address and MAC address in a table in memory called ARP cache. To display the current ARP entries, execute arp command with “-a” option.

C:\arp -a

Interface: 202.156.207.116 — 0×2
Internet Address Physical Address Type
202.156.200.1 00-30-b8-c7-d9-90 dynamic

Read the rest of this entry »

In an Ethernet network, every client, server and network device is wired to a hub or switch. However, what is the different between hub and switch?

In a word: intelligence. Answer this in short sentence: Hub versus Switch - Shared versus dedicated channels!

Technically hubs operate at the layer one (Physical Layer) of the OSI model. When a computer sends data on the network it sends it in packets. Each packet is labeled with a Source and Destination address, known as MAC address. Hub does not inspect traffic quality or verify packet integrity. Its job is very simple: When it receives a packet of data at one of its ports from a PC on the network, it transmits the packet to all of its ports and, thus, to all of the other PCs on the network. Every computer connected to the hub “sees” everything that every other computer on the hub sees. The total bandwidth is shared among the computers. This is a highly in-efficient use of your network bandwidth. However, there is no processing delay created by the hub because the hub, by definition, does no processing.

All network data a hub receives on one port will be immediately transmitted out all the other ports. If two or more PCs on the network try to send packets at the same time a collision is said to occur. As such each computer must take it’s turn before sending data. This is called half-duplex.
Read the rest of this entry »

Within the layer in the OSI Reference Model, the communication between layers higher than layer one is logical; the only hardware connection is at the physical layer. Communication take the form of some sort of message that is sent between corresponding software elements on two or more devices.

Since these messages are the mechanism for communicating information between protocols, they are most generally called protocol data units (PDUs).

In order for a protocol to communicate, it must pass down its PDU to the next lower layer for transmission. Lower layers in OSI model are said to provide services to the layers immediately above them. One of the services each layer provides is this function: to handle and manage data received from the layer above.

At any particular layer N, a PDU is a complete message that implements the protocol at that layer. However, when this “layer N PDU” is passed down to layer N-1, it becomes the data that the layer N-1 protocol is supposed to service. This layer N protocol data unit (PDU) is refered to as the layer N-1 service data unit (SDU).

The application or higher layer understands the structure of the data in the SDU, but the lower layer at the interface does not; it treats it as payload, undertaking to get it to the same interface at the destination. The job of layer N-1 is to transport this SDU, which it does in turn by placing the layer N SDU into its own PDU format, preceding the SDU with its own headers and appending footers as necessary. In this process, the entire contents of the higher-layer message are encapsulated as the data payload of the message at the lower layer. This process is called data encapsulation and takes place at each layer of the OSI reference model.

Layer N-1 will subsequently pass the PDU down to the next lower layer, where it is treated as a layer N-2 SDU. Layer N-2 creates a layer N-2 PDU containing the layer N-1 SDU and layer N-2’s headers and footers. This process will continue, all the way down to the physical layer. In the theoretical model, what you end up with is a message at layer 1 that consists of application-layer data that is encapsulated with headers and/or footers from each of layers 7 through 2.
Read the rest of this entry »

In computing, a protocol is a convention or standard that controls or enables the connection, communication, and data transfer between computing devices.

Modern network systems are made up of a variety of different systems running on many different platforms. In order for computers on these platforms to exchange information, there must be a preexisting agreement as to how the information will be structured and how each side will send and receive it.

Network engineers have written rules for communication that must be strictly followed for successful host-to-host communication. These include mechanisms for devices to identify and make connections with each other, as well as formatting rules that specify how data is packaged into messages sent and received. These rules apply to different layers of sophistication such as which physical connections to use, how hosts listen, how to interrupt, how to say good-bye, and in short how to communicate, what language to use and many others.

Some protocols also support message acknowledgment and data compression designed for reliable and/or high-performance network communication. Without a protocol, a transmitting computer, for example, could be sending its data in 32-bit packets while the receiving computer might expect the data in 8-bit packets.

A network protocol can also be defined as the rules or common language that governing the syntax, semantics, and synchronization of communication between network devices. Protocols may be implemented by hardware, software, or a combination of the two. At the lowest level, a protocol defines the behavior of a hardware connection.
Read the rest of this entry »

The OSI (Open Systems Interconnection) Seven Layer Network Reference Model is the basic for learning network infrastructure. It is an abstract description of computer network protocol design.

From top to bottom, the name of the layers are Application, Presentation, Session, Transport, Network, Data-Link, and Physical Layers.

Each layer provides services to the layer above it and receives services from the layer below it. For example, network layer (layer 3) will provide service for transport layer (layer 4) and receive service from layer 2, which is the data link layer.

The original Internet TCP/IP protocol specifications defined a four layer model (application, transport, network and physical).
Read the rest of this entry »

A digital certificate is a form of electronic credentials for the Internet. It is issued by a Certification Authority (CA). Basically a CA is an independent, recognized and mutually trusted third party that guarantees that the website operating is who it claims to be. When a CA issues digital certificates, it verifies that the owner is not claiming a false identity. There are many public Certification Authorities available today. Two examples of highly trusted CAs are VeriSign and Thawte.

Digital certificate technology is based on the theory of public key cryptography. The CA issues an encrypted digital certificate containing the applicant’s public key and a variety of other identification information. It contains version, your name, a serial number, expiration dates, signature algorithm identifier, issuer name, validity period, a copy of the certificate holder’s public key, and the digital signature of the issuing CA.

The recipient of an encrypted message uses the CA’s public key which is normally available on the Internet to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender’s public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.
Read the rest of this entry »

We pass a tremendous amount of information back and forth using internet browser to the Internet everyday. Basically most of the time, the protocol uses in this communication is HTTP or hypertext transfer protocol.

In HTTP, all data is transferred in clear text - data such as userid/password will be transmitted as clear text as well. This is a big issue as anyone can sniff these userid/password and gain access to your private information.

To prevent this we have to encrypt HTTP traffic, essentially HTTP + SSL or HTTPS. Anything transferred over HTTPS is encrypted and userid/passwd transmitted will not be easily deciphered. This in effect will protect user identities and passwords. Besides this, HTTPS will also protect credit card transactions during online consumer purchases. Having HTTPS implemented will also ensure that sensitive personal information are secured in transmission from web server to your browser. These are the reason for most of the e-commerce and banking site to implement HTTPS at their site.
Read the rest of this entry »

CUPS (Common UNIX Printing System) is the standards-based, open source printing system developed by Apple Inc. for Mac OS X and other UNIX-like operating systems.

The default installation of CUPS only enable you to manage it from localhost computer. However, if you are interested in remotely administering CUPS, you need to grant access from other systems than just localhost to the CUPS administration.

To do so, edit the /etc/cups/cupsd.conf and have it explicitly grant access to the systems you want. as for example, to grant access to the system with IP address of 10.0.0.1: Read the rest of this entry »