User Tools

Site Tools


linux:internet-protocol-suite-networking

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux:internet-protocol-suite-networking [2019/01/21 11:17] (current)
seanburns created
Line 1: Line 1:
 +<​markdown>​
 +# Internet Protocol Suite: Networking, Part 1
 +## Date: Mon Oct 8 2018
  
 +## Link Layer
 +
 +### ARP (Address Resolution Protocol)
 +
 +*ARP* or Address Resolution Protocol is used to map a network address like the
 +IP address to the ethernet address (MAC, Media Access Control address or
 +hardware address). Routers use ARP or MAC addresses to enable communication
 +inside networks (w/in subnets). ​
 +
 +Here's the output on my Ubuntu virtual machine (10.163.36.80) running on my
 +desktop:
 +
 +```bash
 +$ arp -e
 +Address ​                 HWtype ​ HWaddress ​          Flags Mask  Iface
 +_gateway ​                ​ether ​  ​28:​6f:​7f:​68:​92:​40 ​  ​C ​          ​enp0s3
 +10.163.36.13 ​            ​ether ​  ​fc:​4d:​d4:​39:​f8:​e8 ​  ​C ​          ​enp0s3
 +```
 +
 +And this displays any missing or substituted IP addresses (that is, we can see
 +that *gateway* is mapped to 10.163.36.1. And I just happen to know that
 +10.163.36.13 points to my physical desktop computer.
 +
 +```bash
 +$ arp -an
 +? (10.163.36.1) at 28:​6f:​7f:​68:​92:​40 [ether] on enp0s3
 +? (10.163.36.13) at fc:​4d:​d4:​39:​f8:​e8 [ether] on enp0s3
 +```
 +
 +## Internet Layer
 +
 +### IP (Internet Protocol)
 +
 +*IP* is a way to uniquely identify a host on a network. If that network is
 +subnetted, then a host's IP address will be a part of the subnet and not
 +exposed directly to the Internet.
 +
 +E.g., my IP address on my desktop is 10.163.36.13/​24 (``ip a``), via a wired
 +connection (eno1) and my neighbor'​s IP address is 10.163.36.65/​24. We're both
 +on the same subnet, but if we both, using our respective wired connected
 +computers, Google '​what'​s my IP address',​ then we both get back 128.163.8.25.
 +This is the same for the virtual machine I'm using that's running Ubuntu,
 +connected via a bridge network.
 +
 +Thus, w/o any additional information,​ all traffic coming from our computers and
 +going out to the Internet looks like it's coming from the same IP address
 +(128.163.8.25). And in reverse, all traffic coming from outside our network
 +first goes to 128.163.8.25 before it's routed to our respective computers.
 +
 +On the other hand, my laptop, just a few feet away from me, is connected to UK
 +wireless, and not wired, and has this IP address: 10.47.142.2/​16 (wlp3s0). You
 +can see there'​s a different pattern with this IP address, and later we'll learn
 +how we know that, as a result, this laptop is on an different subnet. In the
 +meantime, if I use a browser on this laptop and ask Google for my IP address,
 +it'll tell me: 128.163.237.14.
 +
 +### ICMP
 +
 +*ICMP* or Internet Control Message Protocol is a protocol used to send error
 +messages, e.g., to check if a host is down. When we use *ping*, we're using the
 +ICMP protocol.
 +
 +## Transport Layer
 +
 +*TCP* or Transmission Control Protocol is responsible for the transmission of
 +data and for making sure the data arrives at its destination w/o errors.
 +
 +*UDP* or User Datagram Protocol performs a similar function as TCP, but it
 +doesn'​t error check. If data is lost, then it's lost but it's still sent. UDP
 +is useful for conducting voice over internet calls or for streaming video, such
 +as through YouTube. In fact, YouTube uses a type of UDP transmission called
 +QUIC, which adds a level of encryption to the protocol. QUIC was developed by
 +Google.
 +
 +The above protocols, as well as others, each contain header information. The
 +first part of the header will contain source address, then comes destination
 +address, and so forth. Aside from a few other parts, this is the primary
 +information that an IP header contains.
 +
 +TCP and UDP headers will contain a bit more information,​ including port 
 +information for both source and destination,​ sequence (SYN) information for 
 +data packets, acknowledgment (ACK) information for the ACK number, as well as 
 +data and error checking if it's TCP.
 +
 +A *port* associates a process with a network service. Ports provide a way to
 +distinguish and filter all traffic through an IP address. E.g., all traffic
 +going to IP address X.X.X.X:80 indicates that this is http traffic for the http
 +service. Other common ports include:
 +
 +- 21: FTP
 +- 22: SSH
 +- 25: SMTP
 +- 53: DNS
 +- 143: IMAP
 +- 443: HTTPS
 +- 587: SMTP Secure
 +- 993: IMAP Secure
 +
 +There'​s a complete list on your Linux systems and it's located in the following
 +file:
 +
 +```bash
 +less /​etc/​services
 +```
 +
 +See also the Wikipedia page: [List of TCP and UDP port numbers][1]
 +
 +## Routing
 +
 +On my virtual machine on my desktop (bridge connection),​ I can see the network
 +information for my machine (some output removed / truncated for clarity):
 +
 +```bash
 +$ ip a
 +2: enp0s3: <​BROADCAST,​MULTICAST,​UP,​LOWER_UP>​ mtu 1500 qdisc fq_codel state UP group default qlen 1000
 +    link/ether 08:​00:​27:​f2:​36:​19 brd ff:​ff:​ff:​ff:​ff:​ff
 +    inet 10.163.36.80/​24 brd 10.163.36.255 scope global dynamic enp0s3
 +       ​valid_lft 685860sec preferred_lft 685860sec
 +    inet6 fe80::​a00:​27ff:​fef2:​3619/​64 scope link 
 +       ​valid_lft forever preferred_lft forever
 +```
 +
 +Alternatively:​
 +
 +```bash
 +$ ifconfig
 +enp0s3: flags=4163<​UP,​BROADCAST,​RUNNING,​MULTICAST> ​ mtu 1500
 +        inet 10.163.36.80 ​ netmask 255.255.255.0 ​ broadcast 10.163.36.255
 +        inet6 fe80::​a00:​27ff:​fef2:​3619 ​ prefixlen 64  scopeid 0x20<​link>​
 +        ether 08:​00:​27:​f2:​36:​19 ​ txqueuelen 1000  (Ethernet)
 +        RX packets 101740 ​ bytes 14652618 (14.6 MB)
 +        RX errors 0  dropped 356  overruns 0  frame 0
 +        TX packets 1784  bytes 178630 (178.6 KB)
 +        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 +```
 +
 +The above two commands report IP information a little different. ``ip a``
 +reports that my IP address is:
 +
 +``inet 10.163.36.80/​24``
 +
 +That information includes both the IP address, the netmask information,​ and the
 +broadcast information. That is, that ``/24`` is important info.
 +
 +With ``ifconfig``,​ the information is reported separately:
 +
 +- inet 10.163.36.80
 +- netmask 255.255.255.0
 +- broadcast 10.163.36.255
 +
 +We'll learn how to interpret this soon.
 +
 +Int the meantime, here's the routing table on my Ubuntu Bridge VM:
 +
 +```bash
 +$ ip route
 +default via 10.163.36.1 dev enp0s3 proto dhcp src 10.163.36.80 metric 100 
 +10.163.36.0/​24 dev enp0s3 proto kernel scope link src 10.163.36.80 ​
 +10.163.36.1 dev enp0s3 proto dhcp scope link src 10.163.36.80 metric 100
 +```
 +
 +And then on my physical machine:
 +
 +```bash
 +$ ip route
 +default via 10.163.36.1 dev eno1 proto dhcp metric 100
 +10.163.36.0/​24 dev eno1 proto kernel scope link src 10.163.36.13 metric 100
 +169.254.0.0/​16 dev eno1 scope link metric 1000
 +```
 +
 +Since both machines are on the same network, they both state the following path:
 +
 +1. all packets originating at 10.163.36.80 (for Ubuntu VM) or 10.163.36.13 (for
 +   ​physical machine) are routed through 10.163.36.1 on the subnet defined as
 +   ​10.163.36.0/​24.
 +2. In the second ``ip route`` output, you'll notice the IP address
 +   ​169.254.0.0/​16. This is called the [link-local][2] address. This is a local
 +   ​address that is assigned to a device in the absence of either static or
 +   ​dynamic IP assignment (via, e.g., a router).
 +
 +
 +The *ip* command is a relatively new command that is replacing other commands,
 +like *arp* and *ifconfig*. Read the man page in *ip* for more info, and compare
 +to this command, which gives the same info as above but organized a bit
 +differently:​
 +
 +```bash
 +$ route -n
 +Kernel IP routoing table
 +Destination ​    ​Gateway ​        ​Genmask ​        Flags Metric Ref    Use Iface
 +0.0.0.0 ​        ​10.163.36.1 ​    ​0.0.0.0 ​        ​UG ​   100    0        0 eno1
 +10.163.36.0 ​    ​0.0.0.0 ​        ​255.255.255.0 ​  ​U ​    ​100 ​   0        0 eno1
 +169.254.0.0 ​    ​0.0.0.0 ​        ​255.255.0.0 ​    ​U ​    ​1000 ​  ​0 ​       0 eno1
 +```
 +
 +In any case, we can put this information together, and say something like this:
 +
 +<pre>
 +10.163.36.13/​24 : subnet address / subnet mask
 +10.163.36.255 ​  : broadcast address
 +10.163.36.1 ​    : router/​gateway
 +169.254.0.0/​16 ​ : Link-local address
 +</​pre>​
 +
 +This all translates into:
 +
 +```
 +10.163.36.13 <​---->​ 10.163.36.0/​24 <---> 10.163.36.1 <---> 128.163.48.6
 + IP Address ​            ​Network ​          ​Gateway ​          ​Public
 +                        Subnet ​           Router ​           Router
 +                        Mask
 +```
 +
 +## Misc:
 +
 +Don't do this on a public network, but you can tell me what this means:
 +
 +```bash
 +$ png -b 10.163.36.255
 +WARNING: pinging broadcast address
 +PING 10.163.36.255 (10.163.36.255) 56(84) bytes of data.
 +
 +--- 10.163.36.255 ping statistics ---
 +3 packets transmitted,​ 0 received, 100% packet loss, time 2046ms
 +
 +$ arp -a
 +? (10.163.36.176) at 3c:​07:​54:​5a:​99:​0e [ether] on eno1
 +? (10.163.36.80) at 08:​00:​27:​f2:​36:​19 [ether] on eno1
 +? (10.163.36.19) at 00:​40:​58:​06:​b3:​fd [ether] on eno1
 +? (10.163.35.124) at e8:​39:​35:​8d:​bb:​03 [ether] on eno1
 +lcli-310.prt.uky.edu (10.163.36.41) at 00:​26:​73:​29:​fe:​25 [ether] on eno1
 +kls4mapprt.prt.uky.edu (10.163.36.6) at a4:​5d:​36:​b6:​1a:​34 [ether] on eno1
 +? (10.163.36.77) at 0c:​4d:​e9:​b8:​cd:​fc [ether] on eno1
 +? (10.163.36.92) at 00:​21:​b7:​5a:​19:​f6 [ether] on eno1
 +? (10.163.36.43) at 00:​21:​b7:​04:​50:​fc [ether] on eno1
 +? (10.163.36.49) at 0c:​4d:​e9:​98:​e9:​e8 [ether] on eno1
 +? (10.163.36.69) at 50:​9a:​4c:​7f:​47:​6d [ether] on eno1
 +? (10.163.36.8) at 48:​4d:​7e:​de:​bd:​c6 [ether] on eno1
 +? (10.163.36.31) at 68:​5b:​35:​cb:​b1:​da [ether] on eno1
 +_gateway (10.163.36.1) at 28:​6f:​7f:​68:​92:​40 [ether] on eno1
 +celt.prt.uky.edu (10.163.36.160) at 00:​26:​73:​1d:​e9:​99 [ether] on eno1
 +? (10.163.36.142) at 00:​3e:​e1:​c4:​4a:​a6 [ether] on eno1
 +? (10.163.36.95) at 78:​7b:​8a:​db:​9c:​b2 [ether] on eno1
 +```
 +
 +Here's how to disable and then enable a connection on a machine. Note that
 +**eno1** is the name of my network card/​device. You'd have to replace it with
 +the name of yours. If it's a wireless card, it should begin with a '​w':​
 +
 +```bash
 +sudo ip link set eno1 down
 +sudo ip link set eno1 up
 +```
 +
 +## IPv6 subnetting
 +
 +We're not going to get into subnetting with IPv6, but if you're interested,
 +this is a nice article:
 +
 +[IPv6 subnetting overview][3]
 +
 +[1]:​https://​en.wikipedia.org/​wiki/​List_of_TCP_and_UDP_port_numbers
 +[2]:​https://​tools.ietf.org/​html/​rfc3927.html
 +[3]:​https://​supportforums.cisco.com/​document/​66991/​ipv6-subnetting-overview-and-case-study
 +</​markdown>​
linux/internet-protocol-suite-networking.txt ยท Last modified: 2019/01/21 11:17 by seanburns