| Introduction to TCP/IP |
|
| Introduction to TCP/IP |
|
| Everyone knows that TCP/IP is a network protocol used on LANs, WANs and the Internet, but not everyone who uses it understands how it works. |
|
| It’s possible to use TCP/ IP with little more than a knowledge of how to configure the protocol stack, but a better understanding will give you a clearer picture of what is going on in your network and why the protocol needs to be set up in a particular way. |
|
| What is TCP/IP? |
|
| TCP/IP stands for Transmission Control Protocol/Internet Protocol. If this leads you to think that it is not just one protocol, you’re right. In fact, it is not just two protocols, either.TCP/IP is a suite of protocols. |
|
| The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. |
|
| It has also been referred to as the TCP/IP protocol suite, which is named after two of the most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first two networking protocols defined. |
|
| Today's IP networking represents a synthesis of two developments that began in the 1970s, namely LANs (Local Area Networks) and the Internet, both of which have revolutionized computing. |
|
| The Internet protocol suite — like many protocol suites — can be viewed as a set of layers. Each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. |
|
| Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted. The original TCP/IP reference model consists of 4 layers, but is now viewed by many as a 5-layer model. |
|
| No IETF standards-track document has accepted a five-layer model, and IETF documents indeed deprecate strict layering of all sorts. |
|
| Given the lack of acceptance of the five-layer model by the body with technical responsibility for the protocol suite, it is not unreasonable to regard five-layer presentations as teaching aids, possibly to make the IP suite architecture more familiar to those students who were first exposed to OSI layering. |
|
| Network Layer |
|
| The next layer up from the link layer is called the network layer. The most important protocol at this level is IP, the Internet Protocol. Its job is to send packets or datagrams - a term which basically means “blocks of data” - from one point to another. It uses the link layer protocol to achieve this. |
|
| Both the network layer and the link layer are concerned with getting data from point A to point B. However, whilst the network layer works in the world of TCP/ IP, the link layer has to deal with the real world. Everything it does is geared towards the network hardware it uses. |
|
| An IP address is a “soft” address. It is a bit like calling your office block “Pan- Galactic House” instead of its real address, 2326 Western Boulevard. The former is no use to the postman who has to deliver the letters, unless he can use it to find out the latter. |
|
| The link- layer Ethernet protocol needs to know the unique hardware address of the specific network adapter it has to deliver the message to and, in case of an error, the address of the one it came from. |
|
| To make this possible, the TCP/ IP protocol suite includes link- layer protocols which convert between IP and hardware addresses. The Address Resolution Protocol (ARP) finds out the physical address corresponding to an IP address. It does this by broadcasting anARP request on the network. |
|
| When a host recognises an ARP request containing its own IP address, it sends an ARPreply containing its hardware address. There is also a Reverse ARP (RARP) protocol. This is used by a host to find out its own IP address if it has no way of doing this except via the network. |
|
| Internet Protocol |
|
| IP is the bedrock protocol of TCP/ IP. Every message and every piece of data sent over anyTCP/ IP network is sent as an IP packet. IP’s job is to enable data to be transmitted across and between networks. Hence the name: inter- net protocol. |
|
| In a small LAN, it adds little to what could be achieved if the network applications talked directly to Ethernet. If every computer is connected to the same Ethernet cable, every message could be sent directly to the destination computer. |
|
| Once you start connecting networks together, however, direct Ethernet communication becomes impractical. At the application level you may address a message to a computer on the far side of the world, but your Ethernet card can’t communicate with the Ethernet card on that computer. |
|
| Physical Ethernet limitations would prevent it, for a start. It would, in any case, be undesirable for every computer in the world to be connected to one big network. Every message sent would have to be heard by every computer, which would be bedlam. |
|
| Instead, inter- net communications take place using one or more “hops”. Your Ethernetcard will communicate with another Ethernet device on the route to the final destination.Routing is the important capability that IP adds to a hardware network protocol. Before we come to it, we will look at some other features of IP. |
|
|
|
|
|
| Introduction to TCP/IP |
|
| Architecture of TCP/IP |
|
| Layered Protocol |
|
| Like most network protocols, TCP/ IP is a layered protocol. Each layer builds upon the layer below it, adding new functionality. The lowest level protocol is concerned purely with the business of sending and receiving data - any data - using specific network hardware. |
|
| At the top are protocols designed specifically for tasks like transferring files or delivering email. In between are levels concerned with things like routing and reliability. |
|
| The benefit that the layered protocol stack gives you is that, if you invent a new network application or a new type of hardware, you only need to create a protocol for that application or that hardware: you don’t have to rewrite the whole stack. |
|
| Link Layer |
|
| TCP/IP is a four- layer protocol. The lowest level, the link layer, is implemented within the network adapter and its device driver. Like all the TCP/ IP protocols, it is defined by standards. The standards for generic Ethernet- type networks are defined by the IEEE 802Committee: for example, IEEE 802.3 for Ethernet networks, or IEEE 802.5 for Token Ring networks. |
|
| Other link layer protocols that could be used include Serial Line IP (SLIP) or Point- to- Point Protocol (PPP), which are used when connecting to a network over an asynchronous dial- up link. |
|
| Since Ethernet is the most common type of network, we will look at it in a bit more detail. The Ethernet protocol is designed for carrying blocks of data called frames. A frame consists of a header containing 48- bit hardware destination and source addresses (which identify specific network adapters), a 2- byte length field, and some control fields. |
|
| There follows the data, and then a trailer which is simply a 32- bit cyclic redundancy check (CRC) field. The data portion of an Ethernet frame must be at least 38 bytes long, so filler bytes are inserted if necessary. |
|
| All this means that frames are at least 64 bytes long, even if they carry only one byte of user data: a significant overhead in some types of application. |
|
| Frames also have a maximum size. Less headers, the maximum size for an Ethernet frame is 1492 bytes, which is the maximum transmission unit (MTU) for Ethernet. |
|
| All link layer protocols have an MTU. It is one hardware characteristic that the higher- level protocol needs to be aware of, because larger blocks of data must be fragmented into chunks that fit within the MTU and then reassembled on arrival at their destination. |
|
| Network Layer |
|
| The next layer up from the link layer is called the network layer. The most important protocol at this level is IP, the Internet Protocol. Its job is to send packets or datagrams - a term which basically means “blocks of data” - from one point to another. It uses the link layer protocol to achieve this. |
|
| Both the network layer and the link layer are concerned with getting data from point A to point B. However, whilst the network layer works in the world of TCP/ IP, the link layer has to deal with the real world. Everything it does is geared towards the network hardware it uses. |
|
| An IP address is a “soft” address. It is a bit like calling your office block “Pan- Galactic House” instead of its real address, 2326 Western Boulevard. The former is no use to the postman who has to deliver the letters, unless he can use it to find out the latter. |
|
| The link- layer Ethernet protocol needs to know the unique hardware address of the specific network adapter it has to deliver the message to and, in case of an error, the address of the one it came from. |
|
| To make this possible, the TCP/ IP protocol suite includes link- layer protocols which convert between IP and hardware addresses. The Address Resolution Protocol (ARP) finds out the physical address corresponding to an IP address. It does this by broadcasting anARP request on the network. |
|
| When a host recognizes an ARP request containing its own IP address, it sends an ARPreply containing its hardware address. There is also a Reverse ARP (RARP) protocol. This is used by a host to find out its own IP address if it has no way of doing this except via the network. |
|
| Internet Protocol |
|
| IP is the bedrock protocol of TCP/ IP. Every message and every piece of data sent over any TCP/ IP network is sent as an IP packet. |
|
| IP’s job is to enable data to be transmitted across and between networks. Hence the name: inter- net protocol. In a small LAN, it adds little to what could be achieved if the network applications talked directly to Ethernet. If every computer is connected to the same Ethernet cable, every message could be sent directly to the destination computer. |
|
| Once you start connecting networks together, however, direct Ethernet communication becomes impractical. At the application level you may address a message to a computer on the far side of the world, but your Ethernet card can’t communicate with the Ethernet card on that computer. Physical Ethernet limitations would prevent it, for a start. It would, in any case, be undesirable for every computer in the world to be connected to one big network. Every message sent would have to be heard by every computer, which would be bedlam. |
|
| Instead, inter- net communications take place using one or more “hops”. Your Ethernet card will communicate with another Ethernet device on the route to the final destination. Routing is the important capability that IP adds to a hardware network protocol. Before we come to it, we will look at some other features of IP. |
|
| TCP/IP is most commonly associated with the UNIX operating system. While developed separately, they have been historically tied, since 4.2BSD UNIX started bundling TCP/IPprotocols with the operating system. Nevertheless, TCP/IP protocols are available for all widely-used operating systems today and native TCP/IP support is provided in OS/2,OS/400, and Windows 9x/NT/2000, as well as most Unix variants. |
|
| Figure shows the TCP/IP protocol architecture; this diagram is by no means exhaustive, but shows the major protocol and application components common to most commercialTCP/IP software packages and their relationship. |
|
 |
|
|
|
|
|
| Introduction to TCP/IP |
|
| What TCP/IP provides |
|
| Features of IP |
|
| IP is a connectionless protocol. This means that it has no concept of a job or a session. Each packet is treated as an entity in itself. IP is rather like a postal worker sorting letters. He is not concerned with whether a packet is one of a batch. He simply routes packets, one at a time, to the next location on the delivery route. |
|
| IP is also unconcerned with whether a packet reaches its eventual destination, or whetherpackets arrive in the original order. There is no information in a packet to identify it as part of a sequence or as belonging to a particular job. Consequently, IP cannot tell if packets were lost or whether they were received out of order. IP is an unreliable protocol. Any mechanisms for ensuring that data sent arrives correct and intact are provided by the higher- level protocols in the suite. |
|
| Packets |
|
| An IP packet consists of the IP header and data. The header includes a 4- bit protocol version number, a header length, a 16- bit total length, somecontrol fields, a header checksum and the 32- bit source and destination IP addresses. This totals 20 bytes in all. |
|
| However, the protocol field is important. It identifies which higher- level TCP/ IP protocol sent the data. When data arrives at its destination (either the packet’s destination address equals the host’s own IP address, or it is a broadcast address) this field tells IP which protocol module to pass it on to. |
|
| One control field, the time-to-live (TTL) field, is interesting. It is initialised by the sender to a particular value, usually 64, and decremented by one (or the number of seconds it is held on to) by every router that the packet passes through. |
|
| When it reaches zero the packet is discarded and the sender notified using the InternetControl Message Protocol (ICMP), a network layer protocol for sending network- related messages. |
|
| The TTL field is a safety mechanism which prevents packets from travelling the Internet forever in routing loops. It is exploited in a novel way by the Traceroute diagnostic tool. |
|
| Although the total field length in the IP protocol header is 16 bits, IP packets are usually much smaller than the 64 KB maximum this implies. For one thing, the link layer will have to split this into smaller chunks anyway, so most of the efficiency advantages of sending data in large blocks is lost. |
|
| For another, IP standards did not historically require a host to accept a packet of more than576 bytes in length. Many TCP/ IP applications limit themselves to using 512- byte blocks for this reason, though today most implementations of the protocol aren’t so restricted. |
|
|
|
|
|
| Introduction to TCP/IP |
|
| IP Addressing |
|
| To deliver data between two Internet hosts, it is necessary to move data across the network to the correct host, and within that host to the correct user or process. |
|
| TCP/IP uses three schemes to accomplish these tasks: |
|
| • Addressing : IP addresses deliver data to the correct host. |
|
| • Routing : Gateway deliver data to the correct network. |
|
| • Multiplexing : Protocol and port numbers deliver data to the correct software module within the host. |
|
| Each of these functions is necessary to send data between two co-operating applications across the Internet. |
|
| IP Host Address: |
|
| The Internetwork Protocol identifies hosts with a 32-bit number called IP address or a host address. To avoid confusion with MAC addresses, which are machine or station addresses, the term IP address will be used to designate this kind of address. IP addresses are written as four dot-separated decimal numbers between 0-255. |
|
| IP addresses must be unique among all connected machines (are any hosts that you can get over a network or connected set of networks, including your local area network, remote offices joined by the company's wide-area network, or even the entire Internet community). |
|
| The Internet Protocol moves data between the hosts in the form of datagrams. Each datagram is delivered to the address contained in the destination address of the datagrams header. The Destination Address is a standard 32-bit IP address that contains sufficient information to uniquely identify a network and a specific host on that network. |
|
| If your network is connected to the Internet, you have to get a range of IP addresses assigned to your machines through a central network administration authority. The IP address uniqueness requirement differs from the MAC addresses. |
|
| IP addresses are unique only on connected networks, but machine MAC addresses are unique in the world, independent of any connectivity. Part of the reason for the difference in the uniqueness requirement is that IP addresses are 32-bits, while MAC addresses are 48-bits, so mapping every possible MAC address into an IP address requires some overlap. |
|
| Of course, not every machine on a Ethernet is running IP protocols, so the many-to-one mapping isn't as bad as the numbers might indicate. There are a variety of reasons why the IP address is only 32 bits, while the MAC address is 48 bits, most of which are historical. |
|
| Since the network and data link layer use different addressing schemes, some system is needed to convert or map the IP addresses to the MAC addresses. Transport-layer services and user processes use IP addresses to identify hosts, but packets that go out on the network need MAC addresses. |
|
| The Address Resolution Protocol (ARP) is used to convert the 32-bit IP address of a host into its 48-bit MAC address. When a hosts wants to map an IP address to a MAC address, it broadcasts an ARP request on the network, asking for the host using the IP address to respond. |
|
| The host that sees its own IP address in the request returns its MAC address to the sender. With a MAC address, the sending host can transmit a packet on the Ethernet and know that the receiving host will recognise it. |
|
| IP Address Classes: |
|
| An IP address contains a network part and a host part, but the format of these parts in not the same in every IP address. |
|
 |
|
| IP address classes. |
|
| Not all network addresses or host addresses are available for use. The class A addresses, 0 and 127, that are reserved for special use. Network 0 designates the default route (is used to simplify the routing information that IP must handle) and network 127 is the loopback address (simplifies network applications by allowing the local host to be addressed in the same manner as a remote host). We use the special network addresses when configuring a host. |
|
| There are also some host addresses reserved for special use. In all network classes, host number 0 and 255 are reserved. An IP address with all host bits set to zero identifies the network itself. |
|
| Addresses in this form are used in routing table listings to refer to entire networks. An IP address with all bits set to one is a broadcast address (is used to simultaneously address every host on a network). A datagram sent to this address is delivered to every individual host on that network. |
|
| IP uses the network portion of the address to route the datagram between networks. The full address, including the host information, is used to make final delivery when the datagram reaches the destination network. |
|
 |
|
| Host communication on a local network. |
|
| Subnets: |
|
| The standard structure of an IP address can be locally modified by using host address bits as additional network address bits. Essentially, the dividing line between network address bits and host bits is moved, creating additional networks, but reducing the maximum number of hosts that can belong to each network. |
|
| These newly designed network bits define a network within the larger network, called asubnet. Subnetting allows decentralised management of host addressing. |
|
| With the standard addressing scheme, a single administrator is responsible for managing host addresses for the entire network. By subnetting, the administrator can delegate address assignment to smaller organisations within the overall organisation. |
|
| Subnetting can also be used to overcome hardware differences and distance limitations. IP routers can link dissimilar physical networks together, but only if each physical network has its own unique network address. Subnetting divides a single network address into many unique subnet addresses, so that each physical network can have its own unique address. |
|
 |
| IP addresses with and without subnetting. |
|
| A subnet is defined by applying a bitmask, the subnetmask, to the IP address. If a bit is on the mask, that equivalent bit in the address is interpreted as a network bit. |
|
| If the bit in the mask is off, the bit belongs to the host part of the address. The subnet is only known locally. To the rest of the Internet, the address is still interpreted as a standard IP address. |
|
 |
|
| Host communication with subnetting. |
|
|
|
|
|
| Introduction to TCP/IP |
|
| Physical Addressing |
|
| In computer networking a Media Access Control address (MAC address) or EthernetHardware Address (EHA) or hardware address or adapter address is a quasi-unique identifier attached to most network adapters (NICs). |
|
| It is a number that acts like a name for a particular network adapter, so, for example, the network cards (or built-in network adapters) in two different computers will have different names, or MAC addresses, as would an Ethernet adapter and a wireless adapter in the same computer, and as would multiple network cards in a router. However, it is possible to change the MAC address on most of today's hardware. |
|
|
|
|
|
|
| Advanced TCP/IP |
|
| Components of TCP/IP |
|
| Many of the descriptions included in this section are intended to give you only the basic. |
|
| Internet Protocol (IP): |
|
| IP is responsible for several tasks, most importantly determining a route to the description. In addition, IP is responsible for the packing of messages into small network-transportable packets, called datagrams. |
|
| IP is used with almost all TCP protocols, sitting at the bottom of the TCP protocol stack just above the network-layers. IP has no control over whether messages sent and received are intact. All IP does is handle the sending and receiving, leaving it up to the next higher layer, usually TCP or UDP, to take care of any problems that occur with lost or damaged data. |
|
| Internet Control Message Protocol (ICMP): |
|
| ICMP is a special form of IP used to handle error and status messages between IP layers on different machines. Whenever one IP layer has to send information to another, it uses ICMP. |
|
| Also, whenever IP software detects an error of some sort, it uses ICMP to send reports to the other machine. Probably the most common use of ICMP is for the ping command, which checks whether a machine is responsive by sending a small ICMP message to the machine and waiting for a reply. |
|
| Transmission Control Protocol (TCP): |
|
| TCP is used primarily to verify that whatever was sent by the sending machine is received intact by the destination. TCP is called a reliable delivery protocol, meaning that it makes sure everything sent was received properly. |
|
| TCP adds a header to the front of each message that contains checksums, numbering, and other reliability information to ensure that every packet sent is received without modification. If there is a transmission problem, TCP takes care of resending the information. |
|
| TCP sits between the application and the IP layer on each machine, acting as a packaging layer for application data and a delivery mechanism of sending packets to an application. TCP usually runs with IP, but it can work with other protocols. |
|
| TCP is a connection-based protocol, meaning that the sending and the destination machines communicate with each other by sending status messages back and forth. If the connection is lost because of routing problems or machine failures, errors are sent to the applications that use TCP. |
|
| Some service use TCP to maintain a connection between two machines, notably FTP or Telnet, both of which enable you to move files and commands back and forth between two machines as if you were logged into both at the same time. |
|
| User Datagram Protocol (UDP): |
|
| UDP is an alternative to TCP. It is a connection-less protocol, meaning that the sending and receiving machine are not constantly connected to each other. They can send status messages back and forth to indicate reception of packets, but there is no constant connection maintained. |
|
| UDP is used by services that do not require a connection, such as the TFTP, DNS, NFS, and RPC. Because of the lack of a connection, UDP is often thought of as a less reliable delivery protocol than TCP, although other protocols can pick up the tasks that TCP offers. UDP sits in the layer between the applications and IP. UDP usually uses IP to handle its packets. |
|
| Telnet: |
|
| The Telnet service provides a remote login capability. This lets a user on one machine log into another machine and act as if they are directly in front of the second machine. |
|
| The connection can be anywhere on the local network, or on another network anywhere in the world, as long as the user has permission to log into the remote system. Telnet uses TCP to maintain a connection between two machines. |
|
| File Transfer Protocol (FTP): |
|
| FTP enables a file on one system to be copied to another system. Users don't actually log in as full users to the machine they want to access but instead use the FTP service to provide access. The remote machine must be set up with the permissions necessary to provide the user access to the files. |
|
| FTP uses TCP to create and maintain a connection between source and destination machines. Once the connection to a remote machine has been established, FTP enables you to copy one or more files to your machine. |
|
| The term transfer implies that the file is moved from one system to another, but the original is not affected, files are copied from one system to another. |
|
| Simple Mail Transfer Protocol (SMTP): |
|
| SMTP is one protocol used for transferring electronic mail. Transparent to the user. SMTP connects to different machines and transfers mail messages, much like FTP transfers files. |
|
| Domain Name System (DNS): |
|
| DNS enables a device with a common name to be converted to a special network address. DNS provides the conversion from a common local name to the unique physical address of the device's network connection. |
|
| Simple Network Management Protocol (SNMP): |
|
| SNMP is a network management protocol. SNMP uses UDP as a transport mechanism. SNMP relies on several terms from TCP/IP standard specifications, working with managers and agents instead of clients and servers. An agent provides information about a device, whereas a manager communicates across the network. |
|
| Network File Server (NFS): |
|
| NFS is used to transparently enable multiple machines to access each other's directories. NFS accomplishes this by using a distributed filesystem scheme. NFS systems are common in large corporate environments. |
|
| Remote Procedure Calls (RPC): |
|
| RPC are programming functions that enable an application to communicate with another machine, the server. They provide the programming functions, return codes, and predefined variables to support distributed computing. |
|
| Trivial File Transfer Protocol (TFTP): |
|
| TFTP is a very simple, unsophisticated file transfer protocol that lacks ant security. It uses UDP as a transport. Although not as sophisticated or as fast as FTP, TFTP can be used on many systems that do not enable FTP access. In some ways, TFTP can be analogous to an e-mail message requesting and receiving a file instead of a text body. |
|
| BOOT Protocol (BOOTP): |
|
| The BOOT Protocol, called BOOTP, is used to start up machines on a network that do not have their own hard drives or storage devices containing operating systems and network information. BOOTP is used for X-terminals and other diskless workstations. |
|
| Address Resolution Protocol (ARP): |
|
| ARP is one of several protocols that helps determine addresses on a network. ARP works with IP to set routes to a destination. ARP converts an IP address to a network interface hardware address. |
|
| Reverse address Resolution Protocol (RARP): |
|
| RARP as its name suggest, is the reverse process of ARP. RARP uses a network interface hardware address and from that produces the IP address, whereas ARP produces the IP address from the hardware address. |
|
| Network Time Protocol (NTP): |
|
| NTP is used to synchronise clocks across a network. This is important because many packets have a prespectified amount of time to reach their routes. If a clock on one machine is inaccurate, the timers in the packet might expire prematurely. Time is also used to build efficient routing tables that let IP determine the fastest route to a destination. |
|
|
|
|
|
| Advanced TCP/IP |
|
| TCP/IP Family of Protocols |
|
| The protocols that make up the TCP/IP family can be divided into groups of similar functionality for convenience. |
|
 |
| TCP/IP family tree |
|
| Transport: |
|
| Protocols that control the movement of data between two machines. |
|
| • TCP (Transport Control Protocol): A connection-based service, meaning that the sending and receiving machines are communicating with each other at all times. |
|
| • UDP (User Datagram Protocol): A connection-less service, meaning that the two machines are not communicating with each other. |
|
| Routing: |
|
| Protocols that handle the addressing of data and determine the best routing to the destination. They also handle the breaking up and reassemble of larger messages. |
|
| • IP (Internet Protocol): Handles the actual transmission of data. |
|
| • ICMP (Internet Control Message Protocol): Handles status messages for IP, such as errors and network changes that can affect routing. |
|
| • RIP (Routing Information Protocol): One of several protocols that determines the best routing method. |
|
| • OSPF (Open Shortest Path First): An alternate protocol for determining routing. |
|
| Network Address: |
|
| These protocols handle the way machines are addressed, both by a unique number and a more common symbolic name. |
|
| • ARP (Address Resolution Protocol): Determines the unique numeric addresses of the machine on the network. |
|
| • DNS (Domain Name System): Determines numeric addresses from machine names. |
|
| • RARP (Reverse Address Resolution Protocol): Determines addresses of machines on the network, but in a manner backward from ARP. |
|
| User services: |
|
| These are applications to which users have direct access. |
|
| • BOOTP (BOOT Protocol): Starts up a network machine by reading the boot information from a server. |
|
| • FTP (File Transfer Protocol): Transfers files from one machine to another without excessive overhead. Uses TCP as the transport. |
|
| • TFTP (Trivial File Transfer Protocol): A simple file transfer method that uses UDP as the transport. |
|
| • Telnet: Enables remote logins so that users on one machine can connect to another machine and behave as if they are sitting at the remote machine's keyboard. |
|
| Gateway Protocols: |
|
| These protocols help the network communicate routing and status information. |
|
| • EGP (Exterior Gateway Protocol): Transfers routing information for external networks. |
|
| • GGP (Gateway-to-Gateway Protocol): Transfers routing information between Internet gateways |
|
| • IGP (Interior Gateway Protocol): Transfer routing information for internal networks. |
|
| Others: |
|
| Services that don't fall into any of the preceding categories. |
|
| • NFS (Network File System): Enables directories on one machine to be mounted on another machine, then accessed by users as if they were on the local machine. |
|
| • NIS (Network Information Service): Maintains user accounts across networks simplifying logins and password maintenance. |
|
| • RPC (Remote Procedure Call): Enables remote applications to communicate with each other using function calls. |
|
| • SMTP (Simple Mail Transfer Protocol): A protocol for transferring electronic mail between machines. |
|
| • NTP (Network Time Protocol): Used to synchronise clocks of machines on a network. |
|
| • SNMP (Simple Network Management Protocol): An administrator's service that sends status messages about the network and devices attached to it. |
|
|
|
|
|
| More about TCP/IP |
|
| Troubleshooting |
|
| Introduction |
|
| • Resolving most problems requires a methodical approach and the application of your knowledge of TCP/IP and of your network. |
|
| • TCP/IP is a four-layer hierarchy. Problems seen by the user in the Application Layer may be caused by problems in the lower layers. |
|
| • IP requires that each system have a globally unique, software-defined address. IP uses the address to move data through networks and through the layers of software in a host. Unlike networks that use hardware addresses, IP relies on the system administrator to define the correct address. Problems are frequently caused by configuration errors. |
|
| • Routing is required to deliver data between any two systems that are not directly connected by the same physical network. Subnetting divides a network into separate physical networks so that routing may even be required within a single enterprise network. |
|
| Tree steps in tracking down the real problem are |
|
| • Gather information when the problem is reported, ask the user several questions. What application failed! What is the address and hostname of the remote computer? What is the address and the hostname of the user's computer? What error message was displayed? If possible, have the user verify the problem by running the application while you talk trough it. If possible, duplicate the problem yourself. |
|
| • Run preliminary tests using another application, such as PING. Check if the problem occurs in other applications on the user's host. Check if the user's problem occurs with only one remote host, with all remote hosts, or only with hosts off the user's subnet. Check if the problem occurs on other local systems or just on the user's system. Does it fail from your system? How about from other systems on the user's subnet? |
|
| • Visualise each protocol and device that handles the user's data. If the problem occurs on some systems and not others, think about difference in the path that data takes from those systems. Think about where and how things could go wrong, to avoids oversimplifying the problem. It also highlights the areas that are most likely cause the user's problem. The problem can be anywhere in the path you visualise. |
|
| Some hints on analysing the test results are: |
|
| • If only one application is having a problem, the application may misconfigured. If the same application fails on different local hosts, but only when connecting to a specific remote host, the application may not be available on the remote host. |
|
| If the application that fails is from a different source than the TCP/IP protocol stack, e.g., a commercial protocol stack and a freeware application, the application and the stack may not be compatible. |
|
| The last condition is particularly prevalent in Windows 3.1 and 3.11 when the application is designed for a specific WINSOCK.DLL and a different one is used by the stacks. |
|
| • If problems occur on all local PC’s, regardless of the application or the remote host they are connecting to, the problem is in one of the devices that connects the network to the outside world. |
|
| If the problem only occurs on systems on a single subnet, the problem is in the device that connects the subnet to the rest of your network. If the problem only occurs on one PC, that PC is probably misconfigured. Check its configuration. If it appears okay, take your laptop and check the network link. |
|
| • Pay attention to the error messages. Error messages are often vague, but they contain valuable pointers to the underlying problem. |
|
| • The error Unknown host indicates a name server problem. If other computers resolve the name correctly, the user's PC is probably misconfigured. If no system resolves the name correctly, the name the user has may be wrong or the name server may be misconfigured. Have the user try to connect with the numeric address. |
|
| • The error Network unreachable indicates a routing problem. It means that there is no route to the remote host. If no system can reach it, the remote site might be down. If only the user's PC has the problem, check the PC's routing configuration. |
|
| • The error Cannot connect or No answer or Connection timed out means that the remote system is not responding. Either the remote system is down or a link between the user's PC and the remote system is down. If the user is trying to connect using a numeric address, it could mean that the user has the wrong address. Ask him/her to use the remote system's hostname. |
|
| Troubleshooting TCP/IP |
|
| Deals with the unexpected. Network problems are usually unique and sometimes difficult to resolve. Troubleshooting is an important part of maintaining a stable, reliable network service. Effective troubleshooting requires a methodical approach to the problem, and a basic understanding of how the network works. |
|
| The key to solving a problem is understanding what the problem is. This is not as easy as it may seem. The surface problem is sometimes misleading, and the real problem is frequently obscured by many layers of software. When the true nature of the problem is understood, the solution of the problem is often obvious. |
|
| Approaching a Problem: |
|
| • Gather detailed information about exactly what's happening. When the first problem is reported, talk to the user. Find out which application failed. What is the remote host's name and IP address? What is the user's hostname and address? |
|
| What error message was displayed? If possible, verify the problem by having the user run the application while you talk him/her through it. If possible, duplicate the problem on your own system. |
|
| • Does the problem occur in other applications on the user's host, or is only one application having trouble? If only one application is involved, the application may be misconfigured or disabled on the remote host. Because of rising security concerns, more and more systems are disabling some services. |
|
| • Does the problem occur with only one remote host, all remote hosts, or only certain groups of remote hosts? If only one remote host is involved, the problem could easily be with that host. If all remote hosts are involved, the problem is probably with the user's system. If only hosts on certain subnets or external networks are involved, the problem may be related to routing. |
|
| • Does the problem occur on other local systems? Make sure you check other systems on the same subnet. If the problem only occurs on the user's host, concentrate testing on that system. If the problem affects every system on a subnet, concentrate on the router for that subnet. |
|
| Once you know the symptoms of the problem, visualise each protocol and device that handles the data. Visualising the problem will help you avoid oversimplification, and keep you from assuming that you know the cause even before you start testing. |
|
| Troubleshooting Hints: |
|
| • Approach problems methodically, don't jump into another test scenario based on a hunch, without ensuring that you can pick up your original test scenario where you left off. |
|
| • Keep a historical record of the problems in case it reappears. |
|
| • Don't assume a problem seen at the application level is not caused by a problem at a lower level. |
|
| • Test each possibility and base your actions on the evidence of the tests. |
|
| • Pay attention to error messages. |
|
| • Duplicate the reported problem yourself. |
|
| • Most problems are caused by human errors. |
|
| • Keep your users informed, users want solutions to their problems, they're not interested in speculative techno-babble. |
|
| • Don't speculate about the cause of the problem while talking to the users. |
|
| • Stick to a few simple troubleshooting tools. |
|
| • Don't neglect the obvious, a loose Ethernet cable is a very common network problem. Check plugs, connectors, cables, and switches. |
|
| • Small things can cause big problems. |
|
| Diagnostic tools: |
|
| Most network problems can be solved using the free diagnostic software. Large networks probably need a network analyser, or at least a hardware tester such as a Time Domain Reflectometer (TDR). |
|
ifcongif : Provides information about the basic configuration of the
interface. It is useful for detecting bad IP addresses,
incorrect subnet masks, and improper broadcast addresses.
arp : Provides information about Ethernet/IP address translation.
It can be used to detect systems on the local network that
are configured with the wrong IP address.
netstat : Provides a variety of information. It is commonly used to
display detailed statistics about each network interface,
network sockets, and the network routing table.
ping : Indicates whether a remote host can be reached.
nslookup : Provides information about the DNS name service.
dig : Provides information about name service.
ripquery : Provides information about the contents of the RIP update
packet being sent or received by your system.
traceroute: Tells you which route packets take going from your system
to a remote system. Information about each hop is printed.
etherfind : Analyses the individual packets exchanged between hosts on
the network. It is most useful for analysing protocol
problems.
|
|
| Testing Basic Connectivity: |
|
| The ping command tests whether a remote host can be reached from your computer. This simple function is extremely useful for testing the network connection, independent of the application in which the original problem was detected. |
|
| Ping allow you to determine whether further testing should be directed toward the network connection (the lower layers) or the application (the upper layers). If ping shows that packets can travel to the remote system and back, the user's problem is probably in the upper layers. If packets can't make the round-trip, lower protocol layers are probably at fault. |
|
|
|
|
|
| More about TCP/IP |
|
| Abbreviations |
|
| Word Meaning |
AC Access Control
ACK Acknowledgement
ADS Acknowledged Datagram Service
AFS Andrew File System
API Application Programming Interface
ARP Address Resolution Protocol
AS Autonomous Systems
ASN.1 Abstract Syntax Notation One
BIOS Basic Input Output System
BNC Bus Network Connector
BOOTP BOOT Protocol
CD Collision Detection
CRC Cyclic Redundancy Checksum
CSMA Carrier Sence Multiple Access
CSMA/CA Carrier Sence Multiple Access/Collision Avoid
CSMA/CD Carrier Sence Multiple Access/Collision Detection
CSU Channel Service Unit
DA Destination Address
DDS Digital Data Service
DFS Distributed File System
DHCP Dynamic Host Configuration Protocol
DLP Data Link Protocol
DNS Domain Name Service
DSAP Destination Service Access Point
DSU Digital Service Unit
ED Ending Delimiter
EFS End-of-Frame Sequence
EGP Exterior Gateway Protocol
ETR Early Token Release
FC Frame Control
FCS Frame Check Sequence
FS Frame Status
FTP File Transfer Protocol
GGP Gateway to Gateway Protocol
ICMP Internet Control Message Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
IPX Internetwork Packet eXchange
IPX/SPX Internetwork Packet eXchange/Sequenced Packet eXchange
ISDN Integrated Services Digital Network
ISN Initial Sequence Number
ISO International Standards Organisation
LAN Local Area Network
LLC Logical Link Control
LSAP Link Service Access Point
LSL Link Support Layer
MAC Media Access Control
|
MAU Media Access Unit
MIME Multipurpose Internet Mail Extensions
MLID Multiple Link Interface Drivers
MTU Maximum Transmission Unit
NBF NetBIOS Frame Protocol
NBT NetBIOS over TCP/IP
NCP NetWare Core Protocols
NDIS Network Driver Interface Specification
NetBEUI NetBIOS Extended User Interface
NETBIOS Network Basic Input Output System
NFS Network File System
NIC Network Interface Card
NIS Network Information System
NOS Network Operating System
NSAP Network Service Access Point
NTP Network Time Protocol
ODI Open Datalink Interface
OSI Open Systems Interconnect
OSPF Open Shortest Path Protocol
PAD Packet Assembly/Disassembly
PING Packet Internet Groper
PAR Positive Acknowledgement with Retransmission
PDC Primary Domain Controller
PDU Protocol Data Unit
POP Post Office Protocol
PPP Point-to-Point Protocol
RARP Reverse Address Resolution Protocol
RFC Request For Comments
RFS Remote File System
RIP Routing Information Protocol
RPC Remote Procedure Call
SA Source Address
SAP Service Access Point
SD Starting Delimiter
SFD Start Frame Delimiter
SFS Start-of-Frame Sequence
SGMP Simple Gateway Management Protocol
SMB Service Message Block
SMI Structure of Management Information
SMTP Simple Mail Transfer Protocol
SNA System Network Architecture
SNMP Simple Network Management Protocol
SPX Sequenced Packet eXchange
SSAP Source Service Access Point
STP Shielded Twisted-Pair
SYN Synchronising Segment
TCB Transmission Control Block
TCP Transmission Control Protocol
TCP/IP Transmission Control Protocol/Internet Protocol
TDI Transport Driver Interface
TDM Time-Division Multiplexing
TDR Time Domain Reflectometer
TELNET Terminal Networking
|
TFTP Trivial File Transfer Protocol
TLI Transport Layer Interface
TSAP Transport Service Access Point
UDP User Datagram Protocol
UDS Unacknowledged Datagram Service
ULP Upper Layer Protocol
UNC Universal Naming Convention
UTP Unshielded Twisted-Pair
VCS Virtual Circuit Service
WAN Wide Area Network
WINS Windows Internet Name Service
WWW World Wide Web
XDR eXternal Data Representation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0 comments: