Module 1.

LAN Concepts UNIX Network Administration

Module 1.

LAN Concepts

Objectives:

After the completion of this module, the student is expected to:

Describe what is a Local Area Network (LAN)
Describe the purpose of a LAN
Describe the OSI Model
Describe the Media Access Control Address
Describe the Internet Protocol
Describe IP Addressing
Describe what are Hostname and their importance
Describe the different transmission protocols
Describe ports ad sockets and their role in a LAN

1-1
Module 1. LAN Concepts UNIX Network Administration

Module 1-1. What is a Network

A Computer Network is a collection of system and devices connected by some sort of data
pathway for the purpose of sharing resources. Some of the types of resources that could be shared are
the following:

Systems may share Network Printers Most systems nowadays dont have their own printers.
Instead, systems are configured to either share or use printers being shared by other systems.

Disk resources may be shared via Network File Servers Some systems may be configured to
share files and directories on their local file systems, to the network. Thus they are called file
servers, serving workstations on the network which could mount their files and directories and
perform read, write or even execute commands on their files.

If some systems dont have a tape drive for backing up, you may configure a system in your
network, which have its own tape drive to become a Tape Backup Server, which allows other
systems to use its tape drive remotely.

For a centralized database across the network, we could configure a good system in the network
to be Database Server, where other systems could query multiple data while an application is
running on their desktop.

Computer Networks are categorized into two. There is the Local Area Network (LAN), and the
Wide Area Network (WAN).

A Local Area Network or LAN is a network that transmits a large amount of information at a
relatively high speed over limited distances within a single facility or site. For example, devices within an
office may be connected via LAN.

A Wide Area Network or WAN is a network that covers a large geographic area, allowing
devices in different cities to communicate with one another, though often at a data transmission rate that
is much smaller than a LAN. Multiple LANs may be connected via WANs.

1-2
Module 1. LAN Concepts UNIX Network Administration

Module 1-2. The OSI Model

The Open Systems Interconnection (OSI) model was designed by the International
Standards Organization to resolve the incompatibility issues and allow products from different
manufacturers to communicate with one another.

The layered concept taken by the OSI model establishes the set of rules for data transmission on
a variety of levels.

The following are the layers of the OSI model:

Layer 7: The Application Layer provides the software for network services such as file transfer,
remote login, remote execution, and electronic mail. It provides interface between the user
programs and the network

Layer 6: The Presentation Layer converts outbound data from a machine-specific format to an
international standard format. It is also used to convert inbound data to machine-specific format.

Layer 5: The Session Layer allows the setup and termination of a communications path and
synchronizes a dialog between the two systems. It establishes connections between systems in
much the same way as an automatic dialer does between two telephone systems.

Layer 4: The Transport Layer provides reliable flow of datagrams between sender and
receiver, and ensures that the data arrives at the correct destination. Protocols at these layers
also ensure that a copy of the data is made in case it is lost in transmission.

Layer 3: The Network Layer decides which path will be taken through the network. It provides
the packet addressing that will tell computers on the network where to route the users data.

Layer 2: The Data Link Layer provides reliable, error free media access for data transmission.
It provides the frame around the data.

Layer 1: The Physical Layer establishes the actual physical connection (cable connection)
between the network and the computer equipment. Physical layer standards determine what type
of signaling is used, what cable types and lengths are supported, and what types of connectors
may be used.

1-3
Module 1. LAN Concepts UNIX Network Administration

Module 1-3. The Media Access Control Address

In order to successfully pass data from host to host on a local area network, there must be some
mechanism for determining which frames of data are destined for which host. The Media Access Control
addresses could solve this problem.

Every LAN card attached to a local area network must have a unique MAC address assigned to
it. The MAC address is a 48-bit number that is set by the LAN card manufacturer. UNIX displays the MAC
address as a 12-hexadecimal digit number.

0x 0062BA 36A521
Number Identifies Uniquely
Is hex card identifies the
manufacturer card

To view the MAC address of a certain LAN card, we shall use the # lanscan command.

1-4
Module 1. LAN Concepts UNIX Network Administration

Module 1-4. The Internet Protocol Address

128.1.1.1
Network bits Host bits
determines which determines the
network the host address of the host
is on on that network

The Internet Protocol Address or IP Address makes it possible to group nodes into logical IP
networks, and efficiently pass data between these networks. IP addresses are usually represented by
four 8-bit fields separated by dots. These fields are called octets. Each 8-bit octet is represented by a
decimal number in the range from 0 to 255. The filed below demonstrates the conversion of several 8-bit
binary numbers to their corresponding decimal values:

128 64 32 16 8 4 2 1 Decimal Value

0 0 0 0 0 0 0 0 0
0 0 0 0 0 1 0 1 5
1 0 0 0 0 0 0 0 128
1 1 0 0 0 0 0 0 192

Using the same mechanism, IP addresses may be displayed in either binary or decimal. Consider
the following examples:

10000000.00000001.00000001.00000001 = 128.1.1.1
10001010.10000001.00000001.00000010 = 138.129.1.2
10011100.10011011.11000010.10101010 = 156.153.194.170

Some bits within an IP address identify the network to which the host belongs. These Network
Bits are used by network devices to route data between networks. Two hosts with identical network bits
are said to be on the same IP Network.

The remaining Host Bits in the IP address identify each hosts within the logical network.

To view your hosts IP address, there are two ways. The first is to use the lanscan command to
determine the interface name that has been assigned to each of the LAN card. Next, is to use the ifconfig
command to view each of the IP addresses configured for the LAN card.

# lanscan
# ifconfig lan0

The netstat command could also be used to display the hosts IP addresses:

# netstat in

Note that you should never assign the same IP address to different hosts. If you do, errors may
occur in the network.

1-5
Module 1. LAN Concepts UNIX Network Administration

Module 1-5. IP Network Classes

The original designers of the Internet realized that some networks would be very large, while
others would be much smaller. Large networks would require more host bits to provide a unique host
address for each host, while smaller networks would require fewer host bits to provide a unique host
address for each node.

Varying the IP address network/host boundary makes it possible to allocate just enough IP
addresses for any size network. Thus, although every IP address is 32 bits, the boundary between the
network and host portions of an IP address from network to network.

In the early days of the Internet, only three types of networks were recognized. Class A, class B
and Class C. Large organizations were assigned Class A network addresses, medium sized
organizations were assigned Class B and small networks were assigned Class C network addresses.

Furthermore, the addresses were structured such that network devices could determine an IP
addresss class by simply looking at the first few bits.

Class Net bits Host bits # of Networks Hosts/Network Range

24
Class A 8 24 127 2 = 16,777,216 1-127
16
Class B 16 16 16,383 2 = 65,536 128-191
8
Class C 24 8 2,094,151 2 = 256 192.223

IP Address classes, and their corresponding structures:

Class A address: The first bit is fixed to 0, and the first byte is called the network id and identifies
the network. The remaining three bytes are used to identify the host on the network, and
comprise the host id. It can be calculated that there is a maximum of 127 class A networks, with
each capable of accommodating millions of hosts.

Class B address: The first two bits are fixed to 10, the first and second byte are used to identify
the network, and the last two bytes are used to identify the host. There can be 65,535 hosts on
class B networks, capable of accommodating thousands of hosts.

1-6
Module 1. LAN Concepts UNIX Network Administration

Class C address: The first three bits are fixed to 110, the first, second, and third bytes are used
to identify the network, and the last byte is used to identify the host. Class C networks are the
smallest of all classes, as each can accommodate a maximum of 254 hosts (not 256, because
0x0 and 0xFF are reserved for other purposes). With three bytes reserved to identify the network,
millions of class C networks can be defined.

Class D address: The first four bits are fixed to 1110. A class D address is a multicast address,
identifying a group of computers that may be running a distributed application on the network. As
such, class D does not describe a network of hosts on the wire.

Consider the address 148.29.4.121. By applying the rules learned above, it can be determined
that this is a class B address, since the first byte lies in the 128 to 191 range of values. And since a class
B address has the first two bytes for a network address, it can be derived that the network address is
148.29 while the host address is 4.121 on that network. To generalize, given an IP address, its class can
be recognized by interpreting the first byte. Consequently, the network portion of the address can be
derived from the remaining bytes.

Unfortunately, the Class A/B/C IP allocation scheme led to inefficient us of the IP address pace,
since many organization were given much larger IP address blocks that they actually needed.

1-7
Module 1. LAN Concepts UNIX Network Administration

Module 1-6. The Classless Internet Domain Routing

The scheme that is currently used right now in creating IP addresses is what we call the /xx
addressing. The /xx identifies the number of network bits in the IP address. The following demonstrates
the effect of shifting the network boundary. This table only shows /8, /16, and /24 networks, though others
are possible too.

Network Type Network bits Host bits Host Addresses / Network

/8 8 24 224 = 16,777,216
/16 16 16 216 = 65,536
/24 24 8 28 = 256

Note: Note all of the host addresses are useable. One of the addresses in each of the network
serves as the Network Address, and another is used as the Broadcast Address. This applies for both
Class and /xx networks.

1-8
Module 1. LAN Concepts UNIX Network Administration

Module 1-7. The Internet Protocol Netmask

When you configure your systems IP address, it must be told which bits in your address are the
network bits and which are the host bits. To do this, we use the IP Netmask. The netmask is just like the
IP address but is formulated in a different manner. We write a 1 in each of the network bits, and we write
a 0 in each of the host bits.

In this way, we could separate the network bits from the host bits by simply comparing the IP
address with the netmask. The resulting value may be written in binary, decimal or even hexadecimal.

Netmask
Type
Binary Hexadecimal Decimal
/8 11111111.00000000.00000000.00000000 0xff000000 255.0.0.0
/16 11111111.11111111.00000000.00000000 0xffff0000 255.255.0.0
/24 11111111.11111111.11111111.00000000 0xffffff00 255.255.255.0

To view your hosts netmask, you need to use the lanscan and the ifconfig command on your
interface type.

1-9
Module 1. LAN Concepts UNIX Network Administration

Module 1-8. The Internet Protocol Network Address

An IP Network Address is a special address used by routers and other network devices to
reference an entire network of hosts. The network address is formulated by setting all of the host bits in
an IP address to 0.

Consider this example. In a 128.1.x.x/16 network, the last 16 bits define the host portion of the
addresses. Setting these 16 bits to 0 yields the following network address:

10000000.00000001.00000000.00000000 = 128.1.0.0/16

In a 192.1.1.x/24 IP address, the last 8 bits define the host portion of the address. Setting these
bits to 0 would yield the following network address:

11000000.00000001.00000001.00000000 = 192.1.1.0/24

To view your hosts Network Address using the netstat in command.

1-10
Module 1. LAN Concepts UNIX Network Administration

Module 1-9. The Internet Protocol Broadcast Address

The Network Broadcast Address may be used to send a packet to all of the nodes on the hosts
network.

To formulate the broadcast address, simply set all IP host bits to 1. Consider this example. The
128.1.0.0/16 network has 16 host bits in the last two octets. Placing a 1 in all 16 host bits would yield the
following broadcast address:

10000000.00000001.11111111.11111111 = 128.1.255.255

To view your systems broadcast address, you would still use the lanscan and ifconfig command
on you interface name.

# lanscan
# ifconfig lan0

1-11
Module 1. LAN Concepts UNIX Network Administration

Module 1-10. The Internet Protocol Loopback Address

The IP Loopback or Localhost Address is a special IP address that may be use to reference
the local host without actually sending a packet out on the local network. Applications sometimes use the
loopback address to send network traffic to other processes on the same machine.

Attempts to access the loopback address should succeed even if your LAN card is down,
disconnected or configured incorrectly.

The loopback address is always set to 127.0.0.1.

1-12
Module 1. LAN Concepts UNIX Network Administration

Module 1-12. Obtaining an IP Address

Each host on a network must have its individual IP address. The IP address that you will use will
depend on the network that you wish to connect to.

If you wish to connect to the Public Internet, you must obtain a unique IP address from certain
governing bodies. The International Committee for Assigned Names and Numbers (ICANN) is the
organization responsible for determining how IP addresses are allocated and used. Its websites URL is
http://www.icann.org but has delegated its responsibility according to region.

http://www.arin.net for North and South America

http://apnic.net for Asia and the Pacific region

http://ripe.net for Europe

The administration of Internet addresses is currently handled by the Network Information

Center (NIC). You can reach the InterNIC on the Web at http://www.internic.net.

If you are only creating a private Intranet, then you should consult the MIS department for your
hosts IP address or if you only have a small organization, you could formulate it yourself. This will be
discussed in later chapters of the course.

Private Intranet needs a Firewall if they would need to connect to the public internet. A Firewall
is a computer that regulates such communication.

1-13
Module 1. LAN Concepts UNIX Network Administration

Module 1-13. Host Names

Although systems and other network devices identify hosts by IP addresses, users and
applications find IP addresses to be a cumbersome method for identifying network hosts:

IP addresses are not very memorable. Users access many hosts on a regular basis will have a
hard time memorizing.

Anytime you change your network topology, IP addresses are likely to change.

For both of these reasons, many users and applications prefer to reference network hosts by
Host Names. A Host Name is a user-friendly, easily remembered nickname assigned to each host in
the network.

There are four rules in choosing a host name for a system:

The maximum length for the host name is eight characters

Host names must only contain letters, numbers and underscores. Punctuation marks and other
characters are not allowed.

Every host name must be unique.

Choose a meaningful host name. A systems host name may be based on its primary function,
user, geography, or any other scheme that the users find memorable

To view the systems hostname, we use the hostname command:

# hostname
mailsrvr

1-14
Module 1. LAN Concepts UNIX Network Administration

Module 1-14. Resolving Host Names to IP Addresses

Although the users may prefer to identify hosts by host names, every host must still have an IP
address, and every outgoing packet must have a destination IP address. There are three mechanisms
that could be used to convert host names to their corresponding IP addresses:

The /etc/hosts file. Each system maintains its own file which lists the names and IP addresses of
the other nodes.

Network Information Service. One system, the NIS Server, maintains a list of all the nodes and
IP addresses on the network. When resolving IP addresses, all systems reference the NIS server.

Domain Name Service. DNS uses a distributed database of host/IP addresses. Thousands of
DNS Servers are scattered across the internet and share responsibility for resolving host names
to IP addresses.

1-15
Module 1. LAN Concepts UNIX Network Administration

Module 1-15. TCP/IP Protocol Architecture

The TCP/IP communications suite was designed with modularity in mind. This means that instead
of developing a solution which integrates all aspects of communications in one single piece of code, the
designers wisely chose to break the puzzle into its constituent components and deal with them
individually while recognizing the interdependence tying the pieces together. Thus, TCP/IP evolved into a
suite of protocols specifying interdependent solutions to the different pieces of the communications
puzzle. This approach to problem solving is normally referred to as the layering approach. Consequently,
hereafter, reference will be made to the TCP/IP suite as a layered suite of communications.

The above figure shows the four-layer model of the TCP/IP communications architecture. As
shown in the diagram, the model is based on an understanding of data communications that involves four
sets of interdependent processes: application representative processes, host representative processes,
network representative processes, and media access and delivery representative process. Each set of
processes takes care of the needs of entities it represents whenever an application engages in the
exchange of data with its counterpart on the network. These process sets are grouped into the following
four layers: application layer, host-to-host (also known as transport) layer, internet layer, and network
access layer. Each of these layers may be implemented in separate, yet interdependent, pieces of
software code.

Application Layer Application representative processes take care of reconciling differences in

the data syntax between the platforms on which the communicating applications are running.
Communicating with an IBM mainframe, for example, might involve character translation between
the EBCDIC and ASCII character sets. While performing the translation task the application layer
(for instance, application representative process) need not have (and shouldn't care to have) any
understanding of how the underlying protocols (for instance, at the host-to-host layer) handles the
transmission of translated characters between hosts. Examples of protocols supported at the
application layer include FTP, TELNET, NFS, and DNS.

Host-to-Host Transport Layer Host representative processes (for example, the host-to-host, or
transport, layer) take care of communicating data reliably between applications running on hosts
across the network. It is the responsibility of the host representative process to guarantee the
reliability and integrity of the data being exchanged, without confusing the identities of the

1-16
Module 1. LAN Concepts UNIX Network Administration

communication applications. For this reason the host-to-host layer is provided with the
mechanism necessary to allow it to make the distinction between the applications on whose
behalf it is making data deliveries. In other words, assume that two hosts, tenor and alto, are
connected to the same network.

Internet Layer The internet layer is responsible for determining the best route that data packets
should follow to reach their destination. If the destination host is attached to the same network,
data is delivered directly to that host by the network access layer; otherwise, if the host belongs to
some other network, the internet layer employs a routing process for discovering the route to that
host. Once the route is discovered, data is delivered through intermediate devices, called routers,
to its destination. Routers are special devices with connections to two or more networks. Every
router contains an implementation of TCP/IP up to and including the internet layer.

Network Access Layer The network access layer is where media access and transmission
mechanisms take place. At this layer, both the hardware and the software drivers are
implemented. The protocols at this layer provide the means for the system to deliver data to other
devices on a directly attached network. This is the only layer that is aware of the physical
characteristics of the underlying network, including rules of access, data frame (name of a unit of
data at this layer) structure, and addressing.

1-17
Module 1. LAN Concepts UNIX Network Administration

Module 1-16. Converting IP Addresses to MAC Address

Every frame of data passed across a network must include both source and destination MAC
addresses.

To allow the system to quickly determine a remote nodes MAC address, each local kernel
maintains a real-time, lookup table known as the Address Resolution Protocol (ARP) cache. The ARP
cache maps IP addresses of remote nodes to their corresponding MAC addresses.

The ARP cache is a memory resident data structure whose content is maintained and managed
by the local systems kernel. By default, the ARP cache contains the IP addresses and the corresponding
MAC addresses of nodes which the local system has communicated with in the last five minutes

To view the ARP cache we use the command:

# arp -a
host <100.0.0.10> at 0:0:1b:3b:21:b2
...

The figure bellow illustrates the events which take place between two hosts when they try to talk
to each other. In the diagram, both the IP address and the MAC layer addresses are shown for both
hosts. It is assumed that a user on host jade wanted to establish a TELNET session with host orbit.
The following is what happens:

1. As a result of the user entering the command telnet jade, the application (telnet, in this case)
resolves the name jade to its corresponding IP address. See the note below for an introductory
description of name resolution under TCP/IP (more details are provided later in the chapter). By
the end of this stage, telnet will have determined that host jade's address is 148.27.34.1.

2. Next, telnet passes the address (148.27.34.1) to TCP/IP and requests connection to the target
host. Subsequently, TCP packages the request in a TCP header and passes it along with the
address to the IP protocol, requesting delivery to corresponding host.

3. At this point, IP compares jade's address with other destination addresses included in its routing
database. Because both the source and target host have the same network id (148.27.0.0), IP
decides to make a direct delivery to jade. Subsequently, IP encapsulates the request passed to it
by TCP in an IP datagram, including the destination and source IP addresses (148.27.34.1 and

1-18
Module 1. LAN Concepts UNIX Network Administration

148.27.2.5). Then it submits the datagram, along with jade's IP address to the network access
layer for delivery on the physical network.

4. This is where ARP comes in to handle the resolution of the IP address, which is useless from
Ethernet's point of view (assuming Ethernet at the MAC layer) to a MAC address which Ethernet
understands. Put differently, ARP translates the symbolic IP address, assigned by the
administrator, to the corresponding physical address which the host uses to identify itself at the
physical and data link levels.

ARP handles address resolution by sending out of the MAC interface (Ethernet) a broadcast
message known as ARP request, which simply says "I, host 148.27.2.5, physically addressable at
0x00001b3b21b2, want to know the physical address of host 147.27.34.1". Of all of the hosts
which receive the broadcast, only jade responds using a directed ARP response packet which
says "I am 147.27.34.1, and my physical address is 0x0000c015ad18."

5. At this point, both hosts become aware of the other's physical identity. The network access layer
(on host orbit) then proceeds to the actual phase of data exchange by encapsulating the IP
datagram, which it kept on hold until the ARP query was favorably answered, in a data frame and
sending it to host jade.

1-19
Module 1. LAN Concepts UNIX Network Administration

Module 1-17. Packet Flow with TCP

The two main rules governing how nodes communicate with each other are the Transmission
control Protocol (TCP) and the User Datagram Protocol (UDP) protocols. The TCP protocol requires
more overhead but provides more reliability than UDP.

Two important concepts in TCP:

1. TCP is a connection oriented protocol. A communication session is established between the

two nodes before data is exchanged.

2. TCP is a reliable protocol. For every datagram sent, an acknowledgement is returned by the
receiver. If an acknowledgement is not received, the transmitting node must retransmit the
packet.

To transfer data from one node to another using TCP, we follow these steps:

1. Before any data is transmitted, a communications session is established between the two nodes.

2. Prior to sending data, the sending segments the data into smaller datagram packets.

3. The datagram packets are sent to the destination node.

4. Upon receiving the datagram packets, the destination node sends acknowledgment packets back
to the source node. The sending node automatically retransmits unacknowledged datagrams.

5. Upon successfully transmitting all datagrams to the destination node, the connection between the
two nodes are closed.

6. Once all datagrams have been received by the destination node, they are reassembled in their
proper sequence.

1-20
Module 1. LAN Concepts UNIX Network Administration

Module 1-18. Packet Flow with UDP

The second common protocol used between two nodes on a network is the User Datagram
Protocol (UDP). UDP requires less network overhead than TCP, but it doesnt provide an
acknowledgement mechanism.

1. UDP is a connectionless protocol. No communication session is established before the source

node sends the first datagram.

2. UDP is an unreliable protocol. The receiving node does not send acknowledgement packets
back to the source node. The source node never knows whether packets arrived at the
destination node.

To transfer data from one node to another using UDP, we follow these steps:

1. Packets cannot be segmented or streamed; a packet is always sent as a single message.

2. No connection is opened with the node; the packet is simply sent to the node.

3. No acknowledgment is sent back to the original sender.

Since the original sender never knows if packet is received, sender never retransmits.

The receiver does not know if it received all of the intended packets.

With UDP, the application is responsible for ensuring data transmission is complete.

1-21
Module 1. LAN Concepts UNIX Network Administration

Module 1-19. Sending Data to Applications via Ports

MAC addresses, IP addresses, TCP and UDP are all used to get packets from node to node on a
network. Each node, though, may have dozens, if not hundreds, of network services and applications
running simultaneously. When data packet arrives on a systems LAN interface, how does UNIX
determines which application should receive that packet?

Every network application is assigned a unique Port Number that distinguishes that application
from all others. Network host specify which application should receive a packet by including a destination
port number in outgoing packets.

To view each applications port number, open the /etc/services file.

# more /etc/services
# service port/transport
tcpmux 1/tcp
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
netstat 15/udp
qotd 17/tcp quote
qotd 17/udp quote
ftp-data 20/tcp
ftp 21/tcp
telnet 23/tcp
smtp 25/tcp mail
time 37/tcp timserver
time 37/udp timserver
name 42/tcp nameserver
name 42/udp nameserver
whois 43/tcp nickname
--More--

1-22
Module 1. LAN Concepts UNIX Network Administration

Module 1-20. Managing Ports with Sockets

A packets destination application can be identified by the packets destination port number. But
what if two or more clients access the same service simultaneously? And how do they determine which
packet belong to which host?

Sockets provide the solution to both of these problems. A socket is simply an address which
identifies a specific network application running on a specific host. A socket address is formed by
appending a destination port number to a destination IP address.

A socket Connection is defined by the pairing of two sockets together. The first socket identifies a
network program on the client node (i.e. 128.1.1.2.50001), and the second socket identifies a
network daemon on the server side (i.e. 128.1.1.1.23). The socket connection would then be
128.1.1.2.50001-128.1.1.1.23

1-23